// NewKeyManagerClient returns an api.keymanager.Client connected to the API Server for
// the named environment. If envName is "", the default environment will be used.
func NewKeyManagerClient(envName string) (*keymanager.Client, error) {
st, err := newAPIClient(envName)
if err != nil {
return nil, err
}
return keymanager.NewClient(st), nil
}
func ensureSystemSSHKey(context Context) error {
identityFile := context.AgentConfig().SystemIdentityPath()
// Don't generate a key unless we have to.
keyExists, err := systemKeyExists(identityFile)
if err != nil {
return fmt.Errorf("failed to check system key exists: %v", err)
}
if keyExists {
return nil
}
privateKey, publicKey, err := ssh.GenerateKey(config.JujuSystemKey)
if err != nil {
return fmt.Errorf("failed to create system key: %v", err)
}
// Write new authorised key.
keyManager := keymanager.NewClient(context.APIState())
errResults, err := keyManager.AddKeys(config.JujuSystemKey, publicKey)
apiErr := err
if apiErr == nil {
apiErr = errResults[0].Error
}
if err != nil || errResults[0].Error != nil {
return fmt.Errorf("failed to update authoised keys with new system key: %v", apiErr)
}
return ioutil.WriteFile(identityFile, []byte(privateKey), 0600)
}
func (s *keymanagerSuite) TestAddSystemKeyWrongUser(c *gc.C) {
key1 := sshtesting.ValidKeyOne.Key + " user@host"
s.setAuthorisedKeys(c, key1)
apiState, _ := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
keyManager := keymanager.NewClient(apiState)
newKey := sshtesting.ValidKeyTwo.Key
_, err := keyManager.AddKeys("some-user", newKey)
c.Assert(err, gc.ErrorMatches, "permission denied")
s.assertEnvironKeys(c, []string{key1})
}
func (s *keymanagerSuite) TestAddSystemKey(c *gc.C) {
key1 := sshtesting.ValidKeyOne.Key + " user@host"
s.setAuthorisedKeys(c, key1)
apiState, _ := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
keyManager := keymanager.NewClient(apiState)
newKey := sshtesting.ValidKeyTwo.Key
errResults, err := keyManager.AddKeys("juju-system-key", newKey)
c.Assert(err, gc.IsNil)
c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{
{Error: nil},
})
s.assertEnvironKeys(c, []string{key1, newKey})
}
func (s *keymanagerSuite) SetUpTest(c *gc.C) {
s.JujuConnSuite.SetUpTest(c)
s.keymanager = keymanager.NewClient(s.APIState)
c.Assert(s.keymanager, gc.NotNil)
}