chore: support generate primary and public key for sshd (#8087)

(cherry picked from commit 83cfbf0)
apecloud · Sep 5, 2024 · ebe0a4a · ebe0a4a
1 parent c59de8c
commit ebe0a4a
Show file tree

Hide file tree

Showing 7 changed files with 193 additions and 56 deletions.
diff --git a/apis/apps/v1alpha1/zz_generated.deepcopy.go b/apis/apps/v1alpha1/zz_generated.deepcopy.go
diff --git a/go.mod b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/authzed/controller-idioms v0.7.0
 	github.com/aws/aws-sdk-go v1.50.8
 	github.com/bhmj/jsonslice v1.1.2
+	github.com/charmbracelet/keygen v0.5.1
 	github.com/clbanning/mxj/v2 v2.5.7
 	github.com/containers/common v0.55.4
 	github.com/deckarep/golang-set/v2 v2.3.1
@@ -60,12 +61,12 @@ require (
 	go.etcd.io/etcd/server/v3 v3.5.10
 	go.mongodb.org/mongo-driver v1.11.6
 	go.uber.org/automaxprocs v1.5.2
-	go.uber.org/zap v1.26.0
-	golang.org/x/crypto v0.21.0
+	go.uber.org/zap v1.27.0
+	golang.org/x/crypto v0.26.0
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
-	golang.org/x/net v0.23.0
-	golang.org/x/text v0.14.0
-	google.golang.org/grpc v1.61.0
+	golang.org/x/net v0.25.0
+	golang.org/x/text v0.17.0
+	google.golang.org/grpc v1.63.2
 	google.golang.org/protobuf v1.33.0
 	gopkg.in/inf.v0 v0.9.1
 	gopkg.in/ini.v1 v1.67.0
@@ -282,19 +283,18 @@ require (
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/mod v0.16.0 // indirect
-	golang.org/x/oauth2 v0.18.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/term v0.23.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.19.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.161.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect
+	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gotest.tools/v3 v3.5.0 // indirect

diff --git a/go.sum b/go.sum
diff --git a/pkg/gotemplate/sshkeygenerator.go b/pkg/gotemplate/sshkeygenerator.go
@@ -0,0 +1,55 @@
+/*
+Copyright (C) 2022-2024 ApeCloud Co., Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package gotemplate
+
+import (
+	"fmt"
+
+	"github.com/charmbracelet/keygen"
+)
+
+const memoString = "kubeblocks@localhost"
+
+type SSHKeyPair struct {
+	PrivateKey string `json:"private_key"`
+	PublicKey  string `json:"public_key"`
+}
+
+func sshKeyGenerate(passphrase ...string) (*SSHKeyPair, error) {
+	options := []keygen.Option{
+		keygen.WithKeyType(keygen.RSA),
+	}
+
+	if len(passphrase) > 0 {
+		options = append(options, keygen.WithPassphrase(passphrase[0]))
+	}
+	generator, err := keygen.New("", options...)
+	if err != nil {
+		return nil, err
+	}
+
+	rawPrimaryKey := generator.RawProtectedPrivateKey()
+	if rawPrimaryKey == nil {
+		return nil, keygen.ErrMissingSSHKeys
+	}
+	ak := generator.AuthorizedKey()
+	return &SSHKeyPair{
+		PrivateKey: string(rawPrimaryKey),
+		// memo is optional
+		PublicKey: fmt.Sprintf("%s %s", ak, memoString),
+	}, nil
+}
diff --git a/pkg/gotemplate/sshkeygenerator_test.go b/pkg/gotemplate/sshkeygenerator_test.go
@@ -0,0 +1,52 @@
+/*
+Copyright (C) 2022-2024 ApeCloud Co., Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package gotemplate
+
+import (
+	"testing"
+)
+
+func Test_sshKeyGenerate(t *testing.T) {
+	tests := []struct {
+		name       string
+		passphrase string
+		wantErr    bool
+	}{
+		{
+			name:       "test",
+			passphrase: "test",
+		},
+		{
+			name: "test",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var err error
+			var pairKey *SSHKeyPair
+			if pairKey, err = sshKeyGenerate(tt.passphrase); (err != nil) != tt.wantErr {
+				t.Errorf("sshKeyGenerate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+			if pairKey.PrivateKey == "" {
+				t.Errorf("sshKeyGenerate() not generate private key")
+			}
+			if pairKey.PublicKey == "" {
+				t.Errorf("sshKeyGenerate() not generate public key")
+			}
+		})
+	}
+}
diff --git a/pkg/gotemplate/tpl_engine.go b/pkg/gotemplate/tpl_engine.go
@@ -42,6 +42,8 @@ const (
 	buildInSystemFailedName = "failed"
 	buildInSystemImportName = "import"
 	buildInSystemCallName   = "call"
+
+	buildInSSHKeyGeneratorString = "sshKeyGen"
 )
 
 const (
@@ -199,6 +201,7 @@ func (t *TplEngine) initSystemFunMap(funcs template.FuncMap) {
 	funcs[goTemplateExtendBuildInRegexSubString] = regexStringSubmatch
 	funcs[goTemplateExtendBuildInFromYamlString] = fromYAML
 	funcs[goTemplateExtendBuildInFromYamlArrayString] = fromYAMLArray
+	funcs[buildInSSHKeyGeneratorString] = sshKeyGenerate
 
 	t.tpl.Option(DefaultTemplateOps)
 	t.tpl.Funcs(funcs)

diff --git a/pkg/gotemplate/tpl_engine_test.go b/pkg/gotemplate/tpl_engine_test.go
@@ -23,9 +23,10 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+
+	"github.com/golang/mock/gomock"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -84,6 +85,25 @@ my friend name is test2
 		})
 	})
 
+	Context("ssh-key-generator", func() {
+		It("Should success with no error", func() {
+			tplString := `
+{{- $key := sshKeyGen }}
+PRIVATE_KEY="{{ $key.PrivateKey }}"
+PUBLIC_KEY="{{ $key.PublicKey }}"
+`
+
+			context, err := emptyTplEngine(&TplValues{
+				"cluster": map[string]string{"name": "cluster"},
+				"name":    "component_name",
+			}, nil, tplString)
+			Expect(err).NotTo(HaveOccurred())
+
+			Expect(context).To(ContainSubstring("PRIVATE_KEY"))
+			Expect(context).To(ContainSubstring("PUBLIC_KEY"))
+		})
+	})
+
 	// A call funcB.1 in B module
 	// A call funcC.1 in C module
 	// A call funcC.2 in C module