T5033: Ability to generate muliple keys from a file or link

We generate only one public key (string) from a file xxx.pub
op-mode with 'generate public-key-command user vyos lik_to_key_file'
Add ability to generate configuration (from op-mode) for multiple keys

As github keys don't use identifiers, generate uuid4 id for them

2 files changed, 52 insertions, 19 deletions

diff --git a/python/vyos/template.py b/python/vyos/template.py
index 88271125c..4778bf1c8 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -1,4 +1,4 @@
-# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2019-2023 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -161,6 +161,16 @@ def dot_colon_to_dash(text):
     text = text.replace(".", "-")
     return text
 
+@register_filter('generate_uuid4')
+def generate_uuid4(text):
+    """ Generate random unique ID
+    Example:
+      % uuid4()
+      UUID('958ddf6a-ef14-4e81-8cfb-afb12456d1c5')
+    """
+    from uuid import uuid4
+    return uuid4()
+
 @register_filter('netmask_from_cidr')
 def netmask_from_cidr(prefix):
     """ Take CIDR prefix and convert the prefix length to a "subnet mask".
diff --git a/src/op_mode/generate_public_key_command.py b/src/op_mode/generate_public_key_command.py
index f071ae350..8ba55c901 100755
--- a/src/op_mode/generate_public_key_command.py
+++ b/src/op_mode/generate_public_key_command.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -19,28 +19,51 @@ import sys
 import urllib.parse
 
 import vyos.remote
+from vyos.template import generate_uuid4
 
-def get_key(path):
+
+def get_key(path) -> list:
+    """Get public keys from a local file or remote URL
+
+    Args:
+        path: Path to the public keys file
+
+    Returns: list of public keys split by new line
+
+    """
     url = urllib.parse.urlparse(path)
     if url.scheme == 'file' or url.scheme == '':
         with open(os.path.expanduser(path), 'r') as f:
             key_string = f.read()
     else:
         key_string = vyos.remote.get_remote_config(path)
-    return key_string.split()
-
-try:
-    username = sys.argv[1]
-    algorithm, key, identifier = get_key(sys.argv[2])
-except Exception as e:
-    print("Failed to retrieve the public key: {}".format(e))
-    sys.exit(1)
-
-print('# To add this key as an embedded key, run the following commands:')
-print('configure')
-print(f'set system login user {username} authentication public-keys {identifier} key {key}')
-print(f'set system login user {username} authentication public-keys {identifier} type {algorithm}')
-print('commit')
-print('save')
-print('exit')
+    return key_string.split('\n')
+
+
+if __name__ == "__main__":
+    first_loop = True
+
+    for k in get_key(sys.argv[2]):
+        k = k.split()
+        # Skip empty list entry
+        if k == []:
+            continue
+
+        try:
+            username = sys.argv[1]
+            # Github keys don't have identifier for example 'vyos@localhost'
+            # 'ssh-rsa AAAA... vyos@localhost'
+            # Generate uuid4 identifier
+            identifier = f'github@{generate_uuid4("")}' if sys.argv[2].startswith('https://github.com') else k[2]
+            algorithm, key = k[0], k[1]
+        except Exception as e:
+            print("Failed to retrieve the public key: {}".format(e))
+            sys.exit(1)
+
+        if first_loop:
+            print('# To add this key as an embedded key, run the following commands:')
+            print('configure')
+        print(f'set system login user {username} authentication public-keys {identifier} key {key}')
+        print(f'set system login user {username} authentication public-keys {identifier} type {algorithm}')
 
+        first_loop = False