summaryrefslogtreecommitdiff
path: root/systemd/cloud-init-local.service.tmpl
diff options
context:
space:
mode:
authorJason Zions (MSFT) <jasonzio@microsoft.com>2019-02-22 13:26:31 +0000
committerServer Team CI Bot <josh.powers+server-team-bot@canonical.com>2019-02-22 13:26:31 +0000
commit34f54360fcc1e0f805002a0b639d0a84eb2cb8ee (patch)
tree76481396ef7f30b7f3c3cd233dccf827fdeeb9f5 /systemd/cloud-init-local.service.tmpl
parent79d40e6b7bce33af69572c6054b3398b8d8077c7 (diff)
downloadvyos-cloud-init-34f54360fcc1e0f805002a0b639d0a84eb2cb8ee.tar.gz
vyos-cloud-init-34f54360fcc1e0f805002a0b639d0a84eb2cb8ee.zip
azure: Filter list of ssh keys pulled from fabric
The Azure data source is expected to expose a list of ssh keys for the user-to-be-provisioned in the crawled metadata. When configured to use the __builtin__ agent this list is built by the WALinuxAgentShim. The shim retrieves the full set of certificates and public keys exposed to the VM from the wireserver, extracts any ssh keys it can, and returns that list. This fix reduces that list of ssh keys to just the ones whose fingerprints appear in the "administrative user" section of the ovf-env.xml file. The Azure control plane exposes other ssh keys to the VM for other reasons, but those should not be added to the authorized_keys file for the provisioned user.
Diffstat (limited to 'systemd/cloud-init-local.service.tmpl')
0 files changed, 0 insertions, 0 deletions