diff options
Diffstat (limited to 'cloudinit/config/cc_ssh_authkey_fingerprints.py')
| -rwxr-xr-x | cloudinit/config/cc_ssh_authkey_fingerprints.py | 75 |
1 files changed, 45 insertions, 30 deletions
diff --git a/cloudinit/config/cc_ssh_authkey_fingerprints.py b/cloudinit/config/cc_ssh_authkey_fingerprints.py index 05d30ad1..020c3469 100755 --- a/cloudinit/config/cc_ssh_authkey_fingerprints.py +++ b/cloudinit/config/cc_ssh_authkey_fingerprints.py @@ -28,23 +28,21 @@ the keys can be specified, but defaults to ``sha256``. import base64 import hashlib -from cloudinit.simpletable import SimpleTable - +from cloudinit import ssh_util, util from cloudinit.distros import ug_util -from cloudinit import ssh_util -from cloudinit import util +from cloudinit.simpletable import SimpleTable def _split_hash(bin_hash): split_up = [] for i in range(0, len(bin_hash), 2): - split_up.append(bin_hash[i:i + 2]) + split_up.append(bin_hash[i : i + 2]) return split_up -def _gen_fingerprint(b64_text, hash_meth='sha256'): +def _gen_fingerprint(b64_text, hash_meth="sha256"): if not b64_text: - return '' + return "" # TBD(harlowja): Maybe we should feed this into 'ssh -lf'? try: hasher = hashlib.new(hash_meth) @@ -54,58 +52,75 @@ def _gen_fingerprint(b64_text, hash_meth='sha256'): # Raised when b64 not really b64... # or when the hash type is not really # a known/supported hash type... - return '?' + return "?" def _is_printable_key(entry): if any([entry.keytype, entry.base64, entry.comment, entry.options]): - if (entry.keytype and entry.keytype.lower().strip() - in ssh_util.VALID_KEY_TYPES): + if ( + entry.keytype + and entry.keytype.lower().strip() in ssh_util.VALID_KEY_TYPES + ): return True return False -def _pprint_key_entries(user, key_fn, key_entries, hash_meth='sha256', - prefix='ci-info: '): +def _pprint_key_entries( + user, key_fn, key_entries, hash_meth="sha256", prefix="ci-info: " +): if not key_entries: - message = ("%sno authorized SSH keys fingerprints found for user %s.\n" - % (prefix, user)) - util.multi_log(message) + message = ( + "%sno authorized SSH keys fingerprints found for user %s.\n" + % (prefix, user) + ) + util.multi_log(message, console=True, stderr=False) return - tbl_fields = ['Keytype', 'Fingerprint (%s)' % (hash_meth), 'Options', - 'Comment'] + tbl_fields = [ + "Keytype", + "Fingerprint (%s)" % (hash_meth), + "Options", + "Comment", + ] tbl = SimpleTable(tbl_fields) for entry in key_entries: if _is_printable_key(entry): - row = [entry.keytype or '-', - _gen_fingerprint(entry.base64, hash_meth) or '-', - entry.options or '-', - entry.comment or '-'] + row = [ + entry.keytype or "-", + _gen_fingerprint(entry.base64, hash_meth) or "-", + entry.options or "-", + entry.comment or "-", + ] tbl.add_row(row) authtbl_s = tbl.get_string() authtbl_lines = authtbl_s.splitlines() max_len = len(max(authtbl_lines, key=len)) lines = [ - util.center("Authorized keys from %s for user %s" % - (key_fn, user), "+", max_len), + util.center( + "Authorized keys from %s for user %s" % (key_fn, user), + "+", + max_len, + ), ] lines.extend(authtbl_lines) for line in lines: - util.multi_log(text="%s%s\n" % (prefix, line), - stderr=False, console=True) + util.multi_log( + text="%s%s\n" % (prefix, line), stderr=False, console=True + ) def handle(name, cfg, cloud, log, _args): - if util.is_true(cfg.get('no_ssh_fingerprints', False)): - log.debug(("Skipping module named %s, " - "logging of SSH fingerprints disabled"), name) + if util.is_true(cfg.get("no_ssh_fingerprints", False)): + log.debug( + "Skipping module named %s, logging of SSH fingerprints disabled", + name, + ) return hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "sha256") (users, _groups) = ug_util.normalize_users_groups(cfg, cloud.distro) for (user_name, _cfg) in users.items(): (key_fn, key_entries) = ssh_util.extract_authorized_keys(user_name) - _pprint_key_entries(user_name, key_fn, - key_entries, hash_meth) + _pprint_key_entries(user_name, key_fn, key_entries, hash_meth) + # vi: ts=4 expandtab |