Skip to content

Commit

Permalink
Add full support for key-based authentication (#159)
Browse files Browse the repository at this point in the history
* Add full support for key-based authentication

* Improve code readability

* Raise an exception in case the key is not found

* Indicate that `key_filename` is an absolute path

Co-authored-by: Jacob Callahan <[email protected]>
  • Loading branch information
ogajduse and JacobCallahan authored Jul 22, 2022
1 parent a5f7da8 commit 747c96f
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 4 deletions.
7 changes: 6 additions & 1 deletion broker/hosts.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ def __init__(self, hostname, name=None, from_dict=False, **kwargs):
"connection_timeout", settings.HOST_CONNECTION_TIMEOUT
)
self.port = kwargs.get("port", settings.HOST_SSH_PORT)
self.key_filename = kwargs.get("key_filename", settings.HOST_SSH_KEY_FILENAME)
self._session = None

def __del__(self):
Expand Down Expand Up @@ -59,12 +60,15 @@ def _purify(self):
except (pickle.PicklingError, AttributeError):
self.__dict__[name] = None

def connect(self, username=None, password=None, timeout=None, port=22):
def connect(
self, username=None, password=None, timeout=None, port=22, key_filename=None
):
username = username or self.username
password = password or self.password
timeout = timeout or self.timeout
_hostname = self.hostname
_port = self.port or port
key_filename = key_filename or self.key_filename
if ":" in self.hostname:
_hostname, port = self.hostname.split(":")
_port = int(port)
Expand All @@ -74,6 +78,7 @@ def connect(self, username=None, password=None, timeout=None, port=22):
username=username,
password=password,
port=_port,
key_filename=key_filename,
)

def close(self):
Expand Down
9 changes: 6 additions & 3 deletions broker/session.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,16 @@ def __init__(self, **kwargs):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(kwargs.get("timeout"))
port = kwargs.get("port", 22)
key_filename = kwargs.get("key_filename")
simple_retry(sock.connect, [(host, port)])
self.session = ssh2_Session()
self.session.handshake(sock)
if kwargs.get("password"):
if key_filename:
if not Path(key_filename).exists():
raise FileNotFoundError(f"Key not found in '{key_filename}'")
self.session.userauth_publickey_fromfile(user, key_filename)
elif kwargs.get("password"):
self.session.userauth_password(user, kwargs["password"])
elif kwargs.get("key_filename"):
self.session.userauth_publickey_fromfile(user, kwargs["key_filename"])
else:
raise AuthException("No password or key file provided.")

Expand Down
1 change: 1 addition & 0 deletions broker/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
Validator("HOST_PASSWORD", must_exist=True),
Validator("HOST_CONNECTION_TIMEOUT", default=None),
Validator("HOST_SSH_PORT", default=22),
Validator("HOST_SSH_KEY_FILENAME", default=None),
]

# temportary fix for dynaconf #751
Expand Down
1 change: 1 addition & 0 deletions broker_settings.yaml.example
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ inventory_file: "inventory.yaml"
host_username: "root"
host_password: "<password>"
host_ssh_port: "<port>"
host_ssh_key_filename: "</path/to/the/ssh-key>"
# Provider settings
AnsibleTower:
instances:
Expand Down

0 comments on commit 747c96f

Please sign in to comment.