Skip to content

Adding client authentication with public key fuction. #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 66 commits into
base: master
Choose a base branch
from
Open

Adding client authentication with public key fuction. #181

Show file tree
Hide file tree
Changes from 49 commits
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
20f480b
Adding parameter for authentication method.
itouri Jun 9, 2017
67629e3
Adding CI test code for authentication parameters.
itouri Jun 9, 2017
ba21474
Merge branch 'master' into console_auth
itouri Jun 13, 2017
e9ce98c
Add function that validate ssh_public_key of vm/lxc template parameter
itouri Jun 16, 2017
8329e18
Merge branch 'master' into console_auth
itouri Jul 7, 2017
e56737c
Modify lxc.go to can convert authentication_type and ssh_public_key p…
itouri Jul 24, 2017
a8e918f
Merge branch 'master' into console_auth
itouri Jul 24, 2017
b72ff81
Remove processing read file of ssh public key.
itouri Jul 24, 2017
7398602
Adding lxc_auth_ssh.json
itouri Aug 1, 2017
fd9df89
Merge branch 'master' into console_auth
itouri Aug 1, 2017
7d92ca6
Change MergeJSON to use common function of ParseTemplate.
itouri Aug 1, 2017
dc86ac5
Modify validation process of LxcTemplate.
itouri Aug 3, 2017
8714d18
Divided validation authentication_type functions into common functions.
itouri Aug 3, 2017
11a63f7
Modify that common the validation to the authentication_type and ssh_…
itouri Aug 10, 2017
186568b
Modify Qemu test contents
itouri Aug 10, 2017
da2d781
Made SSH server to can authentication with public key.
itouri Aug 10, 2017
e6e0984
Add authentication_type and ssh_public_key to MergeArgs() as parameters.
itouri Aug 21, 2017
2de4fcc
Changed the return type of validatePublicKey([]byte) to error.
itouri Aug 22, 2017
f7b44e9
Modify the SSH server to authenticate the client.
itouri Aug 22, 2017
eb79945
Delete extra line of code about authentification.
itouri Aug 23, 2017
7519521
Adding parameter of Auth to ClientConfig
itouri Aug 24, 2017
fdc200e
Modify arg that is passed to NewSshConsole
itouri Aug 24, 2017
3171355
Delete if section of parse and set indentifyFile
itouri Aug 24, 2017
187827d
Modify ssh.ClientConfig and PublicKeyCallback
itouri Aug 24, 2017
065295b
Modify authenticate process.
itouri Aug 25, 2017
9d4d667
Removed old comment and extra code.
itouri Aug 28, 2017
088e8f5
Delete extra comment.
itouri Aug 28, 2017
9a565bd
Add console with public key test to cmd_console_test.
itouri Aug 28, 2017
76a563c
Fix deleting variable of info.
itouri Aug 28, 2017
c47e357
Modify test command.
itouri Aug 28, 2017
1329d57
Add if process that using api.ConsoleReply.
itouri Aug 28, 2017
de2b220
Add forggten folder.
itouri Aug 29, 2017
b586669
Add authentication type test.
itouri Aug 29, 2017
8d3282d
Modify args of RunCmd.
itouri Aug 30, 2017
b88f005
Modify test code.
itouri Aug 30, 2017
8fd82e0
Add trimming \n from public_key.
itouri Aug 30, 2017
08c9355
Delete extra code.
itouri Aug 30, 2017
819e639
Modify if process.
itouri Aug 30, 2017
4de652d
Modify logic of authType’s switch.
itouri Aug 30, 2017
a0ba12b
Adding show option test to TestCmdConsole_AuthenticationNone.
itouri Sep 1, 2017
5e76df6
Merge branch 'master' into console_auth
itouri Sep 1, 2017
c68c7c0
Merge branch 'fix-jenkins-local-merge' into console_auth
Sep 7, 2017
fe940a5
Upgrade golang.org/x/crypto/ssh
Sep 15, 2017
3d94237
Merge branch 'master' into console_auth
Sep 15, 2017
d036635
Host key callback became mandate parameter.
Sep 15, 2017
ff7a886
Apply same ssh client host key check to acceptance test binary
Sep 16, 2017
299e1ac
Same ssh host key change with d036635
Sep 16, 2017
1596b50
Adding incorrect private key console test.
itouri Oct 13, 2017
853ffa6
Modify the test of console with public key.
itouri Oct 13, 2017
bb8bca2
Merge branch 'master' into console_auth
Oct 23, 2017
533c3d0
Move console auth methods to new interface
Oct 24, 2017
8456dd5
Cast to ConsoleAuthAttributes type instead InstanceResource type
Oct 24, 2017
6554021
Merge branch 'master' into console_auth
Oct 24, 2017
d386fad
Merge branch 'fix-connection-status' into console_auth
Oct 24, 2017
343c305
Merge branch 'master' into console_auth
itouri Jan 24, 2018
f4782d3
Modified the separated function to two lines
itouri Jan 24, 2018
e4a0ecd
Add AuthenticationType to EsxiTmplate
itouri Jan 24, 2018
bc537e3
Modified TestLXCCmdConsole_AuthenticationPubkey
itouri Jan 26, 2018
733384b
Added HostKeyCallback to needed place
itouri Jan 26, 2018
ee4c4ad
Modified none auth type sshd.go logic
itouri Feb 2, 2018
b78fbdc
Added auth password method to ssh config
itouri Feb 2, 2018
3f9bed5
Added ssh.Password("")
itouri Feb 2, 2018
508f170
Added json_name field of authType
itouri Feb 23, 2018
4155a3c
Modified identify typo and change to local variable from global
itouri Feb 23, 2018
f9112cf
Added validation of authtication_type to lxc.go and qemu.go
itouri Feb 23, 2018
6b769a9
Modified lxc and qemu AuthenticationType validation.
itouri Feb 23, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions .idea/libraries/GOPATH__openvdc_.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion .vscode/settings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
"json.schemas": [
{
"fileMatch": [
"/templates/**/*.json"
"/templates/**/*.json",
"/ci/citest/acceptance-test/tests/fixtures/**/*.json"
],
"url": "./schema/v1.json"
}
Expand Down
3 changes: 1 addition & 2 deletions api/executor/executor.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions api/instance_service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,11 +244,14 @@ func (s *InstanceAPI) Console(ctx context.Context, in *ConsoleRequest) (*Console
log.WithError(err).WithField("instance_id", in.GetInstanceId()).Error("Failed to find the instance")
return nil, err
}
instResource := inst.ResourceTemplate().(model.InstanceResource)
authType := instResource.GetAuthenticationType()

return &ConsoleReply{
InstanceId: instanceID,
Type: node.Console.Type,
Address: node.Console.BindAddr,
AuthType: authType,
}, nil
}

Expand Down
147 changes: 78 additions & 69 deletions api/v1.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion ci/citest/acceptance-test/tests/00_ssh.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,12 @@ package tests

import (
"bytes"
"golang.org/x/crypto/ssh"
"testing"
"time"

"golang.org/x/crypto/ssh"
)

const zookeeper_ip = "10.0.100.10"
const mesos_master_ip = "10.0.100.11"
const scheduler_ip = "10.0.100.12"
Expand All @@ -26,6 +28,7 @@ func RunSsh(ip string, cmd string) (*bytes.Buffer, *bytes.Buffer, error) {
Auth: []ssh.AuthMethod{
ssh.Password("kemumaki"),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}

connection, err := ssh.Dial("tcp", ip+":22", sshConfig)
Expand Down
50 changes: 50 additions & 0 deletions ci/citest/acceptance-test/tests/cmd_console_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ package tests

import (
"fmt"
"io/ioutil"
"strings"
"testing"
"time"
Expand All @@ -21,6 +22,24 @@ func runConsoleCmd(instance_id string, t *testing.T) {
RunCmdAndExpectFail(t, "sh", "-c", fmt.Sprintf("openvdc console %s -- false", instance_id))
}

func runConsoleCmdWithPrivatekey(instance_id string, private_key_path string, t *testing.T, expect_fail bool) {
if expect_fail {
RunCmdAndExpectFail(t, "openvdc", "console", instance_id, "-i", private_key_path)
} else {
RunCmdAndReportFail(t, "openvdc", "console", instance_id, "-i", private_key_path)
}
Copy link
Contributor

@Metallion Metallion Oct 23, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is only called twice. Once with expect_fail = true and once with expect_fail = false.

Since only one line gets executed for each call, I think it's better to write those lines directly in the test instead of in a separate function.

Copy link
Contributor Author

@itouri itouri Feb 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleted runConsoleCmdWithPrivatekey and integrated to TestLXCCmdConsole_AuthenticationPubkey.

}
Copy link
Contributor

@Metallion Metallion Oct 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should also confirm that the console command fails when you provide the wrong private key.

Copy link
Contributor Author

@itouri itouri Feb 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added TestLXCCmdConsole_AuthenticationPubkeymethod testing worng key.


func TestCmdConsole_ShowOptionAuthenticationNone(t *testing.T) {
stdout, _ := RunCmdAndReportFail(t, "openvdc", "run", "centos/7/lxc", `{"authentication_type":"none"}`)
instance_id := strings.TrimSpace(stdout.String())
WaitInstance(t, 5*time.Minute, instance_id, "RUNNING", []string{"QUEUED", "STARTING"})
runConsoleCmd(instance_id, t)
runConsoleCmdPiped(instance_id, t)
RunCmdWithTimeoutAndReportFail(t, 10, 5, "openvdc", "destroy", instance_id)
WaitInstance(t, 5*time.Minute, instance_id, "TERMINATED", nil)
}

func TestLXCCmdConsole_ShowOption(t *testing.T) {
stdout, _ := RunCmdAndReportFail(t, "openvdc", "run", "centos/7/lxc")
instance_id := strings.TrimSpace(stdout.String())
Expand All @@ -31,6 +50,37 @@ func TestLXCCmdConsole_ShowOption(t *testing.T) {
WaitInstance(t, 5*time.Minute, instance_id, "TERMINATED", nil)
}

func TestLXCCmdConsole_AuthenticationPubkey(t *testing.T) {
// Make key pair by ssh-keygen
private_key_path := "./testRsa"
private_key_path2 := "./testRsa2"
_, _, err := RunCmd("ssh-keygen", "-t", "rsa", "-f", private_key_path, "-C", "", "-N", "")
if err != nil {
t.Fatalf("err: %s", err)
}
_, _, err = RunCmd("ssh-keygen", "-t", "rsa", "-f", private_key_path2, "-C", "", "-N", "")
if err != nil {
t.Fatalf("err: %s", err)
}

// Read public key
data, err := ioutil.ReadFile(private_key_path + ".pub")
if err != nil {
t.Fatalf("Can not read public key: %s\n", err.Error())
}
public_key := strings.Replace(string(data), "\n", "", -1)
stdout, _ := RunCmdAndReportFail(t, "openvdc", "run", "centos/7/lxc", `{"authentication_type":"pub_key","ssh_public_key":"`+public_key+`"}`)

// runConsole()
instance_id := strings.TrimSpace(stdout.String())
WaitInstance(t, 5*time.Minute, instance_id, "RUNNING", []string{"QUEUED", "STARTING"})
runConsoleCmdWithPrivatekey(instance_id, private_key_path, t, false)
runConsoleCmdWithPrivatekey(instance_id, private_key_path2, t, true) // This can not be authenticated.
//vrunConsoleCmdPiped(instance_id, t)
RunCmdWithTimeoutAndReportFail(t, 10, 5, "openvdc", "destroy", instance_id)
WaitInstance(t, 5*time.Minute, instance_id, "TERMINATED", nil)
Copy link
Contributor

@Metallion Metallion Jul 4, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this a test for console authentication? It just starts an instance and then terminates it.

Copy link
Contributor Author

@itouri itouri Sep 1, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added code to test the console. And change function name to TestCmdConsole_ShowOptionAuthenticationNone.

}

func TestQEMUCmdConsole_ShowOption(t *testing.T) {
stdout, _ := RunCmdAndReportFail(t, "openvdc", "run", "centos/7/qemu_ga")
instance_id := strings.TrimSpace(stdout.String())
Expand Down
14 changes: 14 additions & 0 deletions ci/citest/acceptance-test/tests/fixtures/lxc_auth_ssh.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"title": "CentOS7",
"template": {
"type": "vm/lxc",
"lxc_template": {
"openvdc": {
"distro": "centos",
"release": "7"
}
},
"authentication_type": "none"
}
}

Loading