From 6dd3095528ea53d60f11fd9eccc2251a0a776e0a Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 11 Nov 2024 13:49:31 +0100 Subject: [PATCH 1/3] Parse SSH public key with correct function. --- cmd/metal-api/internal/service/machine-service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/metal-api/internal/service/machine-service.go b/cmd/metal-api/internal/service/machine-service.go index ed39f4f2..df11ea41 100644 --- a/cmd/metal-api/internal/service/machine-service.go +++ b/cmd/metal-api/internal/service/machine-service.go @@ -1378,7 +1378,7 @@ func validateAllocationSpec(allocationSpec *machineAllocationSpec) error { } for _, pubKey := range allocationSpec.SSHPubKeys { - _, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pubKey)) + _, err := ssh.ParsePublicKey([]byte(pubKey)) if err != nil { return fmt.Errorf("invalid public SSH key: %s", pubKey) } From 954bf1d894eceaa23b542343da26891058a3766e Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Wed, 13 Nov 2024 11:09:25 +0100 Subject: [PATCH 2/3] Tell what error occured --- cmd/metal-api/internal/service/machine-service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/metal-api/internal/service/machine-service.go b/cmd/metal-api/internal/service/machine-service.go index df11ea41..07add4f7 100644 --- a/cmd/metal-api/internal/service/machine-service.go +++ b/cmd/metal-api/internal/service/machine-service.go @@ -1380,7 +1380,7 @@ func validateAllocationSpec(allocationSpec *machineAllocationSpec) error { for _, pubKey := range allocationSpec.SSHPubKeys { _, err := ssh.ParsePublicKey([]byte(pubKey)) if err != nil { - return fmt.Errorf("invalid public SSH key: %s", pubKey) + return fmt.Errorf("invalid public SSH key: %s error:%w", pubKey, err) } } From 1dcf64ba35861717486a2f2cc68ddcd7fac89652 Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Wed, 13 Nov 2024 11:18:52 +0100 Subject: [PATCH 3/3] Add missing test for ecdsa keys --- cmd/metal-api/internal/service/machine-service.go | 2 +- .../internal/service/machine-service_test.go | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/cmd/metal-api/internal/service/machine-service.go b/cmd/metal-api/internal/service/machine-service.go index 07add4f7..69e6fd11 100644 --- a/cmd/metal-api/internal/service/machine-service.go +++ b/cmd/metal-api/internal/service/machine-service.go @@ -1378,7 +1378,7 @@ func validateAllocationSpec(allocationSpec *machineAllocationSpec) error { } for _, pubKey := range allocationSpec.SSHPubKeys { - _, err := ssh.ParsePublicKey([]byte(pubKey)) + _, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pubKey)) if err != nil { return fmt.Errorf("invalid public SSH key: %s error:%w", pubKey, err) } diff --git a/cmd/metal-api/internal/service/machine-service_test.go b/cmd/metal-api/internal/service/machine-service_test.go index 39a66251..c4fb836e 100644 --- a/cmd/metal-api/internal/service/machine-service_test.go +++ b/cmd/metal-api/internal/service/machine-service_test.go @@ -645,9 +645,20 @@ func Test_validateAllocationSpec(t *testing.T) { Role: metal.RoleMachine, }, isError: true, - expected: `invalid public SSH key: 42`, + expected: `invalid public SSH key: 42 error:ssh: no key found`, name: "invalid ssh", }, + { + spec: machineAllocationSpec{ + UUID: "43", + Creator: testEmail, + ProjectID: "123", + SSHPubKeys: []string{"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH9uyBvRBTUJFFAOKB/ZH/5Mm/MrqEDhkB4wTPWbJaJ5zHirBrLS1qk2Ut0yEL4vZvfnafnrzsed3n75/1BSmSg= test@metal-stack.io"}, + Role: metal.RoleMachine, + }, + isError: false, + name: "valid ssh", + }, { spec: machineAllocationSpec{ UUID: "gopher-uuid",