Fixing handling of a private key

diff --git a/.gitignore b/.gitignore
index 1777ef496115f6101a78db6f85b3483b211418d7..dc19e0565bb4ac7739e96d68d1e6e474b46113fc 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -22,5 +22,6 @@ etc/*.ini
 *.backup
 .idea
 .vscode
+.dont-use*
 build
 dist

diff --git a/lib/cr_tf/handler/files.py b/lib/cr_tf/handler/files.py
index f34d93bd044f3495416288d2f483c940794b98f1..6a7549bd928ad057e8e3aadf695896e7a236c7d2 100644 (file)
--- a/lib/cr_tf/handler/files.py
+++ b/lib/cr_tf/handler/files.py
@@ -12,6 +12,7 @@ from __future__ import absolute_import, print_function
 import logging
 import os
 import shutil
+import stat
 import textwrap
 
 from pathlib import Path
@@ -27,7 +28,7 @@ from ..errors import AbortExecution
 
 from ..xlate import XLATOR
 
-__version__ = '0.4.0'
+__version__ = '0.4.1'
 LOG = logging.getLogger(__name__)
 
 _ = XLATOR.gettext
@@ -168,6 +169,14 @@ class CrTfHandlerFilesMixin():
             str(self.script_dir), str(self.project_dir)))
         LOG.debug(_("Script-Dir relative to project dir: {!r}.").format(str(self.script_dir_rel)))
 
+        filemode = stat.S_IMODE(self.private_key.stat().st_mode)
+        LOG.debug(_("Permissions of {k!r} are {m:04o}.").format(
+            k=str(self.private_key), m=filemode))
+        if filemode not in [0o400, 0o600]:
+            LOG.info(_("Setting permissions of {k!r} from {o:04o} to {m:04o}.").format(
+                k=str(self.private_key), o=filemode, m=0o600))
+            self.private_key.chmod(0o600)
+
         self.keys_dir_rel = Path(os.path.relpath(
             str(self.keys_dir), str(self.project_dir)))
         LOG.debug(_("Directory for SSH deploy keys relative to project dir: {!r}.").format(
@@ -758,7 +767,7 @@ class CrTfHandlerFilesMixin():
                 type        = "ssh"
                 host        = "{h}"
                 user        = "root"
-                private_key = "{k}"
+                private_key = file("{k}")
                 agent       = "false"
               }}
             }}
@@ -779,7 +788,7 @@ class CrTfHandlerFilesMixin():
                 type        = "ssh"
                 host        = "{h}"
                 user        = "root"
-                private_key = "{k}"
+                private_key = file("{k}")
                 agent       = "false"
               }}
             }}
@@ -852,7 +861,7 @@ class CrTfHandlerFilesMixin():
         content += '      type        = "ssh"\n'
         content += '      host        = "{}"\n'.format(vm.fqdn)
         content += '      user        = "root"\n'
-        content += '      private_key = "{}"\n'.format(self.private_key_rel)
+        content += '      private_key = file("{}")\n'.format(self.private_key_rel)
         content += '      agent       = "false"\n'
         content += '    }\n'
         content += '  }\n\n'
@@ -871,11 +880,9 @@ class CrTfHandlerFilesMixin():
             content += '    ]\n'
             content += '    when   = destroy\n'
             content += '    connection {\n'
-            content += '      type        = "ssh"\n'
-            content += '      host        = "{}"\n'.format(vm.fqdn)
-            content += '      user        = "root"\n'
-            content += '      private_key = "{}"\n'.format(self.private_key_rel)
-            content += '      agent       = "false"\n'
+            content += '      type = "ssh"\n'
+            content += '      host = "{}"\n'.format(vm.fqdn)
+            content += '      user = "root"\n'
             content += '    }\n'
             content += '  }\n\n'
 
@@ -957,7 +964,7 @@ class CrTfHandlerFilesMixin():
             type        = "ssh"
             host        = "{h}"
             user        = "root"
-            private_key = "{k}"
+            private_key = file("{k}")
             agent       = "false"
           }}
         }}
@@ -980,11 +987,9 @@ class CrTfHandlerFilesMixin():
           ]
           when   = destroy
           connection {{
-            type        = "ssh"
-            host        = "{h}"
-            user        = "root"
-            private_key = "{k}"
-            agent       = "false"
+            type = "ssh"
+            host = "{h}"
+            user = "root"
           }}
         }}