Skip to content

Commit 199ee96

Browse files
m-strzelczykdandhleeleahecole
authored
feat(compute): Adding script for OS Login with physical keys (GoogleCloudPlatform#7448)
* feat(compute): Adding script for OS Login with physical security keys * Adding the region tags to make this a sample. * Applying review comment. Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com> Co-authored-by: Leah E. Cole <6719667+leahecole@users.noreply.github.com>
1 parent 7b3846c commit 199ee96

File tree

1 file changed

+99
-0
lines changed

1 file changed

+99
-0
lines changed
Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
#!/usr/bin/env python
2+
# Copyright 2022 Google LLC
3+
#
4+
# Licensed under the Apache License, Version 2.0 (the "License");
5+
# you may not use this file except in compliance with the License.
6+
# You may obtain a copy of the License at
7+
#
8+
# http://www.apache.org/licenses/LICENSE-2.0
9+
#
10+
# Unless required by applicable law or agreed to in writing, software
11+
# distributed under the License is distributed on an "AS IS" BASIS,
12+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
# See the License for the specific language governing permissions and
14+
# limitations under the License.
15+
16+
# [START compute_oslogin_physical_sk_script]
17+
import argparse
18+
import os
19+
import subprocess
20+
21+
import googleapiclient.discovery
22+
23+
24+
def write_ssh_key_files(security_keys, directory):
25+
"""Store the SSH key files."""
26+
key_files = []
27+
for index, key in enumerate(security_keys):
28+
key_file = os.path.join(directory, "google_sk_%s" % index)
29+
with open(key_file, "w") as f:
30+
f.write(key.get("privateKey"))
31+
os.chmod(key_file, 0o600)
32+
key_files.append(key_file)
33+
return key_files
34+
35+
36+
def ssh_command(key_files, username, ip_address):
37+
"""Construct the SSH command for a given IP address and key files."""
38+
command = ["ssh"]
39+
for key_file in key_files:
40+
command.extend(["-i", key_file])
41+
command.append("{username}@{ip}".format(username=username, ip=ip_address))
42+
return command
43+
44+
45+
def main(user_key, ip_address, dryrun, directory=None):
46+
"""Configure SSH key files and print SSH command."""
47+
directory = directory or os.path.join(os.path.expanduser("~"), ".ssh")
48+
49+
# Create the OS Login API object.
50+
oslogin = googleapiclient.discovery.build("oslogin", "v1beta")
51+
52+
# Retrieve security keys and OS Login username from a user's Google account.
53+
profile = (
54+
oslogin.users()
55+
.getLoginProfile(name="users/{}".format(user_key), view="SECURITY_KEY")
56+
.execute()
57+
)
58+
security_keys = profile.get("securityKeys")
59+
60+
if "posixAccounts" not in profile:
61+
print("You don't have a POSIX account configured.")
62+
return
63+
64+
username = profile.get("posixAccounts")[0].get("username")
65+
66+
# Write the SSH private key files.
67+
key_files = write_ssh_key_files(security_keys, directory)
68+
69+
# Compose the SSH command.
70+
command = ssh_command(key_files, username, ip_address)
71+
72+
if dryrun:
73+
# Print the SSH command.
74+
print(" ".join(command))
75+
else:
76+
# Connect to the IP address over SSH.
77+
subprocess.call(command)
78+
79+
80+
if __name__ == "__main__":
81+
parser = argparse.ArgumentParser(
82+
description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
83+
)
84+
parser.add_argument("--user_key", help="Your primary email address.")
85+
parser.add_argument(
86+
"--ip_address", help="The external IP address of the VM you want to connect to."
87+
)
88+
parser.add_argument("--directory", help="The directory to store SSH private keys.")
89+
parser.add_argument(
90+
"--dryrun",
91+
dest="dryrun",
92+
default=False,
93+
action="store_true",
94+
help="Turn off dryrun mode to execute the SSH command",
95+
)
96+
args = parser.parse_args()
97+
98+
main(args.user_key, args.ip_address, args.dryrun, args.directory)
99+
# [END compute_oslogin_physical_sk_script]

0 commit comments

Comments
 (0)