From b679a930da33e7213108fa77b378f61f9c64defe Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni@golov.de>
Date: Tue, 18 Dec 2018 12:46:44 +0100
Subject: [PATCH] allow fetching REX keys from the API

this requires REX 1.6.7 or newer to be installed
---
 bootstrap.py | 51 ++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 36 insertions(+), 15 deletions(-)

diff --git a/bootstrap.py b/bootstrap.py
index fc2c318..b083c7e 100755
--- a/bootstrap.py
+++ b/bootstrap.py
@@ -566,9 +566,37 @@ def fully_update_the_box():
 
 # curl https://satellite.example.com:9090/ssh/pubkey >> ~/.ssh/authorized_keys
 # sort -u ~/.ssh/authorized_keys
-def install_foreman_ssh_key(remote_url):
+def install_foreman_ssh_key_from_url(remote_url):
     """
-    Download and install the Satellite's SSH public key into the foreman user's
+    Download and install Foreman's SSH public key.
+    """
+    try:
+        foreman_ssh_key = urllib2.urlopen(remote_url, timeout=options.timeout).read()
+    except urllib2.HTTPError, exception:
+        print_generic("The server was unable to fulfill the request. Error: %s - %s" % (exception.code, exception.reason))
+        print_generic("Please ensure the Remote Execution feature is configured properly")
+        print_warning("Installing Foreman SSH key")
+        return
+    except urllib2.URLError, exception:
+        print_generic("Could not reach the server. Error: %s" % exception.reason)
+        return
+    install_foreman_ssh_key_from_string(foreman_ssh_key)
+
+
+def install_foreman_ssh_key_from_api():
+    """
+    Download and install all Foreman's SSH public keys.
+    """
+    url = "https://" + options.foreman_fqdn + ":" + str(API_PORT) + "/api/v2/smart_proxies/"
+    smart_proxies = get_json(url)
+    for smart_proxy in smart_proxies['results']:
+        if 'remote_execution_pubkey' in smart_proxy:
+            install_foreman_ssh_key_from_string(smart_proxy['remote_execution_pubkey']
+
+
+def install_foreman_ssh_key_from_string(foreman_ssh_key):
+    """
+    Install Foreman's SSH public key into the foreman user's
     authorized keys file location, so that remote execution becomes possible.
     If not set default is ~/.ssh/authorized_keys
     """
@@ -582,16 +610,6 @@ def install_foreman_ssh_key(remote_url):
     elif not os.path.isfile(options.remote_exec_authpath):
         print_error("Foreman's SSH key not installed. File where authorized_keys must be located is not found: %s" % options.remote_exec_authpath)
         return
-    try:
-        foreman_ssh_key = urllib2.urlopen(remote_url, timeout=options.timeout).read()
-    except urllib2.HTTPError, exception:
-        print_generic("The server was unable to fulfill the request. Error: %s - %s" % (exception.code, exception.reason))
-        print_generic("Please ensure the Remote Execution feature is configured properly")
-        print_warning("Installing Foreman SSH key")
-        return
-    except urllib2.URLError, exception:
-        print_generic("Could not reach the server. Error: %s" % exception.reason)
-        return
     if os.path.isfile(options.remote_exec_authpath):
         if foreman_ssh_key in open(options.remote_exec_authpath, 'r').read():
             print_generic("Foreman's SSH key already present in %s" % options.remote_exec_authpath)
@@ -1083,6 +1101,7 @@ def exec_service(service, command, failonerror=True):
     parser.add_option("--rex-user", dest="remote_exec_user", default="root", help="Local user used by Foreman's remote execution feature.")
     parser.add_option("--rex-proxies", dest="remote_exec_proxies", help="Comma separated list of proxies to install Foreman's SSH keys for remote execution.")
     parser.add_option("--rex-urlkeyfile", dest="remote_exec_url", help="HTTP/S location to install a file containing one or multiple Foreman's SSH keys for remote execution.")
+    parser.add_option("--rex-apikeys", dest="remote_exec_apikeys", help="Fetch Foreman's SSH keys from the API.")
     parser.add_option("--rex-authpath", dest="remote_exec_authpath", help="Full path to local authorized_keys file in order to install Foreman's SSH keys for remote execution. Default ~/.ssh/authorized_keys")
     parser.add_option("--enablerepos", dest="enablerepos", help="Repositories to be enabled via subscription-manager - comma separated", metavar="enablerepos")
     parser.add_option("--skip", dest="skip", action="append", help="Skip the listed steps (choices: %s)" % SKIP_STEPS, choices=SKIP_STEPS, default=[])
@@ -1395,9 +1414,11 @@ def exec_service(service, command, failonerror=True):
                 listproxies = options.remote_exec_proxies.split(",")
                 for proxy_fqdn in listproxies:
                     remote_exec_url = "https://" + str(proxy_fqdn) + ":9090/ssh/pubkey"
-                    install_foreman_ssh_key(remote_exec_url)
+                    install_foreman_ssh_key_from_url(remote_exec_url)
             elif options.remote_exec_url:
-                install_foreman_ssh_key(options.remote_exec_url)
+                install_foreman_ssh_key_from_url(options.remote_exec_url)
+            elif options.remote_exec_apikeys:
+                install_foreman_ssh_key_from_api()
             else:
                 remote_exec_url = "https://" + str(options.foreman_fqdn) + ":9090/ssh/pubkey"
-                install_foreman_ssh_key(remote_exec_url)
+                install_foreman_ssh_key_from_url(remote_exec_url)