Add "shibaken" generator to populate user-data with public keys from IMDS

[jpculp]

Issue number:
N/A

Description of changes:

Add "shibaken" generator to populate user-data with public keys from IMDS

This populates the host container's user-data setting with public keys
available from IMDS in the event that user-data has not been populated
by the user.

Adds a new migration helper AddMetadataMigration to remove setting
metadata (like setting-generators).

Adds a new migration for shibaken setting-generator.

Testing done:

Build aws-ecs-1 image and launched instance.

Verified that host-containers.admin.user-data contained a base64-encoded block.

Enabled and launched admin container, which started fine.

Verified that /.bottlerocket/host-containers/admin/user-data contained JSON with the following structure:

{
   "ssh":{
      "authorized_keys":[
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V
          hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr
          lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ
          qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb
          BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE my-key-pair"
      ]
   }
}

Ran sudo sheltie to verify root shell was still available.

@etungsten verified the migration between (1.0.5, 1.0.6)

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[zmrow]

Also - could we update the testing of this PR to reflect that the migration up/down was tested and the settings appeared as we expected them to and the admin host container works in both versions?

[zmrow]

Looks good!

🪂

[tjkirch]

tangent: It is a bit unfortunate to have three implementations of this now, each slightly different. We should consider making an imds crate as a follow-up.

[jpculp]

I definitely agree. I can take that on in another PR if folks are interested.

[jpculp]

For some context on the recent pushes that squashed together...

Rebased and addressed comments/concerns with the shibaken crate itself:
https://github.com/bottlerocket-os/bottlerocket/compare/e617e9ec..0d9fb467

Replaced instances of host container with admin container and enhanced the AddMetadataMigration to accept multiple settings (+ unit test):
https://github.com/bottlerocket-os/bottlerocket/compare/0d9fb467..30d61d14

Attempt to manually fix merge conflict:
https://github.com/bottlerocket-os/bottlerocket/compare/30d61d14..925e9f1c

Went back and just rebased instead:
https://github.com/bottlerocket-os/bottlerocket/compare/925e9f1c..11e5885fc2463e2495bcdff0ca7a61d6dd730df0

[jpculp]

• Changed SettingsMetadata to SettingMetadata
• Simplified parse_args function logic
• Replaced 'a lifetimes with static in AddMetadataMigration code
• Additional clean-up

[jpculp]

• Changed SettingMetadata from a vec to a slice in AddMetadataMigration
• Replaced instances of url with uri in shibaken
• Removed comma from the last element of the (1.0.5, 1.0.6) migration list for consistency

(CI failure)

[zmrow]

🦺

[jpculp]

• Changed SettingMetadata from a vec to a slice in add-shibaken
• Added additional commas to migration lists in Release.toml. The hope is we can be consistent in adding them to make it easier to append additional migrations between PRs.