Enable temporary_key_pair_type option for ed25519 (#179)

* Enable temporary_key_pair_type option for ed25519 Closes #144 * Improve temporary_key_pair_type validation Default to "rsa" if not given. Error if a value other than "rsa" or "ed25519" is given. * Add tests for temporary_key_pair_type * go fmt
hashicorp · Jan 24, 2022 · 47325f9 · 47325f9
1 parent 06fe648
commit 47325f9
Show file tree

Hide file tree

Showing 6 changed files with 131 additions and 10 deletions.
diff --git a/builder/common/run_config.go b/builder/common/run_config.go
@@ -595,6 +595,9 @@ type RunConfig struct {
 }
 
 func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
+	// Validation
+	errs := c.Comm.Prepare(ctx)
+
 	// If we are not given an explicit ssh_keypair_name or
 	// ssh_private_key_file, then create a temporary one, but only if the
 	// temporary_key_pair_name has not been provided and we are not using
@@ -603,6 +606,15 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 		c.Comm.SSHPrivateKeyFile == "" && c.Comm.SSHPassword == "" {
 
 		c.Comm.SSHTemporaryKeyPairName = fmt.Sprintf("packer_%s", uuid.TimeOrderedUUID())
+
+		if c.Comm.SSHTemporaryKeyPairType == "" {
+			c.Comm.SSHTemporaryKeyPairType = "rsa"
+		}
+
+		if c.Comm.SSHTemporaryKeyPairType != "rsa" && c.Comm.SSHTemporaryKeyPairType != "ed25519" {
+			msg := fmt.Errorf("temporary_key_pair_type requires either rsa or ed25519 as its value")
+			errs = append(errs, msg)
+		}
 	}
 
 	if c.WindowsPasswordTimeout == 0 {
@@ -613,9 +625,6 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 		c.RunTags = make(map[string]string)
 	}
 
-	// Validation
-	errs := c.Comm.Prepare(ctx)
-
 	if c.Metadata.HttpEndpoint == "" {
 		c.Metadata.HttpEndpoint = "enabled"
 	}

diff --git a/builder/common/run_config_test.go b/builder/common/run_config_test.go
@@ -230,6 +230,50 @@ func TestRunConfigPrepare_TemporaryKeyPairName(t *testing.T) {
 	}
 }
 
+func TestRunConfigPrepare_TemporaryKeyPairTypeDefault(t *testing.T) {
+	c := testConfig()
+	c.Comm.SSHTemporaryKeyPairType = ""
+	if err := c.Prepare(nil); len(err) != 0 {
+		t.Fatalf("err: %s", err)
+	}
+
+	if c.Comm.SSHTemporaryKeyPairType != "rsa" {
+		t.Fatal("keypair type should have defaulted to rsa")
+	}
+}
+
+func TestRunConfigPrepare_TemporaryKeyPairTypeRSA(t *testing.T) {
+	c := testConfig()
+	c.Comm.SSHTemporaryKeyPairType = "rsa"
+	if err := c.Prepare(nil); len(err) != 0 {
+		t.Fatalf("err: %s", err)
+	}
+
+	if c.Comm.SSHTemporaryKeyPairType != "rsa" {
+		t.Fatal("keypair type should have been rsa")
+	}
+}
+
+func TestRunConfigPrepare_TemporaryKeyPairTypeED25519(t *testing.T) {
+	c := testConfig()
+	c.Comm.SSHTemporaryKeyPairType = "ed25519"
+	if err := c.Prepare(nil); len(err) != 0 {
+		t.Fatalf("err: %s", err)
+	}
+
+	if c.Comm.SSHTemporaryKeyPairType != "ed25519" {
+		t.Fatal("keypair type should have been ed25519")
+	}
+}
+
+func TestRunConfigPrepare_TemporaryKeyPairTypeBad(t *testing.T) {
+	c := testConfig()
+	c.Comm.SSHTemporaryKeyPairType = "invalid"
+	if err := c.Prepare(nil); len(err) == 0 {
+		t.Fatalf("should error if temporary_key_pair_type is set to an invalid type")
+	}
+}
+
 func TestRunConfigPrepare_TenancyBad(t *testing.T) {
 	c := testConfig()
 	c.Tenancy = "not_real"

diff --git a/builder/common/step_key_pair.go b/builder/common/step_key_pair.go
@@ -66,6 +66,7 @@ func (s *StepKeyPair) Run(ctx context.Context, state multistep.StateBag) multist
 	ui.Say(fmt.Sprintf("Creating temporary keypair: %s", s.Comm.SSHTemporaryKeyPairName))
 	keypair := &ec2.CreateKeyPairInput{
 		KeyName: &s.Comm.SSHTemporaryKeyPairName,
+		KeyType: &s.Comm.SSHTemporaryKeyPairType,
 	}
 
 	if !s.IsRestricted {

diff --git a/builder/common/step_key_pair_test.go b/builder/common/step_key_pair_test.go
@@ -53,10 +53,10 @@ func keyPairState() multistep.StateBag {
 }
 
 func TestStepKeyPair_withDefault(t *testing.T) {
-	//testSSHTemporaryKeyPair := communicator.SSHTemporaryKeyPair{SSHTemporaryKeyPairType: "rsa"}
+	testSSHTemporaryKeyPair := communicator.SSHTemporaryKeyPair{SSHTemporaryKeyPairType: "rsa"}
 	testSSH := communicator.SSH{
 		SSHTemporaryKeyPairName: "temp-key-name",
-		//SSHTemporaryKeyPair: testSSHTemporaryKeyPair,
+		SSHTemporaryKeyPair:     testSSHTemporaryKeyPair,
 	}
 	comm := communicator.Config{
 		SSH: testSSH,
@@ -76,9 +76,8 @@ func TestStepKeyPair_withDefault(t *testing.T) {
 	if *createKeyPairArgs[0].KeyName != "temp-key-name" {
 		t.Fatalf(fmt.Sprintf("Unexpected Key Type expected %s, got %s", "temp-key-name", *createKeyPairArgs[0].KeyName))
 	}
-	// This case will pass when key type issue is fixed
-	//
-	//if *createKeyPairArgs[0].KeyType != "rsa" {
-	// t.Fatalf(fmt.Sprintf("Expeccted KeyType %s got %s", "rsa", *createKeyPairArgs[0].KeyType))
-	//}
+
+	if *createKeyPairArgs[0].KeyType != "rsa" {
+		t.Fatalf(fmt.Sprintf("Expeccted KeyType %s got %s", "rsa", *createKeyPairArgs[0].KeyType))
+	}
 }
diff --git a/builder/ebs/builder_acc_test.go b/builder/ebs/builder_acc_test.go
@@ -526,6 +526,43 @@ func TestAccBuilder_EbsKeyPair_rsa(t *testing.T) {
 	acctest.TestPlugin(t, testcase)
 }
 
+//go:embed test-fixtures/ed25519_ssh_keypair.pkr.hcl
+var testSSHKeyPairED25519 string
+
+func TestAccBuilder_EbsKeyPair_ed25519(t *testing.T) {
+	testcase := &acctest.PluginTestCase{
+		Name:     "amazon-ebs_ed25519",
+		Template: testSSHKeyPairED25519,
+		Check: func(buildCommand *exec.Cmd, logfile string) error {
+			if buildCommand.ProcessState.ExitCode() != 0 {
+				return fmt.Errorf("Bad exit code. Logfile: %s", logfile)
+			}
+			logs, err := os.Open(logfile)
+			if err != nil {
+				return fmt.Errorf("Unable find %s", logfile)
+			}
+			defer logs.Close()
+
+			logsBytes, err := ioutil.ReadAll(logs)
+			if err != nil {
+				return fmt.Errorf("Unable to read %s", logfile)
+			}
+			logsString := string(logsBytes)
+
+			expectedKeyType := "ed25519"
+			re := regexp.MustCompile(fmt.Sprintf(`(?:amazon-ebs.basic-example:\s+)+(ssh-%s)`, expectedKeyType))
+			matched := re.FindStringSubmatch(logsString)
+
+			if len(matched) != 2 {
+				return fmt.Errorf("unable to capture key information from  %q", logfile)
+			}
+
+			return nil
+		},
+	}
+	acctest.TestPlugin(t, testcase)
+}
+
 func testEC2Conn() (*ec2.EC2, error) {
 	access := &common.AccessConfig{RawRegion: "us-east-1"}
 	session, err := access.Session()

diff --git a/builder/ebs/test-fixtures/ed25519_ssh_keypair.pkr.hcl b/builder/ebs/test-fixtures/ed25519_ssh_keypair.pkr.hcl
@@ -0,0 +1,31 @@
+data "amazon-ami" "test" {
+  filters = {
+    name                = "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "us-east-1"
+}
+
+source "amazon-ebs" "basic-example" {
+  region                  = "us-east-1"
+  source_ami              = data.amazon-ami.test.id
+  instance_type           = "t2.micro"
+  ami_name                = "packer_ed25519_ssh_keypair_acctest"
+  communicator            = "ssh"
+  ssh_username            = "ubuntu"
+  temporary_key_pair_type = "ed25519"
+  skip_create_ami         = true
+}
+
+build {
+  sources = [
+    "source.amazon-ebs.basic-example"
+  ]
+
+  provisioner "shell" {
+    inline = ["echo 'Hello from the other side'", "cat ~/.ssh/authorized_keys"]
+  }
+}