Add password and encryption to private key (#164)

* Add password and encryption to private key * Returned back default constructions * get_key modif * bytes() to encode() * revert default constructions and modif get_key.py file * Add fernet encryption and decryption methods * Added decryption to local key * Fix misstakes * Accidental deleting * Add password argument * BestAvailableEncryption used and load_pem_private_key * try block update with write file * Removed 1 line method * removed decrypt method and add password to pre_build * Hotfix * Pipeline modif and removed password argument
opentelekomcloud-infra · Dec 10, 2019 · d2680dc · d2680dc
1 parent 889ef6e
commit d2680dc
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/scenarios/core/get_key.py b/scenarios/core/get_key.py
@@ -22,7 +22,7 @@ def parse_params():
     return args
 
 
-def generate_private_key():
+def generate_private_key(password: str):
     key = rsa.generate_private_key(
         backend=crypto_default_backend(),
         public_exponent=65537,
@@ -31,7 +31,7 @@ def generate_private_key():
     return key.private_bytes(
         crypto_serialization.Encoding.PEM,
         crypto_serialization.PrivateFormat.TraditionalOpenSSL,
-        crypto_serialization.NoEncryption())
+        crypto_serialization.BestAvailableEncryption(password.encode('utf-8')))
 
 
 def requires_update(file_name, remote_md5):
@@ -49,6 +49,7 @@ def get_key_from_s3() -> str:
                       aws_secret_access_key=os.environ['AWS_SECRET_ACCESS_KEY'])
     output_file = args.output
     key_name = args.key
+    password = input()
     obs = session.resource('s3', endpoint_url=S3_ENDPOINT)
     bucket = obs.Bucket(BUCKET)
     try:
@@ -59,7 +60,7 @@ def get_key_from_s3() -> str:
     except ClientError as cl_e:
         if cl_e.response['Error']['Code'] == '404':
             print('The object does not exist in s3. Generating new one ...')
-            key = generate_private_key()
+            key = generate_private_key(password)
             obj = obs.Object(BUCKET, key_name)
             obj.put(Body=key)
             with open(output_file, 'wb') as file:

diff --git a/scenarios/core/pre_build.sh b/scenarios/core/pre_build.sh
@@ -8,10 +8,10 @@ file_name="scn${number}_instance_rsa"
 export RSA_PRIVATE_KEY="$(pwd)/${file_name}"
 ssh-add -d "${RSA_PRIVATE_KEY}"
 
-python3 "${parent_dir}/core/get_key.py" -k "key/${file_name}" -o ${RSA_PRIVATE_KEY}
+python3 "${parent_dir}/core/get_key.py" -k "key/${file_name}" -o ${RSA_PRIVATE_KEY} <<< ${RSA_PASSWORD}
 
-ssh-add "${RSA_PRIVATE_KEY}" || exit 3
-ssh-keygen -y -f ${RSA_PRIVATE_KEY} >"${RSA_PRIVATE_KEY}.pub"
+echo ${RSA_PASSWORD} > ssh-add "${RSA_PRIVATE_KEY}"|| exit 3
+ssh-keygen -y -f ${RSA_PRIVATE_KEY} > "${RSA_PRIVATE_KEY}.pub"
 echo "${RSA_PRIVATE_KEY}.pub"
 export TF_VAR_public_key=$(<"${RSA_PRIVATE_KEY}.pub")
 echo "ECS public key: ${TF_VAR_public_key}"