Revert "refactor and more: move Python script for cloud-init out of Rust"

This reverts commit 36b2ebd1643833700e57c51523d8c9c66f3d0034.

1 files changed, 92 insertions, 1 deletions

diff --git a/src/cloudinit.rs b/src/cloudinit.rs
index 0cbd2f0..9d14538 100644
--- a/src/cloudinit.rs
+++ b/src/cloudinit.rs
@@ -17,7 +17,98 @@ use std::path::{Path, PathBuf};
 use std::process::Command;
 use tempfile::tempdir;
 
-const SCRIPT: &str = include_str!("../script.py");
+const SCRIPT: &str = r#"
+import os
+import yaml
+
+
+def log(msg):
+    logfile.write(msg)
+    logfile.write("\n")
+    logfile.flush()
+
+
+logfile = open("/tmp/vmadm.script", "w")
+log("vmadm cloud-init script starting")
+
+if os.environ.get("VMADM_TESTING"):
+    filename = "smoke/user-data"
+    etc = "x"
+else:
+    filename = "/var/lib/cloud/instance/user-data.txt"
+    etc = "/etc/ssh"
+
+key_types = ("rsa", "dsa", "ecdsa", "ed25519")
+
+log(f"loading user-data from {filename}")
+obj = yaml.safe_load(open(filename))
+
+ssh_keys = obj.get("ssh_keys", {})
+user_ca_pubkey = obj.get("user_ca_pubkey", {})
+allow_authorized_keys = obj.get("allow_authorized_keys", True)
+
+keys = []
+certs = []
+
+for key_type in key_types:
+    filename = os.path.join(etc, f"ssh_host_{key_type}_key.pub")
+    if os.path.exists(filename):
+        log(f"removing {filename}")
+        os.remove(filename)
+    else:
+        log(f"file {filename} does not exist")
+
+for key_type in key_types:
+    key = ssh_keys.get(f"{key_type}_private")
+    cert = ssh_keys.get(f"{key_type}_certificate")
+    log(f"key {key_type} {key}")
+    log(f"cert {key_type} {cert }")
+
+    if key:
+        filename = os.path.join(etc, f"ssh_host_{key_type}_key")
+        log(f"writing key {filename}")
+        keys.append(filename)
+        with open(filename, "w") as f:
+            f.write(key)
+
+    if cert:
+        filename = os.path.join(etc, f"ssh_host_{key_type}_key-cert.pub")
+        log(f"writing cert {filename}")
+        certs.append(filename)
+        with open(filename, "w") as f:
+            f.write(cert)
+
+user_ca_filename = os.path.join(etc, "user-ca-keys")
+if user_ca_pubkey:
+    with open(user_ca_filename, "w") as f:
+        f.write(user_ca_pubkey)
+
+config = os.path.join(etc, "sshd_config")
+data = ""
+if os.path.exists(config):
+    data = open(config).read()
+
+log(f"configuring sshd {config}")
+log(f"keys {keys}")
+log(f"certs {certs}")
+
+with open(config, "w") as f:
+    for filename in keys:
+        log(f"hostkey {filename}")
+        f.write(f"hostkey {filename}\n")
+    for filename in certs:
+        log(f"hostcert {filename}")
+        f.write(f"hostcertificate {filename}\n")
+    if user_ca_pubkey:
+        log(f"trustedusercakeys {user_ca_filename}")
+        f.write(f"trustedusercakeys {user_ca_filename}\n")
+    if not allow_authorized_keys:
+        f.write("authorizedkeysfile none\n")
+    f.write(data)
+
+log("vmadm cloud-init script ending")
+logfile.close()
+"#;
 
 /// Errors from this module.
 #[derive(Debug, thiserror::Error)]