From 7fb4d37e19469b1bf567dd57cb86ae9f9f9d44c0 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Wed, 6 Apr 2022 20:01:41 +0300
Subject: feat: add a user_ca_pubkey field to config, spec

With this, there's no need to install an SSH key into root's
authorized_keys file.

Sponsored-by: author
---
 vmadm.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'vmadm.md')

diff --git a/vmadm.md b/vmadm.md
index 71a49d1..9c6d3aa 100644
--- a/vmadm.md
+++ b/vmadm.md
@@ -71,6 +71,7 @@ default_cpus: 1
 default_generate_host_certificate: true
 default_autostart: true
 ca_key: ~/ca_key
+user_ca_pubkey: ~/user_ca_pubkey
 authorized_keys:
   - ~/.ssh/id_rsa.pub
 ~~~
@@ -88,6 +89,7 @@ authorized_keys:
         "network=default"
     ],
     "ca_key": "~/ca_key",
+    "user_ca_pubkey": "~/user_ca_pubkey",
     "authorized_keys": [
         "~/.ssh/id_rsa.pub"
     ]
@@ -122,7 +124,8 @@ foo:
         "cpus": 1,
         "generate_host_certificate": true,
         "autostart": true,
-        "ca_key": "~/other_ca"
+        "ca_key": "~/other_ca",
+        "user_ca_pubkey": "~/user_ca_pubkey"
     }
 ]
 ~~~
@@ -164,6 +167,7 @@ given an installed vmadm
 given file init.yaml
 given file config.yaml
 given file .ssh/id_rsa.pub from init_ssh_key_pub
+given file user_ca_pubkey from ssh_key_pub
 given file expected/init-test/meta-data from init-metadata
 given file expected/init-test/user-data from init-userdata
 when I run vmadm cloud-init --config config.yaml init.yaml actual
@@ -211,6 +215,8 @@ ssh_keys:
   ecdsa_certificate: ecdsa-certificate
   ed25519_private: ed25519-private
   ed25519_certificate: ed25519-certificate
+user_ca_pubkey: >
+  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChZ6mVuGLBpW7SarFU/Tu6TemquNxatbMUZuTk8RqVtbkvTKeWFZ5h5tntWPHgST8ykYFaIrr8eYuKQkKdBxHW7H8kejTNwRu/rDbRYX5wxTn4jw4RVopGTpxMlGrWeu5CkWPoLAhQtIzzUAnrDGp9sqG6P1G4ohI61wZMFQta9R2uNxXnnes+e2r4Y78GxmlQH/o0ouI8fBnsxRK0IoSfFs2LutO6wjyzR59FdC9TT7wufd5kXMRzxsmPGeXzNcaqvHGxBvRucGFclCkqSRwk3GNEpXZQhlCIoTIoRu0IPAp/430tlx9zJMhhwDlZsOOXRrFYpdWVMSTAAKECLSYx liw@exolobe1
 ~~~
 
 # Create a virtual machine
@@ -228,6 +234,7 @@ given a Debian 10 OpenStack cloud image
 given file smoke.yaml
 given file config.yaml
 given file ca_key
+given file user_ca_pubkey from ssh_key_pub
 given file .ssh/id_rsa from ssh_key
 given file .ssh/id_rsa.pub from ssh_key_pub
 given file .ssh/config from ssh_config
@@ -290,6 +297,7 @@ given file smoke.yaml
 given file other.yaml
 given file config.yaml
 given file ca_key
+given file user_ca_pubkey from ssh_key_pub
 given file .ssh/id_rsa from ssh_key
 given file .ssh/id_rsa.pub from ssh_key_pub
 given file .ssh/config from ssh_config
@@ -351,6 +359,7 @@ given a Debian 10 OpenStack cloud image
 given file smoke.yaml
 given file config.yaml
 given file ca_key
+given file user_ca_pubkey from ssh_key_pub
 given file .ssh/id_rsa from ssh_key
 given file .ssh/id_rsa.pub from ssh_key_pub
 given file .ssh/config from ssh_config
-- 
cgit v1.2.1