Merge master into feature/emr

Author: aws-toolkit-automation

packages/core/src/awsService/ec2/sshKeyPair.ts

@@ -5,8 +5,11 @@
 import { fs } from '../../shared'
 import { chmodSync } from 'fs'
 import { ToolkitError } from '../../shared/errors'
-import { ChildProcess } from '../../shared/utilities/childProcess'
+import { tryRun } from '../../shared/utilities/pathFind'
 import { Timeout } from '../../shared/utilities/timeoutUtils'
+import { findAsync } from '../../shared/utilities/collectionUtils'
+
+type sshKeyType = 'rsa' | 'ed25519'
 
 export class SshKeyPair {
     private publicKeyPath: string
@@ -35,13 +38,25 @@ export class SshKeyPair {
     }
 
     public static async generateSshKeyPair(keyPath: string): Promise<void> {
-        const process = new ChildProcess(`ssh-keygen`, ['-t', 'ed25519', '-N', '', '-q', '-f', keyPath])
-        const result = await process.run()
-        if (result.exitCode !== 0) {
-            throw new ToolkitError('ec2: Failed to generate ssh key', { details: { stdout: result.stdout } })
+        const keyGenerated = await this.tryKeyTypes(keyPath, ['ed25519', 'rsa'])
+        if (!keyGenerated) {
+            throw new ToolkitError('ec2: Unable to generate ssh key pair')
         }
         chmodSync(keyPath, 0o600)
     }
+    /**
+     * Attempts to generate an ssh key pair. Returns true if successful, false otherwise.
+     * @param keyPath where to generate key.
+     * @param keyType type of key to generate.
+     */
+    public static async tryKeyGen(keyPath: string, keyType: sshKeyType): Promise<boolean> {
+        return !(await tryRun('ssh-keygen', ['-t', keyType, '-N', '', '-q', '-f', keyPath], 'yes', 'unknown key type'))
+    }
+
+    public static async tryKeyTypes(keyPath: string, keyTypes: sshKeyType[]): Promise<boolean> {
+        const keyTypeUsed = await findAsync(keyTypes, async (type) => await this.tryKeyGen(keyPath, type))
+        return keyTypeUsed !== undefined
+    }
 
     public getPublicKeyPath(): string {
         return this.publicKeyPath

packages/core/src/test/awsService/ec2/sshKeyPair.test.ts

@@ -38,25 +38,36 @@ describe('SshKeyUtility', async function () {
         sinon.restore()
     })
 
-    describe('generateSshKeys', async function () {
-        it('generates key in target file', async function () {
-            const contents = await vscode.workspace.fs.readFile(vscode.Uri.file(keyPath))
-            assert.notStrictEqual(contents.length, 0)
-        })
-
-        it('generates unique key each time', async function () {
-            const beforeContent = await vscode.workspace.fs.readFile(vscode.Uri.file(keyPath))
-            keyPair = await SshKeyPair.getSshKeyPair(keyPath, 30000)
-            const afterContent = await vscode.workspace.fs.readFile(vscode.Uri.file(keyPath))
-            assert.notStrictEqual(beforeContent, afterContent)
-        })
-
-        it('uses ed25519 algorithm to generate the keys', async function () {
-            const process = new ChildProcess(`ssh-keygen`, ['-vvv', '-l', '-f', keyPath])
-            const result = await process.run()
-            // Check private key header for algorithm name
-            assert.strictEqual(result.stdout.includes('[ED25519 256]'), true)
-        })
+    it('generates key in target file', async function () {
+        const contents = await fs.readFile(vscode.Uri.file(keyPath))
+        assert.notStrictEqual(contents.length, 0)
+    })
+
+    it('generates unique key each time', async function () {
+        const beforeContent = await fs.readFile(vscode.Uri.file(keyPath))
+        keyPair = await SshKeyPair.getSshKeyPair(keyPath, 30000)
+        const afterContent = await fs.readFile(vscode.Uri.file(keyPath))
+        assert.notStrictEqual(beforeContent, afterContent)
+    })
+
+    it('defaults to ed25519 key type', async function () {
+        const process = new ChildProcess(`ssh-keygen`, ['-vvv', '-l', '-f', keyPath])
+        const result = await process.run()
+        // Check private key header for algorithm name
+        assert.strictEqual(result.stdout.includes('[ED25519 256]'), true)
+    })
+
+    it('falls back on rsa if ed25519 not available', async function () {
+        await keyPair.delete()
+        const stub = sinon.stub(SshKeyPair, 'tryKeyGen')
+        stub.onFirstCall().resolves(false)
+        stub.callThrough()
+        keyPair = await SshKeyPair.getSshKeyPair(keyPath, 30000)
+        const process = new ChildProcess(`ssh-keygen`, ['-vvv', '-l', '-f', keyPath])
+        const result = await process.run()
+        // Check private key header for algorithm name
+        assert.strictEqual(result.stdout.includes('[RSA'), true)
+        stub.restore()
     })
 
     it('properly names the public key', function () {
@@ -70,10 +81,10 @@ describe('SshKeyUtility', async function () {
 
     it('does overwrite existing keys on get call', async function () {
         const generateStub = sinon.spy(SshKeyPair, 'generateSshKeyPair')
-        const keyBefore = await vscode.workspace.fs.readFile(vscode.Uri.file(keyPath))
+        const keyBefore = await fs.readFile(vscode.Uri.file(keyPath))
         keyPair = await SshKeyPair.getSshKeyPair(keyPath, 30000)
 
-        const keyAfter = await vscode.workspace.fs.readFile(vscode.Uri.file(keyPath))
+        const keyAfter = await fs.readFile(vscode.Uri.file(keyPath))
         sinon.assert.calledOnce(generateStub)
 
         assert.notStrictEqual(keyBefore, keyAfter)

packages/toolkit/.changes/next-release/Feature-5ca56f55-9d01-40bd-86e8-bcb8a776c4d8.json

@@ -0,0 +1,4 @@
+{
+	"type": "Feature",
+	"description": "EC2 connect: default to ed25519, but fall back on rsa if unsupported"
+}