Add support for administrators_authorized_keys to SetUserSSHPublicKeysPlugin and UsersPlugin

cloudbaseinit/plugins/common/sshpublickeys.py

@@ -25,6 +25,10 @@
 CONF = cloudbaseinit_conf.CONF
 LOG = oslo_logging.getLogger(__name__)
 
+# The default Win32-OpenSSH config assumes that the built-in Administrators
+# group with SID S-1-5-32-544 does not have an internationalized name.
+ADMINISTRATORS = "Administrators"
+
 
 class SetUserSSHPublicKeysPlugin(base.BasePlugin):
 
@@ -49,10 +53,31 @@ def execute(self, service, shared_data):
             os.makedirs(user_ssh_dir)
 
         authorized_keys_path = os.path.join(user_ssh_dir, "authorized_keys")
-        LOG.info("Writing SSH public keys in: %s" % authorized_keys_path)
-        with open(authorized_keys_path, 'w') as f:
-            for public_key in public_keys:
-                # All public keys are space-stripped.
-                f.write(public_key + "\n")
+        authorized_keys_files = [authorized_keys_path]
+
+        admin_membership_conditions = (
+            osutils.group_exists(ADMINISTRATORS),
+            ADMINISTRATORS in CONF.groups
+        )
+
+        if all(admin_membership_conditions):
+            program_data_dir = os.getenv("PROGRAMDATA", "C:\ProgramData")
+            LOG.debug("Program Data: %s" % program_data_dir)
+
+            program_data_ssh_dir = os.path.join(program_data_dir, "ssh")
+            if not os.path.exists(program_data_ssh_dir):
+                os.makedirs(program_data_ssh_dir)
+
+            administrators_authorized_keys_path = os.path.join(
+                program_data_ssh_dir, "administrators_authorized_keys"
+            )
+            authorized_keys_files.append(administrators_authorized_keys_path)
+
+        for filepath in authorized_keys_files:
+            LOG.info("Writing SSH public keys in: %s" % filepath)
+            with open(filepath, 'w') as f:
+                for public_key in public_keys:
+                    # All public keys are space-stripped.
+                    f.write(public_key + "\n")
 
         return base.PLUGIN_EXECUTION_DONE, False

cloudbaseinit/plugins/common/userdataplugins/cloudconfigplugins/users.py

@@ -24,9 +24,14 @@
     base
 )
 
+
 CONF = cloudbaseinit_conf.CONF
 LOG = oslo_logging.getLogger(__name__)
 
+# The default Win32-OpenSSH config assumes that the built-in Administrators
+# group with SID S-1-5-32-544 does not have an internationalized name.
+ADMINISTRATORS = "Administrators"
+
 
 class UsersPlugin(base.BaseCloudConfigPlugin):
     """Creates users given in the cloud-config format."""
@@ -154,6 +159,7 @@ def process(self, data):
                 "Can't process the type of data %r" % type(data))
 
         osutils = osutils_factory.get_os_utils()
+        administrators_authorized_keys = []
         for item in data:
             if not isinstance(item, dict):
                 continue
@@ -172,4 +178,25 @@ def process(self, data):
                 LOG.warning("An error occurred during user '%s' creation: '%s"
                             % (user_name, ex))
 
+            if ADMINISTRATORS in self._get_groups(item):
+                admin_public_keys = item.get('ssh_authorized_keys', [])
+                administrators_authorized_keys.extend(admin_public_keys)
+
+        if osutils.group_exists(ADMINISTRATORS):
+            program_data_dir = os.getenv("PROGRAMDATA", "C:\ProgramData")
+            program_data_ssh_dir = os.path.join(program_data_dir, "ssh")
+            if not os.path.exists(program_data_ssh_dir):
+                os.makedirs(program_data_ssh_dir)
+
+            administrators_authorized_keys_path = os.path.join(
+                program_data_ssh_dir, "administrators_authorized_keys"
+            )
+
+            LOG.info("Writing SSH public keys in: %s",
+                     administrators_authorized_keys_path)
+
+            with open(administrators_authorized_keys_path, 'w') as f:
+                for authorized_key in administrators_authorized_keys:
+                    f.write(authorized_key + "\n")
+
         return False