Merge pull request #11 from coreweave/tb/improved-sshkey-scim

git-it127 · web-flow · commit 0cf31a2b3592 · 2025-11-11T09:46:53.000-05:00
fix: Allow multiple sshkeys to be added to map in scimsource
diff --git a/nss_cache/sources/scimsource.py b/nss_cache/sources/scimsource.py
@@ -571,18 +571,6 @@ def _ExtractShell(self, user_data):
         return default_shell
 
 
-class UniqueSshkeyMapEntry(sshkey.SshkeyMapEntry):
-    """SSH key map entry that uses composite key to allow multiple keys per user."""
-
-    def Key(self):
-        """Return a composite key that includes both username and SSH key.
-        
-        This allows multiple SSH keys for the same user to coexist in the map.
-        """
-        # Use a composite key of username + ssh key to make each entry unique
-        return f"{self.name}:{self.sshkey}"
-
-
 class ScimSshkeyMapParser(ScimMapParser):
     """Class for parsing SCIM Users into sshkey cache."""
 
@@ -591,7 +579,7 @@ def __init__(self, source=None):
         super().__init__(source)
 
     def _ReadEntry(self, user_data):
-        """Return UniqueSshkeyMapEntry instances from a SCIM user resource."""
+        """Return SshkeyMapEntry instances from a SCIM user resource."""
         entries = []
 
         # Extract username using configurable path
@@ -616,16 +604,19 @@ def _ReadEntry(self, user_data):
         elif not isinstance(ssh_keys, list):
             ssh_keys = []
 
-        # Create an entry for each SSH key using our custom entry class
-        for ssh_key in ssh_keys:
-            if ssh_key and ssh_key.strip():
-                map_entry = UniqueSshkeyMapEntry()
-                map_entry.name = username
-                map_entry.sshkey = ssh_key.strip()
-                entries.append(map_entry)
+        # Filter out empty keys and strip whitespace
+        valid_keys = [key.strip() for key in ssh_keys if key and key.strip()]
 
-        if ssh_keys:
-            self.log.debug("Extracted %d SSH keys for user %s", len(ssh_keys), username)
+        # Create a single entry with all SSH keys as a list
+        map_entry = sshkey.SshkeyMapEntry()
+        map_entry.name = username
+        if valid_keys:
+            map_entry.sshkey = valid_keys
+        else:
+            # Always create an entry, even if no keys
+            map_entry.sshkey = ""
+        self.log.debug("Extracted %d SSH keys for user %s", len(valid_keys), username)
+        entries.append(map_entry)
 
         return entries
 
