fixed a few bugs; added file permission change to private key
This commit is contained in:
parent
350d595ac6
commit
4eb4f067a7
@ -4,17 +4,30 @@ import argparse
|
||||
import logging
|
||||
import boto3
|
||||
import time
|
||||
import os
|
||||
|
||||
from cryptography.hazmat.primitives import serialization as crypto_serialization
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
from cryptography.hazmat.backends import default_backend as crypto_default_backend
|
||||
|
||||
|
||||
# setting up logging for this script
|
||||
_LEVEL = logging.INFO
|
||||
_FORMAT = "%(asctime)-15s [%(levelname)-8s] : %(lineno)d : %(name)s.%(funcName)s : %(message)s"
|
||||
logging.basicConfig(format=_FORMAT, level=_LEVEL)
|
||||
log = logging.getLogger()
|
||||
|
||||
# set the boto logging levels to WARNING
|
||||
logging.getLogger('botocore').setLevel(logging.WARNING)
|
||||
logging.getLogger('boto3').setLevel(logging.WARNING)
|
||||
|
||||
|
||||
def parse_args():
|
||||
"""
|
||||
Parse the arguments passed
|
||||
"""
|
||||
argp = argparser.ArgumentParser()
|
||||
argp.add_argument('--debug', help="Run in debug mode")
|
||||
argp = argparse.ArgumentParser()
|
||||
argp.add_argument('--debug', action='store_true', help="Run in debug mode")
|
||||
|
||||
argp.add_argument(
|
||||
'-p', '--profile',
|
||||
@ -39,7 +52,7 @@ def parse_args():
|
||||
help="String to use for the new key name and searching for existing keys"
|
||||
)
|
||||
|
||||
return args.parse_args()
|
||||
return argp.parse_args()
|
||||
|
||||
|
||||
def get_session(profile_name=None, role_arn=None, region_name='us-east-1'):
|
||||
@ -124,7 +137,7 @@ def generate_ssh_keypair(key_size=2048, public_exponent=65537):
|
||||
return (public_key, private_key)
|
||||
|
||||
|
||||
def get_existing_keypair(session, prefix=""):
|
||||
def get_existing_keypairs(session, prefix=""):
|
||||
"""
|
||||
Get the existing keypairs with the optional filter
|
||||
for a specific prefix of the key name
|
||||
@ -178,7 +191,7 @@ def upload_key(session, key_name, public_key):
|
||||
fingerprint = response['KeyFingerprint']
|
||||
log.info(f"Key fingerprint: {fingerprint}")
|
||||
except Exception as error:
|
||||
log.error("Failed to upload key: {error}")
|
||||
log.error(f"Failed to upload key: {error}")
|
||||
|
||||
return fingerprint
|
||||
|
||||
@ -189,12 +202,21 @@ def main():
|
||||
if args.debug:
|
||||
log.setLevel(logging.DEBUG)
|
||||
|
||||
# let's keep the boto logging level sane
|
||||
logging.getLogger('botocore').setLevel(logging.WARNING)
|
||||
logging.getLogger('boto3').setLevel(logging.WARNING)
|
||||
|
||||
log.info("Beginnging to generate new SSH key")
|
||||
|
||||
session = get_session()
|
||||
session = get_session(profile_name=args.profile)
|
||||
|
||||
# create the new key pair in memory
|
||||
public_key, private_key = generate_ssh_key(args.key_size)
|
||||
public_key, private_key = generate_ssh_keypair(args.key_size)
|
||||
|
||||
# get epoch of UTC time for the extension to make the name unique
|
||||
epoch_time = time.strftime("%s", time.gmtime())
|
||||
key_name = f"{args.key_name_prefix}-{epoch_time}"
|
||||
log.debug(f"key_name = {key_name}")
|
||||
|
||||
# write the key values to files
|
||||
log.info(f"Exporting the public key to {key_name}.pub")
|
||||
@ -205,14 +227,12 @@ def main():
|
||||
with open(key_name, 'w') as fp:
|
||||
fp.write(private_key.decode('utf-8'))
|
||||
|
||||
log.debug("Setting permissions on private key file")
|
||||
os.chmod(key_name, 0o600)
|
||||
|
||||
# this list is for rotating the older keys out of circulation
|
||||
existing_keypairs = get_existing_keypairs(session, args.key_name_prefix)
|
||||
|
||||
# get epoch of UTC time for the extension to make the name unique
|
||||
epoch_time = time.strftime("%s", time.gmtime())
|
||||
key_name = f"{args.key_name_prefix}-{epoch_time}"
|
||||
log.debug(f"key_name = {key_name}")
|
||||
|
||||
# upload the new keypair to AWS account
|
||||
fingerprint = upload_key(session, key_name, public_key)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user