On 10/13/20 3:25 PM, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Add new commands to add and remove SSH public keys from
> ~/.ssh/authorized_keys.
>
> +++ b/qga/qapi-schema.json
> @@ -1306,3 +1306,35 @@
> ##
> { 'command': 'guest-get-devices',
> 'returns': ['GuestDeviceInfo'] }
> +
> +##
> +# @guest-ssh-add-authorized-keys:
> +#
> +# @username: the user account to add the authorized key
> +# @keys: the public keys to add (in OpenSSH format)
> +#
> +# Append a public key to user $HOME/.ssh/authorized_keys on Unix systems (not
How is $HOME related to @username?
If it's not obvious, I could use help on how to formulate this. Would you rather use the ~username/ syntax? Or just ~/ ?
> +# implemented for other systems).
> +#
> +# Returns: Nothing on success.
Do we really need this line?
For consistency, at least.
> +#
> +# Since: 5.2
> +##
> +{ 'command': 'guest-ssh-add-authorized-keys',
> + 'data': { 'username': 'str', 'keys': ['str'] } }
Should we use QAPI 'if' to avoid even having to compile a stub on
Windows, and for better introspection (well, if we ever add a way to do
qga introspection that parallels QMP's query-qmp-schema)?
There is no 'if' usage in QGA schema. As you point out, there is no introspection command atm. But we can start using it here, I guess.
> +
> +##
> +# @guest-ssh-remove-authorized-keys:
> +#
> +# @username: the user account to add the authorized key
> +# @keys: the public keys to remove (in OpenSSH format)
> +#
> +# Remove public keys from the user $HOME/.ssh/authorized_keys on Unix systems
> +# (not implemented for other systems).
> +#
> +# Returns: Nothing on success.
> +#
> +# Since: 5.2
> +##
> +{ 'command': 'guest-ssh-remove-authorized-keys',
> + 'data': { 'username': 'str', 'keys': ['str'] } }
>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org