SSH extension

[rlrossiter]

Add an extension used for AAD-based SSH for Azure VMs.

---

This checklist is used to make sure that common guidelines for a pull request are followed.

General Guidelines

• Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
• Have you run python scripts/ci/test_index.py -q locally?

For new extensions:

• My extension description/summary conforms to the Extension Summary Guidelines.

[azuresdkci]

If this PR is for a new extension or change to an existing extension, use the following to try out the changes in this PR:

docker run -it microsoft/azure-cli:latest
export EXT=<NAME>
pip install --upgrade --target ~/.azure/cliextensions/$EXT "git+https://github.com/rlrossiter/azure-cli-extensions.git@ssh-extension#subdirectory=src/$EXT&egg=$EXT"

[yonzhan]

SSH for Azure VM

[yungezz]

hi @rlrossiter we'll look at the issue and keep offline syncing with you.

[arrownj]

Is it possible there is no ssh in other platform ?

[arrownj]

Hi @rlrossiter , which python version are you using to run this test ? It always failed from my side (python 3.8).

[rlrossiter]

The version isn't the problem, the code changed and broke the unit tests. A lot of them are now failing for me too because of the code changes (Python 3.6).

[arrownj]

Hi @rlrossiter, what other tests also failed for you ? As you can see from the CI log, all other tests are passed. Did you use the latest azure-cli dev branch and rerun azdev setup ? It should be only this test failed. And the reason has something to do with functions.partial. I'm not sure the root cause currently, will investigate deeper.

[rlrossiter]

I guess I didn't have all of the commits you added to this branch. Will re-pull and take a look if I get a chance.

[arrownj]

Hi @rlrossiter, seems we do not use these dependencies in our code any more ? Can we remove them ?

[arrownj]

These codes were previously in azure-cli-core. I move it here because we think it is ssh certificate specific. In azure-cli-core, we expose a function get_msal_token in _profile.Profile to make it simple and clean. @rlrossiter @danybeam, could you please help review it ?

[rlrossiter]

I don't like the use of the _profile module from core outside of core because modules that start with _ usually denote that it's a private module that shouldn't be used outside of the repo it lives in. That's why I put this in azure-cli-core to start

[arrownj]

Yes, I agree with you about the private module part. For this _profile case, as there are lots of examples in extensions to use _profile directly, so I think we can just follow it. From cli-core perspective, we have an internal discussion, and we think we'd better not include SSH specific logic in it.

[arrownj]

Hi @rlrossiter , previously there is a fixed [email protected] in certificate head, which is weird to me. I replace it with username, could you please help check whether it is right ?

Previous code in azure-cli-core

class SSHCredentials(object):
    def __init__(self, username, cert):
        self.username = username
        self.certificate = "[email protected] " + cert

[rlrossiter]

The original was correct as that was the type of certificate the file was (it's required by SSH). The username is encoded as part of the base64 bytes written to the file. The username was passed back alongside the credentials but not part of the certificate in order to know who to SSH as

[arrownj]

Thanks for your explain. Yes, I decode the certificate and find [email protected] is in it. I have change it back. You can have a look.

Could you please share more about this? Is there any document which explain it? It's still weird to me that why it is a fixed name in the certificate. Thanks in advance.