Skip to content

feat(user): add SSH key management#338

Merged
retr0h merged 11 commits into
mainfrom
feat/ssh-key-management
Apr 1, 2026
Merged

feat(user): add SSH key management#338
retr0h merged 11 commits into
mainfrom
feat/ssh-key-management

Conversation

@retr0h

@retr0h retr0h commented Apr 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add SSH authorized key management to the existing user provider
  • Three new operations: list keys, add key, remove key by fingerprint
  • Operates on ~/.ssh/authorized_keys for any system user
  • Nested under existing user endpoints: /node/{hostname}/user/{name}/ssh-key
  • Reuses existing user:read/user:write permissions — no new permissions
  • No state tracking — OSAPI manages any key regardless of who added it
  • Idempotent: AddKey returns changed: false if fingerprint already present

Test plan

  • Unit tests pass (just go::unit)
  • Lint clean (just go::vet)
  • 100% coverage on all new code
  • Verify on Debian host: osapi client node user ssh-key list --target _any --name root
  • Verify add: osapi client node user ssh-key add --target _any --name testuser --key "ssh-ed25519 AAAA... test"
  • Verify remove by fingerprint
  • Verify idempotent add (same key twice → changed: false)
  • Verify --json output for all commands
  • Verify broadcast: --target _all

🤖 Generated with Claude Code

retr0h and others added 11 commits April 1, 2026 10:44
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
Add ListKeys, AddKey, and RemoveKey methods to the user Provider
interface for managing SSH authorized_keys files. Includes Debian
implementation with fingerprint-based idempotency, Darwin/Linux
ErrUnsupported stubs, regenerated mocks, and 100% test coverage.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add SSH key operation constants (list, add, remove) to the SDK and job
packages, create the agent processor to dispatch SSH key sub-operations
via the existing user provider, and wire the new "sshKey" case into
the node processor. All functions have 100% test coverage.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add GET/POST /node/{hostname}/user/{name}/ssh-key and
DELETE /node/{hostname}/user/{name}/ssh-key/{fingerprint}
endpoints to the user OpenAPI spec. Regenerate server code,
combined spec, SDK client, and docs. Include stub handler
methods so the project compiles (implementation in Task 5).

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replace stub SSH key handlers with full implementations for list,
add, and remove operations. Each handler supports single-target and
broadcast routing with proper validation, skipped/failed status
handling, and comprehensive test coverage (unit, HTTP wiring, RBAC).

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add ListKeys, AddKey, and RemoveKey methods to UserService with
SSH key types, gen-to-SDK conversion functions, export bridges,
and full httptest coverage for all status code paths.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add ssh-key subcommand under user with list, add, and remove
operations for managing SSH authorized keys.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
Fix Go naming convention violations flagged by revive linter.
OpenAPI operationIds changed from SshKey to SSHKey, then
regenerated all code and updated Go identifiers across handlers,
processors, CLI commands, SDK client, and tests.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
@codecov

codecov Bot commented Apr 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

Impacted file tree graph

@@           Coverage Diff            @@
##             main     #338    +/-   ##
========================================
  Coverage   99.89%   99.90%            
========================================
  Files         410      415     +5     
  Lines       18979    19569   +590     
========================================
+ Hits        18960    19550   +590     
  Misses         11       11            
  Partials        8        8            
Files with missing lines Coverage Δ
internal/agent/processor.go 100.00% <100.00%> (ø)
internal/agent/processor_ssh_key.go 100.00% <100.00%> (ø)
...nternal/controller/api/node/user/ssh_key_create.go 100.00% <100.00%> (ø)
...nternal/controller/api/node/user/ssh_key_delete.go 100.00% <100.00%> (ø)
...ernal/controller/api/node/user/ssh_key_list_get.go 100.00% <100.00%> (ø)
internal/provider/node/user/darwin.go 100.00% <100.00%> (ø)
internal/provider/node/user/debian_ssh_key.go 100.00% <100.00%> (ø)
internal/provider/node/user/linux.go 100.00% <100.00%> (ø)
pkg/sdk/client/user.go 100.00% <100.00%> (ø)
pkg/sdk/client/user_types.go 100.00% <100.00%> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 84198cf...ebf5316. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@retr0h retr0h merged commit 45d9764 into main Apr 1, 2026
11 checks passed
@retr0h retr0h deleted the feat/ssh-key-management branch April 1, 2026 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant