Skip to content

Add explicit SSH public key configuration support #348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sayalibhavsar wants to merge 2 commits into
base: main
Choose a base branch
from
+48 −6
Open

Add explicit SSH public key configuration support #348

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ffb018f
Add explicit SSH public key configuration support
sayalibhavsar Feb 3, 2026
50ef1b3
Fix default ssh_public_key when ssh_public_key_file is not specified
sayalibhavsar Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions ansible_roles/roles/aws_create/files/tf/vars.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,11 @@ variable "ssh_key_path" {
default = "none"
}

variable "ssh_public_key_path" {
type = string
default = "~/.ssh/id_rsa.pub"
}

variable "security_group" {
type = string
default = "none"
Expand Down
1 change: 1 addition & 0 deletions ansible_roles/roles/aws_create/templates/tfvars.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ run_label = "{{ config_info.user_running }}_{{ config_info.run_label | lower() |
region = "{{ config_info.cloud_delete_region }}"

ssh_key_path = "{{ config_info.ssh_key }}"
ssh_public_key_path = "{{ config_info.ssh_public_key }}"

test_user = "{{ config_info.test_user }}"

Expand Down
2 changes: 1 addition & 1 deletion ansible_roles/roles/azure_create/files/tf/main_net_p2_sub.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ resource "azurerm_linux_virtual_machine" "virtualmachine" {

admin_ssh_key {
username = var.test_user
public_key = file("~/.ssh/id_rsa.pub")
public_key = file(var.ssh_public_key_path)
}
PRIORITYSPOT
EVICTIONPOLICY
Expand Down
2 changes: 1 addition & 1 deletion ansible_roles/roles/azure_create/files/tf/main_net_p2_urn.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ resource "azurerm_linux_virtual_machine" "virtualmachine" {

admin_ssh_key {
username = var.test_user
public_key = file("~/.ssh/id_rsa.pub")
public_key = file(var.ssh_public_key_path)
}
PRIORITYSPOT
EVICTIONPOLICY
Expand Down
5 changes: 5 additions & 0 deletions ansible_roles/roles/azure_create/files/tf/vars.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,11 @@ variable "ssh_key_path" {
default = "~/.ssh/id_rsa"
}

variable "ssh_public_key_path" {
type = string
default = "~/.ssh/id_rsa.pub"
}

variable "vm_image" {
type = string
default = "none"
Expand Down
2 changes: 1 addition & 1 deletion ansible_roles/roles/azure_create/files/tf/vm_spot_set_sub.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ resource "azurerm_linux_virtual_machine" "virtualmachine" {
admin_username = var.test_user
admin_ssh_key {
username = var.test_user
public_key = file("~/.ssh/id_rsa.pub")
public_key = file(var.ssh_public_key_path)
}
PRIORITYSPOT
EVICTIONPOLICY
Expand Down
2 changes: 1 addition & 1 deletion ansible_roles/roles/azure_create/files/tf/vm_spot_set_urn.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ resource "azurerm_linux_virtual_machine" "virtualmachine" {
admin_username = var.test_user
admin_ssh_key {
username = var.test_user
public_key = file("~/.ssh/id_rsa.pub")
public_key = file(var.ssh_public_key_path)
}
PRIORITYSPOT
EVICTIONPOLICY
Expand Down
1 change: 1 addition & 0 deletions ansible_roles/roles/azure_create/templates/tfvars.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ run_label = "{{ config_info.user_running }}-{{ config_info.run_label | lower() |
region = "{{ config_info.cloud_region }}"

ssh_key_path = "{{ config_info.ssh_key }}"
ssh_public_key_path = "{{ config_info.ssh_public_key }}"

test_user = "{{ config_info.test_user }}"

Expand Down
2 changes: 1 addition & 1 deletion ansible_roles/roles/gcp_create_instance/files/tf/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ resource "google_compute_instance" "test" {

# copies ssh public key into the system for ssh access to the VM
metadata = {
ssh-keys = "${var.test_user}:${file("${var.ssh_key_path}.pub")}"
ssh-keys = "${var.test_user}:${file(var.ssh_public_key_path)}"
}

# Ensures that instance is created after successful creation of networks
Expand Down
5 changes: 5 additions & 0 deletions ansible_roles/roles/gcp_create_instance/files/tf/vars.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ variable "ssh_key_path" {
default = "~/.ssh/id_rsa"
}

variable "ssh_public_key_path" {
type = string
default = "~/.ssh/id_rsa.pub"
}

variable "vm_image" {
type = string
default = "rhel-cloud/rhel-8"
Expand Down
1 change: 1 addition & 0 deletions ansible_roles/roles/gcp_create_instance/templates/tfvars.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ region = "{{ config_info.cloud_region }}"
zone = "{{ config_info.cloud_zone }}"

ssh_key_path = "{{ config_info.ssh_key }}"
ssh_public_key_path = "{{ config_info.ssh_public_key }}"

test_user = "{{ config_info.test_user }}"

Expand Down
26 changes: 25 additions & 1 deletion bin/burden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,7 @@ gl_selinux_level="enforcing"
gl_selinux_state=$value_not_set
gl_selinux_state_set=0
gl_ssh_key_file=""
gl_ssh_public_key_file=""
gl_show_os_versions=0;
gl_test_def_file=""
gl_test_def_dir="${gl_top_dir}/config"
Expand Down Expand Up @@ -1909,8 +1910,14 @@ create_ansible_options()
echo " kit_upload_directory: ${gl_kit_upload_directory}" >> ansible_vars_main.yml
if [[ $gl_ssh_key_file == "" ]]; then
echo " ssh_key: $HOME/.ssh/id_rsa" >> ansible_vars_main.yml
echo " ssh_public_key: $HOME/.ssh/id_rsa.pub" >> ansible_vars_main.yml
else
Comment on lines 1911 to 1914
Copy link

@qodo-code-review qodo-code-review bot Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. --ssh_public_key_file ignored 📎 Requirement gap ✓ Correctness

When --ssh_key_file is not provided, the code always writes a default ssh_public_key value and
ignores a user-supplied --ssh_public_key_file. This prevents independently specifying the public
key and can lead to using the wrong key despite the flag being accepted.
Agent Prompt 
## Issue description
`--ssh_public_key_file` is accepted by the CLI but is ignored when `--ssh_key_file` is not set, because `create_ansible_options()` always writes the default `ssh_public_key` in that branch.

## Issue Context
Compliance requires that when users supply both public/private key inputs (and specifically when a public key is supplied), the supplied value is not ignored.

## Fix Focus Areas
- bin/burden[1911-1918]
- bin/burden[3651-3656]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

echo " ssh_key: ${gl_ssh_key_file}" >> ansible_vars_main.yml
if [[ $gl_ssh_public_key_file != "" ]]; then
echo " ssh_public_key: ${gl_ssh_public_key_file}" >> ansible_vars_main.yml
else
echo " ssh_public_key: $HOME/.ssh/id_rsa.pub" >> ansible_vars_main.yml
fi
fi
#
# local system type, user is expected to be root. cloud systems are expected
Expand Down Expand Up @@ -2350,6 +2357,13 @@ verify_ssh_key_file()
fi
}

verify_ssh_public_key_file()
{
if [[ ! -f $1 ]]; then
cleanup_and_exit "Error: ssh public key file $1 does not exist." 1
fi
}

#
# Verify that the test def file is present.
#
Expand Down Expand Up @@ -3340,7 +3354,8 @@ usage()
echo " --scenario_vars <file>: file that contains the variables for the scenario file. The default is config/zathras_scenario_vars_def."
echo " --selinux_level: enforcing/permissive/disabled"
echo " --selinux_state: disabled/enabled"
echo " --ssh_key_file: Designates the ssh key file we are to use."
echo " --ssh_key_file: Designates the ssh private key file we are to use."
echo " --ssh_public_key_file: Designates the ssh public key file we are to use. Only used if explicitly specified."
echo " --show_os_versions: given the cloud type, and OS vendor, show the available os versions"
echo " --show_tests: list the available test as defined in config/test_defs.yml"
echo " --test_def_file <file>: test definition file to use."
Expand Down Expand Up @@ -3635,6 +3650,14 @@ set_general_value()
fi
shift_by=2
;;
--ssh_public_key_file)
if [[ $gl_ssh_public_key_file == "" ]]; then
echo "$1 $2" >> $gl_cli_supplied_options
gl_ssh_public_key_file=$2
verify_data verify_ssh_public_key_file $gl_ssh_public_key_file
fi
shift_by=2
;;
--system_type)
if [[ $gl_system_type == "" ]]; then
echo "$1 $2" >> $gl_cli_supplied_options
Expand Down Expand Up @@ -3812,6 +3835,7 @@ grab_cli_data()
"run_file"
"scenario"
"ssh_key_file"
"ssh_public_key_file"
"tuned_profiles"
"scenario_vars"
"selinux_level"
Expand Down