[PATCH 0/6] Introduce OpenSSH authorized key file mgmt APIs

Peter Krempa pkrempa at redhat.com
Wed Nov 11 12:26:40 UTC 2020 

On Wed, Nov 11, 2020 at 13:04:19 +0100, Michal Privoznik wrote:
> On 11/11/20 11:32 AM, Peter Krempa wrote:
> > On Tue, Nov 10, 2020 at 16:11:40 +0100, Michal Privoznik wrote:
> > > Marc-André posted a patch that implements agent handling. I've written
> > > the rest.
> > > 
> > > Marc-André Lureau (1):
> > >    qemu_agent: add qemuAgentSSH{Add,Remove,Get}AuthorizedKeys
> > > 
> > > Michal Prívozník (5):
> > >    Introduce OpenSSH authorized key file mgmt APIs
> > 
> > One more thing to think about:
> > 
> > Since we are getting random requests for setters of various bits which
> > we have to bend the rule "we don't care what's running in the VM" and
> > which don't really scale when adding new APIs. I propose we add a
> > generic guest agent setter which will be extensible using a typed
> > parameters and a type property.
> > 
> > It will basically become the counterpart to virDomainGetGuestInfo.
> > 
> > The extensions then become enum additions and code additions only and
> > will be more flexible for future use.
> > 
> > The same way the getter forthe ssh keys should become part of
> > virDomainGetGuestInfo, obviously auditing whether a read-write
> > connection is used.
> > 
> > example:
> > 
> > int
> > qemuDomainSetGuestInfo(virDomainPtr dom,
> >                         virDomainSetGuestInfoType type,
> >                         virTypedParamPtr params,
> >                         unsigned int  nparams,
> >                         unsigned int flags);
> > 
> > Invocation for setting keys:
> > 
> > virTypedParamsAddString(..., "user", "root")
> > virTypedParamsAddString(..., "key", "ssh-rsa AA.... root at localhost")
> > virTypedParamsAddString(..., "key", "ssh-rsa AA.... user at localhost")
> > 
> > etc.
> > 
> 
> Yeah, this is much more extensible. Okay, let me send v2.

Another possiblity is to also return either a string or again typed
parameters, so that we can create an API which will basically be an
locked-down and slightly more portable version of
virDomainQemuAgentCommand, where we implement only commands which are
not used by other libvirt APIs, but still allows to perform the wide
variety of stuff that the qemu agent has nowadays (e.g. exec, file read
etc.)

More information about the libvir-list mailing list