AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133)

* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config

Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes

cli/cmd/configgenerate.go

@@ -1,9 +1,9 @@
 package cmd
 
 import (
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/internal/config"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 	"gopkg.in/yaml.v3"

cli/cmd/configgenerate_test.go

@@ -4,9 +4,9 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/internal/config"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

cli/cmd/create.go

@@ -8,10 +8,10 @@ import (
 	"github.com/edgelesssys/constellation/cli/azure"
 	"github.com/edgelesssys/constellation/cli/cloud/cloudcmd"
 	"github.com/edgelesssys/constellation/cli/cloudprovider"
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/cli/gcp"
 	"github.com/edgelesssys/constellation/internal/config"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 )

cli/cmd/create_test.go

@@ -9,9 +9,9 @@ import (
 
 	"github.com/edgelesssys/constellation/cli/azure"
 	"github.com/edgelesssys/constellation/cli/cloudprovider"
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/cli/gcp"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/state"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"

cli/cmd/init.go

@@ -14,16 +14,18 @@ import (
 	"github.com/edgelesssys/constellation/cli/azure"
 	"github.com/edgelesssys/constellation/cli/cloud/cloudcmd"
 	"github.com/edgelesssys/constellation/cli/cloudprovider"
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/cli/gcp"
 	"github.com/edgelesssys/constellation/cli/proto"
 	"github.com/edgelesssys/constellation/cli/status"
 	"github.com/edgelesssys/constellation/cli/vpn"
 	"github.com/edgelesssys/constellation/coordinator/atls"
+	"github.com/edgelesssys/constellation/coordinator/pubapi/pubproto"
 	coordinatorstate "github.com/edgelesssys/constellation/coordinator/state"
 	"github.com/edgelesssys/constellation/coordinator/util"
 	"github.com/edgelesssys/constellation/internal/config"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/deploy/ssh"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/state"
 	"github.com/kr/text"
 	wgquick "github.com/nmiculinic/wg-quick-go"
@@ -78,6 +80,8 @@ func initialize(ctx context.Context, cmd *cobra.Command, protCl protoClient, ser
 		return err
 	}
 
+	protoSSHUserKeys := ssh.ToProtoSlice(config.SSHUsers)
+
 	var stat state.ConstellationState
 	err = fileHandler.ReadJSON(constants.StateFilename, &stat)
 	if errors.Is(err, fs.ErrNotExist) {
@@ -129,6 +133,7 @@ func initialize(ctx context.Context, cmd *cobra.Command, protCl protoClient, ser
 		coordinatorPrivIPs:     coordinators.PrivateIPs()[1:],
 		autoscalingNodeGroups:  autoscalingNodeGroups,
 		cloudServiceAccountURI: serviceAccount,
+		sshUserKeys:            protoSSHUserKeys,
 	}
 	result, err := activate(ctx, cmd, protCl, input, validators.V())
 	if err != nil {
@@ -166,7 +171,7 @@ func activate(ctx context.Context, cmd *cobra.Command, client protoClient, input
 		return activationResult{}, err
 	}
 
-	respCl, err := client.Activate(ctx, input.pubKey, input.masterSecret, input.nodePrivIPs, input.coordinatorPrivIPs, input.autoscalingNodeGroups, input.cloudServiceAccountURI)
+	respCl, err := client.Activate(ctx, input.pubKey, input.masterSecret, input.nodePrivIPs, input.coordinatorPrivIPs, input.autoscalingNodeGroups, input.cloudServiceAccountURI, input.sshUserKeys)
 	if err != nil {
 		return activationResult{}, err
 	}
@@ -216,6 +221,7 @@ type activationInput struct {
 	coordinatorPrivIPs     []string
 	autoscalingNodeGroups  []string
 	cloudServiceAccountURI string
+	sshUserKeys            []*pubproto.SSHUserKey
 }
 
 type activationResult struct {

cli/cmd/init_test.go

@@ -12,10 +12,10 @@ import (
 
 	"github.com/edgelesssys/constellation/cli/azure"
 	"github.com/edgelesssys/constellation/cli/ec2"
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/cli/gcp"
 	"github.com/edgelesssys/constellation/cli/qemu"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/state"
 	wgquick "github.com/nmiculinic/wg-quick-go"
 	"github.com/spf13/afero"

cli/cmd/protoclient.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/edgelesssys/constellation/cli/proto"
 	"github.com/edgelesssys/constellation/coordinator/atls"
+	"github.com/edgelesssys/constellation/coordinator/pubapi/pubproto"
 	"github.com/edgelesssys/constellation/coordinator/state"
 )
 
@@ -12,5 +13,5 @@ type protoClient interface {
 	Connect(endpoint string, validators []atls.Validator) error
 	Close() error
 	GetState(ctx context.Context) (state.State, error)
-	Activate(ctx context.Context, userPublicKey, masterSecret []byte, nodeIPs, coordinatorIPs, autoscalingNodeGroups []string, cloudServiceAccountURI string) (proto.ActivationResponseClient, error)
+	Activate(ctx context.Context, userPublicKey, masterSecret []byte, nodeIPs, coordinatorIPs, autoscalingNodeGroups []string, cloudServiceAccountURI string, sshUsers []*pubproto.SSHUserKey) (proto.ActivationResponseClient, error)
 }

cli/cmd/protoclient_test.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/edgelesssys/constellation/cli/proto"
 	"github.com/edgelesssys/constellation/coordinator/atls"
+	"github.com/edgelesssys/constellation/coordinator/pubapi/pubproto"
 	"github.com/edgelesssys/constellation/coordinator/state"
 )
 
@@ -26,6 +27,7 @@ type stubProtoClient struct {
 	activateCoordinatorIPs        []string
 	activateAutoscalingNodeGroups []string
 	cloudServiceAccountURI        string
+	sshUserKeys                   []*pubproto.SSHUserKey
 }
 
 func (c *stubProtoClient) Connect(_ string, _ []atls.Validator) error {
@@ -42,13 +44,14 @@ func (c *stubProtoClient) GetState(_ context.Context) (state.State, error) {
 	return c.getStateState, c.getStateErr
 }
 
-func (c *stubProtoClient) Activate(ctx context.Context, userPublicKey, masterSecret []byte, nodeIPs, coordinatorIPs []string, autoscalingNodeGroups []string, cloudServiceAccountURI string) (proto.ActivationResponseClient, error) {
+func (c *stubProtoClient) Activate(ctx context.Context, userPublicKey, masterSecret []byte, nodeIPs, coordinatorIPs []string, autoscalingNodeGroups []string, cloudServiceAccountURI string, sshUserKeys []*pubproto.SSHUserKey) (proto.ActivationResponseClient, error) {
 	c.activateUserPublicKey = userPublicKey
 	c.activateMasterSecret = masterSecret
 	c.activateNodeIPs = nodeIPs
 	c.activateCoordinatorIPs = coordinatorIPs
 	c.activateAutoscalingNodeGroups = autoscalingNodeGroups
 	c.cloudServiceAccountURI = cloudServiceAccountURI
+	c.sshUserKeys = sshUserKeys
 
 	return c.respClient, c.activateErr
 }
@@ -126,7 +129,7 @@ func (c *fakeProtoClient) GetState(_ context.Context) (state.State, error) {
 	return state.IsNode, nil
 }
 
-func (c *fakeProtoClient) Activate(ctx context.Context, userPublicKey, masterSecret []byte, nodeIPs, coordinatorIPs, autoscalingNodeGroups []string, cloudServiceAccountURI string) (proto.ActivationResponseClient, error) {
+func (c *fakeProtoClient) Activate(ctx context.Context, userPublicKey, masterSecret []byte, nodeIPs, coordinatorIPs, autoscalingNodeGroups []string, cloudServiceAccountURI string, sshUserKeys []*pubproto.SSHUserKey) (proto.ActivationResponseClient, error) {
 	if !c.conn {
 		return nil, errors.New("client is not connected")
 	}

cli/cmd/recover.go

@@ -9,11 +9,11 @@ import (
 
 	"github.com/edgelesssys/constellation/cli/cloud/cloudcmd"
 	"github.com/edgelesssys/constellation/cli/cloudprovider"
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/cli/proto"
 	"github.com/edgelesssys/constellation/coordinator/util"
 	"github.com/edgelesssys/constellation/internal/config"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/state"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"

cli/cmd/recover_test.go

@@ -6,8 +6,8 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/state"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"

cli/cmd/terminate.go

@@ -10,8 +10,8 @@ import (
 	"go.uber.org/multierr"
 
 	"github.com/edgelesssys/constellation/cli/cloud/cloudcmd"
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/state"
 )
 

cli/cmd/terminate_test.go

@@ -5,8 +5,8 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/state"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"

cli/cmd/verify.go

@@ -7,10 +7,10 @@ import (
 
 	"github.com/edgelesssys/constellation/cli/cloud/cloudcmd"
 	"github.com/edgelesssys/constellation/cli/cloudprovider"
-	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/cli/proto"
 	"github.com/edgelesssys/constellation/internal/config"
 	"github.com/edgelesssys/constellation/internal/constants"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 	rpcStatus "google.golang.org/grpc/status"

cli/cmd/verify_test.go

@@ -8,7 +8,7 @@ import (
 	"testing"
 
 	"github.com/edgelesssys/constellation/cli/cloudprovider"
-	"github.com/edgelesssys/constellation/cli/file"
+	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"

cli/file/file.go

@@ -1,131 +0,0 @@
-/*
-Package file provides functions that combine file handling, JSON marshaling
-and file system abstraction.
-*/
-package file
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-	"io/fs"
-	"os"
-	"path"
-
-	"github.com/spf13/afero"
-	"gopkg.in/yaml.v3"
-)
-
-// Option is a bitmask of options for file operations.
-type Option uint
-
-// Has determines if a set of options contains the given options.
-func (o Option) Has(op Option) bool {
-	return o&op == op
-}
-
-const (
-	// OptNone is a no-op.
-	OptNone Option = 1 << iota / 2
-	// OptOverwrite overwrites an existing file.
-	OptOverwrite
-	// OptMkdirAll creates the path to the file.
-	OptMkdirAll
-)
-
-// Handler handles file interaction.
-type Handler struct {
-	fs *afero.Afero
-}
-
-// NewHandler returns a new file handler.
-func NewHandler(fs afero.Fs) Handler {
-	afs := &afero.Afero{Fs: fs}
-	return Handler{fs: afs}
-}
-
-// Read reads the file given name and returns the bytes read.
-func (h *Handler) Read(name string) ([]byte, error) {
-	file, err := h.fs.OpenFile(name, os.O_RDONLY, 0o644)
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-	return io.ReadAll(file)
-}
-
-// Write writes the data bytes into the file with the given name.
-func (h *Handler) Write(name string, data []byte, options Option) error {
-	if options.Has(OptMkdirAll) {
-		if err := h.fs.MkdirAll(path.Dir(name), os.ModePerm); err != nil {
-			return err
-		}
-	}
-	flags := os.O_WRONLY | os.O_CREATE | os.O_EXCL
-	if options.Has(OptOverwrite) {
-		flags = os.O_WRONLY | os.O_CREATE | os.O_TRUNC
-	}
-	file, err := h.fs.OpenFile(name, flags, 0o644)
-	if err != nil {
-		return err
-	}
-	_, err = file.Write(data)
-	if errTmp := file.Close(); errTmp != nil && err == nil {
-		err = errTmp
-	}
-	return err
-}
-
-// ReadJSON reads a JSON file from name and unmarshals it into the content interface.
-// The interface content must be a pointer to a JSON marchalable object.
-func (h *Handler) ReadJSON(name string, content any) error {
-	data, err := h.Read(name)
-	if err != nil {
-		return err
-	}
-	return json.Unmarshal(data, content)
-}
-
-// WriteJSON marshals the content interface to JSON and writes it to the path with the given name.
-func (h *Handler) WriteJSON(name string, content any, options Option) error {
-	jsonData, err := json.MarshalIndent(content, "", "\t")
-	if err != nil {
-		return err
-	}
-	return h.Write(name, jsonData, options)
-}
-
-// ReadYAML reads a YAML file from name and unmarshals it into the content interface.
-// The interface content must be a pointer to a YAML marchalable object.
-func (h *Handler) ReadYAML(name string, content any) error {
-	data, err := h.Read(name)
-	if err != nil {
-		return err
-	}
-	return yaml.Unmarshal(data, content)
-}
-
-// WriteYAML marshals the content interface to YAML and writes it to the path with the given name.
-func (h *Handler) WriteYAML(name string, content any, options Option) (err error) {
-	defer func() {
-		if r := recover(); r != nil {
-			err = errors.New("recovered from panic")
-		}
-	}()
-	data, err := yaml.Marshal(content)
-	if err != nil {
-		return err
-	}
-	return h.Write(name, data, options)
-}
-
-// Remove deletes the file with the given name.
-func (h *Handler) Remove(name string) error {
-	return h.fs.Remove(name)
-}
-
-// Stat returns a FileInfo describing the named file, or an error, if any
-// happens.
-func (h *Handler) Stat(name string) (fs.FileInfo, error) {
-	return h.fs.Stat(name)
-}

cli/file/file_test.go

@@ -1,320 +0,0 @@
-package file
-
-import (
-	"encoding/json"
-	"testing"
-
-	"github.com/spf13/afero"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"gopkg.in/yaml.v3"
-)
-
-func TestReadJSON(t *testing.T) {
-	type testContent struct {
-		First  string
-		Second int
-	}
-	someContent := testContent{
-		First:  "first",
-		Second: 2,
-	}
-	jsonContent, err := json.MarshalIndent(someContent, "", "\t")
-	require.NoError(t, err)
-
-	testCases := map[string]struct {
-		fs          afero.Fs
-		setupFs     func(fs *afero.Afero) error
-		name        string
-		wantContent any
-		wantErr     bool
-	}{
-		"successful read": {
-			fs:          afero.NewMemMapFs(),
-			name:        "test/statefile",
-			setupFs:     func(fs *afero.Afero) error { return fs.WriteFile("test/statefile", jsonContent, 0o755) },
-			wantContent: someContent,
-		},
-		"file not existent": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/statefile",
-			wantErr: true,
-		},
-		"file not json": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/statefile",
-			setupFs: func(fs *afero.Afero) error { return fs.WriteFile("test/statefile", []byte{0x1}, 0o755) },
-			wantErr: true,
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			assert := assert.New(t)
-			require := require.New(t)
-
-			handler := NewHandler(tc.fs)
-			if tc.setupFs != nil {
-				require.NoError(tc.setupFs(handler.fs))
-			}
-
-			resultContent := &testContent{}
-			if tc.wantErr {
-				assert.Error(handler.ReadJSON(tc.name, resultContent))
-			} else {
-				assert.NoError(handler.ReadJSON(tc.name, resultContent))
-				assert.Equal(tc.wantContent, *resultContent)
-			}
-		})
-	}
-}
-
-func TestWriteJSON(t *testing.T) {
-	type testContent struct {
-		First  string
-		Second int
-	}
-	someContent := testContent{
-		First:  "first",
-		Second: 2,
-	}
-	notMarshalableContent := struct{ Foo chan int }{Foo: make(chan int)}
-
-	testCases := map[string]struct {
-		fs      afero.Fs
-		setupFs func(af afero.Afero) error
-		name    string
-		content any
-		options Option
-		wantErr bool
-	}{
-		"successful write": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/statefile",
-			content: someContent,
-		},
-		"successful overwrite": {
-			fs:      afero.NewMemMapFs(),
-			setupFs: func(af afero.Afero) error { return af.WriteFile("test/statefile", []byte{}, 0o644) },
-			name:    "test/statefile",
-			content: someContent,
-			options: OptOverwrite,
-		},
-		"read only fs": {
-			fs:      afero.NewReadOnlyFs(afero.NewMemMapFs()),
-			name:    "test/statefile",
-			content: someContent,
-			wantErr: true,
-		},
-		"file already exists": {
-			fs:      afero.NewMemMapFs(),
-			setupFs: func(af afero.Afero) error { return af.WriteFile("test/statefile", []byte{}, 0o644) },
-			name:    "test/statefile",
-			content: someContent,
-			wantErr: true,
-		},
-		"marshal error": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/statefile",
-			content: notMarshalableContent,
-			wantErr: true,
-		},
-		"mkdirAll works": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/statefile",
-			content: someContent,
-			options: OptMkdirAll,
-		},
-		// TODO: add tests for mkdirAll actually creating the necessary folders when https://github.com/spf13/afero/issues/270 is fixed.
-		// Currently, MemMapFs will create files in nonexistent directories due to a bug in afero,
-		// making it impossible to test the actual behavior of the mkdirAll parameter.
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			assert := assert.New(t)
-			require := require.New(t)
-
-			handler := NewHandler(tc.fs)
-			if tc.setupFs != nil {
-				require.NoError(tc.setupFs(afero.Afero{Fs: tc.fs}))
-			}
-
-			if tc.wantErr {
-				assert.Error(handler.WriteJSON(tc.name, tc.content, tc.options))
-			} else {
-				assert.NoError(handler.WriteJSON(tc.name, tc.content, tc.options))
-				resultContent := &testContent{}
-				assert.NoError(handler.ReadJSON(tc.name, resultContent))
-				assert.Equal(tc.content, *resultContent)
-			}
-		})
-	}
-}
-
-func TestReadYAML(t *testing.T) {
-	type testContent struct {
-		First  string
-		Second int
-	}
-	someContent := testContent{
-		First:  "first",
-		Second: 2,
-	}
-	yamlContent, err := yaml.Marshal(someContent)
-	require.NoError(t, err)
-
-	testCases := map[string]struct {
-		fs          afero.Fs
-		setupFs     func(fs *afero.Afero) error
-		name        string
-		wantContent any
-		wantErr     bool
-	}{
-		"successful read": {
-			fs:          afero.NewMemMapFs(),
-			name:        "test/config.yaml",
-			setupFs:     func(fs *afero.Afero) error { return fs.WriteFile("test/config.yaml", yamlContent, 0o755) },
-			wantContent: someContent,
-		},
-		"file not existent": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/config.yaml",
-			wantErr: true,
-		},
-		"file not yaml": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/config.yaml",
-			setupFs: func(fs *afero.Afero) error { return fs.WriteFile("test/config.yaml", []byte{0x1}, 0o755) },
-			wantErr: true,
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			assert := assert.New(t)
-			require := require.New(t)
-
-			handler := NewHandler(tc.fs)
-			if tc.setupFs != nil {
-				require.NoError(tc.setupFs(handler.fs))
-			}
-
-			resultContent := &testContent{}
-			if tc.wantErr {
-				assert.Error(handler.ReadYAML(tc.name, resultContent))
-			} else {
-				assert.NoError(handler.ReadYAML(tc.name, resultContent))
-				assert.Equal(tc.wantContent, *resultContent)
-			}
-		})
-	}
-}
-
-func TestWriteYAML(t *testing.T) {
-	type testContent struct {
-		First  string
-		Second int
-	}
-	someContent := testContent{
-		First:  "first",
-		Second: 2,
-	}
-	notMarshalableContent := struct{ Foo chan int }{Foo: make(chan int)}
-
-	testCases := map[string]struct {
-		fs      afero.Fs
-		setupFs func(af afero.Afero) error
-		name    string
-		content any
-		options Option
-		wantErr bool
-	}{
-		"successful write": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/statefile",
-			content: someContent,
-		},
-		"successful overwrite": {
-			fs:      afero.NewMemMapFs(),
-			setupFs: func(af afero.Afero) error { return af.WriteFile("test/statefile", []byte{}, 0o644) },
-			name:    "test/statefile",
-			content: someContent,
-			options: OptOverwrite,
-		},
-		"read only fs": {
-			fs:      afero.NewReadOnlyFs(afero.NewMemMapFs()),
-			name:    "test/statefile",
-			content: someContent,
-			wantErr: true,
-		},
-		"file already exists": {
-			fs:      afero.NewMemMapFs(),
-			setupFs: func(af afero.Afero) error { return af.WriteFile("test/statefile", []byte{}, 0o644) },
-			name:    "test/statefile",
-			content: someContent,
-			wantErr: true,
-		},
-		"marshal error": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/statefile",
-			content: notMarshalableContent,
-			wantErr: true,
-		},
-		"mkdirAll works": {
-			fs:      afero.NewMemMapFs(),
-			name:    "test/statefile",
-			content: someContent,
-			options: OptMkdirAll,
-		},
-		// TODO: add tests for mkdirAll actually creating the necessary folders when https://github.com/spf13/afero/issues/270 is fixed.
-		// Currently, MemMapFs will create files in nonexistent directories due to a bug in afero,
-		// making it impossible to test the actual behavior of the mkdirAll parameter.
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			assert := assert.New(t)
-			require := require.New(t)
-
-			handler := NewHandler(tc.fs)
-			if tc.setupFs != nil {
-				require.NoError(tc.setupFs(afero.Afero{Fs: tc.fs}))
-			}
-
-			if tc.wantErr {
-				assert.Error(handler.WriteYAML(tc.name, tc.content, tc.options))
-			} else {
-				assert.NoError(handler.WriteYAML(tc.name, tc.content, tc.options))
-				resultContent := &testContent{}
-				assert.NoError(handler.ReadYAML(tc.name, resultContent))
-				assert.Equal(tc.content, *resultContent)
-			}
-		})
-	}
-}
-
-func TestRemove(t *testing.T) {
-	assert := assert.New(t)
-	require := require.New(t)
-
-	fs := afero.NewMemMapFs()
-	handler := NewHandler(fs)
-	aferoHelper := afero.Afero{Fs: fs}
-	require.NoError(aferoHelper.WriteFile("a", []byte{0xa}, 0o644))
-	require.NoError(aferoHelper.WriteFile("b", []byte{0xb}, 0o644))
-	require.NoError(aferoHelper.WriteFile("c", []byte{0xc}, 0o644))
-
-	assert.NoError(handler.Remove("a"))
-	assert.NoError(handler.Remove("b"))
-	assert.NoError(handler.Remove("c"))
-
-	_, err := handler.fs.Stat("a")
-	assert.ErrorIs(err, afero.ErrFileNotFound)
-	_, err = handler.fs.Stat("b")
-	assert.ErrorIs(err, afero.ErrFileNotFound)
-	_, err = handler.fs.Stat("c")
-	assert.ErrorIs(err, afero.ErrFileNotFound)
-
-	assert.Error(handler.Remove("d"))
-}

cli/proto/client.go

@@ -73,7 +73,7 @@ func (c *Client) GetState(ctx context.Context) (state.State, error) {
 // Activate activates the Constellation coordinator via a grpc call.
 // The handed IP addresses must be the private IP addresses of running AWS or GCP instances,
 // and the userPublicKey is the VPN key of the users WireGuard interface.
-func (c *Client) Activate(ctx context.Context, userPublicKey, masterSecret []byte, nodeIPs, coordinatorIPs, autoscalingNodeGroups []string, cloudServiceAccountURI string) (ActivationResponseClient, error) {
+func (c *Client) Activate(ctx context.Context, userPublicKey, masterSecret []byte, nodeIPs, coordinatorIPs, autoscalingNodeGroups []string, cloudServiceAccountURI string, sshUserKeys []*pubproto.SSHUserKey) (ActivationResponseClient, error) {
 	if c.pubapi == nil {
 		return nil, errors.New("client is not connected")
 	}
@@ -100,6 +100,7 @@ func (c *Client) Activate(ctx context.Context, userPublicKey, masterSecret []byt
 		KeyEncryptionKeyId:     "",
 		UseExistingKek:         false,
 		CloudServiceAccountUri: cloudServiceAccountURI,
+		SshUserKeys:            sshUserKeys,
 	}
 
 	client, err := c.pubapi.ActivateAsCoordinator(ctx, req)

cli/proto/client_test.go

@@ -163,7 +163,7 @@ func TestActivate(t *testing.T) {
 			if tc.pubAPIClient != nil {
 				client.pubapi = tc.pubAPIClient
 			}
-			_, err := client.Activate(context.Background(), []byte(tc.userPublicKey), []byte("Constellation"), tc.ips, nil, nil, "serviceaccount://test")
+			_, err := client.Activate(context.Background(), []byte(tc.userPublicKey), []byte("Constellation"), tc.ips, nil, nil, "serviceaccount://test", nil)
 			if tc.wantErr {
 				assert.Error(err)
 			} else {