From 22478f307dd9f1c4d80a3dfae8f43c641efbea46 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Tue, 1 Mar 2022 14:11:43 -0500
Subject: [PATCH] virt-install: Add --cloud-init clouduser-ssh-key=

This sets the sshkey for the default cloud-init username

Resolves: https://github.com/virt-manager/virt-manager/issues/307

Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
 man/virt-install.rst                          |  6 ++++++
 tests/data/cli/cloudinit/ssh-key2.txt         |  1 +
 .../virt-install-cloud-init-options2.xml      |  1 +
 tests/test_cli.py                             |  2 +-
 virtinst/cli.py                               |  1 +
 virtinst/install/cloudinit.py                 | 20 ++++++++++++++-----
 6 files changed, 25 insertions(+), 6 deletions(-)
 create mode 100644 tests/data/cli/cloudinit/ssh-key2.txt

diff --git a/man/virt-install.rst b/man/virt-install.rst
index 68da63341..c1d1c1aa1 100644
--- a/man/virt-install.rst
+++ b/man/virt-install.rst
@@ -898,6 +898,12 @@ Sub options are:
     Specify a public key to inject into the guest, providing ssh access to the
     root account. Example: root-ssh-key=/home/user/.ssh/id_rsa.pub
 
+``clouduser-ssh-key``
+    Specify a public key to inject into the guest, providing ssh access to
+    the default cloud-init user account. The account name is different per
+    distro cloud image. Some common ones are documented here:
+    https://docs.openstack.org/image-guide/obtain-images.html
+
 ``network-config=``
     Specify a cloud-init network-config file to add directly to the iso.
 
diff --git a/tests/data/cli/cloudinit/ssh-key2.txt b/tests/data/cli/cloudinit/ssh-key2.txt
new file mode 100644
index 000000000..6caa24752
--- /dev/null
+++ b/tests/data/cli/cloudinit/ssh-key2.txt
@@ -0,0 +1 @@
+ssh-rsa 123453NzaC1yc2EAAAADAQABAAABgQDAuibybX5lw2G/LPIyqgQS5KwgbOnKMA9TZyQPtRmIfKSGypdMJmGQ+Gsf54A9VI8zoL2fnq2t66zQIPJU53XveXU0oqCm7PfsEcoYjnqDeUeiqvCfTye8bIbEmIkLriH0SaISNnzyN0JSfb0VDYIg8Za6iW3/PfPs+tV0PSYyVEm3pBNJ9bHat2liA1/Afk0UWNrhCQG9/5v9kR36aIxNU+4qI9cZ2npFWt61/7t2otz2GcygJDCUYEp6wDlmoW6DHXnaUUj1USjZ9uI1IrgmjZYxfjlt/UaB7AJOJP/3bOC1iPXBe9HKt30YUG23KaVfK9DDeGD/tlAeIklaYK8RZd4zUXSm3eZjeZCGiC3XFYIIyf7e7M/IZE+/DbD1jQEGxGd7AmdVBJZPBFtkAd4Blypaidykx7n1UcfF0WWISfFsae956PHnqnSBKM5OUDh2y5LowgXjWmr/BVJmnaiNbeMhgC3axZVL3EmFSVtvwnup+sRmDwYoHh/RbmInyns=
diff --git a/tests/data/cli/compare/virt-install-cloud-init-options2.xml b/tests/data/cli/compare/virt-install-cloud-init-options2.xml
index d2c60230f..2a7e6a171 100644
--- a/tests/data/cli/compare/virt-install-cloud-init-options2.xml
+++ b/tests/data/cli/compare/virt-install-cloud-init-options2.xml
@@ -7,6 +7,7 @@ users:
   - name: root
     ssh-authorized-keys:
       - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAuibybX5lw2G/LPIyqgQS5KwgbOnKMA9TZyQPtRmIfKSGypdMJmGQ+Gsf54A9VI8zoL2fnq2t66zQIPJU53XveXU0oqCm7PfsEcoYjnqDeUeiqvCfTye8bIbEmIkLriH0SaISNnzyN0JSfb0VDYIg8Za6iW3/PfPs+tV0PSYyVEm3pBNJ9bHat2liA1/Afk0UWNrhCQG9/5v9kR36aIxNU+4qI9cZ2npFWt61/7t2otz2GcygJDCUYEp6wDlmoW6DHXnaUUj1USjZ9uI1IrgmjZYxfjlt/UaB7AJOJP/3bOC1iPXBe9HKt30YUG23KaVfK9DDeGD/tlAeIklaYK8RZd4zUXSm3eZjeZCGiC3XFYIIyf7e7M/IZE+/DbD1jQEGxGd7AmdVBJZPBFtkAd4Blypaidykx7n1UcfF0WWISfFsae956PHnqnSBKM5OUDh2y5LowgXjWmr/BVJmnaiNbeMhgC3axZVL3EmFSVtvwnup+sRmDwYoHh/RbmInyns=
+  - ssh-authorized-keys: ssh-rsa 123453NzaC1yc2EAAAADAQABAAABgQDAuibybX5lw2G/LPIyqgQS5KwgbOnKMA9TZyQPtRmIfKSGypdMJmGQ+Gsf54A9VI8zoL2fnq2t66zQIPJU53XveXU0oqCm7PfsEcoYjnqDeUeiqvCfTye8bIbEmIkLriH0SaISNnzyN0JSfb0VDYIg8Za6iW3/PfPs+tV0PSYyVEm3pBNJ9bHat2liA1/Afk0UWNrhCQG9/5v9kR36aIxNU+4qI9cZ2npFWt61/7t2otz2GcygJDCUYEp6wDlmoW6DHXnaUUj1USjZ9uI1IrgmjZYxfjlt/UaB7AJOJP/3bOC1iPXBe9HKt30YUG23KaVfK9DDeGD/tlAeIklaYK8RZd4zUXSm3eZjeZCGiC3XFYIIyf7e7M/IZE+/DbD1jQEGxGd7AmdVBJZPBFtkAd4Blypaidykx7n1UcfF0WWISfFsae956PHnqnSBKM5OUDh2y5LowgXjWmr/BVJmnaiNbeMhgC3axZVL3EmFSVtvwnup+sRmDwYoHh/RbmInyns=
 
 <domain type="test">
   <name>fedora28</name>
diff --git a/tests/test_cli.py b/tests/test_cli.py
index e06e8bd5c..8b78a1a78 100644
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -1013,7 +1013,7 @@ c.add_compare("--connect %s --os-variant fedora26" % (utils.URIs.test_suite), "o
 c.add_compare("--connect %s --os-variant fedora26 --pxe --print-xml" % (utils.URIs.test_suite), "osvariant-defaults-pxe", use_default_args=False)  # No arguments
 c.add_compare("--disk %(EXISTIMG1)s --os-variant fedora28 --cloud-init", "cloud-init-default", env={"VIRTINST_TEST_SUITE_CLOUDINIT": "1"})  # default --cloud-init behavior is root-password-generate=yes,disable=yes
 c.add_compare("--disk %(EXISTIMG1)s --os-variant fedora28 --cloud-init root-password-generate=yes,disable=no --sysinfo system.serial=foobar", "cloud-init-options1", env={"VIRTINST_TEST_SUITE_PRINT_CLOUDINIT": "1"})  # --cloud-init root-password-generate, with --sysinfo override
-c.add_compare("--disk %(EXISTIMG1)s --os-variant fedora28 --cloud-init root-password-file=%(ADMIN-PASSWORD-FILE)s,root-ssh-key=%(XMLDIR)s/cloudinit/ssh-key.txt --boot smbios.mode=none", "cloud-init-options2", env={"VIRTINST_TEST_SUITE_PRINT_CLOUDINIT": "1"})  # --cloud-init root-password-file with smbios.mode override
+c.add_compare("--disk %(EXISTIMG1)s --os-variant fedora28 --cloud-init root-password-file=%(ADMIN-PASSWORD-FILE)s,root-ssh-key=%(XMLDIR)s/cloudinit/ssh-key.txt,clouduser-ssh-key=%(XMLDIR)s/cloudinit/ssh-key2.txt --boot smbios.mode=none", "cloud-init-options2", env={"VIRTINST_TEST_SUITE_PRINT_CLOUDINIT": "1"})  # --cloud-init root-password-file with smbios.mode override
 c.add_compare("--disk %(EXISTIMG1)s --os-variant fedora28 --cloud-init ssh-key=%(XMLDIR)s/cloudinit/ssh-key.txt", "cloud-init-options3", env={"VIRTINST_TEST_SUITE_PRINT_CLOUDINIT": "1"})  # --cloud-init ssh-key
 c.add_compare("--disk %(EXISTIMG1)s --os-variant fedora28 --cloud-init user-data=%(XMLDIR)s/cloudinit/user-data.txt,meta-data=%(XMLDIR)s/cloudinit/meta-data.txt", "cloud-init-options4", env={"VIRTINST_TEST_SUITE_PRINT_CLOUDINIT": "1"})  # --cloud-init user-data=,meta-data=
 c.add_compare("--disk %(EXISTIMG1)s --os-variant fedora28 --cloud-init user-data=%(XMLDIR)s/cloudinit/user-data.txt,meta-data=%(XMLDIR)s/cloudinit/meta-data.txt,network-config=%(XMLDIR)s/cloudinit/network-config.txt", "cloud-init-options5", env={"VIRTINST_TEST_SUITE_PRINT_CLOUDINIT": "1"})  # --cloud-init user-data=,meta-data=,network-config=
diff --git a/virtinst/cli.py b/virtinst/cli.py
index 2c199cb1c..52be9f298 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1773,6 +1773,7 @@ class ParserCloudInit(VirtCLIParser):
         cls.add_arg("root-password-file", "root_password_file")
         cls.add_arg("disable", "disable", is_onoff=True)
         cls.add_arg("root-ssh-key", "root_ssh_key")
+        cls.add_arg("clouduser-ssh-key", "clouduser_ssh_key")
         cls.add_arg("user-data", "user_data")
         cls.add_arg("meta-data", "meta_data")
         cls.add_arg("network-config", "network_config")
diff --git a/virtinst/install/cloudinit.py b/virtinst/install/cloudinit.py
index f0aa9bf06..33c1df74f 100644
--- a/virtinst/install/cloudinit.py
+++ b/virtinst/install/cloudinit.py
@@ -18,6 +18,7 @@ class CloudInitData():
     root_password_file = None
     generated_root_password = None
     root_ssh_key = None
+    clouduser_ssh_key = None
     user_data = None
     meta_data = None
     network_config = None
@@ -47,6 +48,10 @@ class CloudInitData():
         if self.root_ssh_key:
             return self._get_password(self.root_ssh_key)
 
+    def get_clouduser_ssh_key(self):
+        if self.clouduser_ssh_key:
+            return self._get_password(self.clouduser_ssh_key)
+
 
 def _create_metadata_content(cloudinit_data):
     content = ""
@@ -76,12 +81,17 @@ def _create_userdata_content(cloudinit_data):
     elif cloudinit_data.root_password_file:
         content += "  expire: False\n"
 
-    if cloudinit_data.root_ssh_key:
-        rootpass = cloudinit_data.get_root_ssh_key()
+    if cloudinit_data.root_ssh_key or cloudinit_data.clouduser_ssh_key:
         content += "users:\n"
-        content += "  - name: root\n"
-        content += "    ssh-authorized-keys:\n"
-        content += "      - %s\n" % rootpass
+        rootkey = cloudinit_data.get_root_ssh_key()
+        userkey = cloudinit_data.get_clouduser_ssh_key()
+
+        if rootkey:
+            content += "  - name: root\n"
+            content += "    ssh-authorized-keys:\n"
+            content += "      - %s\n" % rootkey
+        if userkey:
+            content += "  - ssh-authorized-keys: %s\n" % userkey
 
     if cloudinit_data.disable:
         content += "runcmd:\n"