Merge #134484

134484: roachprod: `GetUserAuthorizedKeys` should skip invalid ssh keys r=DarrylWong,herkolategan a=srosenberg Previously, `GetUserAuthorizedKeys` would return an error upon encountering an invalid ssh key. Since ssh keys can be uploaded out of band, it's conceivable that we may end up with invalid ssh keys. Thus, failing an entire operation due to a single invalid ssh key may not be desired. Since new cluster creation depends on it (transitively via `SetupSSH`), skipping over invalid keys means we can complete cluster creation and resolve the key issue later. Consequently, we change the key parsing behavior s.t. `GetUserAuthorizedKeys` doesn't fail upon encountering invalid key entries. Only IO error(s) now result in failure. Resolves: #138274 Epic: none Release note: None Co-authored-by: Stan Rosenberg <[email protected]>
cockroachdb · Jan 6, 2025 · 0a82539 · 0a82539
2 parents 95b377e + a6b8242
commit 0a82539
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/pkg/roachprod/vm/gce/utils.go b/pkg/roachprod/vm/gce/utils.go
@@ -440,9 +440,14 @@ func GetUserAuthorizedKeys() (AuthorizedKeys, error) {
 		if line == "" {
 			continue
 		}
+		// N.B. Below, we skip over invalid public keys as opposed to failing. Since we don't control how these keys are
+		// uploaded, it's possible for a key to become invalid.
+		// N.B. This implies that an operation like `AddUserAuthorizedKey` has the side effect of removing invalid
+		// keys, since they are skipped here, and the result is then uploaded via `SetUserAuthorizedKeys`.
 		colonIdx := strings.IndexRune(line, ':')
 		if colonIdx == -1 {
-			return nil, fmt.Errorf("malformed public key line %q", line)
+			fmt.Fprintf(os.Stderr, "WARN: malformed public key line %q\n", line)
+			continue
 		}
 
 		user := line[:colonIdx]
@@ -454,7 +459,8 @@ func GetUserAuthorizedKeys() (AuthorizedKeys, error) {
 
 		pubKey, comment, _, _, err := ssh.ParseAuthorizedKey([]byte(key))
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse public key in project metadata: %w\n%s", err, key)
+			fmt.Fprintf(os.Stderr, "WARN: failed to parse public key in project metadata: %v\n%q\n", err, key)
+			continue
 		}
 		authorizedKeys = append(authorizedKeys, AuthorizedKey{User: user, Key: pubKey, Comment: comment})
 	}