builder/vmware: support key based SSH auth [GH-70]

CHANGELOG.md

@@ -6,7 +6,7 @@ FEATURES:
 * **NEW PROVISIONER:** `chef-solo`. You can now provision with Chef
   using `chef-solo` from local cookbooks.
 * builder/amazon: Copy AMI to multiple regions with `ami_regions`. [GH-322]
-* builder/virtualbox: Can now use SSH keys as an auth mechanism for
+* builder/virtualbox,vmware: Can now use SSH keys as an auth mechanism for
   SSH using `ssh_key_path`. [GH-70]
 * builder/vmware: The root hard drive type can now be specified with
   "disk_type_id" for advanced users. [GH-328]

builder/vmware/builder.go

@@ -44,6 +44,7 @@ type config struct {
 	SkipCompaction    bool              `mapstructure:"skip_compaction"`
 	ShutdownCommand   string            `mapstructure:"shutdown_command"`
 	SSHUser           string            `mapstructure:"ssh_username"`
+	SSHKeyPath        string            `mapstructure:"ssh_key_path"`
 	SSHPassword       string            `mapstructure:"ssh_password"`
 	SSHPort           uint              `mapstructure:"ssh_port"`
 	SSHSkipRequestPty bool              `mapstructure:"ssh_skip_request_pty"`
@@ -263,6 +264,16 @@ func (b *Builder) Prepare(raws ...interface{}) error {
 		}
 	}
 
+	if b.config.SSHKeyPath != "" {
+		if _, err := os.Stat(b.config.SSHKeyPath); err != nil {
+			errs = packer.MultiErrorAppend(
+				errs, fmt.Errorf("ssh_key_path is invalid: %s", err))
+		} else if _, err := sshKeyToKeyring(b.config.SSHKeyPath); err != nil {
+			errs = packer.MultiErrorAppend(
+				errs, fmt.Errorf("ssh_key_path is invalid: %s", err))
+		}
+	}
+
 	if b.config.SSHUser == "" {
 		errs = packer.MultiErrorAppend(
 			errs, errors.New("An ssh_username must be specified."))

builder/vmware/builder_test.go

@@ -9,6 +9,36 @@ import (
 	"time"
 )
 
+var testPem = `
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAxd4iamvrwRJvtNDGQSIbNvvIQN8imXTRWlRY62EvKov60vqu
+hh+rDzFYAIIzlmrJopvOe0clqmi3mIP9dtkjPFrYflq52a2CF5q+BdwsJXuRHbJW
+LmStZUwW1khSz93DhvhmK50nIaczW63u4EO/jJb3xj+wxR1Nkk9bxi3DDsYFt8SN
+AzYx9kjlEYQ/+sI4/ATfmdV9h78SVotjScupd9KFzzi76gWq9gwyCBLRynTUWlyD
+2UOfJRkOvhN6/jKzvYfVVwjPSfA9IMuooHdScmC4F6KBKJl/zf/zETM0XyzIDNmH
+uOPbCiljq2WoRM+rY6ET84EO0kVXbfx8uxUsqQIDAQABAoIBAQCkPj9TF0IagbM3
+5BSs/CKbAWS4dH/D4bPlxx4IRCNirc8GUg+MRb04Xz0tLuajdQDqeWpr6iLZ0RKV
+BvreLF+TOdV7DNQ4XE4gSdJyCtCaTHeort/aordL3l0WgfI7mVk0L/yfN1PEG4YG
+E9q1TYcyrB3/8d5JwIkjabxERLglCcP+geOEJp+QijbvFIaZR/n2irlKW4gSy6ko
+9B0fgUnhkHysSg49ChHQBPQ+o5BbpuLrPDFMiTPTPhdfsvGGcyCGeqfBA56oHcSF
+K02Fg8OM+Bd1lb48LAN9nWWY4WbwV+9bkN3Ym8hO4c3a/Dxf2N7LtAQqWZzFjvM3
+/AaDvAgBAoGBAPLD+Xn1IYQPMB2XXCXfOuJewRY7RzoVWvMffJPDfm16O7wOiW5+
+2FmvxUDayk4PZy6wQMzGeGKnhcMMZTyaq2g/QtGfrvy7q1Lw2fB1VFlVblvqhoJa
+nMJojjC4zgjBkXMHsRLeTmgUKyGs+fdFbfI6uejBnnf+eMVUMIdJ+6I9AoGBANCn
+kWO9640dttyXURxNJ3lBr2H3dJOkmD6XS+u+LWqCSKQe691Y/fZ/ZL0Oc4Mhy7I6
+hsy3kDQ5k2V0fkaNODQIFJvUqXw2pMewUk8hHc9403f4fe9cPrL12rQ8WlQw4yoC
+v2B61vNczCCUDtGxlAaw8jzSRaSI5s6ax3K7enbdAoGBAJB1WYDfA2CoAQO6y9Sl
+b07A/7kQ8SN5DbPaqrDrBdJziBQxukoMJQXJeGFNUFD/DXFU5Fp2R7C86vXT7HIR
+v6m66zH+CYzOx/YE6EsUJms6UP9VIVF0Rg/RU7teXQwM01ZV32LQ8mswhTH20o/3
+uqMHmxUMEhZpUMhrfq0isyApAoGAe1UxGTXfj9AqkIVYylPIq2HqGww7+jFmVEj1
+9Wi6S6Sq72ffnzzFEPkIQL/UA4TsdHMnzsYKFPSbbXLIWUeMGyVTmTDA5c0e5XIR
+lPhMOKCAzv8w4VUzMnEkTzkFY5JqFCD/ojW57KvDdNZPVB+VEcdxyAW6aKELXMAc
+eHLc1nkCgYEApm/motCTPN32nINZ+Vvywbv64ZD+gtpeMNP3CLrbe1X9O+H52AXa
+1jCoOldWR8i2bs2NVPcKZgdo6fFULqE4dBX7Te/uYEIuuZhYLNzRO1IKU/YaqsXG
+3bfQ8hKYcSnTfE0gPtLDnqCIxTocaGLSHeG3TH9fTw+dA8FvWpUztI4=
+-----END RSA PRIVATE KEY-----
+`
+
 func testConfig() map[string]interface{} {
 	return map[string]interface{}{
 		"iso_checksum":      "foo",
@@ -339,6 +369,55 @@ func TestBuilderPrepare_ShutdownTimeout(t *testing.T) {
 	}
 }
 
+func TestBuilderPrepare_sshKeyPath(t *testing.T) {
+	var b Builder
+	config := testConfig()
+
+	config["ssh_key_path"] = ""
+	b = Builder{}
+	err := b.Prepare(config)
+	if err != nil {
+		t.Fatalf("should not have error: %s", err)
+	}
+
+	config["ssh_key_path"] = "/i/dont/exist"
+	b = Builder{}
+	err = b.Prepare(config)
+	if err == nil {
+		t.Fatal("should have error")
+	}
+
+	// Test bad contents
+	tf, err := ioutil.TempFile("", "packer")
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	defer os.Remove(tf.Name())
+	defer tf.Close()
+
+	if _, err := tf.Write([]byte("HELLO!")); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	config["ssh_key_path"] = tf.Name()
+	b = Builder{}
+	err = b.Prepare(config)
+	if err == nil {
+		t.Fatal("should have error")
+	}
+
+	// Test good contents
+	tf.Seek(0, 0)
+	tf.Truncate(0)
+	tf.Write([]byte(testPem))
+	config["ssh_key_path"] = tf.Name()
+	b = Builder{}
+	err = b.Prepare(config)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
+
 func TestBuilderPrepare_SSHUser(t *testing.T) {
 	var b Builder
 	config := testConfig()

builder/vmware/ssh.go

@@ -61,12 +61,43 @@ func sshAddress(state map[string]interface{}) (string, error) {
 func sshConfig(state map[string]interface{}) (*gossh.ClientConfig, error) {
 	config := state["config"].(*config)
 
+	auth := []gossh.ClientAuth{
+		gossh.ClientAuthPassword(ssh.Password(config.SSHPassword)),
+		gossh.ClientAuthKeyboardInteractive(
+			ssh.PasswordKeyboardInteractive(config.SSHPassword)),
+	}
+
+	if config.SSHKeyPath != "" {
+		keyring, err := sshKeyToKeyring(config.SSHKeyPath)
+		if err != nil {
+			return nil, err
+		}
+
+		auth = append(auth, gossh.ClientAuthKeyring(keyring))
+	}
+
 	return &gossh.ClientConfig{
 		User: config.SSHUser,
-		Auth: []gossh.ClientAuth{
-			gossh.ClientAuthPassword(ssh.Password(config.SSHPassword)),
-			gossh.ClientAuthKeyboardInteractive(
-				ssh.PasswordKeyboardInteractive(config.SSHPassword)),
-		},
+		Auth: auth,
 	}, nil
 }
+
+func sshKeyToKeyring(path string) (gossh.ClientKeyring, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	keyBytes, err := ioutil.ReadAll(f)
+	if err != nil {
+		return nil, err
+	}
+
+	keyring := new(ssh.SimpleKeychain)
+	if err := keyring.AddPEMKey(string(keyBytes)); err != nil {
+		return nil, err
+	}
+
+	return keyring, nil
+}