From a6735b1d651dd8aafcd78a2f4d7366f24de8798a Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Tue, 27 Aug 2013 22:54:56 -0700
Subject: [PATCH] builder/virtualbox: support ssh keys as auth mechanism
 [GH-70]

---
 CHANGELOG.md                       |  2 +
 builder/virtualbox/builder.go      | 11 +++++
 builder/virtualbox/builder_test.go | 79 ++++++++++++++++++++++++++++++
 builder/virtualbox/ssh.go          | 43 ++++++++++++++--
 communicator/ssh/keychain.go       |  4 ++
 5 files changed, 134 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cd8c99263..1e23825cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,8 @@ FEATURES:
 * **NEW PROVISIONER:** `chef-solo`. You can now provision with Chef
   using `chef-solo` from local cookbooks.
 * builder/amazon: Copy AMI to multiple regions with `ami_regions`. [GH-322]
+* builder/virtualbox: Can now use SSH keys as an auth mechanism for
+  SSH using `ssh_key_path`. [GH-70]
 * builder/vmware: The root hard drive type can now be specified with
   "disk_type_id" for advanced users. [GH-328]
 * provisioner/salt-masterless: Ability to specfy a minion config. [GH-264]
diff --git a/builder/virtualbox/builder.go b/builder/virtualbox/builder.go
index c082b8ba9..84570c92c 100644
--- a/builder/virtualbox/builder.go
+++ b/builder/virtualbox/builder.go
@@ -43,6 +43,7 @@ type config struct {
 	ShutdownCommand      string     `mapstructure:"shutdown_command"`
 	SSHHostPortMin       uint       `mapstructure:"ssh_host_port_min"`
 	SSHHostPortMax       uint       `mapstructure:"ssh_host_port_max"`
+	SSHKeyPath           string     `mapstructure:"ssh_key_path"`
 	SSHPassword          string     `mapstructure:"ssh_password"`
 	SSHPort              uint       `mapstructure:"ssh_port"`
 	SSHUser              string     `mapstructure:"ssh_username"`
@@ -282,6 +283,16 @@ func (b *Builder) Prepare(raws ...interface{}) error {
 			errs, fmt.Errorf("Failed parsing shutdown_timeout: %s", err))
 	}
 
+	if b.config.SSHKeyPath != "" {
+		if _, err := os.Stat(b.config.SSHKeyPath); err != nil {
+			errs = packer.MultiErrorAppend(
+				errs, fmt.Errorf("ssh_key_path is invalid: %s", err))
+		} else if _, err := sshKeyToKeyring(b.config.SSHKeyPath); err != nil {
+			errs = packer.MultiErrorAppend(
+				errs, fmt.Errorf("ssh_key_path is invalid: %s", err))
+		}
+	}
+
 	if b.config.SSHHostPortMin > b.config.SSHHostPortMax {
 		errs = packer.MultiErrorAppend(
 			errs, errors.New("ssh_host_port_min must be less than ssh_host_port_max"))
diff --git a/builder/virtualbox/builder_test.go b/builder/virtualbox/builder_test.go
index f3afdd6dd..4ea869fef 100644
--- a/builder/virtualbox/builder_test.go
+++ b/builder/virtualbox/builder_test.go
@@ -8,6 +8,36 @@ import (
 	"testing"
 )
 
+var testPem = `
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAxd4iamvrwRJvtNDGQSIbNvvIQN8imXTRWlRY62EvKov60vqu
+hh+rDzFYAIIzlmrJopvOe0clqmi3mIP9dtkjPFrYflq52a2CF5q+BdwsJXuRHbJW
+LmStZUwW1khSz93DhvhmK50nIaczW63u4EO/jJb3xj+wxR1Nkk9bxi3DDsYFt8SN
+AzYx9kjlEYQ/+sI4/ATfmdV9h78SVotjScupd9KFzzi76gWq9gwyCBLRynTUWlyD
+2UOfJRkOvhN6/jKzvYfVVwjPSfA9IMuooHdScmC4F6KBKJl/zf/zETM0XyzIDNmH
+uOPbCiljq2WoRM+rY6ET84EO0kVXbfx8uxUsqQIDAQABAoIBAQCkPj9TF0IagbM3
+5BSs/CKbAWS4dH/D4bPlxx4IRCNirc8GUg+MRb04Xz0tLuajdQDqeWpr6iLZ0RKV
+BvreLF+TOdV7DNQ4XE4gSdJyCtCaTHeort/aordL3l0WgfI7mVk0L/yfN1PEG4YG
+E9q1TYcyrB3/8d5JwIkjabxERLglCcP+geOEJp+QijbvFIaZR/n2irlKW4gSy6ko
+9B0fgUnhkHysSg49ChHQBPQ+o5BbpuLrPDFMiTPTPhdfsvGGcyCGeqfBA56oHcSF
+K02Fg8OM+Bd1lb48LAN9nWWY4WbwV+9bkN3Ym8hO4c3a/Dxf2N7LtAQqWZzFjvM3
+/AaDvAgBAoGBAPLD+Xn1IYQPMB2XXCXfOuJewRY7RzoVWvMffJPDfm16O7wOiW5+
+2FmvxUDayk4PZy6wQMzGeGKnhcMMZTyaq2g/QtGfrvy7q1Lw2fB1VFlVblvqhoJa
+nMJojjC4zgjBkXMHsRLeTmgUKyGs+fdFbfI6uejBnnf+eMVUMIdJ+6I9AoGBANCn
+kWO9640dttyXURxNJ3lBr2H3dJOkmD6XS+u+LWqCSKQe691Y/fZ/ZL0Oc4Mhy7I6
+hsy3kDQ5k2V0fkaNODQIFJvUqXw2pMewUk8hHc9403f4fe9cPrL12rQ8WlQw4yoC
+v2B61vNczCCUDtGxlAaw8jzSRaSI5s6ax3K7enbdAoGBAJB1WYDfA2CoAQO6y9Sl
+b07A/7kQ8SN5DbPaqrDrBdJziBQxukoMJQXJeGFNUFD/DXFU5Fp2R7C86vXT7HIR
+v6m66zH+CYzOx/YE6EsUJms6UP9VIVF0Rg/RU7teXQwM01ZV32LQ8mswhTH20o/3
+uqMHmxUMEhZpUMhrfq0isyApAoGAe1UxGTXfj9AqkIVYylPIq2HqGww7+jFmVEj1
+9Wi6S6Sq72ffnzzFEPkIQL/UA4TsdHMnzsYKFPSbbXLIWUeMGyVTmTDA5c0e5XIR
+lPhMOKCAzv8w4VUzMnEkTzkFY5JqFCD/ojW57KvDdNZPVB+VEcdxyAW6aKELXMAc
+eHLc1nkCgYEApm/motCTPN32nINZ+Vvywbv64ZD+gtpeMNP3CLrbe1X9O+H52AXa
+1jCoOldWR8i2bs2NVPcKZgdo6fFULqE4dBX7Te/uYEIuuZhYLNzRO1IKU/YaqsXG
+3bfQ8hKYcSnTfE0gPtLDnqCIxTocaGLSHeG3TH9fTw+dA8FvWpUztI4=
+-----END RSA PRIVATE KEY-----
+`
+
 func testConfig() map[string]interface{} {
 	return map[string]interface{}{
 		"iso_checksum":      "foo",
@@ -484,6 +514,55 @@ func TestBuilderPrepare_SSHHostPort(t *testing.T) {
 	}
 }
 
+func TestBuilderPrepare_sshKeyPath(t *testing.T) {
+	var b Builder
+	config := testConfig()
+
+	config["ssh_key_path"] = ""
+	b = Builder{}
+	err := b.Prepare(config)
+	if err != nil {
+		t.Fatalf("should not have error: %s", err)
+	}
+
+	config["ssh_key_path"] = "/i/dont/exist"
+	b = Builder{}
+	err = b.Prepare(config)
+	if err == nil {
+		t.Fatal("should have error")
+	}
+
+	// Test bad contents
+	tf, err := ioutil.TempFile("", "packer")
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	defer os.Remove(tf.Name())
+	defer tf.Close()
+
+	if _, err := tf.Write([]byte("HELLO!")); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	config["ssh_key_path"] = tf.Name()
+	b = Builder{}
+	err = b.Prepare(config)
+	if err == nil {
+		t.Fatal("should have error")
+	}
+
+	// Test good contents
+	tf.Seek(0, 0)
+	tf.Truncate(0)
+	tf.Write([]byte(testPem))
+	config["ssh_key_path"] = tf.Name()
+	b = Builder{}
+	err = b.Prepare(config)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
+
 func TestBuilderPrepare_SSHUser(t *testing.T) {
 	var b Builder
 	config := testConfig()
diff --git a/builder/virtualbox/ssh.go b/builder/virtualbox/ssh.go
index f67133a70..539f7d832 100644
--- a/builder/virtualbox/ssh.go
+++ b/builder/virtualbox/ssh.go
@@ -4,6 +4,8 @@ import (
 	gossh "code.google.com/p/go.crypto/ssh"
 	"fmt"
 	"github.com/mitchellh/packer/communicator/ssh"
+	"io/ioutil"
+	"os"
 )
 
 func sshAddress(state map[string]interface{}) (string, error) {
@@ -14,12 +16,43 @@ func sshAddress(state map[string]interface{}) (string, error) {
 func sshConfig(state map[string]interface{}) (*gossh.ClientConfig, error) {
 	config := state["config"].(*config)
 
+	auth := []gossh.ClientAuth{
+		gossh.ClientAuthPassword(ssh.Password(config.SSHPassword)),
+		gossh.ClientAuthKeyboardInteractive(
+			ssh.PasswordKeyboardInteractive(config.SSHPassword)),
+	}
+
+	if config.SSHKeyPath != "" {
+		keyring, err := sshKeyToKeyring(config.SSHKeyPath)
+		if err != nil {
+			return nil, err
+		}
+
+		auth = append(auth, gossh.ClientAuthKeyring(keyring))
+	}
+
 	return &gossh.ClientConfig{
 		User: config.SSHUser,
-		Auth: []gossh.ClientAuth{
-			gossh.ClientAuthPassword(ssh.Password(config.SSHPassword)),
-			gossh.ClientAuthKeyboardInteractive(
-				ssh.PasswordKeyboardInteractive(config.SSHPassword)),
-		},
+		Auth: auth,
 	}, nil
 }
+
+func sshKeyToKeyring(path string) (gossh.ClientKeyring, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	keyBytes, err := ioutil.ReadAll(f)
+	if err != nil {
+		return nil, err
+	}
+
+	keyring := new(ssh.SimpleKeychain)
+	if err := keyring.AddPEMKey(string(keyBytes)); err != nil {
+		return nil, err
+	}
+
+	return keyring, nil
+}
diff --git a/communicator/ssh/keychain.go b/communicator/ssh/keychain.go
index 5a63f0380..58fd70cbc 100644
--- a/communicator/ssh/keychain.go
+++ b/communicator/ssh/keychain.go
@@ -20,6 +20,10 @@ type SimpleKeychain struct {
 // AddPEMKey adds a simple PEM encoded private key to the keychain.
 func (k *SimpleKeychain) AddPEMKey(key string) (err error) {
 	block, _ := pem.Decode([]byte(key))
+	if block == nil {
+		return errors.New("no block in key")
+	}
+
 	rsakey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
 	if err != nil {
 		return