From 022335669cc1732939cc609f8dcdc5ad75a42439 Mon Sep 17 00:00:00 2001
From: Matt Clay <matt@mystile.com>
Date: Mon, 7 Oct 2019 14:36:05 -0700
Subject: [PATCH] Work around ssh-keygen issue in ansible-test. (#63211)

Newer versions of ssh-keygen create PEM keys that are not recognized by Paramiko.

Now ansible-test compensates for this by updating they keys it generates so Paramiko will recognize them.
---
 changelogs/fragments/ansible-test-ssh-keygen-fix.yml | 2 ++
 test/lib/ansible_test/_data/setup/remote.sh          | 5 +++++
 test/lib/ansible_test/_internal/core_ci.py           | 8 ++++++++
 3 files changed, 15 insertions(+)
 create mode 100644 changelogs/fragments/ansible-test-ssh-keygen-fix.yml

diff --git a/changelogs/fragments/ansible-test-ssh-keygen-fix.yml b/changelogs/fragments/ansible-test-ssh-keygen-fix.yml
new file mode 100644
index 0000000000..a6803510ff
--- /dev/null
+++ b/changelogs/fragments/ansible-test-ssh-keygen-fix.yml
@@ -0,0 +1,2 @@
+bugfixes:
+    - ansible-test now updates SSH keys it generates with newer versions of ssh-keygen to function with Paramiko
diff --git a/test/lib/ansible_test/_data/setup/remote.sh b/test/lib/ansible_test/_data/setup/remote.sh
index 7955259458..4cb8a23300 100644
--- a/test/lib/ansible_test/_data/setup/remote.sh
+++ b/test/lib/ansible_test/_data/setup/remote.sh
@@ -85,6 +85,11 @@ fi
 
 if [ ! -f "${HOME}/.ssh/id_rsa.pub" ]; then
     ssh-keygen -m PEM -q -t rsa -N '' -f "${HOME}/.ssh/id_rsa"
+    # newer ssh-keygen PEM output (such as on RHEL 8.1) is not recognized by paramiko
+    touch "${HOME}/.ssh/id_rsa.new"
+    chmod 0600 "${HOME}/.ssh/id_rsa.new"
+    sed 's/\(BEGIN\|END\) PRIVATE KEY/\1 RSA PRIVATE KEY/' "${HOME}/.ssh/id_rsa" > "${HOME}/.ssh/id_rsa.new"
+    mv "${HOME}/.ssh/id_rsa.new" "${HOME}/.ssh/id_rsa"
     cp "${HOME}/.ssh/id_rsa.pub" "${HOME}/.ssh/authorized_keys"
     for key in /etc/ssh/ssh_host_*_key.pub; do
         pk=$(cat "${key}")
diff --git a/test/lib/ansible_test/_internal/core_ci.py b/test/lib/ansible_test/_internal/core_ci.py
index ab00b335db..0cc821912a 100644
--- a/test/lib/ansible_test/_internal/core_ci.py
+++ b/test/lib/ansible_test/_internal/core_ci.py
@@ -4,6 +4,7 @@ __metaclass__ = type
 
 import json
 import os
+import re
 import traceback
 import uuid
 import errno
@@ -631,6 +632,13 @@ class SshKey:
         if not os.path.isfile(key) or not os.path.isfile(pub):
             run_command(args, ['ssh-keygen', '-m', 'PEM', '-q', '-t', 'rsa', '-N', '', '-f', key])
 
+            # newer ssh-keygen PEM output (such as on RHEL 8.1) is not recognized by paramiko
+            with open(key, 'r+') as key_fd:
+                key_contents = key_fd.read()
+                key_contents = re.sub(r'(BEGIN|END) PRIVATE KEY', r'\1 RSA PRIVATE KEY', key_contents)
+                key_fd.seek(0)
+                key_fd.write(key_contents)
+
         return key, pub