prevent cloudinit/config/cc_ssh_authkey_fingerprints.py from creating home when "no_create_home: true", or "system: true"

[jf]

Proposed Commit Message

prevent cc_ssh_authkey_fingerprints.py from inadvertently creating a home when "no_create_home: true", or "system: true"

summary: stop cc_ssh_authkey_fingerprints from ALWAYS creating home

cloudinit/config/cc_ssh_authkey_fingerprints.py unintentionally ends
up creating a home directory for a user even when `no_create_home:
true` or `system: true`. This prevents it.

`cc_ssh_authkey_fingerprints.py` calls `ssh_util.extract_authorized_keys`,
which ends up calling `check_create_path`, which creates the as yet
non-existent home while looking for an `authorized_keys` file to parse.
`cc_ssh_authkey_fingerprints.py` looks like the best place to stop this.

NOTE that I do not handle the situation where (`no_create_home: true`
or `system: true`) *and* yet `ssh_authorized_keys` is provided. In
this case, by virtue of the code `no_create_home: true` / `system:
true` takes precedence

Additional Context

Test Steps

sample user data:

#cloud-config

system_info:
  default_user:
    name: jf

users:
  - default

  - name: nch
    no_create_home: true

  - name: system
    system: true

Checklist:

• My code follows the process laid out in the documentation
• I have updated or added any unit tests accordingly
• I have updated or added any documentation accordingly

[TheRealFalcon]

Thanks @jf , this looks good to me.

I put together a quick integration test. Would you mind adding it to the end of tests/integration_tests/modules/test_ssh_auth_key_fingerprints.py?

@pytest.mark.user_data(
    """\
#cloud-config
users:
 - default
 - name: nch
   no_create_home: true
 - name: system
   system: true
"""
)
def test_no_home_directory_created(client: IntegrationInstance):
    """Ensure cc_ssh_authkey_fingerprints doesn't create user directories"""
    home_output = client.execute("ls /home")
    assert "nch" not in home_output
    assert "system" not in home_output

    passwd = client.execute("cat /etc/passwd")
    assert "nch:" in passwd
    assert "system:" in passwd

[jf]

thank you, @TheRealFalcon . This is done now.

Btw, I did end up working on the situation mentioned in the last paragraph:

NOTE that I do not handle the situation where (`no_create_home: true`
or `system: true`) *and* yet `ssh_authorized_keys` is provided. In
this case, by virtue of the code `no_create_home: true` / `system:
true` takes precedence

This is done in #1347

[TheRealFalcon]

Thanks!

[TheRealFalcon]

Sorry, forgot to specify the import. Thanks for fixing that.

[jf]

Sorry, forgot to specify the import. Thanks for fixing that.

sure. Thanks for the testing code! I didn't really know how to start on that...