Python 2.7 support; RHEL support

[cuotos]

What operating system are you using for this?

The default amazon ami uses python 2.7 and the following line fails

return 2000 + (int.from_bytes(hashlib.sha256(i.encode()).digest()[-2:], byteorder=sys.byteorder) // 2)

as python 2.7 does not have int.from_bytes() attribute.

[cuotos]

I can see there are a number of issues with trying to use this on amazon linux ami.

What OS are you using?

[kislyuk]

This was developed and tested on Ubuntu 14.04/16.04 on Python 3. I have not yet had the chance to test on RHEL/Amazon Linux.

Could you elaborate on the issues that you see?

[cuotos]

As mentioned above, from a python side, removing the int.from_bytes() I think will make it compatible with 2.7 and therefore many operating systems.

I was testing on the latest Amazon Linux Ami (in eu-west-1 t2.nano)

• adduser does not have the "disabled-password" and "gecos" options
• I had to explicitly reference /usr/sbin/adduser. (i assume usermod will be the same, but I didnt get that far)
• AuthorizedKeysCommand didnt appear to work, I added debug logging to the keymaker-get-public-keys script and I dont think it was getting invoked. but didnt have time to investigate any more.

I love the idea of this process though! I need to read up on sshd and pam etc as I've not had much to do with it.

[rmcdonough]

I have a fix for the UID generation:

(local) TOPD-061012:keymaker rmcdonough$ git diff 0e60ab0ca5f49b13166b344fa0421bc09bdbf96a 743798949a4c8ee622b22b629761b733c4647ea5
diff --git a/keymaker/__init__.py b/keymaker/__init__.py
index e2dcdc5..987e1a2 100644
--- a/keymaker/__init__.py
+++ b/keymaker/__init__.py
@@ -2,7 +2,15 @@ from __future__ import absolute_import, division, print_function, unicode_litera

 from io import open

-import os, sys, json, time, logging, subprocess, pwd, hashlib
+import os
+import sys
+import json
+import time
+import logging
+import subprocess
+import pwd
+import hashlib
+import codecs
 from collections import namedtuple

 logging.basicConfig(level=logging.ERROR)
@@ -33,8 +41,26 @@ def get_authorized_keys(args):
     except Exception as e:
         err_exit("Error while retrieving IAM SSH keys for {u}: {e}".format(u=args.user, e=str(e)), code=os.errno.EINVAL)

-def aws_to_unix_id(i):
-    return 2000 + (int.from_bytes(hashlib.sha256(i.encode()).digest()[-2:], byteorder=sys.byteorder) // 2)
+def from_bytes(data, big_endian=False):
+    """Used on Python 2 to handle int.from_bytes"""
+    if isinstance(data, str):
+        data = bytearray(data)
+    if big_endian:
+        data = reversed(data)
+    num = 0
+    for offset, byte in enumerate(data):
+        num += byte << (offset * 8)
+    return num
+
+def aws_to_unix_id(aws_key_id):
+    """Converts a AWS Key ID into a UID"""
+    if int(sys.version[0]) == 3:
+        return 2000 + (
+            int.from_bytes(hashlib.sha256(aws_key_id.encode()).digest()[-2:],
+            byteorder=sys.byteorder) // 2)
+    else:
+        return 2000 + int(
+            from_bytes(hashlib.sha256(aws_key_id.encode()).digest()[-2:]) // 2)

 def get_uid(args):
     iam = boto3.resource("iam")

May I push a PR your way? If you're OK with it I wouldn't mind making some other improvements as this module would be enormously valuable to me.

[kislyuk]

I would very much appreciate a PR, thanks for looking into it!

[aioue]

Does python 2.7 work yet? Looking after a farm of Ubuntu 14.04 LTS instances...

[kislyuk]

The package does work on Python 2.7.

[jonleighton]

I got tripped up by this because it looks like the currently released version (0.2.1) doesn't have the fix for Python 2.7. I figured out that I could install directly from git like this:

pip install git+https://github.com/kislyuk/keymaker.git

[kislyuk]

I have released v0.3.3 from master.