fix access to vagrant key file

5 files changed, 30 insertions, 21 deletions

diff --git a/lib/leap_cli/commands/ssh.rb b/lib/leap_cli/commands/ssh.rb
index 695812b8..03192071 100644
--- a/lib/leap_cli/commands/ssh.rb
+++ b/lib/leap_cli/commands/ssh.rb
@@ -179,7 +179,8 @@ module LeapCli; module Commands
       "-o 'UserKnownHostsFile=/dev/null'"
     ]
     if node.vagrant?
-      options << "-i #{vagrant_ssh_key_file}"    # use the universal vagrant insecure key
+      # use the universal vagrant insecure key:
+      options << "-i #{LeapCli::Util::Vagrant.vagrant_ssh_key_file}"
       options << "-o IdentitiesOnly=yes"         # force the use of the insecure vagrant key
       options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it
                                                  # (since userknownhostsfile is /dev/null)
diff --git a/lib/leap_cli/commands/vagrant.rb b/lib/leap_cli/commands/vagrant.rb
index 9fdd48e3..8d66a84a 100644
--- a/lib/leap_cli/commands/vagrant.rb
+++ b/lib/leap_cli/commands/vagrant.rb
@@ -70,25 +70,6 @@ module LeapCli; module Commands
     end
   end
 
-  public
-
-  #
-  # returns the path to a vagrant ssh private key file.
-  #
-  # if the vagrant.key file is owned by root or ourselves, then
-  # we need to make sure that it owned by us and not world readable.
-  #
-  def vagrant_ssh_key_file
-    file_path = Path.vagrant_ssh_priv_key_file
-    Util.assert_files_exist! file_path
-    uid = File.new(file_path).stat.uid
-    if uid == 0 || uid == Process.euid
-      FileUtils.install file_path, '/tmp/vagrant.key', :mode => 0600
-      file_path = '/tmp/vagrant.key'
-    end
-    return file_path
-  end
-
   protected
 
   def vagrant_command(cmds, args, options={})
diff --git a/lib/leap_cli/load_libraries.rb b/lib/leap_cli/load_libraries.rb
index 19f4edb5..cec3812d 100644
--- a/lib/leap_cli/load_libraries.rb
+++ b/lib/leap_cli/load_libraries.rb
@@ -18,3 +18,4 @@ require 'leap_cli/config/manager'
 
 require 'leap_cli/util/secret'
 require 'leap_cli/util/x509'
+require 'leap_cli/util/vagrant'
diff --git a/lib/leap_cli/ssh/options.rb b/lib/leap_cli/ssh/options.rb
index 0bbaa36f..d991cc29 100644
--- a/lib/leap_cli/ssh/options.rb
+++ b/lib/leap_cli/ssh/options.rb
@@ -58,7 +58,7 @@ module LeapCli
       def self.contingent_ssh_options_for_node(node)
         opts = {}
         if node.vagrant?
-          opts[:keys] = [vagrant_ssh_key_file]
+          opts[:keys] = [LeapCli::Util::Vagrant.vagrant_ssh_key_file]
           opts[:keys_only] = true # only use the keys specified above, and
                                   # ignore whatever keys the ssh-agent is aware of.
           opts[:paranoid] = false # we skip host checking for vagrant nodes,
diff --git a/lib/leap_cli/util/vagrant.rb b/lib/leap_cli/util/vagrant.rb
new file mode 100644
index 00000000..c67ea4f1
--- /dev/null
+++ b/lib/leap_cli/util/vagrant.rb
@@ -0,0 +1,26 @@
+require 'fileutils'
+
+module LeapCli
+  module Util
+    module Vagrant
+
+      #
+      # returns the path to a vagrant ssh private key file.
+      #
+      # if the vagrant.key file is owned by root or ourselves, then
+      # we need to make sure that it owned by us and not world readable.
+      #
+      def self.vagrant_ssh_key_file
+        file_path = Path.vagrant_ssh_priv_key_file
+        Util.assert_files_exist! file_path
+        uid = File.new(file_path).stat.uid
+        if uid == 0 || uid == Process.euid
+          FileUtils.install file_path, '/tmp/vagrant.key', :mode => 0600
+          file_path = '/tmp/vagrant.key'
+        end
+        return file_path
+      end
+
+    end
+  end
+end
\ No newline at end of file