feat: added temporary ssh key gen support

Author: BhautikChudasama

cmd/completion/completion.go

@@ -0,0 +1,71 @@
+// Package completion provides shell completion script generation.
+package completion
+
+import (
+	"fmt"
+
+	"github.com/urfave/cli/v2"
+)
+
+const bashScript = `# bash completion for createos
+_createos_completion() {
+    local cur="${COMP_WORDS[COMP_CWORD]}"
+    local completions
+    completions=$(createos --generate-bash-completion "${COMP_WORDS[@]:1}" 2>/dev/null)
+    COMPREPLY=( $(compgen -W "$completions" -- "$cur") )
+    return 0
+}
+complete -F _createos_completion createos`
+
+const zshScript = `# zsh completion for createos
+#compdef createos
+
+_createos() {
+    local -a completions
+    completions=("${(@f)$(${words[1]} --generate-bash-completion ${words[2,-1]} 2>/dev/null)}")
+    compadd -a completions
+}
+
+_createos "$@"`
+
+const fishScript = `# fish completion for createos
+function __createos_complete
+    set -l args (commandline -opc)
+    set -e args[1]
+    createos --generate-bash-completion $args
+end
+
+complete -f -c createos -a "(__createos_complete)"`
+
+// NewCompletionCommand returns the shell completion command.
+func NewCompletionCommand() *cli.Command {
+	return &cli.Command{
+		Name:      "completion",
+		Usage:     "Generate shell completion script",
+		ArgsUsage: "<bash|zsh|fish>",
+		Description: "Generate a shell completion script for createos.\n\n" +
+			"   Add the output to your shell profile to enable tab completion.\n\n" +
+			"   Bash:\n" +
+			"     source <(createos completion bash)\n\n" +
+			"   Zsh:\n" +
+			"     source <(createos completion zsh)\n\n" +
+			"   Fish:\n" +
+			"     createos completion fish | source",
+		Action: func(c *cli.Context) error {
+			shell := c.Args().First()
+			switch shell {
+			case "bash":
+				fmt.Println(bashScript)
+			case "zsh":
+				fmt.Println(zshScript)
+			case "fish":
+				fmt.Println(fishScript)
+			case "":
+				return fmt.Errorf("please specify a shell\n\n  Supported shells: bash, zsh, fish\n\n  Example:\n    createos completion zsh")
+			default:
+				return fmt.Errorf("unsupported shell %q\n\n  Supported shells: bash, zsh, fish", shell)
+			}
+			return nil
+		},
+	}
+}

cmd/root/root.go

@@ -8,6 +8,7 @@ import (
 	"github.com/urfave/cli/v2"
 
 	"github.com/NodeOps-app/createos-cli/cmd/auth"
+	"github.com/NodeOps-app/createos-cli/cmd/completion"
 	"github.com/NodeOps-app/createos-cli/cmd/deployments"
 	"github.com/NodeOps-app/createos-cli/cmd/domains"
 	"github.com/NodeOps-app/createos-cli/cmd/environments"
@@ -27,9 +28,10 @@ import (
 // NewApp creates and configures the root CLI application.
 func NewApp() *cli.App {
 	app := &cli.App{
-		Name:    "createos",
-		Usage:   "CreateOS CLI - Manage your infrastructure",
-		Version: version.Version,
+		Name:                 "createos",
+		Usage:                "CreateOS CLI - Manage your infrastructure",
+		Version:              version.Version,
+		EnableBashCompletion: true,
 		Flags: []cli.Flag{
 			&cli.BoolFlag{
 				Name:    "debug",
@@ -46,7 +48,7 @@ func NewApp() *cli.App {
 		},
 		Before: func(c *cli.Context) error {
 			cmd := c.Args().First()
-			if cmd == "" || cmd == "login" || cmd == "logout" || cmd == "version" {
+			if cmd == "" || cmd == "login" || cmd == "logout" || cmd == "version" || cmd == "completion" {
 				return nil
 			}
 
@@ -115,6 +117,7 @@ func NewApp() *cli.App {
 			} else {
 				fmt.Println("  login          Authenticate with CreateOS")
 			}
+			fmt.Println("  completion      Generate shell completion script")
 			fmt.Println("  version        Print the current version")
 			fmt.Println()
 			fmt.Println("Run 'createos <command> --help' for more information on a command.")
@@ -124,6 +127,7 @@ func NewApp() *cli.App {
 		Commands: []*cli.Command{
 			auth.NewLoginCommand(),
 			auth.NewLogoutCommand(),
+			completion.NewCompletionCommand(),
 			deployments.NewDeploymentsCommand(),
 			domains.NewDomainsCommand(),
 			environments.NewEnvironmentsCommand(),

cmd/vms/vms_ssh.go

@@ -2,6 +2,9 @@ package vms
 
 import (
 	"context"
+	"crypto/ed25519"
+	"crypto/rand"
+	"encoding/pem"
 	"fmt"
 	"os"
 	"os/exec"
@@ -10,6 +13,7 @@ import (
 
 	"github.com/pterm/pterm"
 	"github.com/urfave/cli/v2"
+	gossh "golang.org/x/crypto/ssh"
 
 	"github.com/NodeOps-app/createos-cli/internal/api"
 	"github.com/NodeOps-app/createos-cli/internal/terminal"
@@ -43,20 +47,65 @@ func findPublicKeys() map[string]string {
 	return keys
 }
 
-// selectPublicKey prompts the user to pick a local SSH public key, or skip.
-// Returns the selected key content, or "" if skipped.
-func selectPublicKey() (string, error) {
-	keys := findPublicKeys()
-	if len(keys) == 0 {
-		return "", nil
+// generateTempSSHKeypair creates a temporary ed25519 keypair, writes the private key
+// to a temp file, and returns the public key string, the private key path, and a
+// cleanup func that removes the temp file.
+func generateTempSSHKeypair() (publicKey string, privateKeyPath string, cleanup func(), err error) {
+	pub, priv, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return "", "", nil, fmt.Errorf("could not generate keypair: %w", err)
+	}
+
+	// Marshal public key to authorized_keys format.
+	sshPub, err := gossh.NewPublicKey(pub)
+	if err != nil {
+		return "", "", nil, fmt.Errorf("could not encode public key: %w", err)
+	}
+	pubKeyStr := strings.TrimSpace(string(gossh.MarshalAuthorizedKey(sshPub)))
+
+	// Marshal private key to OpenSSH PEM format.
+	privPEM, err := gossh.MarshalPrivateKey(priv, "")
+	if err != nil {
+		return "", "", nil, fmt.Errorf("could not encode private key: %w", err)
+	}
+	privBytes := pem.EncodeToMemory(privPEM)
+
+	// Write private key to a temp file with restricted permissions.
+	f, err := os.CreateTemp("", "createos-vm-*.pem")
+	if err != nil {
+		return "", "", nil, fmt.Errorf("could not create temp key file: %w", err)
+	}
+	if err := os.Chmod(f.Name(), 0600); err != nil {
+		_ = f.Close()
+		_ = os.Remove(f.Name())
+		return "", "", nil, fmt.Errorf("could not set key file permissions: %w", err)
+	}
+	if _, err := f.Write(privBytes); err != nil {
+		_ = f.Close()
+		_ = os.Remove(f.Name())
+		return "", "", nil, fmt.Errorf("could not write private key: %w", err)
 	}
+	_ = f.Close()
 
-	const skipOption = "None (skip)"
-	options := make([]string, 0, len(keys)+1)
+	cleanup = func() { _ = os.Remove(f.Name()) }
+	return pubKeyStr, f.Name(), cleanup, nil
+}
+
+const (
+	optionTempKey = "Generate a temporary key (auto-deleted on exit)"
+	optionSkip    = "None (skip)"
+)
+
+// selectPublicKey prompts the user to pick a local SSH public key, generate a temp
+// key, or skip. Returns the public key content and an optional private key path
+// (non-empty only for generated temp keys).
+func selectPublicKey() (publicKey string, privateKeyPath string, err error) {
+	keys := findPublicKeys()
+
+	options := make([]string, 0, len(keys)+2)
 	nameByOption := make(map[string]string, len(keys))
 
 	for name, content := range keys {
-		// Show filename + key comment (last field) for readability.
 		parts := strings.Fields(content)
 		label := name
 		if len(parts) >= 3 {
@@ -65,19 +114,28 @@ func selectPublicKey() (string, error) {
 		options = append(options, label)
 		nameByOption[label] = content
 	}
-	options = append(options, skipOption)
+	options = append(options, optionTempKey, optionSkip)
 
 	selected, err := pterm.DefaultInteractiveSelect.
 		WithOptions(options).
 		WithDefaultText("Select an SSH public key to use for this session").
 		Show()
 	if err != nil {
-		return "", fmt.Errorf("could not read selection: %w", err)
+		return "", "", fmt.Errorf("could not read selection: %w", err)
 	}
-	if selected == skipOption {
-		return "", nil
+
+	switch selected {
+	case optionSkip:
+		return "", "", nil
+	case optionTempKey:
+		pub, privPath, _, genErr := generateTempSSHKeypair()
+		if genErr != nil {
+			return "", "", genErr
+		}
+		return pub, privPath, nil
+	default:
+		return nameByOption[selected], "", nil
 	}
-	return nameByOption[selected], nil
 }
 
 func newVMSSHCommand() *cli.Command {
@@ -122,11 +180,16 @@ func newVMSSHCommand() *cli.Command {
 				return fmt.Errorf("VM does not have an IP address yet — try again in a moment\n\n  Check status with: createos vms get %s", id)
 			}
 
-			// Ask user to pick a local SSH public key for this session.
-			localKey, err := selectPublicKey()
+			localKey, privateKeyPath, err := selectPublicKey()
 			if err != nil {
 				return err
 			}
+
+			// Clean up temp private key file on exit if one was generated.
+			if privateKeyPath != "" {
+				defer os.Remove(privateKeyPath) //nolint:errcheck
+			}
+
 			originalKeys := vm.Inputs.SSHKeys
 			if originalKeys == nil {
 				originalKeys = []string{}
@@ -137,7 +200,6 @@ func newVMSSHCommand() *cli.Command {
 			}
 
 			if localKey != "" {
-				// Check if key is already present.
 				alreadyPresent := false
 				for _, k := range originalKeys {
 					if strings.TrimSpace(k) == localKey {
@@ -149,10 +211,9 @@ func newVMSSHCommand() *cli.Command {
 				if !alreadyPresent {
 					updatedKeys := append(originalKeys, localKey) //nolint:gocritic
 					if err := client.UpdateVMDeployment(id, updatedKeys, firewallRules); err != nil {
-						pterm.Warning.Println("Could not add your SSH key to the VM — you may need to add it manually.")
+						pterm.Warning.Printf("Could not add your SSH key to the VM: %v\n", err)
 					} else {
 						pterm.Info.Println("Your SSH public key has been added to the VM.")
-						// Restore original keys on exit.
 						defer func() {
 							if err := client.UpdateVMDeployment(id, originalKeys, firewallRules); err != nil {
 								pterm.Warning.Printf("Could not remove your SSH key from VM %q: %v\n", id, err)
@@ -165,7 +226,13 @@ func newVMSSHCommand() *cli.Command {
 			}
 
 			target := user + "@" + vm.Extra.IPAddress
-			cmd := exec.CommandContext(context.Background(), "ssh", "-o", "StrictHostKeyChecking=accept-new", target) //nolint:gosec // target is user@<api-provided-ip>, intentional subprocess
+			sshArgs := []string{"-o", "StrictHostKeyChecking=accept-new"}
+			if privateKeyPath != "" {
+				sshArgs = append(sshArgs, "-i", privateKeyPath)
+			}
+			sshArgs = append(sshArgs, target)
+
+			cmd := exec.CommandContext(context.Background(), "ssh", sshArgs...) //nolint:gosec
 			cmd.Stdin = os.Stdin
 			cmd.Stdout = os.Stdout
 			cmd.Stderr = os.Stderr

go.mod

@@ -36,7 +36,8 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
-	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/crypto v0.49.0 // indirect
+	golang.org/x/net v0.51.0 // indirect
 	golang.org/x/sys v0.42.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/text v0.35.0 // indirect
 )

go.sum

@@ -105,6 +105,8 @@ github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBi
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
+golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
 golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561 h1:MDc5xs78ZrZr3HMQugiXOAkSZtfTpbJLDr/lwfgO53E=
 golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -115,6 +117,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
 golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
+golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -147,6 +151,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
 golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
+golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
 golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
 golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=