nocloud: handle dict-of-strings public-keys format

[mattia-eleuteri]

Summary

NoCloudConfigDriveService.get_public_keys() assumed public-keys in the metadata was either a list or an OpenStack-style dict of {<name>: {'openssh-key': <key>}}, and called .get('openssh-key') on each value. KubeVirt's accessCredentials.sshPublicKey.propagationMethod.noCloud serialises the keys as map[string]string, producing {'key0': '<ssh-rsa …>', 'key1': '<ssh-rsa …>'} — a dict whose values are plain SSH key strings. With that input the plugin crashed:

ERROR cloudbaseinit.init [-] plugin 'SetUserSSHPublicKeysPlugin' failed with error
    "'str' object has no attribute 'get'"
  File ".../nocloudservice.py", line 698, in get_public_keys
    public_keys = service.get_public_keys()

SetUserSSHPublicKeysPlugin aborted and no key was ever written to either C:\Users\<user>\.ssh\authorized_keys or C:\ProgramData\ssh\administrators_authorized_keys, so SSH key authentication never worked.

This PR accepts both shapes: if a dict value is a string, it is treated as the SSH key directly; otherwise the previous OpenStack-style extraction (v.get('openssh-key')) is kept.

How to reproduce

• Windows Server 2022 / 2025 image with cloudbase-init 1.1.8 deployed on KubeVirt ≥ 1.0 via NoCloud cidata.
• KubeVirt VMI spec includes accessCredentials.sshPublicKey with source.secret and propagationMethod.noCloud: {}.
• KubeVirt source for the format: pkg/cloud-init/cloud-init.go, type NoCloudMetadata struct { … PublicSSHKeys map[string]string \json:"public-keys,omitempty"` }`.

Test plan

• New unit test test_get_public_keys_dict_of_strings mirroring the existing test_get_public_keys / test_get_public_keys_alt_fmt pattern.
• Existing tests still pass:

  python -m unittest \
    cloudbaseinit.tests.metadata.services.test_nocloudservice.TestNoCloudConfigDriveService.test_get_public_keys \
    cloudbaseinit.tests.metadata.services.test_nocloudservice.TestNoCloudConfigDriveService.test_get_public_keys_alt_fmt \
    cloudbaseinit.tests.metadata.services.test_nocloudservice.TestNoCloudConfigDriveService.test_get_public_keys_dict_of_strings
  # → Ran 3 tests in 0.002s, OK
  

• DCO sign-off on the commit.

Related

• Existing commit 14900bc added the list shape in 2023; the third dict-of-strings shape (used by KubeVirt) was still missing.
• Open upstream issues touching the same area: Windows server 2022 failed to execute SetUserSSHPublicKeysPlugin #128 (Windows 2022 SetUserSSHPublicKeysPlugin failure), authorized_keys not created on Win Server 2022 #85 (authorized_keys not created on Win 2022).

[ader1990]

Hello, thank you for the fix. Can you please confirm that this code is your own contribution and not AI created? If AI assisted, please state in the commit message that you abide by the current DCO terms: https://github.com/cloudbase/cloudbase-init/blob/master/DCO#L16 and that your contribution is yours.

Also, if you can remove the AI bloat from the commit message and keep it as short as possible with real links pointing to the actual KubeVirt documentation or KubeVirt implementation.

[ader1990]

unit tests should not have the same copy-pasted AI information as the initial implementation.

[mattia-eleuteri]

Removed the comment; the test now keeps only the fixture and the assertion.

[ader1990]

Hello, thanks for the fix. the code was complicated to read as it were, now it is even more complicated to read. Can you please update the code with logical sequential steps?

[mattia-eleuteri]

Refactored to a sequential for loop with explicit if/else. Let me know if it reads better.

[mattia-eleuteri]

AI-assisted, disclosure added to the commit message per the DCO clause you linked. Commit body trimmed; KubeVirt source now linked at the type definition (pkg/cloud-init/cloud-init.go#L84) and the assignment in readCloudInitNoCloudMetaData (#L402-L408). Force-pushed fe5a68e.