contradict/cdist
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Cleanup ssh authorized keys types

Browse source 
Optimize file creations, deletions and writes.

Resolve #829.
This commit is contained in:
Darko Poljak 2021-03-17 22:32:26 +01:00
parent 17a9a86588
commit e1c5263c37
1 changed files with 45 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
cdist/conf/type/__ssh_authorized_keys/gencode-remote
View file

@ -24,9 +24,6 @@ state="$(cat "$__object/parameter/state" 2>/dev/null)"
file="$(cat "$__object/explorer/file")" file="$(cat "$__object/explorer/file")"
keys_file="$__object/explorer/keys" keys_file="$__object/explorer/keys"
temp_file="${file}.tmp"
work_file="${temp_file}.work"
_type_and_key() { _type_and_key() {
echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }' echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
} }
@ -50,8 +47,18 @@ _gen_key_entry() {
printf '\n' printf '\n'
} }
cat << DONE cat << DONE
cp -f "${file}" "${temp_file}" new_keys=\$(mktemp ${file}.cdist.XXXXXXXXXX)
patterns=\$(mktemp ${file}.cdist.XXXXXXXXXX)
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file
if [ -f "${file}" ]
then
cp -p "${file}" "\${tmpfile}"
fi
DONE DONE
while read -r key; do while read -r key; do
@ -67,7 +74,7 @@ while read -r key; do
# remove conflicting entries # remove conflicting entries
cat << DONE cat << DONE
grep -v "${type_and_key}\\([ \\n].*\\)*\$" "${temp_file}" > "${work_file}" || true echo '${type_and_key}\\([ \\\\n].*\\)*\$' >> "\${patterns}"
DONE DONE
entry="$(_gen_key_entry "${key}")" entry="$(_gen_key_entry "${key}")"
@ -77,15 +84,13 @@ DONE
# escape single quotes # escape single quotes
_line_sanitised=$(echo "${entry}" | sed -e "s/'/'\"'\"'/g") _line_sanitised=$(echo "${entry}" | sed -e "s/'/'\"'\"'/g")
cat << DONE cat << DONE
printf "%s\\n" "${_line_sanitised}" >> "${work_file}" printf "%s\\n" "${_line_sanitised}" >> "\${new_keys}"
mv -f "${work_file}" "${temp_file}"
DONE DONE
echo "added to ${file} (${entry})" >> "$__messages_out" echo "added to ${file} (${entry})" >> "$__messages_out"
;; ;;
absent) absent)
cat << DONE cat << DONE
grep -v "${entry}" "${work_file}" > "${temp_file}" || true echo "${entry}" >> "\${patterns}"
rm -f "${work_file}"
DONE DONE
echo "removed from ${file} (${entry})" >> "$__messages_out" echo "removed from ${file} (${entry})" >> "$__messages_out"
;; ;;
@ -94,8 +99,19 @@ done < "$__object/parameter/key"
set -- set --
cat << DONE cat << DONE
set -- if [ -s "\${patterns}" ] && [ -f "${file}" ]
then
grep -v -f "\${patterns}" "${file}" > "\${tmpfile}" || true
fi
if [ -s "\${new_keys}" ]
then
cat "\${new_keys}" >> "\${tmpfile}"
fi
rm -f "\${patterns}"
rm -f "\${new_keys}"
DONE DONE
if [ -f "$__object/parameter/remove-unknown" ] && [ -s "${keys_file}" ] if [ -f "$__object/parameter/remove-unknown" ] && [ -s "${keys_file}" ]
then then
while read -r key while read -r key
@ -107,23 +123,29 @@ then
continue continue
fi fi
# build grep -e patterns # build grep patterns
set -- "\$@" "-e" "${key}"
cat << DONE cat << DONE
set -- "\$@" "-e" "${key}" echo "${key}" >> "\${patterns}"
DONE DONE
done < "${keys_file}" done < "${keys_file}"
fi
# if no pattern then nothing to remove cat << DONE
if [ $# -gt 0 ] if [ -s "\${patterns}" ] && [ -f "${file}" ]
then then
cat << DONE newfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
grep -v -F -x "\$@" "${temp_file}" > "${work_file}" || true # preserve ownership and permissions of existing file
mv -f "${work_file}" "${temp_file}" if [ -f "${file}" ]; then
DONE cp -p "${file}" "\${newfile}"
fi
fi fi
cat << DONE grep -v -F -x -f "\${patterns}" "\${tmpfile}" > "\${newfile}" || true
mv -f "${temp_file}" "${file}" mv -f "\${newfile}" "${file}"
rm -f "\${tmpfile}"
else
mv -f "\${tmpfile}" "${file}"
fi
rm -f "\${patterns}"
rm -f "\${new_keys}"
DONE DONE