forked from ungleich-public/cdist
Cleanup ssh authorized keys types
Optimize file creations, deletions and writes. Resolve #829.
This commit is contained in:
Darko Poljak
parent
17a9a86588
commit
e1c5263c37
1 changed files with 45 additions and 23 deletions
|
|
@ -24,9 +24,6 @@ state="$(cat "$__object/parameter/state" 2>/dev/null)"
|
|||
file="$(cat "$__object/explorer/file")"
|
||||
keys_file="$__object/explorer/keys"
|
||||
|
||||
temp_file="${file}.tmp"
|
||||
work_file="${temp_file}.work"
|
||||
|
||||
_type_and_key() {
|
||||
echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
|
||||
}
|
||||
|
|
@ -50,8 +47,18 @@ _gen_key_entry() {
|
|||
printf '\n'
|
||||
}
|
||||
|
||||
|
||||
cat << DONE
|
||||
cp -f "${file}" "${temp_file}"
|
||||
new_keys=\$(mktemp ${file}.cdist.XXXXXXXXXX)
|
||||
patterns=\$(mktemp ${file}.cdist.XXXXXXXXXX)
|
||||
|
||||
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
|
||||
|
||||
# preserve ownership and permissions of existing file
|
||||
if [ -f "${file}" ]
|
||||
then
|
||||
cp -p "${file}" "\${tmpfile}"
|
||||
fi
|
||||
DONE
|
||||
|
||||
while read -r key; do
|
||||
|
|
@ -67,7 +74,7 @@ while read -r key; do
|
|||
|
||||
# remove conflicting entries
|
||||
cat << DONE
|
||||
grep -v "${type_and_key}\\([ \\n].*\\)*\$" "${temp_file}" > "${work_file}" || true
|
||||
echo '${type_and_key}\\([ \\\\n].*\\)*\$' >> "\${patterns}"
|
||||
DONE
|
||||
|
||||
entry="$(_gen_key_entry "${key}")"
|
||||
|
|
@ -77,15 +84,13 @@ DONE
|
|||
# escape single quotes
|
||||
_line_sanitised=$(echo "${entry}" | sed -e "s/'/'\"'\"'/g")
|
||||
cat << DONE
|
||||
printf "%s\\n" "${_line_sanitised}" >> "${work_file}"
|
||||
mv -f "${work_file}" "${temp_file}"
|
||||
printf "%s\\n" "${_line_sanitised}" >> "\${new_keys}"
|
||||
DONE
|
||||
echo "added to ${file} (${entry})" >> "$__messages_out"
|
||||
;;
|
||||
absent)
|
||||
cat << DONE
|
||||
grep -v "${entry}" "${work_file}" > "${temp_file}" || true
|
||||
rm -f "${work_file}"
|
||||
echo "${entry}" >> "\${patterns}"
|
||||
DONE
|
||||
echo "removed from ${file} (${entry})" >> "$__messages_out"
|
||||
;;
|
||||
|
|
@ -94,8 +99,19 @@ done < "$__object/parameter/key"
|
|||
|
||||
set --
|
||||
cat << DONE
|
||||
set --
|
||||
if [ -s "\${patterns}" ] && [ -f "${file}" ]
|
||||
then
|
||||
grep -v -f "\${patterns}" "${file}" > "\${tmpfile}" || true
|
||||
fi
|
||||
if [ -s "\${new_keys}" ]
|
||||
then
|
||||
cat "\${new_keys}" >> "\${tmpfile}"
|
||||
fi
|
||||
|
||||
rm -f "\${patterns}"
|
||||
rm -f "\${new_keys}"
|
||||
DONE
|
||||
|
||||
if [ -f "$__object/parameter/remove-unknown" ] && [ -s "${keys_file}" ]
|
||||
then
|
||||
while read -r key
|
||||
|
|
@ -107,23 +123,29 @@ then
|
|||
continue
|
||||
fi
|
||||
|
||||
# build grep -e patterns
|
||||
set -- "\$@" "-e" "${key}"
|
||||
# build grep patterns
|
||||
cat << DONE
|
||||
set -- "\$@" "-e" "${key}"
|
||||
echo "${key}" >> "\${patterns}"
|
||||
DONE
|
||||
done < "${keys_file}"
|
||||
fi
|
||||
|
||||
# if no pattern then nothing to remove
|
||||
if [ $# -gt 0 ]
|
||||
cat << DONE
|
||||
if [ -s "\${patterns}" ] && [ -f "${file}" ]
|
||||
then
|
||||
cat << DONE
|
||||
grep -v -F -x "\$@" "${temp_file}" > "${work_file}" || true
|
||||
mv -f "${work_file}" "${temp_file}"
|
||||
DONE
|
||||
fi
|
||||
newfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
|
||||
# preserve ownership and permissions of existing file
|
||||
if [ -f "${file}" ]; then
|
||||
cp -p "${file}" "\${newfile}"
|
||||
fi
|
||||
|
||||
cat << DONE
|
||||
mv -f "${temp_file}" "${file}"
|
||||
grep -v -F -x -f "\${patterns}" "\${tmpfile}" > "\${newfile}" || true
|
||||
mv -f "\${newfile}" "${file}"
|
||||
rm -f "\${tmpfile}"
|
||||
else
|
||||
mv -f "\${tmpfile}" "${file}"
|
||||
fi
|
||||
|
||||
rm -f "\${patterns}"
|
||||
rm -f "\${new_keys}"
|
||||
DONE
|
||||
|
|
|
|||
Loading…
Reference in a new issue