forked from ungleich-public/cdist
		
	use __block type to manage keys
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
This commit is contained in:
		
					parent
					
						
							
								095c5335c6
							
						
					
				
			
			
				commit
				
					
						3b072a7abb
					
				
			
		
					 3 changed files with 10 additions and 142 deletions
				
			
		|  | @ -1,45 +0,0 @@ | ||||||
| #!/bin/sh |  | ||||||
| # |  | ||||||
| # 2012 Steven Armstrong (steven-cdist at armstrong.cc) |  | ||||||
| # |  | ||||||
| # This file is part of cdist. |  | ||||||
| # |  | ||||||
| # cdist is free software: you can redistribute it and/or modify |  | ||||||
| # it under the terms of the GNU General Public License as published by |  | ||||||
| # the Free Software Foundation, either version 3 of the License, or |  | ||||||
| # (at your option) any later version. |  | ||||||
| # |  | ||||||
| # cdist is distributed in the hope that it will be useful, |  | ||||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |  | ||||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the |  | ||||||
| # GNU General Public License for more details. |  | ||||||
| # |  | ||||||
| # You should have received a copy of the GNU General Public License |  | ||||||
| # along with cdist. If not, see <http://www.gnu.org/licenses/>. |  | ||||||
| # |  | ||||||
| 
 |  | ||||||
| owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" |  | ||||||
| if [ -f "$__object/parameter/file" ]; then |  | ||||||
|    file="$(cat "$__object/parameter/file")" |  | ||||||
| else |  | ||||||
|    home="$("$__type_explorer/passwd" | cut -d':' -f 6)" |  | ||||||
|    file="$home/.ssh/authorized_keys" |  | ||||||
| fi |  | ||||||
| 
 |  | ||||||
| # no authorized_keys file, nothing we could do |  | ||||||
| [ -f "$file" ] || exit 0 |  | ||||||
| 
 |  | ||||||
| # NOTE: keep variables in sync in manifest/explorer/gencode-* |  | ||||||
| prefix="#cdist:$__object_name" |  | ||||||
| suffix="#/cdist:$__object_name" |  | ||||||
| awk -v prefix="$prefix" -v suffix="$suffix" '{ |  | ||||||
|    if (index($0,prefix)) { |  | ||||||
|       triggered=1 |  | ||||||
|    } |  | ||||||
|    if (triggered) { |  | ||||||
|       if (index($0,suffix)) { |  | ||||||
|             triggered=0 |  | ||||||
|       } |  | ||||||
|       print |  | ||||||
|    } |  | ||||||
| }' "$file" |  | ||||||
|  | @ -1,84 +0,0 @@ | ||||||
| #!/bin/sh |  | ||||||
| # |  | ||||||
| # 2012-2013 Steven Armstrong (steven-cdist at armstrong.cc) |  | ||||||
| # |  | ||||||
| # This file is part of cdist. |  | ||||||
| # |  | ||||||
| # cdist is free software: you can redistribute it and/or modify |  | ||||||
| # it under the terms of the GNU General Public License as published by |  | ||||||
| # the Free Software Foundation, either version 3 of the License, or |  | ||||||
| # (at your option) any later version. |  | ||||||
| # |  | ||||||
| # cdist is distributed in the hope that it will be useful, |  | ||||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |  | ||||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the |  | ||||||
| # GNU General Public License for more details. |  | ||||||
| # |  | ||||||
| # You should have received a copy of the GNU General Public License |  | ||||||
| # along with cdist. If not, see <http://www.gnu.org/licenses/>. |  | ||||||
| # |  | ||||||
| 
 |  | ||||||
| owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" |  | ||||||
| if [ -f "$__object/parameter/file" ]; then |  | ||||||
|    file="$(cat "$__object/parameter/file")" |  | ||||||
| else |  | ||||||
|    home="$(cut -d':' -f 6 "$__object/explorer/passwd")" |  | ||||||
|    file="$home/.ssh/authorized_keys" |  | ||||||
| fi |  | ||||||
| 
 |  | ||||||
| entry="$__object/files/entry" |  | ||||||
| if [ ! -s "$__object/explorer/entry" ]; then |  | ||||||
|    state_is='absent' |  | ||||||
| else |  | ||||||
|    state_is=$(diff -q "$entry" "$__object/explorer/entry" >/dev/null \ |  | ||||||
|       && echo present \ |  | ||||||
|       || echo changed |  | ||||||
|    ) |  | ||||||
| fi |  | ||||||
| 
 |  | ||||||
| state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo present)" |  | ||||||
| if [ "$state_should" = "$state_is" ]; then |  | ||||||
|    # Nothing to do, move along |  | ||||||
|    exit 0 |  | ||||||
| fi |  | ||||||
| 
 |  | ||||||
| remove_entry() { |  | ||||||
|    # NOTE: keep variables in sync in manifest/explorer/gencode-* |  | ||||||
|    prefix="#cdist:$__object_name" |  | ||||||
|    suffix="#/cdist:$__object_name" |  | ||||||
|    cat << DONE |  | ||||||
| tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) |  | ||||||
| # preserve ownership and permissions by copying existing file over tmpfile |  | ||||||
| cp -p "$file" "\$tmpfile" |  | ||||||
| awk -v prefix="$prefix" -v suffix="$suffix" ' |  | ||||||
| { |  | ||||||
|    if (index(\$0,prefix)) { |  | ||||||
|       triggered=1 |  | ||||||
|    } |  | ||||||
|    if (triggered) { |  | ||||||
|       if (index(\$0,suffix)) { |  | ||||||
|          triggered=0 |  | ||||||
|       } |  | ||||||
|    } else { |  | ||||||
|       print |  | ||||||
|    } |  | ||||||
| }' "$file" > "\$tmpfile" |  | ||||||
| mv -f "\$tmpfile" "$file" |  | ||||||
| DONE |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| case "$state_should" in |  | ||||||
|    present) |  | ||||||
|       if [ "$state_is" = "changed" ]; then |  | ||||||
|          remove_entry |  | ||||||
|       fi |  | ||||||
|       cat << DONE |  | ||||||
| cat >> "$file" << ${__type##*/}_DONE |  | ||||||
| $(cat "$entry") |  | ||||||
| ${__type##*/}_DONE |  | ||||||
| DONE |  | ||||||
|    ;; |  | ||||||
|    absent) |  | ||||||
|       remove_entry |  | ||||||
|    ;; |  | ||||||
| esac |  | ||||||
|  | @ -56,19 +56,16 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; | ||||||
|    fi |    fi | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| # NOTE: keep variables in sync in manifest/explorer/gencode-* |  | ||||||
| prefix="#cdist:$__object_name" |  | ||||||
| suffix="#/cdist:$__object_name" |  | ||||||
| 
 |  | ||||||
| mkdir "$__object/files" |  | ||||||
| 
 |  | ||||||
| # Generate entry for inclusion in authorized_keys file | # Generate entry for inclusion in authorized_keys file | ||||||
| entry="$__object/files/entry" | ( | ||||||
| echo "$prefix" > "$entry" |  | ||||||
| if [ -f "$__object/parameter/comment" ]; then | if [ -f "$__object/parameter/comment" ]; then | ||||||
|    echo "# $(cat "$__object/parameter/comment")" >> "$entry" |    echo "# $(cat "$__object/parameter/comment")" | ||||||
| fi | fi | ||||||
| cat "$__object/parameter/key" >> "$entry" | cat "$__object/parameter/key" | ||||||
| # ensure we have a newline after keys | ) | \ | ||||||
| echo >> "$entry" | __block "$__object_name" \ | ||||||
| echo "$suffix" >> "$entry" |    --file "$file" \ | ||||||
|  |    --prefix "#cdist:$__object_name" \ | ||||||
|  |    --suffix "#/cdist:$__object_name" \ | ||||||
|  |    --state "$state" \ | ||||||
|  |    --text - | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue