new type to manage a single ssh authorized_key entry

Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>

cdist/conf/type/__ssh_authorized_key/explorer/entry

@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# extract the keytype and base64 encoded key ignoring any options and comment
+type_and_key="$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
+file="$(cat $__object/parameter/file)"
+
+# get any entries that match the type and key
+grep ".*$type_and_key[ \n]" "$file" || true

cdist/conf/type/__ssh_authorized_key/man.text

@@ -0,0 +1,67 @@
+cdist-type__ssh_authorized_key(7)
+=================================
+Steven Armstrong <steven-cdist--@--armstrong.cc>
+
+
+NAME
+----
+cdist-type__ssh_authorized_key - manage a single ssh authorized key entry
+
+
+DESCRIPTION
+-----------
+Manage a single authorized key entry in an authorized_key file.
+This type was created to be used by the __ssh_authorized_keys type.
+
+
+REQUIRED PARAMETERS
+-------------------
+file::
+   the authorized_keys file to which the given key should be added
+
+key::
+   a string containing the ssh keytype, base 64 encoded key and optional
+   trailing comment which shall be added to the given authorized_keys file.
+
+
+OPTIONAL PARAMETERS
+-------------------
+comment::
+   explicit comment instead of the one which may be trailing the given key
+
+option::
+   an option to set for this authorized_key entry.
+   Can be specified multiple times.
+   See sshd(8) for available options.
+
+state::
+   if the given keys should be 'present' or 'absent', defaults to 'present'.
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+__ssh_authorized_key some-id \
+   --file "/home/user/.ssh/autorized_keys" \
+   --key "$(cat ~/.ssh/id_rsa.pub)"
+
+__ssh_authorized_key some-id \
+   --file "/home/user/.ssh/autorized_keys" \
+   --key "$(cat ~/.ssh/id_rsa.pub)" \
+   --option 'command="/path/to/script"' \
+   --option 'environment="FOO=bar"' \
+   --comment 'one to rule them all'
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist__ssh_authorized_keys(7)
+- sshd(8)
+
+COPYING
+-------
+Copyright \(C) 2014 Steven Armstrong. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).

cdist/conf/type/__ssh_authorized_key/manifest

@@ -0,0 +1,75 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+file="$(cat "$__object/parameter/file")"
+state="$(cat "$__object/parameter/state")"
+mkdir "$__object/files"
+
+_cksum() {
+   echo "$1" | cksum | cut -d' ' -f 1
+}
+
+_do_line() {
+   file="$1"
+   line="$2"
+   state="$3"
+   line_id="$(_cksum "$file")-$(_cksum "$line")"
+
+   set -- "$line_id"
+   set -- "$@" --file "$file"
+   set -- "$@" --line "$line"
+   set -- "$@" --state "$state"
+   # Ensure __line does not read stdin
+   __line "$@" < /dev/null
+}
+
+# Generate the entry as it should be
+(
+   if [ -f "$__object/parameter/option" ]; then
+      options="$(cat "$__object/parameter/option" | tr '\n' ',')"
+      printf '%s ' "${options%*,}"
+   fi
+   if [ -f "$__object/parameter/comment" ]; then
+      # extract the keytype and base64 encoded key ignoring any options and comment
+      printf '%s ' "$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
+      # override the comment with the one explicitly given
+      printf '%s' "$(cat "$__object/parameter/comment")"
+   else
+      printf '%s' "$(cat "$__object/parameter/key")"
+   fi
+) > "$__object/files/should"
+
+# Check for existing and conflicting entries and remove them
+if [ -s "$__object/explorer/entry" ]; then
+   # We have existing entries for this key.
+   # Check if any of them are in conflict to how the entry should be.
+   # Note that the file has to be sorted for comparison with `comm`.
+   sort "$__object/explorer/entry" > "$__object/files/is"
+   comm -13 "$__object/files/should" "$__object/files/is" | {
+      # Remove conflicting entries
+      while read entry; do
+         _do_line "$file" "$entry" absent
+      done
+   }
+fi
+
+# Manage the actual entry as it should be
+entry="$(cat "$__object/files/should")"
+_do_line "$file" "$entry" "$state"

cdist/conf/type/__ssh_authorized_key/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__ssh_authorized_key/parameter/optional

@@ -0,0 +1,2 @@
+comment
+state

cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple

@@ -0,0 +1 @@
+option

cdist/conf/type/__ssh_authorized_key/parameter/required

@@ -0,0 +1,2 @@
+file
+key