Cleanup ssh authorized keys types

Optimize file creations, deletions and writes.

Resolve #829.
This commit is contained in:
Darko Poljak 2021-03-17 22:32:26 +01:00
parent 17a9a86588
commit e1c5263c37
1 changed files with 45 additions and 23 deletions

View File

@ -24,9 +24,6 @@ state="$(cat "$__object/parameter/state" 2>/dev/null)"
file="$(cat "$__object/explorer/file")"
keys_file="$__object/explorer/keys"
temp_file="${file}.tmp"
work_file="${temp_file}.work"
_type_and_key() {
echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
}
@ -50,8 +47,18 @@ _gen_key_entry() {
printf '\n'
}
cat << DONE
cp -f "${file}" "${temp_file}"
new_keys=\$(mktemp ${file}.cdist.XXXXXXXXXX)
patterns=\$(mktemp ${file}.cdist.XXXXXXXXXX)
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file
if [ -f "${file}" ]
then
cp -p "${file}" "\${tmpfile}"
fi
DONE
while read -r key; do
@ -67,7 +74,7 @@ while read -r key; do
# remove conflicting entries
cat << DONE
grep -v "${type_and_key}\\([ \\n].*\\)*\$" "${temp_file}" > "${work_file}" || true
echo '${type_and_key}\\([ \\\\n].*\\)*\$' >> "\${patterns}"
DONE
entry="$(_gen_key_entry "${key}")"
@ -77,15 +84,13 @@ DONE
# escape single quotes
_line_sanitised=$(echo "${entry}" | sed -e "s/'/'\"'\"'/g")
cat << DONE
printf "%s\\n" "${_line_sanitised}" >> "${work_file}"
mv -f "${work_file}" "${temp_file}"
printf "%s\\n" "${_line_sanitised}" >> "\${new_keys}"
DONE
echo "added to ${file} (${entry})" >> "$__messages_out"
;;
absent)
cat << DONE
grep -v "${entry}" "${work_file}" > "${temp_file}" || true
rm -f "${work_file}"
echo "${entry}" >> "\${patterns}"
DONE
echo "removed from ${file} (${entry})" >> "$__messages_out"
;;
@ -94,8 +99,19 @@ done < "$__object/parameter/key"
set --
cat << DONE
set --
if [ -s "\${patterns}" ] && [ -f "${file}" ]
then
grep -v -f "\${patterns}" "${file}" > "\${tmpfile}" || true
fi
if [ -s "\${new_keys}" ]
then
cat "\${new_keys}" >> "\${tmpfile}"
fi
rm -f "\${patterns}"
rm -f "\${new_keys}"
DONE
if [ -f "$__object/parameter/remove-unknown" ] && [ -s "${keys_file}" ]
then
while read -r key
@ -107,23 +123,29 @@ then
continue
fi
# build grep -e patterns
set -- "\$@" "-e" "${key}"
# build grep patterns
cat << DONE
set -- "\$@" "-e" "${key}"
echo "${key}" >> "\${patterns}"
DONE
done < "${keys_file}"
# if no pattern then nothing to remove
if [ $# -gt 0 ]
then
cat << DONE
grep -v -F -x "\$@" "${temp_file}" > "${work_file}" || true
mv -f "${work_file}" "${temp_file}"
DONE
fi
fi
cat << DONE
mv -f "${temp_file}" "${file}"
if [ -s "\${patterns}" ] && [ -f "${file}" ]
then
newfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file
if [ -f "${file}" ]; then
cp -p "${file}" "\${newfile}"
fi
grep -v -F -x -f "\${patterns}" "\${tmpfile}" > "\${newfile}" || true
mv -f "\${newfile}" "${file}"
rm -f "\${tmpfile}"
else
mv -f "\${tmpfile}" "${file}"
fi
rm -f "\${patterns}"
rm -f "\${new_keys}"
DONE