forked from ungleich-public/cdist
Merge branch '__ssh_authorized_keys_remove_unknown' into 'master'
[__ssh_authorized_keys] add --remove-unknown parameter See merge request ungleich-public/cdist!884
This commit is contained in:
commit
b99f1eda0f
4 changed files with 44 additions and 1 deletions
8
cdist/conf/type/__ssh_authorized_keys/explorer/keys
Executable file
8
cdist/conf/type/__ssh_authorized_keys/explorer/keys
Executable file
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
file="$( . "$__type_explorer/file" )"
|
||||
|
||||
if [ -f "$file" ]
|
||||
then
|
||||
cat "$file"
|
||||
fi
|
||||
|
|
@ -60,6 +60,9 @@ nofile
|
|||
Don't manage existence, ownership and permissions of the the authorized_keys
|
||||
file.
|
||||
|
||||
remove-unknown
|
||||
Remove undefined keys.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
@ -70,6 +73,12 @@ EXAMPLES
|
|||
__ssh_authorized_keys root \
|
||||
--key "$(cat ~/.ssh/id_rsa.pub)"
|
||||
|
||||
# same as above, but make sure your key is only key in
|
||||
# root's authorized_keys file
|
||||
__ssh_authorized_keys root \
|
||||
--key "$(cat ~/.ssh/id_rsa.pub)" \
|
||||
--remove-unknown
|
||||
|
||||
# allow key to login as user-name
|
||||
__ssh_authorized_keys user-name \
|
||||
--key "ssh-rsa AXYZAAB3NzaC1yc2..."
|
||||
|
|
|
|||
|
|
@ -55,8 +55,12 @@ _cksum() {
|
|||
echo "$1" | cksum | cut -d' ' -f 1
|
||||
}
|
||||
|
||||
_type_and_key() {
|
||||
echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
|
||||
}
|
||||
|
||||
while read -r key; do
|
||||
type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
|
||||
type_and_key="$( _type_and_key "$key" )"
|
||||
object_id="$(_cksum "$file")-$(_cksum "$type_and_key")"
|
||||
set -- "$object_id"
|
||||
set -- "$@" --file "$file"
|
||||
|
|
@ -72,3 +76,24 @@ while read -r key; do
|
|||
# Ensure __ssh_authorized_key does not read stdin
|
||||
__ssh_authorized_key "$@" < /dev/null
|
||||
done < "$__object/parameter/key"
|
||||
|
||||
if [ -f "$__object/parameter/remove-unknown" ] &&
|
||||
[ -s "$__object/explorer/keys" ]
|
||||
then
|
||||
while read -r key
|
||||
do
|
||||
type_and_key="$( _type_and_key "$key" )"
|
||||
|
||||
if grep -Fq "$type_and_key" "$__object/parameter/key"
|
||||
then
|
||||
continue
|
||||
fi
|
||||
|
||||
__ssh_authorized_key "remove-$( _cksum "$file$key" )" \
|
||||
--file "$file" \
|
||||
--key "$key" \
|
||||
--state absent \
|
||||
< /dev/null
|
||||
done \
|
||||
< "$__object/explorer/keys"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,2 +1,3 @@
|
|||
noparent
|
||||
nofile
|
||||
remove-unknown
|
||||
|
|
|
|||
Loading…
Reference in a new issue