__ssh_authorized_keys: Add --keyfile option

This allows storing keys to add in a file instead of having to hardcode
them in the manifest.
This commit is contained in:
matthijs 2022-08-30 17:15:32 +02:00
parent 90488d2e9e
commit a45f87e015
4 changed files with 29 additions and 4 deletions

View File

@ -27,7 +27,16 @@ key
Must be a string containing the ssh keytype, base 64 encoded key and
optional trailing comment which shall be added to the given
authorized_keys file.
Can be specified multiple times.
Can be specified multiple times. Either --key or --keyfile must be
specified.
keyfile
A file containing one or more SSH keys (one per line, just like the
regular authorized_keys file).
Can be specified multiple times. Either --key or --keyfile must be
specified.
OPTIONAL PARAMETERS

View File

@ -23,6 +23,11 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
state="$(cat "$__object/parameter/state" 2>/dev/null)"
file="$(cat "$__object/explorer/file")"
if [ ! -f "$__object/parameter/key" -a ! -f "$__object/parameter/keyfile" ]; then
echo "At least one of --key or --keyfile must be specified" >&2
exit 1
fi
if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
then
echo "Cannot determine path of authorized_keys file" >&2
@ -59,7 +64,17 @@ _type_and_key() {
echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
}
while read -r key; do
(
if [ -f "$__object/parameter/key" ]; then
cat "$__object/parameter/key"
fi
if [ -f "$__object/parameter/keyfile" ]; then
while read filename; do
cat "$filename"
done < "$__object/parameter/keyfile"
fi
) | while read -r key; do
type_and_key="$( _type_and_key "$key" )"
object_id="$(_cksum "$file")-$(_cksum "$type_and_key")"
set -- "$object_id"
@ -75,7 +90,7 @@ while read -r key; do
fi
# Ensure __ssh_authorized_key does not read stdin
__ssh_authorized_key "$@" < /dev/null
done < "$__object/parameter/key"
done
if [ -f "$__object/parameter/remove-unknown" ] &&
[ -s "$__object/explorer/keys" ]

View File

@ -1 +1,3 @@
option
key
keyfile