Permalink
Browse files

Add mass authorized keys provisioning, plus helper functions

  • Loading branch information...
1 parent 4a99fb5 commit 621ddeb6108d7322b2910bafba9b609f04b135d2 root committed Nov 11, 2010
View
@@ -19,6 +19,8 @@ tagged, to handle exceptional cases.
* users::account
* users::gidsanity
* users::lookup
+* users::lookupkey
+* users::masskeys
* users::massuseraccount
* users::uidsanity
@@ -100,6 +102,44 @@ CSV file:
username_account,uid,Full Name,hashed password
+### users::lookupkey ###
+
+Add a key to a user's authorized_keys file through extdata lookup. It
+supports arbitrary number of options, and //requires// a comment field,
+which will be prepended with the username to avoid problems with it
+being used as primary key on ssh_authorized_keys when multiple users
+are using the same key.
+
+Options containing quotes should be enclosed in quotes themselves, and
+its own quotes doubled (see example).
+
+Example:
+
+ @users::lookupkey { 'username':
+ ensure => present, # default value
+ }
+
+CSV file:
+
+ username_sshkey,"from=""a.b.c.d""",no-port-forwarding,ssh-dss,key,comment
+
+### users::masskeys ###
+
+Add keys to user's authorized_keys files through extdata lookup. See
+users::lookupkey for more details.
+
+Example:
+
+ @users:masskeys { 'group':
+ ensure => present, # default value
+ }
+
+CSV file:
+
+ group_sshkeys,username
+ username_sshkey,"from=""a.b.c.d""",no-port-forwarding,ssh-dss,key,comment
+
+
### users::massuseraccount ###
Adds users through extdata lookup. The users are added with the extra
@@ -0,0 +1,8 @@
+module Puppet::Parser::Functions
+ newfunction(:array_index, :type => :rvalue) do |args|
+ array = args[0]
+ index = args[1].to_i
+ array[index]
+ end
+end
+
@@ -0,0 +1,7 @@
+module Puppet::Parser::Functions
+ newfunction(:array_length, :type => :rvalue) do |args|
+ array = args[0]
+ array.length
+ end
+end
+
@@ -0,0 +1,9 @@
+module Puppet::Parser::Functions
+ newfunction(:array_slice, :type => :rvalue) do |args|
+ array = args[0]
+ from = args[1].to_i
+ to = args[2].to_i
+ array[from .. to]
+ end
+end
+
@@ -0,0 +1,23 @@
+define users::lookupkey($ensure = present) {
+ # Waiting for fix #5127
+ $data = extlookup("${name}_sshkey")
+ $type = array_index($data, "-3")
+ $key = array_index($data, "-2")
+ $comment = array_index($data, "-1")
+ $rest = array_slice($data, 0, "-4")
+ $options = array_length($rest) ? {
+ 0 => absent,
+ default => $rest,
+ }
+
+ ssh_authorized_key { "${name}_${comment}":
+ ensure => $ensure,
+ key => $key,
+ type => $type,
+ user => $name,
+ options => $options,
+ require => [ User[$name], File["/home/${name}/.ssh"], ],
+ }
+}
+
+# vi:syntax=puppet:filetype=puppet:ts=4:et:
@@ -0,0 +1,7 @@
+define users::masskeys($ensure = present) {
+ $accounts = extlookup("${name}_sshkeys")
+ users::lookupkey { $accounts:
+ ensure => $ensure,
+ }
+}
+

0 comments on commit 621ddeb

Please sign in to comment.