Add keychain support

README.md

@@ -393,9 +393,11 @@ this by installing the "libshadow-ruby1.8" package.
 ##### Creating a User Account
 
     user_account 'hsolo' do
-      comment   'Han Solo'
-      ssh_keys  ['3dc348d9af8027df7b9c...', '2154d3734d609eb5c452...']
-      home      '/opt/hoth/hsolo'
+      comment     'Han Solo'
+      ssh_keys    ['3dc348d9af8027df7b9c...', '2154d3734d609eb5c452...']
+      home        '/opt/hoth/hsolo'
+      ssh_keypair 'id_rsa' => "-----BEGIN OPENSSH PRIVATE KEY-----\n...",
+                  'id_rsa.pub' => 'ssh-rsa AAAA....'
     end
 
 ##### Creating and Locking a User Account

providers/account.rb

@@ -43,6 +43,7 @@ def load_current_resource
   authorized_keys_resource  :create
   keygen_resource           :create
   group_resource            :create
+  keypair_resource          :create
 end
 
 action :remove do # ~FC017: LWRP does not notify when updated
@@ -56,27 +57,31 @@ def load_current_resource
   home_dir_resource         :create
   authorized_keys_resource  :create
   keygen_resource           :create
+  keypair_resource          :create
 end
 
 action :manage do # ~FC017: LWRP does not notify when updated
   user_resource             :manage
   home_dir_resource         :create
   authorized_keys_resource  :create
   keygen_resource           :create
+  keypair_resource          :create
 end
 
 action :lock do # ~FC017: LWRP does not notify when updated
   user_resource             :lock
   home_dir_resource         :create
   authorized_keys_resource  :create
   keygen_resource           :create
+  keypair_resource          :create
 end
 
 action :unlock do # ~FC017: LWRP does not notify when updated
   user_resource             :unlock
   home_dir_resource         :create
   authorized_keys_resource  :create
   keygen_resource           :create
+  keypair_resource          :create
 end
 
 private
@@ -235,3 +240,23 @@ def group_resource(exec_action)
       new_resource.updated_by_last_action(true) if r.updated_by_last_action?
   end
 end
+
+def keypair_resource(exec_action)
+  new_resource.ssh_keypair.each do |name, key|
+    # avoid variable scoping issues in resource block
+    key_name, key_content = name, key
+
+    home = Etc.getpwnam(new_resource.username).dir
+    r = file "#{home}/.ssh/#{name}" do
+      content   key_content + "\n"
+      owner     new_resource.username
+      group     Etc.getpwnam(new_resource.username).gid
+      mode      '0600' unless key_name =~ /.pub$/
+      sensitive true
+      action    :nothing
+    end
+
+    r.run_action(exec_action)
+    new_resource.updated_by_last_action(true) if r.updated_by_last_action?
+  end
+end

resources/account.rb

@@ -35,6 +35,7 @@
 attribute :ssh_keys,      :kind_of => [Array,String], :default => []
 attribute :groups,        :kind_of => [Array,String], :default => []
 attribute :ssh_keygen,    :default => nil
+attribute :ssh_keypair,   :kind_of => Hash, :default => {}
 
 def initialize(*args)
   super