Skip to content

create ssh_auth.manage#50141

Merged
cachedout merged 3 commits intosaltstack:developfrom
mchugh19:ssh_auth_manage
Oct 22, 2018
Merged

create ssh_auth.manage#50141
cachedout merged 3 commits intosaltstack:developfrom
mchugh19:ssh_auth_manage

Conversation

@mchugh19
Copy link
Copy Markdown
Contributor

@mchugh19 mchugh19 commented Oct 20, 2018
edited
Loading

What does this PR do?

Replacement for #49776

Creates a new ssh_auth.manage state to be used to both add and remove ssh keys

What issues does this PR fix or reference?

#13340
#18252

Previous Behavior

ssh_auth.present was only able to add keys. Any old keys not managed by salt need to be removed by specifying them in a ssh_auth.absent state.

New Behavior

By using ssh_auth.manage, ssh keys not added by salt will be removed.

state example

all_ssh_keys:
  ssh_auth.manage:
    - user: testuser
    - enc: ssh-dss
    - options:
      - option1="value1"
    - ssh_keys:
      - AQCs0iRPhge71mk8W9VPee5geA38T9I6AzDX8nLZ4JyJtF9Pv/QpthDikBu0oe/vNSaNFrFbfGir1MLm15bw+9aZeAJ6p61UqkXS/yxCFiWOVUwLu59kLk+Zltt9QR2pReMVjABbLkaeSguhUO+N2Sx0t/xc+7DDpDGK7Uj/76YwQAL5C4Jj+K6UKdVyXoaA4ONrFWtFhTyZmCHIY+sFZbosu7M+JsJbzn/36E6Zg8noCvdfEZZMUPR7qMEl1TlHMDJZ8IDvDQMLLR02T7/vnCT59ahuutUGtaGpJT9RrodlJdDMyMwKR8dEhGqs+t3zl7p2yCiURSJf/zosikWFEUVr
      - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSUGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XAt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/EnmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbxNrRFi9wrf+M7Q== schacon@mylaptop.local
      - AAAAB3NzaC1kcQ9J5bYTEyY== other@testdomain

add key result

local:
----------
          ID: all_ssh_keys
    Function: ssh_auth.manage
      Result: True
     Comment: The authorized host key AQCs0iRPhge71mk8W9VPee5geA38T9I6AzDX8nLZ4JyJtF9Pv/QpthDikBu0oe/vNSaNFrFbfGir1MLm15bw+9aZeAJ6p61UqkXS/yxCFiWOVUwLu59kLk+Zltt9QR2pReMVjABbLkaeSguhUO+N2Sx0t/xc+7DDpDGK7Uj/76YwQAL5C4Jj+K6UKdVyXoaA4ONrFWtFhTyZmCHIY+sFZbosu7M+JsJbzn/36E6Zg8noCvdfEZZMUPR7qMEl1TlHMDJZ8IDvDQMLLR02T7/vnCT59ahuutUGtaGpJT9RrodlJdDMyMwKR8dEhGqs+t3zl7p2yCiURSJf/zosikWFEUVr is already present for user testuser
              The authorized host key AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSUGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XAt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/EnmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbxNrRFi9wrf+M7Q== is already present for user testuser
     Started: 04:35:14.598329
    Duration: 8.24 ms
     Changes:
              ----------
              AAAAB3NzaC1kcQ9J5bYTEyY==:
                  New

Summary for local
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:   8.240 ms

remove key result

local:
----------
          ID: all_ssh_keys
    Function: ssh_auth.manage
      Result: True
     Comment: The authorized host key AQCs0iRPhge71mk8W9VPee5geA38T9I6AzDX8nLZ4JyJtF9Pv/QpthDikBu0oe/vNSaNFrFbfGir1MLm15bw+9aZeAJ6p61UqkXS/yxCFiWOVUwLu59kLk+Zltt9QR2pReMVjABbLkaeSguhUO+N2Sx0t/xc+7DDpDGK7Uj/76YwQAL5C4Jj+K6UKdVyXoaA4ONrFWtFhTyZmCHIY+sFZbosu7M+JsJbzn/36E6Zg8noCvdfEZZMUPR7qMEl1TlHMDJZ8IDvDQMLLR02T7/vnCT59ahuutUGtaGpJT9RrodlJdDMyMwKR8dEhGqs+t3zl7p2yCiURSJf/zosikWFEUVr is already present for user testuser
              The authorized host key AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSUGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XAt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/EnmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbxNrRFi9wrf+M7Q== is already present for user testuser
     Started: 04:34:56.420524
    Duration: 8.936 ms
     Changes:
              ----------
              AAAAB3NzaC1kcQ9J5bYTEyY==:
                  Key removed

Summary for local
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:   8.936 ms

add with test

# salt-call --local state.sls ssh_test test=True
local:
----------
          ID: all_ssh_keys
    Function: ssh_auth.manage
      Result: None
     Comment: The authorized host key AQCs0iRPhge71mk8W9VPee5geA38T9I6AzDX8nLZ4JyJtF9Pv/QpthDikBu0oe/vNSaNFrFbfGir1MLm15bw+9aZeAJ6p61UqkXS/yxCFiWOVUwLu59kLk+Zltt9QR2pReMVjABbLkaeSguhUO+N2Sx0t/xc+7DDpDGK7Uj/76YwQAL5C4Jj+K6UKdVyXoaA4ONrFWtFhTyZmCHIY+sFZbosu7M+JsJbzn/36E6Zg8noCvdfEZZMUPR7qMEl1TlHMDJZ8IDvDQMLLR02T7/vnCT59ahuutUGtaGpJT9RrodlJdDMyMwKR8dEhGqs+t3zl7p2yCiURSJf/zosikWFEUVr is already present for user testuser
              The authorized host key AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSUGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XAt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/EnmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbxNrRFi9wrf+M7Q== is already present for user testuser
              Key AAAAB3NzaC1kcQ9J5bYTEyY== for user testuser is set to be added
     Started: 04:35:08.432708
    Duration: 7.18 ms
     Changes:

Summary for local
------------
Succeeded: 1 (unchanged=1)
Failed:    0
------------
Total states run:     1
Total run time:   7.180 ms

Tests written?

No

Commits signed with GPG?

No

@cachedout cachedout merged commit 560a1db into saltstack:develop Oct 22, 2018
@mchugh19 mchugh19 mentioned this pull request Nov 21, 2018
Closed
This was referenced Mar 15, 2019
Closed
Closed
mchugh19 pushed a commit to mchugh19/salt that referenced this pull request Oct 12, 2019
@mchugh19
Merge pull request saltstack#50141 from mchugh19/ssh_auth_manage
8cad34f 
create ssh_auth.manage
@mchugh19 mchugh19 mentioned this pull request Oct 13, 2019
Merged
@waynew waynew added the has master-port port to master has been created label Oct 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cachedout cachedout cachedout approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

has master-port port to master has been created

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mchugh19 @cachedout @waynew