From 8c5c949b37d3af4439c713e6c6e57e8f4b0415ac Mon Sep 17 00:00:00 2001 From: Francois Deppierraz Date: Fri, 27 Jun 2008 09:32:12 +0200 Subject: ssh_authorized_key: autorequire, default permissions and cleanup Autorequire the target file and its parent directory as well. Default permissions and owner are now set on the file and its parent directory. Moved target attribute setting code from prefetch() in the provider to the type itself. This seems much cleaner to me. --- lib/puppet/provider/ssh_authorized_key/parsed.rb | 16 --------- lib/puppet/type/ssh_authorized_key.rb | 36 +++++++++++++++++++ spec/unit/type/ssh_authorized_key.rb | 46 ++++++++++++++++++++---- 3 files changed, 76 insertions(+), 22 deletions(-) diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb index 7cb6626de..351ebcd1b 100644 --- a/lib/puppet/provider/ssh_authorized_key/parsed.rb +++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb @@ -29,21 +29,5 @@ Puppet::Type.type(:ssh_authorized_key).provide(:parsed, record[:options] = record[:options].join(',') end } - - def prefetch - if not @resource.should(:target) - # - # Set default target when user is given - if val = @resource.should(:user) - target = File.expand_path("~%s/.ssh/authorized_keys" % val) - Puppet::debug("Setting target to %s" % target) - @resource[:target] = target - else - raise Puppet::Error, "Missing attribute 'user' or 'target'" - end - end - - super - end end diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index e28fb7cda..650ebd879 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -27,6 +27,11 @@ module Puppet newproperty(:user) do desc "The user account in which the ssh key should be installed." + + def value=(value) + @resource[:target] = File.expand_path("~%s/.ssh/authorized_keys" % value) + super + end end newproperty(:target) do @@ -39,6 +44,37 @@ module Puppet defaultto do :absent end end + + autorequire(:file) do + atype = Puppet::Type.type(:file) + target = self.should(:target) + dir = File.dirname(target) + user = should(:user) ? should(:user) : "root" + + rels = [] + + unless atype[dir] + rels << atype.create(:name => dir, :ensure => :directory, :mode => 0700, :owner => user) + end + + unless atype[target] + rels << atype.create(:name => target, :ensure => :present, :mode => 0600, :owner => user) + end + + rels + end + + autorequire(:user) do + if should(:user) + should(:user) + end + end + + validate do + unless should(:target) + raise Puppet::Error, "Attribute 'user' or 'target' is mandatory" + end + end end end diff --git a/spec/unit/type/ssh_authorized_key.rb b/spec/unit/type/ssh_authorized_key.rb index 0e869747d..581420698 100755 --- a/spec/unit/type/ssh_authorized_key.rb +++ b/spec/unit/type/ssh_authorized_key.rb @@ -33,27 +33,27 @@ describe ssh_authorized_key do end it "should support :present as a value for :ensure" do - proc { @class.create(:name => "whev", :ensure => :present) }.should_not raise_error + proc { @class.create(:name => "whev", :ensure => :present, :user => "nobody") }.should_not raise_error end it "should support :absent as a value for :ensure" do - proc { @class.create(:name => "whev", :ensure => :absent) }.should_not raise_error + proc { @class.create(:name => "whev", :ensure => :absent, :user => "nobody") }.should_not raise_error end it "should have an type property" do @class.attrtype(:type).should == :property end it "should support ssh-dss as an type value" do - proc { @class.create(:name => "whev", :type => "ssh-dss") }.should_not raise_error + proc { @class.create(:name => "whev", :type => "ssh-dss", :user => "nobody") }.should_not raise_error end it "should support ssh-rsa as an type value" do - proc { @class.create(:name => "whev", :type => "ssh-rsa") }.should_not raise_error + proc { @class.create(:name => "whev", :type => "ssh-rsa", :user => "nobody") }.should_not raise_error end it "should support :dsa as an type value" do - proc { @class.create(:name => "whev", :type => :dsa) }.should_not raise_error + proc { @class.create(:name => "whev", :type => :dsa, :user => "nobody") }.should_not raise_error end it "should support :rsa as an type value" do - proc { @class.create(:name => "whev", :type => :rsa) }.should_not raise_error + proc { @class.create(:name => "whev", :type => :rsa, :user => "nobody") }.should_not raise_error end it "should not support values other than ssh-dss, ssh-rsa, dsa, rsa in the ssh_authorized_key_type" do @@ -76,5 +76,39 @@ describe ssh_authorized_key do @class.attrtype(:target).should == :property end + it "should autorequire parent directories when user is given" do + key = @class.create( + :name => "Test", + :key => "AAA", + :type => "ssh-rsa", + :ensure => :present, + :user => "root") + + key.autorequire.should_not == [] + end + + it "should set target when user is given" do + key = @class.create( + :name => "Test", + :key => "AAA", + :type => "ssh-rsa", + :ensure => :present, + :user => "root") + + key.should(:target).should == File.expand_path("~root/.ssh/authorized_keys") + end + + + it "should autorequire parent directories when target is given" do + key = @class.create( + :name => "Test", + :key => "AAA", + :type => "ssh-rsa", + :ensure => :present, + :target => "/tmp/home/foo/bar/.ssh/authorized_keys") + + key.autorequire.should_not == [] + end + after { @class.clear } end -- cgit From 5156230b434adbe6de6606f6bcd8843264b8dab4 Mon Sep 17 00:00:00 2001 From: Francois Deppierraz Date: Wed, 2 Jul 2008 16:18:06 +0200 Subject: Use generate instead of autorequire in the ssh_authorized_key type based on Luke's comments --- lib/puppet/type/ssh_authorized_key.rb | 6 +++--- spec/unit/type/ssh_authorized_key.rb | 27 +++++++++++++++++++-------- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index 650ebd879..a95f316af 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -45,7 +45,7 @@ module Puppet defaultto do :absent end end - autorequire(:file) do + def generate atype = Puppet::Type.type(:file) target = self.should(:target) dir = File.dirname(target) @@ -53,11 +53,11 @@ module Puppet rels = [] - unless atype[dir] + unless catalog.resource(:file, dir) rels << atype.create(:name => dir, :ensure => :directory, :mode => 0700, :owner => user) end - unless atype[target] + unless catalog.resource(:file, target) rels << atype.create(:name => target, :ensure => :present, :mode => 0600, :owner => user) end diff --git a/spec/unit/type/ssh_authorized_key.rb b/spec/unit/type/ssh_authorized_key.rb index 581420698..3c87decf1 100755 --- a/spec/unit/type/ssh_authorized_key.rb +++ b/spec/unit/type/ssh_authorized_key.rb @@ -14,6 +14,7 @@ describe ssh_authorized_key do @provider = stub 'provider', :class => @provider_class, :file_path => "/tmp/whatever", :clear => nil @provider_class.stubs(:new).returns(@provider) + @catalog = Puppet::Node::Catalog.new end it "should have a name parameter" do @@ -77,38 +78,48 @@ describe ssh_authorized_key do end it "should autorequire parent directories when user is given" do - key = @class.create( + @catalog.add_resource @class.create( :name => "Test", :key => "AAA", :type => "ssh-rsa", :ensure => :present, :user => "root") + @catalog.apply - key.autorequire.should_not == [] + target = File.expand_path("~root/.ssh") + @catalog.resource(:file, target).should be_an_instance_of(Puppet::Type.type(:file)) end it "should set target when user is given" do - key = @class.create( + @catalog.add_resource @class.create( :name => "Test", :key => "AAA", :type => "ssh-rsa", :ensure => :present, :user => "root") + @catalog.apply - key.should(:target).should == File.expand_path("~root/.ssh/authorized_keys") + target = File.expand_path("~root/.ssh/authorized_keys") + @catalog.resource(:file, target).should be_an_instance_of(Puppet::Type.type(:file)) end it "should autorequire parent directories when target is given" do - key = @class.create( + target = "/tmp/home/foo/bar/.ssh/authorized_keys" + + @catalog.add_resource @class.create( :name => "Test", :key => "AAA", :type => "ssh-rsa", :ensure => :present, - :target => "/tmp/home/foo/bar/.ssh/authorized_keys") + :target => target) + @catalog.apply - key.autorequire.should_not == [] + @catalog.resource(:file, target).should be_an_instance_of(Puppet::Type.type(:file)) end - after { @class.clear } + after do + @class.clear + @catalog.clear + end end -- cgit