lib/puppet/type/ssh_authorized_key.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

module Puppet
  newtype(:ssh_authorized_key) do
    @doc = "Manages SSH authorized keys. Currently only type 2 keys are
    supported.
    
    **Autorequires:** If Puppet is managing the user account in which this 
    SSH key should be installed, the `ssh_authorized_key` resource will autorequire
    that user."

    ensurable

    newparam(:name) do
      desc "The SSH key comment. This attribute is currently used as a
      system-wide primary key and therefore has to be unique."

      isnamevar
    end

    newproperty(:type) do
      desc "The encryption type used: ssh-dss or ssh-rsa."

      newvalue("ssh-dss")
      newvalue("ssh-rsa")

      aliasvalue(:dsa, "ssh-dss")
      aliasvalue(:rsa, "ssh-rsa")
    end

    newproperty(:key) do
      desc "The key itself; generally a long string of hex digits."
    end

    newproperty(:user) do
      desc "The user account in which the SSH key should be installed.
      The resource will automatically depend on this user."
    end

    newproperty(:target) do
      desc "The absolute filename in which to store the SSH key. This
      property is optional and should only be used in cases where keys
      are stored in a non-standard location (i.e.` not in
      `~user/.ssh/authorized_keys`)."

      defaultto :absent

      def should
        return super if defined?(@should) and @should[0] != :absent

        return nil unless user = resource[:user]

        begin
          return File.expand_path("~#{user}/.ssh/authorized_keys")
        rescue
          Puppet.debug "The required user is not yet present on the system"
          return nil
        end
      end

      def insync?(is)
        is == should
      end
    end

    newproperty(:options, :array_matching => :all) do
      desc "Key options, see sshd(8) for possible values. Multiple values
        should be specified as an array."

      defaultto do :absent end

      def is_to_s(value)
        if value == :absent or value.include?(:absent)
          super
        else
          value.join(",")
        end
      end

      def should_to_s(value)
        if value == :absent or value.include?(:absent)
          super
        else
          value.join(",")
        end
      end
    end

    autorequire(:user) do
      should(:user) if should(:user)
    end

    validate do
      # Go ahead if target attribute is defined
      return if @parameters[:target].shouldorig[0] != :absent

      # Go ahead if user attribute is defined
      return if @parameters.include?(:user)

      # If neither target nor user is defined, this is an error
      raise Puppet::Error, "Attribute 'user' or 'target' is mandatory"
    end
  end
end