valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssh: AuthorizedKeysFile expands defined tokens

Browse Source
This commit is contained in:
Javier Domingo Cansino 2015-05-13 17:43:59 +02:00
parent c061bded54
commit 5cab0ecc95
3 changed files with 68 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
salt/modules/ssh.py
View File

@ -78,6 +78,31 @@ def _format_auth_line(key, enc, comment, options):
return line return line
def _expand_authorized_keys_path(path, user, home):
'''
Expand the AuthorizedKeysFile expression. Defined in man sshd_config(5)
'''
converted_object = []
had_escape = False
for char in path:
if had_escape:
had_escape = False
if char == '%':
converted_object.append('%')
elif char == 'u':
converted_object.append(user)
elif char == 'h':
converted_object.append(home)
else:
raise CommandExecutionError('Unknown token character ' + char)
continue
if char == '%':
had_escape = True
if had_escape:
raise CommandExecutionError("Last character can't be scape character")
return "".join(converted_object)
def _get_config_file(user, config): def _get_config_file(user, config):
''' '''
Get absolute path to a user's ssh_config. Get absolute path to a user's ssh_config.
@ -85,8 +110,10 @@ def _get_config_file(user, config):
uinfo = __salt__['user.info'](user) uinfo = __salt__['user.info'](user)
if not uinfo: if not uinfo:
raise CommandExecutionError('User {0!r} does not exist'.format(user)) raise CommandExecutionError('User {0!r} does not exist'.format(user))
home = uinfo['home']
if not os.path.isabs(config): if not os.path.isabs(config):
config = os.path.join(uinfo['home'], config) config = os.path.join(home, config)
config = _expand_authorized_keys_path(config, user, home)
return config return config

8
salt/states/ssh_auth.py
View File

@ -29,6 +29,7 @@ to use a YAML 'explicit key', as demonstrated in the second example below.
ssh_auth.present: ssh_auth.present:
- user: root - user: root
- source: salt://ssh_keys/thatch.id_rsa.pub - source: salt://ssh_keys/thatch.id_rsa.pub
- config: %h/.ssh/authorized_keys
sshkeys: sshkeys:
ssh_auth.present: ssh_auth.present:
@ -239,7 +240,8 @@ def present(
config config
The location of the authorized keys file relative to the user's home The location of the authorized keys file relative to the user's home
directory, defaults to ".ssh/authorized_keys" directory, defaults to ".ssh/authorized_keys". Token expansion %u and
%h for username and home path supported.
''' '''
ret = {'name': name, ret = {'name': name,
'changes': {}, 'changes': {},
@ -382,7 +384,9 @@ def absent(name,
config config
The location of the authorized keys file relative to the user's home The location of the authorized keys file relative to the user's home
directory, defaults to ".ssh/authorized_keys" directory, defaults to ".ssh/authorized_keys". Token expansion %u and
%h for username and home path supported.
''' '''
ret = {'name': name, ret = {'name': name,
'changes': {}, 'changes': {},

34
tests/unit/modules/ssh_test.py Normal file
View File

@ -0,0 +1,34 @@
# -*- coding: utf-8 -*-
# import Python Libs
from __future__ import absolute_import
# Import Salt Testing Libs
from salttesting import TestCase
from salttesting.helpers import ensure_in_syspath
# Import Salt Libs
ensure_in_syspath('../../')
from salt.modules import ssh
class SSHAuthKeyPathTestCase(TestCase):
'''
TestCase for salt.modules.ssh module's ssh AuthorizedKeysFile path
expansion
'''
def test_expand_user_token(self):
'''
Test if the %u token is correctly expanded
'''
output = ssh._expand_authorized_keys_path('/home/%u', 'user',
'/home/user')
self.assertEqual(output, '/home/user')
output = ssh._expand_authorized_keys_path('/home/%h', 'user',
'/home/user')
self.assertEqual(output, '/home//home/user')
output = ssh._expand_authorized_keys_path('/srv/%h/aaa/%u%%', 'user',
'/home/user')
self.assertEqual(output, '/srv//home/user/aaa/user%')