diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/puppet/provider/ssh_authorized_key/parsed.rb | 92 | ||||
-rw-r--r-- | lib/puppet/provider/sshkey/parsed.rb | 47 | ||||
-rw-r--r-- | lib/puppet/type/ssh_authorized_key.rb | 17 | ||||
-rw-r--r-- | lib/puppet/type/sshkey.rb | 26 |
4 files changed, 90 insertions, 92 deletions
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb index f7ac9f7..45ef649 100644 --- a/lib/puppet/provider/ssh_authorized_key/parsed.rb +++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb @@ -2,44 +2,44 @@ require 'puppet/provider/parsedfile' Puppet::Type.type(:ssh_authorized_key).provide( :parsed, - :parent => Puppet::Provider::ParsedFile, - :filetype => :flat, - :default_target => '' + parent: Puppet::Provider::ParsedFile, + filetype: :flat, + default_target: '', ) do - desc "Parse and generate authorized_keys files for SSH." + desc 'Parse and generate authorized_keys files for SSH.' - text_line :comment, :match => /^\s*#/ - text_line :blank, :match => /^\s*$/ + text_line :comment, match: %r{^\s*#} + text_line :blank, match: %r{^\s*$} record_line :parsed, - :fields => %w{options type key name}, - :optional => %w{options}, - :rts => /^\s+/, - :match => Puppet::Type.type(:ssh_authorized_key).keyline_regex, - :post_parse => proc { |h| - h[:name] = "" if h[:name] == :absent - h[:options] ||= [:absent] - h[:options] = Puppet::Type::Ssh_authorized_key::ProviderParsed.parse_options(h[:options]) if h[:options].is_a? String - }, - :pre_gen => proc { |h| - # if this name was generated, don't write it back to disk - h[:name] = "" if h[:unnamed] - h[:options] = [] if h[:options].include?(:absent) - h[:options] = h[:options].join(',') - } + fields: ['options', 'type', 'key', 'name'], + optional: ['options'], + rts: %r{^\s+}, + match: Puppet::Type.type(:ssh_authorized_key).keyline_regex, + post_parse: proc { |h| + h[:name] = '' if h[:name] == :absent + h[:options] ||= [:absent] + h[:options] = Puppet::Type::Ssh_authorized_key::ProviderParsed.parse_options(h[:options]) if h[:options].is_a? String + }, + pre_gen: proc { |h| + # if this name was generated, don't write it back to disk + h[:name] = '' if h[:unnamed] + h[:options] = [] if h[:options].include?(:absent) + h[:options] = h[:options].join(',') + } record_line :key_v1, - :fields => %w{options bits exponent modulus name}, - :optional => %w{options}, - :rts => /^\s+/, - :match => /^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$/ + fields: ['options', 'bits', 'exponent', 'modulus', 'name'], + optional: ['options'], + rts: %r{^\s+}, + match: %r{^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$} def dir_perm - 0700 + 0o700 end def file_perm - 0600 + 0o600 end def user @@ -48,7 +48,7 @@ Puppet::Type.type(:ssh_authorized_key).provide( end def flush - raise Puppet::Error, "Cannot write SSH authorized keys without user" unless @resource.should(:user) + raise Puppet::Error, 'Cannot write SSH authorized keys without user' unless @resource.should(:user) raise Puppet::Error, "User '#{@resource.should(:user)}' does not exist" unless Puppet::Util.uid(@resource.should(:user)) # ParsedFile usually calls backup_target much later in the flush process, # but our SUID makes that fail to open filebucket files for writing. @@ -57,14 +57,14 @@ Puppet::Type.type(:ssh_authorized_key).provide( self.class.backup_target(target) Puppet::Util::SUIDManager.asuser(@resource.should(:user)) do - unless Puppet::FileSystem.exist?(dir = File.dirname(target)) - Puppet.debug "Creating #{dir} as #{@resource.should(:user)}" - Dir.mkdir(dir, dir_perm) - end + unless Puppet::FileSystem.exist?(dir = File.dirname(target)) + Puppet.debug "Creating #{dir} as #{@resource.should(:user)}" + Dir.mkdir(dir, dir_perm) + end - super + super - File.chmod(file_perm, target) + File.chmod(file_perm, target) end end @@ -73,17 +73,17 @@ Puppet::Type.type(:ssh_authorized_key).provide( def self.parse_options(options) result = [] scanner = StringScanner.new(options) - while !scanner.eos? - scanner.skip(/[ \t]*/) + until scanner.eos? + scanner.skip(%r{[ \t]*}) # scan a long option - if out = scanner.scan(/[-a-z0-9A-Z_]+=\".*?[^\\]\"/) or out = scanner.scan(/[-a-z0-9A-Z_]+/) + if (out = scanner.scan(%r{[-a-z0-9A-Z_]+=\".*?[^\\]\"})) || (out = scanner.scan(%r{[-a-z0-9A-Z_]+})) result << out else # found an unscannable token, let's abort break end # eat a comma - scanner.skip(/[ \t]*,[ \t]*/) + scanner.skip(%r{[ \t]*,[ \t]*}) end result end @@ -91,15 +91,13 @@ Puppet::Type.type(:ssh_authorized_key).provide( def self.prefetch_hook(records) name_index = 0 records.each do |record| - if record[:record_type] == :parsed && record[:name].empty? - record[:unnamed] = true - # Generate a unique ID for unnamed keys, in case they need purging. - # If you change this, you have to keep - # Puppet::Type::User#unknown_keys_in_file in sync! (PUP-3357) - record[:name] = "#{record[:target]}:unnamed-#{ name_index += 1 }" - Puppet.debug("generating name for on-disk ssh_authorized_key #{record[:key]}: #{record[:name]}") - end + next unless record[:record_type] == :parsed && record[:name].empty? + record[:unnamed] = true + # Generate a unique ID for unnamed keys, in case they need purging. + # If you change this, you have to keep + # Puppet::Type::User#unknown_keys_in_file in sync! (PUP-3357) + record[:name] = "#{record[:target]}:unnamed-#{name_index += 1}" + Puppet.debug("generating name for on-disk ssh_authorized_key #{record[:key]}: #{record[:name]}") end end end - diff --git a/lib/puppet/provider/sshkey/parsed.rb b/lib/puppet/provider/sshkey/parsed.rb index 1c42aeb..3713df1 100644 --- a/lib/puppet/provider/sshkey/parsed.rb +++ b/lib/puppet/provider/sshkey/parsed.rb @@ -2,49 +2,48 @@ require 'puppet/provider/parsedfile' Puppet::Type.type(:sshkey).provide( :parsed, - :parent => Puppet::Provider::ParsedFile, - :filetype => :flat + parent: Puppet::Provider::ParsedFile, + filetype: :flat, ) do - desc "Parse and generate host-wide known hosts files for SSH." + desc 'Parse and generate host-wide known hosts files for SSH.' - text_line :comment, :match => /^#/ - text_line :blank, :match => /^\s*$/ + text_line :comment, match: %r{^#} + text_line :blank, match: %r{^\s*$} - record_line :parsed, :fields => %w{name type key}, - :post_parse => proc { |hash| - names = hash[:name].split(",", -1) - hash[:name] = names.shift - hash[:host_aliases] = names - }, - :pre_gen => proc { |hash| - if hash[:host_aliases] - hash[:name] = [hash[:name], hash[:host_aliases]].flatten.join(",") - hash.delete(:host_aliases) - end - } + record_line :parsed, fields: ['name', 'type', 'key'], + post_parse: proc { |hash| + names = hash[:name].split(',', -1) + hash[:name] = names.shift + hash[:host_aliases] = names + }, + pre_gen: proc { |hash| + if hash[:host_aliases] + hash[:name] = [hash[:name], hash[:host_aliases]].flatten.join(',') + hash.delete(:host_aliases) + end + } # Make sure to use mode 644 if ssh_known_hosts is newly created def self.default_mode - 0644 + 0o644 end def self.default_target case Facter.value(:operatingsystem) - when "Darwin" + when 'Darwin' # Versions 10.11 and up use /etc/ssh/ssh_known_hosts version = Facter.value(:macosx_productversion_major) if version if Puppet::Util::Package.versioncmp(version, '10.11') >= 0 - "/etc/ssh/ssh_known_hosts" + '/etc/ssh/ssh_known_hosts' else - "/etc/ssh_known_hosts" + '/etc/ssh_known_hosts' end else - "/etc/ssh_known_hosts" + '/etc/ssh_known_hosts' end else - "/etc/ssh/ssh_known_hosts" + '/etc/ssh/ssh_known_hosts' end end end - diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index c6ff5b6..84dfce5 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -46,11 +46,10 @@ module Puppet comment for each instance." isnamevar - end newproperty(:type) do - desc "The encryption type used." + desc 'The encryption type used.' newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519' @@ -71,7 +70,7 @@ module Puppet the `name` attribute/resource title." validate do |value| - raise Puppet::Error, _("Key must not contain whitespace: %{value}") % { value: value } if value =~ /\s/ + raise Puppet::Error, _('Key must not contain whitespace: %{value}') % { value: value } if value =~ %r{\s} end end @@ -89,14 +88,14 @@ module Puppet defaultto :absent def should - return super if defined?(@should) and @should[0] != :absent + return super if defined?(@should) && @should[0] != :absent return nil unless user = resource[:user] begin return File.expand_path("~#{user}/.ssh/authorized_keys") rescue - Puppet.debug "The required user is not yet present on the system" + Puppet.debug 'The required user is not yet present on the system' return nil end end @@ -106,14 +105,14 @@ module Puppet end end - newproperty(:options, :array_matching => :all) do + newproperty(:options, array_matching: :all) do desc "Key options; see sshd(8) for possible values. Multiple values should be specified as an array." - defaultto do :absent end + defaultto { :absent } validate do |value| - unless value == :absent or value =~ /^[-a-z0-9A-Z_]+(?:=\".*?\")?$/ + unless value == :absent || value =~ %r{^[-a-z0-9A-Z_]+(?:=\".*?\")?$} raise Puppet::Error, _("Option %{value} is not valid. A single option must either be of the form 'option' or 'option=\"value\". Multiple options must be provided as an array") % { value: value } end end @@ -135,7 +134,7 @@ module Puppet end # regular expression suitable for use by a ParsedFile based provider - REGEX = /^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$/ + REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$} def self.keyline_regex REGEX end diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb index 31e590b..6e51cff 100644 --- a/lib/puppet/type/sshkey.rb +++ b/lib/puppet/type/sshkey.rb @@ -9,7 +9,7 @@ module Puppet ensurable newproperty(:type) do - desc "The encryption type used. Probably ssh-dss or ssh-rsa." + desc 'The encryption type used. Probably ssh-dss or ssh-rsa.' newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521' @@ -30,7 +30,7 @@ module Puppet the `name` attribute/resource title." end - # FIXME This should automagically check for aliases to the hosts, just + # FIXME: This should automagically check for aliases to the hosts, just # to see if we can automatically glean any aliases. newproperty(:host_aliases) do desc 'Any aliases the host might have. Multiple values must be @@ -41,6 +41,7 @@ module Puppet def insync?(is) is == @should end + # We actually want to return the whole array here, not just the first # value. def should @@ -48,23 +49,23 @@ module Puppet end validate do |value| - if value =~ /\s/ - raise Puppet::Error, _("Aliases cannot include whitespace") + if value =~ %r{\s} + raise Puppet::Error, _('Aliases cannot include whitespace') end - if value =~ /,/ - raise Puppet::Error, _("Aliases must be provided as an array, not a comma-separated list") + if value =~ %r{,} + raise Puppet::Error, _('Aliases must be provided as an array, not a comma-separated list') end end end newparam(:name) do - desc "The host name that the key is associated with." + desc 'The host name that the key is associated with.' isnamevar validate do |value| - raise Puppet::Error, _("Resourcename cannot include whitespaces") if value =~ /\s/ - raise Puppet::Error, _("No comma in resourcename allowed. If you want to specify aliases use the host_aliases property") if value.include?(',') + raise Puppet::Error, _('Resourcename cannot include whitespaces') if value =~ %r{\s} + raise Puppet::Error, _('No comma in resourcename allowed. If you want to specify aliases use the host_aliases property') if value.include?(',') end end @@ -72,12 +73,13 @@ module Puppet desc "The file in which to store the ssh key. Only used by the `parsed` provider." - defaultto { if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile) - @resource.class.defaultprovider.default_target + defaultto do + if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile) + @resource.class.defaultprovider.default_target else nil end - } + end end end end |