aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/puppet/provider/ssh_authorized_key/parsed.rb92
-rw-r--r--lib/puppet/provider/sshkey/parsed.rb47
-rw-r--r--lib/puppet/type/ssh_authorized_key.rb17
-rw-r--r--lib/puppet/type/sshkey.rb26
4 files changed, 90 insertions, 92 deletions
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb
index f7ac9f7..45ef649 100644
--- a/lib/puppet/provider/ssh_authorized_key/parsed.rb
+++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb
@@ -2,44 +2,44 @@ require 'puppet/provider/parsedfile'
Puppet::Type.type(:ssh_authorized_key).provide(
:parsed,
- :parent => Puppet::Provider::ParsedFile,
- :filetype => :flat,
- :default_target => ''
+ parent: Puppet::Provider::ParsedFile,
+ filetype: :flat,
+ default_target: '',
) do
- desc "Parse and generate authorized_keys files for SSH."
+ desc 'Parse and generate authorized_keys files for SSH.'
- text_line :comment, :match => /^\s*#/
- text_line :blank, :match => /^\s*$/
+ text_line :comment, match: %r{^\s*#}
+ text_line :blank, match: %r{^\s*$}
record_line :parsed,
- :fields => %w{options type key name},
- :optional => %w{options},
- :rts => /^\s+/,
- :match => Puppet::Type.type(:ssh_authorized_key).keyline_regex,
- :post_parse => proc { |h|
- h[:name] = "" if h[:name] == :absent
- h[:options] ||= [:absent]
- h[:options] = Puppet::Type::Ssh_authorized_key::ProviderParsed.parse_options(h[:options]) if h[:options].is_a? String
- },
- :pre_gen => proc { |h|
- # if this name was generated, don't write it back to disk
- h[:name] = "" if h[:unnamed]
- h[:options] = [] if h[:options].include?(:absent)
- h[:options] = h[:options].join(',')
- }
+ fields: ['options', 'type', 'key', 'name'],
+ optional: ['options'],
+ rts: %r{^\s+},
+ match: Puppet::Type.type(:ssh_authorized_key).keyline_regex,
+ post_parse: proc { |h|
+ h[:name] = '' if h[:name] == :absent
+ h[:options] ||= [:absent]
+ h[:options] = Puppet::Type::Ssh_authorized_key::ProviderParsed.parse_options(h[:options]) if h[:options].is_a? String
+ },
+ pre_gen: proc { |h|
+ # if this name was generated, don't write it back to disk
+ h[:name] = '' if h[:unnamed]
+ h[:options] = [] if h[:options].include?(:absent)
+ h[:options] = h[:options].join(',')
+ }
record_line :key_v1,
- :fields => %w{options bits exponent modulus name},
- :optional => %w{options},
- :rts => /^\s+/,
- :match => /^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$/
+ fields: ['options', 'bits', 'exponent', 'modulus', 'name'],
+ optional: ['options'],
+ rts: %r{^\s+},
+ match: %r{^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$}
def dir_perm
- 0700
+ 0o700
end
def file_perm
- 0600
+ 0o600
end
def user
@@ -48,7 +48,7 @@ Puppet::Type.type(:ssh_authorized_key).provide(
end
def flush
- raise Puppet::Error, "Cannot write SSH authorized keys without user" unless @resource.should(:user)
+ raise Puppet::Error, 'Cannot write SSH authorized keys without user' unless @resource.should(:user)
raise Puppet::Error, "User '#{@resource.should(:user)}' does not exist" unless Puppet::Util.uid(@resource.should(:user))
# ParsedFile usually calls backup_target much later in the flush process,
# but our SUID makes that fail to open filebucket files for writing.
@@ -57,14 +57,14 @@ Puppet::Type.type(:ssh_authorized_key).provide(
self.class.backup_target(target)
Puppet::Util::SUIDManager.asuser(@resource.should(:user)) do
- unless Puppet::FileSystem.exist?(dir = File.dirname(target))
- Puppet.debug "Creating #{dir} as #{@resource.should(:user)}"
- Dir.mkdir(dir, dir_perm)
- end
+ unless Puppet::FileSystem.exist?(dir = File.dirname(target))
+ Puppet.debug "Creating #{dir} as #{@resource.should(:user)}"
+ Dir.mkdir(dir, dir_perm)
+ end
- super
+ super
- File.chmod(file_perm, target)
+ File.chmod(file_perm, target)
end
end
@@ -73,17 +73,17 @@ Puppet::Type.type(:ssh_authorized_key).provide(
def self.parse_options(options)
result = []
scanner = StringScanner.new(options)
- while !scanner.eos?
- scanner.skip(/[ \t]*/)
+ until scanner.eos?
+ scanner.skip(%r{[ \t]*})
# scan a long option
- if out = scanner.scan(/[-a-z0-9A-Z_]+=\".*?[^\\]\"/) or out = scanner.scan(/[-a-z0-9A-Z_]+/)
+ if (out = scanner.scan(%r{[-a-z0-9A-Z_]+=\".*?[^\\]\"})) || (out = scanner.scan(%r{[-a-z0-9A-Z_]+}))
result << out
else
# found an unscannable token, let's abort
break
end
# eat a comma
- scanner.skip(/[ \t]*,[ \t]*/)
+ scanner.skip(%r{[ \t]*,[ \t]*})
end
result
end
@@ -91,15 +91,13 @@ Puppet::Type.type(:ssh_authorized_key).provide(
def self.prefetch_hook(records)
name_index = 0
records.each do |record|
- if record[:record_type] == :parsed && record[:name].empty?
- record[:unnamed] = true
- # Generate a unique ID for unnamed keys, in case they need purging.
- # If you change this, you have to keep
- # Puppet::Type::User#unknown_keys_in_file in sync! (PUP-3357)
- record[:name] = "#{record[:target]}:unnamed-#{ name_index += 1 }"
- Puppet.debug("generating name for on-disk ssh_authorized_key #{record[:key]}: #{record[:name]}")
- end
+ next unless record[:record_type] == :parsed && record[:name].empty?
+ record[:unnamed] = true
+ # Generate a unique ID for unnamed keys, in case they need purging.
+ # If you change this, you have to keep
+ # Puppet::Type::User#unknown_keys_in_file in sync! (PUP-3357)
+ record[:name] = "#{record[:target]}:unnamed-#{name_index += 1}"
+ Puppet.debug("generating name for on-disk ssh_authorized_key #{record[:key]}: #{record[:name]}")
end
end
end
-
diff --git a/lib/puppet/provider/sshkey/parsed.rb b/lib/puppet/provider/sshkey/parsed.rb
index 1c42aeb..3713df1 100644
--- a/lib/puppet/provider/sshkey/parsed.rb
+++ b/lib/puppet/provider/sshkey/parsed.rb
@@ -2,49 +2,48 @@ require 'puppet/provider/parsedfile'
Puppet::Type.type(:sshkey).provide(
:parsed,
- :parent => Puppet::Provider::ParsedFile,
- :filetype => :flat
+ parent: Puppet::Provider::ParsedFile,
+ filetype: :flat,
) do
- desc "Parse and generate host-wide known hosts files for SSH."
+ desc 'Parse and generate host-wide known hosts files for SSH.'
- text_line :comment, :match => /^#/
- text_line :blank, :match => /^\s*$/
+ text_line :comment, match: %r{^#}
+ text_line :blank, match: %r{^\s*$}
- record_line :parsed, :fields => %w{name type key},
- :post_parse => proc { |hash|
- names = hash[:name].split(",", -1)
- hash[:name] = names.shift
- hash[:host_aliases] = names
- },
- :pre_gen => proc { |hash|
- if hash[:host_aliases]
- hash[:name] = [hash[:name], hash[:host_aliases]].flatten.join(",")
- hash.delete(:host_aliases)
- end
- }
+ record_line :parsed, fields: ['name', 'type', 'key'],
+ post_parse: proc { |hash|
+ names = hash[:name].split(',', -1)
+ hash[:name] = names.shift
+ hash[:host_aliases] = names
+ },
+ pre_gen: proc { |hash|
+ if hash[:host_aliases]
+ hash[:name] = [hash[:name], hash[:host_aliases]].flatten.join(',')
+ hash.delete(:host_aliases)
+ end
+ }
# Make sure to use mode 644 if ssh_known_hosts is newly created
def self.default_mode
- 0644
+ 0o644
end
def self.default_target
case Facter.value(:operatingsystem)
- when "Darwin"
+ when 'Darwin'
# Versions 10.11 and up use /etc/ssh/ssh_known_hosts
version = Facter.value(:macosx_productversion_major)
if version
if Puppet::Util::Package.versioncmp(version, '10.11') >= 0
- "/etc/ssh/ssh_known_hosts"
+ '/etc/ssh/ssh_known_hosts'
else
- "/etc/ssh_known_hosts"
+ '/etc/ssh_known_hosts'
end
else
- "/etc/ssh_known_hosts"
+ '/etc/ssh_known_hosts'
end
else
- "/etc/ssh/ssh_known_hosts"
+ '/etc/ssh/ssh_known_hosts'
end
end
end
-
diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
index c6ff5b6..84dfce5 100644
--- a/lib/puppet/type/ssh_authorized_key.rb
+++ b/lib/puppet/type/ssh_authorized_key.rb
@@ -46,11 +46,10 @@ module Puppet
comment for each instance."
isnamevar
-
end
newproperty(:type) do
- desc "The encryption type used."
+ desc 'The encryption type used.'
newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519'
@@ -71,7 +70,7 @@ module Puppet
the `name` attribute/resource title."
validate do |value|
- raise Puppet::Error, _("Key must not contain whitespace: %{value}") % { value: value } if value =~ /\s/
+ raise Puppet::Error, _('Key must not contain whitespace: %{value}') % { value: value } if value =~ %r{\s}
end
end
@@ -89,14 +88,14 @@ module Puppet
defaultto :absent
def should
- return super if defined?(@should) and @should[0] != :absent
+ return super if defined?(@should) && @should[0] != :absent
return nil unless user = resource[:user]
begin
return File.expand_path("~#{user}/.ssh/authorized_keys")
rescue
- Puppet.debug "The required user is not yet present on the system"
+ Puppet.debug 'The required user is not yet present on the system'
return nil
end
end
@@ -106,14 +105,14 @@ module Puppet
end
end
- newproperty(:options, :array_matching => :all) do
+ newproperty(:options, array_matching: :all) do
desc "Key options; see sshd(8) for possible values. Multiple values
should be specified as an array."
- defaultto do :absent end
+ defaultto { :absent }
validate do |value|
- unless value == :absent or value =~ /^[-a-z0-9A-Z_]+(?:=\".*?\")?$/
+ unless value == :absent || value =~ %r{^[-a-z0-9A-Z_]+(?:=\".*?\")?$}
raise Puppet::Error, _("Option %{value} is not valid. A single option must either be of the form 'option' or 'option=\"value\". Multiple options must be provided as an array") % { value: value }
end
end
@@ -135,7 +134,7 @@ module Puppet
end
# regular expression suitable for use by a ParsedFile based provider
- REGEX = /^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$/
+ REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$}
def self.keyline_regex
REGEX
end
diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb
index 31e590b..6e51cff 100644
--- a/lib/puppet/type/sshkey.rb
+++ b/lib/puppet/type/sshkey.rb
@@ -9,7 +9,7 @@ module Puppet
ensurable
newproperty(:type) do
- desc "The encryption type used. Probably ssh-dss or ssh-rsa."
+ desc 'The encryption type used. Probably ssh-dss or ssh-rsa.'
newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'
@@ -30,7 +30,7 @@ module Puppet
the `name` attribute/resource title."
end
- # FIXME This should automagically check for aliases to the hosts, just
+ # FIXME: This should automagically check for aliases to the hosts, just
# to see if we can automatically glean any aliases.
newproperty(:host_aliases) do
desc 'Any aliases the host might have. Multiple values must be
@@ -41,6 +41,7 @@ module Puppet
def insync?(is)
is == @should
end
+
# We actually want to return the whole array here, not just the first
# value.
def should
@@ -48,23 +49,23 @@ module Puppet
end
validate do |value|
- if value =~ /\s/
- raise Puppet::Error, _("Aliases cannot include whitespace")
+ if value =~ %r{\s}
+ raise Puppet::Error, _('Aliases cannot include whitespace')
end
- if value =~ /,/
- raise Puppet::Error, _("Aliases must be provided as an array, not a comma-separated list")
+ if value =~ %r{,}
+ raise Puppet::Error, _('Aliases must be provided as an array, not a comma-separated list')
end
end
end
newparam(:name) do
- desc "The host name that the key is associated with."
+ desc 'The host name that the key is associated with.'
isnamevar
validate do |value|
- raise Puppet::Error, _("Resourcename cannot include whitespaces") if value =~ /\s/
- raise Puppet::Error, _("No comma in resourcename allowed. If you want to specify aliases use the host_aliases property") if value.include?(',')
+ raise Puppet::Error, _('Resourcename cannot include whitespaces') if value =~ %r{\s}
+ raise Puppet::Error, _('No comma in resourcename allowed. If you want to specify aliases use the host_aliases property') if value.include?(',')
end
end
@@ -72,12 +73,13 @@ module Puppet
desc "The file in which to store the ssh key. Only used by
the `parsed` provider."
- defaultto { if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile)
- @resource.class.defaultprovider.default_target
+ defaultto do
+ if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile)
+ @resource.class.defaultprovider.default_target
else
nil
end
- }
+ end
end
end
end