Puppet Function: deploy_ssh_authorized_key_content

Defined in:
lib/puppet/parser/functions/deploy_ssh_authorized_key_content.rb
Function type:
Ruby 3.x API

Overview

deploy_ssh_authorized_key_content()Any

Get authorized_key content from string or array

Returns:

  • (Any) 


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/puppet/parser/functions/deploy_ssh_authorized_key_content.rb', line 6

newfunction(:deploy_ssh_authorized_key_content, :type => :rvalue, :doc => <<-EOS
  Get authorized_key content from string or array
EOS
) do |args|

  github_http = lambda do
    @github_http ||= begin
      http = Net::HTTP.new("github.com", 443)
      http.use_ssl = true
      http.verify_mode = 0
      http
    end
  end

  keys_to_array = lambda do |keys|
    case keys
    when Array
      args.first.map{|i| i.to_s}
    else
      [keys.to_s]
    end
  end

  cache_save = lambda do |path, name, key|
    fname = File.join(path, "#{name}.key")
    begin
      File.open fname, 'w' do |io|
        io.write key
      end
    rescue Exception => _
      raise Puppet::ParseError, "Could not write cache data to cache at #{fname}"
    end
  end

  cache_get = lambda do |path, name, key|
    fname = File.join(path, "#{name}.key")
    if File.readable?(fname)
      File.read fname
    end
  end

  download_github_key = lambda do |name|
    begin
      github_http.call.start do |http|
        res = http.request Net::HTTP::Get.new("/#{name}.keys")
        res = res.body.split("\n").last
        res + " #{name}@github"
      end
    rescue Exception => e
      Puppet.notice "Github key fail: #{e.inspect}"
      nil
    end
  end

  args.length == 2 or
    raise Puppet::ParseError.new("deploy_application_configs_to_files takes 2 arguments")

  args.last.is_a?(Hash) or
    raise Puppet::ParseError.new("deploy_application_configs_to_files last params must be Hash")

  options = args.last
  keys = keys_to_array.call(args.first)

  cache_path = options["cache_path"]
  key_options = options["key_options"]
  evrone_keys_path = options["evrone_keys_path"] || "/etc/puppet/files/evrone/keys.json"
  evrone_keys = {}
  if File.readable?(evrone_keys_path)
    begin
      evrone_keys = JSON.parse(File.read evrone_keys_path)
    rescue Exception => e
      Puppet.notice "Evrone keys fail: #{e.inspect}"
    end

  end


  key_options = nil if key_options == :undef

  unless cache_path && File.directory?(cache_path)
    raise Puppet::ParseError, "Please set :cache_path in options"
  end

  keys.map do |key|
    if re = key.match(/^github\:\/\/(.*)$/)
      name = re[1]
      key = download_github_key.call(name)
      if key
        cache_save.call(cache_path, name, key)
      else
        key = cache_get.call(cache_path, name, key)
      end
      key
    elsif re = key.match(/^evrone\:\/\/(.*)$/)
      name = re[1]
      key = evrone_keys[name]
      key && key.strip
    else
      key
    end
  end.compact.sort.map do |key|
    if key_options
      key = "#{key_options.to_s} #{key}"
    end
    key
  end.join("\n") + "\n"
end