Class: Deployku::AccessPlugin
- Inherits:
-
Plugin
- Object
- Plugin
- Deployku::AccessPlugin
show all
- Defined in:
- lib/deployku/plugins/access.rb
Instance Method Summary
collapse
Methods inherited from Plugin
<<, command_description, filter_plugins, find_plugin, help, inherited, instance, #packages, run
Instance Method Details
#acl_list ⇒ Object
78
79
80
81
82
83
84
85
86
87
88
89
90
|
# File 'lib/deployku/plugins/access.rb', line 78
def acl_list
users = get_users
apps = Deployku::AppPlugin.instance.get_app_list
rights = File.exists?(system_acl_path) ? YAML.load_file(system_acl_path) : {}
users.each do |user|
puts "#{user}:"
puts " system wide rights: #{rights[user]}"
apps.each do |app|
app_rights = File.exists?(app_acl_path(app)) ? YAML.load_file(app_acl_path(app)) : {}
puts " #{app}: #{app_rights[user]}"
end
end
end
|
#acl_list_rights ⇒ Object
93
94
95
96
|
# File 'lib/deployku/plugins/access.rb', line 93
def acl_list_rights
puts 'admin'
puts 'commit'
end
|
#acl_set(app_name, user_name, rights = '') ⇒ Object
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# File 'lib/deployku/plugins/access.rb', line 48
def acl_set(app_name, user_name, rights='')
name = Deployku.sanitize_app_name(user_name)
urights = { name => rights.split(',').map { |r| r.chomp } }
rights = {}
if File.exists?(app_acl_path(app_name))
rights = YAML.load_file(app_acl_path(app_name))
end
rights.merge!(urights)
File.open(app_acl_path(app_name), 'w') do |f|
f << rights.to_yaml
end
puts "Application acl has been updated."
end
|
#acl_system_set(user_name, rights = '') ⇒ Object
63
64
65
66
67
68
69
70
71
72
73
74
75
|
# File 'lib/deployku/plugins/access.rb', line 63
def acl_system_set(user_name, rights='')
name = Deployku.sanitize_app_name(user_name)
urights = { name => rights.split(',').map { |r| r.chomp } }
rights = {}
if File.exists?(system_acl_path)
rights = YAML.load_file(system_acl_path)
end
rights.merge!(urights)
File.open(system_acl_path, 'w') do |f|
f << rights.to_yaml
end
puts "System rights has been updated."
end
|
#add(user_name) ⇒ Object
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
# File 'lib/deployku/plugins/access.rb', line 6
def add(user_name)
allow = check_system_rights(:admin)
if !allow && get_users.count > 0
puts "No rights."
exit 1
end
key = $stdin.gets
key.chomp! if key
if !key || key == ''
puts "No key."
exit 1
end
name = Deployku.sanitize_app_name(user_name)
user_add(user_name, key)
puts "User '#{user_name}' has been added."
unless allow
acl_system_set(user_name, 'admin')
end
end
|
#app_acl_path(app_name) ⇒ Object
145
146
147
|
# File 'lib/deployku/plugins/access.rb', line 145
def app_acl_path(app_name)
File.join(Deployku::AppPlugin.instance.dir(app_name), 'DEPLOYKU_ACL.yml')
end
|
#authorized_keys_path ⇒ Object
157
158
159
|
# File 'lib/deployku/plugins/access.rb', line 157
def authorized_keys_path
File.join(Deployku::Config.home, '.ssh/authorized_keys')
end
|
#check_app_rights(app_name, right, ex = false) ⇒ Object
98
99
100
101
102
103
104
|
# File 'lib/deployku/plugins/access.rb', line 98
def check_app_rights(app_name, right, ex=false)
p [app_name, right, ex]
name = Deployku.sanitize_app_name(ENV['NAME'].to_s)
app_rights = File.exists?(app_acl_path(app_name)) ? YAML.load_file(app_acl_path(app_name)) : {}
return true if app_rights[name] && (app_rights[name].include?(right.to_s) || app_rights[name].include?('admin'))
return check_system_rights(right, ex)
end
|
#check_system_rights(right, ex = false) ⇒ Object
106
107
108
109
110
111
112
113
114
115
116
|
# File 'lib/deployku/plugins/access.rb', line 106
def check_system_rights(right, ex=false)
p [right, ex]
name = Deployku.sanitize_app_name(ENV['NAME'].to_s)
rights = File.exists?(system_acl_path) ? YAML.load_file(system_acl_path) : {}
return true if rights[name] && (rights[name].include?(right.to_s) || rights[name].include?('admin'))
if ex
puts "No rights."
exit 1
end
false
end
|
#delete(user_name) ⇒ Object
29
30
31
32
33
34
35
|
# File 'lib/deployku/plugins/access.rb', line 29
def delete(user_name)
user_delete(user_name)
acl_system_set(user_name, '')
apps = Deployku::AppPlugin.instance.get_app_list
apps.each { |app| acl_set(app, user_name, '') }
puts "All keys for user '#{name}' has been removed."
end
|
#get_users ⇒ Object
135
136
137
138
139
140
141
142
143
|
# File 'lib/deployku/plugins/access.rb', line 135
def get_users
users = []
File.open(authorized_keys_path, 'r') do |f|
while l = f.gets
users << $1 if l =~ /NAME=([^\s]+)/
end
end if File.exists?(authorized_keys_path)
users
end
|
#list ⇒ Object
43
44
45
|
# File 'lib/deployku/plugins/access.rb', line 43
def list
p get_users
end
|
#show ⇒ Object
38
39
40
|
# File 'lib/deployku/plugins/access.rb', line 38
def show
puts File.read(authorized_keys_path)
end
|
#sshcommand_path ⇒ Object
153
154
155
|
# File 'lib/deployku/plugins/access.rb', line 153
def sshcommand_path
File.join(Deployku::Config.home, '.sshcommand')
end
|
#system_acl_path ⇒ Object
149
150
151
|
# File 'lib/deployku/plugins/access.rb', line 149
def system_acl_path
File.join(Deployku::Config.home, '.deployku_acl.yml')
end
|
#user_add(user_name, key) ⇒ Object
118
119
120
121
122
123
|
# File 'lib/deployku/plugins/access.rb', line 118
def user_add(user_name, key)
name = Deployku.sanitize_app_name(user_name)
File.open(authorized_keys_path, 'a') do |f|
f << "command=\"NAME=#{name} `cat #{sshcommand_path}` $SSH_ORIGINAL_COMMAND\",no-agent-forwarding,no-user-rc,no-X11-forwarding,no-port-forwarding #{key}\n"
end
end
|
#user_delete(user_name) ⇒ Object
125
126
127
128
129
130
131
132
133
|
# File 'lib/deployku/plugins/access.rb', line 125
def user_delete(user_name)
name = Deployku.sanitize_app_name(user_name)
lines = File.readlines(authorized_keys_path)
File.open(authorized_keys_path, 'w') do |f|
lines.each do |line|
f << "#{line}\n" unless line =~ /NAME=#{name}/
end
end
end
|