Module: SshAuthorizedKeysCookbook::ResourceHelpers

Defined in:
libraries/resource_helpers.rb

Overview

Some helpers to use from ssh_authorized_keys cookbook resources and definitions.

Examples:

self.class.send(:include, ::SshAuthorizedKeysCookbook::ResourceHelpers)
user_home('vagrant') #=> "/home/vagrant"

Constant Summary collapse

SSH_KEY_REGEX =

Regular expression for SSH public keys in base64.

%r{
  ^(?:[A-Za-z0-9+\/]{4})*(?:
    [A-Za-z0-9+\/]{2}==
    |[A-Za-z0-9+\/]{3}=
    |[A-Za-z0-9+\/]{4}
  )$
}x

Instance Method Summary collapse

Instance Method Details

#allowed_keytypesArray<String>

Returns allowed SSH key types list.

Examples:

allowed_keytypes
#=> ["ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384",
#    "ecdsa-sha2-nistp521", "ssh-ed25519", "ssh-dss", "ssh-rsa"]

Returns:

  • (Array<String>)

    key types list.


76
77
78
# File 'libraries/resource_helpers.rb', line 76

def allowed_keytypes
  node['ssh_authorized_keys']['keytypes']
end

#assert_comment(comment) ⇒ Object

Asserts that the key comment is correct.

Parameters:

  • comment (String)

    key comment or description.

Returns:

  • void

Raises:

  • (Chef::Exceptions::ValidationFailed)

    if the comment is wrong.


99
100
101
102
103
104
105
106
# File 'libraries/resource_helpers.rb', line 99

def assert_comment(comment)
  if comment.is_a?(String) && !comment.empty? && !comment.include?("\n")
    return
  end
  raise Chef::Exceptions::ValidationFailed,
        'ssh_authorize_key: comment parameter must be valid! You passed '\
        "#{comment.inspect}."
end

#assert_key(key) ⇒ Object

Asserts that the SSH public key is correct.

Parameters:

  • key (String)

    public key in base64.

Returns:

  • void

Raises:

  • (Chef::Exceptions::ValidationFailed)

    if the key is wrong.


62
63
64
65
66
67
# File 'libraries/resource_helpers.rb', line 62

def assert_key(key)
  return if key.is_a?(String) && !SSH_KEY_REGEX.match(key).nil?
  raise Chef::Exceptions::ValidationFailed,
        'ssh_authorize_key: key parameter must be a valid SSH public key! '\
        "You passed #{key.inspect}."
end

#assert_keytype(keytype) ⇒ Object

Asserts that the SSH key type is correct.

Parameters:

  • keytype (String)

    key type. Supported types are 'ssh-rsa', 'ssh-dss', 'ssh-ed25519', 'ecdsa-sha2-nistp521', 'ecdsa-sha2-nistp384' and 'ecdsa-sha2-nistp256'.

Returns:

  • void

Raises:

  • (Chef::Exceptions::ValidationFailed)

    if the keytype is wrong.


87
88
89
90
91
92
# File 'libraries/resource_helpers.rb', line 87

def assert_keytype(keytype)
  return if allowed_keytypes.include?(keytype)
  raise Chef::Exceptions::ValidationFailed,
        'ssh_authorize_key: keytype parameter must be equal to one of: '\
        "#{allowed_keytypes.join(', ')}! You passed #{keytype.inspect}."
end

#assert_user(user) ⇒ Object

Asserts that the user name is correct.

Parameters:

  • user (String)

    user name.

Returns:

  • void

Raises:

  • (Chef::Exceptions::ValidationFailed)

    if the user name is wrong.


50
51
52
53
54
55
# File 'libraries/resource_helpers.rb', line 50

def assert_user(user)
  return if user.is_a?(String) && !user.empty?
  raise Chef::Exceptions::ValidationFailed,
        'ssh_authorize_key: user parameter must be a valid system user! '\
        "You passed #{user.inspect}."
end

#user_group(user) ⇒ Integer

Returns the group of a system user.

Examples:

user_group('root') #=> 0

Parameters:

  • user (String)

    user name.

Returns:

  • (Integer)

    gid.


139
140
141
142
143
144
145
146
147
# File 'libraries/resource_helpers.rb', line 139

def user_group(user)
  Etc.getpwnam(user).gid
rescue ArgumentError
  Chef::Log.warn(
    "ssh_authorize_key: User #{user} not found at compile time, perhaps "\
    "you should specify a default group. I will use #{user} for now."
  )
  user
end

#user_home(user) ⇒ String

Returns the home directory of a system user.

If the user does not exist, it returns "/home/#{user}" as the home directory and emits a Chef warning.

Examples:

user_home('root') #=> "/root"
user_home('mail') #=> "/var/mail"
user_home('bob')
#WARN: ssh_authorize_key: User bob not found at compile time, perhaps
#you should specify a home path. I will use "/home/bob" for now.
#=> "/home/bob"

Parameters:

  • user (String)

    user name.

Returns:

  • (String)

    home directory.


122
123
124
125
126
127
128
129
130
131
# File 'libraries/resource_helpers.rb', line 122

def user_home(user)
  Etc.getpwnam(user).dir
rescue ArgumentError
  home = ::File.join('', 'home', user)
  Chef::Log.warn(
    "ssh_authorize_key: User #{user} not found at compile time, perhaps "\
    "you should specify a home path. I will use #{home.inspect} for now."
  )
  home
end