Forge Home

authorized_keys

UNKNOWN

12,462 downloads

11,936 latest version

1.9 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.0.2 (latest)
  • 0.0.1
  • 0.0.0
released Apr 16th 2014

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'brutus777-authorized_keys', '0.0.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add brutus777-authorized_keys
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install brutus777-authorized_keys --version 0.0.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

brutus777/authorized_keys — version 0.0.2 Apr 16th 2014

brutus777/authorized_keys

####Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with [Modulename]
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

##Overview

The module distributes authorized_keys file in any user home dir based on roles. The roles, keys and user/role assignement is kept in hiera but can be also specified in class manifest. The module was tested on Puppet 2.7.

##Module Description

The module does the following tasks: parse hiera structures and validate all three hashes one against the other; if the validate is succesfull it will explode a template which populate the lines of authorized_keys files for each user under authorized_keys managament.

##Setup

The following type of hiera structures or local hashes must be created:

security::authorized_keys:
    John.Doe:
      key: AAAAB3NzaC1yc2EAAAABIwAAAQEAnGspY8p4ZoWlQ5RNLP/FzvB4WfaFdjnci0p7+oge9/xkBbvJscBlEAbmPnufT/4dM+fKDysE9Py0jcX7ymcLh5KzP7hhvRBW98O8u/UdEJmHENccJu/y+Uf4Onl1nHynLlg72OOvRGw81sSaBJsKTIJGBORqU2R0lNKtEjlKlsKfQi1cATwwFyglrLrAl8cX3j44XPeBTWEPwFjkJM8D6CRH15809fcS4byMnnXbEBkFOWGngGBBkUt6Ari4xbOG7XF9nJO3xm/mMubFQrAHCLIYYyXq5c7FFnOH/vlefM2zXCa6+HNb4BuupyY9iKPZ9Mwwhxtk1wi0ncU8qvZJ/w==
      type: ssh-rsa
      options: command="/bin/sh"

security::rolesauth:
    Role1:
      - John.Doe

security::rolesusers:
    root:
      home: "/root"
      roles:
        - Role1

###What [Modulename] affects

  • The module changes the authorized_keys file; no existing keys are preserved
  • The module assumes that users are already provisioned - most probably the user management module should be have an ordering relationship with this module

##Usage

$authorized_keys = {
  'John.Doe' => {
    key     => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAnGspY8p4ZoWlQ5RNLP/FzvB4WfaFdjnci0p7+oge9/xkBbvJscBlEAbmPnufT/4dM+fKDysE9Py0jcX7ymcLh5KzP7hhvRBW98O8u/UdEJmHENccJu/y+Uf4Onl1nHynLlg72OOvRGw81sSaBJsKTIJGBORqU2R0lNKtEjlKlsKfQi1cATwwFyglrLrAl8cX3j44XPeBTWEPwFjkJM8D6CRH15809fcS4byMnnXbEBkFOWGngGBBkUt6Ari4xbOG7XF9nJO3xm/mMubFQrAHCLIYYyXq5c7FFnOH/vlefM2zXCa6+HNb4BuupyY9iKPZ9Mwwhxtk1wi0ncU8qvZJ/w=='
    type    => 'ssh-rsa'
    options => 'command="/bin/sh"',
  }
}
$rolesusers = {
 'root' => {
   home  => "/root",
   roles => ['Role1','Role2'],
  }
}
$rolesauth = {
  'Role1' => ['John.Doe'],
  'Role2' => ['John.Doe'],
  }
}

authorized_keys{ 'authorized_keys':
  authorized_keys => $authorized_keys,
  rolesusers      => $rolesusers,
  rolesauth       => $rolesauth,
}

For hiera use:

authorized_keys{ 'authorized_keys':
  authorized_keys => hiera_hash('security::authorized_keys',{}),
  rolesusers      => hiera_hash('security::rolesusers',{}),
  rolesauth       => hiera_hash('security::rolesauth',{}),
}

##Reference

The module defines the following classes and defined types:

authorized_keys class: wrapper class, it is calling authorized_keys::validate and create_resources

authorized_keys::validate: validation class, cross-validate hiera hashes

authorized_keys::validatekeys: validate keys defined type, used to call authorized_keys::parsevalidate_array

authorized_keys::validateroles: validate roles defined type, used to call authorized_keys::parsevalidate_array

authorized_keys::parsevalidate_array: defined type used to check if a value exists in an array

authorized_keys::authkeyfile: defined type used to explode the template in files

##Limitations

Tested on RedHat OS; should work on any other Linux distribution.

##TO DO

Add hash validation in validate*.pp