Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

install-ssh-authorized-keys: Merge multiple authorized_keys secrets.

This commit is contained in:
Alex Vandiver 2024-02-02 11:05:40 -05:00 committed by Tim Abbott
parent 1567275959
commit 96b65cbeab
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
puppet/zulip_ops/files/install-ssh-authorized-keys
View File

@ -18,7 +18,7 @@ while true; do
done
username="$1"
ssh_secret_name="$2"
shift
homedir="$(getent passwd "$username" | cut -d: -f6)"
sshdir="$homedir/.ssh"
@ -27,12 +27,14 @@ workfile=$(mktemp)
cleanup() { rm "$workfile"; }
trap cleanup EXIT
/srv/zulip-aws-tools/bin/aws --output text \
secretsmanager get-secret-value \
--secret-id "$ssh_secret_name" \
--query SecretString \
| jq -r 'keys[] as $k | "\(.[$k]) \($k)"' \
>"$workfile"
for ssh_secret_name in "$@"; do
/srv/zulip-aws-tools/bin/aws --output text \
secretsmanager get-secret-value \
--secret-id "$ssh_secret_name" \
--query SecretString \
| jq -r 'keys[] as $k | "\(.[$k]) \($k)"' \
>>"$workfile"
done
chmod 644 "$workfile"
chown "$username:$username" "$workfile"

2
puppet/zulip_ops/manifests/ssh_authorized_keys.pp
View File

@ -4,6 +4,8 @@ define zulip_ops::ssh_authorized_keys(
$user = $name
if $keys == true {
$keypath = "prod/ssh/authorized_keys/${user}"
} elsif $keys.is_a(Array) {
$keypath = join($keys.map |$k| {"prod/ssh/authorized_keys/${k}"}, ' ')
} else {
$keypath = "prod/ssh/authorized_keys/${keys}"
}