From 96b65cbeab931142a82850f7b0f0d4a97d48bc2f Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Fri, 2 Feb 2024 11:05:40 -0500 Subject: [PATCH] install-ssh-authorized-keys: Merge multiple authorized_keys secrets. --- .../zulip_ops/files/install-ssh-authorized-keys | 16 +++++++++------- .../zulip_ops/manifests/ssh_authorized_keys.pp | 2 ++ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/puppet/zulip_ops/files/install-ssh-authorized-keys b/puppet/zulip_ops/files/install-ssh-authorized-keys index 75b23aed4d..7822f89c04 100644 --- a/puppet/zulip_ops/files/install-ssh-authorized-keys +++ b/puppet/zulip_ops/files/install-ssh-authorized-keys @@ -18,7 +18,7 @@ while true; do done username="$1" -ssh_secret_name="$2" +shift homedir="$(getent passwd "$username" | cut -d: -f6)" sshdir="$homedir/.ssh" @@ -27,12 +27,14 @@ workfile=$(mktemp) cleanup() { rm "$workfile"; } trap cleanup EXIT -/srv/zulip-aws-tools/bin/aws --output text \ - secretsmanager get-secret-value \ - --secret-id "$ssh_secret_name" \ - --query SecretString \ - | jq -r 'keys[] as $k | "\(.[$k]) \($k)"' \ - >"$workfile" +for ssh_secret_name in "$@"; do + /srv/zulip-aws-tools/bin/aws --output text \ + secretsmanager get-secret-value \ + --secret-id "$ssh_secret_name" \ + --query SecretString \ + | jq -r 'keys[] as $k | "\(.[$k]) \($k)"' \ + >>"$workfile" +done chmod 644 "$workfile" chown "$username:$username" "$workfile" diff --git a/puppet/zulip_ops/manifests/ssh_authorized_keys.pp b/puppet/zulip_ops/manifests/ssh_authorized_keys.pp index 80c0b7ddd0..12af6d4aad 100644 --- a/puppet/zulip_ops/manifests/ssh_authorized_keys.pp +++ b/puppet/zulip_ops/manifests/ssh_authorized_keys.pp @@ -4,6 +4,8 @@ define zulip_ops::ssh_authorized_keys( $user = $name if $keys == true { $keypath = "prod/ssh/authorized_keys/${user}" + } elsif $keys.is_a(Array) { + $keypath = join($keys.map |$k| {"prod/ssh/authorized_keys/${k}"}, ' ') } else { $keypath = "prod/ssh/authorized_keys/${keys}" }