Add authorized_users

jubianchi · jubianchi · commit 527d6fbe7229 · 2014-12-15T14:58:30.000+01:00
diff --git a/README.md b/README.md
@@ -16,10 +16,11 @@ Deploys SSH keys
 
 ### Users
 
-| Key                 | Type       | Default    | Description                                              |
-| :------------------ |:---------- | :--------- | :------------------------------------------------------- |
-| `databag`           | String     | `ssh_keys` | Databag where to search for keys                         |
-| `authorized_keys`   | Array      | `[]`       | Array of strings representing authorized SSH public keys |
+| Key                 | Type       | Default    | Description                                                           |
+| :------------------ |:---------- | :--------- | :-------------------------------------------------------------------- |
+| `databag`           | String     | `ssh_keys` | Databag where to search for keys                                      |
+| `authorized_keys`   | Array      | `[]`       | Array of strings representing authorized SSH public keys              |
+| `authorized_users`  | Array      | `[]`       | Array of strings representing authorized users (found in the databag) |
 
 ## Databag
 
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -38,13 +38,26 @@
     end
   end
 
-  unless config['authorized_keys'].nil? || config['authorized_keys'].empty?
+  authorized_keys = config['authorized_keys']
+  authorized_keys ||= []
+
+  unless config['authorized_users'].nil? || config['authorized_users'].empty?
+    config['authorized_users'].each do |authorized_user|
+      raise Chef::Exceptions::ConfigurationError, "User #{authorized_user} does not exist" if databag[authorized_user].nil?
+
+      databag[authorized_user].each do |authorized_user_key|
+        authorized_keys << authorized_user_key['pub']
+      end
+    end
+  end
+
+  unless authorized_keys.empty?
     template "#{home}/.ssh/authorized_keys" do
       source 'authorized_keys.erb'
       owner user
       group user
       mode '0600'
-      variables keys: config['authorized_keys']
+      variables keys: authorized_keys
     end
   end
 end
diff --git a/spec/unit/default_spec.rb b/spec/unit/default_spec.rb
@@ -210,4 +210,103 @@
       end
     end
   end
+
+  describe 'Add authorized users' do
+    describe 'With one user' do
+      it 'Throws a ConfigurationError if user does not exist in databag' do
+        chef_run = ChefSpec::SoloRunner.new do |node|
+          node.set['ssh_keys'] = {
+            :users => {
+              :bob => {
+                :authorized_users => [
+                  'joe'
+                ]
+              }
+            }
+          }
+        end
+
+        expect { chef_run.converge(described_recipe) }.to raise_error(Chef::Exceptions::ConfigurationError)
+      end
+
+      it 'Should add authorized user\'s key' do
+        allow(Dir).to receive(:home) { '/home/bob' }
+        stub_command('test -e /home/bob/.ssh').and_return(false)
+        allow(Dir).to receive(:home) { '/home/bob' }
+        stub_command('test -e /home/bob/.ssh').and_return(false)
+        stub_data_bag(:ssh_keys).and_return({
+          :bob => [
+            {
+              :id => 'bob_key',
+              :pub => 'bob_public_key',
+              :priv => 'bob_private_key'
+            }
+          ],
+          :joe => [
+            {
+              :id => 'job_key',
+              :pub => 'joe_public_key',
+              :priv => 'joe_private_key'
+            }
+          ]
+        })
+
+        chef_run = ChefSpec::SoloRunner.new do |node|
+          node.set['ssh_keys'] = {
+            :users => {
+              :bob => {
+                :authorized_users => [
+                  'joe'
+                ]
+              }
+            }
+          }
+        end
+
+        expect(chef_run.converge(described_recipe)).to render_file('/home/bob/.ssh/authorized_keys').with_content('joe_public_key')
+      end
+
+      it 'Should add authorized user\'s keys' do
+        allow(Dir).to receive(:home) { '/home/bob' }
+        stub_command('test -e /home/bob/.ssh').and_return(false)
+        allow(Dir).to receive(:home) { '/home/bob' }
+        stub_command('test -e /home/bob/.ssh').and_return(false)
+        stub_data_bag(:ssh_keys).and_return({
+          :bob => [
+            {
+              :id => 'bob_key',
+              :pub => 'bob_public_key',
+              :priv => 'bob_private_key'
+            }
+          ],
+          :joe => [
+            {
+              :id => 'joe_key',
+              :pub => 'joe_public_key',
+              :priv => 'joe_private_key'
+            },
+            {
+              :id => 'joe_other_key',
+              :pub => 'joe_other_public_key',
+              :priv => 'joe_other_private_key'
+            }
+          ]
+        })
+
+        chef_run = ChefSpec::SoloRunner.new do |node|
+          node.set['ssh_keys'] = {
+            :users => {
+              :bob => {
+                :authorized_users => [
+                  'joe'
+                ]
+              }
+            }
+          }
+        end
+
+        expect(chef_run.converge(described_recipe)).to render_file('/home/bob/.ssh/authorized_keys').with_content("joe_public_key\njoe_other_public_key")
+      end
+    end
+  end
 end
diff --git a/templates/default/authorized_keys.erb b/templates/default/authorized_keys.erb
@@ -1,4 +1,3 @@
 <% @keys.each do |key| %>
 <%= key %>
-
 <% end %>
