Create a LWRP to deploy ssh keys : ssh_keys_key

Author: jubianchi

README.md

@@ -11,7 +11,7 @@ Deploys SSH keys
 
 | Key         | Type       | Default    | Description                                           |
 | :---------- |:---------- | :--------- | :---------------------------------------------------- |
-| `databag`   | String     | `ssh_keys` | Databag where to search for keys                      |
+| `data_bag`  | String     | `ssh_keys` | Databag where to search for keys                      |
 | `users`     | Hash       | `{}`       | A list of users with names as key                     |
 
 ### Users

libraries/user.rb

@@ -6,22 +6,11 @@ module User
       def self.valid?(username, user)
         begin
           Dir.home(username)
+
+          true
         rescue
           raise Chef::Exceptions::ConfigurationError, "User #{user} does not exist"
         end
-
-        (
-          (user.key?('authorized_keys') and not user['authorized_keys'].empty?) or
-          (user.key?('authorized_users') and not user['authorized_users'].empty?)
-        ) or (
-          (user.key?(:authorized_keys) and not user[:authorized_keys].empty?) or
-          (user.key?(:authorized_users) and not user[:authorized_users].empty?)
-        ) or (
-          not user.key?('authorized_keys') and
-          not user.key?('authorized_users') and
-          not user.key?(:authorized_keys) and
-          not user.key?(:authorized_users)
-        )
       end
 
       def self.raise_if_invalid!(username, user)
@@ -30,27 +19,27 @@ def self.raise_if_invalid!(username, user)
         user
       end
 
-      def self.normalize!(username, user, node, data_bag_proc)
+      def self.normalize!(username, user, data_bag_proc)
         normalized = raise_if_invalid!(username, user).dup
 
-        normalized['databag'] = data_bag_proc.call(node['ssh_keys']['databag'], username)
-        normalized['databag'] ||= []
-        normalized['home'] = Dir.home(username)
-        normalized['authorized_keys'] ||= []
-        normalized['authorized_users'] ||= []
-        normalized['keys'] = []
+        normalized[:databag] = data_bag_proc.call(username)
+        normalized[:databag] ||= []
+        normalized[:home] = Dir.home(username)
+        normalized[:authorized_keys] ||= []
+        normalized[:authorized_users] ||= []
+        normalized[:keys] = []
 
-        normalized['databag']['keys'].each do |key|
-          normalized['keys'] << PMSIpilot::SshKeys::Key.normalize!(key)
+        normalized[:databag]['keys'].each do |key|
+          normalized[:keys] << PMSIpilot::SshKeys::Key.normalize!(key)
         end
 
-        normalized['authorized_users'].each do |authorized_user|
-          authorized_user_bag = data_bag_proc.call(node['ssh_keys']['databag'], authorized_user)
+        normalized[:authorized_users].each do |authorized_user|
+          authorized_user_bag = data_bag_proc.call(authorized_user)
 
           raise Chef::Exceptions::ConfigurationError, "User #{authorized_user} does not exist" if authorized_user_bag.nil?
 
           authorized_user_bag['keys'].each do |authorized_user_key|
-            normalized['authorized_keys'] << PMSIpilot::SshKeys::Key.normalize!(authorized_user_key)['pub']
+            normalized[:authorized_keys] << PMSIpilot::SshKeys::Key.normalize!(authorized_user_key)['pub']
           end
         end
 

providers/key.rb

@@ -0,0 +1,52 @@
+use_inline_resources
+
+action :create do
+  username = new_resource.name
+
+  user = PMSIpilot::SshKeys::User.normalize!(
+      username,
+      {
+          :authorized_keys => new_resource.authorized_keys,
+          :authorized_users => new_resource.authorized_users
+      },
+      Proc.new do |item|
+        data_bag_item(new_resource.data_bag, item)
+      end
+  )
+
+  directory "#{user[:home]}/.ssh" do
+    owner username
+    group username
+    mode '0600'
+    action :create
+
+    not_if "test -e #{user[:home]}/.ssh"
+  end
+
+  user[:keys].each do |key|
+    key = PMSIpilot::SshKeys::Key.normalize!(key)
+
+    file "#{user[:home]}/.ssh/#{key['id']}.pub" do
+      owner username
+      group username
+      mode '0600'
+      content key['pub']
+      not_if { key['pub'].empty? }
+    end
+
+    file "#{user[:home]}/.ssh/#{key['id']}" do
+      owner username
+      group username
+      mode '0600'
+      content key['priv'].kind_of?(Array) ? key['priv'].join("\n") : key['priv']
+    end
+  end
+
+  template "#{user[:home]}/.ssh/authorized_keys" do
+    source 'authorized_keys.erb'
+    owner username
+    group username
+    mode '0600'
+    variables keys: user[:authorized_keys]
+  end
+end

recipes/default.rb

@@ -1,48 +1,7 @@
-raise Chef::Exceptions::ConfigurationError, 'No configuration for cookbook' if node['ssh_keys']['users'].nil? || node['ssh_keys']['users'].empty?
-
 node['ssh_keys']['users'].each do |username, user|
-  user = PMSIpilot::SshKeys::User.normalize!(
-    username,
-    user,
-    node,
-    Proc.new do |name, item|
-      data_bag_item(name, item)
-    end
-  )
-
-  directory "#{user['home']}/.ssh" do
-    owner username
-    group username
-    mode '0600'
+  ssh_keys_key username do
+    authorized_keys user['authorized_keys']
+    authorized_users user['authorized_users']
     action :create
-
-    not_if "test -e #{user['home']}/.ssh"
-  end
-
-  user['keys'].each do |key|
-    key = PMSIpilot::SshKeys::Key.normalize!(key)
-
-    file "#{user['home']}/.ssh/#{key['id']}.pub" do
-      owner username
-      group username
-      mode '0600'
-      content key['pub']
-      not_if { key['pub'].empty? }
-    end
-
-    file "#{user['home']}/.ssh/#{key['id']}" do
-      owner username
-      group username
-      mode '0600'
-      content key['priv'].kind_of?(Array) ? key['priv'].join("\n") : key['priv']
-    end
-  end
-
-  template "#{user['home']}/.ssh/authorized_keys" do
-    source 'authorized_keys.erb'
-    owner username
-    group username
-    mode '0600'
-    variables keys: user['authorized_keys']
   end
 end

resources/key.rb

@@ -0,0 +1,19 @@
+actions :create, :delete
+default_action :create
+
+attribute :username,
+          :kind_of => String,
+          :required => true,
+          :name_attribute => true
+
+attribute :data_bag,
+          :kind_of => String,
+          :default => 'ssh_keys'
+
+attribute :authorized_keys,
+          :kind_of => Array,
+          :default => []
+
+attribute :authorized_users,
+          :kind_of => Array,
+          :default => []