sshkeys/manifests/set_authorized_keys.pp

# Install a public key into a server user's authorized_keys(5) file.
define sshkeys::set_authorized_keys (
  $keyname = '',
  $ensure = 'present',
  $group = '',
  $home = '',
  $options = '',
  $user
) {
  include sshkeys::var
  $_keyname = $keyname ? { '' => $title, default => $keyname }
  $_home = $home ? { "" => "/home/${user}", default => $home }
  # on the keymaster:
  $key_src_dir = "${sshkeys::var::keymaster_storage}/${_keyname}"
  $key_src_file = "${key_src_dir}/key.pub"
  # on the server:
  $key_tgt_file = "${_home}/.ssh/authorized_keys"

  File {
    owner   => $user,
    group   => $group ? { "" => $user, default => $group },
    require => User[$user],
    mode    => 600,
  }
  Ssh_authorized_key {
    user   => $user,
    target => $key_tgt_file,
  }

  if $ensure == "absent" {
    ssh_authorized_key { $title:
      ensure => "absent",
    }
  } else {
    $key_src_content = file($key_src_file, "/dev/null")
    if ! $key_src_content {
      notify {
        "Public key file $key_src_file for key $_keyname not found on keymaster; skipping ensure => present":
      }
    } else {
      if $ensure == "present" and $key_src_content !~ /^(ssh-...) ([^ ]*)/ {
        err("Can't parse public key file $key_src_file")
        notify {
          "Can't parse public key file $key_src_file for key $_keyname on the keymaster: skipping ensure => $ensure":
        }
      } else {
        $keytype = $1
        $modulus = $2
        ssh_authorized_key { $title:
          ensure  => "present",
          type    => $keytype,
          key     => $modulus,
          options => $options ? { "" => undef, default => $options },
        }
      }
    }
  }
}
1	# Install a public key into a server user's authorized_keys(5) file.
2	define sshkeys::set_authorized_keys (
3	$keyname = '',
4	$ensure = 'present',
5	$group = '',
6	$home = '',
7	$options = '',
8	$user
9	) {
10	include sshkeys::var
11	$_keyname = $keyname ? { '' => $title, default => $keyname }
12	$_home = $home ? { "" => "/home/${user}", default => $home }
13	# on the keymaster:
14	$key_src_dir = "${sshkeys::var::keymaster_storage}/${_keyname}"
15	$key_src_file = "${key_src_dir}/key.pub"
16	# on the server:
17	$key_tgt_file = "${_home}/.ssh/authorized_keys"
18
19	File {
20	owner => $user,
21	group => $group ? { "" => $user, default => $group },
22	require => User[$user],
23	mode => 600,
24	}
25	Ssh_authorized_key {
26	user => $user,
27	target => $key_tgt_file,
28	}
29
30	if $ensure == "absent" {
31	ssh_authorized_key { $title:
32	ensure => "absent",
33	}
34	} else {
35	$key_src_content = file($key_src_file, "/dev/null")
36	if ! $key_src_content {
37	notify {
38	"Public key file $key_src_file for key $_keyname not found on keymaster; skipping ensure => present":
39	}
40	} else {
41	if $ensure == "present" and $key_src_content !~ /^(ssh-...) ([^ ]*)/ {
42	err("Can't parse public key file $key_src_file")
43	notify {
44	"Can't parse public key file $key_src_file for key $_keyname on the keymaster: skipping ensure => $ensure":
45	}
46	} else {
47	$keytype = $1
48	$modulus = $2
49	ssh_authorized_key { $title:
50	ensure => "present",
51	type => $keytype,
52	key => $modulus,
53	options => $options ? { "" => undef, default => $options },
54	}
55	}
56	}
57	}
58	}