Class: OsCtld::Migration::KeyChain

Inherits:
Object
  • Object
show all
Defined in:
lib/osctld/migration/key_chain.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pool) ⇒ KeyChain

Returns a new instance of KeyChain



3
4
5
# File 'lib/osctld/migration/key_chain.rb', line 3

def initialize(pool)
  @pool = pool
end

Instance Attribute Details

#poolObject (readonly, protected)

Returns the value of attribute pool



104
105
106
# File 'lib/osctld/migration/key_chain.rb', line 104

def pool
  @pool
end

Instance Method Details

#assets(add) ⇒ Object



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# File 'lib/osctld/migration/key_chain.rb', line 7

def assets(add)
  add.file(
    private_key_path,
    desc: 'Identity private key',
    user: 0,
    group: 0,
    mode: 0400,
    optional: true
  )
  add.file(
    public_key_path,
    desc: 'Identity public key',
    user: 0,
    group: 0,
    mode: 0400,
    optional: true
  )
  add.file(
    authorized_keys_path,
    desc: 'Keys authorized to migrate to this node',
    user: 0,
    group: 0,
    mode: 0400,
    optional: true
  )
end

#authorize_key(pubkey) ⇒ Object



71
72
73
74
75
76
# File 'lib/osctld/migration/key_chain.rb', line 71

def authorize_key(pubkey)
  regenerate_file(authorized_keys_path, 0400) do |new, old|
    old.each_line { |line| new.write(line) } if old
    new.puts(pubkey)
  end
end

#authorized_keysObject



56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/osctld/migration/key_chain.rb', line 56

def authorized_keys
  path = authorized_keys_path

  if File.exist?(path)
    if block_given?
      File.open(path, 'r').each_line { |line| yield(line.strip) }
    else
      File.readlines(path).map(&:strip)
    end

  else
    []
  end
end

#authorized_keys_pathObject



99
100
101
# File 'lib/osctld/migration/key_chain.rb', line 99

def authorized_keys_path
  File.join(pool.conf_path, 'migration', 'authorized_keys')
end

#deployObject



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/osctld/migration/key_chain.rb', line 38

def deploy
  return unless File.exist?(authorized_keys_path)

  options = [
    "command=\"#{File.join(Migration::HOOK)}\"",
    'restrict',
  ]

  # Generate new authorized_keys
  regenerate_existing_file(Migration::AUTHORIZED_KEYS) do |new, old|
    old.each_line { |line| new.write(line) }

    authorized_keys do |key|
      new.puts("#{options.join(',')} #{key}")
    end
  end
end

#private_key_pathObject



91
92
93
# File 'lib/osctld/migration/key_chain.rb', line 91

def private_key_path
  File.join(pool.conf_path, 'migration', 'key')
end

#public_key_pathObject



95
96
97
# File 'lib/osctld/migration/key_chain.rb', line 95

def public_key_path
  "#{private_key_path}.pub"
end

#regenerate_existing_file(path) ⇒ Object (protected)



106
107
108
109
110
111
112
113
114
115
116
117
118
# File 'lib/osctld/migration/key_chain.rb', line 106

def regenerate_existing_file(path)
  replacement = "#{path}.new"
  stat = File.stat(path)

  File.open(replacement, 'w', stat.mode) do |new|
    File.open(path, 'r') do |old|
      yield(new, old)
    end
  end

  File.chown(stat.uid, stat.gid, replacement)
  File.rename(replacement, path)
end

#regenerate_file(path, mode) ⇒ Object (protected)



120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# File 'lib/osctld/migration/key_chain.rb', line 120

def regenerate_file(path, mode)
  replacement = "#{path}.new"

  File.open(replacement, 'w', mode) do |new|
    if File.exist?(path)
      File.open(path, 'r') do |old|
        yield(new, old)
      end

    else
      yield(new, nil)
    end
  end

  File.rename(replacement, path)
end

#revoke_key(index) ⇒ Object



78
79
80
81
82
83
84
85
86
87
88
89
# File 'lib/osctld/migration/key_chain.rb', line 78

def revoke_key(index)
  return unless File.exist?(authorized_keys_path)

  regenerate_existing_file(authorized_keys_path) do |new, old|
    i = 0

    old.each_line do |line|
      new.write(line) if index != i
      i += 1
    end
  end
end

#setupObject



34
35
36
# File 'lib/osctld/migration/key_chain.rb', line 34

def setup
  deploy
end