Merge pull request #133 from luitzifa/multiple-key-support

add support for multiple private and public keys
2025-10-31 15:31:29 +01:00 · 2017-09-28 12:50:56 +02:00 · 2017-09-28 12:50:56 +02:00 · a4c1e98a55
commit a4c1e98a55
parent a133ef1c8b d8d2017629
2 changed files with 21 additions and 17 deletions
--- a/pillar.example
+++ b/pillar.example
@ -57,6 +57,10 @@ users:
    ssh_keys:
      privkey: PRIVATEKEY
      pubkey: PUBLICKEY
+      # you can provide multiple keys, the keyname is taken as filename
+      # make sure your public keys suffix is .pub
+      foobar: PRIVATEKEY
+      foobar.pub: PUBLICKEY
    # ... or you can pull them from a different pillar,
    # for example one called "ssh_keys":
    ssh_keys_pillar:
--- a/users/init.sls
+++ b/users/init.sls
@ -175,35 +175,35 @@ user_keydir_{{ name }}:
  {% endif %}

  {% if 'ssh_keys' in user %}
-  {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}
-users_user_{{ name }}_private_key:
+    {% for _key in user.ssh_keys.keys() %}
+      {% if _key == 'privkey' %}
+        {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}
+      {% elif _key ==  'pubkey' %}
+        {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}
+      {% else %}
+        {% set key_name = _key %}
+      {% endif %}
+users_{{ name }}_{{ key_name }}_key:
  file.managed:
-    - name: {{ home }}/.ssh/{{ key_type }}
+    - name: {{ home }}/.ssh/{{ key_name }}
    - user: {{ name }}
    - group: {{ user_group }}
+      {% if key_name.endswith(".pub") %}
+    - mode: 644
+      {% else %}
    - mode: 600
+      {% endif %}
    - show_diff: False
-    - contents_pillar: users:{{ name }}:ssh_keys:privkey
+    - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}
    - require:
      - user: users_{{ name }}_user
      {% for group in user.get('groups', []) %}
      - group: users_{{ name }}_{{ group }}_group
      {% endfor %}
-users_user_{{ name }}_public_key:
-  file.managed:
-    - name: {{ home }}/.ssh/{{ key_type }}.pub
-    - user: {{ name }}
-    - group: {{ user_group }}
-    - mode: 644
-    - show_diff: False
-    - contents_pillar: users:{{ name }}:ssh_keys:pubkey
-    - require:
-      - user: users_{{ name }}_user
-      {% for group in user.get('groups', []) %}
-      - group: users_{{ name }}_{{ group }}_group
    {% endfor %}
  {% endif %}

+
 {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}
 users_authorized_keys_{{ name }}:
  file.managed: