Manage authorized ssh keys for admins
authorJan Dittberner <jan@dittberner.info>
Thu, 13 Apr 2017 12:20:21 +0000 (14:20 +0200)
committerJan Dittberner <jan@dittberner.info>
Thu, 13 Apr 2017 12:20:21 +0000 (14:20 +0200)
hieradata/common.yaml
sitemodules/profiles/manifests/base.pp

index 1b33a33..a9cd1d7 100644 (file)
@@ -5,8 +5,26 @@ profiles::base::users:
     fullname: Jan Dittberner
     uid: 1000
     password: ENC[PKCS7,MIIB2gYJKoZIhvcNAQcDoIIByzCCAccCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAYmmeAt8w5DMzcB2T84r/s2mikksh1kxVFEG5Nk0o/jOh0BSdtKnEZLYV1SRa2Gvgu6ACqLAqYD+4c9neAnYcQrYL5y9rXC+l61bid3L83wM2XkBJYt534ZlU8XqjEB7R7wyQu+uVXA6PAqy9YccAJmAkDiIHy07yVoG8biG71IoCX7f40Otw28iXLU/N7xoX5ngGrWZaVDkQulwGxFAjD9KDwho9/pPXFEfqdeuJSuL3t3O3PEumvuva+qiZHO8Mb4Ngg8wDgHNFHXLjxohBGQ4e2RgrrcGWwFa+nSFRSukOecFv+WNzBbnNon7hiZ3QiFZoH9ooWIbfghWfZiWAezCBnAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQSYlfah+RAoUKmvuQGB79E4BwJDg6EL2YyQ1GWFxz2EYj9cjaVD4AhLUJqsgex5YozliQZCPcflv3VoegHTp2jJ742HbrRDZmE7ZNlsj7BswpOVtE1SO4Xqh4OJTmvLy4V2G2sac/usorrB5LwS+n55Fp/PTBHe3VD0R0Ywv24K6bYg==]
+    ssh_keys:
+      -
+        name: default
+        type: ssh-rsa
+        key: ENC[PKCS7,MIIEPQYJKoZIhvcNAQcDoIIELjCCBCoCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAV95FOtVeyG8OAzQHmi+oWO+iCkqdkiNgMbCqYujvCpXhqQl42GloghrfP0nvU4c7HiY4wA1HEd3M3Yj5t3//S7mAauhLrxGkS1P3oeN+Q9nFC76F3sbWVoO2reI0h58o6a4r2vU/r+Vely3F67y+3T38X69Amw41/SG+cf5GOJoYzMPbFzNBh7nZlS0U/gx5tXCitrUdWqvmaLYLorDEII9JfNMqXFsAthkxy9G/VI8pSZU8LGfCmvb0eBkuiFZ1wNwkvVLItAHTojtR9RfjN7uRplJf71ulsPDOLk028hoe0wx3Iz6GDSm37adNXYXrwEG+cc/7e8S4Rq4wUL8OajCCAv4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJocSNI7Xxh05qLbKDQowdKAggLQwdxzSyWRWLImjlVg9RXwVN/ukICpMGMnpreY72m4pGGH0UXZ7yCKfN+SaM5Zt+WbDLFBHSiFu+X3vq0hSK8osK8VLxUV/GeuKu1fsOs6q6Sx7aZE+0b4FEXqAtQVg4aCACeuVAdcKnAiwXUpEjGbekIWAnWeDElDiipRhf0VQhQ3VGngzHq/GTZ9XeNpv+Imk2oNVA+W50yRZ4dTX0kXv8NVMzBNskjirPzRbDltfm5lDGAncOkMTt/5WlW0YFD33nEueMmWQ53hpuD4HmRroNiPElXw+aM2ttf3FIdltAx1aBe+Ao1CdUZf4cq/GDjlbPGbUTkXI9CM8Y6WAI82mQvsbrfC4p7a8OcwNrTZj17TqJR/KQzmSUvYZqkc7tEWSt5MqB8MzmnYiBBpH2tk4uk/RzdeioXkjTudYIFGb1kps0B2qlK4aVBIuRGjE/E7GaZY1EydmC9tfMaPN2mNCmGe4ZC6Igg/XWC2ElxY52ANldJZKUvK0nT1g9SeWkmRzFl8rOhXb9o1I04fXsvwCSy1n5aHz+hUHheUJm9r+evI7EOQwpYis19CUTaQG1yrIDCgmDAjRWrkEl4hs0jEYt4EzxqymDmJC3xU26WAk+iZ914l6nmwzdqDgcfapstigFYaTu7bGNgtDBxBVA1bocf4Ibf741r5EzeAaVEbN6WSFkgX/ma/DTn0ou04sei1KC7Gb2VwC76DCGmtnj2qxPbhE42zhUhoL7RCXwEKvBfJJF6CP4O/hacdcm5Vm1BpkATOSQu+7GJOWG0s5bf4ukdSXfi90sX2SL4AQzC7CWJpQihLUf14OdDtJJ1kCL6Oa5C/pWvynFbAK7/18hCexdmvCiXv5xIu9zldpN5x4s63xr2ZuIA/cFcGIo/xXCNWybdluqfgjLZKD3csF/4pMw5+lTRVXS+tatSaAP19pbz/dBH/CtRvJX/Zs43hxbjW]
+      -
+        name: edgepolster
+        type: ssh-rsa
+        key:  ENC[PKCS7,MIIC7QYJKoZIhvcNAQcDoIIC3jCCAtoCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAuTm982b9l+AXsDMkM/XlAc2o5oiAxSHN/rEObWnGL+9SkJj22Ln8otYymPZ/LfePrAKT5X0Bl+sek1Z3/KIsIulnKibHYwb3Nd3zwa1YyrxyFcLAg993Fb8aO3/lTZ6QMkuowKRB2bNheYOl6kwgnfEHMEi06V7owHoPriOTQpH1sKrcIdJX0sefFhttC6LMDxZKEWJuRcGTGSSZx0g0Q9bKIxElKScAuK3+ptm50m688yOgvlG5EZeR9fKGlDXRK2D451mg74GvE1NwOcO8fdXOPXFKeQzsN2duKFvPbJl8BWswaQfyhqzqJmUU17wz10Va6v8R93fEnjyUJRdB7TCCAa4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEIRyL9YjKiYbINKg++yNxOeAggGAII9L0zWfvwFG9PntQVWnWhgAkHzJj5iWli4DrKlRIxI63jXyEbCEgNKl7sl5BT5nGb89KPHbCG7HD/HoVRSHe1hBMRB77CmN8xXIwT0ZKGszPAjOSOEwySOPgbASHJaiY7hMJTBXp3uIQEJ4iXhv0cZBeP40XBFsHpjVEkrgF1qoFYNn7HgJ0E6M/yRNjvD/1WCwj/hvZhcdIkyHVXiicB03I4Vuk5PwTEJ6O0WQgMcEePdYfRoVNneewed1E1ytqRHcL+qalfyG7VfhseNwDyngIhaF8JlMtXMfMWa1uZsj58v2Hx48b61jKn39a6CLJNl+KmmErLcja4i8LmJzM+e2sPJJu5MGfNddlCC3elwOmtHUL9ZI1mXFiInQfBRfV1WWjyP5556XakKXWL4KYPQdXUNXZCsHgmzlaulyCyYMx7grXo+dz4DXriZZ1BHrOYnEbyzZE44m2uoaCpB8X7cGCAtAEWPU7vbAEEA0EtpvgssAiRI9cKZTfxTZ9Ass]
+      -
+        name: roadie
+        type: ssh-rsa
+        key: ENC[PKCS7,MIIC7QYJKoZIhvcNAQcDoIIC3jCCAtoCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAZ5rfp5+Uf2EYYXrppAacsfX5+PN4PNynQwCcxjoDyIu4bOeO1KJiv5WmT4HfUXsGe0nWXr2sVbXwQz2SCIyCRQ1YIcTPSlAbGYFWZIggSPzr2Rs2hNvCLyOHw0tN3IoO890O92kg9x96Ml+ACULRVGmh4aO21Mml4J0tF671cRWFFqKNUPCxRSs1vU+QVyz5L6KJEv5xTSAg8+gIjjiNS0bTGsVEO7qBoazo/6jOvNp3DTDbZamg8WXN4ScCOHGzC5+9qajd+WplFQPBkSP2WuP2YleLeryJkYA+99pjL08VgPs8ekluWoNzJXpQdy1W0BTwoNcwE3951ZjCXvC95TCCAa4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEENfzDe3PRDzuKDu61CbWtc+AggGA/xdAXjSkHPbKaGXEhwj77NYjNCImUvhA8MHnT1F4TxwoVS/rPKja9c7s4GU41LM1Na1vaJF/CSdd46N+pv1+z8/cwDEUrUG0lFclPADS7d37RNqJ/TRv91/y+p9HGI7k3c2ZvDWG5hkS7ceByLb2+ulNfckTjSxqEA+NaQ0PEpW9qvdsH1p7TzNVICmDg4NBVqRjzG9/9ZQQWA9q9+sSXgQ9fB2ce8SasA93MU7/WVE/bJYeHljbK7/rwUFVOpWCRAvxK609b6XUxGrCxa+jgI8EzkH1J1z/UMMsetA+VOMoe9TXCOal6HIIKa//BzChNn+ro3JbgyKh5CJ26x0rQ14/OewWwRkKW+E9LCoG19cI6QvaLNZ50PLcG/kt81S9w8CxUhDtvwEID6bQr/KtzCTHqWaIs9H6PdgRGVY1XHeSU8nKVowC36VeuRuYO9XnvD10GC18dvUMQKz+EOKjCMfl9Ko3MheqDY5rm5O1PlXqmK7VazczCKI/ddRmg4oA]
   law:
     username: law
     fullname: Mario Lipinski
     uid: 1001
     password: ENC[PKCS7,MIIB2gYJKoZIhvcNAQcDoIIByzCCAccCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAc0aZpU2bfVCFwNTbfZfg4VVDqHLB5DNMQjWxwP1FJ/SKUOuApFhOH20nRtZf+KQUo3XnltTqF4Hq+Wt1XclvhzS9UijufQZCGrbWFIJNNEAZ6SVoFKWWRuwmHL34LI0xjidmIFLjM5YeNd3d5+pEU1YQjeS09N58SPySSkDFzUXCgjFMTKzP8nYvTsJ1jpIrXfg7g/gvVJZGXLIQAoDmU2pe1/grPyst5Bc15Rpb2GRKSpl2Cg3qIqv9WQPwNjxHrGKaSpMN/HEaNAUC4cYceUUN3S6/jkPfCtoqBXDyVXHoY7FB7gXpNZiO4ByMF1Uh45zRweH/3nq+69Pk0r4AeDCBnAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQ+Avp4L2ueR0dPafRqPGGjIBwW5o3/Zq8DiK4XVzZx/wf4chUu1g3dvJYh/Fn42wv85eBNQrmPFqvj78HybmdStAduY91+dyOPPyux4V0dnco0xr+Ceeym7km9WnWyJgPgC/POjPUQcyUuO58/PyDmVqv+P8RH2rDMSJCSzSRMBFVXg==]
+    ssh_keys:
+      -
+        name: default
+        type: ssh-dss
+        key: ENC[PKCS7,MIIDvQYJKoZIhvcNAQcDoIIDrjCCA6oCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAFlMnp5/GjTc9u6H7IlFvPb1OCGx+2EkijO0S0jqwIV3u4ZTCGrxxfQR99iW4o4ID1nvkXjecLJzcL+D158tmcnQrVHVJWRobZ+wGYtDRFge03Kh7uZXI+MPQ6ndc2TTRpYPz7XSDrzm2HCAL7vEogeORKsfE8bjAnNEkHy1V/lOixaLa1yYUid1erGKoOyYItBbwH6pMhejTIeLQ1i/er4sWafaiOOof7WsuahN/vYhWzcax17lBcsbPUH8kPcZWz04b+hPVForD2gPnUsL53IX1E/AfcZD1ulcfAPR4KrWEPH6jmM7bhgKnUDBxp2yMCXsm7apMwIiEOXf7rvGUczCCAn4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEABESUVzMYsINc6QIE29XoaAggJQXiYOQnw99VJuAsjD/jkYix6/+HR48YzmRO/8qX7UqAprAv1bJ3GNLzJe+ibhokFHuj5dk6dfXnAOwGeFrD180TR7BBDIkw1jBwX8p+8mQMeAKv5rF9B3041oGfrxvFrE7lBgYW6pGhaHmycP9/nPmoPYWT+V3OhViVZkhi+3j9MjHgPKa7kTRzbFYo4xmpjYtRN2E3Ftvg6zqgEGtlxlBet22ICNCj9CFoIrvRVP3NQue5sRbQj0KKih+KWfN4gT7GWqhIvKtzESp0vU/WbyDFfEbfON9jFVloo+ndGcLs1k0e3LUpu90lDZ450SWc+DbMi5YlWMN/CvWKzuVahw7gIYMP0Ug9a/7x8WQqi7ilmkqU2rmlVdcCgvTjx9R/5G+mVXsCJgud55o9d3aP9eBcaqRIQ/vTmhdNpbmKmfaga/w3GE59K0v3ovNGEv64XJtJDLaD7ZkrUpwjZyexGaSjNvYCLcQUZwLtQ4SB0nqbT/FGv9BnH9mFUcu4S2CM5Yy8RcBGZ8DKAKHRez+RyzNwhjQ01VS5IOvIuXNsYnVCzuZ/MQelxgk5fzAC5wYXrpj+COoQY8QhhKmjLxO0HD5MdhbUQ+Nnmid8vOs5s7MsV/jeKsSeM+sxmA3M1aDFy/0rZ2zS2XbMePd7iBNTB3LwAjzIwx3SJbNDAJ0CDEM5e9iWkWah17PqvzLufE0QCd5FgbS/RxW7PAXtHWHvcx0qg1MJZXl5DGWy0HcxcWMJHmLNSjmEgEGcuRTvwAK0whbQePKIvBBvY6Gaovs18EOw==]
index 961cbb8..d1d709b 100644 (file)
@@ -48,6 +48,15 @@ class profiles::base (
       password => $user['password'],
       uid      => $user['uid'],
     }
+    $user['ssh_keys'].each |Hash[String, Data] $keydata| {
+        ssh_authorized_key { "$user['username']@$keydata['name']":
+            ensure  => present,
+            user    => $user['username'],
+            type    => $keydata['type'],
+            key     => $keydata['key'],
+            require => User[$user['username']],
+        }
+    }
   }
 
   file { '/etc/init.d/puppet':