diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-02-26 11:02:41 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-02-26 11:02:41 -0400 |
| commit | 1f69a4f7191a035329e254cf8f792929cd165009 (patch) | |
| tree | 33cf55fbebd3c7b494c09cdeda3db545217f78e2 | |
| parent | b56f33bf5f3870081cf42fc67c752e1918a01b50 (diff) | |
| parent | 1501509f5dfb5c93fd572f472756c96905d41ce4 (diff) | |
Merge branch 'joeyconfig'
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | src/Propellor/Property/OS.hs | 2 | ||||
| -rw-r--r-- | src/Propellor/Property/Ssh.hs | 34 |
3 files changed, 17 insertions, 21 deletions
diff --git a/debian/changelog b/debian/changelog index 76367e6d..203f86e1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,8 @@ propellor (2.16.0) UNRELEASED; urgency=medium * Firewall.rule: Now takes a Table parameter. (API change) * Ssh.authorizedKey: Fix bug preventing it from working when the authorized_keys file does not yet exist. + * Removed Ssh.unauthorizedKey and made Ssh.authorizedKey revertable. + (API change) -- Joey Hess <id@joeyh.name> Fri, 19 Feb 2016 11:29:53 -0400 diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs index 5678b818..5f1adddb 100644 --- a/src/Propellor/Property/OS.hs +++ b/src/Propellor/Property/OS.hs @@ -221,7 +221,7 @@ preserveRootSshAuthorized :: Property NoInfo preserveRootSshAuthorized = check (fileExist oldloc) $ property (newloc ++ " copied from old OS") $ do ks <- liftIO $ lines <$> readFile oldloc - ensureProperties (map (Ssh.authorizedKey (User "root")) ks) + ensureProperties (map (setupRevertableProperty . Ssh.authorizedKey (User "root")) ks) where newloc = "/root/.ssh/authorized_keys" oldloc = oldOSDir ++ newloc diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index c21f009f..b67c53dd 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -30,7 +30,6 @@ module Propellor.Property.Ssh ( unauthorizedKeysFrom, authorizedKeys, authorizedKey, - unauthorizedKey, hasAuthorizedKeys, getUserPubKeys, ) where @@ -372,7 +371,7 @@ localuser@(User ln) `unauthorizedKeysFrom` (remoteuser@(User rn), remotehost) = go [] = return NoChange go ls = ensureProperty $ combineProperties desc $ - map (unauthorizedKey localuser) ls + map (revert . authorizedKey localuser) ls authorizedKeyLines :: User -> Host -> Propellor [File.Line] authorizedKeyLines remoteuser remotehost = @@ -395,25 +394,20 @@ authorizedKeys user@(User u) context = withPrivData (SshAuthorizedKeys u) contex -- | Ensures that a user's authorized_keys contains a line. -- Any other lines in the file are preserved as-is. -authorizedKey :: User -> String -> Property NoInfo -authorizedKey user@(User u) l = property desc $ do - f <- liftIO $ dotFile "authorized_keys" user - modAuthorizedKey f user $ - f `File.containsLine` l - `requires` File.dirExists (takeDirectory f) +authorizedKey :: User -> String -> RevertableProperty NoInfo +authorizedKey user@(User u) l = add <!> remove where - desc = u ++ " has authorized_keys" - --- | Reverts `authorizedKey` -unauthorizedKey :: User -> String -> Property NoInfo -unauthorizedKey user@(User u) l = property desc $ do - f <- liftIO $ dotFile "authorized_keys" user - ifM (liftIO $ doesFileExist f) - ( modAuthorizedKey f user $ f `File.lacksLine` l - , return NoChange - ) - where - desc = u ++ " lacks authorized_keys" + add = property (u ++ " has authorized_keys") $ do + f <- liftIO $ dotFile "authorized_keys" user + modAuthorizedKey f user $ + f `File.containsLine` l + `requires` File.dirExists (takeDirectory f) + remove = property (u ++ " lacks authorized_keys") $ do + f <- liftIO $ dotFile "authorized_keys" user + ifM (liftIO $ doesFileExist f) + ( modAuthorizedKey f user $ f `File.lacksLine` l + , return NoChange + ) modAuthorizedKey :: FilePath -> User -> Property NoInfo -> Propellor Result modAuthorizedKey f user p = ensureProperty $ p |