summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJoey Hess2016-02-26 11:02:36 -0400
committerJoey Hess2016-02-26 11:02:36 -0400
commit1501509f5dfb5c93fd572f472756c96905d41ce4 (patch)
treea5cdac1f0e5d9ee8a2dfaf701ed7b7fb498e5d72 /src
parent0cba8dec39447f030c0f765d1d84a1c2466b9bfc (diff)
Removed Ssh.unauthorizedKey and made Ssh.authorizedKey revertable. (API change)
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/OS.hs2
-rw-r--r--src/Propellor/Property/Ssh.hs34
2 files changed, 15 insertions, 21 deletions
diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs
index 5678b818..5f1adddb 100644
--- a/src/Propellor/Property/OS.hs
+++ b/src/Propellor/Property/OS.hs
@@ -221,7 +221,7 @@ preserveRootSshAuthorized :: Property NoInfo
preserveRootSshAuthorized = check (fileExist oldloc) $
property (newloc ++ " copied from old OS") $ do
ks <- liftIO $ lines <$> readFile oldloc
- ensureProperties (map (Ssh.authorizedKey (User "root")) ks)
+ ensureProperties (map (setupRevertableProperty . Ssh.authorizedKey (User "root")) ks)
where
newloc = "/root/.ssh/authorized_keys"
oldloc = oldOSDir ++ newloc
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index c21f009f..b67c53dd 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -30,7 +30,6 @@ module Propellor.Property.Ssh (
unauthorizedKeysFrom,
authorizedKeys,
authorizedKey,
- unauthorizedKey,
hasAuthorizedKeys,
getUserPubKeys,
) where
@@ -372,7 +371,7 @@ localuser@(User ln) `unauthorizedKeysFrom` (remoteuser@(User rn), remotehost) =
go [] = return NoChange
go ls = ensureProperty $ combineProperties desc $
- map (unauthorizedKey localuser) ls
+ map (revert . authorizedKey localuser) ls
authorizedKeyLines :: User -> Host -> Propellor [File.Line]
authorizedKeyLines remoteuser remotehost =
@@ -395,25 +394,20 @@ authorizedKeys user@(User u) context = withPrivData (SshAuthorizedKeys u) contex
-- | Ensures that a user's authorized_keys contains a line.
-- Any other lines in the file are preserved as-is.
-authorizedKey :: User -> String -> Property NoInfo
-authorizedKey user@(User u) l = property desc $ do
- f <- liftIO $ dotFile "authorized_keys" user
- modAuthorizedKey f user $
- f `File.containsLine` l
- `requires` File.dirExists (takeDirectory f)
+authorizedKey :: User -> String -> RevertableProperty NoInfo
+authorizedKey user@(User u) l = add <!> remove
where
- desc = u ++ " has authorized_keys"
-
--- | Reverts `authorizedKey`
-unauthorizedKey :: User -> String -> Property NoInfo
-unauthorizedKey user@(User u) l = property desc $ do
- f <- liftIO $ dotFile "authorized_keys" user
- ifM (liftIO $ doesFileExist f)
- ( modAuthorizedKey f user $ f `File.lacksLine` l
- , return NoChange
- )
- where
- desc = u ++ " lacks authorized_keys"
+ add = property (u ++ " has authorized_keys") $ do
+ f <- liftIO $ dotFile "authorized_keys" user
+ modAuthorizedKey f user $
+ f `File.containsLine` l
+ `requires` File.dirExists (takeDirectory f)
+ remove = property (u ++ " lacks authorized_keys") $ do
+ f <- liftIO $ dotFile "authorized_keys" user
+ ifM (liftIO $ doesFileExist f)
+ ( modAuthorizedKey f user $ f `File.lacksLine` l
+ , return NoChange
+ )
modAuthorizedKey :: FilePath -> User -> Property NoInfo -> Propellor Result
modAuthorizedKey f user p = ensureProperty $ p