summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJoey Hess2016-02-26 11:02:41 -0400
committerJoey Hess2016-02-26 11:02:41 -0400
commit1f69a4f7191a035329e254cf8f792929cd165009 (patch)
tree33cf55fbebd3c7b494c09cdeda3db545217f78e2 /src
parentb56f33bf5f3870081cf42fc67c752e1918a01b50 (diff)
parent1501509f5dfb5c93fd572f472756c96905d41ce4 (diff)
Merge branch 'joeyconfig'
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/OS.hs2
-rw-r--r--src/Propellor/Property/Ssh.hs34
2 files changed, 15 insertions, 21 deletions
diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs
index 5678b818..5f1adddb 100644
--- a/src/Propellor/Property/OS.hs
+++ b/src/Propellor/Property/OS.hs
@@ -221,7 +221,7 @@ preserveRootSshAuthorized :: Property NoInfo
preserveRootSshAuthorized = check (fileExist oldloc) $
property (newloc ++ " copied from old OS") $ do
ks <- liftIO $ lines <$> readFile oldloc
- ensureProperties (map (Ssh.authorizedKey (User "root")) ks)
+ ensureProperties (map (setupRevertableProperty . Ssh.authorizedKey (User "root")) ks)
where
newloc = "/root/.ssh/authorized_keys"
oldloc = oldOSDir ++ newloc
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index c21f009f..b67c53dd 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -30,7 +30,6 @@ module Propellor.Property.Ssh (
unauthorizedKeysFrom,
authorizedKeys,
authorizedKey,
- unauthorizedKey,
hasAuthorizedKeys,
getUserPubKeys,
) where
@@ -372,7 +371,7 @@ localuser@(User ln) `unauthorizedKeysFrom` (remoteuser@(User rn), remotehost) =
go [] = return NoChange
go ls = ensureProperty $ combineProperties desc $
- map (unauthorizedKey localuser) ls
+ map (revert . authorizedKey localuser) ls
authorizedKeyLines :: User -> Host -> Propellor [File.Line]
authorizedKeyLines remoteuser remotehost =
@@ -395,25 +394,20 @@ authorizedKeys user@(User u) context = withPrivData (SshAuthorizedKeys u) contex
-- | Ensures that a user's authorized_keys contains a line.
-- Any other lines in the file are preserved as-is.
-authorizedKey :: User -> String -> Property NoInfo
-authorizedKey user@(User u) l = property desc $ do
- f <- liftIO $ dotFile "authorized_keys" user
- modAuthorizedKey f user $
- f `File.containsLine` l
- `requires` File.dirExists (takeDirectory f)
+authorizedKey :: User -> String -> RevertableProperty NoInfo
+authorizedKey user@(User u) l = add <!> remove
where
- desc = u ++ " has authorized_keys"
-
--- | Reverts `authorizedKey`
-unauthorizedKey :: User -> String -> Property NoInfo
-unauthorizedKey user@(User u) l = property desc $ do
- f <- liftIO $ dotFile "authorized_keys" user
- ifM (liftIO $ doesFileExist f)
- ( modAuthorizedKey f user $ f `File.lacksLine` l
- , return NoChange
- )
- where
- desc = u ++ " lacks authorized_keys"
+ add = property (u ++ " has authorized_keys") $ do
+ f <- liftIO $ dotFile "authorized_keys" user
+ modAuthorizedKey f user $
+ f `File.containsLine` l
+ `requires` File.dirExists (takeDirectory f)
+ remove = property (u ++ " lacks authorized_keys") $ do
+ f <- liftIO $ dotFile "authorized_keys" user
+ ifM (liftIO $ doesFileExist f)
+ ( modAuthorizedKey f user $ f `File.lacksLine` l
+ , return NoChange
+ )
modAuthorizedKey :: FilePath -> User -> Property NoInfo -> Propellor Result
modAuthorizedKey f user p = ensureProperty $ p