From 1501509f5dfb5c93fd572f472756c96905d41ce4 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 26 Feb 2016 11:02:36 -0400 Subject: Removed Ssh.unauthorizedKey and made Ssh.authorizedKey revertable. (API change) --- src/Propellor/Property/OS.hs | 2 +- src/Propellor/Property/Ssh.hs | 34 ++++++++++++++-------------------- 2 files changed, 15 insertions(+), 21 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs index 5678b818..5f1adddb 100644 --- a/src/Propellor/Property/OS.hs +++ b/src/Propellor/Property/OS.hs @@ -221,7 +221,7 @@ preserveRootSshAuthorized :: Property NoInfo preserveRootSshAuthorized = check (fileExist oldloc) $ property (newloc ++ " copied from old OS") $ do ks <- liftIO $ lines <$> readFile oldloc - ensureProperties (map (Ssh.authorizedKey (User "root")) ks) + ensureProperties (map (setupRevertableProperty . Ssh.authorizedKey (User "root")) ks) where newloc = "/root/.ssh/authorized_keys" oldloc = oldOSDir ++ newloc diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index c21f009f..b67c53dd 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -30,7 +30,6 @@ module Propellor.Property.Ssh ( unauthorizedKeysFrom, authorizedKeys, authorizedKey, - unauthorizedKey, hasAuthorizedKeys, getUserPubKeys, ) where @@ -372,7 +371,7 @@ localuser@(User ln) `unauthorizedKeysFrom` (remoteuser@(User rn), remotehost) = go [] = return NoChange go ls = ensureProperty $ combineProperties desc $ - map (unauthorizedKey localuser) ls + map (revert . authorizedKey localuser) ls authorizedKeyLines :: User -> Host -> Propellor [File.Line] authorizedKeyLines remoteuser remotehost = @@ -395,25 +394,20 @@ authorizedKeys user@(User u) context = withPrivData (SshAuthorizedKeys u) contex -- | Ensures that a user's authorized_keys contains a line. -- Any other lines in the file are preserved as-is. -authorizedKey :: User -> String -> Property NoInfo -authorizedKey user@(User u) l = property desc $ do - f <- liftIO $ dotFile "authorized_keys" user - modAuthorizedKey f user $ - f `File.containsLine` l - `requires` File.dirExists (takeDirectory f) +authorizedKey :: User -> String -> RevertableProperty NoInfo +authorizedKey user@(User u) l = add remove where - desc = u ++ " has authorized_keys" - --- | Reverts `authorizedKey` -unauthorizedKey :: User -> String -> Property NoInfo -unauthorizedKey user@(User u) l = property desc $ do - f <- liftIO $ dotFile "authorized_keys" user - ifM (liftIO $ doesFileExist f) - ( modAuthorizedKey f user $ f `File.lacksLine` l - , return NoChange - ) - where - desc = u ++ " lacks authorized_keys" + add = property (u ++ " has authorized_keys") $ do + f <- liftIO $ dotFile "authorized_keys" user + modAuthorizedKey f user $ + f `File.containsLine` l + `requires` File.dirExists (takeDirectory f) + remove = property (u ++ " lacks authorized_keys") $ do + f <- liftIO $ dotFile "authorized_keys" user + ifM (liftIO $ doesFileExist f) + ( modAuthorizedKey f user $ f `File.lacksLine` l + , return NoChange + ) modAuthorizedKey :: FilePath -> User -> Property NoInfo -> Propellor Result modAuthorizedKey f user p = ensureProperty $ p -- cgit v1.2.3