1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- import collections
- def _ssh_user_allowed (access_config, node_id, node_config, entry_name):
- if type (node_config) not in [ dict, collections.OrderedDict ]:
- raise Exception ("The pillar node config of node \"%s\" seem to be broken or missing!" % node_id)
- roles = node_config.get ('roles', [])
-
- if type (access_config) == str:
- if access_config == "global":
- return True
- if type (access_config) not in [ dict, collections.OrderedDict ]:
- raise Exception ("SSH configuration for entry %s seems broken!" % (entry_name))
-
- elif "global" in access_config:
- return True
-
- elif node_id in access_config.get ('nodes', {}):
- return True
-
- for allowed_role in access_config.get ('roles', []):
- if allowed_role in roles:
- return True
- return False
- def get_ssh_authkeys (ssh_config, node_config, node_id, username):
- auth_keys = []
- for entry_name, entry in ssh_config['keys'].items ():
- access = entry.get ('access', {})
- add_keys = False
-
- if username not in access:
- continue
- user_access = access.get (username)
- if _ssh_user_allowed (user_access, node_id, node_config, entry_name):
- for key in entry.get ('pubkeys', []):
- if key not in auth_keys:
- auth_keys.append (key)
- return sorted (auth_keys)
|