Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

ama-ssh-private-keys (5) Versions 0.2.0

Manages SSH private keys

Policyfile
Berkshelf
Knife
cookbook 'ama-ssh-private-keys', '= 0.2.0', :supermarket
cookbook 'ama-ssh-private-keys', '= 0.2.0'
knife supermarket install ama-ssh-private-keys
knife supermarket download ama-ssh-private-keys
README
Dependencies
Changelog
Quality 20%

Cookbook ama-ssh-private-keys

Supermarket
CircleCI / master
Scrutinizer

This cookbook allows end user to install private keys for specified
accounts.

Cookbook provides self-explanatory ssh_private_key resource:

ssh_private_key 'id_rsa' do
  user 'jodie'
  content '-----BEGIN PRIVATE KEY-----...'
end

This will save provided key as {jodie's home}/.ssh/id_rsa with mode
0600.

Cookbook also exposes default recipe that will take all items from
data bag with name specified as [ama][ssh-private-keys][data-bag]
attribute (ssh-private-keys by default) and simply pass them to
resource.

If you want to use automatic public key generation and/or validation,
additional information is specified below.

Eye-catching warning: if you are using this cookbook, you're
quite certainly working with keys providing some sensitive access.
Ensure and double check that you minimize risk of exposure of your
keys as much as possible. This cookbook, on it's behalf, tries to do
the same.

Requirements

  • Chef 12+
  • Ruby 2.3.0+
  • Installed and available on $PATH ssh-keygen binary for validation and public key generation (disabled by default)

Tested against

  • Debian 7.3+
  • Ubuntu 14.04+
  • Centos 6.0+
  • Fedora 24+

Generally internals are very simple, so it should run anywhere.

Full resource specification

ssh_private_key 'hackerman:default' do
  id 'id_rsa' # name_property
  user 'hackerman' # required
  type 'ssh-rsa' # ssh-(rsa|dss|ed25519), ecdsa-sha2-nistp(256|384|521)
  content '' # required

  parent_directory '/workspace'
  mode '0600'

  # optional, required for validation / public key creation
  passphrase '2018' 

  # optional, required for public key creation
  comment 'hack-the-time'

  install_public_key true # defaults to false
  public_key_mode '0644'
  public_key_suffix '.pub'
  # if not specified, public key will be derived from private key
  # using ssh-keygen
  public_key ''

  perform_validation true # defaults to false

  action :create # :create/install, :delete/remove
end

If install_public_key is set to true, resource will create public key
file next to private key file. If public key is not supplied, it will
be derived from private key (passphrase may be needed to do so).

If perform_validation is set to true, internal validator will make
following assertions before any file will be installed:

  • Public key may be derived from supported private key
  • If public key is provided, it matches generated public key
  • If key type is provided, it matches type recovered by ssh-keygen

All not-safe-for-exposure resource properties are declared as sensitive
and won't appear in logs. Private keys are written to temporary files
(mode 0600) for validation / public key derivation which are erased
using ensure blocks - only newer ssh-keygen versions accept stdin
for reading.

Licensing

MIT License / AMA Team

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

ama-linux-user-management Applicable Versions

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog
and this project adheres to Semantic Versioning.

[0.2.0] - 2017-06-30

Changed

  • [BC] Revamped resource specification, now it has different fields and may generate public key itself.

[0.1.1] - 2017-06-23

Changed

  • Fixed two bugs preventing default recipe from normal execution

[0.1.0] - 2017-06-20

Added

  • Initial implementation

Collaborator Number Metric
            

0.2.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

License Metric
            

0.2.0 passed this metric

Testing File Metric
            

0.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number