Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

ama-ssh-private-keys (4) Versions 0.2.2

Manages SSH private keys

Berkshelf/Librarian
Policyfile
Knife
cookbook 'ama-ssh-private-keys', '~> 0.2.2'
cookbook 'ama-ssh-private-keys', '~> 0.2.2', :supermarket
knife cookbook site install ama-ssh-private-keys
knife cookbook site download ama-ssh-private-keys
README
Dependencies
Changelog
Quality 56%

Cookbook ama-ssh-private-keys

Supermarket CircleCI / master Scrutinizer

This cookbook allows end user to install private keys for specified accounts.

Cookbook provides self-explanatory ssh_private_key resource:

ssh_private_key 'id_rsa' do
  user 'jodie'
  content '-----BEGIN PRIVATE KEY-----...'
end

This will save provided key as {jodie's home}/.ssh/id_rsa with mode 0600.

Cookbook also exposes default recipe that will take all items from data bag with name specified as [ama][ssh-private-keys][data-bag] attribute (ssh-private-keys by default) and simply pass them to resource.

If you want to use automatic public key generation and/or validation, additional information is specified below.

Eye-catching warning: if you are using this cookbook, you're quite certainly working with keys providing some sensitive access. Ensure and double check that you minimize risk of exposure of your keys as much as possible. This cookbook, on it's behalf, tries to do the same.

Requirements

  • Chef 12+
  • Ruby 2.3.0+
  • Installed and available on $PATH ssh-keygen binary for validation and public key generation (disabled by default)

Tested against

  • Debian 7.3+
  • Ubuntu 14.04+
  • Centos 6.0+
  • Fedora 24+

Generally internals are very simple, so it should run anywhere.

Full resource specification

ssh_private_key 'hackerman:default' do
  id 'id_rsa' # name_property
  user 'hackerman' # required
  type 'ssh-rsa' # ssh-(rsa|dss|ed25519), ecdsa-sha2-nistp(256|384|521)
  content '' # required

  parent_directory '/workspace'
  mode '0600'

  # optional, required for validation / public key creation
  passphrase '2018' 

  # optional, required for public key creation
  comment 'hack-the-time'

  install_public_key true # defaults to false
  public_key_mode '0644'
  public_key_suffix '.pub'
  # if not specified, public key will be derived from private key
  # using ssh-keygen
  public_key ''

  perform_validation true # defaults to false

  action :create # :create/install, :delete/remove
end

If install_public_key is set to true, resource will create public key file next to private key file. If public key is not supplied, it will be derived from private key (passphrase may be needed to do so).

If perform_validation is set to true, internal validator will make following assertions before any file will be installed:

  • Public key may be derived from supported private key
  • If public key is provided, it matches generated public key
  • If key type is provided, it matches type recovered by ssh-keygen

All not-safe-for-exposure resource properties are declared as sensitive and won't appear in logs. Private keys are written to temporary files (mode 0600) for validation / public key derivation which are erased using ensure blocks - only newer ssh-keygen versions accept stdin for reading.

Licensing

MIT License / AMA Team

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

ama-linux-user-management Applicable Versions

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[0.2.1] - 2017-08-09

Fixed

  • Fixed bug that resulted in validation error when trying to delete key without setting it's content

[0.2.0] - 2017-06-30

Changed

  • [BC] Revamped resource specification, now it has different fields and may generate public key itself

[0.1.1] - 2017-06-23

Changed

  • Fixed two bugs preventing default recipe from normal execution

[0.1.0] - 2017-06-20

Added

  • Initial implementation

Collaborator Number Metric
            

0.2.2 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.2.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.2.2 passed this metric

License Metric
            

0.2.2 passed this metric

No Binaries Metric
            

0.2.2 passed this metric

Publish Metric
            

0.2.2 passed this metric

Supported Platforms Metric
            

0.2.2 passed this metric

Testing File Metric
            

0.2.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.2.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number