Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the supermarket mailing list.

Select Badges

Select Supported Platforms

RSS

common_auth (8) Versions 0.2.1

Resources to help manage Linux users, groups, sudo and openssh

Berkshelf/Librarian
Policyfile
Knife
cookbook 'common_auth', '~> 0.2.1'
cookbook 'common_auth', '~> 0.2.1', :supermarket
knife cookbook site install common_auth
knife cookbook site download common_auth
README
Dependencies
Changelog
Quality

common_auth cookbook

A cookbook which will create users, group, sudoers and configure openssh with the design to be based on group policies.

Requiremetns

  • Chef 12.7.0 or later.

Platform

  • Ubuntu

Attributes / Data Bags

The goal of this cookbook is to manage authentication related resources through a mixture of node attributes and data_bag_item, with node attributes taking precedence over the contents of a data_bag_item.

common_auth.groups

This namespace contains directives which will manage groups on a system as well as optionally populate a list of users to manage.

{
  "id": "group1",
  "gid": 1234,
  "members": ["user1","user2"],
  "require_members": true,
  "include_members": true,
  "sudoer": {
    "runas": "root",
    "nopasswd": false
  },
  "action": "create"
}
common_auth.groups.data_bag

The data_bag from which to pull group definitions, which provide the bulk of a group's definitions.

Additionally, though functionally provided by common_attrs, these data_bag_items may contain optional namespaces.

{
  "id": "group1",
  "gid": 1234,
  "require_members": true,
  "include_members": true,
  "_production": {
    "members": ["superuser"]
  },
  "_staging": {
    "members": ["user1","user2"]
  }
}
common_auth.groups.config

A hash containing attribute level overrides for the data_bag_item contents. These can be useful when you wish to provide overrides from a Cookbook, PolicyFile, Role or Environment.

{
  "config": {
    "group1": {
      "action": "delete"
    }
  }
}
common_auth.groups.managed

A hash containing a list of groups which should be managed on this machine. Each hash value may be either True symbolizing that this item should be managed or False, symbolizing that the group is safe to be deleted.

During the Chef run, the common_group_account LWRPs will update this Hash at the node precedence level, to ensure that the system keeps track of groups which had previously been managed during a Chef run and have since been deleted form the data_bag.

{
  "managed": {
    "group1": true,
    "group2": false
  }
}

common_auth.users

This namespace contains directives which will manage users on a system.

{
  "id": "user1",
  "uid": 1234,
  "gid": 1234,
  "common": "Managed by Chef",
  "home": "/home/user1",
  "shell": "/bin/bash",
  "password": "$6...",
  "keys": {
    "public_keys": {
      "pubkey1": "SHA",
      "pubkey2": "SHA"
    },
    "private_keys": {
      "privkey1": "SHA"
    }
  },
  "action": "create"
}
common_auth.users.data_bag

The data_bag from which to pull user definitions, which provide the bulk of a user's definitions.

These items may be un-encrypted, encrypted or be partially encrypted with the secure_data_bag gem.

Additionally, though functionally provided by common_attrs, these data_bag_items may contain optional namespaces.

{
  "id": "user1",
  "_production": {
    "password": "$6prodpass"
  },
  "_staging": {
    "password": "$6stagpass"
  }
}
common_auth.users.config

A hash containing attribute level overrides for the data_bag_item contents. These can be useful when you wish to provide overrides from a Cookbook, PolicyFile, Role or Environment.

{
  "config": {
    "user1": {
      "action": "delete"
    }
  }
}
common_auth.users.managed

A hash containing a list of users which should be managed on this machine. Each hash value may be either True symbolizing that this item should be managed or False, symbolizing that the group is safe to be deleted.

During the Chef run, the common_user_account LWRPs will update this Hash at the node precedence level, to ensure that the system keeps track of users which had previously been managed during a Chef run and have since been deleted form the data_bag.

{
  "managed": {
    "user1": true,
    "user2": false
  }
}

common_auth.sudoers

A Hash containing sudoers definitions which will drive the creation of sudo LWRP entries.

This is empty by default, except when the cookbook detects that it is being run inside of Vagrant, where the Vagrant user will be granted access.

common_auth.openssh.allow_groups

Hash of OpenSSH AllowGroup directives that will override the standard OpenSSH cookbook attributes.

{
  "allow_groups": {
    "group1": true,
    "group2": false
  }
}

This is empty by default, excpet when the cookbook detects that is is being run inside of Vagrant.

common_auth.openssh.match_groups

Hash of OpenSSH Match group statements which will override the standard OpenSSH cookbook attributes.

{
  "match_groups": {
    "group1": {
      "allow_tcp_forwarding": "yes"
    }
  }
}

todo : Ideally i'd like to move this into the group LWRP at some point.

Resources

common_user_account

Resource which will be responsible for creating a user resource and optionally a common_user_keys resource. Additionally, the creation or deletion of these attributes will be stored in node attributes to ensure that users are deleted if ommitted from configuration.

common_user_keys

Resource which will manage a user's ssh public authorized_keys, ssh private rsa keys and will automatically create an ssh_wrapper script for each private key.

common_group_account

Resource which will be responsible for creating a group resource and optinially a sudoers resource.

Recipes

common_auth::auth

This recipe will generate user and group resources based on attributes.

common_auth:openssh

This recipe will call the opeenssh cookbook to manage this service.

common_auth::sudoers

This recipe will generate sudo LWRP instances based on attributes.

common_auth

0.2.1

  • Resolve Chef 14 deprecation warning

0.2.0

  • metadata missing comma nothing errors why

0.1.9

  • Resolve error in creating of private id keys and ssh wrappers where all keys created with username rather than keyname

0.1.8

  • Remove common_group_account warning when passed include_members

0.1.7

  • Resolve a problem in the custom resources where soem values ( ex.: group memberships ) would never be populated.

0.1.6

  • Enhancement
    • Resolve Chef13 warning with secure_data_bag
  • Bugfix
    • Resolve bug in ssh_wrapper scripts

0.1.5

  • Add whyrun support to common_user_account
  • Add whyrun support to common_user_keys
  • Add whyrun support to common_group_account

0.1.4


  • Let's pretend it's the inital commit

Foodcritic Metric
            

0.2.1 failed this metric

FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/authorization-sudo.rb:2
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-groups.rb:4
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-groups.rb:8
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-groups.rb:13
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-openssh.rb:5
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-openssh.rb:9
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-openssh.rb:15
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-sudoers.rb:4
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-sudoers.rb:8
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-sudoers.rb:9
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-sudoers.rb:10
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-users.rb:4
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-users.rb:8
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-users.rb:13
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-users.rb:17
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-users.rb:18
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/openssh.rb:2
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/openssh.rb:23
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:9
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:13
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:14
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:18
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:22
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:23
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:28
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:37
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:73
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:82
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/openssh.rb:4
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/openssh.rb:5
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/openssh.rb:7
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/openssh.rb:8
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/sudo.rb:4
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_group_account.rb:38
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_group_account.rb:42
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_group_account.rb:65
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_group_account.rb:66
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_group_account.rb:68
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:27
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:33
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:63
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:85
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:86
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:88
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:97
FC001: Use strings in preference to symbols to access node attributes: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:105
FC002: Avoid string interpolation where not required: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:27
FC003: Check whether you are running with chef server before using server-specific features: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:28
FC003: Check whether you are running with chef server before using server-specific features: /tmp/5683f99e9773ca1963d74227/common_auth/recipes/auth.rb:73
FC016: LWRP does not declare a default action: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_group_account.rb:1
FC016: LWRP does not declare a default action: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_account.rb:1
FC016: LWRP does not declare a default action: /tmp/5683f99e9773ca1963d74227/common_auth/resources/common_user_keys.rb:1
FC046: Attribute assignment uses assign unless nil: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-openssh.rb:5
FC046: Attribute assignment uses assign unless nil: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-openssh.rb:15
FC046: Attribute assignment uses assign unless nil: /tmp/5683f99e9773ca1963d74227/common_auth/attributes/common_auth-sudoers.rb:4

Collaborator Number Metric
            

0.2.1 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.