@ -15,48 +15,64 @@ set -e
service_def=$(get_compose_service_def "$SERVICE_NAME")
keys=$(echo "$service_def" | shyaml -y get-value options.admin 2>/dev/null) || {
err "You must specify a ${WHITE}keys ${NORMAL} struct to use this service"
admin_ keys=$(echo "$service_def" | shyaml -y get-value options.admin 2>/dev/null) || {
err "You must specify a ${WHITE}admin ${NORMAL} struct to use this service"
exit 1
}
[ "$(echo "$keys" | shyaml -y get-type 2>/dev/null)" == "struct" ] || {
err "Invalid value type for ${WHITE}keys ${NORMAL}, please provide a struct"
[ "$(echo "$admin_ keys" | shyaml -y get-type 2>/dev/null)" == "struct" ] || {
err "Invalid value type for ${WHITE}admin ${NORMAL}, please provide a struct"
exit 1
}
local_path_key=/etc/rsync/keys
host_path_key="$SERVICE_DATASTORE${local_path_key}"
## ident are unique by construction (they are struct keys)
## but keys need to be also unique
declare -A keys
while read-0 ident key; do
if [ "${keys[$key]}" ]; then
err "Duplicate key: key for ident '$ident' is same as ident '${keys["$key"]}'."
exit 1
fi
rebuild-config() {
rm -rf "$SERVICE_CONFIGSTORE/etc/rsync/keys/admin"
mkdir -p "$host_path_key"
while read-0 ident keys; do
ident=$(e "$ident" | shyaml get-value)
if ! [[ "$ident" =~ ^[a-zA-Z0-9._-]+$ ]]; then
err "Invalid identifier '$ident'," \
"please use only alphanumerical char, dots, dash or underscores."
exit 1
fi
debug "Creating access key for ${ident}" || true
echo "$key" | file_put "$host_path_key/admin/${ident}.pub"
keys["$key"]="$ident"
done < <(echo "$keys" | shyaml key-values-0)
debug "Adding config hash to enable recreating upon config change."
config_hash=$({
## XXXvlab: ``env -i`` sole purpose is to protect find
## against big shell environments, and prevent it to fail.
env -i find "${host_path_key}/admin" \
-name \*.pub -exec md5sum {} \;
} | md5_compat) || exit 1
debug "Setting access keys for ${ident}"
[ "$(echo "$keys" | shyaml -y get-type 2>/dev/null)" == "sequence" ] || {
err "Invalid value type for ${WHITE}admin.$ident${NORMAL}, please provide a sequence"
echo " Received: '$keys'" >&2
exit 1
}
while read-0 key; do
echo "command=\"/usr/local/sbin/ssh-admin-cmd-validate \\\"$ident\\\"\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $key"
done < <(echo "$keys" | shyaml get-values-0) | file_put "$host_path_key/$ident/.ssh/authorized_keys"
done < <(echo "$admin_keys" | shyaml -y key-values-0)
e "$control_users" > "$CONTROL_USERS_FILE"
}
local_path_key=/etc/rsync/keys/admin
host_path_key="$SERVICE_CONFIGSTORE${local_path_key}"
init-config-add "\
$SERVICE_NAME:
volumes:
- $host_path_key:$local_path_key
labels:
- compose.config_hash=$config_hash
- compose.config_hash=$control_users
"
CONTROL_USERS_FILE="$SERVICE_DATASTORE/.control-pass"
## Was it already properly propagated to database ?
control_users=$(H "${admin_keys}" "$(declare -f "rebuild-config")")
if [ -e "$CONTROL_USERS_FILE" ] && [ "$control_users" == "$(cat "$CONTROL_USERS_FILE")" ]; then
exit 0
fi
rebuild-config