new: [sftp] add in root.

9 years ago · 0a2447381a
3 changed files with 93 additions and 0 deletions
--- a/sftp/hooks/init
+++ b/sftp/hooks/init
@ -0,0 +1,59 @@
+#!/bin/bash
+
+## Init is run on host
+## For now it is run every time the script is launched, but
+## it should be launched only once after build.
+
+## Accessible variables are:
+## - SERVICE_NAME        Name of current service
+## - DOCKER_BASE_IMAGE   Base image from which this service might be built if any
+## - SERVICE_DATASTORE           Location on host of the DATASTORE of this service
+## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
+
+
+set -e
+
+service_def=$(get_compose_service_def "$SERVICE_NAME")
+
+users_def=$(echo "$service_def" | shyaml get-value options.users 2>/dev/null) || true
+
+users_file="$SERVICE_CONFIGSTORE/etc/sftp-users.conf"
+echo | file_put "$users_file"
+
+[ "$users_def" ] || exit 0
+
+rm -f "$users_file"
+volume_keys=()
+while read-0 login user_def; do
+    key_nb=0
+    local_path_key="/home/$login/.ssh/keys"
+    host_path_key="$SERVICE_CONFIGSTORE${local_path_key}"
+    while read-0 key; do
+        debug "Creating login key ${key_nb} for '$login'" || true
+        echo "$key" | file_put "$host_path_key/key_${key_nb}.pub"
+        ((key_nb++)) || true
+    done < <(echo "$user_def" | shyaml get-values-0 keys)
+    volume_keys+=("$host_path_key:$local_path_key:ro")
+    gids=()
+    while read-0 group; do
+        if ! group_ent=$(getent group "$group"); then
+            debug groupadd  -K GID_MIN=3000 -K GID_MAX=4000 "$group"
+            groupadd  -K GID_MIN=3000 -K GID_MAX=4000 "$group"
+            group_ent=$(getent group "$group")
+        fi
+        gids+=("$(echo "$group_ent" | cut -f3 -d:)")
+    done < <(echo "$user_def" | shyaml get-values-0 groups 2>/dev/null)
+    password=$(echo "$user_def" | shyaml get-value password 2>/dev/null) ||
+        password=$(gen_password 14)
+    line="$login:$password::$(echo "${gids[@]}" | tr " " ",")"
+    debug "Adding line: $line"
+    echo "$line" >> "$users_file"
+done < <(echo "$users_def" | shyaml key-values-0)
+
+init-config-add "\
+$SERVICE_NAME:
+  volumes:
+$(for volume in "${volume_keys[@]}"; do
+      echo "    - $volume"
+  done)
+"
--- a/sftp/hooks/sftp_access-relation-joined
+++ b/sftp/hooks/sftp_access-relation-joined
@ -0,0 +1,26 @@
+#!/bin/bash
+
+## Should be executable N time in a row with same result.
+
+set -e
+
+VOLUMES=$(relation-get volumes 2>/dev/null)
+GROUP=$(relation-get group 2>/dev/null) || true
+
+if test "$GROUP" && ! getent group "$GROUP" >/dev/null 2>&1; then
+    die "No group '$GROUP' found."
+fi
+
+config-add "\
+$MASTER_TARGET_CHARM_NAME:
+  volumes:
+$(while read-0 volume_def; do
+    IFS=: read src dst mode < <(echo "$volume_def:")
+    mode=${mode:-rw}
+    if [ "$mode" == "rw" -a "$GROUP" ]; then
+        debug setfacl -m "g:$GROUP:rwx" -R "$DATASTORE/$BASE_CHARM_NAME$src"
+        setfacl -m "g:$GROUP:rwx" -R "$DATASTORE/$BASE_CHARM_NAME$src"
+    fi
+    echo "    - $DATASTORE/$BASE_CHARM_NAME$src:$dst:$mode"
+  done < <(echo "$VOLUMES" | shyaml get-values-0))"
+
--- a/sftp/metadata.yml
+++ b/sftp/metadata.yml
@ -0,0 +1,8 @@
+docker-image: docker.0k.io/sftp:carif
+config-resources:
+  - /etc/sftp-users.conf
+data-resources:
+  - /home
+provides:
+  sftp-access:
+    tech-dep: False