x/tatu
Code Issues Proposed changes

Add revoked key management script to user-cloud-config.

Browse Source
This commit is contained in:
Pino de Candia 2018-01-20 02:25:34 -06:00
parent 4450ba773f
commit 326f0590ae
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
files/user-cloud-config
View File

@ -9,6 +9,7 @@ write_files:
permissions: '0700' permissions: '0700'
owner: root:root owner: root:root
content: | content: |
#!/usr/bin/env python
print 'Importing packages' print 'Importing packages'
import json import json
import requests import requests
@ -87,6 +88,7 @@ write_files:
permissions: '0700' permissions: '0700'
owner: root:root owner: root:root
content: | content: |
#!/usr/bin/env python
import base64 import base64
import json import json
import requests import requests
@ -96,12 +98,13 @@ write_files:
json_string = f.read() json_string = f.read()
metadata = json.loads(json_string) metadata = json.loads(json_string)
auth_id = str(uuid.UUID(metadata['project_id'], version=4)) auth_id = str(uuid.UUID(metadata['project_id'], version=4))
response = requests.get(server + '/noauth/revokedkeys/' + auth_id) server = 'http://172.24.4.1:18322'
response = requests.get(server + '/noauth/revokeduserkeys/' + auth_id)
assert response.status_code == 200 assert response.status_code == 200
body = json.loads(response.content) body = json.loads(response.content)
assert 'revoked_keys_data' in body assert 'revoked_keys_data' in body
with open('/etc/ssh/revoked-keys', 'w') as f: with open('/etc/ssh/revoked-keys', 'w') as f:
f.write(base64.b64decode(crl_body['revoked_keys_data'])) f.write(base64.b64decode(body['revoked_keys_data']))
runcmd: runcmd:
- dnf install -y python python-requests - dnf install -y python python-requests
- python /root/setup-ssh.py > /var/log/setup-ssh.log 2>&1 - python /root/setup-ssh.py > /var/log/setup-ssh.log 2>&1