diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-09-09 14:47:48 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-09-09 14:47:48 -0400 |
commit | 8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7 (patch) | |
tree | a717cec4bb6478367eb514f9920d1e9bd2d34e15 | |
parent | 3f5d0f6424eb2cc37bb962777995af341ef2b2dc (diff) | |
download | bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.tar.gz bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.tar.bz2 bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.zip |
Cfg: allow changing category specific-ness of generated authorized_keys
-rw-r--r-- | schemas/authorizedkeys.xsd | 9 | ||||
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py | 6 |
2 files changed, 12 insertions, 3 deletions
diff --git a/schemas/authorizedkeys.xsd b/schemas/authorizedkeys.xsd index dbf32cc25..e59c964f6 100644 --- a/schemas/authorizedkeys.xsd +++ b/schemas/authorizedkeys.xsd @@ -108,6 +108,15 @@ </xsd:documentation> </xsd:annotation> </xsd:attribute> + <xsd:attribute name="category" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + Use a public key specific to the group in the given + category, instead of the category specified in + ``bcfg2.conf``. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> <xsd:attribute name="host" type="xsd:string"> <xsd:annotation> <xsd:documentation> diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py index f304891d5..41d5588e4 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py @@ -68,18 +68,18 @@ class CfgAuthorizedKeysGenerator(CfgGenerator, StructFile): if pubkey_name: host = allow.get("host") group = allow.get("group") + category = allow.get("category", self.category) if host: key_md = self.core.build_metadata(host) elif group: key_md = ClientMetadata("dummy", group, [group], [], set(), set(), dict(), None, None, None, None) - elif (self.category and - not metadata.group_in_category(self.category)): + elif category and not metadata.group_in_category(category): self.logger.warning("Cfg: %s ignoring Allow from %s: " "No group in category %s" % (metadata.hostname, pubkey_name, - self.category)) + category)) continue else: key_md = metadata |