Cfg: allow changing category specific-ness of generated authorized_keys

author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-09-09 14:47:48 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-09-09 14:47:48 -0400
commit: 8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7 (patch)
tree: a717cec4bb6478367eb514f9920d1e9bd2d34e15
parent: 3f5d0f6424eb2cc37bb962777995af341ef2b2dc (diff)
download: bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.tar.gz
bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.tar.bz2
bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.zip
2 files changed, 12 insertions, 3 deletions
diff --git a/schemas/authorizedkeys.xsd b/schemas/authorizedkeys.xsd
index dbf32cc25..e59c964f6 100644
--- a/schemas/authorizedkeys.xsd
+++ b/schemas/authorizedkeys.xsd
@@ -108,6 +108,15 @@
         </xsd:documentation>
       </xsd:annotation>
     </xsd:attribute>
+    <xsd:attribute name="category" type="xsd:string">
+      <xsd:annotation>
+        <xsd:documentation>
+          Use a public key specific to the group in the given
+          category, instead of the category specified in
+          ``bcfg2.conf``.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
     <xsd:attribute name="host" type="xsd:string">
       <xsd:annotation>
         <xsd:documentation>
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py
index f304891d5..41d5588e4 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgAuthorizedKeysGenerator.py
@@ -68,18 +68,18 @@ class CfgAuthorizedKeysGenerator(CfgGenerator, StructFile):
             if pubkey_name:
                 host = allow.get("host")
                 group = allow.get("group")
+                category = allow.get("category", self.category)
                 if host:
                     key_md = self.core.build_metadata(host)
                 elif group:
                     key_md = ClientMetadata("dummy", group, [group], [],
                                             set(), set(), dict(), None,
                                             None, None, None)
-                elif (self.category and
-                      not metadata.group_in_category(self.category)):
+                elif category and not metadata.group_in_category(category):
                     self.logger.warning("Cfg: %s ignoring Allow from %s: "
                                         "No group in category %s" %
                                         (metadata.hostname, pubkey_name,
-                                         self.category))
+                                         category))
                     continue
                 else:
                     key_md = metadata
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-09-09 14:47:48 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-09-09 14:47:48 -0400
commit	8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7 (patch)
tree	a717cec4bb6478367eb514f9920d1e9bd2d34e15
parent	3f5d0f6424eb2cc37bb962777995af341ef2b2dc (diff)
download	bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.tar.gz bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.tar.bz2 bcfg2-8fd0dad3e99f4452a6cd3f27e5c97efd9fc308e7.zip