""" The CfgAuthorizedKeysGenerator generates ``authorized_keys`` files based on an XML specification of which SSH keypairs should granted access. """ import lxml.etree from Bcfg2.Server.Plugin import StructFile, PluginExecutionError from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP, CFG from Bcfg2.Server.Plugins.Metadata import ClientMetadata class CfgAuthorizedKeysGenerator(CfgGenerator, StructFile): """ The CfgAuthorizedKeysGenerator generates authorized_keys files based on an XML specification of which SSH keypairs should granted access. """ #: Different configurations for different clients/groups can be #: handled with Client and Group tags within authorizedkeys.xml __specific__ = False #: Handle authorized keys XML files __basenames__ = ['authorizedkeys.xml', 'authorized_keys.xml'] #: This handler is experimental, in part because it depends upon #: the (experimental) CfgPrivateKeyCreator handler experimental = True def __init__(self, fname): CfgGenerator.__init__(self, fname, None, None) StructFile.__init__(self, fname) self.cache = dict() self.core = CFG.core __init__.__doc__ = CfgGenerator.__init__.__doc__ @property def category(self): """ The name of the metadata category that generated keys are specific to """ if (SETUP.cfp.has_section("sshkeys") and SETUP.cfp.has_option("sshkeys", "category")): return SETUP.cfp.get("sshkeys", "category") return None def handle_event(self, event): CfgGenerator.handle_event(self, event) StructFile.HandleEvent(self, event) self.cache = dict() handle_event.__doc__ = CfgGenerator.handle_event.__doc__ def get_data(self, entry, metadata): spec = self.XMLMatch(metadata) rv = [] for allow in spec.findall("Allow"): options = [] if allow.find("Params") is not None: self.logger.warning("Use of in authorized_keys.xml " "is deprecated; use