capistrano-ssh-authorized-keys-github 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +5 -0
- data/README.md +9 -2
- data/capistrano-ssh-authorized-keys-github.gemspec +1 -1
- data/lib/capistrano/tasks/ssh-authorized-keys-github.cap +11 -8
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fdeace2093ea8dd5b0326e751fe39daaf0976d9815949063d0a041b579637db4
|
|
4
|
+
data.tar.gz: 5dcd586bbab56363ee751a3379354bfb93861e6dff1e645d78194eb530d86945
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5e563b6bcb8f601cb0d31c846869c8d62bff34d2154fd356c0c6596f695ed2238a152abfb3e50871ab1b20b8d581f5e17734a88a9af2770351c58bacc3f4fa5
|
|
7
|
+
data.tar.gz: e740b5181dcf8f7eb9915d9395c7bef55c222249980c3866cb771d2cc151c7ee61ef948b14b081e9562dec467314f21fe5207140b55f298dc359b3a04d5d0fd0
|
data/.travis.yml
ADDED
data/README.md
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
|
-
# Capistrano Cloudwatch [](https://app.travis-ci.com/olioex/capistrano-ssh-authorized-keys-github) [](http://badge.fury.io/rb/capistrano-ssh-authorized-keys-github)
|
|
2
2
|
|
|
3
3
|
Sync organisation SSH public keys to server `authorized_keys` file so they are able to SSH into OS - for [Capistrano v3](https://github.com/capistrano/capistrano).
|
|
4
4
|
|
|
5
|
+
Note: The authorized keys file is generated locally before being uploaded to the server(s).
|
|
6
|
+
|
|
5
7
|
## Installation
|
|
6
8
|
|
|
7
9
|
Add this line to your application's Gemfile:
|
|
@@ -27,6 +29,9 @@ And then set the variables in `config/deploy.rb`:
|
|
|
27
29
|
set :github_org, 'olioex'
|
|
28
30
|
# ...or... (takes priority)
|
|
29
31
|
set :github_orgs, ['olioex', 'github']
|
|
32
|
+
# Optional for Github rate limits (oauth application)
|
|
33
|
+
set :github_app_id, '12345'
|
|
34
|
+
set :github_app_secret, 'abcdef'
|
|
30
35
|
|
|
31
36
|
The task will run automatically on successful deploy. Alternatively, you can notify of a deploy starting manually by using:
|
|
32
37
|
|
|
@@ -34,7 +39,9 @@ The task will run automatically on successful deploy. Alternatively, you can not
|
|
|
34
39
|
|
|
35
40
|
### Notes
|
|
36
41
|
|
|
37
|
-
Users in your organisation will need to have their membership public in order for SSH public keys to be sync'd to the server
|
|
42
|
+
Users in your organisation will need to have their membership public in order for SSH public keys to be sync'd to the server.
|
|
43
|
+
|
|
44
|
+
Github rate limits aren't currently respected. They are limited to 60 per hour. if you have a large number of users and are doing regular syncing from an IP address then you will be rate limited.
|
|
38
45
|
|
|
39
46
|
## Copyright
|
|
40
47
|
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = 'capistrano-ssh-authorized-keys-github'
|
|
7
|
-
spec.version = '1.
|
|
7
|
+
spec.version = '1.1.0'
|
|
8
8
|
spec.authors = ['lloydwatkin']
|
|
9
9
|
spec.email = ['lloyd@olioex.com']
|
|
10
10
|
spec.summary = %q{Sync Github organisation public SSH keys to `server authorized_keys` file}
|
|
@@ -8,18 +8,19 @@ NO_ORGANISATION_MEMBER_KEYS_FOUND = 'There are no public members for this Github
|
|
|
8
8
|
namespace :security do
|
|
9
9
|
desc 'Cycle SSH key logins'
|
|
10
10
|
task :update_ssh_keys do
|
|
11
|
-
on roles(:all) do
|
|
11
|
+
on roles(:all) do |host|
|
|
12
12
|
organisations = fetch(:github_orgs) || fetch(:github_org) || raise(NO_GITHUB_ORGANISATION_PROVIDED)
|
|
13
13
|
keys = ""
|
|
14
|
-
|
|
14
|
+
authentication = ''
|
|
15
|
+
if fetch(:github_app_id) && fetch(:github_app_secret)
|
|
16
|
+
authentication = "#{fetch(:github_app_id)}:#{fetch(:github_app_secret)}@"
|
|
17
|
+
end
|
|
15
18
|
|
|
16
19
|
[*organisations].each do |organisation|
|
|
17
|
-
url = URI("https
|
|
20
|
+
url = URI("https://#{authentication}api.github.com/orgs/#{organisation}")
|
|
18
21
|
organisation_details = JSON.parse(Net::HTTP.get_response(url).body, symbolize_names: true)
|
|
19
|
-
|
|
20
|
-
members_url = URI(organisation_details[:members_url].gsub("{/member}", ""))
|
|
22
|
+
members_url = URI(organisation_details[:members_url].gsub("{/member}", "").gsub('https://', "https://#{authentication}"))
|
|
21
23
|
members = JSON.parse(Net::HTTP.get_response(members_url).body, symbolize_names: true)
|
|
22
|
-
puts members
|
|
23
24
|
keys += " #
|
|
24
25
|
# #{organisation_details[:name]} keys
|
|
25
26
|
# #{members_url}
|
|
@@ -29,7 +30,7 @@ namespace :security do
|
|
|
29
30
|
"
|
|
30
31
|
member_details = members.map { |member| member[:login].downcase }.sort
|
|
31
32
|
member_details.each do |member|
|
|
32
|
-
member_keys = URI("https
|
|
33
|
+
member_keys = URI("https://#{authentication}github.com/#{member}.keys")
|
|
33
34
|
info = " #
|
|
34
35
|
# @#{member}
|
|
35
36
|
# #{member_keys}
|
|
@@ -40,9 +41,11 @@ namespace :security do
|
|
|
40
41
|
end
|
|
41
42
|
|
|
42
43
|
if keys.scan(/ssh-(rsa|ed25519)/).count > 0
|
|
43
|
-
File.open("/
|
|
44
|
+
File.open("./tmp/authorized_keys", "w") do |f|
|
|
44
45
|
f.write(keys)
|
|
45
46
|
end
|
|
47
|
+
upload! './tmp/authorized_keys', "/tmp/authorized_keys"
|
|
48
|
+
execute :mv, "/tmp/authorized_keys", "~/.ssh/authorized_keys"
|
|
46
49
|
else
|
|
47
50
|
raise NO_ORGANISATION_MEMBER_KEYS_FOUND
|
|
48
51
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capistrano-ssh-authorized-keys-github
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- lloydwatkin
|
|
@@ -75,6 +75,7 @@ extensions: []
|
|
|
75
75
|
extra_rdoc_files: []
|
|
76
76
|
files:
|
|
77
77
|
- ".gitignore"
|
|
78
|
+
- ".travis.yml"
|
|
78
79
|
- Gemfile
|
|
79
80
|
- LICENSE
|
|
80
81
|
- README.md
|