capistrano-ssh-authorized-keys-github 1.0.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -0
- data/capistrano-ssh-authorized-keys-github.gemspec +1 -1
- data/lib/capistrano/tasks/ssh-authorized-keys-github.cap +33 -25
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6775ce8d8eac1a2c278c71435aba2e616f684bad6038d3c7313082545e9c1a7e
|
|
4
|
+
data.tar.gz: 46d20cb800aefd3fe294f0c19f262afb5a1e5396fa86ba44af40c6ff9a723d50
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4813997a4c8330e160109eb041c0363642ee4c89090f87bd327094b3901d482a5ea5d783c783334d5f0dbbded9c69e79e9401c30e31e8b52b0beead17ba078f4
|
|
7
|
+
data.tar.gz: f4c4e6b67257f8232c427f02803d4b2d520b10f123d61b212003c2a3af17ee39ef4eb0535ede0d284fb1f5b24c9cb799bed797781bfd22486e226d747628bc54
|
data/README.md
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
Sync organisation SSH public keys to server `authorized_keys` file so they are able to SSH into OS - for [Capistrano v3](https://github.com/capistrano/capistrano).
|
|
4
4
|
|
|
5
|
+
Note: The authorized keys file is generated locally before being uploaded to the server(s).
|
|
6
|
+
|
|
5
7
|
## Installation
|
|
6
8
|
|
|
7
9
|
Add this line to your application's Gemfile:
|
|
@@ -27,6 +29,9 @@ And then set the variables in `config/deploy.rb`:
|
|
|
27
29
|
set :github_org, 'olioex'
|
|
28
30
|
# ...or... (takes priority)
|
|
29
31
|
set :github_orgs, ['olioex', 'github']
|
|
32
|
+
# Optional for Github rate limits (oauth application)
|
|
33
|
+
set :github_app_id, '12345'
|
|
34
|
+
set :github_app_secret, 'abcdef'
|
|
30
35
|
|
|
31
36
|
The task will run automatically on successful deploy. Alternatively, you can notify of a deploy starting manually by using:
|
|
32
37
|
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = 'capistrano-ssh-authorized-keys-github'
|
|
7
|
-
spec.version = '1.0
|
|
7
|
+
spec.version = '1.2.0'
|
|
8
8
|
spec.authors = ['lloydwatkin']
|
|
9
9
|
spec.email = ['lloyd@olioex.com']
|
|
10
10
|
spec.summary = %q{Sync Github organisation public SSH keys to `server authorized_keys` file}
|
|
@@ -8,41 +8,49 @@ NO_ORGANISATION_MEMBER_KEYS_FOUND = 'There are no public members for this Github
|
|
|
8
8
|
namespace :security do
|
|
9
9
|
desc 'Cycle SSH key logins'
|
|
10
10
|
task :update_ssh_keys do
|
|
11
|
-
|
|
11
|
+
run_locally do
|
|
12
12
|
organisations = fetch(:github_orgs) || fetch(:github_org) || raise(NO_GITHUB_ORGANISATION_PROVIDED)
|
|
13
13
|
keys = ""
|
|
14
|
-
|
|
14
|
+
authentication = ''
|
|
15
|
+
if fetch(:github_app_id) && fetch(:github_app_secret)
|
|
16
|
+
authentication = "#{fetch(:github_app_id)}:#{fetch(:github_app_secret)}@"
|
|
17
|
+
end
|
|
15
18
|
|
|
16
19
|
[*organisations].each do |organisation|
|
|
17
|
-
|
|
20
|
+
info "Fetching keys for #{organisation}"
|
|
21
|
+
url = URI("https://#{authentication}api.github.com/orgs/#{organisation}")
|
|
18
22
|
organisation_details = JSON.parse(Net::HTTP.get_response(url).body, symbolize_names: true)
|
|
19
|
-
members_url = URI(organisation_details[:members_url].gsub("{/member}", ""))
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
"
|
|
23
|
+
members_url = URI(organisation_details[:members_url].gsub("{/member}", "").gsub('https://', "https://#{authentication}"))
|
|
24
|
+
response = Net::HTTP.get_response(members_url)
|
|
25
|
+
raise response.body unless response.kind_of? Net::HTTPSuccess
|
|
26
|
+
members = JSON.parse(response.body, symbolize_names: true)
|
|
27
|
+
keys += "\n#\n"\
|
|
28
|
+
"# #{organisation_details[:name]} keys\n"\
|
|
29
|
+
"# #{members_url}\n"\
|
|
30
|
+
"#\n"
|
|
28
31
|
member_details = members.map { |member| member[:login].downcase }.sort
|
|
29
32
|
member_details.each do |member|
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
#
|
|
34
|
-
#
|
|
35
|
-
"
|
|
36
|
-
|
|
33
|
+
info " - Downloading keys for #{member}"
|
|
34
|
+
member_keys = URI("https://#{authentication}github.com/#{member}.keys")
|
|
35
|
+
info = "\n #\n"\
|
|
36
|
+
" # @#{member}\n"\
|
|
37
|
+
" # #{member_keys}\n"\
|
|
38
|
+
" #\n"
|
|
39
|
+
response = Net::HTTP.get_response(member_keys)
|
|
40
|
+
raise response.body unless response.kind_of? Net::HTTPSuccess
|
|
41
|
+
keys += info + response.body.gsub(/\r\n?/, "\n")
|
|
37
42
|
end
|
|
38
43
|
end
|
|
44
|
+
raise raise NO_ORGANISATION_MEMBER_KEYS_FOUND unless keys.scan(/ssh-(rsa|ed25519)/).count > 0
|
|
45
|
+
info "Writing authorized_keys file to ./tmp"
|
|
46
|
+
File.open("./tmp/authorized_keys", "w") do |f|
|
|
47
|
+
f.write(keys)
|
|
48
|
+
end
|
|
39
49
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
else
|
|
45
|
-
raise NO_ORGANISATION_MEMBER_KEYS_FOUND
|
|
50
|
+
info "Uploading updated authorized_keys to servers"
|
|
51
|
+
on roles(:all) do |host|
|
|
52
|
+
upload! './tmp/authorized_keys', "/tmp/authorized_keys"
|
|
53
|
+
execute :mv, "/tmp/authorized_keys", "~/.ssh/authorized_keys"
|
|
46
54
|
end
|
|
47
55
|
end
|
|
48
56
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capistrano-ssh-authorized-keys-github
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- lloydwatkin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-11-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: capistrano
|