keyman 1.0.0

data/Gemfile

@@ -0,0 +1,2 @@
+source "https://rubygems.org"
+gemspec

data/Gemfile.lock

@@ -0,0 +1,16 @@
+PATH
+  remote: .
+  specs:
+    keyman (1.0.0)
+      net-ssh (~> 2.6.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    net-ssh (2.6.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  keyman!

data/README.md

@@ -0,0 +1,80 @@
+# Keyman
+
+This simple little utility allows you to manage the authorized_keys files for a
+number of servers & users. It is designed to provide easy access to ensure that
+you can revoke & grant access to appropriate people on multiple servers.
+
+**Please Note: this utility is somewhat un-tested and not currently used in any 
+production environment. Your mileage may vary and we recommend testing in a 
+non-production environment prior to use.**
+
+## Installation
+
+To install, just install the Rubygem.
+
+```bash
+$ gem install keyman
+```
+
+Once installed, you will need to create yourself a **manifest directory**. This
+directory will contain all your configuration for your key manager. You should
+create an empty directory and add two files, a `servers.rb` and a `users.rb` file.
+
+## Example Users/Groups Manifest File
+
+The below file is an example of a `users.rb` manifest file.
+
+```ruby
+group :admins do
+  user :adam, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
+  user :charlie, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
+  user :nathan, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
+end
+
+group :staff do
+  user :jack, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
+  user :dan, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
+end
+```
+
+## Example Server Manifest File
+
+The below file is an example of a `servers.rb` file.
+
+```ruby
+# An example configuration for a server where all admin users have
+# access as 'root' and all staff users have access as 'app'.
+server do
+  host 'app01.myapplication.com'
+  user 'root', :admins
+  user 'app', :admins, :staff
+end
+
+# An example configuration for a server where admins plus one other user
+# have access as root only.
+server do
+  host 'database01.myapplication.com'
+  user 'root', :admins, :dan
+end
+```
+
+## Pushing files to servers
+
+In order to push files to the server, you must already have YOUR key on the
+machine in order to authenticate. If you do not, you will not have access
+and will therefore be unable to push configuration.
+
+```bash
+$ cd path/to/manifest
+# to push configuration to all servers
+$ keyman push
+# to push configuration to a specific server
+$ keyman push database01.myapplication.com
+```
+
+There are other commands available within the app, you can view these by 
+viewing the inline help.
+
+```bash
+$ keyman help
+```

data/bin/keyman

@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+require 'keyman'
+begin
+  
+  # Convert command line arguments into the appropriate ruby objects
+  args = ARGV.dup
+  final_args = []
+  options = {}
+  until args.empty?
+    arg = args.shift
+    if arg =~ /\A\-/
+      options[arg.gsub(/\A\-+/, '').to_sym] = args.shift
+    else
+      final_args << arg
+    end
+  end
+  
+  command = final_args.first
+  case command
+  when 'help', nil
+    puts "This is the Keyman utility. You can use this to execute your key manifest"
+    puts "commands. In order to use this, you must be currently within your"
+    puts "manifest directory."
+    puts
+    puts "    keys {server} {user}  - displays the authorized keys file for a server's user"
+    puts "    push                  - pushes the latest files to all servers"
+    puts "    push {server}         - pushes the latest file to the specified server"
+    puts "    servers               - displays a list of all servers"
+    puts "    permissions {server}  - displays the permissions for given server"
+    puts "    users                 - displays a list of all users & groups"
+    puts
+  else
+    Keyman.run(final_args, options)
+  end
+  
+rescue Keyman::Error => e
+  puts "\e[31m" + e.message + "\e[0m"
+  Process.exit(1)
+end

data/keyman.gemspec

@@ -0,0 +1,20 @@
+$LOAD_PATH.unshift(File.expand_path('../lib', __FILE__))
+require 'keyman'
+
+Gem::Specification.new do |s|
+  s.name = 'keyman'
+  s.version = Keyman::VERSION
+  s.platform = Gem::Platform::RUBY
+  s.summary = "A simple library for managing distributed SSH keys"
+  s.description = s.summary
+  s.files = Dir["**/*"]
+  s.bindir = "bin"
+  s.executables << 'keyman'
+  s.require_path = 'lib'
+  s.has_rdoc = false
+  s.author = "Adam Cooke"
+  s.email = "adam@atechmedia.com"
+  s.homepage = "http://atechmedia.com"
+  s.add_dependency('net-ssh', '~> 2.6.3')
+end
+

data/lib/keyman/group.rb

@@ -0,0 +1,24 @@
+module Keyman
+  class Group
+    
+    attr_accessor :name, :users
+    
+    def initialize
+      @users = []
+    end
+    
+    # Add a new group with the given name
+    def self.add(name, &block)
+      g = Group.new
+      g.name = name
+      g.instance_eval(&block)
+      Keyman.groups << g
+    end
+    
+    # Add a new user to the group
+    def user(*args)
+      @users << User.add(*args)
+    end
+    
+  end
+end

data/lib/keyman/keyfile.rb

@@ -0,0 +1,19 @@
+module Keyman
+  class Keyfile
+    
+    class << self
+      def group(name, &users_block)
+        Group.add(name, &users_block)
+      end
+      
+      def server(&block)
+        Server.add(&block)
+      end
+      
+      def user(username, key)
+        User.add(username, key)
+      end
+    end
+    
+  end
+end

data/lib/keyman/server.rb

@@ -0,0 +1,81 @@
+module Keyman
+  class Server
+    
+    attr_accessor :host, :users, :location
+    
+    def initialize
+      @users = {}
+    end
+    
+    # Adds a new server by accepting a block of objects
+    def self.add(&block)
+      s = self.new
+      s.instance_eval(&block)
+      Keyman.servers << s
+      s
+    end
+    
+    # Returns or sets the hostname of the server which should be used when connecting
+    # and identifying this server
+    def host(host = nil)
+      host ? @host = host : @host
+    end
+    
+    # Sets a user on the server along with the access objects which should be
+    # granted access
+    def user(name, *access_objects)
+      @users[name] = access_objects
+    end
+    
+    # Returns or sets the location of the server
+    def location(location = nil)
+      location ? @location = location : @location
+    end
+    
+    # Returns an array of users who have access to this server. Includes
+    # all objects from within the server
+    def authorized_users(username)
+      @users[username].map do |k|
+        obj = Keyman.user_or_group_for(k)
+        obj.is_a?(Group) ? obj.users : obj
+      end.flatten.uniq
+    end
+    
+    # Returns a full string output for the authorized_keys file. Passes
+    # the user who's file you wish to generate.
+    def authorized_keys(username)
+      Array.new.tap do |a|
+        a << "# SSH Authorized Keys file generated automatically by Keyman"
+        a << "# Generated at: #{Time.now.utc} for #{@host}"
+        a << nil
+        authorized_users(username).each do |u|
+          a << "# #{u.name}"
+          a << u.key + "\n"
+        end
+      end.join("\n")
+    end
+    
+    # Push the authorized keys file to the appropriate server for the users
+    # configured here. This will not succeed if the current user does not
+    # already have a key on the server.
+    def push!
+      @users.each do |user, objects|
+        begin
+          Timeout.timeout(10) do |t|
+            Net::SSH.start(self.host, user) do |ssh|
+              ssh.exec!("mkdir -p ~/.ssh")
+              file = authorized_keys(user).gsub("\n", "\\n").gsub("\t", "\\t")
+              ssh.exec!("echo -e '#{file}' > ~/.ssh/authorized_keys")
+            end
+          end
+          puts "\e[32mPushed authorized_keys to #{user}@#{self.host}\e[0m"
+        rescue Timeout::Error
+          puts "\e[31mTimed out while uploading authorized_keys to #{user}@#{self.host}\e[0m"
+        rescue
+          puts "\e[31mFailed to upload authorized_keys to #{user}@#{self.host}\e[0m"
+        end
+      end
+    end
+    
+  end
+end

data/lib/keyman/user.rb

@@ -0,0 +1,21 @@
+module Keyman
+  class User
+    
+    attr_accessor :name, :key
+    
+    # Add a new user with the given details
+    def self.add(name, key)
+      existing = Keyman.users.select { |u| u.name == name.to_sym }.first
+      if existing
+        existing
+      else
+        u = self.new
+        u.name = name.to_sym
+        u.key = key
+        Keyman.users << u
+        u
+      end
+    end
+    
+  end
+end

data/lib/keyman.rb

@@ -0,0 +1,104 @@
+require 'net/ssh'
+
+require 'keyman/user'
+require 'keyman/group'
+require 'keyman/server'
+require 'keyman/keyfile'
+
+
+module Keyman
+  
+  # The current version of the keyman system
+  VERSION = '1.0.0'
+  
+  # An error which will be raised
+  class Error < StandardError; end
+  
+  class << self
+    # Storage for all the users, groups & servers which are loaded
+    # from the manifest
+    attr_accessor :users
+    attr_accessor :groups
+    attr_accessor :servers
+
+    # Load a manifest from the given folder
+    def load(directory)
+      self.users    = []
+      self.groups   = []
+      self.servers  = []
+      if File.directory?(directory)
+        ['groups.rb', 'servers.rb'].each do |file|
+          path = File.join(directory, file)
+          if File.exist?(path)
+            Keyman::Keyfile.class_eval(File.read(path)) 
+          else
+            raise Error, "No '#{file}' was found in your manifest directory. Abandoning..."
+          end
+        end
+      else
+        raise Error, "No folder found at '#{directory}'"
+      end
+    end
+    
+    # Return a user or a group for the given name
+    def user_or_group_for(name)
+      self.users.select { |u| u.name == name.to_sym }.first || self.groups.select { |u| u.name == name.to_sym }.first
+    end
+    
+    # Execute a CLI command
+    def run(args, options = {})
+      load('./')
+      case args.first
+      when 'keys'
+        if server = self.servers.select { |s| s.host == args[1] }.first
+          if server.users[args[2]]
+            puts server.authorized_keys(args[2])
+          else
+            raise Error, "'#{args[2]}' is not a valid user for this host"
+          end
+        else
+          raise Error, "No server found with the hostname '#{args[1]}'"
+        end
+      when 'permissions'
+        if server = self.servers.select { |s| s.host == args[1] }.first
+          server.users.each do |username, objects|
+            puts '-' * 80
+            puts "\e[32m#{username}\e[0m can be used by:"
+            puts '-' * 80
+            server.authorized_users(username).each do |o|
+              puts " * #{o.name}"
+            end
+          end
+        else
+          raise Error, "No server found with the hostname '#{args[1]}'"
+        end
+      when 'push'
+        if args[1]
+          # push single server
+          if server = self.servers.select { |s| s.host == args[1] }.first
+            server.push!
+          else
+            raise Error, "No server found with the hostname '#{args[1]}'"
+          end
+        else
+          self.servers.each(&:push!)
+        end
+      when 'servers'
+        self.servers.each do |server|
+          puts " * " + server.host
+        end
+      when 'users'
+        self.groups.each do |group|
+          puts "-" * 80
+          puts group.name
+          puts "-" * 80
+          group.users.each do |u|
+            puts "\e[32m#{u.name}\e[0m"
+            puts "\e[37m#{u.key}\e[0m"
+          end
+        end
+      end
+    end
+  end
+
+end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: keyman
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- Adam Cooke
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-ssh
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.3
+description: A simple library for managing distributed SSH keys
+email: adam@atechmedia.com
+executables:
+- keyman
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/keyman
+- Gemfile
+- Gemfile.lock
+- keyman.gemspec
+- lib/keyman/group.rb
+- lib/keyman/keyfile.rb
+- lib/keyman/server.rb
+- lib/keyman/user.rb
+- lib/keyman.rb
+- README.md
+homepage: http://atechmedia.com
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: A simple library for managing distributed SSH keys
+test_files: []