search

sous-chefs / users

Development repository for the users cookbook
https://supermarket.chef.io/cookbooks/users
Apache License 2.0
138 stars 217 forks source link

Create .ssh directories only if keys are published. #82

Closed nkadel-skyhook closed 8 years ago

nkadel-skyhook commented 9 years ago

Creating $HOME/.ssh directories if no SSH keys are published breaks on read-only, unmounted, or root_squash environments.

nkadel-skyhook commented 9 years ago

I'm still having trouble activating a test suite: I'm finding the testing logic quite confusing, especially the "let me deduce if there's an NFS mount'. I'd really like to cooperate more directly with any failed testing: the insistence on creating a '.ssh' subdirectory actually confuses certain mysql setups, which believe that "/var/lib/mysql/.ssh' is actually a databae.

nkadel-skyhook commented 9 years ago

OK, I see the cause of the test failure. It assumes that the directory is created even with no ssh keys enabled whatsoever, which I think is exactly wrong. Activating the test with a test disabled public key of '#' should clear the error.

tas50 commented 8 years ago

@nkadel-skyhook Can you rebase this and change the if statement into a not_if constraint on the resource so this will pass foodcritic. I'd love to get this merged in.

nkadel-skyhook commented 8 years ago

I'm happy to rebadge ASAP. This has been an ongoing issue for me with using"users" to synchronize application owner uid's across large environments.

Nico Kadel-Garcia Email: nkadel@gmail.commailto:kadel@gmail.com Sent from iPhone

On Dec 14, 2015, at 12:26, "Tim Smith" notifications@github.com<mailto:notifications@github.com> wrote:

@nkadel-skyhookhttps://github.com/nkadel-skyhook Can you rebase this and change the if statement into a not_if constraint on the resource so this will pass foodcritic. I'd love to get this merged in.

— Reply to this email directly or view it on GitHubhttps://github.com/chef-cookbooks/users/pull/82#issuecomment-164502138.

nkadel-skyhook commented 8 years ago

Rebased! I'd also love to get this in.

iennae commented 8 years ago

@nkadel-skyhook thanks for your contribution. I changed this up a little to use a guard versus ruby code. Guards like only_if, and not_if allow the check to occur during the execute phase of the chef run. If we implement this with ruby code, that means that the check would happen during the compile phase which might not be optimum in this case. This will get included in v2.0.3 release of the cookbook.

nkadel-skyhook commented 8 years ago

Thank you. This has been an irksome behavior for a long time, and will allow the cookbook to be used for "mysql" and other accounts that cannot tolerate .ssh subdirectories.