operator: add operator_authorized_github_accounts parameter

Supports a list of Github accounts from which the public keys are added to the authorized keys. Related to SovereignCloudStack/issues#433 Signed-off-by: Christian Berendt <berendt@osism.tech>
osism · Sep 21, 2023 · c453455 · c453455
1 parent df86e1b
commit c453455
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 0 deletions.
diff --git a/roles/operator/README.rst b/roles/operator/README.rst
@@ -32,6 +32,11 @@ The default shell for the operator.
 
 A list of ssh authorized keys to add.
 
+.. zuul:rolevar:: operator_authorized_github_accounts
+   :default: []
+
+List of Github accounts from which the public keys are added to the authorized keys.
+
 .. zuul:rolevar:: operator_password
 
 Encrypted password string to set for the operator user (optional).

diff --git a/roles/operator/defaults/main.yml b/roles/operator/defaults/main.yml
@@ -8,6 +8,7 @@ operator_group_id: 45000
 operator_shell: /bin/bash
 
 operator_authorized_keys: []
+operator_authorized_github_accounts: []
 
 # NOTE: Use "mkpasswd --method=sha-512" to generate a password
 # operator_password:

diff --git a/roles/operator/tasks/main.yml b/roles/operator/tasks/main.yml
@@ -65,6 +65,14 @@
   loop: "{{ operator_authorized_keys }}"
   no_log: true
 
+- name: Set authorized github accounts
+  become: true
+  ansible.posix.authorized_key:
+    key: "{{ lookup('url', 'https://github.com/' + item + '.keys', split_lines=False) }}"
+    user: "{{ operator_user }}"
+  loop: "{{ operator_authorized_github_accounts }}"
+  no_log: true
+
 - name: Set password of operator user
   become: true
   ansible.builtin.user: