pulibrary · acozine · Jun 7, 2023 · Jun 7, 2023 · Jun 7, 2023 · Jun 7, 2023
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
@@ -33,7 +33,7 @@ deploy_user_github_keys:
   - https://github.com/tpendragon.keys
   - https://github.com/tventimi.keys
   - https://github.com/VickieKarasic.keys
-deploy_user_local_keys:
+deploy_user_shared_local_keys:
       - { name: 'heaven', key: "{{ lookup('file', '../keys/heaven.pub') }}" }
       - { name: 'TowerDeployKey', key: "{{ lookup('file', '../keys/TowerDeployKey.pub') }}" }
       - { name: 'CodeDeployKey', key: "{{ lookup('file', '../keys/CodeDeployKey.pub') }}" }

diff --git a/group_vars/figgy/production.yml → group_vars/figgy_production.yml b/group_vars/figgy/production.yml → group_vars/figgy_production.yml
@@ -154,29 +154,8 @@ rails_app_vars:
     value: '{{ vault_pulfalight_unpublished_auth_token }}'
 sidekiq_worker_name: figgy-workers
 passenger_extra_config: "{{ lookup('file', 'roles/figgy/templates/nginx_extra_config')  }}"
-deploy_ssh_users:
-  - name: tpendragon
-    key: https://github.com/tpendragon.keys
-  - name: kevin.reiss
-    key: https://github.com/kevinreiss.keys
-  - name: eliot.jordan
-    key: https://github.com/eliotjordan.keys
-  - name: escowles
-    key: https://github.com/escowles.keys
-  - name: jpstroop
-    key: https://github.com/jpstroop.keys
-  - name: heaven
-    key: "{{lookup('file', '../keys/heaven.pub')}}"
-  - name: christinach
-    key: https://github.com/christinach.keys
-  - name: kayiwa
-    key: https://github.com/kayiwa.keys
-  - name: aheadley
-    key: https://github.com/hackartisan.keys
-  - name: jrgriffiniii
-    key: https://github.com/jrgriffiniii.keys
-  - name: lib-proc1
-    key: "{{lookup('file', '../keys/lib-proc1.pub')}}"
+deploy_user_added_local_keys:
+  - { name: 'lib-proc1', key: "{{lookup('file', '../keys/lib-proc1.pub')}}" }
 datadog_api_key: "{{vault_datadog_key}}"
 datadog_config:
   tags: "{{figgy_tags}}"

diff --git a/group_vars/libsftp_staging.yml b/group_vars/libsftp_staging.yml
@@ -0,0 +1,3 @@
+---
+deploy_user_added_local_keys:
+  - { name: 'bibdata-alma-worker-staging1', key: "{{ lookup('file', '../roles/system_ldap/files/id_rsa.pub') }}" }
diff --git a/group_vars/sftp/staging.yml b/group_vars/sftp/staging.yml
@@ -6,5 +6,5 @@ sssd_search_base: "{{ vault_sssd_search_base }}"
 sssd_bind_dn: "{{ vault_sssd_bind_dn }}"
 sssd_bind_dn_password: "{{ vault_sssd_dn_password }}"
 host_ad_name: sftp-staging1.princeton.edu
-deploy_user_local_keys:
+deploy_user_added_local_keys:
   - { name: 'bibdata-alma-worker-staging1', key: "{{ lookup('file', '../roles/system_ldap/files/id_rsa.pub') }}" }
diff --git a/roles/deploy_user/defaults/main.yml b/roles/deploy_user/defaults/main.yml
@@ -3,8 +3,7 @@ deploy_user: "{{ generic_app_user | default('deploy') }}"
 deploy_user_github_keys:
   - https://github.com/acozine.keys
   - https://github.com/kayiwa.keys
-deploy_user_local_keys:
-  - { name: 'heaven', key: "{{ lookup('file', '../../../keys/heaven.pub') }}" }
+deploy_user_added_local_keys: []
 deploy_user_uid: "{{ user_uid | default('1001') }}"
 deploy_user_shell: /bin/bash
 deploy_id_rsa_private_key: "bogus_rsa_key"

diff --git a/roles/deploy_user/tasks/main.yml b/roles/deploy_user/tasks/main.yml
@@ -30,6 +30,26 @@
     group: "{{ deploy_user }}"
     mode: 0700
 
+- name: deploy_user | amalgamate deploy_user_local_keys
+  ansible.builtin.set_fact:
+    deploy_user_local_keys: "{{ deploy_user_shared_local_keys + deploy_user_added_local_keys }}"
+  tags: update_keys
+
+- name: deploy_user | debug var content
+  ansible.builtin.debug:
+    var: deploy_user_local_keys
+  tags: update_keys
+
+- name: deploy_user | debug var content
+  ansible.builtin.debug:
+    var: deploy_user_shared_local_keys
+  tags: update_keys
+
+- name: deploy_user | debug var content
+  ansible.builtin.debug:
+    var: deploy_user_added_local_keys
+  tags: update_keys
+
 - name: deploy_user | build authorized keys file
   ansible.builtin.template:
     src: authorized_keys.j2

diff --git a/roles/deploy_user/templates/authorized_keys.j2 b/roles/deploy_user/templates/authorized_keys.j2
@@ -1,8 +1,11 @@
+# Keys from GitHub
 {{ ansible_managed | comment }}
 {% for item in deploy_user_keys_from_github.results %}
 # Keys for {{ item.item | regex_search("[^\/]*(?=.keys)") }}
 {{ item.stdout }}
 {% endfor %}
+
+# Local keys from our repo
 {% for item in deploy_user_local_keys %}
 # Keys for {{ item.name }}
 {{ item.key }}