bundles/users/items.py

@@ -0,0 +1,28 @@
+for group, config in node.metadata.get('groups', {}).items():
+    groups[group] = config
+
+for name, config in node.metadata.get('users').items():
+    directories[config['home']] = {
+        'owner': name,
+        'mode': '700',
+    }
+
+    files[f"{config['home']}/.ssh/id_{config['keytype']}"] = {
+        'content': config['privkey'] + '\n',
+        'owner': name,
+        'mode': '0600',
+    }
+    files[f"{config['home']}/.ssh/id_{config['keytype']}.pub"] = {
+        'content': config['pubkey'] + '\n',
+        'owner': name,
+        'mode': '0600',
+    }
+    files[config['home'] + '/.ssh/authorized_keys'] = {
+        'content': '\n'.join(sorted(config['authorized_keys'])) + '\n',
+        'owner': name,
+        'mode': '0600',
+    }
+
+    users[name] = config
+    for option in ['authorized_keys', 'authorized_users', 'privkey', 'pubkey', 'keytype']:
+        users[name].pop(option, None)

bundles/users/metadata.py

@@ -1,5 +1,32 @@
 from base64 import b64decode
 
+defaults = {
+    'users': {
+        'root': {
+            'home': '/root',
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+    'users',
+)
+def authorized_users(metadata):
+    users = {}
+
+    for name, config in metadata.get('users').items():
+        users[name] = {
+            'authorized_keys': [],
+        }
+        for authorized_user in config.get('authorized_users', []):
+            authorized_user_name, authorized_user_node = authorized_user.split('@')
+            users[name]['authorized_keys'].append(
+                repo.get_node(authorized_user_node).metadata.get(f'users/{authorized_user_name}/pubkey')
+            )
+    return {
+        'users': users,
+    }
 
 
 @metadata_reactor.provides(