Add ability for config file to be the permissions file

malomalo · Mar 25, 2019 · 058b7de · 058b7de
1 parent f7b0598
commit 058b7de
Showing 1 changed file with 19 additions and 21 deletions.
diff --git a/sync-accounts b/sync-accounts
@@ -11,20 +11,32 @@ def github_keys(user)
 
   http = Net::HTTP.new('github.com', 443)
   http.use_ssl = true
-  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
 
   response = http.request(Net::HTTP::Get.new("/#{user}.keys"))
   raise 'failure' unless response.is_a?(Net::HTTPOK)
   $key_cache[user] = response.body.split("\n")
 end
 
-def read_permissions(url)
+def read_permissions_from_url(url)
   url = URI.parse(url)
-  permissions = { 'apps' => {}, 'users' => {} }
+  http = Net::HTTP.new(url.host, url.port)
+  http.use_ssl = url.scheme == 'https'
 
-  yaml = Net::HTTP.start(url.host) do |http|
-    resp = http.get(url.path)
-    YAML.load(resp.body)
+  response = http.request(Net::HTTP::Get.new(url.path))
+  YAML.load(response.body)
+end
+
+def read_permissions(config_file_or_url)
+  permissions = { 'apps' => {}, 'users' => {} }
+
+  yaml = if File.exists?(config_file_or_url)
+    configs = YAML.load(File.read(config_file_or_url))
+    configs['url'] ? read_permissions_from_url(configs['url']) : configs
+  elsif config_file_or_url =~ URI::regexp
+    read_permissions_from_url(config_file_or_url)
+  else
+    puts "Invalid permissions url or config file #{config_file_or_url}"
+    exit(false)
   end
 
   # Add keys to users and apps
@@ -86,21 +98,7 @@ def write_authorized_keys(user, homedir, keys)
   FileUtils.chmod(0600, filename)
 end
 
-def permission_url(config_file_or_url)
-  config_file_or_url ||= '/etc/sync-accounts.conf'
-
-  if File.exists?(config_file_or_url)
-    YAML.load(File.read(config_file_or_url))['url']
-  elsif config_file_or_url =~ URI::regexp
-    config_file_or_url
-  else
-    puts "Invalid permissions url or config file #{config_file_or_url}"
-    exit(false)
-  end
-end
-
-
-permissions = read_permissions(permission_url(ARGV[0]))
+permissions = read_permissions(ARGV[0] || '/etc/sync-accounts.conf')
 
 # Create missing users
 system_usernames = system_users.map{|su| su[:name]}