From 8cf64b3023ecb121ee710a272393defe3995b8ea Mon Sep 17 00:00:00 2001
From: Jyrki Aaltonen <jyrki.aaltonen@nokia.com>
Date: Wed, 28 Aug 2019 11:31:30 +0300
Subject: [PATCH] Support for authorized keys

Added authorized keys from user config to admin user.

Change-Id: Ib4e4a5c4510f775e2a98287232c77b6c243adcf6
Signed-off-by: Jyrki Aaltonen <jyrki.aaltonen@nokia.com>
---
 roles/bootstrap-host/tasks/create_sudo_user.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/roles/bootstrap-host/tasks/create_sudo_user.yml b/roles/bootstrap-host/tasks/create_sudo_user.yml
index bfab595..fe8fc33 100644
--- a/roles/bootstrap-host/tasks/create_sudo_user.yml
+++ b/roles/bootstrap-host/tasks/create_sudo_user.yml
@@ -38,14 +38,23 @@
   tags:
     - ssh-key-authorized
 
-- name: Ensure root's new public ssh key is in authorized_keys
+- name: Ensure sudo user's new public ssh key is in authorized_keys
   authorized_key:
     user: "{{ sudo_user }}"
     key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
     manage_dir: no
+    exclusive: yes
   tags:
     - ssh-key-authorized
 
+- name: Populate authorized keys from config to sudo user
+  authorized_key:
+    user: "{{ sudo_user }}"
+    key: "{{ sudo_user_authorized_keys | join('\n') }}"
+    manage_dir: no
+  tags:
+    - configured-authorized-keys
+
 - name: Ensure there is a private key /etc/userconfig/id_rsa in virtual env. Provide read permissions to all users
   file:
     path: "/etc/userconfig/id_rsa"
-- 
2.16.6