This is a top-level document describing the entities and algorithms behind operations.
Current logic has a few constraints:
- every user (email) can only have one key
- users are directly added to groups, no roles are available (like in RBAC)
- User: email+public key
- Host: hostname(or IP)+port+management key
- Group: list of hosts and users groupped together
- in: host name, port, label, private key
- reading user list
- creating new users
- adding initial users as protected
- if private key != main key, upload main key as protected
- prompting:
- for protected users (min 1)
- list of new users (no groups)
- check if email already exists, if yes, prompt to modify user info
- check if key already exists, if yes, prompt to modify user info
- create user entry
- if user existed with different key update group hosts with new key
- Adding users from group to host
- adding user to all hosts in group
- removing host from all groups
- removing user from all hosts, skip if user is protected on that host
- prompt if removing users from host, if true
- skip if user is protected on that host
- remove group's users from host
- Removing group label from hosts
- Removing group label from users