Init

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

1 files changed, 51 insertions, 0 deletions

diff --git a/salt-keydiff.sh b/salt-keydiff.sh
new file mode 100644
index 0000000..92fb112
--- /dev/null
+++ b/salt-keydiff.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+# Copyright 2023, Georg Pfuetzenreuter
+#
+# Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European Commission - subsequent versions of the EUPL (the "Licence").
+# You may not use this work except in compliance with the Licence.
+# An English copy of the Licence is shipped in a file called LICENSE along with this applications source code.
+# You may obtain copies of the Licence in any of the official languages at https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12.
+#
+# ---
+#
+# This program helps with accepting Salt minion keys by asking for a key to compare with first. Intended to be run on a Salt master.
+
+set -Ceu
+
+minion="${1:-null}"
+NOCOLOR="$(tput sgr0)"
+
+if [ "$minion" = 'null' ]
+then
+	printf 'Please specify the minion to diff against.\n'
+	exit 1
+fi
+
+if ! command -v jq >/dev/null || ! command -v salt-key >/dev/null
+then
+	printf 'Please ensure jq and salt-key are available.\n'
+	exit 1
+fi
+
+key_salt="$(salt-key --out json -f $minion | jq --arg minion $minion -r '.minions_pre[$minion]')"
+
+if [ "$key_salt" = 'null' ]
+then
+	printf 'No pending keys for %s.\n' "$minion"
+	exit 2
+fi
+
+printf 'Enter fingerprint to diff against\n'
+read key_user
+
+if [ "$key_salt" = "$key_user" ]
+then
+	GREEN="$(tput setaf 2)"
+	printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
+	salt-key --out=yaml -a "$minion"
+elif [ ! "$key_salt" = "$key_user" ]
+then
+	RED="$(tput setaf 1)"
+	printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
+	exit 2
+fi