diff options
Diffstat (limited to 'salt-keydiff.sh')
| -rw-r--r-- | salt-keydiff.sh | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/salt-keydiff.sh b/salt-keydiff.sh new file mode 100644 index 0000000..92fb112 --- /dev/null +++ b/salt-keydiff.sh @@ -0,0 +1,51 @@ +#!/bin/sh +# Copyright 2023, Georg Pfuetzenreuter +# +# Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European Commission - subsequent versions of the EUPL (the "Licence"). +# You may not use this work except in compliance with the Licence. +# An English copy of the Licence is shipped in a file called LICENSE along with this applications source code. +# You may obtain copies of the Licence in any of the official languages at https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12. +# +# --- +# +# This program helps with accepting Salt minion keys by asking for a key to compare with first. Intended to be run on a Salt master. + +set -Ceu + +minion="${1:-null}" +NOCOLOR="$(tput sgr0)" + +if [ "$minion" = 'null' ] +then + printf 'Please specify the minion to diff against.\n' + exit 1 +fi + +if ! command -v jq >/dev/null || ! command -v salt-key >/dev/null +then + printf 'Please ensure jq and salt-key are available.\n' + exit 1 +fi + +key_salt="$(salt-key --out json -f $minion | jq --arg minion $minion -r '.minions_pre[$minion]')" + +if [ "$key_salt" = 'null' ] +then + printf 'No pending keys for %s.\n' "$minion" + exit 2 +fi + +printf 'Enter fingerprint to diff against\n' +read key_user + +if [ "$key_salt" = "$key_user" ] +then + GREEN="$(tput setaf 2)" + printf '%sMatches%s\n' "$GREEN" "$NOCOLOR" + salt-key --out=yaml -a "$minion" +elif [ ! "$key_salt" = "$key_user" ] +then + RED="$(tput setaf 1)" + printf '%sMismatch%s\n' "$RED" "$NOCOLOR" + exit 2 +fi |