blob: b4de6a9fc5df0bc9da70d40be0418b814a58eb4c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/bin/sh
# Copyright 2023, Georg Pfuetzenreuter
#
# Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European Commission - subsequent versions of the EUPL (the "Licence").
# You may not use this work except in compliance with the Licence.
# An English copy of the Licence is shipped in a file called LICENSE along with this applications source code.
# You may obtain copies of the Licence in any of the official languages at https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12.
#
# ---
#
# This program helps with accepting Salt minion keys by asking for a key to compare with first. Intended to be run on a Salt master.
set -Ceu
minion="${1:-null}"
NOCOLOR="$(tput sgr0)"
if ! command -v jq >/dev/null || ! command -v salt-key >/dev/null
then
printf 'Please ensure jq and salt-key are available.\n'
exit 1
fi
if [ "$minion" = 'null' ]
then
printf 'Please specify the minion to diff against.\n'
exit 1
fi
key_salt="$(salt-key --out json -f "$minion" | jq --arg minion "$minion" -r '.minions_pre[$minion]')"
if [ "$key_salt" = 'null' ]
then
printf 'No pending keys for %s.\n' "$minion"
exit 2
fi
printf 'Enter fingerprint to diff against (run `salt-call --local key.finger` on the minion)\n'
read -r key_user
if [ "$key_salt" = "$key_user" ]
then
GREEN="$(tput setaf 2)"
printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
salt-key --out=yaml -a "$minion"
elif [ ! "$key_salt" = "$key_user" ]
then
RED="$(tput setaf 1)"
printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
exit 2
fi
|
