Add salt-keydiff.sh

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

1 files changed, 32 insertions, 0 deletions

diff --git a/scripts/sh/salt-keydiff.sh b/scripts/sh/salt-keydiff.sh
new file mode 100755
index 0000000..d0f1d98
--- /dev/null
+++ b/scripts/sh/salt-keydiff.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+# Simple way to ensure a Salt minion's key matches before accepting it
+# Run `salt-call --local key.finger` on the minion and paste the output once prompted (this script should be run on the Salt master)
+# Georg Pfuetzenreuter <georg@lysergic.dev>
+set -Ceu
+
+minion="${1:-null}"
+NOCOLOR=`tput sgr0`
+
+if [ "$minion" = 'null' ]
+then
+        printf 'Please specify the minion to diff on\n'
+        exit 1
+fi
+
+key_salt=`salt-key --out json -f "$minion" | jq --arg minion "$minion" -r '.minions_pre[$minion]'`
+
+printf 'Enter fingerprint to diff against\n'
+read key_user
+
+
+if [ "$key_salt" = "$key_user" ]
+then
+        GREEN=`tput setaf 2`
+        printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
+        salt-key -a "$minion"
+elif [ ! "$key_salt" = "$key_user" ]
+then
+        RED=`tput setaf 1`
+        printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
+        exit 2
+fi