summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2023-01-16 08:22:36 +0100
committerGeorg Pfuetzenreuter2023-01-16 08:25:26 +0100
commitf82e6ba06d7b5de0f841f742a4a76a2b0f6b9f79 (patch)
tree05f7a74774e964f6a64355dd814fe412a928df45
parent926b11aea9732e8af722d596a74c35a0c9ad0752 (diff)
downloadsystem-f82e6ba06d7b5de0f841f742a4a76a2b0f6b9f79.tar.gz
system-f82e6ba06d7b5de0f841f742a4a76a2b0f6b9f79.tar.bz2
system-f82e6ba06d7b5de0f841f742a4a76a2b0f6b9f79.zip
Add salt-keydiff.sh
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
-rwxr-xr-xscripts/sh/salt-keydiff.sh32
1 files changed, 32 insertions, 0 deletions
diff --git a/scripts/sh/salt-keydiff.sh b/scripts/sh/salt-keydiff.sh
new file mode 100755
index 0000000..d0f1d98
--- /dev/null
+++ b/scripts/sh/salt-keydiff.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+# Simple way to ensure a Salt minion's key matches before accepting it
+# Run `salt-call --local key.finger` on the minion and paste the output once prompted (this script should be run on the Salt master)
+# Georg Pfuetzenreuter <georg@lysergic.dev>
+set -Ceu
+
+minion="${1:-null}"
+NOCOLOR=`tput sgr0`
+
+if [ "$minion" = 'null' ]
+then
+ printf 'Please specify the minion to diff on\n'
+ exit 1
+fi
+
+key_salt=`salt-key --out json -f "$minion" | jq --arg minion "$minion" -r '.minions_pre[$minion]'`
+
+printf 'Enter fingerprint to diff against\n'
+read key_user
+
+
+if [ "$key_salt" = "$key_user" ]
+then
+ GREEN=`tput setaf 2`
+ printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
+ salt-key -a "$minion"
+elif [ ! "$key_salt" = "$key_user" ]
+then
+ RED=`tput setaf 1`
+ printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
+ exit 2
+fi