scripts/sh/salt-keydiff.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

#!/bin/sh
# Simple way to ensure a Salt minion's key matches before accepting it
# Run `salt-call --local key.finger` on the minion and paste the output once prompted (this script should be run on the Salt master)
# Georg Pfuetzenreuter <georg@lysergic.dev>
set -Ceu

minion="${1:-null}"
NOCOLOR=`tput sgr0`

if [ "$minion" = 'null' ]
then
        printf 'Please specify the minion to diff on\n'
        exit 1
fi

key_salt=`salt-key --out json -f "$minion" | jq --arg minion "$minion" -r '.minions_pre[$minion]'`

printf 'Enter fingerprint to diff against\n'
read key_user


if [ "$key_salt" = "$key_user" ]
then
        GREEN=`tput setaf 2`
        printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
        salt-key -a "$minion"
elif [ ! "$key_salt" = "$key_user" ]
then
        RED=`tput setaf 1`
        printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
        exit 2
fi