Add salt-keydiff.sh

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-16 08:22:36 +01:00 · 2023-01-16 08:22:36 +01:00 · f82e6ba06d
parent 926b11aea9
commit f82e6ba06d
1 changed files with 32 additions and 0 deletions
--- a/scripts/sh/salt-keydiff.sh
+++ b/scripts/sh/salt-keydiff.sh
@ -0,0 +1,32 @@
+#!/bin/sh
+# Simple way to ensure a Salt minion's key matches before accepting it
+# Run `salt-call --local key.finger` on the minion and paste the output once prompted (this script should be run on the Salt master)
+# Georg Pfuetzenreuter <georg@lysergic.dev>
+set -Ceu
+
+minion="${1:-null}"
+NOCOLOR=`tput sgr0`
+
+if [ "$minion" = 'null' ]
+then
+        printf 'Please specify the minion to diff on\n'
+        exit 1
+fi
+
+key_salt=`salt-key --out json -f "$minion" | jq --arg minion "$minion" -r '.minions_pre[$minion]'`
+
+printf 'Enter fingerprint to diff against\n'
+read key_user
+
+
+if [ "$key_salt" = "$key_user" ]
+then
+        GREEN=`tput setaf 2`
+        printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
+        salt-key -a "$minion"
+elif [ ! "$key_salt" = "$key_user" ]
+then
+        RED=`tput setaf 1`
+        printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
+        exit 2
+fi