Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
policy based autosigning with puppet
#!/bin/bash
# define the shared secret we will accept to authenticate identity
SHARED_SECRET="your the best"
# capture the certname (hostname) used for the request
CERT_NAME=$1
# feed STDIN (file descriptor 0) to the openssl command and pipe
# the output to grep to get the sharedSecret supplied by the agent
# capturing the value in a variable called AGENT_SECRET
AGENT_SECRET=$(openssl req -noout -text <&0 | awk -F ":" '/challengePassword/ { gsub(/\n$/, "", $2) ; print $2 }')
if [ "$AGENT_SECRET" == "$SHARED_SECRET" ] ; then
STATUS=0
echo "authorised agent: ${CERT_NAME}"
else
STATUS=1
echo "***!ALERT!*** incorrect or missing shared secret from ${CERT_NAME}"
fi
exit $STATUS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.