-
-
Save Yggdrasil/6ac8e422ac9945d7855829f9fb297cdb to your computer and use it in GitHub Desktop.
policy based autosigning with puppet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # define the shared secret we will accept to authenticate identity | |
| SHARED_SECRET="your the best" | |
| # capture the certname (hostname) used for the request | |
| CERT_NAME=$1 | |
| # feed STDIN (file descriptor 0) to the openssl command and pipe | |
| # the output to grep to get the sharedSecret supplied by the agent | |
| # capturing the value in a variable called AGENT_SECRET | |
| AGENT_SECRET=$(openssl req -noout -text <&0 | awk -F ":" '/challengePassword/ { gsub(/\n$/, "", $2) ; print $2 }') | |
| if [ "$AGENT_SECRET" == "$SHARED_SECRET" ] ; then | |
| STATUS=0 | |
| echo "authorised agent: ${CERT_NAME}" | |
| else | |
| STATUS=1 | |
| echo "***!ALERT!*** incorrect or missing shared secret from ${CERT_NAME}" | |
| fi | |
| exit $STATUS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment