Created
March 7, 2020 03:19
-
-
Save samson4649/2a1c5dece8978f6058bc267718025bfb to your computer and use it in GitHub Desktop.
used to search through ansible variables and vault secrets in configuration directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
############################################################################# | |
# # | |
# _ _ _ _ ____ _ # | |
# / \ _ __ ___(_) |__ | | ___ / ___| ___ ___ _ __ ___| |_ ___ # | |
# / _ \ | '_ \/ __| | '_ \| |/ _ \ \___ \ / _ \/ __| '__/ _ \ __/ __| # | |
# / ___ \| | | \__ \ | |_) | | __/ ___) | __/ (__| | | __/ |_\__ \ # | |
# /_/ \_\_| |_|___/_|_.__/|_|\___| |____/ \___|\___|_| \___|\__|___/ # | |
# # | |
# Created By: Samuel Lock (github.com/samson4649) # | |
# # | |
# # | |
# Usage: # | |
# ./ansible-secrets [ -g | -a ] [ -v ] [ <regex_1> [ <regex_2> ].. ] # | |
# # | |
# Description: # | |
# A script to show all secrets from current directory. # | |
# # | |
# Notes: # | |
# - This does not work well with multi-line variables (ie. no search ) # | |
# # | |
############################################################################# | |
WORKDIR=$(pwd) | |
SEARCH=host_vars | |
REGEX="" | |
LOG_LVL=0 | |
# FATAL = 0 | |
# WARN = 1 | |
# DEBUG = 2 | |
POSITIONAL=() | |
while [[ $# -gt 0 ]]; do | |
key="$1" | |
case $key in | |
-g|--group) | |
SEARCH=group_vars | |
shift | |
;; | |
-a|--all) | |
SEARCH="${SEARCH} group_vars" | |
shift | |
;; | |
*) | |
if [[ ${key:1} =~ ^v ]]; then | |
for c in $( echo "${key:1}" | sed -E 's/(.)/\1 /g' ); do | |
if [[ "${c}" -eq "v" ]]; then | |
(( LOG_LVL++ )) | |
fi | |
done | |
else | |
POSITIONAL+=("$1") | |
REGEX="${REGEX}|$1" | |
fi | |
shift | |
;; | |
esac | |
done | |
set -- "${POSITIONAL[@]}" | |
function err_exit(){ | |
e=$1 | |
shift | |
echo "$@" | |
exit ${e} | |
} | |
function log(){ | |
MSG="" | |
F=${1,,} | |
shift | |
case ${F} in | |
2|debug ) if (( ${LOG_LVL} >= 2 )); then echo "[DEBUG] $@"; fi ;; | |
1|warn|warning ) if (( ${LOG_LVL} >= 1 )); then echo "[WARN] $@"; fi ;; | |
0|crit|critical ) echo "[FATAL] $@" | |
esac | |
} | |
log debug "log level: ${LOG_LVL}" | |
log debug "regex used: '${REGEX:1}'" | |
for dir in ${SEARCH}; do | |
if [ ! -d ./${dir} ]; then | |
log debug "No '${dir}' detected" | |
else | |
if [ "$(find ${dir}/ -mindepth 1 -maxdepth 1 -type d 2>/dev/null | wc -l)" -eq 0 ]; then | |
log debug "No configuration directories found in '${dir}'" | |
else | |
for dir_a in $(find ${dir} -mindepth 1 -maxdepth 1 -type d); do | |
for host in $(find ${dir_a} -type f -iname "*.yml"); do | |
REAL_REGEX="${REGEX:1}" | |
{ ansible-vault view ${host} 2>/dev/null 1>&5 || cat ${host} 2>/dev/null 1>&5 ;} 5>&1 | egrep -v '^(#|-|$)' | egrep "${REAL_REGEX:-.*}" | sed -E "s@(.*)@${host}::\1@" | |
done | |
done | |
fi | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment