Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Terraform sshfp
#!/bin/bash
set -euo pipefail
IFS=$'\t\n'
# This script JSON formatted stdin and produces as JSON formatted stdout
# Sean OMeara <sean@sean.io>
export PATH=$PATH:$1/bin
function error_exit() {
echo "$1" 1>&2
exit 1
}
function check_deps() {
test -f $(which jq) || error_exit "jq command not found in PATH"
test -f $(which base64) || error_exit "base64 command not found in PATH"
test -f $(which openssl) || error_exit "openssl command not found in PATH"
}
PRINTS=()
for i in $(jq -r '.public_keys' | jq '.[]'); do
KEY_TYPE=$(echo ${i} | xargs | awk '{ print $1 }')
KEY_DATA=$(echo ${i} | xargs | awk '{ print $2 }')
DIGEST_SHA1=$(echo ${KEY_DATA} | base64 --decode | openssl dgst -sha1 | awk '{ print $2 }')
DIGEST_SHA256=$(echo ${KEY_DATA} | base64 --decode | openssl dgst -sha256 | awk '{ print $2 }')
case ${KEY_TYPE} in
ssh-rsa*)
ALGORITHM=1
;;
ssh-dss*)
ALGORITHM=2
;;
ecdsa*)
ALGORITHM=3
;;
ssh-ed25519)
ALGORITHM=4
;;
*)
error_exit "Error: Invalid key type"
esac
RAY+=("{ \"algorithm\": \"${ALGORITHM}\", \"type\": \"2\", \"fingerprint\": \"${DIGEST_SHA256}\" }")
done
function join_by() {
local d=$1 ; shift
echo -n $1 ; shift
for i in "$@"; do
echo -n "$d "
echo -n $i
done
}
function values() {
echo -n "["
join_by , "${RAY[@]}"
echo -n "]"
}
function json_encode() {
echo "$($1 | jq -R)"
}
print_payload() {
echo "{ \"sshfp\": $(json_encode values) }"
}
print_payload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment