Created
April 12, 2015 16:03
-
-
Save GeoffWilliams/9889edfeef363a0b91c5 to your computer and use it in GitHub Desktop.
policy based autosigning with puppet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # define the shared secret we will accept to authenticate identity | |
| SHARED_SECRET="your the best" | |
| # capture the certname (hostname) used for the request | |
| CERT_NAME=$1 | |
| # feed STDIN (file descriptor 0) to the openssl command and pipe | |
| # the output to grep to get the sharedSecret supplied by the agent | |
| # capturing the value in a variable called AGENT_SECRET | |
| AGENT_SECRET=$(openssl req -noout -text <&0 | awk -F ":" '/challengePassword/ { gsub(/\n$/, "", $2) ; print $2 }') | |
| if [ "$AGENT_SECRET" == "$SHARED_SECRET" ] ; then | |
| STATUS=0 | |
| echo "authorised agent: ${CERT_NAME}" | |
| else | |
| STATUS=1 | |
| echo "***!ALERT!*** incorrect or missing shared secret from ${CERT_NAME}" | |
| fi | |
| exit $STATUS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment