2024-01-31 19:25:39 +01:00
|
|
|
#!/usr/bin/env bash
|
2024-02-02 17:01:22 +01:00
|
|
|
set -euo pipefail
|
2024-01-31 19:25:39 +01:00
|
|
|
|
2024-02-02 17:03:27 +01:00
|
|
|
args="$(getopt -o '' --long check -- "$@")"
|
|
|
|
eval "set -- $args"
|
|
|
|
check=false
|
|
|
|
while true; do
|
|
|
|
case "$1" in
|
|
|
|
--check)
|
|
|
|
check=true
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
--)
|
|
|
|
shift
|
|
|
|
break
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
2024-01-31 19:25:39 +01:00
|
|
|
username="$1"
|
2024-02-02 17:05:40 +01:00
|
|
|
shift
|
2024-01-31 19:25:39 +01:00
|
|
|
|
|
|
|
homedir="$(getent passwd "$username" | cut -d: -f6)"
|
|
|
|
sshdir="$homedir/.ssh"
|
|
|
|
|
|
|
|
workfile=$(mktemp)
|
|
|
|
cleanup() { rm "$workfile"; }
|
|
|
|
trap cleanup EXIT
|
|
|
|
|
2024-02-02 17:05:40 +01:00
|
|
|
for ssh_secret_name in "$@"; do
|
|
|
|
/srv/zulip-aws-tools/bin/aws --output text \
|
|
|
|
secretsmanager get-secret-value \
|
|
|
|
--secret-id "$ssh_secret_name" \
|
|
|
|
--query SecretString \
|
|
|
|
| jq -r 'keys[] as $k | "\(.[$k]) \($k)"' \
|
|
|
|
>>"$workfile"
|
|
|
|
done
|
2024-01-31 19:25:39 +01:00
|
|
|
|
|
|
|
chmod 644 "$workfile"
|
|
|
|
chown "$username:$username" "$workfile"
|
|
|
|
|
2024-02-02 17:03:27 +01:00
|
|
|
if [ "$check" = "true" ]; then
|
2024-01-31 19:25:39 +01:00
|
|
|
diff -N "$workfile" "$sshdir/authorized_keys"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
2024-02-02 20:30:53 +01:00
|
|
|
rsync -av "$workfile" "$sshdir/authorized_keys"
|