zulip/puppet/kandra/files/install-ssh-authorized-keys

48 lines
950 B
Plaintext
Raw Normal View History

#!/usr/bin/env bash
set -euo pipefail
args="$(getopt -o '' --long check -- "$@")"
eval "set -- $args"
check=false
while true; do
case "$1" in
--check)
check=true
shift
;;
--)
shift
break
;;
esac
done
username="$1"
shift
homedir="$(getent passwd "$username" | cut -d: -f6)"
sshdir="$homedir/.ssh"
workfile=$(mktemp)
cleanup() { rm "$workfile"; }
trap cleanup EXIT
for ssh_secret_name in "$@"; do
/srv/zulip-aws-tools/bin/aws --output text \
secretsmanager get-secret-value \
--secret-id "$ssh_secret_name" \
--query SecretString \
| jq -r 'keys[] as $k | "\(.[$k]) \($k)"' \
>>"$workfile"
done
chmod 644 "$workfile"
chown "$username:$username" "$workfile"
if [ "$check" = "true" ]; then
diff -N "$workfile" "$sshdir/authorized_keys"
exit 0
fi
rsync -av "$workfile" "$sshdir/authorized_keys"