Vault SSH: Cleanup of aux files in install script
This commit is contained in:
parent
54db77a3f1
commit
44c07cff5b
|
@ -6,9 +6,9 @@ const (
|
|||
DefaultPublicKeyInstallScript = `
|
||||
#!/bin/bash
|
||||
#
|
||||
# This script file installs or uninstalls an RSA public key to/from authoried_keys
|
||||
# file in a typical linux machine. This script should be registered with vault
|
||||
# server while creating a role for key type 'dynamic'.
|
||||
# This is a default script which installs or uninstalls an RSA public key to/from
|
||||
# authoried_keys file in a typical linux machine. Use 'install_script' parameter
|
||||
# with 'roles/' endpoint to register a custom script (for Dynamic type).
|
||||
#
|
||||
# Vault server runs this script on the target machine with the following params:
|
||||
#
|
||||
|
@ -20,11 +20,10 @@ const (
|
|||
# $3:AUTH_KEYS_FILE: Absolute path of the authorized_keys file.
|
||||
# Currently, vault uses /home/<username>/.ssh/authorized_keys as the path.
|
||||
#
|
||||
# [Note: This is a default script and is written to provide convenience.
|
||||
# If the host platform differs, or if the binaries used in this script are not
|
||||
# available, write a new script that takes the above parameters and does the
|
||||
# same task as this script, and register it Vault while role creation using
|
||||
# 'install_script' parameter.
|
||||
# [Note: If the platform differs or if the binaries used in this script are not
|
||||
# available in target machine, provide a custom script.]
|
||||
|
||||
set -e
|
||||
|
||||
INSTALL_OPTION=$1
|
||||
PUBLIC_KEY_FILE=$2
|
||||
|
@ -33,10 +32,12 @@ AUTH_KEYS_FILE=$3
|
|||
# Delete the public key file and the temporary file
|
||||
function cleanup
|
||||
{
|
||||
echo "$PUBLIC_KEY_FILE" > tempFile
|
||||
rm -f "$PUBLIC_KEY_FILE" temp_$PUBLIC_KEY_FILE
|
||||
}
|
||||
|
||||
# This ensures that cleanup is called if any command fails
|
||||
trap cleanup EXIT
|
||||
|
||||
if [ "$INSTALL_OPTION" != "install" && "$INSTALL_OPTION" != "uninstall" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
@ -50,8 +51,5 @@ if [ "$INSTALL_OPTION" == "install" ]; then
|
|||
# Append the new public key to authorized_keys file
|
||||
cat "$PUBLIC_KEY_FILE" | sudo tee --append "$AUTH_KEYS_FILE"
|
||||
fi
|
||||
|
||||
# Delete the auxiliary files
|
||||
cleanup
|
||||
`
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue