Vault SSH: Cleanup of aux files in install script

This commit is contained in:
vishalnayak 2015-08-24 13:50:46 -04:00
parent 54db77a3f1
commit 44c07cff5b

View file

@ -6,9 +6,9 @@ const (
DefaultPublicKeyInstallScript = `
#!/bin/bash
#
# This script file installs or uninstalls an RSA public key to/from authoried_keys
# file in a typical linux machine. This script should be registered with vault
# server while creating a role for key type 'dynamic'.
# This is a default script which installs or uninstalls an RSA public key to/from
# authoried_keys file in a typical linux machine. Use 'install_script' parameter
# with 'roles/' endpoint to register a custom script (for Dynamic type).
#
# Vault server runs this script on the target machine with the following params:
#
@ -20,11 +20,10 @@ const (
# $3:AUTH_KEYS_FILE: Absolute path of the authorized_keys file.
# Currently, vault uses /home/<username>/.ssh/authorized_keys as the path.
#
# [Note: This is a default script and is written to provide convenience.
# If the host platform differs, or if the binaries used in this script are not
# available, write a new script that takes the above parameters and does the
# same task as this script, and register it Vault while role creation using
# 'install_script' parameter.
# [Note: If the platform differs or if the binaries used in this script are not
# available in target machine, provide a custom script.]
set -e
INSTALL_OPTION=$1
PUBLIC_KEY_FILE=$2
@ -33,10 +32,12 @@ AUTH_KEYS_FILE=$3
# Delete the public key file and the temporary file
function cleanup
{
echo "$PUBLIC_KEY_FILE" > tempFile
rm -f "$PUBLIC_KEY_FILE" temp_$PUBLIC_KEY_FILE
}
# This ensures that cleanup is called if any command fails
trap cleanup EXIT
if [ "$INSTALL_OPTION" != "install" && "$INSTALL_OPTION" != "uninstall" ]; then
exit 1
fi
@ -50,8 +51,5 @@ if [ "$INSTALL_OPTION" == "install" ]; then
# Append the new public key to authorized_keys file
cat "$PUBLIC_KEY_FILE" | sudo tee --append "$AUTH_KEYS_FILE"
fi
# Delete the auxiliary files
cleanup
`
)