improve ssh host cert validation

This commit is contained in:
pizzaniels 2023-04-21 21:23:01 +02:00
parent 8608af6e3a
commit 50a11ff81c
2 changed files with 5 additions and 7 deletions

View file

@ -5,13 +5,6 @@ IFS=$'\n\t'
eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost)"')" eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost)"')"
# TODO: Can this be done more eye-pleasingly? # TODO: Can this be done more eye-pleasingly?
set +e
CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '/root/ca.sh host "'"$PUBKEY"'" "'"$HOST"'".dmz') CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '/root/ca.sh host "'"$PUBKEY"'" "'"$HOST"'".dmz')
retval=$?
set -e
if [ retval -neq 0 ]; then
CERT="error"
fi
jq -n --arg cert "$CERT" '{"cert":$cert}' jq -n --arg cert "$CERT" '{"cert":$cert}'

View file

@ -50,6 +50,11 @@ resource "null_resource" "cert" {
ignore_changes = [ ignore_changes = [
triggers triggers
] ]
postcondition {
condition = self.triggers["cert"] != "" || !var.use_host_cert
error_message = "Error retrieving host certificate."
}
} }
} }