improve ssh host cert validation
This commit is contained in:
parent
8608af6e3a
commit
50a11ff81c
2 changed files with 5 additions and 7 deletions
|
|
@ -5,13 +5,6 @@ IFS=$'\n\t'
|
|||
eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost)"')"
|
||||
|
||||
# TODO: Can this be done more eye-pleasingly?
|
||||
set +e
|
||||
CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '/root/ca.sh host "'"$PUBKEY"'" "'"$HOST"'".dmz')
|
||||
retval=$?
|
||||
set -e
|
||||
|
||||
if [ retval -neq 0 ]; then
|
||||
CERT="error"
|
||||
fi
|
||||
|
||||
jq -n --arg cert "$CERT" '{"cert":$cert}'
|
||||
|
|
|
|||
5
main.tf
5
main.tf
|
|
@ -50,6 +50,11 @@ resource "null_resource" "cert" {
|
|||
ignore_changes = [
|
||||
triggers
|
||||
]
|
||||
|
||||
postcondition {
|
||||
condition = self.triggers["cert"] != "" || !var.use_host_cert
|
||||
error_message = "Error retrieving host certificate."
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue