dokku-hostkeys-plugin/functions at master · cedricziel/dokku-hostkeys-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x

fn-hostkeys-add-app-key() {
  declare desc="Adds a hostkey to the app"
  declare APP="$1" HOSTKEY="$2"
  local APP_SPECIFIC_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/$APP/.ssh"
  local APP_SPECIFIC_HOSTKEYS_FILE="$APP_SPECIFIC_HOSTKEYS_FOLDER/known_hosts"

  fn-hostkeys-check-install-app "$APP"
  echo "$HOSTKEY" >>"$APP_SPECIFIC_HOSTKEYS_FILE"
  dokku_log_verbose_quiet "Added $HOSTKEY to the list of app specific hostkeys"
}

fn-hostkeys-add-shared-key() {
  declare desc="Adds a shared hostkey"
  declare HOSTKEY="$1"
  local SHARED_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/shared/.ssh"
  local SHARED_HOSTKEYS_FILE="$SHARED_HOSTKEYS_FOLDER/known_hosts"

  fn-hostkeys-check-install
  echo "$HOSTKEY" >>"$SHARED_HOSTKEYS_FILE"
  dokku_log_verbose_quiet "Added $HOSTKEY to the list of shared hostkeys"
}

fn-hostkeys-autoadd-app-key() {
  declare desc="Autoadds a hostkey to the app"
  declare APP="$1" HOSTNAME="$2"
  local APP_SPECIFIC_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/$APP/.ssh"
  local APP_SPECIFIC_HOSTKEYS_FILE="$APP_SPECIFIC_HOSTKEYS_FOLDER/known_hosts"

  fn-hostkeys-check-install-app "$APP"
  ssh-keyscan -H "$HOSTNAME" >>"$APP_SPECIFIC_HOSTKEYS_FILE" 2>/dev/null
  dokku_log_verbose_quiet "Added keys for $HOSTNAME"
}

fn-hostkeys-autoadd-shared-key() {
  declare desc="Autoadds a shared hostkey"
  declare HOSTNAME="$1"
  local SHARED_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/shared/.ssh"
  local SHARED_HOSTKEYS_FILE="$SHARED_HOSTKEYS_FOLDER/known_hosts"

  fn-hostkeys-check-install
  ssh-keyscan -H "$HOSTNAME" >>"$SHARED_HOSTKEYS_FILE" 2>/dev/null
  dokku_log_verbose_quiet "Added keys for $HOSTNAME"
}

fn-hostkeys-check-install() {
  declare desc="Checks if the shared hostkeys are installed"
  local SHARED_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/shared/.ssh"
  local SHARED_HOSTKEYS_FILE="$SHARED_HOSTKEYS_FOLDER/known_hosts"

  if [[ ! -d "$SHARED_HOSTKEYS_FOLDER" ]]; then
    dokku_log_fail "No shared keys folder available. Did you run 'dokku plugins-install'? Exiting."
  fi

  if [[ ! -f "$SHARED_HOSTKEYS_FILE" ]]; then
    dokku_log_fail "No shared keys file available. Did you run 'dokku plugins-install'? Exiting."
  fi
}

fn-hostkeys-check-install-app() {
  declare desc="Checks if the app specific hostkeys are installed"
  declare APP="$1"
  local APP_SPECIFIC_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/$APP/.ssh"
  local APP_SPECIFIC_HOSTKEYS_FILE="$APP_SPECIFIC_HOSTKEYS_FOLDER/known_hosts"

  if [[ ! -d "$APP_SPECIFIC_HOSTKEYS_FOLDER" ]]; then
    dokku_log_verbose_quiet "No app specific keys folder available, creating"
    mkdir -p "$APP_SPECIFIC_HOSTKEYS_FOLDER"
    chmod 700 "$APP_SPECIFIC_HOSTKEYS_FOLDER"
    chown -R dokku:dokku "$DOKKU_ROOT/.hostkeys/$APP"
  fi

  if [[ ! -f "$APP_SPECIFIC_HOSTKEYS_FILE" ]]; then
    dokku_log_verbose_quiet "No app specific keys file available, creating"
    touch "$APP_SPECIFIC_HOSTKEYS_FILE"
    chmod 644 "$APP_SPECIFIC_HOSTKEYS_FILE"
    chown -R dokku:dokku "$DOKKU_ROOT/.hostkeys/$APP"
  fi
}

fn-hostkeys-delete-app-key() {
  declare desc="Deletes a hostkey from the app"
  declare APP="$1" HOSTNAME="$2"
  local APP_SPECIFIC_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/$APP/.ssh"
  local APP_SPECIFIC_HOSTKEYS_FILE="$APP_SPECIFIC_HOSTKEYS_FOLDER/known_hosts"

  fn-hostkeys-check-install-app "$APP"
  if [[ -n "$HOSTNAME" ]]; then
    ssh-keygen -f "$APP_SPECIFIC_HOSTKEYS_FILE" -R "$HOSTNAME"
    rm -f "$APP_SPECIFIC_HOSTKEYS_FOLDER/known_hosts.old" >/dev/null 2>&1 || true
    dokku_log_verbose_quiet "Deleted hostkey for $HOSTNAME as well as the backup"
  else
    echo "" >"$APP_SPECIFIC_HOSTKEYS_FILE"
    dokku_log_verbose_quiet "Emptied the app specific hostkey file. Your app loses the specific keys on the next push. Make sure you add the required ones"
  fi
}

fn-hostkeys-delete-shared-key() {
  declare desc="Deletes a shared hostkey"
  declare HOSTNAME="$1"
  local SHARED_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/shared/.ssh"
  local SHARED_HOSTKEYS_FILE="$SHARED_HOSTKEYS_FOLDER/known_hosts"

  fn-hostkeys-check-install
  if [[ -n "$HOSTNAME" ]]; then
    ssh-keygen -f "$SHARED_HOSTKEYS_FILE" -R "$HOSTNAME"
    rm -f "$SHARED_HOSTKEYS_FOLDER/known_hosts.old" >/dev/null 2>&1 || true
    dokku_log_verbose_quiet "Deleted hostkey for $HOSTNAME as well as the backup."
  else
    echo "" >"$SHARED_HOSTKEYS_FILE"
    dokku_log_verbose_quiet "Emptied the shared hostkey file. All apps will loose the shared keys on next push. Make sure you add the required ones"
  fi
}

fn-hostkeys-print-keys-for-app() {
  declare desc="Prints the app specific hostkeys"
  declare APP="$1"
  local APP_SPECIFIC_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/$APP/.ssh"
  local APP_SPECIFIC_HOSTKEYS_FILE="$APP_SPECIFIC_HOSTKEYS_FOLDER/known_hosts"

  fn-hostkeys-check-install-app "$APP"
  fn-hostkeys-print-shared-keys
  if [[ ! -s "$APP_SPECIFIC_HOSTKEYS_FILE" ]]; then
    dokku_log_exclaim "No app-specific keys registered"
  else
    cat <<EOF

The following APP SPECIFIC hostkeys have been registered:
---------------------------------------------------------
EOF
    cat "$APP_SPECIFIC_HOSTKEYS_FILE"
  fi
}

fn-hostkeys-print-shared-keys() {
  declare desc="Prints the shared hostkeys"
  local SHARED_HOSTKEYS_FOLDER="$DOKKU_ROOT/.hostkeys/shared/.ssh"
  local SHARED_HOSTKEYS_FILE="$SHARED_HOSTKEYS_FOLDER/known_hosts"

  fn-hostkeys-check-install

  if [[ ! -s "$SHARED_HOSTKEYS_FILE" ]]; then
    dokku_log_exclaim "No shared keys registered"
  else
    cat <<EOF
The following SHARED hostkeys have been registered:
---------------------------------------------------
EOF
    cat "$SHARED_HOSTKEYS_FILE"
  fi
}