feat: add branding and get_iam_sshkeys.py
This commit is contained in:
parent
b907511e03
commit
19efeada19
11
README.md
11
README.md
|
@ -2,4 +2,13 @@
|
|||
|
||||
ZeroDownTime - Alpine golden images
|
||||
|
||||
AWS only for now
|
||||
AWS only for now
|
||||
|
||||
## Image scanning via Trivy
|
||||
|
||||
```
|
||||
modprobe nbd
|
||||
qemu-nbd -c /dev/nbd0 zdt-alpine-3.16.2-x86_64-bios-tiny-minimal-r1.vhd
|
||||
mount /dev/nbd0 /mnt/image
|
||||
trivy filesystem /mnt/image
|
||||
```
|
||||
|
|
|
@ -5,8 +5,8 @@ echo "Are you really sure as AMIs might be used by customers !!"
|
|||
read
|
||||
|
||||
#TAG_FILTER="Name=tag:project,Values=zdt-alpine"
|
||||
#TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.0-x86_64-bios-tiny-minimal-r0"
|
||||
TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-kubezero-1.23.10-r0"
|
||||
TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-minimal-r1"
|
||||
#TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-kubezero-1.23.10-r0"
|
||||
|
||||
#for r in $(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text); do
|
||||
for r in ap-southeast-2 ca-central-1 eu-central-1 us-east-1 us-west-1 us-west-2; do
|
||||
|
|
|
@ -45,7 +45,8 @@ echo 'Installed cloudbender shutdown hook'
|
|||
|
||||
# Install tools
|
||||
cp $SETUP/route53.py $TARGET/usr/local/bin
|
||||
echo 'Installed route53.py'
|
||||
cp $SETUP/get_iam_sshkeys.py $TARGET/usr/sbin
|
||||
echo 'Installed route53.py and get_iam_sshkeys.py'
|
||||
|
||||
# ps_mem
|
||||
#wget https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
|
||||
|
@ -63,12 +64,13 @@ echo 'Enable monit via init, hooked up cloudbender alerting'
|
|||
|
||||
# QoL
|
||||
mv $TARGET/etc/profile.d/color_prompt.sh.disabled $TARGET/etc/profile.d/color_prompt.sh
|
||||
echo 'alias rs="doas bash --login"' > $TARGET/etc/profile.d/alias.sh
|
||||
echo 'alias rs="doas bash"' > $TARGET/etc/profile.d/alias.sh
|
||||
|
||||
# branding
|
||||
rm -f $TARGET/etc/motd
|
||||
cp $SETUP/neofetch.conf $TARGET/etc/neofetch.conf
|
||||
cp $SETUP/zdt-ascii.txt $TARGET/etc/neofetch-logo.txt
|
||||
echo 'neofetch --config /etc/neofetch.conf' > $TARGET/etc/profile.d/motd.sh
|
||||
echo '[ -n "$SSH_TTY" -a "$SHLVL" -eq 1 ] && neofetch --config /etc/neofetch.conf' > $TARGET/etc/profile.d/motd.sh
|
||||
echo 'Installed ZDT branding via neofetch'
|
||||
|
||||
printf '\n# Zero Down Time config applied'
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
#!/usr/bin/python3
|
||||
import sys
|
||||
import boto3
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description="Get SSH keys from IAM users")
|
||||
parser.add_argument(
|
||||
"--user", dest="user", action="store", required=True, help="requested user"
|
||||
)
|
||||
parser.add_argument(
|
||||
"--group", action="store", required=True, help="IAM group to search"
|
||||
)
|
||||
parser.add_argument(
|
||||
"--iamRole",
|
||||
dest="iamRole",
|
||||
action="store",
|
||||
help="IAM role ARN to assume to search for IAM users",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--allowedUser",
|
||||
dest="allowedUsers",
|
||||
action="append",
|
||||
default=["alpine"],
|
||||
help="Allowed users",
|
||||
)
|
||||
args = parser.parse_args()
|
||||
|
||||
# Fail early if invalid user
|
||||
if not args.user in args.allowedUsers:
|
||||
sys.exit(0)
|
||||
|
||||
session = boto3.Session()
|
||||
|
||||
if args.iamRole:
|
||||
sts = session.client("sts")
|
||||
credentials = sts.assume_role(
|
||||
RoleArn=args.iamRole, RoleSessionName="sshdKeyLookup"
|
||||
)["Credentials"]
|
||||
|
||||
assumed_role_session = boto3.Session(
|
||||
aws_access_key_id=credentials["AccessKeyId"],
|
||||
aws_secret_access_key=credentials["SecretAccessKey"],
|
||||
aws_session_token=credentials["SessionToken"],
|
||||
)
|
||||
iam = assumed_role_session.client("iam")
|
||||
|
||||
else:
|
||||
iam = session.client("iam")
|
||||
|
||||
try:
|
||||
for user in iam.get_group(GroupName=args.group)["Users"]:
|
||||
for key_desc in iam.list_ssh_public_keys(UserName=user["UserName"])[
|
||||
"SSHPublicKeys"
|
||||
]:
|
||||
key = iam.get_ssh_public_key(
|
||||
UserName=user["UserName"],
|
||||
SSHPublicKeyId=key_desc["SSHPublicKeyId"],
|
||||
Encoding="SSH",
|
||||
)
|
||||
if key["SSHPublicKey"]["Status"] == "Active":
|
||||
print(key["SSHPublicKey"]["SSHPublicKeyBody"], user["UserName"])
|
||||
except:
|
||||
pass
|
|
@ -4,7 +4,7 @@ print_info() {
|
|||
prin "$(color 1)Welcome to Alpine - ZeroDownTime edition"
|
||||
echo
|
||||
prin "Release Notes:"
|
||||
prin " - <https://kubezero.com/releases/v1.23/README.md>"
|
||||
prin " - <https://kubezero.com/releases/>"
|
||||
prin " - <https://alpinelinux.org/releases/>"
|
||||
echo
|
||||
|
||||
|
|
|
@ -49,5 +49,4 @@ action = "UPSERT"
|
|||
if args.delete:
|
||||
action = "DELETE"
|
||||
|
||||
print(args)
|
||||
update_dns(args.fqdn, args.record, action=action, ttl=args.ttl, record_type=args.record_type)
|
||||
|
|
Loading…
Reference in New Issue