diff --git a/action.yml b/action.yml index b710484..2ae39e6 100644 --- a/action.yml +++ b/action.yml @@ -54,6 +54,10 @@ inputs: options: description: Extra options that should be passed to ansible-playbook command required: false + debug: + description: Set debug mode (prints additional information about PKI setup) + required: false + default: false runs: using: docker image: Dockerfile diff --git a/entrypoint.sh b/entrypoint.sh index d5cd7e1..4cef215 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -25,6 +25,10 @@ if [ -z "${INPUT_INVENTORY:-}" ] ; then exit 1 fi +# Set Debug Mode Helper +input_debug="${INPUT_DEBUG:-false}" +debug=${input_debug,,} + # Setup Provisioner Variables provisioner_name=${INPUT_PKI_PROVISIONER_NAME:-"ansible"} provisioner_password=${INPUT_PKI_PROVISIONER_PASSWORD} @@ -42,9 +46,6 @@ echo "Bootstrapped PKI at ${INPUT_PKI_CA_URL}" host_ca_cert=$(step ssh config --host --roots) echo "@cert-authority *.kraussnet.com ${host_ca_cert}" > ~/.ssh/known_hosts if [ ! -z "${INPUT_PKI_ADDITIONAL_HOSTS:-}" ] ; then - echo "***" - echo "${INPUT_PKI_ADDITIONAL_HOSTS}" - echo "***" for host in $(echo ${INPUT_PKI_ADDITIONAL_HOSTS}) ; do echo "@cert-authority ${host} ${host_ca_cert}" >> ~/.ssh/known_hosts echo "Registered ${host} to use KraussNet SSH @cert-authority" @@ -54,18 +55,18 @@ if [ ! -z "${INPUT_KNOWN_HOSTS:-}" ] ; then echo "${INPUT_KNOWN_HOSTS}" >> ~/.ssh/known_hosts fi echo "Registered SSH Host Certificate Authority" -cat ~/.ssh/known_hosts +[ ${debug} == "true" ] && cat ~/.ssh/known_hosts # Obtain a User Certificate for Ansible token=$(step ca token "${user_cert_subject}" --ssh --provisioner "${provisioner_name}" --provisioner-password-file <(printf "${provisioner_password}")) echo "Obtained User Token from CA" -echo $token | step crypto jwt inspect --insecure +[ ${debug} == "true" ] && echo $token | step crypto jwt inspect --insecure [ ! -f ~/.ssh/id_ecdsa ] && ssh-keygen -t ecdsa -f ~/.ssh/id_ecdsa -N '' [ -f ~/.ssh/id_ecdsa-cert.pub ] && rm ~/.ssh/id_ecdsa-cert.pub step ssh certificate "${user_cert_subject}" ~/.ssh/id_ecdsa.pub --sign --provisioner "${provisioner_name}" --token $token echo "Obtained User Certificate from CA" -ssh-keygen -L -f ~/.ssh/id_ecdsa-cert.pub +[ ${debug} == "true" ] && ssh-keygen -L -f ~/.ssh/id_ecdsa-cert.pub # Process the inventory parameter inventory=""