Fix skip naming for zip/move creation

Avoid "file not found" zip file creation and remove if there are no
PEM files created, eg if we have a pre defined pub file

.shellcheckrc

@@ -0,0 +1,2 @@
+shell=bash
+external-sources=true

Readme.md

@@ -26,6 +26,31 @@ Inside the base folder there are
 - ssh-keygen for temporary holding the PEM/PUB files
 - zip file which holds the created user list, password and PEM/PUB files
 
+## Config
+
+### create_user.sh: create_user.cfg
+
+A `create_user.cfg` can be created to set a differen HOME_LOCATION and PASSWORD_LENGTH values
+
+eg:
+
+```ini
+HOME_LOCATION="/storage"
+PASSWORD_LENGTH=14
+```
+
+### authorized_key_location_change.sh: authorized_key_location_change.ignore
+
+For this script a `authorized_key_location_change.ignore` with a list of user names to ignore for the
+move
+
+eg:
+
+```ini
+foo_user
+bar_user
+```
+
 ## Options
 
 ### -g (go)

bin/check_last_login.sh

@@ -27,13 +27,14 @@ LOG="${BASE_FOLDER}/../log";
 # auth log file user;date from collect_login_data script
 AUTH_LOG="${BASE_FOLDER}/../auth-log/user_auth.log";
 
+error=0;
 if [ $(whoami) != "root" ]; then
 	echo "Script must be run as root user";
-	exit;
+	error=1;
 fi;
 if [ ! -d "${LOG}" ]; then
 	echo "log folder ${LOG} not found";
-	exit;
+	error=1;
 fi;
 if [ -z $(command -v curl) ]; then
 	echo "Missing curl application, aborting";
@@ -43,6 +44,9 @@ if [ -z $(command -v jq) ]; then
 	echo "Missing jq application, aborting";
 	error=1;
 fi;
+if [ $error -eq 1 ]; then
+	exit;
+fi;
 # option 1 in list
 case "${1,,}" in
 	text)
@@ -62,11 +66,14 @@ case "${1,,}" in
 		;;
 esac;
 
-# collect info via: curl http://instance-data/latest/meta-data/
-instance_id=$(curl -s http://instance-data/latest/meta-data/instance-id)
-account_id=$(curl -s http://instance-data/latest/meta-data/identity-credentials/ec2/info/ | jq -r .AccountId)
-region=$(curl -s http://instance-data/latest/meta-data/placement/region)
-
+# collect info via: curl http://169.254.169.254/latest/meta-data/
+instance_data=$(
+	TOKEN=`curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` &&
+	curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document
+)
+instance_id=$(echo "${instance_data}" | jq .instanceId)
+account_id=$(echo "${instance_data}" | jq .accountId)
+region=$(echo "${instance_data}" | jq .region)
 
 if [ "${OUTPUT_TARGET}" = "text" ]; then
 	LOG="${LOG}/check_ssh_user."$(date +"%F_%H%m%S")".log";
@@ -82,9 +89,9 @@ if [ "${OUTPUT_TARGET}" = "text" ]; then
 	echo "Max age no login   : ${max_age_create} days";
 elif [ "${OUTPUT_TARGET}" = "json" ]; then
 	echo '"Info": {'
-	echo '"AccountId": "'${account_id}'",';
-	echo '"Region": "'${region}'",';
-	echo '"InstanceId": "'${instance_id}'",';
+	echo '"AccountId": '${account_id}',';
+	echo '"Region": '${region}',';
+	echo '"InstanceId": '${instance_id}',';
 	echo '"Hostname": "'$(hostname)'",';
 	echo '"Date": "'$(date +"%F %T")'",';
 	echo '"MaxAgeLogin": '${max_age_login}',';

bin/create_user.sh

@@ -87,6 +87,13 @@ if [ ! -d "${HOME_FOLDER}" ]; then
 	echo "Home folder location not found: ${HOME_FOLDER}";
 	error=1;
 fi;
+# allow 10 to 39 length for password
+if [ ! -z "${PASSWORD_LENGTH}" ] && ! [[ "${PASSWORD_LENGTH}" =~ ^[13][0-9]$ ]]; then
+	echo "Password length set error, can only be a value between 10 and 39";
+	error=1;
+elif [ -z ${PASSWORD_LENGTH} ]; then
+	PASSWORD_LENGTH=14;
+fi;
 # home dir error abort
 if [ $error -eq 1 ]; then
 	exit;
@@ -309,7 +316,11 @@ while read i; do
 		# Note we only create a password if we need it
 		# password + store pwgen 10 1 -1
 		if [ -z "${_password}" ]; then
-			password=$(printf "%s" $(pwgen 14 1));
+			password=$(printf "%s" $(pwgen ${PASSWORD_LENGTH} 1));
+		elif [ "${_password}" = "SET_NO_PASSWORD" ]; then
+			# set empty
+			echo "* No password set";
+			password="";
 		else
 			echo "! Override password set";
 			password=${_password};
@@ -410,14 +421,24 @@ done;
 if [ ${INFO} -eq 1 ]; then
 	exit;
 fi;
+# check if there are any files in the SSH_KEYGEN_FOLDER, else skip zip file creation and file move
+has_pem_files=0;
+if (shopt -s nullglob dotglob; f=("${SSH_KEYGEN_FOLDER}"*".pem"*); ((${#f[@]}))); then
+	has_pem_files=1;
+fi;
 # zip everything and remove data in ssh key folder, delete output file with passwords
 if [ ${TEST} -eq 0 ]; then
-	zip -r \
-		"${ROOT_FOLDER}${output_zip_folder}${output_zip}" \
-		"${input_file}" \
-		"${output_file}" \
-		"${SSH_KEYGEN_FOLDER}" \
-		-x\*.gitignore;
+	if [ "${has_pem_files}" -eq 1 ]; then
+		zip -r \
+			"${ROOT_FOLDER}${output_zip_folder}${output_zip}" \
+			"${input_file}" \
+			"${output_file}" \
+			"${SSH_KEYGEN_FOLDER}" \
+			-x\*.gitignore;
+		echo "Download: ${ROOT_FOLDER}${output_zip_folder}${output_zip}";
+	else
+		echo "Skip ZIP file creation, no pem files";
+	fi;
 else
 	echo "zip -r \\"
 	echo "${ROOT_FOLDER}${output_zip_folder}${output_zip} \\"
@@ -425,15 +446,19 @@ else
 	echo "${output_file} \\"
 	echo "${SSH_KEYGEN_FOLDER} \\"
 	echo "-x\*.gitignore;"
+	echo "Download: ${ROOT_FOLDER}${output_zip_folder}${output_zip}";
 fi;
-echo "Download: ${ROOT_FOLDER}${output_zip_folder}${output_zip}";
 # cleam up user log file and ssh keys
 if [ ${TEST} -eq 0 ]; then
-	# move pub to created folders
-	mv "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}"*.pub "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB}";
-	# delete the rest
-	rm "${ROOT_FOLDER}${output_file}";
-	rm "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}"*;
+	if [ "${has_pem_files}" -eq 1 ]; then
+		# move pub to created folders
+		mv "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}"*.pub "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB}";
+		# delete the rest
+		rm "${ROOT_FOLDER}${output_file}";
+		rm "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}"*;
+	else
+		echo "Skip pub file move and cleanup, no pem files";
+	fi;
 else
 	echo "$> mv ${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}*.pub ${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB};";
 	echo "$> rm ${ROOT_FOLDER}${output_file}";