Remove error=1 debug set

set an error flag and check all settings before exit program

Readme.md

@@ -26,6 +26,31 @@ Inside the base folder there are
 - ssh-keygen for temporary holding the PEM/PUB files
 - zip file which holds the created user list, password and PEM/PUB files
 
+## Config
+
+### create_user.sh: create_user.cfg
+
+A `create_user.cfg` can be created to set a differen HOME_LOCATION and PASSWORD_LENGTH values
+
+eg:
+
+```ini
+HOME_LOCATION="/storage"
+PASSWORD_LENGTH=14
+```
+
+### authorized_key_location_change.sh: authorized_key_location_change.ignore
+
+For this script a `authorized_key_location_change.ignore` with a list of user names to ignore for the
+move
+
+eg:
+
+```ini
+foo_user
+bar_user
+```
+
 ## Options
 
 ### -g (go)

bin/check_last_login.sh

@@ -27,13 +27,14 @@ LOG="${BASE_FOLDER}/../log";
 # auth log file user;date from collect_login_data script
 AUTH_LOG="${BASE_FOLDER}/../auth-log/user_auth.log";
 
+error=0;
 if [ $(whoami) != "root" ]; then
 	echo "Script must be run as root user";
-	exit;
+	error=1;
 fi;
 if [ ! -d "${LOG}" ]; then
 	echo "log folder ${LOG} not found";
-	exit;
+	error=1;
 fi;
 if [ -z $(command -v curl) ]; then
 	echo "Missing curl application, aborting";
@@ -43,6 +44,9 @@ if [ -z $(command -v jq) ]; then
 	echo "Missing jq application, aborting";
 	error=1;
 fi;
+if [ $error -eq 1 ]; then
+	exit;
+fi;
 # option 1 in list
 case "${1,,}" in
 	text)
@@ -62,11 +66,14 @@ case "${1,,}" in
 		;;
 esac;
 
-# collect info via: curl http://instance-data/latest/meta-data/
-instance_id=$(curl -s http://instance-data/latest/meta-data/instance-id)
-account_id=$(curl -s http://instance-data/latest/meta-data/identity-credentials/ec2/info/ | jq -r .AccountId)
-region=$(curl -s http://instance-data/latest/meta-data/placement/region)
-
+# collect info via: curl http://169.254.169.254/latest/meta-data/
+instance_data=$(
+	TOKEN=`curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` &&
+	curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document
+)
+instance_id=$(echo "${instance_data}" | jq .instanceId)
+account_id=$(echo "${instance_data}" | jq .accountId)
+region=$(echo "${instance_data}" | jq .region)
 
 if [ "${OUTPUT_TARGET}" = "text" ]; then
 	LOG="${LOG}/check_ssh_user."$(date +"%F_%H%m%S")".log";
@@ -82,9 +89,9 @@ if [ "${OUTPUT_TARGET}" = "text" ]; then
 	echo "Max age no login   : ${max_age_create} days";
 elif [ "${OUTPUT_TARGET}" = "json" ]; then
 	echo '"Info": {'
-	echo '"AccountId": "'${account_id}'",';
-	echo '"Region": "'${region}'",';
-	echo '"InstanceId": "'${instance_id}'",';
+	echo '"AccountId": '${account_id}',';
+	echo '"Region": '${region}',';
+	echo '"InstanceId": '${instance_id}',';
 	echo '"Hostname": "'$(hostname)'",';
 	echo '"Date": "'$(date +"%F %T")'",';
 	echo '"MaxAgeLogin": '${max_age_login}',';

bin/create_user.sh

@@ -87,6 +87,13 @@ if [ ! -d "${HOME_FOLDER}" ]; then
 	echo "Home folder location not found: ${HOME_FOLDER}";
 	error=1;
 fi;
+# allow 10 to 39 length for password
+if [ ! -z "${PASSWORD_LENGTH}" ] && ! [[ "${PASSWORD_LENGTH}" =~ ^[13][0-9]$ ]]; then
+	echo "Password length set error, can only be a value between 10 and 39";
+	error=1;
+elif [ -z ${PASSWORD_LENGTH} ]; then
+	PASSWORD_LENGTH=14;
+fi;
 # home dir error abort
 if [ $error -eq 1 ]; then
 	exit;
@@ -309,7 +316,11 @@ while read i; do
 		# Note we only create a password if we need it
 		# password + store pwgen 10 1 -1
 		if [ -z "${_password}" ]; then
-			password=$(printf "%s" $(pwgen 14 1));
+			password=$(printf "%s" $(pwgen ${PASSWORD_LENGTH} 1));
+		elif [ "${_password}" = "SET_NO_PASSWORD" ]; then
+			# set empty
+			echo "* No password set";
+			password="";
 		else
 			echo "! Override password set";
 			password=${_password};