blob: ca24762c0d9a3b292941896301708c6ae906d791 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
#!/bin/bash
# Utility: shflow-trust
# Description: Evalúa acceso SSH y privilegios sudo para cada host del inventario
# Author: Luis GuLo
# Version: 0.4.1
set -euo pipefail
# 📁 Rutas defensivas
PROJECT_ROOT="${SHFLOW_HOME:-$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)}"
INVENTORY="$PROJECT_ROOT/core/inventory/hosts.yaml"
REPORT="$PROJECT_ROOT/core/inventory/trust_report.yaml"
TIMEOUT=5
USER="${USER:-$(whoami)}"
# 🔧 yq segun arquitectura
ARCH=$(uname -m)
case "$ARCH" in
x86_64) YQ_BIN="$PROJECT_ROOT/core/utils/yq_linux_amd64" ;;
i686|i386) YQ_BIN="$PROJECT_ROOT/core/utils/yq_linux_386" ;;
aarch64) YQ_BIN="$PROJECT_ROOT/core/utils/yq_linux_arm64" ;;
armv7l|armv6l) YQ_BIN="$PROJECT_ROOT/core/utils/yq_linux_arm" ;;
*) echo "❌ Arquitectura no soportada: $ARCH"; exit 1 ;;
esac
# 🧩 Cargar render_msg si no está disponible
COMMON_LIB="$PROJECT_ROOT/core/lib/translate_msg.sh"
if ! declare -f render_msg &>/dev/null; then
[[ -f "$COMMON_LIB" ]] && source "$COMMON_LIB"
fi
export SHFLOW_LANG="${SHFLOW_LANG:-es}"
# 🌐 Cargar traducciones
lang="${SHFLOW_LANG:-es}"
trfile="$PROJECT_ROOT/core/utils/shflow-trust.tr.${lang}"
declare -A tr
if [[ -f "$trfile" ]]; then while IFS='=' read -r k v; do tr["$k"]="$v"; done < "$trfile"; fi
echo "$(render_msg "${tr[start]}" "user=$USER")"
echo "$(render_msg "${tr[inventory]}" "path=$INVENTORY")"
echo "$(render_msg "${tr[report]}" "path=$REPORT")"
echo ""
# 🧪 Validar dependencia yq
if ! command -v $YQ_BIN &>/dev/null; then
echo "$(render_msg "${tr[missing_dep]}" "cmd=$YQ_BIN")"
exit 1
fi
# 🧹 Regenerar informe
{
echo "# $(render_msg "${tr[report_title]}")"
echo "# $(render_msg "${tr[report_date]}" "date=$(date)")"
echo ""
} > "$REPORT"
# 🔁 Extraer hosts
HOSTS=()
HOSTS_RAW=$($YQ_BIN eval -o=json ".all.hosts | keys | .[]" "$INVENTORY")
[ -z "$HOSTS_RAW" ] && echo "${tr[no_hosts]:-❌ No se encontraron hosts en el inventario.}" && exit 1
while IFS= read -r line; do
HOSTS+=("$(echo "$line" | sed 's/^\"\(.*\)\"$/\1/')") # Eliminar comillas
done <<< "$HOSTS_RAW"
# 🔍 Evaluar cada host
for host in "${HOSTS[@]}"; do
IP=$($YQ_BIN eval -o=json ".all.hosts.\"$host\".ansible_host" "$INVENTORY")
[[ "$IP" == "null" || -z "$IP" ]] && echo "$(render_msg "${tr[missing_ip]}" "host=$host")" && continue
echo "$(render_msg "${tr[checking]}" "host=$host" "ip=$IP")"
if ssh -o BatchMode=yes -o ConnectTimeout=$TIMEOUT "$USER@$IP" 'echo ok' &>/dev/null; then
echo "${tr[ssh_ok]:- ✅ SSH: ok}"
SSH_STATUS="ok"
if ssh -o BatchMode=yes "$USER@$IP" 'sudo -n true' &>/dev/null; then
echo "${tr[sudo_ok]:- ✅ SUDO: ok}"
SUDO_STATUS="ok"
else
echo "${tr[sudo_pw]:- ⚠️ SUDO: requiere contraseña o no permitido}"
SUDO_STATUS="password_required"
fi
else
echo "${tr[ssh_fail]:- ❌ SSH: fallo de conexión}"
SSH_STATUS="failed"
SUDO_STATUS="unknown"
fi
{
echo "$host:"
echo " ip: $IP"
echo " ssh: $SSH_STATUS"
echo " sudo: $SUDO_STATUS"
echo ""
} >> "$REPORT"
done
echo "$(render_msg "${tr[done]}" "path=$REPORT")"
|
