#!/bin/bash
### BEGIN INIT INFO
# Provides:       ec2-get-credentials
# Required-Start: $network
# Required-Stop:  
# Should-Start:   
# Should-Stop:    
# Default-Start:  2 3 4 5
# Default-Stop:   
# Description:    Retrieve the ssh credentials and add to authorized_keys
### END INIT INFO
#
# ec2-get-credentials - Retrieve the ssh credentials and add to authorized_keys
#
# Based on /usr/local/sbin/ec2-get-credentials from Amazon's ami-20b65349
#

prog=$(basename $0)
logger="logger -t $prog"

public_key_url=http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
username='root'
# A little bit of nastyness to get the homedir, when the username is a variable
ssh_dir="`eval printf ~$username`/.ssh"
authorized_keys="$ssh_dir/authorized_keys"

# Try to get the ssh public key from instance data.
public_key=`wget -qO - $public_key_url`
if [ -n "$public_key" ]; then
	if [ ! -f $authorized_keys ]; then
		if [ ! -d $ssh_dir ]; then
			mkdir -m 700 $ssh_dir
			chown $username:$username $ssh_dir
		fi
		touch $authorized_keys
		chown $username:$username $authorized_keys
	fi
	
	if ! grep -s -q "$public_key" $authorized_keys; then
		printf "\n%s" -- "$public_key" >> $authorized_keys
		$logger "New ssh key added to $authorized_keys from $public_key_url"
		chmod 600 $authorized_keys
		chown $username:$username $authorized_keys
	fi
fi
