From a710bfa4b26ce4568737e49a4935d761943e6540 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Thu, 4 Dec 2025 04:53:44 +0200 Subject: [PATCH] Refactoring Code --- init.sh | 628 ++++++++++++++++++++------------- maintainer.sh | 5 +- src/base.sh | 84 +++-- src/functions/compatibility.sh | 22 -- src/functions/config.sh | 3 + src/functions/header.sh | 24 -- src/functions/init.sh | 32 +- src/functions/login.sh | 280 +++++++-------- src/functions/repeat.sh | 5 - src/functions/restricted.sh | 84 +++++ src/functions/start.sh | 4 +- src/functions/stop.sh | 7 +- src/ui/content.sh | 16 + src/ui/footer.sh | 11 + src/ui/formatting.sh | 11 + src/ui/header.sh | 30 ++ src/ui/messages.sh | 0 src/ui/repeat.sh | 13 + 18 files changed, 747 insertions(+), 512 deletions(-) delete mode 100644 src/functions/compatibility.sh create mode 100644 src/functions/config.sh delete mode 100644 src/functions/header.sh delete mode 100644 src/functions/repeat.sh create mode 100644 src/functions/restricted.sh create mode 100644 src/ui/content.sh create mode 100644 src/ui/footer.sh create mode 100644 src/ui/formatting.sh create mode 100644 src/ui/header.sh create mode 100644 src/ui/messages.sh create mode 100644 src/ui/repeat.sh diff --git a/init.sh b/init.sh index 2dbd324..bdceb9c 100755 --- a/init.sh +++ b/init.sh @@ -1,104 +1,45 @@ #!/bin/bash -if [ ! "$BASH_VERSION" ] ; then - sudo curl https://waren.io/init.sh -o "$PWD/init.sh" - sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9 - exit 1 -fi +#if [ ! "$BASH_VERSION" ] ; then +# bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 +# exit 1 +#fi -if [[ $USER != "root" ]] -then - sudo curl https://waren.io/init.sh -o "$PWD/init.sh" - sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9 - exit 1 -fi +declare -Ax args +declare -Ax config +declare -Ax messages -wiRed=$(tput setaf 196) -wiGreen=$(tput setaf 46) -wiYellow=$(tput setaf 226) -wiBlue=$(tput setaf 21) -wiPurple=$(tput setaf 165) -wiTurquoise=$(tput setaf 14) -wiPink=$(tput setaf 198) -wiOrange=$(tput setaf 202) -wiBold=$(tput bold) -wiNormal=$(tput sgr0) - -wi-header(){ - wx-header "$1" "$2" +wxi-config(){ + echo -n "" } -wi-repeat(){ - wx-repeat "$1" "$2" -} +wx-init(){ + wx-login + wxi-header "Init" -wi-login(){ - wx-login "$1" "$2" -} - -wx-start(){ - wi-start -} - -wx-stop(){ - wi-stop -} - -wxBold=$wiBold -wxNormal=$wiNormal - -wx-header(){ - if [[ $2 == "h1" ]] + if [[ ! -z ${args['hostname']} && ${#args['hostname']} -gt 5 ]] then - echo "" - echo "" - echo "" - echo "==============================" - wx-repeat " " $((30/2-${#1}/2)) - echo -n "$wxBold" - echo -n "$1" - echo -n "$wxNormal" - echo "" - echo "==============================" - fi - - if [[ $2 == "h2" || -z $2 ]] - then - wx-start - wx-repeat " " $((30/2-6/2-${#1}/2)) - echo -n ">> $1 <<" - echo "" - echo "------------------------------" - fi -} - -wi-init(){ - wi-login $1 - wi-header "Init" - - if [[ ! -z $2 && ${#2} -gt 5 ]] - then - HOSTNAME="$2.$DEVICE_DOMAIN" + HOSTNAME="${args['hostname']}.$DEVICE_DOMAIN" elif [[ $(hostname -d) ]] then HOSTNAME=$(hostname --fqdn) else - echo "Status: Hostname Required" - wx-stop + wxi-content status "Hostname" "Required" + wxi-stop fi - if [[ ! -z $3 ]] + if [[ ! -z ${args['device-type']} ]] then - if [[ $3 == "server" || $3 == "workstation" ]] + if [[ ${args['device-type']} == "server" || ${args['device-type']} == "workstation" ]] then - TYPE="$3" + DEVICE_TYPE="${args['device-type']}" else - echo "Status: Type Invalid" - wx-stop + wxi-content status "Device Type" "Invalid" + wxi-stop fi else - echo "Status: Type Required" - wx-stop + wxi-content status "Device Type" "Required" + wxi-stop fi mkdir -p ~/.ssh/keys &> /dev/null @@ -112,7 +53,7 @@ wi-init(){ /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null curl \ - -H "X-Vault-Token: ${config["login",$ORG]}" \ + -H "X-Vault-Token: $TOKEN" \ -X GET \ https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init @@ -136,7 +77,7 @@ wi-init(){ GIT_PORT="2222" GIT_REPOSITORY="warengroup-private/infra-plus" - export HVT=${config["login",$ORG]} + export HVT=$TOKEN /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null @@ -146,178 +87,233 @@ wi-init(){ } wx-login(){ - if [[ ! -z $1 ]] - then - ORG=$1 - jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - elif [[ $(hostname -d) = *"devices.waren.io" ]] - then - ORG=warengroup - elif [[ $(hostname -d) = *"devices.cwinfo.net" ]] - then - ORG=cwinfo - elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] - then - ORG=cwchristerw - elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]] - then - ORG=$(cat $HOME/.warengroup/config.json | jq -r .org) - else - wx-header "Login" - echo "Status: Organization Required" - wx-stop - fi + wxi-header "Login" + wxi-restricted --user + wxi-restricted --org + wxi-restricted --vault - if [[ $ORG == "warengroup" ]] - then - DOMAIN=waren.io - elif [[ $ORG == "cwinfo" ]] - then - DOMAIN=cwinfo.net - elif [[ $ORG == "cwchristerw" ]] - then - DOMAIN=christerwaren.fi - else - wx-header "Login" - echo "Status: Organization Unsupported" - wx-stop - fi + wxi-header "$ORG_HEADER" h3 - FOLDER=$ORG - DEVICE_DOMAIN="devices.$DOMAIN" - IDM_DOMAIN="idm.waren.io" - VAULT_DOMAIN="vault.cwinfo.net" + if [[ ! -z ${args['auth-method']} ]] + then + AUTH_METHOD=${args['auth-method']} + elif [[ ! -z ${args['token']} ]] + then + AUTH_METHOD=token + elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] + then + AUTH_METHOD=token + elif [[ ! -z ${args['username']} ]] + then + AUTH_METHOD=ldap + else + AUTH_METHOD=ldap + fi - if [[ -z $USER || $USER == "root" || $USER == "local" ]] - then - if [[ -z $SUDO_USER ]] + if [[ ! -z $AUTH_METHOD ]] + then + case $AUTH_METHOD in + ldap) + echo -n "Username: " + if [[ ! -z ${args['username']} ]] then - if [[ -z LOGNAME ]] - then - wx-header "Login" - echo "Status: Username Required" - wx-stop - else - USERNAME=$LOGNAME - fi + USERNAME=${args['username']} + wxi-content text "$USERNAME" else - USERNAME=$SUDO_USER + read USERNAME fi + + echo -n "Password: " + if [[ ! -z ${args['password']} ]] + then + PASSWORD=${args['password']} + else + read -s PASSWORD + fi + + if [[ ! -z $PASSWORD ]] + then + wxi-content text "****************" + else + wxi-content text "" + fi + + if [[ -z $USERNAME || -z $PASSWORD ]] + then + wxi-content status "Username & Password" "Required" + wxi-footer + wxi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + wxi-content status "Login" "Failed" + wxi-stop + fi + + TOKEN=$VAULT_LOGIN + wxi-config login + ;; + token) + echo -n "Token: " + if [[ ! -z ${args['token']} ]] + then + if [[ ${args['token']} != "true" ]] + then + TOKEN=${args['token']} + fi + elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] + then + TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) + else + read -s TOKEN + fi + + if [[ ! -z $TOKEN ]] + then + wxi-content text "***********************************************************************************************" + fi + + if [[ -z $TOKEN ]] + then + wxi-content status "Token" "Required" + wxi-footer + wxi-stop + fi + + if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] + then + wxi-content status "Token" "Invalid" + wxi-footer + wxi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + wxi-content status "Login" "Failed" + wxi-stop + fi + + TOKEN=$VAULT_LOGIN + wxi-config login + ;; + *) + wxi-content status "Login Type" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + fi + + VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name') + if [[ -z $VAULT_USERNAME ]] + then + wxi-content status "Login" "Username Missing" + wxi-stop + elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]] + then + wxi-content status "Login" "Authentication Method Invalid" + wxi-stop + elif [[ $VAULT_USERNAME == ldap* ]] + then + USERNAME=${VAULT_USERNAME#ldap-} + elif [[ $VAULT_USERNAME == oidc* ]] + then + USERNAME=${VAULT_USERNAME#oidc-} + fi + + wxi-footer +} + +wxi-restricted(){ + if [[ -z $1 || $1 == "--user" ]] + then + if [[ $USER != "root" && $USER != "local" ]] + then + wxi-content status "Command" "Restricted" + wxi-content text "It's not permitted to execute this command as $USER." + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + fi + + if [[ $1 == "--org" ]] + then + if [[ ! -z ${args['org']} ]] + then + case ${args['org']} in + warengroup) + ORG=warengroup + ;; + cwchristerw) + ORG=cwchristerw + ;; + *) + wxi-content status "Organization" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + elif [[ $(hostname -d) == "devices.waren.io" ]] + then + ORG=warengroup + elif [[ $(hostname -d) == "devices.christerwaren.fi" ]] + then + ORG=cwchristerw + fi + + if [[ ! -z $ORG ]] + then + case $ORG in + warengroup) + DOMAIN=waren.io + VAULT_DOMAIN=vault.cwinfo.net + ORG_HEADER="Warén Group" + ;; + cwchristerw) + DOMAIN=christerwaren.fi + VAULT_DOMAIN=vault.cwinfo.net + ORG_HEADER="Christer Warén" + ;; + *) + wxi-content status "Organization" "Unsupported" + wxi-footer + wxi-stop + ;; + esac else - USERNAME=$USER + wxi-content status "Organization" "Required" + wxi-footer + wxi-stop + fi + fi + + if [[ -z $1 || $1 == "--vault" ]] + then + if [[ -z $VAULT_DOMAIN ]] + then + wxi-content status "Vault" "Unavailable" + wxi-footer + wxi-repeat "\n" 3 + exit 1 fi VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) - if [[ $VAULT_STATUS -eq 200 ]] + if [[ ! $VAULT_STATUS -eq 200 ]] then - - if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]] - then - if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]] - then - USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)" - fi - TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)" - fi - - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') - if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] - then - config["login",${ORG}]=$VAULT_LOGIN - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - else - IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) - if [[ $IDM_STATUS -eq 301 ]] - then - wx-header "Login" - echo $wxBold$ORG$wxNormal - - if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]] - then - echo -n "Username: " - read USERNAME - else - echo "Username: $USERNAME" - fi - - jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - - echo -n "Password: " - read -s PASSWORD - echo "****************" - - if [[ -z $USERNAME || -z $PASSWORD ]] - then - echo "Status: Username & Password Required" - wx-stop - else - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] - then - echo "Status: Login Failed" - wx-stop - fi - - config["login",${ORG}]=$VAULT_LOGIN - - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi - else - wx-header "Login" - echo $wxBold$ORG$wxNormal - - echo -n "Token: " - read -s TOKEN - echo "****************" - - if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] - then - echo "Status: Vault Token Required" - wx-stop - fi - - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] - then - echo "Status: Login Failed" - wx-stop - fi - - config["login",${ORG}]=$VAULT_LOGIN - - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi - fi - else - wx-header "Login" - echo $wxBold$ORG$wxNormal - echo "Status: Vault Offline" - wx-stop + wxi-content status "Vault" "Offline" + wxi-footer + wxi-repeat "\n" 3 + exit 1 fi + fi } -wx-repeat() { - local str=$1 n=$2 spaces - printf -v spaces "%*s" $n " " - printf "%s" "${spaces// /$str}" -} - -wi-start(){ - wi-header "Warén Init" h1 +wxi-start(){ + wxi-header "Warén Init" h1 mkdir -p $HOME/.warengroup &> /dev/null @@ -330,22 +326,146 @@ wi-start(){ chmod 700 -R $HOME/.ssh/keys } -wi-stop (){ - echo " " - echo " " - echo " " - +wxi-stop (){ rm -rf /.ssh/keys/init &> /dev/null + wxi-repeat "\n" 3 exit 1 } +wxi-content(){ + if [[ $1 == "text" ]] + then + echo "$2" + elif [[ $1 == "status" ]] + then + wxi-repeat "\n" 2 + echo -n "$wxiBold" + echo "Status" + echo -n "$wxiNormal" + echo "$2 - $3" + elif [[ $1 == "link" ]] + then + echo "$2 - $3" + fi +} -if [[ ! -f /bin/jq ]] -then - apt update &> /dev/null - apt install -y jq &> /dev/null -fi +wxi-footer(){ + echo "" + echo "------------------------------" + wxi-repeat " " $((30/2-12/2)) + echo -n "$wxiBold" + echo "Warén Group™" + echo -n "$wxiNormal" + wxi-repeat " " $((30/2-17/2)) + echo "https://waren.io" + echo "==============================" +} -wi-init $1 $2 $3 -wi-stop +wxiRed=$(tput setaf 196) +wxiGreen=$(tput setaf 46) +wxiYellow=$(tput setaf 226) +wxiBlue=$(tput setaf 21) +wxiPurple=$(tput setaf 165) +wxiTurquoise=$(tput setaf 14) +wxiPink=$(tput setaf 198) +wxiOrange=$(tput setaf 202) +wxiUnderline=$(tput smul) +wxiBold=$(tput bold) +wxiNormal=$(tput sgr0) + +wxi-header(){ + if [[ $2 == "h1" ]] + then + wxi-repeat "\n" 3 + echo "==============================" + wxi-repeat " " $((30/2-${#1}/2)) + echo -n "$wxiBold" + echo "$1" + echo -n "$wxiNormal" + echo "==============================" + fi + + if [[ $2 == "h2" || -z $2 ]] + then + wxi-start + wxi-repeat " " $((30/2-6/2-${#1}/2)) + echo -n "$wxiBold" + echo ">> $1 <<" + echo -n "$wxiNormal" + echo "------------------------------" + echo "" + fi + + if [[ $2 == "h3" ]] + then + echo -n "$wxiBold" + echo "$1" + echo -n "$wxiNormal" + fi +} + + +wxi-repeat() { + if [[ $1 == " " ]] + then + local str=$1 n=$2 spaces + printf -v spaces "%*s" $n " " + printf "%s" "${spaces// /$str}" + else + for i in $(seq 1 $2); + do + echo -en $1 + done + fi +} + + +i=1 +while [[ "$1" != "" ]] +do + case $1 in + --*) + key="${1%%=*}" + value="${1#*=}" + + if [[ "$value" == "$key" ]] + then + shift + value="$1" + fi + + if [[ -z $value ]] + then + value=true + fi + + args["${key#--}"]="$value" + ;; + -*) + key="${1%=*}" + value="${1#*=}" + + if [[ "$value" == "$key" ]] + then + shift + value="$1" + fi + + if [[ -z $value ]] + then + value=true + fi + + args["${key#-}"]="$value" + ;; + *) + args["$i"]="${1%%=*}" + i=$((i + 1)) + ;; + esac + shift +done + +wx-init +wxi-stop diff --git a/maintainer.sh b/maintainer.sh index 5c83216..60a4e3a 100755 --- a/maintainer.sh +++ b/maintainer.sh @@ -26,9 +26,8 @@ case $1 in ;; update) echo "Updating..." - cp ../wx/src/functions/header.sh src/functions/header.sh - cp ../wx/src/functions/repeat.sh src/functions/repeat.sh - cp ../wx/src/commands/auth/login.sh src/functions/login.sh + cp -r ../wx/src/ui src + cp -r ../wx/src/commands/auth/login.sh src/functions/login.sh ;; ready) echo "Ready" diff --git a/src/base.sh b/src/base.sh index 77d15e2..efa5b70 100644 --- a/src/base.sh +++ b/src/base.sh @@ -1,36 +1,62 @@ #!/bin/bash -if [ ! "$BASH_VERSION" ] ; then - sudo curl https://waren.io/init.sh -o "$PWD/init.sh" - sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9 - exit 1 -fi +#if [ ! "$BASH_VERSION" ] ; then +# bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 +# exit 1 +#fi -if [[ $USER != "root" ]] -then - sudo curl https://waren.io/init.sh -o "$PWD/init.sh" - sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9 - exit 1 -fi +declare -Ax args +declare -Ax config +declare -Ax messages -wiRed=$(tput setaf 196) -wiGreen=$(tput setaf 46) -wiYellow=$(tput setaf 226) -wiBlue=$(tput setaf 21) -wiPurple=$(tput setaf 165) -wiTurquoise=$(tput setaf 14) -wiPink=$(tput setaf 198) -wiOrange=$(tput setaf 202) -wiBold=$(tput bold) -wiNormal=$(tput sgr0) +{{ FUNCTIONS }} +{{ UI }} -{{ CODES }} +i=1 +while [[ "$1" != "" ]] +do + case $1 in + --*) + key="${1%%=*}" + value="${1#*=}" -if [[ ! -f /bin/jq ]] -then - apt update &> /dev/null - apt install -y jq &> /dev/null -fi + if [[ "$value" == "$key" ]] + then + shift + value="$1" + fi -wi-init $1 $2 $3 -wi-stop + if [[ -z $value ]] + then + value=true + fi + + args["${key#--}"]="$value" + ;; + -*) + key="${1%=*}" + value="${1#*=}" + + if [[ "$value" == "$key" ]] + then + shift + value="$1" + fi + + if [[ -z $value ]] + then + value=true + fi + + args["${key#-}"]="$value" + ;; + *) + args["$i"]="${1%%=*}" + i=$((i + 1)) + ;; + esac + shift +done + +wx-init +wxi-stop diff --git a/src/functions/compatibility.sh b/src/functions/compatibility.sh deleted file mode 100644 index 16abfe2..0000000 --- a/src/functions/compatibility.sh +++ /dev/null @@ -1,22 +0,0 @@ -wi-header(){ - wx-header "$1" "$2" -} - -wi-repeat(){ - wx-repeat "$1" "$2" -} - -wi-login(){ - wx-login "$1" "$2" -} - -wx-start(){ - wi-start -} - -wx-stop(){ - wi-stop -} - -wxBold=$wiBold -wxNormal=$wiNormal diff --git a/src/functions/config.sh b/src/functions/config.sh new file mode 100644 index 0000000..410ff61 --- /dev/null +++ b/src/functions/config.sh @@ -0,0 +1,3 @@ +wxi-config(){ + echo -n "" +} diff --git a/src/functions/header.sh b/src/functions/header.sh deleted file mode 100644 index 8353695..0000000 --- a/src/functions/header.sh +++ /dev/null @@ -1,24 +0,0 @@ -wx-header(){ - if [[ $2 == "h1" ]] - then - echo "" - echo "" - echo "" - echo "==============================" - wx-repeat " " $((30/2-${#1}/2)) - echo -n "$wxBold" - echo -n "$1" - echo -n "$wxNormal" - echo "" - echo "==============================" - fi - - if [[ $2 == "h2" || -z $2 ]] - then - wx-start - wx-repeat " " $((30/2-6/2-${#1}/2)) - echo -n ">> $1 <<" - echo "" - echo "------------------------------" - fi -} diff --git a/src/functions/init.sh b/src/functions/init.sh index 8281a24..b4cd0d6 100644 --- a/src/functions/init.sh +++ b/src/functions/init.sh @@ -1,30 +1,30 @@ -wi-init(){ - wi-login $1 - wi-header "Init" +wx-init(){ + wx-login + wxi-header "Init" - if [[ ! -z $2 && ${#2} -gt 5 ]] + if [[ ! -z ${args['hostname']} && ${#args['hostname']} -gt 5 ]] then - HOSTNAME="$2.$DEVICE_DOMAIN" + HOSTNAME="${args['hostname']}.$DEVICE_DOMAIN" elif [[ $(hostname -d) ]] then HOSTNAME=$(hostname --fqdn) else - echo "Status: Hostname Required" - wx-stop + wxi-content status "Hostname" "Required" + wxi-stop fi - if [[ ! -z $3 ]] + if [[ ! -z ${args['device-type']} ]] then - if [[ $3 == "server" || $3 == "workstation" ]] + if [[ ${args['device-type']} == "server" || ${args['device-type']} == "workstation" ]] then - TYPE="$3" + DEVICE_TYPE="${args['device-type']}" else - echo "Status: Type Invalid" - wx-stop + wxi-content status "Device Type" "Invalid" + wxi-stop fi else - echo "Status: Type Required" - wx-stop + wxi-content status "Device Type" "Required" + wxi-stop fi mkdir -p ~/.ssh/keys &> /dev/null @@ -38,7 +38,7 @@ wi-init(){ /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null curl \ - -H "X-Vault-Token: ${config["login",$ORG]}" \ + -H "X-Vault-Token: $TOKEN" \ -X GET \ https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init @@ -62,7 +62,7 @@ wi-init(){ GIT_PORT="2222" GIT_REPOSITORY="warengroup-private/infra-plus" - export HVT=${config["login",$ORG]} + export HVT=$TOKEN /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null diff --git a/src/functions/login.sh b/src/functions/login.sh index ca3a891..9184da3 100644 --- a/src/functions/login.sh +++ b/src/functions/login.sh @@ -1,164 +1,140 @@ wx-login(){ - if [[ ! -z $1 ]] - then - ORG=$1 - jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - elif [[ $(hostname -d) = *"devices.waren.io" ]] - then - ORG=warengroup - elif [[ $(hostname -d) = *"devices.cwinfo.net" ]] - then - ORG=cwinfo - elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] - then - ORG=cwchristerw - elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]] - then - ORG=$(cat $HOME/.warengroup/config.json | jq -r .org) - else - wx-header "Login" - echo "Status: Organization Required" - wx-stop - fi + wxi-header "Login" + wxi-restricted --user + wxi-restricted --org + wxi-restricted --vault - if [[ $ORG == "warengroup" ]] - then - DOMAIN=waren.io - elif [[ $ORG == "cwinfo" ]] - then - DOMAIN=cwinfo.net - elif [[ $ORG == "cwchristerw" ]] - then - DOMAIN=christerwaren.fi - else - wx-header "Login" - echo "Status: Organization Unsupported" - wx-stop - fi + wxi-header "$ORG_HEADER" h3 - FOLDER=$ORG - DEVICE_DOMAIN="devices.$DOMAIN" - IDM_DOMAIN="idm.waren.io" - VAULT_DOMAIN="vault.cwinfo.net" + if [[ ! -z ${args['auth-method']} ]] + then + AUTH_METHOD=${args['auth-method']} + elif [[ ! -z ${args['token']} ]] + then + AUTH_METHOD=token + elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] + then + AUTH_METHOD=token + elif [[ ! -z ${args['username']} ]] + then + AUTH_METHOD=ldap + else + AUTH_METHOD=ldap + fi - if [[ -z $USER || $USER == "root" || $USER == "local" ]] - then - if [[ -z $SUDO_USER ]] + if [[ ! -z $AUTH_METHOD ]] + then + case $AUTH_METHOD in + ldap) + echo -n "Username: " + if [[ ! -z ${args['username']} ]] then - if [[ -z LOGNAME ]] - then - wx-header "Login" - echo "Status: Username Required" - wx-stop - else - USERNAME=$LOGNAME - fi + USERNAME=${args['username']} + wxi-content text "$USERNAME" else - USERNAME=$SUDO_USER - fi - else - USERNAME=$USER - fi - - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) - if [[ $VAULT_STATUS -eq 200 ]] - then - - if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]] - then - if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]] - then - USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)" - fi - TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)" + read USERNAME fi - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') - if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] + echo -n "Password: " + if [[ ! -z ${args['password']} ]] then - config["login",${ORG}]=$VAULT_LOGIN - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi + PASSWORD=${args['password']} else - IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) - if [[ $IDM_STATUS -eq 301 ]] - then - wx-header "Login" - echo $wxBold$ORG$wxNormal - - if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]] - then - echo -n "Username: " - read USERNAME - else - echo "Username: $USERNAME" - fi - - jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - - echo -n "Password: " - read -s PASSWORD - echo "****************" - - if [[ -z $USERNAME || -z $PASSWORD ]] - then - echo "Status: Username & Password Required" - wx-stop - else - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] - then - echo "Status: Login Failed" - wx-stop - fi - - config["login",${ORG}]=$VAULT_LOGIN - - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi - else - wx-header "Login" - echo $wxBold$ORG$wxNormal - - echo -n "Token: " - read -s TOKEN - echo "****************" - - if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] - then - echo "Status: Vault Token Required" - wx-stop - fi - - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] - then - echo "Status: Login Failed" - wx-stop - fi - - config["login",${ORG}]=$VAULT_LOGIN - - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi + read -s PASSWORD fi - else - wx-header "Login" - echo $wxBold$ORG$wxNormal - echo "Status: Vault Offline" - wx-stop - fi + + if [[ ! -z $PASSWORD ]] + then + wxi-content text "****************" + else + wxi-content text "" + fi + + if [[ -z $USERNAME || -z $PASSWORD ]] + then + wxi-content status "Username & Password" "Required" + wxi-footer + wxi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + wxi-content status "Login" "Failed" + wxi-stop + fi + + TOKEN=$VAULT_LOGIN + wxi-config login + ;; + token) + echo -n "Token: " + if [[ ! -z ${args['token']} ]] + then + if [[ ${args['token']} != "true" ]] + then + TOKEN=${args['token']} + fi + elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] + then + TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) + else + read -s TOKEN + fi + + if [[ ! -z $TOKEN ]] + then + wxi-content text "***********************************************************************************************" + fi + + if [[ -z $TOKEN ]] + then + wxi-content status "Token" "Required" + wxi-footer + wxi-stop + fi + + if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] + then + wxi-content status "Token" "Invalid" + wxi-footer + wxi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + wxi-content status "Login" "Failed" + wxi-stop + fi + + TOKEN=$VAULT_LOGIN + wxi-config login + ;; + *) + wxi-content status "Login Type" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + fi + + VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name') + if [[ -z $VAULT_USERNAME ]] + then + wxi-content status "Login" "Username Missing" + wxi-stop + elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]] + then + wxi-content status "Login" "Authentication Method Invalid" + wxi-stop + elif [[ $VAULT_USERNAME == ldap* ]] + then + USERNAME=${VAULT_USERNAME#ldap-} + elif [[ $VAULT_USERNAME == oidc* ]] + then + USERNAME=${VAULT_USERNAME#oidc-} + fi + + wxi-footer } diff --git a/src/functions/repeat.sh b/src/functions/repeat.sh deleted file mode 100644 index 45a6b85..0000000 --- a/src/functions/repeat.sh +++ /dev/null @@ -1,5 +0,0 @@ -wx-repeat() { - local str=$1 n=$2 spaces - printf -v spaces "%*s" $n " " - printf "%s" "${spaces// /$str}" -} diff --git a/src/functions/restricted.sh b/src/functions/restricted.sh new file mode 100644 index 0000000..5db91ea --- /dev/null +++ b/src/functions/restricted.sh @@ -0,0 +1,84 @@ +wxi-restricted(){ + if [[ -z $1 || $1 == "--user" ]] + then + if [[ $USER != "root" && $USER != "local" ]] + then + wxi-content status "Command" "Restricted" + wxi-content text "It's not permitted to execute this command as $USER." + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + fi + + if [[ $1 == "--org" ]] + then + if [[ ! -z ${args['org']} ]] + then + case ${args['org']} in + warengroup) + ORG=warengroup + ;; + cwchristerw) + ORG=cwchristerw + ;; + *) + wxi-content status "Organization" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + elif [[ $(hostname -d) == "devices.waren.io" ]] + then + ORG=warengroup + elif [[ $(hostname -d) == "devices.christerwaren.fi" ]] + then + ORG=cwchristerw + fi + + if [[ ! -z $ORG ]] + then + case $ORG in + warengroup) + DOMAIN=waren.io + VAULT_DOMAIN=vault.cwinfo.net + ORG_HEADER="Warén Group" + ;; + cwchristerw) + DOMAIN=christerwaren.fi + VAULT_DOMAIN=vault.cwinfo.net + ORG_HEADER="Christer Warén" + ;; + *) + wxi-content status "Organization" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + else + wxi-content status "Organization" "Required" + wxi-footer + wxi-stop + fi + fi + + if [[ -z $1 || $1 == "--vault" ]] + then + if [[ -z $VAULT_DOMAIN ]] + then + wxi-content status "Vault" "Unavailable" + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) + if [[ ! $VAULT_STATUS -eq 200 ]] + then + wxi-content status "Vault" "Offline" + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + fi +} diff --git a/src/functions/start.sh b/src/functions/start.sh index 6afacea..6d08c33 100644 --- a/src/functions/start.sh +++ b/src/functions/start.sh @@ -1,5 +1,5 @@ -wi-start(){ - wi-header "Warén Init" h1 +wxi-start(){ + wxi-header "Warén Init" h1 mkdir -p $HOME/.warengroup &> /dev/null diff --git a/src/functions/stop.sh b/src/functions/stop.sh index d43bf70..5e1f015 100644 --- a/src/functions/stop.sh +++ b/src/functions/stop.sh @@ -1,9 +1,6 @@ -wi-stop (){ - echo " " - echo " " - echo " " - +wxi-stop (){ rm -rf /.ssh/keys/init &> /dev/null + wxi-repeat "\n" 3 exit 1 } diff --git a/src/ui/content.sh b/src/ui/content.sh new file mode 100644 index 0000000..64c6abe --- /dev/null +++ b/src/ui/content.sh @@ -0,0 +1,16 @@ +wxi-content(){ + if [[ $1 == "text" ]] + then + echo "$2" + elif [[ $1 == "status" ]] + then + wxi-repeat "\n" 2 + echo -n "$wxiBold" + echo "Status" + echo -n "$wxiNormal" + echo "$2 - $3" + elif [[ $1 == "link" ]] + then + echo "$2 - $3" + fi +} diff --git a/src/ui/footer.sh b/src/ui/footer.sh new file mode 100644 index 0000000..d0cf2da --- /dev/null +++ b/src/ui/footer.sh @@ -0,0 +1,11 @@ +wxi-footer(){ + echo "" + echo "------------------------------" + wxi-repeat " " $((30/2-12/2)) + echo -n "$wxiBold" + echo "Warén Group™" + echo -n "$wxiNormal" + wxi-repeat " " $((30/2-17/2)) + echo "https://waren.io" + echo "==============================" +} diff --git a/src/ui/formatting.sh b/src/ui/formatting.sh new file mode 100644 index 0000000..9104801 --- /dev/null +++ b/src/ui/formatting.sh @@ -0,0 +1,11 @@ +wxiRed=$(tput setaf 196) +wxiGreen=$(tput setaf 46) +wxiYellow=$(tput setaf 226) +wxiBlue=$(tput setaf 21) +wxiPurple=$(tput setaf 165) +wxiTurquoise=$(tput setaf 14) +wxiPink=$(tput setaf 198) +wxiOrange=$(tput setaf 202) +wxiUnderline=$(tput smul) +wxiBold=$(tput bold) +wxiNormal=$(tput sgr0) diff --git a/src/ui/header.sh b/src/ui/header.sh new file mode 100644 index 0000000..8e38839 --- /dev/null +++ b/src/ui/header.sh @@ -0,0 +1,30 @@ +wxi-header(){ + if [[ $2 == "h1" ]] + then + wxi-repeat "\n" 3 + echo "==============================" + wxi-repeat " " $((30/2-${#1}/2)) + echo -n "$wxiBold" + echo "$1" + echo -n "$wxiNormal" + echo "==============================" + fi + + if [[ $2 == "h2" || -z $2 ]] + then + wxi-start + wxi-repeat " " $((30/2-6/2-${#1}/2)) + echo -n "$wxiBold" + echo ">> $1 <<" + echo -n "$wxiNormal" + echo "------------------------------" + echo "" + fi + + if [[ $2 == "h3" ]] + then + echo -n "$wxiBold" + echo "$1" + echo -n "$wxiNormal" + fi +} diff --git a/src/ui/messages.sh b/src/ui/messages.sh new file mode 100644 index 0000000..e69de29 diff --git a/src/ui/repeat.sh b/src/ui/repeat.sh new file mode 100644 index 0000000..9e2bc6b --- /dev/null +++ b/src/ui/repeat.sh @@ -0,0 +1,13 @@ +wxi-repeat() { + if [[ $1 == " " ]] + then + local str=$1 n=$2 spaces + printf -v spaces "%*s" $n " " + printf "%s" "${spaces// /$str}" + else + for i in $(seq 1 $2); + do + echo -en $1 + done + fi +}