Refactoring Code
This commit is contained in:
Christer Warén
@@ -1,22 +0,0 @@
|
||||
wi-header(){
|
||||
wx-header "$1" "$2"
|
||||
}
|
||||
|
||||
wi-repeat(){
|
||||
wx-repeat "$1" "$2"
|
||||
}
|
||||
|
||||
wi-login(){
|
||||
wx-login "$1" "$2"
|
||||
}
|
||||
|
||||
wx-start(){
|
||||
wi-start
|
||||
}
|
||||
|
||||
wx-stop(){
|
||||
wi-stop
|
||||
}
|
||||
|
||||
wxBold=$wiBold
|
||||
wxNormal=$wiNormal
|
||||
@@ -0,0 +1,3 @@
|
||||
wxi-config(){
|
||||
echo -n ""
|
||||
}
|
||||
@@ -1,24 +0,0 @@
|
||||
wx-header(){
|
||||
if [[ $2 == "h1" ]]
|
||||
then
|
||||
echo ""
|
||||
echo ""
|
||||
echo ""
|
||||
echo "=============================="
|
||||
wx-repeat " " $((30/2-${#1}/2))
|
||||
echo -n "$wxBold"
|
||||
echo -n "$1"
|
||||
echo -n "$wxNormal"
|
||||
echo ""
|
||||
echo "=============================="
|
||||
fi
|
||||
|
||||
if [[ $2 == "h2" || -z $2 ]]
|
||||
then
|
||||
wx-start
|
||||
wx-repeat " " $((30/2-6/2-${#1}/2))
|
||||
echo -n ">> $1 <<"
|
||||
echo ""
|
||||
echo "------------------------------"
|
||||
fi
|
||||
}
|
||||
+16
-16
@@ -1,30 +1,30 @@
|
||||
wi-init(){
|
||||
wi-login $1
|
||||
wi-header "Init"
|
||||
wx-init(){
|
||||
wx-login
|
||||
wxi-header "Init"
|
||||
|
||||
if [[ ! -z $2 && ${#2} -gt 5 ]]
|
||||
if [[ ! -z ${args['hostname']} && ${#args['hostname']} -gt 5 ]]
|
||||
then
|
||||
HOSTNAME="$2.$DEVICE_DOMAIN"
|
||||
HOSTNAME="${args['hostname']}.$DEVICE_DOMAIN"
|
||||
elif [[ $(hostname -d) ]]
|
||||
then
|
||||
HOSTNAME=$(hostname --fqdn)
|
||||
else
|
||||
echo "Status: Hostname Required"
|
||||
wx-stop
|
||||
wxi-content status "Hostname" "Required"
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
if [[ ! -z $3 ]]
|
||||
if [[ ! -z ${args['device-type']} ]]
|
||||
then
|
||||
if [[ $3 == "server" || $3 == "workstation" ]]
|
||||
if [[ ${args['device-type']} == "server" || ${args['device-type']} == "workstation" ]]
|
||||
then
|
||||
TYPE="$3"
|
||||
DEVICE_TYPE="${args['device-type']}"
|
||||
else
|
||||
echo "Status: Type Invalid"
|
||||
wx-stop
|
||||
wxi-content status "Device Type" "Invalid"
|
||||
wxi-stop
|
||||
fi
|
||||
else
|
||||
echo "Status: Type Required"
|
||||
wx-stop
|
||||
wxi-content status "Device Type" "Required"
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
mkdir -p ~/.ssh/keys &> /dev/null
|
||||
@@ -38,7 +38,7 @@ wi-init(){
|
||||
/opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: ${config["login",$ORG]}" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init
|
||||
|
||||
@@ -62,7 +62,7 @@ wi-init(){
|
||||
GIT_PORT="2222"
|
||||
GIT_REPOSITORY="warengroup-private/infra-plus"
|
||||
|
||||
export HVT=${config["login",$ORG]}
|
||||
export HVT=$TOKEN
|
||||
|
||||
/opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null
|
||||
|
||||
|
||||
+128
-152
@@ -1,164 +1,140 @@
|
||||
wx-login(){
|
||||
if [[ ! -z $1 ]]
|
||||
then
|
||||
ORG=$1
|
||||
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
||||
then
|
||||
ORG=warengroup
|
||||
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
|
||||
then
|
||||
ORG=cwinfo
|
||||
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
||||
then
|
||||
ORG=cwchristerw
|
||||
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
|
||||
then
|
||||
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
|
||||
else
|
||||
wx-header "Login"
|
||||
echo "Status: Organization Required"
|
||||
wx-stop
|
||||
fi
|
||||
wxi-header "Login"
|
||||
wxi-restricted --user
|
||||
wxi-restricted --org
|
||||
wxi-restricted --vault
|
||||
|
||||
if [[ $ORG == "warengroup" ]]
|
||||
then
|
||||
DOMAIN=waren.io
|
||||
elif [[ $ORG == "cwinfo" ]]
|
||||
then
|
||||
DOMAIN=cwinfo.net
|
||||
elif [[ $ORG == "cwchristerw" ]]
|
||||
then
|
||||
DOMAIN=christerwaren.fi
|
||||
else
|
||||
wx-header "Login"
|
||||
echo "Status: Organization Unsupported"
|
||||
wx-stop
|
||||
fi
|
||||
wxi-header "$ORG_HEADER" h3
|
||||
|
||||
FOLDER=$ORG
|
||||
DEVICE_DOMAIN="devices.$DOMAIN"
|
||||
IDM_DOMAIN="idm.waren.io"
|
||||
VAULT_DOMAIN="vault.cwinfo.net"
|
||||
if [[ ! -z ${args['auth-method']} ]]
|
||||
then
|
||||
AUTH_METHOD=${args['auth-method']}
|
||||
elif [[ ! -z ${args['token']} ]]
|
||||
then
|
||||
AUTH_METHOD=token
|
||||
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
|
||||
then
|
||||
AUTH_METHOD=token
|
||||
elif [[ ! -z ${args['username']} ]]
|
||||
then
|
||||
AUTH_METHOD=ldap
|
||||
else
|
||||
AUTH_METHOD=ldap
|
||||
fi
|
||||
|
||||
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
||||
then
|
||||
if [[ -z $SUDO_USER ]]
|
||||
if [[ ! -z $AUTH_METHOD ]]
|
||||
then
|
||||
case $AUTH_METHOD in
|
||||
ldap)
|
||||
echo -n "Username: "
|
||||
if [[ ! -z ${args['username']} ]]
|
||||
then
|
||||
if [[ -z LOGNAME ]]
|
||||
then
|
||||
wx-header "Login"
|
||||
echo "Status: Username Required"
|
||||
wx-stop
|
||||
else
|
||||
USERNAME=$LOGNAME
|
||||
fi
|
||||
USERNAME=${args['username']}
|
||||
wxi-content text "$USERNAME"
|
||||
else
|
||||
USERNAME=$SUDO_USER
|
||||
fi
|
||||
else
|
||||
USERNAME=$USER
|
||||
fi
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
|
||||
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
|
||||
then
|
||||
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
|
||||
then
|
||||
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
|
||||
fi
|
||||
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
|
||||
read USERNAME
|
||||
fi
|
||||
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
||||
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
|
||||
echo -n "Password: "
|
||||
if [[ ! -z ${args['password']} ]]
|
||||
then
|
||||
config["login",${ORG}]=$VAULT_LOGIN
|
||||
if [[ $USER != "root" && $USER != "local" ]]
|
||||
then
|
||||
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||
fi
|
||||
PASSWORD=${args['password']}
|
||||
else
|
||||
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
||||
if [[ $IDM_STATUS -eq 301 ]]
|
||||
then
|
||||
wx-header "Login"
|
||||
echo $wxBold$ORG$wxNormal
|
||||
|
||||
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
|
||||
then
|
||||
echo -n "Username: "
|
||||
read USERNAME
|
||||
else
|
||||
echo "Username: $USERNAME"
|
||||
fi
|
||||
|
||||
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||
|
||||
echo -n "Password: "
|
||||
read -s PASSWORD
|
||||
echo "****************"
|
||||
|
||||
if [[ -z $USERNAME || -z $PASSWORD ]]
|
||||
then
|
||||
echo "Status: Username & Password Required"
|
||||
wx-stop
|
||||
else
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
echo "Status: Login Failed"
|
||||
wx-stop
|
||||
fi
|
||||
|
||||
config["login",${ORG}]=$VAULT_LOGIN
|
||||
|
||||
if [[ $USER != "root" && $USER != "local" ]]
|
||||
then
|
||||
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||
fi
|
||||
fi
|
||||
else
|
||||
wx-header "Login"
|
||||
echo $wxBold$ORG$wxNormal
|
||||
|
||||
echo -n "Token: "
|
||||
read -s TOKEN
|
||||
echo "****************"
|
||||
|
||||
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
|
||||
then
|
||||
echo "Status: Vault Token Required"
|
||||
wx-stop
|
||||
fi
|
||||
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
echo "Status: Login Failed"
|
||||
wx-stop
|
||||
fi
|
||||
|
||||
config["login",${ORG}]=$VAULT_LOGIN
|
||||
|
||||
if [[ $USER != "root" && $USER != "local" ]]
|
||||
then
|
||||
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||
fi
|
||||
fi
|
||||
read -s PASSWORD
|
||||
fi
|
||||
else
|
||||
wx-header "Login"
|
||||
echo $wxBold$ORG$wxNormal
|
||||
echo "Status: Vault Offline"
|
||||
wx-stop
|
||||
fi
|
||||
|
||||
if [[ ! -z $PASSWORD ]]
|
||||
then
|
||||
wxi-content text "****************"
|
||||
else
|
||||
wxi-content text ""
|
||||
fi
|
||||
|
||||
if [[ -z $USERNAME || -z $PASSWORD ]]
|
||||
then
|
||||
wxi-content status "Username & Password" "Required"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
wxi-content status "Login" "Failed"
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login
|
||||
;;
|
||||
token)
|
||||
echo -n "Token: "
|
||||
if [[ ! -z ${args['token']} ]]
|
||||
then
|
||||
if [[ ${args['token']} != "true" ]]
|
||||
then
|
||||
TOKEN=${args['token']}
|
||||
fi
|
||||
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
|
||||
then
|
||||
TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)
|
||||
else
|
||||
read -s TOKEN
|
||||
fi
|
||||
|
||||
if [[ ! -z $TOKEN ]]
|
||||
then
|
||||
wxi-content text "***********************************************************************************************"
|
||||
fi
|
||||
|
||||
if [[ -z $TOKEN ]]
|
||||
then
|
||||
wxi-content status "Token" "Required"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
|
||||
then
|
||||
wxi-content status "Token" "Invalid"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
wxi-content status "Login" "Failed"
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login
|
||||
;;
|
||||
*)
|
||||
wxi-content status "Login Type" "Unsupported"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name')
|
||||
if [[ -z $VAULT_USERNAME ]]
|
||||
then
|
||||
wxi-content status "Login" "Username Missing"
|
||||
wxi-stop
|
||||
elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]]
|
||||
then
|
||||
wxi-content status "Login" "Authentication Method Invalid"
|
||||
wxi-stop
|
||||
elif [[ $VAULT_USERNAME == ldap* ]]
|
||||
then
|
||||
USERNAME=${VAULT_USERNAME#ldap-}
|
||||
elif [[ $VAULT_USERNAME == oidc* ]]
|
||||
then
|
||||
USERNAME=${VAULT_USERNAME#oidc-}
|
||||
fi
|
||||
|
||||
wxi-footer
|
||||
}
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
wx-repeat() {
|
||||
local str=$1 n=$2 spaces
|
||||
printf -v spaces "%*s" $n " "
|
||||
printf "%s" "${spaces// /$str}"
|
||||
}
|
||||
@@ -0,0 +1,84 @@
|
||||
wxi-restricted(){
|
||||
if [[ -z $1 || $1 == "--user" ]]
|
||||
then
|
||||
if [[ $USER != "root" && $USER != "local" ]]
|
||||
then
|
||||
wxi-content status "Command" "Restricted"
|
||||
wxi-content text "It's not permitted to execute this command as $USER."
|
||||
wxi-footer
|
||||
wxi-repeat "\n" 3
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $1 == "--org" ]]
|
||||
then
|
||||
if [[ ! -z ${args['org']} ]]
|
||||
then
|
||||
case ${args['org']} in
|
||||
warengroup)
|
||||
ORG=warengroup
|
||||
;;
|
||||
cwchristerw)
|
||||
ORG=cwchristerw
|
||||
;;
|
||||
*)
|
||||
wxi-content status "Organization" "Unsupported"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
;;
|
||||
esac
|
||||
elif [[ $(hostname -d) == "devices.waren.io" ]]
|
||||
then
|
||||
ORG=warengroup
|
||||
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
|
||||
then
|
||||
ORG=cwchristerw
|
||||
fi
|
||||
|
||||
if [[ ! -z $ORG ]]
|
||||
then
|
||||
case $ORG in
|
||||
warengroup)
|
||||
DOMAIN=waren.io
|
||||
VAULT_DOMAIN=vault.cwinfo.net
|
||||
ORG_HEADER="Warén Group"
|
||||
;;
|
||||
cwchristerw)
|
||||
DOMAIN=christerwaren.fi
|
||||
VAULT_DOMAIN=vault.cwinfo.net
|
||||
ORG_HEADER="Christer Warén"
|
||||
;;
|
||||
*)
|
||||
wxi-content status "Organization" "Unsupported"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
;;
|
||||
esac
|
||||
else
|
||||
wxi-content status "Organization" "Required"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -z $1 || $1 == "--vault" ]]
|
||||
then
|
||||
if [[ -z $VAULT_DOMAIN ]]
|
||||
then
|
||||
wxi-content status "Vault" "Unavailable"
|
||||
wxi-footer
|
||||
wxi-repeat "\n" 3
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
|
||||
if [[ ! $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
wxi-content status "Vault" "Offline"
|
||||
wxi-footer
|
||||
wxi-repeat "\n" 3
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
wi-start(){
|
||||
wi-header "Warén Init" h1
|
||||
wxi-start(){
|
||||
wxi-header "Warén Init" h1
|
||||
|
||||
mkdir -p $HOME/.warengroup &> /dev/null
|
||||
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
wi-stop (){
|
||||
echo " "
|
||||
echo " "
|
||||
echo " "
|
||||
|
||||
wxi-stop (){
|
||||
rm -rf /.ssh/keys/init &> /dev/null
|
||||
|
||||
wxi-repeat "\n" 3
|
||||
exit 1
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user