From 0b0237ede523602e5df73c5ba45687d3f1200cb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Thu, 30 May 2024 15:33:31 +0300 Subject: [PATCH] Code Update --- src/commands/auto.sh | 5 + src/commands/help.sh | 11 + src/commands/infra.sh | 6 +- src/{functions => commands}/login.sh | 0 src/commands/ssh.sh | 3 + src/commands/ssh/config.sh | 12 +- src/commands/ssh/keys.sh | 62 ++++++ src/commands/ssh/sign.sh | 8 +- wx | 289 ++++++++++++++++++--------- 9 files changed, 286 insertions(+), 110 deletions(-) create mode 100644 src/commands/auto.sh rename src/{functions => commands}/login.sh (100%) create mode 100644 src/commands/ssh/keys.sh diff --git a/src/commands/auto.sh b/src/commands/auto.sh new file mode 100644 index 0000000..ad52548 --- /dev/null +++ b/src/commands/auto.sh @@ -0,0 +1,5 @@ +wx-auto(){ + wx-ssh-config-sync + wx-ssh-keys-sync + wx-ssh-sign +} diff --git a/src/commands/help.sh b/src/commands/help.sh index 0534329..ca42f49 100644 --- a/src/commands/help.sh +++ b/src/commands/help.sh @@ -8,11 +8,22 @@ Usage: $0 COMMAND [OPTIONS] Common Commands: init Init + help Help ssh SSH config Config + edit Edit + save Save + sync Sync + keys Keys + generate Generate + delete Delete + save Save + sync Sync sign Certificates Management Commands: + auto Auto + login Login settings Settings "; diff --git a/src/commands/infra.sh b/src/commands/infra.sh index 33fb4a4..191fc17 100644 --- a/src/commands/infra.sh +++ b/src/commands/infra.sh @@ -5,6 +5,8 @@ wx-infra(){ echo " >> Infra << " echo "------------------------------" + INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra" + case $USER in cwchristerw) if [[ -z $1 ]] @@ -17,12 +19,12 @@ wx-infra(){ then echo "Tag Required" else - cd "/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra" + cd "$INFRA_PATH" ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9 cd "$OLDPWD" fi else - cd "/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra" + cd "$INFRA_PATH" ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9 cd "$OLDPWD" fi diff --git a/src/functions/login.sh b/src/commands/login.sh similarity index 100% rename from src/functions/login.sh rename to src/commands/login.sh diff --git a/src/commands/ssh.sh b/src/commands/ssh.sh index 38bc3d6..ccb1edf 100644 --- a/src/commands/ssh.sh +++ b/src/commands/ssh.sh @@ -5,6 +5,9 @@ wx-ssh(){ sign) wx-ssh-sign ;; + keys) + wx-ssh-keys $2 $3 + ;; config) wx-ssh-config $2 ;; diff --git a/src/commands/ssh/config.sh b/src/commands/ssh/config.sh index 640cb6d..99f9405 100644 --- a/src/commands/ssh/config.sh +++ b/src/commands/ssh/config.sh @@ -19,8 +19,6 @@ wx-ssh-config(){ wx-stop ;; esac - - } wx-ssh-config-edit(){ @@ -28,9 +26,15 @@ wx-ssh-config-edit(){ } wx-ssh-config-save(){ - curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"settings/ssh/config\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null + curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null } wx-ssh-config-sync(){ - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data["settings/ssh/config"]') | base64 -d > ~/.ssh/config 2>&1 + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") + if [[ $VAULT_STATUS -eq 200 ]] + then + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 + else + echo "Status: Config Required" + fi } diff --git a/src/commands/ssh/keys.sh b/src/commands/ssh/keys.sh new file mode 100644 index 0000000..b54b749 --- /dev/null +++ b/src/commands/ssh/keys.sh @@ -0,0 +1,62 @@ +wx-ssh-keys(){ + echo " >> SSH / Keys << " + echo "------------------------------" + + case $1 in + generate) + wx-ssh-keys-sync $2 + wx-ssh-keys-generate $2 + wx-ssh-config-save $2 + ;; + retrieve) + wx-ssh-keys-retrieve $2 + ;; + save) + wx-ssh-keys-save $2 + ;; + sync) + wx-ssh-keys-sync $2 + ;; + delete) + wx-ssh-keys-remove $2 + ;; + *) + wx-ssh-keys-sync + wx-stop + ;; + esac +} + +wx-ssh-keys-generate(){ + if [[ ! -z $1 ]] + then + if [[ ! -f "$HOME/.ssh/keys/$1" ]] + then + ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USER" &> /dev/null + fi + fi +} + +wx-ssh-keys-retrieve(){ + if [[ ! -z $1 ]] + then + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}") + if [[ $VAULT_STATUS -eq 200 ]] + then + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 + else + echo "Status: Key Required" + fi + fi +} + +wx-ssh-keys-save(){ + if [[ ! -z $1 ]] + then + if [[ -f "$HOME/.ssh/keys/$1" ]] + then + curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null + fi + fi +} diff --git a/src/commands/ssh/sign.sh b/src/commands/ssh/sign.sh index 76a0382..148421d 100644 --- a/src/commands/ssh/sign.sh +++ b/src/commands/ssh/sign.sh @@ -26,14 +26,14 @@ wx-ssh-sign-create(){ PRINCIPALS=$2 TTL=$3 - if [[ ! -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + if [[ ! -f "$HOME/.ssh/keys/$NAME" ]] then - ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME-ed25519 -q -N "" &> /dev/null + ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USER" &> /dev/null fi - if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + if [[ -f "$HOME/.ssh/keys/$NAME" ]] then echo "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 fi } diff --git a/wx b/wx index 2aeb8ce..16a0c97 100755 --- a/wx +++ b/wx @@ -19,6 +19,117 @@ wxNormal=$(tput sgr0) declare -Ax config +wx-start(){ + echo "" + echo "" + echo "" + echo "==============================" + echo -n "$wxBold" + echo " Warén CLI " + echo -n "$wxNormal" + echo "==============================" + + mkdir -p $HOME/.config/warengroup &> /dev/null + + if [[ ! -f "$HOME/.config/warengroup/config.json" ]] + then + echo '{}' | jq > $HOME/.config/warengroup/config.json + fi +} + +wx-stop (){ + echo " " + echo " " + echo " " + if [[ -f "./wx" ]] && [[ -d "./src" ]] + then + podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null + mv wx.tmp wx &> /dev/null + chmod +x wx &> /dev/null + fi + + mkdir $HOME/bin &> /dev/null + curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null + chmod +x $HOME/bin/wx &> /dev/null + + exit 1 +} + +wx-auto(){ + wx-ssh-config-sync + wx-ssh-keys-sync + wx-ssh-sign +} + +wx-help(){ + +echo " >> Help << " +echo "------------------------------" + +echo -n " +Usage: $0 COMMAND [OPTIONS] + +Common Commands: + init Init + help Help + ssh SSH + config Config + edit Edit + save Save + sync Sync + keys Keys + generate Generate + delete Delete + save Save + sync Sync + sign Certificates + +Management Commands: + auto Auto + login Login + settings Settings +"; + +} + +wx-infra(){ + wx-login + wx-ssh-sign &> /dev/null + + echo " >> Infra << " + echo "------------------------------" + + INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra" + + case $USER in + cwchristerw) + if [[ -z $1 ]] + then + echo "Tag Required" + else + if [[ $1 == "init" ]] + then + if [[ -z $2 ]] + then + echo "Tag Required" + else + cd "$INFRA_PATH" + ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9 + cd "$OLDPWD" + fi + else + cd "$INFRA_PATH" + ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9 + cd "$OLDPWD" + fi + fi + ;; + *) + echo "User Unsupported" + ;; + esac +} + wx-login(){ ORG=$1 @@ -201,98 +312,6 @@ wx-login(){ fi } -wx-start(){ - echo "" - echo "" - echo "" - echo "==============================" - echo -n "$wxBold" - echo " Warén CLI " - echo -n "$wxNormal" - echo "==============================" - - mkdir -p $HOME/.config/warengroup &> /dev/null - - if [[ ! -f "$HOME/.config/warengroup/config.json" ]] - then - echo '{}' | jq > $HOME/.config/warengroup/config.json - fi -} - -wx-stop (){ - echo " " - echo " " - echo " " - if [[ -f "./wx" ]] && [[ -d "./src" ]] - then - podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null - mv wx.tmp wx &> /dev/null - chmod +x wx &> /dev/null - fi - - mkdir $HOME/bin &> /dev/null - curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null - chmod +x $HOME/bin/wx &> /dev/null - - exit 1 -} - -wx-help(){ - -echo " >> Help << " -echo "------------------------------" - -echo -n " -Usage: $0 COMMAND [OPTIONS] - -Common Commands: - init Init - ssh SSH - config Config - sign Certificates - -Management Commands: - settings Settings -"; - -} - -wx-infra(){ - wx-login - wx-ssh-sign &> /dev/null - - echo " >> Infra << " - echo "------------------------------" - - case $USER in - cwchristerw) - if [[ -z $1 ]] - then - echo "Tag Required" - else - if [[ $1 == "init" ]] - then - if [[ -z $2 ]] - then - echo "Tag Required" - else - cd "/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra" - ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9 - cd "$OLDPWD" - fi - else - cd "/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra" - ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9 - cd "$OLDPWD" - fi - fi - ;; - *) - echo "User Unsupported" - ;; - esac -} - wx-settings(){ wx-login @@ -307,6 +326,9 @@ wx-ssh(){ sign) wx-ssh-sign ;; + keys) + wx-ssh-keys $2 $3 + ;; config) wx-ssh-config $2 ;; @@ -345,8 +367,6 @@ wx-ssh-config(){ wx-stop ;; esac - - } wx-ssh-config-edit(){ @@ -354,11 +374,80 @@ wx-ssh-config-edit(){ } wx-ssh-config-save(){ - curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"settings/ssh/config\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null + curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null } wx-ssh-config-sync(){ - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data["settings/ssh/config"]') | base64 -d > ~/.ssh/config 2>&1 + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") + if [[ $VAULT_STATUS -eq 200 ]] + then + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 + else + echo "Status: Config Required" + fi +} + +wx-ssh-keys(){ + echo " >> SSH / Keys << " + echo "------------------------------" + + case $1 in + generate) + wx-ssh-keys-sync $2 + wx-ssh-keys-generate $2 + wx-ssh-config-save $2 + ;; + retrieve) + wx-ssh-keys-retrieve $2 + ;; + save) + wx-ssh-keys-save $2 + ;; + sync) + wx-ssh-keys-sync $2 + ;; + delete) + wx-ssh-keys-remove $2 + ;; + *) + wx-ssh-keys-sync + wx-stop + ;; + esac +} + +wx-ssh-keys-generate(){ + if [[ ! -z $1 ]] + then + if [[ ! -f "$HOME/.ssh/keys/$1" ]] + then + ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USER" &> /dev/null + fi + fi +} + +wx-ssh-keys-retrieve(){ + if [[ ! -z $1 ]] + then + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}") + if [[ $VAULT_STATUS -eq 200 ]] + then + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 + else + echo "Status: Key Required" + fi + fi +} + +wx-ssh-keys-save(){ + if [[ ! -z $1 ]] + then + if [[ -f "$HOME/.ssh/keys/$1" ]] + then + curl https://$VAULT_DOMAIN/v1/cli/data/$USER/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null + fi + fi } wx-ssh-sign(){ @@ -389,15 +478,15 @@ wx-ssh-sign-create(){ PRINCIPALS=$2 TTL=$3 - if [[ ! -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + if [[ ! -f "$HOME/.ssh/keys/$NAME" ]] then - ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME-ed25519 -q -N "" &> /dev/null + ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USER" &> /dev/null fi - if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + if [[ -f "$HOME/.ssh/keys/$NAME" ]] then echo "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 fi }