From 28aed09fd1ef0937c3fbec3ca3d055c4c642bfab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Sun, 28 Apr 2024 06:08:57 +0300 Subject: [PATCH] Source Update --- src/base.sh | 2 ++ src/commands/ssh.sh | 20 ++++++++--- src/commands/ssh/config.sh | 5 +-- src/commands/ssh/sign.sh | 36 +++++++++++++++++++- src/functions/login.sh | 7 ++-- wx | 70 ++++++++++++++++++++++++++++++++------ 6 files changed, 120 insertions(+), 20 deletions(-) diff --git a/src/base.sh b/src/base.sh index 789cbc0..d7e3055 100644 --- a/src/base.sh +++ b/src/base.sh @@ -18,6 +18,8 @@ wxItalic=$(tput sitm) wxBold=$(tput bold) wxNormal=$(tput sgr0) +declare -Ax config + {{ FUNCTIONS }} {{ COMMANDS }} diff --git a/src/commands/ssh.sh b/src/commands/ssh.sh index dedf765..2a75318 100644 --- a/src/commands/ssh.sh +++ b/src/commands/ssh.sh @@ -1,8 +1,20 @@ wx-ssh() { wx-login - echo -n "$wxItalic" - echo " >> SSH << " - echo -n "$wxNormal"; - echo "------------------------------" + case $1 in + sign) + wx-ssh-sign + ;; + config) + wx-ssh-config + ;; + *) + echo -n "$wxItalic" + echo " >> SSH << " + echo -n "$wxNormal"; + echo "------------------------------" + + wx-stop + ;; + esac } diff --git a/src/commands/ssh/config.sh b/src/commands/ssh/config.sh index 2d39ef6..8e790a8 100644 --- a/src/commands/ssh/config.sh +++ b/src/commands/ssh/config.sh @@ -1,6 +1,7 @@ wx-ssh-config(){ echo -n "$wxItalic" - echo " >> SSH : Config << " - echo -n "$wxNormal" + echo " >> SSH << " + echo " Config " + echo -n "$wxNormal"; echo "------------------------------" } diff --git a/src/commands/ssh/sign.sh b/src/commands/ssh/sign.sh index e32f6fd..53e7e51 100644 --- a/src/commands/ssh/sign.sh +++ b/src/commands/ssh/sign.sh @@ -1,6 +1,40 @@ wx-ssh-sign(){ echo -n "$wxItalic" - echo " >> SSH : Certificates << " + echo " >> SSH << " + echo " Sign " echo -n "$wxNormal" echo "------------------------------" + + NAME=warengroup + ROLE=sysadmin + PRINCIPALS=sysadmin + TTL=3600 + + if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + then + echo "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + fi + + NAME=cwinfo + ROLE=sysadmin + PRINCIPALS=sysadmin + TTL=3600 + + if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + then + echo "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + fi + + NAME=cwchristerw + ROLE=sysadmin + PRINCIPALS=sysadmin + TTL=3600 + + if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + then + echo "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + fi } diff --git a/src/functions/login.sh b/src/functions/login.sh index 2431a5c..e325675 100644 --- a/src/functions/login.sh +++ b/src/functions/login.sh @@ -4,7 +4,7 @@ wx-login() { echo -n "$wxNormal"; echo "------------------------------" - ORG=$2 + ORG=$1 if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then wx-stop @@ -92,7 +92,7 @@ wx-login() { if [[ $VAULT_STATUS -eq 200 ]] then IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) - if [[ $IDM_STATUS -eq 302 ]] + if [[ $IDM_STATUS -eq 301 ]] then echo -n $wxBold echo -n $ORG @@ -138,8 +138,8 @@ wx-login() { wx-stop fi fi - echo "" + config[${ORG}]=$VAULT_LOGIN wx-start else echo -n $wxBold @@ -171,6 +171,7 @@ wx-login() { wx-stop fi + config[${ORG}]=$VAULT_LOGIN wx-start fi else diff --git a/wx b/wx index 1a425cb..f95fcac 100755 --- a/wx +++ b/wx @@ -18,13 +18,15 @@ wxItalic=$(tput sitm) wxBold=$(tput bold) wxNormal=$(tput sgr0) +declare -Ax config + wx-login() { echo -n "$wxItalic" echo " >> Login << " echo -n "$wxNormal"; echo "------------------------------" - ORG=$2 + ORG=$1 if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then wx-stop @@ -112,7 +114,7 @@ wx-login() { if [[ $VAULT_STATUS -eq 200 ]] then IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) - if [[ $IDM_STATUS -eq 302 ]] + if [[ $IDM_STATUS -eq 301 ]] then echo -n $wxBold echo -n $ORG @@ -158,8 +160,8 @@ wx-login() { wx-stop fi fi - echo "" + config[${ORG}]=$VAULT_LOGIN wx-start else echo -n $wxBold @@ -191,6 +193,7 @@ wx-login() { wx-stop fi + config[${ORG}]=$VAULT_LOGIN wx-start fi else @@ -282,10 +285,22 @@ wx-settings() { wx-ssh() { wx-login - echo -n "$wxItalic" - echo " >> SSH << " - echo -n "$wxNormal"; - echo "------------------------------" + case $1 in + sign) + wx-ssh-sign + ;; + config) + wx-ssh-config + ;; + *) + echo -n "$wxItalic" + echo " >> SSH << " + echo -n "$wxNormal"; + echo "------------------------------" + + wx-stop + ;; + esac } wx-welcome() { @@ -297,16 +312,51 @@ wx-welcome() { wx-ssh-config(){ echo -n "$wxItalic" - echo " >> SSH : Config << " - echo -n "$wxNormal" + echo " >> SSH << " + echo " Config " + echo -n "$wxNormal"; echo "------------------------------" } wx-ssh-sign(){ echo -n "$wxItalic" - echo " >> SSH : Certificates << " + echo " >> SSH << " + echo " Sign " echo -n "$wxNormal" echo "------------------------------" + + NAME=warengroup + ROLE=sysadmin + PRINCIPALS=sysadmin + TTL=3600 + + if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + then + echo "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + fi + + NAME=cwinfo + ROLE=sysadmin + PRINCIPALS=sysadmin + TTL=3600 + + if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + then + echo "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + fi + + NAME=cwchristerw + ROLE=sysadmin + PRINCIPALS=sysadmin + TTL=3600 + + if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] + then + echo "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + fi }