From a6cb4ae62653df06a7e5dd727c37941ea587e597 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Sat, 4 May 2024 18:08:46 +0300 Subject: [PATCH] Code Update --- src/base.sh | 1 + src/commands/infra.sh | 2 +- src/commands/ssh.sh | 2 +- src/commands/ssh/config.sh | 35 +++++++++++++- src/commands/ssh/sign.sh | 5 +- src/functions/login.sh | 54 ++++++++++++--------- wx | 99 ++++++++++++++++++++++++++------------ 7 files changed, 138 insertions(+), 60 deletions(-) diff --git a/src/base.sh b/src/base.sh index f52fccc..3028d73 100644 --- a/src/base.sh +++ b/src/base.sh @@ -19,6 +19,7 @@ wxNormal=$(tput sgr0) declare -Ax config + {{ FUNCTIONS }} {{ COMMANDS }} diff --git a/src/commands/infra.sh b/src/commands/infra.sh index f198638..4f63a71 100644 --- a/src/commands/infra.sh +++ b/src/commands/infra.sh @@ -2,7 +2,7 @@ wx-infra(){ wx-login wx-ssh-sign &> /dev/null - echo " >> Infra << " + echo " >> Infra << " echo "------------------------------" case $USER in diff --git a/src/commands/ssh.sh b/src/commands/ssh.sh index 39691e2..38bc3d6 100644 --- a/src/commands/ssh.sh +++ b/src/commands/ssh.sh @@ -6,7 +6,7 @@ wx-ssh(){ wx-ssh-sign ;; config) - wx-ssh-config + wx-ssh-config $2 ;; *) echo " >> SSH << " diff --git a/src/commands/ssh/config.sh b/src/commands/ssh/config.sh index 0500a83..640cb6d 100644 --- a/src/commands/ssh/config.sh +++ b/src/commands/ssh/config.sh @@ -1,5 +1,36 @@ wx-ssh-config(){ - echo " >> SSH << " - echo " Config " + echo " >> SSH / Config << " echo "------------------------------" + + case $1 in + edit) + wx-ssh-config-sync + wx-ssh-config-edit + wx-ssh-config-save + ;; + save) + wx-ssh-config-save + ;; + sync) + wx-ssh-config-sync + ;; + *) + wx-ssh-config-sync + wx-stop + ;; + esac + + +} + +wx-ssh-config-edit(){ + nano ~/.ssh/config +} + +wx-ssh-config-save(){ + curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"settings/ssh/config\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null +} + +wx-ssh-config-sync(){ + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data["settings/ssh/config"]') | base64 -d > ~/.ssh/config 2>&1 } diff --git a/src/commands/ssh/sign.sh b/src/commands/ssh/sign.sh index 6b0cb8d..76a0382 100644 --- a/src/commands/ssh/sign.sh +++ b/src/commands/ssh/sign.sh @@ -1,6 +1,5 @@ wx-ssh-sign(){ - echo " >> SSH << " - echo " Sign " + echo " >> SSH / Sign << " echo "------------------------------" if [[ $ORG == "warengroup" ]] @@ -35,6 +34,6 @@ wx-ssh-sign-create(){ if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] then echo "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 fi } diff --git a/src/functions/login.sh b/src/functions/login.sh index e93e9c9..c33810d 100644 --- a/src/functions/login.sh +++ b/src/functions/login.sh @@ -1,7 +1,4 @@ wx-login(){ - echo " >> Login << " - echo "------------------------------" - ORG=$1 if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]] @@ -20,6 +17,9 @@ wx-login(){ ORG=cwchristerw elif [[ -z $ORG ]] then + echo " >> Login << " + echo "------------------------------" + echo -n "Status: Organization Required" wx-stop fi @@ -34,6 +34,9 @@ wx-login(){ then DOMAIN=christerwaren.fi else + echo " >> Login << " + echo "------------------------------" + echo -n "Status: Organization Unsupported" wx-stop fi @@ -51,6 +54,9 @@ wx-login(){ then HOSTNAME="$2.$DEVICE_DOMAIN" else + echo " >> Login << " + echo "------------------------------" + echo -n "Status: Hostname Required" wx-stop fi @@ -61,6 +67,9 @@ wx-login(){ then if [[ -z LOGNAME ]] then + echo " >> Login << " + echo "------------------------------" + echo -n "Status: Username Required" wx-stop else @@ -74,30 +83,23 @@ wx-login(){ VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) if [[ $VAULT_STATUS -eq 200 ]] then - if [[ -f "$HOME/.config/warengroup/login.json" ]] + if [[ -f "$HOME/.config/warengroup/config.json" ]] then - TOKEN="$(cat $HOME/.config/warengroup/login.json | jq -r .$ORG)" + TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)" fi VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] then - echo $wxBold$ORG$wxNormal - - echo -n "Username: " - echo $(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $VAULT_LOGIN" -s | jq -r '.data.meta.username') - - echo -n "Token: " - echo "****************" - - config[${ORG}]=$VAULT_LOGIN - echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json - - wx-start + config["login",${ORG}]=$VAULT_LOGIN + echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json else IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) if [[ $IDM_STATUS -eq 301 ]] then + echo " >> Login << " + echo "------------------------------" + echo $wxBold$ORG$wxNormal if [[ -z $USER || $USER == "root" || $USER == "local" ]] @@ -125,16 +127,19 @@ wx-login(){ wx-stop fi - config[${ORG}]=$VAULT_LOGIN + config["login",${ORG}]=$VAULT_LOGIN mkdir -p $HOME/.config/warengroup &> /dev/null - touch $HOME/.config/warengroup/login.json &> /dev/null + touch $HOME/.config/warengroup/config.json &> /dev/null - echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json + echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json wx-start fi else + echo " >> Login << " + echo "------------------------------" + echo $wxBold$ORG$wxNormal echo -n "Token: " @@ -154,17 +159,20 @@ wx-login(){ wx-stop fi - config[${ORG}]=$VAULT_LOGIN + config["login",${ORG}]=$VAULT_LOGIN mkdir -p $HOME/.config/warengroup &> /dev/null - touch $HOME/.config/warengroup/login.json &> /dev/null + touch $HOME/.config/warengroup/config.json &> /dev/null - echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json + echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json wx-start fi fi else + echo " >> Login << " + echo "------------------------------" + echo $wxBold$ORG$wxNormal echo -n "Status: Vault Offline" diff --git a/wx b/wx index 9638a75..f8864d9 100755 --- a/wx +++ b/wx @@ -19,10 +19,8 @@ wxNormal=$(tput sgr0) declare -Ax config -wx-login(){ - echo " >> Login << " - echo "------------------------------" +wx-login(){ ORG=$1 if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]] @@ -41,6 +39,9 @@ wx-login(){ ORG=cwchristerw elif [[ -z $ORG ]] then + echo " >> Login << " + echo "------------------------------" + echo -n "Status: Organization Required" wx-stop fi @@ -55,6 +56,9 @@ wx-login(){ then DOMAIN=christerwaren.fi else + echo " >> Login << " + echo "------------------------------" + echo -n "Status: Organization Unsupported" wx-stop fi @@ -72,6 +76,9 @@ wx-login(){ then HOSTNAME="$2.$DEVICE_DOMAIN" else + echo " >> Login << " + echo "------------------------------" + echo -n "Status: Hostname Required" wx-stop fi @@ -82,6 +89,9 @@ wx-login(){ then if [[ -z LOGNAME ]] then + echo " >> Login << " + echo "------------------------------" + echo -n "Status: Username Required" wx-stop else @@ -95,30 +105,23 @@ wx-login(){ VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) if [[ $VAULT_STATUS -eq 200 ]] then - if [[ -f "$HOME/.config/warengroup/login.json" ]] + if [[ -f "$HOME/.config/warengroup/config.json" ]] then - TOKEN="$(cat $HOME/.config/warengroup/login.json | jq -r .$ORG)" + TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)" fi VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] then - echo $wxBold$ORG$wxNormal - - echo -n "Username: " - echo $(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $VAULT_LOGIN" -s | jq -r '.data.meta.username') - - echo -n "Token: " - echo "****************" - - config[${ORG}]=$VAULT_LOGIN - echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json - - wx-start + config["login",${ORG}]=$VAULT_LOGIN + echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json else IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) if [[ $IDM_STATUS -eq 301 ]] then + echo " >> Login << " + echo "------------------------------" + echo $wxBold$ORG$wxNormal if [[ -z $USER || $USER == "root" || $USER == "local" ]] @@ -146,16 +149,19 @@ wx-login(){ wx-stop fi - config[${ORG}]=$VAULT_LOGIN + config["login",${ORG}]=$VAULT_LOGIN mkdir -p $HOME/.config/warengroup &> /dev/null - touch $HOME/.config/warengroup/login.json &> /dev/null + touch $HOME/.config/warengroup/config.json &> /dev/null - echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json + echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json wx-start fi else + echo " >> Login << " + echo "------------------------------" + echo $wxBold$ORG$wxNormal echo -n "Token: " @@ -175,17 +181,20 @@ wx-login(){ wx-stop fi - config[${ORG}]=$VAULT_LOGIN + config["login",${ORG}]=$VAULT_LOGIN mkdir -p $HOME/.config/warengroup &> /dev/null - touch $HOME/.config/warengroup/login.json &> /dev/null + touch $HOME/.config/warengroup/config.json &> /dev/null - echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json + echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json wx-start fi fi else + echo " >> Login << " + echo "------------------------------" + echo $wxBold$ORG$wxNormal echo -n "Status: Vault Offline" @@ -246,7 +255,7 @@ wx-infra(){ wx-login wx-ssh-sign &> /dev/null - echo " >> Infra << " + echo " >> Infra << " echo "------------------------------" case $USER in @@ -281,7 +290,7 @@ wx-ssh(){ wx-ssh-sign ;; config) - wx-ssh-config + wx-ssh-config $2 ;; *) echo " >> SSH << " @@ -298,14 +307,44 @@ wx-welcome(){ } wx-ssh-config(){ - echo " >> SSH << " - echo " Config " + echo " >> SSH / Config << " echo "------------------------------" + + case $1 in + edit) + wx-ssh-config-sync + wx-ssh-config-edit + wx-ssh-config-save + ;; + save) + wx-ssh-config-save + ;; + sync) + wx-ssh-config-sync + ;; + *) + wx-ssh-config-sync + wx-stop + ;; + esac + + +} + +wx-ssh-config-edit(){ + nano ~/.ssh/config +} + +wx-ssh-config-save(){ + curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"settings/ssh/config\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null +} + +wx-ssh-config-sync(){ + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data["settings/ssh/config"]') | base64 -d > ~/.ssh/config 2>&1 } wx-ssh-sign(){ - echo " >> SSH << " - echo " Sign " + echo " >> SSH / Sign << " echo "------------------------------" if [[ $ORG == "warengroup" ]] @@ -340,7 +379,7 @@ wx-ssh-sign-create(){ if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] then echo "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 fi }