Code Update

This commit is contained in:
Christer Warén 2024-05-04 18:08:46 +03:00
parent fb02109d68
commit a6cb4ae626
7 changed files with 138 additions and 60 deletions

View File

@ -19,6 +19,7 @@ wxNormal=$(tput sgr0)
declare -Ax config declare -Ax config
{{ FUNCTIONS }} {{ FUNCTIONS }}
{{ COMMANDS }} {{ COMMANDS }}

View File

@ -6,7 +6,7 @@ wx-ssh(){
wx-ssh-sign wx-ssh-sign
;; ;;
config) config)
wx-ssh-config wx-ssh-config $2
;; ;;
*) *)
echo " >> SSH << " echo " >> SSH << "

View File

@ -1,5 +1,36 @@
wx-ssh-config(){ wx-ssh-config(){
echo " >> SSH << " echo " >> SSH / Config << "
echo " Config "
echo "------------------------------" echo "------------------------------"
case $1 in
edit)
wx-ssh-config-sync
wx-ssh-config-edit
wx-ssh-config-save
;;
save)
wx-ssh-config-save
;;
sync)
wx-ssh-config-sync
;;
*)
wx-ssh-config-sync
wx-stop
;;
esac
}
wx-ssh-config-edit(){
nano ~/.ssh/config
}
wx-ssh-config-save(){
curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"settings/ssh/config\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data["settings/ssh/config"]') | base64 -d > ~/.ssh/config 2>&1
} }

View File

@ -1,6 +1,5 @@
wx-ssh-sign(){ wx-ssh-sign(){
echo " >> SSH << " echo " >> SSH / Sign << "
echo " Sign "
echo "------------------------------" echo "------------------------------"
if [[ $ORG == "warengroup" ]] if [[ $ORG == "warengroup" ]]
@ -35,6 +34,6 @@ wx-ssh-sign-create(){
if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]]
then then
echo "$NAME/$ROLE" echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1
fi fi
} }

View File

@ -1,7 +1,4 @@
wx-login(){ wx-login(){
echo " >> Login << "
echo "------------------------------"
ORG=$1 ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]] if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
@ -20,6 +17,9 @@ wx-login(){
ORG=cwchristerw ORG=cwchristerw
elif [[ -z $ORG ]] elif [[ -z $ORG ]]
then then
echo " >> Login << "
echo "------------------------------"
echo -n "Status: Organization Required" echo -n "Status: Organization Required"
wx-stop wx-stop
fi fi
@ -34,6 +34,9 @@ wx-login(){
then then
DOMAIN=christerwaren.fi DOMAIN=christerwaren.fi
else else
echo " >> Login << "
echo "------------------------------"
echo -n "Status: Organization Unsupported" echo -n "Status: Organization Unsupported"
wx-stop wx-stop
fi fi
@ -51,6 +54,9 @@ wx-login(){
then then
HOSTNAME="$2.$DEVICE_DOMAIN" HOSTNAME="$2.$DEVICE_DOMAIN"
else else
echo " >> Login << "
echo "------------------------------"
echo -n "Status: Hostname Required" echo -n "Status: Hostname Required"
wx-stop wx-stop
fi fi
@ -61,6 +67,9 @@ wx-login(){
then then
if [[ -z LOGNAME ]] if [[ -z LOGNAME ]]
then then
echo " >> Login << "
echo "------------------------------"
echo -n "Status: Username Required" echo -n "Status: Username Required"
wx-stop wx-stop
else else
@ -74,30 +83,23 @@ wx-login(){
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
if [[ -f "$HOME/.config/warengroup/login.json" ]] if [[ -f "$HOME/.config/warengroup/config.json" ]]
then then
TOKEN="$(cat $HOME/.config/warengroup/login.json | jq -r .$ORG)" TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
fi fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then then
echo $wxBold$ORG$wxNormal config["login",${ORG}]=$VAULT_LOGIN
echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json
echo -n "Username: "
echo $(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $VAULT_LOGIN" -s | jq -r '.data.meta.username')
echo -n "Token: "
echo "****************"
config[${ORG}]=$VAULT_LOGIN
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json
wx-start
else else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]] if [[ $IDM_STATUS -eq 301 ]]
then then
echo " >> Login << "
echo "------------------------------"
echo $wxBold$ORG$wxNormal echo $wxBold$ORG$wxNormal
if [[ -z $USER || $USER == "root" || $USER == "local" ]] if [[ -z $USER || $USER == "root" || $USER == "local" ]]
@ -125,16 +127,19 @@ wx-login(){
wx-stop wx-stop
fi fi
config[${ORG}]=$VAULT_LOGIN config["login",${ORG}]=$VAULT_LOGIN
mkdir -p $HOME/.config/warengroup &> /dev/null mkdir -p $HOME/.config/warengroup &> /dev/null
touch $HOME/.config/warengroup/login.json &> /dev/null touch $HOME/.config/warengroup/config.json &> /dev/null
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json
wx-start wx-start
fi fi
else else
echo " >> Login << "
echo "------------------------------"
echo $wxBold$ORG$wxNormal echo $wxBold$ORG$wxNormal
echo -n "Token: " echo -n "Token: "
@ -154,17 +159,20 @@ wx-login(){
wx-stop wx-stop
fi fi
config[${ORG}]=$VAULT_LOGIN config["login",${ORG}]=$VAULT_LOGIN
mkdir -p $HOME/.config/warengroup &> /dev/null mkdir -p $HOME/.config/warengroup &> /dev/null
touch $HOME/.config/warengroup/login.json &> /dev/null touch $HOME/.config/warengroup/config.json &> /dev/null
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json
wx-start wx-start
fi fi
fi fi
else else
echo " >> Login << "
echo "------------------------------"
echo $wxBold$ORG$wxNormal echo $wxBold$ORG$wxNormal
echo -n "Status: Vault Offline" echo -n "Status: Vault Offline"

97
wx
View File

@ -19,10 +19,8 @@ wxNormal=$(tput sgr0)
declare -Ax config declare -Ax config
wx-login(){
echo " >> Login << "
echo "------------------------------"
wx-login(){
ORG=$1 ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]] if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
@ -41,6 +39,9 @@ wx-login(){
ORG=cwchristerw ORG=cwchristerw
elif [[ -z $ORG ]] elif [[ -z $ORG ]]
then then
echo " >> Login << "
echo "------------------------------"
echo -n "Status: Organization Required" echo -n "Status: Organization Required"
wx-stop wx-stop
fi fi
@ -55,6 +56,9 @@ wx-login(){
then then
DOMAIN=christerwaren.fi DOMAIN=christerwaren.fi
else else
echo " >> Login << "
echo "------------------------------"
echo -n "Status: Organization Unsupported" echo -n "Status: Organization Unsupported"
wx-stop wx-stop
fi fi
@ -72,6 +76,9 @@ wx-login(){
then then
HOSTNAME="$2.$DEVICE_DOMAIN" HOSTNAME="$2.$DEVICE_DOMAIN"
else else
echo " >> Login << "
echo "------------------------------"
echo -n "Status: Hostname Required" echo -n "Status: Hostname Required"
wx-stop wx-stop
fi fi
@ -82,6 +89,9 @@ wx-login(){
then then
if [[ -z LOGNAME ]] if [[ -z LOGNAME ]]
then then
echo " >> Login << "
echo "------------------------------"
echo -n "Status: Username Required" echo -n "Status: Username Required"
wx-stop wx-stop
else else
@ -95,30 +105,23 @@ wx-login(){
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
if [[ -f "$HOME/.config/warengroup/login.json" ]] if [[ -f "$HOME/.config/warengroup/config.json" ]]
then then
TOKEN="$(cat $HOME/.config/warengroup/login.json | jq -r .$ORG)" TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
fi fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then then
echo $wxBold$ORG$wxNormal config["login",${ORG}]=$VAULT_LOGIN
echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json
echo -n "Username: "
echo $(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $VAULT_LOGIN" -s | jq -r '.data.meta.username')
echo -n "Token: "
echo "****************"
config[${ORG}]=$VAULT_LOGIN
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json
wx-start
else else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]] if [[ $IDM_STATUS -eq 301 ]]
then then
echo " >> Login << "
echo "------------------------------"
echo $wxBold$ORG$wxNormal echo $wxBold$ORG$wxNormal
if [[ -z $USER || $USER == "root" || $USER == "local" ]] if [[ -z $USER || $USER == "root" || $USER == "local" ]]
@ -146,16 +149,19 @@ wx-login(){
wx-stop wx-stop
fi fi
config[${ORG}]=$VAULT_LOGIN config["login",${ORG}]=$VAULT_LOGIN
mkdir -p $HOME/.config/warengroup &> /dev/null mkdir -p $HOME/.config/warengroup &> /dev/null
touch $HOME/.config/warengroup/login.json &> /dev/null touch $HOME/.config/warengroup/config.json &> /dev/null
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json
wx-start wx-start
fi fi
else else
echo " >> Login << "
echo "------------------------------"
echo $wxBold$ORG$wxNormal echo $wxBold$ORG$wxNormal
echo -n "Token: " echo -n "Token: "
@ -175,17 +181,20 @@ wx-login(){
wx-stop wx-stop
fi fi
config[${ORG}]=$VAULT_LOGIN config["login",${ORG}]=$VAULT_LOGIN
mkdir -p $HOME/.config/warengroup &> /dev/null mkdir -p $HOME/.config/warengroup &> /dev/null
touch $HOME/.config/warengroup/login.json &> /dev/null touch $HOME/.config/warengroup/config.json &> /dev/null
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json echo '{ "login": { "'$ORG'": "'$VAULT_LOGIN'" } }' | jq > $HOME/.config/warengroup/config.json
wx-start wx-start
fi fi
fi fi
else else
echo " >> Login << "
echo "------------------------------"
echo $wxBold$ORG$wxNormal echo $wxBold$ORG$wxNormal
echo -n "Status: Vault Offline" echo -n "Status: Vault Offline"
@ -281,7 +290,7 @@ wx-ssh(){
wx-ssh-sign wx-ssh-sign
;; ;;
config) config)
wx-ssh-config wx-ssh-config $2
;; ;;
*) *)
echo " >> SSH << " echo " >> SSH << "
@ -298,14 +307,44 @@ wx-welcome(){
} }
wx-ssh-config(){ wx-ssh-config(){
echo " >> SSH << " echo " >> SSH / Config << "
echo " Config "
echo "------------------------------" echo "------------------------------"
case $1 in
edit)
wx-ssh-config-sync
wx-ssh-config-edit
wx-ssh-config-save
;;
save)
wx-ssh-config-save
;;
sync)
wx-ssh-config-sync
;;
*)
wx-ssh-config-sync
wx-stop
;;
esac
}
wx-ssh-config-edit(){
nano ~/.ssh/config
}
wx-ssh-config-save(){
curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"settings/ssh/config\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USER -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data["settings/ssh/config"]') | base64 -d > ~/.ssh/config 2>&1
} }
wx-ssh-sign(){ wx-ssh-sign(){
echo " >> SSH << " echo " >> SSH / Sign << "
echo " Sign "
echo "------------------------------" echo "------------------------------"
if [[ $ORG == "warengroup" ]] if [[ $ORG == "warengroup" ]]
@ -340,7 +379,7 @@ wx-ssh-sign-create(){
if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]] if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]]
then then
echo "$NAME/$ROLE" echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1
fi fi
} }