diff --git a/build.sh b/build.sh old mode 100644 new mode 100755 diff --git a/src/commands/login.sh b/src/commands/auth/login.sh similarity index 100% rename from src/commands/login.sh rename to src/commands/auth/login.sh diff --git a/src/commands/logout.sh b/src/commands/auth/logout.sh similarity index 94% rename from src/commands/logout.sh rename to src/commands/auth/logout.sh index 71ef0a1..2efc165 100644 --- a/src/commands/logout.sh +++ b/src/commands/auth/logout.sh @@ -2,6 +2,7 @@ wx-logout(){ wx-header "Logout" if [[ $USER != "root" && $USER != "local" ]] then + wx-clean jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null fi diff --git a/src/commands/help.sh b/src/commands/help.sh index 81d3e96..e7bf201 100644 --- a/src/commands/help.sh +++ b/src/commands/help.sh @@ -13,12 +13,15 @@ Common Commands: edit Edit save Save sync Sync + clean Clean keys Keys generate Generate - delete Delete + sign Sign + retrieve Retrieve save Save sync Sync - sign Certificates + delete Delete + clean Clean Authentication Commands: login Login @@ -26,8 +29,12 @@ Authentication Commands: Management Commands: auto Auto - install Install + clean Clean settings Settings + +Maintenance Commands: + install Install + update Update "; } diff --git a/src/commands/install.sh b/src/commands/maintenance/install.sh similarity index 100% rename from src/commands/install.sh rename to src/commands/maintenance/install.sh diff --git a/src/commands/maintenance/uninstall.sh b/src/commands/maintenance/uninstall.sh new file mode 100644 index 0000000..604aedb --- /dev/null +++ b/src/commands/maintenance/uninstall.sh @@ -0,0 +1,8 @@ +wx-uninstall(){ + wx-header "Uninstall" + wx-logout + if [[ ! -d "$HOME/.config/warengroup" ]] + then + rm "$HOME/.config/warengroup" -rf + fi +} diff --git a/src/commands/update.sh b/src/commands/maintenance/update.sh similarity index 100% rename from src/commands/update.sh rename to src/commands/maintenance/update.sh diff --git a/src/commands/auto.sh b/src/commands/management/auto.sh similarity index 81% rename from src/commands/auto.sh rename to src/commands/management/auto.sh index e0bd444..188aef7 100644 --- a/src/commands/auto.sh +++ b/src/commands/management/auto.sh @@ -4,5 +4,5 @@ wx-auto(){ wx-ssh-config-sync wx-ssh-keys-sync - wx-ssh-sign + wx-ssh-keys-sign } diff --git a/src/commands/management/clean.sh b/src/commands/management/clean.sh new file mode 100644 index 0000000..69836a0 --- /dev/null +++ b/src/commands/management/clean.sh @@ -0,0 +1,6 @@ +wx-clean(){ + wx-login + wx-header "Clean" + wx-ssh-config-clean + wx-ssh-keys-clean +} diff --git a/src/commands/settings.sh b/src/commands/management/settings.sh similarity index 100% rename from src/commands/settings.sh rename to src/commands/management/settings.sh diff --git a/src/commands/ssh/config.sh b/src/commands/ssh/config.sh index 2a0516c..b5dd3b7 100644 --- a/src/commands/ssh/config.sh +++ b/src/commands/ssh/config.sh @@ -13,6 +13,9 @@ wx-ssh-config(){ sync) wx-ssh-config-sync ;; + clean) + wx-ssh-config-clean + ;; *) wx-ssh-config-sync wx-stop @@ -41,3 +44,13 @@ wx-ssh-config-sync(){ echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 fi } + +wx-ssh-config-clean(){ + wx-header "SSH / Config" + wx-restricted + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") + if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] + then + rm "$HOME/.ssh/config" + fi +} diff --git a/src/commands/ssh/keys.sh b/src/commands/ssh/keys.sh index 5234727..8d2c385 100644 --- a/src/commands/ssh/keys.sh +++ b/src/commands/ssh/keys.sh @@ -7,6 +7,9 @@ wx-ssh-keys(){ wx-ssh-keys-generate $2 wx-ssh-keys-save $2 ;; + sign) + wx-ssh-keys-sign + ;; retrieve) wx-ssh-keys-retrieve $2 ;; @@ -17,10 +20,12 @@ wx-ssh-keys(){ wx-ssh-keys-sync $2 ;; delete) - wx-ssh-keys-remove $2 + wx-ssh-keys-delete $2 + ;; + clean) + wx-ssh-keys-clean $2 ;; *) - wx-ssh-keys-sync wx-stop ;; esac @@ -38,6 +43,44 @@ wx-ssh-keys-generate(){ fi } +wx-ssh-keys-sign(){ + wx-header "SSH / Sign" + wx-restricted + + if [[ $ORG == "warengroup" ]] + then + wx-ssh-keys-sign-create warengroup sysadmin 3600 + elif [[ $ORG == "cwinfo" ]] + then + wx-ssh-keys-sign-create cwinfo sysadmin 3600 + elif [[ $ORG == "cwchristerw" ]] + then + wx-ssh-keys-sign-create warengroup sysadmin 3600 + wx-ssh-keys-sign-create cwinfo sysadmin 3600 + wx-ssh-keys-sign-create cwchristerw sysadmin 3600 + fi +} + +wx-ssh-keys-sign-create(){ + wx-restricted + + NAME=$1 + ROLE=$2 + PRINCIPALS=$2 + TTL=$3 + + if [[ ! -f "$HOME/.ssh/keys/$NAME" ]] + then + ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null + fi + + if [[ -f "$HOME/.ssh/keys/$NAME" ]] + then + echo "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 + fi +} + wx-ssh-keys-retrieve(){ wx-header "SSH / Keys" wx-restricted @@ -67,5 +110,44 @@ wx-ssh-keys-save(){ wx-ssh-keys-sync(){ wx-header "SSH / Keys" wx-restricted - echo "" +} + +wx-ssh-keys-clean(){ + if [[ -z $1 ]] + then + wx-header "SSH / Keys" + fi + wx-restricted + + if [[ ! -z $1 ]] + then + if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]] + then + rm "$HOME/.ssh/keys/$1" &> /dev/null + rm "$HOME/.ssh/keys/$1.pub" &> /dev/null + rm "$HOME/.ssh/keys/$1.sig" &> /dev/null + fi + else + if [[ $ORG == "warengroup" ]] + then + wx-ssh-keys-clean warengroup + elif [[ $ORG == "cwinfo" ]] + then + wx-ssh-keys-clean cwinfo + elif [[ $ORG == "cwchristerw" ]] + then + wx-ssh-keys-clean warengroup + wx-ssh-keys-clean cwinfo + wx-ssh-keys-clean cwchristerw + fi + + for file in ~/.ssh/keys/* + do + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}") + if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]] + then + rm "$file" &> /dev/null + fi + done + fi } diff --git a/src/commands/ssh/sign.sh b/src/commands/ssh/sign.sh deleted file mode 100644 index 7ee75af..0000000 --- a/src/commands/ssh/sign.sh +++ /dev/null @@ -1,37 +0,0 @@ -wx-ssh-sign(){ - wx-header "SSH / Sign" - wx-restricted - - if [[ $ORG == "warengroup" ]] - then - wx-ssh-sign-create warengroup sysadmin 3600 - elif [[ $ORG == "cwinfo" ]] - then - wx-ssh-sign-create cwinfo sysadmin 3600 - elif [[ $ORG == "cwchristerw" ]] - then - wx-ssh-sign-create warengroup sysadmin 3600 - wx-ssh-sign-create cwinfo sysadmin 3600 - wx-ssh-sign-create cwchristerw sysadmin 3600 - fi -} - -wx-ssh-sign-create(){ - wx-restricted - - NAME=$1 - ROLE=$2 - PRINCIPALS=$2 - TTL=$3 - - if [[ ! -f "$HOME/.ssh/keys/$NAME" ]] - then - ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null - fi - - if [[ -f "$HOME/.ssh/keys/$NAME" ]] - then - echo "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 - fi -} diff --git a/wx b/wx index 8f57a06..6759777 100755 --- a/wx +++ b/wx @@ -85,15 +85,6 @@ wx-stop (){ exit 1 } -wx-auto(){ - wx-login - wx-header "Auto" - - wx-ssh-config-sync - wx-ssh-keys-sync - wx-ssh-sign -} - wx-help(){ wx-header "Help" @@ -109,12 +100,15 @@ Common Commands: edit Edit save Save sync Sync + clean Clean keys Keys generate Generate - delete Delete + sign Sign + retrieve Retrieve save Save sync Sync - sign Certificates + delete Delete + clean Clean Authentication Commands: login Login @@ -122,8 +116,12 @@ Authentication Commands: Management Commands: auto Auto - install Install + clean Clean settings Settings + +Maintenance Commands: + install Install + update Update "; } @@ -166,24 +164,34 @@ wx-infra(){ esac } -wx-install(){ - if [[ -z $1 ]] - then - wx-header "Install" - fi +wx-ssh(){ + wx-login - wx-restricted + mkdir -p $HOME/.ssh/keys + chmod 700 -R $HOME/.ssh/keys + mkdir -p $HOME/.ssh/multiplex + chmod 700 -R $HOME/.ssh/multiplex - if [[ -f "./wx" ]] && [[ -d "./src" ]] - then - podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null - mv wx.tmp wx &> /dev/null - chmod +x wx &> /dev/null - fi + case $1 in + sign) + wx-ssh-sign + ;; + keys) + wx-ssh-keys $2 $3 + ;; + config) + wx-ssh-config $2 + ;; + *) + wx-header "SSH" - mkdir $HOME/bin &> /dev/null - curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null - chmod +x $HOME/bin/wx &> /dev/null + wx-stop + ;; + esac +} + +wx-welcome(){ + wx-header "Welcome" } wx-login(){ @@ -362,40 +370,39 @@ wx-logout(){ wx-header "Logout" if [[ $USER != "root" && $USER != "local" ]] then + wx-clean jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null fi } -wx-settings(){ - wx-login - wx-header "Settings" +wx-install(){ + if [[ -z $1 ]] + then + wx-header "Install" + fi + + wx-restricted + + if [[ -f "./wx" ]] && [[ -d "./src" ]] + then + podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null + mv wx.tmp wx &> /dev/null + chmod +x wx &> /dev/null + fi + + mkdir $HOME/bin &> /dev/null + curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null + chmod +x $HOME/bin/wx &> /dev/null } -wx-ssh(){ - wx-login - - mkdir -p $HOME/.ssh/keys - chmod 700 -R $HOME/.ssh/keys - mkdir -p $HOME/.ssh/multiplex - chmod 700 -R $HOME/.ssh/multiplex - - case $1 in - sign) - wx-ssh-sign - ;; - keys) - wx-ssh-keys $2 $3 - ;; - config) - wx-ssh-config $2 - ;; - *) - wx-header "SSH" - - wx-stop - ;; - esac +wx-uninstall(){ + wx-header "Uninstall" + wx-logout + if [[ ! -d "$HOME/.config/warengroup" ]] + then + rm "$HOME/.config/warengroup" -rf + fi } wx-update(){ @@ -403,8 +410,25 @@ wx-update(){ wx-install --update } -wx-welcome(){ - wx-header "Welcome" +wx-auto(){ + wx-login + wx-header "Auto" + + wx-ssh-config-sync + wx-ssh-keys-sync + wx-ssh-keys-sign +} + +wx-clean(){ + wx-login + wx-header "Clean" + wx-ssh-config-clean + wx-ssh-keys-clean +} + +wx-settings(){ + wx-login + wx-header "Settings" } wx-ssh-config(){ @@ -422,6 +446,9 @@ wx-ssh-config(){ sync) wx-ssh-config-sync ;; + clean) + wx-ssh-config-clean + ;; *) wx-ssh-config-sync wx-stop @@ -451,6 +478,16 @@ wx-ssh-config-sync(){ fi } +wx-ssh-config-clean(){ + wx-header "SSH / Config" + wx-restricted + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") + if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] + then + rm "$HOME/.ssh/config" + fi +} + wx-ssh-keys(){ wx-restricted @@ -460,6 +497,9 @@ wx-ssh-keys(){ wx-ssh-keys-generate $2 wx-ssh-keys-save $2 ;; + sign) + wx-ssh-keys-sign + ;; retrieve) wx-ssh-keys-retrieve $2 ;; @@ -470,10 +510,12 @@ wx-ssh-keys(){ wx-ssh-keys-sync $2 ;; delete) - wx-ssh-keys-remove $2 + wx-ssh-keys-delete $2 + ;; + clean) + wx-ssh-keys-clean $2 ;; *) - wx-ssh-keys-sync wx-stop ;; esac @@ -491,6 +533,44 @@ wx-ssh-keys-generate(){ fi } +wx-ssh-keys-sign(){ + wx-header "SSH / Sign" + wx-restricted + + if [[ $ORG == "warengroup" ]] + then + wx-ssh-keys-sign-create warengroup sysadmin 3600 + elif [[ $ORG == "cwinfo" ]] + then + wx-ssh-keys-sign-create cwinfo sysadmin 3600 + elif [[ $ORG == "cwchristerw" ]] + then + wx-ssh-keys-sign-create warengroup sysadmin 3600 + wx-ssh-keys-sign-create cwinfo sysadmin 3600 + wx-ssh-keys-sign-create cwchristerw sysadmin 3600 + fi +} + +wx-ssh-keys-sign-create(){ + wx-restricted + + NAME=$1 + ROLE=$2 + PRINCIPALS=$2 + TTL=$3 + + if [[ ! -f "$HOME/.ssh/keys/$NAME" ]] + then + ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null + fi + + if [[ -f "$HOME/.ssh/keys/$NAME" ]] + then + echo "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 + fi +} + wx-ssh-keys-retrieve(){ wx-header "SSH / Keys" wx-restricted @@ -520,44 +600,45 @@ wx-ssh-keys-save(){ wx-ssh-keys-sync(){ wx-header "SSH / Keys" wx-restricted - echo "" } -wx-ssh-sign(){ - wx-header "SSH / Sign" +wx-ssh-keys-clean(){ + if [[ -z $1 ]] + then + wx-header "SSH / Keys" + fi wx-restricted - if [[ $ORG == "warengroup" ]] + if [[ ! -z $1 ]] then - wx-ssh-sign-create warengroup sysadmin 3600 - elif [[ $ORG == "cwinfo" ]] - then - wx-ssh-sign-create cwinfo sysadmin 3600 - elif [[ $ORG == "cwchristerw" ]] - then - wx-ssh-sign-create warengroup sysadmin 3600 - wx-ssh-sign-create cwinfo sysadmin 3600 - wx-ssh-sign-create cwchristerw sysadmin 3600 - fi -} + if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]] + then + rm "$HOME/.ssh/keys/$1" &> /dev/null + rm "$HOME/.ssh/keys/$1.pub" &> /dev/null + rm "$HOME/.ssh/keys/$1.sig" &> /dev/null + fi + else + if [[ $ORG == "warengroup" ]] + then + wx-ssh-keys-clean warengroup + elif [[ $ORG == "cwinfo" ]] + then + wx-ssh-keys-clean cwinfo + elif [[ $ORG == "cwchristerw" ]] + then + wx-ssh-keys-clean warengroup + wx-ssh-keys-clean cwinfo + wx-ssh-keys-clean cwchristerw + fi -wx-ssh-sign-create(){ - wx-restricted - - NAME=$1 - ROLE=$2 - PRINCIPALS=$2 - TTL=$3 - - if [[ ! -f "$HOME/.ssh/keys/$NAME" ]] - then - ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null - fi - - if [[ -f "$HOME/.ssh/keys/$NAME" ]] - then - echo "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 + for file in ~/.ssh/keys/* + do + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}") + if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]] + then + rm "$file" &> /dev/null + fi + done fi }