Code Update

2024-06-16 02:51:29 +03:00
parent 13e0deb5f5
commit b014dd1990
14 changed files with 295 additions and 134 deletions
--- a/src/commands/ssh/keys.sh
+++ b/src/commands/ssh/keys.sh
@@ -7,6 +7,9 @@ wx-ssh-keys(){
            wx-ssh-keys-generate $2
            wx-ssh-keys-save $2
            ;;
+        sign)
+            wx-ssh-keys-sign
+            ;;
        retrieve)
            wx-ssh-keys-retrieve $2
            ;;
@@ -17,10 +20,12 @@ wx-ssh-keys(){
            wx-ssh-keys-sync $2
            ;;
        delete)
-            wx-ssh-keys-remove $2
+            wx-ssh-keys-delete $2
+            ;;
+        clean)
+            wx-ssh-keys-clean $2
            ;;
        *)
-            wx-ssh-keys-sync
            wx-stop
            ;;
    esac
@@ -38,6 +43,44 @@ wx-ssh-keys-generate(){
    fi
 }

+wx-ssh-keys-sign(){
+    wx-header "SSH / Sign"
+    wx-restricted
+
+    if [[ $ORG == "warengroup" ]]
+    then
+        wx-ssh-keys-sign-create warengroup sysadmin 3600
+    elif [[ $ORG == "cwinfo" ]]
+    then
+        wx-ssh-keys-sign-create cwinfo sysadmin 3600
+    elif [[ $ORG == "cwchristerw" ]]
+    then
+        wx-ssh-keys-sign-create warengroup sysadmin 3600
+        wx-ssh-keys-sign-create cwinfo sysadmin 3600
+        wx-ssh-keys-sign-create cwchristerw sysadmin 3600
+    fi
+}
+
+wx-ssh-keys-sign-create(){
+    wx-restricted
+
+    NAME=$1
+    ROLE=$2
+    PRINCIPALS=$2
+    TTL=$3
+
+    if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
+    then
+        ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
+    fi
+
+    if [[ -f "$HOME/.ssh/keys/$NAME" ]]
+    then
+        echo "$NAME/$ROLE"
+        echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
+    fi
+}
+
 wx-ssh-keys-retrieve(){
    wx-header "SSH / Keys"
    wx-restricted
@@ -67,5 +110,44 @@ wx-ssh-keys-save(){
 wx-ssh-keys-sync(){
    wx-header "SSH / Keys"
    wx-restricted
-    echo ""
+}
+
+wx-ssh-keys-clean(){
+    if [[ -z $1 ]]
+    then
+        wx-header "SSH / Keys"
+    fi
+    wx-restricted
+
+    if [[ ! -z $1 ]]
+    then
+        if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
+        then
+            rm "$HOME/.ssh/keys/$1" &> /dev/null
+            rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
+            rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
+        fi
+    else
+        if [[ $ORG == "warengroup" ]]
+        then
+            wx-ssh-keys-clean warengroup
+        elif [[ $ORG == "cwinfo" ]]
+        then
+            wx-ssh-keys-clean cwinfo
+        elif [[ $ORG == "cwchristerw" ]]
+        then
+            wx-ssh-keys-clean warengroup
+            wx-ssh-keys-clean cwinfo
+            wx-ssh-keys-clean cwchristerw
+        fi
+
+        for file in ~/.ssh/keys/*
+        do
+            VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
+            if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
+            then
+                rm "$file" &> /dev/null
+            fi
+        done
+    fi
 }