Code Update

This commit is contained in:
Christer Warén 2024-06-16 02:51:29 +03:00
parent 13e0deb5f5
commit b014dd1990
14 changed files with 295 additions and 134 deletions

0
build.sh Normal file → Executable file
View File

View File

@ -2,6 +2,7 @@ wx-logout(){
wx-header "Logout" wx-header "Logout"
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
wx-clean
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi fi

View File

@ -13,12 +13,15 @@ Common Commands:
edit Edit edit Edit
save Save save Save
sync Sync sync Sync
clean Clean
keys Keys keys Keys
generate Generate generate Generate
delete Delete sign Sign
retrieve Retrieve
save Save save Save
sync Sync sync Sync
sign Certificates delete Delete
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
@ -26,8 +29,12 @@ Authentication Commands:
Management Commands: Management Commands:
auto Auto auto Auto
install Install clean Clean
settings Settings settings Settings
Maintenance Commands:
install Install
update Update
"; ";
} }

View File

@ -0,0 +1,8 @@
wx-uninstall(){
wx-header "Uninstall"
wx-logout
if [[ ! -d "$HOME/.config/warengroup" ]]
then
rm "$HOME/.config/warengroup" -rf
fi
}

View File

@ -4,5 +4,5 @@ wx-auto(){
wx-ssh-config-sync wx-ssh-config-sync
wx-ssh-keys-sync wx-ssh-keys-sync
wx-ssh-sign wx-ssh-keys-sign
} }

View File

@ -0,0 +1,6 @@
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}

View File

@ -13,6 +13,9 @@ wx-ssh-config(){
sync) sync)
wx-ssh-config-sync wx-ssh-config-sync
;; ;;
clean)
wx-ssh-config-clean
;;
*) *)
wx-ssh-config-sync wx-ssh-config-sync
wx-stop wx-stop
@ -41,3 +44,13 @@ wx-ssh-config-sync(){
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
fi fi
} }
wx-ssh-config-clean(){
wx-header "SSH / Config"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
}

View File

@ -7,6 +7,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2 wx-ssh-keys-generate $2
wx-ssh-keys-save $2 wx-ssh-keys-save $2
;; ;;
sign)
wx-ssh-keys-sign
;;
retrieve) retrieve)
wx-ssh-keys-retrieve $2 wx-ssh-keys-retrieve $2
;; ;;
@ -17,10 +20,12 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2 wx-ssh-keys-sync $2
;; ;;
delete) delete)
wx-ssh-keys-remove $2 wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;; ;;
*) *)
wx-ssh-keys-sync
wx-stop wx-stop
;; ;;
esac esac
@ -38,6 +43,44 @@ wx-ssh-keys-generate(){
fi fi
} }
wx-ssh-keys-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){ wx-ssh-keys-retrieve(){
wx-header "SSH / Keys" wx-header "SSH / Keys"
wx-restricted wx-restricted
@ -67,5 +110,44 @@ wx-ssh-keys-save(){
wx-ssh-keys-sync(){ wx-ssh-keys-sync(){
wx-header "SSH / Keys" wx-header "SSH / Keys"
wx-restricted wx-restricted
echo "" }
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
} }

View File

@ -1,37 +0,0 @@
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}

247
wx
View File

@ -85,15 +85,6 @@ wx-stop (){
exit 1 exit 1
} }
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-sign
}
wx-help(){ wx-help(){
wx-header "Help" wx-header "Help"
@ -109,12 +100,15 @@ Common Commands:
edit Edit edit Edit
save Save save Save
sync Sync sync Sync
clean Clean
keys Keys keys Keys
generate Generate generate Generate
delete Delete sign Sign
retrieve Retrieve
save Save save Save
sync Sync sync Sync
sign Certificates delete Delete
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
@ -122,8 +116,12 @@ Authentication Commands:
Management Commands: Management Commands:
auto Auto auto Auto
install Install clean Clean
settings Settings settings Settings
Maintenance Commands:
install Install
update Update
"; ";
} }
@ -166,24 +164,34 @@ wx-infra(){
esac esac
} }
wx-install(){ wx-ssh(){
if [[ -z $1 ]] wx-login
then
wx-header "Install"
fi
wx-restricted mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
if [[ -f "./wx" ]] && [[ -d "./src" ]] case $1 in
then sign)
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null wx-ssh-sign
mv wx.tmp wx &> /dev/null ;;
chmod +x wx &> /dev/null keys)
fi wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
mkdir $HOME/bin &> /dev/null wx-stop
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null ;;
chmod +x $HOME/bin/wx &> /dev/null esac
}
wx-welcome(){
wx-header "Welcome"
} }
wx-login(){ wx-login(){
@ -362,40 +370,39 @@ wx-logout(){
wx-header "Logout" wx-header "Logout"
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
wx-clean
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi fi
} }
wx-settings(){ wx-install(){
wx-login if [[ -z $1 ]]
wx-header "Settings" then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
} }
wx-ssh(){ wx-uninstall(){
wx-login wx-header "Uninstall"
wx-logout
mkdir -p $HOME/.ssh/keys if [[ ! -d "$HOME/.config/warengroup" ]]
chmod 700 -R $HOME/.ssh/keys then
mkdir -p $HOME/.ssh/multiplex rm "$HOME/.config/warengroup" -rf
chmod 700 -R $HOME/.ssh/multiplex fi
case $1 in
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
} }
wx-update(){ wx-update(){
@ -403,8 +410,25 @@ wx-update(){
wx-install --update wx-install --update
} }
wx-welcome(){ wx-auto(){
wx-header "Welcome" wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-keys-sign
}
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}
wx-settings(){
wx-login
wx-header "Settings"
} }
wx-ssh-config(){ wx-ssh-config(){
@ -422,6 +446,9 @@ wx-ssh-config(){
sync) sync)
wx-ssh-config-sync wx-ssh-config-sync
;; ;;
clean)
wx-ssh-config-clean
;;
*) *)
wx-ssh-config-sync wx-ssh-config-sync
wx-stop wx-stop
@ -451,6 +478,16 @@ wx-ssh-config-sync(){
fi fi
} }
wx-ssh-config-clean(){
wx-header "SSH / Config"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
}
wx-ssh-keys(){ wx-ssh-keys(){
wx-restricted wx-restricted
@ -460,6 +497,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2 wx-ssh-keys-generate $2
wx-ssh-keys-save $2 wx-ssh-keys-save $2
;; ;;
sign)
wx-ssh-keys-sign
;;
retrieve) retrieve)
wx-ssh-keys-retrieve $2 wx-ssh-keys-retrieve $2
;; ;;
@ -470,10 +510,12 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2 wx-ssh-keys-sync $2
;; ;;
delete) delete)
wx-ssh-keys-remove $2 wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;; ;;
*) *)
wx-ssh-keys-sync
wx-stop wx-stop
;; ;;
esac esac
@ -491,6 +533,44 @@ wx-ssh-keys-generate(){
fi fi
} }
wx-ssh-keys-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){ wx-ssh-keys-retrieve(){
wx-header "SSH / Keys" wx-header "SSH / Keys"
wx-restricted wx-restricted
@ -520,44 +600,45 @@ wx-ssh-keys-save(){
wx-ssh-keys-sync(){ wx-ssh-keys-sync(){
wx-header "SSH / Keys" wx-header "SSH / Keys"
wx-restricted wx-restricted
echo ""
} }
wx-ssh-sign(){ wx-ssh-keys-clean(){
wx-header "SSH / Sign" if [[ -z $1 ]]
then
wx-header "SSH / Keys"
fi
wx-restricted wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" ]] if [[ $ORG == "warengroup" ]]
then then
wx-ssh-sign-create warengroup sysadmin 3600 wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" ]] elif [[ $ORG == "cwinfo" ]]
then then
wx-ssh-sign-create cwinfo sysadmin 3600 wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" ]] elif [[ $ORG == "cwchristerw" ]]
then then
wx-ssh-sign-create warengroup sysadmin 3600 wx-ssh-keys-clean warengroup
wx-ssh-sign-create cwinfo sysadmin 3600 wx-ssh-keys-clean cwinfo
wx-ssh-sign-create cwchristerw sysadmin 3600 wx-ssh-keys-clean cwchristerw
fi
}
wx-ssh-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]] for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then then
echo "$NAME/$ROLE" rm "$file" &> /dev/null
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 fi
done
fi fi
} }