From fbaa5780d97bdb643b082f68495d9c4d02a7ec64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Mon, 10 Nov 2025 12:40:35 +0200 Subject: [PATCH] Refactoring Code --- maintainer.sh | 10 +- src/base.sh | 77 +- src/commands/auth/login.sh | 278 +++-- src/commands/auth/logout.sh | 32 +- src/commands/help.sh | 8 +- src/commands/infra.sh | 134 +-- src/commands/maintenance/install.sh | 42 +- src/commands/maintenance/uninstall.sh | 42 +- src/commands/maintenance/update.sh | 9 +- src/commands/management/auto.sh | 11 +- src/commands/management/clean.sh | 10 +- src/commands/management/settings.sh | 5 +- src/commands/ssh.sh | 28 +- src/commands/ssh/config.sh | 82 +- src/commands/ssh/config/clean.sh | 11 + src/commands/ssh/config/edit.sh | 7 + src/commands/ssh/config/save.sh | 10 + src/commands/ssh/config/sync.sh | 18 + src/commands/ssh/keys.sh | 195 +--- src/commands/ssh/keys/clean.sh | 32 + src/commands/ssh/keys/generate.sh | 13 + src/commands/ssh/keys/retrieve.sh | 18 + src/commands/ssh/keys/save.sh | 13 + src/commands/ssh/keys/sign.sh | 27 + src/commands/ssh/keys/sync.sh | 14 + src/commands/welcome.sh | 13 +- src/functions/config.sh | 12 + src/functions/header.sh | 24 - src/functions/repeat.sh | 5 - src/functions/restricted.sh | 86 +- src/functions/start.sh | 24 +- src/functions/stop.sh | 24 +- src/ui/content.sh | 16 + src/ui/footer.sh | 11 + src/ui/formatting.sh | 11 + src/ui/header.sh | 30 + src/ui/messages.sh | 0 src/ui/repeat.sh | 13 + wx | 1387 ++++++++++++++----------- 39 files changed, 1559 insertions(+), 1223 deletions(-) create mode 100644 src/commands/ssh/config/clean.sh create mode 100644 src/commands/ssh/config/edit.sh create mode 100644 src/commands/ssh/config/save.sh create mode 100644 src/commands/ssh/config/sync.sh create mode 100644 src/commands/ssh/keys/clean.sh create mode 100644 src/commands/ssh/keys/generate.sh create mode 100644 src/commands/ssh/keys/retrieve.sh create mode 100644 src/commands/ssh/keys/save.sh create mode 100644 src/commands/ssh/keys/sign.sh create mode 100644 src/commands/ssh/keys/sync.sh create mode 100644 src/functions/config.sh delete mode 100644 src/functions/header.sh delete mode 100644 src/functions/repeat.sh create mode 100644 src/ui/content.sh create mode 100644 src/ui/footer.sh create mode 100644 src/ui/formatting.sh create mode 100644 src/ui/header.sh create mode 100644 src/ui/messages.sh create mode 100644 src/ui/repeat.sh diff --git a/maintainer.sh b/maintainer.sh index b61ef44..9374e85 100755 --- a/maintainer.sh +++ b/maintainer.sh @@ -1,13 +1,13 @@ #!/bin/bash if [ ! "$BASH_VERSION" ] ; then - bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 - exit 1 + bash $0 + exit 1 fi if [[ -f "./wx" ]] && [[ -d "./src" ]] then - podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null - mv wx.tmp wx &> /dev/null - chmod +x wx &> /dev/null + podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null + mv wx.tmp wx &> /dev/null + chmod +x wx &> /dev/null fi diff --git a/src/base.sh b/src/base.sh index be8a9b6..7ab782f 100644 --- a/src/base.sh +++ b/src/base.sh @@ -1,31 +1,68 @@ #!/bin/bash -if [ ! "$BASH_VERSION" ] ; then - bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 - exit 1 -fi - -wxRed=$(tput setaf 196) -wxGreen=$(tput setaf 46) -wxYellow=$(tput setaf 226) -wxBlue=$(tput setaf 21) -wxPurple=$(tput setaf 165) -wxTurquoise=$(tput setaf 14) -wxPink=$(tput setaf 198) -wxOrange=$(tput setaf 202) -wxUnderline=$(tput smul) -wxBold=$(tput bold) -wxNormal=$(tput sgr0) +#if [ ! "$BASH_VERSION" ] ; then +# bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 +# exit 1 +#fi +declare -Ax args declare -Ax config +declare -Ax messages {{ FUNCTIONS }} +{{ UI }} {{ COMMANDS }} -if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]] +i=1 +while [[ "$1" != "" ]] +do + case $1 in + --*) + key="${1%%=*}" + value="${1#*=}" + + if [[ "$value" == "$key" ]] + then + shift + value="$1" + fi + + if [[ -z $value ]] + then + value=true + fi + + args["${key#--}"]="$value" + ;; + -*) + key="${1%=*}" + value="${1#*=}" + + if [[ "$value" == "$key" ]] + then + shift + value="$1" + fi + + if [[ -z $value ]] + then + value=true + fi + + args["${key#-}"]="$value" + ;; + *) + args["$i"]="${1%%=*}" + i=$((i + 1)) + ;; + esac + shift +done + +if [[ ! -z ${args['1']} ]] && [[ $(type -t wx-${args['1']}) == function ]] then - wx-$1 $2 $3 $4 $5 $6 $7 $8 $9 + wx-${args['1']} else - wx-welcome + wx-welcome fi -wx-stop +wxi-stop diff --git a/src/commands/auth/login.sh b/src/commands/auth/login.sh index ca3a891..5585817 100644 --- a/src/commands/auth/login.sh +++ b/src/commands/auth/login.sh @@ -1,164 +1,138 @@ wx-login(){ - if [[ ! -z $1 ]] - then - ORG=$1 - jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - elif [[ $(hostname -d) = *"devices.waren.io" ]] - then - ORG=warengroup - elif [[ $(hostname -d) = *"devices.cwinfo.net" ]] - then - ORG=cwinfo - elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] - then - ORG=cwchristerw - elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]] - then - ORG=$(cat $HOME/.warengroup/config.json | jq -r .org) - else - wx-header "Login" - echo "Status: Organization Required" - wx-stop - fi + wxi-header "Login" + wxi-restricted --user + wxi-restricted --org + wxi-restricted --vault - if [[ $ORG == "warengroup" ]] - then - DOMAIN=waren.io - elif [[ $ORG == "cwinfo" ]] - then - DOMAIN=cwinfo.net - elif [[ $ORG == "cwchristerw" ]] - then - DOMAIN=christerwaren.fi - else - wx-header "Login" - echo "Status: Organization Unsupported" - wx-stop - fi + wxi-header "$ORG_HEADER" h3 - FOLDER=$ORG - DEVICE_DOMAIN="devices.$DOMAIN" - IDM_DOMAIN="idm.waren.io" - VAULT_DOMAIN="vault.cwinfo.net" + if [[ ! -z ${args['login-type']} ]] + then + LOGIN_TYPE=${args['login-type']} + elif [[ ! -z ${args['token']} ]] + then + LOGIN_TYPE=token + elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] + then + LOGIN_TYPE=token + elif [[ ! -z ${args['username']} ]] + then + LOGIN_TYPE=ldap + else + LOGIN_TYPE=ldap + fi - if [[ -z $USER || $USER == "root" || $USER == "local" ]] - then - if [[ -z $SUDO_USER ]] + if [[ ! -z $LOGIN_TYPE ]] + then + case $LOGIN_TYPE in + ldap) + echo -n "Username: " + if [[ ! -z ${args['username']} ]] then - if [[ -z LOGNAME ]] - then - wx-header "Login" - echo "Status: Username Required" - wx-stop - else - USERNAME=$LOGNAME - fi + USERNAME=${args['username']} + wxi-content text "$USERNAME" else - USERNAME=$SUDO_USER - fi - else - USERNAME=$USER - fi - - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) - if [[ $VAULT_STATUS -eq 200 ]] - then - - if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]] - then - if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]] - then - USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)" - fi - TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)" + read USERNAME fi - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') - if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] + echo -n "Password: " + if [[ ! -z ${args['password']} ]] then - config["login",${ORG}]=$VAULT_LOGIN - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi + PASSWORD=${args['password']} else - IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) - if [[ $IDM_STATUS -eq 301 ]] - then - wx-header "Login" - echo $wxBold$ORG$wxNormal - - if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]] - then - echo -n "Username: " - read USERNAME - else - echo "Username: $USERNAME" - fi - - jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - - echo -n "Password: " - read -s PASSWORD - echo "****************" - - if [[ -z $USERNAME || -z $PASSWORD ]] - then - echo "Status: Username & Password Required" - wx-stop - else - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] - then - echo "Status: Login Failed" - wx-stop - fi - - config["login",${ORG}]=$VAULT_LOGIN - - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi - else - wx-header "Login" - echo $wxBold$ORG$wxNormal - - echo -n "Token: " - read -s TOKEN - echo "****************" - - if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] - then - echo "Status: Vault Token Required" - wx-stop - fi - - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] - then - echo "Status: Login Failed" - wx-stop - fi - - config["login",${ORG}]=$VAULT_LOGIN - - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi + read -s PASSWORD fi - else - wx-header "Login" - echo $wxBold$ORG$wxNormal - echo "Status: Vault Offline" - wx-stop - fi + + if [[ ! -z $PASSWORD ]] + then + wxi-content text "****************" + else + wxi-content text "" + fi + + if [[ -z $USERNAME || -z $PASSWORD ]] + then + wxi-content status "Username & Password" "Required" + wxi-footer + wxi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + wxi-content status "Login" "Failed" + wxi-stop + fi + + wxi-config login + ;; + token) + echo -n "Token: " + if [[ ! -z ${args['token']} ]] + then + if [[ ${args['token']} != "true" ]] + then + TOKEN=${args['token']} + fi + elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] + then + TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) + else + read -s TOKEN + fi + + if [[ ! -z $TOKEN ]] + then + wxi-content text "***********************************************************************************************" + fi + + if [[ -z $TOKEN ]] + then + wxi-content status "Token" "Required" + wxi-footer + wxi-stop + fi + + if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] + then + wxi-content status "Token" "Invalid" + wxi-footer + wxi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + wxi-content status "Login" "Failed" + wxi-stop + fi + + wxi-config login + ;; + *) + wxi-content status "Login Type" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + fi + + VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name') + if [[ -z $VAULT_USERNAME ]] + then + wxi-content status "Login" "Username Missing" + wxi-stop + elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]] + then + wxi-content status "Login" "Authentication Method Invalid" + wxi-stop + elif [[ $VAULT_USERNAME == ldap* ]] + then + USERNAME=${VAULT_USERNAME#ldap-} + elif [[ $VAULT_USERNAME == oidc* ]] + then + USERNAME=${VAULT_USERNAME#oidc-} + fi + + wxi-footer } diff --git a/src/commands/auth/logout.sh b/src/commands/auth/logout.sh index 3c6b025..bfe5ab3 100644 --- a/src/commands/auth/logout.sh +++ b/src/commands/auth/logout.sh @@ -1,13 +1,23 @@ wx-logout(){ - wx-header "Logout" - if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]] - then - VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login) - if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]] - then - wx-clean &> /dev/null - jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi + wxi-header "Logout" + wxi-restricted --user + wxi-restricted --org + wxi-restricted --vault + + if [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' ]] + then + TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) + fi + + VAULT_STATUS=$(curl https://$VAULT_DOMAIN/v1/auth/token/revoke-self -X POST --header "X-Vault-Token: $TOKEN" -s -o /dev/null -w "%{http_code}") + if [[ $VAULT_STATUS -eq 204 || $VAULT_STATUS -eq 403 ]] + then + wxi-header "$ORG_HEADER" h3 + echo "Logging Out..." + TOKEN="" + wxi-config login + wxi-footer + wxi-stop + fi + } diff --git a/src/commands/help.sh b/src/commands/help.sh index e7bf201..bff29b0 100644 --- a/src/commands/help.sh +++ b/src/commands/help.sh @@ -1,8 +1,8 @@ wx-help(){ -wx-header "Help" +wxi-header "Help" -echo -n " +wxi-content text " Usage: $0 COMMAND [OPTIONS] Common Commands: @@ -20,7 +20,6 @@ Common Commands: retrieve Retrieve save Save sync Sync - delete Delete clean Clean Authentication Commands: @@ -35,6 +34,9 @@ Management Commands: Maintenance Commands: install Install update Update + uninstall Uninstall "; +wxi-footer + } diff --git a/src/commands/infra.sh b/src/commands/infra.sh index 1888c59..c24982d 100644 --- a/src/commands/infra.sh +++ b/src/commands/infra.sh @@ -1,75 +1,77 @@ wx-infra(){ - wx-login - wx-auto &> /dev/null + wx-login &> /dev/null + wx-auto &> /dev/null - wx-header "Infra" - wx-restricted + wxi-header "Infra" + wxi-restricted - case $USERNAME in - cwchristerw) - if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]] - then - INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra" - else - if [[ -d "$HOME/.warengroup/infra" ]] - then - INFRA_PATH="$HOME/.warengroup/infra" - else - INFRA_PATH="$HOME/.warengroup/infra" - mkdir -p "$INFRA_PATH" &> /dev/null - git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null - fi - fi + case $USERNAME in + cwchristerw) + if [[ -d "$HOME/.warengroup/infra" ]] + then + INFRA_PATH="$HOME/.warengroup/infra" + else + INFRA_PATH="$HOME/.warengroup/infra" + mkdir -p "$INFRA_PATH" &> /dev/null + git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null + fi - if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]] - then - mkdir -p "$INFRA_PATH/vault" &> /dev/null + if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]] + then + mkdir -p "$INFRA_PATH/vault" &> /dev/null - curl \ - -H "X-Vault-Token: ${config["login",$ORG]}" \ - -X GET \ - https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw" + curl \ + -H "X-Vault-Token: $VAULT_TOKEN" \ + -X GET \ + https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw" - curl \ - -H "X-Vault-Token: ${config["login",$ORG]}" \ - -X GET \ - https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup" - fi + curl \ + -H "X-Vault-Token: $VAULT_TOKEN" \ + -X GET \ + https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup" + fi - if [[ -z $1 ]] - then - echo "Tag Required" - else - if [[ $1 == "init" ]] - then - if [[ -z $2 ]] - then - 2=init - fi + INFRA_VAULT="--vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw" + ;; + *) + wxi-content status "User" "Unsupported" + wxi-footer + wxi-stop + INFRA_PATH="$HOME/.warengroup/infra" + INFRA_VAULT="--vault-id warengroup@vault/warengroup" + ;; + esac - cd "$INFRA_PATH" - git pull &> /dev/null - ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null - ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9 - cd "$OLDPWD" - elif [[ $1 == "manager" ]] - then - cd "$INFRA_PATH" - git pull &> /dev/null - ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null - ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9 - cd "$OLDPWD" - else - cd "$INFRA_PATH" - git pull &> /dev/null - ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null - ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9 - cd "$OLDPWD" - fi - fi - ;; - *) - echo "User Unsupported" - ;; - esac + if [[ -z ${args['2']} ]] + then + echo "Tag Required" + else + cd "$INFRA_PATH" + #git pull &> /dev/null + #ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null + + if [[ ${args['2']} == "init" ]] + then + wxi-header "Init" h3 + + if [[ -z ${args['3']} ]] + then + tags=init + else + tags=${args['3']} + fi + + ansible-playbook $INFRA_VAULT playbooks/init.yml -t $tags --limit "${args['limit']}" + elif [[ ${args['2']} == "manager" ]] + then + wxi-header "Manager" h3 + ansible-playbook $INFRA_VAULT manager.yml --extra-vars "${args['extra-vars']}" + else + wxi-header "Playbooks" h3 + tags=${args['2']} + ansible-playbook $INFRA_VAULT playbooks.yml -t $tags --limit "${args['limit']}" + fi + cd "$OLDPWD" + fi + wxi-footer } diff --git a/src/commands/maintenance/install.sh b/src/commands/maintenance/install.sh index a92fcd8..8e4e3cc 100644 --- a/src/commands/maintenance/install.sh +++ b/src/commands/maintenance/install.sh @@ -1,29 +1,25 @@ wx-install(){ - if [[ -z $1 ]] - then - wx-header "Install" - fi + wxi-header "Install" + wxi-restricted --user - wx-restricted + if [[ -f "./wx" && -f "./maintainer.sh" && -d "./src" ]] + then + ./maintainer.sh + fi - if [[ -f "./wx" ]] && [[ -d "./src" ]] - then - podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null - mv wx.tmp wx &> /dev/null - chmod +x wx &> /dev/null - fi + mkdir -p $HOME/bin + if [[ $(curl -s -o /dev/null -w "%{http_code}" https://git.waren.io/warengroup/wx/raw/branch/master/wx) -eq 200 ]] + then + curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null + chmod +x $HOME/bin/wx &> /dev/null + fi - mkdir $HOME/bin &> /dev/null - if [[ $(curl -s -o /dev/null -w "%{http_code}" https://git.waren.io/warengroup/wx/raw/branch/master/wx) -eq 200 ]] - then - curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null - chmod +x $HOME/bin/wx &> /dev/null - fi + CRONJOB_NAME="#Warén CLI: Auto" + CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto" + if [[ -z $(crontab -l | grep -F "$CRONJOB_NAME") || -z $(crontab -l | grep -F "$CRONJOB_TASK") ]] + then + (crontab -l ; echo "$CRONJOB_NAME" ; echo "$CRONJOB_TASK") | grep -Fv "no crontab" | crontab - + fi - CRONJOB_NAME="#Warén CLI: Auto" - CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto" - if [[ -z $(crontab -l | grep -F "$CRONJOB_NAME") || -z $(crontab -l | grep -F "$CRONJOB_TASK") ]] - then - (crontab -l ; echo "$CRONJOB_NAME" ; echo "$CRONJOB_TASK") | grep -Fv "no crontab" | crontab - - fi + wxi-footer } diff --git a/src/commands/maintenance/uninstall.sh b/src/commands/maintenance/uninstall.sh index eaf8906..b260871 100644 --- a/src/commands/maintenance/uninstall.sh +++ b/src/commands/maintenance/uninstall.sh @@ -1,28 +1,26 @@ wx-uninstall(){ - wx-header "Uninstall" + wxi-header "Uninstall" + wxi-restricted --user + wx-clean &> /dev/null - wx-clean &> /dev/null + if [[ -d "$HOME/.warengroup" ]] + then + rm "$HOME/.warengroup" -rf + fi - if [[ -d "$HOME/.warengroup" ]] - then - rm "$HOME/.warengroup" -rf - fi + CRONJOB_NAME="#Warén CLI: Auto" + CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto" + if [[ $(crontab -l | grep -F "$CRONJOB_NAME") || $(crontab -l | grep -F "$CRONJOB_TASK") ]] + then + crontab -l | grep -Fv "$CRONJOB_NAME" | grep -Fv "$CRONJOB_TASK" | grep -Fv "no crontab" | crontab - + fi - CRONJOB_NAME="#Warén CLI: Auto" - CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto" - if [[ $(crontab -l | grep -F "$CRONJOB_NAME") || $(crontab -l | grep -F "$CRONJOB_TASK") ]] - then - crontab -l | grep -Fv "$CRONJOB_NAME" | grep -Fv "$CRONJOB_TASK" | grep -Fv "no crontab" | crontab - - fi + if [[ -f "$HOME/bin/wx" ]] + then + rm "$HOME/bin/wx" -rf + fi - if [[ -f "$HOME/bin/wx" ]] - then - rm "$HOME/bin/wx" -rf - fi - - echo " " - echo " " - echo " " - - exit 1 + wxi-footer + wxi-repeat "\n" 3 + exit 1 } diff --git a/src/commands/maintenance/update.sh b/src/commands/maintenance/update.sh index bd3c417..3bc9a8a 100644 --- a/src/commands/maintenance/update.sh +++ b/src/commands/maintenance/update.sh @@ -1,4 +1,9 @@ wx-update(){ - wx-header "Update" - wx-install --update + wxi-header "Update" + wxi-restricted --user + + wx-install &> /dev/null + echo "Updates Completed" + + wxi-footer } diff --git a/src/commands/management/auto.sh b/src/commands/management/auto.sh index e1412c0..27e0812 100644 --- a/src/commands/management/auto.sh +++ b/src/commands/management/auto.sh @@ -1,8 +1,9 @@ wx-auto(){ - wx-login - wx-header "Auto" + wxi-header "Auto" + wxi-restricted + wxi-footer - wx-ssh-config-sync - wx-ssh-keys-sign - wx-ssh-keys-sync + wxi-ssh-config-sync + wxi-ssh-keys-sign + wxi-ssh-keys-sync } diff --git a/src/commands/management/clean.sh b/src/commands/management/clean.sh index 69836a0..8c692ca 100644 --- a/src/commands/management/clean.sh +++ b/src/commands/management/clean.sh @@ -1,6 +1,8 @@ wx-clean(){ - wx-login - wx-header "Clean" - wx-ssh-config-clean - wx-ssh-keys-clean + wxi-header "Clean" + wxi-restricted --user + wxi-footer + + wxi-ssh-config-clean + wxi-ssh-keys-clean } diff --git a/src/commands/management/settings.sh b/src/commands/management/settings.sh index c0c0cf2..b79e28d 100644 --- a/src/commands/management/settings.sh +++ b/src/commands/management/settings.sh @@ -1,4 +1,5 @@ wx-settings(){ - wx-login - wx-header "Settings" + wxi-header "Settings" + wxi-restricted --user + wxi-footer } diff --git a/src/commands/ssh.sh b/src/commands/ssh.sh index 3ad15b9..d9b6e99 100644 --- a/src/commands/ssh.sh +++ b/src/commands/ssh.sh @@ -1,16 +1,18 @@ wx-ssh(){ - wx-login + wx-login &> /dev/null + wx-auto &> /dev/null - case $1 in - keys) - wx-ssh-keys $2 $3 - ;; - config) - wx-ssh-config $2 - ;; - *) - wx-header "SSH" - wx-stop - ;; - esac + case ${args['2']} in + config) + wxi-ssh-config + ;; + keys) + wxi-ssh-keys + ;; + *) + wxi-header "SSH" + wxi-restricted + wxi-footer + ;; + esac } diff --git a/src/commands/ssh/config.sh b/src/commands/ssh/config.sh index 6f765f3..fa35d4e 100644 --- a/src/commands/ssh/config.sh +++ b/src/commands/ssh/config.sh @@ -1,63 +1,21 @@ -wx-ssh-config(){ - wx-restricted - - case $1 in - edit) - wx-ssh-config-sync - wx-ssh-config-edit - wx-ssh-config-save - ;; - save) - wx-ssh-config-save - ;; - sync) - wx-ssh-config-sync - ;; - clean) - wx-ssh-config-clean - ;; - *) - wx-ssh-config-sync - wx-stop - ;; - esac -} - -wx-ssh-config-edit(){ - wx-header "SSH / Config / Edit" - wx-restricted - nano ~/.ssh/config -} - -wx-ssh-config-save(){ - wx-header "SSH / Config / Save" - wx-restricted - curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null -} - -wx-ssh-config-sync(){ - wx-header "SSH / Config / Sync" - wx-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ $VAULT_STATUS -eq 200 ]] - then - touch ~/.ssh/config - SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) - SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64) - if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]] - then - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 - chmod 700 ~/.ssh/config - fi - fi -} - -wx-ssh-config-clean(){ - wx-header "SSH / Config / Clean" - wx-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] - then - rm "$HOME/.ssh/config" - fi +wxi-ssh-config(){ + case ${args['3']} in + edit) + wxi-ssh-config-sync + wxi-ssh-config-edit + wxi-ssh-config-save + ;; + save) + wxi-ssh-config-save + ;; + sync) + wxi-ssh-config-sync + ;; + clean) + wxi-ssh-config-clean + ;; + *) + wxi-ssh-config-sync + ;; + esac } diff --git a/src/commands/ssh/config/clean.sh b/src/commands/ssh/config/clean.sh new file mode 100644 index 0000000..a20f05b --- /dev/null +++ b/src/commands/ssh/config/clean.sh @@ -0,0 +1,11 @@ +wxi-ssh-config-clean(){ + wxi-header "SSH / Config / Clean" + wxi-restricted + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") + if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] + then + rm "$HOME/.ssh/config" + fi + wxi-footer +} diff --git a/src/commands/ssh/config/edit.sh b/src/commands/ssh/config/edit.sh new file mode 100644 index 0000000..2cb49c8 --- /dev/null +++ b/src/commands/ssh/config/edit.sh @@ -0,0 +1,7 @@ +wxi-ssh-config-edit(){ + wxi-header "SSH / Config / Edit" + wxi-restricted + + nano ~/.ssh/config + wxi-footer +} diff --git a/src/commands/ssh/config/save.sh b/src/commands/ssh/config/save.sh new file mode 100644 index 0000000..70d5b09 --- /dev/null +++ b/src/commands/ssh/config/save.sh @@ -0,0 +1,10 @@ +wxi-ssh-config-save(){ + wxi-header "SSH / Config / Save" + wxi-restricted + + if [[ -f "$HOME/.ssh/config" ]] + then + curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null + fi + wxi-footer +} diff --git a/src/commands/ssh/config/sync.sh b/src/commands/ssh/config/sync.sh new file mode 100644 index 0000000..7963ed6 --- /dev/null +++ b/src/commands/ssh/config/sync.sh @@ -0,0 +1,18 @@ +wxi-ssh-config-sync(){ + wxi-header "SSH / Config / Sync" + wxi-restricted + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") + if [[ $VAULT_STATUS -eq 200 ]] + then + touch ~/.ssh/config + SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) + SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64) + if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]] + then + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 + chmod 700 ~/.ssh/config + fi + fi + wxi-footer +} diff --git a/src/commands/ssh/keys.sh b/src/commands/ssh/keys.sh index fcff0a6..1e46fd3 100644 --- a/src/commands/ssh/keys.sh +++ b/src/commands/ssh/keys.sh @@ -1,169 +1,28 @@ -wx-ssh-keys(){ - wx-restricted - - case $1 in - generate) - wx-ssh-keys-retrieve $2 - wx-ssh-keys-generate $2 - wx-ssh-keys-save $2 - ;; - sign) - wx-ssh-keys-sign - ;; - retrieve) - wx-ssh-keys-retrieve $2 - ;; - save) - wx-ssh-keys-save $2 - ;; - sync) - wx-ssh-keys-sync $2 - ;; - delete) - wx-ssh-keys-delete $2 - ;; - clean) - wx-ssh-keys-clean $2 - ;; - *) - wx-stop - ;; - esac -} - -wx-ssh-keys-generate(){ - wx-header "SSH / Keys / Generate" - wx-restricted - if [[ ! -z $1 ]] - then - if [[ ! -f "$HOME/.ssh/keys/$1" ]] - then - ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null - fi - fi -} - -wx-ssh-keys-sign(){ - wx-header "SSH / Keys / Sign" - wx-restricted - - if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]] - then - wx-ssh-keys-sign-create warengroup sysadmin 3600 - elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]] - then - wx-ssh-keys-sign-create cwinfo sysadmin 3600 - elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]] - then - wx-ssh-keys-sign-create warengroup sysadmin 3600 - wx-ssh-keys-sign-create cwinfo sysadmin 3600 - wx-ssh-keys-sign-create cwchristerw sysadmin 3600 - fi -} - -wx-ssh-keys-sign-create(){ - wx-restricted - - NAME=$1 - ROLE=$2 - PRINCIPALS=$2 - TTL=$3 - - if [[ ! -f "$HOME/.ssh/keys/$NAME" ]] - then - ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null - fi - - if [[ -f "$HOME/.ssh/keys/$NAME" ]] - then - echo "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 - fi -} - -wx-ssh-keys-retrieve(){ - if [[ -z $2 ]] - then - wx-header "SSH / Keys / Retrieve" - fi - - wx-restricted - if [[ ! -z $1 ]] - then - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ $VAULT_STATUS -eq 200 ]] - then - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 - chmod 700 ~/.ssh/keys/$1 - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 - chmod 700 ~/.ssh/keys/$1.pub - fi - fi -} - -wx-ssh-keys-save(){ - wx-header "SSH / Keys / Save" - wx-restricted - if [[ ! -z $1 ]] - then - if [[ -f "$HOME/.ssh/keys/$1" ]] - then - curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null - fi - fi -} - -wx-ssh-keys-sync(){ - wx-header "SSH / Keys / Sync" - wx-restricted - - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ $VAULT_STATUS -eq 200 ]] - then - for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \') - do - echo $name - wx-ssh-keys-retrieve $name --multiple - done - fi -} - -wx-ssh-keys-clean(){ - if [[ -z $1 ]] - then - wx-header "SSH / Keys / Clean" - fi - wx-restricted - - if [[ ! -z $1 ]] - then - if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]] - then - rm "$HOME/.ssh/keys/$1" &> /dev/null - rm "$HOME/.ssh/keys/$1.pub" &> /dev/null - rm "$HOME/.ssh/keys/$1.sig" &> /dev/null - fi - else - if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]] - then - wx-ssh-keys-clean warengroup - elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]] - then - wx-ssh-keys-clean cwinfo - elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]] - then - wx-ssh-keys-clean warengroup - wx-ssh-keys-clean cwinfo - wx-ssh-keys-clean cwchristerw - fi - - for file in ~/.ssh/keys/* - do - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]] - then - rm "$file" &> /dev/null - fi - done - fi +wxi-ssh-keys(){ + case ${args['3']} in + generate) + wxi-ssh-keys-retrieve + wxi-ssh-keys-generate + wxi-ssh-keys-save + ;; + sign) + wxi-ssh-keys-sign + ;; + retrieve) + wxi-ssh-keys-retrieve + ;; + save) + wxi-ssh-keys-save + ;; + sync) + wxi-ssh-keys-sync + ;; + clean) + wxi-ssh-keys-clean + ;; + *) + wxi-header "SSH / Keys" + wxi-footer + ;; + esac } diff --git a/src/commands/ssh/keys/clean.sh b/src/commands/ssh/keys/clean.sh new file mode 100644 index 0000000..5d67440 --- /dev/null +++ b/src/commands/ssh/keys/clean.sh @@ -0,0 +1,32 @@ +wxi-ssh-keys-clean(){ + wxi-header "SSH / Keys / Clean" + wxi-restricted + + if [[ ! -z $1 ]] + then + if [[ -f "$HOME/.ssh/keys/$1" ]] + then + rm "$HOME/.ssh/keys/$1" &> /dev/null + rm "$HOME/.ssh/keys/$1.pub" &> /dev/null + rm "$HOME/.ssh/keys/$1.sig" &> /dev/null + fi + else + wx-ssh-keys-clean $ORG + + if [[ $USERNAME == "cwchristerw" ]] + then + wx-ssh-keys-clean warengroup + fi + + for file in ~/.ssh/keys/* + do + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN") + if [[ $VAULT_STATUS -eq 200 ]] + then + rm "$file" &> /dev/null + fi + done + fi + + wxi-footer +} diff --git a/src/commands/ssh/keys/generate.sh b/src/commands/ssh/keys/generate.sh new file mode 100644 index 0000000..81dd598 --- /dev/null +++ b/src/commands/ssh/keys/generate.sh @@ -0,0 +1,13 @@ +wxi-ssh-keys-generate(){ + wxi-header "SSH / Keys / Generate" + wxi-restricted + + if [[ ! -z $1 ]] + then + if [[ ! -f "$HOME/.ssh/keys/$1" ]] + then + ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null + fi + fi + wxi-footer +} diff --git a/src/commands/ssh/keys/retrieve.sh b/src/commands/ssh/keys/retrieve.sh new file mode 100644 index 0000000..ef0d347 --- /dev/null +++ b/src/commands/ssh/keys/retrieve.sh @@ -0,0 +1,18 @@ +wxi-ssh-keys-retrieve(){ + wxi-header "SSH / Keys / Retrieve" + wxi-restricted + + if [[ ! -z $1 ]] + then + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN") + if [[ $VAULT_STATUS -eq 200 ]] + then + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 + chmod 700 ~/.ssh/keys/$1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 + chmod 700 ~/.ssh/keys/$1.pub + fi + fi + + wxi-footer +} diff --git a/src/commands/ssh/keys/save.sh b/src/commands/ssh/keys/save.sh new file mode 100644 index 0000000..381da7f --- /dev/null +++ b/src/commands/ssh/keys/save.sh @@ -0,0 +1,13 @@ +wxi-ssh-keys-save(){ + wxi-header "SSH / Keys / Save" + wxi-restricted + + if [[ ! -z $1 ]] + then + if [[ -f "$HOME/.ssh/keys/$1" ]] + then + curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null + fi + fi + wxi-footer +} diff --git a/src/commands/ssh/keys/sign.sh b/src/commands/ssh/keys/sign.sh new file mode 100644 index 0000000..15eece0 --- /dev/null +++ b/src/commands/ssh/keys/sign.sh @@ -0,0 +1,27 @@ +wxi-ssh-keys-sign(){ + wxi-header "SSH / Keys / Sign" + wxi-restricted + + wx-ssh-keys-sign-create $ORG sysadmin 3600 + + if [[ $USERNAME == "cwchristerw" ]] + then + wx-ssh-keys-sign-create warengroup sysadmin 3600 + fi + wxi-footer +} + +wxi-ssh-keys-sign-create(){ + NAME=$1 + ROLE=$2 + PRINCIPALS=$2 + TTL=$3 + + wxi-ssh-keys-generate $NAME &> /dev/null + + if [[ -f "$HOME/.ssh/keys/$NAME" ]] + then + wxi-content text "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 + fi +} diff --git a/src/commands/ssh/keys/sync.sh b/src/commands/ssh/keys/sync.sh new file mode 100644 index 0000000..333e86c --- /dev/null +++ b/src/commands/ssh/keys/sync.sh @@ -0,0 +1,14 @@ +wxi-ssh-keys-sync(){ + wxi-header "SSH / Keys / Sync" + wxi-restricted + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN") + if [[ $VAULT_STATUS -eq 200 ]] + then + for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \') + do + echo $name + wx-ssh-keys-retrieve $name --multiple + done + fi + wxi-footer +} diff --git a/src/commands/welcome.sh b/src/commands/welcome.sh index 9c619b5..3a136e0 100644 --- a/src/commands/welcome.sh +++ b/src/commands/welcome.sh @@ -1,3 +1,14 @@ wx-welcome(){ - wx-header "Welcome" + wxi-header "Welcome" + + wxi-header "Help" h3 + wxi-content text "Use \"wx help\" command" + + echo "" + + wxi-header "Useful Links" h3 + wxi-content link "Infra" "https://infra.waren.io" + wxi-content link "Status" "https://status.waren.io" + + wxi-footer } diff --git a/src/functions/config.sh b/src/functions/config.sh new file mode 100644 index 0000000..953a7db --- /dev/null +++ b/src/functions/config.sh @@ -0,0 +1,12 @@ +wxi-config(){ + case $1 in + login) + jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp + ;; + *) + echo -n "" + ;; + esac + + mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null +} diff --git a/src/functions/header.sh b/src/functions/header.sh deleted file mode 100644 index 8353695..0000000 --- a/src/functions/header.sh +++ /dev/null @@ -1,24 +0,0 @@ -wx-header(){ - if [[ $2 == "h1" ]] - then - echo "" - echo "" - echo "" - echo "==============================" - wx-repeat " " $((30/2-${#1}/2)) - echo -n "$wxBold" - echo -n "$1" - echo -n "$wxNormal" - echo "" - echo "==============================" - fi - - if [[ $2 == "h2" || -z $2 ]] - then - wx-start - wx-repeat " " $((30/2-6/2-${#1}/2)) - echo -n ">> $1 <<" - echo "" - echo "------------------------------" - fi -} diff --git a/src/functions/repeat.sh b/src/functions/repeat.sh deleted file mode 100644 index 45a6b85..0000000 --- a/src/functions/repeat.sh +++ /dev/null @@ -1,5 +0,0 @@ -wx-repeat() { - local str=$1 n=$2 spaces - printf -v spaces "%*s" $n " " - printf "%s" "${spaces// /$str}" -} diff --git a/src/functions/restricted.sh b/src/functions/restricted.sh index 8da98bb..fb8dfe1 100644 --- a/src/functions/restricted.sh +++ b/src/functions/restricted.sh @@ -1,10 +1,84 @@ -wx-restricted(){ +wxi-restricted(){ + if [[ -z $1 || $1 == "--user" ]] + then if [[ $USER == "root" || $USER == "local" ]] then - echo "Status: Command Restricted" - echo " " - echo " " - echo " " - exit 1 + wxi-content status "Command" "Restricted" + wxi-content text "It's not permitted to execute this command with root or local user." + wxi-footer + wxi-repeat "\n" 3 + exit 1 fi + fi + + if [[ $1 == "--org" ]] + then + if [[ ! -z ${args['org']} ]] + then + case ${args['org']} in + warengroup) + ORG=warengroup + ;; + cwchristerw) + ORG=cwchristerw + ;; + *) + wxi-content status "Organization" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + elif [[ $(hostname -d) = *"devices.waren.io" ]] + then + ORG=warengroup + elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] + then + ORG=cwchristerw + fi + + if [[ ! -z $ORG ]] + then + case $ORG in + warengroup) + DOMAIN=waren.io + VAULT_DOMAIN=vault.cwinfo.net + ORG_HEADER="Warén Group" + ;; + cwchristerw) + DOMAIN=christerwaren.fi + VAULT_DOMAIN=vault.cwinfo.net + ORG_HEADER="Christer Warén" + ;; + *) + wxi-content status "Organization" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + else + wxi-content status "Organization" "Required" + wxi-footer + wxi-stop + fi + fi + + if [[ -z $1 || $1 == "--vault" ]] + then + if [[ -z $VAULT_DOMAIN ]] + then + wxi-content status "Vault" "Unavailable" + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) + if [[ ! $VAULT_STATUS -eq 200 ]] + then + wxi-content status "Vault" "Offline" + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + fi } diff --git a/src/functions/start.sh b/src/functions/start.sh index 0c3f696..58ad1af 100644 --- a/src/functions/start.sh +++ b/src/functions/start.sh @@ -1,15 +1,13 @@ -wx-start(){ - wx-header "Warén CLI" h1 +wxi-start(){ + wxi-header "Warén CLI" h1 - mkdir -p $HOME/.warengroup &> /dev/null - - if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]] - then - echo '{}' | jq > $HOME/.warengroup/config.json - fi - - mkdir -p $HOME/.ssh/keys - chmod 700 -R $HOME/.ssh/keys - mkdir -p $HOME/.ssh/multiplex - chmod 700 -R $HOME/.ssh/multiplex + mkdir -p $HOME/.warengroup + if [[ ! -f $HOME/.warengroup/config.json || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]] + then + echo '{}' | jq > $HOME/.warengroup/config.json + fi + mkdir -p $HOME/.ssh/keys + chmod 700 -R $HOME/.ssh/keys + mkdir -p $HOME/.ssh/multiplex + chmod 700 -R $HOME/.ssh/multiplex } diff --git a/src/functions/stop.sh b/src/functions/stop.sh index 0010bf4..ae1e7fe 100644 --- a/src/functions/stop.sh +++ b/src/functions/stop.sh @@ -1,14 +1,18 @@ -wx-stop (){ - echo " " - echo " " - echo " " +wxi-stop(){ + if [[ ! -f $HOME/bin/wx ]] + then + wx-install &> /dev/null + else + wx-update &> /dev/null + fi - wx-install --auto + wxi-repeat "\n" 3 - if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]] - then - wx-logout - fi + for key in "${!args[@]}" + do + echo "$key: ${args[$key]}" + done - exit 1 + wxi-repeat "\n" 3 + exit 1 } diff --git a/src/ui/content.sh b/src/ui/content.sh new file mode 100644 index 0000000..64c6abe --- /dev/null +++ b/src/ui/content.sh @@ -0,0 +1,16 @@ +wxi-content(){ + if [[ $1 == "text" ]] + then + echo "$2" + elif [[ $1 == "status" ]] + then + wxi-repeat "\n" 2 + echo -n "$wxiBold" + echo "Status" + echo -n "$wxiNormal" + echo "$2 - $3" + elif [[ $1 == "link" ]] + then + echo "$2 - $3" + fi +} diff --git a/src/ui/footer.sh b/src/ui/footer.sh new file mode 100644 index 0000000..d0cf2da --- /dev/null +++ b/src/ui/footer.sh @@ -0,0 +1,11 @@ +wxi-footer(){ + echo "" + echo "------------------------------" + wxi-repeat " " $((30/2-12/2)) + echo -n "$wxiBold" + echo "Warén Group™" + echo -n "$wxiNormal" + wxi-repeat " " $((30/2-17/2)) + echo "https://waren.io" + echo "==============================" +} diff --git a/src/ui/formatting.sh b/src/ui/formatting.sh new file mode 100644 index 0000000..9104801 --- /dev/null +++ b/src/ui/formatting.sh @@ -0,0 +1,11 @@ +wxiRed=$(tput setaf 196) +wxiGreen=$(tput setaf 46) +wxiYellow=$(tput setaf 226) +wxiBlue=$(tput setaf 21) +wxiPurple=$(tput setaf 165) +wxiTurquoise=$(tput setaf 14) +wxiPink=$(tput setaf 198) +wxiOrange=$(tput setaf 202) +wxiUnderline=$(tput smul) +wxiBold=$(tput bold) +wxiNormal=$(tput sgr0) diff --git a/src/ui/header.sh b/src/ui/header.sh new file mode 100644 index 0000000..8e38839 --- /dev/null +++ b/src/ui/header.sh @@ -0,0 +1,30 @@ +wxi-header(){ + if [[ $2 == "h1" ]] + then + wxi-repeat "\n" 3 + echo "==============================" + wxi-repeat " " $((30/2-${#1}/2)) + echo -n "$wxiBold" + echo "$1" + echo -n "$wxiNormal" + echo "==============================" + fi + + if [[ $2 == "h2" || -z $2 ]] + then + wxi-start + wxi-repeat " " $((30/2-6/2-${#1}/2)) + echo -n "$wxiBold" + echo ">> $1 <<" + echo -n "$wxiNormal" + echo "------------------------------" + echo "" + fi + + if [[ $2 == "h3" ]] + then + echo -n "$wxiBold" + echo "$1" + echo -n "$wxiNormal" + fi +} diff --git a/src/ui/messages.sh b/src/ui/messages.sh new file mode 100644 index 0000000..e69de29 diff --git a/src/ui/repeat.sh b/src/ui/repeat.sh new file mode 100644 index 0000000..9e2bc6b --- /dev/null +++ b/src/ui/repeat.sh @@ -0,0 +1,13 @@ +wxi-repeat() { + if [[ $1 == " " ]] + then + local str=$1 n=$2 spaces + printf -v spaces "%*s" $n " " + printf "%s" "${spaces// /$str}" + else + for i in $(seq 1 $2); + do + echo -en $1 + done + fi +} diff --git a/wx b/wx index 397d631..549c5f5 100755 --- a/wx +++ b/wx @@ -1,102 +1,237 @@ #!/bin/bash -if [ ! "$BASH_VERSION" ] ; then - bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 - exit 1 -fi - -wxRed=$(tput setaf 196) -wxGreen=$(tput setaf 46) -wxYellow=$(tput setaf 226) -wxBlue=$(tput setaf 21) -wxPurple=$(tput setaf 165) -wxTurquoise=$(tput setaf 14) -wxPink=$(tput setaf 198) -wxOrange=$(tput setaf 202) -wxUnderline=$(tput smul) -wxBold=$(tput bold) -wxNormal=$(tput sgr0) +#if [ ! "$BASH_VERSION" ] ; then +# bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 +# exit 1 +#fi +declare -Ax args declare -Ax config +declare -Ax messages -wx-header(){ - if [[ $2 == "h1" ]] - then - echo "" - echo "" - echo "" - echo "==============================" - wx-repeat " " $((30/2-${#1}/2)) - echo -n "$wxBold" - echo -n "$1" - echo -n "$wxNormal" - echo "" - echo "==============================" - fi +wxi-config(){ + case $1 in + login) + jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp + ;; + *) + echo -n "" + ;; + esac - if [[ $2 == "h2" || -z $2 ]] - then - wx-start - wx-repeat " " $((30/2-6/2-${#1}/2)) - echo -n ">> $1 <<" - echo "" - echo "------------------------------" - fi + mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null } -wx-repeat() { +wxi-restricted(){ + if [[ -z $1 || $1 == "--user" ]] + then + if [[ $USER == "root" || $USER == "local" ]] + then + wxi-content status "Command" "Restricted" + wxi-content text "It's not permitted to execute this command with root or local user." + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + fi + + if [[ $1 == "--org" ]] + then + if [[ ! -z ${args['org']} ]] + then + case ${args['org']} in + warengroup) + ORG=warengroup + ;; + cwchristerw) + ORG=cwchristerw + ;; + *) + wxi-content status "Organization" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + elif [[ $(hostname -d) = *"devices.waren.io" ]] + then + ORG=warengroup + elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] + then + ORG=cwchristerw + fi + + if [[ ! -z $ORG ]] + then + case $ORG in + warengroup) + DOMAIN=waren.io + VAULT_DOMAIN=vault.cwinfo.net + ORG_HEADER="Warén Group" + ;; + cwchristerw) + DOMAIN=christerwaren.fi + VAULT_DOMAIN=vault.cwinfo.net + ORG_HEADER="Christer Warén" + ;; + *) + wxi-content status "Organization" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + else + wxi-content status "Organization" "Required" + wxi-footer + wxi-stop + fi + fi + + if [[ -z $1 || $1 == "--vault" ]] + then + if [[ -z $VAULT_DOMAIN ]] + then + wxi-content status "Vault" "Unavailable" + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) + if [[ ! $VAULT_STATUS -eq 200 ]] + then + wxi-content status "Vault" "Offline" + wxi-footer + wxi-repeat "\n" 3 + exit 1 + fi + fi +} + +wxi-start(){ + wxi-header "Warén CLI" h1 + + mkdir -p $HOME/.warengroup + if [[ ! -f $HOME/.warengroup/config.json || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]] + then + echo '{}' | jq > $HOME/.warengroup/config.json + fi + mkdir -p $HOME/.ssh/keys + chmod 700 -R $HOME/.ssh/keys + mkdir -p $HOME/.ssh/multiplex + chmod 700 -R $HOME/.ssh/multiplex +} + +wxi-stop(){ + if [[ ! -f $HOME/bin/wx ]] + then + wx-install &> /dev/null + else + wx-update &> /dev/null + fi + + wxi-repeat "\n" 3 + + for key in "${!args[@]}" + do + echo "$key: ${args[$key]}" + done + + wxi-repeat "\n" 3 + exit 1 +} + +wxi-content(){ + if [[ $1 == "text" ]] + then + echo "$2" + elif [[ $1 == "status" ]] + then + wxi-repeat "\n" 2 + echo -n "$wxiBold" + echo "Status" + echo -n "$wxiNormal" + echo "$2 - $3" + elif [[ $1 == "link" ]] + then + echo "$2 - $3" + fi +} + +wxi-footer(){ + echo "" + echo "------------------------------" + wxi-repeat " " $((30/2-12/2)) + echo -n "$wxiBold" + echo "Warén Group™" + echo -n "$wxiNormal" + wxi-repeat " " $((30/2-17/2)) + echo "https://waren.io" + echo "==============================" +} + +wxiRed=$(tput setaf 196) +wxiGreen=$(tput setaf 46) +wxiYellow=$(tput setaf 226) +wxiBlue=$(tput setaf 21) +wxiPurple=$(tput setaf 165) +wxiTurquoise=$(tput setaf 14) +wxiPink=$(tput setaf 198) +wxiOrange=$(tput setaf 202) +wxiUnderline=$(tput smul) +wxiBold=$(tput bold) +wxiNormal=$(tput sgr0) + +wxi-header(){ + if [[ $2 == "h1" ]] + then + wxi-repeat "\n" 3 + echo "==============================" + wxi-repeat " " $((30/2-${#1}/2)) + echo -n "$wxiBold" + echo "$1" + echo -n "$wxiNormal" + echo "==============================" + fi + + if [[ $2 == "h2" || -z $2 ]] + then + wxi-start + wxi-repeat " " $((30/2-6/2-${#1}/2)) + echo -n "$wxiBold" + echo ">> $1 <<" + echo -n "$wxiNormal" + echo "------------------------------" + echo "" + fi + + if [[ $2 == "h3" ]] + then + echo -n "$wxiBold" + echo "$1" + echo -n "$wxiNormal" + fi +} + + +wxi-repeat() { + if [[ $1 == " " ]] + then local str=$1 n=$2 spaces printf -v spaces "%*s" $n " " printf "%s" "${spaces// /$str}" -} - -wx-restricted(){ - if [[ $USER == "root" || $USER == "local" ]] - then - echo "Status: Command Restricted" - echo " " - echo " " - echo " " - exit 1 - fi -} - -wx-start(){ - wx-header "Warén CLI" h1 - - mkdir -p $HOME/.warengroup &> /dev/null - - if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]] - then - echo '{}' | jq > $HOME/.warengroup/config.json - fi - - mkdir -p $HOME/.ssh/keys - chmod 700 -R $HOME/.ssh/keys - mkdir -p $HOME/.ssh/multiplex - chmod 700 -R $HOME/.ssh/multiplex -} - -wx-stop (){ - echo " " - echo " " - echo " " - - wx-install --auto - - if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]] - then - wx-logout - fi - - exit 1 + else + for i in $(seq 1 $2); + do + echo -en $1 + done + fi } wx-help(){ -wx-header "Help" +wxi-header "Help" -echo -n " +wxi-content text " Usage: $0 COMMAND [OPTIONS] Common Commands: @@ -114,7 +249,6 @@ Common Commands: retrieve Retrieve save Save sync Sync - delete Delete clean Clean Authentication Commands: @@ -129,610 +263,651 @@ Management Commands: Maintenance Commands: install Install update Update + uninstall Uninstall "; +wxi-footer + } wx-infra(){ - wx-login - wx-auto &> /dev/null + wx-login &> /dev/null + wx-auto &> /dev/null - wx-header "Infra" - wx-restricted + wxi-header "Infra" + wxi-restricted - case $USERNAME in - cwchristerw) - if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]] - then - INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra" - else - if [[ -d "$HOME/.warengroup/infra" ]] - then - INFRA_PATH="$HOME/.warengroup/infra" - else - INFRA_PATH="$HOME/.warengroup/infra" - mkdir -p "$INFRA_PATH" &> /dev/null - git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null - fi - fi + case $USERNAME in + cwchristerw) + if [[ -d "$HOME/.warengroup/infra" ]] + then + INFRA_PATH="$HOME/.warengroup/infra" + else + INFRA_PATH="$HOME/.warengroup/infra" + mkdir -p "$INFRA_PATH" &> /dev/null + git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null + fi - if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]] - then - mkdir -p "$INFRA_PATH/vault" &> /dev/null + if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]] + then + mkdir -p "$INFRA_PATH/vault" &> /dev/null - curl \ - -H "X-Vault-Token: ${config["login",$ORG]}" \ - -X GET \ - https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw" + curl \ + -H "X-Vault-Token: $VAULT_TOKEN" \ + -X GET \ + https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw" - curl \ - -H "X-Vault-Token: ${config["login",$ORG]}" \ - -X GET \ - https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup" - fi + curl \ + -H "X-Vault-Token: $VAULT_TOKEN" \ + -X GET \ + https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup" + fi - if [[ -z $1 ]] - then - echo "Tag Required" - else - if [[ $1 == "init" ]] - then - if [[ -z $2 ]] - then - 2=init - fi + INFRA_VAULT="--vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw" + ;; + *) + wxi-content status "User" "Unsupported" + wxi-footer + wxi-stop + INFRA_PATH="$HOME/.warengroup/infra" + INFRA_VAULT="--vault-id warengroup@vault/warengroup" + ;; + esac - cd "$INFRA_PATH" - git pull &> /dev/null - ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null - ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9 - cd "$OLDPWD" - elif [[ $1 == "manager" ]] - then - cd "$INFRA_PATH" - git pull &> /dev/null - ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null - ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9 - cd "$OLDPWD" - else - cd "$INFRA_PATH" - git pull &> /dev/null - ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null - ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9 - cd "$OLDPWD" - fi - fi - ;; - *) - echo "User Unsupported" - ;; - esac + if [[ -z ${args['2']} ]] + then + echo "Tag Required" + else + cd "$INFRA_PATH" + #git pull &> /dev/null + #ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null + + if [[ ${args['2']} == "init" ]] + then + wxi-header "Init" h3 + + if [[ -z ${args['3']} ]] + then + tags=init + else + tags=${args['3']} + fi + + ansible-playbook $INFRA_VAULT playbooks/init.yml -t $tags --limit "${args['limit']}" + elif [[ ${args['2']} == "manager" ]] + then + wxi-header "Manager" h3 + ansible-playbook $INFRA_VAULT manager.yml --extra-vars "${args['extra-vars']}" + else + wxi-header "Playbooks" h3 + tags=${args['2']} + ansible-playbook $INFRA_VAULT playbooks.yml -t $tags --limit "${args['limit']}" + fi + cd "$OLDPWD" + fi + wxi-footer } wx-ssh(){ - wx-login + wx-login &> /dev/null + wx-auto &> /dev/null - case $1 in - keys) - wx-ssh-keys $2 $3 - ;; - config) - wx-ssh-config $2 - ;; - *) - wx-header "SSH" - wx-stop - ;; - esac + case ${args['2']} in + config) + wxi-ssh-config + ;; + keys) + wxi-ssh-keys + ;; + *) + wxi-header "SSH" + wxi-restricted + wxi-footer + ;; + esac } wx-welcome(){ - wx-header "Welcome" + wxi-header "Welcome" + + wxi-header "Help" h3 + wxi-content text "Use \"wx help\" command" + + echo "" + + wxi-header "Useful Links" h3 + wxi-content link "Infra" "https://infra.waren.io" + wxi-content link "Status" "https://status.waren.io" + + wxi-footer } wx-login(){ - if [[ ! -z $1 ]] - then - ORG=$1 - jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - elif [[ $(hostname -d) = *"devices.waren.io" ]] - then - ORG=warengroup - elif [[ $(hostname -d) = *"devices.cwinfo.net" ]] - then - ORG=cwinfo - elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] - then - ORG=cwchristerw - elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]] - then - ORG=$(cat $HOME/.warengroup/config.json | jq -r .org) - else - wx-header "Login" - echo "Status: Organization Required" - wx-stop - fi + wxi-header "Login" + wxi-restricted --user + wxi-restricted --org + wxi-restricted --vault - if [[ $ORG == "warengroup" ]] - then - DOMAIN=waren.io - elif [[ $ORG == "cwinfo" ]] - then - DOMAIN=cwinfo.net - elif [[ $ORG == "cwchristerw" ]] - then - DOMAIN=christerwaren.fi - else - wx-header "Login" - echo "Status: Organization Unsupported" - wx-stop - fi + wxi-header "$ORG_HEADER" h3 - FOLDER=$ORG - DEVICE_DOMAIN="devices.$DOMAIN" - IDM_DOMAIN="idm.waren.io" - VAULT_DOMAIN="vault.cwinfo.net" + if [[ ! -z ${args['login-type']} ]] + then + LOGIN_TYPE=${args['login-type']} + elif [[ ! -z ${args['token']} ]] + then + LOGIN_TYPE=token + elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] + then + LOGIN_TYPE=token + elif [[ ! -z ${args['username']} ]] + then + LOGIN_TYPE=ldap + else + LOGIN_TYPE=ldap + fi - if [[ -z $USER || $USER == "root" || $USER == "local" ]] - then - if [[ -z $SUDO_USER ]] + if [[ ! -z $LOGIN_TYPE ]] + then + case $LOGIN_TYPE in + ldap) + echo -n "Username: " + if [[ ! -z ${args['username']} ]] then - if [[ -z LOGNAME ]] - then - wx-header "Login" - echo "Status: Username Required" - wx-stop - else - USERNAME=$LOGNAME - fi + USERNAME=${args['username']} + wxi-content text "$USERNAME" else - USERNAME=$SUDO_USER - fi - else - USERNAME=$USER - fi - - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) - if [[ $VAULT_STATUS -eq 200 ]] - then - - if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]] - then - if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]] - then - USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)" - fi - TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)" + read USERNAME fi - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') - if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] + echo -n "Password: " + if [[ ! -z ${args['password']} ]] then - config["login",${ORG}]=$VAULT_LOGIN - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi + PASSWORD=${args['password']} else - IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) - if [[ $IDM_STATUS -eq 301 ]] - then - wx-header "Login" - echo $wxBold$ORG$wxNormal - - if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]] - then - echo -n "Username: " - read USERNAME - else - echo "Username: $USERNAME" - fi - - jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - - echo -n "Password: " - read -s PASSWORD - echo "****************" - - if [[ -z $USERNAME || -z $PASSWORD ]] - then - echo "Status: Username & Password Required" - wx-stop - else - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] - then - echo "Status: Login Failed" - wx-stop - fi - - config["login",${ORG}]=$VAULT_LOGIN - - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi - else - wx-header "Login" - echo $wxBold$ORG$wxNormal - - echo -n "Token: " - read -s TOKEN - echo "****************" - - if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] - then - echo "Status: Vault Token Required" - wx-stop - fi - - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] - then - echo "Status: Login Failed" - wx-stop - fi - - config["login",${ORG}]=$VAULT_LOGIN - - if [[ $USER != "root" && $USER != "local" ]] - then - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi + read -s PASSWORD fi - else - wx-header "Login" - echo $wxBold$ORG$wxNormal - echo "Status: Vault Offline" - wx-stop - fi + + if [[ ! -z $PASSWORD ]] + then + wxi-content text "****************" + else + wxi-content text "" + fi + + if [[ -z $USERNAME || -z $PASSWORD ]] + then + wxi-content status "Username & Password" "Required" + wxi-footer + wxi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + wxi-content status "Login" "Failed" + wxi-stop + fi + + wxi-config login + ;; + token) + echo -n "Token: " + if [[ ! -z ${args['token']} ]] + then + if [[ ${args['token']} != "true" ]] + then + TOKEN=${args['token']} + fi + elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] + then + TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) + else + read -s TOKEN + fi + + if [[ ! -z $TOKEN ]] + then + wxi-content text "***********************************************************************************************" + fi + + if [[ -z $TOKEN ]] + then + wxi-content status "Token" "Required" + wxi-footer + wxi-stop + fi + + if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] + then + wxi-content status "Token" "Invalid" + wxi-footer + wxi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + wxi-content status "Login" "Failed" + wxi-stop + fi + + wxi-config login + ;; + *) + wxi-content status "Login Type" "Unsupported" + wxi-footer + wxi-stop + ;; + esac + fi + + VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name') + if [[ -z $VAULT_USERNAME ]] + then + wxi-content status "Login" "Username Missing" + wxi-stop + elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]] + then + wxi-content status "Login" "Authentication Method Invalid" + wxi-stop + elif [[ $VAULT_USERNAME == ldap* ]] + then + USERNAME=${VAULT_USERNAME#ldap-} + elif [[ $VAULT_USERNAME == oidc* ]] + then + USERNAME=${VAULT_USERNAME#oidc-} + fi + + wxi-footer } wx-logout(){ - wx-header "Logout" - if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]] - then - VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login) - if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]] - then - wx-clean &> /dev/null - jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp - mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null - fi - fi + wxi-header "Logout" + wxi-restricted --user + wxi-restricted --org + wxi-restricted --vault + + if [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' ]] + then + TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) + fi + + VAULT_STATUS=$(curl https://$VAULT_DOMAIN/v1/auth/token/revoke-self -X POST --header "X-Vault-Token: $TOKEN" -s -o /dev/null -w "%{http_code}") + if [[ $VAULT_STATUS -eq 204 || $VAULT_STATUS -eq 403 ]] + then + wxi-header "$ORG_HEADER" h3 + echo "Logging Out..." + TOKEN="" + wxi-config login + wxi-footer + wxi-stop + fi + } wx-install(){ - if [[ -z $1 ]] - then - wx-header "Install" - fi + wxi-header "Install" + wxi-restricted --user - wx-restricted + if [[ -f "./wx" && -f "./maintainer.sh" && -d "./src" ]] + then + ./maintainer.sh + fi - if [[ -f "./wx" ]] && [[ -d "./src" ]] - then - podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null - mv wx.tmp wx &> /dev/null - chmod +x wx &> /dev/null - fi + mkdir -p $HOME/bin + if [[ $(curl -s -o /dev/null -w "%{http_code}" https://git.waren.io/warengroup/wx/raw/branch/master/wx) -eq 200 ]] + then + curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null + chmod +x $HOME/bin/wx &> /dev/null + fi - mkdir $HOME/bin &> /dev/null - if [[ $(curl -s -o /dev/null -w "%{http_code}" https://git.waren.io/warengroup/wx/raw/branch/master/wx) -eq 200 ]] - then - curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null - chmod +x $HOME/bin/wx &> /dev/null - fi + CRONJOB_NAME="#Warén CLI: Auto" + CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto" + if [[ -z $(crontab -l | grep -F "$CRONJOB_NAME") || -z $(crontab -l | grep -F "$CRONJOB_TASK") ]] + then + (crontab -l ; echo "$CRONJOB_NAME" ; echo "$CRONJOB_TASK") | grep -Fv "no crontab" | crontab - + fi - CRONJOB_NAME="#Warén CLI: Auto" - CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto" - if [[ -z $(crontab -l | grep -F "$CRONJOB_NAME") || -z $(crontab -l | grep -F "$CRONJOB_TASK") ]] - then - (crontab -l ; echo "$CRONJOB_NAME" ; echo "$CRONJOB_TASK") | grep -Fv "no crontab" | crontab - - fi + wxi-footer } wx-uninstall(){ - wx-header "Uninstall" + wxi-header "Uninstall" + wxi-restricted --user + wx-clean &> /dev/null - wx-clean &> /dev/null + if [[ -d "$HOME/.warengroup" ]] + then + rm "$HOME/.warengroup" -rf + fi - if [[ -d "$HOME/.warengroup" ]] - then - rm "$HOME/.warengroup" -rf - fi + CRONJOB_NAME="#Warén CLI: Auto" + CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto" + if [[ $(crontab -l | grep -F "$CRONJOB_NAME") || $(crontab -l | grep -F "$CRONJOB_TASK") ]] + then + crontab -l | grep -Fv "$CRONJOB_NAME" | grep -Fv "$CRONJOB_TASK" | grep -Fv "no crontab" | crontab - + fi - CRONJOB_NAME="#Warén CLI: Auto" - CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto" - if [[ $(crontab -l | grep -F "$CRONJOB_NAME") || $(crontab -l | grep -F "$CRONJOB_TASK") ]] - then - crontab -l | grep -Fv "$CRONJOB_NAME" | grep -Fv "$CRONJOB_TASK" | grep -Fv "no crontab" | crontab - - fi + if [[ -f "$HOME/bin/wx" ]] + then + rm "$HOME/bin/wx" -rf + fi - if [[ -f "$HOME/bin/wx" ]] - then - rm "$HOME/bin/wx" -rf - fi - - echo " " - echo " " - echo " " - - exit 1 + wxi-footer + wxi-repeat "\n" 3 + exit 1 } wx-update(){ - wx-header "Update" - wx-install --update + wxi-header "Update" + wxi-restricted --user + + wx-install &> /dev/null + echo "Updates Completed" + + wxi-footer } wx-auto(){ - wx-login - wx-header "Auto" + wxi-header "Auto" + wxi-restricted + wxi-footer - wx-ssh-config-sync - wx-ssh-keys-sign - wx-ssh-keys-sync + wxi-ssh-config-sync + wxi-ssh-keys-sign + wxi-ssh-keys-sync } wx-clean(){ - wx-login - wx-header "Clean" - wx-ssh-config-clean - wx-ssh-keys-clean + wxi-header "Clean" + wxi-restricted --user + wxi-footer + + wxi-ssh-config-clean + wxi-ssh-keys-clean } wx-settings(){ - wx-login - wx-header "Settings" + wxi-header "Settings" + wxi-restricted --user + wxi-footer } -wx-ssh-config(){ - wx-restricted - - case $1 in - edit) - wx-ssh-config-sync - wx-ssh-config-edit - wx-ssh-config-save - ;; - save) - wx-ssh-config-save - ;; - sync) - wx-ssh-config-sync - ;; - clean) - wx-ssh-config-clean - ;; - *) - wx-ssh-config-sync - wx-stop - ;; - esac +wxi-ssh-config(){ + case ${args['3']} in + edit) + wxi-ssh-config-sync + wxi-ssh-config-edit + wxi-ssh-config-save + ;; + save) + wxi-ssh-config-save + ;; + sync) + wxi-ssh-config-sync + ;; + clean) + wxi-ssh-config-clean + ;; + *) + wxi-ssh-config-sync + ;; + esac } -wx-ssh-config-edit(){ - wx-header "SSH / Config / Edit" - wx-restricted - nano ~/.ssh/config +wxi-ssh-keys(){ + case ${args['3']} in + generate) + wxi-ssh-keys-retrieve + wxi-ssh-keys-generate + wxi-ssh-keys-save + ;; + sign) + wxi-ssh-keys-sign + ;; + retrieve) + wxi-ssh-keys-retrieve + ;; + save) + wxi-ssh-keys-save + ;; + sync) + wxi-ssh-keys-sync + ;; + clean) + wxi-ssh-keys-clean + ;; + *) + wxi-header "SSH / Keys" + wxi-footer + ;; + esac } -wx-ssh-config-save(){ - wx-header "SSH / Config / Save" - wx-restricted - curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null +wxi-ssh-config-clean(){ + wxi-header "SSH / Config / Clean" + wxi-restricted + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") + if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] + then + rm "$HOME/.ssh/config" + fi + wxi-footer } -wx-ssh-config-sync(){ - wx-header "SSH / Config / Sync" - wx-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") +wxi-ssh-config-edit(){ + wxi-header "SSH / Config / Edit" + wxi-restricted + + nano ~/.ssh/config + wxi-footer +} + +wxi-ssh-config-save(){ + wxi-header "SSH / Config / Save" + wxi-restricted + + if [[ -f "$HOME/.ssh/config" ]] + then + curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null + fi + wxi-footer +} + +wxi-ssh-config-sync(){ + wxi-header "SSH / Config / Sync" + wxi-restricted + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") + if [[ $VAULT_STATUS -eq 200 ]] + then + touch ~/.ssh/config + SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) + SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64) + if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]] + then + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 + chmod 700 ~/.ssh/config + fi + fi + wxi-footer +} + +wxi-ssh-keys-clean(){ + wxi-header "SSH / Keys / Clean" + wxi-restricted + + if [[ ! -z $1 ]] + then + if [[ -f "$HOME/.ssh/keys/$1" ]] + then + rm "$HOME/.ssh/keys/$1" &> /dev/null + rm "$HOME/.ssh/keys/$1.pub" &> /dev/null + rm "$HOME/.ssh/keys/$1.sig" &> /dev/null + fi + else + wx-ssh-keys-clean $ORG + + if [[ $USERNAME == "cwchristerw" ]] + then + wx-ssh-keys-clean warengroup + fi + + for file in ~/.ssh/keys/* + do + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN") + if [[ $VAULT_STATUS -eq 200 ]] + then + rm "$file" &> /dev/null + fi + done + fi + + wxi-footer +} + +wxi-ssh-keys-generate(){ + wxi-header "SSH / Keys / Generate" + wxi-restricted + + if [[ ! -z $1 ]] + then + if [[ ! -f "$HOME/.ssh/keys/$1" ]] + then + ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null + fi + fi + wxi-footer +} + +wxi-ssh-keys-retrieve(){ + wxi-header "SSH / Keys / Retrieve" + wxi-restricted + + if [[ ! -z $1 ]] + then + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then - touch ~/.ssh/config - SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) - SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64) - if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]] - then - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 - chmod 700 ~/.ssh/config - fi + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 + chmod 700 ~/.ssh/keys/$1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 + chmod 700 ~/.ssh/keys/$1.pub fi + fi + + wxi-footer } -wx-ssh-config-clean(){ - wx-header "SSH / Config / Clean" - wx-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] +wxi-ssh-keys-save(){ + wxi-header "SSH / Keys / Save" + wxi-restricted + + if [[ ! -z $1 ]] + then + if [[ -f "$HOME/.ssh/keys/$1" ]] then - rm "$HOME/.ssh/config" + curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null fi + fi + wxi-footer } -wx-ssh-keys(){ - wx-restricted +wxi-ssh-keys-sign(){ + wxi-header "SSH / Keys / Sign" + wxi-restricted - case $1 in - generate) - wx-ssh-keys-retrieve $2 - wx-ssh-keys-generate $2 - wx-ssh-keys-save $2 - ;; - sign) - wx-ssh-keys-sign - ;; - retrieve) - wx-ssh-keys-retrieve $2 - ;; - save) - wx-ssh-keys-save $2 - ;; - sync) - wx-ssh-keys-sync $2 - ;; - delete) - wx-ssh-keys-delete $2 - ;; - clean) - wx-ssh-keys-clean $2 - ;; - *) - wx-stop - ;; + wx-ssh-keys-sign-create $ORG sysadmin 3600 + + if [[ $USERNAME == "cwchristerw" ]] + then + wx-ssh-keys-sign-create warengroup sysadmin 3600 + fi + wxi-footer +} + +wxi-ssh-keys-sign-create(){ + NAME=$1 + ROLE=$2 + PRINCIPALS=$2 + TTL=$3 + + wxi-ssh-keys-generate $NAME &> /dev/null + + if [[ -f "$HOME/.ssh/keys/$NAME" ]] + then + wxi-content text "$NAME/$ROLE" + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 + fi +} + +wxi-ssh-keys-sync(){ + wxi-header "SSH / Keys / Sync" + wxi-restricted + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN") + if [[ $VAULT_STATUS -eq 200 ]] + then + for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \') + do + echo $name + wx-ssh-keys-retrieve $name --multiple + done + fi + wxi-footer +} + + +i=1 +while [[ "$1" != "" ]] +do + case $1 in + --*) + key="${1%%=*}" + value="${1#*=}" + + if [[ "$value" == "$key" ]] + then + shift + value="$1" + fi + + if [[ -z $value ]] + then + value=true + fi + + args["${key#--}"]="$value" + ;; + -*) + key="${1%=*}" + value="${1#*=}" + + if [[ "$value" == "$key" ]] + then + shift + value="$1" + fi + + if [[ -z $value ]] + then + value=true + fi + + args["${key#-}"]="$value" + ;; + *) + args["$i"]="${1%%=*}" + i=$((i + 1)) + ;; esac -} + shift +done -wx-ssh-keys-generate(){ - wx-header "SSH / Keys / Generate" - wx-restricted - if [[ ! -z $1 ]] - then - if [[ ! -f "$HOME/.ssh/keys/$1" ]] - then - ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null - fi - fi -} - -wx-ssh-keys-sign(){ - wx-header "SSH / Keys / Sign" - wx-restricted - - if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]] - then - wx-ssh-keys-sign-create warengroup sysadmin 3600 - elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]] - then - wx-ssh-keys-sign-create cwinfo sysadmin 3600 - elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]] - then - wx-ssh-keys-sign-create warengroup sysadmin 3600 - wx-ssh-keys-sign-create cwinfo sysadmin 3600 - wx-ssh-keys-sign-create cwchristerw sysadmin 3600 - fi -} - -wx-ssh-keys-sign-create(){ - wx-restricted - - NAME=$1 - ROLE=$2 - PRINCIPALS=$2 - TTL=$3 - - if [[ ! -f "$HOME/.ssh/keys/$NAME" ]] - then - ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null - fi - - if [[ -f "$HOME/.ssh/keys/$NAME" ]] - then - echo "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 - fi -} - -wx-ssh-keys-retrieve(){ - if [[ -z $2 ]] - then - wx-header "SSH / Keys / Retrieve" - fi - - wx-restricted - if [[ ! -z $1 ]] - then - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ $VAULT_STATUS -eq 200 ]] - then - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 - chmod 700 ~/.ssh/keys/$1 - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 - chmod 700 ~/.ssh/keys/$1.pub - fi - fi -} - -wx-ssh-keys-save(){ - wx-header "SSH / Keys / Save" - wx-restricted - if [[ ! -z $1 ]] - then - if [[ -f "$HOME/.ssh/keys/$1" ]] - then - curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null - fi - fi -} - -wx-ssh-keys-sync(){ - wx-header "SSH / Keys / Sync" - wx-restricted - - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ $VAULT_STATUS -eq 200 ]] - then - for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \') - do - echo $name - wx-ssh-keys-retrieve $name --multiple - done - fi -} - -wx-ssh-keys-clean(){ - if [[ -z $1 ]] - then - wx-header "SSH / Keys / Clean" - fi - wx-restricted - - if [[ ! -z $1 ]] - then - if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]] - then - rm "$HOME/.ssh/keys/$1" &> /dev/null - rm "$HOME/.ssh/keys/$1.pub" &> /dev/null - rm "$HOME/.ssh/keys/$1.sig" &> /dev/null - fi - else - if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]] - then - wx-ssh-keys-clean warengroup - elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]] - then - wx-ssh-keys-clean cwinfo - elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]] - then - wx-ssh-keys-clean warengroup - wx-ssh-keys-clean cwinfo - wx-ssh-keys-clean cwchristerw - fi - - for file in ~/.ssh/keys/* - do - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}") - if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]] - then - rm "$file" &> /dev/null - fi - done - fi -} - - -if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]] +if [[ ! -z ${args['1']} ]] && [[ $(type -t wx-${args['1']}) == function ]] then - wx-$1 $2 $3 $4 $5 $6 $7 $8 $9 + wx-${args['1']} else - wx-welcome + wx-welcome fi -wx-stop +wxi-stop