Compare commits
3 Commits
13e0deb5f5
...
4e9ae9109e
Author | SHA1 | Date | |
---|---|---|---|
|
4e9ae9109e | ||
|
0071b7407d | ||
|
b014dd1990 |
13
src/commands/auth/logout.sh
Normal file
13
src/commands/auth/logout.sh
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
wx-logout(){
|
||||||
|
wx-header "Logout"
|
||||||
|
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
|
||||||
|
then
|
||||||
|
VAULT_LOGIN=$(cat $HOME/.config/warengroup/config.json | jq -r .login)
|
||||||
|
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
|
||||||
|
then
|
||||||
|
wx-clean
|
||||||
|
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
||||||
|
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
@ -13,12 +13,15 @@ Common Commands:
|
|||||||
edit Edit
|
edit Edit
|
||||||
save Save
|
save Save
|
||||||
sync Sync
|
sync Sync
|
||||||
|
clean Clean
|
||||||
keys Keys
|
keys Keys
|
||||||
generate Generate
|
generate Generate
|
||||||
delete Delete
|
sign Sign
|
||||||
|
retrieve Retrieve
|
||||||
save Save
|
save Save
|
||||||
sync Sync
|
sync Sync
|
||||||
sign Certificates
|
delete Delete
|
||||||
|
clean Clean
|
||||||
|
|
||||||
Authentication Commands:
|
Authentication Commands:
|
||||||
login Login
|
login Login
|
||||||
@ -26,8 +29,12 @@ Authentication Commands:
|
|||||||
|
|
||||||
Management Commands:
|
Management Commands:
|
||||||
auto Auto
|
auto Auto
|
||||||
install Install
|
clean Clean
|
||||||
settings Settings
|
settings Settings
|
||||||
|
|
||||||
|
Maintenance Commands:
|
||||||
|
install Install
|
||||||
|
update Update
|
||||||
";
|
";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
wx-infra(){
|
wx-infra(){
|
||||||
wx-login
|
wx-login
|
||||||
wx-ssh-sign &> /dev/null
|
wx-auto &> /dev/null
|
||||||
|
|
||||||
wx-header "Infra"
|
wx-header "Infra"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
wx-logout(){
|
|
||||||
wx-header "Logout"
|
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
|
||||||
then
|
|
||||||
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
|
||||||
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
|
||||||
fi
|
|
||||||
}
|
|
8
src/commands/maintenance/uninstall.sh
Normal file
8
src/commands/maintenance/uninstall.sh
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
wx-uninstall(){
|
||||||
|
wx-header "Uninstall"
|
||||||
|
wx-logout
|
||||||
|
if [[ ! -d "$HOME/.config/warengroup" ]]
|
||||||
|
then
|
||||||
|
rm "$HOME/.config/warengroup" -rf
|
||||||
|
fi
|
||||||
|
}
|
@ -4,5 +4,5 @@ wx-auto(){
|
|||||||
|
|
||||||
wx-ssh-config-sync
|
wx-ssh-config-sync
|
||||||
wx-ssh-keys-sync
|
wx-ssh-keys-sync
|
||||||
wx-ssh-sign
|
wx-ssh-keys-sign
|
||||||
}
|
}
|
6
src/commands/management/clean.sh
Normal file
6
src/commands/management/clean.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
wx-clean(){
|
||||||
|
wx-login
|
||||||
|
wx-header "Clean"
|
||||||
|
wx-ssh-config-clean
|
||||||
|
wx-ssh-keys-clean
|
||||||
|
}
|
@ -7,9 +7,6 @@ wx-ssh(){
|
|||||||
chmod 700 -R $HOME/.ssh/multiplex
|
chmod 700 -R $HOME/.ssh/multiplex
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
sign)
|
|
||||||
wx-ssh-sign
|
|
||||||
;;
|
|
||||||
keys)
|
keys)
|
||||||
wx-ssh-keys $2 $3
|
wx-ssh-keys $2 $3
|
||||||
;;
|
;;
|
||||||
@ -18,7 +15,6 @@ wx-ssh(){
|
|||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
wx-header "SSH"
|
wx-header "SSH"
|
||||||
|
|
||||||
wx-stop
|
wx-stop
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
@ -13,6 +13,9 @@ wx-ssh-config(){
|
|||||||
sync)
|
sync)
|
||||||
wx-ssh-config-sync
|
wx-ssh-config-sync
|
||||||
;;
|
;;
|
||||||
|
clean)
|
||||||
|
wx-ssh-config-clean
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
wx-ssh-config-sync
|
wx-ssh-config-sync
|
||||||
wx-stop
|
wx-stop
|
||||||
@ -21,23 +24,34 @@ wx-ssh-config(){
|
|||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-config-edit(){
|
wx-ssh-config-edit(){
|
||||||
wx-header "SSH / Config"
|
wx-header "SSH / Config / Edit"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
nano ~/.ssh/config
|
nano ~/.ssh/config
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-config-save(){
|
wx-ssh-config-save(){
|
||||||
wx-header "SSH / Config"
|
wx-header "SSH / Config / Save"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-config-sync(){
|
wx-ssh-config-sync(){
|
||||||
wx-header "SSH / Config"
|
wx-header "SSH / Config / Sync"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
if [[ $VAULT_STATUS -eq 200 ]]
|
if [[ $VAULT_STATUS -eq 200 ]]
|
||||||
then
|
then
|
||||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||||
|
chmod 700 ~/.ssh/config
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-ssh-config-clean(){
|
||||||
|
wx-header "SSH / Config / Clean"
|
||||||
|
wx-restricted
|
||||||
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
|
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
|
||||||
|
then
|
||||||
|
rm "$HOME/.ssh/config"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,9 @@ wx-ssh-keys(){
|
|||||||
wx-ssh-keys-generate $2
|
wx-ssh-keys-generate $2
|
||||||
wx-ssh-keys-save $2
|
wx-ssh-keys-save $2
|
||||||
;;
|
;;
|
||||||
|
sign)
|
||||||
|
wx-ssh-keys-sign
|
||||||
|
;;
|
||||||
retrieve)
|
retrieve)
|
||||||
wx-ssh-keys-retrieve $2
|
wx-ssh-keys-retrieve $2
|
||||||
;;
|
;;
|
||||||
@ -17,17 +20,19 @@ wx-ssh-keys(){
|
|||||||
wx-ssh-keys-sync $2
|
wx-ssh-keys-sync $2
|
||||||
;;
|
;;
|
||||||
delete)
|
delete)
|
||||||
wx-ssh-keys-remove $2
|
wx-ssh-keys-delete $2
|
||||||
|
;;
|
||||||
|
clean)
|
||||||
|
wx-ssh-keys-clean $2
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
wx-ssh-keys-sync
|
|
||||||
wx-stop
|
wx-stop
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-keys-generate(){
|
wx-ssh-keys-generate(){
|
||||||
wx-header "SSH / Keys"
|
wx-header "SSH / Keys / Generate"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
if [[ ! -z $1 ]]
|
if [[ ! -z $1 ]]
|
||||||
then
|
then
|
||||||
@ -38,8 +43,50 @@ wx-ssh-keys-generate(){
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
wx-ssh-keys-sign(){
|
||||||
|
wx-header "SSH / Keys / Sign"
|
||||||
|
wx-restricted
|
||||||
|
|
||||||
|
if [[ $ORG == "warengroup" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-sign-create warengroup sysadmin 3600
|
||||||
|
elif [[ $ORG == "cwinfo" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-sign-create cwinfo sysadmin 3600
|
||||||
|
elif [[ $ORG == "cwchristerw" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-sign-create warengroup sysadmin 3600
|
||||||
|
wx-ssh-keys-sign-create cwinfo sysadmin 3600
|
||||||
|
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-ssh-keys-sign-create(){
|
||||||
|
wx-restricted
|
||||||
|
|
||||||
|
NAME=$1
|
||||||
|
ROLE=$2
|
||||||
|
PRINCIPALS=$2
|
||||||
|
TTL=$3
|
||||||
|
|
||||||
|
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
|
||||||
|
then
|
||||||
|
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
|
||||||
|
then
|
||||||
|
echo "$NAME/$ROLE"
|
||||||
|
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
wx-ssh-keys-retrieve(){
|
wx-ssh-keys-retrieve(){
|
||||||
wx-header "SSH / Keys"
|
if [[ -z $2 ]]
|
||||||
|
then
|
||||||
|
wx-header "SSH / Keys / Retrieve"
|
||||||
|
fi
|
||||||
|
|
||||||
wx-restricted
|
wx-restricted
|
||||||
if [[ ! -z $1 ]]
|
if [[ ! -z $1 ]]
|
||||||
then
|
then
|
||||||
@ -53,7 +100,7 @@ wx-ssh-keys-retrieve(){
|
|||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-keys-save(){
|
wx-ssh-keys-save(){
|
||||||
wx-header "SSH / Keys"
|
wx-header "SSH / Keys / Save"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
if [[ ! -z $1 ]]
|
if [[ ! -z $1 ]]
|
||||||
then
|
then
|
||||||
@ -65,7 +112,56 @@ wx-ssh-keys-save(){
|
|||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-keys-sync(){
|
wx-ssh-keys-sync(){
|
||||||
wx-header "SSH / Keys"
|
wx-header "SSH / Keys / Sync"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
echo ""
|
|
||||||
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
|
if [[ $VAULT_STATUS -eq 200 ]]
|
||||||
|
then
|
||||||
|
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||||
|
do
|
||||||
|
echo $name
|
||||||
|
wx-ssh-keys-retrieve $name --multiple
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-ssh-keys-clean(){
|
||||||
|
if [[ -z $1 ]]
|
||||||
|
then
|
||||||
|
wx-header "SSH / Keys / Clean"
|
||||||
|
fi
|
||||||
|
wx-restricted
|
||||||
|
|
||||||
|
if [[ ! -z $1 ]]
|
||||||
|
then
|
||||||
|
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
|
||||||
|
then
|
||||||
|
rm "$HOME/.ssh/keys/$1" &> /dev/null
|
||||||
|
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
|
||||||
|
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [[ $ORG == "warengroup" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-clean warengroup
|
||||||
|
elif [[ $ORG == "cwinfo" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-clean cwinfo
|
||||||
|
elif [[ $ORG == "cwchristerw" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-clean warengroup
|
||||||
|
wx-ssh-keys-clean cwinfo
|
||||||
|
wx-ssh-keys-clean cwchristerw
|
||||||
|
fi
|
||||||
|
|
||||||
|
for file in ~/.ssh/keys/*
|
||||||
|
do
|
||||||
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
|
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
|
||||||
|
then
|
||||||
|
rm "$file" &> /dev/null
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
@ -1,37 +0,0 @@
|
|||||||
wx-ssh-sign(){
|
|
||||||
wx-header "SSH / Sign"
|
|
||||||
wx-restricted
|
|
||||||
|
|
||||||
if [[ $ORG == "warengroup" ]]
|
|
||||||
then
|
|
||||||
wx-ssh-sign-create warengroup sysadmin 3600
|
|
||||||
elif [[ $ORG == "cwinfo" ]]
|
|
||||||
then
|
|
||||||
wx-ssh-sign-create cwinfo sysadmin 3600
|
|
||||||
elif [[ $ORG == "cwchristerw" ]]
|
|
||||||
then
|
|
||||||
wx-ssh-sign-create warengroup sysadmin 3600
|
|
||||||
wx-ssh-sign-create cwinfo sysadmin 3600
|
|
||||||
wx-ssh-sign-create cwchristerw sysadmin 3600
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
wx-ssh-sign-create(){
|
|
||||||
wx-restricted
|
|
||||||
|
|
||||||
NAME=$1
|
|
||||||
ROLE=$2
|
|
||||||
PRINCIPALS=$2
|
|
||||||
TTL=$3
|
|
||||||
|
|
||||||
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
|
|
||||||
then
|
|
||||||
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
|
|
||||||
then
|
|
||||||
echo "$NAME/$ROLE"
|
|
||||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
|
||||||
fi
|
|
||||||
}
|
|
304
wx
304
wx
@ -85,15 +85,6 @@ wx-stop (){
|
|||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-auto(){
|
|
||||||
wx-login
|
|
||||||
wx-header "Auto"
|
|
||||||
|
|
||||||
wx-ssh-config-sync
|
|
||||||
wx-ssh-keys-sync
|
|
||||||
wx-ssh-sign
|
|
||||||
}
|
|
||||||
|
|
||||||
wx-help(){
|
wx-help(){
|
||||||
|
|
||||||
wx-header "Help"
|
wx-header "Help"
|
||||||
@ -109,12 +100,15 @@ Common Commands:
|
|||||||
edit Edit
|
edit Edit
|
||||||
save Save
|
save Save
|
||||||
sync Sync
|
sync Sync
|
||||||
|
clean Clean
|
||||||
keys Keys
|
keys Keys
|
||||||
generate Generate
|
generate Generate
|
||||||
delete Delete
|
sign Sign
|
||||||
|
retrieve Retrieve
|
||||||
save Save
|
save Save
|
||||||
sync Sync
|
sync Sync
|
||||||
sign Certificates
|
delete Delete
|
||||||
|
clean Clean
|
||||||
|
|
||||||
Authentication Commands:
|
Authentication Commands:
|
||||||
login Login
|
login Login
|
||||||
@ -122,15 +116,19 @@ Authentication Commands:
|
|||||||
|
|
||||||
Management Commands:
|
Management Commands:
|
||||||
auto Auto
|
auto Auto
|
||||||
install Install
|
clean Clean
|
||||||
settings Settings
|
settings Settings
|
||||||
|
|
||||||
|
Maintenance Commands:
|
||||||
|
install Install
|
||||||
|
update Update
|
||||||
";
|
";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-infra(){
|
wx-infra(){
|
||||||
wx-login
|
wx-login
|
||||||
wx-ssh-sign &> /dev/null
|
wx-auto &> /dev/null
|
||||||
|
|
||||||
wx-header "Infra"
|
wx-header "Infra"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
@ -166,24 +164,30 @@ wx-infra(){
|
|||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-install(){
|
wx-ssh(){
|
||||||
if [[ -z $1 ]]
|
wx-login
|
||||||
then
|
|
||||||
wx-header "Install"
|
|
||||||
fi
|
|
||||||
|
|
||||||
wx-restricted
|
mkdir -p $HOME/.ssh/keys
|
||||||
|
chmod 700 -R $HOME/.ssh/keys
|
||||||
|
mkdir -p $HOME/.ssh/multiplex
|
||||||
|
chmod 700 -R $HOME/.ssh/multiplex
|
||||||
|
|
||||||
if [[ -f "./wx" ]] && [[ -d "./src" ]]
|
case $1 in
|
||||||
then
|
keys)
|
||||||
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
|
wx-ssh-keys $2 $3
|
||||||
mv wx.tmp wx &> /dev/null
|
;;
|
||||||
chmod +x wx &> /dev/null
|
config)
|
||||||
fi
|
wx-ssh-config $2
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
wx-header "SSH"
|
||||||
|
wx-stop
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
mkdir $HOME/bin &> /dev/null
|
wx-welcome(){
|
||||||
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
|
wx-header "Welcome"
|
||||||
chmod +x $HOME/bin/wx &> /dev/null
|
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-login(){
|
wx-login(){
|
||||||
@ -360,42 +364,45 @@ wx-login(){
|
|||||||
|
|
||||||
wx-logout(){
|
wx-logout(){
|
||||||
wx-header "Logout"
|
wx-header "Logout"
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
|
||||||
then
|
then
|
||||||
|
VAULT_LOGIN=$(cat $HOME/.config/warengroup/config.json | jq -r .login)
|
||||||
|
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
|
||||||
|
then
|
||||||
|
wx-clean
|
||||||
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
||||||
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-settings(){
|
wx-install(){
|
||||||
wx-login
|
if [[ -z $1 ]]
|
||||||
wx-header "Settings"
|
then
|
||||||
|
wx-header "Install"
|
||||||
|
fi
|
||||||
|
|
||||||
|
wx-restricted
|
||||||
|
|
||||||
|
if [[ -f "./wx" ]] && [[ -d "./src" ]]
|
||||||
|
then
|
||||||
|
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
|
||||||
|
mv wx.tmp wx &> /dev/null
|
||||||
|
chmod +x wx &> /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir $HOME/bin &> /dev/null
|
||||||
|
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
|
||||||
|
chmod +x $HOME/bin/wx &> /dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh(){
|
wx-uninstall(){
|
||||||
wx-login
|
wx-header "Uninstall"
|
||||||
|
wx-logout
|
||||||
mkdir -p $HOME/.ssh/keys
|
if [[ ! -d "$HOME/.config/warengroup" ]]
|
||||||
chmod 700 -R $HOME/.ssh/keys
|
then
|
||||||
mkdir -p $HOME/.ssh/multiplex
|
rm "$HOME/.config/warengroup" -rf
|
||||||
chmod 700 -R $HOME/.ssh/multiplex
|
fi
|
||||||
|
|
||||||
case $1 in
|
|
||||||
sign)
|
|
||||||
wx-ssh-sign
|
|
||||||
;;
|
|
||||||
keys)
|
|
||||||
wx-ssh-keys $2 $3
|
|
||||||
;;
|
|
||||||
config)
|
|
||||||
wx-ssh-config $2
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
wx-header "SSH"
|
|
||||||
|
|
||||||
wx-stop
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-update(){
|
wx-update(){
|
||||||
@ -403,8 +410,25 @@ wx-update(){
|
|||||||
wx-install --update
|
wx-install --update
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-welcome(){
|
wx-auto(){
|
||||||
wx-header "Welcome"
|
wx-login
|
||||||
|
wx-header "Auto"
|
||||||
|
|
||||||
|
wx-ssh-config-sync
|
||||||
|
wx-ssh-keys-sync
|
||||||
|
wx-ssh-keys-sign
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-clean(){
|
||||||
|
wx-login
|
||||||
|
wx-header "Clean"
|
||||||
|
wx-ssh-config-clean
|
||||||
|
wx-ssh-keys-clean
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-settings(){
|
||||||
|
wx-login
|
||||||
|
wx-header "Settings"
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-config(){
|
wx-ssh-config(){
|
||||||
@ -422,6 +446,9 @@ wx-ssh-config(){
|
|||||||
sync)
|
sync)
|
||||||
wx-ssh-config-sync
|
wx-ssh-config-sync
|
||||||
;;
|
;;
|
||||||
|
clean)
|
||||||
|
wx-ssh-config-clean
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
wx-ssh-config-sync
|
wx-ssh-config-sync
|
||||||
wx-stop
|
wx-stop
|
||||||
@ -430,24 +457,35 @@ wx-ssh-config(){
|
|||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-config-edit(){
|
wx-ssh-config-edit(){
|
||||||
wx-header "SSH / Config"
|
wx-header "SSH / Config / Edit"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
nano ~/.ssh/config
|
nano ~/.ssh/config
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-config-save(){
|
wx-ssh-config-save(){
|
||||||
wx-header "SSH / Config"
|
wx-header "SSH / Config / Save"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-config-sync(){
|
wx-ssh-config-sync(){
|
||||||
wx-header "SSH / Config"
|
wx-header "SSH / Config / Sync"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
if [[ $VAULT_STATUS -eq 200 ]]
|
if [[ $VAULT_STATUS -eq 200 ]]
|
||||||
then
|
then
|
||||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||||
|
chmod 700 ~/.ssh/config
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-ssh-config-clean(){
|
||||||
|
wx-header "SSH / Config / Clean"
|
||||||
|
wx-restricted
|
||||||
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
|
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
|
||||||
|
then
|
||||||
|
rm "$HOME/.ssh/config"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -460,6 +498,9 @@ wx-ssh-keys(){
|
|||||||
wx-ssh-keys-generate $2
|
wx-ssh-keys-generate $2
|
||||||
wx-ssh-keys-save $2
|
wx-ssh-keys-save $2
|
||||||
;;
|
;;
|
||||||
|
sign)
|
||||||
|
wx-ssh-keys-sign
|
||||||
|
;;
|
||||||
retrieve)
|
retrieve)
|
||||||
wx-ssh-keys-retrieve $2
|
wx-ssh-keys-retrieve $2
|
||||||
;;
|
;;
|
||||||
@ -470,17 +511,19 @@ wx-ssh-keys(){
|
|||||||
wx-ssh-keys-sync $2
|
wx-ssh-keys-sync $2
|
||||||
;;
|
;;
|
||||||
delete)
|
delete)
|
||||||
wx-ssh-keys-remove $2
|
wx-ssh-keys-delete $2
|
||||||
|
;;
|
||||||
|
clean)
|
||||||
|
wx-ssh-keys-clean $2
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
wx-ssh-keys-sync
|
|
||||||
wx-stop
|
wx-stop
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-keys-generate(){
|
wx-ssh-keys-generate(){
|
||||||
wx-header "SSH / Keys"
|
wx-header "SSH / Keys / Generate"
|
||||||
wx-restricted
|
wx-restricted
|
||||||
if [[ ! -z $1 ]]
|
if [[ ! -z $1 ]]
|
||||||
then
|
then
|
||||||
@ -491,57 +534,25 @@ wx-ssh-keys-generate(){
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-keys-retrieve(){
|
wx-ssh-keys-sign(){
|
||||||
wx-header "SSH / Keys"
|
wx-header "SSH / Keys / Sign"
|
||||||
wx-restricted
|
|
||||||
if [[ ! -z $1 ]]
|
|
||||||
then
|
|
||||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
|
||||||
if [[ $VAULT_STATUS -eq 200 ]]
|
|
||||||
then
|
|
||||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
|
||||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
wx-ssh-keys-save(){
|
|
||||||
wx-header "SSH / Keys"
|
|
||||||
wx-restricted
|
|
||||||
if [[ ! -z $1 ]]
|
|
||||||
then
|
|
||||||
if [[ -f "$HOME/.ssh/keys/$1" ]]
|
|
||||||
then
|
|
||||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
wx-ssh-keys-sync(){
|
|
||||||
wx-header "SSH / Keys"
|
|
||||||
wx-restricted
|
|
||||||
echo ""
|
|
||||||
}
|
|
||||||
|
|
||||||
wx-ssh-sign(){
|
|
||||||
wx-header "SSH / Sign"
|
|
||||||
wx-restricted
|
wx-restricted
|
||||||
|
|
||||||
if [[ $ORG == "warengroup" ]]
|
if [[ $ORG == "warengroup" ]]
|
||||||
then
|
then
|
||||||
wx-ssh-sign-create warengroup sysadmin 3600
|
wx-ssh-keys-sign-create warengroup sysadmin 3600
|
||||||
elif [[ $ORG == "cwinfo" ]]
|
elif [[ $ORG == "cwinfo" ]]
|
||||||
then
|
then
|
||||||
wx-ssh-sign-create cwinfo sysadmin 3600
|
wx-ssh-keys-sign-create cwinfo sysadmin 3600
|
||||||
elif [[ $ORG == "cwchristerw" ]]
|
elif [[ $ORG == "cwchristerw" ]]
|
||||||
then
|
then
|
||||||
wx-ssh-sign-create warengroup sysadmin 3600
|
wx-ssh-keys-sign-create warengroup sysadmin 3600
|
||||||
wx-ssh-sign-create cwinfo sysadmin 3600
|
wx-ssh-keys-sign-create cwinfo sysadmin 3600
|
||||||
wx-ssh-sign-create cwchristerw sysadmin 3600
|
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-ssh-sign-create(){
|
wx-ssh-keys-sign-create(){
|
||||||
wx-restricted
|
wx-restricted
|
||||||
|
|
||||||
NAME=$1
|
NAME=$1
|
||||||
@ -561,6 +572,91 @@ wx-ssh-sign-create(){
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
wx-ssh-keys-retrieve(){
|
||||||
|
if [[ -z $2 ]]
|
||||||
|
then
|
||||||
|
wx-header "SSH / Keys / Retrieve"
|
||||||
|
fi
|
||||||
|
|
||||||
|
wx-restricted
|
||||||
|
if [[ ! -z $1 ]]
|
||||||
|
then
|
||||||
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
|
if [[ $VAULT_STATUS -eq 200 ]]
|
||||||
|
then
|
||||||
|
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||||
|
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-ssh-keys-save(){
|
||||||
|
wx-header "SSH / Keys / Save"
|
||||||
|
wx-restricted
|
||||||
|
if [[ ! -z $1 ]]
|
||||||
|
then
|
||||||
|
if [[ -f "$HOME/.ssh/keys/$1" ]]
|
||||||
|
then
|
||||||
|
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-ssh-keys-sync(){
|
||||||
|
wx-header "SSH / Keys / Sync"
|
||||||
|
wx-restricted
|
||||||
|
|
||||||
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
|
if [[ $VAULT_STATUS -eq 200 ]]
|
||||||
|
then
|
||||||
|
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||||
|
do
|
||||||
|
echo $name
|
||||||
|
wx-ssh-keys-retrieve $name --multiple
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
wx-ssh-keys-clean(){
|
||||||
|
if [[ -z $1 ]]
|
||||||
|
then
|
||||||
|
wx-header "SSH / Keys / Clean"
|
||||||
|
fi
|
||||||
|
wx-restricted
|
||||||
|
|
||||||
|
if [[ ! -z $1 ]]
|
||||||
|
then
|
||||||
|
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
|
||||||
|
then
|
||||||
|
rm "$HOME/.ssh/keys/$1" &> /dev/null
|
||||||
|
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
|
||||||
|
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [[ $ORG == "warengroup" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-clean warengroup
|
||||||
|
elif [[ $ORG == "cwinfo" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-clean cwinfo
|
||||||
|
elif [[ $ORG == "cwchristerw" ]]
|
||||||
|
then
|
||||||
|
wx-ssh-keys-clean warengroup
|
||||||
|
wx-ssh-keys-clean cwinfo
|
||||||
|
wx-ssh-keys-clean cwchristerw
|
||||||
|
fi
|
||||||
|
|
||||||
|
for file in ~/.ssh/keys/*
|
||||||
|
do
|
||||||
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
||||||
|
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
|
||||||
|
then
|
||||||
|
rm "$file" &> /dev/null
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
|
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
|
||||||
then
|
then
|
||||||
|
Loading…
Reference in New Issue
Block a user