Compare commits

..

3 Commits

Author SHA1 Message Date
Christer Warén
4e9ae9109e Code Update 2024-06-16 04:03:45 +03:00
Christer Warén
0071b7407d Code Update 2024-06-16 04:01:17 +03:00
Christer Warén
b014dd1990 Code Update 2024-06-16 02:51:29 +03:00
17 changed files with 361 additions and 170 deletions

0
build.sh Normal file → Executable file
View File

View File

@ -0,0 +1,13 @@
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.config/warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi
fi
}

View File

@ -13,12 +13,15 @@ Common Commands:
edit Edit edit Edit
save Save save Save
sync Sync sync Sync
clean Clean
keys Keys keys Keys
generate Generate generate Generate
delete Delete sign Sign
retrieve Retrieve
save Save save Save
sync Sync sync Sync
sign Certificates delete Delete
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
@ -26,8 +29,12 @@ Authentication Commands:
Management Commands: Management Commands:
auto Auto auto Auto
install Install clean Clean
settings Settings settings Settings
Maintenance Commands:
install Install
update Update
"; ";
} }

View File

@ -1,6 +1,6 @@
wx-infra(){ wx-infra(){
wx-login wx-login
wx-ssh-sign &> /dev/null wx-auto &> /dev/null
wx-header "Infra" wx-header "Infra"
wx-restricted wx-restricted

View File

@ -1,8 +0,0 @@
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi
}

View File

@ -0,0 +1,8 @@
wx-uninstall(){
wx-header "Uninstall"
wx-logout
if [[ ! -d "$HOME/.config/warengroup" ]]
then
rm "$HOME/.config/warengroup" -rf
fi
}

View File

@ -4,5 +4,5 @@ wx-auto(){
wx-ssh-config-sync wx-ssh-config-sync
wx-ssh-keys-sync wx-ssh-keys-sync
wx-ssh-sign wx-ssh-keys-sign
} }

View File

@ -0,0 +1,6 @@
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}

View File

@ -7,9 +7,6 @@ wx-ssh(){
chmod 700 -R $HOME/.ssh/multiplex chmod 700 -R $HOME/.ssh/multiplex
case $1 in case $1 in
sign)
wx-ssh-sign
;;
keys) keys)
wx-ssh-keys $2 $3 wx-ssh-keys $2 $3
;; ;;
@ -18,7 +15,6 @@ wx-ssh(){
;; ;;
*) *)
wx-header "SSH" wx-header "SSH"
wx-stop wx-stop
;; ;;
esac esac

View File

@ -13,6 +13,9 @@ wx-ssh-config(){
sync) sync)
wx-ssh-config-sync wx-ssh-config-sync
;; ;;
clean)
wx-ssh-config-clean
;;
*) *)
wx-ssh-config-sync wx-ssh-config-sync
wx-stop wx-stop
@ -21,23 +24,34 @@ wx-ssh-config(){
} }
wx-ssh-config-edit(){ wx-ssh-config-edit(){
wx-header "SSH / Config" wx-header "SSH / Config / Edit"
wx-restricted wx-restricted
nano ~/.ssh/config nano ~/.ssh/config
} }
wx-ssh-config-save(){ wx-ssh-config-save(){
wx-header "SSH / Config" wx-header "SSH / Config / Save"
wx-restricted wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
} }
wx-ssh-config-sync(){ wx-ssh-config-sync(){
wx-header "SSH / Config" wx-header "SSH / Config / Sync"
wx-restricted wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi fi
} }

View File

@ -7,6 +7,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2 wx-ssh-keys-generate $2
wx-ssh-keys-save $2 wx-ssh-keys-save $2
;; ;;
sign)
wx-ssh-keys-sign
;;
retrieve) retrieve)
wx-ssh-keys-retrieve $2 wx-ssh-keys-retrieve $2
;; ;;
@ -17,17 +20,19 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2 wx-ssh-keys-sync $2
;; ;;
delete) delete)
wx-ssh-keys-remove $2 wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;; ;;
*) *)
wx-ssh-keys-sync
wx-stop wx-stop
;; ;;
esac esac
} }
wx-ssh-keys-generate(){ wx-ssh-keys-generate(){
wx-header "SSH / Keys" wx-header "SSH / Keys / Generate"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -38,8 +43,50 @@ wx-ssh-keys-generate(){
fi fi
} }
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){ wx-ssh-keys-retrieve(){
wx-header "SSH / Keys" if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -53,7 +100,7 @@ wx-ssh-keys-retrieve(){
} }
wx-ssh-keys-save(){ wx-ssh-keys-save(){
wx-header "SSH / Keys" wx-header "SSH / Keys / Save"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -65,7 +112,56 @@ wx-ssh-keys-save(){
} }
wx-ssh-keys-sync(){ wx-ssh-keys-sync(){
wx-header "SSH / Keys" wx-header "SSH / Keys / Sync"
wx-restricted wx-restricted
echo ""
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
} }

View File

@ -1,37 +0,0 @@
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}

304
wx
View File

@ -85,15 +85,6 @@ wx-stop (){
exit 1 exit 1
} }
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-sign
}
wx-help(){ wx-help(){
wx-header "Help" wx-header "Help"
@ -109,12 +100,15 @@ Common Commands:
edit Edit edit Edit
save Save save Save
sync Sync sync Sync
clean Clean
keys Keys keys Keys
generate Generate generate Generate
delete Delete sign Sign
retrieve Retrieve
save Save save Save
sync Sync sync Sync
sign Certificates delete Delete
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
@ -122,15 +116,19 @@ Authentication Commands:
Management Commands: Management Commands:
auto Auto auto Auto
install Install clean Clean
settings Settings settings Settings
Maintenance Commands:
install Install
update Update
"; ";
} }
wx-infra(){ wx-infra(){
wx-login wx-login
wx-ssh-sign &> /dev/null wx-auto &> /dev/null
wx-header "Infra" wx-header "Infra"
wx-restricted wx-restricted
@ -166,24 +164,30 @@ wx-infra(){
esac esac
} }
wx-install(){ wx-ssh(){
if [[ -z $1 ]] wx-login
then
wx-header "Install"
fi
wx-restricted mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
if [[ -f "./wx" ]] && [[ -d "./src" ]] case $1 in
then keys)
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null wx-ssh-keys $2 $3
mv wx.tmp wx &> /dev/null ;;
chmod +x wx &> /dev/null config)
fi wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
}
mkdir $HOME/bin &> /dev/null wx-welcome(){
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null wx-header "Welcome"
chmod +x $HOME/bin/wx &> /dev/null
} }
wx-login(){ wx-login(){
@ -360,42 +364,45 @@ wx-login(){
wx-logout(){ wx-logout(){
wx-header "Logout" wx-header "Logout"
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
then then
VAULT_LOGIN=$(cat $HOME/.config/warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi fi
fi
} }
wx-settings(){ wx-install(){
wx-login if [[ -z $1 ]]
wx-header "Settings" then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
} }
wx-ssh(){ wx-uninstall(){
wx-login wx-header "Uninstall"
wx-logout
mkdir -p $HOME/.ssh/keys if [[ ! -d "$HOME/.config/warengroup" ]]
chmod 700 -R $HOME/.ssh/keys then
mkdir -p $HOME/.ssh/multiplex rm "$HOME/.config/warengroup" -rf
chmod 700 -R $HOME/.ssh/multiplex fi
case $1 in
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
} }
wx-update(){ wx-update(){
@ -403,8 +410,25 @@ wx-update(){
wx-install --update wx-install --update
} }
wx-welcome(){ wx-auto(){
wx-header "Welcome" wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-keys-sign
}
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}
wx-settings(){
wx-login
wx-header "Settings"
} }
wx-ssh-config(){ wx-ssh-config(){
@ -422,6 +446,9 @@ wx-ssh-config(){
sync) sync)
wx-ssh-config-sync wx-ssh-config-sync
;; ;;
clean)
wx-ssh-config-clean
;;
*) *)
wx-ssh-config-sync wx-ssh-config-sync
wx-stop wx-stop
@ -430,24 +457,35 @@ wx-ssh-config(){
} }
wx-ssh-config-edit(){ wx-ssh-config-edit(){
wx-header "SSH / Config" wx-header "SSH / Config / Edit"
wx-restricted wx-restricted
nano ~/.ssh/config nano ~/.ssh/config
} }
wx-ssh-config-save(){ wx-ssh-config-save(){
wx-header "SSH / Config" wx-header "SSH / Config / Save"
wx-restricted wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
} }
wx-ssh-config-sync(){ wx-ssh-config-sync(){
wx-header "SSH / Config" wx-header "SSH / Config / Sync"
wx-restricted wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi fi
} }
@ -460,6 +498,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2 wx-ssh-keys-generate $2
wx-ssh-keys-save $2 wx-ssh-keys-save $2
;; ;;
sign)
wx-ssh-keys-sign
;;
retrieve) retrieve)
wx-ssh-keys-retrieve $2 wx-ssh-keys-retrieve $2
;; ;;
@ -470,17 +511,19 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2 wx-ssh-keys-sync $2
;; ;;
delete) delete)
wx-ssh-keys-remove $2 wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;; ;;
*) *)
wx-ssh-keys-sync
wx-stop wx-stop
;; ;;
esac esac
} }
wx-ssh-keys-generate(){ wx-ssh-keys-generate(){
wx-header "SSH / Keys" wx-header "SSH / Keys / Generate"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -491,57 +534,25 @@ wx-ssh-keys-generate(){
fi fi
} }
wx-ssh-keys-retrieve(){ wx-ssh-keys-sign(){
wx-header "SSH / Keys" wx-header "SSH / Keys / Sign"
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys"
wx-restricted
echo ""
}
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted wx-restricted
if [[ $ORG == "warengroup" ]] if [[ $ORG == "warengroup" ]]
then then
wx-ssh-sign-create warengroup sysadmin 3600 wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]] elif [[ $ORG == "cwinfo" ]]
then then
wx-ssh-sign-create cwinfo sysadmin 3600 wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]] elif [[ $ORG == "cwchristerw" ]]
then then
wx-ssh-sign-create warengroup sysadmin 3600 wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600 wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600 wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi fi
} }
wx-ssh-sign-create(){ wx-ssh-keys-sign-create(){
wx-restricted wx-restricted
NAME=$1 NAME=$1
@ -561,6 +572,91 @@ wx-ssh-sign-create(){
fi fi
} }
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]] if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
then then