Compare commits

..

No commits in common. "4e9ae9109e71740bfbae37ee249afa64669f3bda" and "13e0deb5f530f6e58615535bbeebb5de6020a630" have entirely different histories.

17 changed files with 170 additions and 361 deletions

0
build.sh Executable file → Normal file
View File

View File

@ -1,13 +0,0 @@
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.config/warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi
fi
}

View File

@ -4,5 +4,5 @@ wx-auto(){
wx-ssh-config-sync wx-ssh-config-sync
wx-ssh-keys-sync wx-ssh-keys-sync
wx-ssh-keys-sign wx-ssh-sign
} }

View File

@ -13,15 +13,12 @@ Common Commands:
edit Edit edit Edit
save Save save Save
sync Sync sync Sync
clean Clean
keys Keys keys Keys
generate Generate generate Generate
sign Sign delete Delete
retrieve Retrieve
save Save save Save
sync Sync sync Sync
delete Delete sign Certificates
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
@ -29,12 +26,8 @@ Authentication Commands:
Management Commands: Management Commands:
auto Auto auto Auto
clean Clean
settings Settings
Maintenance Commands:
install Install install Install
update Update settings Settings
"; ";
} }

View File

@ -1,6 +1,6 @@
wx-infra(){ wx-infra(){
wx-login wx-login
wx-auto &> /dev/null wx-ssh-sign &> /dev/null
wx-header "Infra" wx-header "Infra"
wx-restricted wx-restricted

8
src/commands/logout.sh Normal file
View File

@ -0,0 +1,8 @@
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi
}

View File

@ -1,8 +0,0 @@
wx-uninstall(){
wx-header "Uninstall"
wx-logout
if [[ ! -d "$HOME/.config/warengroup" ]]
then
rm "$HOME/.config/warengroup" -rf
fi
}

View File

@ -1,6 +0,0 @@
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}

View File

@ -7,6 +7,9 @@ wx-ssh(){
chmod 700 -R $HOME/.ssh/multiplex chmod 700 -R $HOME/.ssh/multiplex
case $1 in case $1 in
sign)
wx-ssh-sign
;;
keys) keys)
wx-ssh-keys $2 $3 wx-ssh-keys $2 $3
;; ;;
@ -15,6 +18,7 @@ wx-ssh(){
;; ;;
*) *)
wx-header "SSH" wx-header "SSH"
wx-stop wx-stop
;; ;;
esac esac

View File

@ -13,9 +13,6 @@ wx-ssh-config(){
sync) sync)
wx-ssh-config-sync wx-ssh-config-sync
;; ;;
clean)
wx-ssh-config-clean
;;
*) *)
wx-ssh-config-sync wx-ssh-config-sync
wx-stop wx-stop
@ -24,34 +21,23 @@ wx-ssh-config(){
} }
wx-ssh-config-edit(){ wx-ssh-config-edit(){
wx-header "SSH / Config / Edit" wx-header "SSH / Config"
wx-restricted wx-restricted
nano ~/.ssh/config nano ~/.ssh/config
} }
wx-ssh-config-save(){ wx-ssh-config-save(){
wx-header "SSH / Config / Save" wx-header "SSH / Config"
wx-restricted wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
} }
wx-ssh-config-sync(){ wx-ssh-config-sync(){
wx-header "SSH / Config / Sync" wx-header "SSH / Config"
wx-restricted wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi fi
} }

View File

@ -7,9 +7,6 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2 wx-ssh-keys-generate $2
wx-ssh-keys-save $2 wx-ssh-keys-save $2
;; ;;
sign)
wx-ssh-keys-sign
;;
retrieve) retrieve)
wx-ssh-keys-retrieve $2 wx-ssh-keys-retrieve $2
;; ;;
@ -20,19 +17,17 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2 wx-ssh-keys-sync $2
;; ;;
delete) delete)
wx-ssh-keys-delete $2 wx-ssh-keys-remove $2
;;
clean)
wx-ssh-keys-clean $2
;; ;;
*) *)
wx-ssh-keys-sync
wx-stop wx-stop
;; ;;
esac esac
} }
wx-ssh-keys-generate(){ wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate" wx-header "SSH / Keys"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -43,50 +38,8 @@ wx-ssh-keys-generate(){
fi fi
} }
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){ wx-ssh-keys-retrieve(){
if [[ -z $2 ]] wx-header "SSH / Keys"
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -100,7 +53,7 @@ wx-ssh-keys-retrieve(){
} }
wx-ssh-keys-save(){ wx-ssh-keys-save(){
wx-header "SSH / Keys / Save" wx-header "SSH / Keys"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -112,56 +65,7 @@ wx-ssh-keys-save(){
} }
wx-ssh-keys-sync(){ wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync" wx-header "SSH / Keys"
wx-restricted wx-restricted
echo ""
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
} }

37
src/commands/ssh/sign.sh Normal file
View File

@ -0,0 +1,37 @@
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}

308
wx
View File

@ -85,6 +85,15 @@ wx-stop (){
exit 1 exit 1
} }
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-sign
}
wx-help(){ wx-help(){
wx-header "Help" wx-header "Help"
@ -100,15 +109,12 @@ Common Commands:
edit Edit edit Edit
save Save save Save
sync Sync sync Sync
clean Clean
keys Keys keys Keys
generate Generate generate Generate
sign Sign delete Delete
retrieve Retrieve
save Save save Save
sync Sync sync Sync
delete Delete sign Certificates
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
@ -116,19 +122,15 @@ Authentication Commands:
Management Commands: Management Commands:
auto Auto auto Auto
clean Clean
settings Settings
Maintenance Commands:
install Install install Install
update Update settings Settings
"; ";
} }
wx-infra(){ wx-infra(){
wx-login wx-login
wx-auto &> /dev/null wx-ssh-sign &> /dev/null
wx-header "Infra" wx-header "Infra"
wx-restricted wx-restricted
@ -164,30 +166,24 @@ wx-infra(){
esac esac
} }
wx-ssh(){ wx-install(){
wx-login if [[ -z $1 ]]
then
wx-header "Install"
fi
mkdir -p $HOME/.ssh/keys wx-restricted
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
case $1 in if [[ -f "./wx" ]] && [[ -d "./src" ]]
keys) then
wx-ssh-keys $2 $3 podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
;; mv wx.tmp wx &> /dev/null
config) chmod +x wx &> /dev/null
wx-ssh-config $2 fi
;;
*)
wx-header "SSH"
wx-stop
;;
esac
}
wx-welcome(){ mkdir $HOME/bin &> /dev/null
wx-header "Welcome" curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
} }
wx-login(){ wx-login(){
@ -364,45 +360,42 @@ wx-login(){
wx-logout(){ wx-logout(){
wx-header "Logout" wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
VAULT_LOGIN=$(cat $HOME/.config/warengroup/config.json | jq -r .login) jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]] mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
then
wx-clean
jq '.login = {}' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi
fi fi
} }
wx-install(){ wx-settings(){
if [[ -z $1 ]] wx-login
then wx-header "Settings"
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
} }
wx-uninstall(){ wx-ssh(){
wx-header "Uninstall" wx-login
wx-logout
if [[ ! -d "$HOME/.config/warengroup" ]] mkdir -p $HOME/.ssh/keys
then chmod 700 -R $HOME/.ssh/keys
rm "$HOME/.config/warengroup" -rf mkdir -p $HOME/.ssh/multiplex
fi chmod 700 -R $HOME/.ssh/multiplex
case $1 in
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
} }
wx-update(){ wx-update(){
@ -410,25 +403,8 @@ wx-update(){
wx-install --update wx-install --update
} }
wx-auto(){ wx-welcome(){
wx-login wx-header "Welcome"
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-keys-sign
}
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}
wx-settings(){
wx-login
wx-header "Settings"
} }
wx-ssh-config(){ wx-ssh-config(){
@ -446,9 +422,6 @@ wx-ssh-config(){
sync) sync)
wx-ssh-config-sync wx-ssh-config-sync
;; ;;
clean)
wx-ssh-config-clean
;;
*) *)
wx-ssh-config-sync wx-ssh-config-sync
wx-stop wx-stop
@ -457,35 +430,24 @@ wx-ssh-config(){
} }
wx-ssh-config-edit(){ wx-ssh-config-edit(){
wx-header "SSH / Config / Edit" wx-header "SSH / Config"
wx-restricted wx-restricted
nano ~/.ssh/config nano ~/.ssh/config
} }
wx-ssh-config-save(){ wx-ssh-config-save(){
wx-header "SSH / Config / Save" wx-header "SSH / Config"
wx-restricted wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
} }
wx-ssh-config-sync(){ wx-ssh-config-sync(){
wx-header "SSH / Config / Sync" wx-header "SSH / Config"
wx-restricted wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi fi
} }
@ -498,9 +460,6 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2 wx-ssh-keys-generate $2
wx-ssh-keys-save $2 wx-ssh-keys-save $2
;; ;;
sign)
wx-ssh-keys-sign
;;
retrieve) retrieve)
wx-ssh-keys-retrieve $2 wx-ssh-keys-retrieve $2
;; ;;
@ -511,19 +470,17 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2 wx-ssh-keys-sync $2
;; ;;
delete) delete)
wx-ssh-keys-delete $2 wx-ssh-keys-remove $2
;;
clean)
wx-ssh-keys-clean $2
;; ;;
*) *)
wx-ssh-keys-sync
wx-stop wx-stop
;; ;;
esac esac
} }
wx-ssh-keys-generate(){ wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate" wx-header "SSH / Keys"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -534,25 +491,57 @@ wx-ssh-keys-generate(){
fi fi
} }
wx-ssh-keys-sign(){ wx-ssh-keys-retrieve(){
wx-header "SSH / Keys / Sign" wx-header "SSH / Keys"
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys"
wx-restricted
echo ""
}
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted wx-restricted
if [[ $ORG == "warengroup" ]] if [[ $ORG == "warengroup" ]]
then then
wx-ssh-keys-sign-create warengroup sysadmin 3600 wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]] elif [[ $ORG == "cwinfo" ]]
then then
wx-ssh-keys-sign-create cwinfo sysadmin 3600 wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]] elif [[ $ORG == "cwchristerw" ]]
then then
wx-ssh-keys-sign-create warengroup sysadmin 3600 wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600 wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600 wx-ssh-sign-create cwchristerw sysadmin 3600
fi fi
} }
wx-ssh-keys-sign-create(){ wx-ssh-sign-create(){
wx-restricted wx-restricted
NAME=$1 NAME=$1
@ -572,91 +561,6 @@ wx-ssh-keys-sign-create(){
fi fi
} }
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]] if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
then then