warengroup/wx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: warengroup:54647e5c198fe97d6863b9288c49d9d827d5f8a8
Branches Tags
warengroup:master
..
compare: warengroup:master
Branches Tags
warengroup:master

90 Commits
54647e5c19 ... master

Author SHA1 Message Date
Christer Warén
67fabf0ce1 Code Update 2025-06-26 23:07:14 +03:00
Christer Warén
fe56c50bfb Code Update 2025-06-23 09:35:37 +03:00
Christer Warén
eb14aa46ff Code Update 2025-06-22 01:24:09 +03:00
Christer Warén
c59d1b374d Code Update 2025-06-22 01:22:12 +03:00
Christer Warén
1a99d2e2a1 Code Update 2025-06-22 00:44:42 +03:00
Christer Warén
1d03f7be64 Code Update 2025-06-22 00:31:52 +03:00
Christer Warén
994e44d8f1 Code Update 2025-06-22 00:22:15 +03:00
Christer Warén
f016a452cd Remove Hostname variable from login process 2025-06-21 23:46:20 +03:00
Christer Warén
c17b9a0e42 Code Update 2025-05-10 12:09:50 +03:00
Christer Warén
a91d5d6011 Code Update 2025-05-10 11:29:56 +03:00
Christer Warén
3a0902fe8e Code Update 2025-04-27 15:39:50 +03:00
Christer Warén
9baae5bccc Code Update 2025-04-27 15:32:10 +03:00
Christer Warén
7b837fdba7 Code Update 2025-04-27 15:21:27 +03:00
Christer Warén
283b7538e6 Rename build.sh to maintainer.sh 2025-01-04 08:18:12 +02:00
Christer Warén
14ae6e5dad Fix typo in code 2025-01-04 06:22:06 +02:00
Christer Warén
87608f9bfb Code Update 2025-01-04 06:19:35 +02:00
Christer Warén
5903932328 Update copyright year 2025-01-01 18:00:22 +02:00
Christer Warén
96193196cc Fix typo on curl that will get Vault passwords in Infra command 2024-11-23 07:42:02 +02:00
Christer Warén
0186421fc6 Get Ansible vault passwords in Infra command 2024-11-23 07:18:17 +02:00
Christer Warén
714feda225 Hide git command output from stdout in Infra command 2024-11-23 07:06:57 +02:00
Christer Warén
3d834933e7 Fix home directory issue 2024-11-23 07:04:12 +02:00
Christer Warén
dd72a873ab Temporarily disable using jump host when getting Infra repo from Git server 2024-11-23 07:01:33 +02:00
Christer Warén
81cd3a1c1c Create secondary Infra directory and pull changes when using Infra command 2024-11-23 06:57:41 +02:00
Christer Warén
b52f1d4486 Add secondary Infra repo path to Infra command 2024-11-23 06:50:26 +02:00
Christer Warén
42239ef54d Add secondary Ansible Vault to cwchristerw user 2024-11-22 00:16:35 +02:00
Christer Warén
256a79e427 Code Update 2024-06-24 06:32:58 +03:00
Christer Warén
b36f98e5e9 Hide Clean output in logout command 2024-06-19 20:56:27 +03:00
Christer Warén
2f33daaaa7 Code Update 2024-06-16 04:06:43 +03:00
Christer Warén
4e9ae9109e Code Update 2024-06-16 04:03:45 +03:00
Christer Warén
0071b7407d Code Update 2024-06-16 04:01:17 +03:00
Christer Warén
b014dd1990 Code Update 2024-06-16 02:51:29 +03:00
Christer Warén
13e0deb5f5 Code Update 2024-06-03 23:10:36 +03:00
Christer Warén
b5b1b88763 Code Update 2024-06-01 15:27:05 +03:00
Christer Warén
90414af2dc Code Update 2024-06-01 02:09:21 +03:00
Christer Warén
e1b05fbc51 Code Update 2024-06-01 01:53:48 +03:00
Christer Warén
a614d63d1c Code Update 2024-06-01 01:11:20 +03:00
Christer Warén
ca14cb1988 Build Script 2024-06-01 00:28:36 +03:00
Christer Warén
e36265403e Code Update 2024-06-01 00:28:18 +03:00
Christer Warén
0ef3f8d8d6 Code Update 2024-05-31 23:26:44 +03:00
Christer Warén
706a917dbf Code Update 2024-05-30 19:19:35 +03:00
Christer Warén
7f950148e0 Code Update 2024-05-30 19:10:31 +03:00
Christer Warén
a54f68ded0 Code Update 2024-05-30 16:00:50 +03:00
Christer Warén
29be307377 Code Update 2024-05-30 15:56:01 +03:00
Christer Warén
02c84ef45f Code Update 2024-05-30 15:51:49 +03:00
Christer Warén
399372294c README.md Update 2024-05-30 15:34:13 +03:00
Christer Warén
0b0237ede5 Code Update 2024-05-30 15:33:31 +03:00
Christer Warén
2df1590a6d Code Update 2024-05-20 00:30:48 +03:00
Christer Warén
18d3ed8890 Code Update 2024-05-18 02:13:48 +03:00
Christer Warén
25bf1a9ebc Code Update 2024-05-15 17:51:45 +03:00
Christer Warén
1852b1a119 Code Update 2024-05-15 17:48:58 +03:00
Christer Warén
3618a34c41 Code Update 2024-05-09 13:26:22 +03:00
Christer Warén
a6cb4ae626 Code Update 2024-05-04 18:08:46 +03:00
Christer Warén
fb02109d68 Code Update 2024-05-03 01:26:36 +03:00
Christer Warén
b58142a45f Code Update 2024-05-03 00:53:02 +03:00
Christer Warén
26dac6550c Source Update 2024-05-01 03:18:34 +03:00
Christer Warén
6b9afb0ed0 Source Update 2024-05-01 02:55:43 +03:00
Christer Warén
7765af850a Source Update 2024-05-01 02:52:21 +03:00
Christer Warén
cb76cbd190 Update Install instructions in README.md 2024-05-01 01:50:58 +03:00
Christer Warén
7a5c84f5c0 ReadMe Update 2024-05-01 01:37:57 +03:00
Christer Warén
ecaa7e3a73 Source Update 2024-04-29 21:38:01 +03:00
Christer Warén
a2478d0a7a Source Update 2024-04-29 21:35:32 +03:00
Christer Warén
71cf24869a Fix typo 2024-04-29 21:27:50 +03:00
Christer Warén
d1b32a0296 Source Update 2024-04-29 07:57:18 +03:00
Christer Warén
aff9e6d985 Source Update 2024-04-29 07:52:51 +03:00
Christer Warén
7b7c540e12 Source Update 2024-04-29 07:51:17 +03:00
Christer Warén
dc0bdf6755 Source Update 2024-04-29 07:46:45 +03:00
Christer Warén
c5359ed8f5 Source Update 2024-04-29 07:43:45 +03:00
Christer Warén
3d04f2f24c Source Update 2024-04-29 07:39:30 +03:00
Christer Warén
cc1cc6e39f Source Update 2024-04-29 07:22:08 +03:00
Christer Warén
6619193dc6 Source Update 2024-04-29 07:18:35 +03:00
Christer Warén
963770b974 Source Update 2024-04-29 06:00:07 +03:00
Christer Warén
d54100edf8 Source Update 2024-04-29 05:06:21 +03:00
Christer Warén
28aed09fd1 Source Update 2024-04-28 06:08:57 +03:00
Christer Warén
824ca7168c Source Update 2024-04-28 01:26:18 +03:00
Christer Warén
0da7c1ade1 Source Update 2024-04-28 01:19:47 +03:00
Christer Warén
b2d3908d6f Source Update 2024-04-27 23:32:06 +03:00
Christer Warén
91ae087bd4 Generator Update 2024-04-27 21:14:13 +03:00
Christer Warén
ee152b0562 Source Update 2024-04-27 21:13:32 +03:00
Christer Warén
56b6f58f4e Docs Update 2024-04-27 20:09:05 +03:00
Christer Warén
fb3c902d9a Generator Update 2024-04-27 20:08:52 +03:00
Christer Warén
9f0df0dbdf Build Update 2024-04-27 20:08:43 +03:00
Christer Warén
3daa8a84dc Source Update 2024-04-27 20:08:15 +03:00
Christer Warén
a1ff2b40d7 Source Update 2024-04-27 18:25:14 +03:00
Christer Warén
0b8ea6b7bf Config Update 2024-04-26 06:35:00 +03:00
Christer Warén
2c5ddd1280 Source Update 2024-04-26 06:34:52 +03:00
Christer Warén
219aac45e5 Source Update 2024-04-26 06:25:59 +03:00
Christer Warén
8808aa7b93 Source Update 2024-04-26 06:22:52 +03:00
Christer Warén
d3901ba519 Source Update 2024-04-26 06:20:28 +03:00
Christer Warén
d99860148b Source Update 2024-04-26 05:49:45 +03:00
Christer Warén
9a740b9873 Generator Update 2024-04-26 05:49:32 +03:00
29 changed files with 1376 additions and 155 deletions
Expand all files Collapse all files

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2023-2024 Warén Group Copyright (c) 2023-2025 Warén Group
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

16
README.md
View File

@ -1 +1,15 @@
# Warén Group - WX # Warén Group - Warén CLI (wx)
## Install
```
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
export PATH=$HOME/bin:$PATH
```
## Schedule
```
# Warén CLI
*/30 * * * * $HOME/bin/wx auto
```

10
config.yml
View File

@ -1,10 +0,0 @@
---
warengroup:
domain: waren.io
folder: warengroup
cwinfo:
domain: cwinfo.net
folder: cwinfo
cwchristerw:
domain: christerwaren.fi
folder: cwchristerw

18
generator.php
View File

@ -6,28 +6,32 @@ $base = file_get_contents(__DIR__."/src/base.sh");
$dirs = [ $dirs = [
__DIR__.'/src/commands/*.sh', __DIR__.'/src/commands/*.sh',
__DIR__.'/src/commands/*/*.sh', __DIR__.'/src/commands/*/*.sh',
__DIR__.'/src/commands/*/*/*.sh' __DIR__.'/src/commands/*/*/*.sh',
__DIR__.'/src/functions/*.sh'
]; ];
$codes = []; $codes = [];
foreach($dirs as $dir){ foreach($dirs as $dir){
foreach(glob($dir) as $file){ foreach(glob($dir) as $file){
$codes[$file] = file_get_contents($file); if(str_contains($dir, "functions")){
$codes['functions'][$file] = file_get_contents($file);
}
if(str_contains($dir, "commands")){
$codes['commands'][$file] = file_get_contents($file);
}
} }
} }
$code = str_replace("{{ COMMANDS }}", implode("\n", $codes), $base); $code = str_replace("{{ FUNCTIONS }}", implode("\n", $codes['functions']), $base);
$code = str_replace("{{ COMMANDS }}", implode("\n", $codes['commands']), $code);
try { try {
$file = __DIR__.'/wx'; $file = __DIR__.'/wx.tmp';
$file = fopen($file, "w"); $file = fopen($file, "w");
fwrite($file, $code); fwrite($file, $code);
fclose($file); fclose($file);
echo "Status: Successful";
} catch (\Error $e) { } catch (\Error $e) {
echo "Status: Failed";
} }
?> ?>

13
maintainer.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
if [ ! "$BASH_VERSION" ] ; then
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi

60
src/base.sh
View File

@ -5,49 +5,27 @@ if [ ! "$BASH_VERSION" ] ; then
exit 1 exit 1
fi fi
warencli-syntax-line-douple() { wxRed=$(tput setaf 196)
echo -n " wxGreen=$(tput setaf 46)
============================== wxYellow=$(tput setaf 226)
" wxBlue=$(tput setaf 21)
} wxPurple=$(tput setaf 165)
wxTurquoise=$(tput setaf 14)
wxPink=$(tput setaf 198)
wxOrange=$(tput setaf 202)
wxUnderline=$(tput smul)
wxBold=$(tput bold)
wxNormal=$(tput sgr0)
warencli-syntax-line-single() { declare -Ax config
echo -n "
------------------------------
"
}
warencli-start() {
warencli-syntax-line-douple
echo -n "Warén CLI "
warencli-syntax-line-douple
}
warencli-stop () {
echo " "
exit 1
}
warencli-update() {
if [[ -d "./src" ]]; then
echo ">>> Building... <<<"
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php
else
echo ">>> Updating... <<<"
sudo curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o /opt/wx &> /dev/null
if [[ -d "/usr/bin" ]]; then
sudo ln -sf /opt/wx /usr/bin/wx &> /dev/null
fi
sudo chmod +x /usr/bin/wx &> /dev/null
fi
}
{{ FUNCTIONS }}
{{ COMMANDS }} {{ COMMANDS }}
COMMAND=$1 if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
then
warencli-start wx-$1 $2 $3 $4 $5 $6 $7 $8 $9
if [[ ! -z $1 ]]; then else
warencli-$1 $2 $3 $4 $5 $6 $7 $8 $9 wx-welcome
fi fi
warencli-stop wx-stop

165
src/commands/auth/login.sh
View File

@ -1,3 +1,164 @@
warencli-login() { wx-login(){
echo ">>> Authentication: Login"; if [[ ! -z $1 ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
then
ORG=cwinfo
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else
wx-header "Login"
echo "Status: Organization Required"
wx-stop
fi
if [[ $ORG == "warengroup" ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
wx-header "Login"
echo "Status: Organization Unsupported"
wx-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
wx-header "Login"
echo "Status: Username Required"
wx-stop
else
USERNAME=$LOGNAME
fi
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then
echo -n "Username: "
read USERNAME
else
echo "Username: $USERNAME"
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
read -s PASSWORD
echo "****************"
if [[ -z $USERNAME || -z $PASSWORD ]]
then
echo "Status: Username & Password Required"
wx-stop
else
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo -n "Token: "
read -s TOKEN
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
echo "Status: Vault Token Required"
wx-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo "Status: Vault Offline"
wx-stop
fi
} }

14
src/commands/auth/logout.sh
View File

@ -1,3 +1,13 @@
warencli-logout() { wx-logout(){
echo ">>> Authentication: Logout"; wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
} }

26
src/commands/help.sh
View File

@ -1,22 +1,40 @@
warencli-help() { wx-help(){
echo "
wx-header "Help"
echo -n "
Usage: $0 COMMAND [OPTIONS] Usage: $0 COMMAND [OPTIONS]
Common Commands: Common Commands:
init Init
help Help
ssh SSH ssh SSH
config Config config Config
sign Certificates edit Edit
save Save
sync Sync
clean Clean
keys Keys
generate Generate
sign Sign
retrieve Retrieve
save Save
sync Sync
delete Delete
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
logout Logout logout Logout
Management Commands: Management Commands:
auto Auto
clean Clean
settings Settings settings Settings
Maintenance Commands: Maintenance Commands:
install Install install Install
update Update update Update
"; ";
}
}

75
src/commands/infra.sh Normal file
View File

@ -0,0 +1,75 @@
wx-infra(){
wx-login
wx-auto &> /dev/null
wx-header "Infra"
wx-restricted
case $USERNAME in
cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
else
INFRA_PATH="$HOME/.warengroup/infra"
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]]
then
echo "Tag Required"
else
if [[ $1 == "init" ]]
then
if [[ -z $2 ]]
then
2=init
fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
else
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi
fi
;;
*)
echo "User Unsupported"
;;
esac
}

3
src/commands/install.sh
View File

@ -1,3 +0,0 @@
warencli-install() {
echo ">>> Install";
}

19
src/commands/maintenance/install.sh Normal file
View File

@ -0,0 +1,19 @@
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
}

8
src/commands/maintenance/uninstall.sh Normal file
View File

@ -0,0 +1,8 @@
wx-uninstall(){
wx-header "Uninstall"
wx-logout
if [[ ! -d "$HOME/.warengroup" ]]
then
rm "$HOME/.warengroup" -rf
fi
}

4
src/commands/maintenance/update.sh Normal file
View File

@ -0,0 +1,4 @@
wx-update(){
wx-header "Update"
wx-install --update
}

8
src/commands/management/auto.sh Normal file
View File

@ -0,0 +1,8 @@
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-keys-sign
}

6
src/commands/management/clean.sh Normal file
View File

@ -0,0 +1,6 @@
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}

4
src/commands/management/settings.sh Normal file
View File

@ -0,0 +1,4 @@
wx-settings(){
wx-login
wx-header "Settings"
}

3
src/commands/settings.sh
View File

@ -1,3 +0,0 @@
warencli-settings() {
echo ">>> Settings";
}

17
src/commands/ssh.sh
View File

@ -1,3 +1,16 @@
warencli-ssh() { wx-ssh(){
echo ">>> SSH"; wx-login
case $1 in
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
} }

64
src/commands/ssh/config.sh
View File

@ -1,3 +1,63 @@
warencli-ssh-config(){ wx-ssh-config(){
echo ">>> SSH: Config" wx-restricted
case $1 in
edit)
wx-ssh-config-sync
wx-ssh-config-edit
wx-ssh-config-save
;;
save)
wx-ssh-config-save
;;
sync)
wx-ssh-config-sync
;;
clean)
wx-ssh-config-clean
;;
*)
wx-ssh-config-sync
wx-stop
;;
esac
}
wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted
nano ~/.ssh/config
}
wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
} }

169
src/commands/ssh/keys.sh Normal file
View File

@ -0,0 +1,169 @@
wx-ssh-keys(){
wx-restricted
case $1 in
generate)
wx-ssh-keys-retrieve $2
wx-ssh-keys-generate $2
wx-ssh-keys-save $2
;;
sign)
wx-ssh-keys-sign
;;
retrieve)
wx-ssh-keys-retrieve $2
;;
save)
wx-ssh-keys-save $2
;;
sync)
wx-ssh-keys-sync $2
;;
delete)
wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;;
*)
wx-stop
;;
esac
}
wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ ! -f "$HOME/.ssh/keys/$1" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null
fi
fi
}
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}

3
src/commands/ssh/sign.sh
View File

@ -1,3 +0,0 @@
warencli-ssh-sign(){
echo ">>> SSH: Certificates"
}

3
src/commands/welcome.sh Normal file
View File

@ -0,0 +1,3 @@
wx-welcome(){
wx-header "Welcome"
}

24
src/functions/header.sh Normal file
View File

@ -0,0 +1,24 @@
wx-header(){
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}

5
src/functions/repeat.sh Normal file
View File

@ -0,0 +1,5 @@
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}

10
src/functions/restricted.sh Normal file
View File

@ -0,0 +1,10 @@
wx-restricted(){
if [[ $USER == "root" || $USER == "local" ]]
then
echo "Status: Command Restricted"
echo " "
echo " "
echo " "
exit 1
fi
}

15
src/functions/start.sh Normal file
View File

@ -0,0 +1,15 @@
wx-start(){
wx-header "Warén CLI" h1
mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then
echo '{}' | jq > $HOME/.warengroup/config.json
fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
}

14
src/functions/stop.sh Normal file
View File

@ -0,0 +1,14 @@
wx-stop (){
echo " "
echo " "
echo " "
wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
then
wx-logout
fi
exit 1
}

737
wx
View File

@ -5,99 +5,704 @@ if [ ! "$BASH_VERSION" ] ; then
exit 1 exit 1
fi fi
warencli-syntax-line-douple() { wxRed=$(tput setaf 196)
echo -n " wxGreen=$(tput setaf 46)
============================== wxYellow=$(tput setaf 226)
" wxBlue=$(tput setaf 21)
wxPurple=$(tput setaf 165)
wxTurquoise=$(tput setaf 14)
wxPink=$(tput setaf 198)
wxOrange=$(tput setaf 202)
wxUnderline=$(tput smul)
wxBold=$(tput bold)
wxNormal=$(tput sgr0)
declare -Ax config
wx-header(){
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
} }
warencli-syntax-line-single() { wx-repeat() {
echo -n " local str=$1 n=$2 spaces
------------------------------ printf -v spaces "%*s" $n " "
" printf "%s" "${spaces// /$str}"
} }
warencli-start() { wx-restricted(){
warencli-syntax-line-douple if [[ $USER == "root" || $USER == "local" ]]
echo -n "Warén CLI " then
warencli-syntax-line-douple echo "Status: Command Restricted"
}
warencli-stop () {
echo " " echo " "
echo " "
echo " "
exit 1
fi
}
wx-start(){
wx-header "Warén CLI" h1
mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then
echo '{}' | jq > $HOME/.warengroup/config.json
fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
}
wx-stop (){
echo " "
echo " "
echo " "
wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
then
wx-logout
fi
exit 1 exit 1
} }
warencli-update() { wx-help(){
if [[ -d "./src" ]]; then
echo ">>> Building... <<<"
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php
else
echo ">>> Updating... <<<"
sudo curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o /opt/wx &> /dev/null
if [[ -d "/usr/bin" ]]; then
sudo ln -sf /opt/wx /usr/bin/wx &> /dev/null
fi
sudo chmod +x /usr/bin/wx &> /dev/null
fi
}
warencli-help() { wx-header "Help"
echo "
echo -n "
Usage: $0 COMMAND [OPTIONS] Usage: $0 COMMAND [OPTIONS]
Common Commands: Common Commands:
init Init
help Help
ssh SSH ssh SSH
config Config config Config
sign Certificates edit Edit
save Save
sync Sync
clean Clean
keys Keys
generate Generate
sign Sign
retrieve Retrieve
save Save
sync Sync
delete Delete
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
logout Logout logout Logout
Management Commands: Management Commands:
auto Auto
clean Clean
settings Settings settings Settings
Maintenance Commands: Maintenance Commands:
install Install install Install
update Update update Update
"; ";
}
wx-infra(){
wx-login
wx-auto &> /dev/null
wx-header "Infra"
wx-restricted
case $USERNAME in
cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
else
INFRA_PATH="$HOME/.warengroup/infra"
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]]
then
echo "Tag Required"
else
if [[ $1 == "init" ]]
then
if [[ -z $2 ]]
then
2=init
fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
else
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi
fi
;;
*)
echo "User Unsupported"
;;
esac
}
wx-ssh(){
wx-login
case $1 in
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
}
wx-welcome(){
wx-header "Welcome"
}
wx-login(){
if [[ ! -z $1 ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
then
ORG=cwinfo
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else
wx-header "Login"
echo "Status: Organization Required"
wx-stop
fi
if [[ $ORG == "warengroup" ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
wx-header "Login"
echo "Status: Organization Unsupported"
wx-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
wx-header "Login"
echo "Status: Username Required"
wx-stop
else
USERNAME=$LOGNAME
fi
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then
echo -n "Username: "
read USERNAME
else
echo "Username: $USERNAME"
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
read -s PASSWORD
echo "****************"
if [[ -z $USERNAME || -z $PASSWORD ]]
then
echo "Status: Username & Password Required"
wx-stop
else
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo -n "Token: "
read -s TOKEN
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
echo "Status: Vault Token Required"
wx-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo "Status: Vault Offline"
wx-stop
fi
}
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
}
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
}
wx-uninstall(){
wx-header "Uninstall"
wx-logout
if [[ ! -d "$HOME/.warengroup" ]]
then
rm "$HOME/.warengroup" -rf
fi
}
wx-update(){
wx-header "Update"
wx-install --update
}
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-keys-sign
}
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}
wx-settings(){
wx-login
wx-header "Settings"
}
wx-ssh-config(){
wx-restricted
case $1 in
edit)
wx-ssh-config-sync
wx-ssh-config-edit
wx-ssh-config-save
;;
save)
wx-ssh-config-save
;;
sync)
wx-ssh-config-sync
;;
clean)
wx-ssh-config-clean
;;
*)
wx-ssh-config-sync
wx-stop
;;
esac
}
wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted
nano ~/.ssh/config
}
wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
}
wx-ssh-keys(){
wx-restricted
case $1 in
generate)
wx-ssh-keys-retrieve $2
wx-ssh-keys-generate $2
wx-ssh-keys-save $2
;;
sign)
wx-ssh-keys-sign
;;
retrieve)
wx-ssh-keys-retrieve $2
;;
save)
wx-ssh-keys-save $2
;;
sync)
wx-ssh-keys-sync $2
;;
delete)
wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;;
*)
wx-stop
;;
esac
}
wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ ! -f "$HOME/.ssh/keys/$1" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null
fi
fi
}
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
} }
warencli-install() { if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
echo ">>> Install"; then
} wx-$1 $2 $3 $4 $5 $6 $7 $8 $9
else
warencli-settings() { wx-welcome
echo ">>> Settings";
}
warencli-ssh() {
echo ">>> SSH";
}
warencli-login() {
echo ">>> Authentication: Login";
}
warencli-logout() {
echo ">>> Authentication: Logout";
}
warencli-ssh-config(){
echo ">>> SSH: Config"
}
warencli-ssh-sign(){
echo ">>> SSH: Certificates"
}
COMMAND=$1
warencli-start
if [[ ! -z $1 ]]; then
warencli-$1 $2 $3 $4 $5 $6 $7 $8 $9
fi fi
warencli-stop wx-stop