warengroup/wx
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: warengroup:77a54ef1f65e8a004677c3c44fc5ce0bceac5c17
Branches Tags
warengroup:master warengroup:develop
...
compare: warengroup:master
Branches Tags
warengroup:develop warengroup:master

3 Commits
77a54ef1f6 ... master

Author SHA1 Message Date
Christer Warén
7898e55f30 Fix missing token variable in login command when auth method is ldap 2025-11-26 21:16:39 +02:00
Christer Warén
3fafb66781 FIx typos part 2 2025-11-10 21:13:56 +02:00
Christer Warén
54409a4197 FIx typos 2025-11-10 19:48:07 +02:00
16 changed files with 72 additions and 58 deletions
Expand all files Collapse all files

2
src/commands/auth/login.sh
View File

@@ -64,6 +64,7 @@ wx-login(){
wxi-stop wxi-stop
fi fi
TOKEN=$VAULT_LOGIN
wxi-config login wxi-config login
;; ;;
token) token)
@@ -107,6 +108,7 @@ wx-login(){
wxi-stop wxi-stop
fi fi
TOKEN=$VAULT_LOGIN
wxi-config login wxi-config login
;; ;;
*) *)

4
src/commands/infra.sh
View File

@@ -21,12 +21,12 @@ wx-infra(){
mkdir -p "$INFRA_PATH/vault" &> /dev/null mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \ curl \
-H "X-Vault-Token: $VAULT_TOKEN" \ -H "X-Vault-Token: $TOKEN" \
-X GET \ -X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw" https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \ curl \
-H "X-Vault-Token: $VAULT_TOKEN" \ -H "X-Vault-Token: $TOKEN" \
-X GET \ -X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup" https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi fi

2
src/commands/management/auto.sh
View File

@@ -1,4 +1,6 @@
wx-auto(){ wx-auto(){
wx-login &> /dev/null
wxi-header "Auto" wxi-header "Auto"
wxi-restricted wxi-restricted
wxi-footer wxi-footer

3
src/commands/management/settings.sh
View File

@@ -1,4 +1,7 @@
wx-settings(){ wx-settings(){
wx-login &> /dev/null
wx-auto &> /dev/null
wxi-header "Settings" wxi-header "Settings"
wxi-restricted --user wxi-restricted --user
wxi-footer wxi-footer

2
src/commands/ssh/config/clean.sh
View File

@@ -2,7 +2,7 @@ wxi-ssh-config-clean(){
wxi-header "SSH / Config / Clean" wxi-header "SSH / Config / Clean"
wxi-restricted wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then then
rm "$HOME/.ssh/config" rm "$HOME/.ssh/config"

2
src/commands/ssh/config/save.sh
View File

@@ -4,7 +4,7 @@ wxi-ssh-config-save(){
if [[ -f "$HOME/.ssh/config" ]] if [[ -f "$HOME/.ssh/config" ]]
then then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
fi fi
wxi-footer wxi-footer
} }

6
src/commands/ssh/config/sync.sh
View File

@@ -2,15 +2,15 @@ wxi-ssh-config-sync(){
wxi-header "SSH / Config / Sync" wxi-header "SSH / Config / Sync"
wxi-restricted wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
touch ~/.ssh/config touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64) SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]] if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config chmod 700 ~/.ssh/config
fi fi
fi fi

10
src/commands/ssh/keys.sh
View File

@@ -1,18 +1,18 @@
wxi-ssh-keys(){ wxi-ssh-keys(){
case ${args['3']} in case ${args['3']} in
generate) generate)
wxi-ssh-keys-retrieve wxi-ssh-keys-retrieve ${args['4']}
wxi-ssh-keys-generate wxi-ssh-keys-generate ${args['4']}
wxi-ssh-keys-save wxi-ssh-keys-save ${args['4']}
;; ;;
sign) sign)
wxi-ssh-keys-sign wxi-ssh-keys-sign
;; ;;
retrieve) retrieve)
wxi-ssh-keys-retrieve wxi-ssh-keys-retrieve ${args['4']}
;; ;;
save) save)
wxi-ssh-keys-save wxi-ssh-keys-save ${args['4']}
;; ;;
sync) sync)
wxi-ssh-keys-sync wxi-ssh-keys-sync

6
src/commands/ssh/keys/clean.sh
View File

@@ -11,16 +11,16 @@ wxi-ssh-keys-clean(){
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi fi
else else
wx-ssh-keys-clean $ORG wxi-ssh-keys-clean $ORG
if [[ $USERNAME == "cwchristerw" ]] if [[ $USERNAME == "cwchristerw" ]]
then then
wx-ssh-keys-clean warengroup wxi-ssh-keys-clean warengroup
fi fi
for file in ~/.ssh/keys/* for file in ~/.ssh/keys/*
do do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $TOKEN")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
rm "$file" &> /dev/null rm "$file" &> /dev/null

6
src/commands/ssh/keys/retrieve.sh
View File

@@ -4,12 +4,12 @@ wxi-ssh-keys-retrieve(){
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1 chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub chmod 700 ~/.ssh/keys/$1.pub
fi fi
fi fi

2
src/commands/ssh/keys/save.sh
View File

@@ -6,7 +6,7 @@ wxi-ssh-keys-save(){
then then
if [[ -f "$HOME/.ssh/keys/$1" ]] if [[ -f "$HOME/.ssh/keys/$1" ]]
then then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi fi
fi fi
wxi-footer wxi-footer

6
src/commands/ssh/keys/sign.sh
View File

@@ -2,11 +2,11 @@ wxi-ssh-keys-sign(){
wxi-header "SSH / Keys / Sign" wxi-header "SSH / Keys / Sign"
wxi-restricted wxi-restricted
wx-ssh-keys-sign-create $ORG sysadmin 3600 wxi-ssh-keys-sign-create $ORG sysadmin 3600
if [[ $USERNAME == "cwchristerw" ]] if [[ $USERNAME == "cwchristerw" ]]
then then
wx-ssh-keys-sign-create warengroup sysadmin 3600 wxi-ssh-keys-sign-create warengroup sysadmin 3600
fi fi
wxi-footer wxi-footer
} }
@@ -22,6 +22,6 @@ wxi-ssh-keys-sign-create(){
if [[ -f "$HOME/.ssh/keys/$NAME" ]] if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then then
wxi-content text "$NAME/$ROLE" wxi-content text "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi fi
} }

8
src/commands/ssh/keys/sync.sh
View File

@@ -1,13 +1,13 @@
wxi-ssh-keys-sync(){ wxi-ssh-keys-sync(){
wxi-header "SSH / Keys / Sync" wxi-header "SSH / Keys / Sync"
wxi-restricted wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \') for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
do do
echo $name wxi-content text $name
wx-ssh-keys-retrieve $name --multiple wxi-ssh-keys-retrieve $name &> /dev/null
done done
fi fi
wxi-footer wxi-footer

2
src/functions/config.sh
View File

@@ -1,7 +1,7 @@
wxi-config(){ wxi-config(){
case $1 in case $1 in
login) login)
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp jq '.login.'$ORG'.token = "'$TOKEN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
;; ;;
*) *)
echo -n "" echo -n ""

4
src/functions/restricted.sh
View File

@@ -28,10 +28,10 @@ wxi-restricted(){
wxi-stop wxi-stop
;; ;;
esac esac
elif [[ $(hostname -d) = *"devices.waren.io" ]] elif [[ $(hostname -d) == "devices.waren.io" ]]
then then
ORG=warengroup ORG=warengroup
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
then then
ORG=cwchristerw ORG=cwchristerw
fi fi

65
wx
View File

@@ -12,7 +12,7 @@ declare -Ax messages
wxi-config(){ wxi-config(){
case $1 in case $1 in
login) login)
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp jq '.login.'$ORG'.token = "'$TOKEN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
;; ;;
*) *)
echo -n "" echo -n ""
@@ -52,10 +52,10 @@ wxi-restricted(){
wxi-stop wxi-stop
;; ;;
esac esac
elif [[ $(hostname -d) = *"devices.waren.io" ]] elif [[ $(hostname -d) == "devices.waren.io" ]]
then then
ORG=warengroup ORG=warengroup
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
then then
ORG=cwchristerw ORG=cwchristerw
fi fi
@@ -293,12 +293,12 @@ wx-infra(){
mkdir -p "$INFRA_PATH/vault" &> /dev/null mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \ curl \
-H "X-Vault-Token: $VAULT_TOKEN" \ -H "X-Vault-Token: $TOKEN" \
-X GET \ -X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw" https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \ curl \
-H "X-Vault-Token: $VAULT_TOKEN" \ -H "X-Vault-Token: $TOKEN" \
-X GET \ -X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup" https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi fi
@@ -448,6 +448,7 @@ wx-login(){
wxi-stop wxi-stop
fi fi
TOKEN=$VAULT_LOGIN
wxi-config login wxi-config login
;; ;;
token) token)
@@ -491,6 +492,7 @@ wx-login(){
wxi-stop wxi-stop
fi fi
TOKEN=$VAULT_LOGIN
wxi-config login wxi-config login
;; ;;
*) *)
@@ -609,6 +611,8 @@ wx-update(){
} }
wx-auto(){ wx-auto(){
wx-login &> /dev/null
wxi-header "Auto" wxi-header "Auto"
wxi-restricted wxi-restricted
wxi-footer wxi-footer
@@ -628,6 +632,9 @@ wx-clean(){
} }
wx-settings(){ wx-settings(){
wx-login &> /dev/null
wx-auto &> /dev/null
wxi-header "Settings" wxi-header "Settings"
wxi-restricted --user wxi-restricted --user
wxi-footer wxi-footer
@@ -658,18 +665,18 @@ wxi-ssh-config(){
wxi-ssh-keys(){ wxi-ssh-keys(){
case ${args['3']} in case ${args['3']} in
generate) generate)
wxi-ssh-keys-retrieve wxi-ssh-keys-retrieve ${args['4']}
wxi-ssh-keys-generate wxi-ssh-keys-generate ${args['4']}
wxi-ssh-keys-save wxi-ssh-keys-save ${args['4']}
;; ;;
sign) sign)
wxi-ssh-keys-sign wxi-ssh-keys-sign
;; ;;
retrieve) retrieve)
wxi-ssh-keys-retrieve wxi-ssh-keys-retrieve ${args['4']}
;; ;;
save) save)
wxi-ssh-keys-save wxi-ssh-keys-save ${args['4']}
;; ;;
sync) sync)
wxi-ssh-keys-sync wxi-ssh-keys-sync
@@ -688,7 +695,7 @@ wxi-ssh-config-clean(){
wxi-header "SSH / Config / Clean" wxi-header "SSH / Config / Clean"
wxi-restricted wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then then
rm "$HOME/.ssh/config" rm "$HOME/.ssh/config"
@@ -710,7 +717,7 @@ wxi-ssh-config-save(){
if [[ -f "$HOME/.ssh/config" ]] if [[ -f "$HOME/.ssh/config" ]]
then then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
fi fi
wxi-footer wxi-footer
} }
@@ -719,15 +726,15 @@ wxi-ssh-config-sync(){
wxi-header "SSH / Config / Sync" wxi-header "SSH / Config / Sync"
wxi-restricted wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
touch ~/.ssh/config touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64) SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]] if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config chmod 700 ~/.ssh/config
fi fi
fi fi
@@ -747,16 +754,16 @@ wxi-ssh-keys-clean(){
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi fi
else else
wx-ssh-keys-clean $ORG wxi-ssh-keys-clean $ORG
if [[ $USERNAME == "cwchristerw" ]] if [[ $USERNAME == "cwchristerw" ]]
then then
wx-ssh-keys-clean warengroup wxi-ssh-keys-clean warengroup
fi fi
for file in ~/.ssh/keys/* for file in ~/.ssh/keys/*
do do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $TOKEN")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
rm "$file" &> /dev/null rm "$file" &> /dev/null
@@ -787,12 +794,12 @@ wxi-ssh-keys-retrieve(){
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1 chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub chmod 700 ~/.ssh/keys/$1.pub
fi fi
fi fi
@@ -808,7 +815,7 @@ wxi-ssh-keys-save(){
then then
if [[ -f "$HOME/.ssh/keys/$1" ]] if [[ -f "$HOME/.ssh/keys/$1" ]]
then then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi fi
fi fi
wxi-footer wxi-footer
@@ -818,11 +825,11 @@ wxi-ssh-keys-sign(){
wxi-header "SSH / Keys / Sign" wxi-header "SSH / Keys / Sign"
wxi-restricted wxi-restricted
wx-ssh-keys-sign-create $ORG sysadmin 3600 wxi-ssh-keys-sign-create $ORG sysadmin 3600
if [[ $USERNAME == "cwchristerw" ]] if [[ $USERNAME == "cwchristerw" ]]
then then
wx-ssh-keys-sign-create warengroup sysadmin 3600 wxi-ssh-keys-sign-create warengroup sysadmin 3600
fi fi
wxi-footer wxi-footer
} }
@@ -838,20 +845,20 @@ wxi-ssh-keys-sign-create(){
if [[ -f "$HOME/.ssh/keys/$NAME" ]] if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then then
wxi-content text "$NAME/$ROLE" wxi-content text "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi fi
} }
wxi-ssh-keys-sync(){ wxi-ssh-keys-sync(){
wxi-header "SSH / Keys / Sync" wxi-header "SSH / Keys / Sync"
wxi-restricted wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \') for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
do do
echo $name wxi-content text $name
wx-ssh-keys-retrieve $name --multiple wxi-ssh-keys-retrieve $name &> /dev/null
done done
fi fi
wxi-footer wxi-footer