Compare commits
3 Commits
77a54ef1f6
...
develop
| Author | SHA1 | Date | |
|---|---|---|---|
|
7898e55f30 | ||
|
|
3fafb66781 | ||
|
|
54409a4197 |
@@ -64,6 +64,7 @@ wx-login(){
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login
|
||||
;;
|
||||
token)
|
||||
@@ -107,6 +108,7 @@ wx-login(){
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login
|
||||
;;
|
||||
*)
|
||||
|
||||
@@ -21,12 +21,12 @@ wx-infra(){
|
||||
mkdir -p "$INFRA_PATH/vault" &> /dev/null
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
|
||||
fi
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
wx-auto(){
|
||||
wx-login &> /dev/null
|
||||
|
||||
wxi-header "Auto"
|
||||
wxi-restricted
|
||||
wxi-footer
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
wx-settings(){
|
||||
wx-login &> /dev/null
|
||||
wx-auto &> /dev/null
|
||||
|
||||
wxi-header "Settings"
|
||||
wxi-restricted --user
|
||||
wxi-footer
|
||||
|
||||
@@ -2,7 +2,7 @@ wxi-ssh-config-clean(){
|
||||
wxi-header "SSH / Config / Clean"
|
||||
wxi-restricted
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
rm "$HOME/.ssh/config"
|
||||
|
||||
@@ -4,7 +4,7 @@ wxi-ssh-config-save(){
|
||||
|
||||
if [[ -f "$HOME/.ssh/config" ]]
|
||||
then
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||
fi
|
||||
wxi-footer
|
||||
}
|
||||
|
||||
@@ -2,15 +2,15 @@ wxi-ssh-config-sync(){
|
||||
wxi-header "SSH / Config / Sync"
|
||||
wxi-restricted
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
touch ~/.ssh/config
|
||||
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
|
||||
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
|
||||
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
|
||||
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
|
||||
then
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||
chmod 700 ~/.ssh/config
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -1,18 +1,18 @@
|
||||
wxi-ssh-keys(){
|
||||
case ${args['3']} in
|
||||
generate)
|
||||
wxi-ssh-keys-retrieve
|
||||
wxi-ssh-keys-generate
|
||||
wxi-ssh-keys-save
|
||||
wxi-ssh-keys-retrieve ${args['4']}
|
||||
wxi-ssh-keys-generate ${args['4']}
|
||||
wxi-ssh-keys-save ${args['4']}
|
||||
;;
|
||||
sign)
|
||||
wxi-ssh-keys-sign
|
||||
;;
|
||||
retrieve)
|
||||
wxi-ssh-keys-retrieve
|
||||
wxi-ssh-keys-retrieve ${args['4']}
|
||||
;;
|
||||
save)
|
||||
wxi-ssh-keys-save
|
||||
wxi-ssh-keys-save ${args['4']}
|
||||
;;
|
||||
sync)
|
||||
wxi-ssh-keys-sync
|
||||
|
||||
@@ -11,16 +11,16 @@ wxi-ssh-keys-clean(){
|
||||
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
|
||||
fi
|
||||
else
|
||||
wx-ssh-keys-clean $ORG
|
||||
wxi-ssh-keys-clean $ORG
|
||||
|
||||
if [[ $USERNAME == "cwchristerw" ]]
|
||||
then
|
||||
wx-ssh-keys-clean warengroup
|
||||
wxi-ssh-keys-clean warengroup
|
||||
fi
|
||||
|
||||
for file in ~/.ssh/keys/*
|
||||
do
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
rm "$file" &> /dev/null
|
||||
|
||||
@@ -4,12 +4,12 @@ wxi-ssh-keys-retrieve(){
|
||||
|
||||
if [[ ! -z $1 ]]
|
||||
then
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||
chmod 700 ~/.ssh/keys/$1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||
chmod 700 ~/.ssh/keys/$1.pub
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -6,7 +6,7 @@ wxi-ssh-keys-save(){
|
||||
then
|
||||
if [[ -f "$HOME/.ssh/keys/$1" ]]
|
||||
then
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||
fi
|
||||
fi
|
||||
wxi-footer
|
||||
|
||||
@@ -2,11 +2,11 @@ wxi-ssh-keys-sign(){
|
||||
wxi-header "SSH / Keys / Sign"
|
||||
wxi-restricted
|
||||
|
||||
wx-ssh-keys-sign-create $ORG sysadmin 3600
|
||||
wxi-ssh-keys-sign-create $ORG sysadmin 3600
|
||||
|
||||
if [[ $USERNAME == "cwchristerw" ]]
|
||||
then
|
||||
wx-ssh-keys-sign-create warengroup sysadmin 3600
|
||||
wxi-ssh-keys-sign-create warengroup sysadmin 3600
|
||||
fi
|
||||
wxi-footer
|
||||
}
|
||||
@@ -22,6 +22,6 @@ wxi-ssh-keys-sign-create(){
|
||||
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
|
||||
then
|
||||
wxi-content text "$NAME/$ROLE"
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
wxi-ssh-keys-sync(){
|
||||
wxi-header "SSH / Keys / Sync"
|
||||
wxi-restricted
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||
do
|
||||
echo $name
|
||||
wx-ssh-keys-retrieve $name --multiple
|
||||
wxi-content text $name
|
||||
wxi-ssh-keys-retrieve $name &> /dev/null
|
||||
done
|
||||
fi
|
||||
wxi-footer
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
wxi-config(){
|
||||
case $1 in
|
||||
login)
|
||||
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
jq '.login.'$ORG'.token = "'$TOKEN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
;;
|
||||
*)
|
||||
echo -n ""
|
||||
|
||||
@@ -28,10 +28,10 @@ wxi-restricted(){
|
||||
wxi-stop
|
||||
;;
|
||||
esac
|
||||
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
||||
elif [[ $(hostname -d) == "devices.waren.io" ]]
|
||||
then
|
||||
ORG=warengroup
|
||||
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
||||
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
|
||||
then
|
||||
ORG=cwchristerw
|
||||
fi
|
||||
|
||||
65
wx
65
wx
@@ -12,7 +12,7 @@ declare -Ax messages
|
||||
wxi-config(){
|
||||
case $1 in
|
||||
login)
|
||||
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
jq '.login.'$ORG'.token = "'$TOKEN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
;;
|
||||
*)
|
||||
echo -n ""
|
||||
@@ -52,10 +52,10 @@ wxi-restricted(){
|
||||
wxi-stop
|
||||
;;
|
||||
esac
|
||||
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
||||
elif [[ $(hostname -d) == "devices.waren.io" ]]
|
||||
then
|
||||
ORG=warengroup
|
||||
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
||||
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
|
||||
then
|
||||
ORG=cwchristerw
|
||||
fi
|
||||
@@ -293,12 +293,12 @@ wx-infra(){
|
||||
mkdir -p "$INFRA_PATH/vault" &> /dev/null
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
|
||||
fi
|
||||
@@ -448,6 +448,7 @@ wx-login(){
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login
|
||||
;;
|
||||
token)
|
||||
@@ -491,6 +492,7 @@ wx-login(){
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login
|
||||
;;
|
||||
*)
|
||||
@@ -609,6 +611,8 @@ wx-update(){
|
||||
}
|
||||
|
||||
wx-auto(){
|
||||
wx-login &> /dev/null
|
||||
|
||||
wxi-header "Auto"
|
||||
wxi-restricted
|
||||
wxi-footer
|
||||
@@ -628,6 +632,9 @@ wx-clean(){
|
||||
}
|
||||
|
||||
wx-settings(){
|
||||
wx-login &> /dev/null
|
||||
wx-auto &> /dev/null
|
||||
|
||||
wxi-header "Settings"
|
||||
wxi-restricted --user
|
||||
wxi-footer
|
||||
@@ -658,18 +665,18 @@ wxi-ssh-config(){
|
||||
wxi-ssh-keys(){
|
||||
case ${args['3']} in
|
||||
generate)
|
||||
wxi-ssh-keys-retrieve
|
||||
wxi-ssh-keys-generate
|
||||
wxi-ssh-keys-save
|
||||
wxi-ssh-keys-retrieve ${args['4']}
|
||||
wxi-ssh-keys-generate ${args['4']}
|
||||
wxi-ssh-keys-save ${args['4']}
|
||||
;;
|
||||
sign)
|
||||
wxi-ssh-keys-sign
|
||||
;;
|
||||
retrieve)
|
||||
wxi-ssh-keys-retrieve
|
||||
wxi-ssh-keys-retrieve ${args['4']}
|
||||
;;
|
||||
save)
|
||||
wxi-ssh-keys-save
|
||||
wxi-ssh-keys-save ${args['4']}
|
||||
;;
|
||||
sync)
|
||||
wxi-ssh-keys-sync
|
||||
@@ -688,7 +695,7 @@ wxi-ssh-config-clean(){
|
||||
wxi-header "SSH / Config / Clean"
|
||||
wxi-restricted
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
rm "$HOME/.ssh/config"
|
||||
@@ -710,7 +717,7 @@ wxi-ssh-config-save(){
|
||||
|
||||
if [[ -f "$HOME/.ssh/config" ]]
|
||||
then
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||
fi
|
||||
wxi-footer
|
||||
}
|
||||
@@ -719,15 +726,15 @@ wxi-ssh-config-sync(){
|
||||
wxi-header "SSH / Config / Sync"
|
||||
wxi-restricted
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
touch ~/.ssh/config
|
||||
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
|
||||
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
|
||||
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
|
||||
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
|
||||
then
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||
chmod 700 ~/.ssh/config
|
||||
fi
|
||||
fi
|
||||
@@ -747,16 +754,16 @@ wxi-ssh-keys-clean(){
|
||||
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
|
||||
fi
|
||||
else
|
||||
wx-ssh-keys-clean $ORG
|
||||
wxi-ssh-keys-clean $ORG
|
||||
|
||||
if [[ $USERNAME == "cwchristerw" ]]
|
||||
then
|
||||
wx-ssh-keys-clean warengroup
|
||||
wxi-ssh-keys-clean warengroup
|
||||
fi
|
||||
|
||||
for file in ~/.ssh/keys/*
|
||||
do
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
rm "$file" &> /dev/null
|
||||
@@ -787,12 +794,12 @@ wxi-ssh-keys-retrieve(){
|
||||
|
||||
if [[ ! -z $1 ]]
|
||||
then
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||
chmod 700 ~/.ssh/keys/$1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||
chmod 700 ~/.ssh/keys/$1.pub
|
||||
fi
|
||||
fi
|
||||
@@ -808,7 +815,7 @@ wxi-ssh-keys-save(){
|
||||
then
|
||||
if [[ -f "$HOME/.ssh/keys/$1" ]]
|
||||
then
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||
fi
|
||||
fi
|
||||
wxi-footer
|
||||
@@ -818,11 +825,11 @@ wxi-ssh-keys-sign(){
|
||||
wxi-header "SSH / Keys / Sign"
|
||||
wxi-restricted
|
||||
|
||||
wx-ssh-keys-sign-create $ORG sysadmin 3600
|
||||
wxi-ssh-keys-sign-create $ORG sysadmin 3600
|
||||
|
||||
if [[ $USERNAME == "cwchristerw" ]]
|
||||
then
|
||||
wx-ssh-keys-sign-create warengroup sysadmin 3600
|
||||
wxi-ssh-keys-sign-create warengroup sysadmin 3600
|
||||
fi
|
||||
wxi-footer
|
||||
}
|
||||
@@ -838,20 +845,20 @@ wxi-ssh-keys-sign-create(){
|
||||
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
|
||||
then
|
||||
wxi-content text "$NAME/$ROLE"
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
wxi-ssh-keys-sync(){
|
||||
wxi-header "SSH / Keys / Sync"
|
||||
wxi-restricted
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||
do
|
||||
echo $name
|
||||
wx-ssh-keys-retrieve $name --multiple
|
||||
wxi-content text $name
|
||||
wxi-ssh-keys-retrieve $name &> /dev/null
|
||||
done
|
||||
fi
|
||||
wxi-footer
|
||||
|
||||
Reference in New Issue
Block a user