Compare commits
13 Commits
77a54ef1f6
...
develop
| Author | SHA1 | Date | |
|---|---|---|---|
|
869a22cb73 | ||
|
|
21db6ac4e9 | ||
|
|
7dd2a07186 | ||
|
|
a37fce53e8 | ||
|
|
a9539ffb9d | ||
|
|
c479044caf | ||
|
|
c9008a981b | ||
|
|
a9e5b2c336 | ||
|
|
cf9bc49c27 | ||
|
|
d91a7c21c0 | ||
|
|
7898e55f30 | ||
|
|
3fafb66781 | ||
|
|
54409a4197 |
@@ -6,25 +6,25 @@ wx-login(){
|
||||
|
||||
wxi-header "$ORG_HEADER" h3
|
||||
|
||||
if [[ ! -z ${args['login-type']} ]]
|
||||
if [[ ! -z ${args['auth-method']} ]]
|
||||
then
|
||||
LOGIN_TYPE=${args['login-type']}
|
||||
AUTH_METHOD=${args['auth-method']}
|
||||
elif [[ ! -z ${args['token']} ]]
|
||||
then
|
||||
LOGIN_TYPE=token
|
||||
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
|
||||
AUTH_METHOD=token
|
||||
elif [[ $(wxi-config login read) ]]
|
||||
then
|
||||
LOGIN_TYPE=token
|
||||
AUTH_METHOD=token
|
||||
elif [[ ! -z ${args['username']} ]]
|
||||
then
|
||||
LOGIN_TYPE=ldap
|
||||
AUTH_METHOD=ldap
|
||||
else
|
||||
LOGIN_TYPE=ldap
|
||||
AUTH_METHOD=ldap
|
||||
fi
|
||||
|
||||
if [[ ! -z $LOGIN_TYPE ]]
|
||||
if [[ ! -z $AUTH_METHOD ]]
|
||||
then
|
||||
case $LOGIN_TYPE in
|
||||
case $AUTH_METHOD in
|
||||
ldap)
|
||||
echo -n "Username: "
|
||||
if [[ ! -z ${args['username']} ]]
|
||||
@@ -61,10 +61,12 @@ wx-login(){
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
wxi-content status "Login" "Failed"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
wxi-config login
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login write
|
||||
;;
|
||||
token)
|
||||
echo -n "Token: "
|
||||
@@ -74,9 +76,9 @@ wx-login(){
|
||||
then
|
||||
TOKEN=${args['token']}
|
||||
fi
|
||||
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
|
||||
elif [[ $(wxi-config login read) ]]
|
||||
then
|
||||
TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)
|
||||
TOKEN=$(wxi-config login read)
|
||||
else
|
||||
read -s TOKEN
|
||||
fi
|
||||
@@ -104,10 +106,19 @@ wx-login(){
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
wxi-content status "Login" "Failed"
|
||||
wxi-stop
|
||||
wxi-footer
|
||||
|
||||
if [[ $(wxi-config login read) ]]
|
||||
then
|
||||
wx-logout &> /dev/null
|
||||
wx-login
|
||||
else
|
||||
wxi-stop
|
||||
fi
|
||||
fi
|
||||
|
||||
wxi-config login
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login write
|
||||
;;
|
||||
*)
|
||||
wxi-content status "Login Type" "Unsupported"
|
||||
|
||||
@@ -14,10 +14,8 @@ wx-logout(){
|
||||
then
|
||||
wxi-header "$ORG_HEADER" h3
|
||||
echo "Logging Out..."
|
||||
TOKEN=""
|
||||
wxi-config login
|
||||
wxi-config login erase
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
wx-infra(){
|
||||
wx-login &> /dev/null
|
||||
wx-login
|
||||
wx-auto &> /dev/null
|
||||
|
||||
wxi-header "Infra"
|
||||
@@ -21,12 +21,12 @@ wx-infra(){
|
||||
mkdir -p "$INFRA_PATH/vault" &> /dev/null
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
|
||||
fi
|
||||
@@ -54,6 +54,8 @@ wx-infra(){
|
||||
then
|
||||
wxi-header "Init" h3
|
||||
|
||||
host=${args['host']}
|
||||
|
||||
if [[ -z ${args['3']} ]]
|
||||
then
|
||||
tags=init
|
||||
@@ -61,15 +63,26 @@ wx-infra(){
|
||||
tags=${args['3']}
|
||||
fi
|
||||
|
||||
ansible-playbook $INFRA_VAULT playbooks/init.yml -t $tags --limit "${args['limit']}"
|
||||
ansible-playbook $INFRA_VAULT init.yml --tags $tags --limit "$host"
|
||||
elif [[ ${args['2']} == "manager" ]]
|
||||
then
|
||||
if [[ -z ${args['host']} ]]
|
||||
then
|
||||
host="*"
|
||||
else
|
||||
host=${args['host']}
|
||||
fi
|
||||
|
||||
operation=${args['operation']}
|
||||
extra_vars=${args['extra-vars']}
|
||||
|
||||
wxi-header "Manager" h3
|
||||
ansible-playbook $INFRA_VAULT manager.yml --extra-vars "${args['extra-vars']}"
|
||||
ansible-playbook $INFRA_VAULT manager.yml --tags $operation --extra-vars "host=$host" --extra-vars="$extra_vars"
|
||||
else
|
||||
wxi-header "Playbooks" h3
|
||||
wxi-header "Infra" h3
|
||||
host=${args['host']}
|
||||
tags=${args['2']}
|
||||
ansible-playbook $INFRA_VAULT playbooks.yml -t $tags --limit "${args['limit']}"
|
||||
ansible-playbook $INFRA_VAULT infra.yml --tags $tags --limit "$host"
|
||||
fi
|
||||
cd "$OLDPWD"
|
||||
fi
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
wx-auto(){
|
||||
wx-login
|
||||
|
||||
wxi-header "Auto"
|
||||
wxi-restricted
|
||||
wxi-footer
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
wx-settings(){
|
||||
wx-login
|
||||
wx-auto &> /dev/null
|
||||
|
||||
wxi-header "Settings"
|
||||
wxi-restricted --user
|
||||
wxi-footer
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
wx-ssh(){
|
||||
wx-login &> /dev/null
|
||||
wx-auto &> /dev/null
|
||||
|
||||
case ${args['2']} in
|
||||
config)
|
||||
|
||||
@@ -2,7 +2,7 @@ wxi-ssh-config-clean(){
|
||||
wxi-header "SSH / Config / Clean"
|
||||
wxi-restricted
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
rm "$HOME/.ssh/config"
|
||||
|
||||
@@ -4,7 +4,7 @@ wxi-ssh-config-save(){
|
||||
|
||||
if [[ -f "$HOME/.ssh/config" ]]
|
||||
then
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||
fi
|
||||
wxi-footer
|
||||
}
|
||||
|
||||
@@ -2,15 +2,15 @@ wxi-ssh-config-sync(){
|
||||
wxi-header "SSH / Config / Sync"
|
||||
wxi-restricted
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
touch ~/.ssh/config
|
||||
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
|
||||
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
|
||||
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
|
||||
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
|
||||
then
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||
chmod 700 ~/.ssh/config
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -1,18 +1,18 @@
|
||||
wxi-ssh-keys(){
|
||||
case ${args['3']} in
|
||||
generate)
|
||||
wxi-ssh-keys-retrieve
|
||||
wxi-ssh-keys-generate
|
||||
wxi-ssh-keys-save
|
||||
wxi-ssh-keys-retrieve ${args['4']}
|
||||
wxi-ssh-keys-generate ${args['4']}
|
||||
wxi-ssh-keys-save ${args['4']}
|
||||
;;
|
||||
sign)
|
||||
wxi-ssh-keys-sign
|
||||
;;
|
||||
retrieve)
|
||||
wxi-ssh-keys-retrieve
|
||||
wxi-ssh-keys-retrieve ${args['4']}
|
||||
;;
|
||||
save)
|
||||
wxi-ssh-keys-save
|
||||
wxi-ssh-keys-save ${args['4']}
|
||||
;;
|
||||
sync)
|
||||
wxi-ssh-keys-sync
|
||||
|
||||
@@ -11,16 +11,16 @@ wxi-ssh-keys-clean(){
|
||||
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
|
||||
fi
|
||||
else
|
||||
wx-ssh-keys-clean $ORG
|
||||
wxi-ssh-keys-clean $ORG
|
||||
|
||||
if [[ $USERNAME == "cwchristerw" ]]
|
||||
then
|
||||
wx-ssh-keys-clean warengroup
|
||||
wxi-ssh-keys-clean warengroup
|
||||
fi
|
||||
|
||||
for file in ~/.ssh/keys/*
|
||||
do
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
rm "$file" &> /dev/null
|
||||
|
||||
@@ -4,12 +4,12 @@ wxi-ssh-keys-retrieve(){
|
||||
|
||||
if [[ ! -z $1 ]]
|
||||
then
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||
chmod 700 ~/.ssh/keys/$1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||
chmod 700 ~/.ssh/keys/$1.pub
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -6,7 +6,7 @@ wxi-ssh-keys-save(){
|
||||
then
|
||||
if [[ -f "$HOME/.ssh/keys/$1" ]]
|
||||
then
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||
fi
|
||||
fi
|
||||
wxi-footer
|
||||
|
||||
@@ -2,11 +2,12 @@ wxi-ssh-keys-sign(){
|
||||
wxi-header "SSH / Keys / Sign"
|
||||
wxi-restricted
|
||||
|
||||
wx-ssh-keys-sign-create $ORG sysadmin 3600
|
||||
|
||||
if [[ $USERNAME == "cwchristerw" ]]
|
||||
then
|
||||
wx-ssh-keys-sign-create warengroup sysadmin 3600
|
||||
wxi-ssh-keys-sign-create cwchristerw sysadmin 3600
|
||||
wxi-ssh-keys-sign-create warengroup sysadmin 3600
|
||||
else
|
||||
wxi-ssh-keys-sign-create $ORG sysadmin 3600
|
||||
fi
|
||||
wxi-footer
|
||||
}
|
||||
@@ -22,6 +23,6 @@ wxi-ssh-keys-sign-create(){
|
||||
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
|
||||
then
|
||||
wxi-content text "$NAME/$ROLE"
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
wxi-ssh-keys-sync(){
|
||||
wxi-header "SSH / Keys / Sync"
|
||||
wxi-restricted
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||
do
|
||||
echo $name
|
||||
wx-ssh-keys-retrieve $name --multiple
|
||||
wxi-content text $name
|
||||
wxi-ssh-keys-retrieve $name &> /dev/null
|
||||
done
|
||||
fi
|
||||
wxi-footer
|
||||
|
||||
@@ -1,8 +1,24 @@
|
||||
wxi-config(){
|
||||
case $1 in
|
||||
login)
|
||||
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
;;
|
||||
case $2 in
|
||||
write)
|
||||
jq '.login.'$ORG'.token = "'$TOKEN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
;;
|
||||
read)
|
||||
if [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
|
||||
then
|
||||
cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
;;
|
||||
erase)
|
||||
TOKEN=""
|
||||
wxi-config login write
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
echo -n ""
|
||||
;;
|
||||
|
||||
@@ -28,10 +28,10 @@ wxi-restricted(){
|
||||
wxi-stop
|
||||
;;
|
||||
esac
|
||||
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
||||
elif [[ $(hostname -d) == "devices.waren.io" ]]
|
||||
then
|
||||
ORG=warengroup
|
||||
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
||||
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
|
||||
then
|
||||
ORG=cwchristerw
|
||||
fi
|
||||
|
||||
151
wx
151
wx
@@ -12,8 +12,24 @@ declare -Ax messages
|
||||
wxi-config(){
|
||||
case $1 in
|
||||
login)
|
||||
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
;;
|
||||
case $2 in
|
||||
write)
|
||||
jq '.login.'$ORG'.token = "'$TOKEN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||
;;
|
||||
read)
|
||||
if [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
|
||||
then
|
||||
cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
;;
|
||||
erase)
|
||||
TOKEN=""
|
||||
wxi-config login write
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
echo -n ""
|
||||
;;
|
||||
@@ -52,10 +68,10 @@ wxi-restricted(){
|
||||
wxi-stop
|
||||
;;
|
||||
esac
|
||||
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
||||
elif [[ $(hostname -d) == "devices.waren.io" ]]
|
||||
then
|
||||
ORG=warengroup
|
||||
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
||||
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
|
||||
then
|
||||
ORG=cwchristerw
|
||||
fi
|
||||
@@ -271,7 +287,7 @@ wxi-footer
|
||||
}
|
||||
|
||||
wx-infra(){
|
||||
wx-login &> /dev/null
|
||||
wx-login
|
||||
wx-auto &> /dev/null
|
||||
|
||||
wxi-header "Infra"
|
||||
@@ -293,12 +309,12 @@ wx-infra(){
|
||||
mkdir -p "$INFRA_PATH/vault" &> /dev/null
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
|
||||
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-H "X-Vault-Token: $TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
|
||||
fi
|
||||
@@ -326,6 +342,8 @@ wx-infra(){
|
||||
then
|
||||
wxi-header "Init" h3
|
||||
|
||||
host=${args['host']}
|
||||
|
||||
if [[ -z ${args['3']} ]]
|
||||
then
|
||||
tags=init
|
||||
@@ -333,15 +351,26 @@ wx-infra(){
|
||||
tags=${args['3']}
|
||||
fi
|
||||
|
||||
ansible-playbook $INFRA_VAULT playbooks/init.yml -t $tags --limit "${args['limit']}"
|
||||
ansible-playbook $INFRA_VAULT init.yml --tags $tags --limit "$host"
|
||||
elif [[ ${args['2']} == "manager" ]]
|
||||
then
|
||||
if [[ -z ${args['host']} ]]
|
||||
then
|
||||
host="*"
|
||||
else
|
||||
host=${args['host']}
|
||||
fi
|
||||
|
||||
operation=${args['operation']}
|
||||
extra_vars=${args['extra-vars']}
|
||||
|
||||
wxi-header "Manager" h3
|
||||
ansible-playbook $INFRA_VAULT manager.yml --extra-vars "${args['extra-vars']}"
|
||||
ansible-playbook $INFRA_VAULT manager.yml --tags $operation --extra-vars "host=$host" --extra-vars="$extra_vars"
|
||||
else
|
||||
wxi-header "Playbooks" h3
|
||||
wxi-header "Infra" h3
|
||||
host=${args['host']}
|
||||
tags=${args['2']}
|
||||
ansible-playbook $INFRA_VAULT playbooks.yml -t $tags --limit "${args['limit']}"
|
||||
ansible-playbook $INFRA_VAULT infra.yml --tags $tags --limit "$host"
|
||||
fi
|
||||
cd "$OLDPWD"
|
||||
fi
|
||||
@@ -350,7 +379,6 @@ wx-infra(){
|
||||
|
||||
wx-ssh(){
|
||||
wx-login &> /dev/null
|
||||
wx-auto &> /dev/null
|
||||
|
||||
case ${args['2']} in
|
||||
config)
|
||||
@@ -390,25 +418,25 @@ wx-login(){
|
||||
|
||||
wxi-header "$ORG_HEADER" h3
|
||||
|
||||
if [[ ! -z ${args['login-type']} ]]
|
||||
if [[ ! -z ${args['auth-method']} ]]
|
||||
then
|
||||
LOGIN_TYPE=${args['login-type']}
|
||||
AUTH_METHOD=${args['auth-method']}
|
||||
elif [[ ! -z ${args['token']} ]]
|
||||
then
|
||||
LOGIN_TYPE=token
|
||||
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
|
||||
AUTH_METHOD=token
|
||||
elif [[ $(wxi-config login read) ]]
|
||||
then
|
||||
LOGIN_TYPE=token
|
||||
AUTH_METHOD=token
|
||||
elif [[ ! -z ${args['username']} ]]
|
||||
then
|
||||
LOGIN_TYPE=ldap
|
||||
AUTH_METHOD=ldap
|
||||
else
|
||||
LOGIN_TYPE=ldap
|
||||
AUTH_METHOD=ldap
|
||||
fi
|
||||
|
||||
if [[ ! -z $LOGIN_TYPE ]]
|
||||
if [[ ! -z $AUTH_METHOD ]]
|
||||
then
|
||||
case $LOGIN_TYPE in
|
||||
case $AUTH_METHOD in
|
||||
ldap)
|
||||
echo -n "Username: "
|
||||
if [[ ! -z ${args['username']} ]]
|
||||
@@ -445,10 +473,12 @@ wx-login(){
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
wxi-content status "Login" "Failed"
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
wxi-config login
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login write
|
||||
;;
|
||||
token)
|
||||
echo -n "Token: "
|
||||
@@ -458,9 +488,9 @@ wx-login(){
|
||||
then
|
||||
TOKEN=${args['token']}
|
||||
fi
|
||||
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
|
||||
elif [[ $(wxi-config login read) ]]
|
||||
then
|
||||
TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)
|
||||
TOKEN=$(wxi-config login read)
|
||||
else
|
||||
read -s TOKEN
|
||||
fi
|
||||
@@ -488,10 +518,19 @@ wx-login(){
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
wxi-content status "Login" "Failed"
|
||||
wxi-stop
|
||||
wxi-footer
|
||||
|
||||
if [[ $(wxi-config login read) ]]
|
||||
then
|
||||
wx-logout &> /dev/null
|
||||
wx-login
|
||||
else
|
||||
wxi-stop
|
||||
fi
|
||||
fi
|
||||
|
||||
wxi-config login
|
||||
TOKEN=$VAULT_LOGIN
|
||||
wxi-config login write
|
||||
;;
|
||||
*)
|
||||
wxi-content status "Login Type" "Unsupported"
|
||||
@@ -537,10 +576,8 @@ wx-logout(){
|
||||
then
|
||||
wxi-header "$ORG_HEADER" h3
|
||||
echo "Logging Out..."
|
||||
TOKEN=""
|
||||
wxi-config login
|
||||
wxi-config login erase
|
||||
wxi-footer
|
||||
wxi-stop
|
||||
fi
|
||||
|
||||
}
|
||||
@@ -609,6 +646,8 @@ wx-update(){
|
||||
}
|
||||
|
||||
wx-auto(){
|
||||
wx-login
|
||||
|
||||
wxi-header "Auto"
|
||||
wxi-restricted
|
||||
wxi-footer
|
||||
@@ -628,6 +667,9 @@ wx-clean(){
|
||||
}
|
||||
|
||||
wx-settings(){
|
||||
wx-login
|
||||
wx-auto &> /dev/null
|
||||
|
||||
wxi-header "Settings"
|
||||
wxi-restricted --user
|
||||
wxi-footer
|
||||
@@ -658,18 +700,18 @@ wxi-ssh-config(){
|
||||
wxi-ssh-keys(){
|
||||
case ${args['3']} in
|
||||
generate)
|
||||
wxi-ssh-keys-retrieve
|
||||
wxi-ssh-keys-generate
|
||||
wxi-ssh-keys-save
|
||||
wxi-ssh-keys-retrieve ${args['4']}
|
||||
wxi-ssh-keys-generate ${args['4']}
|
||||
wxi-ssh-keys-save ${args['4']}
|
||||
;;
|
||||
sign)
|
||||
wxi-ssh-keys-sign
|
||||
;;
|
||||
retrieve)
|
||||
wxi-ssh-keys-retrieve
|
||||
wxi-ssh-keys-retrieve ${args['4']}
|
||||
;;
|
||||
save)
|
||||
wxi-ssh-keys-save
|
||||
wxi-ssh-keys-save ${args['4']}
|
||||
;;
|
||||
sync)
|
||||
wxi-ssh-keys-sync
|
||||
@@ -688,7 +730,7 @@ wxi-ssh-config-clean(){
|
||||
wxi-header "SSH / Config / Clean"
|
||||
wxi-restricted
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
rm "$HOME/.ssh/config"
|
||||
@@ -710,7 +752,7 @@ wxi-ssh-config-save(){
|
||||
|
||||
if [[ -f "$HOME/.ssh/config" ]]
|
||||
then
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
||||
fi
|
||||
wxi-footer
|
||||
}
|
||||
@@ -719,15 +761,15 @@ wxi-ssh-config-sync(){
|
||||
wxi-header "SSH / Config / Sync"
|
||||
wxi-restricted
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
touch ~/.ssh/config
|
||||
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
|
||||
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
|
||||
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
|
||||
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
|
||||
then
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
||||
chmod 700 ~/.ssh/config
|
||||
fi
|
||||
fi
|
||||
@@ -747,16 +789,16 @@ wxi-ssh-keys-clean(){
|
||||
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
|
||||
fi
|
||||
else
|
||||
wx-ssh-keys-clean $ORG
|
||||
wxi-ssh-keys-clean $ORG
|
||||
|
||||
if [[ $USERNAME == "cwchristerw" ]]
|
||||
then
|
||||
wx-ssh-keys-clean warengroup
|
||||
wxi-ssh-keys-clean warengroup
|
||||
fi
|
||||
|
||||
for file in ~/.ssh/keys/*
|
||||
do
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
rm "$file" &> /dev/null
|
||||
@@ -787,12 +829,12 @@ wxi-ssh-keys-retrieve(){
|
||||
|
||||
if [[ ! -z $1 ]]
|
||||
then
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
||||
chmod 700 ~/.ssh/keys/$1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
||||
chmod 700 ~/.ssh/keys/$1.pub
|
||||
fi
|
||||
fi
|
||||
@@ -808,7 +850,7 @@ wxi-ssh-keys-save(){
|
||||
then
|
||||
if [[ -f "$HOME/.ssh/keys/$1" ]]
|
||||
then
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
||||
fi
|
||||
fi
|
||||
wxi-footer
|
||||
@@ -818,11 +860,12 @@ wxi-ssh-keys-sign(){
|
||||
wxi-header "SSH / Keys / Sign"
|
||||
wxi-restricted
|
||||
|
||||
wx-ssh-keys-sign-create $ORG sysadmin 3600
|
||||
|
||||
if [[ $USERNAME == "cwchristerw" ]]
|
||||
then
|
||||
wx-ssh-keys-sign-create warengroup sysadmin 3600
|
||||
wxi-ssh-keys-sign-create cwchristerw sysadmin 3600
|
||||
wxi-ssh-keys-sign-create warengroup sysadmin 3600
|
||||
else
|
||||
wxi-ssh-keys-sign-create $ORG sysadmin 3600
|
||||
fi
|
||||
wxi-footer
|
||||
}
|
||||
@@ -838,20 +881,20 @@ wxi-ssh-keys-sign-create(){
|
||||
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
|
||||
then
|
||||
wxi-content text "$NAME/$ROLE"
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
wxi-ssh-keys-sync(){
|
||||
wxi-header "SSH / Keys / Sync"
|
||||
wxi-restricted
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN")
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN")
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
|
||||
do
|
||||
echo $name
|
||||
wx-ssh-keys-retrieve $name --multiple
|
||||
wxi-content text $name
|
||||
wxi-ssh-keys-retrieve $name &> /dev/null
|
||||
done
|
||||
fi
|
||||
wxi-footer
|
||||
|
||||
Reference in New Issue
Block a user