warengroup/wx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: warengroup:ca14cb19886d166f011c02cc8155c54be91a308b
Branches Tags
warengroup:master warengroup:develop
..
compare: warengroup:develop
Branches Tags
warengroup:develop warengroup:master

48 Commits
ca14cb1988 ... develop

Author SHA1 Message Date
Christer Warén
5a666e6f60 VSCode Settings: Update 2025-11-03 02:41:43 +02:00
Christer Warén
1e4f9ed508 Generator Update 2025-11-03 02:40:44 +02:00
Christer Warén
592cd95f42 Replace bin only on successful connection 2025-09-27 00:02:35 +03:00
Christer Warén
bce9c3c4d6 Auto - Create SSH certificates before getting SSH privatekeys 2025-09-24 13:39:33 +03:00
Christer Warén
f91e69ee55 Run clean in Uninstall command 2025-08-21 18:35:09 +03:00
Christer Warén
32e6b83611 Exit after Uninstall finished 2025-08-21 18:32:01 +03:00
Christer Warén
2742d39818 Fix issue with crontab removal in Uninstall 2025-08-21 18:18:30 +03:00
Christer Warén
fe5abf5419 Fix grep to ignore wildcard as regexp 2025-08-21 17:58:38 +03:00
Christer Warén
43192faed1 Fix typos 2025-08-21 17:44:27 +03:00
Christer Warén
a276adb6d2 Remove logout from uninstall 2025-08-21 17:28:23 +03:00
Christer Warén
b5186f0380 Add cronjob removal into uninstall 2025-08-21 17:26:21 +03:00
Christer Warén
86bb04d2ea Add cronjob to installation 2025-08-21 17:21:22 +03:00
Christer Warén
67fabf0ce1 Code Update 2025-06-26 23:07:14 +03:00
Christer Warén
fe56c50bfb Code Update 2025-06-23 09:35:37 +03:00
Christer Warén
eb14aa46ff Code Update 2025-06-22 01:24:09 +03:00
Christer Warén
c59d1b374d Code Update 2025-06-22 01:22:12 +03:00
Christer Warén
1a99d2e2a1 Code Update 2025-06-22 00:44:42 +03:00
Christer Warén
1d03f7be64 Code Update 2025-06-22 00:31:52 +03:00
Christer Warén
994e44d8f1 Code Update 2025-06-22 00:22:15 +03:00
Christer Warén
f016a452cd Remove Hostname variable from login process 2025-06-21 23:46:20 +03:00
Christer Warén
c17b9a0e42 Code Update 2025-05-10 12:09:50 +03:00
Christer Warén
a91d5d6011 Code Update 2025-05-10 11:29:56 +03:00
Christer Warén
3a0902fe8e Code Update 2025-04-27 15:39:50 +03:00
Christer Warén
9baae5bccc Code Update 2025-04-27 15:32:10 +03:00
Christer Warén
7b837fdba7 Code Update 2025-04-27 15:21:27 +03:00
Christer Warén
283b7538e6 Rename build.sh to maintainer.sh 2025-01-04 08:18:12 +02:00
Christer Warén
14ae6e5dad Fix typo in code 2025-01-04 06:22:06 +02:00
Christer Warén
87608f9bfb Code Update 2025-01-04 06:19:35 +02:00
Christer Warén
5903932328 Update copyright year 2025-01-01 18:00:22 +02:00
Christer Warén
96193196cc Fix typo on curl that will get Vault passwords in Infra command 2024-11-23 07:42:02 +02:00
Christer Warén
0186421fc6 Get Ansible vault passwords in Infra command 2024-11-23 07:18:17 +02:00
Christer Warén
714feda225 Hide git command output from stdout in Infra command 2024-11-23 07:06:57 +02:00
Christer Warén
3d834933e7 Fix home directory issue 2024-11-23 07:04:12 +02:00
Christer Warén
dd72a873ab Temporarily disable using jump host when getting Infra repo from Git server 2024-11-23 07:01:33 +02:00
Christer Warén
81cd3a1c1c Create secondary Infra directory and pull changes when using Infra command 2024-11-23 06:57:41 +02:00
Christer Warén
b52f1d4486 Add secondary Infra repo path to Infra command 2024-11-23 06:50:26 +02:00
Christer Warén
42239ef54d Add secondary Ansible Vault to cwchristerw user 2024-11-22 00:16:35 +02:00
Christer Warén
256a79e427 Code Update 2024-06-24 06:32:58 +03:00
Christer Warén
b36f98e5e9 Hide Clean output in logout command 2024-06-19 20:56:27 +03:00
Christer Warén
2f33daaaa7 Code Update 2024-06-16 04:06:43 +03:00
Christer Warén
4e9ae9109e Code Update 2024-06-16 04:03:45 +03:00
Christer Warén
0071b7407d Code Update 2024-06-16 04:01:17 +03:00
Christer Warén
b014dd1990 Code Update 2024-06-16 02:51:29 +03:00
Christer Warén
13e0deb5f5 Code Update 2024-06-03 23:10:36 +03:00
Christer Warén
b5b1b88763 Code Update 2024-06-01 15:27:05 +03:00
Christer Warén
90414af2dc Code Update 2024-06-01 02:09:21 +03:00
Christer Warén
e1b05fbc51 Code Update 2024-06-01 01:53:48 +03:00
Christer Warén
a614d63d1c Code Update 2024-06-01 01:11:20 +03:00
25 changed files with 699 additions and 300 deletions
Expand all files Collapse all files

5
.vscode/settings.json vendored
View File

@@ -2,5 +2,8 @@
"files.trimTrailingWhitespace": true,
"files.insertFinalNewline": true,
"files.trimFinalNewlines": true,
"editor.renderFinalNewline": false
"editor.renderFinalNewline": false,
"editor.tabSize": 2,
"editor.insertSpaces": true,
"editor.detectIndentation": false
}

2
LICENSE
View File

@@ -1,6 +1,6 @@
MIT License
Copyright (c) 2023-2024 Warén Group
Copyright (c) 2023-2025 Warén Group
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

12
generator.php
View File

@@ -7,25 +7,31 @@ $dirs = [
__DIR__.'/src/commands/*.sh',
__DIR__.'/src/commands/*/*.sh',
__DIR__.'/src/commands/*/*/*.sh',
__DIR__.'/src/functions/*.sh'
__DIR__.'/src/functions/*.sh',
__DIR__.'/src/ui/*.sh'
];
$codes = [];
foreach($dirs as $dir){
foreach(glob($dir) as $file){
if(str_contains($dir, "commands")){
$codes['commands'][$file] = file_get_contents($file);
}
if(str_contains($dir, "functions")){
$codes['functions'][$file] = file_get_contents($file);
}
if(str_contains($dir, "commands")){
$codes['commands'][$file] = file_get_contents($file);
if(str_contains($dir, "ui")){
$codes['ui'][$file] = file_get_contents($file);
}
}
}
$code = str_replace("{{ FUNCTIONS }}", implode("\n", $codes['functions']), $base);
$code = str_replace("{{ UI }}", implode("\n", $codes['ui']), $code);
$code = str_replace("{{ COMMANDS }}", implode("\n", $codes['commands']), $code);
try {
$file = __DIR__.'/wx.tmp';
$file = fopen($file, "w");

0
build.sh → maintainer.sh Normal file → Executable file
View File

59
src/commands/login.sh → src/commands/auth/login.sh
View File

@@ -1,16 +1,9 @@
wx-login(){
ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
then
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ ! -z $1 ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
@@ -20,6 +13,9 @@ wx-login(){
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else
wx-header "Login"
echo "Status: Organization Required"
@@ -43,21 +39,9 @@ wx-login(){
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
else
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
@@ -73,15 +57,21 @@ wx-login(){
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
@@ -90,8 +80,8 @@ wx-login(){
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
@@ -100,7 +90,7 @@ wx-login(){
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then
echo -n "Username: "
read USERNAME
@@ -108,6 +98,9 @@ wx-login(){
echo "Username: $USERNAME"
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
read -s PASSWORD
echo "****************"
@@ -128,11 +121,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wx-start
fi
else
wx-header "Login"
@@ -159,11 +150,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wx-start
fi
fi
else

13
src/commands/auth/logout.sh Normal file
View File

@@ -0,0 +1,13 @@
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
}

13
src/commands/help.sh
View File

@@ -13,12 +13,15 @@ Common Commands:
edit Edit
save Save
sync Sync
clean Clean
keys Keys
generate Generate
delete Delete
sign Sign
retrieve Retrieve
save Save
sync Sync
sign Certificates
delete Delete
clean Clean
Authentication Commands:
login Login
@@ -26,8 +29,12 @@ Authentication Commands:
Management Commands:
auto Auto
install Install
clean Clean
settings Settings
Maintenance Commands:
install Install
update Update
";
}

56
src/commands/infra.sh
View File

@@ -1,14 +1,41 @@
wx-infra(){
wx-login
wx-ssh-sign &> /dev/null
wx-auto &> /dev/null
wx-header "Infra"
wx-restricted
INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra"
case $USERNAME in
cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
else
INFRA_PATH="$HOME/.warengroup/infra"
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]]
then
echo "Tag Required"
@@ -17,15 +44,26 @@ wx-infra(){
then
if [[ -z $2 ]]
then
echo "Tag Required"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
2=init
fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi
fi

19
src/commands/install.sh
View File

@@ -1,19 +0,0 @@
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
}

3
src/commands/logout.sh
View File

@@ -1,3 +0,0 @@
wx-logout(){
wx-header "Logout"
}

29
src/commands/maintenance/install.sh Normal file
View File

@@ -0,0 +1,29 @@
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
if [[ $(curl -s -o /dev/null -w "%{http_code}" https://git.waren.io/warengroup/wx/raw/branch/master/wx) -eq 200 ]]
then
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
fi
CRONJOB_NAME="#Warén CLI: Auto"
CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto"
if [[ -z $(crontab -l | grep -F "$CRONJOB_NAME") || -z $(crontab -l | grep -F "$CRONJOB_TASK") ]]
then
(crontab -l ; echo "$CRONJOB_NAME" ; echo "$CRONJOB_TASK") | grep -Fv "no crontab" | crontab -
fi
}

28
src/commands/maintenance/uninstall.sh Normal file
View File

@@ -0,0 +1,28 @@
wx-uninstall(){
wx-header "Uninstall"
wx-clean &> /dev/null
if [[ -d "$HOME/.warengroup" ]]
then
rm "$HOME/.warengroup" -rf
fi
CRONJOB_NAME="#Warén CLI: Auto"
CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto"
if [[ $(crontab -l | grep -F "$CRONJOB_NAME") || $(crontab -l | grep -F "$CRONJOB_TASK") ]]
then
crontab -l | grep -Fv "$CRONJOB_NAME" | grep -Fv "$CRONJOB_TASK" | grep -Fv "no crontab" | crontab -
fi
if [[ -f "$HOME/bin/wx" ]]
then
rm "$HOME/bin/wx" -rf
fi
echo " "
echo " "
echo " "
exit 1
}

0
src/commands/update.sh → src/commands/maintenance/update.sh
View File

2
src/commands/auto.sh → src/commands/management/auto.sh
View File

@@ -3,6 +3,6 @@ wx-auto(){
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sign
wx-ssh-keys-sync
wx-ssh-sign
}

6
src/commands/management/clean.sh Normal file
View File

@@ -0,0 +1,6 @@
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}

0
src/commands/settings.sh → src/commands/management/settings.sh
View File

7
src/commands/ssh.sh
View File

@@ -1,13 +1,7 @@
wx-ssh(){
wx-login
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
case $1 in
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
@@ -16,7 +10,6 @@ wx-ssh(){
;;
*)
wx-header "SSH"
wx-stop
;;
esac

24
src/commands/ssh/config.sh
View File

@@ -1,5 +1,4 @@
wx-ssh-config(){
wx-header "SSH / Config"
wx-restricted
case $1 in
@@ -14,6 +13,9 @@ wx-ssh-config(){
sync)
wx-ssh-config-sync
;;
clean)
wx-ssh-config-clean
;;
*)
wx-ssh-config-sync
wx-stop
@@ -22,20 +24,40 @@ wx-ssh-config(){
}
wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted
nano ~/.ssh/config
}
wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
}

110
src/commands/ssh/keys.sh
View File

@@ -1,5 +1,5 @@
wx-ssh-keys(){
wx-header "SSH / Keys"
wx-restricted
case $1 in
generate)
@@ -7,6 +7,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2
wx-ssh-keys-save $2
;;
sign)
wx-ssh-keys-sign
;;
retrieve)
wx-ssh-keys-retrieve $2
;;
@@ -17,16 +20,19 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2
;;
delete)
wx-ssh-keys-remove $2
wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;;
*)
wx-ssh-keys-sync
wx-stop
;;
esac
}
wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted
if [[ ! -z $1 ]]
then
@@ -37,7 +43,50 @@ wx-ssh-keys-generate(){
fi
}
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
@@ -45,12 +94,15 @@ wx-ssh-keys-retrieve(){
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
@@ -62,6 +114,56 @@ wx-ssh-keys-save(){
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
echo ""
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}

37
src/commands/ssh/sign.sh
View File

@@ -1,37 +0,0 @@
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}

22
src/functions/header.sh
View File

@@ -1,6 +1,24 @@
wx-header(){
wx-start
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
echo ">> $1 <<"
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}

5
src/functions/repeat.sh Normal file
View File

@@ -0,0 +1,5 @@
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}

20
src/functions/start.sh
View File

@@ -1,17 +1,15 @@
wx-start(){
echo ""
echo ""
echo ""
echo "=============================="
echo -n "$wxBold"
echo " Warén CLI "
echo -n "$wxNormal"
echo "=============================="
wx-header "Warén CLI" h1
mkdir -p $HOME/.config/warengroup &> /dev/null
mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.config/warengroup/config.json" ]]
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then
echo '{}' | jq > $HOME/.config/warengroup/config.json
echo '{}' | jq > $HOME/.warengroup/config.json
fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
}

5
src/functions/stop.sh
View File

@@ -5,5 +5,10 @@ wx-stop (){
wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
then
wx-logout
fi
exit 1
}

506
wx
View File

@@ -20,10 +20,34 @@ wxNormal=$(tput sgr0)
declare -Ax config
wx-header(){
wx-start
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
echo ">> $1 <<"
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}
wx-restricted(){
@@ -38,21 +62,19 @@ wx-restricted(){
}
wx-start(){
echo ""
echo ""
echo ""
echo "=============================="
echo -n "$wxBold"
echo " Warén CLI "
echo -n "$wxNormal"
echo "=============================="
wx-header "Warén CLI" h1
mkdir -p $HOME/.config/warengroup &> /dev/null
mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.config/warengroup/config.json" ]]
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then
echo '{}' | jq > $HOME/.config/warengroup/config.json
echo '{}' | jq > $HOME/.warengroup/config.json
fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
}
wx-stop (){
@@ -62,18 +84,14 @@ wx-stop (){
wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
then
wx-logout
fi
exit 1
}
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-sign
}
wx-help(){
wx-header "Help"
@@ -89,12 +107,15 @@ Common Commands:
edit Edit
save Save
sync Sync
clean Clean
keys Keys
generate Generate
delete Delete
sign Sign
retrieve Retrieve
save Save
sync Sync
sign Certificates
delete Delete
clean Clean
Authentication Commands:
login Login
@@ -102,23 +123,54 @@ Authentication Commands:
Management Commands:
auto Auto
install Install
clean Clean
settings Settings
Maintenance Commands:
install Install
update Update
";
}
wx-infra(){
wx-login
wx-ssh-sign &> /dev/null
wx-auto &> /dev/null
wx-header "Infra"
wx-restricted
INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra"
case $USERNAME in
cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
else
INFRA_PATH="$HOME/.warengroup/infra"
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]]
then
echo "Tag Required"
@@ -127,15 +179,26 @@ wx-infra(){
then
if [[ -z $2 ]]
then
echo "Tag Required"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
2=init
fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi
fi
@@ -146,39 +209,33 @@ wx-infra(){
esac
}
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-ssh(){
wx-login
wx-restricted
case $1 in
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
}
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
wx-welcome(){
wx-header "Welcome"
}
wx-login(){
ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
then
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ ! -z $1 ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
@@ -188,6 +245,9 @@ wx-login(){
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else
wx-header "Login"
echo "Status: Organization Required"
@@ -211,21 +271,9 @@ wx-login(){
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
else
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
@@ -241,15 +289,21 @@ wx-login(){
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
@@ -258,8 +312,8 @@ wx-login(){
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
@@ -268,7 +322,7 @@ wx-login(){
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then
echo -n "Username: "
read USERNAME
@@ -276,6 +330,9 @@ wx-login(){
echo "Username: $USERNAME"
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
read -s PASSWORD
echo "****************"
@@ -296,11 +353,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wx-start
fi
else
wx-header "Login"
@@ -327,11 +382,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wx-start
fi
fi
else
@@ -344,35 +397,75 @@ wx-login(){
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
}
wx-settings(){
wx-login
wx-header "Settings"
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
if [[ $(curl -s -o /dev/null -w "%{http_code}" https://git.waren.io/warengroup/wx/raw/branch/master/wx) -eq 200 ]]
then
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
fi
CRONJOB_NAME="#Warén CLI: Auto"
CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto"
if [[ -z $(crontab -l | grep -F "$CRONJOB_NAME") || -z $(crontab -l | grep -F "$CRONJOB_TASK") ]]
then
(crontab -l ; echo "$CRONJOB_NAME" ; echo "$CRONJOB_TASK") | grep -Fv "no crontab" | crontab -
fi
}
wx-ssh(){
wx-login
wx-uninstall(){
wx-header "Uninstall"
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
wx-clean &> /dev/null
case $1 in
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
if [[ -d "$HOME/.warengroup" ]]
then
rm "$HOME/.warengroup" -rf
fi
wx-stop
;;
esac
CRONJOB_NAME="#Warén CLI: Auto"
CRONJOB_TASK="*/5 * * * * $HOME/bin/wx auto"
if [[ $(crontab -l | grep -F "$CRONJOB_NAME") || $(crontab -l | grep -F "$CRONJOB_TASK") ]]
then
crontab -l | grep -Fv "$CRONJOB_NAME" | grep -Fv "$CRONJOB_TASK" | grep -Fv "no crontab" | crontab -
fi
if [[ -f "$HOME/bin/wx" ]]
then
rm "$HOME/bin/wx" -rf
fi
echo " "
echo " "
echo " "
exit 1
}
wx-update(){
@@ -380,12 +473,28 @@ wx-update(){
wx-install --update
}
wx-welcome(){
wx-header "Welcome"
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sign
wx-ssh-keys-sync
}
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}
wx-settings(){
wx-login
wx-header "Settings"
}
wx-ssh-config(){
wx-header "SSH / Config"
wx-restricted
case $1 in
@@ -400,6 +509,9 @@ wx-ssh-config(){
sync)
wx-ssh-config-sync
;;
clean)
wx-ssh-config-clean
;;
*)
wx-ssh-config-sync
wx-stop
@@ -408,26 +520,46 @@ wx-ssh-config(){
}
wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted
nano ~/.ssh/config
}
wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
}
wx-ssh-keys(){
wx-header "SSH / Keys"
wx-restricted
case $1 in
generate)
@@ -435,6 +567,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2
wx-ssh-keys-save $2
;;
sign)
wx-ssh-keys-sign
;;
retrieve)
wx-ssh-keys-retrieve $2
;;
@@ -445,16 +580,19 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2
;;
delete)
wx-ssh-keys-remove $2
wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;;
*)
wx-ssh-keys-sync
wx-stop
;;
esac
}
wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted
if [[ ! -z $1 ]]
then
@@ -465,54 +603,25 @@ wx-ssh-keys-generate(){
fi
}
wx-ssh-keys-retrieve(){
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ ! -z $1 ]]
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
fi
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-save(){
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-restricted
echo ""
}
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
@@ -532,6 +641,93 @@ wx-ssh-sign-create(){
fi
}
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
then