warengroup/wx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: warengroup:ca14cb19886d166f011c02cc8155c54be91a308b
Branches Tags
warengroup:master
..
compare: warengroup:master
Branches Tags
warengroup:master

36 Commits
ca14cb1988 ... master

Author SHA1 Message Date
Christer Warén
67fabf0ce1 Code Update 2025-06-26 23:07:14 +03:00
Christer Warén
fe56c50bfb Code Update 2025-06-23 09:35:37 +03:00
Christer Warén
eb14aa46ff Code Update 2025-06-22 01:24:09 +03:00
Christer Warén
c59d1b374d Code Update 2025-06-22 01:22:12 +03:00
Christer Warén
1a99d2e2a1 Code Update 2025-06-22 00:44:42 +03:00
Christer Warén
1d03f7be64 Code Update 2025-06-22 00:31:52 +03:00
Christer Warén
994e44d8f1 Code Update 2025-06-22 00:22:15 +03:00
Christer Warén
f016a452cd Remove Hostname variable from login process 2025-06-21 23:46:20 +03:00
Christer Warén
c17b9a0e42 Code Update 2025-05-10 12:09:50 +03:00
Christer Warén
a91d5d6011 Code Update 2025-05-10 11:29:56 +03:00
Christer Warén
3a0902fe8e Code Update 2025-04-27 15:39:50 +03:00
Christer Warén
9baae5bccc Code Update 2025-04-27 15:32:10 +03:00
Christer Warén
7b837fdba7 Code Update 2025-04-27 15:21:27 +03:00
Christer Warén
283b7538e6 Rename build.sh to maintainer.sh 2025-01-04 08:18:12 +02:00
Christer Warén
14ae6e5dad Fix typo in code 2025-01-04 06:22:06 +02:00
Christer Warén
87608f9bfb Code Update 2025-01-04 06:19:35 +02:00
Christer Warén
5903932328 Update copyright year 2025-01-01 18:00:22 +02:00
Christer Warén
96193196cc Fix typo on curl that will get Vault passwords in Infra command 2024-11-23 07:42:02 +02:00
Christer Warén
0186421fc6 Get Ansible vault passwords in Infra command 2024-11-23 07:18:17 +02:00
Christer Warén
714feda225 Hide git command output from stdout in Infra command 2024-11-23 07:06:57 +02:00
Christer Warén
3d834933e7 Fix home directory issue 2024-11-23 07:04:12 +02:00
Christer Warén
dd72a873ab Temporarily disable using jump host when getting Infra repo from Git server 2024-11-23 07:01:33 +02:00
Christer Warén
81cd3a1c1c Create secondary Infra directory and pull changes when using Infra command 2024-11-23 06:57:41 +02:00
Christer Warén
b52f1d4486 Add secondary Infra repo path to Infra command 2024-11-23 06:50:26 +02:00
Christer Warén
42239ef54d Add secondary Ansible Vault to cwchristerw user 2024-11-22 00:16:35 +02:00
Christer Warén
256a79e427 Code Update 2024-06-24 06:32:58 +03:00
Christer Warén
b36f98e5e9 Hide Clean output in logout command 2024-06-19 20:56:27 +03:00
Christer Warén
2f33daaaa7 Code Update 2024-06-16 04:06:43 +03:00
Christer Warén
4e9ae9109e Code Update 2024-06-16 04:03:45 +03:00
Christer Warén
0071b7407d Code Update 2024-06-16 04:01:17 +03:00
Christer Warén
b014dd1990 Code Update 2024-06-16 02:51:29 +03:00
Christer Warén
13e0deb5f5 Code Update 2024-06-03 23:10:36 +03:00
Christer Warén
b5b1b88763 Code Update 2024-06-01 15:27:05 +03:00
Christer Warén
90414af2dc Code Update 2024-06-01 02:09:21 +03:00
Christer Warén
e1b05fbc51 Code Update 2024-06-01 01:53:48 +03:00
Christer Warén
a614d63d1c Code Update 2024-06-01 01:11:20 +03:00
22 changed files with 607 additions and 277 deletions
Expand all files Collapse all files

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2023-2024 Warén Group Copyright (c) 2023-2025 Warén Group
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

0
build.sh → maintainer.sh Normal file → Executable file
View File

59
src/commands/login.sh → src/commands/auth/login.sh
View File

@ -1,16 +1,9 @@
wx-login(){ wx-login(){
ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
then
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
ORG=$1 ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]] elif [[ $(hostname -d) = *"devices.waren.io" ]]
then then
ORG=warengroup ORG=warengroup
@ -20,6 +13,9 @@ wx-login(){
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then then
ORG=cwchristerw ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else else
wx-header "Login" wx-header "Login"
echo "Status: Organization Required" echo "Status: Organization Required"
@ -43,21 +39,9 @@ wx-login(){
FOLDER=$ORG FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN" DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net" IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net" VAULT_DOMAIN="vault.cwinfo.net"
if [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
else
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]] if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then then
if [[ -z $SUDO_USER ]] if [[ -z $SUDO_USER ]]
@ -73,15 +57,21 @@ wx-login(){
else else
USERNAME=$SUDO_USER USERNAME=$SUDO_USER
fi fi
else
USERNAME=$USER
fi fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]] if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then then
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)" if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
@ -90,8 +80,8 @@ wx-login(){
config["login",${ORG}]=$VAULT_LOGIN config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi fi
else else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
@ -100,7 +90,7 @@ wx-login(){
wx-header "Login" wx-header "Login"
echo $wxBold$ORG$wxNormal echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]] if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then then
echo -n "Username: " echo -n "Username: "
read USERNAME read USERNAME
@ -108,6 +98,9 @@ wx-login(){
echo "Username: $USERNAME" echo "Username: $USERNAME"
fi fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: " echo -n "Password: "
read -s PASSWORD read -s PASSWORD
echo "****************" echo "****************"
@ -128,11 +121,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi fi
wx-start
fi fi
else else
wx-header "Login" wx-header "Login"
@ -159,11 +150,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi fi
wx-start
fi fi
fi fi
else else

13
src/commands/auth/logout.sh Normal file
View File

@ -0,0 +1,13 @@
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
}

13
src/commands/help.sh
View File

@ -13,12 +13,15 @@ Common Commands:
edit Edit edit Edit
save Save save Save
sync Sync sync Sync
clean Clean
keys Keys keys Keys
generate Generate generate Generate
delete Delete sign Sign
retrieve Retrieve
save Save save Save
sync Sync sync Sync
sign Certificates delete Delete
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
@ -26,8 +29,12 @@ Authentication Commands:
Management Commands: Management Commands:
auto Auto auto Auto
install Install clean Clean
settings Settings settings Settings
Maintenance Commands:
install Install
update Update
"; ";
} }

56
src/commands/infra.sh
View File

@ -1,14 +1,41 @@
wx-infra(){ wx-infra(){
wx-login wx-login
wx-ssh-sign &> /dev/null wx-auto &> /dev/null
wx-header "Infra" wx-header "Infra"
wx-restricted wx-restricted
INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra"
case $USERNAME in case $USERNAME in
cwchristerw) cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
else
INFRA_PATH="$HOME/.warengroup/infra"
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]] if [[ -z $1 ]]
then then
echo "Tag Required" echo "Tag Required"
@ -17,15 +44,26 @@ wx-infra(){
then then
if [[ -z $2 ]] if [[ -z $2 ]]
then then
echo "Tag Required" 2=init
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
else else
cd "$INFRA_PATH" cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9 git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD" cd "$OLDPWD"
fi fi
fi fi

3
src/commands/logout.sh
View File

@ -1,3 +0,0 @@
wx-logout(){
wx-header "Logout"
}

0
src/commands/install.sh → src/commands/maintenance/install.sh
View File

8
src/commands/maintenance/uninstall.sh Normal file
View File

@ -0,0 +1,8 @@
wx-uninstall(){
wx-header "Uninstall"
wx-logout
if [[ ! -d "$HOME/.warengroup" ]]
then
rm "$HOME/.warengroup" -rf
fi
}

0
src/commands/update.sh → src/commands/maintenance/update.sh
View File

2
src/commands/auto.sh → src/commands/management/auto.sh
View File

@ -4,5 +4,5 @@ wx-auto(){
wx-ssh-config-sync wx-ssh-config-sync
wx-ssh-keys-sync wx-ssh-keys-sync
wx-ssh-sign wx-ssh-keys-sign
} }

6
src/commands/management/clean.sh Normal file
View File

@ -0,0 +1,6 @@
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}

0
src/commands/settings.sh → src/commands/management/settings.sh
View File

7
src/commands/ssh.sh
View File

@ -1,13 +1,7 @@
wx-ssh(){ wx-ssh(){
wx-login wx-login
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
case $1 in case $1 in
sign)
wx-ssh-sign
;;
keys) keys)
wx-ssh-keys $2 $3 wx-ssh-keys $2 $3
;; ;;
@ -16,7 +10,6 @@ wx-ssh(){
;; ;;
*) *)
wx-header "SSH" wx-header "SSH"
wx-stop wx-stop
;; ;;
esac esac

26
src/commands/ssh/config.sh
View File

@ -1,5 +1,4 @@
wx-ssh-config(){ wx-ssh-config(){
wx-header "SSH / Config"
wx-restricted wx-restricted
case $1 in case $1 in
@ -14,6 +13,9 @@ wx-ssh-config(){
sync) sync)
wx-ssh-config-sync wx-ssh-config-sync
;; ;;
clean)
wx-ssh-config-clean
;;
*) *)
wx-ssh-config-sync wx-ssh-config-sync
wx-stop wx-stop
@ -22,20 +24,40 @@ wx-ssh-config(){
} }
wx-ssh-config-edit(){ wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted wx-restricted
nano ~/.ssh/config nano ~/.ssh/config
} }
wx-ssh-config-save(){ wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
} }
wx-ssh-config-sync(){ wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi fi
} }

110
src/commands/ssh/keys.sh
View File

@ -1,5 +1,5 @@
wx-ssh-keys(){ wx-ssh-keys(){
wx-header "SSH / Keys" wx-restricted
case $1 in case $1 in
generate) generate)
@ -7,6 +7,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2 wx-ssh-keys-generate $2
wx-ssh-keys-save $2 wx-ssh-keys-save $2
;; ;;
sign)
wx-ssh-keys-sign
;;
retrieve) retrieve)
wx-ssh-keys-retrieve $2 wx-ssh-keys-retrieve $2
;; ;;
@ -17,16 +20,19 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2 wx-ssh-keys-sync $2
;; ;;
delete) delete)
wx-ssh-keys-remove $2 wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;; ;;
*) *)
wx-ssh-keys-sync
wx-stop wx-stop
;; ;;
esac esac
} }
wx-ssh-keys-generate(){ wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -37,7 +43,50 @@ wx-ssh-keys-generate(){
fi fi
} }
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){ wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -45,12 +94,15 @@ wx-ssh-keys-retrieve(){
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi fi
fi fi
} }
wx-ssh-keys-save(){ wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -62,6 +114,56 @@ wx-ssh-keys-save(){
} }
wx-ssh-keys-sync(){ wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted wx-restricted
echo ""
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
} }

37
src/commands/ssh/sign.sh
View File

@ -1,37 +0,0 @@
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}

24
src/functions/header.sh
View File

@ -1,6 +1,24 @@
wx-header(){ wx-header(){
wx-start if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
echo ">> $1 <<" if [[ $2 == "h2" || -z $2 ]]
echo "------------------------------" then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
} }

5
src/functions/repeat.sh Normal file
View File

@ -0,0 +1,5 @@
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}

20
src/functions/start.sh
View File

@ -1,17 +1,15 @@
wx-start(){ wx-start(){
echo "" wx-header "Warén CLI" h1
echo ""
echo ""
echo "=============================="
echo -n "$wxBold"
echo " Warén CLI "
echo -n "$wxNormal"
echo "=============================="
mkdir -p $HOME/.config/warengroup &> /dev/null mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.config/warengroup/config.json" ]] if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then then
echo '{}' | jq > $HOME/.config/warengroup/config.json echo '{}' | jq > $HOME/.warengroup/config.json
fi fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
} }

5
src/functions/stop.sh
View File

@ -5,5 +5,10 @@ wx-stop (){
wx-install --auto wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
then
wx-logout
fi
exit 1 exit 1
} }

488
wx
View File

@ -20,10 +20,34 @@ wxNormal=$(tput sgr0)
declare -Ax config declare -Ax config
wx-header(){ wx-header(){
wx-start if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
echo ">> $1 <<" if [[ $2 == "h2" || -z $2 ]]
echo "------------------------------" then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
} }
wx-restricted(){ wx-restricted(){
@ -38,21 +62,19 @@ wx-restricted(){
} }
wx-start(){ wx-start(){
echo "" wx-header "Warén CLI" h1
echo ""
echo ""
echo "=============================="
echo -n "$wxBold"
echo " Warén CLI "
echo -n "$wxNormal"
echo "=============================="
mkdir -p $HOME/.config/warengroup &> /dev/null mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.config/warengroup/config.json" ]] if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then then
echo '{}' | jq > $HOME/.config/warengroup/config.json echo '{}' | jq > $HOME/.warengroup/config.json
fi fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
} }
wx-stop (){ wx-stop (){
@ -62,18 +84,14 @@ wx-stop (){
wx-install --auto wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
then
wx-logout
fi
exit 1 exit 1
} }
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-sign
}
wx-help(){ wx-help(){
wx-header "Help" wx-header "Help"
@ -89,12 +107,15 @@ Common Commands:
edit Edit edit Edit
save Save save Save
sync Sync sync Sync
clean Clean
keys Keys keys Keys
generate Generate generate Generate
delete Delete sign Sign
retrieve Retrieve
save Save save Save
sync Sync sync Sync
sign Certificates delete Delete
clean Clean
Authentication Commands: Authentication Commands:
login Login login Login
@ -102,23 +123,54 @@ Authentication Commands:
Management Commands: Management Commands:
auto Auto auto Auto
install Install clean Clean
settings Settings settings Settings
Maintenance Commands:
install Install
update Update
"; ";
} }
wx-infra(){ wx-infra(){
wx-login wx-login
wx-ssh-sign &> /dev/null wx-auto &> /dev/null
wx-header "Infra" wx-header "Infra"
wx-restricted wx-restricted
INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra"
case $USERNAME in case $USERNAME in
cwchristerw) cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
else
INFRA_PATH="$HOME/.warengroup/infra"
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]] if [[ -z $1 ]]
then then
echo "Tag Required" echo "Tag Required"
@ -127,15 +179,26 @@ wx-infra(){
then then
if [[ -z $2 ]] if [[ -z $2 ]]
then then
echo "Tag Required" 2=init
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
else else
cd "$INFRA_PATH" cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9 git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD" cd "$OLDPWD"
fi fi
fi fi
@ -146,39 +209,33 @@ wx-infra(){
esac esac
} }
wx-install(){ wx-ssh(){
if [[ -z $1 ]] wx-login
then
wx-header "Install"
fi
wx-restricted case $1 in
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
}
if [[ -f "./wx" ]] && [[ -d "./src" ]] wx-welcome(){
then wx-header "Welcome"
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
} }
wx-login(){ wx-login(){
ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
then
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
ORG=$1 ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]] elif [[ $(hostname -d) = *"devices.waren.io" ]]
then then
ORG=warengroup ORG=warengroup
@ -188,6 +245,9 @@ wx-login(){
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then then
ORG=cwchristerw ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else else
wx-header "Login" wx-header "Login"
echo "Status: Organization Required" echo "Status: Organization Required"
@ -211,21 +271,9 @@ wx-login(){
FOLDER=$ORG FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN" DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net" IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net" VAULT_DOMAIN="vault.cwinfo.net"
if [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
else
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]] if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then then
if [[ -z $SUDO_USER ]] if [[ -z $SUDO_USER ]]
@ -241,15 +289,21 @@ wx-login(){
else else
USERNAME=$SUDO_USER USERNAME=$SUDO_USER
fi fi
else
USERNAME=$USER
fi fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]] if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then then
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)" if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
@ -258,8 +312,8 @@ wx-login(){
config["login",${ORG}]=$VAULT_LOGIN config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi fi
else else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
@ -268,7 +322,7 @@ wx-login(){
wx-header "Login" wx-header "Login"
echo $wxBold$ORG$wxNormal echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]] if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then then
echo -n "Username: " echo -n "Username: "
read USERNAME read USERNAME
@ -276,6 +330,9 @@ wx-login(){
echo "Username: $USERNAME" echo "Username: $USERNAME"
fi fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: " echo -n "Password: "
read -s PASSWORD read -s PASSWORD
echo "****************" echo "****************"
@ -296,11 +353,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi fi
wx-start
fi fi
else else
wx-header "Login" wx-header "Login"
@ -327,11 +382,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi fi
wx-start
fi fi
fi fi
else else
@ -344,35 +397,45 @@ wx-login(){
wx-logout(){ wx-logout(){
wx-header "Logout" wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
} }
wx-settings(){ wx-install(){
wx-login if [[ -z $1 ]]
wx-header "Settings" then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
} }
wx-ssh(){ wx-uninstall(){
wx-login wx-header "Uninstall"
wx-logout
mkdir -p $HOME/.ssh/keys if [[ ! -d "$HOME/.warengroup" ]]
chmod 700 -R $HOME/.ssh/keys then
rm "$HOME/.warengroup" -rf
case $1 in fi
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
} }
wx-update(){ wx-update(){
@ -380,12 +443,28 @@ wx-update(){
wx-install --update wx-install --update
} }
wx-welcome(){ wx-auto(){
wx-header "Welcome" wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-keys-sign
}
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}
wx-settings(){
wx-login
wx-header "Settings"
} }
wx-ssh-config(){ wx-ssh-config(){
wx-header "SSH / Config"
wx-restricted wx-restricted
case $1 in case $1 in
@ -400,6 +479,9 @@ wx-ssh-config(){
sync) sync)
wx-ssh-config-sync wx-ssh-config-sync
;; ;;
clean)
wx-ssh-config-clean
;;
*) *)
wx-ssh-config-sync wx-ssh-config-sync
wx-stop wx-stop
@ -408,26 +490,46 @@ wx-ssh-config(){
} }
wx-ssh-config-edit(){ wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted wx-restricted
nano ~/.ssh/config nano ~/.ssh/config
} }
wx-ssh-config-save(){ wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
} }
wx-ssh-config-sync(){ wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}") VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]] if [[ $VAULT_STATUS -eq 200 ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi fi
} }
wx-ssh-keys(){ wx-ssh-keys(){
wx-header "SSH / Keys" wx-restricted
case $1 in case $1 in
generate) generate)
@ -435,6 +537,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2 wx-ssh-keys-generate $2
wx-ssh-keys-save $2 wx-ssh-keys-save $2
;; ;;
sign)
wx-ssh-keys-sign
;;
retrieve) retrieve)
wx-ssh-keys-retrieve $2 wx-ssh-keys-retrieve $2
;; ;;
@ -445,16 +550,19 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2 wx-ssh-keys-sync $2
;; ;;
delete) delete)
wx-ssh-keys-remove $2 wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;; ;;
*) *)
wx-ssh-keys-sync
wx-stop wx-stop
;; ;;
esac esac
} }
wx-ssh-keys-generate(){ wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted wx-restricted
if [[ ! -z $1 ]] if [[ ! -z $1 ]]
then then
@ -465,54 +573,25 @@ wx-ssh-keys-generate(){
fi fi
} }
wx-ssh-keys-retrieve(){ wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted wx-restricted
if [[ ! -z $1 ]]
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}") wx-ssh-keys-sign-create warengroup sysadmin 3600
if [[ $VAULT_STATUS -eq 200 ]] elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 wx-ssh-keys-sign-create cwinfo sysadmin 3600
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
fi then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi fi
} }
wx-ssh-keys-save(){ wx-ssh-keys-sign-create(){
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-restricted
echo ""
}
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-restricted wx-restricted
NAME=$1 NAME=$1
@ -532,6 +611,93 @@ wx-ssh-sign-create(){
fi fi
} }
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]] if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
then then