warengroup/wx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: warengroup:ca14cb19886d166f011c02cc8155c54be91a308b
Branches Tags
warengroup:master
..
compare: warengroup:master
Branches Tags
warengroup:master

36 Commits
ca14cb1988 ... master

Author SHA1 Message Date
Christer Warén
67fabf0ce1 Code Update 2025-06-26 23:07:14 +03:00
Christer Warén
fe56c50bfb Code Update 2025-06-23 09:35:37 +03:00
Christer Warén
eb14aa46ff Code Update 2025-06-22 01:24:09 +03:00
Christer Warén
c59d1b374d Code Update 2025-06-22 01:22:12 +03:00
Christer Warén
1a99d2e2a1 Code Update 2025-06-22 00:44:42 +03:00
Christer Warén
1d03f7be64 Code Update 2025-06-22 00:31:52 +03:00
Christer Warén
994e44d8f1 Code Update 2025-06-22 00:22:15 +03:00
Christer Warén
f016a452cd Remove Hostname variable from login process 2025-06-21 23:46:20 +03:00
Christer Warén
c17b9a0e42 Code Update 2025-05-10 12:09:50 +03:00
Christer Warén
a91d5d6011 Code Update 2025-05-10 11:29:56 +03:00
Christer Warén
3a0902fe8e Code Update 2025-04-27 15:39:50 +03:00
Christer Warén
9baae5bccc Code Update 2025-04-27 15:32:10 +03:00
Christer Warén
7b837fdba7 Code Update 2025-04-27 15:21:27 +03:00
Christer Warén
283b7538e6 Rename build.sh to maintainer.sh 2025-01-04 08:18:12 +02:00
Christer Warén
14ae6e5dad Fix typo in code 2025-01-04 06:22:06 +02:00
Christer Warén
87608f9bfb Code Update 2025-01-04 06:19:35 +02:00
Christer Warén
5903932328 Update copyright year 2025-01-01 18:00:22 +02:00
Christer Warén
96193196cc Fix typo on curl that will get Vault passwords in Infra command 2024-11-23 07:42:02 +02:00
Christer Warén
0186421fc6 Get Ansible vault passwords in Infra command 2024-11-23 07:18:17 +02:00
Christer Warén
714feda225 Hide git command output from stdout in Infra command 2024-11-23 07:06:57 +02:00
Christer Warén
3d834933e7 Fix home directory issue 2024-11-23 07:04:12 +02:00
Christer Warén
dd72a873ab Temporarily disable using jump host when getting Infra repo from Git server 2024-11-23 07:01:33 +02:00
Christer Warén
81cd3a1c1c Create secondary Infra directory and pull changes when using Infra command 2024-11-23 06:57:41 +02:00
Christer Warén
b52f1d4486 Add secondary Infra repo path to Infra command 2024-11-23 06:50:26 +02:00
Christer Warén
42239ef54d Add secondary Ansible Vault to cwchristerw user 2024-11-22 00:16:35 +02:00
Christer Warén
256a79e427 Code Update 2024-06-24 06:32:58 +03:00
Christer Warén
b36f98e5e9 Hide Clean output in logout command 2024-06-19 20:56:27 +03:00
Christer Warén
2f33daaaa7 Code Update 2024-06-16 04:06:43 +03:00
Christer Warén
4e9ae9109e Code Update 2024-06-16 04:03:45 +03:00
Christer Warén
0071b7407d Code Update 2024-06-16 04:01:17 +03:00
Christer Warén
b014dd1990 Code Update 2024-06-16 02:51:29 +03:00
Christer Warén
13e0deb5f5 Code Update 2024-06-03 23:10:36 +03:00
Christer Warén
b5b1b88763 Code Update 2024-06-01 15:27:05 +03:00
Christer Warén
90414af2dc Code Update 2024-06-01 02:09:21 +03:00
Christer Warén
e1b05fbc51 Code Update 2024-06-01 01:53:48 +03:00
Christer Warén
a614d63d1c Code Update 2024-06-01 01:11:20 +03:00
22 changed files with 607 additions and 277 deletions
Expand all files Collapse all files

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License
Copyright (c) 2023-2024 Warén Group
Copyright (c) 2023-2025 Warén Group
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

0
build.sh → maintainer.sh Normal file → Executable file
View File

59
src/commands/login.sh → src/commands/auth/login.sh
View File

@ -1,16 +1,9 @@
wx-login(){
ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
then
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ ! -z $1 ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
@ -20,6 +13,9 @@ wx-login(){
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else
wx-header "Login"
echo "Status: Organization Required"
@ -43,21 +39,9 @@ wx-login(){
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
else
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
@ -73,15 +57,21 @@ wx-login(){
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
@ -90,8 +80,8 @@ wx-login(){
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
@ -100,7 +90,7 @@ wx-login(){
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then
echo -n "Username: "
read USERNAME
@ -108,6 +98,9 @@ wx-login(){
echo "Username: $USERNAME"
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
read -s PASSWORD
echo "****************"
@ -128,11 +121,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wx-start
fi
else
wx-header "Login"
@ -159,11 +150,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wx-start
fi
fi
else

13
src/commands/auth/logout.sh Normal file
View File

@ -0,0 +1,13 @@
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
}

13
src/commands/help.sh
View File

@ -13,12 +13,15 @@ Common Commands:
edit Edit
save Save
sync Sync
clean Clean
keys Keys
generate Generate
delete Delete
sign Sign
retrieve Retrieve
save Save
sync Sync
sign Certificates
delete Delete
clean Clean
Authentication Commands:
login Login
@ -26,8 +29,12 @@ Authentication Commands:
Management Commands:
auto Auto
install Install
clean Clean
settings Settings
Maintenance Commands:
install Install
update Update
";
}

56
src/commands/infra.sh
View File

@ -1,14 +1,41 @@
wx-infra(){
wx-login
wx-ssh-sign &> /dev/null
wx-auto &> /dev/null
wx-header "Infra"
wx-restricted
INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra"
case $USERNAME in
cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
else
INFRA_PATH="$HOME/.warengroup/infra"
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]]
then
echo "Tag Required"
@ -17,15 +44,26 @@ wx-infra(){
then
if [[ -z $2 ]]
then
echo "Tag Required"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
2=init
fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi
fi

3
src/commands/logout.sh
View File

@ -1,3 +0,0 @@
wx-logout(){
wx-header "Logout"
}

0
src/commands/install.sh → src/commands/maintenance/install.sh
View File

8
src/commands/maintenance/uninstall.sh Normal file
View File

@ -0,0 +1,8 @@
wx-uninstall(){
wx-header "Uninstall"
wx-logout
if [[ ! -d "$HOME/.warengroup" ]]
then
rm "$HOME/.warengroup" -rf
fi
}

0
src/commands/update.sh → src/commands/maintenance/update.sh
View File

2
src/commands/auto.sh → src/commands/management/auto.sh
View File

@ -4,5 +4,5 @@ wx-auto(){
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-sign
wx-ssh-keys-sign
}

6
src/commands/management/clean.sh Normal file
View File

@ -0,0 +1,6 @@
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}

0
src/commands/settings.sh → src/commands/management/settings.sh
View File

7
src/commands/ssh.sh
View File

@ -1,13 +1,7 @@
wx-ssh(){
wx-login
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
case $1 in
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
@ -16,7 +10,6 @@ wx-ssh(){
;;
*)
wx-header "SSH"
wx-stop
;;
esac

24
src/commands/ssh/config.sh
View File

@ -1,5 +1,4 @@
wx-ssh-config(){
wx-header "SSH / Config"
wx-restricted
case $1 in
@ -14,6 +13,9 @@ wx-ssh-config(){
sync)
wx-ssh-config-sync
;;
clean)
wx-ssh-config-clean
;;
*)
wx-ssh-config-sync
wx-stop
@ -22,20 +24,40 @@ wx-ssh-config(){
}
wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted
nano ~/.ssh/config
}
wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
}

110
src/commands/ssh/keys.sh
View File

@ -1,5 +1,5 @@
wx-ssh-keys(){
wx-header "SSH / Keys"
wx-restricted
case $1 in
generate)
@ -7,6 +7,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2
wx-ssh-keys-save $2
;;
sign)
wx-ssh-keys-sign
;;
retrieve)
wx-ssh-keys-retrieve $2
;;
@ -17,16 +20,19 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2
;;
delete)
wx-ssh-keys-remove $2
wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;;
*)
wx-ssh-keys-sync
wx-stop
;;
esac
}
wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted
if [[ ! -z $1 ]]
then
@ -37,7 +43,50 @@ wx-ssh-keys-generate(){
fi
}
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
@ -45,12 +94,15 @@ wx-ssh-keys-retrieve(){
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
@ -62,6 +114,56 @@ wx-ssh-keys-save(){
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
echo ""
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}

37
src/commands/ssh/sign.sh
View File

@ -1,37 +0,0 @@
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}

22
src/functions/header.sh
View File

@ -1,6 +1,24 @@
wx-header(){
wx-start
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
echo ">> $1 <<"
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}

5
src/functions/repeat.sh Normal file
View File

@ -0,0 +1,5 @@
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}

20
src/functions/start.sh
View File

@ -1,17 +1,15 @@
wx-start(){
echo ""
echo ""
echo ""
echo "=============================="
echo -n "$wxBold"
echo " Warén CLI "
echo -n "$wxNormal"
echo "=============================="
wx-header "Warén CLI" h1
mkdir -p $HOME/.config/warengroup &> /dev/null
mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.config/warengroup/config.json" ]]
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then
echo '{}' | jq > $HOME/.config/warengroup/config.json
echo '{}' | jq > $HOME/.warengroup/config.json
fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
}

5
src/functions/stop.sh
View File

@ -5,5 +5,10 @@ wx-stop (){
wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
then
wx-logout
fi
exit 1
}

482
wx
View File

@ -20,10 +20,34 @@ wxNormal=$(tput sgr0)
declare -Ax config
wx-header(){
wx-start
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
echo ">> $1 <<"
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}
wx-restricted(){
@ -38,21 +62,19 @@ wx-restricted(){
}
wx-start(){
echo ""
echo ""
echo ""
echo "=============================="
echo -n "$wxBold"
echo " Warén CLI "
echo -n "$wxNormal"
echo "=============================="
wx-header "Warén CLI" h1
mkdir -p $HOME/.config/warengroup &> /dev/null
mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.config/warengroup/config.json" ]]
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then
echo '{}' | jq > $HOME/.config/warengroup/config.json
echo '{}' | jq > $HOME/.warengroup/config.json
fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex
chmod 700 -R $HOME/.ssh/multiplex
}
wx-stop (){
@ -62,18 +84,14 @@ wx-stop (){
wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
then
wx-logout
fi
exit 1
}
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-sign
}
wx-help(){
wx-header "Help"
@ -89,12 +107,15 @@ Common Commands:
edit Edit
save Save
sync Sync
clean Clean
keys Keys
generate Generate
delete Delete
sign Sign
retrieve Retrieve
save Save
sync Sync
sign Certificates
delete Delete
clean Clean
Authentication Commands:
login Login
@ -102,23 +123,54 @@ Authentication Commands:
Management Commands:
auto Auto
install Install
clean Clean
settings Settings
Maintenance Commands:
install Install
update Update
";
}
wx-infra(){
wx-login
wx-ssh-sign &> /dev/null
wx-auto &> /dev/null
wx-header "Infra"
wx-restricted
INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra"
case $USERNAME in
cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
else
INFRA_PATH="$HOME/.warengroup/infra"
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]]
then
echo "Tag Required"
@ -127,15 +179,26 @@ wx-infra(){
then
if [[ -z $2 ]]
then
echo "Tag Required"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
2=init
fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi
fi
@ -146,39 +209,33 @@ wx-infra(){
esac
}
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-ssh(){
wx-login
wx-restricted
case $1 in
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
}
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
wx-welcome(){
wx-header "Welcome"
}
wx-login(){
ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
then
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ ! -z $1 ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
@ -188,6 +245,9 @@ wx-login(){
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else
wx-header "Login"
echo "Status: Organization Required"
@ -211,21 +271,9 @@ wx-login(){
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
else
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
@ -241,15 +289,21 @@ wx-login(){
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
@ -258,8 +312,8 @@ wx-login(){
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
@ -268,7 +322,7 @@ wx-login(){
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then
echo -n "Username: "
read USERNAME
@ -276,6 +330,9 @@ wx-login(){
echo "Username: $USERNAME"
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
read -s PASSWORD
echo "****************"
@ -296,11 +353,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wx-start
fi
else
wx-header "Login"
@ -327,11 +382,9 @@ wx-login(){
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wx-start
fi
fi
else
@ -344,35 +397,45 @@ wx-login(){
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
}
wx-settings(){
wx-login
wx-header "Settings"
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
}
wx-ssh(){
wx-login
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
case $1 in
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
wx-uninstall(){
wx-header "Uninstall"
wx-logout
if [[ ! -d "$HOME/.warengroup" ]]
then
rm "$HOME/.warengroup" -rf
fi
}
wx-update(){
@ -380,12 +443,28 @@ wx-update(){
wx-install --update
}
wx-welcome(){
wx-header "Welcome"
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-keys-sign
}
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
}
wx-settings(){
wx-login
wx-header "Settings"
}
wx-ssh-config(){
wx-header "SSH / Config"
wx-restricted
case $1 in
@ -400,6 +479,9 @@ wx-ssh-config(){
sync)
wx-ssh-config-sync
;;
clean)
wx-ssh-config-clean
;;
*)
wx-ssh-config-sync
wx-stop
@ -408,26 +490,46 @@ wx-ssh-config(){
}
wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted
nano ~/.ssh/config
}
wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
}
wx-ssh-keys(){
wx-header "SSH / Keys"
wx-restricted
case $1 in
generate)
@ -435,6 +537,9 @@ wx-ssh-keys(){
wx-ssh-keys-generate $2
wx-ssh-keys-save $2
;;
sign)
wx-ssh-keys-sign
;;
retrieve)
wx-ssh-keys-retrieve $2
;;
@ -445,16 +550,19 @@ wx-ssh-keys(){
wx-ssh-keys-sync $2
;;
delete)
wx-ssh-keys-remove $2
wx-ssh-keys-delete $2
;;
clean)
wx-ssh-keys-clean $2
;;
*)
wx-ssh-keys-sync
wx-stop
;;
esac
}
wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted
if [[ ! -z $1 ]]
then
@ -465,54 +573,25 @@ wx-ssh-keys-generate(){
fi
}
wx-ssh-keys-retrieve(){
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ ! -z $1 ]]
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
fi
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-save(){
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-restricted
echo ""
}
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
@ -532,6 +611,93 @@ wx-ssh-sign-create(){
fi
}
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
then