wx-login(){ wxi-header "Login" wxi-restricted --user wxi-restricted --org wxi-restricted --vault wxi-header "$ORG_HEADER" h3 if [[ ! -z ${args['auth-method']} ]] then AUTH_METHOD=${args['auth-method']} elif [[ ! -z ${args['token']} ]] then AUTH_METHOD=token elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] then AUTH_METHOD=token elif [[ ! -z ${args['username']} ]] then AUTH_METHOD=ldap else AUTH_METHOD=ldap fi if [[ ! -z $AUTH_METHOD ]] then case $AUTH_METHOD in ldap) echo -n "Username: " if [[ ! -z ${args['username']} ]] then USERNAME=${args['username']} wxi-content text "$USERNAME" else read USERNAME fi echo -n "Password: " if [[ ! -z ${args['password']} ]] then PASSWORD=${args['password']} else read -s PASSWORD fi if [[ ! -z $PASSWORD ]] then wxi-content text "****************" else wxi-content text "" fi if [[ -z $USERNAME || -z $PASSWORD ]] then wxi-content status "Username & Password" "Required" wxi-footer wxi-stop fi VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] then wxi-content status "Login" "Failed" wxi-footer wxi-stop fi TOKEN=$VAULT_LOGIN wxi-config login ;; token) echo -n "Token: " if [[ ! -z ${args['token']} ]] then if [[ ${args['token']} != "true" ]] then TOKEN=${args['token']} fi elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]] then TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) else read -s TOKEN fi if [[ ! -z $TOKEN ]] then wxi-content text "***********************************************************************************************" fi if [[ -z $TOKEN ]] then wxi-content status "Token" "Required" wxi-footer wxi-stop fi if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] then wxi-content status "Token" "Invalid" wxi-footer wxi-stop fi VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] then wxi-content status "Login" "Failed" wxi-footer wx-logout &> /dev/null wx-login #wxi-stop fi TOKEN=$VAULT_LOGIN wxi-config login ;; *) wxi-content status "Login Type" "Unsupported" wxi-footer wxi-stop ;; esac fi VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name') if [[ -z $VAULT_USERNAME ]] then wxi-content status "Login" "Username Missing" wxi-stop elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]] then wxi-content status "Login" "Authentication Method Invalid" wxi-stop elif [[ $VAULT_USERNAME == ldap* ]] then USERNAME=${VAULT_USERNAME#ldap-} elif [[ $VAULT_USERNAME == oidc* ]] then USERNAME=${VAULT_USERNAME#oidc-} fi wxi-footer }