332 lines
8.6 KiB
Bash
Executable File
332 lines
8.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ ! "$BASH_VERSION" ] ; then
|
|
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
|
|
exit 1
|
|
fi
|
|
|
|
wxRed=$(tput setaf 196)
|
|
wxGreen=$(tput setaf 46)
|
|
wxYellow=$(tput setaf 226)
|
|
wxBlue=$(tput setaf 21)
|
|
wxPurple=$(tput setaf 165)
|
|
wxTurquoise=$(tput setaf 14)
|
|
wxPink=$(tput setaf 198)
|
|
wxOrange=$(tput setaf 202)
|
|
wxUnderline=$(tput smul)
|
|
wxBold=$(tput bold)
|
|
wxNormal=$(tput sgr0)
|
|
|
|
declare -Ax config
|
|
|
|
wx-login(){
|
|
echo " >> Login << "
|
|
echo "------------------------------"
|
|
|
|
ORG=$1
|
|
|
|
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
|
|
then
|
|
wx-stop
|
|
fi
|
|
|
|
if [[ $(hostname -d) == "devices.waren.io" ]]
|
|
then
|
|
ORG=warengroup
|
|
elif [[ $(hostname -d) == "devices.cwinfo.net" || $(hostname -d) == "fr1.servers.devices.cwinfo.net" ]]
|
|
then
|
|
ORG=cwinfo
|
|
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
|
|
then
|
|
ORG=cwchristerw
|
|
elif [[ -z $ORG ]]
|
|
then
|
|
echo -n "Status: Organization Required"
|
|
wx-stop
|
|
fi
|
|
|
|
if [[ $ORG == "warengroup" ]]
|
|
then
|
|
DOMAIN=waren.io
|
|
elif [[ $ORG == "cwinfo" ]]
|
|
then
|
|
DOMAIN=cwinfo.net
|
|
elif [[ $ORG == "cwchristerw" ]]
|
|
then
|
|
DOMAIN=christerwaren.fi
|
|
else
|
|
echo -n "Status: Organization Unsupported"
|
|
wx-stop
|
|
fi
|
|
|
|
FOLDER=$ORG
|
|
DEVICE_DOMAIN="devices.$DOMAIN"
|
|
IDM_DOMAIN="idm.cwinfo.net"
|
|
VAULT_DOMAIN="vault.cwinfo.net"
|
|
GIT_DOMAIN="git.cwinfo.net"
|
|
|
|
if [[ $(hostname -d) ]]
|
|
then
|
|
HOSTNAME=$(hostname --fqdn)
|
|
elif [[ -z $(hostname -d) ]] && [[ ! -z $2 ]]
|
|
then
|
|
HOSTNAME="$2.$DEVICE_DOMAIN"
|
|
else
|
|
echo -n "Status: Hostname Required"
|
|
wx-stop
|
|
fi
|
|
|
|
if [[ -z $USER ]]
|
|
then
|
|
if [[ -z $SUDO_USER ]]
|
|
then
|
|
if [[ -z LOGNAME ]]
|
|
then
|
|
echo -n "Status: Username Required"
|
|
wx-stop
|
|
else
|
|
USER=$LOGNAME
|
|
fi
|
|
else
|
|
USER=$SUDO_USER
|
|
fi
|
|
fi
|
|
|
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
|
|
if [[ $VAULT_STATUS -eq 200 ]]
|
|
then
|
|
if [[ -f "$HOME/.config/warengroup/login.json" ]]
|
|
then
|
|
TOKEN="$(cat $HOME/.config/warengroup/login.json | jq -r .$ORG)"
|
|
fi
|
|
|
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
|
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
|
|
then
|
|
echo $wxBold$ORG$wxNormal
|
|
|
|
echo -n "Username: "
|
|
echo $(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $VAULT_LOGIN" -s | jq -r '.data.meta.username')
|
|
|
|
echo -n "Token: "
|
|
echo "****************"
|
|
|
|
config[${ORG}]=$VAULT_LOGIN
|
|
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json
|
|
|
|
wx-start
|
|
else
|
|
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
|
if [[ $IDM_STATUS -eq 301 ]]
|
|
then
|
|
echo $wxBold$ORG$wxNormal
|
|
|
|
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
|
then
|
|
echo -n "Username: "
|
|
read USERNAME
|
|
else
|
|
echo "Username: $USER"
|
|
USERNAME=$USER
|
|
fi
|
|
|
|
echo -n "Password: "
|
|
read -s PASSWORD
|
|
echo "****************"
|
|
|
|
if [[ -z $USERNAME || -z $PASSWORD ]]
|
|
then
|
|
echo -n "Status: Username & Password Required"
|
|
wx-stop
|
|
else
|
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
|
|
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
|
then
|
|
echo -n "Status: Login Failed"
|
|
wx-stop
|
|
fi
|
|
|
|
config[${ORG}]=$VAULT_LOGIN
|
|
|
|
mkdir -p $HOME/.config/warengroup &> /dev/null
|
|
touch $HOME/.config/warengroup/login.json &> /dev/null
|
|
|
|
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json
|
|
|
|
wx-start
|
|
fi
|
|
else
|
|
echo $wxBold$ORG$wxNormal
|
|
|
|
echo -n "Token: "
|
|
read -s TOKEN
|
|
echo "****************"
|
|
|
|
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
|
|
then
|
|
echo -n "Status: Vault Token Required"
|
|
wx-stop
|
|
fi
|
|
|
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
|
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
|
then
|
|
echo -n "Status: Login Failed"
|
|
wx-stop
|
|
fi
|
|
|
|
config[${ORG}]=$VAULT_LOGIN
|
|
|
|
mkdir -p $HOME/.config/warengroup &> /dev/null
|
|
touch $HOME/.config/warengroup/login.json &> /dev/null
|
|
|
|
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json
|
|
|
|
wx-start
|
|
fi
|
|
fi
|
|
else
|
|
echo $wxBold$ORG$wxNormal
|
|
|
|
echo -n "Status: Vault Offline"
|
|
wx-stop
|
|
fi
|
|
}
|
|
|
|
wx-start(){
|
|
echo ""
|
|
echo ""
|
|
echo ""
|
|
echo "=============================="
|
|
echo -n "$wxBold"
|
|
echo " Warén CLI "
|
|
echo -n "$wxNormal"
|
|
echo "=============================="
|
|
}
|
|
|
|
wx-stop (){
|
|
echo " "
|
|
echo " "
|
|
echo " "
|
|
if [[ -f "./wx" ]] && [[ -d "./src" ]]
|
|
then
|
|
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
|
|
mv wx.tmp wx &> /dev/null
|
|
chmod +x wx &> /dev/null
|
|
fi
|
|
|
|
mkdir $HOME/bin &> /dev/null
|
|
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
|
|
chmod +x $HOME/bin/wx &> /dev/null
|
|
|
|
exit 1
|
|
}
|
|
|
|
wx-help(){
|
|
|
|
echo " >> Help << "
|
|
echo "------------------------------"
|
|
|
|
echo -n "
|
|
Usage: $0 COMMAND [OPTIONS]
|
|
|
|
Common Commands:
|
|
init Init
|
|
ssh SSH
|
|
config Config
|
|
sign Certificates
|
|
|
|
Management Commands:
|
|
settings Settings
|
|
";
|
|
|
|
}
|
|
|
|
wx-settings(){
|
|
wx-login
|
|
|
|
echo " >> Settings << "
|
|
echo "------------------------------"
|
|
}
|
|
|
|
wx-ssh(){
|
|
wx-login
|
|
|
|
case $1 in
|
|
sign)
|
|
wx-ssh-sign
|
|
;;
|
|
config)
|
|
wx-ssh-config
|
|
;;
|
|
*)
|
|
echo " >> SSH << "
|
|
echo "------------------------------"
|
|
|
|
wx-stop
|
|
;;
|
|
esac
|
|
}
|
|
|
|
wx-welcome(){
|
|
echo " >> Welcome << "
|
|
echo "------------------------------"
|
|
}
|
|
|
|
wx-ssh-config(){
|
|
echo " >> SSH << "
|
|
echo " Config "
|
|
echo "------------------------------"
|
|
}
|
|
|
|
wx-ssh-sign(){
|
|
echo " >> SSH << "
|
|
echo " Sign "
|
|
echo "------------------------------"
|
|
|
|
if [[ $ORG == "warengroup" ]]
|
|
then
|
|
wx-ssh-sign-create warengroup sysadmin 3600
|
|
elif [[ $ORG == "cwinfo" ]]
|
|
then
|
|
wx-ssh-sign-create cwinfo sysadmin 3600
|
|
elif [[ $ORG == "cwchristerw" ]]
|
|
then
|
|
wx-ssh-sign-create warengroup sysadmin 3600
|
|
wx-ssh-sign-create cwinfo sysadmin 3600
|
|
wx-ssh-sign-create cwchristerw sysadmin 3600
|
|
fi
|
|
}
|
|
|
|
wx-ssh-sign-create(){
|
|
mkdir -p $HOME/.ssh/keys
|
|
chmod 700 $HOME/.ssh/keys
|
|
chmod 600 $HOME/.ssh/keys/*
|
|
|
|
NAME=$1
|
|
ROLE=$2
|
|
PRINCIPALS=$2
|
|
TTL=$3
|
|
|
|
if [[ ! -f "$HOME/.ssh/keys/$NAME-ed25519" ]]
|
|
then
|
|
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME-ed25519 -q -N "" &> /dev/null
|
|
fi
|
|
|
|
if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]]
|
|
then
|
|
echo "$NAME/$ROLE"
|
|
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1
|
|
fi
|
|
}
|
|
|
|
|
|
wx-start
|
|
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
|
|
then
|
|
wx-$1 $2 $3 $4 $5 $6 $7 $8 $9
|
|
else
|
|
wx-welcome
|
|
fi
|
|
wx-stop
|