wx/wx
Christer Warén e36265403e Code Update
2024-06-01 00:28:18 +03:00

543 lines
14 KiB
Bash
Executable File

#!/bin/bash
if [ ! "$BASH_VERSION" ] ; then
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
wxRed=$(tput setaf 196)
wxGreen=$(tput setaf 46)
wxYellow=$(tput setaf 226)
wxBlue=$(tput setaf 21)
wxPurple=$(tput setaf 165)
wxTurquoise=$(tput setaf 14)
wxPink=$(tput setaf 198)
wxOrange=$(tput setaf 202)
wxUnderline=$(tput smul)
wxBold=$(tput bold)
wxNormal=$(tput sgr0)
declare -Ax config
wx-header(){
wx-start
echo ">> $1 <<"
echo "------------------------------"
}
wx-restricted(){
if [[ $USER == "root" || $USER == "local" ]]
then
echo "Status: Command Restricted"
echo " "
echo " "
echo " "
exit 1
fi
}
wx-start(){
echo ""
echo ""
echo ""
echo "=============================="
echo -n "$wxBold"
echo " Warén CLI "
echo -n "$wxNormal"
echo "=============================="
mkdir -p $HOME/.config/warengroup &> /dev/null
if [[ ! -f "$HOME/.config/warengroup/config.json" ]]
then
echo '{}' | jq > $HOME/.config/warengroup/config.json
fi
}
wx-stop (){
echo " "
echo " "
echo " "
wx-install --auto
exit 1
}
wx-auto(){
wx-login
wx-header "Auto"
wx-ssh-config-sync
wx-ssh-keys-sync
wx-ssh-sign
}
wx-help(){
wx-header "Help"
echo -n "
Usage: $0 COMMAND [OPTIONS]
Common Commands:
init Init
help Help
ssh SSH
config Config
edit Edit
save Save
sync Sync
keys Keys
generate Generate
delete Delete
save Save
sync Sync
sign Certificates
Authentication Commands:
login Login
logout Logout
Management Commands:
auto Auto
install Install
settings Settings
";
}
wx-infra(){
wx-login
wx-ssh-sign &> /dev/null
wx-header "Infra"
wx-restricted
INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra"
case $USERNAME in
cwchristerw)
if [[ -z $1 ]]
then
echo "Tag Required"
else
if [[ $1 == "init" ]]
then
if [[ -z $2 ]]
then
echo "Tag Required"
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi
else
cd "$INFRA_PATH"
ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
fi
fi
;;
*)
echo "User Unsupported"
;;
esac
}
wx-install(){
if [[ -z $1 ]]
then
wx-header "Install"
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
}
wx-login(){
ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
then
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ ! -z $1 ]]
then
ORG=$1
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
then
ORG=cwinfo
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
else
wx-header "Login"
echo "Status: Organization Required"
wx-stop
fi
if [[ $ORG == "warengroup" ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
wx-header "Login"
echo "Status: Organization Unsupported"
wx-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
else
wx-header "Login"
echo "Status: Hostname Required"
wx-stop
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
wx-header "Login"
echo "Status: Username Required"
wx-stop
else
USERNAME=$LOGNAME
fi
else
USERNAME=$SUDO_USER
fi
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
then
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
then
echo -n "Username: "
read USERNAME
else
echo "Username: $USERNAME"
fi
echo -n "Password: "
read -s PASSWORD
echo "****************"
if [[ -z $USERNAME || -z $PASSWORD ]]
then
echo "Status: Username & Password Required"
wx-stop
else
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi
wx-start
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo -n "Token: "
read -s TOKEN
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
echo "Status: Vault Token Required"
wx-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
fi
wx-start
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo "Status: Vault Offline"
wx-stop
fi
}
wx-logout(){
wx-header "Logout"
}
wx-settings(){
wx-login
wx-header "Settings"
}
wx-ssh(){
wx-login
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
case $1 in
sign)
wx-ssh-sign
;;
keys)
wx-ssh-keys $2 $3
;;
config)
wx-ssh-config $2
;;
*)
wx-header "SSH"
wx-stop
;;
esac
}
wx-update(){
wx-header "Update"
wx-install --update
}
wx-welcome(){
wx-header "Welcome"
}
wx-ssh-config(){
wx-header "SSH / Config"
wx-restricted
case $1 in
edit)
wx-ssh-config-sync
wx-ssh-config-edit
wx-ssh-config-save
;;
save)
wx-ssh-config-save
;;
sync)
wx-ssh-config-sync
;;
*)
wx-ssh-config-sync
wx-stop
;;
esac
}
wx-ssh-config-edit(){
wx-restricted
nano ~/.ssh/config
}
wx-ssh-config-save(){
wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
fi
}
wx-ssh-keys(){
wx-header "SSH / Keys"
case $1 in
generate)
wx-ssh-keys-retrieve $2
wx-ssh-keys-generate $2
wx-ssh-keys-save $2
;;
retrieve)
wx-ssh-keys-retrieve $2
;;
save)
wx-ssh-keys-save $2
;;
sync)
wx-ssh-keys-sync $2
;;
delete)
wx-ssh-keys-remove $2
;;
*)
wx-ssh-keys-sync
wx-stop
;;
esac
}
wx-ssh-keys-generate(){
wx-restricted
if [[ ! -z $1 ]]
then
if [[ ! -f "$HOME/.ssh/keys/$1" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null
fi
fi
}
wx-ssh-keys-retrieve(){
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
fi
fi
}
wx-ssh-keys-save(){
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-restricted
echo ""
}
wx-ssh-sign(){
wx-header "SSH / Sign"
wx-restricted
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
then
wx-$1 $2 $3 $4 $5 $6 $7 $8 $9
else
wx-welcome
fi
wx-stop