543 lines
14 KiB
Bash
Executable File
543 lines
14 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ ! "$BASH_VERSION" ] ; then
|
|
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
|
|
exit 1
|
|
fi
|
|
|
|
wxRed=$(tput setaf 196)
|
|
wxGreen=$(tput setaf 46)
|
|
wxYellow=$(tput setaf 226)
|
|
wxBlue=$(tput setaf 21)
|
|
wxPurple=$(tput setaf 165)
|
|
wxTurquoise=$(tput setaf 14)
|
|
wxPink=$(tput setaf 198)
|
|
wxOrange=$(tput setaf 202)
|
|
wxUnderline=$(tput smul)
|
|
wxBold=$(tput bold)
|
|
wxNormal=$(tput sgr0)
|
|
|
|
declare -Ax config
|
|
|
|
wx-header(){
|
|
wx-start
|
|
|
|
echo ">> $1 <<"
|
|
echo "------------------------------"
|
|
}
|
|
|
|
wx-restricted(){
|
|
if [[ $USER == "root" || $USER == "local" ]]
|
|
then
|
|
echo "Status: Command Restricted"
|
|
echo " "
|
|
echo " "
|
|
echo " "
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
wx-start(){
|
|
echo ""
|
|
echo ""
|
|
echo ""
|
|
echo "=============================="
|
|
echo -n "$wxBold"
|
|
echo " Warén CLI "
|
|
echo -n "$wxNormal"
|
|
echo "=============================="
|
|
|
|
mkdir -p $HOME/.config/warengroup &> /dev/null
|
|
|
|
if [[ ! -f "$HOME/.config/warengroup/config.json" ]]
|
|
then
|
|
echo '{}' | jq > $HOME/.config/warengroup/config.json
|
|
fi
|
|
}
|
|
|
|
wx-stop (){
|
|
echo " "
|
|
echo " "
|
|
echo " "
|
|
|
|
wx-install --auto
|
|
|
|
exit 1
|
|
}
|
|
|
|
wx-auto(){
|
|
wx-login
|
|
wx-header "Auto"
|
|
|
|
wx-ssh-config-sync
|
|
wx-ssh-keys-sync
|
|
wx-ssh-sign
|
|
}
|
|
|
|
wx-help(){
|
|
|
|
wx-header "Help"
|
|
|
|
echo -n "
|
|
Usage: $0 COMMAND [OPTIONS]
|
|
|
|
Common Commands:
|
|
init Init
|
|
help Help
|
|
ssh SSH
|
|
config Config
|
|
edit Edit
|
|
save Save
|
|
sync Sync
|
|
keys Keys
|
|
generate Generate
|
|
delete Delete
|
|
save Save
|
|
sync Sync
|
|
sign Certificates
|
|
|
|
Authentication Commands:
|
|
login Login
|
|
logout Logout
|
|
|
|
Management Commands:
|
|
auto Auto
|
|
install Install
|
|
settings Settings
|
|
";
|
|
|
|
}
|
|
|
|
wx-infra(){
|
|
wx-login
|
|
wx-ssh-sign &> /dev/null
|
|
|
|
wx-header "Infra"
|
|
wx-restricted
|
|
|
|
INFRA_PATH="/home/cwchristerw/Desktop/Work in Progress/Programming/warengroup/infra"
|
|
|
|
case $USERNAME in
|
|
cwchristerw)
|
|
if [[ -z $1 ]]
|
|
then
|
|
echo "Tag Required"
|
|
else
|
|
if [[ $1 == "init" ]]
|
|
then
|
|
if [[ -z $2 ]]
|
|
then
|
|
echo "Tag Required"
|
|
else
|
|
cd "$INFRA_PATH"
|
|
ansible-playbook --vault-id warengroup@vault/warengroup playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
|
|
cd "$OLDPWD"
|
|
fi
|
|
else
|
|
cd "$INFRA_PATH"
|
|
ansible-playbook --vault-id warengroup@vault/warengroup playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
|
|
cd "$OLDPWD"
|
|
fi
|
|
fi
|
|
;;
|
|
*)
|
|
echo "User Unsupported"
|
|
;;
|
|
esac
|
|
}
|
|
|
|
wx-install(){
|
|
if [[ -z $1 ]]
|
|
then
|
|
wx-header "Install"
|
|
fi
|
|
|
|
wx-restricted
|
|
|
|
if [[ -f "./wx" ]] && [[ -d "./src" ]]
|
|
then
|
|
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
|
|
mv wx.tmp wx &> /dev/null
|
|
chmod +x wx &> /dev/null
|
|
fi
|
|
|
|
mkdir $HOME/bin &> /dev/null
|
|
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
|
|
chmod +x $HOME/bin/wx &> /dev/null
|
|
}
|
|
|
|
wx-login(){
|
|
ORG=$1
|
|
|
|
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
|
|
then
|
|
wx-header "Login"
|
|
echo "Status: Hostname Required"
|
|
wx-stop
|
|
fi
|
|
|
|
if [[ ! -z $1 ]]
|
|
then
|
|
ORG=$1
|
|
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
|
then
|
|
ORG=warengroup
|
|
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
|
|
then
|
|
ORG=cwinfo
|
|
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
|
then
|
|
ORG=cwchristerw
|
|
else
|
|
wx-header "Login"
|
|
echo "Status: Organization Required"
|
|
wx-stop
|
|
fi
|
|
|
|
if [[ $ORG == "warengroup" ]]
|
|
then
|
|
DOMAIN=waren.io
|
|
elif [[ $ORG == "cwinfo" ]]
|
|
then
|
|
DOMAIN=cwinfo.net
|
|
elif [[ $ORG == "cwchristerw" ]]
|
|
then
|
|
DOMAIN=christerwaren.fi
|
|
else
|
|
wx-header "Login"
|
|
echo "Status: Organization Unsupported"
|
|
wx-stop
|
|
fi
|
|
|
|
FOLDER=$ORG
|
|
DEVICE_DOMAIN="devices.$DOMAIN"
|
|
IDM_DOMAIN="idm.cwinfo.net"
|
|
VAULT_DOMAIN="vault.cwinfo.net"
|
|
|
|
if [[ ! -z $2 ]]
|
|
then
|
|
HOSTNAME="$2.$DEVICE_DOMAIN"
|
|
elif [[ $(hostname -d) ]]
|
|
then
|
|
HOSTNAME=$(hostname --fqdn)
|
|
else
|
|
wx-header "Login"
|
|
echo "Status: Hostname Required"
|
|
wx-stop
|
|
fi
|
|
|
|
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
|
then
|
|
if [[ -z $SUDO_USER ]]
|
|
then
|
|
if [[ -z LOGNAME ]]
|
|
then
|
|
wx-header "Login"
|
|
echo "Status: Username Required"
|
|
wx-stop
|
|
else
|
|
USERNAME=$LOGNAME
|
|
fi
|
|
else
|
|
USERNAME=$SUDO_USER
|
|
fi
|
|
fi
|
|
|
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
|
|
if [[ $VAULT_STATUS -eq 200 ]]
|
|
then
|
|
|
|
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
|
|
then
|
|
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
|
|
fi
|
|
|
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
|
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
|
|
then
|
|
config["login",${ORG}]=$VAULT_LOGIN
|
|
if [[ $USER != "root" && $USER != "local" ]]
|
|
then
|
|
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
|
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
|
fi
|
|
else
|
|
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
|
if [[ $IDM_STATUS -eq 301 ]]
|
|
then
|
|
wx-header "Login"
|
|
echo $wxBold$ORG$wxNormal
|
|
|
|
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
|
|
then
|
|
echo -n "Username: "
|
|
read USERNAME
|
|
else
|
|
echo "Username: $USERNAME"
|
|
fi
|
|
|
|
echo -n "Password: "
|
|
read -s PASSWORD
|
|
echo "****************"
|
|
|
|
if [[ -z $USERNAME || -z $PASSWORD ]]
|
|
then
|
|
echo "Status: Username & Password Required"
|
|
wx-stop
|
|
else
|
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
|
|
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
|
then
|
|
echo "Status: Login Failed"
|
|
wx-stop
|
|
fi
|
|
|
|
config["login",${ORG}]=$VAULT_LOGIN
|
|
|
|
if [[ $USER != "root" && $USER != "local" ]]
|
|
then
|
|
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
|
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
|
fi
|
|
|
|
wx-start
|
|
fi
|
|
else
|
|
wx-header "Login"
|
|
echo $wxBold$ORG$wxNormal
|
|
|
|
echo -n "Token: "
|
|
read -s TOKEN
|
|
echo "****************"
|
|
|
|
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
|
|
then
|
|
echo "Status: Vault Token Required"
|
|
wx-stop
|
|
fi
|
|
|
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
|
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
|
then
|
|
echo "Status: Login Failed"
|
|
wx-stop
|
|
fi
|
|
|
|
config["login",${ORG}]=$VAULT_LOGIN
|
|
|
|
if [[ $USER != "root" && $USER != "local" ]]
|
|
then
|
|
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
|
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
|
fi
|
|
|
|
wx-start
|
|
fi
|
|
fi
|
|
else
|
|
wx-header "Login"
|
|
echo $wxBold$ORG$wxNormal
|
|
echo "Status: Vault Offline"
|
|
wx-stop
|
|
fi
|
|
}
|
|
|
|
wx-logout(){
|
|
wx-header "Logout"
|
|
}
|
|
|
|
wx-settings(){
|
|
wx-login
|
|
wx-header "Settings"
|
|
}
|
|
|
|
wx-ssh(){
|
|
wx-login
|
|
|
|
mkdir -p $HOME/.ssh/keys
|
|
chmod 700 -R $HOME/.ssh/keys
|
|
|
|
case $1 in
|
|
sign)
|
|
wx-ssh-sign
|
|
;;
|
|
keys)
|
|
wx-ssh-keys $2 $3
|
|
;;
|
|
config)
|
|
wx-ssh-config $2
|
|
;;
|
|
*)
|
|
wx-header "SSH"
|
|
|
|
wx-stop
|
|
;;
|
|
esac
|
|
}
|
|
|
|
wx-update(){
|
|
wx-header "Update"
|
|
wx-install --update
|
|
}
|
|
|
|
wx-welcome(){
|
|
wx-header "Welcome"
|
|
}
|
|
|
|
wx-ssh-config(){
|
|
wx-header "SSH / Config"
|
|
wx-restricted
|
|
|
|
case $1 in
|
|
edit)
|
|
wx-ssh-config-sync
|
|
wx-ssh-config-edit
|
|
wx-ssh-config-save
|
|
;;
|
|
save)
|
|
wx-ssh-config-save
|
|
;;
|
|
sync)
|
|
wx-ssh-config-sync
|
|
;;
|
|
*)
|
|
wx-ssh-config-sync
|
|
wx-stop
|
|
;;
|
|
esac
|
|
}
|
|
|
|
wx-ssh-config-edit(){
|
|
wx-restricted
|
|
nano ~/.ssh/config
|
|
}
|
|
|
|
wx-ssh-config-save(){
|
|
wx-restricted
|
|
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
|
|
}
|
|
|
|
wx-ssh-config-sync(){
|
|
wx-restricted
|
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
|
if [[ $VAULT_STATUS -eq 200 ]]
|
|
then
|
|
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
|
|
fi
|
|
}
|
|
|
|
wx-ssh-keys(){
|
|
wx-header "SSH / Keys"
|
|
|
|
case $1 in
|
|
generate)
|
|
wx-ssh-keys-retrieve $2
|
|
wx-ssh-keys-generate $2
|
|
wx-ssh-keys-save $2
|
|
;;
|
|
retrieve)
|
|
wx-ssh-keys-retrieve $2
|
|
;;
|
|
save)
|
|
wx-ssh-keys-save $2
|
|
;;
|
|
sync)
|
|
wx-ssh-keys-sync $2
|
|
;;
|
|
delete)
|
|
wx-ssh-keys-remove $2
|
|
;;
|
|
*)
|
|
wx-ssh-keys-sync
|
|
wx-stop
|
|
;;
|
|
esac
|
|
}
|
|
|
|
wx-ssh-keys-generate(){
|
|
wx-restricted
|
|
if [[ ! -z $1 ]]
|
|
then
|
|
if [[ ! -f "$HOME/.ssh/keys/$1" ]]
|
|
then
|
|
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null
|
|
fi
|
|
fi
|
|
}
|
|
|
|
wx-ssh-keys-retrieve(){
|
|
wx-restricted
|
|
if [[ ! -z $1 ]]
|
|
then
|
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
|
|
if [[ $VAULT_STATUS -eq 200 ]]
|
|
then
|
|
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
|
|
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
wx-ssh-keys-save(){
|
|
wx-restricted
|
|
if [[ ! -z $1 ]]
|
|
then
|
|
if [[ -f "$HOME/.ssh/keys/$1" ]]
|
|
then
|
|
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
|
|
fi
|
|
fi
|
|
}
|
|
|
|
wx-ssh-keys-sync(){
|
|
wx-restricted
|
|
echo ""
|
|
}
|
|
|
|
wx-ssh-sign(){
|
|
wx-header "SSH / Sign"
|
|
wx-restricted
|
|
|
|
if [[ $ORG == "warengroup" ]]
|
|
then
|
|
wx-ssh-sign-create warengroup sysadmin 3600
|
|
elif [[ $ORG == "cwinfo" ]]
|
|
then
|
|
wx-ssh-sign-create cwinfo sysadmin 3600
|
|
elif [[ $ORG == "cwchristerw" ]]
|
|
then
|
|
wx-ssh-sign-create warengroup sysadmin 3600
|
|
wx-ssh-sign-create cwinfo sysadmin 3600
|
|
wx-ssh-sign-create cwchristerw sysadmin 3600
|
|
fi
|
|
}
|
|
|
|
wx-ssh-sign-create(){
|
|
wx-restricted
|
|
|
|
NAME=$1
|
|
ROLE=$2
|
|
PRINCIPALS=$2
|
|
TTL=$3
|
|
|
|
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
|
|
then
|
|
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
|
|
fi
|
|
|
|
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
|
|
then
|
|
echo "$NAME/$ROLE"
|
|
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
|
|
fi
|
|
}
|
|
|
|
|
|
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
|
|
then
|
|
wx-$1 $2 $3 $4 $5 $6 $7 $8 $9
|
|
else
|
|
wx-welcome
|
|
fi
|
|
wx-stop
|