warengroup/wx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cc1cc6e39f
wx/wx
Christer Warén cc1cc6e39f Source Update
2024-04-29 07:22:08 +03:00

412 lines
11 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
if [ ! "$BASH_VERSION" ] ; then
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
wxRed=$(tput setaf 196)
wxGreen=$(tput setaf 46)
wxYellow=$(tput setaf 226)
wxBlue=$(tput setaf 21)
wxPurple=$(tput setaf 165)
wxTurquoise=$(tput setaf 14)
wxPink=$(tput setaf 198)
wxOrange=$(tput setaf 202)
wxUnderline=$(tput smul)
wxItalic=$(tput sitm)
wxBold=$(tput bold)
wxNormal=$(tput sgr0)
declare -Ax config
wx-login(){
echo -n "$wxItalic"
echo " >> Login << "
echo -n "$wxNormal";
echo "------------------------------"
ORG=$1
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then
wx-stop
fi
if [[ $(hostname -d) == "devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) == "devices.cwinfo.net" ]]
then
ORG=cwinfo
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ -z $ORG ]]
then
echo -n "Status: "
echo -n $wxItalic
echo -n "Organization Required"
echo -n $wxNormal
wx-stop
fi
if [[ $ORG == "warengroup" ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
echo -n "Status: "
echo -n $wxItalic
echo -n "Organization Unsupported"
echo -n $wxNormal
wx-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net"
VAULT_DOMAIN="vault.cwinfo.net"
GIT_DOMAIN="git.cwinfo.net"
if [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
elif [[ -z $(hostname -d) ]] && [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
else
echo -n "Status: "
echo -n $wxItalic
echo -n "Hostname Required"
echo -n $wxNormal
wx-stop
fi
if [[ -z $USER ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
echo -n "Status: "
echo -n $wxItalic
echo -n "Username Required"
echo -n $wxNormal
wx-stop
else
USER=$LOGNAME
fi
else
USER=$SUDO_USER
fi
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ -f "$HOME/.config/warengroup/login.json" ]]
then
TOKEN="$(cat $HOME/.config/warengroup/login.json | jq -r .$ORG)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then
echo -n $wxBold
echo -n $ORG
echo $wxNormal
echo -n "Username: "
echo -n $wxItalic
echo -n $(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $VAULT_LOGIN" -s | jq -r '.data.meta.username')
echo $wxNormal
echo -n "Token: "
echo -n $wxItalic
echo -n "****************"
echo $wxNormal
config[${ORG}]=$VAULT_LOGIN
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json
wx-start
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
echo -n $wxBold
echo -n $ORG
echo $wxNormal
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
echo -n "Username: "
echo -n $wxItalic
read USERNAME
echo -n $wxNormal
else
echo -n "Username: "
echo -n $wxItalic
echo -n $USER
echo $wxNormal
USERNAME=$USER
fi
echo -n "Password: "
echo -n $wxItalic
read -s PASSWORD
echo -n "****************"
echo $wxNormal
if [[ -z $USERNAME || -z $PASSWORD ]]
then
echo -n "Status: "
echo -n $wxItalic
echo -n "Username & Password Required"
echo -n $wxNormal
wx-stop
else
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo -n "Status: "
echo -n $wxItalic
echo -n "Login Failed"
echo -n $wxNormal
wx-stop
fi
fi
config[${ORG}]=$VAULT_LOGIN
mkdir -p $HOME/.config/warengroup &> /dev/null
touch $HOME/.config/warengroup/login.json &> /dev/null
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json
wx-start
else
echo -n $wxBold
echo -n $ORG
echo $wxNormal
echo -n "Token: "
read -s TOKEN
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
echo -n "Status: "
echo -n $wxItalic
echo -n "Vault Token Required"
echo -n $wxNormal
wx-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo -n "Status: "
echo -n $wxItalic
echo -n "Login Failed"
echo -n $wxNormal
wx-stop
fi
config[${ORG}]=$VAULT_LOGIN
mkdir -p $HOME/.config/warengroup &> /dev/null
touch $HOME/.config/warengroup/login.json &> /dev/null
echo '{ "'$ORG'": "'$VAULT_LOGIN'" }' | jq > $HOME/.config/warengroup/login.json
wx-start
fi
fi
else
echo -n $wxBold
echo -n $ORG
echo $wxNormal
echo -n "Status: "
echo -n $wxItalic
echo -n "Vault Offline"
echo -n $wxNormal
wx-stop
fi
}
wx-start(){
echo ""
echo ""
echo ""
echo "=============================="
echo -n "$wxBold"
echo " Warén CLI "
echo -n "$wxNormal"
echo "=============================="
}
wx-stop (){
echo " "
echo " "
echo " "
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
chmod +x $HOME/bin/wx &> /dev/null
exit 1
}
wx-help(){
echo -n "$wxItalic"
echo " >> Help << "
echo -n "$wxNormal";
echo "------------------------------"
echo -n "
Usage: $0 COMMAND [OPTIONS]
Common Commands:
init Init
ssh SSH
config Config
sign Certificates
Management Commands:
settings Settings
";
}
wx-init(){
wx-login
echo -n "$wxItalic"
echo " >> Init << "
echo -n "$wxNormal";
echo "------------------------------"
mkdir -p ~/.ssh &> /dev/null
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
python3 -m venv /opt/ansible &> /dev/null
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
}
wx-settings(){
wx-login
echo -n "$wxItalic"
echo " >> Settings << "
echo -n "$wxNormal";
echo "------------------------------"
}
wx-ssh(){
wx-login
case $1 in
sign)
wx-ssh-sign
;;
config)
wx-ssh-config
;;
*)
echo -n "$wxItalic"
echo " >> SSH << "
echo -n "$wxNormal";
echo "------------------------------"
wx-stop
;;
esac
}
wx-welcome(){
echo -n "$wxItalic"
echo " >> Welcome << "
echo -n "$wxNormal"
echo "------------------------------"
}
wx-ssh-config(){
echo -n "$wxItalic"
echo " >> SSH << "
echo " Config "
echo -n "$wxNormal";
echo "------------------------------"
}
wx-ssh-sign(){
echo -n "$wxItalic"
echo " >> SSH << "
echo " Sign "
echo -n "$wxNormal"
echo "------------------------------"
if [[ $ORG == "warengroup" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" ]]
then
wx-ssh-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" ]]
then
wx-ssh-sign-create warengroup sysadmin 3600
wx-ssh-sign-create cwinfo sysadmin 3600
wx-ssh-sign-create cwchristew sysadmin 3600
fi
}
wx-ssh-sign-create(){
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME-ed25519" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME-ed25519 -q -N "" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1
fi
}
wx-start
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
then
wx-$1 $2 $3 $4 $5 $6 $7 $8 $9
else
wx-welcome
fi
wx-stop
Reference in New Issue View Git Blame Copy Permalink