123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558 |
- #! /usr/bin/env bash
- # change credentials - symlink different credential files
- #
- # Usage: be [options] who
- # arguments
- # who name of identity
- #
- # options
- #
- # Select credentials
- #
- # -a|--aws change/list aws credentials ONLY
- # -g|--gnupg change/list gnupgcredentials ONLY
- # -p|--pass change/list pas credentials ONLY
- # -s|--ssh change/list ssh credentials ONLY
- # -t|--git change/list git credentials ONLY
- #
- # Select operation
- #
- # -l|--list list availabe credentials.
- # -w|--whoami list current identities
- #
- # Other
- #
- # -d|--debug debug output
- # -h|--help print usage
- # -v|--verbose verbose output
- #
- # e.g.
- #
- # If ~/.gnupg.$1 exists, link to ~/.gnupg
- # If ~/.ssh/id_{dsa,rsa}.$1 exists, link to ~/.ssh/id_{dsa,rsa} and add to ssh agent
- # If ~/.aws/credentials.$1 exists, link to ~/.aws/credentials
- #
- # FILES
- # * SSH Files
- #
- # ~/.ssh/id_{dsa,rsa}.IDENTITY - SSH identify file for IDENTITY
- # ~/.ssh/id_{dsa,rsa} - Symlink to SSH identity
- #
- # ~/.ssh/authorized_keys.IDENTITY - SSH authorized keys for IDENTITY
- # ~/.ssh/authorized_keys - Symlink to SSH authorized_keys file
- #
- # ~/.ssh/config.IDENTITY - SSH config for IDENTITY
- # ~/.ssh/config - Symlink to SSH config file
- #
- # ~/,gitconfig.IDENTITY - git config file
- #
- # * GPG Files
- #
- # * AWS files
- #
- # * pass(1) files
- #
- # * org files
- #
- # TO DO ITEMS
- #
- # * TODO finish documenting FILES
- # * TODO deal with .pem files
- # * TODO maybe make this not bash (python? go?)
- # * TODO make a general configruation format for different identites
- # - e.g. so that there would only be one "list" or "whoami" function
- # for all identities
- # * TODO add documentation
- #
- # * TODO deal with git identities
- # + Use XDG-CONFIG-HOME to switch identities?
- # http://git.661346.n2.nabble.com/What-is-XDG-CONFIG-HOME-for-exactly-td7627117.html
- # + See https://gist.github.com/jexchan/2351996
- set -e; set -u # this is bash. Be safe out there.
- unalias cd 2>/dev/null || true
- # Helper functions
- PROG=`basename "$0" | tr -d '\n'`
- function info() { echo ${PROG}\: info: "$@" 1>&2; }
- function warn() { echo ${PROG}\: warning: "$@" 1>&2; }
- function error() { echo ${PROG}\: error: "$@" 1>&2; }
- function debug() { [[ -v DEBUG ]] && echo ${PROG}\: debug: "$@" 1>&2 || true ; }
- function die() { echo ${PROG}\: fatal: "$@" 1>&2 && exit 1; }
- function usage() {
- debug "in ${FUNCNAME[0]}"
- if [[ "$#" -gt 0 ]]; then
- warn $@
- fi
- cat <<END 1>&2
- Usage: be [options] who
- arguments
- who name of identity
- options
- Select credentials
- -a|--aws change/list aws credentials ONLY
- -g|--gnupg change/list gnupgcredentials ONLY
- -p|--pass change/list pas credentials ONLY
- -s|--ssh change/list ssh credentials ONLY
- -t|--git change/list git credentials ONLY
- Select operation
- -l|--list list availabe credentials.
- -w|--whoami list current identities
- Other
- -d|--debug debug output
- -h|--help print usage
- -v|--verbose verbose output
- END
- exit 1
- }
- # See
- #
- # https://wiki.archlinux.org/index.php/GnuPG#gpg-agent
- #
- # I'm pretty sure mere mortals can't grok gpg in fullness.
- function gpg_list() {
- # list available gpg credentail sets (diretories)
- info available GPG credentials sets
- ls -ld ~/.gnupg.* || true
- echo
- }
- function gpg_whoami() {
- # list current gpg identity
- if [ ! -L ~/.gnupg ]; then warn "No ~/.gnupg directory"; echo; return; fi
- info Current gpg credential set
- info
- ls -ld ~/.gnupg || true
- echo "GET_PASSPHRASE --no-ask NotCachedID Err Pmt Des" | gpg-connect-agent
- echo
- }
- function gpg_become() {
- # change gpg identity
- rm -f ~/.gnupg || true
- ln -s ~/.gnupg."${who}" ~/.gnupg
- }
- function aws_list() {
- # list available aws credentials
- if ! cd ~/.aws; then warn "No ~/.aws credentials"; echo; return; fi
- info available AWS credentials and configs
- ls -ld credentials.* config.* || true
- echo
- }
- function aws_whoami() {
- # list current aws identity
- echo foo
- if ! cd ~/.aws; then warn "No ~/.aws credentials"; echo; return; fi
- info Current aws credentials
- info
- ls -ld credentials config || true
- echo
- }
- function aws_become() {
- # change aws identity
- if ! cd ~/.aws; then warn "No ~/.aws credentials"; echo; return; fi
- aws_creds="credentials.""${who}"
- if [ ! -f "${aws_creds}" ]; then
- warn file "${aws_creds}" does not exist. Not changing aws identity.
- else
- [[ -v VERBOSE ]] && set -x
- rm -f credentials || true
- ln -s "${aws_creds}" credentials
- [[ -v VERBOSE ]] && set +x
- fi
- aws_config="config.""${who}"
- if [ ! -f "${aws_config}" ]; then
- warn file "${aws_config}" does not exist. Not installing.
- else
- [[ -v VERBOSE ]] && set -x
- rm -f config || true
- ln -s "${aws_config}" config
- [[ -v VERBOSE ]] && set +x
- fi
- }
- function ssh_list() {
- # list available ssh credentials
- if ! cd ~/.ssh; then warn "No ~/.ssh credentials"; echo; return; fi
- info available SSH credentials
- ls -ld id_rsa.* id_dsa.* authorized_keys.* config.* || true
- echo
- }
- function ssh_whoami() {
- # list current ssh identity
- if ! cd ~/.ssh; then warn "No ~/.ssh credentials"; echo; return; fi
- info Current SSH identities
- info
- ls -ld id_??? || warn "no ~/.ssh/id_{rsa,dsa} file"
- ls -ld authorized_keys || warn "no authorized_keys file"
- ls -ld config || warn "no config file"
- info SSH Agent Identities
- ssh-add -l
- echo
- }
- function ssh_become() {
- # change ssh identity
- if ! cd ~/.ssh; then warn "No ~/.ssh credentials"; echo; return; fi
- rsa_creds="id_rsa.""${who}"
- dsa_creds="id_dsa.""${who}"
- authorized_keys="authorized_keys.""${who}"
- config="config.""${who}"
- if [ -f "${dsa_creds}" ]; then
- ssh_creds="${dsa_creds}"
- elif [ -f "${rsa_creds}" ]; then
- ssh_creds="${rsa_creds}"
- else
- echo "No ssh creds found. "${rsa_creds}" and "${dsa_creds}" do not exist."
- exit 1
- fi
- # symlnk ssh creds into ~/.ssh
- target=`basename $ssh_creds ".""${who}"`
- if [ -f "${ssh_creds}" ]; then
- [[ -v VERBOSE ]] && set +x
- rm -f "${target}" || true
- ln -s "${ssh_creds}" "${target}"
- chmod 400 "${target}"
- ssh-add "${ssh_creds}"
- [[ -v VERBOSE ]] && set -x
- fi
- # symlnk authinfo creds into ~/.ssh
- target=`basename $authorized_keys ".""${who}"`
- if [ -f "${authorized_keys}" ]; then
- [[ -v VERBOSE ]] && set +x
- rm -f "${target}" || true
- ln -s "${authorized_keys}" "${target}"
- chmod 644 "${target}"
- [[ -v VERBOSE ]] && set -x
- fi
- # symlnk config into ~/.ssh
- target=`basename $config ".""${who}"`
- if [ -f "${config}" ]; then
- [[ -v VERBOSE ]] && set +x
- rm -f "${target}" || true
- ln -s "${config}" "${target}"
- chmod 644 "${target}"
- [[ -v VERBOSE ]] && set -x
- fi
- }
- function pass_list() {
- # list available pass credentail sets (diretories)
- info available pass credentials sets
- ls -ld ~/.password-store.* || true
- echo
- }
- function pass_whoami() {
- # list current pass identity
- if [ ! -L ~/.password-store ]; then warn "No ~/.password-store directory"; echo; return; fi
- info Current pass credential set
- info
- ls -ld ~/.password-store || true
- echo
- }
- function pass_become() {
- # change pass identity
- rm -f ~/.password-store || true
- ln -s ~/.password-store."${who}" ~/.password-store
- gpg_become # need to switch GPG IDs too
- }
- function org_list() {
- # list available org credentail sets (diretories)
- info available org credentials sets
- ls -ld ~/Org.* || true
- echo
- }
- function org_whoami() {
- # list current org identity
- if [ ! -L ~/Org ]; then warn "No ~/Org directory"; echo; return; fi
- info Current org credential set
- info
- ls -ld ~/Org || true
- echo
- }
- function org_become() {
- # change org identity
- rm -f ~/Org || true
- ln -s ~/Org."${who}" ~/Org
- }
- function git_list() {
- # list available git credentail sets (diretories)
- info available git credentials sets
- ls -ld ~/.gitconfig.* || true
- echo
- }
- function git_whoami() {
- # list current git identity
- if [ ! -L ~/.gitconfig ]; then warn "No git config"; echo; return; fi
- info Current git credential set
- info
- ls -ld ~/.gitconfig || true
- echo
- }
- function git_become() {
- # change git identity
- rm -f ~/.gitconfig || true
- ln -s ~/.gitconfig."${who}" ~/.gitconfig
- #gpg_become # need to switch GPG IDs too
- }
- #
- # "main()" begins here
- #
- # Defaults
- SSH=1
- AWS=1
- GPG=1
- PASSWORD=1
- ORG=1
- GIT=1
- # parse global options
- for i in "$@"
- do
- case $i in
- -a|--aws)
- AWS=1
- unset GIT
- unset SSH
- unset GPG
- unset PASSWORD
- unset ORG
- d_flag="-d"
- shift # past argument with no value
- ;;
- -d|--debug)
- DEBUG=1
- d_flag="-d"
- shift # past argument with no value
- ;;
- -g|--gnupg)
- GPG=1
- unset GIT
- unset AWS
- unset SSH
- unset PASSWORD
- unset ORG
- g_flag="-g"
- shift # past argument with no value
- ;;
- -h|--help)
- usage
- ;;
- -l|--list)
- LIST=1
- d_flag="-d"
- shift # past argument with no value
- ;;
- -o|--org)
- ORG=1
- unset GIT
- unset PASSWORD
- unset AWS
- unset SSH
- unset GPG
- p_flag="-p"
- shift # past argument with no value
- ;;
- -p|--pass)
- PASSWORD=1
- unset GIT
- unset AWS
- unset SSH
- unset GPG
- unset ORG
- p_flag="-p"
- shift # past argument with no value
- ;;
- -t|--git)
- GIT=1
- unset PASSWORD
- unset AWS
- unset SSH
- unset GPG
- unset ORG
- p_flag="-p"
- shift # past argument with no value
- ;;
- -s|--ssh)
- SSH=1
- unset GIT
- unset AWS
- unset GPG
- unset PASSWORD
- unset ORG
- d_flag="-d"
- shift # past argument with no value
- ;;
- -v|--verbose)
- VERBOSE=1
- v_flag="-v"
- shift # past argument with no value
- ;;
- -w|--whoami)
- WHOAMI=1
- v_flag="-v"
- shift # past argument with no value
- ;;
- -*|--*)
- usage "Unknown state option: $i"
- ;;
- esac
- done
- # Pull off command line args
- if [[ ! -v LIST && ! -v WHOAMI ]]; then
- if [ "$#" -ne 1 ]; then
- usage need a username
- fi
- who="${1}"
- fi
- if [[ ! -v SSH && ! -v AWS && ! -v ORG && ! -v PASSWORD && ! -v GPG && ! -v GIT ]]; then
- die "Must specify at least one of '--aws' '--ssh' '--gnupg' '--pass'"
- fi
- # list/show/become aws credentials
- if [ -v AWS ]; then
- if [[ -v LIST ]]; then
- aws_list
- elif [[ -v WHOAMI ]]; then
- aws_whoami
- else
- aws_become
- fi
- fi
- # list/show/become ssh credentials
- if [ -v SSH ]; then
- if [[ -v LIST ]]; then
- ssh_list
- elif [[ -v WHOAMI ]]; then
- ssh_whoami
- else
- ssh_become
- fi
- fi
- # list/show/become GPG credentials
- if [ -v GPG ]; then
- if [[ -v LIST ]]; then
- gpg_list
- elif [[ -v WHOAMI ]]; then
- gpg_whoami
- else
- gpg_become
- fi
- fi
- # list/show/become pass credentials
- if [ -v PASSWORD ]; then
- if [[ -v LIST ]]; then
- pass_list
- elif [[ -v WHOAMI ]]; then
- pass_whoami
- else
- pass_become
- fi
- fi
- # list/show/become git credentials
- if [ -v GIT ]; then
- if [[ -v LIST ]]; then
- git_list
- elif [[ -v WHOAMI ]]; then
- git_whoami
- else
- git_become
- fi
- fi
- # list/show/become org credentials
- if [ -v ORG ]; then
- if [[ -v LIST ]]; then
- org_list
- elif [[ -v WHOAMI ]]; then
- org_whoami
- else
- org_become
- fi
- fi
|