docs: add gogo usage guide

docs: add --de into help msg
update: new config support DE go server and --test option
2024-12-12 23:45:19 +09:00 · 2024-12-12 22:54:47 +09:00 · 2024-12-12 21:29:22 +09:00 · 2024-07-22 21:36:20 +09:00 · 2024-06-09 16:43:31 +09:00 · 2024-06-09 16:41:55 +09:00
12 changed files with 924 additions and 75 deletions
--- a/README.md
+++ b/README.md
@@ -6,3 +6,175 @@ Maintenance application for quick access, check and resolve issues VM/DCImanager
 ### See [CONTRIBUTING.md](CONTRIBUTING.md) for a general overview of how to contribute
 ## How to use gogo companion:
 #### Dependencies
 ОС: Linux, Mac, Windows
 Shell: bash
 #### Installation
 - download or copy the script from the root of the repository `/scripts/gogo/gogo.sh`
 - to call the script without specifying the full path, put it in the directory that is in $PATH (in the future, I assume that you will have it `~/.local/bin/`)
 ```console
 curl https://git.isptech.ru/ISPsystem/isp-maintenance/raw/branch/main/scripts/gogo/gogo.sh -o ~/.local/bin/gogo && chmod u+x ~/.local/bin/gogo
 ```
 #### Configuration
 For the script to work, you need a configuration file with settings `~/.config/gogo/gogo.conf`
 This config contains the following fields that are read every time you start
 ```
 GO_SERVER_ADDR_RUSSIAN=
 GO_SERVER_ADDR_GERMANY=
 GO_SERVER_ADDR_TEST=
 VAULT_SERVER_ADDR=
 SSH_PRIVATE_KEY_USER=
 SSH_PRIVATE_KEY_PATH=
 SSH_PUBLIC_KEY_PATH=
 SSH_CRT_FILE=
 MGRCTL_IMAGE=mois3y/mgrctl:latest
 DEBUG_MODE=false
 ```
 Please fill in the fields with current data, write the path to the keys and certificate in full `/home/username/.ssh/id_ecdsa` and so on.
 For security reasons, server addresses and paths to keys are not indicated here.
 For your convenience, the config can be filled out interactively
 ```console
 gogo --init
 ```
 #### Usage
 - Get a temporary ssh certificate
 ```console
 gogo --crt
 ```
 - Check your connection to test servers in both locations
 ```console
 gogo --test
 ```
 - If the connection is successful, you can use the script. You are beautiful!
 #### Examples
 - Connect to BILLmanager 6 via ssh port 22 and interface port 443
 ```console
 gogo --bill my.example.com
 ```
 or
 ```console
 gogo --bill my.example.com -p 22 -wp 443
 ```
 - Connect to BILLmanager 6 again without generating an access key to the interface
 ```console
 gogo --bill my.example.com --ssh
 ```
 - Connect to DNSmanager 6 via ssh port 22 and interface port 1501
 ```console
 gogo --dns my.example.com -p 22 -wp 1501
 ```
 - Connect to DCImanager 6 via ssh port 2222 and interface 443 port
 ```console
 gogo --dci vm.example.com -p 2222
 ```
 - Connect to VMmanager 6 via ssh port 2222 and interface port 443
 ```console
 gogo --vm 228.228.228.228 -p 2222
 ```
 - Connect to VMmanager 6 via ssh port 22 and interface port 443, indicating the id of a specific user and generate 3 keys
 ```console
 gogo --vm vm.example.com --mgrctl auth user access --id 1488 --count 1
 ```
 - The same thing, just print the command that is executed on the server side into the console, you can run it later simply by copying it
 ```console
 gogo --vm vm.example.com --tty --mgrctl auth user access --id 1488 --count 1
 ```
 Connect to VMmanager 6 via ssh port 22 and interface port 443 via DE go3 server
 ```console
 gogo --vm vm.example.com -p 22 --de
 ```
 Connect to DCImanager 6 via ssh port 22 and interface port 443 via the old go method
 ```console
 gogo --dci dci.example.com -p 22 --go
 ```
 ##### There are also examples in `help`
 ```console
 gogo --help
 Usage: gogo [options [parameters]]
 Examples:
 gogo --init | init config file
 gogo --crt  | get ssh certificate for go3 connections
 gogo --test | check go3 connection availability
 gogo --bill my.example.com
 gogo --vm my.example.com --de  | connect throw DE go3 server
 gogo --vm 0.0.0.0 --ssh | only ssh access
 gogo --vm 0.0.0.0 --tty | use mgrctl interactive
 gogo --dci 0.0.0.0 --mgrctl auth user access --id 3 --count 5
 gogo --dci 0.0.0.0 --mgrctl auth user ls --admins
 gogo --vm 0.0.0.0 --port 22122 --mgrctl auth user ls --admins
 gogo --vm 0.0.0.0 --tty --mgrctl auth user ls --admins
 gogo --dns ns1.example.com --web-port 1501
 gogo --dns ns1.example.com --port 22122 --web-port 1501
 gogo --bill my.example.com --port 22 --web-port 1501
 Options:
 --vm[dci|bill|dns|ip] expected ip_addr             required
 --port     | -p    ssh port,   default 22
 --web-port | -wp   web port,   default 443
 --go/--go3         go version, default go3
 --de               connect throw DE go3 server
 --ssh              open only ssh session
 --tty              for vm6/dci6 echo cmd for run container
 --mgrctl [args]    for vm6/dci6 customize access params
 Single options:
 --init     | -i    generate configuration
 --crt      | -c    generate ssh cert
 --test     | -t    check go3 connection availability
 --version  | -v    print version
 --help     | -h    print this message and exit
 ```
--- a/mgrctl/api/base.py
+++ b/mgrctl/api/base.py
@@ -1,15 +1,21 @@
 import sys
 import json
 import click
 import urllib
 import requests
 from time import sleep
 from mgrctl.settings.api import (
    API_INPUT_PORT,
    API_URL,
    API_HEADERS,
    API_EMAIL,
    API_PASSWORD,
-    API_VERIFY_SSL
+    API_VERIFY_SSL,
    API_COUNT_TRY_CONNECTIONS
 )
 from mgrctl.settings.platform import PLATFORM_TYPE
 class BaseAPI(object):
@@ -27,47 +33,77 @@ class BaseAPI(object):
        return f'{self.API_URL}/{self.API_DEFINITION}/{self.API_VERSION}{url}'
    def call_api(self, url, method='GET', headers={}, data={}):
-        # Open session
+        attempt = API_COUNT_TRY_CONNECTIONS
-        with requests.Session() as session:
+        while attempt:
            attempt -= 1
            try:
-                url = self._gen_request_url(url)
+                uri = self._gen_request_url(url)
                headers = self.API_HEADERS if not headers else headers
                params_str = urllib.parse.urlencode(data, safe="+'()")
                if method == 'POST':
-                    api_request = session.post(
+                    api_request = requests.post(
-                        url=url,
+                        url=uri,
                        json=data,
                        headers=headers,
                        verify=self.API_VERIFY_SSL
                    )
                if method == 'GET':
-                    url = f'{url}?{params_str}' if params_str else url
+                    uri = f'{uri}?{params_str}' if params_str else uri
-                    api_request = session.get(
+                    api_request = requests.get(
-                        url=url,
+                        url=uri,
                        headers=headers,
                        verify=self.API_VERIFY_SSL
                    )
            except Exception as error:
-                api_request = {
+                ConnectionError = requests.exceptions.ConnectionError
-                    'result': False,
+                if type(error) is ConnectionError and PLATFORM_TYPE == 'dci':
-                    'error': type(error).__name__
+                    # ? workaround if new docker version use dashes
-                }
+                    # TODO: ISPsystem developers must set container_name !!!
-                return api_request
+                    self.API_URL = f'http://dci-input-1:{API_INPUT_PORT}'
-            finally:
+                    if attempt == 0:
-                session.close()
+                        click.echo(f'Error: {type(error).__name__}')
                        sys.exit()
                    else:
                        continue
                else:
                    click.echo(f'Error: {type(error).__name__}')
                    sys.exit()
-        # Get response
+            # Get response:
            response = self._parse_response(api_request)
            # Validate response:
            if self._error_handler(response):
                continue  # new attempt connection
            return response
    def _parse_response(self, api_request):
        try:
            response = json.loads(api_request.text)
            if 'error' in response and response['error']:
                print(response['error'])
                raise sys.exit()
            return response
        except json.decoder.JSONDecodeError:
-            response = {'error': 'Can not parse response'}
+            click.echo('Error: Invalid API response')
            print(response)
            raise sys.exit()
    def _is_error(self, response):
        if response.get('error'):
            return True
    def _is_error_3004(self, error):
        if error.get('code') == 3004:
            sleep(2)  # wait 2 second timeout
            return True
    def _error_handler(self, response):
        if self._is_error(response):
            error = response.get('error')
            if self._is_error_3004(error):
                return True
            else:
                click.echo(f'Error: API return {response}')
                raise sys.exit()
 class BaseAuthAPI(BaseAPI):
    def __init__(self):
--- a/mgrctl/apps/dci6/auth/init.py
+++ b/mgrctl/apps/dci6/auth/init.py
@@ -0,0 +1,10 @@
 # █▀▄▀█ █▀▀ ▀█▀ ▄▀█ ▀
 # █░▀░█ ██▄ ░█░ █▀█ ▄
 # -- -- -- -- -- -- -
 __author__ = "MOIS3Y"
 __credits__ = ["Stepan Zhukovsky"]
 __license__ = "MIT"
 __version__ = "0.1.0"
 __maintainer__ = "Stepan Zhukovsky"
 __email__ = "stepan@zhukovsky.me"
 __status__ = "Development"
--- a/mgrctl/apps/dci6/auth/commands.py
+++ b/mgrctl/apps/dci6/auth/commands.py
@@ -1,12 +1,99 @@
 import click
-
+from mgrctl.apps.dci6.auth import __version__
-@click.group(help='access command for lazy example')
+from mgrctl.api.dci6 import AuthAPI
-@click.option('--debug/--no-debug', default=False)
+from mgrctl.utils.api_users import UserAPI
 def cli(debug):
    click.echo(f"Debug mode is {'on' if debug else 'off'}")
-@cli.command()
+user_cursor = UserAPI(callback_class=AuthAPI)
-def enable():
+
-    click.echo('Access granted')
+
@click.group(help='auth cmd for auth in DCImanager 6')
@click.version_option(
    version=__version__,
    package_name='mgrctl.apps.dci6.auth',
    message=__version__
 )
 def cli():
    pass
@cli.group(help='Manage users')
 def user():
    pass
@user.command(help='List users')
@click.option(
    '--all',
    is_flag=True,
    required=False,
    help='Show all users'
 )
@click.option(
    '--admins',
    is_flag=True,
    required=False,
    help='Show all active admins',
 )
 def ls(all, admins):
    if all:
        users = user_cursor.get_users(role='all')
    elif admins:
        users = user_cursor.get_users(role='admin')
    else:
        users = user_cursor.get_users(role='all')
    # print users:
    user_cursor.echo_users(users)
@user.command(
    help='Generate an access key and return auth link(s)',
    no_args_is_help=True
 )
@click.option(
    '--id',
    '_id',
    required=False,
    type=int,
    help='User id'
 )
@click.option(
    '--count',
    required=False,
    type=int,
    help='Number of access keys generated',
 )
@click.option(
    '--random',
    is_flag=True,
    required=False,
    help='Generate access key for the first available admin'
 )
@click.option(
    '--interactive',
    is_flag=True,
    required=False,
    help='Interactive mode, ignores other keys'
 )
 def access(_id, count, interactive, random):
    if _id and not count:
        keys = user_cursor.get_access_keys(user=_id, count=1)
    elif _id and count:
        keys = user_cursor.get_access_keys(user=_id, count=count)
    elif random:
        admin = user_cursor.get_first_random_admin()
        keys = user_cursor.get_access_keys(user=admin.get('id', 3))
    elif interactive:
        user_cursor.gen_access_links_interactive()
        return  # exit from func
    else:
        pass
    links = user_cursor.gen_access_links(keys)
    user_cursor.echo_access_links(links)
@user.command(help='Generate API token for mgrctl user')
 def token():
    token = user_cursor.gen_api_token()
    user_cursor.echo_api_token(token)
--- a/mgrctl/apps/dci6/commands.py
+++ b/mgrctl/apps/dci6/commands.py
@@ -7,7 +7,7 @@ from mgrctl.settings.general import INSTALLED_APPS
@click.group(
    cls=LazyGroup,
    lazy_subcommands=INSTALLED_APPS['dci6'],
-    help='dci6 command for lazy example',
+    help='dci6 command for DCI6manager management',
 )
 def cli():
    pass
--- a/mgrctl/apps/vm6/auth/commands.py
+++ b/mgrctl/apps/vm6/auth/commands.py
@@ -38,16 +38,22 @@ def user():
 )
 def ls(all, admins):
    if all:
-        user_cursor.echo_users(role='all')
+        users = user_cursor.get_users(role='all')
    elif admins:
-        user_cursor.echo_users(role='admin')
+        users = user_cursor.get_users(role='admin')
    else:
-        user_cursor.echo_users(role='all')
+        users = user_cursor.get_users(role='all')
    # print users:
    user_cursor.echo_users(users)
-@user.command(help='Generate access key and return auth link(s)')
+@user.command(
    help='Generate an access key and return auth link(s)',
    no_args_is_help=True
 )
@click.option(
    '--id',
    '_id',
    required=False,
    type=int,
    help='User id'
@@ -62,7 +68,7 @@ def ls(all, admins):
    '--random',
    is_flag=True,
    required=False,
-    help='Interactive mode, ignores other keys'
+    help='Generate access key for the first available admin'
 )
@click.option(
    '--interactive',
@@ -70,24 +76,21 @@ def ls(all, admins):
    required=False,
    help='Interactive mode, ignores other keys'
 )
-def access(id, count, interactive, random):
+def access(_id, count, interactive, random):
-    if id and not count:
+    if _id and not count:
-        keys = user_cursor.get_access_keys(user=id, count=1)
+        keys = user_cursor.get_access_keys(user=_id, count=1)
-        links = user_cursor.gen_access_links(keys)
+    elif _id and count:
-        user_cursor.echo_access_links(links)
+        keys = user_cursor.get_access_keys(user=_id, count=count)
    elif id and count:
        keys = user_cursor.get_access_keys(user=id, count=count)
        links = user_cursor.gen_access_links(keys)
        user_cursor.echo_access_links(links)
    elif interactive:
        pass
    elif random:
        admin = user_cursor.get_first_random_admin()
-        keys = user_cursor.get_access_keys(user=admin.get('id', 3), count=1)
+        keys = user_cursor.get_access_keys(user=admin.get('id', 3))
-        links = user_cursor.gen_access_links(keys)
+    elif interactive:
-        user_cursor.echo_access_links(links)
+        user_cursor.gen_access_links_interactive()
        return  # exit from func
    else:
        pass
    links = user_cursor.gen_access_links(keys)
    user_cursor.echo_access_links(links)
@user.command(help='Generate API token for mgrctl user')
--- a/mgrctl/apps/vm6/commands.py
+++ b/mgrctl/apps/vm6/commands.py
@@ -8,7 +8,7 @@ from mgrctl.apps.vm6 import __version__
@click.group(
    cls=LazyGroup,
    lazy_subcommands=INSTALLED_APPS['vm6'],
-    help='vm6 command for lazy example',
+    help='vm6 command for VM6manager management',
 )
@click.version_option(
    version=__version__,
--- a/mgrctl/mgrctl.py
+++ b/mgrctl/mgrctl.py
@@ -17,7 +17,7 @@ from mgrctl.cli.lazy_group import LazyGroup
        'vm6': 'mgrctl.apps.vm6.commands.cli',
        'dci6': 'mgrctl.apps.dci6.commands.cli',
    },
-    help='main CLI command for lazy example',
+    help='main CLI command for mgrctl app',
 )
@click.version_option(
    version=__version__,
--- a/mgrctl/settings/api.py
+++ b/mgrctl/settings/api.py
@@ -1,5 +1,6 @@
 from requests.packages import urllib3
 from mgrctl.settings.environment import env
 from mgrctl.settings.platform import (
    PLATFORM_TYPE,
    PLATFORM_VERIFY_SSL,
@@ -26,6 +27,9 @@ API_HEADERS = {"Internal-Auth": "on", "Accept": "application/json"}
 # Alias for import:
 API_VERIFY_SSL = PLATFORM_VERIFY_SSL
 # API 3004 Unavailable error handler:
 API_COUNT_TRY_CONNECTIONS = env.int('API_COUNT_TRY_CONNECTIONS', 3)
 # Suppress warning from urllib3:
 if not PLATFORM_VERIFY_SSL_WARNING:
    # ! This is not recommended,
@@ -38,5 +42,6 @@ if not PLATFORM_VERIFY_SSL_WARNING:
 if PLATFORM_DUMMY:
    API_URL = PLATFORM_DUMMY_API_URL
    API_HEADERS = {'x-xsrf-token': PLATFORM_DUMMY_TOKEN}
-    API_EMAIL = PLATFORM_DUMMY_EMAIL
+
-    API_PASSWORD = PLATFORM_DUMMY_PASSWORD
+API_EMAIL = PLATFORM_DUMMY_EMAIL
 API_PASSWORD = PLATFORM_DUMMY_PASSWORD
--- a/mgrctl/settings/platform.py
+++ b/mgrctl/settings/platform.py
@@ -22,14 +22,20 @@ PLATFORM_URL = env.str(
 # Development mode:
 PLATFORM_DUMMY = env.bool('PLATFORM_DUMMY', False)
-if PLATFORM_DUMMY:
+if PLATFORM_TYPE == 'vm':
-    if PLATFORM_TYPE == 'vm':
+    PLATFORM_DUMMY_API_URL = env.str('PLATFORM_DUMMY_VM6_API_URL', '')
-        PLATFORM_DUMMY_API_URL = env.str('PLATFORM_DUMMY_VM6_API_URL', '')
+    PLATFORM_DUMMY_EMAIL = env.str('PLATFORM_DUMMY_VM6_EMAIL', '')
-        PLATFORM_DUMMY_EMAIL = env.str('PLATFORM_DUMMY_VM6_EMAIL', '')
+    PLATFORM_DUMMY_PASSWORD = env.str('PLATFORM_DUMMY_VM6_PASSWORD', '')
-        PLATFORM_DUMMY_PASSWORD = env.str('PLATFORM_DUMMY_VM6_PASSWORD', '')
+    PLATFORM_DUMMY_TOKEN = env.str('PLATFORM_DUMMY_VM6_TOKEN', '')
-        PLATFORM_DUMMY_TOKEN = env.str('PLATFORM_DUMMY_VM6_TOKEN', '')
+elif PLATFORM_TYPE == 'dci':
-    if PLATFORM_TYPE == 'dci':
+    PLATFORM_DUMMY_API_URL = env.str('PLATFORM_DUMMY_DCI6_API_URL', '')
-        PLATFORM_DUMMY_API_URL = env.str('PLATFORM_DUMMY_DCI6_API_URL', '')
+    PLATFORM_DUMMY_EMAIL = env.str('PLATFORM_DUMMY_DCI6_EMAIL', '')
-        PLATFORM_DUMMY_EMAIL = env.str('PLATFORM_DUMMY_DCI6_EMAIL', '')
+    PLATFORM_DUMMY_PASSWORD = env.str('PLATFORM_DUMMY_DCI6_PASSWORD', '')
-        PLATFORM_DUMMY_PASSWORD = env.str('PLATFORM_DUMMY_DCI6_PASSWORD', '')
+    PLATFORM_DUMMY_TOKEN = env.str('PLATFORM_DUMMY_DCI6_TOKEN', '')
-        PLATFORM_DUMMY_TOKEN = env.str('PLATFORM_DUMMY_DCI6_TOKEN', '')
+else:
    # ? guarantees that constants exist for import
    # ? if the user has set the wrong PLATFORM_TYPE:
    PLATFORM_DUMMY_API_URL = env.str('PLATFORM_DUMMY_API_URL', '')
    PLATFORM_DUMMY_EMAIL = env.str('PLATFORM_DUMMY_EMAIL', '')
    PLATFORM_DUMMY_PASSWORD = env.str('PLATFORM_DUMMY_PASSWORD', '')
    PLATFORM_DUMMY_TOKEN = env.str('PLATFORM_DUMMY_TOKEN', '')
--- a/mgrctl/utils/api_users.py
+++ b/mgrctl/utils/api_users.py
@@ -10,38 +10,43 @@ class UserAPI(object):
        self.callback_class = callback_class
        self.callback = callback_class()
-    def get_users(self, role: str) -> dict:
+    def get_users(self, role: str) -> list:
        data = {}
        if role == 'admin':
            data = {"where": "((roles+CP+'%@admin%')+AND+(state+EQ+'active'))"}
-        return self.callback.call_api(
+        response = self.callback.call_api(
            url='/user',
            method='GET',
            data=data
        )
        users = self._extract_users(users=response)
        return users
-    def _format_users(self, users: dict) -> list:
+    def _extract_users(self, users: dict) -> list:
        return users.get('list', [])
    def _format_users(self, users: list) -> list:
        output = []
-        for user in users.get('list', []):
+        for user in users:
            output.append({
                'id': user.get('id', ''),
                'email': user.get('email', ''),
                'roles': user.get('roles', []),
-                'state': user.get('state', '')
+                'state': user.get('state', ''),
                # add more fields here...
            })
        return output
    def get_first_random_admin(self):
        users = self.get_users(role='admin')
        admin = {}
-        for user in users.get('list', []):
+        for user in users:
-            if '@admin' in admin.get('roles', []):
+            if '@admin' in user.get('roles', []):
                admin = user
                break
        return admin
-    def echo_users(self, role: str) -> None:
+    def echo_users(self, users: list) -> None:
        users = self.get_users(role)
        output = self._format_users(users)
        click.echo(tabulate(output, headers='keys'))
@@ -66,6 +71,19 @@ class UserAPI(object):
    def echo_access_links(self, links: list) -> None:
        click.echo(tabulate(links, headers='keys'))
    def gen_access_links_interactive(self) -> None:
        users = self.get_users(role='admin')
        self.echo_users(users)
        try:
            click.echo('Choose user id and count of keys')
            _id = int(input('User ID: '))
            count = int(input('Count of keys: '))
            keys = self.get_access_keys(user=_id, count=count)
            links = self.gen_access_links(keys)
            self.echo_access_links(links)
        except ValueError:
            click.echo('Error: Invalid, value is not a valid integer')
    def gen_api_token(self, email=None, password=None):
        token = self.callback.get_auth_token(email, password)
        return token
--- a/scripts/gogo/gogo.sh
+++ b/scripts/gogo/gogo.sh
@@ -0,0 +1,512 @@
 #!/usr/bin/env bash
 # █▀▀ █▀█ █▀▀ █▀█ ▀
 # █▄█ █▄█ █▄█ █▄█ ▄
 # -- -- -- -- -- --
 # INIT GLOBAL VARIABLES:
 _VERSION="0.1.1"
 _SCRIPT_NAME="$(basename $0)"
 _GO_CMD="go3"
 _DEBUG_MODE=false
 _CONFIG_DIR="${HOME}/.config/gogo"
 _CONFIG="${_CONFIG_DIR}/gogo.conf"
 _IS_TTY=false
 _IS_SSH_ONLY=false
 _IS_MGRCTL_ARGS=false
 _MGRCTL_ARGS=""
 _MGRCTL_BIN="mgrctl"
 _MGRCTL_CMD=""
 _MGRCTL_RUN=""
 _MGRCTL_KEY=""
 _PLATFORM_TYPE=""
 _PLATFORM_GENERATION=6
 _PLATFORM_SSH_PORT=22
 _PLATFORM_WEB_PORT=443
 _PLATFORM_IP_ADDR=""
 _PLATFORM_CONFIG_FILE=""
 _PLATFORM_NETWORK_NAME=""
 _SSH_CONNECT_CMD=""
 _SSH_REMOTE_CMD=""
 _ACCESS_LINK=""
 # Colorize output
 # Usage - $(colorize CYAN "Hello, friend!")
 colorize() {
 	local RED="\033[0;31m"
 	local GREEN="\033[0;32m"  # <-- [0 means not bold
 	local YELLOW="\033[1;33m" # <-- [1 means bold
 	local BLUE="\033[0;34m"
 	local MAGNETA="\033[0;35"
 	local CYAN="\033[1;36m"
 	# ... Add more colors if you like
 	local NC="\033[0m" # No Color
 	# printf "${(P)1}${2} ${NC}\n" # <-- zsh
 	# printf "${!1}${2} ${NC}\n"   # <-- bash
 	echo -e "${!1}${2}${NC}"       # <-- all-purpose
 }
 # Print help message how used it script
 help() {
 	# colorize value
 	local script=$(colorize GREEN "$_SCRIPT_NAME")
 	local required=$(colorize RED "required")
 	# help message
 	printf "Usage: $script [options [parameters]]                              \n"
 	printf "                                                                   \n"
 	printf "Examples:                                                          \n"
 	printf "                                                                   \n"
 	printf "${script} --init | init config file                                \n"
 	printf "${script} --crt  | get ssh certificate for go3 connections         \n"
 	printf "${script} --test | check go3 connection availability               \n"
 	printf "                                                                   \n"
 	printf "${script} --bill my.example.com                                    \n"
 	printf "${script} --vm my.example.com --de  | connect throw DE go3 server  \n"
 	printf "${script} --vm 0.0.0.0 --ssh | only ssh access                     \n"
 	printf "${script} --vm 0.0.0.0 --tty | use mgrctl interactive              \n"
 	printf "                                                                   \n"
 	printf "${script} --dci 0.0.0.0 --mgrctl auth user access --id 3 --count 5 \n"
 	printf "${script} --dci 0.0.0.0 --mgrctl auth user ls --admins             \n"
 	printf "${script} --vm 0.0.0.0 --port 22122 --mgrctl auth user ls --admins \n"
 	printf "${script} --vm 0.0.0.0 --tty --mgrctl auth user ls --admins        \n"
 	printf "${script} --dns ns1.example.com --web-port 1501                    \n"
 	printf "${script} --dns ns1.example.com --port 22122 --web-port 1501       \n"
 	printf "${script} --bill my.example.com --port 22 --web-port 1501          \n"
 	printf "                                                                   \n"
 	printf "Options:                                                           \n"
 	printf "                                                                   \n"
 	printf " --vm[dci|bill|dns|ip] expected ip_addr             $required      \n"
 	printf " --port     | -p    ssh port,   default 22                         \n"
 	printf " --web-port | -wp   web port,   default 443                        \n"
 	printf " --go/--go3         go version, default go3                        \n"
 	printf " --de               connect throw DE go3 server                    \n"
 	printf " --ssh              open only ssh session                          \n"
 	printf " --tty              for vm6/dci6 echo cmd for run container        \n"
 	printf " --mgrctl [args]    for vm6/dci6 customize access params           \n"
 	printf "                                                                   \n"
 	printf "Single options:                                                    \n"
 	printf " --init     | -i    generate configuration                         \n"
 	printf " --crt      | -c    generate ssh cert                              \n"
 	printf " --test     | -t    check go3 connection availability              \n"
 	printf " --version  | -v    print version                                  \n"
 	printf " --help     | -h    print this message and exit                    \n"
 }
 # Ask confirmation user if No - exit with 1 state
 continue_handler() {
 	read -p "Continue? (Y/N): " confirm \
 	&& [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
 }
 # Init script configuration file:
 init_config() {
 	# Lables:
 	local warning=$(colorize RED "WARNING!")
 	local success=$(colorize GREEN "SUCCESS!")
 	local script_name=$(colorize GREEN "${_SCRIPT_NAME}")
 	# check if config file exists:
 	if [ -f $_CONFIG ]; then
 		echo "${warning} Config file is already exists"
 		echo "New initialization rewrites current config"
 		continue_handler
 	fi
 	# get user unputs:
 	read -p "Enter russian go server address: "    _GO_SERVER_ADDR_RUSSIAN
 	read -p "Enter germany go server address: "    _GO_SERVER_ADDR_GERMANY
 	read -p "Enter test go server address: "       _GO_SERVER_ADDR_TEST
 	read -p "Enter vault server address: "         _VAULT_SERVER_ADDR
 	read -p "Enter username: "                     _SSH_PRIVATE_KEY_USER
 	read -p "Enter full path to ssh private key: " _SSH_PRIVATE_KEY_PATH
 	read -p "Enter full path to ssh public key: "  _SSH_PUBLIC_KEY_PATH
 	read -p "Enter full path to ssh certificate: " _SSH_CRT_FILE
 	read -p "Enter mgrctl image name: "            _MGRCTL_IMAGE
 	# save config:
 	mkdir -p $_CONFIG_DIR
 	cat << EOF > "${_CONFIG}"
 GO_SERVER_ADDR_RUSSIAN=$_GO_SERVER_ADDR_RUSSIAN
 GO_SERVER_ADDR_GERMANY=$_GO_SERVER_ADDR_GERMANY
 GO_SERVER_ADDR_TEST=$_GO_SERVER_ADDR_TEST
 VAULT_SERVER_ADDR=$_VAULT_SERVER_ADDR
 SSH_PRIVATE_KEY_USER=$_SSH_PRIVATE_KEY_USER
 SSH_PRIVATE_KEY_PATH=$_SSH_PRIVATE_KEY_PATH
 SSH_PUBLIC_KEY_PATH=$_SSH_PUBLIC_KEY_PATH
 SSH_CRT_FILE=$_SSH_CRT_FILE
 MGRCTL_IMAGE=$_MGRCTL_IMAGE
 DEBUG_MODE=false
 EOF
 	echo ""
 	echo "${success} Config file was created, run ${script_name} again"
 	echo ""
 }
 # Read config file that contains key=value params
 load_config() {
 	local file="$_CONFIG"
 	if ! [ -f $_CONFIG ]; then
 		help
 		local warning=$(colorize RED "WARNING!")
 		echo ""
 		echo "${warning} Config file doesn't exist"
 		echo "Init new config: ${_CONFIG}"
 		continue_handler
 		init_config
 	fi
 	while IFS="=" read -r key value; do
 		case "$key" in
 			"GO_SERVER_ADDR_RUSSIAN")
 				_GO_SERVER_ADDR_RUSSIAN="$value"
 				_GO_SERVER_ADDR="$value"
 				;;
 			"GO_SERVER_ADDR_GERMANY")
 				_GO_SERVER_ADDR_GERMANY="$value"
 				;;
 			"GO_SERVER_ADDR_TEST")
 				_GO_SERVER_ADDR_TEST="$value"
 				;;
 			"VAULT_SERVER_ADDR")
 				_VAULT_SERVER_ADDR="$value"
 				;;
 			"SSH_PRIVATE_KEY_USER")
 				_SSH_PRIVATE_KEY_USER="$value"
 				;;
 			"SSH_PRIVATE_KEY_PATH")
 				_SSH_PRIVATE_KEY_PATH="$value"
 				;;
 			"SSH_PUBLIC_KEY_PATH")
 				_SSH_PUBLIC_KEY_PATH="$value"
 				_VAULT_SSH_PUBLIC_KEY="@$value"  # @ sybol is important
 				;;
 			"SSH_CRT_FILE")
 				_SSH_CRT_FILE="$value"
 				;;
 			"MGRCTL_IMAGE")
 				_MGRCTL_IMAGE="$value"
 				;;
 			"DEBUG_MODE")
 				_DEBUG_MODE="$value"
 				;;
 		esac
 	done < "$file"
 }
 # Generate key for coremgr based platrorms access link:
 gen_random_key() {
 	_MGRCTL_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
 }
 gen_coremgr_access_params() {
 	# get opt name:
 	local opt=$1
 	# gen access key:
 	gen_random_key
 	# fill current parametrs:
 	_PLATFORM_TYPE=$(sed 's~[^[:alpha:]/]\+~~g' <<< "$opt")
 	_PLATFORM_GENERATION=5
 	_MGRCTL_BIN="/usr/local/mgr5/sbin/mgrctl"
 	_MGRCTL_ARGS="-m ${_PLATFORM_TYPE}mgr session.newkey key=$_MGRCTL_KEY"	
 	# override _PLATFORM_GENERATION for bill6 or dns6
 	if [[ $opt == "--bill" ]] || [[ $opt == "--dns" ]]; then
 		_PLATFORM_GENERATION=6
 	fi
 	# override _MGRCTL_BIN _MGRCTL_ARGS for dns6
 	if [[ $opt == "--dns" ]]; then
 		_MGRCTL_BIN="/opt/ispsystem/${_PLATFORM_TYPE}manager6/sbin/mgrctl"
 		_MGRCTL_ARGS="-m ${_PLATFORM_TYPE}mgr session.newkey key=$_MGRCTL_KEY"	
 	fi
 }
 gen_docker_access_params(){
 	# get opt name:
 	local opt=$1
 	# fill current parametrs:
 	_PLATFORM_TYPE=$(sed 's~[^[:alpha:]/]\+~~g' <<< "$opt")
 	_PLATFORM_GENERATION=6
 	_PLATFORM_CONFIG_FILE="/opt/ispsystem/${_PLATFORM_TYPE}/config.json"
 	# set platform docker network name:
 	if [[ $_PLATFORM_TYPE == "vm" ]]; then
 		_PLATFORM_NETWORK_NAME="vm_vm_box_net"
 	else
 		_PLATFORM_NETWORK_NAME="dci_auth"
 	fi
 }
 gen_ssh_connect_cmd(){
 	# get params:
 	local go_server="${_GO_SERVER_ADDR}"
 	local go_cmd="${_GO_CMD}"
 	local address="${_PLATFORM_IP_ADDR}"
 	local port="${_PLATFORM_SSH_PORT}"
 	local key_path="${_SSH_PRIVATE_KEY_PATH}"
 	local key_user="${_SSH_PRIVATE_KEY_USER}"
 	local ssh_args="${key_user}@${go_server} ${go_cmd} ${address} -p ${port}"
 	# generate cmd:
 	_SSH_CONNECT_CMD="ssh -A -t -i ${key_path} ${ssh_args}"
 }
 gen_ssh_remote_cmd() {
 	# ? VMmanager6 || DCImanager6:
 	if [[ $_PLATFORM_TYPE == "vm" ]] || \
 		[[ $_PLATFORM_TYPE == "dci" ]] && \
 		[[ $_PLATFORM_GENERATION -eq 6 ]]; then
 		# use default mgrctl cmd if not set args:
 		if [ -z "${_MGRCTL_ARGS}" ]; then
 			_MGRCTL_ARGS="${_PLATFORM_TYPE}6 auth user access --random"
 			_MGRCTL_CMD="${_MGRCTL_BIN} ${_MGRCTL_ARGS}"
 		else
 			_MGRCTL_CMD="${_MGRCTL_BIN} ${_PLATFORM_TYPE}6 ${_MGRCTL_ARGS}"
 		fi
 		# silent mode:
 		local hide_output=">> /dev/null"
 		if $_DEBUG_MODE; then
 			hide_output=""
 		fi
 		# image:
 		local image=${_MGRCTL_IMAGE}
 		# docker cmd:
 		local docker_bin="/usr/bin/docker"
 		local docker_pull="${docker_bin} pull ${image} ${hide_output}"
 		local docker_rm="${docker_bin} image rm -f ${image} ${hide_output}"
 		local docker_run="${docker_bin} run"
 		# mount config:
 		local mount_src="source=${_PLATFORM_CONFIG_FILE}"
 		local mount_trg="target=${_PLATFORM_CONFIG_FILE}"
 		local mount_opt="type=bind,${mount_src},${mount_trg},readonly"
 		local mount="--mount ${mount_opt}"
 		# network config:
 		local network="--network=${_PLATFORM_NETWORK_NAME}"
 		# environment config:
 		local envs="-e PLATFORM_TYPE=${_PLATFORM_TYPE}"
 		# container args:
 		local args="${_MGRCTL_CMD}"
 		# mgrctl container params:
 		local container="${network} ${mount} ${envs} --rm ${image} ${args}"
 		# docker commands:
 		local cmd="${docker_pull} && ${docker_run} ${container} && ${docker_rm}"
 		# final cmd:
 		_SSH_REMOTE_CMD="${cmd}"
 		# set cmd for manual start container:
 		if $_IS_TTY; then
 			# override parammetrs if DEBUG_MODE=false add -it flag:
 			docker_pull="${docker_bin} pull ${image}"
 			docker_rm="${docker_bin} image rm -f ${image}"
 			container="${network} ${mount} ${envs} --rm -i -t ${image}"
 			cmd="${docker_pull} && ${docker_run} ${container} && ${docker_rm}"
 			_MGRCTL_RUN="${cmd}"
 		fi
 	# ? BILLmanager6 ||  DNSmanager6 || IP/DNS/DCI/VMmanager5:
 	else 
 		# final cmd:
 		_SSH_REMOTE_CMD="${_MGRCTL_BIN} ${_MGRCTL_ARGS}"
 		echo_access_link
 	fi
 }
 gen_access_link() {
 	local url="https://${_PLATFORM_IP_ADDR}"
 	local port="${_PLATFORM_WEB_PORT}"
 	local platform="${_PLATFORM_TYPE}mgr"
 	local func="func=auth&key=${_MGRCTL_KEY}"
 	_ACCESS_LINK="${url}:${port}/${platform}?${func}"
 }
 echo_access_link() {
 	gen_access_link
 	echo "mgr    link"
 	echo "-----  -------------------------------------------------------------"
 	echo "${_PLATFORM_TYPE}${_PLATFORM_GENERATION}  ${_ACCESS_LINK}"
 	echo ""
 }
 echo_mgrctl_run_msg() {
 	echo "--------------------------------------------------------------------"
 	echo "To run the mgrctl container manually on the client server:" 
 	echo "copy and paste the command into the terminal."
 	echo "This will download the image and run the container interactively."
 	echo "After exiting the container and its image will be deleted."
 	echo "--------------------------------------------------------------------"
 	echo "${_MGRCTL_RUN}"
 	echo "--------------------------------------------------------------------"
 }
 get_access() {
 	gen_ssh_connect_cmd
 	if $_IS_SSH_ONLY; then
 		# run connection:
 		$_SSH_CONNECT_CMD
 	else
 		gen_ssh_remote_cmd
 		# run connection send remote cmd:
 		$_SSH_CONNECT_CMD "${_SSH_REMOTE_CMD}"
 		if [[ $_PLATFORM_TYPE == "vm" ]] || \
 			[[ $_PLATFORM_TYPE == "dci" ]] && \
 			[[ $_PLATFORM_GENERATION -eq 6 ]] && \
 			$_IS_TTY; then
 			echo_mgrctl_run_msg
 		fi
 		# use default mgrctl cmd if not set args:
 		# run connection again for ssh tty session:
 		$_SSH_CONNECT_CMD
 	fi
 }
 get_vault_crt() {
 	local public_key=$1
 	local crt_file=$2
 	vault login -method=oidc
 	if [ ! -f $crt_file ]; then
 		touch $crt_file
 	fi
 	vault write -field=signed_key ssh/sign/support \
 	public_key=$public_key valid_principals=root > $crt_file
 }
 set_ssh_agent() {
 	local secret_key=$1
 	ssh-add -D
 	ssh-add $secret_key
 }
 renewal_crt() {
 	export VAULT_ADDR=$_VAULT_SERVER_ADDR
 	get_vault_crt $_VAULT_SSH_PUBLIC_KEY $_SSH_CRT_FILE
 	set_ssh_agent $_SSH_PRIVATE_KEY_PATH
 }
 test_go3_connection() {
 	# force only ssh connections without platform features:
 	_IS_SSH_ONLY=true
 	# set fake client address:
 	_PLATFORM_IP_ADDR="${_GO_SERVER_ADDR_TEST}"
 	_PLATFORM_SSH_PORT=22
 	echo "Run TEST: $_GO_SERVER_ADDR_RUSSIAN connection"
 	get_access
 	echo "-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --"
 	echo "Run TEST: $_GO_SERVER_ADDR_GERMANY connection"
 	_GO_SERVER_ADDR="${_GO_SERVER_ADDR_GERMANY}"
 	get_access
 }
 # Parse user options
 optparser() {
 	# count user-passed options:
 	local count_options=$#
 	# run help if empty and exit:
 	if [[ count_options -eq 0 ]]; then
 		help
 		exit 2
 	fi
 	# run init config if flag --init and exit:
 	if [[ "$1" == "--init" ]]; then
 		init_config
 		exit 0
 	fi
 	# load config from config file:
 	load_config
 	# parse opts:
 	while [ ! -z "$1" ]; do
 		case "$1" in
 			--vm|--dci)
 				gen_docker_access_params "$1"
 				shift
 				_PLATFORM_IP_ADDR="$1"
 				;;
 			--bill|--dns|--bill5|--ip5|--dns5|--vm5|--dci5)
 				gen_coremgr_access_params "$1"
 				shift
 				_PLATFORM_IP_ADDR="$1"
 				;;
 			--port|-p)
 				shift
 				_PLATFORM_SSH_PORT="$1"
 				;;
 			--web-port|-wp)
 				shift
 				_PLATFORM_WEB_PORT="$1"
 				;;
 			--go|--go3)
 				_GO_CMD=$(sed 's~[^[:alnum:]/]\+~~g' <<< "$1")
 				;;
 			--de)
 				_GO_SERVER_ADDR="${_GO_SERVER_ADDR_GERMANY}"
 				;;
 			--mgrctl|--tty|--ssh)
 				if [[ "$1" == "--mgrctl" ]]; then
 					_IS_MGRCTL_ARGS=true
 					shift
 					_MGRCTL_ARGS=$@
 				elif [[ "$1" == "--tty" ]]; then
 					if $_IS_MGRCTL_ARGS; then
 						local error=$(colorize RED "ERROR!")
 						echo "${error} $1 must be in before --mgrctl not after"
 						exit 1
 					fi
 					_IS_TTY=true
 				elif [[ "$1" == "--ssh" ]]; then
 					_IS_SSH_ONLY=true
 				fi
 				;;
 			--crt|-c)
 				renewal_crt
 				exit 0
 				;;
 			--test|-t)
 				test_go3_connection
 				exit 0
 				;;
 			--help|-h)
 				help
 				exit 0
 				;;
 			--version|-v)
 				printf "$_VERSION\n"
 				exit 0
 				;;
 			*)
 				if ! $_IS_MGRCTL_ARGS; then
 					help
 					exit 1
 				fi
 				;;
 		esac
 	shift
 	done
 }
 # Entrypoint:
 main() {
 	optparser $@
 	get_access
 }
 # RUN IT:
 main $@
Author	SHA1	Message	Date
MOIS3Y	99dd122262	docs: add gogo usage guide	2024-12-12 23:45:19 +09:00
MOIS3Y	b84ef86cd0	docs: add --de into help msg	2024-12-12 22:54:47 +09:00
MOIS3Y	ba6dd53f6c	update: new config support DE go server and --test option	2024-12-12 21:29:22 +09:00
MOIS3Y	5815c84b07	Fix: help msg missing auth subcommand	2024-07-22 21:36:20 +09:00
MOIS3Y	6c6df42e7f	Fix: help message, init func and ssh-add cmd in --crt	2024-06-09 16:43:31 +09:00
MOIS3Y	da3e61eccb	Hotfix: some instances use dashes rather than underscores in container names	2024-06-09 16:41:55 +09:00
MOIS3Y	e0de805af7	Add: gogo.sh script for quick access from employee side	2024-06-08 16:47:12 +09:00
MOIS3Y	4cdf3b4539	Fix: platform_dummy import bugs	2024-06-08 14:40:36 +09:00
MOIS3Y	d4de07c340	Add: dci6 auth cli commands	2024-06-07 00:04:35 +09:00
MOIS3Y	dc6e61dcbe	Fix: mgrctl vm6 cli help messages	2024-06-07 00:03:44 +09:00
MOIS3Y	f773898b71	Update: BaseAPI class now has error handler	2024-06-06 20:59:03 +09:00
MOIS3Y	cdf3a92527	Update: access funcs	2024-06-06 16:01:21 +09:00