From 52ef8d8a13abadfd1dfe96d3468c4816c2df5acc Mon Sep 17 00:00:00 2001 From: Navarr Date: Mon, 19 Jun 2023 15:40:36 -0400 Subject: [PATCH 1/5] Automatically sign Den certificates Based heavily on the work of Ihor Sviziev at https://github.com/swiftotter/den/pull/44 Co-authored-by: Ihor Sviziev --- commands/install.cmd | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/commands/install.cmd b/commands/install.cmd index 2034a92e..07bec831 100644 --- a/commands/install.cmd +++ b/commands/install.cmd @@ -51,6 +51,17 @@ then -k /Library/Keychains/System.keychain "${WARDEN_SSL_DIR}/rootca/certs/ca.cert.pem" fi +if [[ -d ~/.den/ssl/certs/ ]]; then + domains_to_generate="$(diff -B <(ls ~/.warden/ssl/certs/ | grep .key.pem | sed 's/.key.pem//' | grep -v den.test) <(ls ~/.den/ssl/certs/ | grep .key.pem | sed 's/.key.pem//' | grep -v den.test) | grep '^>' | sed 's/^>\ //')" + if [[ -n "$domains_to_generate" ]]; then + echo "Generating certificates present in Den..." + + echo "$domains_to_generate" | while read i; do + warden sign-certificate "$i" + done + fi +fi + ## configure resolver for .test domains on Mac OS only as Linux lacks support ## for BSD like per-TLD configuration as is done at /etc/resolver/test on Mac if [[ "$OSTYPE" == "darwin"* ]]; then From 14a2dd8a03bfb8bde0e0466fd5909e7be936840c Mon Sep 17 00:00:00 2001 From: Navarr Date: Mon, 19 Jun 2023 15:58:38 -0400 Subject: [PATCH 2/5] Ensure `warden install` fixes the Tunnel SSH key Den Install and Warden Install now reverse each other (when it comes to fixing the SSH Key). The .bak files might be a problem. Based heavily on the work of Ihor Sviziev at https://github.com/swiftotter/den/pull/33 Co-authored-by: Ihor Sviziev --- utils/install.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/utils/install.sh b/utils/install.sh index dc80e05a..a58e4aa5 100644 --- a/utils/install.sh +++ b/utils/install.sh @@ -17,6 +17,10 @@ function installSshConfig () { ## WARDEN END ## EOT fi + + if grep "${HOME}/.den/tunnel/ssh_key" /etc/ssh/ssh_config >/dev/null; then + sudo sed -i.bak 's/~\/.den/~\/.warden/' /etc/ssh/ssh_config + fi } function assertWardenInstall { From 38de5448e0226bb0e430f4b206578120bc3ba202 Mon Sep 17 00:00:00 2001 From: Navarr Date: Mon, 19 Jun 2023 16:23:08 -0400 Subject: [PATCH 3/5] Simplify Traefik Check Ported in from https://github.com/swiftotter/den/pull/88 Co-authored-by: Brett Patterson --- commands/sign-certificate.cmd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commands/sign-certificate.cmd b/commands/sign-certificate.cmd index 32f500b4..44fed6b5 100644 --- a/commands/sign-certificate.cmd +++ b/commands/sign-certificate.cmd @@ -51,7 +51,7 @@ openssl x509 -req -days 365 -sha256 -extensions v3_req \ -in "${WARDEN_SSL_DIR}/certs/${CERTIFICATE_NAME}.csr.pem" \ -out "${WARDEN_SSL_DIR}/certs/${CERTIFICATE_NAME}.crt.pem" -if [[ "$(cd "${WARDEN_HOME_DIR}" && ${DOCKER_COMPOSE_COMMAND} -p warden -f "${WARDEN_DIR}/docker/docker-compose.yml" ps -q traefik)" ]] +if [[ "$("$WARDEN_BIN" svc ps -q traefik)" ]] then echo "==> Updating traefik" "$WARDEN_BIN" svc up traefik From 2cf8c258cf215d188aad6e10a1dfc247220e9c3d Mon Sep 17 00:00:00 2001 From: Navarr Date: Mon, 19 Jun 2023 16:25:37 -0400 Subject: [PATCH 4/5] Add `warden status` command Ported in from https://github.com/swiftotter/den/pull/94 Co-authored-by: Brett Patterson --- commands/status.cmd | 52 ++++++++++++++++++++++++++++++++++++++++++++ commands/status.help | 4 ++++ 2 files changed, 56 insertions(+) create mode 100644 commands/status.cmd create mode 100644 commands/status.help diff --git a/commands/status.cmd b/commands/status.cmd new file mode 100644 index 00000000..00d8970d --- /dev/null +++ b/commands/status.cmd @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +[[ ! ${WARDEN_DIR} ]] && >&2 echo -e "\033[31mThis script is not intended to be run directly!\033[0m" && exit 1 + +assertDockerRunning + +wardenNetworkName=$(cat ${WARDEN_DIR}/docker/docker-compose.yml | grep -A3 'networks:' | tail -n1 | sed -e 's/[[:blank:]]*name:[[:blank:]]*//g') +wardenNetworkId=$(docker network ls -q --filter name="${wardenNetworkName}") + +if [[ -z "${wardenNetworkId}" ]]; then + echo -e "🛑 \033[31mDen is not currently running.\033[0m Run \033[36mwarden svc up\033[0m to start Den core services." + exit 0 +fi + +wardenTraefikId=$(docker container ls --filter network="${wardenNetworkId}" --filter status=running --filter name=traefik -q) +projectNetworks=$(docker container inspect --format '{{ range $k,$v := .NetworkSettings.Networks }}{{ if ne $k "${wardenNetworkName}" }}{{println $k }}{{ end }}{{end}}' "${wardenTraefikId}") +OLDIFS="$IFS"; +IFS=$'\n' +projectNetworkList=($projectNetworks) +IFS="$OLDIFS" + +messageList=() +for projectNetwork in "${projectNetworkList[@]}"; do + [[ -z "${projectNetwork}" || "${projectNetwork}" == "${wardenNetworkName}" ]] && continue # Skip empty project network names (if any) + + prefix="${projectNetwork%_default}" + prefixLen="${#prefix}" + ((prefixLen+=1)) + projectContainers=$(docker network inspect --format '{{ range $k,$v := .Containers }}{{ $nameLen := len $v.Name }}{{ if gt $nameLen '"${prefixLen}"' }}{{ $prefix := slice $v.Name 0 '"${prefixLen}"' }}{{ if eq $prefix "'"${prefix}-"'" }}{{ println $v.Name }}{{end}}{{end}}{{end}}' "${projectNetwork}") + container=$(echo "$projectContainers" | head -n1) + + [[ -z "${container}" ]] && continue # Project is not running, skip it + + projectDir=$(docker container inspect --format '{{ index .Config.Labels "com.docker.compose.project.working_dir"}}' "$container") + projectName=$(cat "${projectDir}/.env" | grep '^WARDEN_ENV_NAME=' | sed -e 's/WARDEN_ENV_NAME=[[:space:]]*//g' | tr -d -) + projectType=$(cat "${projectDir}/.env" | grep '^WARDEN_ENV_TYPE=' | sed -e 's/WARDEN_ENV_TYPE=[[:space:]]*//g' | tr -d -) + traefikDomain=$(cat "${projectDir}/.env" | grep '^TRAEFIK_DOMAIN=' | sed -e 's/TRAEFIK_DOMAIN=[[:space:]]*//g' | tr -d -) + + messageList+=(" \033[1;35m${projectName}\033[0m a \033[36m${projectType}\033[0m project") + messageList+=(" Project Directory: \033[33m${projectDir}\033[0m") + messageList+=(" Project URL: \033[94mhttps://${traefikDomain}\033[0m") + + [[ "$projectNetwork" != "${projectNetworkList[@]: -1:1}" ]] && messageList+=() +done + +if [[ "${#messageList[@]}" > 0 ]]; then + echo -e "Found the following \033[32mrunning\033[0m environments:" + for line in "${messageList[@]}"; do + echo -e "$line" + done +else + echo "No running environments found." +fi \ No newline at end of file diff --git a/commands/status.help b/commands/status.help new file mode 100644 index 00000000..3c497449 --- /dev/null +++ b/commands/status.help @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +[[ ! ${WARDEN_DIR} ]] && >&2 echo -e "\033[31mThis script is not intended to be run directly!\033[0m" && exit 1 + +WARDEN_USAGE="Provides listing of projects that are currently running and Den's Traefik is connected to" \ No newline at end of file From a2e1bc6a7dd317eae3b5dbb1ba140b2e91633e64 Mon Sep 17 00:00:00 2001 From: Navarr Date: Mon, 19 Jun 2023 16:29:35 -0400 Subject: [PATCH 5/5] Update Changelog --- CHANGELOG.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 05c90d7b..d3e52cda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,18 @@ # Change Log - + + +**Enhancements** +* `warden status` command ported from Den. Originally created by @bap14 ([swiftotter/den#94](https://github.com/swiftotter/den/pull/94)) +* Simplified Traefik check. Originally created by @bap14 ([swiftotter/den#88](https://github.com/swiftotter/den/pull/88)) + +**Migration-related** +* Den signed certificates will automatically be signed for Warden when running `warden install` +* `warden install` will now change the tunnel from using the Den certificate to the Warden certificate automatically +* Both features based heavily on the work of @ihor-sviziev ([swiftotter/den#33](https://github.com/swiftotter/den/pull/33) & [swiftotter/den#44](https://github.com/swiftotter/den/pull/44)) + ## Version [0.14.0](https://github.com/wardenenv/warden/tree/0.14.0) (2023-06-19) [All Commits](https://github.com/wardenenv/warden/compare/0.13.1..0.14.0)