awx-config

#!/bin/bash

# This script comes with ABSOLUTELY NO WARRANTY, use at own risk
# Copyright (C) 2019 Osiris Alejandro Gomez <osiris@gcoop.coop>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

# shellcheck disable=SC2116
# shellcheck disable=SC1090
# shellcheck disable=SC1091
# shellcheck source=/dev/null

DIR_BIN="$(dirname "$0")" && source "$DIR_BIN/awx-common"

function usage()
{
cat << EOF
Usage:

\`\`\`bash

  $BIN ENVIRONMENT

\`\`\`

Overwrite \`~/.tower_cli.cfg\` with enviroment config using
\`~/.awx-config\` and \`pass\` command for retrieve passwords to use
with \`awx-cli\`.

First copy \`.awx-config-example\` to \`~/.awx-config\`, customize
variables according your enviroment.

Example:

\`\`\`bash

  $BIN DEVELOP

\`\`\`

Write example config:

\`\`\`bash

  $BIN -c

  BACKUP CURRENT CONFIG IN /home/awx/.awx-config-1653427782.bak
  WRITE EXAMPLE CONFIG IN /home/awx/.awx-config

\`\`\`

Define enviroments in \`~/.awx-config\`:

\`\`\`

  AWX_DEBUG: -v
  DEFAULT_AD_DOMAIN: example.com
  DEFAULT_CREDENTIAL_TYPE: Machine
  DEFAULT_CREDENTIAL_USER: ansible
  DEFAULT_DOMAIN: ipa.example.com
  DEFAULT_EMAIL_DOMAIN: example.com
  DEFAULT_GRANT_CREDENTIAL: use
  DEFAULT_GRANT_INVENTORY: use
  DEFAULT_GRANT_JOB_TEMPLATE: execute
  DEFAULT_GRANT_PROJECT: use
  DEFAULT_GRANT_WORKFLOW: execute
  DEFAULT_HOST_DOMAIN: example.com
  DEFAULT_HOST_DOMAIN_PREFIX: ipa
  DEFAULT_HOST_INVENTORY: hosts-pve
  DEFAULT_HOST_PREFIX_REPLACE: pve
  DEFAULT_HOST_PREFIX_SEARCH: pve01
  DEFAULT_HOST_SUFFIX: n0
  DEFAULT_IPA_DOMAIN: ipa.example.com
  DEFAULT_LIMIT: lab
  DEFAULT_ORGANIZATION: example
  DEFAULT_PROJECT: inventory_v0.2.2
  DEFAULT_SCM_CREDENTIAL: git_awx_dev
  DEFAULT_SEP: ,
  DEFAULT_SSH_CREDENTIAL: ssh_ansible_dev
  DEFAULT_TEAM: devops
  DEFAULT_VAULT_CREDENTIAL: vault_dev
  DEVELOP: awx-dev
  DEVELOP_PASSWORD_STORE_DIR: /home/awx/.password-store-awx-dev
  DEVELOP_USER: admin
  DEVOPS_GRANT_INVENTORY: admin
  DIR_INVENTORY: inventory
  DIR_JOB_TEMPLATE: job_template
  DIR_PROJECT: project
  DIR_WORKFLOW: workflow
  ERROR_SHOW_USAGE: 1
  LAB: lab
  LAB_PASSWORD_STORE_DIR: /home/awx/.password-store-awx-lab
  LAB_USER: awx-cli
  LO: loawx
  LO_USER: admin
  MASTER: awx-prd
  MASTER_PASSWORD_STORE_DIR: /home/awx/.password-store-awx-prd
  MASTER_USER: admin
  OUTPUT_STYLE: md
  PASS_PREFIX: awx/
  PASS_SUFFIX: /
  PROJECT_PREFIX: ansible
  SCM_URL_API: https://git.example.com/api/v4
  SCM_URL_BASE: git@git.example.com:/ipa
  SNMP_USER: public
  STAGE: awx-stg
  STAGE_PASSWORD_STORE_DIR: /home/awx/.password-store-awx-stg
  STAGE_USER: admin
  WORKFLOW_PREFIX: wfw

\`\`\`

Generate or insert credentials in multiple \`pass\` repositories:

\`\`\`bash

  export PASSWORD_STORE_DIR=~/.password-store-awx-dev
  pass awx/awx-dev/host
  pass awx/awx-dev/admin_password

  export PASSWORD_STORE_DIR=~/.password-store-awx-prd
  pass awx/awx-prd/host
  pass awx/awx-prd/admin_password

\`\`\`

Config file variables can be overridden on the fly by using them as
environment variables

\`\`\`

  AWX_HOST=awx-dev AWX_USER=admin AWX_PASS=secret awx-config DEVELOP

\`\`\`

EOF
exit 0
}

config_example()
{

  if [[ -e "$AWX_CONFIG" ]]
  then
    cp "$AWX_CONFIG" "$AWX_BACKUP"
    stderror "BACKUP CURRENT CONFIG IN $AWX_BACKUP"
  fi

  usage                                   \
    | grep -E '^  [A-Z_]+: '              \
    | sed 's/^  //g'                      \
    | sed "s/admin/$USER/g"               \
    | sed "s/\/home\/awx/\/home\/$USER/g" > "$AWX_CONFIG"

  stderror "WRITE EXAMPLE CONFIG IN $AWX_CONFIG"
  exit 0
}

[[ "$1" =~ ^[-]+(h|help)   ]] && usage
[[ "$1" =~ ^[-]+(c|config) ]] && config_example

[[ -z "$AWX_ENV" ]] && AWX_ENV="${1^^}"
[[ -z "$AWX_ENV" ]] && die "EMPTY ENVIROMENT"

# use value from environment
export PASSWORD_STORE_DIR="$AWX_ENV_PASS"

if [[ -z "$AWX_ENV_PASS" ]]
then
  # use value from ~/.awx-config
  AWX_CFG_PASS="${AWX_ENV}_PASSWORD_STORE_DIR"
  AWX_ENV_PASS="${!AWX_CFG_PASS}"
  export PASSWORD_STORE_DIR="${AWX_ENV_PASS}"
fi

AWX_CFG_NAME="${!AWX_ENV}"
AWX_CFG_USER="${AWX_ENV}_USER"
[[ -z "$AWX_USER" ]] && AWX_USER="${!AWX_CFG_USER}"
[[ -z "$AWX_USER" ]] && die "UNDEFINED AWX_USER or ${AWX_ENV}_USER in $AWX_CONFIG"

AWX_HOST_PASS="${PASS_PREFIX}${AWX_CFG_NAME}${PASS_SUFFIX}host"
AWX_PASS_PASS="${PASS_PREFIX}${AWX_CFG_NAME}${PASS_SUFFIX}${AWX_USER}_password"

if command -v pass >/dev/null
then
  if [[ -n "$PASSWORD_STORE_DIR" ]]
  then
    [[ -z "$AWX_HOST" ]] && AWX_HOST="$(pass "$AWX_HOST_PASS")"
    [[ -z "$AWX_PASS" ]] && AWX_PASS="$(pass "$AWX_PASS_PASS")"
  fi
else
  echo "NOT FOUND pass TRY apt install pass"
fi

[[ -z "$AWX_HOST" ]] && die "EMPTY OR UNDEFINED AWX_HOST TRY DEFINE VARIABLE OR INSERT IN PASS"

if [[ -z "$AWX_PASS" ]]
then
  echo "Env: $AWX_ENV"
  echo "Host: $AWX_HOST"
  echo "User: $AWX_USER"
  echo -n "Password: "
  read -r -s AWX_PASS
  echo
fi

[[ -z "$AWX_PASS" ]] && die "EMPTY OR UNDEFINED AWX_PASS TRY DEFINE VARIABLE OR INSERT IN PASS"

[[ -z "$PASSWORD_STORE_DIR" ]] && PASSWORD_STORE_DIR='none'

CONFIG=$(cat << EOF
host=$AWX_HOST
password=$AWX_PASS
username=$AWX_USER
verify_ssl=false
EOF
)

echo "$CONFIG" > "$AWX_CFG" && chmod 600 "$AWX_CFG"
echo "Env: $AWX_ENV User: $AWX_USER Host: $AWX_HOST"

HTTP_CODE="$(curl -s -o /dev/null -w "%{http_code}" "$AWX_HOST")"

[[ "$HTTP_CODE" != '200' ]] && die "HTTP RESPONSE CODE != 200 $AWX_HOST"

SUPERUSER="$(awx-cli user get "$AWX_USER" -f json | jq '.is_superuser')"

if [[ "$SUPERUSER" = 'true' ]]
then
  awx-setting-get-tower-url-base
  awx-setting-get-custom-login-info
fi

awx-cli version