refactor: Reorganize repository structure for better maintainability

Major structural improvements: - Created organized directory structure with logical separation - bin/ directory for legacy scripts (poc.sh, prod.sh) - config/ directory for configuration templates - tests/ directory for test framework - docs/ directory for documentation (ADRs) Enhanced build system: - Comprehensive Makefile with 20+ commands for development workflow - Full CI/CD pipeline support (test, lint, security-check) - Vendor integration testing for git vendor inclusion scenarios - Development environment setup and configuration management Updated test framework: - Smart path resolution for both organized and vendored structures - Improved vendor compatibility testing - Enhanced error handling and timeout protection Documentation updates: - Updated README with new directory structure - Comprehensive command reference and usage examples - Clear vendor integration guidelines - Architecture Decision Record for Node.js version management Files moved: - poc.sh, prod.sh → bin/ (legacy scripts) - bitwarden-config.conf.sample → config/ - test-secrets-manager.sh → tests/ - ADR-Node.md → docs/ All path references updated to maintain full functionality. This reorganization improves maintainability while preserving compatibility for git vendor inclusion scenarios. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-16 09:35:07 -05:00
parent 33ae637781
commit 3b1b04f772
8 changed files with 965 additions and 10 deletions
--- a/bin/poc.sh
+++ b/bin/poc.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# A quick and dirty proof of concept to capture bitwarden cli workflow
+# A reduction to practice of the data From https://bitwarden.com/help/cli/
+
+clear
+
+####################################
+## Step 0: Set to use tsys server
+####################################
+echo "Setting cli to use tsys bitwarden server..."
+
+bw config server https://pwvault.turnsys.com
+
+####################################
+## Step 1: login to bitwarden
+####################################
+
+# From: https://bitwarden.com/help/cli/#using-an-api-key
+
+### Set apikey environment varaible
+
+echo "Sourcing clientid/apikey data..."
+source D:/tsys/secrets/bitwarden/data/apikey-bitwarden-reachableceo
+
+### Login to vault using apikey...
+
+echo "Logging in..."
+bw login --apikey $BW_CLIENTID $BW_CLIENTSECRET
+
+### Step 1.1: unlock / save session id 
+
+echo "Unlocking..."
+export BW_SESSION="$(bw unlock --passwordenv TSYS_BW_PASSWORD_REACHABLECEO --raw)"
+
+
+### Step 2: retrive a value into an environment variable
+
+export PUSHOVER_APIKEY="$(bw get password APIKEY-pushover)"
--- a/bin/prod.sh
+++ b/bin/prod.sh
@@ -0,0 +1,148 @@
+#!/usr/bin/env bash
+
+# Written by Chatgpt
+# 70% problem for sure..
+
+
+# shellcheck disable=SC1090
+
+# Bash3 Boilerplate Setup
+set -o errexit
+set -o nounset
+set -o pipefail
+IFS=$'\n\t'
+
+# Constants
+readonly SCRIPT_NAME=$(basename "$0")
+readonly SCRIPT_VERSION="1.0"
+readonly SCRIPT_AUTHOR="Charles N Wyble"
+readonly SCRIPT_DESC="TSYS Secrets Manager - Fetch secrets using the Bitwarden CLI"
+
+# Configuration
+readonly BW_SERVER_URL="https://pwvault.turnsys.com"  # Updated Bitwarden server URL
+
+# Logging and Debugging
+readonly LOG_FILE="/tmp/${SCRIPT_NAME}.log"
+readonly TIMESTAMP=$(date '+%m-%d-%Y %H:%M:%S')
+info() { echo "[INFO] [$TIMESTAMP] $*" | tee -a "$LOG_FILE"; }
+error() { echo "[ERROR] [$TIMESTAMP] $*" >&2 | tee -a "$LOG_FILE"; }
+
+# Default Exit Codes
+readonly ERR_BW_NOT_INSTALLED=10
+readonly ERR_BW_SERVER_CONFIG=20
+readonly ERR_SESSION_INVALID=30
+readonly ERR_SECRET_NOT_FOUND=40
+
+# Cleanup function to unset session environment variable
+cleanup() {
+    info "Cleaning up and unsetting session environment variable."
+    unset BW_SESSION
+}
+
+# Function: Setup Bitwarden server configuration
+setup_bitwarden_server() {
+    info "Configuring Bitwarden server to $BW_SERVER_URL..."
+    # Set the server URL for Bitwarden CLI
+    if ! bw config --quiet server "$BW_SERVER_URL"; then
+        error "Failed to configure Bitwarden server."
+        exit $ERR_BW_SERVER_CONFIG
+    fi
+    info "Bitwarden server configured successfully."
+}
+
+# Function: Fetch or initialize Bitwarden session
+fetch_bw_session() {
+    local session_token
+
+    # Check if Bitwarden CLI is installed
+    if ! command -v bw &>/dev/null; then
+        error "Bitwarden CLI (bw) is not installed or not in PATH. Please install it and try again."
+        exit $ERR_BW_NOT_INSTALLED
+    fi
+
+    # Check for existing session environment variable and reuse if valid
+    if [[ -n "${BW_SESSION:-}" ]] && bw unlock --check --session "$BW_SESSION" >/dev/null 2>&1; then
+        info "Using existing Bitwarden session token."
+        return
+    fi
+
+    # Unlock the Bitwarden vault and obtain a new session token
+    info "Unlocking Bitwarden vault..."
+
+    bw login --apikey $BW_CLIENTID $BW_CLIENTSECRET
+
+    session_token=$(bw unlock --passwordenv TSYS_BW_PASSWORD_REACHABLECEO --raw)
+    if [[ -z "$session_token" ]]; then
+        error "Failed to unlock Bitwarden vault. Ensure you're logged in using 'bw login'."
+        exit $ERR_SESSION_INVALID
+    fi
+
+    export BW_SESSION="$session_token"
+    info "Session initialized successfully."
+}
+
+# Function: Fetch a secret by name
+fetch_secret() {
+    local secret_name="$1"
+    local secret_value
+
+    info "Fetching secret '$secret_name' from Bitwarden..."
+    if ! secret_value=$(bw get password "$secret_name" --session "$BW_SESSION"); then
+        error "Failed to retrieve the secret '$secret_name'. Ensure the secret exists in the vault."
+        exit $ERR_SECRET_NOT_FOUND
+    fi
+
+    if [[ -z "$secret_value" ]]; then
+        error "Secret '$secret_name' is empty or not found. Check the vault for proper configuration."
+        exit $ERR_SECRET_NOT_FOUND
+    fi
+
+}
+
+# Function: Display usage instructions
+usage() {
+    cat <<EOF
+$SCRIPT_DESC
+
+Usage:
+  $SCRIPT_NAME <secret_name>
+
+Options:
+  -h, --help    Display this help message.
+
+Example:
+  $SCRIPT_NAME tsys_api_key
+EOF
+}
+
+# Main function
+main() {
+
+    bw logout || true
+
+    source D:/tsys/secrets/bitwarden/data/apikey-bitwarden-reachableceo
+
+    local secret_name="$1"
+
+    # Setup Bitwarden server and session management
+    setup_bitwarden_server
+    fetch_bw_session
+
+    # Fetch the specified secret
+    secret_value=$(fetch_secret "$secret_name")
+    info "Secret '$secret_name' fetched successfully."
+
+    echo "Secret value is: $secret_value"
+
+}
+
+# Trap signals (Ctrl+C, kill, etc.) to ensure cleanup happens
+trap cleanup EXIT INT TERM
+
+# Argument parsing
+if [[ $# -lt 1 ]] || [[ "$1" == "-h" ]] || [[ "$1" == "--help" ]]; then
+    usage
+    exit 0
+fi
+
+main "$1"