fix: add missing autocompletions, readonly flags and help category for some plugins

2025-09-10 15:04:15 +08:00 · 2023-04-27 07:54:00 +00:00 · 2023-04-27 07:54:00 +00:00 · 0515753f91
commit 0515753f91
parent 902508f7d1
7 changed files with 40 additions and 10 deletions
--- a/bin/plugin/group-owner/groupModify.json
+++ b/bin/plugin/group-owner/groupModify.json
@ -7,5 +7,6 @@
        "groupModify --group \\S+ --mfa-required \\S+"   , {"pr" : ["<ENTER>"]},
        "groupModify --group \\S+ --guest-ttl-limit"     , {"pr" : ["<DURATION>"]},
        "groupModify --group \\S+ --guest-ttl-limit \\S+", {"pr" : ["<ENTER>"]}
-    ]
+    ],
+    "master_only": 1
 }
--- a/bin/plugin/open/help
+++ b/bin/plugin/open/help
@ -43,13 +43,14 @@ my @knownPlugins = (
        'other commands'               => [qw{ selfModify }],
    ],
    'MANAGE OTHER ACCOUNTS' => [
-        'manage bastion accounts' =>
-          [qw{ accountList accountCreate accountCreateOvh accountDelete accountUnexpire accountModify accountPIV }],
+        'manage bastion accounts' => [
+            qw{ accountList accountInfo accountCreate accountDelete accountUnexpire accountUnlock accountFreeze accountUnfreeze accountModify accountPIV }
+        ],
        'manage accounts ingress credentials (them->bastion)' =>
          [qw{ accountListIngressKeys accountResetIngressKeys accountMFAResetPassword accountMFAResetTOTP }],
        'manage accounts egress credentials (bastion->server)' =>
          [qw{ accountListEgressKeys accountGeneratePassword accountListPasswords }],
-        'manage access to restricted commands' => [qw{ accountGrantCommand accountRevokeCommand accountInfo }],
+        'manage access to restricted commands' => [qw{ accountGrantCommand accountRevokeCommand }],
        'manage another account accesses to servers' =>
          [qw{ accountListAccesses accountAddPersonalAccess accountDelPersonalAccess whoHasAccessTo }],
        'review past sessions' => [qw{ accountListSessions globalListSessions }],
@ -58,7 +59,7 @@ my @knownPlugins = (
        'information and lifecycle' => [qw{ groupInfo groupListServers groupList groupCreate groupDelete }],
        'group owner commands'      => [
            qw{ groupAddGatekeeper groupDelGatekeeper groupAddAclkeeper groupDelAclkeeper
-              groupAddOwner groupDelOwner groupTransmitOwnership groupGenerateEgressKey groupDelEgressKey groupModify }
+              groupAddOwner groupDelOwner groupTransmitOwnership groupGenerateEgressKey groupDelEgressKey groupModify groupDestroy }
        ],
        'egress passwords commands'             => [qw{ groupListPasswords groupGeneratePassword groupDelPassword }],
        'gatekeeper commands to manage members' => [qw{ groupAddMember groupDelMember }],
@ -71,7 +72,7 @@ my @knownPlugins = (
    ],
    'MISC COMMANDS' => [
        'basic commands'   => [qw{ help info }],
-        'utility commands' => [qw{ nc ping mtr alive clush scp batch }],
+        'utility commands' => [qw{ nc ping mtr alive clush scp sftp batch }],
        'realm commands'   => [qw{ realmList realmInfo realmCreate realmDelete }],
        'audit commands'   => [qw{ rootListIngressKeys }],
        'other specific commands',
@ -165,8 +166,8 @@ if ($docURL && $docURL->value) {
 }

 if (OVH::Bastion::config('readOnlySlaveMode')->value) {
-    osh_warn "\nNOTICE: This bastion is part of a cluster, and this instance is a read-only one (slave), "
-      . "so only read-only compliant commands are available. If you need to use write/modify commands, "
+    osh_warn "\nNOTICE: This bastion is part of a cluster, and this instance is a read-only one (slave),\n"
+      . "so only read-only compliant commands are available.\nIf you need to use write/modify commands, "
      . "please do it on the master of the cluster instead.";
 }

--- a/bin/plugin/restricted/accountFreeze.json
+++ b/bin/plugin/restricted/accountFreeze.json
@ -0,0 +1,10 @@
+{
+    "interactive": [
+        "accountFreeze"                 , {"ac" : ["--account"]},
+        "accountFreeze --account"       , {"ac" : ["<ACCOUNT>"]},
+        "accountFreeze --account \\S+"  , {"ac" : ["--reason","<enter>"]},
+        "accountFreeze --account \\S+ --reason"  , {"pr" : ["\"reason between quotes\""]},
+        "accountFreeze --account \\S+ --reason .+"  , {"pr" : ["<enter>"]}
+    ],
+    "master_only": 1
+}
--- a/bin/plugin/restricted/accountPIV.json
+++ b/bin/plugin/restricted/accountPIV.json
@ -8,5 +8,6 @@
        "accountPIV --account \\S+ --policy grace"                          , {"ac": ["--ttl"]},
        "accountPIV --account \\S+ --policy grace --ttl"                    , {"pr": ["<duration>"]},
        "accountPIV --account \\S+ --policy grace --ttl (.*)"               , {"pr": ["<enter>"]}
-    ]
+    ],
+    "master_only": 1
 }
--- a/bin/plugin/restricted/accountRevokeCommand.json
+++ b/bin/plugin/restricted/accountRevokeCommand.json
@ -5,5 +5,6 @@
        "accountRevokeCommand --account \\S+"               , {"ac" : ["--command"]},
        "accountRevokeCommand --account \\S+ --command"     , {"ac" : ["<RESTRICTED_COMMAND>"]},
        "accountRevokeCommand --account \\S+ --command \\S+" , {"pr" : ["<enter>"]}
-    ]
+    ],
+    "master_only": 1
 }
--- a/bin/plugin/restricted/accountUnfreeze.json
+++ b/bin/plugin/restricted/accountUnfreeze.json
@ -0,0 +1,8 @@
+{
+    "interactive": [
+        "accountUnfreeze"                 , {"ac" : ["--account"]},
+        "accountUnfreeze --account"       , {"ac" : ["<ACCOUNT>"]},
+        "accountUnfreeze --account \\S+"  , {"pr" : ["<enter>"]}
+    ],
+    "master_only": 1
+}
--- a/bin/plugin/restricted/accountUnlock.json
+++ b/bin/plugin/restricted/accountUnlock.json
@ -0,0 +1,8 @@
+{
+    "interactive": [
+        "accountUnlock"                 , {"ac" : ["--account"]},
+        "accountUnlock --account"       , {"ac" : ["<ACCOUNT>"]},
+        "accountUnlock --account \\S+"  , {"pr" : ["<enter>"]}
+    ],
+    "master_only": 1
+}