mirror of
https://github.com/ovh/the-bastion.git
synced 2024-12-26 01:26:10 +08:00
enh: add config validator for *addPersonalAccess plugins
This commit is contained in:
parent
340ebd0bec
commit
1b8adf2165
6 changed files with 71 additions and 3 deletions
9
lib/perl/OVH/Bastion/Plugin/accountAddPersonalAccess.pm
Normal file
9
lib/perl/OVH/Bastion/Plugin/accountAddPersonalAccess.pm
Normal file
|
@ -0,0 +1,9 @@
|
|||
package OVH::Bastion::Plugin::accountAddPersonalAccess;
|
||||
# vim: set filetype=perl ts=4 sw=4 sts=4 et:
|
||||
use common::sense;
|
||||
|
||||
require OVH::Bastion::Plugin::addPersonalAccess;
|
||||
|
||||
*validate_config = \&OVH::Bastion::Plugin::addPersonalAccess::validate_config;
|
||||
|
||||
1;
|
38
lib/perl/OVH/Bastion/Plugin/addPersonalAccess.pm
Normal file
38
lib/perl/OVH/Bastion/Plugin/addPersonalAccess.pm
Normal file
|
@ -0,0 +1,38 @@
|
|||
package OVH::Bastion::Plugin::addPersonalAccess;
|
||||
# vim: set filetype=perl ts=4 sw=4 sts=4 et:
|
||||
use common::sense;
|
||||
|
||||
use File::Basename;
|
||||
use lib dirname(__FILE__) . '/../../../../../lib/perl';
|
||||
use OVH::Result;
|
||||
use OVH::Bastion;
|
||||
|
||||
sub validate_config {
|
||||
my %params = @_;
|
||||
my $config = $params{'config'};
|
||||
|
||||
if (!$config) {
|
||||
return R('ERR_MISSING_PARAMETER', msg => "Missing config parameter");
|
||||
}
|
||||
|
||||
if (ref $config ne 'HASH') {
|
||||
return R('ERR_INVALID_PARAMETER', msg => "The config parameter is not a hash");
|
||||
}
|
||||
|
||||
my $widestV4Prefix = $config->{'widest_v4_prefix'};
|
||||
if (defined $widestV4Prefix) {
|
||||
if ($widestV4Prefix =~ /([0-9]+)/) {
|
||||
$widestV4Prefix = $1;
|
||||
}
|
||||
if ($widestV4Prefix > 32 || $widestV4Prefix < 0) {
|
||||
warn_syslog("Invalid value '$widestV4Prefix' for widest_v4_prefix of selfAddPersonalAccess");
|
||||
return R('ERR_CONFIGURATION_ERROR',
|
||||
msg => "This plugin has a configuration error, please report to your nearest sysadmin");
|
||||
}
|
||||
$config->{'widest_v4_prefix'} = $widestV4Prefix;
|
||||
}
|
||||
|
||||
return R('OK', value => $config);
|
||||
}
|
||||
|
||||
1;
|
9
lib/perl/OVH/Bastion/Plugin/selfAddPersonalAccess.pm
Normal file
9
lib/perl/OVH/Bastion/Plugin/selfAddPersonalAccess.pm
Normal file
|
@ -0,0 +1,9 @@
|
|||
package OVH::Bastion::Plugin::selfAddPersonalAccess;
|
||||
# vim: set filetype=perl ts=4 sw=4 sts=4 et:
|
||||
use common::sense;
|
||||
|
||||
require OVH::Bastion::Plugin::addPersonalAccess;
|
||||
|
||||
*validate_config = \&OVH::Bastion::Plugin::addPersonalAccess::validate_config;
|
||||
|
||||
1;
|
|
@ -812,8 +812,9 @@ sub plugin_config {
|
|||
|
||||
# do we have a config validator for this plugin?
|
||||
## no critic(Modules::RequireBarewordIncludes)
|
||||
eval { require "OVH::Bastion::Plugin::$plugin"; };
|
||||
eval { require "OVH/Bastion/Plugin/$plugin.pm"; };
|
||||
if (!$@) {
|
||||
osh_debug("We have a config validator for $plugin");
|
||||
my $validator = "OVH::Bastion::Plugin::${plugin}::validate_config";
|
||||
$fnret = $validator->(config => \%config);
|
||||
if (!$fnret || !$fnret->value) {
|
||||
|
@ -821,6 +822,10 @@ sub plugin_config {
|
|||
return R('ERR_INVALID_CONFIGURATION', msg => "Plugin configuration is invalid");
|
||||
}
|
||||
%config = %{$fnret->value};
|
||||
osh_debug("Configuration for $plugin is valid");
|
||||
}
|
||||
else {
|
||||
osh_debug("We don't have a config validator for $plugin ($@)");
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -122,7 +122,14 @@ testsuite_selfaccesses()
|
|||
json .command selfAddPersonalAccess .error_code OK_NO_CHANGE .value null
|
||||
|
||||
# test selfAddPersonalAccess config items
|
||||
success selfAddPersonalAccess_setconfig1 $r0 "echo '\{\\\"self_remote_user_only\\\":true\,\\\"widest_v4_prefix\\\":30\}' \> $opt_remote_etc_bastion/plugin.selfAddPersonalAccess.conf \; chmod o+r $opt_remote_etc_bastion/plugin.selfAddPersonalAccess.conf"
|
||||
success selfAddPersonalAccess_setconfig_invalid $r0 "echo '\{\\\"self_remote_user_only\\\":true\,\\\"widest_v4_prefix\\\":99\}' \> $opt_remote_etc_bastion/plugin.selfAddPersonalAccess.conf \; chmod o+r $opt_remote_etc_bastion/plugin.selfAddPersonalAccess.conf"
|
||||
|
||||
run selfAddPersonalAccess_invalid_config $a0 --osh selfAddPersonalAccess --host 127.0.0.9 --user-any --port-any
|
||||
retvalshouldbe 106
|
||||
json .error_code KO_PLUGIN_DISABLED
|
||||
contain "configuration error"
|
||||
|
||||
success selfAddPersonalAccess_setconfig_valid $r0 "echo '\{\\\"self_remote_user_only\\\":true\,\\\"widest_v4_prefix\\\":30\}' \> $opt_remote_etc_bastion/plugin.selfAddPersonalAccess.conf \; chmod o+r $opt_remote_etc_bastion/plugin.selfAddPersonalAccess.conf"
|
||||
|
||||
plgfail selfAddPersonalAccess_self_remote_user_only $a0 --osh selfAddPersonalAccess --host 127.0.0.9 --user notme --port-any
|
||||
json .error_code ERR_INVALID_PARAMETER
|
||||
|
|
|
@ -141,7 +141,7 @@ EOS
|
|||
# now that we have several keys, take the opportunity to test force-key
|
||||
|
||||
plgfail a1_add_access_force_key_and_pwd_g1 $a1 --osh groupAddServer --host 127.1.2.3 --user-any --port-any --force --force-password '$1$2$3456' --force-key "$key1fp" --group $group1
|
||||
.error_code ERR_CONFLICTING_PARAMETERS
|
||||
json .error_code ERR_CONFLICTING_PARAMETERS
|
||||
|
||||
success a1_add_access_force_key_g1 $a1 --osh groupAddServer --host 127.1.2.3 --user-any --port-any --force --force-key "$key1fp" --group $group1
|
||||
|
||||
|
|
Loading…
Reference in a new issue