ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-01 13:01:53 +08:00
Code Issues Projects Releases Packages Wiki Activity

feat: plugins: add loadConfig parameter & config validator support

Browse source
This commit is contained in:
Stéphane Lesimple 2023-05-31 13:03:24 +00:00 committed by Stéphane Lesimple
parent 262e545bbb
commit 482eddb10c
4 changed files with 49 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bin/plugin/restricted/accountAddPersonalAccess
View file

@ -10,9 +10,10 @@ use OVH::Bastion::Plugin qw( :DEFAULT help );
use OVH::Bastion::Plugin::ACL; use OVH::Bastion::Plugin::ACL;
my $remainingOptions = OVH::Bastion::Plugin::begin( my $remainingOptions = OVH::Bastion::Plugin::begin(
argv => \@ARGV, loadConfig => 1,
header => "adding personal access to a server on an account", argv => \@ARGV,
options => { header => "adding personal access to a server on an account",
options => {
"account=s" => \my $account, "account=s" => \my $account,
"user-any" => \my $userAny, "user-any" => \my $userAny,
"port-any" => \my $portAny, "port-any" => \my $portAny,

7
bin/plugin/restricted/selfAddPersonalAccess
View file

@ -10,9 +10,10 @@ use OVH::Bastion::Plugin qw( :DEFAULT help );
use OVH::Bastion::Plugin::ACL; use OVH::Bastion::Plugin::ACL;
my $remainingOptions = OVH::Bastion::Plugin::begin( my $remainingOptions = OVH::Bastion::Plugin::begin(
argv => \@ARGV, loadConfig => 1,
header => "adding personal access to a server on your account", argv => \@ARGV,
options => { header => "adding personal access to a server on your account",
options => {
"user-any" => \my $userAny, "user-any" => \my $userAny,
"port-any" => \my $portAny, "port-any" => \my $portAny,
"scpup" => \my $scpUp, "scpup" => \my $scpUp,

25
lib/perl/OVH/Bastion/Plugin.pm
View file

@ -15,8 +15,10 @@ $SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because t
$| = 1; $| = 1;
use Exporter 'import'; use Exporter 'import';
our ($user, $ip, $host, $port, $scriptName, $self, $sysself, $realm, $remoteself, $HOME, $savedArgs); ## no critic (ProhibitPackageVars) ## no critic (ProhibitPackageVars)
our @EXPORT = qw( $user $ip $host $port $scriptName $self $sysself $realm $remoteself $HOME $savedArgs ); ## no critic (ProhibitAutomaticExportation) our ($user, $ip, $host, $port, $scriptName, $self, $sysself, $realm, $remoteself, $HOME, $savedArgs, $pluginConfig);
## no critic (ProhibitAutomaticExportation)
our @EXPORT = qw( $user $ip $host $port $scriptName $self $sysself $realm $remoteself $HOME $savedArgs $pluginConfig );
our @EXPORT_OK = qw( help ); our @EXPORT_OK = qw( help );
my $_helptext; my $_helptext;
@ -25,10 +27,11 @@ sub help { osh_info $_helptext; return 1; }
sub begin { sub begin {
my %params = @_; my %params = @_;
my $options = $params{'options'}; my $options = $params{'options'};
my $header = $params{'header'}; my $header = $params{'header'};
my $argv = $params{'argv'}; my $argv = $params{'argv'};
my $helpfunc = $params{'help'}; my $loadConfig = $params{'loadConfig'};
my $helpfunc = $params{'help'};
$_helptext = $params{'helptext'}; $_helptext = $params{'helptext'};
my $fnret; my $fnret;
@ -147,6 +150,16 @@ sub begin {
"Error with your USER (\"$sysself\" vs \"$ENV{'USER'}\"), please report to your sysadmin."; "Error with your USER (\"$sysself\" vs \"$ENV{'USER'}\"), please report to your sysadmin.";
} }
if ($loadConfig) {
# try to load config, and abort if we get an error
$fnret = OVH::Bastion::plugin_config(plugin => $scriptName);
if (!$fnret) {
warn_syslog("Invalid configuration for plugin $scriptName: $fnret");
osh_exit 'ERR_INVALID_CONFIGURATION', "Error in plugin configuration, aborting";
}
$pluginConfig = $fnret->value;
}
# only unparsed options are remaining there # only unparsed options are remaining there
return \@pluginOptions; return \@pluginOptions;
} }

25
lib/perl/OVH/Bastion/configuration.inc
View file

@ -788,7 +788,6 @@ sub plugin_config {
secure => 1 secure => 1
); );
if ($fnret->err eq 'KO_CANNOT_OPEN_FILE') { if ($fnret->err eq 'KO_CANNOT_OPEN_FILE') {
# chmod error, don't fail silently # chmod error, don't fail silently
warn_syslog("Can't read configuration file '" warn_syslog("Can't read configuration file '"
. OVH::Bastion::main_configuration_directory() . OVH::Bastion::main_configuration_directory()
@ -796,13 +795,33 @@ sub plugin_config {
return R('ERR_CONFIGURATION_ERROR', return R('ERR_CONFIGURATION_ERROR',
msg => "Configuration file has improper rights, ask your sysadmin!"); msg => "Configuration file has improper rights, ask your sysadmin!");
} }
if ($fnret && ref $fnret->value eq 'HASH') { elsif ($fnret->err eq 'KO_NO_SUCH_FILE') {
# no configuration, just continue
}
elsif (!($fnret && ref $fnret->value eq 'HASH')) {
# other error, report it and fail
warn_syslog("Error loading plugin $plugin configuration ($fnret)");
return R('ERR_CONFIGURATION_ERROR', msg => "Plugin configuration is invalid, aborting");
}
else {
# avoid overriding keys # avoid overriding keys
foreach my $key (keys %{$fnret->value}) { foreach my $key (keys %{$fnret->value}) {
$config{$key} = $fnret->value->{$key} if not exists $config{$key}; $config{$key} = $fnret->value->{$key} if not exists $config{$key};
} }
} }
# do we have a config validator for this plugin?
## no critic(Modules::RequireBarewordIncludes)
eval { require "OVH::Bastion::Plugin::$plugin"; };
if (!$@) {
my $validator = "OVH::Bastion::Plugin::${plugin}::validate_config";
$fnret = $validator->(config => \%config);
if (!$fnret || !$fnret->value) {
warn_syslog("Invalid configuration for plugin $plugin: $fnret");
return R('ERR_INVALID_CONFIGURATION', msg => "Plugin configuration is invalid");
}
%config = %{$fnret->value};
}
} }
else { else {
%config = %$mock_data; %config = %$mock_data;