fix: bastion.conf.dist & configuration.inc after #98

2025-09-04 12:04:11 +08:00 · 2020-12-17 15:52:41 +00:00 · 2020-12-17 15:52:41 +00:00 · d6574221a3
commit d6574221a3
parent 1d84a9a714
4 changed files with 10 additions and 3 deletions
--- a/etc/bastion/bastion.conf.dist
+++ b/etc/bastion/bastion.conf.dist
@ -407,7 +407,7 @@
 # documentationURL (string)
 #     DESC: The URL of the documentation where users will be pointed to, for example when displaying help. If you have some internal documentation about the bastion, you might want to advertise it here.
 #  DEFAULT: "https://ovh.github.io/the-bastion/"
-"documentationURL": "https://ovh.github.io/the-bastion/"
+"documentationURL": "https://ovh.github.io/the-bastion/",
 #
 # debug (boolean)
 #     DESC: Enables or disables debug *GLOBALLY*, printing a lot of information to anyone using the bastion. Don't enable this unless you're chasing a bug in the code and are familiar with it.
@ -427,5 +427,5 @@
 # sshClientHasOptionE (boolean)
 #     DESC: Set to ``true`` if your ssh client supports the ``-E`` option and you want to use it to log debug info on opened sessions. **Discouraged** because it has some annoying side effects (some ssh errors then go silent from the user perspective).
 #  DEFAULT: false
-"sshClientHasOptionE": false,
+"sshClientHasOptionE": false
 }
--- a/lib/perl/OVH/Bastion/configuration.inc
+++ b/lib/perl/OVH/Bastion/configuration.inc
@ -250,6 +250,11 @@ sub load_configuration {
                push @errors, "Configuration error: missing option '$o', defaulting to " . ($tuple->{'default'} ? 'true' : 'false') if $test;
            }

+            # if a bool, it's ok, normalize to 0/1
+            elsif (JSON::is_bool($C->{$o})) {
+                $C->{$o} = $C->{$o} ? 1 : 0;
+            }
+
            # if set to "no", "false" or "disabled", be nice and cast to false (because a string is true, otherwise)
            elsif (grep { lc($C->{$o}) eq lc } qw{ no false disabled }) {
                push @errors, "Configuration error: found value '" . $C->{$o} . "' for option '$o', but it's supposed to be a boolean, assuming false";
--- a/tests/functional/tests.d/330-selfkeys.sh
+++ b/tests/functional/tests.d/330-selfkeys.sh
@ -80,6 +80,8 @@ testsuite_selfkeys()
    grant accountInfo
    grant auditor

+    configchg 's=^\\\\x22minimumIngressRsaKeySize\\\\x22.+=\\\\x22minimumIngressRsaKeySize\\\\x22:4096,='
+
    success accountssh info0 $a0 --osh accountInfo --account $account1
    json .error_code OK .command accountInfo
    json .value.account_egress_ssh_config.type default
--- a/tests/functional/tests.d/350-groups.sh
+++ b/tests/functional/tests.d/350-groups.sh
@ -88,7 +88,7 @@ testsuite_groups()
    contain "you to be specifically granted"
    json .command   null .value      null .error_code KO_RESTRICTED_COMMAND

-    plgfail groupCreate a0_fail_to_create_g1_with_a1_as_owner_because_bad_key_size $a0 --osh groupCreate --group $group1 --algo rsa --size 2048 --owner $account1
+    plgfail groupCreate a0_fail_to_create_g1_with_a1_as_owner_because_bad_key_size $a0 --osh groupCreate --group $group1 --algo rsa --size 1024 --owner $account1
    contain "minimum configured key size"
    json .command groupCreate .error_code KO_KEY_SIZE_TOO_SMALL .value      null