Groups that were containing 'lock' or 'retry' in their name
would falsely trigger the /etc/passwd and /etc/group lock
contention detection, due to their presence in the output of
the system command, implying several retries that were not
needed.
For bastions using JIT MFA, where MFA can be requested when
attempting to connect through specific groups, or when using
some commands, with respect to MFA being enforced at connection
time directly through the sshd authentication process, one can
now request MFA validation in advance, to workaround problems
in commands such as ``clush`` or ``batch``, and interactive mode.
This happened when a free UID was found, along with a corresponding GID,
but the corresponding GID for the ttyrec group of the account was not
available. Now this is checked directly in get_next_available_uid()
The chain of executions is as is:
- `docker_build_and_run_tests_all.sh`
- launches several instances of `docker_build_and_run_tests.sh`
- builds docker images with the `target_role.sh` and `tester_role.sh` entrypoints
- inside the tester docker, `tester_role.sh` launches `launch_tests_on_instance.sh`
- the target docker gets tested after setting up accounts, SSH etc.
Previously, these scripts passed options to each other either by a mix of environment
variables and command-line arguments, with some inconsistencies here and there.
Now, `launch_tests_on_instance.sh` supports a lot of command-line options, which can
be specified directly if testing a remote server, or can be passed-through by the calling
script in case of docker tests. `docker_build_and_run_tests.sh` and
`docker_build_and_run_tests_all.sh` also support to passthrough these options down.
Added the `log_request_response` and `log_request_response_max_size`
options to osh-http-proxy.conf.
By default, requests are logged, including their body, up to a size
of 64K per request response. Before, there was no size limit to the
logged body response.
The following additional header is now allowed to come back from the remote server to the client:
* Content-Length
The following additional headers are now passed through to the remote server:
* Content-Length
* Content-Encoding
The commands selfListAccesses, accountListAccesses,
groupList, groupListServers, groupListGuestAccesses and
accountList now have options to filter their output through
pattern matching, with --include and --exclude.
The output from the commands using print_acls() is also more
human-friendly, with auto-adjusting column length, and empty
columns omitted.
Closes#60.
To enhance the readability and visibility of important messages
(such as critical ones). This can be disabled with the `allowUTF8`
global option set to `false`. It's never enabled if the user locale
or their terminal don't seem to support it.
If no comment is set, the comment is inherited from the group ACL,
as seen in groupListServers.
selfAddPersonalAccess now also return details
about the added server in the returned JSON.
Closes#18Closes#17
