The chain of executions is as is:
- `docker_build_and_run_tests_all.sh`
- launches several instances of `docker_build_and_run_tests.sh`
- builds docker images with the `target_role.sh` and `tester_role.sh` entrypoints
- inside the tester docker, `tester_role.sh` launches `launch_tests_on_instance.sh`
- the target docker gets tested after setting up accounts, SSH etc.
Previously, these scripts passed options to each other either by a mix of environment
variables and command-line arguments, with some inconsistencies here and there.
Now, `launch_tests_on_instance.sh` supports a lot of command-line options, which can
be specified directly if testing a remote server, or can be passed-through by the calling
script in case of docker tests. `docker_build_and_run_tests.sh` and
`docker_build_and_run_tests_all.sh` also support to passthrough these options down.
This command deletes a group, as `groupDelete` does, but works
for owners so that they can delete their own group.
`groupDelete` remains as a restricted command, able to delete any group.
Closes#40.
The commands selfListAccesses, accountListAccesses,
groupList, groupListServers, groupListGuestAccesses and
accountList now have options to filter their output through
pattern matching, with --include and --exclude.
The output from the commands using print_acls() is also more
human-friendly, with auto-adjusting column length, and empty
columns omitted.
Closes#60.
The following warn would happen if the scp wrapper was called with an invalid hostname:
Use of uninitialized value in bitwise and (&) at /usr/share/perl5/Net/Netmask.pm line 699.
at /opt/bastion/bin/plugin/open/../../../lib/perl/OVH/Bastion.pm line 41.
OVH::Bastion::__ANON__("Use of uninitialized value \ in bitwise and (&) at /usr/shar"...) called at /usr/share/perl5/Net/Netmask.pm line 697
Net::Netmask::match(Net::Netmask=HASH(0x55b1d5f11860), undef) called at /opt/bastion/lib/perl/OVH/Bastion/allowdeny.inc line 214
OVH::Bastion::is_access_way_granted("port", 22, "exactUserMatch", 1, "ipfrom", "X.X.X.X", "ip", undef, ...) called at /opt/bastion/lib/perl/OVH/Bastion/allowdeny.inc line 688
OVH::Bastion::is_access_granted(\"account\", \"johndoe\", \"user\", \"!scpupload\", \"ipfrom\", \"X.X.X.X\", \"ip\", undef, ...) called at /opt/bastion/bin/plugin/open/scp line 136
If no comment is set, the comment is inherited from the group ACL,
as seen in groupListServers.
selfAddPersonalAccess now also return details
about the added server in the returned JSON.
Closes#18Closes#17
We now warn (to syslog) for invalid values where
we have to fallback to defaults, and for boolean
options, actual true/false JSON values are now
properly recognized. 0 and 1 will still always
be parsed correctly, to not break compatibility.
Adding a guest access to a member of a group is now denied, to avoid having
dangling guest accesses when their membership is revoked. In effect, they
could no longer access the group servers, even as guest, because they no longer
had access to the group key, but their previous guest accesses were still
visible in groupListGuestAccesses, causing possible confusion.
We now also revoke all guest accesses of an account to a group, if any,
when it's being set as a member of this group, so that when/if the account
membership is revoked, we don't end up with the same ghost guest accesses as above.
