ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-22 23:38:44 +08:00
Code Issues Projects Releases Packages Wiki Activity
359 commits 5 branches 49 tags 7.5 MiB
Commit graph

359 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stéphane Lesimple
8e6c247cdf doc: add upgrading notice 2021-09-14 16:05:27 +02:00
Stéphane Lesimple
d3f443a532 release v3.05.00 2021-09-14 10:21:04 +02:00
Stéphane Lesimple
f6e4ec81a8 chore: remove useless 'section' test info 
As tests are now split by modules, the section is autodetected
and taken as the module name, hence a test now only needs a name,
instead of a section & a name.
 2021-09-13 17:45:36 +02:00
Stéphane Lesimple
4a21cfc421 enh: add --max-inactive-days to accountCreate 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
ef10d509fd enh: add max_inactive_days to account configuration (#230) 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
15cb2c2453 enh: accountInfo: add --list-groups 
Listing groups can be slow on bastions having thousands
of groups, hence this is now disabled by default.
 2021-09-02 13:13:44 +02:00
Stéphane Lesimple
82b681a38d doc: add faq about session locking (#226) 2021-09-02 11:42:48 +02:00
Stéphane Lesimple
f1e875ca4b fix: erroneous message in connect.pl 2021-09-02 11:42:18 +02:00
Stéphane Lesimple
56d4078605 feat: add --fallback-password-delay (3) for ssh password autologin 2021-09-02 11:42:18 +02:00
Stéphane Lesimple
5930775626 enh: better error message when unknown option is used 2021-09-02 10:07:03 +02:00
Stéphane Lesimple
5d188faac0 chore: trick perltidy 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
cd5b61b239 chore: perlcritic: remove Variables::RequireInitializationForLocalVars check 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
2510de0cd5 doc: generate scripts doc reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
710eb2e4cb doc: use autosectionlabel 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
92d4a46ac5 doc: add osh-piv-grace-reaper.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9f28dfa977 doc: add osh-backup-acl-keys.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
3c6ce52e8e doc: add osh-encrypt-rsync.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
0dc448943a doc: add osh-sync-watcher.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
873804dbbe enh: config reading: add rootonly option 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9b2aa996b3 enh: better use of account creation metadata 
Store account creation information in a JSON.
Display this information in `accountInfo` for auditors.
 2021-07-23 09:50:18 +02:00
Stéphane Lesimple
a2626e6970 chore: tests: add json_document() func 2021-07-23 09:50:18 +02:00
Stéphane Lesimple
c0bebf23d4 fix: accountCreate --uid-auto: rare case where a free UID couldn't be found 
This happened when a free UID was found, along with a corresponding GID,
but the corresponding GID for the ttyrec group of the account was not
available. Now this is checked directly in get_next_available_uid()
 2021-07-19 11:53:18 +02:00
Stéphane Lesimple
6b4418e864 chore: fixrights: ensure tests/functional/proxy/remote-daemon is +x 2021-07-16 11:05:04 +02:00
Stéphane Lesimple
858598d80b chore: add debug info in get_acls() 2021-07-15 18:27:42 +02:00
Stéphane Lesimple
a08f56df9f feat: support pam_faillock for Debian 11 (#163) 2021-07-05 10:35:58 +02:00
Stéphane Lesimple
2390f56c9a chore: groupCreate: fix help message 2021-07-02 18:25:24 +02:00
Stéphane Lesimple
f483b1540a enh: max account length is now 28 chars up from 18 2021-07-02 17:41:12 +02:00
Stéphane Lesimple
a447662cfd release v3.04.00 2021-07-02 17:31:47 +02:00
Stéphane Lesimple
d3f323d0c6 doc: micro fixes 2021-07-02 16:50:53 +02:00
Stéphane Lesimple
01690e8111 bump to v3.03.99-rc2 2021-06-30 17:20:48 +02:00
Stéphane Lesimple
ecee68c8bc chore: fix spurious empty lines at end of generated rst files 2021-06-30 15:52:47 +02:00
Stéphane Lesimple
458c50eff1 documentation: add a lot of new documentation topics 2021-06-30 15:52:47 +02:00
Stéphane Lesimple
b942131092 fix: use local $_ before while(<>) loops 
This closes a range of bugs that can happen if a function using $_ implicitly
in a while is called in a grep {} or map {} which also uses $_
 2021-06-30 09:53:04 +02:00
Stéphane Lesimple
2193ee487d enh: replace 'allowUTF8' (introduced in rc1) by 'fanciness' 2021-06-30 09:53:04 +02:00
thibault.dewailly
5415ed2793 Feat: Add admin and super owner accounts list in info plugin 
For auditing purposes, get admin and super owner list in info plugin
Available for auditor role only
Closes #206
 2021-06-28 11:13:30 +02:00
Stéphane Lesimple
c201f44d83 enh: tests: refactor the framework for more maintainability 
The chain of executions is as is:
- `docker_build_and_run_tests_all.sh`
  - launches several instances of `docker_build_and_run_tests.sh`
    - builds docker images with the `target_role.sh` and `tester_role.sh` entrypoints
      - inside the tester docker, `tester_role.sh` launches `launch_tests_on_instance.sh`
      - the target docker gets tested after setting up accounts, SSH etc.

Previously, these scripts passed options to each other either by a mix of environment
variables and command-line arguments, with some inconsistencies here and there.

Now, `launch_tests_on_instance.sh` supports a lot of command-line options, which can
be specified directly if testing a remote server, or can be passed-through by the calling
script in case of docker tests. `docker_build_and_run_tests.sh` and
`docker_build_and_run_tests_all.sh` also support to passthrough these options down.
 2021-06-25 16:02:38 +02:00
Stéphane Lesimple
2f1e3fbfa8 support: del deb8/ubuntu1404/opensuse150/opensuse151, add opensuse153 
Remove support for EOL OSes:
- Debian 8
- Ubuntu 14.04
- OpenSUSE 15.0
- OpenSUSE 15.1

Add support for:
- OpenSUSE 15.3
 2021-06-25 16:02:38 +02:00
Stéphane Lesimple
d400ceeb9f doc: clush: document --user and --port 
Partly fixes #201
 2021-06-23 12:24:32 +02:00
Stéphane Lesimple
8d2aaf8d8f fix: setup-first-admin-account.sh: support to add several admins 
Fixes #202
 2021-06-21 14:36:08 +02:00
Thomas Soëte
c61a3eaae9 Remove duplicate groupAddGuestAccess groupDelGuestAccess 
groupAddGuestAccess groupDelGuestAccess are present twice in help
 2021-06-21 09:39:35 +02:00
Stéphane Lesimple
76639b665c chore: doc: auto-detect current year in generated documentation 
and set 2021 in LICENSE
 2021-06-15 09:00:19 +02:00
Romain Lebbadi-Breteau
2d43a7c915 Add extract argument to tar 2021-06-14 11:23:44 +02:00
Stéphane Lesimple
710b55d845 bump to v3.03.99-rc1 2021-06-03 17:01:10 +02:00
Stéphane Lesimple
2e9fe9288b enh: httpproxy: add options to fine-tune logging 
Added the `log_request_response` and `log_request_response_max_size`
options to osh-http-proxy.conf.

By default, requests are logged, including their body, up to a size
of 64K per request response. Before, there was no size limit to the
logged body response.
 2021-06-03 16:39:56 +02:00
Stéphane Lesimple
850c8cabd4 fix: freebsd: install script: prefer fetch over curl 2021-06-03 16:16:29 +02:00
Stéphane Lesimple
45cfb78b0b fix: httpproxy: allow more passthrough headers 
The following additional header is now allowed to come back from the remote server to the client:
* Content-Length

The following additional headers are now passed through to the remote server:
* Content-Length
* Content-Encoding
 2021-06-03 16:16:29 +02:00
Stéphane Lesimple
b364706f37 feat: httpproxy: add functional tests 2021-06-03 16:16:29 +02:00
Stéphane Lesimple
d6291f3ad4 feat: httpproxy: add and use execute_simple() for more performance 
Also handle errors better in hand_http_request()
 2021-06-03 16:16:29 +02:00
Stéphane Lesimple
7da3ef3e25 fix: connect.pl: decode 2K bytes of the ttyrec instead of 1K to not miss messages 2021-06-02 15:32:40 +02:00
Stéphane Lesimple
3925e67d43 feat: add groupDestroy command for owners 
This command deletes a group, as `groupDelete` does, but works
for owners so that they can delete their own group.
`groupDelete` remains as a restricted command, able to delete any group.

Closes #40.
 2021-06-02 15:32:40 +02:00