Added the `log_request_response` and `log_request_response_max_size`
options to osh-http-proxy.conf.
By default, requests are logged, including their body, up to a size
of 64K per request response. Before, there was no size limit to the
logged body response.
The following additional header is now allowed to come back from the remote server to the client:
* Content-Length
The following additional headers are now passed through to the remote server:
* Content-Length
* Content-Encoding
This command deletes a group, as `groupDelete` does, but works
for owners so that they can delete their own group.
`groupDelete` remains as a restricted command, able to delete any group.
Closes#40.
The commands selfListAccesses, accountListAccesses,
groupList, groupListServers, groupListGuestAccesses and
accountList now have options to filter their output through
pattern matching, with --include and --exclude.
The output from the commands using print_acls() is also more
human-friendly, with auto-adjusting column length, and empty
columns omitted.
Closes#60.
To enhance the readability and visibility of important messages
(such as critical ones). This can be disabled with the `allowUTF8`
global option set to `false`. It's never enabled if the user locale
or their terminal don't seem to support it.
The following warn would happen if the scp wrapper was called with an invalid hostname:
Use of uninitialized value in bitwise and (&) at /usr/share/perl5/Net/Netmask.pm line 699.
at /opt/bastion/bin/plugin/open/../../../lib/perl/OVH/Bastion.pm line 41.
OVH::Bastion::__ANON__("Use of uninitialized value \ in bitwise and (&) at /usr/shar"...) called at /usr/share/perl5/Net/Netmask.pm line 697
Net::Netmask::match(Net::Netmask=HASH(0x55b1d5f11860), undef) called at /opt/bastion/lib/perl/OVH/Bastion/allowdeny.inc line 214
OVH::Bastion::is_access_way_granted("port", 22, "exactUserMatch", 1, "ipfrom", "X.X.X.X", "ip", undef, ...) called at /opt/bastion/lib/perl/OVH/Bastion/allowdeny.inc line 688
OVH::Bastion::is_access_granted(\"account\", \"johndoe\", \"user\", \"!scpupload\", \"ipfrom\", \"X.X.X.X\", \"ip\", undef, ...) called at /opt/bastion/bin/plugin/open/scp line 136
This occurred since v3.01.99-rc1 when requesting an accountInfo
of an account without an ingress_piv_policy set.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl/5.28/Term/ANSIColor.pm line 510.
at /opt/bastion/bin/plugin/restricted/../../../lib/perl/OVH/Bastion.pm line 41.
OVH::Bastion::__ANON__("Use of uninitialized value \ in concatenation (.) or st"...) called at /usr/share/perl/5.28/Term/ANSIColor.pm line 510
Term::ANSIColor::colored(undef, "green") called at /opt/bastion/bin/plugin/restricted/accountInfo line 178
If no comment is set, the comment is inherited from the group ACL,
as seen in groupListServers.
selfAddPersonalAccess now also return details
about the added server in the returned JSON.
Closes#18Closes#17
This fixes a race condition in sudo where it would log a log of
error messages to syslog if used while we're running the install
script: files around sudoers.d/ are then moved around, and it'll
yell for each file it previously listed if the file no longer
exists when it tries to stat() it. It also deprecates the --no-wait
flag of the install script, as now the sudoers.d/ directory will
always have integrity at all times.
Signed-off-by: Stéphane Lesimple <stephane.lesimple+bastion@ovhcloud.com>
