ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-04 20:14:22 +08:00
Code Issues Projects Releases Packages Wiki Activity
403 commits 5 branches 53 tags 7.3 MiB
Commit graph

34 commits

Author SHA1 Message Date
Stéphane Lesimple
aaaa173764 feat: add the accountUnlock restricted plugin 2021-12-21 09:42:54 +01:00
Stéphane Lesimple
7cc350b40d chore: check for spurious args in all helpers 2021-12-16 11:02:13 +01:00
Christophe Crochet
ff40617624 update of --force-password: guest support, autocompletion, new tests, code cleanups 2021-12-09 16:51:40 +01:00
Christophe Crochet
e4b132ed9a new access option: --force-password <HASH>, to only try one specific password 2021-12-09 16:51:40 +01:00
Christophe Crochet
d85298f229 new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required 2021-10-15 11:22:00 +02:00
madx
ea8ed97a34 new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both 2021-10-15 11:22:00 +02:00
Stéphane Lesimple
a65cbd55b8 accountPIV: fix bad autocompletion rule 2021-10-08 22:19:51 +02:00
Stéphane Lesimple
4a21cfc421 enh: add --max-inactive-days to accountCreate 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
ef10d509fd enh: add max_inactive_days to account configuration (#230) 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
15cb2c2453 enh: accountInfo: add --list-groups 
Listing groups can be slow on bastions having thousands
of groups, hence this is now disabled by default.
 2021-09-02 13:13:44 +02:00
Stéphane Lesimple
9b2aa996b3 enh: better use of account creation metadata 
Store account creation information in a JSON.
Display this information in `accountInfo` for auditors.
 2021-07-23 09:50:18 +02:00
Stéphane Lesimple
2390f56c9a chore: groupCreate: fix help message 2021-07-02 18:25:24 +02:00
Stéphane Lesimple
3925e67d43 feat: add groupDestroy command for owners 
This command deletes a group, as `groupDelete` does, but works
for owners so that they can delete their own group.
`groupDelete` remains as a restricted command, able to delete any group.

Closes #40.
 2021-06-02 15:32:40 +02:00
Stéphane Lesimple
8cc990ad57 feat: add filtering options to several cmds,nicify print_acls() 
The commands selfListAccesses, accountListAccesses,
groupList, groupListServers, groupListGuestAccesses and
accountList now have options to filter their output through
pattern matching, with --include and --exclude.

The output from the commands using print_acls() is also more
human-friendly, with auto-adjusting column length, and empty
columns omitted.

Closes #60.
 2021-05-25 09:42:28 +02:00
Stéphane Lesimple
344865884b fix: groupCreate: deny groups starting with 'key' 
Mitigates #178
 2021-05-21 14:13:22 +02:00
Stéphane Lesimple
68e088a607 doc: accountModify: more details on the --egress-strict-host-key-checking option 2021-05-19 18:55:54 +02:00
Jonathan Marsaud
b7b2533604 accountModify - Add a new accept-new POLICY in egress-strict-host-key-checking parameter 2021-05-19 16:34:35 +02:00
Stéphane Lesimple
e412083272 fix: accountCreate: incorrect help message (#167) 2021-04-08 12:04:19 +02:00
Stéphane Lesimple
4fd010c355 chore: microfixes after review 2021-02-22 13:32:19 +01:00
Stéphane Lesimple
8a0f7c6b4f fix: accountInfo: get rid of a warn() 
This occurred since v3.01.99-rc1 when requesting an accountInfo
of an account without an ingress_piv_policy set.

Use of uninitialized value  in concatenation (.) or string at /usr/share/perl/5.28/Term/ANSIColor.pm line 510.
 at /opt/bastion/bin/plugin/restricted/../../../lib/perl/OVH/Bastion.pm line 41.
OVH::Bastion::__ANON__("Use of uninitialized value \ in concatenation (.) or st"...) called at /usr/share/perl/5.28/Term/ANSIColor.pm line 510
Term::ANSIColor::colored(undef, "green") called at /opt/bastion/bin/plugin/restricted/accountInfo line 178
 2021-02-22 11:56:33 +01:00
Stéphane Lesimple
edb1b77dfc feat: auto-add hostname as comment in groupAddServer / selfAddPersonalAccesss 
Implements a side suggestion of #60
 2021-02-22 11:56:19 +01:00
Stéphane Lesimple
efe3710e4c feat: groupList/accountList: add --include --exclude 2021-01-21 15:56:59 +01:00
Stéphane Lesimple
148d5206e5 enh: rootListIngressKeys: look for all well-known authkeys files 2021-01-21 15:06:27 +01:00
Stéphane Lesimple
1676979913 feat: add PIV keys support and policy enforcement 
A new global option 'ingressRequirePIV' was added, to enable or disable a
bastion-wide policy forcing everybody to use only PIV keys.
 2021-01-12 12:05:06 +01:00
Stéphane Lesimple
a204313af9
feat: accountModify: add --osh-only (closes #97) 2020-12-18 11:04:33 +00:00
Stéphane Lesimple
03ad1da046
chore: perlcritic: including forgotten .inc files 2020-12-15 17:18:37 +00:00
Thomas Soëte
9647ae9cdb
fix: Fix 'selfAddPersonalAccess' helptext 2020-12-01 15:53:57 +01:00
Stéphane Lesimple
71cd9a46df
Merge branch 'master' into autocompletion 2020-11-23 14:26:46 +01:00
Stéphane Lesimple
9fb6b8d444
enh: accountCreate: handle --uid-auto in autocompletion rules 2020-11-23 11:29:52 +00:00
Thomas SOËTE
ef531308d5 enh: doc: add from parameter as it is mandatory 2020-11-23 11:28:15 +00:00
Thomas SOËTE
2a51a78b54 fix: Enable perl-tidy.sh test 
* Move to ubuntu-20.04 runner
* Remove check in dockers tests
 2020-11-22 21:37:34 +00:00
Stéphane Lesimple
5c72c92bdd
chore: fix typos everywhere 2020-11-05 17:36:17 +00:00
Stéphane Lesimple
4b8b1457e9
fix: accountModify is master-only 2020-10-22 10:24:14 +00:00
Stéphane Lesimple
fde20136ef
Initial commit 2020-10-20 14:30:27 +00:00