ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-08 00:12:10 +08:00
Code Issues Projects Releases Packages Wiki Activity
the-bastion/bin/plugin/restricted/accountDelete
Stéphane Lesimple e040afb074 chore: new perltidy rules
2022-07-01 10:21:19 +02:00

101 lines
3.2 KiB
Perl
Executable file
Raw Blame History

#! /usr/bin/env perl
# vim: set filetype=perl ts=4 sw=4 sts=4 et:
use common::sense;
use Term::ANSIColor;
use POSIX ();
use File::Basename;
use lib dirname(__FILE__) . '/../../../lib/perl';
use OVH::Result;
use OVH::Bastion;
use OVH::Bastion::Plugin qw( :DEFAULT help );
my $remainingOptions = OVH::Bastion::Plugin::begin(
argv => \@ARGV,
header => "delete an existing bastion account",
options => {
'account=s' => \my $account,
'i-am-a-robot-and-i-dont-know-how-to-answer-your-question|no-confirm' => \my $noConfirm,
},
helptext => <<'EOF',
Delete an account from the bastion
Usage: --osh SCRIPT_NAME --account ACCOUNT
--account ACCOUNT Account name to delete
--no-confirm Don't ask for confirmation, and blame yourself if you deleted the wrong account
EOF
);
#
# code
#
my $fnret;
#
# params check
#
if (!$account) {
help();
osh_exit 'ERR_MISSING_PARAMETER', "Missing 'account' parameter";
}
$fnret = OVH::Bastion::is_bastion_account_valid_and_existing(account => $account);
$fnret or osh_exit $fnret;
$account = $fnret->value->{'account'}; # untaint
if (!$noConfirm) {
osh_info "!!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!!";
osh_info "!!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!!";
osh_info "!!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!!";
osh_info " ";
}
$fnret = OVH::Bastion::is_account_active(account => $account);
if ($fnret) {
osh_warn "Hint: account $account is currently ACTIVE (i.e. not disabled), think twice before removing it!";
}
elsif ($fnret->is_err) {
osh_warn "Hint: couldn't verify $account current validity, in any case, think twice before removing it!";
}
else {
osh_info("Hint: account $account is currently "
. colored("inactive", "green")
. ", so what you're doing is probably fine.");
}
osh_info " ";
if (!$noConfirm) {
osh_info "You are about to DELETE a bastion account, to be sure you're not drunk, type the following sentence:";
osh_info " ";
osh_info ' "Yes, do as I say and delete <insert_here_the_account_name>, kthxbye" ';
osh_info " ";
my $sentence = <STDIN>;
chomp $sentence;
if ($sentence ne "Yes, do as I say and delete $account, kthxbye") {
osh_exit 'ERR_OPERATOR_IS_DRUNK', "You're drunk, apparently, aborted.";
}
osh_info "OK, proceeding...";
}
my @command = qw{ sudo -n -u root -- /usr/bin/env perl -T };
push @command, $OVH::Bastion::BASEPATH . '/bin/helper/osh-accountDelete';
push @command, "--type", "normal", "--account", $account;
# as the helper can take a long time to complete (because of tar), and caller in front
# of his ssh console might close it's end without waiting, tar would get a SIGHUP and
# stop. we don't want this: use setsid to be in our own session. we fork() first because
# if we are a process group leader, setsid() would fail
my $child = fork();
if (!defined $child) {
osh_warn "Couldn't fork(), proceeding without forking...";
}
exit if $child; # parent
# here, I'm the child: call setsid()
if (POSIX::setsid() == -1) {
osh_warn "Couldn't call setsid(), proceeding anyway...";
}
osh_exit OVH::Bastion::helper(cmd => \@command);
Reference in a new issue View git blame Copy permalink