wip

ovh · Dec 20, 2024 · c321c9b · c321c9b
1 parent 3534f10
commit c321c9b
Show file tree

Hide file tree

Showing 14 changed files with 278 additions and 102 deletions.
diff --git a/_allPlugins.jsonschema b/_allPlugins.jsonschema
@@ -0,0 +1,81 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://www.ovhcloud.com/the-bastion/schemas/plugins/_allPlugins",
+  "$defs": {
+    "command": {
+      "description": "Command name",
+      "type": "string",
+      "pattern": "^[a-z][a-zA-Z]+$",
+      "minLength": 4
+    },
+    "error_message": {
+      "type": "string",
+      "minLength": 2
+    },
+    "session_id": {
+      "type": "string",
+      "pattern": "^[a-f0-9]{12}$"
+    }
+  },
+  "type": "object",
+  "additionalProperties": true,
+  "minProperties": 5,
+  "maxProperties": 5,
+  "oneOf": [
+    {
+      "additionalProperties": false,
+      "properties": {
+        "command": {
+          "oneOf": [
+            {
+              "type": "null"
+            },
+            {
+              "$ref": "#/$defs/command"
+            }
+          ]
+        },
+        "error_message": {
+          "$ref": "#/$defs/error_message"
+        },
+        "error_code": {
+          "type": "string",
+          "pattern": "^(ERR|KO)(_[A-Z_]+)?$"
+        },
+        "value": {
+          "type": ["array","object","null"]
+        },
+        "session_id": {
+          "$ref": "#/$defs/session_id"
+        }
+      }
+    },
+    {
+      "additionalProperties": false,
+      "properties": {
+        "command": {
+          "$ref": "#/$defs/command"
+        },
+        "error_message": {
+          "$ref": "#/$defs/error_message"
+        },
+        "error_code": {
+          "type": "string",
+          "pattern": "^OK(_[A-Z_]+)?$"
+        },
+        "value": {
+          "type": ["array","object","null"]
+        },
+        "session_id": {
+          "$ref": "#/$defs/session_id"
+        }
+      }
+    }
+  ],
+  "required": [
+    "command",
+    "error_code",
+    "error_message",
+    "value"
+  ]
+}
diff --git a/accountAddPersonalAccess.jsonschema b/accountAddPersonalAccess.jsonschema
@@ -0,0 +1,66 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://www.ovhcloud.com/the-bastion/schemas/plugins/accountAddPersonalAccess",
+  "type": "object",
+  "additionalProperties": false,
+  "minProperties": 7,
+  "maxProperties": 7,
+  "required": [
+    "comment",
+    "port",
+    "ip",
+    "user",
+    "account",
+    "ttl",
+    "action"
+  ],
+  "properties": {
+    "comment": {
+      "type": [
+        "null",
+        "string"
+      ]
+    },
+    "port": {
+      "anyOf": [
+        {
+          "type": "null"
+        },
+        {
+          "type": "integer",
+          "minimum": 0,
+          "maximum": 65535
+        }
+      ]
+    },
+    "ip": {
+      "type": "string",
+      "pattern": "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]+)?$|^\\[[:a-f0-9]+]\\](/[0-9]+)?$"
+    },
+    "user": {
+      "type": [
+        "null",
+        "string"
+      ]
+    },
+    "account": {
+      "type": [
+        "null",
+        "string"
+      ]
+    },
+    "ttl": {
+      "type": [
+        "null",
+        "integer"
+      ]
+    },
+    "action": {
+      "type": "string",
+      "enum": [
+        "add",
+        "del"
+      ]
+    }
+  }
+}
diff --git a/accountGeneratePassword.jsonschema b/accountGeneratePassword.jsonschema
@@ -0,0 +1,59 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://www.ovhcloud.com/the-bastion/schemas/plugins/accountGeneratePassword",
+  "$defs": {
+    "value_hashes_object": {
+      "type": "object",
+      "additionalProperties": false,
+      "minProperties": 3,
+      "maxProperties": 5,
+      "required": [
+        "sha512crypt",
+        "sha256crypt",
+        "md5crypt"
+      ],
+      "properties": {
+        "sha512crypt": {
+          "type": "string",
+          "pattern": "^\\$6\\$.+\\$.+$"
+        },
+        "sha256crypt": {
+          "type": "string",
+          "pattern": "^\\$5\\$.+\\$.+$"
+        },
+        "md5crypt": {
+          "type": "string",
+          "pattern": "^\\$1\\$.+\\$.+$"
+        },
+        "type8": {
+          "type": "string",
+          "pattern": "^\\$8\\$.+\\$.+$"
+        },
+        "type9": {
+          "type": "string",
+          "pattern": "^\\$9\\$.+\\$.+$"
+        }
+      }
+    }
+  },
+  "type": "object",
+  "additionalProperties": false,
+  "minProperties": 4,
+  "maxProperties": 4,
+  "properties": {
+    "hashes": {
+      "$ref": "#/$defs/value_hashes_object"
+    },
+    "context": {
+      "const": "account"
+    },
+    "group": {
+      "type": "null"
+    },
+    "account": {
+      "type": "string",
+      "minLength": 2,
+      "maxLength": 28
+    }
+  }
+}
diff --git a/bin/shell/osh.pl b/bin/shell/osh.pl
@@ -73,7 +73,9 @@ sub main_exit {
         uniqid      => $log_uniq_id
     ) if (not defined $log_db_name or not defined $log_insert_id);
 
-    my $R = R($retcode eq OVH::Bastion::EXIT_OK ? 'OK' : 'KO_' . uc($comment), msg => $msg);
+    my $exitcode = uc($comment);
+    $exitcode =~ tr/-/_/;
+    my $R = R($retcode eq OVH::Bastion::EXIT_OK ? 'OK' : "KO_$exitcode", msg => $msg);
 
     OVH::Bastion::osh_crit($R->msg) if not $R;
     OVH::Bastion::json_output($R)   if $ENV{'PLUGIN_JSON'};

diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm
@@ -446,7 +446,7 @@ sub json_output {    ## no critic (ArgUnpacking)
         $JsonObject->pretty(1);
     }
     my $encoded_json =
-      $JsonObject->encode({error_code => $R->err, error_message => $R->msg, command => $command, value => $R->value});
+      $JsonObject->encode({error_code => $R->err, error_message => $R->msg, command => $command, value => $R->value, session_id => $ENV{'UNIQID'}});
 
     # rename forbidden strings
     $encoded_json =~ s/JSON_(START|OUTPUT|END)/JSON__$1/g;

diff --git a/lib/perl/OVH/Bastion/ssh.inc b/lib/perl/OVH/Bastion/ssh.inc
@@ -308,7 +308,7 @@ sub get_ssh_pub_key_info {
         ($prefix, $typecode, $base64, $comment) = ($2, $3, $4, $6);
     }
     else {
-        return R('KO_NOT_A_KEY', value => {line => $pubKey});
+        return R('KO_NOT_A_KEY');
     }
     my $line = "$typecode $base64";
     $prefix = '' if not defined $prefix;

diff --git a/lib/perl/OVH/Result.pm b/lib/perl/OVH/Result.pm
@@ -74,6 +74,7 @@ sub TO_JSON {
         error_code    => $self->err,
         value         => $self->value,
         error_message => $self->msg,
+        session_id    => $ENV{'UNIQID'},
       }
       if (ref $self eq 'OVH::Result');
     return {};

diff --git a/selfListPasswords.jsonschema b/selfListPasswords.jsonschema
@@ -2,16 +2,6 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "https://www.ovhcloud.com/the-bastion/schemas/plugins/selfListPasswords",
   "$defs": {
-    "command": {
-      "description": "Command name",
-      "type": "string",
-      "pattern": "^[a-z][a-zA-Z]+$",
-      "minLength": 4
-    },
-    "error_message": {
-      "type": "string",
-      "minLength": 2
-    },
     "value_arrayitem_object": {
       "type": "object",
       "additionalProperties": false,
@@ -90,55 +80,8 @@
       }
     }
   },
-  "type": "object",
-  "additionalProperties": true,
-  "minProperties": 4,
-  "maxProperties": 4,
-  "oneOf": [
-    {
-      "additionalProperties": false,
-      "properties": {
-        "command": {
-          "$ref": "#/$defs/command"
-        },
-        "error_message": {
-          "$ref": "#/$defs/error_message"
-        },
-        "error_code": {
-          "type": "string",
-          "pattern": "^(KO|ERR)(_[A-Z_]+)?$"
-        },
-        "value": {
-          "type": "null"
-        }
-      }
-    },
-    {
-      "additionalProperties": false,
-      "properties": {
-        "command": {
-          "$ref": "#/$defs/command"
-        },
-        "error_message": {
-          "$ref": "#/$defs/error_message"
-        },
-        "error_code": {
-          "type": "string",
-          "pattern": "^OK(_[A-Z_]+)?$"
-        },
-        "value": {
-          "type": "array",
-          "items": {
-            "$ref": "#/$defs/value_arrayitem_object"
-          }
-        }
-      }
-    }
-  ],
-  "required": [
-    "command",
-    "error_code",
-    "error_message",
-    "value"
-  ]
+  "type": "array",
+  "items": {
+    "$ref": "#/$defs/value_arrayitem_object"
+  }
 }
diff --git a/tests/functional/docker/docker_build_and_run_tests.sh b/tests/functional/docker/docker_build_and_run_tests.sh
@@ -125,11 +125,11 @@ if docker inspect "bastion-$target" >/dev/null 2>&1; then
 fi
 
 # trying with IPv6
-if ! docker network create --ipv6 --subnet fd42:cafe:efac:"$(printf "%x" $RANDOM)"::/64 "bastion-$target" >/dev/null; then
+#if true || ! docker network create --ipv6 --subnet fd42:cafe:efac:"$(printf "%x" $RANDOM)"::/64 "bastion-$target" >/dev/null; then
     # didn't work... retry without IPv6
-    echo "... IPv6 is not enabled in docker daemon, falling back to IPv4-only network"
+#    echo "... IPv6 is not enabled in docker daemon, falling back to IPv4-only network"
     docker network create "bastion-$target" >/dev/null
-fi
+#fi
 
 # run target but force entrypoint to test one, and add some keys in env (will be shared with tester)
 echo "Starting target instance"