From 8729f9794061d681258efc259317adc8191e0802 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?=
 <stephane.lesimple+bastion@ovhcloud.com>
Date: Tue, 17 Dec 2024 13:05:21 +0000
Subject: [PATCH] enh: accountInfo: add osh-only information for accounts

---
 bin/plugin/restricted/accountInfo | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/bin/plugin/restricted/accountInfo b/bin/plugin/restricted/accountInfo
index 87a8fc0f2..b94ea53e3 100755
--- a/bin/plugin/restricted/accountInfo
+++ b/bin/plugin/restricted/accountInfo
@@ -353,6 +353,11 @@ foreach my $accHash (@accounts) {
         $ret{'max_inactive_days'} =
           OVH::Bastion::account_config(account => $account, %{OVH::Bastion::OPT_ACCOUNT_MAX_INACTIVE_DAYS()})->value;
 
+        $ret{'osh_only'} = !!OVH::Bastion::account_config(
+            account => $account,
+            key     => OVH::Bastion::OPT_ACCOUNT_OSH_ONLY
+        ) + 0;
+
         if ($withPasswordInfo) {
             my @command = qw{ sudo -n -u root -- /usr/bin/env perl -T };
             push @command, $OVH::Bastion::BASEPATH . '/bin/helper/osh-accountGetPasswordInfo';
@@ -525,6 +530,11 @@ sub print_account_info {
         }
     }
 
+    if (defined $ret{'osh_only'}) {
+        osh_info "\nThis account can only run commands (\"osh-only\"): "
+          . ($ret{'osh_only'} ? colored('yes', 'red') : colored('no', 'blue'));
+    }
+
     if (exists $ret{'ingress_piv_policy'} && exists $ret{'ingress_piv_grace'}) {
         osh_info "\nAccount PIV-only policy status:";
         my $ingress_piv_policy_print = $ret{'ingress_piv_policy'} || 'default';