Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(faster tests) and quick micro-fixes #513

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Prev Previous commit
Next Next commit
enh: accountInfo: add osh-only information for accounts
  • Loading branch information
speed47 committed Dec 17, 2024
commit 292ed300c45329436197339d10e8d5dd6a83539b
10 changes: 10 additions & 0 deletions bin/plugin/restricted/accountInfo
Original file line number Diff line number Diff line change
@@ -353,6 +353,11 @@ foreach my $accHash (@accounts) {
$ret{'max_inactive_days'} =
OVH::Bastion::account_config(account => $account, %{OVH::Bastion::OPT_ACCOUNT_MAX_INACTIVE_DAYS()})->value;

$ret{'osh_only'} = !!OVH::Bastion::account_config(
account => $account,
key => OVH::Bastion::OPT_ACCOUNT_OSH_ONLY
) + 0;

if ($withPasswordInfo) {
my @command = qw{ sudo -n -u root -- /usr/bin/env perl -T };
push @command, $OVH::Bastion::BASEPATH . '/bin/helper/osh-accountGetPasswordInfo';
@@ -525,6 +530,11 @@ sub print_account_info {
}
}

if (defined $ret{'osh_only'}) {
osh_info "\nThis account can only run commands (\"osh-only\"): "
. ($ret{'osh_only'} ? colored('yes', 'red') : colored('no', 'blue'));
}

if (exists $ret{'ingress_piv_policy'} && exists $ret{'ingress_piv_grace'}) {
osh_info "\nAccount PIV-only policy status:";
my $ingress_piv_policy_print = $ret{'ingress_piv_policy'} || 'default';