Comments (3)
speed47
commented on June 22, 2024
1
Nice catch, you're right key is a reserved prefix, I'll add a pre-check to groupCreate to ensure such group can't be created.
As you probably saw, all the bastion group names (actually, bastion group roles) are mapped to OS groups, using the "key" prefix (and some suffixes for the roles).
Removing this constraint can be done, but it needs thorough testing, to ensure there's no confusion between "a bastion group name" and "a system group mapped to a bastion group" anywhere in the code. So I'll start by just denying the creation of such groups, and lifting this limitation only when I'm sure there are no longer any side effect of prepending a group name with key.
from the-bastion.
jonathanmarsaud
commented on June 22, 2024
It seems that it's tied to this as a reserved keyword key for groupName (and accountName it seems).
We'll consider to rename our group so, but maybe a warning should come up when such a group with reserved prefix is created
Moreover, in your regex /^key/, what happen if somebody creates a keykeylogy group?
Thanks anyway.
Edit: Missed copy/paste.
from the-bastion.
speed47
commented on June 22, 2024
Closing this issue, and opening another one (without the "bug" tag) for the future feature of supporting groups names starting with "key"
from the-bastion.
Related Issues (20)
- Connect through Bastion using SSH config file HOT 4
- vim seems to crash session replay HOT 9
- Enforce connecting with user login8 on group access server HOT 2
- Take global `ssh_config` file into account and autocomplete host names HOT 2
- Connection to the Bastion takes many seconds HOT 2
- SCP Failure - Error 255
- master can't sync with slave HOT 1
- Arista - Add ssh key on a switch with "from" pattern HOT 1
- An alternative method to log into bastion.
- Synchronization between master and slave HOT 6
- Use a global folder for ttyrec sessions HOT 1
- SFTP plugin instead of SCP on recent OpenSSH versions HOT 2
- Login with user@domain HOT 2
- Accepting [email protected] for ingress key HOT 1
- Upgrade errors: [ERR.] <x> doesn't seem to be a valid bastion group HOT 1
- User suffix for device/network HOT 3
- pam-u2f in code or a configuration to do ? HOT 3
- Error when installing with ttyrec HOT 3
- Disable MFA verification when using an SK
- Feature Request: `*-sk` keys supporting PIV-like policies HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from the-bastion.