[PR #141] [MERGED] Group generate egress key (#135) #272

New issue

Closed

opened 2026-05-07 00:20:06 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented 2026-05-07 00:20:06 +02:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/ovh/the-bastion/pull/141
Author: @speed47
Created: 2/15/2021
Status: ✅ Merged
Merged: 2/17/2021
Merged by: @speed47

Base: master ← Head: groupGenerateEgressKey

---

📝 Commits (10+)

• dd1b594 enh: groupInfo: nicer message when no egress key exists
• 7b912b0 fix: groupModify: deny early if user is not an owner of the group
• f8592d9 chore: fix typo in documentation
• a3ecb48 fix: execute: remove osh_warn on tainted params to avoid exposing arguments on coding error
• 678e64d fix: groupSetRole: pass sudo param to subfuncs to avoid a security warning
• 3f47867 enh: get_group_keys: return the keyhome to avoid hardcoding it on several places
• 79733df enh: egress ssh key: compute an ID so that keys can be pointed to and deleted
• f52cf72 feat: add groupGenerateEgressKey and groupDelEgressKey
• 2569ec5 enh: move unexpected-sudo messages from security to code-warning type
• 5c13f46 doc: update

📊 Changes

25 files changed (+790 additions, -115 deletions)

View changed files

➕ bin/helper/osh-groupDelEgressKey (+133 -0)
➕ bin/helper/osh-groupGenerateEgressKey (+138 -0)
📝 bin/helper/osh-groupModify (+2 -2)
➕ bin/plugin/group-owner/groupDelEgressKey (+61 -0)
➕ bin/plugin/group-owner/groupDelEgressKey.json (+10 -0)
➕ bin/plugin/group-owner/groupGenerateEgressKey (+94 -0)
➕ bin/plugin/group-owner/groupGenerateEgressKey.json (+14 -0)
📝 bin/plugin/group-owner/groupModify (+5 -0)
📝 bin/plugin/open/groupInfo (+4 -1)
📝 bin/plugin/open/selfGenerateEgressKey (+23 -66)
📝 doc/sphinx/administration/logs.rst (+8 -8)
📝 doc/sphinx/build-plugins-help.sh (+2 -0)
📝 doc/sphinx/installation/basic.rst (+1 -1)
📝 doc/sphinx/installation/upgrading.rst (+1 -1)
➕ doc/sphinx/plugins/group-owner/groupDelEgressKey.rst (+26 -0)
➕ doc/sphinx/plugins/group-owner/groupGenerateEgressKey.rst (+58 -0)
📝 doc/sphinx/plugins/group-owner/index.rst (+2 -0)
📝 etc/sudoers.group.template.d/500-base.sudoers (+6 -0)
➕ lib/perl/OVH/Bastion/Plugin/generateEgressKey.pm (+124 -0)
📝 lib/perl/OVH/Bastion/Plugin/groupSetRole.pm (+3 -3)

...and 5 more files

📄 Description

No description provided

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ovh/the-bastion/pull/141 **Author:** [@speed47](https://github.com/speed47) **Created:** 2/15/2021 **Status:** ✅ Merged **Merged:** 2/17/2021 **Merged by:** [@speed47](https://github.com/speed47) **Base:** `master` ← **Head:** `groupGenerateEgressKey` --- ### 📝 Commits (10+) - [`dd1b594`](https://github.com/ovh/the-bastion/commit/dd1b59443407f2ae5474ebd250f21e669afeaa89) enh: groupInfo: nicer message when no egress key exists - [`7b912b0`](https://github.com/ovh/the-bastion/commit/7b912b0ac86c8cb83a900972f9a3dac663a4bf2f) fix: groupModify: deny early if user is not an owner of the group - [`f8592d9`](https://github.com/ovh/the-bastion/commit/f8592d95134d37c6f4725e088978318786007ced) chore: fix typo in documentation - [`a3ecb48`](https://github.com/ovh/the-bastion/commit/a3ecb485430833103fa43f9db6925f7c48b16293) fix: execute: remove osh_warn on tainted params to avoid exposing arguments on coding error - [`678e64d`](https://github.com/ovh/the-bastion/commit/678e64d0451eb5a69cd548fc342000399713caee) fix: groupSetRole: pass sudo param to subfuncs to avoid a security warning - [`3f47867`](https://github.com/ovh/the-bastion/commit/3f478672b4426972e2d6921ca7896744deaecee1) enh: get_group_keys: return the keyhome to avoid hardcoding it on several places - [`79733df`](https://github.com/ovh/the-bastion/commit/79733df62c6ccc4363d55d0203ff58855d4ff992) enh: egress ssh key: compute an ID so that keys can be pointed to and deleted - [`f52cf72`](https://github.com/ovh/the-bastion/commit/f52cf72d2a1608267f5fb302a0115c0b10923806) feat: add groupGenerateEgressKey and groupDelEgressKey - [`2569ec5`](https://github.com/ovh/the-bastion/commit/2569ec59c01c3ef4a0032534025c2b8452d31623) enh: move unexpected-sudo messages from security to code-warning type - [`5c13f46`](https://github.com/ovh/the-bastion/commit/5c13f4674cd1c7d6d7ade4a52bda0ef14f98f609) doc: update ### 📊 Changes **25 files changed** (+790 additions, -115 deletions) <details> <summary>View changed files</summary> ➕ `bin/helper/osh-groupDelEgressKey` (+133 -0) ➕ `bin/helper/osh-groupGenerateEgressKey` (+138 -0) 📝 `bin/helper/osh-groupModify` (+2 -2) ➕ `bin/plugin/group-owner/groupDelEgressKey` (+61 -0) ➕ `bin/plugin/group-owner/groupDelEgressKey.json` (+10 -0) ➕ `bin/plugin/group-owner/groupGenerateEgressKey` (+94 -0) ➕ `bin/plugin/group-owner/groupGenerateEgressKey.json` (+14 -0) 📝 `bin/plugin/group-owner/groupModify` (+5 -0) 📝 `bin/plugin/open/groupInfo` (+4 -1) 📝 `bin/plugin/open/selfGenerateEgressKey` (+23 -66) 📝 `doc/sphinx/administration/logs.rst` (+8 -8) 📝 `doc/sphinx/build-plugins-help.sh` (+2 -0) 📝 `doc/sphinx/installation/basic.rst` (+1 -1) 📝 `doc/sphinx/installation/upgrading.rst` (+1 -1) ➕ `doc/sphinx/plugins/group-owner/groupDelEgressKey.rst` (+26 -0) ➕ `doc/sphinx/plugins/group-owner/groupGenerateEgressKey.rst` (+58 -0) 📝 `doc/sphinx/plugins/group-owner/index.rst` (+2 -0) 📝 `etc/sudoers.group.template.d/500-base.sudoers` (+6 -0) ➕ `lib/perl/OVH/Bastion/Plugin/generateEgressKey.pm` (+124 -0) 📝 `lib/perl/OVH/Bastion/Plugin/groupSetRole.pm` (+3 -3) _...and 5 more files_ </details> ### 📄 Description _No description provided_ --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

BreizhHardware 2026-05-07 00:20:06 +02:00

• closed this issue
• added the
  pull-request
  label

BreizhHardware referenced this issue 2026-05-07 00:20:32 +02:00

[PR #272] [MERGED] Doc #361

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

expifix

groupcreate_fix_uid

fix_group_gid_fast

gh-pages

clush

expiration

jsonvalidator

v3.23.01

v3.23.00

v3.22.00

v3.21.00

v3.20.00

v3.19.01

v3.19.00

v3.18.99-rc1

v3.18.00

v3.17.01

v3.17.00

v3.16.99-rc3

v3.16.99-rc2

v3.16.99-rc1

v3.16.01

v3.16.00

v3.15.00

v3.14.16

v3.14.15

v3.14.00

v3.13.01

v3.13.00

v3.12.00

v3.11.02

v3.11.01

v3.11.00

v3.10.00

v3.09.02

v3.09.00-really

v3.09.00

v3.09.00-rc3

v3.09.00-rc2

v3.09.00-rc1

v3.08.01

v3.08.00

v3.07.00

v3.06.00

v3.05.01

v3.05.00

v3.04.00

v3.03.99-rc2

v3.03.99-rc1

v3.03.01

v3.03.00

v3.02.00

v3.01.99-rc4

v3.01.99-rc3

v3.01.99-rc2

v3.01.99-rc1

v3.01.03

v3.01.02

v3.01.01

v3.01.00

v3.00.02

v3.00.01

v3.00.00

Labels

Clear labels   

answered

  

bug

  

documentation

  

enhancement

  

enhancement

  

feature

  

feature

  

kept-open-for-info

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

answered

bug

documentation

enhancement

enhancement

feature

feature

kept-open-for-info

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/the-bastion#272

No description provided.