[GH-ISSUE #178] If group name contains "key" in it, it is truncated in output #43

New issue

Closed

opened 2026-05-07 00:18:04 +02:00 by BreizhHardware · 3 comments

BreizhHardware commented

2026-05-07 00:18:04 +02:00

Owner

Originally created by @jonathanmarsaud on GitHub (Apr 29, 2021).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/178

We created a group named keylogy on The Bastion and noted that in all outputs of commands like groupInfo --group keylogy, the group name is truncated to logy.

jonathanmarsaud@bssh(slave)> groupInfo --group keylogy
---<redacted>--------------------------------------------the-bastion-3.03.01---
=> group info
--------------------------------------------------------------------------------
~ Group logy's Owners are: <redacted>
~ Group logy's GateKeepers (managing the members/guests list) are: <redacted>
~ Group logy's ACLKeepers (managing the group servers list) are: <redacted>
~ Group logy's Members (with access to ALL the group servers) are: <redacted>
~ Group logy's Guests (with access to SOME of the group servers) are: -
~  
~ The public key of this group is:
~  
~ fingerprint: <redacted>
~ keyline follows, please copy the *whole* line:
from="<redacted>" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBQoSC81Q5s92Ysi/VTou2GFNyv0jmK5ctq9d427YzYN logy@bssh:1619685770

Originally created by @jonathanmarsaud on GitHub (Apr 29, 2021). Original GitHub issue: https://github.com/ovh/the-bastion/issues/178 We created a group named `keylogy` on The Bastion and noted that in all outputs of commands like `groupInfo --group keylogy`, the group name is truncated to `logy`. ``` jonathanmarsaud@bssh(slave)> groupInfo --group keylogy ---<redacted>--------------------------------------------the-bastion-3.03.01--- => group info -------------------------------------------------------------------------------- ~ Group logy's Owners are: <redacted> ~ Group logy's GateKeepers (managing the members/guests list) are: <redacted> ~ Group logy's ACLKeepers (managing the group servers list) are: <redacted> ~ Group logy's Members (with access to ALL the group servers) are: <redacted> ~ Group logy's Guests (with access to SOME of the group servers) are: - ~ ~ The public key of this group is: ~ ~ fingerprint: <redacted> ~ keyline follows, please copy the *whole* line: from="<redacted>" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBQoSC81Q5s92Ysi/VTou2GFNyv0jmK5ctq9d427YzYN logy@bssh:1619685770 ```

BreizhHardware

2026-05-07 00:18:04 +02:00

closed this issue
added the
bug
label

BreizhHardware commented

2026-05-07 00:18:06 +02:00

Author

Owner

@jonathanmarsaud commented on GitHub (Apr 29, 2021):

It seems that it's tied to this as a reserved keyword key for groupName (and accountName it seems).
We'll consider to rename our group so, but maybe a warning should come up when such a group with reserved prefix is created

Moreover, in your regex /^key/, what happen if somebody creates a keykeylogy group?

Thanks anyway.

Edit: Missed copy/paste.

@jonathanmarsaud commented on GitHub (Apr 29, 2021): It seems that it's tied to [this](https://github.com/ovh/the-bastion/blob/c2b4bb192a8f2ac16d9a0bf032128685336e8126/lib/perl/OVH/Bastion/allowkeeper.inc#L584) as a reserved keyword `key` for groupName (and accountName it seems). We'll consider to rename our group so, but maybe a warning should come up when such a group with reserved prefix is created Moreover, in your regex `/^key/`, what happen if somebody creates a `keykeylogy` group? Thanks anyway. Edit: Missed copy/paste.

BreizhHardware commented

2026-05-07 00:18:06 +02:00

Author

Owner

@speed47 commented on GitHub (May 19, 2021):

Nice catch, you're right key is a reserved prefix, I'll add a pre-check to groupCreate to ensure such group can't be created.
As you probably saw, all the bastion group names (actually, bastion group roles) are mapped to OS groups, using the "key" prefix (and some suffixes for the roles).

Removing this constraint can be done, but it needs thorough testing, to ensure there's no confusion between "a bastion group name" and "a system group mapped to a bastion group" anywhere in the code. So I'll start by just denying the creation of such groups, and lifting this limitation only when I'm sure there are no longer any side effect of prepending a group name with key.

@speed47 commented on GitHub (May 19, 2021): Nice catch, you're right `key` is a reserved prefix, I'll add a pre-check to `groupCreate` to ensure such group can't be created. As you probably saw, all the bastion group names (actually, bastion group roles) are mapped to OS groups, using the "key" prefix (and some suffixes for the roles). Removing this constraint can be done, but it needs thorough testing, to ensure there's no confusion between "a bastion group name" and "a system group mapped to a bastion group" anywhere in the code. So I'll start by just denying the creation of such groups, and lifting this limitation only when I'm sure there are no longer any side effect of prepending a group name with `key`.

BreizhHardware commented

2026-05-07 00:18:06 +02:00

Author

Owner

@speed47 commented on GitHub (May 19, 2021):

Closing this issue, and opening another one (without the "bug" tag) for the future feature of supporting groups names starting with "key"

@speed47 commented on GitHub (May 19, 2021): Closing this issue, and opening another one (without the "bug" tag) for the future feature of supporting groups names starting with "key"