starred/the-bastion
1
0
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2026-05-09 08:25:27 +02:00
Code Issues 46 Projects Packages Wiki Activity

[GH-ISSUE #259] --force-key doesn't work for groups #68

New issue
Closed
opened 2026-05-07 00:18:20 +02:00 by BreizhHardware · 5 comments
BreizhHardware commented 2026-05-07 00:18:20 +02:00
Owner
Copy link

Originally created by @madchrist on GitHub (Nov 2, 2021).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/259

Right now using groupAddServer (...) --force-key <key-fingerprint> always results in an invalid fingerprint error

I checked the code a little and found a few missing pieces, but there might be others:

  • bin/plugin/group-aclkeeper/groupAddServer:21 force-key should be force-key=s (which is why the fingerprint is always considered invalid)
  • bin/plugin/group-aclkeeper/groupAddServer.json doesn't support --force-key completion
  • bin/helper/osh-groupAddServer:46 is missing a force-key parameter
  • tests/functional/tests.d/ --force-key is only tested with selfAddPersonalAccess
Originally created by @madchrist on GitHub (Nov 2, 2021). Original GitHub issue: https://github.com/ovh/the-bastion/issues/259 Right now using `groupAddServer (...) --force-key <key-fingerprint>` always results in an *invalid fingerprint* error I checked the code a little and found a few missing pieces, but there might be others: * `bin/plugin/group-aclkeeper/groupAddServer:21` *force-key* should be *force-key=s* (which is why the fingerprint is always considered invalid) * `bin/plugin/group-aclkeeper/groupAddServer.json` doesn't support `--force-key` completion * `bin/helper/osh-groupAddServer:46` is missing a *force-key* parameter * `tests/functional/tests.d/` `--force-key` is only tested with `selfAddPersonalAccess`
BreizhHardware 2026-05-07 00:18:20 +02:00
  • closed this issue
  • added the
    bug
         label
BreizhHardware commented 2026-05-07 00:18:21 +02:00
Author
Owner
Copy link

@speed47 commented on GitHub (Nov 2, 2021):

You pretty much nailed it! The main problem being that as you pinpointed, there are no tests for this command for groups, only for personal accesses, and we didn't stumble upon it because we rarely use --force-key, as it's only on personal accesses in our workflows. We use that only for network devices, but I'm sure this is also your use case ;)

Fixing this.

<!-- gh-comment-id:957770390 --> @speed47 commented on GitHub (Nov 2, 2021): You pretty much nailed it! The main problem being that as you pinpointed, there are no tests for this command for groups, only for personal accesses, and we didn't stumble upon it because we rarely use `--force-key`, as it's only on personal accesses in our workflows. We use that only for network devices, but I'm sure this is also your use case ;) Fixing this.
BreizhHardware commented 2026-05-07 00:18:22 +02:00
Author
Owner
Copy link

@KarlAustin commented on GitHub (Mar 29, 2023):

Hi,

Just wondering if there is any news on this being fixed as it still seems to be broken in 3.11.01? The alternative at the moment is managing multiple groups (new/legacy) for items and that's no ideal.

Thanks,

Karl

<!-- gh-comment-id:1488615240 --> @KarlAustin commented on GitHub (Mar 29, 2023): Hi, Just wondering if there is any news on this being fixed as it still seems to be broken in 3.11.01? The alternative at the moment is managing multiple groups (new/legacy) for items and that's no ideal. Thanks, Karl
BreizhHardware commented 2026-05-07 00:18:22 +02:00
Author
Owner
Copy link

@speed47 commented on GitHub (Mar 31, 2023):

Hello, thanks for the reminder, I have started a branch for this some time ago, but for some reason didn't finish it.
I'm scheduling this for the next release, which should be easy as >50% of the work is already done.

<!-- gh-comment-id:1491813174 --> @speed47 commented on GitHub (Mar 31, 2023): Hello, thanks for the reminder, I have started a branch for this some time ago, but for some reason didn't finish it. I'm scheduling this for the next release, which should be easy as >50% of the work is already done.
BreizhHardware commented 2026-05-07 00:18:22 +02:00
Author
Owner
Copy link

@KarlAustin commented on GitHub (Mar 31, 2023):

Ah that's amazing, thank you.

<!-- gh-comment-id:1492199372 --> @KarlAustin commented on GitHub (Mar 31, 2023): Ah that's amazing, thank you.
BreizhHardware commented 2026-05-07 00:18:23 +02:00
Author
Owner
Copy link

@KarlAustin commented on GitHub (Feb 26, 2025):

My apologies, I never actually got around to testing this as I'd setup a workaround (a separate group). I've come back to this today as part of a tidy-up and force-key whilst accepted when adding a server, doesn't actually force that key. I can see that it attempted to connect with the first key added to the group, not the key with the given fingerprint.

Thanks.

<!-- gh-comment-id:2684568612 --> @KarlAustin commented on GitHub (Feb 26, 2025): My apologies, I never actually got around to testing this as I'd setup a workaround (a separate group). I've come back to this today as part of a tidy-up and force-key whilst accepted when adding a server, doesn't actually force that key. I can see that it attempted to connect with the first key added to the group, not the key with the given fingerprint. Thanks.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
expifix
groupcreate_fix_uid
fix_group_gid_fast
gh-pages
clush
expiration
jsonvalidator
v3.23.01
v3.23.00
v3.22.00
v3.21.00
v3.20.00
v3.19.01
v3.19.00
v3.18.99-rc1
v3.18.00
v3.17.01
v3.17.00
v3.16.99-rc3
v3.16.99-rc2
v3.16.99-rc1
v3.16.01
v3.16.00
v3.15.00
v3.14.16
v3.14.15
v3.14.00
v3.13.01
v3.13.00
v3.12.00
v3.11.02
v3.11.01
v3.11.00
v3.10.00
v3.09.02
v3.09.00-really
v3.09.00
v3.09.00-rc3
v3.09.00-rc2
v3.09.00-rc1
v3.08.01
v3.08.00
v3.07.00
v3.06.00
v3.05.01
v3.05.00
v3.04.00
v3.03.99-rc2
v3.03.99-rc1
v3.03.01
v3.03.00
v3.02.00
v3.01.99-rc4
v3.01.99-rc3
v3.01.99-rc2
v3.01.99-rc1
v3.01.03
v3.01.02
v3.01.01
v3.01.00
v3.00.02
v3.00.01
v3.00.00
Labels
Clear labels   
answered

   
bug

   
documentation

   
enhancement

   
enhancement

   
feature

   
feature

   
kept-open-for-info

   
pull-request
Mirrored from GitHub Pull Request

  
question
No labels
answered
bug
documentation
enhancement
enhancement
feature
feature
kept-open-for-info
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/the-bastion#68
No description provided.