fix: align developer blocking flag with API

uselagoon · Feb 15, 2023 · 67a074c · 67a074c
1 parent 946c029
commit 67a074c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/cmd/ssh-portal-api/serve.go b/cmd/ssh-portal-api/serve.go
@@ -21,7 +21,7 @@ type ServeCmd struct {
 	APIDBDatabase        string `kong:"default='infrastructure',env='API_DB_DATABASE',help='Lagoon API DB Database Name'"`
 	APIDBPassword        string `kong:"required,env='API_DB_PASSWORD',help='Lagoon API DB Password'"`
 	APIDBUsername        string `kong:"default='api',env='API_DB_USERNAME',help='Lagoon API DB Username'"`
-	DeveloperCanSSH      bool   `kong:"default='true',env='DEVELOPER_CAN_SSH',help='Developer permission to SSH to Development environments'"`
+	BlockDeveloperSSH    bool   `kong:"env='BLOCK_DEVELOPER_SSH',help='Disallow Developer SSH access'"`
 	KeycloakBaseURL      string `kong:"required,env='KEYCLOAK_BASE_URL',help='Keycloak Base URL'"`
 	KeycloakClientID     string `kong:"default='service-api',env='KEYCLOAK_SERVICE_API_CLIENT_ID',help='Keycloak OAuth2 Client ID'"`
 	KeycloakClientSecret string `kong:"required,env='KEYCLOAK_SERVICE_API_CLIENT_SECRET',help='Keycloak OAuth2 Client Secret'"`
@@ -39,10 +39,10 @@ func (cmd *ServeCmd) Run(log *zap.Logger) error {
 	defer stop()
 	// init RBAC permission engine
 	var p *rbac.Permission
-	if cmd.DeveloperCanSSH {
-		p = rbac.NewPermission()
-	} else {
+	if cmd.BlockDeveloperSSH {
 		p = rbac.NewPermission(rbac.BlockDeveloperSSH())
+	} else {
+		p = rbac.NewPermission()
 	}
 	// init lagoon DB client
 	dbConf := mysql.NewConfig()

diff --git a/cmd/ssh-token/serve.go b/cmd/ssh-token/serve.go
@@ -22,7 +22,7 @@ type ServeCmd struct {
 	APIDBDatabase                  string `kong:"default='infrastructure',env='API_DB_DATABASE',help='Lagoon API DB Database Name'"`
 	APIDBPassword                  string `kong:"required,env='API_DB_PASSWORD',help='Lagoon API DB Password'"`
 	APIDBUsername                  string `kong:"default='api',env='API_DB_USERNAME',help='Lagoon API DB Username'"`
-	DeveloperCanSSH                bool   `kong:"default='true',env='DEVELOPER_CAN_SSH',help='Developer permission to SSH to Development environments'"`
+	BlockDeveloperSSH              bool   `kong:"env='BLOCK_DEVELOPER_SSH',help='Disallow Developer SSH access'"`
 	HostKeyECDSA                   string `kong:"env='HOST_KEY_ECDSA',help='PEM encoded ECDSA host key'"`
 	HostKeyED25519                 string `kong:"env='HOST_KEY_ED25519',help='PEM encoded Ed25519 host key'"`
 	HostKeyRSA                     string `kong:"env='HOST_KEY_RSA',help='PEM encoded RSA host key'"`
@@ -45,10 +45,10 @@ func (cmd *ServeCmd) Run(log *zap.Logger) error {
 	defer stop()
 	// init RBAC permission engine
 	var p *rbac.Permission
-	if cmd.DeveloperCanSSH {
-		p = rbac.NewPermission()
-	} else {
+	if cmd.BlockDeveloperSSH {
 		p = rbac.NewPermission(rbac.BlockDeveloperSSH())
+	} else {
+		p = rbac.NewPermission()
 	}
 	// init lagoon DB client
 	dbConf := mysql.NewConfig()