From 67a074c8df2a31e507830f3d3d637f1063f03eec Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 15 Feb 2023 09:49:16 +0800 Subject: [PATCH] fix: align developer blocking flag with API --- cmd/ssh-portal-api/serve.go | 8 ++++---- cmd/ssh-token/serve.go | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cmd/ssh-portal-api/serve.go b/cmd/ssh-portal-api/serve.go index e6bf5f7e..c2ad7f6b 100644 --- a/cmd/ssh-portal-api/serve.go +++ b/cmd/ssh-portal-api/serve.go @@ -21,7 +21,7 @@ type ServeCmd struct { APIDBDatabase string `kong:"default='infrastructure',env='API_DB_DATABASE',help='Lagoon API DB Database Name'"` APIDBPassword string `kong:"required,env='API_DB_PASSWORD',help='Lagoon API DB Password'"` APIDBUsername string `kong:"default='api',env='API_DB_USERNAME',help='Lagoon API DB Username'"` - DeveloperCanSSH bool `kong:"default='true',env='DEVELOPER_CAN_SSH',help='Developer permission to SSH to Development environments'"` + BlockDeveloperSSH bool `kong:"env='BLOCK_DEVELOPER_SSH',help='Disallow Developer SSH access'"` KeycloakBaseURL string `kong:"required,env='KEYCLOAK_BASE_URL',help='Keycloak Base URL'"` KeycloakClientID string `kong:"default='service-api',env='KEYCLOAK_SERVICE_API_CLIENT_ID',help='Keycloak OAuth2 Client ID'"` KeycloakClientSecret string `kong:"required,env='KEYCLOAK_SERVICE_API_CLIENT_SECRET',help='Keycloak OAuth2 Client Secret'"` @@ -39,10 +39,10 @@ func (cmd *ServeCmd) Run(log *zap.Logger) error { defer stop() // init RBAC permission engine var p *rbac.Permission - if cmd.DeveloperCanSSH { - p = rbac.NewPermission() - } else { + if cmd.BlockDeveloperSSH { p = rbac.NewPermission(rbac.BlockDeveloperSSH()) + } else { + p = rbac.NewPermission() } // init lagoon DB client dbConf := mysql.NewConfig() diff --git a/cmd/ssh-token/serve.go b/cmd/ssh-token/serve.go index 400bf52c..e4fa4fd4 100644 --- a/cmd/ssh-token/serve.go +++ b/cmd/ssh-token/serve.go @@ -22,7 +22,7 @@ type ServeCmd struct { APIDBDatabase string `kong:"default='infrastructure',env='API_DB_DATABASE',help='Lagoon API DB Database Name'"` APIDBPassword string `kong:"required,env='API_DB_PASSWORD',help='Lagoon API DB Password'"` APIDBUsername string `kong:"default='api',env='API_DB_USERNAME',help='Lagoon API DB Username'"` - DeveloperCanSSH bool `kong:"default='true',env='DEVELOPER_CAN_SSH',help='Developer permission to SSH to Development environments'"` + BlockDeveloperSSH bool `kong:"env='BLOCK_DEVELOPER_SSH',help='Disallow Developer SSH access'"` HostKeyECDSA string `kong:"env='HOST_KEY_ECDSA',help='PEM encoded ECDSA host key'"` HostKeyED25519 string `kong:"env='HOST_KEY_ED25519',help='PEM encoded Ed25519 host key'"` HostKeyRSA string `kong:"env='HOST_KEY_RSA',help='PEM encoded RSA host key'"` @@ -45,10 +45,10 @@ func (cmd *ServeCmd) Run(log *zap.Logger) error { defer stop() // init RBAC permission engine var p *rbac.Permission - if cmd.DeveloperCanSSH { - p = rbac.NewPermission() - } else { + if cmd.BlockDeveloperSSH { p = rbac.NewPermission(rbac.BlockDeveloperSSH()) + } else { + p = rbac.NewPermission() } // init lagoon DB client dbConf := mysql.NewConfig()