add get_config function to sshproxyctl

Author: cyrilst

cmd/sshproxy/sshproxy.go

@@ -298,28 +298,9 @@ func mainExitCode() int {
 	syslogformat := fmt.Sprintf("%%{level} %s: %%{message}", sid)
 	utils.MustSetupLogging("sshproxy", config.Log, logformat, syslogformat, config.Debug)
 
-	log.Debugf("groups = %v", groups)
-	log.Debugf("config.debug = %v", config.Debug)
-	log.Debugf("config.log = %s", config.Log)
-	log.Debugf("config.check_interval = %s", config.CheckInterval.Duration())
-	log.Debugf("config.error_banner = %s", config.ErrorBanner)
-	log.Debugf("config.dump = %s", config.Dump)
-	log.Debugf("config.dump_limit_size = %d", config.DumpLimitSize)
-	log.Debugf("config.dump_limit_window = %s", config.DumpLimitWindow.Duration())
-	log.Debugf("config.etcd_stats_interval = %s", config.EtcdStatsInterval.Duration())
-	log.Debugf("config.log_stats_interval = %s", config.LogStatsInterval.Duration())
-	log.Debugf("config.etcd = %+v", config.Etcd)
-	log.Debugf("config.bg_command = %s", config.BgCommand)
-	for k, v := range config.TranslateCommands {
-		log.Debugf("config.TranslateCommands.%s = %+v", k, v)
-	}
-	log.Debugf("config.environment = %v", config.Environment)
-	for k, v := range config.Routes {
-		log.Debugf("config.routes.%s = %+v", k, v)
-	}
-	log.Debugf("config.max_connections_per_user = %d", config.MaxConnectionsPerUser)
-	log.Debugf("config.ssh.exe = %s", config.SSH.Exe)
-	log.Debugf("config.ssh.args = %v", config.SSH.Args)
+	for _, configLine := range utils.PrintConfig(config, groups) {
+		log.Debug(configLine)
+	}
 
 	log.Infof("%s connected from %s to sshd listening on %s", username, sshInfos.Src(), sshInfos.Dst())
 	defer log.Info("disconnected")

cmd/sshproxyctl/sshproxyctl.go

@@ -18,8 +18,10 @@ import (
 	"log"
 	"net"
 	"os"
+	"os/user"
 	"sort"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/cea-hpc/sshproxy/pkg/utils"
@@ -443,6 +445,7 @@ The commands are:
   forget        forget a host in etcd
   disable       disable a host in etcd
   error_banner  set the error banner in etcd
+  get_config    display the calculated configuration
 
 The common options are:
 `, os.Args[0])
@@ -552,6 +555,24 @@ The options are:
 	return fs
 }
 
+func newGetConfigParser(userFlag *string, groupsFlag *string) *flag.FlagSet {
+	fs := flag.NewFlagSet("get_config", flag.ExitOnError)
+	fs.StringVar(userFlag, "user", "", "get the config for this specific user")
+	fs.StringVar(groupsFlag, "groups", "", "get the config for these specific groups (comma separated)")
+	fs.Usage = func() {
+		fmt.Fprintf(flag.CommandLine.Output(), `Usage: %s get_config [-user USER] [-groups GROUPS]
+
+Display the calculated configuration. If a user is given, its system groups (if
+any) are added to the given groups.
+
+The options are:
+`, os.Args[0])
+		fs.PrintDefaults()
+		os.Exit(2)
+	}
+	return fs
+}
+
 func getHostPortFromCommandLine(args []string) ([]string, []string, error) {
 	hostsNodeset, portsNodeset := "", defaultHostPort
 	switch len(args) {
@@ -645,6 +666,8 @@ func main() {
 	var jsonFlag bool
 	var allFlag bool
 	var expire string
+	var userString string
+	var groupsString string
 
 	parsers := map[string]*flag.FlagSet{
 		"help":         newHelpParser(),
@@ -654,6 +677,7 @@ func main() {
 		"forget":       newForgetParser(),
 		"disable":      newDisableParser(),
 		"error_banner": newErrorBannerParser(&expire),
+		"get_config":   newGetConfigParser(&userString, &groupsString),
 	}
 
 	cmd := flag.Arg(0)
@@ -759,6 +783,33 @@ func main() {
 			p.Usage()
 		}
 		setErrorBanner(errorBanner, t, *configFile)
+	case "get_config":
+		p := parsers[cmd]
+		p.Parse(args)
+		groupsMap := make(map[string]bool)
+		userComment := ""
+		// get system groups of given user, if it exists
+		userObject, err := user.Lookup(userString)
+		if err != nil {
+			userComment = " (unknown on this system)"
+		} else {
+			groupsMap, _ = utils.GetGroupUser(userObject)
+		}
+		// add given groups to system groups
+		for _, group := range strings.Split(groupsString, ",") {
+			if group != "" {
+				groupsMap[group] = true
+			}
+		}
+		// get config for given user / groups
+		config, err := utils.LoadConfig(*configFile, userString, "", time.Now(), groupsMap)
+		if err != nil {
+			log.Fatalf("reading configuration file %s: %v", *configFile, err)
+		}
+		fmt.Fprintf(os.Stdout, "user = %s%s\n", userString, userComment)
+		for _, configLine := range utils.PrintConfig(config, groupsMap) {
+			fmt.Fprintln(os.Stdout, configLine)
+		}
 	default:
 		fmt.Fprintf(os.Stderr, "ERROR: unknown command: %s\n\n", cmd)
 		usage()

doc/sshproxyctl.txt

@@ -55,7 +55,7 @@ COMMANDS
 	appear back in the list. The port by default is 22 if not specified.
 	Host and port can be nodesets.
 
-*error_banner [-expire] MESSAGE*::
+*error_banner [-expire EXPIRATION] MESSAGE*::
 	Set the error banner in etcd. Removes the error banner in etcd if
 	'MESSAGE' is absent. 'MESSAGE' can be multiline. The error banner is
 	displayed to the client when no backend can be reached (more
@@ -83,6 +83,12 @@ COMMANDS
 *show error_banner*::
 	Show error banners stored in etcd and in configuration.
 
+*get_config [-user USER] [-groups GROUPS]*::
+	Display the calculated configuration. If a user is given, its system
+	groups (if any) are added to the given groups. If a user and/or groups
+	are given with '-user' and '-groups' options, the configuration will
+	be calculated for these specific user/groups.
+
 
 FILES
 -----

misc/sshproxyctl-completion.bash

@@ -5,7 +5,7 @@ _sshproxyctl() {
         COMPREPLY=()
         cur="${COMP_WORDS[COMP_CWORD]}"
         prev="${COMP_WORDS[COMP_CWORD-1]}"
-        commands="disable enable error_banner forget help show version"
+        commands="disable enable error_banner forget get_config help show version"
         opts="-h -c ${commands}"
 
         case "${prev}" in
@@ -30,6 +30,9 @@ _sshproxyctl() {
             error_banner)
                 COMPREPLY=( $(compgen -W '-expire' -- "${cur}") )
                 ;;
+            get_config)
+                COMPREPLY=( $(compgen -W '-user -groups' -- "${cur}") )
+                ;;
             -all)
                 COMPREPLY=( $(compgen -W '-csv -json connections users groups' -- "${cur}") )
                 ;;

pkg/utils/config.go

@@ -111,6 +111,33 @@ type subConfig struct {
 	SSH                   sshConfig
 }
 
+// Return slice of strings containing formatted configuration values
+func PrintConfig(config *Config, groups map[string]bool) []string {
+	output := []string{fmt.Sprintf("groups = %v", groups)}
+	output = append(output, fmt.Sprintf("config.debug = %v", config.Debug))
+	output = append(output, fmt.Sprintf("config.log = %s", config.Log))
+	output = append(output, fmt.Sprintf("config.check_interval = %s", config.CheckInterval.Duration()))
+	output = append(output, fmt.Sprintf("config.error_banner = %s", config.ErrorBanner))
+	output = append(output, fmt.Sprintf("config.dump = %s", config.Dump))
+	output = append(output, fmt.Sprintf("config.dump_limit_size = %d", config.DumpLimitSize))
+	output = append(output, fmt.Sprintf("config.dump_limit_window = %s", config.DumpLimitWindow.Duration()))
+	output = append(output, fmt.Sprintf("config.etcd_stats_interval = %s", config.EtcdStatsInterval.Duration()))
+	output = append(output, fmt.Sprintf("config.log_stats_interval = %s", config.LogStatsInterval.Duration()))
+	output = append(output, fmt.Sprintf("config.etcd = %+v", config.Etcd))
+	output = append(output, fmt.Sprintf("config.bg_command = %s", config.BgCommand))
+	for k, v := range config.TranslateCommands {
+		output = append(output, fmt.Sprintf("config.TranslateCommands.%s = %+v", k, v))
+	}
+	output = append(output, fmt.Sprintf("config.environment = %v", config.Environment))
+	for k, v := range config.Routes {
+		output = append(output, fmt.Sprintf("config.routes.%s = %+v", k, v))
+	}
+	output = append(output, fmt.Sprintf("config.max_connections_per_user = %d", config.MaxConnectionsPerUser))
+	output = append(output, fmt.Sprintf("config.ssh.exe = %s", config.SSH.Exe))
+	output = append(output, fmt.Sprintf("config.ssh.args = %v", config.SSH.Args))
+	return output
+}
+
 func parseSubConfig(config *Config, subconfig *subConfig) error {
 	if subconfig.Debug != nil {
 		config.Debug = subconfig.Debug.(bool)