Add the possibility of comma-separated groups and users

Author: cyrilst

Makefile

@@ -1,4 +1,4 @@
-SSHPROXY_VERSION ?= 1.3.7
+SSHPROXY_VERSION ?= 1.3.8
 SSHPROXY_GIT_URL ?= github.com/cea-hpc/sshproxy
 
 prefix		?= /usr

config/sshproxy.yaml

@@ -127,14 +127,15 @@
 #    default:
 #        dest: ["host5:4222"]
 
-# Each option can be overridden for a Unix group of users.
+# Each option can be overridden for a Unix group of users. Multiple groups can
+# be defined on the same line, separated by commas.
 # If a user is in multiple groups and these groups are defined in the
 # configuration, the configuration of a previous group will be overridden by the
 # next ones.
 # The parameters defined in a "users" option (see below) will be applied last
 # and override groups parameters.
 #groups:
-#    foo:
+#    foo,bar:
 #        debug: true
 #        log: /tmp/sshproxy-foo/{user}.log
 #        # An associative array is used to specify environment, SSH options or
@@ -149,9 +150,10 @@
 #                dest: [hostx]
 
 # Each option can also be overridden for a specific user (eg. for debugging
-# purpose).
+# purpose). Multiple users can be defined on the same line, separated by
+# commas.
 #users:
-#    foo:
+#    foo,bar:
 #        debug: true
 #        log: /tmp/sshproxy-{user}.log
 #        dump: /tmp/sshproxy-{user}-{time}.dump

doc/sshproxy.yaml.txt

@@ -193,6 +193,16 @@ For example if we want to save debug messages for the 'foo' group we define:
 	    foo:
 	        debug: true
 
+It is possible to override the same options for multiple groups in a single
+line, with comma-separated groups.
+
+For example, if we want to save debug messages for the 'foo' and 'bar' groups
+we define:
+
+	groups:
+	    foo,bar:
+	        debug: true
+
 Routes, environment or SSH options can also be defined:
 
 	groups:
@@ -204,7 +214,7 @@ Routes, environment or SSH options can also be defined:
 	        ssh:
 	            args: ["-vvv", "-Y"]
 
-The routes are fully overridden and not merged with previous defined ones.
+The routes are merged with previous defined ones.
 
 If a user belongs to several groups and these groups are defined in the
 configuration file, each setting can be overridden by the next group.
@@ -220,13 +230,14 @@ in '/var/log/sshproxy/admin/\{user}.log' with the following configuration:
 	        log: /var/log/sshproxy/admin/{user}.log
 
 We can also override the parameters for a specific user with the 'users'
-associative array.
+associative array. We can also override the parameters for multiple users in a
+single line, with comma-separated users.
 
-For example if we want to save debug messages for the 'foo' user we
-define:
+For example if we want to save debug messages for the 'foo' and the 'bar'
+users we define:
 
 	users:
-	    foo:
+	    foo,bar:
 	        debug: true
 
 As for the groups, we can modify routes, environment or SSH options:

misc/sshproxy.spec

@@ -3,7 +3,7 @@
 %global debug_package   %{nil}
 
 Name:           sshproxy
-Version:        1.3.7
+Version:        1.3.8
 Release:        1%{?dist}
 Summary:        SSH proxy
 License:        CeCILL-B
@@ -51,7 +51,10 @@ install -p -m 0644 config/sshproxy.yaml %{buildroot}%{_sysconfdir}/sshproxy
 %{_mandir}/man8/sshproxy-replay.8*
 
 %changelog
-* Fri Apr 09 2021 Cyril Servant <[email protected]> - 1.3.7-1
+* Wed Jul 28 2021 Cyril Servant <[email protected]> - 1.3.8-1
+- sshproxy 1.3.8
+
+* Tue Jun 29 2021 Cyril Servant <[email protected]> - 1.3.7-1
 - sshproxy 1.3.7
 
 * Fri Apr 09 2021 Cyril Servant <[email protected]> - 1.3.6-1

pkg/utils/config.go

@@ -14,6 +14,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"regexp"
+	"strings"
 	"time"
 
 	"gopkg.in/yaml.v2"
@@ -170,9 +171,9 @@ func replace(src string, replacer *patternReplacer) string {
 }
 
 // LoadConfig load configuration file and adapt it according to specified user.
-func LoadConfig(filename, username, sid string, start time.Time, groups map[string]bool) (*Config, error) {
+func LoadConfig(filename, currentUsername, sid string, start time.Time, groups map[string]bool) (*Config, error) {
 	patterns := map[string]*patternReplacer{
-		"{user}": {regexp.MustCompile(`{user}`), username},
+		"{user}": {regexp.MustCompile(`{user}`), currentUsername},
 		"{sid}":  {regexp.MustCompile(`{sid}`), sid},
 		"{time}": {regexp.MustCompile(`{time}`), start.Format(time.RFC3339Nano)},
 	}
@@ -198,17 +199,27 @@ func LoadConfig(filename, username, sid string, start time.Time, groups map[stri
 		config.SSH.Args = defaultSSHArgs
 	}
 
-	for groupname, groupconfig := range config.Groups {
-		if groups[groupname] {
-			if err := parseSubConfig(&config, &groupconfig); err != nil {
-				return nil, err
+	for groupnames, groupconfig := range config.Groups {
+		for _, groupname := range strings.Split(groupnames, ",") {
+			if groups[groupname] {
+				if err := parseSubConfig(&config, &groupconfig); err != nil {
+					return nil, err
+				}
+				// no need to to parse the same subconfig twice
+				break
 			}
 		}
 	}
 
-	if userconfig, present := config.Users[username]; present {
-		if err := parseSubConfig(&config, &userconfig); err != nil {
-			return nil, err
+	for usernames, userconfig := range config.Users {
+		for _, username := range strings.Split(usernames, ",") {
+			if username == currentUsername {
+				if err := parseSubConfig(&config, &userconfig); err != nil {
+					return nil, err
+				}
+				// no need to to parse the same subconfig twice
+				break
+			}
 		}
 	}
 

test/centos-image/gateway.sh

@@ -56,14 +56,14 @@ routes:
         dest: ["server3"]
 
 groups:
-    user1:
+    user1,unknowngroup:
         routes:
             service2:
                 source: ["gateway1:2023"]
                 dest: ["server2"]
 
 users:
-    user2:
+    unknownuser,user2:
         routes:
             service3:
                 source: ["gateway1:2024"]