Bugfix: ordering maps of groups and users. Warning: there is a

configuration change! Users and groups ar now in a table, so must be
prefixed with a "-"

Author: cyrilst

Makefile

@@ -1,4 +1,4 @@
-SSHPROXY_VERSION ?= 1.3.8
+SSHPROXY_VERSION ?= 1.4.0
 SSHPROXY_GIT_URL ?= github.com/cea-hpc/sshproxy
 
 prefix		?= /usr

config/sshproxy.yaml

@@ -135,7 +135,7 @@
 # The parameters defined in a "users" option (see below) will be applied last
 # and override groups parameters.
 #groups:
-#    foo,bar:
+#    - foo,bar:
 #        debug: true
 #        log: /tmp/sshproxy-foo/{user}.log
 #        # An associative array is used to specify environment, SSH options or
@@ -153,7 +153,7 @@
 # purpose). Multiple users can be defined on the same line, separated by
 # commas.
 #users:
-#    foo,bar:
+#    - foo,bar:
 #        debug: true
 #        log: /tmp/sshproxy-{user}.log
 #        dump: /tmp/sshproxy-{user}-{time}.dump

doc/sshproxy.yaml.txt

@@ -190,7 +190,7 @@ Each of the previous parameters can be overridden for a group thanks to the
 For example if we want to save debug messages for the 'foo' group we define:
 
 	groups:
-	    foo:
+	    - foo:
 	        debug: true
 
 It is possible to override the same options for multiple groups in a single
@@ -200,17 +200,16 @@ For example, if we want to save debug messages for the 'foo' and 'bar' groups
 we define:
 
 	groups:
-	    foo,bar:
+	    - foo,bar:
 	        debug: true
 
 Routes, environment or SSH options can also be defined:
 
 	groups:
-	    foo:
+	    - foo:
 	        routes:
 	            default:
 	                dest: [hostx]
-	
 	        ssh:
 	            args: ["-vvv", "-Y"]
 
@@ -223,10 +222,9 @@ For example, if a user is in the 'admin' and 'users' groups the logs will be
 in '/var/log/sshproxy/admin/\{user}.log' with the following configuration:
 
 	groups:
-	    users:
+	    - users:
 	        log: /var/log/sshproxy/users/{user}.log
-	
-	    admin:
+	    - admin:
 	        log: /var/log/sshproxy/admin/{user}.log
 
 We can also override the parameters for a specific user with the 'users'
@@ -237,13 +235,13 @@ For example if we want to save debug messages for the 'foo' and the 'bar'
 users we define:
 
 	users:
-	    foo,bar:
+	    - foo,bar:
 	        debug: true
 
 As for the groups, we can modify routes, environment or SSH options:
 
 	users:
-	    foo:
+	    - foo:
 	        ssh:
 	            args: ["-vvv", "-Y"]
 
@@ -275,13 +273,13 @@ routes:
         route_select: random
 
 groups:
-    admin:
+    - admin:
         routes:
             default:
                 dest: [login0]
 
 users:
-    user1234:
+    - user1234:
         debug: true
         dump: /var/spool/sshproxy/{user}-{time}-{sid}.dump
 ------------------------------------------------------------------------------

misc/sshproxy.spec

@@ -3,7 +3,7 @@
 %global debug_package   %{nil}
 
 Name:           sshproxy
-Version:        1.3.8
+Version:        1.4.0
 Release:        1%{?dist}
 Summary:        SSH proxy
 License:        CeCILL-B
@@ -51,6 +51,9 @@ install -p -m 0644 config/sshproxy.yaml %{buildroot}%{_sysconfdir}/sshproxy
 %{_mandir}/man8/sshproxy-replay.8*
 
 %changelog
+* Mon Aug 16 2021 Cyril Servant <cyril.servant@cea.fr> - 1.4.0-1
+- sshproxy 1.4.0
+
 * Wed Jul 28 2021 Cyril Servant <cyril.servant@cea.fr> - 1.3.8-1
 - sshproxy 1.3.8
 

pkg/utils/config.go

@@ -41,8 +41,8 @@ type Config struct {
 	SSH               sshConfig
 	Environment       map[string]string
 	Routes            map[string]*RouteConfig
-	Users             map[string]subConfig
-	Groups            map[string]subConfig
+	Users             []map[string]subConfig
+	Groups            []map[string]subConfig
 }
 
 // RouteConfig represents the configuration of a route. Dest is mandatory,
@@ -199,26 +199,32 @@ func LoadConfig(filename, currentUsername, sid string, start time.Time, groups m
 		config.SSH.Args = defaultSSHArgs
 	}
 
-	for groupnames, groupconfig := range config.Groups {
-		for _, groupname := range strings.Split(groupnames, ",") {
-			if groups[groupname] {
-				if err := parseSubConfig(&config, &groupconfig); err != nil {
-					return nil, err
+	// we have to use a slice of maps in order to have ordered maps
+	for _, groupconfigs := range config.Groups {
+		for groupnames, groupconfig := range groupconfigs {
+			for _, groupname := range strings.Split(groupnames, ",") {
+				if groups[groupname] {
+					if err := parseSubConfig(&config, &groupconfig); err != nil {
+						return nil, err
+					}
+					// no need to to parse the same subconfig twice
+					break
 				}
-				// no need to to parse the same subconfig twice
-				break
 			}
 		}
 	}
 
-	for usernames, userconfig := range config.Users {
-		for _, username := range strings.Split(usernames, ",") {
-			if username == currentUsername {
-				if err := parseSubConfig(&config, &userconfig); err != nil {
-					return nil, err
+	// we have to use a slice of maps in order to have ordered maps
+	for _, userconfigs := range config.Users {
+		for usernames, userconfig := range userconfigs {
+			for _, username := range strings.Split(usernames, ",") {
+				if username == currentUsername {
+					if err := parseSubConfig(&config, &userconfig); err != nil {
+						return nil, err
+					}
+					// no need to to parse the same subconfig twice
+					break
 				}
-				// no need to to parse the same subconfig twice
-				break
 			}
 		}
 	}

test/centos-image/gateway.sh

@@ -56,14 +56,14 @@ routes:
         dest: ["server3"]
 
 groups:
-    user1,unknowngroup:
+    - user1,unknowngroup:
         routes:
             service2:
                 source: ["gateway1:2023"]
                 dest: ["server2"]
 
 users:
-    unknownuser,user2:
+    - unknownuser,user2:
         routes:
             service3:
                 source: ["gateway1:2024"]