Split /etc/wargate.yaml, have /etc/warpgate/ directory.

[stappersg]

This is feature request issue, it asks to split /etc/warp.yaml into several files.

Having only seen documentation of warpgate ( not having tried it ) there is only one big configuration file.

The idea:

/etc/
/etc/warpgate/
/etc/warpgate/main
/etc/warpgate/target/
/etc/warpgate/target/foo
/etc/warpgate/target/bar
/etc/warpgate/role/
/etc/warpgate/role/wgadmin
/etc/warpgate/role/engineer
/etc/warpgate/user/
/etc/warpgate/user/alice
/etc/warpgate/user/bob

What ends with a /, is a _directory.

/etc/warpgate/main is the YAML file that defines ssh port, webUI port and other main configuration.

In /etc/warpgate/target/foo is content like

   - name: foo
     allow_roles:
       - "warpgate:admin"
     ssh:
       host: 192.168.10.20
       username: root  # optional
       port: 22  # optional

In /etc/warpgate/user/alice is content like:

    - username: alice
      credentials:
        - type: password
          hash: "$argon2id$v=19$m=4096,...eq6Hog"
        - type: publickey
          key: ssh-ed25519 AAAAC3Nz...D4I

The advantages I see:

• the warpgate process does not need write privilege in /etc/
• changes in targets, users and roles don't need rewrite of one big fat single configuration file
• adding and removal of users and targets can easy be done by other tooling as warpgate (think ansible or just cp and just rm)

[nikaro]

If you use Ansible you should use the "one big file" to ensure that you did not forget an user somewhere in a sub directory. And you don’t have to worry that your file is big since it is generated.

[Eugeny]

The upcoming v0.6 release will use database as the primary storage for targets/users/roles, allowing adding/editing them through the API. Storing them in the config file is now deprecated.