Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssh: add flag to confirm access restrictions #309

Merged
merged 3 commits into from
May 31, 2023
+52 −21
Merged

ssh: add flag to confirm access restrictions #309

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b449961
ssh: add flag to confirm access restriction
petersutter May 25, 2023
e7ea5b8
p-env: deprecate force flag in favor of -y
petersutter May 25, 2023
1061bb1
make gen-markdown
petersutter May 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
ssh: add flag to confirm access restriction
  • Loading branch information
@petersutter
petersutter committed May 31, 2023
commit b44996138600a5fd18d08be6e7d5a928cf3e5e63
7 changes: 6 additions & 1 deletion pkg/cmd/ssh/options.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,10 @@ type SSHOptions struct {
// not be kept alive after it became available.
// This option can only be used if KeepBastion is set to true and Interactive is set to false.
NoKeepalive bool

// ConfirmAccessRestriction, when set to true, implies the user understands the access restrictions for the targeted shoot.
// In this case, the access restriction banner is displayed without further confirmation.
ConfirmAccessRestriction bool
}

// NewSSHOptions returns initialized SSHOptions.
Expand Down Expand Up @@ -254,6 +258,7 @@ func (o *SSHOptions) AddFlags(flagSet *pflag.FlagSet) {
flagSet.StringVar(&o.BastionHost, "bastion-host", o.BastionHost, "Override the hostname or IP address of the bastion used for the SSH client command. If not provided, the address will be automatically determined.")
flagSet.StringVar(&o.BastionPort, "bastion-port", o.BastionPort, "SSH port of the bastion used for the SSH client command. Defaults to port 22")
flagSet.StringSliceVar(&o.BastionUserKnownHostsFiles, "bastion-user-known-hosts-file", o.BastionUserKnownHostsFiles, "Path to a custom known hosts file for the SSH connection to the bastion. This file is used to verify the public keys of remote hosts when establishing a secure connection.")
flagSet.BoolVarP(&o.ConfirmAccessRestriction, "confirm-access-restriction", "y", o.ConfirmAccessRestriction, "Bypasses the need for confirmation of any access restrictions. Set this flag only if you are fully aware of the access restrictions.")

o.Options.AddFlags(flagSet)
}
Expand Down Expand Up @@ -1104,7 +1109,7 @@ func (o *SSHOptions) checkAccessRestrictions(cfg *config.Config, gardenName stri
return false, err
}

askForConfirmation := tf.ShootName() != ""
askForConfirmation := tf.ShootName() != "" && !o.ConfirmAccessRestriction
handler := ac.NewAccessRestrictionHandler(o.IOStreams.In, o.IOStreams.ErrOut, askForConfirmation) // do not write access restriction to stdout, otherwise it would break the output format

return handler(ac.CheckAccessRestrictions(garden.AccessRestrictions, shoot)), nil
Expand Down