From ecee68c8bc153751d478be6215a78213e45d4497 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 30 Jun 2021 10:15:26 +0000 Subject: [PATCH] chore: fix spurious empty lines at end of generated rst files --- doc/sphinx/build-plugins-help.sh | 2 +- doc/sphinx/plugins/admin/adminMaintenance.rst | 3 --- doc/sphinx/plugins/admin/adminSudo.rst | 3 --- doc/sphinx/plugins/group-aclkeeper/groupAddServer.rst | 3 --- doc/sphinx/plugins/group-aclkeeper/groupDelServer.rst | 3 --- doc/sphinx/plugins/group-gatekeeper/groupAddGuestAccess.rst | 3 --- doc/sphinx/plugins/group-gatekeeper/groupAddMember.rst | 3 --- doc/sphinx/plugins/group-gatekeeper/groupDelGuestAccess.rst | 3 --- doc/sphinx/plugins/group-gatekeeper/groupDelMember.rst | 3 --- .../plugins/group-gatekeeper/groupListGuestAccesses.rst | 3 --- doc/sphinx/plugins/group-owner/groupAddAclkeeper.rst | 3 --- doc/sphinx/plugins/group-owner/groupAddGatekeeper.rst | 3 --- doc/sphinx/plugins/group-owner/groupAddOwner.rst | 3 --- doc/sphinx/plugins/group-owner/groupDelAclkeeper.rst | 3 --- doc/sphinx/plugins/group-owner/groupDelEgressKey.rst | 3 --- doc/sphinx/plugins/group-owner/groupDelGatekeeper.rst | 3 --- doc/sphinx/plugins/group-owner/groupDelOwner.rst | 3 --- doc/sphinx/plugins/group-owner/groupDestroy.rst | 3 --- doc/sphinx/plugins/group-owner/groupGenerateEgressKey.rst | 3 --- doc/sphinx/plugins/group-owner/groupGeneratePassword.rst | 3 --- doc/sphinx/plugins/group-owner/groupModify.rst | 3 --- doc/sphinx/plugins/group-owner/groupTransmitOwnership.rst | 3 --- doc/sphinx/plugins/open/alive.rst | 3 --- doc/sphinx/plugins/open/batch.rst | 3 --- doc/sphinx/plugins/open/clush.rst | 3 --- doc/sphinx/plugins/open/groupInfo.rst | 3 --- doc/sphinx/plugins/open/groupList.rst | 3 --- doc/sphinx/plugins/open/groupListPasswords.rst | 3 --- doc/sphinx/plugins/open/groupListServers.rst | 3 --- doc/sphinx/plugins/open/help.rst | 3 --- doc/sphinx/plugins/open/info.rst | 3 --- doc/sphinx/plugins/open/lock.rst | 3 --- doc/sphinx/plugins/open/mtr.rst | 3 --- doc/sphinx/plugins/open/nc.rst | 3 --- doc/sphinx/plugins/open/ping.rst | 3 --- doc/sphinx/plugins/open/selfAddIngressKey.rst | 3 --- doc/sphinx/plugins/open/selfDelIngressKey.rst | 3 --- doc/sphinx/plugins/open/selfForgetHostKey.rst | 3 --- doc/sphinx/plugins/open/selfGeneratePassword.rst | 3 --- doc/sphinx/plugins/open/selfGenerateProxyPassword.rst | 3 --- doc/sphinx/plugins/open/selfListAccesses.rst | 3 --- doc/sphinx/plugins/open/selfListEgressKeys.rst | 3 --- doc/sphinx/plugins/open/selfListIngressKeys.rst | 3 --- doc/sphinx/plugins/open/selfListPasswords.rst | 3 --- doc/sphinx/plugins/open/selfListSessions.rst | 3 --- doc/sphinx/plugins/open/selfMFAResetPassword.rst | 3 --- doc/sphinx/plugins/open/selfMFAResetTOTP.rst | 3 --- doc/sphinx/plugins/open/selfMFASetupPassword.rst | 3 --- doc/sphinx/plugins/open/selfMFASetupTOTP.rst | 3 --- doc/sphinx/plugins/open/selfPlaySession.rst | 3 --- doc/sphinx/plugins/open/unlock.rst | 3 --- doc/sphinx/plugins/restricted/accountAddPersonalAccess.rst | 3 --- doc/sphinx/plugins/restricted/accountCreate.rst | 3 --- doc/sphinx/plugins/restricted/accountDelPersonalAccess.rst | 3 --- doc/sphinx/plugins/restricted/accountDelete.rst | 3 --- doc/sphinx/plugins/restricted/accountGeneratePassword.rst | 3 --- doc/sphinx/plugins/restricted/accountGrantCommand.rst | 3 --- doc/sphinx/plugins/restricted/accountInfo.rst | 3 --- doc/sphinx/plugins/restricted/accountList.rst | 3 --- doc/sphinx/plugins/restricted/accountListAccesses.rst | 3 --- doc/sphinx/plugins/restricted/accountListEgressKeys.rst | 3 --- doc/sphinx/plugins/restricted/accountListIngressKeys.rst | 3 --- doc/sphinx/plugins/restricted/accountListPasswords.rst | 3 --- doc/sphinx/plugins/restricted/accountMFAResetPassword.rst | 3 --- doc/sphinx/plugins/restricted/accountMFAResetTOTP.rst | 3 --- doc/sphinx/plugins/restricted/accountModify.rst | 3 --- doc/sphinx/plugins/restricted/accountPIV.rst | 3 --- doc/sphinx/plugins/restricted/accountRevokeCommand.rst | 3 --- doc/sphinx/plugins/restricted/accountUnexpire.rst | 3 --- doc/sphinx/plugins/restricted/groupDelete.rst | 3 --- doc/sphinx/plugins/restricted/realmCreate.rst | 3 --- doc/sphinx/plugins/restricted/realmDelete.rst | 3 --- doc/sphinx/plugins/restricted/realmInfo.rst | 3 --- doc/sphinx/plugins/restricted/realmList.rst | 3 --- doc/sphinx/plugins/restricted/rootListIngressKeys.rst | 3 --- doc/sphinx/plugins/restricted/selfAddPersonalAccess.rst | 3 --- doc/sphinx/plugins/restricted/selfDelPersonalAccess.rst | 3 --- doc/sphinx/plugins/restricted/whoHasAccessTo.rst | 3 --- lib/perl/OVH/Bastion.pm | 4 ++-- 79 files changed, 3 insertions(+), 234 deletions(-) diff --git a/doc/sphinx/build-plugins-help.sh b/doc/sphinx/build-plugins-help.sh index fc15af6..8855584 100644 --- a/doc/sphinx/build-plugins-help.sh +++ b/doc/sphinx/build-plugins-help.sh @@ -42,7 +42,7 @@ do if [ -e "doc/sphinx-plugins-override/$name.override.rst" ]; then cat "doc/sphinx-plugins-override/$name.override.rst" else - perl "$pluginfile" '' '' '' '' | perl -ne ' + perl "$pluginfile" '' '' '' '' | perl -e 'undef $/; $_=<>; s/\n+$/\n/; print $_' | perl -ne ' if (m{^Usage: (.+)}) { print ".. admonition:: usage\n :class: cmdusage\n\n $1\n\n.. program:: '"$name"'\n\n"; } elsif (m{^ (-[- ,a-z|/A-Z"'"'"']+) (.+)}) { print ".. option:: $1\n\n $2\n\n"; } elsif ($l++ == 0) { chomp; print "$_\n"."="x(length($_))."\n\n"; } diff --git a/doc/sphinx/plugins/admin/adminMaintenance.rst b/doc/sphinx/plugins/admin/adminMaintenance.rst index 0ac94af..83ff9dc 100644 --- a/doc/sphinx/plugins/admin/adminMaintenance.rst +++ b/doc/sphinx/plugins/admin/adminMaintenance.rst @@ -26,6 +26,3 @@ Manage the bastion maintenance mode Optionally set a maintenance reason, if you're in a shell, quote it twice. - - - diff --git a/doc/sphinx/plugins/admin/adminSudo.rst b/doc/sphinx/plugins/admin/adminSudo.rst index 910fbad..4ef8674 100644 --- a/doc/sphinx/plugins/admin/adminSudo.rst +++ b/doc/sphinx/plugins/admin/adminSudo.rst @@ -29,6 +29,3 @@ Example:: Don't forget the double-double-dash as seen in the example above: one after the plugin name, and another one to separate adminSudo options from the options of the plugin to be called. - - - diff --git a/doc/sphinx/plugins/group-aclkeeper/groupAddServer.rst b/doc/sphinx/plugins/group-aclkeeper/groupAddServer.rst index ce6a0b6..cd11dd7 100644 --- a/doc/sphinx/plugins/group-aclkeeper/groupAddServer.rst +++ b/doc/sphinx/plugins/group-aclkeeper/groupAddServer.rst @@ -68,6 +68,3 @@ Examples:: --osh groupAddServer --group grp1 --host 203.0.113.0/24 --user-any --port-any --force --comment '"a whole network"' --osh groupAddServer --group grp2 --host srv1.example.org --user root --port 22 - - - diff --git a/doc/sphinx/plugins/group-aclkeeper/groupDelServer.rst b/doc/sphinx/plugins/group-aclkeeper/groupDelServer.rst index 3d3dc41..7d35a9e 100644 --- a/doc/sphinx/plugins/group-aclkeeper/groupDelServer.rst +++ b/doc/sphinx/plugins/group-aclkeeper/groupDelServer.rst @@ -46,6 +46,3 @@ Remove an IP or IP block from a group's serrver list Remove SCP download right, you<--bastion--server (omit --user in this case) - - - diff --git a/doc/sphinx/plugins/group-gatekeeper/groupAddGuestAccess.rst b/doc/sphinx/plugins/group-gatekeeper/groupAddGuestAccess.rst index da80c5e..f1591bd 100644 --- a/doc/sphinx/plugins/group-gatekeeper/groupAddGuestAccess.rst +++ b/doc/sphinx/plugins/group-gatekeeper/groupAddGuestAccess.rst @@ -71,6 +71,3 @@ key instead of the group key, please use ``accountAddPersonalAccess`` instead (h must be on the remote server). This command is the opposite of ``groupDelGuestAccess``. - - - diff --git a/doc/sphinx/plugins/group-gatekeeper/groupAddMember.rst b/doc/sphinx/plugins/group-gatekeeper/groupAddMember.rst index f20ab06..157e4c4 100644 --- a/doc/sphinx/plugins/group-gatekeeper/groupAddMember.rst +++ b/doc/sphinx/plugins/group-gatekeeper/groupAddMember.rst @@ -27,6 +27,3 @@ The specified account will be able to access all present and future servers pertaining to this group. If you need to give a specific and/or temporary access instead, see ``groupAddGuestAccess`` - - - diff --git a/doc/sphinx/plugins/group-gatekeeper/groupDelGuestAccess.rst b/doc/sphinx/plugins/group-gatekeeper/groupDelGuestAccess.rst index d23a92b..aa29148 100644 --- a/doc/sphinx/plugins/group-gatekeeper/groupDelGuestAccess.rst +++ b/doc/sphinx/plugins/group-gatekeeper/groupDelGuestAccess.rst @@ -58,6 +58,3 @@ If you want to remove access from an account from a group server but using his p key instead of the group key, please use ``accountDelPersonalAccess`` instead. This command is the opposite of ``groupAddGuestAccess``. - - - diff --git a/doc/sphinx/plugins/group-gatekeeper/groupDelMember.rst b/doc/sphinx/plugins/group-gatekeeper/groupDelMember.rst index 5b5fca6..79d9ac7 100644 --- a/doc/sphinx/plugins/group-gatekeeper/groupDelMember.rst +++ b/doc/sphinx/plugins/group-gatekeeper/groupDelMember.rst @@ -27,6 +27,3 @@ The specified account will no longerr be able to access all present and future s pertaining to this group. Note that if this account also had specific guest accesses to this group, they may still apply, see ``groupListGuestAccesses`` - - - diff --git a/doc/sphinx/plugins/group-gatekeeper/groupListGuestAccesses.rst b/doc/sphinx/plugins/group-gatekeeper/groupListGuestAccesses.rst index 416da67..793b8bb 100644 --- a/doc/sphinx/plugins/group-gatekeeper/groupListGuestAccesses.rst +++ b/doc/sphinx/plugins/group-gatekeeper/groupListGuestAccesses.rst @@ -41,6 +41,3 @@ List the guest accesses to servers of a group specifically granted to an account **Note:** PATTERN supports the ``*`` and ``?`` wildcards. If PATTERN is a simple string without wildcards, then names containing this string will be considered. The matching is done on the text output of the command. - - - diff --git a/doc/sphinx/plugins/group-owner/groupAddAclkeeper.rst b/doc/sphinx/plugins/group-owner/groupAddAclkeeper.rst index 5f55642..4b6a66a 100644 --- a/doc/sphinx/plugins/group-owner/groupAddAclkeeper.rst +++ b/doc/sphinx/plugins/group-owner/groupAddAclkeeper.rst @@ -24,6 +24,3 @@ Add the group aclkeeper role to an account The specified account will be able to manage the server list of this group - - - diff --git a/doc/sphinx/plugins/group-owner/groupAddGatekeeper.rst b/doc/sphinx/plugins/group-owner/groupAddGatekeeper.rst index 7b4c212..ddcc17e 100644 --- a/doc/sphinx/plugins/group-owner/groupAddGatekeeper.rst +++ b/doc/sphinx/plugins/group-owner/groupAddGatekeeper.rst @@ -25,6 +25,3 @@ Add the group gatekeeper role to an account The specified account will be able to manage the members list of this group, along with the guests list - - - diff --git a/doc/sphinx/plugins/group-owner/groupAddOwner.rst b/doc/sphinx/plugins/group-owner/groupAddOwner.rst index 452760c..586b4e4 100644 --- a/doc/sphinx/plugins/group-owner/groupAddOwner.rst +++ b/doc/sphinx/plugins/group-owner/groupAddOwner.rst @@ -27,6 +27,3 @@ The specified account will be able to manage the owner, gatekeeper and aclkeeper list of this group. In other words, this account will have all possible rights to manage the group and delegate some or all of the rights to other accounts - - - diff --git a/doc/sphinx/plugins/group-owner/groupDelAclkeeper.rst b/doc/sphinx/plugins/group-owner/groupDelAclkeeper.rst index 65c2469..2d920af 100644 --- a/doc/sphinx/plugins/group-owner/groupDelAclkeeper.rst +++ b/doc/sphinx/plugins/group-owner/groupDelAclkeeper.rst @@ -24,6 +24,3 @@ Remove the group aclkeeper role from an account The specified account will no longer be able to manage the server list of this group - - - diff --git a/doc/sphinx/plugins/group-owner/groupDelEgressKey.rst b/doc/sphinx/plugins/group-owner/groupDelEgressKey.rst index bf8d4eb..02828d7 100644 --- a/doc/sphinx/plugins/group-owner/groupDelEgressKey.rst +++ b/doc/sphinx/plugins/group-owner/groupDelEgressKey.rst @@ -22,6 +22,3 @@ Remove a bastion group egress key Specify the key ID to delete, you can get it with groupInfo - - - diff --git a/doc/sphinx/plugins/group-owner/groupDelGatekeeper.rst b/doc/sphinx/plugins/group-owner/groupDelGatekeeper.rst index f899d2f..4641ec5 100644 --- a/doc/sphinx/plugins/group-owner/groupDelGatekeeper.rst +++ b/doc/sphinx/plugins/group-owner/groupDelGatekeeper.rst @@ -25,6 +25,3 @@ Remove the group gatekeeper role from an account The specified account will no longer be able to manager the members nor the guest list of this group - - - diff --git a/doc/sphinx/plugins/group-owner/groupDelOwner.rst b/doc/sphinx/plugins/group-owner/groupDelOwner.rst index bdbca1f..09cba1c 100644 --- a/doc/sphinx/plugins/group-owner/groupDelOwner.rst +++ b/doc/sphinx/plugins/group-owner/groupDelOwner.rst @@ -25,6 +25,3 @@ Remove the group owner role from an account The specified account will no longer be able to manage the owner, gatekeeper and aclkeeper lists of this group - - - diff --git a/doc/sphinx/plugins/group-owner/groupDestroy.rst b/doc/sphinx/plugins/group-owner/groupDestroy.rst index f29a637..4afbf70 100644 --- a/doc/sphinx/plugins/group-owner/groupDestroy.rst +++ b/doc/sphinx/plugins/group-owner/groupDestroy.rst @@ -25,6 +25,3 @@ Delete a group This command is able to delete any group you're an owner of. Granted users to the sibling restricted command `groupDelete` can delete any group. - - - diff --git a/doc/sphinx/plugins/group-owner/groupGenerateEgressKey.rst b/doc/sphinx/plugins/group-owner/groupGenerateEgressKey.rst index 2c9c324..90f7440 100644 --- a/doc/sphinx/plugins/group-owner/groupGenerateEgressKey.rst +++ b/doc/sphinx/plugins/group-owner/groupGenerateEgressKey.rst @@ -54,6 +54,3 @@ A quick overview of the different algorithms:: This table is meant as a quick cheat-sheet, you're warmly advised to do your own research, as other constraints may apply to your environment. - - - diff --git a/doc/sphinx/plugins/group-owner/groupGeneratePassword.rst b/doc/sphinx/plugins/group-owner/groupGeneratePassword.rst index 2352b14..ccb9a5f 100644 --- a/doc/sphinx/plugins/group-owner/groupGeneratePassword.rst +++ b/doc/sphinx/plugins/group-owner/groupGeneratePassword.rst @@ -38,6 +38,3 @@ egress password to use right away for the group, for any access that requires it A fallback mechanism exists that will auto-try the previous password if this one doesn't work, but please ensure that this new password is deployed on the remote devices as soon as possible. - - - diff --git a/doc/sphinx/plugins/group-owner/groupModify.rst b/doc/sphinx/plugins/group-owner/groupModify.rst index de4f590..f253be2 100644 --- a/doc/sphinx/plugins/group-owner/groupModify.rst +++ b/doc/sphinx/plugins/group-owner/groupModify.rst @@ -27,6 +27,3 @@ Modify the configuration of a group This group will enforce TTL setting, on guest access creation, to be set, and not to a higher value than DURATION, set to zero to allow guest accesses creation without any TTL set (default) - - - diff --git a/doc/sphinx/plugins/group-owner/groupTransmitOwnership.rst b/doc/sphinx/plugins/group-owner/groupTransmitOwnership.rst index 444cff5..499ad99 100644 --- a/doc/sphinx/plugins/group-owner/groupTransmitOwnership.rst +++ b/doc/sphinx/plugins/group-owner/groupTransmitOwnership.rst @@ -25,6 +25,3 @@ Transmit your group ownership to somebody else Note that this command has the same net effect than using ``groupAddOwner`` to add ACCOUNT as an owner, then removing yourself with ``groupDelOwner`` - - - diff --git a/doc/sphinx/plugins/open/alive.rst b/doc/sphinx/plugins/open/alive.rst index a3e679f..ffd0da6 100644 --- a/doc/sphinx/plugins/open/alive.rst +++ b/doc/sphinx/plugins/open/alive.rst @@ -21,6 +21,3 @@ Note that if you want to ssh to it afterwards, you can simply use the ``--wait`` hostname or IP to ping - - - diff --git a/doc/sphinx/plugins/open/batch.rst b/doc/sphinx/plugins/open/batch.rst index 62d93f8..c69f485 100644 --- a/doc/sphinx/plugins/open/batch.rst +++ b/doc/sphinx/plugins/open/batch.rst @@ -35,6 +35,3 @@ Run a batch of osh commands fed through STDIN :: for i in user1 user2 user3; do echo "groupAddMember --account $i --group grp4"; done | bssh --osh batch - - - diff --git a/doc/sphinx/plugins/open/clush.rst b/doc/sphinx/plugins/open/clush.rst index e50f239..daf7451 100644 --- a/doc/sphinx/plugins/open/clush.rst +++ b/doc/sphinx/plugins/open/clush.rst @@ -42,6 +42,3 @@ Launch a remote command on several machines sequentially (clush-like) Command to be run on the remote hosts. If you're in a shell, quote it twice as shown. - - - diff --git a/doc/sphinx/plugins/open/groupInfo.rst b/doc/sphinx/plugins/open/groupInfo.rst index cd7dae2..bacf3a4 100644 --- a/doc/sphinx/plugins/open/groupInfo.rst +++ b/doc/sphinx/plugins/open/groupInfo.rst @@ -18,9 +18,6 @@ Print some basic information about a group specify the group to display the infos of - - - Output example ============== diff --git a/doc/sphinx/plugins/open/groupList.rst b/doc/sphinx/plugins/open/groupList.rst index 4f8c114..0f209f5 100644 --- a/doc/sphinx/plugins/open/groupList.rst +++ b/doc/sphinx/plugins/open/groupList.rst @@ -32,6 +32,3 @@ List the groups available on this bastion **Note:** PATTERN supports the ``*`` and ``?`` wildcards. If PATTERN is a simple string without wildcards, then names containing this string will be considered. - - - diff --git a/doc/sphinx/plugins/open/groupListPasswords.rst b/doc/sphinx/plugins/open/groupListPasswords.rst index 64682d3..ed43641 100644 --- a/doc/sphinx/plugins/open/groupListPasswords.rst +++ b/doc/sphinx/plugins/open/groupListPasswords.rst @@ -20,6 +20,3 @@ List the hashes and metadata of egress passwords of a group The passwords corresponding to these hashes are only needed for devices that don't support key-based SSH - - - diff --git a/doc/sphinx/plugins/open/groupListServers.rst b/doc/sphinx/plugins/open/groupListServers.rst index be36e21..86b38d1 100644 --- a/doc/sphinx/plugins/open/groupListServers.rst +++ b/doc/sphinx/plugins/open/groupListServers.rst @@ -37,6 +37,3 @@ List the servers (IPs and IP blocks) pertaining to a group **Note:** PATTERN supports the ``*`` and ``?`` wildcards. If PATTERN is a simple string without wildcards, then names containing this string will be considered. The matching is done on the text output of the command. - - - diff --git a/doc/sphinx/plugins/open/help.rst b/doc/sphinx/plugins/open/help.rst index a580fab..5ed31b8 100644 --- a/doc/sphinx/plugins/open/help.rst +++ b/doc/sphinx/plugins/open/help.rst @@ -13,9 +13,6 @@ I'm So Meta, Even This Acronym .. program:: help - - - Displays help about the available plugins callable with ``--osh``. If you need help on a specific plugin, you can use ``--osh PLUGIN --help``, replacing ``PLUGIN`` with the actual plugin name. diff --git a/doc/sphinx/plugins/open/info.rst b/doc/sphinx/plugins/open/info.rst index fa5d47a..a45b34e 100644 --- a/doc/sphinx/plugins/open/info.rst +++ b/doc/sphinx/plugins/open/info.rst @@ -13,9 +13,6 @@ Displays some information about this bastion instance .. program:: info - - - Output example ============== diff --git a/doc/sphinx/plugins/open/lock.rst b/doc/sphinx/plugins/open/lock.rst index d416050..f0dfa81 100644 --- a/doc/sphinx/plugins/open/lock.rst +++ b/doc/sphinx/plugins/open/lock.rst @@ -13,9 +13,6 @@ Manually lock all your current sessions .. program:: lock - - - This command will lock all your current sessions on this bastion instance. Note that this only applies to the bastion instance you're launching this command on, not on the whole bastion cluster (if you happen to have one). To undo this action, you can use ``--osh unlock`` on the same instance. diff --git a/doc/sphinx/plugins/open/mtr.rst b/doc/sphinx/plugins/open/mtr.rst index 21a4cae..9e2dccf 100644 --- a/doc/sphinx/plugins/open/mtr.rst +++ b/doc/sphinx/plugins/open/mtr.rst @@ -18,6 +18,3 @@ Runs the mtr tool to traceroute a host Don't run mtr interactively, output a text report once done - - - diff --git a/doc/sphinx/plugins/open/nc.rst b/doc/sphinx/plugins/open/nc.rst index 9be25b4..2b1e448 100644 --- a/doc/sphinx/plugins/open/nc.rst +++ b/doc/sphinx/plugins/open/nc.rst @@ -26,7 +26,4 @@ Check whether a remote TCP port is open Timeout in seconds (default: 3) - - - Note that this is not a full-featured ``netcat``, we just test whether a remote port is open. There is no way to exchange data using this command. diff --git a/doc/sphinx/plugins/open/ping.rst b/doc/sphinx/plugins/open/ping.rst index 7a60ee3..c6f2191 100644 --- a/doc/sphinx/plugins/open/ping.rst +++ b/doc/sphinx/plugins/open/ping.rst @@ -30,6 +30,3 @@ Ping a remote host from the bastion Exit unconditionally after this amount of seconds - - - diff --git a/doc/sphinx/plugins/open/selfAddIngressKey.rst b/doc/sphinx/plugins/open/selfAddIngressKey.rst index 2d3df10..5bc8d05 100644 --- a/doc/sphinx/plugins/open/selfAddIngressKey.rst +++ b/doc/sphinx/plugins/open/selfAddIngressKey.rst @@ -28,6 +28,3 @@ Add a new ingress public key to your account certificate, both in PEM format. If you specified --public-key, then the attestation and key certificate are expected on STDIN only, otherwise the public SSH key, the attestation and key certificate are expected on STDIN. - - - diff --git a/doc/sphinx/plugins/open/selfDelIngressKey.rst b/doc/sphinx/plugins/open/selfDelIngressKey.rst index 4abbb41..628fa9a 100644 --- a/doc/sphinx/plugins/open/selfDelIngressKey.rst +++ b/doc/sphinx/plugins/open/selfDelIngressKey.rst @@ -24,6 +24,3 @@ Remove an ingress public key from your account If none of these options are specified, you'll be prompted interactively. - - - diff --git a/doc/sphinx/plugins/open/selfForgetHostKey.rst b/doc/sphinx/plugins/open/selfForgetHostKey.rst index 94b7e0a..ca1f3b6 100644 --- a/doc/sphinx/plugins/open/selfForgetHostKey.rst +++ b/doc/sphinx/plugins/open/selfForgetHostKey.rst @@ -26,6 +26,3 @@ Forget a known host key from your bastion account This command is useful to remove the man-in-the-middle warning when a key has changed, however please verify that the host key change is legit before using this command. The warning SSH gives is there for a reason. - - - diff --git a/doc/sphinx/plugins/open/selfGeneratePassword.rst b/doc/sphinx/plugins/open/selfGeneratePassword.rst index a22e22f..3da7286 100644 --- a/doc/sphinx/plugins/open/selfGeneratePassword.rst +++ b/doc/sphinx/plugins/open/selfGeneratePassword.rst @@ -34,6 +34,3 @@ egress password to use right away for your account, for any access that requires A fallback mechanism exists that will auto-try the previous password if this one doesn't work, but please ensure that this new password is deployed on the remote devices as soon as possible. - - - diff --git a/doc/sphinx/plugins/open/selfGenerateProxyPassword.rst b/doc/sphinx/plugins/open/selfGenerateProxyPassword.rst index 4e07a60..0aa73ef 100644 --- a/doc/sphinx/plugins/open/selfGenerateProxyPassword.rst +++ b/doc/sphinx/plugins/open/selfGenerateProxyPassword.rst @@ -31,6 +31,3 @@ know that devices you need to access are using an HTTPS API. BEWARE: once a new password is generated this way, it'll be set as the new HTTPS proxy ingress password to use right away for your account. - - - diff --git a/doc/sphinx/plugins/open/selfListAccesses.rst b/doc/sphinx/plugins/open/selfListAccesses.rst index 8639dbd..f5bf98c 100644 --- a/doc/sphinx/plugins/open/selfListAccesses.rst +++ b/doc/sphinx/plugins/open/selfListAccesses.rst @@ -38,6 +38,3 @@ Show the list of servers you have access to **Note:** PATTERN supports the ``*`` and ``?`` wildcards. If PATTERN is a simple string without wildcards, then names containing this string will be considered. The matching is done on the text output of the command. - - - diff --git a/doc/sphinx/plugins/open/selfListEgressKeys.rst b/doc/sphinx/plugins/open/selfListEgressKeys.rst index 18581aa..9593330 100644 --- a/doc/sphinx/plugins/open/selfListEgressKeys.rst +++ b/doc/sphinx/plugins/open/selfListEgressKeys.rst @@ -18,6 +18,3 @@ The keys listed are the public egress SSH keys tied to your account. They can be used to gain access to another machine from this bastion, by putting one of those keys in the remote machine's ``authorized_keys`` file, and adding yourself access to this machine with ``selfAddPersonalAccess``. - - - diff --git a/doc/sphinx/plugins/open/selfListIngressKeys.rst b/doc/sphinx/plugins/open/selfListIngressKeys.rst index 66bfbce..d8f3170 100644 --- a/doc/sphinx/plugins/open/selfListIngressKeys.rst +++ b/doc/sphinx/plugins/open/selfListIngressKeys.rst @@ -17,6 +17,3 @@ List the public ingress keys of your account The keys listed are the public ingress SSH keys tied to your account. Their private counterpart should be detained only by you, and used to authenticate yourself to this bastion. - - - diff --git a/doc/sphinx/plugins/open/selfListPasswords.rst b/doc/sphinx/plugins/open/selfListPasswords.rst index 33516b2..0d36c40 100644 --- a/doc/sphinx/plugins/open/selfListPasswords.rst +++ b/doc/sphinx/plugins/open/selfListPasswords.rst @@ -15,6 +15,3 @@ List the hashes and metadata of the egress passwords associated to your account The passwords corresponding to these hashes are only needed for devices that don't support key-based SSH - - - diff --git a/doc/sphinx/plugins/open/selfListSessions.rst b/doc/sphinx/plugins/open/selfListSessions.rst index f6f4b7c..daaa46a 100644 --- a/doc/sphinx/plugins/open/selfListSessions.rst +++ b/doc/sphinx/plugins/open/selfListSessions.rst @@ -71,6 +71,3 @@ List the few past sessions of your account Note that only the sessions that happened on this precise bastion instance will be shown, not the sessions from its possible cluster siblings. - - - diff --git a/doc/sphinx/plugins/open/selfMFAResetPassword.rst b/doc/sphinx/plugins/open/selfMFAResetPassword.rst index cfe9a69..dacff4d 100644 --- a/doc/sphinx/plugins/open/selfMFAResetPassword.rst +++ b/doc/sphinx/plugins/open/selfMFAResetPassword.rst @@ -16,6 +16,3 @@ Remove the UNIX password of your account Note that if your password is set, you'll be prompted for it. Also note that this doesn't remove your UNIX password requirement, if set (see ``accountModify`` for this). - - - diff --git a/doc/sphinx/plugins/open/selfMFAResetTOTP.rst b/doc/sphinx/plugins/open/selfMFAResetTOTP.rst index 44f4dde..dbeca49 100644 --- a/doc/sphinx/plugins/open/selfMFAResetTOTP.rst +++ b/doc/sphinx/plugins/open/selfMFAResetTOTP.rst @@ -16,6 +16,3 @@ Remove the TOTP configuration of your account Note that if your TOTP is set, you'll be prompted for it. Also note that this doesn't remove your TOTP requirement, if set (see accountModify for this). - - - diff --git a/doc/sphinx/plugins/open/selfMFASetupPassword.rst b/doc/sphinx/plugins/open/selfMFASetupPassword.rst index 0168715..d6d4d62 100644 --- a/doc/sphinx/plugins/open/selfMFASetupPassword.rst +++ b/doc/sphinx/plugins/open/selfMFASetupPassword.rst @@ -18,6 +18,3 @@ Setup an additional credential (UNIX password) to access your account Don't ask for confirmation - - - diff --git a/doc/sphinx/plugins/open/selfMFASetupTOTP.rst b/doc/sphinx/plugins/open/selfMFASetupTOTP.rst index aa3b7b6..9136f7c 100644 --- a/doc/sphinx/plugins/open/selfMFASetupTOTP.rst +++ b/doc/sphinx/plugins/open/selfMFASetupTOTP.rst @@ -18,6 +18,3 @@ Setup an additional credential (TOTP) to access your account Bypass the confirmation step for TOTP enrollment phase - - - diff --git a/doc/sphinx/plugins/open/selfPlaySession.rst b/doc/sphinx/plugins/open/selfPlaySession.rst index 26e87f8..42500b3 100644 --- a/doc/sphinx/plugins/open/selfPlaySession.rst +++ b/doc/sphinx/plugins/open/selfPlaySession.rst @@ -18,6 +18,3 @@ Replay the ttyrec of a past session ID of the session to replay, use ``selfListSessions`` to find it. - - - diff --git a/doc/sphinx/plugins/open/unlock.rst b/doc/sphinx/plugins/open/unlock.rst index 9ecf514..e2b4aa3 100644 --- a/doc/sphinx/plugins/open/unlock.rst +++ b/doc/sphinx/plugins/open/unlock.rst @@ -18,6 +18,3 @@ This command will unlock all your current sessions on this bastion instance, that were either locked for inactivity timeout or manually locked by you with ``lock``. Note that this only applies to the bastion instance you're launching this command on, not on the whole bastion cluster (if you happen to have one). - - - diff --git a/doc/sphinx/plugins/restricted/accountAddPersonalAccess.rst b/doc/sphinx/plugins/restricted/accountAddPersonalAccess.rst index c0da344..8827982 100644 --- a/doc/sphinx/plugins/restricted/accountAddPersonalAccess.rst +++ b/doc/sphinx/plugins/restricted/accountAddPersonalAccess.rst @@ -61,6 +61,3 @@ Add a personal server access to an account The access will work only if one of the account's personal egress public key has been copied to the remote server. To get the list of an account's personal egress public keys, see ``accountListEgressKeyss`` and ``selfListEgressKeys``. - - - diff --git a/doc/sphinx/plugins/restricted/accountCreate.rst b/doc/sphinx/plugins/restricted/accountCreate.rst index 5e2477c..39b250e 100644 --- a/doc/sphinx/plugins/restricted/accountCreate.rst +++ b/doc/sphinx/plugins/restricted/accountCreate.rst @@ -56,6 +56,3 @@ Create a new bastion account Time after which the account will be deactivated (amount of seconds, or duration string such as "4d12h15m") - - - diff --git a/doc/sphinx/plugins/restricted/accountDelPersonalAccess.rst b/doc/sphinx/plugins/restricted/accountDelPersonalAccess.rst index 125ba9b..1c49c34 100644 --- a/doc/sphinx/plugins/restricted/accountDelPersonalAccess.rst +++ b/doc/sphinx/plugins/restricted/accountDelPersonalAccess.rst @@ -46,6 +46,3 @@ Remove a personal server access from an account Remove SCP download right, you<--bastion--server (omit --user in this case) - - - diff --git a/doc/sphinx/plugins/restricted/accountDelete.rst b/doc/sphinx/plugins/restricted/accountDelete.rst index 4199fbd..8a48565 100644 --- a/doc/sphinx/plugins/restricted/accountDelete.rst +++ b/doc/sphinx/plugins/restricted/accountDelete.rst @@ -22,6 +22,3 @@ Delete an account from the bastion Don't ask for confirmation, and blame yourself if you deleted the wrong account - - - diff --git a/doc/sphinx/plugins/restricted/accountGeneratePassword.rst b/doc/sphinx/plugins/restricted/accountGeneratePassword.rst index fd919d1..24aa26c 100644 --- a/doc/sphinx/plugins/restricted/accountGeneratePassword.rst +++ b/doc/sphinx/plugins/restricted/accountGeneratePassword.rst @@ -38,6 +38,3 @@ egress password to use right away for the account, for any access that requires A fallback mechanism exists that will auto-try the previous password if this one doesn't work, but please ensure that this new password is deployed on the remote devices as soon as possible. - - - diff --git a/doc/sphinx/plugins/restricted/accountGrantCommand.rst b/doc/sphinx/plugins/restricted/accountGrantCommand.rst index 0b01216..83895d3 100644 --- a/doc/sphinx/plugins/restricted/accountGrantCommand.rst +++ b/doc/sphinx/plugins/restricted/accountGrantCommand.rst @@ -29,6 +29,3 @@ but then they'll be able to grant themselves or anybody else to this or any othe A specific command that can be granted is ``auditor``, it is not an osh plugin per-se, but activates more verbose output for several other commands, suitable to audit rights or grants without needing to be granted (e.g. to groups). - - - diff --git a/doc/sphinx/plugins/restricted/accountInfo.rst b/doc/sphinx/plugins/restricted/accountInfo.rst index 90c2ee7..f991f92 100644 --- a/doc/sphinx/plugins/restricted/accountInfo.rst +++ b/doc/sphinx/plugins/restricted/accountInfo.rst @@ -18,9 +18,6 @@ Display some information about an account The account name to work on - - - Output example ============== diff --git a/doc/sphinx/plugins/restricted/accountList.rst b/doc/sphinx/plugins/restricted/accountList.rst index 5166323..7d7824c 100644 --- a/doc/sphinx/plugins/restricted/accountList.rst +++ b/doc/sphinx/plugins/restricted/accountList.rst @@ -40,6 +40,3 @@ List the bastion accounts **Note:** PATTERN supports the ``*`` and ``?`` wildcards. If PATTERN is a simple string without wildcards, then names containing this string will be considered. - - - diff --git a/doc/sphinx/plugins/restricted/accountListAccesses.rst b/doc/sphinx/plugins/restricted/accountListAccesses.rst index 5bbda2a..fa9029b 100644 --- a/doc/sphinx/plugins/restricted/accountListAccesses.rst +++ b/doc/sphinx/plugins/restricted/accountListAccesses.rst @@ -42,6 +42,3 @@ View the expanded access list of a given bastion account **Note:** PATTERN supports the ``*`` and ``?`` wildcards. If PATTERN is a simple string without wildcards, then names containing this string will be considered. The matching is done on the text output of the command. - - - diff --git a/doc/sphinx/plugins/restricted/accountListEgressKeys.rst b/doc/sphinx/plugins/restricted/accountListEgressKeys.rst index 6799beb..1827683 100644 --- a/doc/sphinx/plugins/restricted/accountListEgressKeys.rst +++ b/doc/sphinx/plugins/restricted/accountListEgressKeys.rst @@ -23,6 +23,3 @@ The keys listed are the public egress SSH keys tied to this account. They can be used to gain access to another machine from this bastion, by putting one of those keys in the remote machine's ``authorized_keys`` file, and adding this account access to this machine with ``accountAddPersonalAccess``. - - - diff --git a/doc/sphinx/plugins/restricted/accountListIngressKeys.rst b/doc/sphinx/plugins/restricted/accountListIngressKeys.rst index a200aec..4b6902d 100644 --- a/doc/sphinx/plugins/restricted/accountListIngressKeys.rst +++ b/doc/sphinx/plugins/restricted/accountListIngressKeys.rst @@ -22,6 +22,3 @@ List the public ingress keys of an account The keys listed are the public ingress SSH keys tied to this account. Their private counterpart should be detained only by this account's user, so that they can to authenticate themselves to this bastion. - - - diff --git a/doc/sphinx/plugins/restricted/accountListPasswords.rst b/doc/sphinx/plugins/restricted/accountListPasswords.rst index adc8d42..476b20e 100644 --- a/doc/sphinx/plugins/restricted/accountListPasswords.rst +++ b/doc/sphinx/plugins/restricted/accountListPasswords.rst @@ -20,6 +20,3 @@ List the hashes and metadata of the egress passwords associated to an account The passwords corresponding to these hashes are only needed for devices that don't support key-based SSH - - - diff --git a/doc/sphinx/plugins/restricted/accountMFAResetPassword.rst b/doc/sphinx/plugins/restricted/accountMFAResetPassword.rst index dcfddee..81cd43f 100644 --- a/doc/sphinx/plugins/restricted/accountMFAResetPassword.rst +++ b/doc/sphinx/plugins/restricted/accountMFAResetPassword.rst @@ -20,6 +20,3 @@ Remove the UNIX password of an account Note that if doesn't remove the account UNIX password requirement, if set (see ``accountModify`` for this) - - - diff --git a/doc/sphinx/plugins/restricted/accountMFAResetTOTP.rst b/doc/sphinx/plugins/restricted/accountMFAResetTOTP.rst index 6191ed8..cc56d22 100644 --- a/doc/sphinx/plugins/restricted/accountMFAResetTOTP.rst +++ b/doc/sphinx/plugins/restricted/accountMFAResetTOTP.rst @@ -20,6 +20,3 @@ Remove the TOTP configuration of an account Note that if doesn't remove the TOTP requirement, if set (see ``accountModify`` for this). - - - diff --git a/doc/sphinx/plugins/restricted/accountModify.rst b/doc/sphinx/plugins/restricted/accountModify.rst index b5f5306..ef621a4 100644 --- a/doc/sphinx/plugins/restricted/accountModify.rst +++ b/doc/sphinx/plugins/restricted/accountModify.rst @@ -63,6 +63,3 @@ Modify an account configuration If enabled, this account can only use ``--osh`` commands, and can't connect anywhere through the bastion - - - diff --git a/doc/sphinx/plugins/restricted/accountPIV.rst b/doc/sphinx/plugins/restricted/accountPIV.rst index 8da6b62..b203c98 100644 --- a/doc/sphinx/plugins/restricted/accountPIV.rst +++ b/doc/sphinx/plugins/restricted/accountPIV.rst @@ -49,6 +49,3 @@ grace for this account, or if the global :ref:`ingressRequirePIV` option is set to true. This policy requires the use of the ``--ttl`` option to specify how much time the policy will be relaxed for this account before going back to its previous policy automatically. This can be useful when people forget their PIV-enabled hardware token and you don't want to send them back home. - - - diff --git a/doc/sphinx/plugins/restricted/accountRevokeCommand.rst b/doc/sphinx/plugins/restricted/accountRevokeCommand.rst index ca69e7b..0b7fe12 100644 --- a/doc/sphinx/plugins/restricted/accountRevokeCommand.rst +++ b/doc/sphinx/plugins/restricted/accountRevokeCommand.rst @@ -22,6 +22,3 @@ Revoke access to a restricted command The name of the OSH plugin to revoke access to (omit to get the list) - - - diff --git a/doc/sphinx/plugins/restricted/accountUnexpire.rst b/doc/sphinx/plugins/restricted/accountUnexpire.rst index 7981868..4b0ea70 100644 --- a/doc/sphinx/plugins/restricted/accountUnexpire.rst +++ b/doc/sphinx/plugins/restricted/accountUnexpire.rst @@ -21,6 +21,3 @@ Unexpire an inactivity-expired account When the bastion is configured to expire accounts that haven't been seen in a while, this command can be used to activate them back. - - - diff --git a/doc/sphinx/plugins/restricted/groupDelete.rst b/doc/sphinx/plugins/restricted/groupDelete.rst index e5c873a..0bfc41c 100644 --- a/doc/sphinx/plugins/restricted/groupDelete.rst +++ b/doc/sphinx/plugins/restricted/groupDelete.rst @@ -25,6 +25,3 @@ Delete a group This restricted command is able to delete any group. Group owners can however delete their own groups using the sibling `groupDestroy` command. - - - diff --git a/doc/sphinx/plugins/restricted/realmCreate.rst b/doc/sphinx/plugins/restricted/realmCreate.rst index 755d670..0a4af72 100644 --- a/doc/sphinx/plugins/restricted/realmCreate.rst +++ b/doc/sphinx/plugins/restricted/realmCreate.rst @@ -32,6 +32,3 @@ Declare and create a new trusted realm Public SSH key to deposit on the bastion to access this realm. If not present, you'll be prompted interactively for it. Use double-quoting if your're under a shell. - - - diff --git a/doc/sphinx/plugins/restricted/realmDelete.rst b/doc/sphinx/plugins/restricted/realmDelete.rst index 39fa0e2..4bab964 100644 --- a/doc/sphinx/plugins/restricted/realmDelete.rst +++ b/doc/sphinx/plugins/restricted/realmDelete.rst @@ -18,6 +18,3 @@ Delete a bastion realm Name of the realm to delete - - - diff --git a/doc/sphinx/plugins/restricted/realmInfo.rst b/doc/sphinx/plugins/restricted/realmInfo.rst index 875f9b2..ff1bced 100644 --- a/doc/sphinx/plugins/restricted/realmInfo.rst +++ b/doc/sphinx/plugins/restricted/realmInfo.rst @@ -18,6 +18,3 @@ Display information about a bastion realm Name of the realm to show info about - - - diff --git a/doc/sphinx/plugins/restricted/realmList.rst b/doc/sphinx/plugins/restricted/realmList.rst index 36917bf..ccad425 100644 --- a/doc/sphinx/plugins/restricted/realmList.rst +++ b/doc/sphinx/plugins/restricted/realmList.rst @@ -18,6 +18,3 @@ List the bastions realms Only list the specified realm (mainly: check if it exists) - - - diff --git a/doc/sphinx/plugins/restricted/rootListIngressKeys.rst b/doc/sphinx/plugins/restricted/rootListIngressKeys.rst index c0d771c..b85df93 100644 --- a/doc/sphinx/plugins/restricted/rootListIngressKeys.rst +++ b/doc/sphinx/plugins/restricted/rootListIngressKeys.rst @@ -17,6 +17,3 @@ List the public keys to connect as root on this bastion This command is mainly useful for auditability purposes. As it gives some information as to who can be root on the underlying system, please grant this command only to accounts that need to have this information. - - - diff --git a/doc/sphinx/plugins/restricted/selfAddPersonalAccess.rst b/doc/sphinx/plugins/restricted/selfAddPersonalAccess.rst index 1a584f1..13eda5e 100644 --- a/doc/sphinx/plugins/restricted/selfAddPersonalAccess.rst +++ b/doc/sphinx/plugins/restricted/selfAddPersonalAccess.rst @@ -58,6 +58,3 @@ Add a personal server access on your account Add a comment alongside this server. Quote it twice as shown if you're under a shell. - - - diff --git a/doc/sphinx/plugins/restricted/selfDelPersonalAccess.rst b/doc/sphinx/plugins/restricted/selfDelPersonalAccess.rst index b176f6e..332fb84 100644 --- a/doc/sphinx/plugins/restricted/selfDelPersonalAccess.rst +++ b/doc/sphinx/plugins/restricted/selfDelPersonalAccess.rst @@ -42,6 +42,3 @@ Remove a personal server access from your account Remove SCP download right, you<--bastion--server (omit --user in this case) - - - diff --git a/doc/sphinx/plugins/restricted/whoHasAccessTo.rst b/doc/sphinx/plugins/restricted/whoHasAccessTo.rst index 67c7674..1c4da46 100644 --- a/doc/sphinx/plugins/restricted/whoHasAccessTo.rst +++ b/doc/sphinx/plugins/restricted/whoHasAccessTo.rst @@ -45,6 +45,3 @@ Note: This list is what the bastion THINKS is true, which means that if some gro then it'll show all the members of that group as having access to the machine you're specifying, through this group key. This is only true if the remote server does have the group key installed, of course, which the bastion can't tell without trying to connect "right now" (which it won't do). - - - diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm index 1c1d739..86ee9c9 100644 --- a/lib/perl/OVH/Bastion.pm +++ b/lib/perl/OVH/Bastion.pm @@ -427,10 +427,10 @@ sub osh_exit { ## no critic (ArgUnpacking) $R = R(@_); } - if (!$R) { + if (!$R && $R->msg) { OVH::Bastion::osh_crit($R->msg); } - elsif ($R->msg ne $R->err) { + elsif ($R->msg ne $R->err && $R->msg) { OVH::Bastion::osh_info($R->msg); }