sshproxy icon indicating copy to clipboard operation
sshproxy copied to clipboard

Published 20 hours ago verified publisher icon cea-hpc

revamp sshproxy.yaml with an all-new overrides system

Open cyrilst opened this issue 1 year ago • 0 comments

This is a big breaking change in sshproxy.yaml

  • it now allows to override any key!
  • the route system, users and groups override systems are all replaced by a new overrides system, which is more flexible and upgradeable (we can add new filters to match against).
  • matches can be made against user, group and source (host:port of the listening sshd)
  • multiple overrides can match, they are applied from top to bottom (meaning the last one will have precedence if a same key is overriden multiple times)

Migration example:

routes:
  service1:
    source: [host2]
    dest: [host3]
  default:
    dest: [host1]
users:
  - foo:
      debug: true

becomes:

service: default
dest: [host1]
overrides:
  - match:
      - source: host2
    service: service1
    dest: [host3]
  - match:
      - user: foo
    debug: true

A more complex config can now be done, like this:

overrides:
  - match:
      - source: host1
        group: foo
      - group: bar
        group: baz
    debug: true

Meaning "(if source is host1 AND user has group foo) OR (if user has group bar AND user has group baz) then debug is set to true"

cyrilst avatar Apr 17 '24 14:04 cyrilst