Merge pull request #204 from GreyOBox/increase-size-of-name-fields

fix: increase size of name fields

.circleci/config.yml

@@ -1,7 +1,7 @@
 defaults: &defaults
   working_directory: /go/src/moul.io/sshportal
   docker:
-    - image: circleci/golang:1.12.6
+    - image: circleci/golang:1.14.7
   environment:
     GO111MODULE: "on"
 
@@ -16,18 +16,6 @@ install_retry: &install_retry
 
 version: 2
 jobs:
-  go.build:
-    <<: *defaults
-    steps:
-      - checkout
-      - *install_retry
-      - run: /tmp/retry -m 3 go mod download
-      - run: /tmp/retry -m 3 go mod vendor
-      - run: /tmp/retry -m 3 make install
-      - run: GO111MODULE=off /tmp/retry -m 3 go test -v ./...
-      - run: /tmp/retry -m 3 curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.12.2
-      - run: PATH=$PATH:$(pwd)/bin /tmp/retry -m 3 make lint
-
   docker.integration:
     <<: *defaults
     steps:
@@ -48,6 +36,4 @@ workflows:
   version: 2
   build_and_integration:
     jobs:
-      - go.build
       - docker.integration
-      # requires: docker.build?

.gitattributes

@@ -0,0 +1,17 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Collapse vendored and generated files on GitHub
+AUTHORS linguist-generated
+vendor/* linguist-vendored
+rules.mk linguist-vendored
+*/vendor/* linguist-vendored
+*.gen.* linguist-generated
+*.pb.go linguist-generated
+*.pb.gw.go linguist-generated
+go.sum linguist-generated
+go.mod linguist-generated
+gen.sum linguist-generated
+
+# Reduce conflicts on markdown files
+*.md merge=union

.github/renovate.json

@@ -2,5 +2,6 @@
   "extends": [
     "config:base"
   ],
-  "groupName": "all"
+  "groupName": "all",
+  "gomodTidy": true
 }

.github/workflows/ci.yml

@@ -0,0 +1,88 @@
+name: CI
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile
+  golangci-lint:
+    name: golangci-lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: lint
+        uses: golangci/golangci-lint-action@v0.1.7
+        with:
+          version: v1.28
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+  tests-on-windows:
+    needs: golangci-lint # run after golangci-lint action to not produce duplicated errors
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        golang:
+          #- 1.13
+          - 1.14
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.golang }}
+      - name: Run tests on Windows
+        run: make.exe unittest
+        continue-on-error: true
+  tests-on-mac:
+    needs: golangci-lint # run after golangci-lint action to not produce duplicated errors
+    runs-on: macos-latest
+    strategy:
+      matrix:
+        golang:
+          - 1.14
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.golang }}
+      - uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ matrix.golang }}-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-${{ matrix.golang }}-
+      - name: Run tests on Unix-like operating systems
+        run: make unittest
+  tests-on-linux:
+    needs: golangci-lint # run after golangci-lint action to not produce duplicated errors
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        golang:
+          - 1.11
+          - 1.12
+          - 1.13
+          - 1.14
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.golang }}
+      - uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ matrix.golang }}-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-${{ matrix.golang }}-
+      - name: Run tests on Unix-like operating systems
+        run: make unittest

.gitignore

@@ -1,3 +1,4 @@
+coverage.txt
 dist/
 *~
 *#
@@ -6,4 +7,6 @@ dist/
 /log/
 /sshportal
 *.db
-/data
+/data
+sshportal.history
+.idea

.golangci.yml

@@ -1,8 +1,10 @@
 run:
   deadline: 1m
   tests: false
-  #skip-files:
-  #  - ".*\\.gen\\.go"
+  skip-files:
+    - "testing.go"
+    - ".*\\.pb\\.go"
+    - ".*\\.gen\\.go"
 
 linters-settings:
   golint:
@@ -18,17 +20,36 @@ linters-settings:
 linters:
   disable-all: true
   enable:
-    - goconst
-    - misspell
+    - bodyclose
     - deadcode
-    - misspell
-    - structcheck
+    - depguard
+    - dogsled
+    #- dupl
     - errcheck
-    - unused
-    - varcheck
-    - staticcheck
-    - unconvert
+    #- funlen
+    - gochecknoinits
+    #- gocognit
+    - goconst
+    - gocritic
+    #- gocyclo
     - gofmt
     - goimports
     - golint
+    - gosimple
+    - govet
     - ineffassign
+    - interfacer
+    #- maligned
+    - misspell
+    - nakedret
+    - prealloc
+    - scopelint
+    - staticcheck
+    - structcheck
+    #- stylecheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - varcheck
+    - whitespace

AUTHORS

@@ -0,0 +1,31 @@
+# This file lists all individuals having contributed content to the repository.
+# For how it is generated, see 'https://github.com/moul/rules.mk'
+
+ahh <ahamidullah@gmail.com>
+Alen Masic <alenn.masic@gmail.com>
+Alexander Turner <me@alexturner.co>
+bozzo <bozzo@users.noreply.github.com>
+fossabot <badges@fossa.io>
+Jean-Louis Férey <jeanlouis.ferey@orange.com>
+jerard@alfa-safety.fr <jrrdev@users.noreply.github.com>
+Jess <jessachandler@gmail.com>
+Jonathan Lestrelin <jonathan.lestrelin@gmail.com>
+Julien Dessaux <julien.dessaux@adyxax.org>
+Manfred Touron <94029+moul@users.noreply.github.com>
+Manfred Touron <m@42.am>
+Manuel <manuel.sabban@nbs-system.com>
+Manuel Sabban <manu@sabban.eu>
+Manuel Sabban <msa@nbs-system.com>
+Mathieu Pasquet <mathieu.pasquet@alterway.fr>
+Mikael Rapp <micke.rapp@gmail.com>
+MitaliBo <mitali.bisht14@gmail.com>
+moul-bot <bot@moul.io>
+Nelly Asher <karmelylle@rambler.ru>
+NocFlame <aad@nocflame.se>
+Quentin Perez <qperez42@gmail.com>
+Renovate Bot <bot@renovateapp.com>
+Shawn Wang <shawn111@gmail.com>
+Valentin Daviot <valentin.daviot@alterway.fr>
+valentin.daviot <valentin.daviot@alterway.fr>
+welderpb <welderpb@users.noreply.github.com>
+Дмитрий Шульгачик <tech@uniplug.ru>

CHANGELOG.md

@@ -1,121 +1,3 @@
 # Changelog
 
-## master (unreleased)
-
-* No entry
-
-## v1.10.0 (2019-06-24)
-
-* Bump deps, now using github.com/gliderlabs/ssh upstream
-* Fix Windows build ([#101](https://github.com/moul/sshportal/pull/101)) by [@Raerten](https://github.com/Raerten)
-* Use environment variables for settings ([#98](https://github.com/moul/sshportal/pull/98)) by [@Raerten](https://github.com/Raerten)
-* Fix 'userkey create' ([#111](https://github.com/moul/sshportal/pull/111)) by [@shawn111](https://github.com/shawn111)
-* Set log files mode to 440 instead of 640 ([#134](https://github.com/moul/sshportal/pull/134)) by [@jle64](https://github.com/jle64)
-* Allow to create a host using an IP as name ([#135](https://github.com/moul/sshportal/pull/135)) by [@jle64](https://github.com/jle64)
-* Add username and session ID to session log filename ([#133](https://github.com/moul/sshportal/pull/133)) by [@jle64](https://github.com/jle64)
-* Unable to use encrypted SSH private keys ([#124](https://github.com/moul/sshportal/pull/124)) by [@welderpb](https://github.com/welderpb)
-* Fix format of ID in new session + closing channel if host is unreachable ([#123](https://github.com/moul/sshportal/pull/123)) by [@vdaviot](https://github.com/vdaviot)
-* Refactor the main package with a focus on splitting up into packages ([#113](https://github.com/moul/sshportal/pull/113)) by [@ahamidullah](https://github.com/ahamidullah)
-
-
-## v1.9.0 (2018-11-18)
-
-* Add `hostgroup update` and `usergroup update` commands ([#58](https://github.com/moul/sshportal/pull/58)) by [@adyxax](https://github.com/adyxax)
-* Add socket timeout ([#80](https://github.com/moul/sshportal/pull/80)) by [@ahhx](https://github.com/ahhx)
-* Add a flag to list only active sessions ([#76](https://github.com/moul/sshportal/pull/76)) by [@vdaviot](https://github.com/vdaviot)
-* Unset hop on host ([#74](https://github.com/moul/sshportal/pull/74)) by [@vdaviot](https://github.com/vdaviot)
-* Fix session status and duration display ([#75](https://github.com/moul/sshportal/pull/75)) by [@vdaviot](https://github.com/vdaviot)
-* Fix log path and filename on Windows ([#78](https://github.com/moul/sshportal/pull/78)) by [@Raerten](https://github.com/Raerten)
-* Admin user is not editable ([#69](https://github.com/moul/sshportal/pull/69)) by [@alenn-m](https://github.com/alenn-m)
-* Switch to go modules (go1.11) ([#83](https://github.com/moul/sshportal/pull/83))
-* Switch to moul.io/sshportal canonical URL ([#86](https://github.com/moul/sshportal/pull/86))
-* Switch to golangci-lint ([#87](https://github.com/moul/sshportal/pull/87))
-
-## v1.8.0 (2018-04-02)
-
-* The default created user now has the same username as the user starting sshportal (was hardcoded "admin")
-* Add Telnet support
-* Add TTY audit feature ([#23](https://github.com/moul/sshportal/issues/23)) by [@sabban](https://github.com/sabban)
-* Fix `--assign-*` commands when using MySQL driver ([#45](https://github.com/moul/sshportal/issues/45))
-* Add *HOP* support, an efficient and integrated way of using a jump host transparently ([#47](https://github.com/moul/sshportal/issues/47)) by [@mathieui](https://github.com/mathieui)
-* Fix panic on some `ls` commands ([#54](https://github.com/moul/sshportal/pull/54)) by [@jle64](https://github.com/jle64)
-* Add tunnels (`direct-tcp`) support with logging ([#44](https://github.com/moul/sshportal/issues/44)) by [@sabban](https://github.com/sabban)
-* Add `key import` command ([#52](https://github.com/moul/sshportal/issues/52)) by [@adyxax](https://github.com/adyxax)
-* Add 'exec' logging ([#40](https://github.com/moul/sshportal/issues/40)) by [@sabban](https://github.com/sabban)
-
-## v1.7.1 (2018-01-03)
-
-* Return non-null exit-code on authentication error
-* **hotfix**: repair invite system (broken in v1.7.0)
-
-## v1.7.0 (2018-01-02)
-
-Breaking changes:
-* Use `sshportal server` instead of `sshportal` to start a new server (nothing to change if using the docker image)
-* Remove `--config-user` and `--healthcheck-user` global options
-
-Changes:
-* Fix connection failure when sending too many environment variables (fix [#22](https://github.com/moul/sshportal/issues/22))
-* Fix panic when entering empty command (fix [#13](https://github.com/moul/sshportal/issues/13))
-* Add `config backup --ignore-events` option
-* Add `sshportal healthcheck [--addr=] [--wait] [--quiet]` cli command
-* Add [Docker Healthcheck](https://docs.docker.com/engine/reference/builder/#healthcheck) helper
-* Support Putty (fix [#24](https://github.com/moul/sshportal/issues/24))
-
-## v1.6.0 (2017-12-12)
-
-* Add `--latest` and `--quiet` options to `ls` commands
-* Add `healthcheck` user
-* Add `key show KEY` command
-
-## v1.5.0 (2017-12-02)
-
-* Create Session objects on each connections (history)
-* Connection history
-* Audit log
-* Add dynamic strict host key checking (learning on the first time, strict on the next ones)
-* Add-back MySQL support (experimental)
-* Fix some backup/restore bugs
-
-## v1.4.0 (2017-11-24)
-
-* Add 'key setup' command (easy SSH key installation)
-* Add Updated and Created fields in 'ls' commands
-* Add `--aes-key` option to encrypt sensitive data
-
-## v1.3.0 (2017-11-23)
-
-* More details in 'ls' commands
-* Add 'host update' command (fix [#2](https://github.com/moul/sshportal/issues/2))
-* Add 'user update' command (fix [#3](https://github.com/moul/sshportal/issues/3))
-* Add 'acl update' command (fix [#4](https://github.com/moul/sshportal/issues/4))
-* Allow connecting to the shell mode with the registered username or email (fix [#5](https://github.com/moul/sshportal/issues/5))
-* Add 'listhosts' role (fix [#5](https://github.com/moul/sshportal/issues/5))
-
-## v1.2.0 (2017-11-22)
-
-* Support adding multiple `--group` links on `host create` and `user create`
-* Use govalidator to perform more consistent input validation
-* Use a database migration system
-
-## v1.1.0 (2017-11-15)
-
-* Improve versionning (static VERSION + dynamic GIT_* info)
-* Configuration management (backup + restore)
-* Implement Exit (fix [#6](https://github.com/moul/sshportal/pull/6))
-* Disable mysql support (not fully working right now)
-* Set random seed properly
-
-## v1.0.0 (2017-11-14)
-
-Initial version
-
-* Host management
-* User management
-* User Group management
-* Host Group management
-* Host Key management
-* User Key management
-* ACL management
-* Connect to host using key or password
-* Admin commands can be run directly or in an interactive shell
+Here: https://github.com/moul/sshportal/releases

Dockerfile

@@ -1,5 +1,5 @@
 # build
-FROM golang:1.12.6 as builder
+FROM golang:1.14.7 as builder
 ENV             GO111MODULE=on
 WORKDIR         /go/src/moul.io/sshportal
 COPY            go.mod go.sum ./

Makefile

@@ -1,18 +1,16 @@
-GIT_SHA ?=	$(shell git rev-parse HEAD)
-GIT_TAG ?=	$(shell git describe --tags --always)
-GIT_BRANCH ?=	$(shell git rev-parse --abbrev-ref HEAD)
-LDFLAGS ?=	-X main.GitSha=$(GIT_SHA) -X main.GitTag=$(GIT_TAG) -X main.GitBranch=$(GIT_BRANCH)
-VERSION ?=	$(shell grep 'VERSION =' main.go | cut -d'"' -f2)
+GOPKG ?= moul.io/sshportal
+GOBINS ?= .
+DOCKER_IMAGE ?= moul/sshportal
+
+VERSION ?= `git describe --tags --always`
+VCS_REF ?= `git rev-parse --short HEAD`
+GO_INSTALL_OPTS = -ldflags="-X main.GitSha=$(VCS_REF) -X main.GitTag=$(VERSION)"
+PORT ?= 2222
+
+include rules.mk
+
+DB_VERSION ?=	v$(shell grep -E 'ID: "[0-9]+",' pkg/bastion/dbinit.go | tail -n 1 | cut -d'"' -f2)
 AES_KEY ?=	my-dummy-aes-key
-GO ?=		GO111MODULE=on go
-
-.PHONY: install
-install:
-	$(GO) install -v -ldflags '$(LDFLAGS)' .
-
-.PHONY: docker.build
-docker.build:
-	docker build -t moul/sshportal .
 
 .PHONY: integration
 integration:
@@ -27,19 +25,10 @@ dev:
 	-$(GO) get github.com/githubnemo/CompileDaemon
 	CompileDaemon -exclude-dir=.git -exclude=".#*" -color=true -command="./sshportal server --debug --bind-address=:$(PORT) --aes-key=$(AES_KEY) $(EXTRA_RUN_OPTS)" .
 
-.PHONY: test
-test:
-	$(GO) test -i ./...
-	$(GO) test -v ./...
-
-.PHONY: lint
-lint:
-	golangci-lint run --verbose ./...
-
 .PHONY: backup
 backup:
 	mkdir -p data/backups
-	cp sshportal.db data/backups/$(shell date +%s)-$(VERSION)-sshportal.sqlite
+	cp sshportal.db data/backups/$(shell date +%s)-$(DB_VERSION)-sshportal.sqlite
 
 doc:
 	dot -Tsvg ./.assets/overview.dot > ./.assets/overview.svg

README.md

@@ -9,6 +9,8 @@
 
 Jump host/Jump server without the jump, a.k.a Transparent SSH bastion
 
+<img src="https://raw.githubusercontent.com/moul/sshportal/master/.assets/bastion.jpg" width="50%">
+
 Features include: independence of users and hosts, convenient user invite system, connecting to servers that don't support SSH keys, various levels of access, and many more. Easy to install, run and configure.
 
 ![Flow Diagram](https://raw.githubusercontent.com/moul/sshportal/master/.assets/flow-diagram.png)
@@ -58,6 +60,8 @@ Shared connection to localhost closed.
 $
 ```
 
+If the association fails and you are promted for a password, verify that the host you're connecting from has a SSH key set up or generate one with ```ssh-keygen -t rsa```
+
 Drop an interactive administrator shell
 
 ```console
@@ -158,7 +162,7 @@ If you need to invite multiple people to an event (hackathon, course, etc), the
 * Sensitive data encryption
 * Session management (see active connections, history, stats, stop)
 * Audit log (logging every user action)
-* Record TTY Session
+* Record TTY Session (with [ttyrec](https://en.wikipedia.org/wiki/Ttyrec) format, use `ttyplay` for replay)
 * Tunnels logging
 * Host Keys verifications shared across users
 * Healthcheck user (replying OK to any user)
@@ -178,6 +182,8 @@ If you need to invite multiple people to an event (hackathon, course, etc), the
 **(Known) limitations**
 
 * Does not work (yet?) with [`mosh`](https://mosh.org/)
+* It is not possible for a user to access a host with the same name as the user. This is easily circumvented by changing the user name, especially since the most common use cases does not expose it.
+* It is not possible access a host named `healthcheck` as this is a built in command.
 
 ---
 
@@ -232,7 +238,7 @@ docker logs -f sshportal
 Get the latest version using GO.
 
 ```sh
-go get -u moul.io/sshportal
+GO111MODULE=on go get -u moul.io/sshportal
 ```
 
 ---
@@ -267,7 +273,7 @@ cp sshportal.db sshportal.db.bkp
 
 `sshportal` embeds a configuration CLI.
 
-By default, the configuration user is `admin`, (can be changed using `--config-user=<value>` when starting the server.
+By default, the configuration user is `admin`, (can be changed using `--config-user=<value>` when starting the server. The shell is also accessible through `ssh [username]@portal.example.org`.
 
 Each commands can be run directly by using this syntax: `ssh admin@portal.example.org <command> [args]`:
 
@@ -322,11 +328,11 @@ event inspect [-h] EVENT...
 
 # host management
 host help
-host create [-h] [--name=<value>] [--password=<value>] [--comment=<value>] [--key=KEY] [--group=HOSTGROUP...] [--hop=HOST] <username>[:<password>]@<host>[:<port>]
+host create [-h] [--name=<value>] [--password=<value>] [--comment=<value>] [--key=KEY] [--group=HOSTGROUP...] [--hop=HOST] [--logging=MODE] <username>[:<password>]@<host>[:<port>]
 host inspect [-h] [--decrypt] HOST...
 host ls [-h] [--latest] [--quiet]
 host rm [-h] HOST...
-host update [-h] [--name=<value>] [--comment=<value>] [--key=KEY] [--assign-group=HOSTGROUP...] [--unassign-group=HOSTGROUP...] [--set-hop=HOST] [--unset-hop] HOST...
+host update [-h] [--name=<value>] [--comment=<value>] [--key=KEY] [--assign-group=HOSTGROUP...] [--unassign-group=HOSTGROUP...] [--logging-MODE] [--set-hop=HOST] [--unset-hop] HOST...
 
 # hostgroup management
 hostgroup help
@@ -495,3 +501,7 @@ Support this project with your organization. Your logo will show up here with a
 <a href="https://opencollective.com/sshportal/organization/7/website"><img src="https://opencollective.com/sshportal/organization/7/avatar.svg"></a>
 <a href="https://opencollective.com/sshportal/organization/8/website"><img src="https://opencollective.com/sshportal/organization/8/avatar.svg"></a>
 <a href="https://opencollective.com/sshportal/organization/9/website"><img src="https://opencollective.com/sshportal/organization/9/avatar.svg"></a>
+
+### Stargazers over time
+
+[![Stargazers over time](https://starchart.cc/moul/sshportal.svg)](https://starchart.cc/moul/sshportal)

go.mod

@@ -1,32 +1,34 @@
 module moul.io/sshportal
 
 require (
-	cloud.google.com/go v0.40.0 // indirect
-	github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239
-	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
-	github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3 // indirect
+	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
+	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
+	github.com/creack/pty v1.1.11 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/docker/docker v1.13.1
 	github.com/dustin/go-humanize v1.0.0
-	github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
-	github.com/gliderlabs/ssh v0.2.2
+	github.com/gliderlabs/ssh v0.3.0
+	github.com/go-sql-driver/mysql v1.5.0
 	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
-	github.com/jinzhu/gorm v1.9.2
-	github.com/kr/pty v1.1.3
-	github.com/mattn/go-colorable v0.0.9 // indirect
-	github.com/mattn/go-isatty v0.0.4 // indirect
-	github.com/mattn/go-runewidth v0.0.4 // indirect
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b
-	github.com/moby/moby v0.7.3-0.20190103212154-2b7e084dc98b
-	github.com/olekukonko/tablewriter v0.0.1
-	github.com/reiver/go-oi v0.0.0-20160325061615-431c83978379
+	github.com/jinzhu/gorm v1.9.15
+	github.com/kr/pty v1.1.8
+	github.com/mattn/go-colorable v0.1.6 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
+	github.com/olekukonko/tablewriter v0.0.4
+	github.com/pkg/errors v0.9.1
+	github.com/reiver/go-oi v1.0.0
 	github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e
 	github.com/sabban/bastion v0.0.0-20180110125408-b9d3c9b1f4d3
 	github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3 // indirect
-	github.com/smartystreets/goconvey v1.6.4-0.20190330032615-68dc04aab96a
-	github.com/urfave/cli v1.20.0
-	golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
-	golang.org/x/sys v0.0.0-20190613124609-5ed2794edfdc // indirect
-	google.golang.org/appengine v1.6.1 // indirect
-	gopkg.in/gormigrate.v1 v1.5.0
+	github.com/smartystreets/goconvey v1.6.4
+	github.com/urfave/cli v1.22.4
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+	golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980 // indirect
+	gopkg.in/gormigrate.v1 v1.6.0
+	moul.io/srand v1.4.0
 )
 
-go 1.12.6
+go 1.14

go.sum

@@ -1,227 +1,124 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.33.1/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.37.4/go.mod h1:NHPJ89PdicEuT9hdPXMROBD91xc5uRDxsMtSB16k7hw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.40.0 h1:FjSY7bOj+WzJe6TZRVtXI2b9kAYvtNg4lMbcH2+MUkk=
-cloud.google.com/go v0.40.0/go.mod h1:Tk58MuI9rbLMKlAjeO/bDnteAx7tX2gJIXw4T5Jwlro=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc=
+github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
+github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
+github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
+github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.0.0-20181014144952-4e0d7dc8888f/go.mod h1:xN/JuLBIz4bjkxNmByTiV1IbhfnYb6oo99phBn4Eqhc=
-github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3 h1:tkum0XDgfR0jcVVXuTsYv/erY2NnEDqwRojbxR1rBYA=
-github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3/go.mod h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM=
+github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd h1:83Wprp6ROGeiHFAP8WJdI2RoxALQYgdllERc3N5N2DM=
+github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
+github.com/docker/docker v1.13.1 h1:IkZjBSIc8hBjLpqeAbeE5mca5mNgeatLHBy3GO78BWo=
+github.com/docker/docker v1.13.1/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
-github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
+github.com/gliderlabs/ssh v0.3.0 h1:7GcKy4erEljCE/QeQ2jTVpu+3f3zkpZOxOJjFYkMqYU=
+github.com/gliderlabs/ssh v0.3.0/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
+github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/jinzhu/gorm v1.9.2 h1:lCvgEaqe/HVE+tjAR2mt4HbbHAZsQOv3XAZiEZV37iw=
 github.com/jinzhu/gorm v1.9.2/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
-github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a h1:eeaG9XMUvRBYXJi4pg1ZKM7nxc5AfXfojeLLW7O5J3k=
+github.com/jinzhu/gorm v1.9.15 h1:OdR1qFvtXktlxk73XFYMiYn9ywzTwytqe4QkuMRqc38=
+github.com/jinzhu/gorm v1.9.15/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs=
 github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v0.0.0-20181116074157-8ec929ed50c3 h1:xvj06l8iSwiWpYgm8MbPp+naBg+pwfqmdXabzqPCn/8=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v0.0.0-20181116074157-8ec929ed50c3/go.mod h1:oHTiXerJ20+SfYcrdlBO7rzZRJWGwSTQ0iUY2jI6Gfc=
+github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M=
+github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pty v1.1.3 h1:/Um6a/ZmD5tF7peoOJ5oN5KMQ0DrGVQSXLNwyckutPk=
-github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A=
+github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
+github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y=
-github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-sqlite3 v1.10.0 h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=
+github.com/lib/pq v1.1.1 h1:sJZmqHoEaY7f+NPP8pgLB/WxulyR3fewgCM2qaSlBb4=
+github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE=
+github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=
-github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
-github.com/moby/moby v0.7.3-0.20190103212154-2b7e084dc98b h1:z/nBoaNNRdlg5oyabuQyZshr/YsANYEcjI+IiNT/U6U=
-github.com/moby/moby v0.7.3-0.20190103212154-2b7e084dc98b/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/olekukonko/tablewriter v0.0.1 h1:b3iUnf1v+ppJiOfNX4yxxqfWKMQPZR5yoh8urCTFX88=
-github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
-github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8=
+github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/reiver/go-oi v0.0.0-20160325061615-431c83978379 h1:NBPkf14RzPYmr3478XQcmQyMKkxSvguL7+cyKKNvGxY=
-github.com/reiver/go-oi v0.0.0-20160325061615-431c83978379/go.mod h1:RrDBct90BAhoDTxB1fenZwfykqeGvhI6LsNfStJoEkI=
+github.com/reiver/go-oi v1.0.0 h1:nvECWD7LF+vOs8leNGV/ww+F2iZKf3EYjYZ527turzM=
+github.com/reiver/go-oi v1.0.0/go.mod h1:RrDBct90BAhoDTxB1fenZwfykqeGvhI6LsNfStJoEkI=
 github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e h1:quuzZLi72kkJjl+f5AQ93FMcadG19WkS7MO6TXFOSas=
 github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e/go.mod h1:+5vNVvEWwEIx86DB9Ke/+a5wBI464eDRo3eF0LcfpWg=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sabban/bastion v0.0.0-20180110125408-b9d3c9b1f4d3 h1:yxUGvEatvDMO6gkhwx82Va+Czdyui9LiCw6a5YB/2f8=
 github.com/sabban/bastion v0.0.0-20180110125408-b9d3c9b1f4d3/go.mod h1:1Q04m7wmv/IMoZU9t8UkH+n9McWn4i3H9v9LnMgqloo=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3 h1:hBSHahWMEgzwRyS6dRpxY0XyjZsHyQ61s084wo5PJe0=
 github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4-0.20190330032615-68dc04aab96a h1:XmieTxr5Ejfoo1izsMZO4qWqOTpYagCqNMJyP87ONS0=
-github.com/smartystreets/goconvey v1.6.4-0.20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
+github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190613124609-5ed2794edfdc h1:x+/QxSNkVFAC+v4pL1f6mZr1z+qgi+FoR8ccXZPVC10=
-golang.org/x/sys v0.0.0-20190613124609-5ed2794edfdc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980 h1:OjiUf46hAmXblsZdnoSXsEUSKU8r1UEzcL5RVZ4gO9Y=
+golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1 h1:QzqyMA1tlu6CgqCDUtU9V+ZKhLFT2dkJuANu5QaxI3I=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gormigrate.v1 v1.5.0 h1:M667uzFRcnBf5cNAcSyYyNdJTJ1KQnUTmc+mjCLfPfw=
-gopkg.in/gormigrate.v1 v1.5.0/go.mod h1:Lf00lQrHqfSYWiTtPcyQabsDdM6ejZaMgV0OU6JMSlw=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/gormigrate.v1 v1.6.0 h1:XpYM6RHQPmzwY7Uyu+t+xxMXc86JYFJn4nEc9HzQjsI=
+gopkg.in/gormigrate.v1 v1.6.0/go.mod h1:Lf00lQrHqfSYWiTtPcyQabsDdM6ejZaMgV0OU6JMSlw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+moul.io/srand v1.4.0 h1:r5ZMiWDN0ni0lTV7KzJR/jx0K7GivJYW5WaXmufgeik=
+moul.io/srand v1.4.0/go.mod h1:P2uaZB+GFstFNo8sEj6/U8FRV1n25kD0LLckFpJ+qvc=

main.go

@@ -5,31 +5,29 @@ import (
 	"math/rand"
 	"os"
 	"path"
-	"time"
 
+	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/jinzhu/gorm/dialects/mysql"
+	_ "github.com/jinzhu/gorm/dialects/postgres"
 	_ "github.com/jinzhu/gorm/dialects/sqlite"
 	"github.com/urfave/cli"
+	"moul.io/srand"
 )
 
 var (
-	// Version should be updated by hand at each release
-	Version = "1.10.0+dev"
 	// GitTag will be overwritten automatically by the build system
-	GitTag string
+	GitTag = "n/a"
 	// GitSha will be overwritten automatically by the build system
-	GitSha string
-	// GitBranch will be overwritten automatically by the build system
-	GitBranch string
+	GitSha = "n/a"
 )
 
 func main() {
-	rand.Seed(time.Now().UnixNano())
+	rand.Seed(srand.Secure())
 
 	app := cli.NewApp()
 	app.Name = path.Base(os.Args[0])
 	app.Author = "Manfred Touron"
-	app.Version = Version + " (" + GitSha + ")"
+	app.Version = GitTag + " (" + GitSha + ")"
 	app.Email = "https://moul.io/sshportal"
 	app.Commands = []cli.Command{
 		{

pkg/bastion/acl.go

@@ -1,7 +1,8 @@
-package bastion // import "moul.io/sshportal/pkg/bastion"
+package bastion
 
 import (
 	"sort"
+	"time"
 
 	"moul.io/sshportal/pkg/dbmodels"
 )
@@ -12,7 +13,9 @@ func (a byWeight) Len() int           { return len(a) }
 func (a byWeight) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
 func (a byWeight) Less(i, j int) bool { return a[i].Weight < a[j].Weight }
 
-func checkACLs(user dbmodels.User, host dbmodels.Host) (string, error) {
+func checkACLs(user dbmodels.User, host dbmodels.Host) string {
+	currentTime := time.Now()
+
 	// shared ACLs between user and host
 	aclMap := map[uint]*dbmodels.ACL{}
 	for _, userGroup := range user.Groups {
@@ -20,7 +23,10 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) (string, error) {
 			for _, hostGroup := range host.Groups {
 				for _, hostGroupACL := range hostGroup.ACLs {
 					if userGroupACL.ID == hostGroupACL.ID {
-						aclMap[userGroupACL.ID] = userGroupACL
+						if (userGroupACL.Inception == nil || currentTime.After(*userGroupACL.Inception)) &&
+							(userGroupACL.Expiration == nil || currentTime.Before(*userGroupACL.Expiration)) {
+							aclMap[userGroupACL.ID] = userGroupACL
+						}
 					}
 				}
 			}
@@ -30,7 +36,7 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) (string, error) {
 
 	// deny by default if no shared ACL
 	if len(aclMap) == 0 {
-		return string(dbmodels.ACLActionDeny), nil // default action
+		return string(dbmodels.ACLActionDeny) // default action
 	}
 
 	// transform map to slice and sort it
@@ -40,5 +46,5 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) (string, error) {
 	}
 	sort.Sort(byWeight(acls))
 
-	return acls[0].Action, nil
+	return acls[0].Action
 }

pkg/bastion/acl_test.go

@@ -43,8 +43,7 @@ func TestCheckACLs(t *testing.T) {
 		db.Preload("Groups").Preload("Groups.ACLs").Find(&users)
 
 		// test
-		action, err := checkACLs(users[0], hosts[0])
-		c.So(err, ShouldBeNil)
+		action := checkACLs(users[0], hosts[0])
 		c.So(action, ShouldEqual, dbmodels.ACLActionAllow)
 	})
 }

pkg/bastion/dbinit.go

@@ -40,14 +40,13 @@ func DBInit(db *gorm.DB) error {
 			ID: "2",
 			Migrate: func(tx *gorm.DB) error {
 				type SSHKey struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string
 					Type        string
 					Length      uint
 					Fingerprint string
-					PrivKey     string           `sql:"size:10000"`
-					PubKey      string           `sql:"size:10000"`
+					PrivKey     string           `sql:"size:5000"`
+					PubKey      string           `sql:"size:1000"`
 					Hosts       []*dbmodels.Host `gorm:"ForeignKey:SSHKeyID"`
 					Comment     string
 				}
@@ -60,7 +59,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "3",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string `gorm:"size:32"`
 					Addr        string
@@ -82,7 +80,7 @@ func DBInit(db *gorm.DB) error {
 			Migrate: func(tx *gorm.DB) error {
 				type UserKey struct {
 					gorm.Model
-					Key     []byte         `sql:"size:10000"`
+					Key     []byte         `sql:"size:1000"`
 					UserID  uint           ``
 					User    *dbmodels.User `gorm:"ForeignKey:UserID"`
 					Comment string
@@ -96,7 +94,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "5",
 			Migrate: func(tx *gorm.DB) error {
 				type User struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					IsAdmin     bool
 					Email       string
@@ -261,14 +258,14 @@ func DBInit(db *gorm.DB) error {
 					return err
 				}
 
-				var users []dbmodels.User
+				var users []*dbmodels.User
 				if err := db.Preload("Roles").Where("is_admin = ?", true).Find(&users).Error; err != nil {
 					return err
 				}
 
 				for _, user := range users {
 					user.Roles = append(user.Roles, &adminRole)
-					if err := tx.Save(&user).Error; err != nil {
+					if err := tx.Save(user).Error; err != nil {
 						return err
 					}
 				}
@@ -344,8 +341,8 @@ func DBInit(db *gorm.DB) error {
 			Migrate: func(tx *gorm.DB) error {
 				type UserKey struct {
 					gorm.Model
-					Key           []byte         `sql:"size:10000" valid:"required,length(1|10000)"`
-					AuthorizedKey string         `sql:"size:10000" valid:"required,length(1|10000)"`
+					Key           []byte         `sql:"size:1000" valid:"required,length(1|1000)"`
+					AuthorizedKey string         `sql:"size:1000" valid:"required,length(1|1000)"`
 					UserID        uint           ``
 					User          *dbmodels.User `gorm:"ForeignKey:UserID"`
 					Comment       string         `valid:"optional"`
@@ -358,7 +355,7 @@ func DBInit(db *gorm.DB) error {
 		}, {
 			ID: "24",
 			Migrate: func(tx *gorm.DB) error {
-				var userKeys []dbmodels.UserKey
+				var userKeys []*dbmodels.UserKey
 				if err := db.Find(&userKeys).Error; err != nil {
 					return err
 				}
@@ -369,7 +366,7 @@ func DBInit(db *gorm.DB) error {
 						return err
 					}
 					userKey.AuthorizedKey = string(gossh.MarshalAuthorizedKey(key))
-					if err := db.Model(&userKey).Updates(&userKey).Error; err != nil {
+					if err := db.Model(userKey).Updates(userKey).Error; err != nil {
 						return err
 					}
 				}
@@ -382,17 +379,16 @@ func DBInit(db *gorm.DB) error {
 			ID: "25",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string                `gorm:"size:32" valid:"required,length(1|32),unix_user"`
 					Addr        string                `valid:"required"`
 					User        string                `valid:"optional"`
 					Password    string                `valid:"optional"`
-					SSHKey      *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"` // SSHKey used to connect by the client
+					SSHKey      *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
 					SSHKeyID    uint                  `gorm:"index"`
-					HostKey     []byte                `sql:"size:10000" valid:"optional"`
+					HostKey     []byte                `sql:"size:1000" valid:"optional"`
 					Groups      []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
-					Fingerprint string                `valid:"optional"` // FIXME: replace with hostKey ?
+					Fingerprint string                `valid:"optional"`
 					Comment     string                `valid:"optional"`
 				}
 				return tx.AutoMigrate(&Host{}).Error
@@ -422,14 +418,14 @@ func DBInit(db *gorm.DB) error {
 		}, {
 			ID: "27",
 			Migrate: func(tx *gorm.DB) error {
-				var sessions []dbmodels.Session
+				var sessions []*dbmodels.Session
 				if err := db.Find(&sessions).Error; err != nil {
 					return err
 				}
 
 				for _, session := range sessions {
 					if session.StoppedAt != nil && session.StoppedAt.IsZero() {
-						if err := db.Model(&session).Updates(map[string]interface{}{"stopped_at": nil}).Error; err != nil {
+						if err := db.Model(session).Updates(map[string]interface{}{"stopped_at": nil}).Error; err != nil {
 							return err
 						}
 					}
@@ -443,7 +439,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "28",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name     string `gorm:"size:32"`
 					Addr     string
@@ -452,7 +447,7 @@ func DBInit(db *gorm.DB) error {
 					URL      string
 					SSHKey   *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
 					SSHKeyID uint                  `gorm:"index"`
-					HostKey  []byte                `sql:"size:10000"`
+					HostKey  []byte                `sql:"size:1000"`
 					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
 					Comment  string
 				}
@@ -465,7 +460,29 @@ func DBInit(db *gorm.DB) error {
 			ID: "29",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
+					gorm.Model
+					Name     string `gorm:"size:32"`
+					Addr     string
+					User     string
+					Password string
+					URL      string
+					SSHKey   *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
+					SSHKeyID uint                  `gorm:"index"`
+					HostKey  []byte                `sql:"size:1000"`
+					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
+					Comment  string
+					Hop      *dbmodels.Host
+					HopID    uint
+				}
+				return tx.AutoMigrate(&Host{}).Error
+			},
+			Rollback: func(tx *gorm.DB) error {
+				return fmt.Errorf("not implemented")
+			},
+		}, {
+			ID: "30",
+			Migrate: func(tx *gorm.DB) error {
+				type Host struct {
 					gorm.Model
 					Name     string `gorm:"size:32"`
 					Addr     string
@@ -478,13 +495,35 @@ func DBInit(db *gorm.DB) error {
 					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
 					Comment  string
 					Hop      *dbmodels.Host
+					Logging  string
 					HopID    uint
 				}
 				return tx.AutoMigrate(&Host{}).Error
 			},
-			Rollback: func(tx *gorm.DB) error {
-				return fmt.Errorf("not implemented")
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
+		}, {
+			ID: "31",
+			Migrate: func(tx *gorm.DB) error {
+				return tx.Model(&dbmodels.Host{}).Updates(&dbmodels.Host{Logging: "everything"}).Error
 			},
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
+		}, {
+			ID: "32",
+			Migrate: func(tx *gorm.DB) error {
+				type ACL struct {
+					gorm.Model
+					HostGroups  []*dbmodels.HostGroup `gorm:"many2many:host_group_acls;"`
+					UserGroups  []*dbmodels.UserGroup `gorm:"many2many:user_group_acls;"`
+					HostPattern string                `valid:"optional"`
+					Action      string                `valid:"required"`
+					Weight      uint                  ``
+					Comment     string                `valid:"optional"`
+					Inception   *time.Time
+					Expiration  *time.Time
+				}
+				return tx.AutoMigrate(&ACL{}).Error
+			},
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
 		},
 	})
 	if err := m.Migrate(); err != nil {

pkg/bastion/session.go

@@ -1,26 +1,28 @@
 package bastion // import "moul.io/sshportal/pkg/bastion"
 
 import (
-	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"os"
-	"strings"
+	"path/filepath"
 	"time"
 
 	"github.com/gliderlabs/ssh"
+	"github.com/pkg/errors"
 	"github.com/sabban/bastion/pkg/logchannel"
 	gossh "golang.org/x/crypto/ssh"
 )
 
 type sessionConfig struct {
 	Addr         string
-	Logs         string
+	LogsLocation string
 	ClientConfig *gossh.ClientConfig
+	LoggingMode  string
 }
 
-func multiChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx ssh.Context, configs []sessionConfig, sessionID uint) error {
+func multiChannelHandler(conn *gossh.ServerConn, newChan gossh.NewChannel, ctx ssh.Context, configs []sessionConfig, sessionID uint) error {
 	var lastClient *gossh.Client
 	switch newChan.ChannelType() {
 	case "session":
@@ -63,7 +65,7 @@ func multiChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.
 		actx := ctx.Value(authContextKey).(*authContext)
 		username := actx.user.Name
 		// pipe everything
-		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1].Logs, user, username, sessionID, newChan)
+		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1], user, username, sessionID, newChan)
 	case "direct-tcpip":
 		lch, lreqs, err := newChan.Accept()
 		// TODO: defer clean closer
@@ -108,7 +110,7 @@ func multiChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.
 		actx := ctx.Value(authContextKey).(*authContext)
 		username := actx.user.Name
 		// pipe everything
-		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1].Logs, user, username, sessionID, newChan)
+		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1], user, username, sessionID, newChan)
 	default:
 		if err := newChan.Reject(gossh.UnknownChannelType, "unsupported channel type"); err != nil {
 			log.Printf("failed to reject chan: %v", err)
@@ -117,65 +119,77 @@ func multiChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.
 	}
 }
 
-func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logsLocation string, user string, username string, sessionID uint, newChan gossh.NewChannel) error {
+func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, sessConfig sessionConfig, user string, username string, sessionID uint, newChan gossh.NewChannel) error {
 	defer func() {
 		_ = lch.Close()
 		_ = rch.Close()
 	}()
 
 	errch := make(chan error, 1)
+	quit := make(chan string, 1)
 	channeltype := newChan.ChannelType()
 
-	filename := strings.Join([]string{logsLocation, "/", user, "-", username, "-", channeltype, "-", fmt.Sprint(sessionID), "-", time.Now().Format(time.RFC3339)}, "") // get user
-	f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0440)
-	defer func() {
-		_ = f.Close()
-	}()
-
-	if err != nil {
-		log.Fatalf("error: %v", err)
+	var logWriter io.WriteCloser = newDiscardWriteCloser()
+	if sessConfig.LoggingMode != "disabled" {
+		filename := filepath.Join(sessConfig.LogsLocation, fmt.Sprintf("%s-%s-%s-%d-%s", user, username, channeltype, sessionID, time.Now().Format(time.RFC3339)))
+		f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0440)
+		if err != nil {
+			return errors.Wrap(err, "open log file")
+		}
+		defer func() {
+			_ = f.Close()
+		}()
+		log.Printf("Session %v is recorded in %v", channeltype, filename)
+		logWriter = f
 	}
 
-	log.Printf("Session %v is recorded in %v", channeltype, filename)
 	if channeltype == "session" {
-		wrappedlch := logchannel.New(lch, f)
-		go func() {
-			_, _ = io.Copy(wrappedlch, rch)
-			errch <- errors.New("lch closed the connection")
-		}()
-
-		go func() {
-			_, _ = io.Copy(rch, lch)
-			errch <- errors.New("rch closed the connection")
-		}()
+		switch sessConfig.LoggingMode {
+		case "input":
+			wrappedrch := logchannel.New(rch, logWriter)
+			go func(quit chan string) {
+				_, _ = io.Copy(lch, rch)
+				quit <- "rch"
+			}(quit)
+			go func(quit chan string) {
+				_, _ = io.Copy(wrappedrch, lch)
+				quit <- "lch"
+			}(quit)
+		default: // everything, disabled
+			wrappedlch := logchannel.New(lch, logWriter)
+			go func(quit chan string) {
+				_, _ = io.Copy(wrappedlch, rch)
+				quit <- "rch"
+			}(quit)
+			go func(quit chan string) {
+				_, _ = io.Copy(rch, lch)
+				quit <- "lch"
+			}(quit)
+		}
 	}
 	if channeltype == "direct-tcpip" {
 		d := logTunnelForwardData{}
 		if err := gossh.Unmarshal(newChan.ExtraData(), &d); err != nil {
 			return err
 		}
-		wrappedlch := newLogTunnel(lch, f, d.SourceHost)
-		wrappedrch := newLogTunnel(rch, f, d.DestinationHost)
-		go func() {
+		wrappedlch := newLogTunnel(lch, logWriter, d.SourceHost)
+		wrappedrch := newLogTunnel(rch, logWriter, d.DestinationHost)
+		go func(quit chan string) {
 			_, _ = io.Copy(wrappedlch, rch)
-			errch <- errors.New("lch closed the connection")
-		}()
+			quit <- "rch"
+		}(quit)
 
-		go func() {
+		go func(quit chan string) {
 			_, _ = io.Copy(wrappedrch, lch)
-			errch <- errors.New("rch closed the connection")
-		}()
+			quit <- "lch"
+		}(quit)
 	}
 
-	for {
-		select {
-		case req := <-lreqs: // forward ssh requests from local to remote
-			if req == nil {
-				return nil
-			}
+	go func(quit chan string) {
+		for req := range lreqs {
 			b, err := rch.SendRequest(req.Type, req.WantReply, req.Payload)
 			if req.Type == "exec" {
-				wrappedlch := logchannel.New(lch, f)
+				wrappedlch := logchannel.New(lch, logWriter)
 				command := append(req.Payload, []byte("\n")...)
 				if _, err := wrappedlch.LogWrite(command); err != nil {
 					log.Printf("failed to write log: %v", err)
@@ -183,24 +197,68 @@ func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logsLocati
 			}
 
 			if err != nil {
-				return err
+				errch <- err
 			}
 			if err2 := req.Reply(b, nil); err2 != nil {
-				return err2
-			}
-		case req := <-rreqs: // forward ssh requests from remote to local
-			if req == nil {
-				return nil
+				errch <- err2
 			}
+		}
+		quit <- "lreqs"
+	}(quit)
+
+	go func(quit chan string) {
+		for req := range rreqs {
 			b, err := lch.SendRequest(req.Type, req.WantReply, req.Payload)
 			if err != nil {
-				return err
+				errch <- err
 			}
 			if err2 := req.Reply(b, nil); err2 != nil {
-				return err2
+				errch <- err2
 			}
+		}
+		quit <- "rreqs"
+	}(quit)
+
+	lchEOF, rchEOF, lchClosed, rchClosed := false, false, false, false
+	for {
+		select {
 		case err := <-errch:
 			return err
+		case q := <-quit:
+			switch q {
+			case "lch":
+				lchEOF = true
+				_ = rch.CloseWrite()
+			case "rch":
+				rchEOF = true
+				_ = lch.CloseWrite()
+			case "lreqs":
+				lchClosed = true
+			case "rreqs":
+				rchClosed = true
+			}
+
+			if lchEOF && lchClosed && !rchClosed {
+				rch.Close()
+			}
+
+			if rchEOF && rchClosed && !lchClosed {
+				lch.Close()
+			}
+
+			if lchEOF && rchEOF && lchClosed && rchClosed {
+				return nil
+			}
 		}
 	}
 }
+
+func newDiscardWriteCloser() io.WriteCloser { return &discardWriteCloser{ioutil.Discard} }
+
+type discardWriteCloser struct {
+	io.Writer
+}
+
+func (discardWriteCloser) Close() error {
+	return nil
+}

pkg/bastion/shell.go

@@ -14,10 +14,10 @@ import (
 
 	shlex "github.com/anmitsu/go-shlex"
 	"github.com/asaskevich/govalidator"
+	"github.com/docker/docker/pkg/namesgenerator"
 	humanize "github.com/dustin/go-humanize"
 	"github.com/gliderlabs/ssh"
 	"github.com/mgutz/ansi"
-	"github.com/moby/moby/pkg/namesgenerator"
 	"github.com/olekukonko/tablewriter"
 	"github.com/urfave/cli"
 	gossh "golang.org/x/crypto/ssh"
@@ -41,7 +41,7 @@ const (
 	naMessage = "n/a"
 )
 
-func shell(s ssh.Session, version, gitSha, gitTag, gitBranch string) error {
+func shell(s ssh.Session, version, gitSha, gitTag string) error {
 	var (
 		sshCommand = s.Command()
 		actx       = s.Context().Value(authContextKey).(*authContext)
@@ -67,6 +67,8 @@ GLOBAL OPTIONS:
 	app.Writer = s
 	app.HideVersion = true
 
+	dbmodels.InitValidator()
+
 	var (
 		myself = &actx.user
 		db     = actx.db
@@ -88,17 +90,31 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment", Usage: "Adds a comment"},
 						cli.StringFlag{Name: "action", Usage: "Assigns the ACL action (allow,deny)", Value: string(dbmodels.ACLActionAllow)},
 						cli.UintFlag{Name: "weight, w", Usage: "Assigns the ACL weight (priority)"},
+						cli.StringFlag{Name: "inception, i", Usage: "Assigns inception date-time"},
+						cli.StringFlag{Name: "expiration, e", Usage: "Assigns expiration date-time"},
 					},
 					Action: func(c *cli.Context) error {
 						if err := myself.CheckRoles([]string{"admin"}); err != nil {
 							return err
 						}
+
+						inception, err := parseOptionalTime(c.String("inception"))
+						if err != nil {
+							return err
+						}
+						expiration, err := parseOptionalTime(c.String("expiration"))
+						if err != nil {
+							return err
+						}
+
 						acl := dbmodels.ACL{
 							Comment:     c.String("comment"),
 							HostPattern: c.String("pattern"),
 							UserGroups:  []*dbmodels.UserGroup{},
 							HostGroups:  []*dbmodels.HostGroup{},
 							Weight:      c.Uint("weight"),
+							Inception:   inception,
+							Expiration:  expiration,
 							Action:      c.String("action"),
 						}
 						if acl.Action != string(dbmodels.ACLActionAllow) && acl.Action != string(dbmodels.ACLActionDeny) {
@@ -173,10 +189,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							acls = append(acls, &acl)
-						} else {
-							if err := query.Find(&acls).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&acls).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, acl := range acls {
@@ -186,7 +200,7 @@ GLOBAL OPTIONS:
 						}
 
 						table := tablewriter.NewWriter(s)
-						table.SetHeader([]string{"ID", "Weight", "User groups", "Host groups", "Host pattern", "Action", "Updated", "Created", "Comment"})
+						table.SetHeader([]string{"ID", "Weight", "User groups", "Host groups", "Host pattern", "Action", "Inception", "Expiration", "Updated", "Created", "Comment"})
 						table.SetBorder(false)
 						table.SetCaption(true, fmt.Sprintf("Total: %d ACLs.", len(acls)))
 						for _, acl := range acls {
@@ -199,6 +213,15 @@ GLOBAL OPTIONS:
 								hostGroups = append(hostGroups, entity.Name)
 							}
 
+							inception := ""
+							if acl.Inception != nil {
+								inception = acl.Inception.Format("2006-01-02 15:04 MST")
+							}
+							expiration := ""
+							if acl.Expiration != nil {
+								expiration = acl.Expiration.Format("2006-01-02 15:04 MST")
+							}
+
 							table.Append([]string{
 								fmt.Sprintf("%d", acl.ID),
 								fmt.Sprintf("%d", acl.Weight),
@@ -206,6 +229,8 @@ GLOBAL OPTIONS:
 								strings.Join(hostGroups, ", "),
 								acl.HostPattern,
 								acl.Action,
+								inception,
+								expiration,
 								humanize.Time(acl.UpdatedAt),
 								humanize.Time(acl.CreatedAt),
 								acl.Comment,
@@ -236,6 +261,10 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "action, a", Usage: "Update action"},
 						cli.StringFlag{Name: "pattern, p", Usage: "Update host-pattern"},
 						cli.UintFlag{Name: "weight, w", Usage: "Update weight"},
+						cli.StringFlag{Name: "inception, i", Usage: "Update inception date-time"},
+						cli.BoolFlag{Name: "unset-inception", Usage: "Unset inception date-time"},
+						cli.BoolFlag{Name: "unset-expiration", Usage: "Unset expiration date-time"},
+						cli.StringFlag{Name: "expiration, e", Usage: "Update expiration date-time"},
 						cli.StringFlag{Name: "comment, c", Usage: "Update comment"},
 						cli.StringSliceFlag{Name: "assign-usergroup, ug", Usage: "Assign the ACL to new `USERGROUPS`"},
 						cli.StringSliceFlag{Name: "unassign-usergroup", Usage: "Unassign the ACL from `USERGROUPS`"},
@@ -250,18 +279,29 @@ GLOBAL OPTIONS:
 							return err
 						}
 
-						var acls []dbmodels.ACL
+						var acls []*dbmodels.ACL
 						if err := dbmodels.ACLsByIdentifiers(db, c.Args()).Find(&acls).Error; err != nil {
 							return err
 						}
 
 						tx := db.Begin()
 						for _, acl := range acls {
-							model := tx.Model(&acl)
+							model := tx.Model(acl)
+							inception, err := parseOptionalTime(c.String("inception"))
+							if err != nil {
+								return err
+							}
+							expiration, err := parseOptionalTime(c.String("expiration"))
+							if err != nil {
+								return err
+							}
+
 							update := dbmodels.ACL{
 								Action:      c.String("action"),
 								HostPattern: c.String("pattern"),
 								Weight:      c.Uint("weight"),
+								Inception:   inception,
+								Expiration:  expiration,
 								Comment:     c.String("comment"),
 							}
 							if err := model.Updates(update).Error; err != nil {
@@ -269,6 +309,19 @@ GLOBAL OPTIONS:
 								return err
 							}
 
+							if c.Bool("unset-inception") {
+								if err := model.Update("inception", nil).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+							if c.Bool("unset-expiration") {
+								if err := model.Update("expiration", nil).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+
 							// associations
 							var appendUserGroups []dbmodels.UserGroup
 							var deleteUserGroups []dbmodels.UserGroup
@@ -477,6 +530,7 @@ GLOBAL OPTIONS:
 							}
 						}
 						for _, host := range config.Hosts {
+							host := host
 							crypto.HostDecrypt(actx.aesKey, host)
 							if !c.Bool("decrypt") {
 								if err := crypto.HostEncrypt(actx.aesKey, host); err != nil {
@@ -489,30 +543,35 @@ GLOBAL OPTIONS:
 							}
 						}
 						for _, user := range config.Users {
+							user := user
 							if err := tx.FirstOrCreate(&user).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, acl := range config.ACLs {
+							acl := acl
 							if err := tx.FirstOrCreate(&acl).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, hostGroup := range config.HostGroups {
+							hostGroup := hostGroup
 							if err := tx.FirstOrCreate(&hostGroup).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, userGroup := range config.UserGroups {
+							userGroup := userGroup
 							if err := tx.FirstOrCreate(&userGroup).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, sshKey := range config.SSHKeys {
+							sshKey := sshKey
 							crypto.SSHKeyDecrypt(actx.aesKey, sshKey)
 							if !c.Bool("decrypt") {
 								if err := crypto.SSHKeyEncrypt(actx.aesKey, sshKey); err != nil {
@@ -525,24 +584,28 @@ GLOBAL OPTIONS:
 							}
 						}
 						for _, userKey := range config.UserKeys {
+							userKey := userKey
 							if err := tx.FirstOrCreate(&userKey).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, setting := range config.Settings {
+							setting := setting
 							if err := tx.FirstOrCreate(&setting).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, session := range config.Sessions {
+							session := session
 							if err := tx.FirstOrCreate(&session).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, event := range config.Events {
+							event := event
 							if err := tx.FirstOrCreate(&event).Error; err != nil {
 								tx.Rollback()
 								return err
@@ -612,10 +675,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							events = append(events, event)
-						} else {
-							if err := query.Find(&events).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&events).Error; err != nil {
+							return err
 						}
 
 						if c.Bool("quiet") {
@@ -664,6 +725,7 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment, c"},
 						cli.StringFlag{Name: "key, k", Usage: "`KEY` to use for authentication"},
 						cli.StringFlag{Name: "hop, o", Usage: "Hop to use for connecting to the server"},
+						cli.StringFlag{Name: "logging, l", Usage: "Logging mode (disabled, input, everything)"},
 						cli.StringSliceFlag{Name: "group, g", Usage: "Assigns the host to `HOSTGROUPS` (default: \"default\")"},
 					},
 					Action: func(c *cli.Context) error {
@@ -706,6 +768,11 @@ GLOBAL OPTIONS:
 						if c.String("name") != "" {
 							host.Name = c.String("name")
 						}
+
+						host.Logging = "everything" // default is everything
+						if c.String("logging") != "" {
+							host.Logging = c.String("logging")
+						}
 						// FIXME: check if name already exists
 
 						if _, err := govalidator.ValidateStruct(host); err != nil {
@@ -799,10 +866,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							hosts = append(hosts, &host)
-						} else {
-							if err := query.Find(&hosts).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&hosts).Error; err != nil {
+							return err
 						}
 
 						if c.Bool("quiet") {
@@ -813,14 +878,14 @@ GLOBAL OPTIONS:
 						}
 
 						table := tablewriter.NewWriter(s)
-						table.SetHeader([]string{"ID", "Name", "URL", "Key", "Groups", "Updated", "Created", "Comment", "Hop"})
+						table.SetHeader([]string{"ID", "Name", "URL", "Key", "Groups", "Updated", "Created", "Comment", "Hop", "Logging"})
 						table.SetBorder(false)
 						table.SetCaption(true, fmt.Sprintf("Total: %d hosts.", len(hosts)))
 						for _, host := range hosts {
 							authKey := ""
 							if host.SSHKeyID > 0 {
 								var key dbmodels.SSHKey
-								db.Model(&host).Related(&key)
+								db.Model(host).Related(&key)
 								authKey = key.Name
 							}
 							groupNames := []string{}
@@ -830,7 +895,7 @@ GLOBAL OPTIONS:
 							var hop string
 							if host.HopID != 0 {
 								var hopHost dbmodels.Host
-								db.Model(&host).Related(&hopHost, "HopID")
+								db.Model(host).Related(&hopHost, "HopID")
 								hop = hopHost.Name
 							} else {
 								hop = ""
@@ -845,6 +910,7 @@ GLOBAL OPTIONS:
 								humanize.Time(host.CreatedAt),
 								host.Comment,
 								hop,
+								host.Logging,
 								//FIXME: add some stats about last access time etc
 							})
 						}
@@ -876,6 +942,7 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment, c", Usage: "Update/set a host comment"},
 						cli.StringFlag{Name: "key, k", Usage: "Link a `KEY` to use for authentication"},
 						cli.StringFlag{Name: "hop, o", Usage: "Change the hop to use for connecting to the server"},
+						cli.StringFlag{Name: "logging, l", Usage: "Logging mode (disabled, input, everything)"},
 						cli.BoolFlag{Name: "unset-hop", Usage: "Remove the hop set for this host"},
 						cli.StringSliceFlag{Name: "assign-group, g", Usage: "Assign the host to a new `HOSTGROUPS`"},
 						cli.StringSliceFlag{Name: "unassign-group", Usage: "Unassign the host from a `HOSTGROUPS`"},
@@ -900,6 +967,7 @@ GLOBAL OPTIONS:
 
 						tx := db.Begin()
 						for _, host := range hosts {
+							host := host
 							model := tx.Model(&host)
 							// simple fields
 							for _, fieldname := range []string{"name", "comment"} {
@@ -937,6 +1005,17 @@ GLOBAL OPTIONS:
 								}
 							}
 
+							// logging
+							if logging := c.String("logging"); logging != "" {
+								if !dbmodels.IsValidHostLoggingMode(logging) {
+									return fmt.Errorf("invalid host logging mode: %q", logging)
+								}
+								if err := model.Update("logging", logging).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+
 							// remove the hop
 							if c.Bool("unset-hop") {
 								var hopHost dbmodels.Host
@@ -1063,10 +1142,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							hostGroups = append(hostGroups, &hostGroup)
-						} else {
-							if err := query.Find(&hostGroups).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&hostGroups).Error; err != nil {
+							return err
 						}
 
 						if c.Bool("quiet") {
@@ -1127,7 +1204,7 @@ GLOBAL OPTIONS:
 							return err
 						}
 
-						var hostgroups []dbmodels.HostGroup
+						var hostgroups []*dbmodels.HostGroup
 						if err := dbmodels.HostGroupsByIdentifiers(db, c.Args()).Find(&hostgroups).Error; err != nil {
 							return err
 						}
@@ -1138,7 +1215,7 @@ GLOBAL OPTIONS:
 
 						tx := db.Begin()
 						for _, hostgroup := range hostgroups {
-							model := tx.Model(&hostgroup)
+							model := tx.Model(hostgroup)
 							// simple fields
 							for _, fieldname := range []string{"name", "comment"} {
 								if c.String(fieldname) != "" {
@@ -1180,9 +1257,9 @@ GLOBAL OPTIONS:
 				fmt.Fprintf(s, "User email: %s\n", myself.Email)
 				fmt.Fprintf(s, "Version: %s\n", version)
 				fmt.Fprintf(s, "GIT SHA: %s\n", gitSha)
-				fmt.Fprintf(s, "GIT Branch: %s\n", gitBranch)
 				fmt.Fprintf(s, "GIT Tag: %s\n", gitTag)
 
+				// FIXME: gormigrate version
 				// FIXME: add info about current server (network, cpu, ram, OS)
 				// FIXME: add info about current user
 				// FIXME: add active connections
@@ -1342,10 +1419,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							sshKeys = append(sshKeys, &sshKey)
-						} else {
-							if err := query.Find(&sshKeys).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&sshKeys).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, sshKey := range sshKeys {
@@ -1584,10 +1659,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							users = append(users, &user)
-						} else {
-							if err := query.Find(&users).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&users).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, user := range users {
@@ -1661,7 +1734,7 @@ GLOBAL OPTIONS:
 						}
 
 						// FIXME: check if unset-admin + user == myself
-						var users []dbmodels.User
+						var users []*dbmodels.User
 						if err := dbmodels.UsersByIdentifiers(db, c.Args()).Find(&users).Error; err != nil {
 							return err
 						}
@@ -1676,7 +1749,7 @@ GLOBAL OPTIONS:
 
 						tx := db.Begin()
 						for _, user := range users {
-							model := tx.Model(&user)
+							model := tx.Model(user)
 							// simple fields
 							for _, fieldname := range []string{"name", "email", "comment"} {
 								if c.String(fieldname) != "" {
@@ -1814,10 +1887,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							userGroups = append(userGroups, &userGroup)
-						} else {
-							if err := query.Find(&userGroups).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&userGroups).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, userGroup := range userGroups {
@@ -1877,7 +1948,7 @@ GLOBAL OPTIONS:
 							return err
 						}
 
-						var usergroups []dbmodels.UserGroup
+						var usergroups []*dbmodels.UserGroup
 						if err := dbmodels.UserGroupsByIdentifiers(db, c.Args()).Find(&usergroups).Error; err != nil {
 							return err
 						}
@@ -1888,7 +1959,7 @@ GLOBAL OPTIONS:
 
 						tx := db.Begin()
 						for _, usergroup := range usergroups {
-							model := tx.Model(&usergroup)
+							model := tx.Model(usergroup)
 							// simple fields
 							for _, fieldname := range []string{"name", "comment"} {
 								if c.String(fieldname) != "" {
@@ -2001,10 +2072,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							userKeys = append(userKeys, &userKey)
-						} else {
-							if err := query.Find(&userKeys).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&userKeys).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, userKey := range userKeys {
@@ -2112,7 +2181,6 @@ GLOBAL OPTIONS:
 
 							factor := 1
 							for len(sessions) >= limit*factor {
-
 								var additionnalSessions []*dbmodels.Session
 
 								offset = limit * factor
@@ -2247,3 +2315,14 @@ func parseInputURL(input string) (*url.URL, error) {
 	}
 	return u, nil
 }
+
+func parseOptionalTime(input string) (*time.Time, error) {
+	if input != "" {
+		parsed, err := time.ParseInLocation("2006-01-02 15:04", input, time.Local)
+		if err != nil {
+			return nil, err
+		}
+		return &parsed, nil
+	}
+	return nil, nil
+}

pkg/bastion/ssh.go

@@ -122,7 +122,8 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
 				sessionConfigs = append([]sessionConfig{{
 					Addr:         currentHost.DialAddr(),
 					ClientConfig: clientConfig,
-					Logs:         actx.logsLocation,
+					LogsLocation: actx.logsLocation,
+					LoggingMode:  currentHost.Logging,
 				}}, sessionConfigs...)
 				if currentHost.HopID != 0 {
 					var newHost dbmodels.Host
@@ -149,7 +150,7 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
 				return
 			}
 			go func() {
-				err = multiChannelHandler(srv, conn, newChan, ctx, sessionConfigs, sess.ID)
+				err = multiChannelHandler(conn, newChan, ctx, sessionConfigs, sess.ID)
 				if err != nil {
 					log.Printf("Error: %v", err)
 				}
@@ -160,8 +161,7 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
 					ErrMsg:    fmt.Sprintf("%v", err),
 					StoppedAt: &now,
 				}
-				switch sessUpdate.ErrMsg {
-				case "lch closed the connection", "rch closed the connection":
+				if err == nil {
 					sessUpdate.ErrMsg = ""
 				}
 				actx.db.Model(&sess).Updates(&sessUpdate)
@@ -205,13 +205,11 @@ func bastionClientConfig(ctx ssh.Context, host *dbmodels.Host) (*gossh.ClientCon
 	if err = actx.db.Preload("Groups").Preload("Groups.ACLs").Where("id = ?", host.ID).First(&tmpHost).Error; err != nil {
 		return nil, err
 	}
-	action, err2 := checkACLs(tmpUser, tmpHost)
-	if err2 != nil {
-		return nil, err2
-	}
 
+	action := checkACLs(tmpUser, tmpHost)
 	switch action {
 	case string(dbmodels.ACLActionAllow):
+		// do nothing
 	case string(dbmodels.ACLActionDeny):
 		return nil, fmt.Errorf("you don't have permission to that host")
 	default:
@@ -220,7 +218,7 @@ func bastionClientConfig(ctx ssh.Context, host *dbmodels.Host) (*gossh.ClientCon
 	return clientConfig, nil
 }
 
-func ShellHandler(s ssh.Session, version, gitSha, gitTag, gitBranch string) {
+func ShellHandler(s ssh.Session, version, gitSha, gitTag string) {
 	actx := s.Context().Value(authContextKey).(*authContext)
 	if actx.userType() != userTypeHealthcheck {
 		log.Printf("New connection(shell): sshUser=%q remote=%q local=%q command=%q dbUser=id:%d,email:%s", s.User(), s.RemoteAddr(), s.LocalAddr(), s.Command(), actx.user.ID, actx.user.Email)
@@ -241,7 +239,7 @@ func ShellHandler(s ssh.Session, version, gitSha, gitTag, gitBranch string) {
 		fmt.Fprintln(s, "OK")
 		return
 	case userTypeShell:
-		if err := shell(s, version, gitSha, gitTag, gitBranch); err != nil {
+		if err := shell(s, version, gitSha, gitTag); err != nil {
 			fmt.Fprintf(s, "error: %v\n", err)
 			_ = s.Exit(1)
 		}

pkg/dbmodels/dbmodels.go

@@ -5,12 +5,10 @@ import (
 	"fmt"
 	"log"
 	"net/url"
-	"regexp"
 	"strconv"
 	"strings"
 	"time"
 
-	"github.com/asaskevich/govalidator"
 	"github.com/jinzhu/gorm"
 	gossh "golang.org/x/crypto/ssh"
 )
@@ -40,12 +38,12 @@ type Setting struct {
 type SSHKey struct {
 	// FIXME: use uuid for ID
 	gorm.Model
-	Name        string  `valid:"required,length(1|32),unix_user"`
+	Name        string  `valid:"required,length(1|255),unix_user"`
 	Type        string  `valid:"required"`
 	Length      uint    `valid:"required"`
 	Fingerprint string  `valid:"optional"`
-	PrivKey     string  `sql:"size:10000" valid:"required"`
-	PubKey      string  `sql:"size:10000" valid:"optional"`
+	PrivKey     string  `sql:"size:5000" valid:"required"`
+	PubKey      string  `sql:"size:1000" valid:"optional"`
 	Hosts       []*Host `gorm:"ForeignKey:SSHKeyID"`
 	Comment     string  `valid:"optional"`
 }
@@ -53,16 +51,17 @@ type SSHKey struct {
 type Host struct {
 	// FIXME: use uuid for ID
 	gorm.Model
-	Name     string       `gorm:"size:32" valid:"required,length(1|32)"`
+	Name     string       `gorm:"size:255" valid:"required,length(1|255)"`
 	Addr     string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	User     string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	Password string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	URL      string       `valid:"optional"`
 	SSHKey   *SSHKey      `gorm:"ForeignKey:SSHKeyID"` // SSHKey used to connect by the client
 	SSHKeyID uint         `gorm:"index"`
-	HostKey  []byte       `sql:"size:10000" valid:"optional"`
+	HostKey  []byte       `sql:"size:1000" valid:"optional"`
 	Groups   []*HostGroup `gorm:"many2many:host_host_groups;"`
 	Comment  string       `valid:"optional"`
+	Logging  string       `valid:"optional,host_logging_mode"`
 	Hop      *Host
 	HopID    uint
 }
@@ -70,8 +69,8 @@ type Host struct {
 // UserKey defines a user public key used by sshportal to identify the user
 type UserKey struct {
 	gorm.Model
-	Key           []byte `sql:"size:10000" valid:"length(1|10000)"`
-	AuthorizedKey string `sql:"size:10000" valid:"required,length(1|10000)"`
+	Key           []byte `sql:"size:1000" valid:"length(1|1000)"`
+	AuthorizedKey string `sql:"size:1000" valid:"required,length(1|1000)"`
 	UserID        uint   ``
 	User          *User  `gorm:"ForeignKey:UserID"`
 	Comment       string `valid:"optional"`
@@ -79,7 +78,7 @@ type UserKey struct {
 
 type UserRole struct {
 	gorm.Model
-	Name  string  `valid:"required,length(1|32),unix_user"`
+	Name  string  `valid:"required,length(1|255),unix_user"`
 	Users []*User `gorm:"many2many:user_user_roles"`
 }
 
@@ -88,7 +87,7 @@ type User struct {
 	gorm.Model
 	Roles       []*UserRole  `gorm:"many2many:user_user_roles"`
 	Email       string       `valid:"required,email"`
-	Name        string       `valid:"required,length(1|32),unix_user"`
+	Name        string       `valid:"required,length(1|255),unix_user"`
 	Keys        []*UserKey   `gorm:"ForeignKey:UserID"`
 	Groups      []*UserGroup `gorm:"many2many:user_user_groups;"`
 	Comment     string       `valid:"optional"`
@@ -97,7 +96,7 @@ type User struct {
 
 type UserGroup struct {
 	gorm.Model
-	Name    string  `valid:"required,length(1|32),unix_user"`
+	Name    string  `valid:"required,length(1|255),unix_user"`
 	Users   []*User `gorm:"many2many:user_user_groups;"`
 	ACLs    []*ACL  `gorm:"many2many:user_group_acls;"`
 	Comment string  `valid:"optional"`
@@ -105,7 +104,7 @@ type UserGroup struct {
 
 type HostGroup struct {
 	gorm.Model
-	Name    string  `valid:"required,length(1|32),unix_user"`
+	Name    string  `valid:"required,length(1|255),unix_user"`
 	Hosts   []*Host `gorm:"many2many:host_host_groups;"`
 	ACLs    []*ACL  `gorm:"many2many:host_group_acls;"`
 	Comment string  `valid:"optional"`
@@ -119,6 +118,8 @@ type ACL struct {
 	Action      string       `valid:"required"`
 	Weight      uint         ``
 	Comment     string       `valid:"optional"`
+	Inception   *time.Time
+	Expiration  *time.Time
 }
 
 type Session struct {
@@ -166,18 +167,6 @@ const (
 	BastionSchemeTelnet BastionScheme = "telnet"
 )
 
-func init() {
-	unixUserRegexp := regexp.MustCompile("[a-z_][a-z0-9_-]*")
-
-	govalidator.CustomTypeTagMap.Set("unix_user", govalidator.CustomTypeValidator(func(i interface{}, context interface{}) bool {
-		name, ok := i.(string)
-		if !ok {
-			return false
-		}
-		return unixUserRegexp.MatchString(name)
-	}))
-}
-
 // Host helpers
 
 func (host *Host) DialAddr() string {

pkg/dbmodels/validator.go

@@ -0,0 +1,33 @@
+package dbmodels
+
+import (
+	"regexp"
+
+	"github.com/asaskevich/govalidator"
+)
+
+func InitValidator() {
+	unixUserRegexp := regexp.MustCompile("[a-z_][a-z0-9_-]*")
+
+	govalidator.CustomTypeTagMap.Set("unix_user", govalidator.CustomTypeValidator(func(i interface{}, context interface{}) bool {
+		name, ok := i.(string)
+		if !ok {
+			return false
+		}
+		return unixUserRegexp.MatchString(name)
+	}))
+	govalidator.CustomTypeTagMap.Set("host_logging_mode", govalidator.CustomTypeValidator(func(i interface{}, context interface{}) bool {
+		name, ok := i.(string)
+		if !ok {
+			return false
+		}
+		if name == "" {
+			return true
+		}
+		return IsValidHostLoggingMode(name)
+	}))
+}
+
+func IsValidHostLoggingMode(name string) bool {
+	return name == "disabled" || name == "input" || name == "everything"
+}

rules.mk

@@ -0,0 +1,321 @@
+# +--------------------------------------------------------------+
+# | * * *                moul.io/rules.mk                        |
+# +--------------------------------------------------------------+
+# |                                                              |
+# |     ++              ______________________________________   |
+# |     ++++           /                                      \  |
+# |      ++++          |                                      |  |
+# |    ++++++++++      |   https://moul.io/rules.mk is a set  |  |
+# |   +++       |      |   of common Makefile rules that can  |  |
+# |   ++         |     |   be configured from the Makefile    |  |
+# |   +  -==   ==|     |   or with environment variables.     |  |
+# |  (   <*>   <*>     |                                      |  |
+# |   |          |    /|                      Manfred Touron  |  |
+# |   |         _)   / |                        manfred.life  |  |
+# |   |      +++    /  \______________________________________/  |
+# |    \      =+   /                                             |
+# |     \      +                                                 |
+# |     |\++++++                                                 |
+# |     |  ++++      ||//                                        |
+# |  ___|   |___    _||/__                                     __|
+# | /    ---    \   \|  |||                   __ _  ___  __ __/ /|
+# |/  |       |  \    \ /                    /  ' \/ _ \/ // / / |
+# ||  |       |  |    | |                   /_/_/_/\___/\_,_/_/  |
+# +--------------------------------------------------------------+
+
+all: help
+
+##
+## Common helpers
+##
+
+rwildcard = $(foreach d,$(wildcard $1*),$(call rwildcard,$d/,$2) $(filter $(subst *,%,$2),$d))
+check-program = $(foreach exec,$(1),$(if $(shell PATH="$(PATH)" which $(exec)),,$(error "No $(exec) in PATH")))
+
+##
+## rules.mk
+##
+ifneq ($(wildcard rules.mk),)
+.PHONY: rulesmk.bumpdeps
+rulesmk.bumpdeps:
+	wget -O rules.mk https://raw.githubusercontent.com/moul/rules.mk/master/rules.mk
+BUMPDEPS_STEPS += rulesmk.bumpdeps
+endif
+
+##
+## Maintainer
+##
+
+ifneq ($(wildcard .git/HEAD),)
+.PHONY: generate.authors
+generate.authors: AUTHORS
+AUTHORS: .git/
+	echo "# This file lists all individuals having contributed content to the repository." > AUTHORS
+	echo "# For how it is generated, see 'https://github.com/moul/rules.mk'" >> AUTHORS
+	echo >> AUTHORS
+	git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf >> AUTHORS
+GENERATE_STEPS += generate.authors
+endif
+
+##
+## Golang
+##
+
+ifndef GOPKG
+ifneq ($(wildcard go.mod),)
+GOPKG = $(shell sed '/module/!d;s/^omdule\ //' go.mod)
+endif
+endif
+ifdef GOPKG
+GO ?= go
+GOPATH ?= $(HOME)/go
+GO_INSTALL_OPTS ?=
+GO_TEST_OPTS ?= -test.timeout=30s
+GOMOD_DIR ?= .
+GOCOVERAGE_FILE ?= ./coverage.txt
+GOTESTJSON_FILE ?= ./go-test.json
+GOBUILDLOG_FILE ?= ./go-build.log
+GOINSTALLLOG_FILE ?= ./go-install.log
+
+ifdef GOBINS
+.PHONY: go.install
+go.install:
+ifeq ($(CI),true)
+	@rm -f /tmp/goinstall.log
+	@set -e; for dir in $(GOBINS); do ( set -xe; \
+	  cd $$dir; \
+	  $(GO) install -v $(GO_INSTALL_OPTS) .; \
+	); done 2>&1 | tee $(GOINSTALLLOG_FILE)
+
+else
+	@set -e; for dir in $(GOBINS); do ( set -xe; \
+	  cd $$dir; \
+	  $(GO) install $(GO_INSTALL_OPTS) .; \
+	); done
+endif
+INSTALL_STEPS += go.install
+
+.PHONY: go.release
+go.release:
+	$(call check-program, goreleaser)
+	goreleaser --snapshot --skip-publish --rm-dist
+	@echo -n "Do you want to release? [y/N] " && read ans && \
+	  if [ $${ans:-N} = y ]; then set -xe; goreleaser --rm-dist; fi
+RELEASE_STEPS += go.release
+endif
+
+.PHONY: go.unittest
+go.unittest:
+ifeq ($(CI),true)
+	@echo "mode: atomic" > /tmp/gocoverage
+	@rm -f $(GOTESTJSON_FILE)
+	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do (set -e; (set -euf pipefail; \
+	    cd $$dir; \
+	    ($(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race -json | tee -a $(GOTESTJSON_FILE) 3>&1 1>&2 2>&3 | tee -a $(GOBUILDLOG_FILE); \
+	  ); \
+	  if [ -f /tmp/profile.out ]; then \
+	    cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
+	    rm -f /tmp/profile.out; \
+	  fi)); done
+	@mv /tmp/gocoverage $(GOCOVERAGE_FILE)
+else
+	@echo "mode: atomic" > /tmp/gocoverage
+	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do (set -e; (set -xe; \
+	  cd $$dir; \
+	  $(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race); \
+	  if [ -f /tmp/profile.out ]; then \
+	    cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
+	    rm -f /tmp/profile.out; \
+	  fi); done
+	@mv /tmp/gocoverage $(GOCOVERAGE_FILE)
+endif
+
+.PHONY: go.checkdoc
+go.checkdoc:
+	go doc $(GOMOD_DIR)
+
+.PHONY: go.coverfunc
+go.coverfunc: go.unittest
+	go tool cover -func=$(GOCOVERAGE_FILE) | grep -v .pb.go: | grep -v .pb.gw.go:
+
+.PHONY: go.lint
+go.lint:
+	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	  cd $$dir; \
+	  golangci-lint run --verbose ./...; \
+	); done
+
+.PHONY: go.tidy
+go.tidy:
+	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	  cd $$dir; \
+	  $(GO)	mod tidy; \
+	); done
+
+.PHONY: go.build
+go.build:
+	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	  cd $$dir; \
+	  $(GO)	build ./...; \
+	); done
+
+.PHONY: go.bump-deps
+go.bumpdeps:
+	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	  cd $$dir; \
+	  $(GO)	get -u ./...; \
+	); done
+
+.PHONY: go.bump-deps
+go.fmt:
+	if ! command -v goimports &>/dev/null; then GO111MODULE=off go get golang.org/x/tools/cmd/goimports; fi
+	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	  cd $$dir; \
+	  goimports -w `go list -f '{{.Dir}}' ./...)` \
+	); done
+
+BUILD_STEPS += go.build
+BUMPDEPS_STEPS += go.bumpdeps
+TIDY_STEPS += go.tidy
+LINT_STEPS += go.lint
+UNITTEST_STEPS += go.unittest
+FMT_STEPS += go.fmt
+endif
+
+##
+## Gitattributes
+##
+
+ifneq ($(wildcard .gitattributes),)
+.PHONY: _linguist-ignored
+_linguist-kept:
+	@git check-attr linguist-vendored $(shell git check-attr linguist-generated $(shell find . -type f | grep -v .git/) | grep unspecified | cut -d: -f1) | grep unspecified | cut -d: -f1 | sort
+
+.PHONY: _linguist-kept
+_linguist-ignored:
+	@git check-attr linguist-vendored linguist-ignored `find . -not -path './.git/*' -type f` | grep '\ set$$' | cut -d: -f1 | sort -u
+endif
+
+##
+## Node
+##
+
+ifndef NPM_PACKAGES
+ifneq ($(wildcard package.json),)
+NPM_PACKAGES = .
+endif
+endif
+ifdef NPM_PACKAGES
+.PHONY: npm.publish
+npm.publish:
+	@echo -n "Do you want to npm publish? [y/N] " && read ans && \
+	@if [ $${ans:-N} = y ]; then \
+	  set -e; for dir in $(NPM_PACKAGES); do ( set -xe; \
+	    cd $$dir; \
+	    npm publish --access=public; \
+	  ); done; \
+	fi
+RELEASE_STEPS += npm.publish
+endif
+
+##
+## Docker
+##
+
+docker_build = 	docker build \
+	  --build-arg VCS_REF=`git rev-parse --short HEAD` \
+	  --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
+	  --build-arg VERSION=`git describe --tags --always` \
+	  -t "$2" -f "$1" "$(dir $1)"
+
+ifndef DOCKERFILE_PATH
+DOCKERFILE_PATH = ./Dockerfile
+endif
+ifndef DOCKER_IMAGE
+ifneq ($(wildcard Dockerfile),)
+DOCKER_IMAGE = $(notdir $(PWD))
+endif
+endif
+ifdef DOCKER_IMAGE
+ifneq ($(DOCKER_IMAGE),none)
+.PHONY: docker.build
+docker.build:
+	$(call check-program, docker)
+	$(call docker_build,$(DOCKERFILE_PATH),$(DOCKER_IMAGE))
+
+BUILD_STEPS += docker.build
+endif
+endif
+
+##
+## Common
+##
+
+TEST_STEPS += $(UNITTEST_STEPS)
+TEST_STEPS += $(LINT_STEPS)
+TEST_STEPS += $(TIDY_STEPS)
+
+ifneq ($(strip $(TEST_STEPS)),)
+.PHONY: test
+test: $(PRE_TEST_STEPS) $(TEST_STEPS)
+endif
+
+ifdef INSTALL_STEPS
+.PHONY: install
+install: $(PRE_INSTALL_STEPS) $(INSTALL_STEPS)
+endif
+
+ifdef UNITTEST_STEPS
+.PHONY: unittest
+unittest: $(PRE_UNITTEST_STEPS) $(UNITTEST_STEPS)
+endif
+
+ifdef LINT_STEPS
+.PHONY: lint
+lint: $(PRE_LINT_STEPS) $(FMT_STEPS) $(LINT_STEPS)
+endif
+
+ifdef TIDY_STEPS
+.PHONY: tidy
+tidy: $(PRE_TIDY_STEPS) $(TIDY_STEPS)
+endif
+
+ifdef BUILD_STEPS
+.PHONY: build
+build: $(PRE_BUILD_STEPS) $(BUILD_STEPS)
+endif
+
+ifdef RELEASE_STEPS
+.PHONY: release
+release: $(PRE_RELEASE_STEPS) $(RELEASE_STEPS)
+endif
+
+ifdef BUMPDEPS_STEPS
+.PHONY: bumpdeps
+bumpdeps: $(PRE_BUMDEPS_STEPS) $(BUMPDEPS_STEPS)
+endif
+
+ifdef FMT_STEPS
+.PHONY: fmt
+fmt: $(PRE_FMT_STEPS) $(FMT_STEPS)
+endif
+
+ifdef GENERATE_STEPS
+.PHONY: generate
+generate: $(PRE_GENERATE_STEPS) $(GENERATE_STEPS)
+endif
+
+.PHONY: help
+help::
+	@echo "General commands:"
+	@[ "$(BUILD_STEPS)" != "" ]     && echo "  build"     || true
+	@[ "$(BUMPDEPS_STEPS)" != "" ]  && echo "  bumpdeps"  || true
+	@[ "$(FMT_STEPS)" != "" ]       && echo "  fmt"       || true
+	@[ "$(GENERATE_STEPS)" != "" ]  && echo "  generate"  || true
+	@[ "$(INSTALL_STEPS)" != "" ]   && echo "  install"   || true
+	@[ "$(LINT_STEPS)" != "" ]      && echo "  lint"      || true
+	@[ "$(RELEASE_STEPS)" != "" ]   && echo "  release"   || true
+	@[ "$(TEST_STEPS)" != "" ]      && echo "  test"      || true
+	@[ "$(TIDY_STEPS)" != "" ]      && echo "  tidy"      || true
+	@[ "$(UNITTEST_STEPS)" != "" ]  && echo "  unittest"  || true
+	@# FIXME: list other commands

server.go

@@ -89,8 +89,8 @@ func server(c *serverConfig) (err error) {
 	// configure server
 	srv := &ssh.Server{
 		Addr:    c.bindAddr,
-		Handler: func(s ssh.Session) { bastion.ShellHandler(s, Version, GitSha, GitTag, GitBranch) }, // ssh.Server.Handler is the handler for the DefaultSessionHandler
-		Version: fmt.Sprintf("sshportal-%s", Version),
+		Handler: func(s ssh.Session) { bastion.ShellHandler(s, GitTag, GitSha, GitTag) }, // ssh.Server.Handler is the handler for the DefaultSessionHandler
+		Version: fmt.Sprintf("sshportal-%s", GitTag),
 		ChannelHandlers: map[string]ssh.ChannelHandler{
 			"default": bastion.ChannelHandler,
 		},

testserver_unsupported.go

@@ -0,0 +1,14 @@
+// +build windows
+
+package main
+
+import (
+	"fmt"
+
+	"github.com/urfave/cli"
+)
+
+// testServer is an hidden handler used for integration tests
+func testServer(c *cli.Context) error {
+	return fmt.Errorf("not available on windows")
+}