This plugin allows teams to review commands before execution or allows time-based sessions.
Users who belong to an approval group can approve or revoke commands. A command is only executed when all groups are approved.
Time-Based Sessions (JIT)
When a connection is enabled, the user can interact with the connection based on the requested time.
The command below asks for a 10 minutes access to the connection
bash
shell$ hoop connect bash --duration 10m ⣷ waiting session to be approved at https://use.hoop.dev/plugins/reviews/73a28154-58...
After approval, the user could connect again without prompting for review for 10 minutes.
A JIT review could be revoked.
One Time
It will ask for a review every time a command is issued.
shell$ hoop exec bash -i 'ls -l' ⣷ waiting session to be approved at https://use.hoop.dev/plugins/reviews/73a28154-58...
Configuring
Create the review plugin associated with the connection bash. Configure the approval groups
sre
and devops
shellhoop admin create connection bash -a default -- bash hoop admin create plugin review --overwrite --connection 'bash:sre;devops'
Create a connection and associate to the existing plugin review
shellhoop admin create connection bash --overwrite -a default --plugin 'review:sre;devops' -- bash
Information Available
- User ID
- Connection Name
- Command / Input
- Approval Groups
- Status