internal

package
v0.0.0-...-cefa5c2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 8, 2023 License: MIT Imports: 41 Imported by: 0

Documentation

Overview

Package internal contains internal implementation details of the server and proxy

Index

Constants

View Source 
const (
	// DefaultDebugMode is the default debug mode
	DefaultDebugMode = false

	// DefaultDataDir is the default data directory for storage
	DefaultDataDir = "./data"

	// DefaultDockerURL is the default Docker URL to proxy to
	DefaultDockerURL = "unix:///var/run/docker.sock"

	// DefaultProxyAddr is the default [int]:<port> to bind the proxy to
	DefaultProxyAddr = "0.0.0.0:2376"

	// DefaultSSHAddr is the default [int]:<port> to bind the ssh server to
	DefaultSSHAddr = "0.0.0.0:2222"

	// DefaultServiceFQDN is the default fully qualified hostname for the proxy
	DefaultServiceFQDN = "localhost"

	// DefaultServiceName is the default friendly name for the proxy
	DefaultServiceName = "localhost"
)

Variables

View Source 
var (
	// Version is the tagged release version in the form <major>.<minor>.<patch>
	// following semantic versioning and is overwritten by the build system.
	Version = defaultVersion

	// Commit is the commit sha of the build (normally from Git) and is overwritten
	// by the build system.
	Commit = defaultCommit

	// Build is the date and time of the build as an RFC3339 formatted string
	// and is overwritten by the build system.
	Build = defaultBuild
)

Functions

func AddUser 

func AddUser(args []string, user string, w io.Writer) error

AddUser adds a new user

func FullVersion 

func FullVersion() string

FullVersion display the full version and build

func Help 

func Help(args []string, user string, w io.Writer) error

Help display help about the service

func NewChainInterceptor 

func NewChainInterceptor(interceptor ...proxy.Interceptor) proxy.Interceptor

NewChainInterceptor returns a new instance of the ChainInterceptor with the provided interceptors.

func SetupCerts 

func SetupCerts(dataDir, serviceAddr, serviceName string) error

SetupCerts ensures that the CA and Proxy certificates exists, if not creates them

func Who 

func Who(args []string, user string, w io.Writer) error

Who displays the current user accessing the service

Types

type AuthHandler 

type AuthHandler ssh.PublicKeyHandler

AuthHandler is an alias for ssh.PublicKeyHandler

func AuthorizedKeysAuthHandler 

func AuthorizedKeysAuthHandler(keys []ssh.PublicKey) AuthHandler

AuthorizedKeysAuthHandler authenticates SSH sessions by the provided Public SSH keys

func MultiAuthHandler 

func MultiAuthHandler(authz ...AuthHandler) AuthHandler

MultiAuthHandler authenticates SSH sessions with multiple authentication methods (in order) The first authentication method to succeed successfully authenticates the User

func NoAuthHandler 

func NoAuthHandler() AuthHandler

NoAuthHandler denies all SSH sessions

func RemoteAuthHandler 

func RemoteAuthHandler(url string) AuthHandler

RemoteAuthHandler authenticates SSH sessions by fetching Public SSH keys from the provided URL in the form: https://domain/path/%s where %s is replaced with the Username

type AuthInterceptor 

type AuthInterceptor struct{}

AuthInterceptor enforces mutual TLS authentication and verification

func (*AuthInterceptor) Intercept 

func (i *AuthInterceptor) Intercept(req *http.Request, upstream http.Handler) http.Handler

Intercept implements the Interceptor interface

type ChainInterceptor 

type ChainInterceptor struct {
	Interceptors []proxy.Interceptor
}

ChainInterceptor is an interceptor that chains multiple interceptors together returning the first non-nil implementation. If all interceptors are exhausted, then the upstream is returned.

func (*ChainInterceptor) Intercept 

func (i *ChainInterceptor) Intercept(req *http.Request, upstream http.Handler) http.Handler

Intercept implements the proxy.Interceptor interface

type CommandHandler 

type CommandHandler func([]string, string, io.Writer) error

CommandHandler is a function type for handling custom SSH commands

type Config 

type Config struct {
	DebugMode bool

	DataDir   string
	DockerURL string
	ProxyAddr string
	SSHAddr   string

	ServiceFQDN string
	ServiceName string
}

Config contains the server configuration parameters

func NewConfig 

func NewConfig() *Config

NewConfig creates a new default configuration

type InfoInterceptor 

type InfoInterceptor struct {
	Docker *client.Client
}

InfoInterceptor intercepts /info (docker info) requests and hides sensitive information about the host(s)

func (*InfoInterceptor) Intercept 

func (i *InfoInterceptor) Intercept(req *http.Request, upstream http.Handler) http.Handler

Intercept implements the Interceptor interface

type Option 

type Option func(*Config) error

Option is a function that takes a config struct and modifies it

func WithDataDir 

func WithDataDir(dataDir string) Option

WithDataDir sets the data directory to use for storage

func WithDebugMode 

func WithDebugMode(debug bool) Option

WithDebugMode sets the debug mode flag

func WithDockerURL 

func WithDockerURL(dockerURL string) Option

WithDockerURL sets the Docker URL to proxy to

func WithProxyAddr 

func WithProxyAddr(proxyAddr string) Option

WithProxyAddr sets the [int]:<port> to bind the proxy to

func WithSSHAddr 

func WithSSHAddr(sshAddr string) Option

WithSSHAddr sets the [int]:<port> to bind the ssh server to

func WithServiceFQDN 

func WithServiceFQDN(serviceFQDN string) Option

WithServiceFQDN sets the fully qualified hostname of the proxy

func WithServiceName 

func WithServiceName(serviceName string) Option

WithServiceName sets the friendly name for the proxy

type ReadOnlyInterceptor 

type ReadOnlyInterceptor struct{}

ReadOnlyInterceptor returns an error for any request that make modifications (writes)

func (*ReadOnlyInterceptor) Intercept 

func (i *ReadOnlyInterceptor) Intercept(req *http.Request, upstream http.Handler) http.Handler

Intercept implements the Interceptor interface

type RulesInterceptor 

type RulesInterceptor struct {
	Docker *client.Client

	AllowBinds []string

	// AllowEmpty if true allows access to resources with no owner label
	AllowEmpty bool

	// ContainerMemory sets default container memory it not specified
	ContainerMemory uint64

	// ContainerCPUPeriod sets the scheduled period in ms for the CFS scheduler to limit CPU resources to containers
	ContainerCPUPeriod int

	// ContainerCPUQuota sets the amount of time in ms of the period the container is allowed to ouse.
	// period=100000 quota=50000 is equivalent to 0.5 Cores
	// period=100000 quota=100000 is equivalent to 1.0 Cores
	// period=100000 quota=150000 is equivalent to 1.5 Cores
	ContainerCPUQuota int

	// PublicNetworks is a list of publicly accessible networks that users are allowed to connect containers to
	PublicNetworks []string

	// User sets the default user if not specified and prevents the use of the root user
	User string

	// TODO: Document and test these...
	AllowHostModeNetworking   bool
	ContainerCgroupParent     string
	ContainerDockerLink       string
	ContainerJoinNetwork      string
	ContainerJoinNetworkAlias string
}

RulesInterceptor interests requests and applies a set of rules

func (*RulesInterceptor) Intercept 

func (i *RulesInterceptor) Intercept(req *http.Request, upstream http.Handler) http.Handler

Intercept implements the Interceptor interface

type SSHServer 

type SSHServer struct {
	// contains filtered or unexported fields
}

SSHServer components

func NewSSHServer 

func NewSSHServer(bind string, opts ...SSHServerOption) (*SSHServer, error)

NewSSHServer builds a new SSH server binding it to the specified interface and port in bind and configuring it with the provided options for authentication host key path

func (*SSHServer) Run 

func (s *SSHServer) Run(ctx context.Context) (err error)

Run runs the ssh server until the context is done and returns an error if any error occurred

type SSHServerOption 

type SSHServerOption func(*SSHServer) error

SSHServerOption is a function type foe configuring SSH Server options

func WithAuthHandler 

func WithAuthHandler(auth AuthHandler) SSHServerOption

WithAuthHandler authenticates SSH sessions with the provider AuthHandler

func WithAuthorizedKeysAuth 

func WithAuthorizedKeysAuth(fn string) SSHServerOption

WithAuthorizedKeysAuth authenticates SSH sessions with the provided authorized_keys file

func WithGithubAuth 

func WithGithubAuth() SSHServerOption

WithGithubAuth authenticates SSH sessions by looking up Github Public SSH Keys of matching Users

func WithHostKeyFile 

func WithHostKeyFile(fn string) SSHServerOption

WithHostKeyFile sets the SSH Server's Host Key filename

func WithRemoteAuth 

func WithRemoteAuth(url string) SSHServerOption

WithRemoteAuth authenticates SSH sessions with remote authentication

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server components

func NewServer 

func NewServer(options ...Option) (*Server, error)

NewServer constructs a new server with the configured options

func (*Server) Run 

func (s *Server) Run(ctx context.Context) error

Run runs the server until the context is cancelled

type Setup 

type Setup struct {
	CA      string
	Key     string
	Cert    string
	Addr    string
	Port    string
	Service string
}

Setup holds a newly created client setup details for templating out a setup script

func CreateClient 

func CreateClient(dataDir, serviceAddr, servicePort, serviceName, username string) (Setup, error)

CreateClient creates a new client certificate

Source Files

View all Source files

Directories

Path Synopsis
Package cli implements the command-line interface for Docker Proxy
 Package cli implements the command-line interface for Docker Proxy

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.