Documentation
¶
Index ¶
- Constants
- type Bastion
- type ClientConfig
- type Config
- func (c *Config) GetAWSUsername(ctx context.Context, awsClient *cziAWS.Client) (string, error)
- func (c *Config) GetKMSAuthCachePath(region string) (string, error)
- func (c *Config) GetOktaMFADevice() string
- func (c *Config) GetRemoteUsers(ctx context.Context, username string) []string
- func (c *Config) Persist() error
- func (c *Config) SetAWSUsernameIfMissing(ctx context.Context, awsClient *cziAWS.Client) error
- type Duration
- type Honeycomb
- type Host
- type LambdaConfig
- type OktaConfig
- type Region
- type SSHConfig
- type Telemetry
Constants ¶
View Source
const ( // DefaultConfigFile is the default file where blessclient will look for its config DefaultConfigFile = "~/.blessclient/config.yml" // DefaultSSHPrivateKey is a path to where users usually keep an ssh key DefaultSSHPrivateKey = "~/.ssh/id_ed25519" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Bastion ¶
type Bastion struct {
Host `yaml:",inline"`
Hosts []Host `yaml:"hosts"`
IdentityFile string `yaml:"identity_file"`
User string `yaml:"user"`
}
Bastion is an internet accessibly server used to "jump" to other servers
type ClientConfig ¶
type ClientConfig struct {
// ConfigFile is the path to blessclient config file
ConfigFile string
// AWSUserProfile is an aws profile that references a user (not a role)
// leaving this empty typically means use `default` profile
AWSUserProfile string ` yaml:"aws_user_profile"`
// AWSUserName is your AWS username
AWSUserName *string ` yaml:"aws_username,omitempty"`
// Path to your ssh private key
SSHPrivateKey string `yaml:"ssh_private_key"`
UpdateSSHAgent bool `yaml:"update_ssh_agent"`
// cert related
CertLifetime Duration `yaml:"cert_lifetime,inline"`
// ask bless to sign for these remote users
RemoteUsers []string `yaml:"remote_users"`
// bless calls these bastion ips - your source ip. 0.0.0.0/0 is all
BastionIPS []string `yaml:"bastion_ips"`
}
ClientConfig is the client config
type Config ¶
type Config struct {
// Version versions this config
Version int `yaml:"version"`
// ClientConfig is config for blessclient
ClientConfig ClientConfig `yaml:"client_config"`
// LambdaConfig holds configuration around the bless lambda
LambdaConfig LambdaConfig `yaml:"lambda_config"`
// OktaConfig holds configuration around aws-okta settings
OktaConfig *OktaConfig `yaml:"okta_config,omitempty"`
// For convenience, you can bundle an ~/.ssh/config template here
SSHConfig *SSHConfig `yaml:"ssh_config,omitempty"`
// Telemetry does telemetry
Telemetry Telemetry `yaml:"telemetry,omitempty"`
}
Config is a blessclient config
func DefaultConfig ¶
DefaultConfig generates a config with some defaults
func (*Config) GetAWSUsername ¶ added in v0.2.5
GetAWSUsername gets the caller's aws username for kmsauth
func (*Config) GetKMSAuthCachePath ¶ added in v0.0.6
GetKMSAuthCachePath gets a path to kmsauth cache file kmsauth is regional
func (*Config) GetOktaMFADevice ¶ added in v0.3.8
GetOktaMFADevice gets the user's designated MFA device, defaulting to "phone1" (phone-based MFA).
func (*Config) GetRemoteUsers ¶ added in v0.3.3
GetRemoteUsers gets the list of remote usernames, defaulting to the provided username if the list of configured remote users is empty.
type Duration ¶
Duration is a wrapper around Duration to marshal/unmarshal
func (Duration) AsDuration ¶
AsDuration returns as duration
type Honeycomb ¶ added in v0.2.0
type Honeycomb struct {
WriteKey string `yaml:"write_key,omitempty"`
Dataset string `yaml:"dataset,omitempty"`
// SecretManagerARN is a secret that holds the honeycomb write key
SecretManagerARN string `yaml:"secret_manager_arn,omitempty"`
}
Honeycomb telemetry configuration
type Host ¶
type Host struct {
Pattern string `yaml:"pattern"`
}
Host represents a Host block in an ssh config
type LambdaConfig ¶
type LambdaConfig struct {
// RoleARN used to assume and invoke bless lambda
RoleARN *string `yaml:"role_arn,omitempty"`
// Bless lambda function name
FunctionName string `yaml:"function_name"`
// Bless lambda function version (lambda alias or version qualifier)
FunctionVersion *string `yaml:"function_version,omitempty"`
// bless lambda regions
Regions []Region `yaml:"regions,omitempty"`
}
LambdaConfig is the lambda config
type OktaConfig ¶ added in v0.3.4
type OktaConfig struct {
Domain string `yaml:"domain"`
Organization string `yaml:"organization"`
Profile string `yaml:"profile"`
MFADevice *string `yaml:"mfa_device,omitempty"`
KeyringKeyID *string `yaml:"keyring_key_id,omitempty"`
}
OktaConfig is the Okta config
type Region ¶
type Region struct {
// name of the aws region (us-west-2)
AWSRegion string `yaml:"aws_region"`
// region specific kms key id (not arn) of the key used for kmsauth
KMSAuthKeyID string `yaml:"kms_auth_key_id"`
}
Region is an aws region that contains an aws lambda
Source Files
Click to show internal directories.
Click to hide internal directories.