blessclient

command module

v0.2.0 Latest Latest Go to latest Published: Sep 26, 2018 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chanzuckerberg/blessclient

Links

Open Source Insights

README ¶

blessclient

Please note: If you believe you have found a security issue, please responsibly disclose by contacting us at security@chanzuckerberg.com.

Inspiration for this project comes from lyft/python-blessclient. We decided to write in Go because it is much easier to distribute a statically linked binary to a large team than having to deal with python environments. Some features from lyft/python-blessclient are currently missing but will be added over time while others are purposefully excluded.

Install

Mac

You can use homebrew -

brew tap chanzuckerberg/tap
brew install blessclient

Linux, Windows, etc...

Binaries are available on the releases page. Download one for your architecture, put it in your path and make it executable.

Usage

Config

By default, blessclient looks for configs in ~/.blessclient/config.yml. You can always override this blessclient run -c /my/new/config.yml Some more information on the config can be found here.

Init

blessclient init will ask you some questions in order to assemble some basic configuration.

Import-config

Alternatively, you can also use pre-generated config files.

blessclient import-config http://github.com/..../teamA_blessclient.yml

This command uses go-getter to fetch a config and thus supports any source that go-getter supports.

Run

Once you have configured blessclient, running is as simple as blessclient run. If needed, this command will fetch a new certificate. We do a fair amount of caching to avoid round-trips to the Bless lambda.

.ssh/config

This is the nice part about blessclient - in general, you can write an ssh config to transparently use blessclient. scp, rsync, etc should all be compatible!

Such an ssh config could look like:

Match OriginalHost bastion.foo.com exec "blessclient run"
  IdentityFile ~/.ssh/id_rsa

Host 10.0.*
  ProxyJump bastion.foo.com
  User czi-admin

Host bastion.foo.com
  User czi-admin

This ssh config does a couple of interesting things -

It transparently requests an ssh certificate if needed
It transparently does a ProxyJump through a bastion host (assuming 10.0.* is an ipblock for machines behind the bastion)

Telemetry

There currently is some basic trace instrumentation using honeycomb. We use this internally to track usage, gather performance statistics, and error reporting. Telemetry is disabled without a honeycomb write key - which you must provide through the config.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
_bin
coverage From https://raw.githubusercontent.com/blend/go-sdk/master/_bin/coverage/main.go	From https://raw.githubusercontent.com/blend/go-sdk/master/_bin/coverage/main.go
cmd
pkg
bless
config
errs
ssh
telemetry
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL