config

package
v0.0.0-...-f45b532 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 24, 2024 License: MIT Imports: 3 Imported by: 0

Documentation

Overview

Package config provides an example implementation of the tacquito.ConfigProvider interface.

Index

Constants

This section is empty.

Variables

View Source
var (
	// DENY is for Cmd actions
	DENY Action = 1
	// PERMIT is for Cmd actions
	PERMIT Action = 2

	// BCRYPT is for Authenticators
	BCRYPT AuthenticatorType = 1

	// SHA512 is for Authenticators
	SHA512 AuthenticatorType = 2

	// STDERR is for Logger
	STDERR AccounterType = 1
	// SYSLOG is for Logger
	SYSLOG AccounterType = 2
	// FILE is for writng logs to local files
	FILE AccounterType = 3
)
View Source
var (
	// PREFIX matches net.Conn.RemAddr addresses to a SecretConfig
	PREFIX ProviderType = 1
	// DNS matches a hostname that is resolved from net.Conn.RemAddr
	DNS ProviderType = 2

	// START is a handler to use for incoming connections
	START HandlerType = 1
	// SPAN is to be used when you wish to replicate packets of a connection
	// to another host(a development server for example) for inspection/debugging
	SPAN HandlerType = 2
)

Functions

This section is empty.

Types

type AAA

type AAA struct {
	User

	Authenticate tq.Handler
	Authorizer   tq.Handler
	Accounting   tq.Handler
	// contains filtered or unexported fields
}

AAA is a user level aaa handler grouping that will provide default behaviors for each user if the corresponding A is not injected during loader runs

func NewAAA

func NewAAA(opts ...AAAOption) *AAA

NewAAA creates a user scope aaa handler grouping

type AAAOption

type AAAOption func(a *AAA)

AAAOption ...

func SetAAAAccounter

func SetAAAAccounter(h tq.Handler) AAAOption

SetAAAAccounter sets the accounter

func SetAAAAuthenticator

func SetAAAAuthenticator(h tq.Handler) AAAOption

SetAAAAuthenticator sets the authenticator

func SetAAAAuthorizer

func SetAAAAuthorizer(h tq.Handler) AAAOption

SetAAAAuthorizer sets the authorizer

func SetAAALogger

func SetAAALogger(l loggerProvider) AAAOption

SetAAALogger sets the logging backend

func SetAAAUser

func SetAAAUser(u User) AAAOption

SetAAAUser creats a scoped config for user

type Accounter

type Accounter struct {
	Name    string            `yaml:"name" json:"name"`
	Type    AccounterType     `yaml:"type" json:"type"`
	Options map[string]string `yaml:"options" json:"options"`
}

Accounter represents the accounting backend resonsible for logging accounting activities.

type AccounterType

type AccounterType int

AccounterType ...

type Action

type Action int

Action ...

type Authenticator

type Authenticator struct {
	Type    AuthenticatorType `yaml:"type" json:"type"`
	Options map[string]string `yaml:"options,omitempty" json:"options,omitempty"`
}

Authenticator represents the authenticator backend that is responsible for password validation.

type AuthenticatorType

type AuthenticatorType int

AuthenticatorType ...

type Command

type Command struct {
	Name    string   `yaml:"name" json:"name"`
	Match   []string `yaml:"match,omitempty" json:"match,omitempty"`
	Action  Action   `yaml:"action" json:"action"`
	Comment string   `yaml:"comment,omitempty" json:"comment,omitempty"`
}

Command represents a command and args/pattern to authorize a user's actions Example:

Command{
	Name:"|",
	Match: []string{
		"grep.*",
		"tail.*",
	},
	Action: Permit,
}

Is the same as the tacplus config would express it:

cmd = | {
	permit grep.*
	permit tail.*
}

func (*Command) TrimSpace

func (c *Command) TrimSpace()

TrimSpace removes all leading and trailing white space removed, as defined by Unicode.

type Group

type Group struct {
	Name          string         `yaml:"name" json:"name"`
	Services      []Service      `yaml:"services,omitempty" json:"services,omitempty"`
	Commands      []Command      `yaml:"commands,omitempty" json:"commands,omitempty"`
	Authenticator *Authenticator `yaml:"authenticator,omitempty" json:"authenticator,omitempty"`
	Accounter     *Accounter     `yaml:"accounter,omitempty" json:"accounter,omitempty"`
	Comment       string         `yaml:"comment,omitempty" json:"comment,omitempty"`
}

Group represents a set of services, commands, authenticators and a logger. groups do not inherit other groups. All other options will be unique items, not duplicated within a given group. These items are merged into a user level configuration, with user level items taking precedence over any group setting.

type Handler

type Handler struct {
	Type    HandlerType       `yaml:"type" json:"type"`
	Options map[string]string `yaml:"options,omitempty" json:"options,omitempty"`
}

Handler instructs the server what handler to use for the given SecretConfig

type HandlerType

type HandlerType int

HandlerType is the handler to use for incoming client exchanges. the standard package has one type, START, but you may provide others at your discretion.

type Keychain

type Keychain struct {
	Group string `yaml:"group" json:"group"`
	Key   string `yaml:"key" json:"key"`
}

Keychain represents a secure storage system whereas you may retrieve your sensitive credentials without storing them explicitly in config.

type Provider

type Provider map[string]*AAA

Provider gives us scoped AAA types, which are a wrapped User type

func New

func New() Provider

New returns a tacquito.ConfigProvider that maps a scoped username to a given SecretConfig.

func (Provider) GetUser

func (s Provider) GetUser(username string) *AAA

GetUser gets the handlers.Config that is associated to a username

func (Provider) New

func (s Provider) New(users map[string]*AAA) Provider

New returns a scoped provider for users

type ProviderType

type ProviderType int

ProviderType is associated to a ConfigProvider and indicates what sort of selection process is used when identifying what psk and config to provide to a calling client

type SecretConfig

type SecretConfig struct {
	Name    string            `yaml:"name" json:"name"`
	Secret  Keychain          `yaml:"secret" json:"secret"`
	Handler Handler           `yaml:"handler" json:"handler"`
	Type    ProviderType      `yaml:"type" json:"type"`
	Options map[string]string `yaml:"options,omitempty" json:"options,omitempty"`
}

SecretConfig applies to a group of client devices or even to a single one depending on how the secret providers are configured

type ServerConfig

type ServerConfig struct {
	Secrets     []SecretConfig `yaml:"secrets,omitempty" json:"secrets,omitempty"`
	Users       []User         `yaml:"users,omitempty" json:"users,omitempty"`
	PrefixDeny  []string       `yaml:"prefix_deny,omitempty" json:"prefix_deny,omitempty"`
	PrefixAllow []string       `yaml:"prefix_allow,omitempty" json:"prefix_allow,omitempty"`
}

ServerConfig represents a config for the server

type Service

type Service struct {
	Name      string  `yaml:"name" json:"name"`
	Match     []Value `yaml:"match,omitempty" json:"match,omitempty"`
	SetValues []Value `yaml:"set_values,omitempty" json:"set_values,omitempty"`
	Optional  bool    `yaml:"is_optional" json:"is_optional"`
	Comment   string  `yaml:"comment,omitempty" json:"comment,omitempty"`
}

Service represents a concept that looks for tacplus attributes, matches them and sets/replaces client provided attribute pairs. Example:

Service{
	Name: "junos-exec",
	SetValues: []Value{
		{Name: "allow-commands", Values: []string{"^configure (private|exclusive)$"},
		{Name: "deny-commands", Values: []string{"(^configure$)|(^configure (batch|dynamic)$)}",
	},
}

Is the same as the tacplus config would express it:

service = junos-exec {
	local-user-name = netops
	allow-commands = "^configure (private|exclusive)$"
	deny-commands = "(^configure$)|(^configure (batch|dynamic)$)"
}

Another example of matching and setting attribute values pairs:

Service{
	Name: "ppp",
 Match: []Value{
   {NameL: "protocol", Values: []string{"ip"},
},

	SetValues: []Value{
		{Name: "F5-LTM-User-Console", Values: []string{"1"}},
		{Name: "F5-LTM-User-Partition": Values []string{"all"}},
	},
}

but in tacplus world as:

service = ppp protocol = ip {
	F5-LTM-User-Info-1 = netops
	F5-LTM-User-Console = 1
	F5-LTM-User-Role = 0
	F5-LTM-User-Partition = All
}

func (*Service) TrimSpace

func (s *Service) TrimSpace()

TrimSpace removes all leading and trailing white space removed, as defined by Unicode.

type User

type User struct {
	Name          string         `yaml:"name" json:"name"`
	Scopes        []string       `yaml:"scopes,omitempty" json:"scopes,omitempty"`
	Groups        []Group        `yaml:"groups,omitempty" json:"groups,omitempty"`
	Services      []Service      `yaml:"services,omitempty" json:"services,omitempty"`
	Commands      []Command      `yaml:"commands,omitempty" json:"commands,omitempty"`
	Authenticator *Authenticator `yaml:"authenticator,omitempty" json:"authenticator,omitempty"`
	Accounter     *Accounter     `yaml:"accounter,omitempty" json:"accounter,omitempty"`
}

User is a fully composed version of all settings a user needs to go through aaa. All items on the user level will overwrite any settings provided by any inherited groups. Explicit settings on the user should be considered an override of any group level setting.

func (User) GetLocalizedScope

func (u User) GetLocalizedScope() string

GetLocalizedScope will return the singular scope that this user has been localized to if localization has not yet been performed, we use the first value, if available

func (User) HasScope

func (u User) HasScope(scope string) bool

HasScope returns bool if scope is found to be bound to this user

func (*User) LocalizeToScope

func (u *User) LocalizeToScope(scope string)

LocalizeToScope will set the Scopes field to the supplied scope name no validation is done and the string is accepted as is.

type Value

type Value struct {
	Name     string   `yaml:"name" json:"name"`
	Values   []string `yaml:"values,omitempty" json:"values,omitempty"`
	Optional bool     `yaml:"is_optional" json:"is_optional"`
	Comment  string   `yaml:"comment,omitempty" json:"comment,omitempty"`
}

Value is used within services

func (*Value) String

func (v *Value) String() string

func (*Value) TrimSpace

func (v *Value) TrimSpace()

TrimSpace removes all leading and trailing white space removed, as defined by Unicode.

Directories

Path Synopsis
accounters
Package authenticators provides reusable functions for types interested in implementing custom authenticators
Package authenticators provides reusable functions for types interested in implementing custom authenticators
authorizers

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL