Documentation ¶
Index ¶
- Variables
- func AppDir() string
- func ClientAwsSession(profile, region string) *session.Session
- func GenerateSshPermissions(options *CertificateOptions) ssh.Permissions
- func LambdaAwsSession() *session.Session
- func LambdaHandle(evt json.RawMessage) (interface{}, error)
- func RequestSignedPayload(sess *session.Session, lambdaArn string, req interface{}, resp interface{}) error
- func SignSsh(caKeyBytes, sshKeyPassphrase, pubkeyBytes []byte, certType uint32, ...) (*string, error)
- func TmpDir() string
- func ValidateToken(sess *session.Session, token Token, expectedKeyId string) bool
- type AuthorizationLambda
- type CertificateOptions
- type HostCertReqJson
- type HostCertRespJson
- type Jumpbox
- type Keypair
- type LambdaConfig
- type LkpHostCertAuthorizationRequest
- type LkpHostCertAuthorizationResponse
- type LkpUserCertAuthorizationRequest
- type LkpUserCertAuthorizationResponse
- type PlaintextPayload
- type ReifiedLogin
- type StsIdentity
- type Token
- type TokenParams
- type UserCertReqJson
- type UserCertRespJson
- type VoucherToken
Constants ¶
This section is empty.
Variables ¶
View Source
var ApplicationBuildDate string
View Source
var ApplicationVersion string
View Source
var DefaultSshPermissions = ssh.Permissions{ CriticalOptions: map[string]string{}, Extensions: map[string]string{ "permit-X11-forwarding": "", "permit-agent-forwarding": "", "permit-port-forwarding": "", "permit-pty": "", "permit-user-rc": "", }, }
Functions ¶
func ClientAwsSession ¶
func GenerateSshPermissions ¶
func GenerateSshPermissions(options *CertificateOptions) ssh.Permissions
func LambdaAwsSession ¶
func LambdaHandle ¶
func LambdaHandle(evt json.RawMessage) (interface{}, error)
func RequestSignedPayload ¶
Types ¶
type AuthorizationLambda ¶
type AuthorizationLambda struct {
// contains filtered or unexported fields
}
func NewAuthorizationLambda ¶
func NewAuthorizationLambda(config LambdaConfig) *AuthorizationLambda
func (*AuthorizationLambda) DoHostReq ¶
func (a *AuthorizationLambda) DoHostReq(hostReq HostCertReqJson) (*LkpHostCertAuthorizationResponse, error)
func (*AuthorizationLambda) DoUserReq ¶
func (a *AuthorizationLambda) DoUserReq(userReq UserCertReqJson) (*LkpUserCertAuthorizationResponse, error)
type CertificateOptions ¶
type HostCertReqJson ¶
type HostCertRespJson ¶
type HostCertRespJson struct {
SignedHostPublicKey string
}
func DoHostCertReq ¶
func DoHostCertReq(req HostCertReqJson, config LambdaConfig) (*HostCertRespJson, error)
type Jumpbox ¶
type Jumpbox struct { Address string User string HostKeyAlias string Principals []string SignedPublicKey string CertificateOptions *CertificateOptions }
func (*Jumpbox) JumpCertificatePath ¶
func (*Jumpbox) JumpboxFilepath ¶
type Keypair ¶
func GenerateKeyPair ¶
type LambdaConfig ¶
type PlaintextPayload ¶
type ReifiedLogin ¶
type ReifiedLogin struct { InstanceArn string Request *UserCertReqJson Response *UserCertRespJson // contains filtered or unexported fields }
func NewReifiedLoginWithCmd ¶
func NewReifiedLoginWithCmd(cmd *cobra.Command, args []string) *ReifiedLogin
func (*ReifiedLogin) CertificatePath ¶
func (r *ReifiedLogin) CertificatePath() string
func (*ReifiedLogin) Filepath ¶
func (r *ReifiedLogin) Filepath(name string) string
func (*ReifiedLogin) PopulateByInvoke ¶
func (r *ReifiedLogin) PopulateByInvoke()
func (*ReifiedLogin) PopulateByRestoreCache ¶
func (r *ReifiedLogin) PopulateByRestoreCache()
func (*ReifiedLogin) PrivateKeyPath ¶
func (r *ReifiedLogin) PrivateKeyPath() string
func (*ReifiedLogin) WriteSshConfig ¶
func (r *ReifiedLogin) WriteSshConfig() string
type StsIdentity ¶
func CallerIdentityUser ¶
func CallerIdentityUser(sess *session.Session) (*StsIdentity, error)
type Token ¶
type Token struct { Params TokenParams Signature []byte }
func CreateToken ¶
func CreateToken(sess *session.Session, params TokenParams, keyId string) Token
type TokenParams ¶
type TokenParams struct { FromId string FromAccount string To string Type string // optional fields below this comment FromName string `json:",omitempty"` Vouchee string `json:",omitempty"` Context string `json:",omitempty"` Vouchers []VoucherToken `json:",omitempty"` // the reason we have both these fields (rather than overloading one "InstanceArn" field) // is because we want to specify a KMS key policy that HostInstanceArn _MUST_ match // the ec2:SourceInstanceARN if it exists. if we didn't do this, then anyone _not_ on // an instance could request a host cert. HostInstanceArn string `json:",omitempty"` // this field is for when an instance is requesting a host cert RemoteInstanceArn string `json:",omitempty"` // this field is for when a user is requesting a user cert for a specific host SshUsername string `json:",omitempty"` // username on remote instance that user wants to access Principals []string `json:",omitempty"` // additional principals to include in cert }
func (*TokenParams) ToKmsContext ¶
func (params *TokenParams) ToKmsContext() map[string]*string
type UserCertReqJson ¶
type UserCertRespJson ¶
type UserCertRespJson struct { SignedPublicKey string Jumpboxes []Jumpbox `json:",omitempty"` TargetAddress string `json:",omitempty"` Expiry int64 }
func DoUserCertReq ¶
func DoUserCertReq(req UserCertReqJson, config LambdaConfig) (*UserCertRespJson, error)
type VoucherToken ¶
type VoucherToken Token
func DecodeVoucherToken ¶
func DecodeVoucherToken(encoded string) (*VoucherToken, error)
func (*VoucherToken) Encode ¶
func (vt *VoucherToken) Encode() string
Source Files ¶
Click to show internal directories.
Click to hide internal directories.