Documentation
¶
Index ¶
- func GetClaim(jwt string, claim string) (string, error)
- func StatusLive(echoContext echo.Context) error
- func StatusReady(c echo.Context) error
- type AppHandler
- func (h AppHandler) AddRoles(c echo.Context) error
- func (h AppHandler) AssociateRoleToUser(c echo.Context) error
- func (h AppHandler) CertCreate(c echo.Context) error
- func (h AppHandler) CertInfo(c echo.Context) error
- func (h AppHandler) DisassociateRoleToUser(c echo.Context) error
- func (h AppHandler) GetRoles(c echo.Context) error
- func (h AppHandler) GetRolesByUser(c echo.Context) error
- func (h AppHandler) GetRolesForMe(c echo.Context) error
- func (h AppHandler) GetUsersWithRole(c echo.Context) error
- func (h AppHandler) PublicKey(c echo.Context) error
- func (h AppHandler) RemoveRole(c echo.Context) error
- func (h AppHandler) StatusConfig(c echo.Context) error
- type IDToken
- type Vault
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func StatusLive ¶
StatusLive is a method that respond WORKING and is used to verify that the application is running (live)
func StatusReady ¶
StatusReady is a method which is used to verify that the application is able to receive data (ready)
Types ¶
type AppHandler ¶
type AppHandler struct {
// contains filtered or unexported fields
}
AppHandler is a struct that maintains persistence of objects used in handlers
func NewAppHandler ¶
func NewAppHandler(config viper.Viper, auditChannel chan types.AuditRecord, logChannel chan map[string]interface{}, db *gorm.DB, permEnforcer *casbin.Enforcer) *AppHandler
NewAppHandler return a new pointer of user struct
func (AppHandler) AddRoles ¶
func (h AppHandler) AddRoles(c echo.Context) error
AddRoles adds a new role
func (AppHandler) AssociateRoleToUser ¶
func (h AppHandler) AssociateRoleToUser(c echo.Context) error
AssociateRoleToUser associates a role to a specific user
func (AppHandler) CertCreate ¶
func (h AppHandler) CertCreate(c echo.Context) error
CertCreate create a certificate for user login - Input JSON sample:
{
"key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1sB8sL1RATWY04/aLHlRiIyBc59h+Vr+kcK/RL6yYcT3PqAvzTHMlstXKbG9g4P18+DriHbOxeXQXRL/FZAJTE/kBs4iW/C75gxfny4scEq3xyAepk8R+812UKBN9QDivU7+LJ67YrmrZo8OmfhhVhqqvH8wIrjc85WuEpmqK7FcMZblcS4SgDMuOr11PWx36VNd5XRnRM0gfp3WFh3SRVqKHoH/39VHPHMz7LHt360EwKu9yslV7J0Jj631tG3p3061Nit/VOed6vRdFSE3na5FIwDw+LNvFJR8ahmAUKk1aMllBcRH8oXksDw5YufB84CRIr0znO/+8SIgcKXLl manoel.junior@twofish.local",
"remote_user":"jim",
"remote_host":"192.168.2.105",
"user_ip":"192.168.2.5",
"command":"/bin/bash"
}
- Output sample
{
"result": "success",
"certificate": "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3
BlbnNzaC5jb20AAAAgvz4Hjd5bR2H2ryXBjyTuGt+Uerg80LriH48MtyOyBIgAAAADAQABAAABAQ C1sB8sL1RATWY04/aLHlRiIyBc59h+Vr+kcK/RL6yYcT3PqAvzTHMlstXKbG9g4P18+DriHbOxeX QXRL/FZAJTE/kBs4iW/C75gxfny4scEq3xyAepk8R+812UKBN9QDivU7+LJ67YrmrZo8OmfhhVhq qvH8wIrjc85WuEpmqK7FcMZblcS4SgDMuOr11PWx36VNd5XRnRM0gfp3WFh3SRVqKHoH/39VHPHM z7LHt360EwKu9yslV7J0Jj631tG3p3061Nit/VOed6vRdFSE3na5FIwDw+LNvFJR8ahmAUKk1aMl lBcRH8oXksDw5YufB84CRIr0znO/+8SIgcKXLlAAAAAAAAAAAAAAABAAAAtXVzZXJbXSBmcm9tWz E5Mi4xNjguMi41XSBjb21tYW5kW10gc3NoS2V5WzgwOjI5OmY3OmZjOjFkOjFhOjdmOjRiOmM4Oj JhOjJhOmUwOjA4OmU2OmQzOjMyXSBjYVtTSEEyNTY6OU5zLzdHamwxVVFReXBodElLREdZZCtPeU JkVjVrWnNRK3lmaVhzdDg0Y10gdmFsaWQgdG9bMjAxOC0xMi0wOVQyMTowNjozNS0wMjowMF0AAA AHAAAAA2ppbQAAAABcDZ2FAAAAAFwNn/sAAAAlAAAADnNvdXJjZS1hZGRyZXNzAAAADwAAAAsxOT IuMTY4LjIuNQAAABIAAAAKcGVybWl0LXB0eQAAAAAAAAAAAAABFQAAAAdzc2gtcnNhAAAAASMAAA EBAPj/vg/zXKNBy+GjtW0dZfZ2LQUeCA5FhOiQPaCpKpLO7YMAA63Lb3KbGdDOAnTFS3K69dwA+o ItlSO7aEkIfo7YNxCNb6tMIwoa6y3E1hdQI2N+lAhcg2lSQtbeKzpds7vvQ/j5UuSVWvRxBJZOCk XEHRaA7y8e2jWVHQg9kcDeTFCvcIj7AEkBPTUXQFJd/RxDWmiYPSdQ9FTq39y11jKk9YXsG2fjiZ o1uenoWCBJi2DJ9gkE53ednJzGAKa7y2+KMHwbPhcuTm19YvtH31M9iF2JtkZx5qXXeWlJ7HgkcY 60j2bUfqBIlZH/dor4t6BHcBOAHbm32C4Xe4jSRVMAAAEPAAAAB3NzaC1yc2EAAAEAp/sdFMyeo6 Jbdu4R33pZiSuTBGyBash4SlK4PoVEiuWnN2UHVH6DAi84qzG+Qhho48YJYarDDxxbOxcDinQ2j1 5XU0V/vVeucS12UF06HG9r+J51u0KMA/3dN4WNG6GKDrzY5M5Uad7lWnDNtbjRnhPVPCxHgV5YQL O6k94+kaPZbR+bVWb5tAOMoC1XHBwwDNLDqUKs2C8lvEpJY0Mf7ag9SNSep0Q5isq97zY3CWwPCt pYTN9tkQpfn+Noe4H7yOP2mkpAs3i7j/u0+Zz6SHejy4A7HlGHfJvWrOyg8J0ZzBSl5ho5eAw4Lr t+xcTVkFgWWPcml7CFiGwFhbui4w== }
func (AppHandler) CertInfo ¶
func (h AppHandler) CertInfo(c echo.Context) error
CertInfo returns certificate info based on KeyID
- Output sample
{
"result":"success",
"remote_user": "username",
"remote_host": "10.0.0.1"
}
func (AppHandler) DisassociateRoleToUser ¶
func (h AppHandler) DisassociateRoleToUser(c echo.Context) error
DisassociateRoleToUser disassociates a role to a specific user
func (AppHandler) GetRoles ¶
func (h AppHandler) GetRoles(c echo.Context) error
GetRoles prints all the existing roles
func (AppHandler) GetRolesByUser ¶
func (h AppHandler) GetRolesByUser(c echo.Context) error
GetRolesByUser prints all the existing roles to specific user
func (AppHandler) GetRolesForMe ¶
func (h AppHandler) GetRolesForMe(c echo.Context) error
GetRolesForMe prints all the existing roles to current user
func (AppHandler) GetUsersWithRole ¶
func (h AppHandler) GetUsersWithRole(c echo.Context) error
GetUsersWithRole prints all associated users to specific role
func (AppHandler) PublicKey ¶
func (h AppHandler) PublicKey(c echo.Context) error
PublicKey returns CA public key
- Output sample
{
"result":"success",
"public_key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6rGI3i3D1fvay1MFKHjEfcvKA
A6vuNH5ayPcmOIoeHvkXPO6uCp4pbSNmy45szxyTEjGYJx0F6qylUzi4jZ+1BIpq5QStetsP4pryLhd vK21bkCIBAqZbmw6Wc4D2Z+Qc7Is1/ZBr3g2lmfWApNqFmlwnDGpH6Hp0lRdBtanTz3/er99JS9WRXF c/uRGkY6n/fX3VELTixmcyRIIQDI66Cy+6jkS9nDn4E8Hu2mshWP/VtOok4DsIBk1YQb9wSeTOtmIZf EjBbzcKyBorYHWqYvNXN4wDtKtSTypjE1d42qodK3sKNMqqrIXdicHUId967oL7497+jDklpfZ24z3O gM7rdXRijDJUP6RcBpKFSriGOV6wolYop7Rc/DLgA16MOx8Zh/iVh3LI0zKyeQhG5tNO/hoNPe8Bp0k IXio9xBt/TyAHl3OfFQ6rYOwefvmp2ladV2Wy/BeIOPnswO0jk288qpzUDYE8sOlrtn3DZfqG5auDAe A+7XNuDuwUmwjSFTRz4nAtooCaF8UTysIfHYFgtKvU+xCIXWsHMr4BSaF1B3f2434r4Hn0gfWeg5CSu 0nO45S07q3TKjnoo644zmHtuUUw/+fG1ctmmjq1DO85TcotqdW1oT/SZwYxK7hqwvY7S5uClkUSXmDG
UY3HMVIFLJPzCBi4bjhIX6Jbdw==\n" }
func (AppHandler) RemoveRole ¶
func (h AppHandler) RemoveRole(c echo.Context) error
RemoveRole removes an existent role
func (AppHandler) StatusConfig ¶
func (h AppHandler) StatusConfig(c echo.Context) error
StatusConfig is a method that respond WORKING and is used to verify that the application is running (live)
type IDToken ¶
type IDToken struct {
Issuer string `json:"iss"`
Subject string `json:"sub"`
Audience audience `json:"aud"`
AuthorizedParty string `json:"azp"`
Expiry jsonTime `json:"exp"`
IssuedAt jsonTime `json:"iat"`
JTI string `json:"jti"`
Nonce string `json:"nonce"`
AtHash string `json:"at_hash"`
Name string `json:"name"`
PreferredUsername string `json:"preferred_username"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
MiddleName string `json:"middle_name"`
Nickname string `json:"nickname"`
PhoneNumber string `json:"phone_number"`
Email string `json:"email"`
ClaimNames map[string]string `json:"_claim_names"`
ClaimSources map[string]claimSource `json:"_claim_sources"`
}
IDToken is the struct that holds all information about a JWT token
type Vault ¶
type Vault struct {
// contains filtered or unexported fields
}
Vault store configuration to use remote Vault as cert signer
func (*Vault) GetExternalPublicKey ¶
GetExternalPublicKey returns public key from external CA
func (*Vault) SignUserSSHCertificate ¶
func (v *Vault) SignUserSSHCertificate(c *ssh.Certificate) (string, error)
SignUserSSHCertificate sign ssh.Certificate for user and return a string with data (without \n at end)
Source Files