services

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 4, 2016 License: Apache-2.0 Imports: 14 Imported by: 669

Documentation

Overview

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	HostCert = "host"
	UserCert = "user"
)
View Source
const (
	Leader   = Event(1)
	Follower = Event(2)
)
View Source
const (
	MinPasswordLength = 6
	MaxPasswordLength = 128
	HOTPTokenDigits   = 6 //number of digits in each token
)

Variables

This section is empty.

Functions

func JoinTokenRole

func JoinTokenRole(token, role string) (ouputToken string, e error)

func SplitTokenRole

func SplitTokenRole(outputToken string) (token, role string, e error)

Types

type AuthorizedKey

type AuthorizedKey struct {
	ID    string `json:"id"`
	Value []byte `json:"value"`
}

type BkKeysService

type BkKeysService struct {
	*encryptedbk.ReplicatedBackend
}

func NewBkKeysService

func NewBkKeysService(backend *encryptedbk.ReplicatedBackend) *BkKeysService

type CAService

type CAService struct {
	// contains filtered or unexported fields
}

func NewCAService

func NewCAService(backend backend.Backend) *CAService

func (*CAService) DeleteRemoteCertificate

func (s *CAService) DeleteRemoteCertificate(certType, domainName, id string) error

func (*CAService) GetHostCertificateAuthority

func (s *CAService) GetHostCertificateAuthority() (*CertificateAuthority, error)

GetHostCertificateAuthority returns the host certificate authority certificate

func (*CAService) GetHostPrivateCertificateAuthority

func (s *CAService) GetHostPrivateCertificateAuthority() (*LocalCertificateAuthority, error)

GetHostPrivateCertificateAuthority returns private, public key and certificate for host CA

func (*CAService) GetRemoteCertificates

func (s *CAService) GetRemoteCertificates(certType string,
	domainName string) ([]CertificateAuthority, error)

GetRemoteCertificates returns remote certificates with given type and domain. If domainName is empty, it returns all certificates with given type

func (*CAService) GetTrustedCertificates

func (s *CAService) GetTrustedCertificates(certType string) ([]CertificateAuthority, error)

func (*CAService) GetUserCertificateAuthority

func (s *CAService) GetUserCertificateAuthority() (*CertificateAuthority, error)

GetUserCertificateAuthority returns the user certificate authority public key

func (*CAService) GetUserPrivateCertificateAuthority

func (s *CAService) GetUserPrivateCertificateAuthority() (*LocalCertificateAuthority, error)

GetCertificateAuthority returns private, public key and certificate for user CertificateAuthority

func (*CAService) UpsertHostCertificateAuthority

func (s *CAService) UpsertHostCertificateAuthority(ca LocalCertificateAuthority) error

UpsertHostCertificateAuthority upserts host certificate authority keys in OpenSSH authorized_keys format

func (*CAService) UpsertRemoteCertificate

func (s *CAService) UpsertRemoteCertificate(cert CertificateAuthority, ttl time.Duration) error

func (*CAService) UpsertUserCertificateAuthority

func (s *CAService) UpsertUserCertificateAuthority(ca LocalCertificateAuthority) error

UpsertUserCertificateAuthority upserts the user certificate authority keys in OpenSSH authorized_keys format

type CertificateAuthority

type CertificateAuthority struct {
	Type       string `json:"type" yaml:"type"`
	ID         string `json:"id" yaml:"id"`
	DomainName string `json:"domain_name" yaml:"domain_name" env:"domain_name"`
	PublicKey  []byte `json:"public_key" yaml:"public_key" env:"public_key"`
}

type CommandLabel

type CommandLabel struct {
	Period  time.Duration `json:"period"`
	Command []string      `json:"command"` //["cmd", "arg1", "arg2"]
	Result  string        `json:"result"`
}

func (CommandLabel) MarshalJSON

func (l CommandLabel) MarshalJSON() ([]byte, error)

func (*CommandLabel) UnmarshalJSON

func (l *CommandLabel) UnmarshalJSON(value []byte) error

custom JSON formatting for supporting time.Duration format (1h5m3s)

type CommandLabels

type CommandLabels map[string]CommandLabel

func (*CommandLabels) SetEnv

func (c *CommandLabels) SetEnv(v string) error

type Event

type Event int

type LeaderElectionService

type LeaderElectionService struct {
	// contains filtered or unexported fields
}

func NewLeaderElectionService

func NewLeaderElectionService(backend backend.Backend, path []string, serverID string) *LeaderElectionService

func (*LeaderElectionService) AcquireMaster

func (les *LeaderElectionService) AcquireMaster() bool

func (*LeaderElectionService) Disable

func (les *LeaderElectionService) Disable()

func (*LeaderElectionService) Start

func (les *LeaderElectionService) Start()

func (*LeaderElectionService) Subscribe

func (les *LeaderElectionService) Subscribe(c chan Event)

type LocalCertificateAuthority

type LocalCertificateAuthority struct {
	CertificateAuthority `json:"public"`
	PrivateKey           []byte `json:"private_key"`
}

type LockService

type LockService struct {
	// contains filtered or unexported fields
}

func NewLockService

func NewLockService(backend backend.Backend) *LockService

func (*LockService) AcquireLock

func (s *LockService) AcquireLock(token string, ttl time.Duration) error

Grab a lock that will be released automatically in ttl time

func (*LockService) ReleaseLock

func (s *LockService) ReleaseLock(token string) error

type PresenceService

type PresenceService struct {
	// contains filtered or unexported fields
}

func NewPresenceService

func NewPresenceService(backend backend.Backend) *PresenceService

func (*PresenceService) GetServers

func (s *PresenceService) GetServers() ([]Server, error)

GetServers returns a list of registered servers

func (*PresenceService) UpsertServer

func (s *PresenceService) UpsertServer(server Server, ttl time.Duration) error

UpsertServer registers server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

type ProvisionToken

type ProvisionToken struct {
	DomainName string
	Role       string
}

type ProvisioningService

type ProvisioningService struct {
	// contains filtered or unexported fields
}

func NewProvisioningService

func NewProvisioningService(backend backend.Backend) *ProvisioningService

func (*ProvisioningService) DeleteToken

func (s *ProvisioningService) DeleteToken(token string) error

func (*ProvisioningService) GetToken

func (s *ProvisioningService) GetToken(token string) (ProvisionToken, error)

func (*ProvisioningService) UpsertToken

func (s *ProvisioningService) UpsertToken(token, domainName, role string, ttl time.Duration) error

Tokens are provisioning tokens for the auth server

type Server

type Server struct {
	ID        string                  `json:"id"`
	Addr      string                  `json:"addr"`
	Hostname  string                  `json:"hostname"`
	Labels    map[string]string       `json:"labels"`
	CmdLabels map[string]CommandLabel `json:"cmd_labels"`
}

type ServicesTestSuite

type ServicesTestSuite struct {
	CAS           *CAService
	LockS         *LockService
	PresenceS     *PresenceService
	ProvisioningS *ProvisioningService
	UserS         *UserService
	WebS          *WebService
	ChangesC      chan interface{}
}

func NewServicesTestSuite

func NewServicesTestSuite(backend backend.Backend) *ServicesTestSuite

func (ServicesTestSuite) HostCACRUD

func (s ServicesTestSuite) HostCACRUD(c *C)

func (*ServicesTestSuite) Locking

func (s *ServicesTestSuite) Locking(c *C)

func (*ServicesTestSuite) PasswordCRUD

func (s *ServicesTestSuite) PasswordCRUD(c *C)

func (*ServicesTestSuite) PasswordGarbage

func (s *ServicesTestSuite) PasswordGarbage(c *C)

func (*ServicesTestSuite) PasswordHashCRUD

func (s *ServicesTestSuite) PasswordHashCRUD(c *C)

func (*ServicesTestSuite) RemoteCertCRUD

func (s *ServicesTestSuite) RemoteCertCRUD(c *C)

func (*ServicesTestSuite) ServerCRUD

func (s *ServicesTestSuite) ServerCRUD(c *C)

func (*ServicesTestSuite) TokenCRUD

func (s *ServicesTestSuite) TokenCRUD(c *C)

func (*ServicesTestSuite) TrustedCertificates

func (s *ServicesTestSuite) TrustedCertificates(c *C)

func (*ServicesTestSuite) UserCACRUD

func (s *ServicesTestSuite) UserCACRUD(c *C)

func (*ServicesTestSuite) UserKeyCRUD

func (s *ServicesTestSuite) UserKeyCRUD(c *C)

func (*ServicesTestSuite) UsersCRUD

func (s *ServicesTestSuite) UsersCRUD(c *C)

func (*ServicesTestSuite) WebSessionCRUD

func (s *ServicesTestSuite) WebSessionCRUD(c *C)

func (*ServicesTestSuite) WebTunCRUD

func (s *ServicesTestSuite) WebTunCRUD(c *C)

type SignupToken

type SignupToken struct {
	Token           string
	User            string
	Hotp            []byte
	HotpFirstValues []string
	HotpQR          []byte
}

type UserService

type UserService struct {
	// contains filtered or unexported fields
}

func NewUserService

func NewUserService(backend backend.Backend) *UserService

func (*UserService) DeleteUser

func (s *UserService) DeleteUser(user string) error

DeleteUser deletes a user with all the keys from the backend

func (*UserService) DeleteUserKey

func (s *UserService) DeleteUserKey(user, key string) error

DeleteUserKey deletes user key by given ID

func (*UserService) GetUserKeys

func (s *UserService) GetUserKeys(user string) ([]AuthorizedKey, error)

GetUserKeys returns a list of authorized keys for a given user in a OpenSSH key authorized_keys format

func (*UserService) GetUsers

func (s *UserService) GetUsers() ([]string, error)

GetUsers returns a list of users registered in the backend

func (*UserService) UpsertUserKey

func (s *UserService) UpsertUserKey(user string, key AuthorizedKey,
	ttl time.Duration) error

Upsert Public key in OpenSSH authorized Key format user is a user name, keyID is a unique IDentifier for the key in case if ttl is 0, the key will be upserted permanently, otherwise it will expire in ttl seconds

type WebService

type WebService struct {
	SignupMutex *sync.Mutex
	// contains filtered or unexported fields
}

func NewWebService

func NewWebService(backend backend.Backend) *WebService

func (*WebService) CheckPassword

func (s *WebService) CheckPassword(user string, password []byte, hotpToken string) error

func (*WebService) CheckPasswordWOToken

func (s *WebService) CheckPasswordWOToken(user string, password []byte) error

TO DO: not very good

func (*WebService) DeleteSignupToken

func (s *WebService) DeleteSignupToken(token string) error

func (*WebService) DeleteWebSession

func (s *WebService) DeleteWebSession(user, sid string) error

DeleteWebSession

func (*WebService) DeleteWebTun

func (s *WebService) DeleteWebTun(prefix string) error

func (*WebService) GetHOTP

func (s *WebService) GetHOTP(user string) (*hotp.HOTP, error)

func (*WebService) GetPasswordHash

func (s *WebService) GetPasswordHash(user string) ([]byte, error)

GetPasswordHash returns the password hash for a given user

func (*WebService) GetSignupToken

func (s *WebService) GetSignupToken(token string) (tokenData SignupToken,
	ttl time.Duration, e error)

func (*WebService) GetWebSession

func (s *WebService) GetWebSession(user, sid string) (*WebSession, error)

GetWebSession

func (*WebService) GetWebSessionsKeys

func (s *WebService) GetWebSessionsKeys(user string) ([]AuthorizedKey, error)

GetWebSessionsKeys

func (*WebService) GetWebTun

func (s *WebService) GetWebTun(prefix string) (*WebTun, error)

func (*WebService) GetWebTuns

func (s *WebService) GetWebTuns() ([]WebTun, error)

func (*WebService) UpsertHOTP

func (s *WebService) UpsertHOTP(user string, otp *hotp.HOTP) error

func (*WebService) UpsertPassword

func (s *WebService) UpsertPassword(user string,
	password []byte) (hotpURL string, hotpQR []byte, err error)

func (*WebService) UpsertPasswordHash

func (s *WebService) UpsertPasswordHash(user string, hash []byte) error

UpsertPasswordHash upserts user password hash

func (*WebService) UpsertSignupToken

func (s *WebService) UpsertSignupToken(token string, tokenData SignupToken, ttl time.Duration) error

func (*WebService) UpsertWebSession

func (s *WebService) UpsertWebSession(user, sid string,
	session WebSession, ttl time.Duration) error

UpsertSession

func (*WebService) UpsertWebTun

func (s *WebService) UpsertWebTun(tun WebTun, ttl time.Duration) error

type WebSession

type WebSession struct {
	Pub  []byte `json:"pub"`
	Priv []byte `json:"priv"`
}

type WebTun

type WebTun struct {
	// Prefix is a domain prefix that will be used
	// to serve this tunnel
	Prefix string `json:"prefix"`
	// ProxyAddr is the address of the SSH server
	// that will be acting as a SSH proxy
	ProxyAddr string `json:"proxy"`
	// TargetAddr is the target http address of the server
	TargetAddr string `json:"target"`
}

WebTun is a web tunnel, the SSH tunnel created by the SSH server to a remote web server

func NewWebTun

func NewWebTun(prefix, proxyAddr, targetAddr string) (*WebTun, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL