signer

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 20, 2022 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetTokenFromHelper

func GetTokenFromHelper() (string, error)

GetTokenFromHelper uses the standard vault client binary to retrieve the "current" default token, avoiding reimplementation of token_helper, etc.

func GetVaultClient added in v0.3.0

func GetVaultClient() (*api.Client, error)

GetVaultClient returns a full configured Vault API Client

func ParseArgs

func ParseArgs(client *Client, args []string) ([]string, error)

Types

type Client

type Client struct {
	API        *api.Client
	RoleConfig map[string]interface{}
	Options    Options
	PublicKey  []byte
	SignedKey  string
}

func (*Client) GetAllowedUser added in v0.3.0

func (c *Client) GetAllowedUser() string

func (*Client) GetRoleData added in v0.3.0

func (c *Client) GetRoleData() map[string]interface{}

func (*Client) GetSignedKey

func (c *Client) GetSignedKey(principal string) (string, error)

GetSignedKey signs the configured public key, sets the SignedKey property to the filename of the signed key and returns the filename

func (*Client) RequiredExtensions

func (c *Client) RequiredExtensions() map[string]string

RequiredExtensions calculates the required set of extensions to request based on the options set on Client

func (*Client) SetPublicKey added in v0.3.0

func (c *Client) SetPublicKey(fn string) error

type Extensions

type Extensions struct {
	Default         bool `` /* 152-byte string literal not displayed */
	AgentForwarding bool `long:"agent-forwarding" env:"VAULT_SSH_AGENT_FORWARDING" description:"Force permit-agent-forwarding extension"`
	PortForwarding  bool `long:"port-forwarding" env:"VAULT_SSH_PORT_FORWARDING" description:"Force permit-port-forwarding extension"`
	NoPTY           bool `long:"no-pty" env:"VAULT_SSH_NO_PTY" description:"Force disable permit-pty extension"`
	UserRC          bool `long:"user-rc" env:"VAULT_SSH_USER_RC" description:"Enable permit-user-rc extension"`
	X11Forwarding   bool `long:"x11-forwarding" env:"VAULT_SSH_X11_FORWARDING" description:"Force permit-X11-forwarding extension"`
}

Extensions control what certificate extensions are required for the signed key

type Options

type Options struct {
	Path       string     `long:"path" default:"ssh" env:"VAULT_SSH_PATH" description:"Vault SSH Path"`
	Role       string     `long:"role" default:"default" env:"VAULT_SSH_ROLE" description:"Vault SSH Role"`
	TTL        uint       `long:"ttl" default:"300" env:"VAULT_SSH_TTL" description:"Vault SSH Certificate TTL"`
	PublicKey  string     `` /* 127-byte string literal not displayed */
	Extensions Extensions `group:"Certificate Extensions"`
}

Options define signer-specific flags

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL