Documentation ¶
Overview ¶
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- func JoinTokenRole(token, role string) (ouputToken string, e error)
- func SplitTokenRole(outputToken string) (token, role string, e error)
- type AuthorizedKey
- type BkKeysService
- type CAService
- func (s *CAService) DeleteRemoteCertificate(certType, domainName, id string) error
- func (s *CAService) GetHostCertificateAuthority() (*CertificateAuthority, error)
- func (s *CAService) GetHostPrivateCertificateAuthority() (*LocalCertificateAuthority, error)
- func (s *CAService) GetRemoteCertificates(certType string, domainName string) ([]CertificateAuthority, error)
- func (s *CAService) GetTrustedCertificates(certType string) ([]CertificateAuthority, error)
- func (s *CAService) GetUserCertificateAuthority() (*CertificateAuthority, error)
- func (s *CAService) GetUserPrivateCertificateAuthority() (*LocalCertificateAuthority, error)
- func (s *CAService) UpsertHostCertificateAuthority(ca LocalCertificateAuthority) error
- func (s *CAService) UpsertRemoteCertificate(cert CertificateAuthority, ttl time.Duration) error
- func (s *CAService) UpsertUserCertificateAuthority(ca LocalCertificateAuthority) error
- type CertificateAuthority
- type CommandLabel
- type CommandLabels
- type Event
- type LeaderElectionService
- type LocalCertificateAuthority
- type LockService
- type PresenceService
- type ProvisionToken
- type ProvisioningService
- type Server
- type ServicesTestSuite
- func (s ServicesTestSuite) HostCACRUD(c *C)
- func (s *ServicesTestSuite) Locking(c *C)
- func (s *ServicesTestSuite) PasswordCRUD(c *C)
- func (s *ServicesTestSuite) PasswordGarbage(c *C)
- func (s *ServicesTestSuite) PasswordHashCRUD(c *C)
- func (s *ServicesTestSuite) RemoteCertCRUD(c *C)
- func (s *ServicesTestSuite) ServerCRUD(c *C)
- func (s *ServicesTestSuite) TokenCRUD(c *C)
- func (s *ServicesTestSuite) TrustedCertificates(c *C)
- func (s *ServicesTestSuite) UserCACRUD(c *C)
- func (s *ServicesTestSuite) UserKeyCRUD(c *C)
- func (s *ServicesTestSuite) UsersCRUD(c *C)
- func (s *ServicesTestSuite) WebSessionCRUD(c *C)
- func (s *ServicesTestSuite) WebTunCRUD(c *C)
- type SignupToken
- type UserService
- func (s *UserService) DeleteUser(user string) error
- func (s *UserService) DeleteUserKey(user, key string) error
- func (s *UserService) GetUserKeys(user string) ([]AuthorizedKey, error)
- func (s *UserService) GetUsers() ([]string, error)
- func (s *UserService) UpsertUserKey(user string, key AuthorizedKey, ttl time.Duration) error
- type WebService
- func (s *WebService) CheckPassword(user string, password []byte, hotpToken string) error
- func (s *WebService) CheckPasswordWOToken(user string, password []byte) error
- func (s *WebService) DeleteSignupToken(token string) error
- func (s *WebService) DeleteWebSession(user, sid string) error
- func (s *WebService) DeleteWebTun(prefix string) error
- func (s *WebService) GetHOTP(user string) (*hotp.HOTP, error)
- func (s *WebService) GetPasswordHash(user string) ([]byte, error)
- func (s *WebService) GetSignupToken(token string) (tokenData SignupToken, ttl time.Duration, e error)
- func (s *WebService) GetWebSession(user, sid string) (*WebSession, error)
- func (s *WebService) GetWebSessionsKeys(user string) ([]AuthorizedKey, error)
- func (s *WebService) GetWebTun(prefix string) (*WebTun, error)
- func (s *WebService) GetWebTuns() ([]WebTun, error)
- func (s *WebService) UpsertHOTP(user string, otp *hotp.HOTP) error
- func (s *WebService) UpsertPassword(user string, password []byte) (hotpURL string, hotpQR []byte, err error)
- func (s *WebService) UpsertPasswordHash(user string, hash []byte) error
- func (s *WebService) UpsertSignupToken(token string, tokenData SignupToken, ttl time.Duration) error
- func (s *WebService) UpsertWebSession(user, sid string, session WebSession, ttl time.Duration) error
- func (s *WebService) UpsertWebTun(tun WebTun, ttl time.Duration) error
- type WebSession
- type WebTun
Constants ¶
const ( HostCert = "host" UserCert = "user" )
const ( Leader = Event(1) Follower = Event(2) )
const ( MinPasswordLength = 6 MaxPasswordLength = 128 HOTPTokenDigits = 6 //number of digits in each token )
Variables ¶
This section is empty.
Functions ¶
func JoinTokenRole ¶
func SplitTokenRole ¶
Types ¶
type AuthorizedKey ¶
type BkKeysService ¶
type BkKeysService struct {
*encryptedbk.ReplicatedBackend
}
func NewBkKeysService ¶
func NewBkKeysService(backend *encryptedbk.ReplicatedBackend) *BkKeysService
type CAService ¶
type CAService struct {
// contains filtered or unexported fields
}
func NewCAService ¶
func (*CAService) DeleteRemoteCertificate ¶
func (*CAService) GetHostCertificateAuthority ¶
func (s *CAService) GetHostCertificateAuthority() (*CertificateAuthority, error)
GetHostCertificateAuthority returns the host certificate authority certificate
func (*CAService) GetHostPrivateCertificateAuthority ¶
func (s *CAService) GetHostPrivateCertificateAuthority() (*LocalCertificateAuthority, error)
GetHostPrivateCertificateAuthority returns private, public key and certificate for host CA
func (*CAService) GetRemoteCertificates ¶
func (s *CAService) GetRemoteCertificates(certType string, domainName string) ([]CertificateAuthority, error)
GetRemoteCertificates returns remote certificates with given type and domain. If domainName is empty, it returns all certificates with given type
func (*CAService) GetTrustedCertificates ¶
func (s *CAService) GetTrustedCertificates(certType string) ([]CertificateAuthority, error)
func (*CAService) GetUserCertificateAuthority ¶
func (s *CAService) GetUserCertificateAuthority() (*CertificateAuthority, error)
GetUserCertificateAuthority returns the user certificate authority public key
func (*CAService) GetUserPrivateCertificateAuthority ¶
func (s *CAService) GetUserPrivateCertificateAuthority() (*LocalCertificateAuthority, error)
GetCertificateAuthority returns private, public key and certificate for user CertificateAuthority
func (*CAService) UpsertHostCertificateAuthority ¶
func (s *CAService) UpsertHostCertificateAuthority(ca LocalCertificateAuthority) error
UpsertHostCertificateAuthority upserts host certificate authority keys in OpenSSH authorized_keys format
func (*CAService) UpsertRemoteCertificate ¶
func (s *CAService) UpsertRemoteCertificate(cert CertificateAuthority, ttl time.Duration) error
func (*CAService) UpsertUserCertificateAuthority ¶
func (s *CAService) UpsertUserCertificateAuthority(ca LocalCertificateAuthority) error
UpsertUserCertificateAuthority upserts the user certificate authority keys in OpenSSH authorized_keys format
type CertificateAuthority ¶
type CommandLabel ¶
type CommandLabel struct { Period time.Duration `json:"period"` Command []string `json:"command"` //["cmd", "arg1", "arg2"] Result string `json:"result"` }
func (CommandLabel) MarshalJSON ¶
func (l CommandLabel) MarshalJSON() ([]byte, error)
func (*CommandLabel) UnmarshalJSON ¶
func (l *CommandLabel) UnmarshalJSON(value []byte) error
custom JSON formatting for supporting time.Duration format (1h5m3s)
type CommandLabels ¶
type CommandLabels map[string]CommandLabel
func (*CommandLabels) SetEnv ¶
func (c *CommandLabels) SetEnv(v string) error
type LeaderElectionService ¶
type LeaderElectionService struct {
// contains filtered or unexported fields
}
func NewLeaderElectionService ¶
func NewLeaderElectionService(backend backend.Backend, path []string, serverID string) *LeaderElectionService
func (*LeaderElectionService) AcquireMaster ¶
func (les *LeaderElectionService) AcquireMaster() bool
func (*LeaderElectionService) Disable ¶
func (les *LeaderElectionService) Disable()
func (*LeaderElectionService) Start ¶
func (les *LeaderElectionService) Start()
func (*LeaderElectionService) Subscribe ¶
func (les *LeaderElectionService) Subscribe(c chan Event)
type LocalCertificateAuthority ¶
type LocalCertificateAuthority struct { CertificateAuthority `json:"public"` PrivateKey []byte `json:"private_key"` }
type LockService ¶
type LockService struct {
// contains filtered or unexported fields
}
func NewLockService ¶
func NewLockService(backend backend.Backend) *LockService
func (*LockService) AcquireLock ¶
func (s *LockService) AcquireLock(token string, ttl time.Duration) error
Grab a lock that will be released automatically in ttl time
func (*LockService) ReleaseLock ¶
func (s *LockService) ReleaseLock(token string) error
type PresenceService ¶
type PresenceService struct {
// contains filtered or unexported fields
}
func NewPresenceService ¶
func NewPresenceService(backend backend.Backend) *PresenceService
func (*PresenceService) GetServers ¶
func (s *PresenceService) GetServers() ([]Server, error)
GetServers returns a list of registered servers
func (*PresenceService) UpsertServer ¶
func (s *PresenceService) UpsertServer(server Server, ttl time.Duration) error
UpsertServer registers server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
type ProvisionToken ¶
type ProvisioningService ¶
type ProvisioningService struct {
// contains filtered or unexported fields
}
func NewProvisioningService ¶
func NewProvisioningService(backend backend.Backend) *ProvisioningService
func (*ProvisioningService) DeleteToken ¶
func (s *ProvisioningService) DeleteToken(token string) error
func (*ProvisioningService) GetToken ¶
func (s *ProvisioningService) GetToken(token string) (ProvisionToken, error)
func (*ProvisioningService) UpsertToken ¶
func (s *ProvisioningService) UpsertToken(token, domainName, role string, ttl time.Duration) error
Tokens are provisioning tokens for the auth server
type ServicesTestSuite ¶
type ServicesTestSuite struct { CAS *CAService LockS *LockService PresenceS *PresenceService ProvisioningS *ProvisioningService UserS *UserService WebS *WebService ChangesC chan interface{} }
func NewServicesTestSuite ¶
func NewServicesTestSuite(backend backend.Backend) *ServicesTestSuite
func (ServicesTestSuite) HostCACRUD ¶
func (s ServicesTestSuite) HostCACRUD(c *C)
func (*ServicesTestSuite) Locking ¶
func (s *ServicesTestSuite) Locking(c *C)
func (*ServicesTestSuite) PasswordCRUD ¶
func (s *ServicesTestSuite) PasswordCRUD(c *C)
func (*ServicesTestSuite) PasswordGarbage ¶
func (s *ServicesTestSuite) PasswordGarbage(c *C)
func (*ServicesTestSuite) PasswordHashCRUD ¶
func (s *ServicesTestSuite) PasswordHashCRUD(c *C)
func (*ServicesTestSuite) RemoteCertCRUD ¶
func (s *ServicesTestSuite) RemoteCertCRUD(c *C)
func (*ServicesTestSuite) ServerCRUD ¶
func (s *ServicesTestSuite) ServerCRUD(c *C)
func (*ServicesTestSuite) TokenCRUD ¶
func (s *ServicesTestSuite) TokenCRUD(c *C)
func (*ServicesTestSuite) TrustedCertificates ¶
func (s *ServicesTestSuite) TrustedCertificates(c *C)
func (*ServicesTestSuite) UserCACRUD ¶
func (s *ServicesTestSuite) UserCACRUD(c *C)
func (*ServicesTestSuite) UserKeyCRUD ¶
func (s *ServicesTestSuite) UserKeyCRUD(c *C)
func (*ServicesTestSuite) UsersCRUD ¶
func (s *ServicesTestSuite) UsersCRUD(c *C)
func (*ServicesTestSuite) WebSessionCRUD ¶
func (s *ServicesTestSuite) WebSessionCRUD(c *C)
func (*ServicesTestSuite) WebTunCRUD ¶
func (s *ServicesTestSuite) WebTunCRUD(c *C)
type SignupToken ¶
type UserService ¶
type UserService struct {
// contains filtered or unexported fields
}
func NewUserService ¶
func NewUserService(backend backend.Backend) *UserService
func (*UserService) DeleteUser ¶
func (s *UserService) DeleteUser(user string) error
DeleteUser deletes a user with all the keys from the backend
func (*UserService) DeleteUserKey ¶
func (s *UserService) DeleteUserKey(user, key string) error
DeleteUserKey deletes user key by given ID
func (*UserService) GetUserKeys ¶
func (s *UserService) GetUserKeys(user string) ([]AuthorizedKey, error)
GetUserKeys returns a list of authorized keys for a given user in a OpenSSH key authorized_keys format
func (*UserService) GetUsers ¶
func (s *UserService) GetUsers() ([]string, error)
GetUsers returns a list of users registered in the backend
func (*UserService) UpsertUserKey ¶
func (s *UserService) UpsertUserKey(user string, key AuthorizedKey, ttl time.Duration) error
Upsert Public key in OpenSSH authorized Key format user is a user name, keyID is a unique IDentifier for the key in case if ttl is 0, the key will be upserted permanently, otherwise it will expire in ttl seconds
type WebService ¶
func NewWebService ¶
func NewWebService(backend backend.Backend) *WebService
func (*WebService) CheckPassword ¶
func (s *WebService) CheckPassword(user string, password []byte, hotpToken string) error
func (*WebService) CheckPasswordWOToken ¶
func (s *WebService) CheckPasswordWOToken(user string, password []byte) error
TO DO: not very good
func (*WebService) DeleteSignupToken ¶
func (s *WebService) DeleteSignupToken(token string) error
func (*WebService) DeleteWebSession ¶
func (s *WebService) DeleteWebSession(user, sid string) error
DeleteWebSession
func (*WebService) DeleteWebTun ¶
func (s *WebService) DeleteWebTun(prefix string) error
func (*WebService) GetPasswordHash ¶
func (s *WebService) GetPasswordHash(user string) ([]byte, error)
GetPasswordHash returns the password hash for a given user
func (*WebService) GetSignupToken ¶
func (s *WebService) GetSignupToken(token string) (tokenData SignupToken, ttl time.Duration, e error)
func (*WebService) GetWebSession ¶
func (s *WebService) GetWebSession(user, sid string) (*WebSession, error)
GetWebSession
func (*WebService) GetWebSessionsKeys ¶
func (s *WebService) GetWebSessionsKeys(user string) ([]AuthorizedKey, error)
GetWebSessionsKeys
func (*WebService) GetWebTuns ¶
func (s *WebService) GetWebTuns() ([]WebTun, error)
func (*WebService) UpsertHOTP ¶
func (s *WebService) UpsertHOTP(user string, otp *hotp.HOTP) error
func (*WebService) UpsertPassword ¶
func (*WebService) UpsertPasswordHash ¶
func (s *WebService) UpsertPasswordHash(user string, hash []byte) error
UpsertPasswordHash upserts user password hash
func (*WebService) UpsertSignupToken ¶
func (s *WebService) UpsertSignupToken(token string, tokenData SignupToken, ttl time.Duration) error
func (*WebService) UpsertWebSession ¶
func (s *WebService) UpsertWebSession(user, sid string, session WebSession, ttl time.Duration) error
UpsertSession
func (*WebService) UpsertWebTun ¶
func (s *WebService) UpsertWebTun(tun WebTun, ttl time.Duration) error
type WebSession ¶
type WebTun ¶
type WebTun struct { // Prefix is a domain prefix that will be used // to serve this tunnel Prefix string `json:"prefix"` // ProxyAddr is the address of the SSH server // that will be acting as a SSH proxy ProxyAddr string `json:"proxy"` // TargetAddr is the target http address of the server TargetAddr string `json:"target"` }
WebTun is a web tunnel, the SSH tunnel created by the SSH server to a remote web server