services

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 4, 2016 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	HostCert = "host"
	UserCert = "user"
)
View Source 
const (
	Leader   = Event(1)
	Follower = Event(2)
)
View Source 
const (
	MinPasswordLength = 6
	MaxPasswordLength = 128
	HOTPTokenDigits   = 6 //number of digits in each token
)

Variables

This section is empty.

Functions

func JoinTokenRole 

func JoinTokenRole(token, role string) (ouputToken string, e error)

func SplitTokenRole 

func SplitTokenRole(outputToken string) (token, role string, e error)

Types

type AuthorizedKey 

type AuthorizedKey struct {
	ID    string `json:"id"`
	Value []byte `json:"value"`
}

type BkKeysService 

type BkKeysService struct {
	*encryptedbk.ReplicatedBackend
}

func NewBkKeysService 

func NewBkKeysService(backend *encryptedbk.ReplicatedBackend) *BkKeysService

type CAService 

type CAService struct {
	// contains filtered or unexported fields
}

func NewCAService 

func NewCAService(backend backend.Backend) *CAService

func (*CAService) DeleteRemoteCertificate 

func (s *CAService) DeleteRemoteCertificate(certType, domainName, id string) error

func (*CAService) GetHostCertificateAuthority 

func (s *CAService) GetHostCertificateAuthority() (*CertificateAuthority, error)

GetHostCertificateAuthority returns the host certificate authority certificate

func (*CAService) GetHostPrivateCertificateAuthority 

func (s *CAService) GetHostPrivateCertificateAuthority() (*LocalCertificateAuthority, error)

GetHostPrivateCertificateAuthority returns private, public key and certificate for host CA

func (*CAService) GetRemoteCertificates 

func (s *CAService) GetRemoteCertificates(certType string,
	domainName string) ([]CertificateAuthority, error)

GetRemoteCertificates returns remote certificates with given type and domain. If domainName is empty, it returns all certificates with given type

func (*CAService) GetTrustedCertificates 

func (s *CAService) GetTrustedCertificates(certType string) ([]CertificateAuthority, error)

func (*CAService) GetUserCertificateAuthority 

func (s *CAService) GetUserCertificateAuthority() (*CertificateAuthority, error)

GetUserCertificateAuthority returns the user certificate authority public key

func (*CAService) GetUserPrivateCertificateAuthority 

func (s *CAService) GetUserPrivateCertificateAuthority() (*LocalCertificateAuthority, error)

GetCertificateAuthority returns private, public key and certificate for user CertificateAuthority

func (*CAService) UpsertHostCertificateAuthority 

func (s *CAService) UpsertHostCertificateAuthority(ca LocalCertificateAuthority) error

UpsertHostCertificateAuthority upserts host certificate authority keys in OpenSSH authorized_keys format

func (*CAService) UpsertRemoteCertificate 

func (s *CAService) UpsertRemoteCertificate(cert CertificateAuthority, ttl time.Duration) error

func (*CAService) UpsertUserCertificateAuthority 

func (s *CAService) UpsertUserCertificateAuthority(ca LocalCertificateAuthority) error

UpsertUserCertificateAuthority upserts the user certificate authority keys in OpenSSH authorized_keys format

type CertificateAuthority 

type CertificateAuthority struct {
	Type       string `json:"type" yaml:"type"`
	ID         string `json:"id" yaml:"id"`
	DomainName string `json:"domain_name" yaml:"domain_name" env:"domain_name"`
	PublicKey  []byte `json:"public_key" yaml:"public_key" env:"public_key"`
}

type CommandLabel 

type CommandLabel struct {
	Period  time.Duration `json:"period"`
	Command []string      `json:"command"` //["cmd", "arg1", "arg2"]
	Result  string        `json:"result"`
}

func (CommandLabel) MarshalJSON 

func (l CommandLabel) MarshalJSON() ([]byte, error)

func (*CommandLabel) UnmarshalJSON 

func (l *CommandLabel) UnmarshalJSON(value []byte) error

custom JSON formatting for supporting time.Duration format (1h5m3s)

type CommandLabels 

type CommandLabels map[string]CommandLabel

func (*CommandLabels) SetEnv 

func (c *CommandLabels) SetEnv(v string) error

type Event 

type Event int

type LeaderElectionService 

type LeaderElectionService struct {
	// contains filtered or unexported fields
}

func NewLeaderElectionService 

func NewLeaderElectionService(backend backend.Backend, path []string, serverID string) *LeaderElectionService

func (*LeaderElectionService) AcquireMaster 

func (les *LeaderElectionService) AcquireMaster() bool

func (*LeaderElectionService) Disable 

func (les *LeaderElectionService) Disable()

func (*LeaderElectionService) Start 

func (les *LeaderElectionService) Start()

func (*LeaderElectionService) Subscribe 

func (les *LeaderElectionService) Subscribe(c chan Event)

type LocalCertificateAuthority 

type LocalCertificateAuthority struct {
	CertificateAuthority `json:"public"`
	PrivateKey           []byte `json:"private_key"`
}

type LockService 

type LockService struct {
	// contains filtered or unexported fields
}

func NewLockService 

func NewLockService(backend backend.Backend) *LockService

func (*LockService) AcquireLock 

func (s *LockService) AcquireLock(token string, ttl time.Duration) error

Grab a lock that will be released automatically in ttl time

func (*LockService) ReleaseLock 

func (s *LockService) ReleaseLock(token string) error

type PresenceService 

type PresenceService struct {
	// contains filtered or unexported fields
}

func NewPresenceService 

func NewPresenceService(backend backend.Backend) *PresenceService

func (*PresenceService) GetServers 

func (s *PresenceService) GetServers() ([]Server, error)

GetServers returns a list of registered servers

func (*PresenceService) UpsertServer 

func (s *PresenceService) UpsertServer(server Server, ttl time.Duration) error

UpsertServer registers server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

type ProvisionToken 

type ProvisionToken struct {
	DomainName string
	Role       string
}

type ProvisioningService 

type ProvisioningService struct {
	// contains filtered or unexported fields
}

func NewProvisioningService 

func NewProvisioningService(backend backend.Backend) *ProvisioningService

func (*ProvisioningService) DeleteToken 

func (s *ProvisioningService) DeleteToken(token string) error

func (*ProvisioningService) GetToken 

func (s *ProvisioningService) GetToken(token string) (ProvisionToken, error)

func (*ProvisioningService) UpsertToken 

func (s *ProvisioningService) UpsertToken(token, domainName, role string, ttl time.Duration) error

Tokens are provisioning tokens for the auth server

type Server 

type Server struct {
	ID        string                  `json:"id"`
	Addr      string                  `json:"addr"`
	Hostname  string                  `json:"hostname"`
	Labels    map[string]string       `json:"labels"`
	CmdLabels map[string]CommandLabel `json:"cmd_labels"`
}

type ServicesTestSuite 

type ServicesTestSuite struct {
	CAS           *CAService
	LockS         *LockService
	PresenceS     *PresenceService
	ProvisioningS *ProvisioningService
	UserS         *UserService
	WebS          *WebService
	ChangesC      chan interface{}
}

func NewServicesTestSuite 

func NewServicesTestSuite(backend backend.Backend) *ServicesTestSuite

func (ServicesTestSuite) HostCACRUD 

func (s ServicesTestSuite) HostCACRUD(c *C)

func (*ServicesTestSuite) Locking 

func (s *ServicesTestSuite) Locking(c *C)

func (*ServicesTestSuite) PasswordCRUD 

func (s *ServicesTestSuite) PasswordCRUD(c *C)

func (*ServicesTestSuite) PasswordGarbage 

func (s *ServicesTestSuite) PasswordGarbage(c *C)

func (*ServicesTestSuite) PasswordHashCRUD 

func (s *ServicesTestSuite) PasswordHashCRUD(c *C)

func (*ServicesTestSuite) RemoteCertCRUD 

func (s *ServicesTestSuite) RemoteCertCRUD(c *C)

func (*ServicesTestSuite) ServerCRUD 

func (s *ServicesTestSuite) ServerCRUD(c *C)

func (*ServicesTestSuite) TokenCRUD 

func (s *ServicesTestSuite) TokenCRUD(c *C)

func (*ServicesTestSuite) TrustedCertificates 

func (s *ServicesTestSuite) TrustedCertificates(c *C)

func (*ServicesTestSuite) UserCACRUD 

func (s *ServicesTestSuite) UserCACRUD(c *C)

func (*ServicesTestSuite) UserKeyCRUD 

func (s *ServicesTestSuite) UserKeyCRUD(c *C)

func (*ServicesTestSuite) UsersCRUD 

func (s *ServicesTestSuite) UsersCRUD(c *C)

func (*ServicesTestSuite) WebSessionCRUD 

func (s *ServicesTestSuite) WebSessionCRUD(c *C)

func (*ServicesTestSuite) WebTunCRUD 

func (s *ServicesTestSuite) WebTunCRUD(c *C)

type SignupToken 

type SignupToken struct {
	Token           string
	User            string
	Hotp            []byte
	HotpFirstValues []string
	HotpQR          []byte
}

type UserService 

type UserService struct {
	// contains filtered or unexported fields
}

func NewUserService 

func NewUserService(backend backend.Backend) *UserService

func (*UserService) DeleteUser 

func (s *UserService) DeleteUser(user string) error

DeleteUser deletes a user with all the keys from the backend

func (*UserService) DeleteUserKey 

func (s *UserService) DeleteUserKey(user, key string) error

DeleteUserKey deletes user key by given ID

func (*UserService) GetUserKeys 

func (s *UserService) GetUserKeys(user string) ([]AuthorizedKey, error)

GetUserKeys returns a list of authorized keys for a given user in a OpenSSH key authorized_keys format

func (*UserService) GetUsers 

func (s *UserService) GetUsers() ([]string, error)

GetUsers returns a list of users registered in the backend

func (*UserService) UpsertUserKey 

func (s *UserService) UpsertUserKey(user string, key AuthorizedKey,
	ttl time.Duration) error

Upsert Public key in OpenSSH authorized Key format user is a user name, keyID is a unique IDentifier for the key in case if ttl is 0, the key will be upserted permanently, otherwise it will expire in ttl seconds

type WebService 

type WebService struct {
	SignupMutex *sync.Mutex
	// contains filtered or unexported fields
}

func NewWebService 

func NewWebService(backend backend.Backend) *WebService

func (*WebService) CheckPassword 

func (s *WebService) CheckPassword(user string, password []byte, hotpToken string) error

func (*WebService) CheckPasswordWOToken 

func (s *WebService) CheckPasswordWOToken(user string, password []byte) error

TO DO: not very good

func (*WebService) DeleteSignupToken 

func (s *WebService) DeleteSignupToken(token string) error

func (*WebService) DeleteWebSession 

func (s *WebService) DeleteWebSession(user, sid string) error

DeleteWebSession

func (*WebService) DeleteWebTun 

func (s *WebService) DeleteWebTun(prefix string) error

func (*WebService) GetHOTP 

func (s *WebService) GetHOTP(user string) (*hotp.HOTP, error)

func (*WebService) GetPasswordHash 

func (s *WebService) GetPasswordHash(user string) ([]byte, error)

GetPasswordHash returns the password hash for a given user

func (*WebService) GetSignupToken 

func (s *WebService) GetSignupToken(token string) (tokenData SignupToken,
	ttl time.Duration, e error)

func (*WebService) GetWebSession 

func (s *WebService) GetWebSession(user, sid string) (*WebSession, error)

GetWebSession

func (*WebService) GetWebSessionsKeys 

func (s *WebService) GetWebSessionsKeys(user string) ([]AuthorizedKey, error)

GetWebSessionsKeys

func (*WebService) GetWebTun 

func (s *WebService) GetWebTun(prefix string) (*WebTun, error)

func (*WebService) GetWebTuns 

func (s *WebService) GetWebTuns() ([]WebTun, error)

func (*WebService) UpsertHOTP 

func (s *WebService) UpsertHOTP(user string, otp *hotp.HOTP) error

func (*WebService) UpsertPassword 

func (s *WebService) UpsertPassword(user string,
	password []byte) (hotpURL string, hotpQR []byte, err error)

func (*WebService) UpsertPasswordHash 

func (s *WebService) UpsertPasswordHash(user string, hash []byte) error

UpsertPasswordHash upserts user password hash

func (*WebService) UpsertSignupToken 

func (s *WebService) UpsertSignupToken(token string, tokenData SignupToken, ttl time.Duration) error

func (*WebService) UpsertWebSession 

func (s *WebService) UpsertWebSession(user, sid string,
	session WebSession, ttl time.Duration) error

UpsertSession

func (*WebService) UpsertWebTun 

func (s *WebService) UpsertWebTun(tun WebTun, ttl time.Duration) error

type WebSession 

type WebSession struct {
	Pub  []byte `json:"pub"`
	Priv []byte `json:"priv"`
}

type WebTun 

type WebTun struct {
	// Prefix is a domain prefix that will be used
	// to serve this tunnel
	Prefix string `json:"prefix"`
	// ProxyAddr is the address of the SSH server
	// that will be acting as a SSH proxy
	ProxyAddr string `json:"proxy"`
	// TargetAddr is the target http address of the server
	TargetAddr string `json:"target"`
}

WebTun is a web tunnel, the SSH tunnel created by the SSH server to a remote web server

func NewWebTun 

func NewWebTun(prefix, proxyAddr, targetAddr string) (*WebTun, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.