identityfile

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 27 Imported by: 0

Documentation

Overview

Package identityfile handles formatting and parsing of identity files.

Index

Constants

This section is empty.

Variables

View Source 
var KnownFileFormats = FormatList{
	FormatFile, FormatOpenSSH, FormatTLS, FormatKubernetes, FormatDatabase, FormatWindows,
	FormatMongo, FormatCockroach, FormatRedis, FormatSnowflake, FormatElasticsearch, FormatCassandra, FormatScylla,
	FormatOracle,
}

KnownFileFormats is a list of all above formats.

Functions

func KeyFromIdentityFile 

func KeyFromIdentityFile(identityPath, proxyHost, clusterName string) (*client.Key, error)

KeyFromIdentityFile loads client key from identity file.

func NewClientStoreFromIdentityFile 

func NewClientStoreFromIdentityFile(identityFile, proxyAddr, clusterName string) (*client.Store, error)

NewClientStoreFromIdentityFile initializes a new in-memory client store and loads data from the given identity file into it. A temporary profile is also added to its profile store with the limited profile data available in the identity file.

Use [proxyAddr] to specify the host:port-like address of the proxy. This is necessary because identity files do not store the proxy address. Additionally, the [clusterName] argument can ve used to target a leaf cluster rather than the default root cluster.

func Write 

func Write(ctx context.Context, cfg WriteConfig) (filesWritten []string, err error)

Write writes user credentials to disk in a specified format. It returns the names of the files successfully written.

Types

type ConfigWriter 

type ConfigWriter interface {
	// WriteFile writes the given data to path `name`, using the specified
	// permissions if the file is new.
	WriteFile(name string, data []byte, perm os.FileMode) error

	// ReadFile reads the file at tpath `name`
	ReadFile(name string) ([]byte, error)

	// Remove removes a file.
	Remove(name string) error

	// Stat fetches information about a file.
	Stat(name string) (fs.FileInfo, error)
}

ConfigWriter is a simple filesystem abstraction to allow alternative simple read/write for this package.

type Format 

type Format string

Format describes possible file formats how a user identity can be stored. 

const (
	// FormatFile is when a key + cert are stored concatenated into a single file
	FormatFile Format = "file"

	// FormatOpenSSH is OpenSSH-compatible format, when a key and a cert are stored in
	// two different files (in the same directory)
	FormatOpenSSH Format = "openssh"

	// FormatTLS is a standard TLS format used by common TLS clients (e.g. gRPC) where
	// certificate and key are stored in separate files.
	FormatTLS Format = "tls"

	// FormatKubernetes is a standard Kubernetes format, with all credentials
	// stored in a "kubeconfig" file.
	FormatKubernetes Format = "kubernetes"

	// FormatDatabase produces CA and key pair suitable for configuring a
	// database instance for mutual TLS.
	FormatDatabase Format = "db"

	// FormatWindows produces a certificate suitable for logging
	// in to Windows via Active Directory.
	FormatWindows = "windows"

	// FormatMongo produces CA and key pair in the format suitable for
	// configuring a MongoDB database for mutual TLS authentication.
	FormatMongo Format = "mongodb"

	// FormatCockroach produces CA and key pair in the format suitable for
	// configuring a CockroachDB database for mutual TLS.
	FormatCockroach Format = "cockroachdb"

	// FormatRedis produces CA and key pair in the format suitable for
	// configuring a Redis database for mutual TLS.
	FormatRedis Format = "redis"

	// FormatSnowflake produces public key in the format suitable for
	// configuration Snowflake JWT access.
	FormatSnowflake Format = "snowflake"
	// FormatCassandra produces CA and key pair in the format suitable for
	// configuring a Cassandra database for mutual TLS.
	FormatCassandra Format = "cassandra"
	// FormatScylla produces CA and key pair in the format suitable for
	// configuring a Scylla database for mutual TLS.
	FormatScylla Format = "scylla"

	// FormatElasticsearch produces CA and key pair in the format suitable for
	// configuring Elasticsearch for mutual TLS authentication.
	FormatElasticsearch Format = "elasticsearch"

	// DefaultFormat is what Teleport uses by default
	DefaultFormat = FormatFile

	// FormatOracle produces CA and ke pair in the Oracle wallet format.
	// The execution depend on Orapki binary and if this binary is not found
	// Teleport will print intermediate steps how to convert Teleport certs
	// to Oracle wallet on Oracle Server instance.
	FormatOracle Format = "oracle"
)

type FormatList 

type FormatList []Format

FormatList is a list of all possible FormatList.

func (FormatList) String 

func (f FormatList) String() string

String returns human-readable version of FormatList, ex: file, openssh, tls, kubernetes

type InMemoryConfigWriter 

type InMemoryConfigWriter struct {
	// contains filtered or unexported fields
}

InMemoryConfigWriter is a basic virtual file system abstraction that writes into memory 

instead of writing to a more persistent storage.

func NewInMemoryConfigWriter 

func NewInMemoryConfigWriter(options ...InMemoryConfigWriterOption) *InMemoryConfigWriter

NewInMemoryConfigWriter creates a new virtual file system It stores the files contents and their properties in memory

func (*InMemoryConfigWriter) Open 

func (m *InMemoryConfigWriter) Open(name string) (fs.File, error)

Open is not implemented but exists here to satisfy the io/fs. interface.

func (*InMemoryConfigWriter) ReadFile 

func (m *InMemoryConfigWriter) ReadFile(name string) ([]byte, error)

ReadFile returns the file contents. Returns fs.ErrNotExists if the file is not present

func (*InMemoryConfigWriter) Remove 

func (m *InMemoryConfigWriter) Remove(name string) error

Remove the file. If the file does not exist, Remove is a no-op

func (*InMemoryConfigWriter) Stat 

func (m *InMemoryConfigWriter) Stat(name string) (fs.FileInfo, error)

Stat returns the FileInfo of the given file. Returns fs.ErrNotExists if the file is not present

func (*InMemoryConfigWriter) WithReadonlyFiles 

func (m *InMemoryConfigWriter) WithReadonlyFiles(fn func(InMemoryFS) error) error

func (*InMemoryConfigWriter) WriteFile 

func (m *InMemoryConfigWriter) WriteFile(name string, data []byte, perm os.FileMode) error

WriteFile writes the given data to path `name` It replaces the file if it already exists

type InMemoryConfigWriterOption 

type InMemoryConfigWriterOption func(*InMemoryConfigWriter)

func WithClock 

func WithClock(clock clockwork.Clock) InMemoryConfigWriterOption

type InMemoryFS 

type InMemoryFS map[string]*utils.InMemoryFile

type StandardConfigWriter 

type StandardConfigWriter struct{}

StandardConfigWriter is a trivial ConfigWriter that wraps the relevant `os` functions.

func (*StandardConfigWriter) ReadFile 

func (s *StandardConfigWriter) ReadFile(name string) ([]byte, error)

ReadFile reads the file at tpath `name`, returning

func (*StandardConfigWriter) Remove 

func (s *StandardConfigWriter) Remove(name string) error

Remove removes the named file or (empty) directory. If there is an error, it will be of type *PathError.

func (*StandardConfigWriter) Stat 

func (s *StandardConfigWriter) Stat(name string) (fs.FileInfo, error)

Stat returns a FileInfo describing the named file. If there is an error, it will be of type *PathError.

func (*StandardConfigWriter) WriteFile 

func (s *StandardConfigWriter) WriteFile(name string, data []byte, perm os.FileMode) error

WriteFile writes data to the named file, creating it if necessary.

type WriteConfig 

type WriteConfig struct {
	// OutputPath is the output path for the identity file. Note that some
	// formats (like FormatOpenSSH and FormatTLS) write multiple output files
	// and use OutputPath as a prefix.
	OutputPath string
	// Key contains the credentials to write to the identity file.
	Key *client.Key
	// Format is the output format for the identity file.
	Format Format
	// KubeProxyAddr is the public address of the proxy with its kubernetes
	// port. KubeProxyAddr is only used when Format is FormatKubernetes.
	KubeProxyAddr string
	// KubeClusterName is the Kubernetes Cluster name.
	// KubeClusterName is only used when Format is FormatKubernetes.
	KubeClusterName string
	// KubeTLSServerName is the SNI host value passed to the server.
	KubeTLSServerName string
	// KubeStoreAllCAs stores the CAs of all clusters in kubeconfig, instead
	// of just the root cluster's CA.
	KubeStoreAllCAs bool
	// OverwriteDestination forces all existing destination files to be
	// overwritten. When false, user will be prompted for confirmation of
	// overwrite first.
	OverwriteDestination bool
	// Writer is the filesystem implementation.
	Writer ConfigWriter
	// Password is the password for the JKS keystore used by Cassandra format and Oracle wallet.
	Password string
	// AdditionalCACerts contains additional CA certs, used by Cockroach format
	// to distinguish DB Server CA certs from DB Client CA certs.
	AdditionalCACerts [][]byte
}

WriteConfig holds the necessary information to write an identity file.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.