cmd

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2019 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const DOCKER = "/usr/bin/docker"

Docker binary

Variables

View Source 
var AuthorizedKeys = cli.Command{
	Name:      "authorized-keys",
	Usage:     "List AWS IAM user registered SSH public keys.",
	ArgsUsage: "username",
	Action:    getAuthorizedKeysForUser,
	Aliases:   []string{"authorized_keys"},
	Flags: []cli.Flag{
		cli.StringSliceFlag{
			Name:  "allowed-group",
			Usage: "AWS IAM group allowed to SSH. Can be provided multiple times. (defaults to bastrd)",
		},
	},
}
View Source 
var PAM = cli.Command{
	Name:   "pam",
	Usage:  "Authenticate an user against an IAM role. This command is designed to be called by PAM pam_exec module.",
	Action: pamMain,
	Flags: []cli.Flag{
		cli.DurationFlag{
			Name:  "duration",
			Usage: "Session duration.",
			Value: 3 * time.Hour,
		},
		cli.StringFlag{
			Name:   "username",
			Usage:  "AWS IAM username.",
			EnvVar: "PAM_USER",
		},
		cli.BoolFlag{
			Name:  "skip-credential-update",
			Usage: "Skip session credential update.",
		},
	},
}
View Source 
var Proxy = cli.Command{
	Name:   "proxy",
	Usage:  "AWS IAM authenticated HTTP proxy.",
	Action: proxyMain,
	Flags: []cli.Flag{
		cli.StringSliceFlag{
			Name:  "allowed-group",
			Usage: "AWS IAM group allowed to access upstream. Can be provided multiple times. (defaults to empty, which allows all)",
		},
		cli.DurationFlag{
			Name:  "group-cache-period",
			Usage: "Duration of the allowed group cache.",
			Value: 5 * time.Minute,
		},
		cli.StringFlag{
			Name:   "bind",
			Usage:  "Address to listen for HTTP requests.",
			EnvVar: "BIND",
			Value:  "0.0.0.0:8080",
		},
		cli.StringFlag{
			Name:   "secret-key",
			Usage:  "Cookie/JWT secret key.",
			EnvVar: "SECRET_KEY",
		},
		cli.StringFlag{
			Name:   "session-cookie-name",
			Usage:  "Cookie/JWT secret key.",
			EnvVar: "SESSION_COOKIE_NAME",
			Value:  "sessionToken",
		},
		cli.StringFlag{
			Name:   "upstream",
			Usage:  "Upstream URL, may include path.",
			EnvVar: "UPSTREAM_URL",
		},
	},
}
View Source 
var Sync = cli.Command{
	Name:    "sync",
	Usage:   "Sync AWS IAM users.",
	Action:  syncMain,
	Aliases: []string{"sync-users", "sync_users"},
	Flags: []cli.Flag{
		cli.StringSliceFlag{
			Name:  "additional-group",
			Usage: "System user additional group. Can be specified multiple times. (Defaults to docker)",
			Value: &defaultAdditionalGroups,
		},
		cli.BoolFlag{
			Name:  "disable-sandbox",
			Usage: "Disable users sandboxed sessions.",
		},
		cli.StringSliceFlag{
			Name:  "group",
			Usage: "AWS IAM group name to be synced. Can be specified multiple times. ATTENTION: Make sure these groups names don't conflict with existent system groups.",
		},
		cli.DurationFlag{
			Name:  "interval",
			Usage: "Time interval between sync loops.",
		},
	},
}
View Source 
var Toolbox = cli.Command{
	Name:    "toolbox",
	Usage:   "Validates MFA and open a new authenticated toolbox session.",
	Action:  toolboxSessionMain,
	Aliases: []string{"session"},
	Flags: []cli.Flag{
		cli.StringFlag{
			Name:  "c",
			Usage: "SSH command arguments.",
		},
		cli.Int64Flag{
			Name:  "duration",
			Usage: "Session credentials duration, in hours.",
			Value: 4,
		},
		cli.StringFlag{
			Name:  "image",
			Usage: "Sandbox container image.",
			Value: "docker.io/rochacon/bastrd-toolbox:latest",
		},
		cli.StringFlag{
			Name:  "token",
			Usage: "AWS IAM MFA token.",
		},
		cli.StringFlag{
			Name:  "username",
			Usage: "AWS IAM username for the sessioned.",
		},
	},
}

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.