Documentation ¶
Overview ¶
Package model implements an access definition model for SSH authentication.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrShortPath is returned when trying to clean up a directory structure that is not deep enough. ErrShortPath = errors.New("refusing to operate on a short path") // ErrBaseDir is returned if the baseDir is wrongly configured. ErrBaseDir = errors.New("baseDir must be the prefix of perKeyDir and perUserDir") )
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action struct { // User is the system username to which to grant access. User SystemUserName `yaml:"User"` // Expire enforced expiration of authenticated ssh keys. Expire time.Duration `yaml:"Expire"` // Push determines if keys for this role are deployed to the servers proactively. Push bool `yaml:"Push"` // Options contains a list of ssh-authorized-keys options. Options string `yaml:"Options"` // contains filtered or unexported fields }
Action describes an activity on a server.
func (*Action) UnmarshalYAML ¶
UnmarshalYAML parses an Action from YAML.
type ConfigRow ¶
type ConfigRow struct { // Push determines if keys for this role are deployed to the servers proactively. Push bool // Server is the name of the server. Server ServerName // User is the organization user/person with access. User UserName // SystemUser is the user on the system. SystemUser SystemUserName // Expire enforces expiration of authenticated keys. Expire time.Duration // Options are ssh-authorized-keys options to apply. Options string // contains filtered or unexported fields }
ConfigRow contains one access description.
type LastAuthTime ¶
LastAuthTime can be used to look up the user's last authentication moment to determine expiration times.
type Persistence ¶
type Persistence struct { ModelFile string // File containing the model. KeyFile string // File containing delegation key and private key. UserDir string // Directory containing one file per user which in turn contains one ssh-key per line. BaseDir string // Directory in which to write publicly accessible output. AuthTime LastAuthTime `json:"-"` // contains filtered or unexported fields }
Persistence is the model persistence layer.
func (*Persistence) CompileAndStore ¶
func (persistence *Persistence) CompileAndStore() ([]string, error)
CompileAndStore model and store to files.
func (*Persistence) Update ¶
func (persistence *Persistence) Update() ([]string, error)
Update keys only from compiled model.
type Role ¶
type Role struct { Actions []ActionName // contains filtered or unexported fields }
Role specifies a list of actions assigned to a user.
func (*Role) UnmarshalYAML ¶
UnmarshalYAML parses YAML into Role.
type RoleName ¶
type RoleName string
RoleName is a role that refers to a collection of available actions.
type Server ¶
type Server struct { // Actions are actions that are available on the server. Actions []ActionName // contains filtered or unexported fields }
Server is a server within the authenticated domain.
func (*Server) UnmarshalYAML ¶
UnmarshalYAML parses YAML into Server.
type ServerMatch ¶
type ServerMatch string
ServerMatch is a glob pattern to match one or more servers.
type SystemACL ¶
type SystemACL struct { Servers map[ServerName]*Server `yaml:"Servers"` Actions map[ActionName]*Action `yaml:"Actions"` Users map[UserName]*User `yaml:"Users"` Roles map[RoleName]map[ServerMatch]*Role `yaml:"Roles"` }
SystemACL is the model from which to generate permission rows.
type TimeList ¶
TimeList is a list of time values.
type User ¶
type User struct { // NotAfter prevents authentication of the user after a date. NotAfter time.Time `yaml:"NotAfter"` // Expire enforces expiration for authenticated keys. Expire time.Duration `yaml:"Expire"` Roles []RoleName `yaml:"Roles"` // contains filtered or unexported fields }
User is an organization user/person.
func (*User) UnmarshalYAML ¶
UnmarshalYAML parses YAML into User.