Documentation
¶
Overview ¶
Package model implements an access definition model for SSH authentication.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrShortPath is returned when trying to clean up a directory structure that is not deep enough. ErrShortPath = errors.New("refusing to operate on a short path") // ErrBaseDir is returned if the baseDir is wrongly configured. ErrBaseDir = errors.New("baseDir must be the prefix of perKeyDir and perUserDir") )
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action struct {
// User is the system username to which to grant access.
User SystemUserName `yaml:"User"`
// Expire enforced expiration of authenticated ssh keys.
Expire time.Duration `yaml:"Expire"`
// Push determines if keys for this role are deployed to the servers proactively.
Push bool `yaml:"Push"`
// Options contains a list of ssh-authorized-keys options.
Options string `yaml:"Options"`
// contains filtered or unexported fields
}
Action describes an activity on a server.
func (*Action) UnmarshalYAML ¶
UnmarshalYAML parses an Action from YAML.
type ConfigRow ¶
type ConfigRow struct {
// Push determines if keys for this role are deployed to the servers proactively.
Push bool
// Server is the name of the server.
Server ServerName
// User is the organization user/person with access.
User UserName
// SystemUser is the user on the system.
SystemUser SystemUserName
// Expire enforces expiration of authenticated keys.
Expire time.Duration
// Options are ssh-authorized-keys options to apply.
Options string
// contains filtered or unexported fields
}
ConfigRow contains one access description.
type LastAuthTime ¶
LastAuthTime can be used to look up the user's last authentication moment to determine expiration times.
type Persistence ¶
type Persistence struct {
ModelFile string // File containing the model.
KeyFile string // File containing delegation key and private key.
UserDir string // Directory containing one file per user which in turn contains one ssh-key per line.
BaseDir string // Directory in which to write publicly accessible output.
AuthTime LastAuthTime `json:"-"`
// contains filtered or unexported fields
}
Persistence is the model persistence layer.
func (*Persistence) CompileAndStore ¶
func (persistence *Persistence) CompileAndStore() ([]string, error)
CompileAndStore model and store to files.
func (*Persistence) Update ¶
func (persistence *Persistence) Update() ([]string, error)
Update keys only from compiled model.
type Role ¶
type Role struct {
Actions []ActionName
// contains filtered or unexported fields
}
Role specifies a list of actions assigned to a user.
func (*Role) UnmarshalYAML ¶
UnmarshalYAML parses YAML into Role.
type RoleName ¶
type RoleName string
RoleName is a role that refers to a collection of available actions.
type Server ¶
type Server struct {
// Actions are actions that are available on the server.
Actions []ActionName
// contains filtered or unexported fields
}
Server is a server within the authenticated domain.
func (*Server) UnmarshalYAML ¶
UnmarshalYAML parses YAML into Server.
type ServerMatch ¶
type ServerMatch string
ServerMatch is a glob pattern to match one or more servers.
type SystemACL ¶
type SystemACL struct {
Servers map[ServerName]*Server `yaml:"Servers"`
Actions map[ActionName]*Action `yaml:"Actions"`
Users map[UserName]*User `yaml:"Users"`
Roles map[RoleName]map[ServerMatch]*Role `yaml:"Roles"`
}
SystemACL is the model from which to generate permission rows.
type TimeList ¶
TimeList is a list of time values.
type User ¶
type User struct {
// NotAfter prevents authentication of the user after a date.
NotAfter time.Time `yaml:"NotAfter"`
// Expire enforces expiration for authenticated keys.
Expire time.Duration `yaml:"Expire"`
Roles []RoleName `yaml:"Roles"`
// contains filtered or unexported fields
}
User is an organization user/person.
func (*User) UnmarshalYAML ¶
UnmarshalYAML parses YAML into User.
Source Files