config

package

v0.4.7 Latest Latest Go to latest Published: Jun 15, 2019 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/benbentwo/blessclient

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Bastion
type ClientConfig
type Config
- func DefaultConfig() (*Config, error)
- func FromFile(file string) (*Config, error)
type Duration
- func (d Duration) AsDuration() time.Duration
type Honeycomb
type Host
type LambdaConfig
type OktaConfig
type Region
type SSHConfig
- func (s *SSHConfig) String() (string, error)
type SSHExecCommand
- func (ec *SSHExecCommand) String() string
type Telemetry

Constants ¶

View Source

const (
	// DefaultConfigFile is the default file where blessclient will look for its config
	DefaultConfigFile = "~/.blessclient/config.yml"

	// DefaultSSHPrivateKey is a path to where users usually keep an ssh key
	DefaultSSHPrivateKey = "~/.ssh/id_ed25519"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Bastion ¶

type Bastion struct {
	Host `yaml:",inline"`

	Hosts          []Host          `yaml:"hosts"`
	IdentityFile   string          `yaml:"identity_file"`
	User           string          `yaml:"user"`
	SSHExecCommand *SSHExecCommand `yaml:"ssh_exec_command,omitempty"`
}

Bastion is an internet accessibly server used to "jump" to other servers

type ClientConfig ¶

type ClientConfig struct {
	// ConfigFile is the path to blessclient config file
	ConfigFile string

	// AWSUserProfile is an aws profile that references a user (not a role)
	// leaving this empty typically means use `default` profile
	AWSUserProfile string ` yaml:"aws_user_profile"`
	// AWSUserName is your AWS username
	AWSUserName *string ` yaml:"aws_username,omitempty"`

	// Path to your ssh private key
	SSHPrivateKey  string `yaml:"ssh_private_key"`
	UpdateSSHAgent bool   `yaml:"update_ssh_agent"`

	// cert related
	CertLifetime Duration `yaml:"cert_lifetime,inline"`
	// ask bless to sign for these remote users
	RemoteUsers []string `yaml:"remote_users"`
	// bless calls these bastion ips - your source ip. 0.0.0.0/0 is all
	BastionIPS []string `yaml:"bastion_ips"`
	// ask bless to validate existing certs against the remote users
	// the default is true.
	SkipPrincipalValidation bool `yaml:"skip_principal_validation"`
}

ClientConfig is the client config

type Config ¶

type Config struct {
	// Version versions this config
	Version int `yaml:"version"`

	// ClientConfig is config for blessclient
	ClientConfig ClientConfig `yaml:"client_config"`
	// LambdaConfig holds configuration around the bless lambda
	LambdaConfig LambdaConfig `yaml:"lambda_config"`
	// OktaConfig holds configuration around aws-okta settings
	OktaConfig *OktaConfig `yaml:"okta_config,omitempty"`
	// For convenience, you can bundle an ~/.ssh/config template here
	SSHConfig *SSHConfig `yaml:"ssh_config,omitempty"`

	// Telemetry does telemetry
	Telemetry Telemetry `yaml:"telemetry,omitempty"`
}

Config is a blessclient config

func DefaultConfig ¶

func DefaultConfig() (*Config, error)

DefaultConfig generates a config with some defaults

func FromFile ¶

func FromFile(file string) (*Config, error)

FromFile reads the config from file

func (*Config) GetAWSOktaKeyringBackend ¶ added in v0.4.3

func (c *Config) GetAWSOktaKeyringBackend() []keyring.BackendType

GetAWSOktaKeyringBackend gets the keyring backends to be used to store AWS Okta credentials. Defaults to an empty list which will select a keyring backend based on OS.

func (*Config) GetAWSUsername ¶ added in v0.2.5

func (c *Config) GetAWSUsername(ctx context.Context, awsClient *cziAWS.Client) (string, error)

GetAWSUsername gets the caller's aws username for kmsauth

func (*Config) GetKMSAuthCachePath ¶ added in v0.0.6

func (c *Config) GetKMSAuthCachePath(region string) (string, error)

GetKMSAuthCachePath gets a path to kmsauth cache file kmsauth is regional

func (*Config) GetOktaMFAConfig ¶ added in v0.4.0

func (c *Config) GetOktaMFAConfig() awsokta.MFAConfig

GetOktaMFAConfig gets the user's designated MFA device, defaulting to "phone1" (phone-based MFA) via Duo.

func (*Config) GetRemoteUsers ¶ added in v0.3.3

func (c *Config) GetRemoteUsers(username string) []string

GetRemoteUsers gets the list of remote usernames, defaulting to the provided username if the list of configured remote users is empty.

func (*Config) Persist ¶

func (c *Config) Persist() error

Persist persists a config to disk

func (*Config) SetAWSUsernameIfMissing ¶ added in v0.2.5

func (c *Config) SetAWSUsernameIfMissing(ctx context.Context, awsClient *cziAWS.Client) error

SetAWSUsernameIfMissing queries AWS for the username and sets it in the config if missing

type Duration ¶

type Duration struct {
	time.Duration
}

Duration is a wrapper around Duration to marshal/unmarshal

func (Duration) AsDuration ¶

func (d Duration) AsDuration() time.Duration

AsDuration returns as duration

type Honeycomb ¶ added in v0.2.0

type Honeycomb struct {
	WriteKey string `yaml:"write_key,omitempty"`
	Dataset  string `yaml:"dataset,omitempty"`
	// SecretManagerARN is a secret that holds the honeycomb write key
	SecretManagerARN string `yaml:"secret_manager_arn,omitempty"`
}

Honeycomb telemetry configuration

type Host ¶

type Host struct {
	Pattern string `yaml:"pattern"`
}

Host represents a Host block in an ssh config

type LambdaConfig ¶

type LambdaConfig struct {
	// RoleARN used to assume and invoke bless lambda
	RoleARN *string `yaml:"role_arn,omitempty"`
	// Bless lambda function name
	FunctionName string `yaml:"function_name"`
	// Bless lambda function version (lambda alias or version qualifier)
	FunctionVersion *string `yaml:"function_version,omitempty"`
	// bless lambda regions
	Regions []Region `yaml:"regions,omitempty"`
}

LambdaConfig is the lambda config

type OktaConfig ¶ added in v0.3.4

type OktaConfig struct {
	Domain         string  `yaml:"domain"`
	Organization   string  `yaml:"organization"`
	Profile        string  `yaml:"profile"`
	KeyringKeyID   *string `yaml:"keyring_key_id,omitempty"`
	MFAProvider    *string `yaml:"mfa_provider,omitempty"`
	MFAFactorType  *string `yaml:"mfa_factor_type,omitempty"`
	DuoDevice      *string `yaml:"duo_device,omitempty"`
	KeyringBackend *string `yaml:"keyring_backend,omitempty"`
}

OktaConfig is the Okta config

type Region ¶

type Region struct {
	// name of the aws region (us-west-2)
	AWSRegion string `yaml:"aws_region"`
	// region specific kms key id (not arn) of the key used for kmsauth
	KMSAuthKeyID string `yaml:"kms_auth_key_id"`
}

Region is an aws region that contains an aws lambda

type SSHConfig ¶

type SSHConfig struct {
	Bastions []Bastion `yaml:"bastions"`
}

SSHConfig is an SSH config We make some assumptions here around the structure of the machines A bastion is internet accessible and can be used to reach other machines

func (*SSHConfig) String ¶

func (s *SSHConfig) String() (string, error)

String generates the ssh config string

type SSHExecCommand ¶ added in v0.4.1

type SSHExecCommand string

SSHExecCommand is a command to execute on successful ssh match

func (*SSHExecCommand) String ¶ added in v0.4.1

func (ec *SSHExecCommand) String() string

String gets the value of this exec command

type Telemetry ¶ added in v0.2.0

type Telemetry struct {
	Honeycomb *Honeycomb `yaml:"honeycomb,omitempty"`
}

Telemetry to track adoption, performance, errors

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL