Documentation ¶
Index ¶
- Constants
- type Client
- func (c *Client) AuthorityPublicKey(ctx context.Context) (sshx.PublicKey, error)
- func (c *Client) Health(ctx context.Context) (string, string, error)
- func (c *Client) KeyRevocationList(ctx context.Context) (*krl.KRL, error)
- func (c *Client) Ping(ctx context.Context) error
- func (c *Client) SessionAdmin(opts ...SessionAdminOption) *SessionAdmin
- func (c *Client) SessionUser(username Username, opts ...SessionUserOption) *SessionUser
- type ClientOption
- type KeyState
- type Principal
- type Principals
- type SessionAdmin
- type SessionAdminOption
- type SessionAdminUser
- type SessionAdminUserKey
- type SessionAdminUserPrincipals
- func (s *SessionAdminUserPrincipals) Add(ctx context.Context, principal Principal, principals ...Principal) error
- func (s *SessionAdminUserPrincipals) Remove(ctx context.Context, principal Principal, principals ...Principal) error
- func (s *SessionAdminUserPrincipals) Reset(ctx context.Context) error
- func (s *SessionAdminUserPrincipals) Set(ctx context.Context, principal Principal, principals ...Principal) error
- type SessionAuth
- type SessionUser
- type SessionUserKey
- type SessionUserKeySignOption
- type SessionUserOption
- type UserStatus
- type Username
Constants ¶
const ErrInsufficientPrivileges = sentinelError("insufficient privileges")
ErrInsufficientPrivileges is returned when the privileges provided to the CASSH server are not sufficient to execute the request successfully.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client stores useful attributes to talk to the CASSH server.
func NewClient ¶
func NewClient(serverAddress string, opts ...ClientOption) (*Client, error)
NewClient creates a new CASSH client to be used to contact the server. Warning: server send time without timezone so some tweaking may be needed to interpret the right time if server and client timezone are not configured the same. By default, time is interpreted with UTC timezone, to change it provide the appropriate timezone using ClientOptionServerTimezone.
func (*Client) AuthorityPublicKey ¶
AuthorityPublicKey return the CASSH server public key of the key used to sign certificate.
func (*Client) KeyRevocationList ¶
KeyRevocationList return the list of keys revoked by the CASSH server.
func (*Client) SessionAdmin ¶
func (c *Client) SessionAdmin(opts ...SessionAdminOption) *SessionAdmin
SessionAdmin exposes all admin related methods.
func (*Client) SessionUser ¶
func (c *Client) SessionUser(username Username, opts ...SessionUserOption) *SessionUser
SessionUser exposes all user related methods.
type ClientOption ¶
type ClientOption func(o *clientOptions)
ClientOption defines the signature of all options usable on NewClient.
func ClientOptionHTTPClient ¶
func ClientOptionHTTPClient(httpDoer httpclient.Doer) ClientOption
ClientOptionHTTPClient sets the http client used on each request made to the CASSH server.
func ClientOptionHTTPHeader ¶
func ClientOptionHTTPHeader(httpDefaultHeaders http.Header) ClientOption
ClientOptionHTTPHeader sets some headers used by default on all http requests.
func ClientOptionServerTimezone ¶
func ClientOptionServerTimezone(serverTimezone *time.Location) ClientOption
ClientOptionServerTimezone sets the timezone of the CASSH server for time response to be received correctly.
func ClientOptionTolerateInsecureProtocols ¶
func ClientOptionTolerateInsecureProtocols() ClientOption
ClientOptionTolerateInsecureProtocols allows the CASSH server to be join using http instead of https.
type KeyState ¶
type KeyState string
KeyState defines the different states a user key can be in.
const ( // KeyStateActive means the key is usable on the CASSH server. KeyStateActive KeyState = "ACTIVE" // KeyStateRevoked means the key has been revoked by the CASSH server and cannot be used anymore. KeyStateRevoked KeyState = "REVOKED" // KeyStatePending means the key has not been signed yet by a CASSH server admin and cannot be used yet. KeyStatePending KeyState = "PENDING" )
type SessionAdmin ¶
type SessionAdmin struct {
// contains filtered or unexported fields
}
SessionAdmin stores attributes useful to make admin related requests to the CASSH server.
func (*SessionAdmin) CheckAuthentication ¶
func (s *SessionAdmin) CheckAuthentication(ctx context.Context) error
CheckAuthentication checks whenever the provided admin authentication mechanism is valid and authorized.
func (*SessionAdmin) User ¶
func (s *SessionAdmin) User(username Username) *SessionAdminUser
User sets the user on which further commands will be applied.
type SessionAdminOption ¶
type SessionAdminOption func(o *sessionAdminOptions)
SessionAdminOption defines the signature of all options usable on SessionAdmin.
func SessionAdminOptionAuthenticationMechanismLDAP ¶
func SessionAdminOptionAuthenticationMechanismLDAP(ldapName, ldapPassword string) SessionAdminOption
SessionAdminOptionAuthenticationMechanismLDAP sets the authentication mechanism to LDAP for the entire session.
type SessionAdminUser ¶
type SessionAdminUser struct {
// contains filtered or unexported fields
}
SessionAdminUser stores attributes useful to make admin requests related to a specific user, to the CASSH server.
func (*SessionAdminUser) Key ¶
func (s *SessionAdminUser) Key() *SessionAdminUserKey
Key allows the manipulation of the user key as admin.
func (*SessionAdminUser) Principals ¶
func (s *SessionAdminUser) Principals() *SessionAdminUserPrincipals
Principals handles user principals as admin.
func (*SessionAdminUser) Status ¶
func (s *SessionAdminUser) Status(ctx context.Context) (*UserStatus, error)
Status returns the current user status.
type SessionAdminUserKey ¶
type SessionAdminUserKey struct {
// contains filtered or unexported fields
}
SessionAdminUserKey stores attributes useful to make admin requests related to keys for a specific user, to the CASSH server.
func (*SessionAdminUserKey) Activate ¶
func (s *SessionAdminUserKey) Activate(ctx context.Context) error
Activate activates the user's key.
func (*SessionAdminUserKey) Delete ¶
func (s *SessionAdminUserKey) Delete(ctx context.Context) error
Delete deletes the user's key (but it does not revoke it).
type SessionAdminUserPrincipals ¶
type SessionAdminUserPrincipals struct {
// contains filtered or unexported fields
}
SessionAdminUserPrincipals stores attributes useful to make admin requests related to user principals, to the CASSH server.
func (*SessionAdminUserPrincipals) Add ¶
func (s *SessionAdminUserPrincipals) Add(ctx context.Context, principal Principal, principals ...Principal) error
Add adds the provided principals to the user principals.
func (*SessionAdminUserPrincipals) Remove ¶
func (s *SessionAdminUserPrincipals) Remove(ctx context.Context, principal Principal, principals ...Principal) error
Remove removes the provided principals from the user principals.
type SessionAuth ¶
SessionAuth defines a way to authenticate a request.
type SessionUser ¶
type SessionUser struct {
// contains filtered or unexported fields
}
SessionUser stores attributes useful to make user related requests to the CASSH server.
func (*SessionUser) Key ¶
func (s *SessionUser) Key(key ssh.PublicKey) *SessionUserKey
Key allows the manipulation of the user key.
func (*SessionUser) Status ¶
func (s *SessionUser) Status(ctx context.Context) (*UserStatus, error)
Status returns the current user status.
type SessionUserKey ¶
type SessionUserKey struct {
// contains filtered or unexported fields
}
SessionUserKey stores attributes useful to make requests related to user's keys, to the CASSH server.
func (*SessionUserKey) Set ¶
func (s *SessionUserKey) Set(ctx context.Context) error
Set sets the user key.
func (*SessionUserKey) Sign ¶
func (s *SessionUserKey) Sign(ctx context.Context, opts ...SessionUserKeySignOption) (*ssh.Certificate, error)
Sign returns a certificate signed by the CASSH server.
type SessionUserKeySignOption ¶
type SessionUserKeySignOption func(o *sessionUserKeySignOptions)
SessionUserKeySignOption defines the signature of all options usable on SessionUserKeySign.
func SessionUserKeySignOptionForce ¶
func SessionUserKeySignOptionForce() SessionUserKeySignOption
SessionUserKeySignOptionForce sets the force attribute to the sign request.
type SessionUserOption ¶
type SessionUserOption func(o *sessionUserOptions)
SessionUserOption defines the signature of all options usable on SessionUser.
func SessionUserOptionAuthenticationMechanismLDAP ¶
func SessionUserOptionAuthenticationMechanismLDAP(ldapName, ldapPassword string) SessionUserOption
SessionUserOptionAuthenticationMechanismLDAP sets the authentication mechanism to LDAP for the entire session.
type UserStatus ¶
type UserStatus struct { Name Username RealName string KeyState KeyState KeyExpiration time.Time KeyPrincipals Principals }
UserStatus stores the status attributes of a CASSH user.
func (UserStatus) String ¶
func (us UserStatus) String() string
String implements stringer for UserStatus.