2019-11-14 23:29:04 +00:00
|
|
|
package authority
|
|
|
|
|
|
|
|
import (
|
2019-12-10 07:14:56 +00:00
|
|
|
"context"
|
2019-11-20 20:59:48 +00:00
|
|
|
"crypto/x509"
|
|
|
|
|
2019-11-15 04:38:07 +00:00
|
|
|
"github.com/smallstep/certificates/authority/provisioner"
|
2019-11-14 23:29:04 +00:00
|
|
|
"github.com/smallstep/certificates/db"
|
2019-11-21 01:23:51 +00:00
|
|
|
"github.com/smallstep/certificates/sshutil"
|
2019-11-14 23:29:04 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Option sets options to the Authority.
|
|
|
|
type Option func(*Authority)
|
|
|
|
|
|
|
|
// WithDatabase sets an already initialized authority database to a new
|
|
|
|
// authority. This option is intended to be use on graceful reloads.
|
|
|
|
func WithDatabase(db db.AuthDB) Option {
|
|
|
|
return func(a *Authority) {
|
|
|
|
a.db = db
|
|
|
|
}
|
|
|
|
}
|
2019-11-15 02:24:58 +00:00
|
|
|
|
2019-11-20 19:32:27 +00:00
|
|
|
// WithGetIdentityFunc sets a custom function to retrieve the identity from
|
|
|
|
// an external resource.
|
|
|
|
func WithGetIdentityFunc(fn func(p provisioner.Interface, email string) (*provisioner.Identity, error)) Option {
|
|
|
|
return func(a *Authority) {
|
|
|
|
a.getIdentityFunc = fn
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-11-15 04:38:07 +00:00
|
|
|
// WithSSHBastionFunc sets a custom function to get the bastion for a
|
2019-11-15 02:24:58 +00:00
|
|
|
// given user-host pair.
|
|
|
|
func WithSSHBastionFunc(fn func(user, host string) (*Bastion, error)) Option {
|
|
|
|
return func(a *Authority) {
|
|
|
|
a.sshBastionFunc = fn
|
|
|
|
}
|
|
|
|
}
|
2019-11-15 04:38:07 +00:00
|
|
|
|
2019-11-20 19:32:27 +00:00
|
|
|
// WithSSHGetHosts sets a custom function to get the bastion for a
|
|
|
|
// given user-host pair.
|
2019-11-21 01:23:51 +00:00
|
|
|
func WithSSHGetHosts(fn func(cert *x509.Certificate) ([]sshutil.Host, error)) Option {
|
2019-11-15 04:38:07 +00:00
|
|
|
return func(a *Authority) {
|
2019-11-20 19:32:27 +00:00
|
|
|
a.sshGetHostsFunc = fn
|
2019-11-15 04:38:07 +00:00
|
|
|
}
|
|
|
|
}
|
2019-12-10 07:14:56 +00:00
|
|
|
|
|
|
|
// WithSSHCheckHost sets a custom function to check whether a given host is
|
|
|
|
// step ssh enabled. The token is used to validate the request, while the roots
|
|
|
|
// are used to validate the token.
|
|
|
|
func WithSSHCheckHost(fn func(ctx context.Context, principal string, tok string, roots []*x509.Certificate) (bool, error)) Option {
|
|
|
|
return func(a *Authority) {
|
|
|
|
a.sshCheckHostFunc = fn
|
|
|
|
}
|
|
|
|
}
|