certificates/authority/options.go

55 lines
1.6 KiB
Go
Raw Normal View History

2019-11-14 23:29:04 +00:00
package authority
import (
"context"
"crypto/x509"
"github.com/smallstep/certificates/authority/provisioner"
2019-11-14 23:29:04 +00:00
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/sshutil"
2019-11-14 23:29:04 +00:00
)
// Option sets options to the Authority.
type Option func(*Authority)
// WithDatabase sets an already initialized authority database to a new
// authority. This option is intended to be use on graceful reloads.
func WithDatabase(db db.AuthDB) Option {
return func(a *Authority) {
a.db = db
}
}
2019-11-15 02:24:58 +00:00
2019-11-20 19:32:27 +00:00
// WithGetIdentityFunc sets a custom function to retrieve the identity from
// an external resource.
func WithGetIdentityFunc(fn func(p provisioner.Interface, email string) (*provisioner.Identity, error)) Option {
return func(a *Authority) {
a.getIdentityFunc = fn
}
}
// WithSSHBastionFunc sets a custom function to get the bastion for a
2019-11-15 02:24:58 +00:00
// given user-host pair.
func WithSSHBastionFunc(fn func(user, host string) (*Bastion, error)) Option {
return func(a *Authority) {
a.sshBastionFunc = fn
}
}
2019-11-20 19:32:27 +00:00
// WithSSHGetHosts sets a custom function to get the bastion for a
// given user-host pair.
func WithSSHGetHosts(fn func(cert *x509.Certificate) ([]sshutil.Host, error)) Option {
return func(a *Authority) {
2019-11-20 19:32:27 +00:00
a.sshGetHostsFunc = fn
}
}
// WithSSHCheckHost sets a custom function to check whether a given host is
// step ssh enabled. The token is used to validate the request, while the roots
// are used to validate the token.
func WithSSHCheckHost(fn func(ctx context.Context, principal string, tok string, roots []*x509.Certificate) (bool, error)) Option {
return func(a *Authority) {
a.sshCheckHostFunc = fn
}
}