Documentation
¶
Index ¶
- Variables
- type AttestationConfig
- type AttestationOptions
- type BackendConfig
- type Client
- type ClientBackendConfig
- type CommandTokenProvider
- type Config
- type ConnectHandler
- type ConnectRequest
- type HMACTokenProvider
- type HealthCheckConfig
- type Option
- type PortMapping
- type Token
- type TokenProvider
- type TokenRequest
- type TokenStage
Constants ¶
This section is empty.
Variables ¶
var ErrNoRoute = errors.New("client: no route configured")
ErrNoRoute is returned by connect handlers to indicate that the request should fall back to the default configuration-based routing.
Functions ¶
This section is empty.
Types ¶
type AttestationConfig ¶ added in v0.2.0
type AttestationConfig struct {
Command string `yaml:"command"`
Args []string `yaml:"args"`
Env map[string]string `yaml:"env"`
TimeoutSeconds int `yaml:"timeoutSeconds"`
CacheHandshakeSeconds int `yaml:"cacheHandshakeSeconds"`
HMACSecret string `yaml:"hmacSecret"`
HMACSecretFile string `yaml:"hmacSecretFile"`
TokenTTLSeconds int `yaml:"tokenTTLSeconds"`
HandshakeMaxAgeSeconds int `yaml:"handshakeMaxAgeSeconds"`
ReauthIntervalSeconds int `yaml:"reauthIntervalSeconds"`
ReauthGraceSeconds int `yaml:"reauthGraceSeconds"`
MaintenanceGraceCapSeconds int `yaml:"maintenanceGraceCapSeconds"`
AuthorizerStatusURI string `yaml:"authorizerStatusUri"`
PolicyVersion string `yaml:"policyVersion"`
}
type AttestationOptions ¶ added in v0.2.0
type AttestationOptions struct {
Command string
Args []string
Env map[string]string
Timeout time.Duration
CacheHandshake time.Duration
HMACSecret string
HMACSecretFile string
TokenTTL time.Duration
HandshakeMaxAgeSeconds int
ReauthIntervalSeconds int
ReauthGraceSeconds int
MaintenanceGraceCapSeconds int
AuthorizerStatusURI string
PolicyVersion string
}
AttestationOptions contains configuration for generating attestation tokens.
type BackendConfig ¶
type BackendConfig struct {
Name string `yaml:"name"`
Hostname string `yaml:"hostname"`
Hostnames []string `yaml:"hostnames"`
NexusAddresses []string `yaml:"nexusAddresses"`
Weight int `yaml:"weight"`
Attestation AttestationConfig `yaml:"attestation"`
PortMappings map[int]PortMapping `yaml:"portMappings"`
HealthChecks HealthCheckConfig `yaml:"healthChecks"`
}
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client manages the full lifecycle for one configured backend service.
func New ¶
func New(cfg ClientBackendConfig, opts ...Option) (*Client, error)
New creates a new Client instance for a specific backend configuration.
type ClientBackendConfig ¶
type ClientBackendConfig struct {
Name string
Hostnames []string
NexusAddress string
Weight int
Attestation AttestationOptions
PortMappings map[int]PortMapping
HealthChecks HealthCheckConfig
}
type CommandTokenProvider ¶ added in v0.2.0
type CommandTokenProvider struct {
// contains filtered or unexported fields
}
CommandTokenProvider implements TokenProvider by invoking an external command.
func NewCommandTokenProvider ¶ added in v0.2.0
func NewCommandTokenProvider(cfg AttestationOptions) (*CommandTokenProvider, error)
NewCommandTokenProvider returns a TokenProvider backed by an external command.
func (*CommandTokenProvider) IssueToken ¶ added in v0.2.0
func (c *CommandTokenProvider) IssueToken(ctx context.Context, req TokenRequest) (Token, error)
IssueToken invokes the configured command to retrieve an attestation token.
type ConnectHandler ¶
ConnectHandler is invoked whenever the proxy asks us to establish a new local connection. Returning ErrNoRoute will defer to the default port-mapping behaviour. Any other error is treated as fatal for that request.
type ConnectRequest ¶
type ConnectRequest struct {
BackendName string
ClientID uuid.UUID
Hostname string
OriginalHostname string
Port int
ClientIP string
IsTLS bool
}
ConnectRequest provides context about a client connection request coming from the Nexus proxy.
type HMACTokenProvider ¶ added in v0.2.0
type HMACTokenProvider struct {
// contains filtered or unexported fields
}
HMACTokenProvider produces tokens signed with a shared secret.
func NewHMACTokenProvider ¶ added in v0.2.0
func NewHMACTokenProvider(opts AttestationOptions, backendName string, hostnames []string, weight int) (*HMACTokenProvider, error)
NewHMACTokenProvider returns a TokenProvider that signs JWTs locally using HS256.
func (*HMACTokenProvider) IssueToken ¶ added in v0.2.0
func (h *HMACTokenProvider) IssueToken(ctx context.Context, req TokenRequest) (Token, error)
IssueToken signs a JWT that encodes the attestation claims expected by Nexus.
type HealthCheckConfig ¶
type Option ¶
type Option func(*Client)
Option mutates a Client during construction.
func WithConnectHandler ¶
func WithConnectHandler(handler ConnectHandler) Option
WithConnectHandler registers a custom connect handler. The handler is invoked before the default port-mapping logic. Returning ErrNoRoute (or a nil connection) will fall back to the default handler.
func WithTokenProvider ¶ added in v0.1.2
func WithTokenProvider(provider TokenProvider) Option
WithTokenProvider installs a TokenProvider that is consulted for handshake, attestation, and re-auth tokens. Passing nil restores the default provider.
type PortMapping ¶
type TokenProvider ¶ added in v0.1.2
type TokenProvider interface {
IssueToken(ctx context.Context, req TokenRequest) (Token, error)
}
TokenProvider issues attestation tokens for a given request.
type TokenRequest ¶ added in v0.2.0
type TokenRequest struct {
Stage TokenStage
SessionNonce string
BackendName string
Hostnames []string
Weight int
}
TokenRequest conveys the contextual information for issuing a token.
type TokenStage ¶ added in v0.2.0
type TokenStage string
TokenStage identifies which step of the attestation workflow is requesting a token.
const ( StageHandshake TokenStage = "handshake" StageAttest TokenStage = "attest" StageReauth TokenStage = "reauth" )
Source Files