host

package

v0.17.5 Latest Latest Go to latest Published: May 28, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/andrewheberle/ssh-ca-client

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type CertificateSignerPayload
type LoginHandler
- func NewHostLoginHandler(keypath []string, config *config.SystemConfig, opts ...LoginHandlerOption) (*LoginHandler, error)
type LoginHandlerOption

Constants ¶

View Source

const (
	DefaultLifetime         = (time.Hour * 24) * 30
	DefaultDelay            = time.Millisecond * 250
	DefaultRenewAt  float64 = 0.50
)

Variables ¶

View Source

var (
	ErrNoKeys              = errors.New("no valid SSH host keys found")
	ErrAlreadyStarted      = errors.New("server has already started")
	ErrNotStarted          = errors.New("server has not been started")
	ErrUnsupportedKey      = errors.New("key type is not supported")
	ErrConnectingToAgent   = errors.New("could not connect to agent")
	ErrAddingToAgent       = errors.New("could not add to agent")
	ErrCertificateNotValid = errors.New("certificate validity not ok")
	ErrInvalidRenewAt      = errors.New("renewat must be between 0.0 and 1.0")

	// DefaultLogger is the default [*slog.Logger] used
	DefaultLogger = slog.Default()
)

Functions ¶

This section is empty.

Types ¶

type CertificateSignerPayload ¶

type CertificateSignerPayload struct {
	Lifetime          int      `json:"lifetime"`
	Principals        []string `json:"principals,omitempty"`
	PublicKey         []byte   `json:"public_key"`
	Certificate       []byte   `json:"certificate,omitempty"`
	ProofOfPossession string   `json:"proof"`
	Identity          string   `json:"identity,omitempty"`
}

type LoginHandler ¶

type LoginHandler struct {
	// contains filtered or unexported fields
}

func NewHostLoginHandler ¶

func NewHostLoginHandler(keypath []string, config *config.SystemConfig, opts ...LoginHandlerOption) (*LoginHandler, error)

NewLoginHandler creates a new handler

func (*LoginHandler) Callback ¶

func (lh *LoginHandler) Callback(w http.ResponseWriter, r *http.Request)

The Callback method is intended for use as the handler function for the callback URL of the OIDC auth flow process as part of the Serverless SSH CA

func (*LoginHandler) ExecuteLogin ¶

func (lh *LoginHandler) ExecuteLogin(addr string) error

ExecuteLogin performs [*LoginHandler.Start()], attempts to open the users browser to start the OIDC auth flow, followed by [*LoginHandler.Wait()]

func (*LoginHandler) ExecuteLoginWithContext ¶

func (lh *LoginHandler) ExecuteLoginWithContext(ctx context.Context, addr string) error

ExecuteLoginWithContext is identitical to [*LoginHandler.ExecuteLogin()] however the provided context is used rather than the default of [context.Background()]

func (lh *LoginHandler) Login(w http.ResponseWriter, r *http.Request)

The Login method is intended for use as the handler function for the initial login URL of the OIDC auth flow process as part of the Serverless SSH CA.

This will start the OIDC auth flow process and redirect the user to the configured OIDC IdP.

func (*LoginHandler) Now ¶

func (lh *LoginHandler) Now() time.Time

Now is used in tests to mock the current time

func (*LoginHandler) RedirectPath ¶

func (lh *LoginHandler) RedirectPath() string

RedirectPath returns the redirect path for the configured OIDC IdP

func (*LoginHandler) Shutdown ¶

func (lh *LoginHandler) Shutdown() error

Shutdown gracefully shuts down the HTTP service

func (*LoginHandler) Start ¶

func (lh *LoginHandler) Start(address string) error

Start performs ListenAndServe() for the login handler HTTP service however unlike [*http.Server.ListenAndServe()] this will return immediately so you should run [*LoginHandler.Wait()] after.

If the server has already started this will return ErrAlreadyStarted

func (*LoginHandler) Wait ¶

func (lh *LoginHandler) Wait(ctx context.Context) error

Wait will block until the provided context completes or the login handler HTTP service is stopped via [*LoginHandler.Shutdown()].

If the service has not been started this will return ErrNotStarted

type LoginHandlerOption ¶

type LoginHandlerOption func(*LoginHandler)

Options for *LoginHandlerOption

func WithDelay ¶

func WithDelay(delay time.Duration) LoginHandlerOption

WithDelay sets the delay between requests when handling multiple requests

func WithLifetime ¶

func WithLifetime(lifetime time.Duration) LoginHandlerOption

WithLifetime sets a different lifetime than DefaultLifetime

func WithLogger ¶

func WithLogger(logger *slog.Logger) LoginHandlerOption

WithLogger allows providing a custom *slog.Logger for the service

func WithPrincipals ¶

func WithPrincipals(principals []string) LoginHandlerOption

WithPrincipals allows providing a list of principals for the host certificate

func WithRenewAt ¶

func WithRenewAt(renewat float64) LoginHandlerOption

WithRenewAt sets the threshold from 0-100 for renewals

func WithRenewal ¶

func WithRenewal() LoginHandlerOption

WithRenewal triggers the renewal logic from an existing certificate

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL