server

package
v0.0.0-...-da8984f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2015 License: Apache-2.0 Imports: 11 Imported by: 0

README

Hologram Server

The Hologram Server manages AWS credentials for a team of developers, allocating temporary credentials using AWS STS to developers on request. It is designed to work with the Hologram Agent, responding to authenticated requests for credentials with fresh or cached credentials from AWS.

protobuf server

Hologram accepts TCP connections on port 3100, receiving and responding to messages using a Protocol Buffers-based format.

LDAP

Hologram supports a pluggable authentication and authorization mechanism, and the default implementation avialable is LDAP. Users authenticate to Hologram using an SSH key challenge, and Hologram looks up the SSH public keys to use in LDAP.

AWS client

AWS STS is used to generate temporary credentials.

logging

All authentications, whether successful or not, can be logged to Amazon SimpleDB to provide an audit trail.

MFA tokens

Hologram Server supports IAM roles that require an MFA token, requesting the token from the Hologram Agent when needed.

Documentation

Overview

Copyright 2014 AdRoll, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package server implements the connection-oriented state machine for the Hologram centralised server. Copyright 2014 AdRoll, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2014 AdRoll, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New 

func New(a Authenticator, c CredentialService, r string, s g2s.Statter, l LDAPImplementation, u string, b string) *server

New returns a server that can be used as a handler for a MessageConnection loop.

func NewDirectSessionTokenService 

func NewDirectSessionTokenService(iamAccount string, sts *sts.STS) *directSessionTokenService

NewDirectSessionTokenService returns a credential service that talks to Amazon directly.

func NewLDAPUserCache 

func NewLDAPUserCache(server LDAPImplementation, stats g2s.Statter, userAttr string, baseDN string) (*ldapUserCache, error)

NewLDAPUserCache returns a properly-configured LDAP cache.

Types

type Authenticator 

type Authenticator interface {
	Authenticate(username string, challenge []byte, sig *ssh.Signature) (user *User, err error)
}

type CredentialService 

type CredentialService interface {
	AssumeRole(user *User, role string) (*sts.Credentials, error)
}

CredentialService implements workflows that return temporary credentials to calling processes. No caching is done of these results other than that which the CredentialService does itself.

type LDAPImplementation 

type LDAPImplementation interface {
	Search(*ldap.SearchRequest) (*ldap.SearchResult, error)
	Modify(*ldap.ModifyRequest) error
}

LDAPImplementation implementers provide access to LDAP servers for operations that Hologram uses. This interface exists for testing purposes.

type STSImplementation 

type STSImplementation interface {
	AssumeRole(options *sts.AssumeRoleParams) (*sts.AssumeRoleResult, error)
}

STSImplementation exists to enable dependency injection of an implementation of STS.

type User 

type User struct {
	Username string
	SSHKeys  []ssh.PublicKey
}

User represents information about a user stored in the cache.

type UserCache 

type UserCache interface {
	// They also need to implement the SSH key verification interface.
	Authenticator
	Update() error
}

UserCache implementers provide information about registered users.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.