Affected by GO-2024-2442 and 5 other vulnerabilities

GO-2024-2442: Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport

GO-2024-2445: Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport

GO-2024-2447: Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport

GO-2024-2449: Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport

GO-2025-3763: Remote authentication bypass in github.com/gravitational/teleport

spacelift

package

v1.3.3-0...-f31c912 Latest Latest Go to latest Published: Jan 9, 2024 License: AGPL-3.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gravitational/teleport

Links

Open Source Insights

Documentation ¶

Index ¶

type IDTokenClaims
- func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)
type IDTokenSource
- func NewIDTokenSource(getEnv envGetter) *IDTokenSource
- func (its *IDTokenSource) GetIDToken() (string, error)
type IDTokenValidator
- func NewIDTokenValidator(cfg IDTokenValidatorConfig) *IDTokenValidator
- func (id *IDTokenValidator) Validate(ctx context.Context, hostname string, token string) (*IDTokenClaims, error)
type IDTokenValidatorConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IDTokenClaims ¶

type IDTokenClaims struct {
	// Sub provides some information about the Spacelift run that generated this
	// token.
	// space:<space_id>:(stack|module):<stack_id|module_id>:run_type:<run_type>:scope:<read|write>
	Sub string `json:"sub"`
	// SpaceID is the ID of the space in which the run that owns the token was
	// executed.
	SpaceID string `json:"spaceId"`
	// CallerType is the type of the caller, ie. the entity that owns the run -
	// either stack or module.
	CallerType string `json:"callerType"`
	// CallerID is the ID of the caller, ie. the stack or module that generated
	// the run.
	CallerID string `json:"callerId"`
	// RunType is the type of the run.
	// (PROPOSED, TRACKED, TASK, TESTING or DESTROY)
	RunType string `json:"runType"`
	// RunID is the ID of the run that owns the token.
	RunID string `json:"runId"`
	// Scope is the scope of the token - either read or write.
	Scope string `json:"scope"`
}

IDTokenClaims See the following for the structure: https://docs.spacelift.io/integrations/cloud-providers/oidc/#standard-claims

func (*IDTokenClaims) JoinAuditAttributes ¶

func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)

JoinAuditAttributes returns a series of attributes that can be inserted into audit events related to a specific join.

type IDTokenSource ¶

type IDTokenSource struct {
	// contains filtered or unexported fields
}

IDTokenSource allows a SpaceLift ID token to be fetched whilst within a SpaceLift execution.

func NewIDTokenSource ¶

func NewIDTokenSource(getEnv envGetter) *IDTokenSource

func (*IDTokenSource) GetIDToken ¶

func (its *IDTokenSource) GetIDToken() (string, error)

type IDTokenValidator ¶

type IDTokenValidator struct {
	IDTokenValidatorConfig
}

IDTokenValidator validates a Spacelift issued ID Token.

func NewIDTokenValidator ¶

func NewIDTokenValidator(
	cfg IDTokenValidatorConfig,
) *IDTokenValidator

NewIDTokenValidator returns an initialized IDTokenValidator

func (*IDTokenValidator) Validate ¶

func (id *IDTokenValidator) Validate(
	ctx context.Context, hostname string, token string,
) (*IDTokenClaims, error)

Validate validates a Spacelift issued ID token.

type IDTokenValidatorConfig ¶

type IDTokenValidatorConfig struct {
	// Clock is used by the validator when checking expiry and issuer times of
	// tokens. If omitted, a real clock will be used.
	Clock clockwork.Clock
	// contains filtered or unexported fields
}

IDTokenValidatorConfig contains the configuration options needed to control the behavior of IDTokenValidator.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL