forked from iamacarpet/ssh-bastion
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.go
executable file
·133 lines (115 loc) · 3.74 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
package main
import (
"fmt"
"io/ioutil"
"net/http"
"strings"
"gopkg.in/yaml.v2"
)
type SSHConfig struct {
Global SSHConfigGlobal `yaml:"global"`
Servers map[string]SSHConfigServer `yaml:"servers"`
Groups []string `yaml:"groups"`
ACLs map[string]SSHConfigACL `yaml:"acls"`
Users map[string]SSHConfigUser `yaml:"users"`
}
type SSHConfigGlobal struct {
GroupPath string `yaml:"group_path"`
MOTDPath string `yaml:"motd_path"`
LogPath string `yaml:"log_path"`
StoragePath string `yaml:"storage_path"`
BastionPrivateKeys []string `yaml:"bastion_private_keys"`
AuthWithBastionKeys bool `yaml:"auth_with_bastion_keys"`
IgnoreHostPubKeys bool `yaml:"ignore_hosts_pubkeys"`
AllowAgentForwarding bool `yaml:"allow_agent_forwarding"`
AuthType string `yaml:"auth_type"`
LDAP_Server string `yaml:"ldap_server"`
LDAP_Domain string `yaml:"ldap_domain"`
PassPassword bool `yaml:"pass_password"`
ListenPath string `yaml:"listen_path"`
NoIP6Bind bool `yaml:"disable_ipv6_bind"`
ConnectTimeout string `yaml:"connect_timeout"`
FluentbitServer string `yaml:"fluentbit_server"`
}
type SSHConfigACL struct {
AllowedServers []string `yaml:"allow_servers"`
AllowedGroups []string `yaml:"allow_groups"`
}
type SSHConfigUser struct {
ACL string `yaml:"acl"`
AuthorizedKeyStr string `yaml:"authorized_key"`
AuthorizedKeysFile string `yaml:"authorized_keys_file"`
}
type SSHConfigServer struct {
HostPubKeys []string `yaml:"host_pubkeys"`
ConnectPath string `yaml:"connect_path"`
LoginUser string `yaml:"login_user"`
Group string ""
}
func fetchConfig(filename string) (*SSHConfig, error) {
configData, err := ioutil.ReadFile(filename)
if err != nil {
return nil, fmt.Errorf("Failed to open config file: %s", err)
}
config := &SSHConfig{}
err = yaml.Unmarshal(configData, config)
if err != nil {
return nil, fmt.Errorf("Unable to parse YAML config file: %s", err)
}
for i, v := range config.Global.BastionPrivateKeys {
config.Global.BastionPrivateKeys[i], err = loadKey(v)
if err != nil {
return nil, fmt.Errorf("Unable to load key %s: %v", v, err)
}
}
for _, group := range config.Groups {
groupData, err := ioutil.ReadFile(config.Global.GroupPath + "/" + group + ".yaml")
if err != nil {
return nil, fmt.Errorf("Failed to open group file: %s", err)
}
var t map[string]SSHConfigServer
err = yaml.Unmarshal(groupData, &t)
if err != nil {
return nil, fmt.Errorf("Unable to parse YAML group file: %s", err)
}
for k_target, target := range t {
target.Group = group
config.Servers[k_target] = target
for k_acl, acl := range config.ACLs {
acl_dup := acl
for _, a := range acl.AllowedGroups {
if a == group {
acl_dup.AllowedServers = append(acl.AllowedServers, k_target)
break
}
}
config.ACLs[k_acl] = acl_dup
}
for i, v := range target.HostPubKeys {
config.Servers[k_target].HostPubKeys[i], err = loadKey(v)
if err != nil {
return nil, fmt.Errorf("Unable to load key %s: %v", v, err)
}
}
}
}
resp, err := http.Get(config.Global.FluentbitServer)
if err != nil {
return nil, fmt.Errorf("Unable to join %s: %v", config.Global.FluentbitServer, err)
}
defer resp.Body.Close()
return config, nil
}
func loadKey(target string) (string, error) {
s := strings.Split(target, "file:")
if len(s) == 1 {
return s[0], nil
} else if len(s) == 2 {
key, err := ioutil.ReadFile(s[1])
if err != nil {
return "", fmt.Errorf("Unable to load key file %s: %v", s[1], err)
}
return string(key), nil
}
return "", fmt.Errorf("Bad key description %s", target)
}