mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 01:03:40 +00:00
Merge pull request #9 from gravitational/alexander/token
better workflow and fixes for auth tokens
This commit is contained in:
commit
975f57afb0
9
Makefile
9
Makefile
|
@ -54,24 +54,25 @@ cover-package-with-etcd: remove-temp-files
|
|||
|
||||
run-auth:
|
||||
go install github.com/gravitational/teleport/teleport
|
||||
rm -f /tmp/teleport.auth.sock
|
||||
teleport -auth\
|
||||
-authBackend=etcd\
|
||||
-authBackendConfig='{"nodes": ["${ETCD_NODE1}"], "key": "/teleport"}'\
|
||||
-authDomain=gravitational.io\
|
||||
-authHTTPAddr=tcp://localhost:8080\
|
||||
-log=console\
|
||||
-logSeverity=INFO\
|
||||
-dataDir=/tmp\
|
||||
-fqdn=auth.gravitational.io
|
||||
run-ssh:
|
||||
go install github.com/gravitational/teleport/teleport
|
||||
tctl token generate --output=/tmp/token -fqdn=node1.gravitational.io
|
||||
teleport -ssh\
|
||||
-log=console\
|
||||
-logSeverity=INFO\
|
||||
-dataDir=/tmp\
|
||||
-fqdn=node1.gravitational.io\
|
||||
-authServer=tcp://auth.gravitational.io:33001\
|
||||
-sshToken=token
|
||||
-sshToken=/tmp/token\
|
||||
-authServer=tcp://auth.gravitational.io:33000
|
||||
|
||||
run-cp: install-assets
|
||||
go install github.com/gravitational/teleport/teleport
|
||||
|
@ -81,7 +82,7 @@ run-cp: install-assets
|
|||
-logSeverity=INFO\
|
||||
-dataDir=/tmp\
|
||||
-fqdn=node2.gravitational.io\
|
||||
-authServer=tcp://auth.gravitational.io:33001
|
||||
-authServer=tcp://auth.gravitational.io:33000
|
||||
|
||||
profile:
|
||||
go tool pprof http://localhost:6060/debug/pprof/profile
|
||||
|
|
|
@ -5,6 +5,8 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
|
||||
"github.com/gravitational/teleport/utils"
|
||||
|
||||
|
@ -12,7 +14,11 @@ import (
|
|||
)
|
||||
|
||||
func Register(fqdn, dataDir, token string, servers []utils.NetAddr) error {
|
||||
method, err := NewTokenAuth(fqdn, token)
|
||||
tok, err := readToken(token)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
method, err := NewTokenAuth(fqdn, tok)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -43,6 +49,18 @@ func Register(fqdn, dataDir, token string, servers []utils.NetAddr) error {
|
|||
return writeKeys(fqdn, dataDir, keys.Key, keys.Cert)
|
||||
}
|
||||
|
||||
func readToken(token string) (string, error) {
|
||||
if !strings.HasPrefix(token, "/") {
|
||||
return token, nil
|
||||
}
|
||||
// treat it as a file
|
||||
out, err := ioutil.ReadFile(token)
|
||||
if err != nil {
|
||||
return "", nil
|
||||
}
|
||||
return string(out), nil
|
||||
}
|
||||
|
||||
type PackedKeys struct {
|
||||
Key []byte `json:"key"`
|
||||
Cert []byte `json:"cert"`
|
||||
|
|
|
@ -334,7 +334,9 @@ func (s *TunServer) passwordAuth(
|
|||
return perms, nil
|
||||
case "provision-token":
|
||||
if err := s.a.ValidateToken(string(ab.Pass), ab.User); err != nil {
|
||||
log.Errorf("%v token validation error: %v", ab.User, err)
|
||||
err := fmt.Errorf("%v token validation error: %v", ab.User, err)
|
||||
log.Errorf("%v", err)
|
||||
return nil, err
|
||||
}
|
||||
perms := &ssh.Permissions{
|
||||
Extensions: map[string]string{
|
||||
|
|
|
@ -181,7 +181,7 @@ func initSSHEndpoint(t *TeleportService, cfg Config) error {
|
|||
|
||||
func initSSHRegister(t *TeleportService, cfg Config) error {
|
||||
t.RegisterFunc(func() error {
|
||||
log.Infof("teleport:ssh connecting to auth servers")
|
||||
log.Infof("teleport:ssh connecting to auth servers %v", cfg.SSH.Token)
|
||||
if err := auth.Register(
|
||||
cfg.FQDN, cfg.DataDir, cfg.SSH.Token, cfg.AuthServers); err != nil {
|
||||
log.Errorf("teleport:ssh register failed: %v", err)
|
||||
|
|
|
@ -2,6 +2,7 @@ package command
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"time"
|
||||
|
||||
"github.com/gravitational/teleport/Godeps/_workspace/src/github.com/codegangsta/cli"
|
||||
|
@ -18,6 +19,7 @@ func newTokenCommand(c *Command) cli.Command {
|
|||
Flags: []cli.Flag{
|
||||
cli.StringFlag{Name: "fqdn", Usage: "FQDN of the server"},
|
||||
cli.DurationFlag{Name: "ttl", Value: 120 * time.Second, Usage: "TTL"},
|
||||
cli.StringFlag{Name: "output", Usage: "Optional output file"},
|
||||
},
|
||||
Action: c.generateToken,
|
||||
},
|
||||
|
@ -26,11 +28,17 @@ func newTokenCommand(c *Command) cli.Command {
|
|||
}
|
||||
|
||||
func (cmd *Command) generateToken(c *cli.Context) {
|
||||
token, err := cmd.client.GenerateToken(
|
||||
c.String("fqdn"), c.Duration("ttl"))
|
||||
token, err := cmd.client.GenerateToken(c.String("fqdn"), c.Duration("ttl"))
|
||||
if err != nil {
|
||||
cmd.printError(err)
|
||||
return
|
||||
}
|
||||
fmt.Fprintf(cmd.out, token)
|
||||
if c.String("output") == "" {
|
||||
fmt.Fprintf(cmd.out, token)
|
||||
return
|
||||
}
|
||||
err = ioutil.WriteFile(c.String("output"), []byte(token), 0644)
|
||||
if err != nil {
|
||||
cmd.printError(err)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -40,7 +40,7 @@ func main() {
|
|||
utils.NewNetAddrVal(
|
||||
utils.NetAddr{
|
||||
Network: "tcp",
|
||||
Addr: "localhost:33000",
|
||||
Addr: "localhost:33001",
|
||||
}, &cfg.SSH.Addr),
|
||||
"sshAddr", "SSH endpoint listening address")
|
||||
|
||||
|
@ -72,7 +72,7 @@ func main() {
|
|||
utils.NewNetAddrVal(
|
||||
utils.NetAddr{
|
||||
Network: "tcp",
|
||||
Addr: "localhost:33001",
|
||||
Addr: "localhost:33000",
|
||||
}, &cfg.Auth.SSHAddr),
|
||||
"authSSHAddr", "Auth Server SSH tunnel API listening address")
|
||||
|
||||
|
@ -92,7 +92,7 @@ func main() {
|
|||
utils.NewNetAddrVal(
|
||||
utils.NetAddr{
|
||||
Network: "tcp",
|
||||
Addr: "localhost:33003",
|
||||
Addr: "localhost:33002",
|
||||
}, &cfg.CP.Addr),
|
||||
"cpAddr", "CP server web listening address")
|
||||
|
||||
|
|
Loading…
Reference in a new issue