2022-04-21 23:20:38 +00:00
|
|
|
package provisioner
|
|
|
|
|
|
|
|
import "github.com/smallstep/certificates/authority/policy"
|
|
|
|
|
|
|
|
type policyEngine struct {
|
|
|
|
x509Policy policy.X509Policy
|
|
|
|
sshHostPolicy policy.HostPolicy
|
|
|
|
sshUserPolicy policy.UserPolicy
|
|
|
|
}
|
|
|
|
|
|
|
|
func newPolicyEngine(options *Options) (*policyEngine, error) {
|
|
|
|
if options == nil {
|
2022-08-23 19:43:48 +00:00
|
|
|
//nolint:nilnil // legacy
|
2022-04-21 23:20:38 +00:00
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
x509Policy policy.X509Policy
|
|
|
|
sshHostPolicy policy.HostPolicy
|
|
|
|
sshUserPolicy policy.UserPolicy
|
|
|
|
err error
|
|
|
|
)
|
|
|
|
|
|
|
|
// Initialize the x509 allow/deny policy engine
|
|
|
|
if x509Policy, err = policy.NewX509PolicyEngine(options.GetX509Options()); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Initialize the SSH allow/deny policy engine for host certificates
|
|
|
|
if sshHostPolicy, err = policy.NewSSHHostPolicyEngine(options.GetSSHOptions()); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Initialize the SSH allow/deny policy engine for user certificates
|
|
|
|
if sshUserPolicy, err = policy.NewSSHUserPolicyEngine(options.GetSSHOptions()); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &policyEngine{
|
|
|
|
x509Policy: x509Policy,
|
|
|
|
sshHostPolicy: sshHostPolicy,
|
|
|
|
sshUserPolicy: sshUserPolicy,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2022-05-05 10:32:53 +00:00
|
|
|
func (p *policyEngine) getX509() policy.X509Policy {
|
2022-04-21 23:20:38 +00:00
|
|
|
if p == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return p.x509Policy
|
|
|
|
}
|
|
|
|
|
2022-05-05 10:32:53 +00:00
|
|
|
func (p *policyEngine) getSSHHost() policy.HostPolicy {
|
2022-04-21 23:20:38 +00:00
|
|
|
if p == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return p.sshHostPolicy
|
|
|
|
}
|
|
|
|
|
2022-05-05 10:32:53 +00:00
|
|
|
func (p *policyEngine) getSSHUser() policy.UserPolicy {
|
2022-04-21 23:20:38 +00:00
|
|
|
if p == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return p.sshUserPolicy
|
|
|
|
}
|