Contain policy engines inside provisioner Controller
parent
ef110a94df
commit
c40a4d2694
@ -0,0 +1,65 @@
|
||||
package provisioner
|
||||
|
||||
import "github.com/smallstep/certificates/authority/policy"
|
||||
|
||||
type policyEngine struct {
|
||||
x509Policy policy.X509Policy
|
||||
sshHostPolicy policy.HostPolicy
|
||||
sshUserPolicy policy.UserPolicy
|
||||
}
|
||||
|
||||
func newPolicyEngine(options *Options) (*policyEngine, error) {
|
||||
|
||||
if options == nil {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
var (
|
||||
x509Policy policy.X509Policy
|
||||
sshHostPolicy policy.HostPolicy
|
||||
sshUserPolicy policy.UserPolicy
|
||||
err error
|
||||
)
|
||||
|
||||
// Initialize the x509 allow/deny policy engine
|
||||
if x509Policy, err = policy.NewX509PolicyEngine(options.GetX509Options()); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Initialize the SSH allow/deny policy engine for host certificates
|
||||
if sshHostPolicy, err = policy.NewSSHHostPolicyEngine(options.GetSSHOptions()); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Initialize the SSH allow/deny policy engine for user certificates
|
||||
if sshUserPolicy, err = policy.NewSSHUserPolicyEngine(options.GetSSHOptions()); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &policyEngine{
|
||||
x509Policy: x509Policy,
|
||||
sshHostPolicy: sshHostPolicy,
|
||||
sshUserPolicy: sshUserPolicy,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (p *policyEngine) GetX509() policy.X509Policy {
|
||||
if p == nil {
|
||||
return nil
|
||||
}
|
||||
return p.x509Policy
|
||||
}
|
||||
|
||||
func (p *policyEngine) GetSSHHost() policy.HostPolicy {
|
||||
if p == nil {
|
||||
return nil
|
||||
}
|
||||
return p.sshHostPolicy
|
||||
}
|
||||
|
||||
func (p *policyEngine) GetSSHUser() policy.UserPolicy {
|
||||
if p == nil {
|
||||
return nil
|
||||
}
|
||||
return p.sshUserPolicy
|
||||
}
|
Loading…
Reference in New Issue