Skip to content

Commit

Permalink
Adding provisioning
Browse files Browse the repository at this point in the history
  • Loading branch information
@mchavez
mchavez committed Mar 9, 2024
1 parent aa54cdc commit 9a0bcde
Show file tree
Hide file tree
Showing 4 changed files with 157 additions and 52 deletions.
82 changes: 41 additions & 41 deletions auth.pem
View file
Original file line number Diff line number Diff line change
@@ -1,37 +1,37 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuz4Kk+2fGZIrRXJfFN/C1XZ1K29+D3CGKNOoY4ClOUC25ziP
lTrlVf/biij2jBJfNP7hgQDCbA5KdSRM8mokiixc7pB/XwGgvn9ousg//gk/k9c6
wMIyNao9AHxELNQEtJnPgLMcIBiKWOfW9S97Qzgz3xesRn0zGqZznm+DvhgOECGM
0/qn7tWLz7sSWOtjqD/kVztbPbUnyCnBjUcaOLOXp38A/yOlhylQgFxWNy5zHNUw
R1jyiVmq6zfr8SWltjjM2P6TYC5eZLingUFqw/KaAh3Y5nKDh40ePho1V6XuDweZ
rEQ2vKBJBBWHw+jIOluldt2aAdGgMot77A/p7wIDAQABAoIBABLilQqKgut/VKHy
gSiH0Qzan8K7wgkonj9r6aXvibqWjlwP1luEzzC3V5s9unAyQiwEMRZjzzg60MOz
35brobfV9aGSLWaVsXLFQvjjzaB/qkvs/14FuC61duWfoviqgbb9dHJUnleWYg3J
hGLCYTpMZt7vck7Bve/ILg0izjTT58heYrYZUFCOiGWlg/CWXOj8ZIqefyTHUads
bjLyP9qFC3C2Jqso9j4dil7RAh1Zr7WmmlDeOpEdIPTDusv940jbPTxod8CdQIlI
/O+uXUdr81olqmN4cgasBp6YkNSVrwewdQQy1lWt6FkF5AGMvCvbLQv83mydTzbw
a+YabxECgYEAwboAxcPCInPs9wneVvWoU1n66+BWQ6NKlTSvq2lV0JISFfl/2qQd
ibKmQCgAJouo9uavvmzYYxDWYe2Cp1Vj82XbJ8LPK+8EQGVUTM7sSxFnnVAZV44e
RgF9S6ICHJQg/NtV7LkJAr3kSdmFV3byOTLDYHjKjyB+OBevTuVBLCUCgYEA925x
hl3pHEvvl8ltwAgBFq67bDm9cVP9G2qTWkAeuYxqR8APcKozXhfBFtZ8hxtNNZhZ
9nuYNQZZ15iZKucssdICyFgJSc+f9tw+i8eBeGVE70qSO75POZuECaiYsyvV+oVu
uWVBdOKbimaBvda7n6kLGvcHaGR5IrFMYXITF4MCgYB+fVtZxXqxki2sE2Z4MwgH
/F1ou963ZRwilfcJncppV6a1cGX5tWSP7vS8OSH4CQJ2y6L+XAVhkbHY2QKRDaEo
YF4a9QjeL77/6OmFCSqhzShxP8Z8M5Ayt3A+/PYSAOoVD4Vn/l0SzDgNvBhjRofb
rviAuf3QPDANofFWOzw1fQKBgQDuqjKI6CbFq5107M+XLmFWbr7MOrm4CcqX2mo9
4KGCWqXdha2fAB1CQml2zPcbH0OPUeBc94SuiOy6IDCGCKy87RTQCNMUxlfHN1SB
YbRJ3Gzs4CJDzGMA7zgiVOTN1pe06WYPIFNOGpLrocq9wdYCwHy8ytDzag7KXviM
+greXwKBgEW82tt7XYGKsYGwCuTVUqZedtXMGciG4FFa+jkEcO06wFTrGlLUzEFH
izznpDbyDWJHVJCJKnETRxltaEs+7sNelrE0wellJM7bOEWU/7YqP1WanISr4Orj
8TfCYH9fUvaIUxUQ3VNx4eXffAomliY/6CSkjWT31Yyy88eTY0SI
MIIEpQIBAAKCAQEA40zPm5HW99iofZedsTdjiR9NrQ9yW5VfFkkp0OjWrypIgTIQ
ixc/BMk82EKBazW2HaW/byuPx9Rmss1Hysko31J/YBdp8hfXSQRsTvfxq+GfeDEs
7VR6aDdmsUqPed5ACqL/3tu2hPNFLZai9p3vTNG6fwfgz/B7QEtkVz0K90Pi1Ydf
QVM1ZM7lnSqgxfHx+LPP6ihjJidDgic2B9uBikRBnUDdA9q36xeYsZBeuSpTdby+
kt/wdAUR+yDZtf3dlORtCRl/clx6gqnof7wODvW9jThCMwf7Qdf9Cy632cbu4kpb
1mzaRwT4LzvBLe0ChzxQd/ARFTZh7F1GAtfzmQIDAQABAoIBAQClTuSiQOO1pzWK
+axvCVhzjnegiF5kKvNXsugdjmksRbUreOy9K6/iXDTLFzsmbI7Bax0ZzfWooFn8
af1vhvMZz9bhXMXpkts4uGXI3Nw/ZDzlXeZNyKWpi7k88Xv9Ztzun3M1cleAw6gp
KqfkciJqnRFkd6dRs5T/wpT8OWHzR2Wa2up+b/ChQxvoCKNiy+WRsOxGDsNfJ3WD
LGpDFo7Mn9cxXXf/qKXhzNgWQGjCAdFJyjj/Gq03KnsggknjrzFsI3vJqwrNRLpV
m1QyocRLZ2zeYCq0UhiFA3hJE2VV2tqMROFke0abZia1V81g/+7a5RlvB8elFzwP
UfCc++gNAoGBAP6mSi0zGSk6NlKi2p0Gd+BvlHf5axn/I7Ive5IjuIcJOrQgj0kd
Oku1qdMyGoL/T14AlHzyX2qNhyEPoAfxwiEtEGeR6JwK6zR1B+rnz37KkmkZYlyT
DP9uqVkmbQKb07qqnviVHQhxmdYpf6wHtGGkR7H9ZzUP7t3RQfMXGzbXAoGBAOSB
ZEda8GOA+tjhkhOCdzQqOsYL/0smn20mo5jv2LKXFl51Bo/RdhXRhgRYDOW4IiwA
sFaWoF8iDZaKnNwGftX4T0xEDz83ConZodSc0/itpVVKm3LoVxTx2HRxX02Ku8Gs
h8NutEo3clnbazvapiJRoElbkGQy3/IG01+wL4sPAoGBALSJMmePJZR8B81YVgMj
ddOxZ6ITO2JH54fJcCMwnf9mhK71soAUb6MDXS41BGTBGwS7Bor6zrjdM+M1j7By
Lr6Uk1/KKw6OEyiym/VneU0b0uceLwUQ4BMr4nYo7vn9fgOGOYRlOxskZvtVmoVd
RP5AmO/Qht4wuJmcZNQyGoIrAoGAUMoarUvOwC+DARlHr1QqVywzGYB2Y5ilN084
+kKaqBHZG85eYozZJj+tFW4YKUQf+NTJg+O/kcMVcMtTSEuXnokraDiL93q7ZB+p
IuXL4Bls4in9qfPRjhsvv4OyAVVyqrgYTBWg8riF2pVEZaYZpPqdJDKWa4a9PPIC
28sMFCsCgYEAnm3aHYdtBwNHpWqxcGAjSwLGv9ldVK7ycYAQHqc9YrEvrYg8GtqS
l4iUUSybeiDWzAqk2L4JJ39uZ6dV1GiD4YXXwN0pVFJpiTkx//inE8V6X38QsQ1l
/3G9Cbosw2ngF0aEci6fdMwerhN9uoz9Ii0VP9+SN+NJMIi1nzks8Jc=
-----END RSA PRIVATE KEY-----
[email protected] AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgur45iJWgLfCgpzKjIFNa4dcu5XBFON3L5r0hgwTkCmQAAAADAQABAAABAQC7PgqT7Z8ZkitFcl8U38LVdnUrb34PcIYo06hjgKU5QLbnOI+VOuVV/9uKKPaMEl80/uGBAMJsDkp1JEzyaiSKLFzukH9fAaC+f2i6yD/+CT+T1zrAwjI1qj0AfEQs1AS0mc+AsxwgGIpY59b1L3tDODPfF6xGfTMapnOeb4O+GA4QIYzT+qfu1YvPuxJY62OoP+RXO1s9tSfIKcGNRxo4s5enfwD/I6WHKVCAXFY3LnMc1TBHWPKJWarrN+vxJaW2OMzY/pNgLl5kuKeBQWrD8poCHdjmcoOHjR4+GjVXpe4PB5msRDa8oEkEFYfD6Mg6W6V23ZoB0aAyi3vsD+nvAAAAAAAAAAAAAAABAAAAJm1pZ3VlbC5hbmdlbC5jaGF2ZXoubWFydGluZXpAZ21haWwuY29tAAAAIwAAAARyb290AAAAFy10ZWxlcG9ydC1pbnRlcm5hbC1qb2luAAAAAGXrGeoAAAAAZeumxgAAAAAAAAI6AAAACGxvZ2luLWlwAAAAEAAAAAwyMDAuNjIuNzguNDUAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAAEnByaXZhdGUta2V5LXBvbGljeQAAAAgAAAAEbm9uZQAAAA50ZWxlcG9ydC1yb2xlcwAAADoAAAA2eyJ2ZXJzaW9uIjoidjEiLCJyb2xlcyI6WyJhY2Nlc3MiLCJlZGl0b3IiLCJhdWRpdG9yIl19AAAAGXRlbGVwb3J0LXJvdXRlLXRvLWNsdXN0ZXIAAAAgAAAAHGQzdi1jb25kdWN0b3JvbmUudGVsZXBvcnQuc2gAAAAPdGVsZXBvcnQtdHJhaXRzAAABAQAAAP17ImF3c19yb2xlX2FybnMiOm51bGwsImF6dXJlX2lkZW50aXRpZXMiOm51bGwsImRiX25hbWVzIjpudWxsLCJkYl9yb2xlcyI6bnVsbCwiZGJfdXNlcnMiOm51bGwsImdjcF9zZXJ2aWNlX2FjY291bnRzIjpudWxsLCJob3N0X3VzZXJfZ2lkIjpbIiJdLCJob3N0X3VzZXJfdWlkIjpbIiJdLCJrdWJlcm5ldGVzX2dyb3VwcyI6bnVsbCwia3ViZXJuZXRlc191c2VycyI6bnVsbCwibG9naW5zIjpbInJvb3QiXSwid2luZG93c19sb2dpbnMiOm51bGx9AAAAAAAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBANMJ0Pb3s2zxj68Q1LqUz8crLQ3A+HIa42oRxvl3YIzlQXwLzQrkyt1ixBHv4ong6WMgjmslwfVIvaMZgFOVppqaI1bMQnuxSs2RthAMufsaX/5XTUAI92dkVRfXrzTTxIPzn4VmLmtVSUcdHYwWqI3kG4Iz4OFKB6fZbeHYu6zvgyj8ClfYQXtF+NK6a7qGz5K2JrJhu2TZaP67AbTWJiwh36VJwSODQv8T/pRPKlIyXCKz1v27PhO4SObnULjpkSVorpRL7EFW5zxDQ5VxVyE36YeZMXsTJbE+y8POk1/RsEpnHcr5ioTlL9VURTfn6ys1wmufwJX5B4zk1Ip7BEcAAAEUAAAADHJzYS1zaGEyLTUxMgAAAQA7m3ZdHryhr3UPbJkdWsy21/C1Zch6WItARQOehYHk2QULmcCtxTHVTIU6EnF+5kEnWvh5hfv9/kJzkSIV7QIrYTxe4QgWxJdtiLuT0LgMCYVfHEivxHFiDxDH/Ak+SJ6/sFiqSgbXmgVo7deN2tlB7Vz3X/1cAGpV0A2Pz0DWPW2u6TlkBQ2RvaxrHtXuxTsddGwKuEwGvnJymvikXpWg9JtUNDrNH9/vIi8mXuI1aPewpaO6h6xITpHekEIJYimV5XCJax5gh4wM7Tdw2ZhY7vUGtd1zbSzH8ocBRiNX07jElnXtGuN37bTAF5Ah01SN98lBQ+7nWfTI2Z1d5DJf
[email protected] AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgEodPb97ghMxxp3dQIBZqfYmsYVfvTWKnOd6gNUxmTWUAAAADAQABAAABAQDjTM+bkdb32Kh9l52xN2OJH02tD3JblV8WSSnQ6NavKkiBMhCLFz8EyTzYQoFrNbYdpb9vK4/H1GayzUfKySjfUn9gF2nyF9dJBGxO9/Gr4Z94MSztVHpoN2axSo953kAKov/e27aE80UtlqL2ne9M0bp/B+DP8HtAS2RXPQr3Q+LVh19BUzVkzuWdKqDF8fH4s8/qKGMmJ0OCJzYH24GKREGdQN0D2rfrF5ixkF65KlN1vL6S3/B0BRH7INm1/d2U5G0JGX9yXHqCqeh/vA4O9b2NOEIzB/tB1/0LLrfZxu7iSlvWbNpHBPgvO8Et7QKHPFB38BEVNmHsXUYC1/OZAAAAAAAAAAAAAAABAAAAJm1pZ3VlbC5hbmdlbC5jaGF2ZXoubWFydGluZXpAZ21haWwuY29tAAAAIwAAAARyb290AAAAFy10ZWxlcG9ydC1pbnRlcm5hbC1qb2luAAAAAGXsewoAAAAAZezrxgAAAAAAAAI6AAAACGxvZ2luLWlwAAAAEAAAAAwyMDAuNjIuNzguNDUAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAAEnByaXZhdGUta2V5LXBvbGljeQAAAAgAAAAEbm9uZQAAAA50ZWxlcG9ydC1yb2xlcwAAADoAAAA2eyJ2ZXJzaW9uIjoidjEiLCJyb2xlcyI6WyJhY2Nlc3MiLCJlZGl0b3IiLCJhdWRpdG9yIl19AAAAGXRlbGVwb3J0LXJvdXRlLXRvLWNsdXN0ZXIAAAAgAAAAHGQzdi1jb25kdWN0b3JvbmUudGVsZXBvcnQuc2gAAAAPdGVsZXBvcnQtdHJhaXRzAAABAQAAAP17ImF3c19yb2xlX2FybnMiOm51bGwsImF6dXJlX2lkZW50aXRpZXMiOm51bGwsImRiX25hbWVzIjpudWxsLCJkYl9yb2xlcyI6bnVsbCwiZGJfdXNlcnMiOm51bGwsImdjcF9zZXJ2aWNlX2FjY291bnRzIjpudWxsLCJob3N0X3VzZXJfZ2lkIjpbIiJdLCJob3N0X3VzZXJfdWlkIjpbIiJdLCJrdWJlcm5ldGVzX2dyb3VwcyI6bnVsbCwia3ViZXJuZXRlc191c2VycyI6bnVsbCwibG9naW5zIjpbInJvb3QiXSwid2luZG93c19sb2dpbnMiOm51bGx9AAAAAAAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBANMJ0Pb3s2zxj68Q1LqUz8crLQ3A+HIa42oRxvl3YIzlQXwLzQrkyt1ixBHv4ong6WMgjmslwfVIvaMZgFOVppqaI1bMQnuxSs2RthAMufsaX/5XTUAI92dkVRfXrzTTxIPzn4VmLmtVSUcdHYwWqI3kG4Iz4OFKB6fZbeHYu6zvgyj8ClfYQXtF+NK6a7qGz5K2JrJhu2TZaP67AbTWJiwh36VJwSODQv8T/pRPKlIyXCKz1v27PhO4SObnULjpkSVorpRL7EFW5zxDQ5VxVyE36YeZMXsTJbE+y8POk1/RsEpnHcr5ioTlL9VURTfn6ys1wmufwJX5B4zk1Ip7BEcAAAEUAAAADHJzYS1zaGEyLTUxMgAAAQDKMnImbiO6u+awbge4QisnLbrf++z2DEnrOeQKI6OexDMMrbImxA7/OPgoR2Cb+Wi2Gg2cpO95rE7wsl58VXtpma5uV5OwIKlvnPJgAM7qxH3huL5haQcfeFZR8p5WVQInYxu/8VX+UvwuxIifPORcPfgJAHeIvckI50A/dEGsADC6lLkn53SBEnMqmkjrytl9C7Qx0ZiGicECMmZaRrQsqjD0NqQ6dv6NpuiJjApTpXKLrwmvwi4U7zkz1/bRyn4ZhUjA/dr7dSCm99KnaDWPSVTnZ4wSxfhF6NvsllE8Afv/IvU1aNZwUFk+s1XMdROrNp+Yixbbr9TCQ0Q3KZi+
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIRALgQu+ILIsuPbieBOdQSiJYwDQYJKoZIhvcNAQELBQAw
MIIFgjCCBGqgAwIBAgIRAPjZ0LUNqd6SrTfD8vcW7zUwDQYJKoZIhvcNAQELBQAw
fjElMCMGA1UEChMcZDN2LWNvbmR1Y3Rvcm9uZS50ZWxlcG9ydC5zaDElMCMGA1UE
AxMcZDN2LWNvbmR1Y3Rvcm9uZS50ZWxlcG9ydC5zaDEuMCwGA1UEBRMlODUyOTcw
MjA1MjE3Mjk3NjE4MTg5NTU1ODg2MzI3NTQzMTg4MDAeFw0yNDAzMDgxNDAwMTBa
Fw0yNDAzMDkwMDAxMTBaMIICFzEtMAsGA1UEBxMEcm9vdDAeBgNVBAcTFy10ZWxl
MjA1MjE3Mjk3NjE4MTg5NTU1ODg2MzI3NTQzMTg4MDAeFw0yNDAzMDkxNTA2NTBa
Fw0yNDAzMDkyMzA3NTBaMIICFzEtMAsGA1UEBxMEcm9vdDAeBgNVBAcTFy10ZWxl
cG9ydC1pbnRlcm5hbC1qb2luMSUwIwYDVQQJExxkM3YtY29uZHVjdG9yb25lLnRl
bGVwb3J0LnNoMYIBCTCCAQUGA1UEEQyB/XsiYXdzX3JvbGVfYXJucyI6bnVsbCwi
YXp1cmVfaWRlbnRpdGllcyI6bnVsbCwiZGJfbmFtZXMiOm51bGwsImRiX3JvbGVz
Expand All @@ -43,20 +43,20 @@ BmFjY2VzczANBgNVBAoTBmVkaXRvcjAOBgNVBAoTB2F1ZGl0b3IxLzAtBgNVBAMM
Jm1pZ3VlbC5hbmdlbC5jaGF2ZXoubWFydGluZXpAZ21haWwuY29tMScwJQYFK84P
AQcTHGQzdi1jb25kdWN0b3JvbmUudGVsZXBvcnQuc2gxFzAVBgUrzg8BCRMMMjAw
LjYyLjc4LjQ1MQ8wDQYFK84PAQ8TBG5vbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7PgqT7Z8ZkitFcl8U38LVdnUrb34PcIYo06hjgKU5QLbnOI+V
OuVV/9uKKPaMEl80/uGBAMJsDkp1JEzyaiSKLFzukH9fAaC+f2i6yD/+CT+T1zrA
wjI1qj0AfEQs1AS0mc+AsxwgGIpY59b1L3tDODPfF6xGfTMapnOeb4O+GA4QIYzT
+qfu1YvPuxJY62OoP+RXO1s9tSfIKcGNRxo4s5enfwD/I6WHKVCAXFY3LnMc1TBH
WPKJWarrN+vxJaW2OMzY/pNgLl5kuKeBQWrD8poCHdjmcoOHjR4+GjVXpe4PB5ms
RDa8oEkEFYfD6Mg6W6V23ZoB0aAyi3vsD+nvAgMBAAGjYDBeMA4GA1UdDwEB/wQE
DwAwggEKAoIBAQDjTM+bkdb32Kh9l52xN2OJH02tD3JblV8WSSnQ6NavKkiBMhCL
Fz8EyTzYQoFrNbYdpb9vK4/H1GayzUfKySjfUn9gF2nyF9dJBGxO9/Gr4Z94MSzt
VHpoN2axSo953kAKov/e27aE80UtlqL2ne9M0bp/B+DP8HtAS2RXPQr3Q+LVh19B
UzVkzuWdKqDF8fH4s8/qKGMmJ0OCJzYH24GKREGdQN0D2rfrF5ixkF65KlN1vL6S
3/B0BRH7INm1/d2U5G0JGX9yXHqCqeh/vA4O9b2NOEIzB/tB1/0LLrfZxu7iSlvW
bNpHBPgvO8Et7QKHPFB38BEVNmHsXUYC1/OZAgMBAAGjYDBeMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
ADAfBgNVHSMEGDAWgBT2BjFHByeH1mZnLz5bnkle60UD/TANBgkqhkiG9w0BAQsF
AAOCAQEArz6rGzIqFvQ7F64oo20e+gW6vPUaj0m78WGNkH8qmYlM8gEL/kA/9dkb
ybWpBvFmrQbT8IlqFDC/S0uW/KyRfsQ0xtywOnqBCmowg4QYvR5kydtwyj+XEtI2
dVNMlg3uVYPnnWBW66xrURajEK+3QcvcFA4YK87s9awaX3Ox06UvTW7nIxi9oDiv
91GcdsStxWtw7DiOjvKg471OLXZ5gLUi7g6IBzsZksvi/YBaAdEb+jGQS0fcMfyY
6RuBzIgoEF0lsoUl5ppiJ0Hq50eGrphIjlXP9SQRT58cw1mvDLy+p3DLWTyByIED
70ro6sRa2UzUHBF6iUDrz0yc+CAJVg==
AAOCAQEAPPQ3k3IUMXwNELgzPwvodccwHRJn5w/Hkmrd6leyGfR6OS0tOBgv8afz
WZjBYMnoFlC17JvruIqwBV064L9oXK4QsYD0AL9/3Iqo2kRW+q09Bzt88wO5QgML
sHHoQHtMftxdCUKxyQu7Rycl/sKR6Z97qhVzDEfX991d2z/H/g1+HZYNJBw1qIBi
KIsbc1slJfrvSkf3dJfkkYTL/LMbFgzbQ/WLyPYUtYVQYYYESusuEIacqvIfjh8O
bVabFJdzAxOkWFpqwcCCNDy3dS3rNR+h8yctKl0NzGeJgTjsOjnH7xll1Mk9entJ
ywiYBcv3m0C7yTftrhg80J7mjP7mRg==
-----END CERTIFICATE-----
@cert-authority d3v-conductorone.teleport.sh,*.d3v-conductorone.teleport.sh ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKm1KKkBFUxooWznk3v4q1k4d9kar3rcj5ma5gATH4xgUSygugP63Lz50puLyGcsZPAbMhX5XChFmQYSTmwE+EJcIc8AHRrojJm8CoSSHga9L2sWZTjeW8vv6x0DUsbF8s72vve9NLfwacgJvK2BcZqdeAC2Mxi+uQWjCH9oYpKl+6zekRJ66hY5ixq6RD34s9ExrVUKkri3y6/8D4RSzyHvjtgrHY9TmVORPC7JZBpOPr7g39bUKYkj8K17mE5vX2od+xtdem63xetcx1hQKRL7uSyJxqE3tiPNHX4crGwGvAvqus7BR3W/g29ErN48fnoL6MvPNhzAeU/DXxl7gt type=host
-----BEGIN CERTIFICATE-----
Expand Down
20 changes: 20 additions & 0 deletions pkg/client/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,3 +58,23 @@ func (t *TeleportClient) GetRoles(ctx context.Context) ([]types.Role, error) {

return roles, nil
}

// GetUser gets an user.
func (t *TeleportClient) GetUser(ctx context.Context, username string) (types.User, error) {
user, err := t.client.GetUser(ctx, username, false)
if err != nil {
return nil, err
}

return user, nil
}

// UpdateUserRole updates an user.
func (t *TeleportClient) UpdateUserRole(ctx context.Context, user types.User) (types.User, error) {
updatedUser, err := t.client.UpdateUser(ctx, user.(*types.UserV2))
if err != nil {
return nil, err
}

return updatedUser, nil
}
0 pkg/connector/helper.go → pkg/connector/helpers.go
View file
File renamed without changes.
107 changes: 96 additions & 11 deletions pkg/connector/role.go → pkg/connector/roles.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ import (
v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
"github.com/conductorone/baton-sdk/pkg/annotations"
"github.com/conductorone/baton-sdk/pkg/pagination"
"github.com/gravitational/teleport/api/types"
"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
"go.uber.org/zap"

ent "github.com/conductorone/baton-sdk/pkg/types/entitlement"
"github.com/conductorone/baton-sdk/pkg/types/grant"
Expand Down Expand Up @@ -60,18 +63,15 @@ func getRoleResource(role *Role) (*v2.Resource, error) {
// Roles include a RoleTrait because they are the 'shape' of a standard group.
func (r *roleBuilder) List(ctx context.Context, parentId *v2.ResourceId, token *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {
var rv []*v2.Resource
roles, err := r.client.GetRoles(ctx)
if err != nil {
return nil, "", nil, err
}

if len(mapRoles) == 0 {
roles, err := r.client.GetRoles(ctx)
if err != nil {
return nil, "", nil, err
}

for _, role := range roles {
mapRoles[role.GetName()] = Role{
Name: role.GetName(),
Id: role.GetName(),
}
for _, role := range roles {
mapRoles[role.GetName()] = Role{
Name: role.GetName(),
Id: role.GetName(),
}
}

Expand Down Expand Up @@ -135,10 +135,95 @@ func (r *roleBuilder) Grants(ctx context.Context, resource *v2.Resource, token *
}

func (r *roleBuilder) Grant(ctx context.Context, principal *v2.Resource, entitlement *v2.Entitlement) (annotations.Annotations, error) {
l := ctxzap.Extract(ctx)
userName := principal.Id.Resource
roleName := entitlement.Resource.Id.Resource

if principal.Id.ResourceType != userResourceType.Id {
l.Warn(
"baton-teleport: only users can be granted role membership",
zap.String("principal_type", principal.Id.ResourceType),
zap.String("principal_id", principal.Id.Resource),
)
return nil, fmt.Errorf("baton-teleport: only users can be granted role membership")
}

// Create an MFA required role for "prod" nodes.
prodRole, err := types.NewRole(roleName, types.RoleSpecV6{
Options: types.RoleOptions{
RequireMFAType: types.RequireMFAType_SESSION,
},
Allow: types.RoleConditions{
Logins: []string{userName},
NodeLabels: types.Labels{},
},
})
if err != nil {
return nil, err
}

user, err := r.client.GetUser(ctx, userName)
if err != nil {
return nil, err
}

user.SetLogins(append(user.GetLogins(), userName))
user.AddRole(prodRole.GetName())
updatedUser, err := r.client.UpdateUserRole(ctx, user)
if err != nil {
return nil, fmt.Errorf("teleport-connector: failed to add role: %s", err.Error())
}

l.Warn("Role Membership has been created.",
zap.String("Name", updatedUser.GetName()),
zap.String("Namespace", updatedUser.GetMetadata().Namespace),
zap.Time("CreatedAt", updatedUser.GetCreatedBy().Time),
)

return nil, nil
}

func (r *roleBuilder) Revoke(ctx context.Context, grant *v2.Grant) (annotations.Annotations, error) {
l := ctxzap.Extract(ctx)
var roleList []string
entitlement := grant.Entitlement
principal := grant.Principal

if principal.Id.ResourceType != userResourceType.Id {
l.Warn(
"baton-teleport: only users can have role membership revoked",
zap.String("principal_type", principal.Id.ResourceType),
zap.String("principal_id", principal.Id.Resource),
)
return nil, fmt.Errorf("teleport-connector: only users can have role membership revoked")
}

roleName := entitlement.Resource.Id.Resource
userName := principal.Id.Resource
user, err := r.client.GetUser(ctx, userName)
if err != nil {
return nil, err
}

user.SetLogins(append(user.GetLogins(), userName))
for _, role := range user.GetRoles() {
if role != roleName {
roleList = append(roleList, role)
}
}

user.SetRoles(roleList)
updatedUser, err := r.client.UpdateUserRole(ctx, user)
if err != nil {
return nil, fmt.Errorf("teleport-connector: failed to revoke role: %s", err.Error())
}

l.Warn("Role Membership has been revoked.",
zap.String("Name", updatedUser.GetName()),
zap.String("Namespace", updatedUser.GetMetadata().Namespace),
zap.Time("CreatedAt", updatedUser.GetCreatedBy().Time),
)

return nil, nil
}

Expand Down

0 comments on commit 9a0bcde

Please sign in to comment.