func configureProxy(logger lager.Logger) (*ssh.ServerConfig, error) { if *bbsAddress == "" { err := errors.New("bbsAddress is required") logger.Fatal("bbs-address-required", err) } url, err := url.Parse(*bbsAddress) if err != nil { logger.Fatal("failed-to-parse-bbs-address", err) } bbsClient := initializeBBSClient(logger) permissionsBuilder := authenticators.NewPermissionsBuiler(bbsClient) authens := []authenticators.PasswordAuthenticator{} if *enableDiegoAuth { diegoAuthenticator := authenticators.NewDiegoProxyAuthenticator(logger, []byte(*diegoCredentials), permissionsBuilder) authens = append(authens, diegoAuthenticator) } if *enableCFAuth { if *ccAPIURL == "" { return nil, errors.New("ccAPIURL is required for Cloud Foundry authentication") } _, err = url.Parse(*ccAPIURL) if *ccAPIURL != "" && err != nil { return nil, err } if *uaaPassword == "" { return nil, errors.New("UAA password is required for Cloud Foundry authentication") } if *uaaUsername == "" { return nil, errors.New("UAA username is required for Cloud Foundry authentication") } if *uaaTokenURL == "" { return nil, errors.New("uaaTokenURL is required for Cloud Foundry authentication") } _, err = url.Parse(*uaaTokenURL) if *uaaTokenURL != "" && err != nil { return nil, err } client := NewHttpClient() cfAuthenticator := authenticators.NewCFAuthenticator( logger, client, *ccAPIURL, *uaaTokenURL, *uaaUsername, *uaaPassword, permissionsBuilder, ) authens = append(authens, cfAuthenticator) } authenticator := authenticators.NewCompositeAuthenticator(authens...) sshConfig := &ssh.ServerConfig{ PasswordCallback: authenticator.Authenticate, AuthLogCallback: func(cmd ssh.ConnMetadata, method string, err error) { logger.Error("authentication-failed", err, lager.Data{"user": cmd.User()}) }, } if *hostKey == "" { err := errors.New("hostKey is required") logger.Fatal("host-key-required", err) } key, err := parsePrivateKey(logger, *hostKey) if err != nil { logger.Fatal("failed-to-parse-host-key", err) } sshConfig.AddHostKey(key) return sshConfig, err }
} actualLRPGroup = &models.ActualLRPGroup{ Instance: &models.ActualLRP{ ActualLRPKey: models.NewActualLRPKey("some-guid", 1, "some-domain"), ActualLRPInstanceKey: models.NewActualLRPInstanceKey("some-instance-guid", "some-cell-id"), ActualLRPNetInfo: models.NewActualLRPNetInfo("1.2.3.4", models.NewPortMapping(3333, 1111)), }, } bbsClient = new(fake_bbs.FakeClient) bbsClient.ActualLRPGroupByProcessGuidAndIndexReturns(actualLRPGroup, nil) bbsClient.DesiredLRPByProcessGuidReturns(desiredLRP, nil) credentials = []byte("some-user:some-password") permissionsBuilder = authenticators.NewPermissionsBuiler(bbsClient) remoteAddr, err := net.ResolveIPAddr("ip", "1.1.1.1") Expect(err).NotTo(HaveOccurred()) metadata = &fake_ssh.FakeConnMetadata{} metadata.RemoteAddrReturns(remoteAddr) processGuid = "some-guid" index = 1 }) JustBeforeEach(func() { permissions, buildErr = permissionsBuilder.Build(processGuid, index, metadata) }) It("gets information about the desired lrp referenced in the username", func() {