Brokers

The broker is deployable at the user end in a remote environment. It is a deployable package and also consists of a configuration file. This configuration file lists the resources and permissions a broker can manage. One broker can manage multiple resources or one broker can exclusively manage only one resource. These details are specified in a configuration file. Every broker gets bootstraped after every 24 hours. 

Users can use Britive to upload files/scripts and pass this during checkout or check-in of a profile.  Another option is to keep the scripts locally in a remote environment and then pass the permission name and identify the file on the user side. In this case, all permissions are managed by the user in their environment.

1. Login to Britive.
2. Click on Admin->Brokers and Broker Pools->Brokers.
3. Click on the Download Brokers button.
4. Expand the package type to view available installer(s).
   • deb
   • jar
   • msi
   • tar
   • zip
5. Click on the required installer to download the package. 
6. Configure the broker using a YAML file. Here is a configuration file template:
   Configuration File Template Configuration File Template 

   # Uncomment and modify as needed
   config:
   #  cache_path: ${britive.broker.action.command.cache} # default to ./cache if not provided
     bootstrap:
   #    execution_environment: /bin/sh -c "sudo -E <BRITIVE_BOOTSTRAP_SCRIPT>" # optional
   #    scripts_path: ${britive.broker.scripts.path}  # default to ./bootstrap if not provided
       tenant_subdomain: _tenant_
         #    authentication_token_generator: ${britive.broker.authentication.token.script}  # optional
       authentication_token: _pooltoken_
       broker_name_generator: broker-name-generator.sh
   #    resources_generator: ${britive.broker.resources.script}
   #  http_proxy:  # optional, if not specified do not use http proxy for connecting
       #    host: localhost      # required
         #    port: 8080           # required
   #    username: userA      # optional: if this or password not specified authorization type is None
   #    password: passwordA  # optional: if this or username not specified authorization type is None
   #    connection_type: [Legacy | Forwarding | Tunneling]   # optional defaults to Tunneling if not specified
   
   # The resource types supported by this broker
   resource_types:
     ssh:
       new_key:
         max_supported_version: local
         execution_environment: /bin/sh -c "sudo -E <BRITIVE_PERMISSION_SCRIPT>"
         checkout_script: /opt/britive-agent/scripts/ssh-access-key-checkout.sh
         checkin_script: /opt/britive-agent/scripts/ssh-access-key-checkin.sh
     file_upload_type:
       file_upload_permission:
         max_supported_version: any
     inline-resource-type:
       inline-resource-permission:
         max_supported_version: any
         execution_environment: python3 <BRITIVE_PERMISSION_SCRIPT>
         file_extension: py

   
   

Here is a step by step description of each configurable parameter:

• config: Configurable properties of a broker file.
  • cache_path: The directory/folder to save permission action scripts downloaded from the Britive platform when max_supported_version of the resource_types is any or <version#>. The default is <Broker install directory>/cache
  • bootstrap:
    • execution_environment: Full command to execute the locally defined bootstrap scripts defined by configuration properties authentication_token_generator, broker_name_generator, resources_generator by the broker.
    • scripts_path: The directory/folder containing the bootstrap scripts. The defaults path is <broker install directory>./bootstrap.
    • authentication_token: The authentication token used to authenticate to the broker bootstrap endpoint for a specific agent pool.
    • authentication_token_generator: The bootstrap script to execute to dynamically generate/get the authentication token to authenticate to the broker bootstrap endpoint for a specific agent pool.
    • broker_name_generator: The bootstrap script to execute to dynamically generate/get the broker name to register when calling the broker bootstrap endpoint to register the broker.
    • resources_generator: The bootstrap script to execute to dynamically generate/get the resources the broker will support when registering the agent via the broker bootstrap endpoint.
  • http_proxy: (Optional) Proxy server to use for connecting to the Britive platform.
    • host: Hostname of the proxy server 
    • port: Port of the proxy server.
    • username: Username to authenticate to the proxy server.
    • password: Password to authenticate to the proxy server.
    • connnection_type: Can be one of Legacy, Forwarding, or Tunneling. The default is Tunneling.
• resource_types:
  • <resource_type>: Name of the resource type. For example, sshis the name of resource type in sample file.
    • <permission_name>: The resource type permission to provide JIT access. For example, new_keyis the permission name.
      • execution_environment:
      • max_supported_version: The maximum supported version of the permission script. Use one of the following versions: 
        • local: Use scripts specified in checkout_script and checkin_script.
        • any: Download and use any version specified the resource permission request.
        • <version#>: Only download and use version specified in the resource permission request if it is equal or less than the max_supported_version.
      • checkout_script: Full path to the local script to execute to check out access to the resource permission. Only valid if max_supported_version is configured for local version.
      • checkin_script: Full path to the local script to execute to check in access to the resource permission. Only valid if max_supported_version is configured for local version.
      • file_extension: The filename extension to use when saving the resource permission scripts downloaded from the Britive platform to a file if max_supported_version is configured for any or a <version #>.  The file is stored in the directory/folder config.cache_path.

The broker list on Britive is updated after users download and install the broker package on their systems.