config

package

v0.1.0-alpha.8 Latest Latest Go to latest Published: Mar 28, 2016 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dogeerf/teleport

Documentation ¶

Index ¶

type Auth
type Authority
- func (a *Authority) Parse() (*services.CertAuthority, error)
type CommandLabel
type ConnectionLimits
type ConnectionRate
type FileConfig
- func MakeAuthPeerFileConfig(domainName string, token string) (fc *FileConfig)
- func MakeSampleFileConfig() (fc *FileConfig)
- func ReadConfig(reader io.Reader) (*FileConfig, error)
- func ReadFromFile(filePath string) (*FileConfig, error)
- func ReadFromString(configString string) (*FileConfig, error)
- func (conf *FileConfig) DebugDumpToYAML() string
type Global
type KeyPair
- func (k *KeyPair) Identity() (*auth.Identity, error)
type Log
type Proxy
type ReverseTunnel
- func (t *ReverseTunnel) Tunnel() (*services.ReverseTunnel, error)
type SSH
type Secrets
type Service
- func (s *Service) Configured() bool
- func (s *Service) Disabled() bool
- func (s *Service) Enabled() bool
type StorageBackend
type YAMLMap

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Auth ¶

type Auth struct {
	Service `yaml:",inline"`
	// DomainName is the name of the certificate authority
	// managed by this domain
	DomainName string `yaml:"domain_name,omitempty"`
}

Auth is 'auth_service' section of the config file

type Authority ¶

type Authority struct {
	// Type is either user or host certificate authority
	Type services.CertAuthType `yaml:"type"`
	// DomainName identifies domain name this authority serves,
	// for host authorities that means base hostname of all servers,
	// for user authorities that means organization name
	DomainName string `yaml:"domain_name"`
	// Checkers is a list of SSH public keys that can be used to check
	// certificate signatures in OpenSSH authorized keys format
	CheckingKeys []string `yaml:"checking_keys"`
	// CheckingKeyFiles is a list of files
	CheckingKeyFiles []string `yaml:"checking_key_files"`
	// SigningKeys is a list of PEM-encoded private keys used for signing
	SigningKeys []string `yaml:"signing_keys"`
	// SigningKeyFiles is a list of paths to PEM encoded private keys used for signing
	SigningKeyFiles []string `yaml:"signing_key_files"`
	// AllowedLogins is a list of allowed logins for users within
	// this certificate authority
	AllowedLogins []string `yaml:"allowed_logins"`
}

Authority is a host or user certificate authority that can check and if it has private key stored as well, sign it too

func (*Authority) Parse ¶

func (a *Authority) Parse() (*services.CertAuthority, error)

Parse reads values and returns parsed CertAuthority

type CommandLabel ¶

type CommandLabel struct {
	Name    string        `yaml:"name"`
	Command []string      `yaml:"command,flow"`
	Period  time.Duration `yaml:"period"`
}

CommandLabel is `command` section of `ssh_service` in the config file

type ConnectionLimits ¶

type ConnectionLimits struct {
	MaxConnections int64            `yaml:"max_connections"`
	MaxUsers       int              `yaml:"max_users"`
	Rates          []ConnectionRate `yaml:"rates,omitempty"`
}

ConnectionLimits sets up connection limiter

type ConnectionRate ¶

type ConnectionRate struct {
	Period  time.Duration `yaml:"period"`
	Average int64         `yaml:"average"`
	Burst   int64         `yaml:"burst"`
}

ConnectionRate configures rate limiter

type FileConfig ¶

type FileConfig struct {
	Global         `yaml:"teleport,omitempty"`
	Auth           Auth            `yaml:"auth_service,omitempty"`
	SSH            SSH             `yaml:"ssh_service,omitempty"`
	Proxy          Proxy           `yaml:"proxy_service,omitempty"`
	Secrets        Secrets         `yaml:"secrets,omitempty"`
	ReverseTunnels []ReverseTunnel `yaml:"rts,omitempty"`
}

FileConfig structre represents the teleport configuration stored in a config file in YAML format (usually /etc/teleport.yaml)

Use config.ReadFromFile() to read the parsed FileConfig from a YAML file.

func MakeAuthPeerFileConfig ¶

func MakeAuthPeerFileConfig(domainName string, token string) (fc *FileConfig)

MakeAuthPeerFileConfig returns a sample configuration for auth server peer that shares etcd backend

func MakeSampleFileConfig ¶

func MakeSampleFileConfig() (fc *FileConfig)

MakeSampleFileConfig returns a sample config structure populated by defaults, useful to generate sample configuration files

func ReadConfig ¶

func ReadConfig(reader io.Reader) (*FileConfig, error)

ReadConfig reads Teleport configuration from reader in YAML format

func ReadFromFile ¶

func ReadFromFile(filePath string) (*FileConfig, error)

ReadFromFile reads Teleport configuration from a file. Currently only YAML format is supported

func ReadFromString ¶

func ReadFromString(configString string) (*FileConfig, error)

ReadFromString reads values from base64 encoded byte string

func (*FileConfig) DebugDumpToYAML ¶

func (conf *FileConfig) DebugDumpToYAML() string

DebugDumpToYAML allows for quick YAML dumping of the config

type Global ¶

type Global struct {
	NodeName    string           `yaml:"nodename,omitempty"`
	AuthToken   string           `yaml:"auth_token,omitempty"`
	AuthServers []string         `yaml:"auth_servers,omitempty"`
	Limits      ConnectionLimits `yaml:"connection_limits,omitempty"`
	Logger      Log              `yaml:"log,omitempty"`
	Storage     StorageBackend   `yaml:"storage,omitempty"`
	AdvertiseIP net.IP           `yaml:"advertise_ip,omitempty"`
}

Global is 'teleport' (global) section of the config file

type KeyPair ¶

type KeyPair struct {
	// PrivateKeyFile is a path to file with private key
	PrivateKeyFile string `yaml:"private_key_file"`
	// CertFile is a path to file with OpenSSH certificate
	CertFile string `yaml:"cert_file"`
	// PrivateKey is PEM encoded OpenSSH private key
	PrivateKey string `yaml:"private_key"`
	// Cert is certificate in OpenSSH authorized keys format
	Cert string `yaml:"cert"`
}

KeyPair is a pair of private key and certificates

func (*KeyPair) Identity ¶

func (k *KeyPair) Identity() (*auth.Identity, error)

Identity parses keypair into auth server identity

type Log ¶

type Log struct {
	Output   string `yaml:"output,omitempty"`
	Severity string `yaml:"severity,omitempty"`
}

Log configures teleport logging

type Proxy ¶

type Proxy struct {
	Service  `yaml:",inline"`
	WebAddr  string `yaml:"web_listen_addr,omitempty"`
	KeyFile  string `yaml:"https_key_file,omitempty"`
	CertFile string `yaml:"https_cert_file,omitempty"`
}

Proxy is `proxy_service` section of the config file:

type ReverseTunnel ¶

type ReverseTunnel struct {
	DomainName string   `yaml:"domain_name"`
	Addresses  []string `yaml:"addresses"`
}

ReverseTunnel is a SSH reverse tunnel mantained by one cluster's proxy to remote Teleport proxy

func (*ReverseTunnel) Tunnel ¶

func (t *ReverseTunnel) Tunnel() (*services.ReverseTunnel, error)

Tunnel returns validated services.ReverseTunnel or nil and error otherwize

type SSH ¶

type SSH struct {
	Service  `yaml:",inline"`
	Labels   map[string]string `yaml:"labels,omitempty"`
	Commands []CommandLabel    `yaml:"commands,omitempty"`
}

SSH is 'ssh_service' section of the config file

type Secrets ¶

type Secrets struct {
	// Authorities is a list of authorities that auth server will add
	// to the backend on the first start
	Authorities []Authority `yaml:"authorities,omitempty"`
	// Keys is the list of keys set for this server
	Keys []KeyPair `yaml:"keys,omitempty"`
}

Secrets hold additional initialization secrets passed to the process

type Service ¶

type Service struct {
	EnabledFlag   string `yaml:"enabled,omitempty"`
	ListenAddress string `yaml:"listen_addr,omitempty"`
}

Service is a common configuration of a teleport service

func (*Service) Configured ¶

func (s *Service) Configured() bool

Configured determines if a given "_service" section has been specified

func (*Service) Disabled ¶

func (s *Service) Disabled() bool

Disabled returns 'true' if the service has been deliverately turned off

func (*Service) Enabled ¶

func (s *Service) Enabled() bool

Enabled determines if a given "_service" section has been set to 'true'

type StorageBackend ¶

type StorageBackend struct {
	// Type can be "bolt" or "etcd"
	Type string `yaml:"type,omitempty"`
	// DirName is valid only for bolt
	DirName string `yaml:"data_dir,omitempty"`
	// Peers is a lsit of etcd peers,  valid only for etcd
	Peers []string `yaml:"peers,omitempty"`
	// Prefix is etcd key prefix, valid only for etcd
	Prefix string `yaml:"prefix,omitempty"`
	// TLSCertFile is a tls client cert file, used for etcd
	TLSCertFile string `yaml:"tls_cert_file,omitempty"`
	// TLSKeyFile is a file with TLS private key for client auth
	TLSKeyFile string `yaml:"tls_key_file,omitempty"`
	// TLSCAFile is a tls client trusted CA file, used for etcd
	TLSCAFile string `yaml:"tls_ca_file,omitempty"`
}

StorageBackend is used for 'storage' config section. stores values for 'boltdb' and 'etcd'

type YAMLMap ¶

type YAMLMap map[interface{}]interface{}

Source Files ¶

View all Source files

fileconf.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL