users

package
v0.0.0-...-3bfe646 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 28, 2023 License: Apache-2.0 Imports: 25 Imported by: 14

Documentation

Index

Constants

View Source 
const (
	// UserIdentifier represents user registered identifier in the rules
	UserIdentifier = "user"
	// ResourceIdentifier represents resource registered identifier in the rules
	ResourceIdentifier = "resource"
)
View Source 
const (
	// ActionRead defines the action verb for read permission
	ActionRead = "read"
	// ActionCreate defines the action verb for create permission
	ActionCreate = "create"
	// ActionUpdate defines the action verb for update permission
	ActionUpdate = "update"
	// ActionDelete defines the action verb for delete permission
	ActionDelete = "delete"
)

Variables

This section is empty.

Functions

func CreateOpsCenterAgent 

func CreateOpsCenterAgent(opsCenter, clusterName string, users Users) (storage.User, *storage.APIKey, error)

CreateOpsCenterAgent creates a new agent user/API key pair. The user will be used to represent the cluster specified with clusterName on the Ops Center opsCenter once it has connected to it

func CryptoRandomToken 

func CryptoRandomToken(length int) (string, error)

CryptoRandomToken generates crypto-strong pseudo random token

func ExtractKubeGroups 

func ExtractKubeGroups(action string) ([]string, error)

ExtractKubeGroups returns a list of Kubernetes groups extracted from the provided assignKubernetesGroups action string

func FindAllConnectors 

func FindAllConnectors(identity Identity) (resources []teleservices.Resource, err error)

FindAllConnectors returns all existing auth connectors

func FindConnector 

func FindConnector(identity Identity, name string) (teleservices.Resource, error)

FindConnector searches for a connector of any supported kind with the provided name

func FindPreferredConnector 

func FindPreferredConnector(identity Identity) (teleservices.Resource, error)

FindPreferredConnector returns a preferred auth connector to use

If cluster authentication preference specifies one, it is returned. If only 1 connector is registered, it is returned. Otherwise, an error is returned.

func GetAdminKubernetesGroups 

func GetAdminKubernetesGroups() []string

GetAdminKubernetesGroups returns list of K8s groups with admin privileges this function should go away once UI will be able to set this instead of hardcoding it

func GetBuiltinRoles 

func GetBuiltinRoles() ([]teleservices.Role, error)

GetBuiltinRoles returns some system roles available by default

func GetOpsCenterAgent 

func GetOpsCenterAgent(opsCenter, clusterName string, backend storage.Backend) (storage.User, *storage.APIKey, error)

GetOpsCenterAgent returns agent user authenticated to the OpsCenter

func GetSiteAgent 

func GetSiteAgent(siteName string, backend storage.Backend) (*storage.APIKey, error)

GetSiteAgent returns API key for a registered site agent user

func NewAccessPoint 

func NewAccessPoint(identity Identity) auth.AccessPoint

NewAccessPoint returns Teleport's access point (which provides methods specific to certificate authority) from the provided identity service.

func NewActionsParser 

func NewActionsParser(ctx teleservices.RuleContext) (predicate.Parser, error)

NewActionsParser returns standard parser for 'actions' section in access rules

func NewAdminRole 

func NewAdminRole() (teleservices.Role, error)

NewAdminRole returns new admin type role

func NewAssignKubernetesGroupsActionFn 

func NewAssignKubernetesGroupsActionFn(ctx teleservices.RuleContext) interface{}

NewAssignKubernetesGroupsActionFn creates assgin functions

func NewClusterAgentRole 

func NewClusterAgentRole(name string, clusterName string) (teleservices.Role, error)

NewClusterAgentRole returns new agent role used to run update and install operations on the cluster

func NewGatekeeperRole 

func NewGatekeeperRole() (teleservices.Role, error)

NewGatekeeperRole returns new gatekeeper role

func NewInstallTokenRole 

func NewInstallTokenRole(name string, clusterName, repoName string) (teleservices.Role, error)

NewInstallTokenRole is granted after the cluster has been created and it allows modifications to one particular cluster

func NewObjectStorageRole 

func NewObjectStorageRole(name string) (teleservices.Role, error)

NewObjectStorageRole specifies role for the object storage

func NewOneTimeLinkRole 

func NewOneTimeLinkRole() (teleservices.Role, error)

NewOneTimeLinkRole returns a one-time install token role

func NewOneTimeLinkRoleForApp 

func NewOneTimeLinkRoleForApp(loc loc.Locator) (teleservices.Role, error)

NewOneTimeLinkRoleForApp returns a role that allows a one-time link user to log into Ops Center to install the specified application

func NewReaderRole 

func NewReaderRole() (teleservices.Role, error)

NewReaderRole returns new role that gives access to published applications

func NewSystemRole 

func NewSystemRole(name string, spec teleservices.RoleSpecV3) (teleservices.Role, error)

NewSystemRole creates a role with system label

func NewUpdateAgentRole 

func NewUpdateAgentRole(name string) (teleservices.Role, error)

NewUpdateAgentRole returns new agent role used for polling updates

Types

type Account 

type Account storage.Account

Account is a collection of sites and represents some company

func (*Account) Check 

func (a *Account) Check() error

Check checks if given account has correct fields

type Accounts 

type Accounts interface {
	// GetAccount returns account by id
	GetAccount(accountID string) (*Account, error)

	// GetAccounts returns a list of accounts registered in the system
	GetAccounts() ([]Account, error)

	// CreateAccount creates a new account from scratch
	CreateAccount(Account) (*Account, error)

	// CreateInviteToken invites a user
	CreateInviteToken(advertiseURL string, invite storage.UserInvite) (*storage.UserToken, error)

	// GetUserInvites returns a list of active user invites for this account
	GetUserInvites(accountID string) ([]storage.UserInvite, error)

	// DeleteUserInvite deletes user invite
	DeleteUserInvite(accountID, id string) error

	// CreateUser adds user to existing account and sets up 2FA authentication for the user
	// after successful operation it generates web session for the newly created user
	CreateUserWithToken(req UserTokenCompleteRequest) (teleservices.WebSession, error)

	// CreateResetToken resets password and generates token that will allow to create
	// a user for existing account using special secret token (once user confirms email address via OIDC protocol)
	CreateResetToken(advertiseURL string, email string, ttl time.Duration) (*storage.UserToken, error)

	// ResetUserWithToken sets user password and hotp value based on password recovery token
	// and logs in user after that in case of successful operation
	ResetUserWithToken(req UserTokenCompleteRequest) (teleservices.WebSession, error)

	// UpdatePassword sets user password based on old password
	UpdatePassword(email string, oldPassword, newPassword Password) error

	// ResetPassword resets the user password and returns the new one
	ResetPassword(email string) (string, error)

	// GetUserToken returns a token
	GetUserToken(token string) (*storage.UserToken, error)

	// GetUsersByAccountID returns a list of users registered for given account ID
	GetUsersByAccountID(accountID string) ([]storage.User, error)
}

Accounts represents a collection of accounts in the portal

type AssignKubernetesGroupsAction 

type AssignKubernetesGroupsAction struct {
	// contains filtered or unexported fields
}

AssignKubernetesGroupsAction represents action that will assign kubernetes groups when called

func (*AssignKubernetesGroupsAction) Assign 

func (l *AssignKubernetesGroupsAction) Assign(groups ...interface{}) predicate.BoolPredicate

Assign assigns kubernetes groups to the context groups

type AuthenticateResponse 

type AuthenticateResponse struct {
	// User is the authenticated user.
	User storage.User
	// Checker is the access checker populated with auth user roles.
	Checker services.AccessChecker
	// Session is the authenticated web session. May be nil.
	Session *web.SessionContext
}

AuthenticateResponse contains request authentication results.

type Authenticator 

type Authenticator interface {
	// Authenticate authenticates the provided http request.
	Authenticate(http.ResponseWriter, *http.Request) (*AuthenticateResponse, error)
}

Authenticator defines the interface for authenticating requests.

func NewAuthenticator 

func NewAuthenticator(config AuthenticatorConfig) (Authenticator, error)

NewAuthenticator returns a new authenticator instance.

func NewAuthenticatorFromIdentity 

func NewAuthenticatorFromIdentity(identity Identity) Authenticator

NewAuthenticatorFromIdentity creates a new authenticator from the provided identity.

type AuthenticatorConfig 

type AuthenticatorConfig struct {
	// Identity is used for robot users authentication.
	Identity Identity
	// Authenticator is used for web sessions authentication.
	Authenticator httplib.Authenticator
}

AuthenticatorConfig contains authenticator configuration parameters.

func (AuthenticatorConfig) Check 

func (c AuthenticatorConfig) Check() error

Check validates the authenticator configuration.

type Context 

type Context struct {
	teleservices.Context
	// KubernetesGroups is  processed by action assignKubernetesGroups
	KubernetesGroups []string
}

Context is a context used in access rules

func (*Context) String 

func (ctx *Context) String() string

String returns user friendly representation of this context

type CredsConfig 

type CredsConfig struct {
	// Backend is a storage backend
	Backend storage.LoginEntries
}

CredsConfig stores configuration for credentials config

type Identity 

type Identity interface {
	Users
	Accounts
	teleservices.Presence
	storage.Locks
	teleservices.ClusterConfiguration
	teleservices.Trust
	teleservices.Access
	teleservices.Identity
	teleservices.Provisioner
}

Identity service manages users and account entries, permissions and authentication, signups

func IdentityWithACL 

func IdentityWithACL(backend storage.Backend, identity Identity, user storage.User, checker teleservices.AccessChecker) Identity

IdentityWithACL returns an instance of the Users interface with the specified security context

type IdentityACL 

type IdentityACL struct {
	clockwork.Clock
	// contains filtered or unexported fields
}

IdentityACL defines a security aware wrapper around Users

func (*IdentityACL) AcquireLock 

func (i *IdentityACL) AcquireLock(token string, ttl time.Duration) error

AcquireLock grabs a lock that will be released automatically in ttl time

func (*IdentityACL) ActivateCertAuthority 

func (i *IdentityACL) ActivateCertAuthority(id teleservices.CertAuthID) error

func (*IdentityACL) AddUserLoginAttempt 

func (i *IdentityACL) AddUserLoginAttempt(username string, attempt teleservices.LoginAttempt, ttl time.Duration) error

AddUserLoginAttempt logs user login attempt

func (*IdentityACL) AuthenticateUser 

func (i *IdentityACL) AuthenticateUser(creds httplib.AuthCreds) (storage.User, teleservices.AccessChecker, error)

AuthenticateUser authenticates a user by given credentials, it supports basic auth only that is used by agents running on sites

func (*IdentityACL) CompareAndSwapCertAuthority 

func (i *IdentityACL) CompareAndSwapCertAuthority(new, existing teleservices.CertAuthority) error

CompareAndSwapCertAuthority updates existing cert authority if the existing cert authority value matches the value stored in the backend

func (*IdentityACL) CreateAPIKey 

func (i *IdentityACL) CreateAPIKey(key storage.APIKey, upsert bool) (*storage.APIKey, error)

func (*IdentityACL) CreateAccount 

func (i *IdentityACL) CreateAccount(a Account) (*Account, error)

func (*IdentityACL) CreateAdmin 

func (i *IdentityACL) CreateAdmin(email, password string) error

CreateAdmin creates a new admin user for the locally running site.

func (*IdentityACL) CreateAgent 

func (i *IdentityACL) CreateAgent(agent storage.User) (storage.User, error)

CreateAgent creates a new "robot" agent user used by various automation tools (e.g. release automation) with correct privileges

func (*IdentityACL) CreateAgentFromLoginEntry 

func (i *IdentityACL) CreateAgentFromLoginEntry(clusterName string, entry storage.LoginEntry, admin bool) (storage.User, error)

CreateAgentFromLoginEntry creates a new agent user from the provided login entry

func (*IdentityACL) CreateCertAuthority 

func (i *IdentityACL) CreateCertAuthority(ca teleservices.CertAuthority) error

CreateCertAuthority updates or inserts a new certificate authority

func (*IdentityACL) CreateClusterAdminAgent 

func (i *IdentityACL) CreateClusterAdminAgent(clusterName string, agent storage.User) (storage.User, error)

CreateClusterAdminAgent creates a new privileged cluster agent user used during operations like install/expand on master nodes, and has advanced administrative operations e.g. create and delete roles, set up OIDC connectors

func (*IdentityACL) CreateClusterAgent 

func (i *IdentityACL) CreateClusterAgent(clusterName string, agent storage.User) (storage.User, error)

CreateClusterAgent creates a new cluster agent user used during cluster operations like install/expand and does not have any administrative privileges

func (*IdentityACL) CreateGatekeeper 

func (i *IdentityACL) CreateGatekeeper(gatekeeper RemoteAccessUser) (*RemoteAccessUser, error)

CreateGatekeeper creates a new remote access agent user used to connect remote sites to Ops Centers.

func (*IdentityACL) CreateGithubAuthRequest 

func (i *IdentityACL) CreateGithubAuthRequest(req teleservices.GithubAuthRequest) error

CreateGithubAuthRequest creates a new Github auth request

func (*IdentityACL) CreateGithubConnector 

func (i *IdentityACL) CreateGithubConnector(connector teleservices.GithubConnector) error

CreateGithubConnector creates a Github connector

func (*IdentityACL) CreateInstallToken 

func (i *IdentityACL) CreateInstallToken(t storage.InstallToken) (*storage.InstallToken, error)

CreateInstallToken creates a new one-time installation token

func (*IdentityACL) CreateInviteToken 

func (i *IdentityACL) CreateInviteToken(advertiseURL string, invite storage.UserInvite) (*storage.UserToken, error)

CreateInviteToken creates user invite and returns a token

func (*IdentityACL) CreateOIDCAuthRequest 

func (i *IdentityACL) CreateOIDCAuthRequest(req teleservices.OIDCAuthRequest, ttl time.Duration) error

CreateOIDCAuthRequest creates new auth request

func (*IdentityACL) CreateProvisioningToken 

func (i *IdentityACL) CreateProvisioningToken(t storage.ProvisioningToken) (*storage.ProvisioningToken, error)

CreateProvisioningToken creates a provisioning token from the specified template

func (*IdentityACL) CreateRemoteAgent 

func (i *IdentityACL) CreateRemoteAgent(agent RemoteAccessUser) (storage.User, error)

CreateRemoteAgent creates a new site agent user that replicates the agent of a remote site. The user usually has a bound API key which is replicated locally.

func (*IdentityACL) CreateRemoteCluster 

func (i *IdentityACL) CreateRemoteCluster(conn teleservices.RemoteCluster) error

CreateRemoteCluster creates a remote cluster

func (*IdentityACL) CreateResetToken 

func (i *IdentityACL) CreateResetToken(advertiseURL string, email string, ttl time.Duration) (*storage.UserToken, error)

CreateResetToken resets user password and generates token that will allow existing user to recover a password

func (*IdentityACL) CreateRole 

func (i *IdentityACL) CreateRole(role teleservices.Role, ttl time.Duration) error

CreateRole creates role

func (*IdentityACL) CreateSAMLAuthRequest 

func (i *IdentityACL) CreateSAMLAuthRequest(req teleservices.SAMLAuthRequest, ttl time.Duration) error

CreateSAMLAuthRequest creates new auth request

func (*IdentityACL) CreateSAMLConnector 

func (i *IdentityACL) CreateSAMLConnector(connector teleservices.SAMLConnector) error

CreateSAMLConnector creates SAML Connector

func (*IdentityACL) CreateUser 

func (i *IdentityACL) CreateUser(user teleservices.User) error

CreateUser creates a new generic user without privileges

func (*IdentityACL) CreateUserWithToken 

func (i *IdentityACL) CreateUserWithToken(req UserTokenCompleteRequest) (teleservices.WebSession, error)

CreateUserWithToken creates a user by UserTokenCompleteRequest

func (*IdentityACL) DeactivateCertAuthority 

func (i *IdentityACL) DeactivateCertAuthority(id teleservices.CertAuthID) error

func (*IdentityACL) DeleteAPIKey 

func (i *IdentityACL) DeleteAPIKey(username, token string) error

func (*IdentityACL) DeleteAllCertAuthorities 

func (i *IdentityACL) DeleteAllCertAuthorities(certAuthType teleservices.CertAuthType) error

DeleteAllCertAuthorities deletes all cert authorities

func (*IdentityACL) DeleteAllNamespaces 

func (i *IdentityACL) DeleteAllNamespaces() error

DeleteAllNamespaces deletes all namespaces

func (*IdentityACL) DeleteAllNodes 

func (i *IdentityACL) DeleteAllNodes(namespace string) error

DeleteAllNodes deletes all nodes

func (*IdentityACL) DeleteAllProxies 

func (i *IdentityACL) DeleteAllProxies() error

DeleteAllProxies deletes all proxies

func (*IdentityACL) DeleteAllRemoteClusters 

func (i *IdentityACL) DeleteAllRemoteClusters() error

DeleteAllRemoteClusters deletes all remote clusters

func (*IdentityACL) DeleteAllReverseTunnels 

func (i *IdentityACL) DeleteAllReverseTunnels() error

DeleteAllReverseTunnels removes all reverse tunnel values

func (*IdentityACL) DeleteAllRoles 

func (i *IdentityACL) DeleteAllRoles() error

DeleteAllRoles deletes all roles

func (*IdentityACL) DeleteAllTunnelConnections 

func (i *IdentityACL) DeleteAllTunnelConnections() error

DeleteAllTunnelConnections deletes all tunnel connections for cluster

func (*IdentityACL) DeleteAllUsers 

func (i *IdentityACL) DeleteAllUsers() error

DeleteAllUsers deletes all users

func (*IdentityACL) DeleteCertAuthority 

func (i *IdentityACL) DeleteCertAuthority(id teleservices.CertAuthID) error

DeleteCertAuthority deletes particular certificate authority

func (*IdentityACL) DeleteGithubConnector 

func (i *IdentityACL) DeleteGithubConnector(connectorID string) error

DeleteGithubConnector deletes Github connector

func (*IdentityACL) DeleteNamespace 

func (i *IdentityACL) DeleteNamespace(namespace string) error

DeleteNamespace deletes a namespace with all the keys from the backend

func (*IdentityACL) DeleteOIDCConnector 

func (i *IdentityACL) DeleteOIDCConnector(connectorID string) error

DeleteOIDCConnector deletes OIDC Connector

func (*IdentityACL) DeleteRemoteCluster 

func (i *IdentityACL) DeleteRemoteCluster(clusterName string) error

DeleteRemoteCluster deletes remote cluster by name

func (*IdentityACL) DeleteReverseTunnel 

func (i *IdentityACL) DeleteReverseTunnel(domainName string) error

DeleteReverseTunnel deletes reverse tunnel by it's domain name

func (*IdentityACL) DeleteRole 

func (i *IdentityACL) DeleteRole(roleName string) error

DeleteRole deletes a role with all the keys from the backend

func (*IdentityACL) DeleteSAMLConnector 

func (i *IdentityACL) DeleteSAMLConnector(connectorID string) error

DeleteSAMLConnector deletes SAML Connector

func (*IdentityACL) DeleteSignupToken 

func (i *IdentityACL) DeleteSignupToken(token string) error

DeleteSignupToken deletes signup token from the storage

func (*IdentityACL) DeleteToken 

func (i *IdentityACL) DeleteToken(token string) error

DeleteToken deletes provisioning token

func (*IdentityACL) DeleteTrustedCluster 

func (i *IdentityACL) DeleteTrustedCluster(name string) error

DeleteTrustedCluster removes a TrustedCluster from the backend by name.

func (*IdentityACL) DeleteTunnelConnection 

func (i *IdentityACL) DeleteTunnelConnection(clusterName string, connName string) error

DeleteTunnelConnection deletes tunnel connection by name

func (*IdentityACL) DeleteTunnelConnections 

func (i *IdentityACL) DeleteTunnelConnections(clusterName string) error

DeleteTunnelConnections deletes all tunnel connections for cluster

func (*IdentityACL) DeleteUsedTOTPToken 

func (i *IdentityACL) DeleteUsedTOTPToken(user string) error

DeleteUsedTOTPToken removes the used token from the backend. This should only be used during tests.

func (*IdentityACL) DeleteUser 

func (i *IdentityACL) DeleteUser(username string) error

DeleteUser deletes a user by username

func (*IdentityACL) DeleteUserInvite 

func (i *IdentityACL) DeleteUserInvite(accountID, email string) error

DeleteUserInvite deletes user invite

func (*IdentityACL) DeleteUserLoginAttempts 

func (i *IdentityACL) DeleteUserLoginAttempts(user string) error

DeleteUserLoginAttempts removes all login attempts of a user. Should be called after successful login.

func (*IdentityACL) DeleteWebSession 

func (i *IdentityACL) DeleteWebSession(username, sid string) error

DeleteWebSession deletes web session from the storage

func (*IdentityACL) GetAPIKeyByToken 

func (i *IdentityACL) GetAPIKeyByToken(token string) (key *storage.APIKey, err error)

func (*IdentityACL) GetAPIKeys 

func (i *IdentityACL) GetAPIKeys(username string) (keys []storage.APIKey, err error)

func (*IdentityACL) GetAccessChecker 

func (i *IdentityACL) GetAccessChecker(user storage.User) (teleservices.AccessChecker, error)

GetAccessChecker returns access checker for user based on users roles

func (*IdentityACL) GetAccount 

func (i *IdentityACL) GetAccount(accountID string) (*Account, error)

GetAccount returns account

func (*IdentityACL) GetAccounts 

func (i *IdentityACL) GetAccounts() ([]Account, error)

func (*IdentityACL) GetAllTunnelConnections 

func (i *IdentityACL) GetAllTunnelConnections(opts ...teleservices.MarshalOption) ([]teleservices.TunnelConnection, error)

GetAllTunnelConnections returns all tunnel connections

func (*IdentityACL) GetAuthPreference 

func (i *IdentityACL) GetAuthPreference() (teleservices.AuthPreference, error)

GetAuthPreference returns cluster auth preference

func (*IdentityACL) GetAuthServers 

func (i *IdentityACL) GetAuthServers() ([]teleservices.Server, error)

GetAuthServers returns a list of registered servers

func (*IdentityACL) GetCertAuthorities 

func (i *IdentityACL) GetCertAuthorities(caType teleservices.CertAuthType, loadSigningKeys bool, opts ...teleservices.MarshalOption) ([]teleservices.CertAuthority, error)

GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not

func (*IdentityACL) GetCertAuthority 

func (i *IdentityACL) GetCertAuthority(id teleservices.CertAuthID, loadSigningKeys bool, opts ...teleservices.MarshalOption) (teleservices.CertAuthority, error)

GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded

func (*IdentityACL) GetClusterConfig 

func (i *IdentityACL) GetClusterConfig() (teleservices.ClusterConfig, error)

GetClusterConfig returns cluster configuration

func (*IdentityACL) GetClusterName 

func (i *IdentityACL) GetClusterName() (teleservices.ClusterName, error)

GetClusterName returns cluster name

func (*IdentityACL) GetGithubAuthRequest 

func (i *IdentityACL) GetGithubAuthRequest(stateToken string) (*teleservices.GithubAuthRequest, error)

GetGithubAuthRequest returns Github auth request

func (*IdentityACL) GetGithubConnector 

func (i *IdentityACL) GetGithubConnector(id string, withSecrets bool) (teleservices.GithubConnector, error)

GetGithubConnector returns Github connector

func (*IdentityACL) GetGithubConnectors 

func (i *IdentityACL) GetGithubConnectors(withSecrets bool) ([]teleservices.GithubConnector, error)

GetGithubConnectors returns Github connectors

func (*IdentityACL) GetHOTP 

func (i *IdentityACL) GetHOTP(username string) (*hotp.HOTP, error)

GetHOTP gets HOTP token state for a user

func (*IdentityACL) GetInstallToken 

func (i *IdentityACL) GetInstallToken(token string) (*storage.InstallToken, error)

GetInstallToken returns the token by ID

func (*IdentityACL) GetInstallTokenByUser 

func (i *IdentityACL) GetInstallTokenByUser(username string) (*storage.InstallToken, error)

GetInstallTokenByUser returns the token by user ID

func (*IdentityACL) GetInstallTokenForCluster 

func (i *IdentityACL) GetInstallTokenForCluster(name string) (*storage.InstallToken, error)

GetInstallTokenForCluster returns the token by cluster name

func (*IdentityACL) GetLocalClusterName 

func (i *IdentityACL) GetLocalClusterName() (string, error)

func (*IdentityACL) GetNamespace 

func (i *IdentityACL) GetNamespace(name string) (*teleservices.Namespace, error)

GetNamespace returns a namespace by name

func (*IdentityACL) GetNamespaces 

func (i *IdentityACL) GetNamespaces() ([]teleservices.Namespace, error)

GetNamespaces returns a list of namespaces

func (*IdentityACL) GetNodes 

func (i *IdentityACL) GetNodes(namespace string, opts ...teleservices.MarshalOption) ([]teleservices.Server, error)

GetNodes returns a list of registered servers

func (*IdentityACL) GetOIDCAuthRequest 

func (i *IdentityACL) GetOIDCAuthRequest(stateToken string) (*teleservices.OIDCAuthRequest, error)

GetOIDCAuthRequest returns OIDC auth request if found

func (*IdentityACL) GetOIDCConnector 

func (i *IdentityACL) GetOIDCConnector(id string, withSecrets bool) (teleservices.OIDCConnector, error)

GetOIDCConnector returns OIDC connector data, withSecrets adds or removes client secret from return results

func (*IdentityACL) GetOIDCConnectors 

func (i *IdentityACL) GetOIDCConnectors(withSecrets bool) ([]teleservices.OIDCConnector, error)

GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results

func (*IdentityACL) GetOperationProvisioningToken 

func (i *IdentityACL) GetOperationProvisioningToken(clusterName, operationID string) (*storage.ProvisioningToken, error)

GetOperationProvisioningToken returns token created for the particular site operation

func (*IdentityACL) GetPasswordHash 

func (i *IdentityACL) GetPasswordHash(username string) ([]byte, error)

GetPasswordHash returns the password hash for a given user

func (*IdentityACL) GetProvisioningToken 

func (i *IdentityACL) GetProvisioningToken(token string) (*storage.ProvisioningToken, error)

GetProvisioningToken returns token by ID

func (*IdentityACL) GetProxies 

func (i *IdentityACL) GetProxies() ([]teleservices.Server, error)

GetProxies returns a list of registered proxies

func (*IdentityACL) GetRemoteCluster 

func (i *IdentityACL) GetRemoteCluster(clusterName string) (teleservices.RemoteCluster, error)

GetRemoteCluster returns a remote cluster by name

func (*IdentityACL) GetRemoteClusters 

func (i *IdentityACL) GetRemoteClusters(opts ...teleservices.MarshalOption) ([]teleservices.RemoteCluster, error)

GetRemoteClusters returns a list of remote clusters

func (*IdentityACL) GetReverseTunnel 

func (i *IdentityACL) GetReverseTunnel(name string) (teleservices.ReverseTunnel, error)

GetReverseTunnel returns reverse tunnel by name

func (*IdentityACL) GetReverseTunnels 

func (i *IdentityACL) GetReverseTunnels() ([]teleservices.ReverseTunnel, error)

GetReverseTunnels returns a list of registered servers

func (*IdentityACL) GetRole 

func (i *IdentityACL) GetRole(name string) (teleservices.Role, error)

GetRole returns a role by name

func (*IdentityACL) GetRoles 

func (i *IdentityACL) GetRoles() ([]teleservices.Role, error)

GetRoles returns a list of roles registered with the local auth server

func (*IdentityACL) GetSAMLAuthRequest 

func (i *IdentityACL) GetSAMLAuthRequest(stateToken string) (*teleservices.SAMLAuthRequest, error)

GetSAMLAuthRequest returns SAML auth request if found

func (*IdentityACL) GetSAMLConnector 

func (i *IdentityACL) GetSAMLConnector(id string, withSecrets bool) (teleservices.SAMLConnector, error)

GetSAMLConnector returns SAML connector data, withSecrets adds or removes client secret from return results

func (*IdentityACL) GetSAMLConnectors 

func (i *IdentityACL) GetSAMLConnectors(withSecrets bool) ([]teleservices.SAMLConnector, error)

GetSAMLConnectors returns registered connectors, withSecrets adds or removes client secret from return results

func (*IdentityACL) GetSignupToken 

func (i *IdentityACL) GetSignupToken(token string) (*teleservices.SignupToken, error)

GetSignupToken returns signup token data

func (*IdentityACL) GetSignupTokens 

func (i *IdentityACL) GetSignupTokens() ([]teleservices.SignupToken, error)

GetSignupTokens returns a list of signup tokens

func (*IdentityACL) GetSiteProvisioningTokens 

func (i *IdentityACL) GetSiteProvisioningTokens(siteDomain string) ([]storage.ProvisioningToken, error)

func (*IdentityACL) GetStaticTokens 

func (i *IdentityACL) GetStaticTokens() (teleservices.StaticTokens, error)

GetStaticTokens returns static tokens

func (*IdentityACL) GetTOTP 

func (i *IdentityACL) GetTOTP(user string) (string, error)

GetTOTP returns the secret key used by the TOTP algorithm to validate tokens

func (*IdentityACL) GetTelekubeUser 

func (i *IdentityACL) GetTelekubeUser(username string) (storage.User, error)

GetTelekubeUser finds user by name

func (*IdentityACL) GetToken 

func (i *IdentityACL) GetToken(token string) (*teleservices.ProvisionToken, error)

GetToken finds and returns token by id

func (*IdentityACL) GetTokens 

func (i *IdentityACL) GetTokens() ([]teleservices.ProvisionToken, error)

GetTokens returns all non-expired tokens

func (*IdentityACL) GetTrustedCluster 

func (i *IdentityACL) GetTrustedCluster(name string) (teleservices.TrustedCluster, error)

GetTrustedCluster returns a single TrustedCluster by name.

func (*IdentityACL) GetTrustedClusters 

func (i *IdentityACL) GetTrustedClusters() ([]teleservices.TrustedCluster, error)

GetTrustedClusters returns all TrustedClusters in the backend.

func (*IdentityACL) GetTunnelConnections 

func (i *IdentityACL) GetTunnelConnections(clusterName string, opts ...teleservices.MarshalOption) ([]teleservices.TunnelConnection, error)

GetTunnelConnections returns tunnel connections for a given cluster

func (*IdentityACL) GetU2FRegisterChallenge 

func (i *IdentityACL) GetU2FRegisterChallenge(token string) (*u2f.Challenge, error)

GetU2FRegisterChallenge returns a U2F challenge for a new user corresponding to the token

func (*IdentityACL) GetU2FRegistration 

func (i *IdentityACL) GetU2FRegistration(user string) (*u2f.Registration, error)

GetU2FRegistration returns a U2F registration from a valid register response

func (*IdentityACL) GetU2FRegistrationCounter 

func (i *IdentityACL) GetU2FRegistrationCounter(user string) (counter uint32, e error)

GetU2FRegistrationCounter upserts a counter associated with a U2F registration

func (*IdentityACL) GetU2FSignChallenge 

func (i *IdentityACL) GetU2FSignChallenge(user string) (*u2f.Challenge, error)

GetU2FSignChallenge returns a U2F sign (auth) challenge

func (*IdentityACL) GetUsedTOTPToken 

func (i *IdentityACL) GetUsedTOTPToken(user string) (string, error)

GetUsedTOTPToken returns the last successfully used TOTP token. If no token is found zero is returned.

func (*IdentityACL) GetUser 

func (i *IdentityACL) GetUser(username string) (teleservices.User, error)

GetUser finds user by email

func (*IdentityACL) GetUserByGithubIdentity 

func (i *IdentityACL) GetUserByGithubIdentity(id teleservices.ExternalIdentity) (teleservices.User, error)

GetUserByGithubIdentity returns a user by its specified Github Identity, returns first user specified with this identity

func (*IdentityACL) GetUserByOIDCIdentity 

func (i *IdentityACL) GetUserByOIDCIdentity(id teleservices.ExternalIdentity) (teleservices.User, error)

GetUserByOIDCIdentity returns a user by its specified SAML Identity, returns first user specified with this identity

func (*IdentityACL) GetUserBySAMLIdentity 

func (i *IdentityACL) GetUserBySAMLIdentity(id teleservices.ExternalIdentity) (teleservices.User, error)

GetUserBySAMLIdentity returns a user by its specified SAML Identity, returns first user specified with this identity

func (*IdentityACL) GetUserInvites 

func (i *IdentityACL) GetUserInvites(accountID string) ([]storage.UserInvite, error)

GetUserInvites returns user invites

func (*IdentityACL) GetUserLoginAttempts 

func (i *IdentityACL) GetUserLoginAttempts(user string) ([]teleservices.LoginAttempt, error)

GetUserLoginAttempts returns user login attempts

func (*IdentityACL) GetUserToken 

func (i *IdentityACL) GetUserToken(tokenID string) (*storage.UserToken, error)

GetUserToken returns information about this signup token based on its id

func (*IdentityACL) GetUsers 

func (i *IdentityACL) GetUsers() ([]teleservices.User, error)

func (*IdentityACL) GetUsersByAccountID 

func (i *IdentityACL) GetUsersByAccountID(accountID string) ([]storage.User, error)

GetUsersByAccountID returns a list of users for given accountID

func (*IdentityACL) GetWebSession 

func (i *IdentityACL) GetWebSession(username, sid string) (teleservices.WebSession, error)

GetWebSession returns a web session state for a given user and session id

func (*IdentityACL) LoginWithInstallToken 

func (i *IdentityACL) LoginWithInstallToken(token string) (*LoginResult, error)

func (*IdentityACL) Migrate 

func (i *IdentityACL) Migrate() error

Migrate launches migrations

func (*IdentityACL) ReleaseLock 

func (i *IdentityACL) ReleaseLock(token string) error

ReleaseLock releases lock by token name

func (*IdentityACL) ResetPassword 

func (i *IdentityACL) ResetPassword(username string) (string, error)

ResetPassword resets the user password and returns the new one

func (*IdentityACL) ResetUserWithToken 

func (i *IdentityACL) ResetUserWithToken(req UserTokenCompleteRequest) (teleservices.WebSession, error)

ResetUserWithToken sets user password based on user secret token and logs in user after that in case of successful operation

func (*IdentityACL) SetAuth 

func (i *IdentityACL) SetAuth(auth teleauth.ClientI)

func (*IdentityACL) SetAuthPreference 

func (i *IdentityACL) SetAuthPreference(authP teleservices.AuthPreference) error

SetAuthPreference updates cluster auth preference

func (*IdentityACL) SetClusterConfig 

func (i *IdentityACL) SetClusterConfig(config teleservices.ClusterConfig) error

SetClusterConfig updates cluster configuration

func (*IdentityACL) SetClusterName 

func (i *IdentityACL) SetClusterName(clusterName teleservices.ClusterName) error

SetClusterName updates cluster name

func (*IdentityACL) SetStaticTokens 

func (i *IdentityACL) SetStaticTokens(tokens teleservices.StaticTokens) error

SetStaticTokens updates static tokens

func (*IdentityACL) TryAcquireLock 

func (i *IdentityACL) TryAcquireLock(token string, ttl time.Duration) error

TryAcquireLock grabs a lock that will be released automatically in ttl time

func (*IdentityACL) UpdateInstallToken 

func (i *IdentityACL) UpdateInstallToken(req InstallTokenUpdateRequest) (*storage.InstallToken, teleservices.Role, error)

UpdateInstallToken updates an existing install token and changes role for the user associated with the install token to reduce it's scope to the just created cluster

func (*IdentityACL) UpdatePassword 

func (i *IdentityACL) UpdatePassword(username string, oldPassword, newPassword Password) error

UpdatePassword updates users password based on the old password

func (*IdentityACL) UpdateUser 

func (i *IdentityACL) UpdateUser(username string, req storage.UpdateUserReq) error

UpdateUser updates certain user fields

func (*IdentityACL) UpsertAuthServer 

func (i *IdentityACL) UpsertAuthServer(server teleservices.Server) error

UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*IdentityACL) UpsertCertAuthority 

func (i *IdentityACL) UpsertCertAuthority(ca teleservices.CertAuthority) error

UpsertCertAuthority updates or inserts a new certificate authority

func (*IdentityACL) UpsertGithubConnector 

func (i *IdentityACL) UpsertGithubConnector(connector teleservices.GithubConnector) error

UpsertGithubConnector upserts a Github connector

func (*IdentityACL) UpsertHOTP 

func (i *IdentityACL) UpsertHOTP(username string, otp *hotp.HOTP) error

UpsertHOTP upserts HOTP state for user

func (*IdentityACL) UpsertLocalClusterName 

func (i *IdentityACL) UpsertLocalClusterName(clusterName string) error

func (*IdentityACL) UpsertNamespace 

func (i *IdentityACL) UpsertNamespace(n teleservices.Namespace) error

UpsertNamespace upserts namespace

func (*IdentityACL) UpsertNode 

func (i *IdentityACL) UpsertNode(server teleservices.Server) error

UpsertNode registers node presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*IdentityACL) UpsertNodes 

func (i *IdentityACL) UpsertNodes(namespace string, servers []teleservices.Server) error

UpsertNodes upserts multiple nodes

func (*IdentityACL) UpsertOIDCConnector 

func (i *IdentityACL) UpsertOIDCConnector(connector teleservices.OIDCConnector) error

UpsertOIDCConnector upserts OIDC Connector

func (*IdentityACL) UpsertPassword 

func (i *IdentityACL) UpsertPassword(username string, password []byte) error

UpsertPassword upserts new password and HOTP token

func (*IdentityACL) UpsertPasswordHash 

func (i *IdentityACL) UpsertPasswordHash(username string, hash []byte) error

UpsertPasswordHash upserts user password hash

func (*IdentityACL) UpsertProxy 

func (i *IdentityACL) UpsertProxy(server teleservices.Server) error

UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*IdentityACL) UpsertReverseTunnel 

func (i *IdentityACL) UpsertReverseTunnel(tunnel teleservices.ReverseTunnel) error

UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently

func (*IdentityACL) UpsertRole 

func (i *IdentityACL) UpsertRole(role teleservices.Role, ttl time.Duration) error

UpsertRole updates parameters about role

func (*IdentityACL) UpsertSAMLConnector 

func (i *IdentityACL) UpsertSAMLConnector(connector teleservices.SAMLConnector) error

UpsertSAMLConnector upserts SAML Connector

func (*IdentityACL) UpsertSignupToken 

func (i *IdentityACL) UpsertSignupToken(token string, tokenData teleservices.SignupToken, ttl time.Duration) error

UpsertSignupToken upserts signup token - one time token that lets user to create a user account

func (*IdentityACL) UpsertTOTP 

func (i *IdentityACL) UpsertTOTP(user string, secretKey string) error

UpsertTOTP upserts TOTP secret key for a user that can be used to generate and validate tokens.

func (*IdentityACL) UpsertToken 

func (i *IdentityACL) UpsertToken(token string, roles teleport.Roles, ttl time.Duration) error

UpsertToken adds provisioning tokens for the auth server

func (*IdentityACL) UpsertTrustedCluster 

func (i *IdentityACL) UpsertTrustedCluster(trustedCluster teleservices.TrustedCluster) (teleservices.TrustedCluster, error)

UpsertTrustedCluster creates or updates a TrustedCluster in the backend.

func (*IdentityACL) UpsertTunnelConnection 

func (i *IdentityACL) UpsertTunnelConnection(conn teleservices.TunnelConnection) error

UpsertTunnelConnection upserts tunnel connection

func (*IdentityACL) UpsertU2FRegisterChallenge 

func (i *IdentityACL) UpsertU2FRegisterChallenge(token string, u2fChallenge *u2f.Challenge) error

UpsertU2FRegisterChallenge upserts a U2F challenge for a new user corresponding to the token

func (*IdentityACL) UpsertU2FRegistration 

func (i *IdentityACL) UpsertU2FRegistration(user string, u2fReg *u2f.Registration) error

UpsertU2FRegistration upserts a U2F registration from a valid register response

func (*IdentityACL) UpsertU2FRegistrationCounter 

func (i *IdentityACL) UpsertU2FRegistrationCounter(user string, counter uint32) error

UpsertU2FRegistrationCounter upserts a counter associated with a U2F registration

func (*IdentityACL) UpsertU2FSignChallenge 

func (i *IdentityACL) UpsertU2FSignChallenge(user string, u2fChallenge *u2f.Challenge) error

UpsertU2FSignChallenge upserts a U2F sign (auth) challenge

func (*IdentityACL) UpsertUsedTOTPToken 

func (i *IdentityACL) UpsertUsedTOTPToken(user string, otpToken string) error

UpsertUsedTOTPToken upserts a TOTP token to the backend so it can't be used again during the 30 second window it's valid.

func (*IdentityACL) UpsertUser 

func (i *IdentityACL) UpsertUser(teleuser teleservices.User) error

UpsertUser creates a new user or updates existing user In case of AgentUser it will generate a random token - API key In case of AdminUser or Regular user it requires a password to be set and uses bcrypt to store password's hash

func (*IdentityACL) UpsertWebSession 

func (i *IdentityACL) UpsertWebSession(username, sid string, session teleservices.WebSession) error

UpsertWebSession updates or inserts a web session for a user and session id

type InstallTokenUpdateRequest 

type InstallTokenUpdateRequest struct {
	// Token identifies the install token
	Token string `json:"token"`
	// SiteDomain defines the domain to associate the install token with
	SiteDomain string `json:"site_domain"`
	// Repository is a repository with app packages
	Repository string `json:"repository"`
}

InstallTokenUpdateRequest defines a request to update an install token

func (InstallTokenUpdateRequest) Check 

func (r InstallTokenUpdateRequest) Check() error

Check verifies validity of this request object

type KeyStore 

type KeyStore struct {
	// contains filtered or unexported fields
}

KeyStore stores logins for remote portals on computers

func NewCredsService 

func NewCredsService(cfg CredsConfig) (*KeyStore, error)

func (*KeyStore) DeleteLoginEntry 

func (c *KeyStore) DeleteLoginEntry(opsCenterURL string) error

DeleteLoginEntry deletes the login entry for the specified opsCenterURL from the storage

func (*KeyStore) GetCurrentOpsCenter 

func (c *KeyStore) GetCurrentOpsCenter() string

func (*KeyStore) GetLoginEntries 

func (c *KeyStore) GetLoginEntries() ([]LoginEntry, error)

GetLoginEntries lists all login entries

func (*KeyStore) GetLoginEntry 

func (c *KeyStore) GetLoginEntry(opsCenterURL string) (*LoginEntry, error)

GetLoginEntry returns the login entry for the specified opsCenterURL from the storage

func (*KeyStore) SetCurrentOpsCenter 

func (c *KeyStore) SetCurrentOpsCenter(o string) error

func (*KeyStore) UpsertLoginEntry 

func (c *KeyStore) UpsertLoginEntry(l LoginEntry) (*LoginEntry, error)

UpsertLoginEntry creates or updates login entry for remote OpsCenter

type LoginEntry 

type LoginEntry storage.LoginEntry

LoginEntry represents local login entry for local agents running on hosts TODO: We don't want users to refer to storage package, idea, may be make it internal go package?

func (LoginEntry) String 

func (l LoginEntry) String() string

type LoginResult 

type LoginResult struct {
	// Email identifies the user to log in
	Email string `json:"email"`
	// SessionID defines the ID of the web session created as a result of
	// logging in
	SessionID string `json:"session_id"`
}

LoginResult defines the result of logging a user in

type Password 

type Password []byte

Password is a helper type that enforces some sanity constraints on the password entered by user

func (*Password) Check 

func (p *Password) Check() error

Check returns nil, if password matches relaxed requirements

type RemoteAccessUser 

type RemoteAccessUser storage.RemoteAccessUser

type SignupResult 

type SignupResult struct {
	Account    Account                 `json:"account"`
	User       storage.User            `json:"user"`
	WebSession teleservices.WebSession `json:"web_session"`
}

SignupResult represents successful signup result: * Account that was created * User that was created * WebSession initiated for this user

type UserTokenCompleteRequest 

type UserTokenCompleteRequest struct {
	// SecondFactorToken is 2nd factor token value
	SecondFactorToken string `json:"second_factor_token"`
	// TokenID is this token ID
	TokenID string `json:"token"`
	// Password is user password
	Password Password `json:"password"`
	// U2FRegisterResponse is U2F register response
	U2FRegisterResponse u2f.RegisterResponse `json:"u2f_register_response"`
}

UserTokenCompleteRequest defines a request to complete an action associated with the user token

type Users 

type Users interface {
	// AuthenticateUser authenticates a user by given credentials, it supports
	// Bearer tokens and baisc auth methods
	AuthenticateUser(httplib.AuthCreds) (storage.User, teleservices.AccessChecker, error)

	// GetTelekubeUser returns user by name
	GetTelekubeUser(name string) (storage.User, error)

	// GetAccessChecker returns access checker for user based on users roles
	GetAccessChecker(user storage.User) (teleservices.AccessChecker, error)

	// UpdateUser updates certain user fields
	UpdateUser(name string, req storage.UpdateUserReq) error

	// Migrate is called to migrate legacy data structures to the new format
	Migrate() error

	// SetAuth sets auth handler for users service
	// this is workaround to integrate users service and teleport's
	// auth service until we figure out a better interface/way to do it
	SetAuth(auth teleauth.ClientI)

	// GetSiteProvisioningTokens returns a list of tokens available for the site
	GetSiteProvisioningTokens(siteDomain string) ([]storage.ProvisioningToken, error)

	// GetProvisioningToken returns token by its ID
	GetProvisioningToken(token string) (*storage.ProvisioningToken, error)

	// GetOperationProvisioningToken returns token created for the particular site operation
	GetOperationProvisioningToken(clusterName, operationID string) (*storage.ProvisioningToken, error)

	// CreateProvisioningToken creates a provisioning token from the specified template
	CreateProvisioningToken(storage.ProvisioningToken) (*storage.ProvisioningToken, error)

	// CreateInstallToken creates a new one-time installation token
	CreateInstallToken(storage.InstallToken) (*storage.InstallToken, error)

	// GetInstallToken returns token by its ID
	GetInstallToken(token string) (*storage.InstallToken, error)

	// GetInstallTokenByUser returns token by user ID
	GetInstallTokenByUser(email string) (*storage.InstallToken, error)

	// GetInstallTokenForCluster returns token by cluster name
	GetInstallTokenForCluster(name string) (*storage.InstallToken, error)

	// UpdateInstallToken updates an existing install token and changes role
	// for the user associated with the install token to reduce it's scope
	// to the just created cluster
	UpdateInstallToken(req InstallTokenUpdateRequest) (*storage.InstallToken, teleservices.Role, error)

	// LoginWithInstallToken logs a user using a one-time install token
	LoginWithInstallToken(token string) (*LoginResult, error)

	// CreateAgent creates a new "robot" agent user used by various automation tools
	// (e.g. release automation) with correct privileges
	CreateAgent(user storage.User) (storage.User, error)

	// CreateRemoteAgent creates a new site agent user that replicates the agent of a remote site.
	// The user usually has a bound API key which is replicated locally
	CreateRemoteAgent(user RemoteAccessUser) (storage.User, error)

	// CreateAgentFromLoginEntry creates a new agent user from the provided
	// login entry
	CreateAgentFromLoginEntry(cluster string, entry storage.LoginEntry, admin bool) (storage.User, error)

	// CreateGatekeeoer creates a new remote access agent user used to connect remote sites
	// to Ops Centers
	CreateGatekeeper(user RemoteAccessUser) (*RemoteAccessUser, error)

	// CreateClusterAgent creates a new cluster agent user used during cluster operations
	// like install/expand and does not have any administrative privileges
	CreateClusterAgent(cluster string, agent storage.User) (storage.User, error)

	// CreateClusterAdminAgent creates a new privileged cluster agent user used during operations
	// like install/expand on master nodes, and has advanced administrative operations
	// e.g. create and delete roles, set up OIDC connectors
	CreateClusterAdminAgent(cluster string, agent storage.User) (storage.User, error)

	// CreateLocalAdmin creates a new admin user for the locally running site
	CreateAdmin(email, password string) error

	// GetAPIKeys returns a list of API keys for the specified user
	GetAPIKeys(userEmail string) ([]storage.APIKey, error)

	// GetAPIKeyByToken returns an API key for the specified token
	GetAPIKeyByToken(token string) (*storage.APIKey, error)

	// CreateAPIKey creates API key for agent user
	CreateAPIKey(key storage.APIKey, upsert bool) (*storage.APIKey, error)

	// DeleteAPIKey creates API Key for agent user
	DeleteAPIKey(userEmail, token string) error
}

Users represents operations on users and permssions, it takes care of authentication and authorization

Source Files

View all Source files

Directories

Path Synopsis
package credssuite contains a storage acceptance test suite that is service implementation independent
 package credssuite contains a storage acceptance test suite that is service implementation independent

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.