Documentation ¶
Overview ¶
Package profile handles management of the Teleport profile directory (~/.tsh).
Index ¶
- func FullProfilePath(dir string) string
- func GetCurrentProfileName(dir string) (name string, err error)
- func ListProfileNames(dir string) ([]string, error)
- func RemoveProfile(dir, name string) error
- func SetCurrentProfileName(dir string, name string) error
- type Profile
- func (p *Profile) AppCertPath(appName string) string
- func (p *Profile) AppKeyPath(appName string) string
- func (p *Profile) Copy() *Profile
- func (p *Profile) Expiry() (time.Time, bool)
- func (p *Profile) KeyDir() string
- func (p *Profile) KnownHostsPath() string
- func (p *Profile) Name() string
- func (p *Profile) PPKFilePath() string
- func (p *Profile) ProxyKeyDir() string
- func (p *Profile) RequireKubeLocalProxy() bool
- func (p *Profile) SSHCertPath() string
- func (p *Profile) SSHClientConfig() (*ssh.ClientConfig, error)
- func (p *Profile) SSHDir() string
- func (p *Profile) SaveToDir(dir string, makeCurrent bool) error
- func (p *Profile) TLSCAPathCluster(cluster string) string
- func (p *Profile) TLSCAsLegacyPath() string
- func (p *Profile) TLSCAsPath() string
- func (p *Profile) TLSCertPath() string
- func (p *Profile) TLSClusterCASDir() string
- func (p *Profile) TLSConfig() (*tls.Config, error)
- func (p *Profile) UserSSHKeyPath() string
- func (p *Profile) UserTLSKeyPath() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FullProfilePath ¶
FullProfilePath returns the full path to the user profile directory. If the parameter is empty, it returns expanded "~/.tsh", otherwise returns its unmodified parameter
func GetCurrentProfileName ¶
GetCurrentProfileName attempts to load the current profile name.
func ListProfileNames ¶
ListProfileNames lists all available profiles.
func RemoveProfile ¶
RemoveProfile removes cluster profile file
func SetCurrentProfileName ¶
SetCurrentProfileName attempts to set the current profile name.
Types ¶
type Profile ¶
type Profile struct { // WebProxyAddr is the host:port the web proxy can be accessed at. WebProxyAddr string `yaml:"web_proxy_addr,omitempty"` // SSHProxyAddr is the host:port the SSH proxy can be accessed at. SSHProxyAddr string `yaml:"ssh_proxy_addr,omitempty"` // KubeProxyAddr is the host:port the Kubernetes proxy can be accessed at. KubeProxyAddr string `yaml:"kube_proxy_addr,omitempty"` // PostgresProxyAddr is the host:port the Postgres proxy can be accessed at. PostgresProxyAddr string `yaml:"postgres_proxy_addr,omitempty"` // MySQLProxyAddr is the host:port the MySQL proxy can be accessed at. MySQLProxyAddr string `yaml:"mysql_proxy_addr,omitempty"` // MongoProxyAddr is the host:port the Mongo proxy can be accessed at. MongoProxyAddr string `yaml:"mongo_proxy_addr,omitempty"` // Username is the Teleport username for the client. Username string `yaml:"user,omitempty"` // SiteName is equivalent to the --cluster flag SiteName string `yaml:"cluster,omitempty"` // DynamicForwardedPorts is a list of ports to use for dynamic port // forwarding (SOCKS5). DynamicForwardedPorts []string `yaml:"dynamic_forward_ports,omitempty"` // Dir is the directory of this profile. Dir string // TLSRoutingEnabled indicates that proxy supports ALPN SNI server where // all proxy services are exposed on a single TLS listener (Proxy Web Listener). TLSRoutingEnabled bool `yaml:"tls_routing_enabled,omitempty"` // TLSRoutingConnUpgradeRequired indicates that ALPN connection upgrades // are required for making TLS routing requests. // // Note that this is applicable to the Proxy's Web port regardless of // whether the Proxy is in single-port or multi-port configuration. TLSRoutingConnUpgradeRequired bool `yaml:"tls_routing_conn_upgrade_required,omitempty"` // AuthConnector (like "google", "passwordless"). // Equivalent to the --auth tsh flag. AuthConnector string `yaml:"auth_connector,omitempty"` // LoadAllCAs indicates that tsh should load the CAs of all clusters // instead of just the current cluster. LoadAllCAs bool `yaml:"load_all_cas,omitempty"` // MFAMode ("auto", "platform", "cross-platform"). // Equivalent to the --mfa-mode tsh flag. MFAMode string `yaml:"mfa_mode,omitempty"` // PrivateKeyPolicy is a key policy enforced for this profile. PrivateKeyPolicy keys.PrivateKeyPolicy `yaml:"private_key_policy"` // PIVSlot is a specific piv slot that Teleport clients should use for hardware key support. PIVSlot keys.PIVSlot `yaml:"piv_slot"` // MissingClusterDetails means this profile was created with limited cluster details. // Missing cluster details should be loaded into the profile by pinging the proxy. MissingClusterDetails bool // SAMLSingleLogoutEnabled is whether SAML SLO (single logout) is enabled, this can only be true if this is a SAML SSO session // using an auth connector with a SAML SLO URL configured. SAMLSingleLogoutEnabled bool `yaml:"saml_slo_enabled,omitempty"` // SSHDialTimeout is the timeout value that should be used for SSH connections. SSHDialTimeout time.Duration `yaml:"ssh_dial_timeout,omitempty"` // SSOHost is the host of the SSO provider used to log in. Clients can check this value, along // with WebProxyAddr, to determine if a webpage is safe to open. Currently used by Teleport // Connect in the proxy host allow list. SSOHost string `yaml:"sso_host,omitempty"` }
Profile is a collection of most frequently used CLI flags for "tsh".
Profiles can be stored in a profile file, allowing TSH users to type fewer CLI args.
func FromDir ¶
FromDir reads the user profile from a given directory. If dir is empty, this function defaults to the default tsh profile directory. If name is empty, this function defaults to loading the currently active profile (if any).
func (*Profile) AppCertPath ¶
AppCertPath returns the path to the profile's certificate for a given application. Note that this function merely constructs the path - there is no guarantee that there is an actual certificate at that location.
func (*Profile) AppKeyPath ¶
AppKeyPath returns the path to the profile's private key for a given application. Note that this function merely constructs the path - there is no guarantee that there is an actual key at that location.
func (*Profile) KnownHostsPath ¶
KnownHostsPath returns the path to the profile's ssh certificate authorities.
func (*Profile) PPKFilePath ¶
PPKFilePath returns the path to the profile's PuTTY PPK-formatted keypair.
func (*Profile) ProxyKeyDir ¶
ProxyKeyDir returns the path to the profile's key directory.
func (*Profile) RequireKubeLocalProxy ¶
RequireKubeLocalProxy returns true if this profile indicates a local proxy is required for kube access.
func (*Profile) SSHCertPath ¶
SSHCertPath returns the path to the profile's ssh certificate.
func (*Profile) SSHClientConfig ¶
func (p *Profile) SSHClientConfig() (*ssh.ClientConfig, error)
SSHClientConfig returns the profile's associated SSHClientConfig.
func (*Profile) SaveToDir ¶
SaveToDir saves this profile to the specified directory. If makeCurrent is true, it makes this profile current.
func (*Profile) TLSCAPathCluster ¶
TLSCAPathCluster returns CA for particular cluster.
func (*Profile) TLSCAsLegacyPath ¶
TLSCAsLegacyPath returns the path to the profile's TLS certificate authorities.
func (*Profile) TLSCAsPath ¶
TLSCAsPath returns the legacy path to the profile's TLS certificate authorities.
func (*Profile) TLSCertPath ¶
TLSCertPath returns the path to the profile's TLS certificate.
func (*Profile) TLSClusterCASDir ¶
TLSClusterCASDir returns CAS directory where cluster CAs are stored.
func (*Profile) UserSSHKeyPath ¶
UserSSHKeyPath returns the path to the profile's SSH private key.
func (*Profile) UserTLSKeyPath ¶
UserTLSKeyPath returns the path to the profile's TLS private key.