Documentation ¶
Overview ¶
Package client provides a gRPC implementation of the Teleport Auth client. This client can be used to programatically interact with a Teleport Auth server.
Index ¶
- Variables
- func ConfigureALPN(tlsConfig *tls.Config, clusterName string) *tls.Config
- func DialALPN(ctx context.Context, addr string, cfg ALPNDialerConfig) (*tls.Conn, error)
- func DialProxy(ctx context.Context, proxyURL *url.URL, addr string, opts ...DialProxyOption) (net.Conn, error)
- func DialProxyWithDialer(ctx context.Context, proxyURL *url.URL, addr string, dialer ContextDialer, ...) (net.Conn, error)
- func EventFromGRPC(in *proto.Event) (*types.Event, error)
- func EventToGRPC(in types.Event) (*proto.Event, error)
- func EventTypeFromGRPC(in proto.Operation) (types.OpType, error)
- func EventTypeToGRPC(in types.OpType) (proto.Operation, error)
- func GRPCContextDialer(dialer ContextDialer) func(context.Context, string) (net.Conn, error)
- func GetAllResources[T types.ResourceWithLabels](ctx context.Context, clt GetResourcesClient, req *proto.ListResourcesRequest) ([]T, error)
- func GetAllUnifiedResources(ctx context.Context, clt ListUnifiedResourcesClient, ...) ([]*types.EnrichedResource, error)
- func GetKubernetesResourcesWithFilters(ctx context.Context, clt kubeproto.KubeServiceClient, ...) ([]types.ResourceWithLabels, error)
- func GetResourcesWithFilters(ctx context.Context, clt ListResourcesClient, req proto.ListResourcesRequest) ([]types.ResourceWithLabels, error)
- func GetUnifiedResourcePage(ctx context.Context, clt ListUnifiedResourcesClient, ...) ([]*types.EnrichedResource, string, error)
- func InventoryControlStreamPipe(opts ...ICSPipeOption) (UpstreamInventoryControlStream, DownstreamInventoryControlStream)
- func IsALPNConnUpgradeRequired(ctx context.Context, addr string, insecure bool, opts ...DialOption) bool
- func IsALPNPingProtocol(protocol string) bool
- func NewOktaClient(ctx context.Context, cfg Config) (*okta.Client, error)
- func NewTracingClient(ctx context.Context, cfg Config) (*tracing.Client, error)
- func OverwriteALPNConnUpgradeRequirementByEnv(addr string) (bool, bool)
- type ALPNDialer
- type ALPNDialerConfig
- type AuthServiceClient
- type Client
- func (c *Client) AccessListClient() *accesslist.Client
- func (c *Client) AccessMonitoringRulesClient() *accessmonitoringrules.Client
- func (c *Client) AcquireSemaphore(ctx context.Context, params types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error)
- func (c *Client) AddMFADeviceSync(ctx context.Context, in *proto.AddMFADeviceSyncRequest) (*proto.AddMFADeviceSyncResponse, error)
- func (c *Client) AppendDiagnosticTrace(ctx context.Context, name string, t *types.ConnectionDiagnosticTrace) (types.ConnectionDiagnostic, error)
- func (c *Client) AssertSystemRole(ctx context.Context, req proto.SystemRoleAssertion) error
- func (c *Client) BotInstanceServiceClient() machineidv1pb.BotInstanceServiceClient
- func (c *Client) BotServiceClient() machineidv1pb.BotServiceClient
- func (c *Client) CancelSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error
- func (c *Client) ChangePassword(ctx context.Context, req *proto.ChangePasswordRequest) error
- func (c *Client) ChangeUserAuthentication(ctx context.Context, req *proto.ChangeUserAuthenticationRequest) (*proto.ChangeUserAuthenticationResponse, error)
- func (c *Client) ClearAlertAcks(ctx context.Context, req proto.ClearAlertAcksRequest) error
- func (c *Client) Close() error
- func (c *Client) ClusterConfigClient() clusterconfigpb.ClusterConfigServiceClient
- func (c *Client) CompleteAccountRecovery(ctx context.Context, req *proto.CompleteAccountRecoveryRequest) error
- func (c *Client) Config() *tls.Config
- func (c *Client) CreateAccessRequestV2(ctx context.Context, req types.AccessRequest) (types.AccessRequest, error)
- func (c *Client) CreateAccountRecoveryCodes(ctx context.Context, req *proto.CreateAccountRecoveryCodesRequest) (*proto.RecoveryCodes, error)
- func (c *Client) CreateAlertAck(ctx context.Context, ack types.AlertAcknowledgement) error
- func (c *Client) CreateApp(ctx context.Context, app types.Application) error
- func (c *Client) CreateAppSession(ctx context.Context, req *proto.CreateAppSessionRequest) (types.WebSession, error)
- func (c *Client) CreateAuditStream(ctx context.Context, sessionID string) (events.Stream, error)
- func (c *Client) CreateAuthenticateChallenge(ctx context.Context, in *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error)
- func (c *Client) CreateAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdatev1pb.AutoUpdateAgentRollout) (*autoupdatev1pb.AutoUpdateAgentRollout, error)
- func (c *Client) CreateAutoUpdateConfig(ctx context.Context, config *autoupdatev1pb.AutoUpdateConfig) (*autoupdatev1pb.AutoUpdateConfig, error)
- func (c *Client) CreateAutoUpdateVersion(ctx context.Context, version *autoupdatev1pb.AutoUpdateVersion) (*autoupdatev1pb.AutoUpdateVersion, error)
- func (c *Client) CreateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error
- func (c *Client) CreateDatabase(ctx context.Context, database types.Database) error
- func (c *Client) CreateDeviceResource(ctx context.Context, res *types.DeviceV1) (*types.DeviceV1, error)
- func (c *Client) CreateGithubAuthRequest(ctx context.Context, req types.GithubAuthRequest) (*types.GithubAuthRequest, error)
- func (c *Client) CreateGithubConnector(ctx context.Context, connector types.GithubConnector) (types.GithubConnector, error)
- func (c *Client) CreateGlobalNotification(ctx context.Context, req *notificationsv1pb.CreateGlobalNotificationRequest) (*notificationsv1pb.GlobalNotification, error)
- func (c *Client) CreateIntegration(ctx context.Context, ig types.Integration) (types.Integration, error)
- func (c *Client) CreateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error
- func (c *Client) CreateKubernetesWaitingContainer(ctx context.Context, ...) (*kubewaitingcontainerpb.KubernetesWaitingContainer, error)
- func (c *Client) CreateLoginRule(ctx context.Context, rule *loginrulepb.LoginRule) (*loginrulepb.LoginRule, error)
- func (c *Client) CreateOIDCAuthRequest(ctx context.Context, req types.OIDCAuthRequest) (*types.OIDCAuthRequest, error)
- func (c *Client) CreateOIDCConnector(ctx context.Context, connector types.OIDCConnector) (types.OIDCConnector, error)
- func (c *Client) CreatePrivilegeToken(ctx context.Context, req *proto.CreatePrivilegeTokenRequest) (*types.UserTokenV3, error)
- func (c *Client) CreateRegisterChallenge(ctx context.Context, in *proto.CreateRegisterChallengeRequest) (*proto.MFARegisterChallenge, error)
- func (c *Client) CreateResetPasswordToken(ctx context.Context, req *proto.CreateResetPasswordTokenRequest) (types.UserToken, error)
- func (c *Client) CreateRole(ctx context.Context, role types.Role) (types.Role, error)
- func (c *Client) CreateSAMLAuthRequest(ctx context.Context, req types.SAMLAuthRequest) (*types.SAMLAuthRequest, error)
- func (c *Client) CreateSAMLConnector(ctx context.Context, connector types.SAMLConnector) (types.SAMLConnector, error)
- func (c *Client) CreateSAMLIdPServiceProvider(ctx context.Context, sp types.SAMLIdPServiceProvider) error
- func (c *Client) CreateSAMLIdPSession(ctx context.Context, req types.CreateSAMLIdPSessionRequest) (types.WebSession, error)
- func (c *Client) CreateSessionTracker(ctx context.Context, st types.SessionTracker) (types.SessionTracker, error)
- func (c *Client) CreateSnowflakeSession(ctx context.Context, req types.CreateSnowflakeSessionRequest) (types.WebSession, error)
- func (c *Client) CreateToken(ctx context.Context, token types.ProvisionToken) error
- func (c *Client) CreateTrustedCluster(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)
- func (c *Client) CreateUser(ctx context.Context, user types.User) (types.User, error)
- func (c *Client) CreateUserGroup(ctx context.Context, ug types.UserGroup) error
- func (c *Client) CreateUserNotification(ctx context.Context, req *notificationsv1pb.CreateUserNotificationRequest) (*notificationsv1pb.Notification, error)
- func (c *Client) CreateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error
- func (c *Client) CreateWorkloadIdentity(ctx context.Context, r *workloadidentityv1pb.WorkloadIdentity) (*workloadidentityv1pb.WorkloadIdentity, error)
- func (c *Client) CrownJewelServiceClient() *crownjewelapi.Client
- func (c *Client) DatabaseObjectClient() dbobjectv1.DatabaseObjectServiceClient
- func (c *Client) DatabaseObjectImportRuleClient() dbobjectimportrulev1.DatabaseObjectImportRuleServiceClient
- func (c *Client) DecisionClient() decisionpb.DecisionServiceClient
- func (c *Client) DeleteAccessRequest(ctx context.Context, reqID string) error
- func (c *Client) DeleteAllAppSessions(ctx context.Context) error
- func (c *Client) DeleteAllApplicationServers(ctx context.Context, namespace string) error
- func (c *Client) DeleteAllApps(ctx context.Context) error
- func (c *Client) DeleteAllDatabaseServers(ctx context.Context, namespace string) error
- func (c *Client) DeleteAllDatabaseServices(ctx context.Context) error
- func (c *Client) DeleteAllDatabases(ctx context.Context) error
- func (c *Client) DeleteAllInstallers(ctx context.Context) error
- func (c *Client) DeleteAllIntegrations(ctx context.Context) error
- func (c *Client) DeleteAllKubernetesClusters(ctx context.Context) error
- func (c *Client) DeleteAllKubernetesServers(ctx context.Context) error
- func (c *Client) DeleteAllNodes(ctx context.Context, namespace string) error
- func (c *Client) DeleteAllSAMLIdPServiceProviders(ctx context.Context) error
- func (c *Client) DeleteAllSAMLIdPSessions(ctx context.Context) error
- func (c *Client) DeleteAllServerInfos(ctx context.Context) error
- func (c *Client) DeleteAllSnowflakeSessions(ctx context.Context) error
- func (c *Client) DeleteAllUserGroups(ctx context.Context) error
- func (c *Client) DeleteAllWindowsDesktopServices(ctx context.Context) error
- func (c *Client) DeleteAllWindowsDesktops(ctx context.Context) error
- func (c *Client) DeleteApp(ctx context.Context, name string) error
- func (c *Client) DeleteAppSession(ctx context.Context, req types.DeleteAppSessionRequest) error
- func (c *Client) DeleteApplicationServer(ctx context.Context, namespace, hostID, name string) error
- func (c *Client) DeleteAutoUpdateAgentRollout(ctx context.Context) error
- func (c *Client) DeleteAutoUpdateConfig(ctx context.Context) error
- func (c *Client) DeleteAutoUpdateVersion(ctx context.Context) error
- func (c *Client) DeleteCertAuthority(ctx context.Context, id types.CertAuthID) error
- func (c *Client) DeleteClusterMaintenanceConfig(ctx context.Context) error
- func (c *Client) DeleteDatabase(ctx context.Context, name string) error
- func (c *Client) DeleteDatabaseServer(ctx context.Context, namespace, hostID, name string) error
- func (c *Client) DeleteDatabaseService(ctx context.Context, name string) error
- func (c *Client) DeleteDeviceResource(ctx context.Context, id string) error
- func (c *Client) DeleteGithubConnector(ctx context.Context, name string) error
- func (c *Client) DeleteGlobalNotification(ctx context.Context, req *notificationsv1pb.DeleteGlobalNotificationRequest) error
- func (c *Client) DeleteInstaller(ctx context.Context, name string) error
- func (c *Client) DeleteIntegration(ctx context.Context, name string) error
- func (c *Client) DeleteKubernetesCluster(ctx context.Context, name string) error
- func (c *Client) DeleteKubernetesServer(ctx context.Context, hostID, name string) error
- func (c *Client) DeleteKubernetesWaitingContainer(ctx context.Context, ...) error
- func (c *Client) DeleteLock(ctx context.Context, name string) error
- func (c *Client) DeleteLoginRule(ctx context.Context, name string) error
- func (c *Client) DeleteMFADeviceSync(ctx context.Context, in *proto.DeleteMFADeviceSyncRequest) error
- func (c *Client) DeleteNetworkRestrictions(ctx context.Context) error
- func (c *Client) DeleteNode(ctx context.Context, namespace, name string) error
- func (c *Client) DeleteOIDCConnector(ctx context.Context, name string) error
- func (c *Client) DeleteRemoteCluster(ctx context.Context, name string) error
- func (c *Client) DeleteReverseTunnel(ctx context.Context, name string) error
- func (c *Client) DeleteRole(ctx context.Context, name string) error
- func (c *Client) DeleteSAMLConnector(ctx context.Context, name string) error
- func (c *Client) DeleteSAMLIdPServiceProvider(ctx context.Context, name string) error
- func (c *Client) DeleteSAMLIdPSession(ctx context.Context, req types.DeleteSAMLIdPSessionRequest) error
- func (c *Client) DeleteSemaphore(ctx context.Context, filter types.SemaphoreFilter) error
- func (c *Client) DeleteServerInfo(ctx context.Context, name string) error
- func (c *Client) DeleteSnowflakeSession(ctx context.Context, req types.DeleteSnowflakeSessionRequest) error
- func (c *Client) DeleteToken(ctx context.Context, name string) error
- func (c *Client) DeleteTrustedCluster(ctx context.Context, name string) error
- func (c *Client) DeleteUIConfig(ctx context.Context) error
- func (c *Client) DeleteUser(ctx context.Context, user string) error
- func (c *Client) DeleteUserAppSessions(ctx context.Context, req *proto.DeleteUserAppSessionsRequest) error
- func (c *Client) DeleteUserGroup(ctx context.Context, name string) error
- func (c *Client) DeleteUserNotification(ctx context.Context, req *notificationsv1pb.DeleteUserNotificationRequest) error
- func (c *Client) DeleteUserSAMLIdPSessions(ctx context.Context, username string) error
- func (c *Client) DeleteWindowsDesktop(ctx context.Context, hostID, name string) error
- func (c *Client) DeleteWindowsDesktopService(ctx context.Context, name string) error
- func (c *Client) DeleteWorkloadIdentity(ctx context.Context, name string) error
- func (c *Client) DevicesClient() devicepb.DeviceTrustServiceClient
- func (c *Client) Dialer() ContextDialer
- func (c *Client) DiscoveryConfigClient() *discoveryconfig.Client
- func (c *Client) DynamicDesktopClient() *dynamicwindows.Client
- func (c *Client) EmitAuditEvent(ctx context.Context, event events.AuditEvent) error
- func (c *Client) ExportUnstructuredEvents(ctx context.Context, req *auditlogpb.ExportUnstructuredEventsRequest) stream.Stream[*auditlogpb.ExportEventUnstructured]
- func (c *Client) ExportUpgradeWindows(ctx context.Context, req proto.ExportUpgradeWindowsRequest) (proto.ExportUpgradeWindowsResponse, error)
- func (c *Client) ExternalAuditStorageClient() *externalauditstorage.Client
- func (c *Client) GenerateAWSOIDCToken(ctx context.Context, integration string) (string, error)
- func (c *Client) GenerateAppToken(ctx context.Context, req types.GenerateAppTokenRequest) (string, error)
- func (c *Client) GenerateCertAuthorityCRL(ctx context.Context, req *proto.CertAuthorityRequest) (*proto.CRL, error)
- func (c *Client) GenerateDatabaseCert(ctx context.Context, req *proto.DatabaseCertRequest) (*proto.DatabaseCertResponse, error)
- func (c *Client) GenerateHostCerts(ctx context.Context, req *proto.HostCertsRequest) (*proto.Certs, error)
- func (c *Client) GenerateOpenSSHCert(ctx context.Context, req *proto.OpenSSHCertRequest) (*proto.OpenSSHCert, error)
- func (c *Client) GenerateSnowflakeJWT(ctx context.Context, req types.GenerateSnowflakeJWT) (string, error)
- func (c *Client) GenerateUserCerts(ctx context.Context, req proto.UserCertsRequest) (*proto.Certs, error)
- func (c *Client) GenerateWindowsDesktopCert(ctx context.Context, req *proto.WindowsDesktopCertRequest) (*proto.WindowsDesktopCertResponse, error)
- func (c *Client) GetAccessCapabilities(ctx context.Context, req types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error)
- func (c *Client) GetAccessRequestAllowedPromotions(ctx context.Context, req types.AccessRequest) (*types.AccessRequestAllowedPromotions, error)
- func (c *Client) GetAccessRequests(ctx context.Context, filter types.AccessRequestFilter) ([]types.AccessRequest, error)
- func (c *Client) GetAccountRecoveryCodes(ctx context.Context, req *proto.GetAccountRecoveryCodesRequest) (*proto.RecoveryCodes, error)
- func (c *Client) GetAccountRecoveryToken(ctx context.Context, req *proto.GetAccountRecoveryTokenRequest) (types.UserToken, error)
- func (c *Client) GetActiveSessionTrackers(ctx context.Context) ([]types.SessionTracker, error)
- func (c *Client) GetActiveSessionTrackersWithFilter(ctx context.Context, filter *types.SessionTrackerFilter) ([]types.SessionTracker, error)
- func (c *Client) GetAlertAcks(ctx context.Context) ([]types.AlertAcknowledgement, error)
- func (c *Client) GetApp(ctx context.Context, name string) (types.Application, error)
- func (c *Client) GetAppSession(ctx context.Context, req types.GetAppSessionRequest) (types.WebSession, error)
- func (c *Client) GetApplicationServers(ctx context.Context, namespace string) ([]types.AppServer, error)
- func (c *Client) GetApps(ctx context.Context) ([]types.Application, error)
- func (c *Client) GetAuthPreference(ctx context.Context) (types.AuthPreference, error)
- func (c *Client) GetAutoUpdateAgentRollout(ctx context.Context) (*autoupdatev1pb.AutoUpdateAgentRollout, error)
- func (c *Client) GetAutoUpdateConfig(ctx context.Context) (*autoupdatev1pb.AutoUpdateConfig, error)
- func (c *Client) GetAutoUpdateVersion(ctx context.Context) (*autoupdatev1pb.AutoUpdateVersion, error)
- func (c *Client) GetCertAuthorities(ctx context.Context, caType types.CertAuthType, loadKeys bool) ([]types.CertAuthority, error)
- func (c *Client) GetCertAuthority(ctx context.Context, id types.CertAuthID, loadKeys bool) (types.CertAuthority, error)
- func (c *Client) GetClusterAccessGraphConfig(ctx context.Context) (*clusterconfigpb.AccessGraphConfig, error)
- func (c *Client) GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error)
- func (c *Client) GetClusterAuditConfig(ctx context.Context) (types.ClusterAuditConfig, error)
- func (c *Client) GetClusterCACert(ctx context.Context) (*proto.GetClusterCACertResponse, error)
- func (c *Client) GetClusterMaintenanceConfig(ctx context.Context) (types.ClusterMaintenanceConfig, error)
- func (c *Client) GetClusterNetworkingConfig(ctx context.Context) (types.ClusterNetworkingConfig, error)
- func (c *Client) GetConnection() *grpc.ClientConn
- func (c *Client) GetConnectionDiagnostic(ctx context.Context, name string) (types.ConnectionDiagnostic, error)
- func (c *Client) GetCurrentUser(ctx context.Context) (types.User, error)
- func (c *Client) GetCurrentUserRoles(ctx context.Context) ([]types.Role, error)
- func (c *Client) GetDatabase(ctx context.Context, name string) (types.Database, error)
- func (c *Client) GetDatabaseObjectImportRules(ctx context.Context) ([]*dbobjectimportrulev1.DatabaseObjectImportRule, error)
- func (c *Client) GetDatabaseObjects(ctx context.Context) ([]*dbobjectv1.DatabaseObject, error)
- func (c *Client) GetDatabaseServers(ctx context.Context, namespace string) ([]types.DatabaseServer, error)
- func (c *Client) GetDatabases(ctx context.Context) ([]types.Database, error)
- func (c *Client) GetDesktopBootstrapScript(ctx context.Context) (string, error)
- func (c *Client) GetDeviceResource(ctx context.Context, id string) (*types.DeviceV1, error)
- func (c *Client) GetDomainName(ctx context.Context) (string, error)
- func (c *Client) GetEventExportChunks(ctx context.Context, req *auditlogpb.GetEventExportChunksRequest) stream.Stream[*auditlogpb.EventExportChunk]
- func (c *Client) GetGithubAuthRequest(ctx context.Context, stateToken string) (*types.GithubAuthRequest, error)
- func (c *Client) GetGithubConnector(ctx context.Context, name string, withSecrets bool) (types.GithubConnector, error)
- func (c *Client) GetGithubConnectors(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error)
- func (c *Client) GetHeadlessAuthentication(ctx context.Context, id string) (*types.HeadlessAuthentication, error)
- func (c *Client) GetInstaller(ctx context.Context, name string) (types.Installer, error)
- func (c *Client) GetInstallers(ctx context.Context) ([]types.Installer, error)
- func (c *Client) GetInstances(ctx context.Context, filter types.InstanceFilter) stream.Stream[types.Instance]
- func (c *Client) GetIntegration(ctx context.Context, name string) (types.Integration, error)
- func (c *Client) GetInventoryStatus(ctx context.Context, req proto.InventoryStatusRequest) (proto.InventoryStatusSummary, error)
- func (c *Client) GetKubernetesCluster(ctx context.Context, name string) (types.KubeCluster, error)
- func (c *Client) GetKubernetesClusters(ctx context.Context) ([]types.KubeCluster, error)
- func (c *Client) GetKubernetesServers(ctx context.Context) ([]types.KubeServer, error)
- func (c *Client) GetKubernetesWaitingContainer(ctx context.Context, ...) (*kubewaitingcontainerpb.KubernetesWaitingContainer, error)
- func (c *Client) GetKubernetesWaitingContainerClient() *kubewaitingcontainerclient.Client
- func (c *Client) GetLicense(ctx context.Context) (string, error)
- func (c *Client) GetLock(ctx context.Context, name string) (types.Lock, error)
- func (c *Client) GetLocks(ctx context.Context, inForceOnly bool, targets ...types.LockTarget) ([]types.Lock, error)
- func (c *Client) GetLoginRule(ctx context.Context, name string) (*loginrulepb.LoginRule, error)
- func (c *Client) GetMFADevices(ctx context.Context, in *proto.GetMFADevicesRequest) (*proto.GetMFADevicesResponse, error)
- func (c *Client) GetNetworkRestrictions(ctx context.Context) (types.NetworkRestrictions, error)
- func (c *Client) GetNode(ctx context.Context, namespace, name string) (types.Server, error)
- func (c *Client) GetNodes(ctx context.Context, namespace string) ([]types.Server, error)
- func (c *Client) GetOIDCAuthRequest(ctx context.Context, stateToken string) (*types.OIDCAuthRequest, error)
- func (c *Client) GetOIDCConnector(ctx context.Context, name string, withSecrets bool) (types.OIDCConnector, error)
- func (c *Client) GetOIDCConnectors(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error)
- func (c *Client) GetPluginData(ctx context.Context, filter types.PluginDataFilter) ([]types.PluginData, error)
- func (c *Client) GetRemoteCluster(ctx context.Context, name string) (types.RemoteCluster, error)
- func (c *Client) GetRemoteClusters(ctx context.Context) ([]types.RemoteCluster, error)
- func (c *Client) GetResetPasswordToken(ctx context.Context, tokenID string) (types.UserToken, error)
- func (c *Client) GetResources(ctx context.Context, req *proto.ListResourcesRequest) (*proto.ListResourcesResponse, error)
- func (c *Client) GetRole(ctx context.Context, name string) (types.Role, error)
- func (c *Client) GetRoles(ctx context.Context) ([]types.Role, error)
- func (c *Client) GetSAMLAuthRequest(ctx context.Context, id string) (*types.SAMLAuthRequest, error)
- func (c *Client) GetSAMLConnector(ctx context.Context, name string, withSecrets bool) (types.SAMLConnector, error)
- func (c *Client) GetSAMLConnectors(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error)
- func (c *Client) GetSAMLIdPServiceProvider(ctx context.Context, name string) (types.SAMLIdPServiceProvider, error)
- func (c *Client) GetSAMLIdPSession(ctx context.Context, req types.GetSAMLIdPSessionRequest) (types.WebSession, error)
- func (c *Client) GetSSHTargets(ctx context.Context, req *proto.GetSSHTargetsRequest) (*proto.GetSSHTargetsResponse, error)
- func (c *Client) GetSSODiagnosticInfo(ctx context.Context, authRequestKind string, authRequestID string) (*types.SSODiagnosticInfo, error)
- func (c *Client) GetSemaphores(ctx context.Context, filter types.SemaphoreFilter) ([]types.Semaphore, error)
- func (c *Client) GetServerInfo(ctx context.Context, name string) (types.ServerInfo, error)
- func (c *Client) GetServerInfos(ctx context.Context) stream.Stream[types.ServerInfo]
- func (c *Client) GetSessionRecordingConfig(ctx context.Context) (types.SessionRecordingConfig, error)
- func (c *Client) GetSessionTracker(ctx context.Context, sessionID string) (types.SessionTracker, error)
- func (c *Client) GetSnowflakeSession(ctx context.Context, req types.GetSnowflakeSessionRequest) (types.WebSession, error)
- func (c *Client) GetSnowflakeSessions(ctx context.Context) ([]types.WebSession, error)
- func (c *Client) GetToken(ctx context.Context, name string) (types.ProvisionToken, error)
- func (c *Client) GetTokens(ctx context.Context) ([]types.ProvisionToken, error)
- func (c *Client) GetTrustedCluster(ctx context.Context, name string) (types.TrustedCluster, error)
- func (c *Client) GetTrustedClusters(ctx context.Context) ([]types.TrustedCluster, error)
- func (c *Client) GetUIConfig(ctx context.Context) (types.UIConfig, error)
- func (c *Client) GetUser(ctx context.Context, name string, withSecrets bool) (types.User, error)
- func (c *Client) GetUserGroup(ctx context.Context, name string) (types.UserGroup, error)
- func (c *Client) GetUserPreferences(ctx context.Context, in *userpreferencespb.GetUserPreferencesRequest) (*userpreferencespb.GetUserPreferencesResponse, error)
- func (c *Client) GetUsers(ctx context.Context, withSecrets bool) ([]types.User, error)
- func (c *Client) GetVnetConfig(ctx context.Context) (*vnet.VnetConfig, error)
- func (c *Client) GetWebSession(ctx context.Context, req types.GetWebSessionRequest) (types.WebSession, error)
- func (c *Client) GetWebToken(ctx context.Context, req types.GetWebTokenRequest) (types.WebToken, error)
- func (c *Client) GetWindowsDesktopService(ctx context.Context, name string) (types.WindowsDesktopService, error)
- func (c *Client) GetWindowsDesktopServices(ctx context.Context) ([]types.WindowsDesktopService, error)
- func (c *Client) GetWindowsDesktops(ctx context.Context, filter types.WindowsDesktopFilter) ([]types.WindowsDesktop, error)
- func (c *Client) GetWorkloadIdentity(ctx context.Context, name string) (*workloadidentityv1pb.WorkloadIdentity, error)
- func (c *Client) GitServerClient() *gitserverclient.Client
- func (c *Client) IdentityCenterClient() identitycenterv1.IdentityCenterServiceClient
- func (c *Client) IntegrationsClient() integrationpb.IntegrationServiceClient
- func (c *Client) InventoryControlStream(ctx context.Context) (DownstreamInventoryControlStream, error)
- func (c *Client) IsMFARequired(ctx context.Context, req *proto.IsMFARequiredRequest) (*proto.IsMFARequiredResponse, error)
- func (c *Client) KeepAliveSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error
- func (c *Client) ListAccessRequests(ctx context.Context, req *proto.ListAccessRequestsRequest) (*proto.ListAccessRequestsResponse, error)
- func (c *Client) ListAllAccessRequests(ctx context.Context, req *proto.ListAccessRequestsRequest) ([]*types.AccessRequestV3, error)
- func (c *Client) ListAllIntegrations(ctx context.Context) ([]types.Integration, error)
- func (c *Client) ListAppSessions(ctx context.Context, pageSize int, pageToken, user string) ([]types.WebSession, string, error)
- func (c *Client) ListIntegrations(ctx context.Context, pageSize int, nextKey string) ([]types.Integration, string, error)
- func (c *Client) ListKubernetesWaitingContainers(ctx context.Context, pageSize int, pageToken string) ([]*kubewaitingcontainerpb.KubernetesWaitingContainer, string, error)
- func (c *Client) ListNotifications(ctx context.Context, req *notificationsv1pb.ListNotificationsRequest) (*notificationsv1pb.ListNotificationsResponse, error)
- func (c *Client) ListReleases(ctx context.Context, req *proto.ListReleasesRequest) ([]*types.Release, error)
- func (c *Client) ListRemoteClusters(ctx context.Context, pageSize int, nextToken string) ([]types.RemoteCluster, string, error)
- func (c *Client) ListResources(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error)
- func (c *Client) ListReverseTunnels(ctx context.Context, pageSize int, nextToken string) ([]types.ReverseTunnel, string, error)
- func (c *Client) ListRoles(ctx context.Context, req *proto.ListRolesRequest) (*proto.ListRolesResponse, error)
- func (c *Client) ListSAMLIdPServiceProviders(ctx context.Context, pageSize int, nextKey string) ([]types.SAMLIdPServiceProvider, string, error)
- func (c *Client) ListSAMLIdPSessions(ctx context.Context, pageSize int, pageToken, user string) ([]types.WebSession, string, error)
- func (c *Client) ListUnifiedResources(ctx context.Context, req *proto.ListUnifiedResourcesRequest) (*proto.ListUnifiedResourcesResponse, error)
- func (c *Client) ListUserGroups(ctx context.Context, pageSize int, nextKey string) ([]types.UserGroup, string, error)
- func (c *Client) ListUsers(ctx context.Context, req *userspb.ListUsersRequest) (*userspb.ListUsersResponse, error)
- func (c *Client) LoginRuleClient() loginrulepb.LoginRuleServiceClient
- func (c *Client) MaintainSessionPresence(ctx context.Context) (proto.AuthService_MaintainSessionPresenceClient, error)
- func (c *Client) NewKeepAliver(ctx context.Context) (types.KeepAliver, error)
- func (c *Client) NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error)
- func (c *Client) NotificationServiceClient() notificationsv1pb.NotificationServiceClient
- func (c *Client) OktaClient() *okta.Client
- func (c *Client) PerformMFACeremony(ctx context.Context, ...) (*proto.MFAAuthenticateResponse, error)
- func (c *Client) Ping(ctx context.Context) (proto.PingResponse, error)
- func (c *Client) PingInventory(ctx context.Context, req proto.InventoryPingRequest) (proto.InventoryPingResponse, error)
- func (c *Client) PluginsClient() pluginspb.PluginServiceClient
- func (c *Client) PresenceServiceClient() presencepb.PresenceServiceClient
- func (c *Client) ProvisioningServiceClient() provisioningv1.ProvisioningServiceClient
- func (c *Client) RemoveSessionTracker(ctx context.Context, sessionID string) error
- func (c *Client) ReplaceRemoteLocks(ctx context.Context, clusterName string, locks []types.Lock) error
- func (c *Client) ResetAuthPreference(ctx context.Context) error
- func (c *Client) ResetClusterNetworkingConfig(ctx context.Context) error
- func (c *Client) ResetSessionRecordingConfig(ctx context.Context) error
- func (c *Client) ResolveSSHTarget(ctx context.Context, req *proto.ResolveSSHTargetRequest) (*proto.ResolveSSHTargetResponse, error)
- func (c *Client) ResourceUsageClient() resourceusagepb.ResourceUsageServiceClient
- func (c *Client) ResumeAuditStream(ctx context.Context, sessionID, uploadID string) (events.Stream, error)
- func (c *Client) RotateCertAuthority(ctx context.Context, rr types.RotateRequest) error
- func (c *Client) RotateExternalCertAuthority(ctx context.Context, ca types.CertAuthority) error
- func (c *Client) SAMLIdPClient() samlidppb.SAMLIdPServiceClient
- func (c *Client) SCIMClient() *scim.Client
- func (c *Client) SPIFFEFederationServiceClient() machineidv1pb.SPIFFEFederationServiceClient
- func (c *Client) SearchEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, ...) ([]events.AuditEvent, string, error)
- func (c *Client) SearchSessionEvents(ctx context.Context, fromUTC time.Time, toUTC time.Time, limit int, ...) ([]events.AuditEvent, string, error)
- func (c *Client) SearchUnstructuredEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, ...) ([]*auditlogpb.EventUnstructured, string, error)
- func (c *Client) SecReportsClient() *secreport.Client
- func (c *Client) SetAccessRequestState(ctx context.Context, params types.AccessRequestUpdate) error
- func (c *Client) SetAuthPreference(ctx context.Context, authPref types.AuthPreference) error
- func (c *Client) SetClusterNetworkingConfig(ctx context.Context, netConfig *types.ClusterNetworkingConfigV2) error
- func (c *Client) SetInstaller(ctx context.Context, inst types.Installer) error
- func (c *Client) SetMFAPromptConstructor(pc mfa.PromptConstructor)
- func (c *Client) SetNetworkRestrictions(ctx context.Context, nr types.NetworkRestrictions) error
- func (c *Client) SetSSOMFACeremonyConstructor(scc mfa.SSOMFACeremonyConstructor)
- func (c *Client) SetSessionRecordingConfig(ctx context.Context, recConfig types.SessionRecordingConfig) error
- func (c *Client) SetUIConfig(ctx context.Context, uic types.UIConfig) error
- func (c *Client) SignDatabaseCSR(ctx context.Context, req *proto.DatabaseCSRRequest) (*proto.DatabaseCSRResponse, error)
- func (c *Client) StartAccountRecovery(ctx context.Context, req *proto.StartAccountRecoveryRequest) (types.UserToken, error)
- func (c *Client) StaticHostUserClient() *statichostuserclient.Client
- func (c *Client) StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan events.AuditEvent, chan error)
- func (c *Client) StreamUnstructuredSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan *auditlogpb.EventUnstructured, chan error)
- func (c *Client) SubmitAccessReview(ctx context.Context, params types.AccessReviewSubmission) (types.AccessRequest, error)
- func (c *Client) SubmitUsageEvent(ctx context.Context, req *proto.SubmitUsageEventRequest) error
- func (c *Client) TrustClient() trustpb.TrustServiceClient
- func (c *Client) UpdateApp(ctx context.Context, app types.Application) error
- func (c *Client) UpdateAuthPreference(ctx context.Context, p types.AuthPreference) (types.AuthPreference, error)
- func (c *Client) UpdateAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdatev1pb.AutoUpdateAgentRollout) (*autoupdatev1pb.AutoUpdateAgentRollout, error)
- func (c *Client) UpdateAutoUpdateConfig(ctx context.Context, config *autoupdatev1pb.AutoUpdateConfig) (*autoupdatev1pb.AutoUpdateConfig, error)
- func (c *Client) UpdateAutoUpdateVersion(ctx context.Context, version *autoupdatev1pb.AutoUpdateVersion) (*autoupdatev1pb.AutoUpdateVersion, error)
- func (c *Client) UpdateClusterMaintenanceConfig(ctx context.Context, cmc types.ClusterMaintenanceConfig) error
- func (c *Client) UpdateClusterNetworkingConfig(ctx context.Context, cfg types.ClusterNetworkingConfig) (types.ClusterNetworkingConfig, error)
- func (c *Client) UpdateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error
- func (c *Client) UpdateDatabase(ctx context.Context, database types.Database) error
- func (c *Client) UpdateGithubConnector(ctx context.Context, connector types.GithubConnector) (types.GithubConnector, error)
- func (c *Client) UpdateHeadlessAuthenticationState(ctx context.Context, id string, state types.HeadlessAuthenticationState, ...) error
- func (c *Client) UpdateIntegration(ctx context.Context, ig types.Integration) (types.Integration, error)
- func (c *Client) UpdateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error
- func (c *Client) UpdateOIDCConnector(ctx context.Context, connector types.OIDCConnector) (types.OIDCConnector, error)
- func (c *Client) UpdatePluginData(ctx context.Context, params types.PluginDataUpdateParams) error
- func (c *Client) UpdateRemoteCluster(ctx context.Context, rc types.RemoteCluster) (types.RemoteCluster, error)
- func (c *Client) UpdateRole(ctx context.Context, role types.Role) (types.Role, error)
- func (c *Client) UpdateSAMLConnector(ctx context.Context, connector types.SAMLConnector) (types.SAMLConnector, error)
- func (c *Client) UpdateSAMLIdPServiceProvider(ctx context.Context, sp types.SAMLIdPServiceProvider) error
- func (c *Client) UpdateSessionRecordingConfig(ctx context.Context, cfg types.SessionRecordingConfig) (types.SessionRecordingConfig, error)
- func (c *Client) UpdateSessionTracker(ctx context.Context, req *proto.UpdateSessionTrackerRequest) error
- func (c *Client) UpdateTrustedCluster(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)
- func (c *Client) UpdateUser(ctx context.Context, user types.User) (types.User, error)
- func (c *Client) UpdateUserGroup(ctx context.Context, ug types.UserGroup) error
- func (c *Client) UpdateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error
- func (c *Client) UpsertApplicationServer(ctx context.Context, server types.AppServer) (*types.KeepAlive, error)
- func (c *Client) UpsertAuthPreference(ctx context.Context, p types.AuthPreference) (types.AuthPreference, error)
- func (c *Client) UpsertAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdatev1pb.AutoUpdateAgentRollout) (*autoupdatev1pb.AutoUpdateAgentRollout, error)
- func (c *Client) UpsertAutoUpdateConfig(ctx context.Context, config *autoupdatev1pb.AutoUpdateConfig) (*autoupdatev1pb.AutoUpdateConfig, error)
- func (c *Client) UpsertAutoUpdateVersion(ctx context.Context, version *autoupdatev1pb.AutoUpdateVersion) (*autoupdatev1pb.AutoUpdateVersion, error)
- func (c *Client) UpsertCertAuthority(ctx context.Context, ca types.CertAuthority) (types.CertAuthority, error)
- func (c *Client) UpsertClusterAlert(ctx context.Context, alert types.ClusterAlert) error
- func (c *Client) UpsertClusterNetworkingConfig(ctx context.Context, cfg types.ClusterNetworkingConfig) (types.ClusterNetworkingConfig, error)
- func (c *Client) UpsertDatabaseServer(ctx context.Context, server types.DatabaseServer) (*types.KeepAlive, error)
- func (c *Client) UpsertDatabaseService(ctx context.Context, service types.DatabaseService) (*types.KeepAlive, error)
- func (c *Client) UpsertDeviceResource(ctx context.Context, res *types.DeviceV1) (*types.DeviceV1, error)
- func (c *Client) UpsertGithubConnector(ctx context.Context, connector types.GithubConnector) (types.GithubConnector, error)
- func (c *Client) UpsertKubernetesServer(ctx context.Context, s types.KubeServer) (*types.KeepAlive, error)
- func (c *Client) UpsertLock(ctx context.Context, lock types.Lock) error
- func (c *Client) UpsertLoginRule(ctx context.Context, rule *loginrulepb.LoginRule) (*loginrulepb.LoginRule, error)
- func (c *Client) UpsertNode(ctx context.Context, node types.Server) (*types.KeepAlive, error)
- func (c *Client) UpsertOIDCConnector(ctx context.Context, oidcConnector types.OIDCConnector) (types.OIDCConnector, error)
- func (c *Client) UpsertReverseTunnel(ctx context.Context, rt types.ReverseTunnel) (types.ReverseTunnel, error)
- func (c *Client) UpsertRole(ctx context.Context, role types.Role) (types.Role, error)
- func (c *Client) UpsertSAMLConnector(ctx context.Context, connector types.SAMLConnector) (types.SAMLConnector, error)
- func (c *Client) UpsertServerInfo(ctx context.Context, serverInfo types.ServerInfo) error
- func (c *Client) UpsertSessionRecordingConfig(ctx context.Context, cfg types.SessionRecordingConfig) (types.SessionRecordingConfig, error)
- func (c *Client) UpsertToken(ctx context.Context, token types.ProvisionToken) error
- func (c *Client) UpsertTrustedCluster(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)deprecated
- func (c *Client) UpsertTrustedClusterV2(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)
- func (c *Client) UpsertUser(ctx context.Context, user types.User) (types.User, error)
- func (c *Client) UpsertUserLastSeenNotification(ctx context.Context, ...) (*notificationsv1pb.UserLastSeenNotification, error)
- func (c *Client) UpsertUserNotificationState(ctx context.Context, req *notificationsv1pb.UpsertUserNotificationStateRequest) (*notificationsv1pb.UserNotificationState, error)
- func (c *Client) UpsertUserPreferences(ctx context.Context, in *userpreferencespb.UpsertUserPreferencesRequest) error
- func (c *Client) UpsertWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error
- func (c *Client) UpsertWindowsDesktopService(ctx context.Context, service types.WindowsDesktopService) (*types.KeepAlive, error)
- func (c *Client) UpsertWorkloadIdentity(ctx context.Context, r *workloadidentityv1pb.WorkloadIdentity) (*workloadidentityv1pb.WorkloadIdentity, error)
- func (c *Client) UserLoginStateClient() *userloginstate.Client
- func (c *Client) UserTasksServiceClient() *usertaskapi.Client
- func (c *Client) VerifyAccountRecovery(ctx context.Context, req *proto.VerifyAccountRecoveryRequest) (types.UserToken, error)
- func (c *Client) VnetConfigServiceClient() vnet.VnetConfigServiceClient
- func (c *Client) WatchPendingHeadlessAuthentications(ctx context.Context) (types.Watcher, error)
- func (c *Client) WebSessions() types.WebSessionInterface
- func (c *Client) WebTokens() types.WebTokenInterface
- func (c *Client) WorkloadIdentityResourceServiceClient() workloadidentityv1pb.WorkloadIdentityResourceServiceClient
- func (c *Client) WorkloadIdentityServiceClient() machineidv1pb.WorkloadIdentityServiceClient
- type Config
- type ContextDialer
- func NewALPNDialer(cfg ALPNDialerConfig) ContextDialer
- func NewDialer(ctx context.Context, keepAlivePeriod, dialTimeout time.Duration, ...) ContextDialer
- func NewPROXYHeaderDialer(dialer ContextDialer, headerGetter PROXYHeaderGetter) ContextDialer
- func NewProxyDialer(ssh ssh.ClientConfig, keepAlivePeriod, dialTimeout time.Duration, ...) ContextDialer
- type ContextDialerFunc
- type Credentials
- func KeyPair(certPEM, keyPEM, caPEM []byte) (Credentials, error)
- func LoadIdentityFile(path string) Credentials
- func LoadIdentityFileFromString(content string) Credentials
- func LoadKeyPair(certFile, keyFile, caFile string) Credentials
- func LoadProfile(dir, name string) Credentials
- func LoadTLS(tlsConfig *tls.Config) Credentials
- type CredentialsWithDefaultAddrs
- type DialOption
- type DialProxyOption
- type DownstreamInventoryControlStream
- type DynamicIdentityFileCreds
- type GetClusterCAsFunc
- type GetResourcesClient
- type ICSPipeOption
- type JoinServiceClient
- func (c *JoinServiceClient) RegisterUsingAzureMethod(ctx context.Context, challengeResponse RegisterAzureChallengeResponseFunc) (*proto.Certs, error)
- func (c *JoinServiceClient) RegisterUsingIAMMethod(ctx context.Context, challengeResponse RegisterIAMChallengeResponseFunc) (*proto.Certs, error)
- func (c *JoinServiceClient) RegisterUsingTPMMethod(ctx context.Context, initReq *proto.RegisterUsingTPMMethodInitialRequest, ...) (*proto.Certs, error)
- func (c *JoinServiceClient) RegisterUsingToken(ctx context.Context, req *types.RegisterUsingTokenRequest) (*proto.Certs, error)
- type ListResourcesClient
- type ListUnifiedResourcesClient
- type PROXYHeaderGetter
- type RegisterAzureChallengeResponseFunc
- type RegisterIAMChallengeResponseFunc
- type RegisterTPMChallengeResponseFunc
- type ResourcePage
- func GetEnrichedResourcePage(ctx context.Context, clt GetResourcesClient, req *proto.ListResourcesRequest) (ResourcePage[*types.EnrichedResource], error)
- func GetResourcePage[T types.ResourceWithLabels](ctx context.Context, clt GetResourcesClient, req *proto.ListResourcesRequest) (ResourcePage[T], error)
- type UpstreamInventoryControlStream
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ErrClientCredentialsHaveExpired = &trace.AccessDeniedError{Message: "access denied: client credentials have expired, please relogin."}
ErrClientCredentialsHaveExpired means that the credentials expired on the server-side and the user should relogin.
Functions ¶
func ConfigureALPN ¶
ConfigureALPN configures ALPN SNI cluster routing information in TLS settings allowing for allowing to dial auth service through Teleport Proxy directly without using SSH Tunnels.
func DialProxy ¶
func DialProxy(ctx context.Context, proxyURL *url.URL, addr string, opts ...DialProxyOption) (net.Conn, error)
DialProxy creates a connection to a server via an HTTP or SOCKS5 Proxy.
func DialProxyWithDialer ¶
func DialProxyWithDialer( ctx context.Context, proxyURL *url.URL, addr string, dialer ContextDialer, opts ...DialProxyOption, ) (net.Conn, error)
DialProxyWithDialer creates a connection to a server via an HTTP or SOCKS5 Proxy using a specified dialer.
func EventFromGRPC ¶
EventFromGRPC converts proto.Event to types.Event
func EventToGRPC ¶
EventToGRPC converts types.Event to proto.Event.
func EventTypeFromGRPC ¶
EventTypeFromGRPC converts proto.Operation to types.OpType
func EventTypeToGRPC ¶
EventTypeToGRPC converts types.OpType to proto.Operation
func GRPCContextDialer ¶
GRPCContextDialer converts a ContextDialer to a function used for grpc.WithContextDialer.
func GetAllResources ¶
func GetAllResources[T types.ResourceWithLabels](ctx context.Context, clt GetResourcesClient, req *proto.ListResourcesRequest) ([]T, error)
GetAllResources is a helper for getting all existing resources that match the provided request. In addition to iterating pages, it also correctly handles downsizing pages when LimitExceeded errors are encountered.
func GetAllUnifiedResources ¶
func GetAllUnifiedResources(ctx context.Context, clt ListUnifiedResourcesClient, req *proto.ListUnifiedResourcesRequest) ([]*types.EnrichedResource, error)
GetAllUnifiedResources is a helper for getting all existing resources that match the provided request. In addition to iterating pages, it also correctly handles downsizing pages when LimitExceeded errors are encountered.
func GetKubernetesResourcesWithFilters ¶
func GetKubernetesResourcesWithFilters(ctx context.Context, clt kubeproto.KubeServiceClient, req *kubeproto.ListKubernetesResourcesRequest) ([]types.ResourceWithLabels, error)
GetKubernetesResourcesWithFilters is a helper for getting a list of kubernetes resources with optional filtering. In addition to iterating pages, it also correctly handles downsizing pages when LimitExceeded errors are encountered.
func GetResourcesWithFilters ¶
func GetResourcesWithFilters(ctx context.Context, clt ListResourcesClient, req proto.ListResourcesRequest) ([]types.ResourceWithLabels, error)
GetResourcesWithFilters is a helper for getting a list of resources with optional filtering. In addition to iterating pages, it also correctly handles downsizing pages when LimitExceeded errors are encountered.
GetAllResources or GetResourcePage should be preferred for client side operations to avoid converting from []types.ResourceWithLabels to concrete types.
func GetUnifiedResourcePage ¶
func GetUnifiedResourcePage(ctx context.Context, clt ListUnifiedResourcesClient, req *proto.ListUnifiedResourcesRequest) ([]*types.EnrichedResource, string, error)
GetUnifiedResourcePage is a helper for getting a single page of unified resources that match the provided request.
func InventoryControlStreamPipe ¶
func InventoryControlStreamPipe(opts ...ICSPipeOption) (UpstreamInventoryControlStream, DownstreamInventoryControlStream)
InventoryControlStreamPipe creates the two halves of an inventory control stream over an in-memory pipe.
func IsALPNConnUpgradeRequired ¶
func IsALPNConnUpgradeRequired(ctx context.Context, addr string, insecure bool, opts ...DialOption) bool
IsALPNConnUpgradeRequired returns true if a tunnel is required through a HTTP connection upgrade for ALPN connections.
The function makes a test connection to the Proxy Service and checks if the ALPN is supported. If not, the Proxy Service is likely behind an AWS ALB or some custom proxy services that strip out ALPN and SNI information on the way to our Proxy Service.
In those cases, the Teleport client should make a HTTP "upgrade" call to the Proxy Service to establish a tunnel for the originally planned traffic to preserve the ALPN and SNI information.
Example ¶
Perform ALPN handshake test to see if ALPN connection upgrade is required.
$ TELEPORT_ALPN_TEST_ADDR=proxy.example.com:443 go test -run=ExampleIsALPNConnUpgradeRequired -v
Note that "Output" is set to "false" to mark this as a testable example.
package main import ( "context" "fmt" "os" "github.com/gravitational/teleport/api/client" ) func main() { addr := os.Getenv("TELEPORT_ALPN_TEST_ADDR") fmt.Println(client.IsALPNConnUpgradeRequired(context.Background(), addr, false)) }
Output: false
func IsALPNPingProtocol ¶
IsALPNPingProtocol checks if the provided protocol is suffixed with Ping.
func NewOktaClient ¶
NewOktaClient creates a new Okta client for managing Okta resources.
func NewTracingClient ¶
NewTracingClient creates a new tracing.Client that will forward spans to the connected Teleport server. See New for details on how the connection it established.
func OverwriteALPNConnUpgradeRequirementByEnv ¶
OverwriteALPNConnUpgradeRequirementByEnv overwrites ALPN connection upgrade requirement by environment variable.
TODO(greedy52) DELETE in ??. Note that this toggle was planned to be deleted in 15.0 when the feature exits preview. However, many users still rely on this manual toggle as IsALPNConnUpgradeRequired cannot detect many situations where connection upgrade is required. This can be deleted once IsALPNConnUpgradeRequired is improved.
Types ¶
type ALPNDialer ¶
type ALPNDialer struct {
// contains filtered or unexported fields
}
ALPNDialer is a ContextDialer that dials a connection to the Proxy Service with ALPN and SNI configured in the provided TLSConfig. An ALPN connection upgrade is also performed at the initial connection, if an upgrade is required.
func (*ALPNDialer) DialContext ¶
DialContext implements ContextDialer.
type ALPNDialerConfig ¶
type ALPNDialerConfig struct { // KeepAlivePeriod defines period between keep alives. KeepAlivePeriod time.Duration // DialTimeout defines how long to attempt dialing before timing out. DialTimeout time.Duration // TLSConfig is the TLS config used for the TLS connection. TLSConfig *tls.Config // ALPNConnUpgradeRequired specifies if ALPN connection upgrade is required. ALPNConnUpgradeRequired bool // GetClusterCAs is an optional callback function to fetch cluster // CAs when connection upgrade is required. If not provided, it's assumed // the proper CAs are already present in TLSConfig. GetClusterCAs GetClusterCAsFunc // PROXYHeaderGetter is used if present to get signed PROXY headers to propagate client's IP. // Used by proxy's web server to make calls on behalf of connected clients. PROXYHeaderGetter PROXYHeaderGetter }
ALPNDialerConfig is the config for ALPNDialer.
type AuthServiceClient ¶
type AuthServiceClient struct { proto.AuthServiceClient auditlogpb.AuditLogServiceClient userpreferencespb.UserPreferencesServiceClient notificationsv1pb.NotificationServiceClient }
AuthServiceClient keeps the interfaces implemented by the auth service.
type Client ¶
type Client struct { // JoinServiceClient is a client for the JoinService, which runs on both the // auth and proxy. *JoinServiceClient // contains filtered or unexported fields }
Client is a gRPC Client that connects to a Teleport Auth server either locally or over ssh through a Teleport web proxy or tunnel proxy.
This client can be used to cover a variety of Teleport use cases, such as programmatically handling access requests, integrating with external tools, or dynamically configuring Teleport.
Example (RoleCRUD) ¶
Below is an example of creating a new Teleport Auth client with Profile credentials, and using that client to create, get, and delete a Role resource object.
Make sure to look at the Getting Started guide before attempting to run this example.
package main import ( "context" "log" "time" "github.com/gravitational/teleport/api/client" "github.com/gravitational/teleport/api/types" ) func main() { ctx := context.Background() // Create a new client in your go file. clt, err := client.New(ctx, client.Config{ Credentials: []client.Credentials{ client.LoadProfile("", ""), }, // set to true if your Teleport web proxy doesn't have HTTP/TLS certificate // configured yet (never use this in production). InsecureAddressDiscovery: false, }) if err != nil { log.Fatalf("failed to create client: %v", err) } defer clt.Close() // Resource Spec structs reflect their Resource's yaml definition. roleSpec := types.RoleSpecV6{ Options: types.RoleOptions{ MaxSessionTTL: types.Duration(time.Hour), }, Allow: types.RoleConditions{ Logins: []string{"role1"}, Rules: []types.Rule{ types.NewRule(types.KindAccessRequest, []string{types.VerbList, types.VerbRead}), }, }, Deny: types.RoleConditions{ NodeLabels: types.Labels{"*": []string{"*"}}, }, } // There are helper functions for creating Teleport resources. role, err := types.NewRole("role1", roleSpec) if err != nil { log.Fatalf("failed to get role: %v", err) } // Getters and setters can be used to alter specs. role.SetLogins(types.Allow, []string{"root"}) // Upsert overwrites the resource if it exists. Use this to create/update resources. // Equivalent to `tctl create -f role1.yaml`. role, err = clt.UpsertRole(ctx, role) if err != nil { log.Fatalf("failed to create role: %v", err) } // Equivalent to `tctl get role/role1`. role, err = clt.GetRole(ctx, "role1") if err != nil { log.Fatalf("failed to get role: %v", err) } // Equivalent to `tctl rm role/role1`. err = clt.DeleteRole(ctx, "role1") if err != nil { log.Fatalf("failed to delete role: %v", err) } }
Output:
func New ¶
New creates a new Client with an open connection to a Teleport server.
New will try to open a connection with all combinations of addresses and credentials. The first successful connection to a server will be used, or an aggregated error will be returned if all combinations fail.
cfg.Credentials must be non-empty. One of cfg.Addrs and cfg.Dialer must be non-empty, unless LoadProfile is used to fetch Credentials and load a web proxy dialer.
See the example below for usage.
Example ¶
package main import ( "context" "log" "os" "github.com/gravitational/teleport/api/client" ) func main() { ctx := context.Background() clt, err := client.New(ctx, client.Config{ // Multiple Addresses can be provided to attempt to // connect to the auth server. At least one address // must be provided, except when using the ProfileCreds. Addrs: []string{ // The Auth server address can be provided to connect locally. "auth.example.com:3025", // The tunnel proxy address can be provided // to connect to the Auth server over SSH. "proxy.example.com:3024", // The web proxy address can be provided to automatically // find the tunnel proxy address and connect using it. "proxy.example.com:3080", }, // Multiple Credentials can be provided to attempt to authenticate // the client. At least one Credentials object must be provided. Credentials: []client.Credentials{ client.LoadProfile("", ""), client.LoadIdentityFile("identity-path"), client.LoadKeyPair("cert.crt", "cert.key", "cert.cas"), client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY")), }, // set to true if your web proxy doesn't have HTTP/TLS certificate // configured yet (never use this in production). InsecureAddressDiscovery: false, }) if err != nil { log.Fatal(err) } defer clt.Close() clt.Ping(ctx) }
Output:
func (*Client) AccessListClient ¶
func (c *Client) AccessListClient() *accesslist.Client
AccessListClient returns an access list client. Clients connecting to older Teleport versions, still get an access list client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) AccessMonitoringRulesClient ¶
func (c *Client) AccessMonitoringRulesClient() *accessmonitoringrules.Client
AccessMonitoringRulesClient returns an Access Monitoring Rules client. Clients connecting to older Teleport versions, still get an access list client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) AcquireSemaphore ¶
func (c *Client) AcquireSemaphore(ctx context.Context, params types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error)
AcquireSemaphore acquires lease with requested resources from semaphore.
func (*Client) AddMFADeviceSync ¶
func (c *Client) AddMFADeviceSync(ctx context.Context, in *proto.AddMFADeviceSyncRequest) (*proto.AddMFADeviceSyncResponse, error)
AddMFADeviceSync adds a new MFA device.
func (*Client) AppendDiagnosticTrace ¶
func (c *Client) AppendDiagnosticTrace(ctx context.Context, name string, t *types.ConnectionDiagnosticTrace) (types.ConnectionDiagnostic, error)
AppendDiagnosticTrace adds a new trace for the given ConnectionDiagnostic.
func (*Client) AssertSystemRole ¶
AssertSystemRole is used by agents to prove that they have a given system role when their credentials originate from multiple separate join tokens so that they can be issued an instance certificate that encompasses all of their capabilities. This method will be deprecated once we have a more comprehensive model for join token joining/replacement.
func (*Client) BotInstanceServiceClient ¶
func (c *Client) BotInstanceServiceClient() machineidv1pb.BotInstanceServiceClient
BotInstanceServiceClient returns an unadorned client for the bot instance service
func (*Client) BotServiceClient ¶
func (c *Client) BotServiceClient() machineidv1pb.BotServiceClient
BotServiceClient returns an unadorned client for the bot service.
func (*Client) CancelSemaphoreLease ¶
CancelSemaphoreLease cancels semaphore lease early.
func (*Client) ChangePassword ¶
func (*Client) ChangeUserAuthentication ¶
func (c *Client) ChangeUserAuthentication(ctx context.Context, req *proto.ChangeUserAuthenticationRequest) (*proto.ChangeUserAuthenticationResponse, error)
ChangeUserAuthentication allows a user with a reset or invite token to change their password and if enabled also adds a new mfa device. Upon success, creates new web session and creates new set of recovery codes (if user meets requirements).
func (*Client) ClearAlertAcks ¶
ClearAlertAcks clears alert acknowledgments.
func (*Client) ClusterConfigClient ¶
func (c *Client) ClusterConfigClient() clusterconfigpb.ClusterConfigServiceClient
ClusterConfigClient returns an unadorned Cluster Configuration client, using the underlying Auth gRPC connection.
func (*Client) CompleteAccountRecovery ¶
func (c *Client) CompleteAccountRecovery(ctx context.Context, req *proto.CompleteAccountRecoveryRequest) error
CompleteAccountRecovery sets a new password or adds a new mfa device, allowing user to regain access to their account using the new credentials. Represents the last step in the account recovery process after RPC's StartAccountRecovery and VerifyAccountRecovery.
func (*Client) CreateAccessRequestV2 ¶
func (c *Client) CreateAccessRequestV2(ctx context.Context, req types.AccessRequest) (types.AccessRequest, error)
CreateAccessRequestV2 registers a new access request with the auth server.
func (*Client) CreateAccountRecoveryCodes ¶
func (c *Client) CreateAccountRecoveryCodes(ctx context.Context, req *proto.CreateAccountRecoveryCodesRequest) (*proto.RecoveryCodes, error)
CreateAccountRecoveryCodes creates new set of recovery codes for a user, replacing and invalidating any previously owned codes.
func (*Client) CreateAlertAck ¶
CreateAlertAck marks a cluster alert as acknowledged.
func (*Client) CreateAppSession ¶
func (c *Client) CreateAppSession(ctx context.Context, req *proto.CreateAppSessionRequest) (types.WebSession, error)
CreateAppSession creates an application web session. Application web sessions represent a browser session the client holds.
func (*Client) CreateAuditStream ¶
CreateAuditStream creates new audit stream.
func (*Client) CreateAuthenticateChallenge ¶
func (c *Client) CreateAuthenticateChallenge(ctx context.Context, in *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error)
CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA devices.
func (*Client) CreateAutoUpdateAgentRollout ¶
func (c *Client) CreateAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdatev1pb.AutoUpdateAgentRollout) (*autoupdatev1pb.AutoUpdateAgentRollout, error)
CreateAutoUpdateAgentRollout creates AutoUpdateAgentRollout resource.
func (*Client) CreateAutoUpdateConfig ¶
func (c *Client) CreateAutoUpdateConfig(ctx context.Context, config *autoupdatev1pb.AutoUpdateConfig) (*autoupdatev1pb.AutoUpdateConfig, error)
CreateAutoUpdateConfig creates AutoUpdateConfig resource.
func (*Client) CreateAutoUpdateVersion ¶
func (c *Client) CreateAutoUpdateVersion(ctx context.Context, version *autoupdatev1pb.AutoUpdateVersion) (*autoupdatev1pb.AutoUpdateVersion, error)
CreateAutoUpdateVersion creates AutoUpdateVersion resource.
func (*Client) CreateConnectionDiagnostic ¶
func (c *Client) CreateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error
CreateConnectionDiagnostic creates a new connection diagnostic.
func (*Client) CreateDatabase ¶
CreateDatabase creates a new database resource.
func (*Client) CreateDeviceResource ¶
func (c *Client) CreateDeviceResource(ctx context.Context, res *types.DeviceV1) (*types.DeviceV1, error)
CreateDeviceResource creates a device using its resource representation. Prefer using [DevicesClient] directly if you can.
func (*Client) CreateGithubAuthRequest ¶
func (c *Client) CreateGithubAuthRequest(ctx context.Context, req types.GithubAuthRequest) (*types.GithubAuthRequest, error)
CreateGithubAuthRequest creates GithubAuthRequest.
func (*Client) CreateGithubConnector ¶
func (c *Client) CreateGithubConnector(ctx context.Context, connector types.GithubConnector) (types.GithubConnector, error)
CreateGithubConnector creates a Github connector.
func (*Client) CreateGlobalNotification ¶
func (c *Client) CreateGlobalNotification(ctx context.Context, req *notificationsv1pb.CreateGlobalNotificationRequest) (*notificationsv1pb.GlobalNotification, error)
CreateGlobalNotification creates a global notification.
func (*Client) CreateIntegration ¶
func (c *Client) CreateIntegration(ctx context.Context, ig types.Integration) (types.Integration, error)
CreateIntegration creates a new Integration.
func (*Client) CreateKubernetesCluster ¶
CreateKubernetesCluster creates a new kubernetes cluster resource.
func (*Client) CreateKubernetesWaitingContainer ¶
func (c *Client) CreateKubernetesWaitingContainer(ctx context.Context, waitingPod *kubewaitingcontainerpb.KubernetesWaitingContainer) (*kubewaitingcontainerpb.KubernetesWaitingContainer, error)
CreateKubernetesWaitingContainer creates a Kubernetes ephemeral container that are waiting to be created until moderated session conditions are met.
func (*Client) CreateLoginRule ¶
func (c *Client) CreateLoginRule(ctx context.Context, rule *loginrulepb.LoginRule) (*loginrulepb.LoginRule, error)
CreateLoginRule creates a login rule if one with the same name does not already exist, else it returns an error.
func (*Client) CreateOIDCAuthRequest ¶
func (c *Client) CreateOIDCAuthRequest(ctx context.Context, req types.OIDCAuthRequest) (*types.OIDCAuthRequest, error)
CreateOIDCAuthRequest creates OIDCAuthRequest.
func (*Client) CreateOIDCConnector ¶
func (c *Client) CreateOIDCConnector(ctx context.Context, connector types.OIDCConnector) (types.OIDCConnector, error)
CreateOIDCConnector creates an OIDC connector.
func (*Client) CreatePrivilegeToken ¶
func (c *Client) CreatePrivilegeToken(ctx context.Context, req *proto.CreatePrivilegeTokenRequest) (*types.UserTokenV3, error)
CreatePrivilegeToken is implemented by AuthService.CreatePrivilegeToken.
func (*Client) CreateRegisterChallenge ¶
func (c *Client) CreateRegisterChallenge(ctx context.Context, in *proto.CreateRegisterChallengeRequest) (*proto.MFARegisterChallenge, error)
CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device.
func (*Client) CreateResetPasswordToken ¶
func (c *Client) CreateResetPasswordToken(ctx context.Context, req *proto.CreateResetPasswordTokenRequest) (types.UserToken, error)
CreateResetPasswordToken creates reset password token.
func (*Client) CreateRole ¶
CreateRole creates a new role.
func (*Client) CreateSAMLAuthRequest ¶
func (c *Client) CreateSAMLAuthRequest(ctx context.Context, req types.SAMLAuthRequest) (*types.SAMLAuthRequest, error)
CreateSAMLAuthRequest creates SAMLAuthRequest.
func (*Client) CreateSAMLConnector ¶
func (c *Client) CreateSAMLConnector(ctx context.Context, connector types.SAMLConnector) (types.SAMLConnector, error)
CreateSAMLConnector creates a SAML connector.
func (*Client) CreateSAMLIdPServiceProvider ¶
func (c *Client) CreateSAMLIdPServiceProvider(ctx context.Context, sp types.SAMLIdPServiceProvider) error
CreateSAMLIdPServiceProvider creates a new SAML IdP service provider resource.
func (*Client) CreateSAMLIdPSession ¶
func (c *Client) CreateSAMLIdPSession(ctx context.Context, req types.CreateSAMLIdPSessionRequest) (types.WebSession, error)
CreateSAMLIdPSession creates a SAML IdP session. Deprecated: Do not use. The Concept of SAML IdP Sessions is no longer in use. SAML IdP Sessions are directly tied to their parent web sessions instead.
func (*Client) CreateSessionTracker ¶
func (c *Client) CreateSessionTracker(ctx context.Context, st types.SessionTracker) (types.SessionTracker, error)
CreateSessionTracker creates a tracker resource for an active session.
func (*Client) CreateSnowflakeSession ¶
func (c *Client) CreateSnowflakeSession(ctx context.Context, req types.CreateSnowflakeSessionRequest) (types.WebSession, error)
CreateSnowflakeSession creates a Snowflake web session.
func (*Client) CreateToken ¶
CreateToken creates a provision token.
func (*Client) CreateTrustedCluster ¶
func (c *Client) CreateTrustedCluster(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)
CreateTrustedCluster creates a Trusted Cluster.
func (*Client) CreateUser ¶
CreateUser creates a new user from the specified descriptor.
func (*Client) CreateUserGroup ¶
CreateUserGroup creates a new user group resource.
func (*Client) CreateUserNotification ¶
func (c *Client) CreateUserNotification(ctx context.Context, req *notificationsv1pb.CreateUserNotificationRequest) (*notificationsv1pb.Notification, error)
CreateUserNotification creates a user-specific notification.
func (*Client) CreateWindowsDesktop ¶
CreateWindowsDesktop registers a new windows desktop host.
func (*Client) CreateWorkloadIdentity ¶
func (c *Client) CreateWorkloadIdentity(ctx context.Context, r *workloadidentityv1pb.WorkloadIdentity) (*workloadidentityv1pb.WorkloadIdentity, error)
CreateWorkloadIdentity creates a new workload identity, it will not overwrite an existing workload identity with the same name.
func (*Client) CrownJewelServiceClient ¶
func (c *Client) CrownJewelServiceClient() *crownjewelapi.Client
CrownJewelServiceClient returns a CrownJewel client. Clients connecting to older Teleport versions, still get a CrownJewel client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) DatabaseObjectClient ¶
func (c *Client) DatabaseObjectClient() dbobjectv1.DatabaseObjectServiceClient
DatabaseObjectClient returns a client for managing database objects.
func (*Client) DatabaseObjectImportRuleClient ¶
func (c *Client) DatabaseObjectImportRuleClient() dbobjectimportrulev1.DatabaseObjectImportRuleServiceClient
DatabaseObjectImportRuleClient returns a client for managing database object import rules.
func (*Client) DecisionClient ¶
func (c *Client) DecisionClient() decisionpb.DecisionServiceClient
DecisionClient returns an unadorned DecisionService client using the underlying Auth gRPC connection.
func (*Client) DeleteAccessRequest ¶
DeleteAccessRequest deletes an access request.
func (*Client) DeleteAllAppSessions ¶
DeleteAllAppSessions removes all application web sessions.
func (*Client) DeleteAllApplicationServers ¶
DeleteAllApplicationServers removes all registered application servers.
func (*Client) DeleteAllApps ¶
DeleteAllApps deletes all application resources.
func (*Client) DeleteAllDatabaseServers ¶
DeleteAllDatabaseServers removes all registered database proxy servers.
func (*Client) DeleteAllDatabaseServices ¶
DeleteAllDatabaseServices deletes all DatabaseService resources. If an error occurs, a partial delete may happen.
func (*Client) DeleteAllDatabases ¶
DeleteAllDatabases deletes all database resources.
func (*Client) DeleteAllInstallers ¶
DeleteAllInstallers deletes all the installer resources.
func (*Client) DeleteAllIntegrations ¶
DeleteAllIntegrations removes all Integrations.
func (*Client) DeleteAllKubernetesClusters ¶
DeleteAllKubernetesClusters deletes all kubernetes cluster resources.
func (*Client) DeleteAllKubernetesServers ¶
DeleteAllKubernetesServers deletes all registered kubernetes servers.
func (*Client) DeleteAllNodes ¶
DeleteAllNodes deletes all nodes in a given namespace.
func (*Client) DeleteAllSAMLIdPServiceProviders ¶
DeleteAllSAMLIdPServiceProviders removes all SAML IdP service providers.
func (*Client) DeleteAllSAMLIdPSessions ¶
DeleteAllSAMLIdPSessions removes all SAML IdP sessions. Deprecated: Do not use. The Concept of SAML IdP Sessions is no longer in use. SAML IdP Sessions are directly tied to their parent web sessions instead.
func (*Client) DeleteAllServerInfos ¶
DeleteAllServerInfos deletes all ServerInfos.
func (*Client) DeleteAllSnowflakeSessions ¶
DeleteAllSnowflakeSessions removes all Snowflake web sessions.
func (*Client) DeleteAllUserGroups ¶
DeleteAllUserGroups removes all user groups.
func (*Client) DeleteAllWindowsDesktopServices ¶
DeleteAllWindowsDesktopServices removes all registered windows desktop services.
func (*Client) DeleteAllWindowsDesktops ¶
DeleteAllWindowsDesktops removes all registered windows desktop hosts.
func (*Client) DeleteAppSession ¶
DeleteAppSession removes an application web session.
func (*Client) DeleteApplicationServer ¶
DeleteApplicationServer removes specified application server.
func (*Client) DeleteAutoUpdateAgentRollout ¶
DeleteAutoUpdateAgentRollout deletes AutoUpdateAgentRollout resource.
func (*Client) DeleteAutoUpdateConfig ¶
DeleteAutoUpdateConfig deletes AutoUpdateConfig resource.
func (*Client) DeleteAutoUpdateVersion ¶
DeleteAutoUpdateVersion deletes AutoUpdateVersion resource.
func (*Client) DeleteCertAuthority ¶
DeleteCertAuthority removes a CA matching the type and domain.
func (*Client) DeleteClusterMaintenanceConfig ¶
DeleteClusterMaintenanceConfig deletes the current maintenance window config singleton.
func (*Client) DeleteDatabase ¶
DeleteDatabase deletes specified database resource.
func (*Client) DeleteDatabaseServer ¶
DeleteDatabaseServer removes the specified database proxy server.
func (*Client) DeleteDatabaseService ¶
DeleteDatabaseService deletes a specific DatabaseService resource.
func (*Client) DeleteDeviceResource ¶
DeleteDeviceResource deletes a device using its ID (either devicepb.Device.Id or its Metadata.Name). Prefer using [DevicesClient] directly if you can.
func (*Client) DeleteGithubConnector ¶
DeleteGithubConnector deletes a Github connector by name.
func (*Client) DeleteGlobalNotification ¶
func (c *Client) DeleteGlobalNotification(ctx context.Context, req *notificationsv1pb.DeleteGlobalNotificationRequest) error
DeleteGlobalNotification deletes a global notification.
func (*Client) DeleteInstaller ¶
DeleteInstaller deletes the cluster installer resource
func (*Client) DeleteIntegration ¶
DeleteIntegration removes an Integration by its name.
func (*Client) DeleteKubernetesCluster ¶
DeleteKubernetesCluster deletes specified kubernetes cluster resource.
func (*Client) DeleteKubernetesServer ¶
DeleteKubernetesServer deletes a named kubernetes server.
func (*Client) DeleteKubernetesWaitingContainer ¶
func (c *Client) DeleteKubernetesWaitingContainer(ctx context.Context, req *kubewaitingcontainerpb.DeleteKubernetesWaitingContainerRequest) error
DeleteKubernetesWaitingContainer deletes a Kubernetes ephemeral container that are waiting to be created until moderated session conditions are met.
func (*Client) DeleteLock ¶
DeleteLock deletes a lock.
func (*Client) DeleteLoginRule ¶
DeleteLoginRule deletes an existing login rule by name.
func (*Client) DeleteMFADeviceSync ¶
func (c *Client) DeleteMFADeviceSync(ctx context.Context, in *proto.DeleteMFADeviceSyncRequest) error
DeleteMFADeviceSync deletes a users MFA device.
func (*Client) DeleteNetworkRestrictions ¶
DeleteNetworkRestrictions deletes the network restrictions
func (*Client) DeleteNode ¶
DeleteNode deletes a node by name and namespace.
func (*Client) DeleteOIDCConnector ¶
DeleteOIDCConnector deletes an OIDC connector by name.
func (*Client) DeleteRemoteCluster ¶
DeleteRemoteCluster creates remote cluster resource
func (*Client) DeleteReverseTunnel ¶
DeleteReverseTunnel deletes a reverse tunnel resource
func (*Client) DeleteRole ¶
DeleteRole deletes role by name
func (*Client) DeleteSAMLConnector ¶
DeleteSAMLConnector deletes a SAML connector by name.
func (*Client) DeleteSAMLIdPServiceProvider ¶
DeleteSAMLIdPServiceProvider removes the specified SAML IdP service provider resource.
func (*Client) DeleteSAMLIdPSession ¶
func (c *Client) DeleteSAMLIdPSession(ctx context.Context, req types.DeleteSAMLIdPSessionRequest) error
DeleteSAMLIdPSession removes a SAML IdP session. Deprecated: Do not use. As of v16, the Concept of SAML IdP Sessions is no longer in use. SAML IdP Sessions are directly tied to their parent web sessions instead. This endpoint will be removed in v17.
func (*Client) DeleteSemaphore ¶
DeleteSemaphore deletes a semaphore matching the supplied filter.
func (*Client) DeleteServerInfo ¶
DeleteServerInfo deletes a ServerInfo by name.
func (*Client) DeleteSnowflakeSession ¶
func (c *Client) DeleteSnowflakeSession(ctx context.Context, req types.DeleteSnowflakeSessionRequest) error
DeleteSnowflakeSession removes a Snowflake web session.
func (*Client) DeleteToken ¶
DeleteToken deletes a provision token by name.
func (*Client) DeleteTrustedCluster ¶
DeleteTrustedCluster deletes a Trusted Cluster by name.
func (*Client) DeleteUser ¶
DeleteUser deletes a user by name.
func (*Client) DeleteUserAppSessions ¶
func (c *Client) DeleteUserAppSessions(ctx context.Context, req *proto.DeleteUserAppSessionsRequest) error
DeleteUserAppSessions deletes all user’s application sessions.
func (*Client) DeleteUserGroup ¶
DeleteUserGroup removes the specified user group resource.
func (*Client) DeleteUserNotification ¶
func (c *Client) DeleteUserNotification(ctx context.Context, req *notificationsv1pb.DeleteUserNotificationRequest) error
DeleteUserNotification not implemented: can only be called locally.
func (*Client) DeleteUserSAMLIdPSessions ¶
DeleteUserSAMLIdPSessions deletes all user’s SAML IdP sessions. Deprecated: Do not use. The Concept of SAML IdP Sessions is no longer in use. SAML IdP Sessions are directly tied to their parent web sessions instead.
func (*Client) DeleteWindowsDesktop ¶
DeleteWindowsDesktop removes the specified windows desktop host. Note: unlike GetWindowsDesktops, this will delete at-most one desktop. Passing an empty host ID will not trigger "delete all" behavior. To delete all desktops, use DeleteAllWindowsDesktops.
func (*Client) DeleteWindowsDesktopService ¶
DeleteWindowsDesktopService removes the specified windows desktop service.
func (*Client) DeleteWorkloadIdentity ¶
DeleteWorkloadIdentity deletes a workload identity by name. It will throw an error if the workload identity does not exist.
func (*Client) DevicesClient ¶
func (c *Client) DevicesClient() devicepb.DeviceTrustServiceClient
DevicesClient returns an unadorned Device Trust client, using the underlying Auth gRPC connection. Clients connecting to non-Enterprise clusters, or older Teleport versions, still get a devices client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) Dialer ¶
func (c *Client) Dialer() ContextDialer
Dialer returns the ContextDialer the client connected with.
func (*Client) DiscoveryConfigClient ¶
func (c *Client) DiscoveryConfigClient() *discoveryconfig.Client
DiscoveryConfigClient returns a DiscoveryConfig client. Clients connecting to older Teleport versions, still get an DiscoveryConfig client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) DynamicDesktopClient ¶
func (c *Client) DynamicDesktopClient() *dynamicwindows.Client
func (*Client) EmitAuditEvent ¶
EmitAuditEvent sends an auditable event to the auth server.
func (*Client) ExportUnstructuredEvents ¶
func (c *Client) ExportUnstructuredEvents(ctx context.Context, req *auditlogpb.ExportUnstructuredEventsRequest) stream.Stream[*auditlogpb.ExportEventUnstructured]
ExportUnstructuredEvents exports events from a given event chunk returned by GetEventExportChunks. This API prioritizes performance over ordering and filtering, and is intended for bulk export of events.
func (*Client) ExportUpgradeWindows ¶
func (c *Client) ExportUpgradeWindows(ctx context.Context, req proto.ExportUpgradeWindowsRequest) (proto.ExportUpgradeWindowsResponse, error)
ExportUpgradeWindows is used to load derived upgrade window values for agents that need to export schedules to external upgraders.
func (*Client) ExternalAuditStorageClient ¶
func (c *Client) ExternalAuditStorageClient() *externalauditstorage.Client
ExternalAuditStorageClient returns an unadorned External Audit Storage client, using the underlying Auth gRPC connection. Clients connecting to non-Enterprise clusters, or older Teleport versions, still get a external audit client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) GenerateAWSOIDCToken ¶
GenerateAWSOIDCToken generates a token to be used when executing an AWS OIDC Integration action.
func (*Client) GenerateAppToken ¶
func (c *Client) GenerateAppToken(ctx context.Context, req types.GenerateAppTokenRequest) (string, error)
GenerateAppToken creates a JWT token with application access.
func (*Client) GenerateCertAuthorityCRL ¶
func (c *Client) GenerateCertAuthorityCRL(ctx context.Context, req *proto.CertAuthorityRequest) (*proto.CRL, error)
GenerateCertAuthorityCRL generates an empty CRL for a CA.
func (*Client) GenerateDatabaseCert ¶
func (c *Client) GenerateDatabaseCert(ctx context.Context, req *proto.DatabaseCertRequest) (*proto.DatabaseCertResponse, error)
GenerateDatabaseCert generates a client certificate used by a database service to authenticate with the database instance, or a server certificate for configuring a self-hosted database, depending on the requester_name.
func (*Client) GenerateHostCerts ¶
func (c *Client) GenerateHostCerts(ctx context.Context, req *proto.HostCertsRequest) (*proto.Certs, error)
GenerateHostCerts generates host certificates.
func (*Client) GenerateOpenSSHCert ¶
func (c *Client) GenerateOpenSSHCert(ctx context.Context, req *proto.OpenSSHCertRequest) (*proto.OpenSSHCert, error)
GenerateOpenSSHCert signs a SSH certificate that can be used to connect to Agentless nodes.
func (*Client) GenerateSnowflakeJWT ¶
func (c *Client) GenerateSnowflakeJWT(ctx context.Context, req types.GenerateSnowflakeJWT) (string, error)
GenerateSnowflakeJWT generates JWT in the Snowflake required format.
func (*Client) GenerateUserCerts ¶
func (c *Client) GenerateUserCerts(ctx context.Context, req proto.UserCertsRequest) (*proto.Certs, error)
GenerateUserCerts takes the public key in the OpenSSH `authorized_keys` plain text format, signs it using User Certificate Authority signing key and returns the resulting certificates.
func (*Client) GenerateWindowsDesktopCert ¶
func (c *Client) GenerateWindowsDesktopCert(ctx context.Context, req *proto.WindowsDesktopCertRequest) (*proto.WindowsDesktopCertResponse, error)
GenerateWindowsDesktopCert generates client certificate for Windows RDP authentication.
func (*Client) GetAccessCapabilities ¶
func (c *Client) GetAccessCapabilities(ctx context.Context, req types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error)
GetAccessCapabilities requests the access capabilities of a user.
func (*Client) GetAccessRequestAllowedPromotions ¶
func (c *Client) GetAccessRequestAllowedPromotions(ctx context.Context, req types.AccessRequest) (*types.AccessRequestAllowedPromotions, error)
GetAccessRequestAllowedPromotions returns the list of promotions allowed for the given access request.
func (*Client) GetAccessRequests ¶
func (c *Client) GetAccessRequests(ctx context.Context, filter types.AccessRequestFilter) ([]types.AccessRequest, error)
GetAccessRequests retrieves a list of all access requests matching the provided filter.
func (*Client) GetAccountRecoveryCodes ¶
func (c *Client) GetAccountRecoveryCodes(ctx context.Context, req *proto.GetAccountRecoveryCodesRequest) (*proto.RecoveryCodes, error)
GetAccountRecoveryCodes returns the user in context their recovery codes resource without any secrets.
func (*Client) GetAccountRecoveryToken ¶
func (c *Client) GetAccountRecoveryToken(ctx context.Context, req *proto.GetAccountRecoveryTokenRequest) (types.UserToken, error)
GetAccountRecoveryToken returns a user token resource after verifying the token in request is not expired and is of the correct recovery type.
func (*Client) GetActiveSessionTrackers ¶
GetActiveSessionTrackers returns a list of active session trackers.
func (*Client) GetActiveSessionTrackersWithFilter ¶
func (c *Client) GetActiveSessionTrackersWithFilter(ctx context.Context, filter *types.SessionTrackerFilter) ([]types.SessionTracker, error)
GetActiveSessionTrackersWithFilter returns a list of active sessions filtered by a filter.
func (*Client) GetAlertAcks ¶
GetAlertAcks gets active alert acknowledgements.
func (*Client) GetApp ¶
GetApp returns the specified application resource.
Note that application resources here refers to "dynamically-added" applications such as applications created by `tctl create`, or the CreateApp API. Applications defined in the `app_service.apps` section of the service YAML configuration are not collected in this API.
For a full list of registered applications that are served by an application service, use GetApplicationServers instead.
func (*Client) GetAppSession ¶
func (c *Client) GetAppSession(ctx context.Context, req types.GetAppSessionRequest) (types.WebSession, error)
GetAppSession gets an application web session.
func (*Client) GetApplicationServers ¶
func (c *Client) GetApplicationServers(ctx context.Context, namespace string) ([]types.AppServer, error)
GetApplicationServers returns all registered application servers.
func (*Client) GetApps ¶
GetApps returns all application resources.
Note that application resources here refers to "dynamically-added" applications such as applications created by `tctl create`, or the CreateApp API. Applications defined in the `app_service.apps` section of the service YAML configuration are not collected in this API.
For a full list of registered applications that are served by an application service, use GetApplicationServers instead.
func (*Client) GetAuthPreference ¶
GetAuthPreference gets the active cluster auth preference.
func (*Client) GetAutoUpdateAgentRollout ¶
func (c *Client) GetAutoUpdateAgentRollout(ctx context.Context) (*autoupdatev1pb.AutoUpdateAgentRollout, error)
GetAutoUpdateAgentRollout gets AutoUpdateAgentRollout resource.
func (*Client) GetAutoUpdateConfig ¶
func (c *Client) GetAutoUpdateConfig(ctx context.Context) (*autoupdatev1pb.AutoUpdateConfig, error)
GetAutoUpdateConfig gets AutoUpdateConfig resource.
func (*Client) GetAutoUpdateVersion ¶
func (c *Client) GetAutoUpdateVersion(ctx context.Context) (*autoupdatev1pb.AutoUpdateVersion, error)
GetAutoUpdateVersion gets AutoUpdateVersion resource.
func (*Client) GetCertAuthorities ¶
func (c *Client) GetCertAuthorities(ctx context.Context, caType types.CertAuthType, loadKeys bool) ([]types.CertAuthority, error)
GetCertAuthorities retrieves CAs by type.
func (*Client) GetCertAuthority ¶
func (c *Client) GetCertAuthority(ctx context.Context, id types.CertAuthID, loadKeys bool) (types.CertAuthority, error)
GetCertAuthority retrieves a CA by type and domain.
func (*Client) GetClusterAccessGraphConfig ¶
func (c *Client) GetClusterAccessGraphConfig(ctx context.Context) (*clusterconfigpb.AccessGraphConfig, error)
GetClusterAccessGraphConfig retrieves the Cluster Access Graph configuration from Auth server.
func (*Client) GetClusterAlerts ¶
func (c *Client) GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error)
GetClusterAlerts loads matching cluster alerts.
func (*Client) GetClusterAuditConfig ¶
GetClusterAuditConfig gets cluster audit configuration.
func (*Client) GetClusterCACert ¶
GetClusterCACert returns the PEM-encoded TLS certs for the local cluster. If the cluster has multiple TLS certs, they will all be concatenated.
func (*Client) GetClusterMaintenanceConfig ¶
func (c *Client) GetClusterMaintenanceConfig(ctx context.Context) (types.ClusterMaintenanceConfig, error)
GetClusterMaintenanceConfig gets the current maintenance window config singleton.
func (*Client) GetClusterNetworkingConfig ¶
func (c *Client) GetClusterNetworkingConfig(ctx context.Context) (types.ClusterNetworkingConfig, error)
GetClusterNetworkingConfig gets cluster networking configuration.
func (*Client) GetConnection ¶
func (c *Client) GetConnection() *grpc.ClientConn
GetConnection returns gRPC connection.
func (*Client) GetConnectionDiagnostic ¶
func (c *Client) GetConnectionDiagnostic(ctx context.Context, name string) (types.ConnectionDiagnostic, error)
GetConnectionDiagnostic reads a connection diagnostic
func (*Client) GetCurrentUser ¶
GetCurrentUser returns current user as seen by the server. Useful especially in the context of remote clusters which perform role and trait mapping.
func (*Client) GetCurrentUserRoles ¶
GetCurrentUserRoles returns current user's roles.
func (*Client) GetDatabase ¶
GetDatabase returns the specified database resource.
Note that database resources here refers to "dynamically-added" databases such as databases created by `tctl create`, the discovery service, or the CreateDatabase API. Databases discovered by the database agent (legacy discovery flow using `database_service.aws/database_service.azure`) and static databases defined in the `database_service.databases` section of the service YAML configuration are not collected in this API.
For a full list of registered databases that are served by a database service, use GetDatabaseServers instead.
func (*Client) GetDatabaseObjectImportRules ¶
func (c *Client) GetDatabaseObjectImportRules(ctx context.Context) ([]*dbobjectimportrulev1.DatabaseObjectImportRule, error)
GetDatabaseObjectImportRules retrieves all database object import rules.
func (*Client) GetDatabaseObjects ¶
func (c *Client) GetDatabaseObjects(ctx context.Context) ([]*dbobjectv1.DatabaseObject, error)
GetDatabaseObjects retrieves all database objects.
func (*Client) GetDatabaseServers ¶
func (c *Client) GetDatabaseServers(ctx context.Context, namespace string) ([]types.DatabaseServer, error)
GetDatabaseServers returns all registered database proxy servers.
Note that in HA setups, a registered database may have multiple DatabaseServer entries. Web UI and `tsh db ls` extract databases from this list and remove duplicates by name.
func (*Client) GetDatabases ¶
GetDatabases returns all database resources.
Note that database resources here refers to "dynamically-added" databases such as databases created by `tctl create`, the discovery service, or the CreateDatabase API. Databases discovered by the database agent (legacy discovery flow using `database_service.aws/database_service.azure`) and static databases defined in the `database_service.databases` section of the service YAML configuration are not collected in this API.
For a full list of registered databases that are served by a database service, use GetDatabaseServers instead.
func (*Client) GetDesktopBootstrapScript ¶
func (*Client) GetDeviceResource ¶
GetDeviceResource reads a device using its ID (either devicepb.Device.Id or its Metadata.Name). Prefer using [DevicesClient] directly if you can.
func (*Client) GetDomainName ¶
GetDomainName returns local auth domain of the current auth server
func (*Client) GetEventExportChunks ¶
func (c *Client) GetEventExportChunks(ctx context.Context, req *auditlogpb.GetEventExportChunksRequest) stream.Stream[*auditlogpb.EventExportChunk]
GetEventExportChunks returns a stream of event chunks that can be exported via ExportUnstructuredEvents. The returned list isn't ordered and polling for new chunks requires re-consuming the entire stream from the beginning.
func (*Client) GetGithubAuthRequest ¶
func (c *Client) GetGithubAuthRequest(ctx context.Context, stateToken string) (*types.GithubAuthRequest, error)
GetGithubAuthRequest gets a GithubAuthRequest by state token.
func (*Client) GetGithubConnector ¶
func (c *Client) GetGithubConnector(ctx context.Context, name string, withSecrets bool) (types.GithubConnector, error)
GetGithubConnector returns a Github connector by name.
func (*Client) GetGithubConnectors ¶
func (c *Client) GetGithubConnectors(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error)
GetGithubConnectors returns a list of Github connectors.
func (*Client) GetHeadlessAuthentication ¶
func (c *Client) GetHeadlessAuthentication(ctx context.Context, id string) (*types.HeadlessAuthentication, error)
GetHeadlessAuthentication retrieves a headless authentication by id.
func (*Client) GetInstaller ¶
GetInstaller gets the cluster installer resource
func (*Client) GetInstallers ¶
GetInstaller gets all installer script resources
func (*Client) GetInstances ¶
func (*Client) GetIntegration ¶
GetIntegration returns an Integration by its name.
func (*Client) GetInventoryStatus ¶
func (c *Client) GetInventoryStatus(ctx context.Context, req proto.InventoryStatusRequest) (proto.InventoryStatusSummary, error)
func (*Client) GetKubernetesCluster ¶
GetKubernetesCluster returns the specified kubernetes resource.
func (*Client) GetKubernetesClusters ¶
GetKubernetesClusters returns all kubernetes cluster resources.
func (*Client) GetKubernetesServers ¶
GetKubernetesServers returns the list of kubernetes servers registered in the cluster.
func (*Client) GetKubernetesWaitingContainer ¶
func (c *Client) GetKubernetesWaitingContainer(ctx context.Context, req *kubewaitingcontainerpb.GetKubernetesWaitingContainerRequest) (*kubewaitingcontainerpb.KubernetesWaitingContainer, error)
GetKubernetesWaitingContainer returns a Kubernetes ephemeral container that are waiting to be created until moderated session conditions are met.
func (*Client) GetKubernetesWaitingContainerClient ¶
func (c *Client) GetKubernetesWaitingContainerClient() *kubewaitingcontainerclient.Client
GetKubernetesWaitingContainerClient an unadorned KubeWaitingContainers client, using the underlying Auth gRPC connection.
func (*Client) GetLicense ¶
GetLicense returns the license used to start the teleport enterprise auth server
func (*Client) GetLocks ¶
func (c *Client) GetLocks(ctx context.Context, inForceOnly bool, targets ...types.LockTarget) ([]types.Lock, error)
GetLocks gets all/in-force locks that match at least one of the targets when specified.
func (*Client) GetLoginRule ¶
GetLoginRule retrieves a login rule described by name.
func (*Client) GetMFADevices ¶
func (c *Client) GetMFADevices(ctx context.Context, in *proto.GetMFADevicesRequest) (*proto.GetMFADevicesResponse, error)
func (*Client) GetNetworkRestrictions ¶
GetNetworkRestrictions retrieves the network restrictions
func (*Client) GetNodes ¶
GetNodes returns a complete list of nodes that the user has access to in the given namespace.
func (*Client) GetOIDCAuthRequest ¶
func (c *Client) GetOIDCAuthRequest(ctx context.Context, stateToken string) (*types.OIDCAuthRequest, error)
GetOIDCAuthRequest gets an OIDCAuthRequest by state token.
func (*Client) GetOIDCConnector ¶
func (c *Client) GetOIDCConnector(ctx context.Context, name string, withSecrets bool) (types.OIDCConnector, error)
GetOIDCConnector returns an OIDC connector by name.
func (*Client) GetOIDCConnectors ¶
func (c *Client) GetOIDCConnectors(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error)
GetOIDCConnectors returns a list of OIDC connectors.
func (*Client) GetPluginData ¶
func (c *Client) GetPluginData(ctx context.Context, filter types.PluginDataFilter) ([]types.PluginData, error)
GetPluginData loads all plugin data matching the supplied filter.
func (*Client) GetRemoteCluster ¶
GetRemoteCluster returns remote cluster by name
func (*Client) GetRemoteClusters ¶
GetRemoteClusters returns all remote clusters. Deprecated: use ListRemoteClusters instead.
func (*Client) GetResetPasswordToken ¶
func (c *Client) GetResetPasswordToken(ctx context.Context, tokenID string) (types.UserToken, error)
GetResetPasswordToken returns a reset password token for the specified tokenID.
func (*Client) GetResources ¶
func (c *Client) GetResources(ctx context.Context, req *proto.ListResourcesRequest) (*proto.ListResourcesResponse, error)
GetResources returns a paginated list of resources that the user has access to. `nextKey` is used as `startKey` in another call to GetResources to retrieve the next page. It will return a `trace.LimitExceeded` error if the page exceeds gRPC max message size.
func (*Client) GetSAMLAuthRequest ¶
GetSAMLAuthRequest gets a SAMLAuthRequest by id.
func (*Client) GetSAMLConnector ¶
func (c *Client) GetSAMLConnector(ctx context.Context, name string, withSecrets bool) (types.SAMLConnector, error)
GetSAMLConnector returns a SAML connector by name.
func (*Client) GetSAMLConnectors ¶
func (c *Client) GetSAMLConnectors(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error)
GetSAMLConnectors returns a list of SAML connectors.
func (*Client) GetSAMLIdPServiceProvider ¶
func (c *Client) GetSAMLIdPServiceProvider(ctx context.Context, name string) (types.SAMLIdPServiceProvider, error)
GetSAMLIdPServiceProvider returns the specified SAML IdP service provider resources.
func (*Client) GetSAMLIdPSession ¶
func (c *Client) GetSAMLIdPSession(ctx context.Context, req types.GetSAMLIdPSessionRequest) (types.WebSession, error)
GetSAMLIdPSession gets a SAML IdP session. Deprecated: Do not use. The Concept of SAML IdP Sessions is no longer in use. SAML IdP Sessions are directly tied to their parent web sessions instead.
func (*Client) GetSSHTargets ¶
func (c *Client) GetSSHTargets(ctx context.Context, req *proto.GetSSHTargetsRequest) (*proto.GetSSHTargetsResponse, error)
GetSSHTargets gets all servers that would match an equivalent ssh dial request. Note that this method returns all resources directly accessible to the user *and* all resources available via 'SearchAsRoles', which is what we want when handling things like ambiguous host errors and resource-based access requests, but may result in confusing behavior if it is used outside of those contexts.
func (*Client) GetSSODiagnosticInfo ¶
func (c *Client) GetSSODiagnosticInfo(ctx context.Context, authRequestKind string, authRequestID string) (*types.SSODiagnosticInfo, error)
GetSSODiagnosticInfo returns SSO diagnostic info records for a specific SSO Auth request.
func (*Client) GetSemaphores ¶
func (c *Client) GetSemaphores(ctx context.Context, filter types.SemaphoreFilter) ([]types.Semaphore, error)
GetSemaphores returns a list of all semaphores matching the supplied filter.
func (*Client) GetServerInfo ¶
GetServerInfo returns a ServerInfo by name.
func (*Client) GetServerInfos ¶
GetServerInfos returns a stream of ServerInfos.
func (*Client) GetSessionRecordingConfig ¶
func (c *Client) GetSessionRecordingConfig(ctx context.Context) (types.SessionRecordingConfig, error)
GetSessionRecordingConfig gets session recording configuration.
func (*Client) GetSessionTracker ¶
func (c *Client) GetSessionTracker(ctx context.Context, sessionID string) (types.SessionTracker, error)
GetSessionTracker returns the current state of a session tracker for an active session.
func (*Client) GetSnowflakeSession ¶
func (c *Client) GetSnowflakeSession(ctx context.Context, req types.GetSnowflakeSessionRequest) (types.WebSession, error)
GetSnowflakeSession gets a Snowflake web session.
func (*Client) GetSnowflakeSessions ¶
GetSnowflakeSessions gets all Snowflake web sessions.
func (*Client) GetTrustedCluster ¶
GetTrustedCluster returns a Trusted Cluster by name.
func (*Client) GetTrustedClusters ¶
GetTrustedClusters returns a list of Trusted Clusters.
func (*Client) GetUIConfig ¶
GetUIConfig gets the configuration for the UI served by the proxy service
func (*Client) GetUser ¶
GetUser returns a list of usernames registered in the system. withSecrets controls whether authentication details are returned.
func (*Client) GetUserGroup ¶
GetUserGroup returns the specified SAML IdP service provider resources.
func (*Client) GetUserPreferences ¶
func (c *Client) GetUserPreferences(ctx context.Context, in *userpreferencespb.GetUserPreferencesRequest) (*userpreferencespb.GetUserPreferencesResponse, error)
GetUserPreferences returns the user preferences for a given user.
func (*Client) GetUsers ¶
GetUsers returns all currently registered users. withSecrets controls whether authentication details are returned.
func (*Client) GetVnetConfig ¶
GetVnetConfig returns the singleton VnetConfig resource.
func (*Client) GetWebSession ¶
func (c *Client) GetWebSession(ctx context.Context, req types.GetWebSessionRequest) (types.WebSession, error)
GetWebSession returns the web session for the specified request. Implements ReadAccessPoint
func (*Client) GetWebToken ¶
func (c *Client) GetWebToken(ctx context.Context, req types.GetWebTokenRequest) (types.WebToken, error)
GetWebToken returns the web token for the specified request. Implements ReadAccessPoint
func (*Client) GetWindowsDesktopService ¶
func (c *Client) GetWindowsDesktopService(ctx context.Context, name string) (types.WindowsDesktopService, error)
GetWindowsDesktopService returns a registered windows desktop service by name.
func (*Client) GetWindowsDesktopServices ¶
func (c *Client) GetWindowsDesktopServices(ctx context.Context) ([]types.WindowsDesktopService, error)
GetWindowsDesktopServices returns all registered windows desktop services.
func (*Client) GetWindowsDesktops ¶
func (c *Client) GetWindowsDesktops(ctx context.Context, filter types.WindowsDesktopFilter) ([]types.WindowsDesktop, error)
GetWindowsDesktops returns all registered windows desktop hosts.
func (*Client) GetWorkloadIdentity ¶
func (c *Client) GetWorkloadIdentity(ctx context.Context, name string) (*workloadidentityv1pb.WorkloadIdentity, error)
GetWorkloadIdentity returns a workload identity by name.
func (*Client) GitServerClient ¶
func (c *Client) GitServerClient() *gitserverclient.Client
GitServerClient returns a client for managing git servers
func (*Client) IdentityCenterClient ¶
func (c *Client) IdentityCenterClient() identitycenterv1.IdentityCenterServiceClient
IdentityCenterClient returns Identity Center service client using an underlying gRPC connection.
func (*Client) IntegrationsClient ¶
func (c *Client) IntegrationsClient() integrationpb.IntegrationServiceClient
IntegrationsClient returns integrations client.
func (*Client) InventoryControlStream ¶
func (c *Client) InventoryControlStream(ctx context.Context) (DownstreamInventoryControlStream, error)
InventoryControlStream opens a new control stream. The first message sent must be an UpstreamInventoryHello, and the first message received must be a DownstreamInventoryHello.
func (*Client) IsMFARequired ¶
func (c *Client) IsMFARequired(ctx context.Context, req *proto.IsMFARequiredRequest) (*proto.IsMFARequiredResponse, error)
func (*Client) KeepAliveSemaphoreLease ¶
KeepAliveSemaphoreLease updates semaphore lease.
func (*Client) ListAccessRequests ¶
func (c *Client) ListAccessRequests(ctx context.Context, req *proto.ListAccessRequestsRequest) (*proto.ListAccessRequestsResponse, error)
ListAccessRequests is an access request getter with pagination and sorting options.
func (*Client) ListAllAccessRequests ¶
func (c *Client) ListAllAccessRequests(ctx context.Context, req *proto.ListAccessRequestsRequest) ([]*types.AccessRequestV3, error)
ListAllAccessRequests aggregates all access requests via the ListAccessRequests api. This is equivalent to calling GetAccessRequests except that it supports custom sort order/indexes. Calling this method rather than ListAccessRequests also provides the advantage that it can fallback to calling the old GetAccessRequests grpc method if it encounters and outdated control plane. For that reason, implementations that don't actually *need* pagination are better served by calling this method.
func (*Client) ListAllIntegrations ¶
ListAllIntegrations returns the list of all Integrations.
func (*Client) ListAppSessions ¶
func (c *Client) ListAppSessions(ctx context.Context, pageSize int, pageToken, user string) ([]types.WebSession, string, error)
ListAppSessions gets a paginated list of application web sessions.
func (*Client) ListIntegrations ¶
func (c *Client) ListIntegrations(ctx context.Context, pageSize int, nextKey string) ([]types.Integration, string, error)
ListIntegrations returns a paginated list of Integrations. The response includes a nextKey which must be used to fetch the next page.
func (*Client) ListKubernetesWaitingContainers ¶
func (c *Client) ListKubernetesWaitingContainers(ctx context.Context, pageSize int, pageToken string) ([]*kubewaitingcontainerpb.KubernetesWaitingContainer, string, error)
ListKubernetesWaitingContainers lists Kubernetes ephemeral containers that are waiting to be created until moderated session conditions are met.
func (*Client) ListNotifications ¶
func (c *Client) ListNotifications(ctx context.Context, req *notificationsv1pb.ListNotificationsRequest) (*notificationsv1pb.ListNotificationsResponse, error)
ListNotifications returns a paginated list of notifications for the user. This includes global notifications which match the user, as well as user-specific notifications for the user.
func (*Client) ListReleases ¶
func (c *Client) ListReleases(ctx context.Context, req *proto.ListReleasesRequest) ([]*types.Release, error)
ListReleases returns a list of teleport enterprise releases
func (*Client) ListRemoteClusters ¶
func (c *Client) ListRemoteClusters(ctx context.Context, pageSize int, nextToken string) ([]types.RemoteCluster, string, error)
ListRemoteClusters returns a page of remote clusters.
func (*Client) ListResources ¶
func (c *Client) ListResources(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error)
ListResources returns a paginated list of nodes that the user has access to. `nextKey` is used as `startKey` in another call to ListResources to retrieve the next page. If you want to list all resources pages, check the `GetResourcesWithFilters` function. It will return a `trace.LimitExceeded` error if the page exceeds gRPC max message size.
func (*Client) ListReverseTunnels ¶
func (c *Client) ListReverseTunnels(ctx context.Context, pageSize int, nextToken string) ([]types.ReverseTunnel, string, error)
ListReverseTunnels returns a page of remote clusters.
func (*Client) ListRoles ¶
func (c *Client) ListRoles(ctx context.Context, req *proto.ListRolesRequest) (*proto.ListRolesResponse, error)
ListRoles is a paginated role getter.
func (*Client) ListSAMLIdPServiceProviders ¶
func (c *Client) ListSAMLIdPServiceProviders(ctx context.Context, pageSize int, nextKey string) ([]types.SAMLIdPServiceProvider, string, error)
ListSAMLIdPServiceProviders returns a paginated list of SAML IdP service provider resources.
func (*Client) ListSAMLIdPSessions ¶
func (c *Client) ListSAMLIdPSessions(ctx context.Context, pageSize int, pageToken, user string) ([]types.WebSession, string, error)
ListSAMLIdPSessions gets a paginated list of SAML IdP sessions. Deprecated: Do not use. The Concept of SAML IdP Sessions is no longer in use. SAML IdP Sessions are directly tied to their parent web sessions instead.
func (*Client) ListUnifiedResources ¶
func (c *Client) ListUnifiedResources(ctx context.Context, req *proto.ListUnifiedResourcesRequest) (*proto.ListUnifiedResourcesResponse, error)
ListUnifiedResources returns a paginated list of unified resources that the user has access to. `nextKey` is used as `startKey` in another call to ListUnifiedResources to retrieve the next page. It will return a `trace.LimitExceeded` error if the page exceeds gRPC max message size.
func (*Client) ListUserGroups ¶
func (c *Client) ListUserGroups(ctx context.Context, pageSize int, nextKey string) ([]types.UserGroup, string, error)
ListUserGroups returns a paginated list of SAML IdP service provider resources.
func (*Client) ListUsers ¶
func (c *Client) ListUsers(ctx context.Context, req *userspb.ListUsersRequest) (*userspb.ListUsersResponse, error)
ListUsers returns a page of users.
func (*Client) LoginRuleClient ¶
func (c *Client) LoginRuleClient() loginrulepb.LoginRuleServiceClient
LoginRuleClient returns an unadorned Login Rule client, using the underlying Auth gRPC connection. Clients connecting to non-Enterprise clusters, or older Teleport versions, still get a login rule client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) MaintainSessionPresence ¶
func (c *Client) MaintainSessionPresence(ctx context.Context) (proto.AuthService_MaintainSessionPresenceClient, error)
MaintainSessionPresence establishes a channel used to continuously verify the presence for a session.
func (*Client) NewKeepAliver ¶
NewKeepAliver returns a new instance of keep aliver. It is the caller's responsibility to invoke Close on the returned value to release the keepAliver resources.
func (*Client) NewWatcher ¶
NewWatcher returns a new streamWatcher
func (*Client) NotificationServiceClient ¶
func (c *Client) NotificationServiceClient() notificationsv1pb.NotificationServiceClient
NotificationServiceClient returns a notification service client that can be used to fetch notifications.
func (*Client) OktaClient ¶
OktaClient returns an Okta client. Clients connecting older Teleport versions still get an okta client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) PerformMFACeremony ¶
func (c *Client) PerformMFACeremony(ctx context.Context, challengeRequest *proto.CreateAuthenticateChallengeRequest, promptOpts ...mfa.PromptOpt) (*proto.MFAAuthenticateResponse, error)
PerformMFACeremony retrieves an MFA challenge from the server with the given challenge extensions and prompts the user to answer the challenge with the given promptOpts, and ultimately returning an MFA challenge response for the user.
func (*Client) PingInventory ¶
func (c *Client) PingInventory(ctx context.Context, req proto.InventoryPingRequest) (proto.InventoryPingResponse, error)
func (*Client) PluginsClient ¶
func (c *Client) PluginsClient() pluginspb.PluginServiceClient
PluginsClient returns an unadorned Plugins client, using the underlying Auth gRPC connection. Clients connecting to non-Enterprise clusters, or older Teleport versions, still get a plugins client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) PresenceServiceClient ¶
func (c *Client) PresenceServiceClient() presencepb.PresenceServiceClient
PresenceServiceClient returns an unadorned client for the presence service.
func (*Client) ProvisioningServiceClient ¶
func (c *Client) ProvisioningServiceClient() provisioningv1.ProvisioningServiceClient
ProvisioningServiceClient returns provisioning service client using an underlying gRPC connection.
func (*Client) RemoveSessionTracker ¶
RemoveSessionTracker removes a tracker resource for an active session.
func (*Client) ReplaceRemoteLocks ¶
func (c *Client) ReplaceRemoteLocks(ctx context.Context, clusterName string, locks []types.Lock) error
ReplaceRemoteLocks replaces the set of locks associated with a remote cluster.
func (*Client) ResetAuthPreference ¶
ResetAuthPreference resets cluster auth preference to defaults.
func (*Client) ResetClusterNetworkingConfig ¶
ResetClusterNetworkingConfig resets cluster networking configuration to defaults.
func (*Client) ResetSessionRecordingConfig ¶
ResetSessionRecordingConfig resets session recording configuration to defaults.
func (*Client) ResolveSSHTarget ¶
func (c *Client) ResolveSSHTarget(ctx context.Context, req *proto.ResolveSSHTargetRequest) (*proto.ResolveSSHTargetResponse, error)
ResolveSSHTarget gets a server that would match an equivalent ssh dial request.
func (*Client) ResourceUsageClient ¶
func (c *Client) ResourceUsageClient() resourceusagepb.ResourceUsageServiceClient
ResourceUsageClient returns an unadorned Resource Usage service client, using the underlying Auth gRPC connection. Clients connecting to non-Enterprise clusters, or older Teleport versions, still get a plugins client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) ResumeAuditStream ¶
func (c *Client) ResumeAuditStream(ctx context.Context, sessionID, uploadID string) (events.Stream, error)
ResumeAuditStream resumes existing audit stream.
func (*Client) RotateCertAuthority ¶
RotateCertAuthority updates or inserts new cert authority
func (*Client) RotateExternalCertAuthority ¶
RotateExternalCertAuthority rotates the provided cert authority.
func (*Client) SAMLIdPClient ¶
func (c *Client) SAMLIdPClient() samlidppb.SAMLIdPServiceClient
SAMLIdPClient returns an unadorned SAML IdP client, using the underlying Auth gRPC connection. Clients connecting to non-Enterprise clusters, or older Teleport versions, still get a SAML IdP client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) SCIMClient ¶
func (*Client) SPIFFEFederationServiceClient ¶
func (c *Client) SPIFFEFederationServiceClient() machineidv1pb.SPIFFEFederationServiceClient
func (*Client) SearchEvents ¶
func (c *Client) SearchEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)
SearchEvents allows searching for events with a full pagination support.
func (*Client) SearchSessionEvents ¶
func (c *Client) SearchSessionEvents(ctx context.Context, fromUTC time.Time, toUTC time.Time, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)
SearchSessionEvents allows searching for session events with a full pagination support.
func (*Client) SearchUnstructuredEvents ¶
func (c *Client) SearchUnstructuredEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]*auditlogpb.EventUnstructured, string, error)
SearchUnstructuredEvents allows searching for events with a full pagination support and returns events in an unstructured format (json like). This method is used by the Teleport event-handler plugin to receive events from the auth server wihout having to support the Protobuf event schema.
func (*Client) SecReportsClient ¶
SecReportsClient returns Security client that can be used to fetch security reports.
func (*Client) SetAccessRequestState ¶
SetAccessRequestState updates the state of an existing access request.
func (*Client) SetAuthPreference ¶
SetAuthPreference sets cluster auth preference via the legacy mechanism. Deprecated: Use UpdateAuthPreference or UpsertAuthPreference instead. TODO(tross) DELETE IN v18.0.0
func (*Client) SetClusterNetworkingConfig ¶
func (c *Client) SetClusterNetworkingConfig(ctx context.Context, netConfig *types.ClusterNetworkingConfigV2) error
SetClusterNetworkingConfig sets cluster networking configuration. Deprecated: Use UpdateClusterNetworkingConfig or UpsertClusterNetworkingConfig instead.
func (*Client) SetInstaller ¶
SetInstaller sets the cluster installer resource
func (*Client) SetMFAPromptConstructor ¶
func (c *Client) SetMFAPromptConstructor(pc mfa.PromptConstructor)
SetMFAPromptConstructor sets the MFA prompt constructor for this client.
func (*Client) SetNetworkRestrictions ¶
SetNetworkRestrictions updates the network restrictions
func (*Client) SetSSOMFACeremonyConstructor ¶
func (c *Client) SetSSOMFACeremonyConstructor(scc mfa.SSOMFACeremonyConstructor)
SetSSOMFACeremonyConstructor sets the SSO MFA ceremony constructor for this client.
func (*Client) SetSessionRecordingConfig ¶
func (c *Client) SetSessionRecordingConfig(ctx context.Context, recConfig types.SessionRecordingConfig) error
SetSessionRecordingConfig sets session recording configuration. Deprecated: Use UpdateSessionRecordingConfig or UpsertSessionRecordingConfig instead.
func (*Client) SetUIConfig ¶
SetUIConfig sets the configuration for the UI served by the proxy service
func (*Client) SignDatabaseCSR ¶
func (c *Client) SignDatabaseCSR(ctx context.Context, req *proto.DatabaseCSRRequest) (*proto.DatabaseCSRResponse, error)
SignDatabaseCSR generates a client certificate used by proxy when talking to a remote database service.
func (*Client) StartAccountRecovery ¶
func (c *Client) StartAccountRecovery(ctx context.Context, req *proto.StartAccountRecoveryRequest) (types.UserToken, error)
StartAccountRecovery creates a recovery start token for a user who successfully verified their username and their recovery code. This token is used as part of a URL that will be emailed to the user (not done in this request). Represents step 1 of the account recovery process.
func (*Client) StaticHostUserClient ¶
func (c *Client) StaticHostUserClient() *statichostuserclient.Client
StaticHostUserClient returns a new static host user client.
func (*Client) StreamSessionEvents ¶
func (c *Client) StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan events.AuditEvent, chan error)
StreamSessionEvents streams audit events from a given session recording.
func (*Client) StreamUnstructuredSessionEvents ¶
func (c *Client) StreamUnstructuredSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan *auditlogpb.EventUnstructured, chan error)
StreamUnstructuredSessionEvents streams audit events from a given session recording in an unstructured format. This method is used by the Teleport event-handler plugin to receive events from the auth server wihout having to support the Protobuf event schema.
func (*Client) SubmitAccessReview ¶
func (c *Client) SubmitAccessReview(ctx context.Context, params types.AccessReviewSubmission) (types.AccessRequest, error)
SubmitAccessReview applies a review to a request and returns the post-application state.
func (*Client) SubmitUsageEvent ¶
SubmitUsageEvent submits an external usage event.
func (*Client) TrustClient ¶
func (c *Client) TrustClient() trustpb.TrustServiceClient
TrustClient returns an unadorned Trust client, using the underlying Auth gRPC connection.
func (*Client) UpdateAuthPreference ¶
func (c *Client) UpdateAuthPreference(ctx context.Context, p types.AuthPreference) (types.AuthPreference, error)
UpdateAuthPreference updates an existing auth preference.
func (*Client) UpdateAutoUpdateAgentRollout ¶
func (c *Client) UpdateAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdatev1pb.AutoUpdateAgentRollout) (*autoupdatev1pb.AutoUpdateAgentRollout, error)
UpdateAutoUpdateAgentRollout updates AutoUpdateAgentRollout resource.
func (*Client) UpdateAutoUpdateConfig ¶
func (c *Client) UpdateAutoUpdateConfig(ctx context.Context, config *autoupdatev1pb.AutoUpdateConfig) (*autoupdatev1pb.AutoUpdateConfig, error)
UpdateAutoUpdateConfig updates AutoUpdateConfig resource.
func (*Client) UpdateAutoUpdateVersion ¶
func (c *Client) UpdateAutoUpdateVersion(ctx context.Context, version *autoupdatev1pb.AutoUpdateVersion) (*autoupdatev1pb.AutoUpdateVersion, error)
UpdateAutoUpdateVersion updates AutoUpdateVersion resource.
func (*Client) UpdateClusterMaintenanceConfig ¶
func (c *Client) UpdateClusterMaintenanceConfig(ctx context.Context, cmc types.ClusterMaintenanceConfig) error
UpdateClusterMaintenanceConfig updates the current maintenance window config singleton.
func (*Client) UpdateClusterNetworkingConfig ¶
func (c *Client) UpdateClusterNetworkingConfig(ctx context.Context, cfg types.ClusterNetworkingConfig) (types.ClusterNetworkingConfig, error)
UpdateClusterNetworkingConfig updates an existing cluster networking configuration.
func (*Client) UpdateConnectionDiagnostic ¶
func (c *Client) UpdateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error
UpdateConnectionDiagnostic updates a connection diagnostic.
func (*Client) UpdateDatabase ¶
UpdateDatabase updates existing database resource.
func (*Client) UpdateGithubConnector ¶
func (c *Client) UpdateGithubConnector(ctx context.Context, connector types.GithubConnector) (types.GithubConnector, error)
UpdateGithubConnector updates a Github connector.
func (*Client) UpdateHeadlessAuthenticationState ¶
func (c *Client) UpdateHeadlessAuthenticationState(ctx context.Context, id string, state types.HeadlessAuthenticationState, mfaResponse *proto.MFAAuthenticateResponse) error
UpdateHeadlessAuthenticationState updates a headless authentication state.
func (*Client) UpdateIntegration ¶
func (c *Client) UpdateIntegration(ctx context.Context, ig types.Integration) (types.Integration, error)
UpdateIntegration updates an existing Integration.
func (*Client) UpdateKubernetesCluster ¶
UpdateKubernetesCluster updates existing kubernetes cluster resource.
func (*Client) UpdateOIDCConnector ¶
func (c *Client) UpdateOIDCConnector(ctx context.Context, connector types.OIDCConnector) (types.OIDCConnector, error)
UpdateOIDCConnector updates an OIDC connector.
func (*Client) UpdatePluginData ¶
UpdatePluginData updates a per-resource PluginData entry.
func (*Client) UpdateRemoteCluster ¶
func (c *Client) UpdateRemoteCluster(ctx context.Context, rc types.RemoteCluster) (types.RemoteCluster, error)
UpdateRemoteCluster updates remote cluster from the specified value.
func (*Client) UpdateRole ¶
UpdateRole updates an already existing role.
func (*Client) UpdateSAMLConnector ¶
func (c *Client) UpdateSAMLConnector(ctx context.Context, connector types.SAMLConnector) (types.SAMLConnector, error)
UpdateSAMLConnector updates a SAML connector.
func (*Client) UpdateSAMLIdPServiceProvider ¶
func (c *Client) UpdateSAMLIdPServiceProvider(ctx context.Context, sp types.SAMLIdPServiceProvider) error
UpdateSAMLIdPServiceProvider updates an existing SAML IdP service provider resource.
func (*Client) UpdateSessionRecordingConfig ¶
func (c *Client) UpdateSessionRecordingConfig(ctx context.Context, cfg types.SessionRecordingConfig) (types.SessionRecordingConfig, error)
UpdateSessionRecordingConfig updates an existing session recording configuration.
func (*Client) UpdateSessionTracker ¶
func (c *Client) UpdateSessionTracker(ctx context.Context, req *proto.UpdateSessionTrackerRequest) error
UpdateSessionTracker updates a tracker resource for an active session.
func (*Client) UpdateTrustedCluster ¶
func (c *Client) UpdateTrustedCluster(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)
UpdateTrustedCluster updates a Trusted Cluster.
func (*Client) UpdateUser ¶
UpdateUser updates an existing user in a backend.
func (*Client) UpdateUserGroup ¶
UpdateUserGroup updates an existing user group resource.
func (*Client) UpdateWindowsDesktop ¶
UpdateWindowsDesktop updates an existing windows desktop host.
func (*Client) UpsertApplicationServer ¶
func (c *Client) UpsertApplicationServer(ctx context.Context, server types.AppServer) (*types.KeepAlive, error)
UpsertApplicationServer registers an application server.
func (*Client) UpsertAuthPreference ¶
func (c *Client) UpsertAuthPreference(ctx context.Context, p types.AuthPreference) (types.AuthPreference, error)
UpsertAuthPreference creates a new preference or overwrites the existing auth preference.
func (*Client) UpsertAutoUpdateAgentRollout ¶
func (c *Client) UpsertAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdatev1pb.AutoUpdateAgentRollout) (*autoupdatev1pb.AutoUpdateAgentRollout, error)
UpsertAutoUpdateAgentRollout updates or creates AutoUpdateAgentRollout resource.
func (*Client) UpsertAutoUpdateConfig ¶
func (c *Client) UpsertAutoUpdateConfig(ctx context.Context, config *autoupdatev1pb.AutoUpdateConfig) (*autoupdatev1pb.AutoUpdateConfig, error)
UpsertAutoUpdateConfig updates or creates AutoUpdateConfig resource.
func (*Client) UpsertAutoUpdateVersion ¶
func (c *Client) UpsertAutoUpdateVersion(ctx context.Context, version *autoupdatev1pb.AutoUpdateVersion) (*autoupdatev1pb.AutoUpdateVersion, error)
UpsertAutoUpdateVersion updates or creates AutoUpdateVersion resource.
func (*Client) UpsertCertAuthority ¶
func (c *Client) UpsertCertAuthority(ctx context.Context, ca types.CertAuthority) (types.CertAuthority, error)
UpsertCertAuthority creates or updates the provided cert authority.
func (*Client) UpsertClusterAlert ¶
UpsertClusterAlert creates a cluster alert.
func (*Client) UpsertClusterNetworkingConfig ¶
func (c *Client) UpsertClusterNetworkingConfig(ctx context.Context, cfg types.ClusterNetworkingConfig) (types.ClusterNetworkingConfig, error)
UpsertClusterNetworkingConfig creates a new configuration or overwrites the existing cluster networking configuration.
func (*Client) UpsertDatabaseServer ¶
func (c *Client) UpsertDatabaseServer(ctx context.Context, server types.DatabaseServer) (*types.KeepAlive, error)
UpsertDatabaseServer registers a new database proxy server.
func (*Client) UpsertDatabaseService ¶
func (c *Client) UpsertDatabaseService(ctx context.Context, service types.DatabaseService) (*types.KeepAlive, error)
UpsertDatabaseService creates or updates existing DatabaseService resource.
func (*Client) UpsertDeviceResource ¶
func (c *Client) UpsertDeviceResource(ctx context.Context, res *types.DeviceV1) (*types.DeviceV1, error)
UpsertDeviceResource creates or updates a device using its resource representation. Prefer using [DevicesClient] directly if you can.
func (*Client) UpsertGithubConnector ¶
func (c *Client) UpsertGithubConnector(ctx context.Context, connector types.GithubConnector) (types.GithubConnector, error)
UpsertGithubConnector creates or updates a Github connector.
func (*Client) UpsertKubernetesServer ¶
func (c *Client) UpsertKubernetesServer(ctx context.Context, s types.KubeServer) (*types.KeepAlive, error)
UpsertKubernetesServer is used by kubernetes services to report their presence to other auth servers in form of heartbeat expiring after ttl period.
func (*Client) UpsertLock ¶
UpsertLock upserts a lock.
func (*Client) UpsertLoginRule ¶
func (c *Client) UpsertLoginRule(ctx context.Context, rule *loginrulepb.LoginRule) (*loginrulepb.LoginRule, error)
UpsertLoginRule creates a login rule if one with the same name does not already exist, else it replaces the existing login rule.
func (*Client) UpsertNode ¶
UpsertNode is used by SSH servers to report their presence to the auth servers in form of heartbeat expiring after ttl period.
func (*Client) UpsertOIDCConnector ¶
func (c *Client) UpsertOIDCConnector(ctx context.Context, oidcConnector types.OIDCConnector) (types.OIDCConnector, error)
UpsertOIDCConnector creates or updates an OIDC connector.
func (*Client) UpsertReverseTunnel ¶
func (c *Client) UpsertReverseTunnel(ctx context.Context, rt types.ReverseTunnel) (types.ReverseTunnel, error)
UpsertReverseTunnel creates or updates reverse tunnel resource
func (*Client) UpsertRole ¶
UpsertRole creates or updates a role.
func (*Client) UpsertSAMLConnector ¶
func (c *Client) UpsertSAMLConnector(ctx context.Context, connector types.SAMLConnector) (types.SAMLConnector, error)
UpsertSAMLConnector creates or updates a SAML connector.
func (*Client) UpsertServerInfo ¶
UpsertServerInfo upserts a ServerInfo.
func (*Client) UpsertSessionRecordingConfig ¶
func (c *Client) UpsertSessionRecordingConfig(ctx context.Context, cfg types.SessionRecordingConfig) (types.SessionRecordingConfig, error)
UpsertSessionRecordingConfig creates a new configuration or overwrites the existing session recording configuration.
func (*Client) UpsertToken ¶
UpsertToken creates or updates a provision token.
func (*Client) UpsertTrustedCluster
deprecated
func (c *Client) UpsertTrustedCluster(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)
UpsertTrustedCluster creates or updates a Trusted Cluster.
Deprecated: Use Client.UpsertTrustedClusterV2 instead.
func (*Client) UpsertTrustedClusterV2 ¶
func (c *Client) UpsertTrustedClusterV2(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)
UpsertTrustedClusterV2 creates or updates a Trusted Cluster.
func (*Client) UpsertUser ¶
UpsertUser creates a new user or updates an existing user.
func (*Client) UpsertUserLastSeenNotification ¶
func (c *Client) UpsertUserLastSeenNotification(ctx context.Context, req *notificationsv1pb.UpsertUserLastSeenNotificationRequest) (*notificationsv1pb.UserLastSeenNotification, error)
UpsertUserLastSeenNotification creates or updates a user's last seen notification timestamp.
func (*Client) UpsertUserNotificationState ¶
func (c *Client) UpsertUserNotificationState(ctx context.Context, req *notificationsv1pb.UpsertUserNotificationStateRequest) (*notificationsv1pb.UserNotificationState, error)
UpsertUserNotificationState creates or updates a user notification state which records whether the user has clicked on or dismissed a notification.
func (*Client) UpsertUserPreferences ¶
func (c *Client) UpsertUserPreferences(ctx context.Context, in *userpreferencespb.UpsertUserPreferencesRequest) error
UpsertUserPreferences creates or updates user preferences for a given username.
func (*Client) UpsertWindowsDesktop ¶
UpsertWindowsDesktop updates a windows desktop resource, creating it if it doesn't exist.
func (*Client) UpsertWindowsDesktopService ¶
func (c *Client) UpsertWindowsDesktopService(ctx context.Context, service types.WindowsDesktopService) (*types.KeepAlive, error)
UpsertWindowsDesktopService registers a new windows desktop service.
func (*Client) UpsertWorkloadIdentity ¶
func (c *Client) UpsertWorkloadIdentity(ctx context.Context, r *workloadidentityv1pb.WorkloadIdentity) (*workloadidentityv1pb.WorkloadIdentity, error)
UpsertWorkloadIdentity creates or updates a workload identity.
func (*Client) UserLoginStateClient ¶
func (c *Client) UserLoginStateClient() *userloginstate.Client
UserLoginStateClient returns a user login state client. Clients connecting to older Teleport versions, still get a user login state client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) UserTasksServiceClient ¶
func (c *Client) UserTasksServiceClient() *usertaskapi.Client
UserTasksServiceClient returns a UserTask client. Clients connecting to older Teleport versions, still get a UserTask client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).
func (*Client) VerifyAccountRecovery ¶
func (c *Client) VerifyAccountRecovery(ctx context.Context, req *proto.VerifyAccountRecoveryRequest) (types.UserToken, error)
VerifyAccountRecovery creates a recovery approved token after successful verification of users password or second factor (authn depending on what user needed to recover). This token will allow users to perform protected actions while not logged in. Represents step 2 of the account recovery process after RPC StartAccountRecovery.
func (*Client) VnetConfigServiceClient ¶
func (c *Client) VnetConfigServiceClient() vnet.VnetConfigServiceClient
VnetConfigServiceClient returns an unadorned client for the VNet config service.
func (*Client) WatchPendingHeadlessAuthentications ¶
WatchPendingHeadlessAuthentications creates a watcher for pending headless authentication for the current user.
func (*Client) WebSessions ¶
func (c *Client) WebSessions() types.WebSessionInterface
WebSessions returns the web sessions controller
func (*Client) WebTokens ¶
func (c *Client) WebTokens() types.WebTokenInterface
WebTokens returns the web tokens controller
func (*Client) WorkloadIdentityResourceServiceClient ¶
func (c *Client) WorkloadIdentityResourceServiceClient() workloadidentityv1pb.WorkloadIdentityResourceServiceClient
WorkloadIdentityResourceServiceClient returns an unadorned client for the workload identity resource service.
func (*Client) WorkloadIdentityServiceClient ¶
func (c *Client) WorkloadIdentityServiceClient() machineidv1pb.WorkloadIdentityServiceClient
WorkloadIdentityServiceClient returns an unadorned client for the workload identity service.
type Config ¶
type Config struct { // Addrs is a list of teleport auth/proxy server addresses to dial. // If you are using identity file credentials, at least one address must be supplied. // This field is optional if you are using tsh profile credentials. Addrs []string // Credentials are a list of credentials to use when attempting // to connect to the server. Credentials []Credentials // Dialer is a custom dialer used to dial a server. The Dialer should // have custom logic to provide an address to the dialer. If set, Dialer // takes precedence over all other connection options. Dialer ContextDialer // DialOpts define options for dialing the client connection. DialOpts []grpc.DialOption // DialInBackground specifies to dial the connection in the background // rather than blocking until the connection is up. A predefined Dialer // or an auth server address must be provided. DialInBackground bool // DialTimeout defines how long to attempt dialing before timing out. DialTimeout time.Duration // KeepAlivePeriod defines period between keep alives. KeepAlivePeriod time.Duration // KeepAliveCount specifies the amount of missed keep alives // to wait for before declaring the connection as broken. KeepAliveCount int // The web proxy uses a self-signed TLS certificate by default, which // requires this field to be set. If the web proxy was provided with // signed TLS certificates, this field should not be set. InsecureAddressDiscovery bool // ALPNSNIAuthDialClusterName if present the client will include ALPN SNI routing information in TLS Hello message // allowing to dial auth service through Teleport Proxy directly without using SSH Tunnels. ALPNSNIAuthDialClusterName string // CircuitBreakerConfig defines how the circuit breaker should behave. CircuitBreakerConfig breaker.Config // Context is the base context to use for dialing. If not provided context.Background is used Context context.Context // ALPNConnUpgradeRequired indicates that ALPN connection upgrades are // required for making TLS Routing requests. // // In DialInBackground mode without a Dialer, a valid value must be // provided as it's assumed that the caller knows the context if connection // upgrades are required for TLS Routing. // // In default mode, this value is optional as some of the connect methods // will perform necessary tests to decide if connection upgrade is // required. ALPNConnUpgradeRequired bool // PROXYHeaderGetter returns signed PROXY header that is sent to allow Proxy to propagate client's real IP to the // auth server from the Proxy's web server, when we create user's client for the web session. PROXYHeaderGetter PROXYHeaderGetter // MFAPromptConstructor is used to create MFA prompts when needed. // If nil, the client will not prompt for MFA. MFAPromptConstructor mfa.PromptConstructor // SSOMFACeremonyConstructor is used to handle SSO MFA when needed. // If nil, the client will not prompt for MFA. SSOMFACeremonyConstructor mfa.SSOMFACeremonyConstructor }
Config contains configuration of the client
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults checks and sets default config values.
type ContextDialer ¶
type ContextDialer interface { // DialContext is a function that dials the specified address DialContext(ctx context.Context, network, addr string) (net.Conn, error) }
ContextDialer represents network dialer interface that uses context
func NewALPNDialer ¶
func NewALPNDialer(cfg ALPNDialerConfig) ContextDialer
NewALPNDialer creates a new ALPNDialer.
func NewDialer ¶
func NewDialer(ctx context.Context, keepAlivePeriod, dialTimeout time.Duration, opts ...DialOption) ContextDialer
NewDialer makes a new dialer that connects to an Auth server either directly or via an HTTP proxy, depending on the environment.
func NewPROXYHeaderDialer ¶
func NewPROXYHeaderDialer(dialer ContextDialer, headerGetter PROXYHeaderGetter) ContextDialer
NewPROXYHeaderDialer makes a new dialer that can propagate client IP if signed PROXY header getter is present
func NewProxyDialer ¶
func NewProxyDialer(ssh ssh.ClientConfig, keepAlivePeriod, dialTimeout time.Duration, discoveryAddr string, insecure bool, opts ...DialProxyOption) ContextDialer
NewProxyDialer makes a dialer to connect to an Auth server through the SSH reverse tunnel on the proxy. The dialer will ping the web client to discover the tunnel proxy address on each dial.
type ContextDialerFunc ¶
ContextDialerFunc is a function wrapper that implements the ContextDialer interface.
func (ContextDialerFunc) DialContext ¶
DialContext is a function that dials to the specified address
type Credentials ¶
type Credentials interface { // TLSConfig returns TLS configuration used to authenticate the client. TLSConfig() (*tls.Config, error) // SSHClientConfig returns SSH configuration used to connect to the // Auth server through a reverse tunnel. SSHClientConfig() (*ssh.ClientConfig, error) // Expiry returns the Credentials expiry if it's possible to know its expiry. // When expiry can be determined returns true, else returns false. // If the Credentials don't expire, returns the zero time. // If the Credential is dynamically refreshed or reloaded, (e.g filesystem // reload or tbot renewal), Expiry returns the expiry of the currently active // Credentials. Expiry() (time.Time, bool) }
Credentials are used to authenticate the API auth client. Some Credentials also provide other functionality, such as automatic address discovery and ssh connectivity.
See the examples below for an example of each loader.
Example (LoadIdentity) ¶
Generate identity file with tsh or tctl.
$ tsh login --user=api-user --out=identity-file-path $ tctl auth sign --user=api-user --out=identity-file-path
Load credentials from the specified identity file.
package main import ( "github.com/gravitational/teleport/api/client" ) func main() { client.LoadIdentityFile("identity-file-path") }
Output:
Example (LoadIdentityString) ¶
Generate identity file with tsh or tctl.
$ tsh login --user=api-user --out=identity-file-path $ tctl auth sign --user=api-user --out=identity-file-path $ export TELEPORT_IDENTITY=$(cat identity-file-path)
Load credentials from the envrironment variable.
package main import ( "os" "github.com/gravitational/teleport/api/client" ) func main() { client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY")) }
Output:
Example (LoadKeyPair) ¶
Generate certificate key pair with tctl.
$ tctl auth sign --format=tls --user=api-user --out=path/to/certs
Load credentials from the specified certificate files.
package main import ( "github.com/gravitational/teleport/api/client" ) func main() { client.LoadKeyPair( "path/to/certs.crt", "path/to/certs.key", "path/to/certs.cas", ) }
Output:
Example (LoadProfile) ¶
Generate tsh profile with tsh.
$ tsh login --user=api-user
Load credentials from the default directory and current profile, or specify the directory and profile.
package main import ( "github.com/gravitational/teleport/api/client" ) func main() { client.LoadProfile("", "") client.LoadProfile("profile-directory", "api-user") }
Output:
func KeyPair ¶
func KeyPair(certPEM, keyPEM, caPEM []byte) (Credentials, error)
KeyPair returns a Credential give a TLS key, certificate and CA certificates PEM-encoded. It behaves live LoadKeyPair except it doesn't read the TLS material from a file. This is useful when key and certs are not on the disk (e.g. environment variables). This should be preferred over manually building a tls.Config and calling LoadTLS as Credentials returned by KeyPair can report their expiry, which allows to warn the user in case of expired certificates.
func LoadIdentityFile ¶
func LoadIdentityFile(path string) Credentials
LoadIdentityFile is used to load Credentials from an identity file on disk.
Identity Credentials can be used to connect to an auth server directly or through a reverse tunnel.
A new identity file can be generated with tsh or tctl.
$ tsh login --user=api-user --out=identity-file-path $ tctl auth sign --user=api-user --out=identity-file-path
The identity file's time to live can be specified with --ttl.
See the example below for usage.
Example ¶
Load credentials from the specified identity file.
package main import ( "github.com/gravitational/teleport/api/client" ) func main() { client.LoadIdentityFile("identity-file-path") }
Output:
func LoadIdentityFileFromString ¶
func LoadIdentityFileFromString(content string) Credentials
LoadIdentityFileFromString is used to load Credentials from a string containing identity file contents.
Identity Credentials can be used to connect to an auth server directly or through a reverse tunnel.
A new identity file can be generated with tsh or tctl.
$ tsh login --user=api-user --out=identity-file-path $ tctl auth sign --user=api-user --out=identity-file-path
The identity file's time to live can be specified with --ttl.
See the example below for usage.
Example ¶
Load credentials from the specified environment variable.
package main import ( "os" "github.com/gravitational/teleport/api/client" ) func main() { client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY")) }
Output:
func LoadKeyPair ¶
func LoadKeyPair(certFile, keyFile, caFile string) Credentials
LoadKeyPair is used to load Credentials from a certicate keypair on disk.
KeyPair Credentials can only be used to connect directly to a Teleport Auth server.
New KeyPair files can be generated with tsh or tctl.
$ tctl auth sign --format=tls --user=api-user --out=path/to/certs
The certificates' time to live can be specified with --ttl.
See the example below for usage.
Example ¶
Load credentials from the specified certificate files.
package main import ( "github.com/gravitational/teleport/api/client" ) func main() { client.LoadKeyPair( "path/to/certs.crt", "path/to/certs.key", "path/to/certs.cas", ) }
Output:
func LoadProfile ¶
func LoadProfile(dir, name string) Credentials
LoadProfile is used to load Credentials from a tsh profile on disk.
dir is the profile directory. It will defaults to "~/.tsh".
name is the profile name. It will default to the currently active tsh profile.
Profile Credentials can be used to connect to an auth server directly or through a reverse tunnel.
Profile Credentials will automatically attempt to find your reverse tunnel address and make a connection through it.
A new profile can be generated with tsh.
$ tsh login --user=api-user
Example ¶
Load credentials from the default directory and current profile, or specify the directory and profile.
package main import ( "github.com/gravitational/teleport/api/client" ) func main() { client.LoadProfile("", "") client.LoadProfile("profile-directory", "api-user") }
Output:
func LoadTLS ¶
func LoadTLS(tlsConfig *tls.Config) Credentials
LoadTLS is used to load Credentials directly from a *tls.Config.
TLS creds can only be used to connect directly to a Teleport Auth server.
type CredentialsWithDefaultAddrs ¶
type CredentialsWithDefaultAddrs interface { Credentials // DefaultAddrs is called by the API client when it has not been // explicitly configured with an address to connect to. It may return a // slice of addresses to be tried. DefaultAddrs() ([]string, error) }
CredentialsWithDefaultAddrs additionally provides default addresses sourced from the credential which are used when the client has not been explicitly configured with an address.
type DialOption ¶
type DialOption func(cfg *dialConfig)
DialOption allows setting options as functional arguments to api.NewDialer.
func WithALPNConnUpgrade ¶
func WithALPNConnUpgrade(alpnConnUpgradeRequired bool) DialOption
WithALPNConnUpgrade specifies if ALPN connection upgrade is required.
func WithALPNConnUpgradePing ¶
func WithALPNConnUpgradePing(alpnConnUpgradeWithPing bool) DialOption
WithALPNConnUpgradePing specifies if Ping is required during ALPN connection upgrade. This is only effective when alpnConnUpgradeRequired is true.
func WithInsecureSkipVerify ¶
func WithInsecureSkipVerify(insecure bool) DialOption
WithInsecureSkipVerify specifies if dialing insecure when using an HTTPS proxy.
type DialProxyOption ¶
type DialProxyOption = DialOption
DialProxyOption allows setting options as functional arguments to DialProxy.
func WithPROXYHeaderGetter ¶
func WithPROXYHeaderGetter(proxyHeaderGetter PROXYHeaderGetter) DialProxyOption
WithPROXYHeaderGetter provides PROXY headers signer so client's real IP could be propagated. Used by proxy's web server to make calls on behalf of connected clients.
func WithTLSConfig ¶
func WithTLSConfig(tlsConfig *tls.Config) DialProxyOption
WithTLSConfig provides the dialer with the TLS config to use when using an HTTPS proxy.
type DownstreamInventoryControlStream ¶
type DownstreamInventoryControlStream interface { // Send attempts to send an upstream message. An error returned from this // method either indicates that the stream itself has failed, or that the // supplied context was canceled. Send(ctx context.Context, msg proto.UpstreamInventoryMessage) error // Recv accesses the incoming/downstream message channel. Recv() <-chan proto.DownstreamInventoryMessage // Close closes the underlying stream without error. Close() error // CloseWithError closes the underlying stream with an error that can later // be retrieved with Error(). Subsequent calls to CloseWithError have no effect. CloseWithError(err error) error // Done signals that the stream has been closed. Done() <-chan struct{} // Error checks for any error associated with stream closure (returns `nil` if // the stream is open, or io.EOF if the stream was closed without error). Error() error }
DownstreamInventoryControlStream is the client/agent side of a bidirectional stream established between teleport instances and auth servers.
type DynamicIdentityFileCreds ¶
type DynamicIdentityFileCreds struct { // Path is the path to the identity file to load and reload. Path string // contains filtered or unexported fields }
DynamicIdentityFileCreds allows a changing identity file to be used as the source of authentication for Client. It does not automatically watch the identity file or reload on an interval, this is left as an exercise for the consumer.
DynamicIdentityFileCreds is the recommended Credentials implementation for tools that use Machine ID certificates.
Example ¶
// load credentials from identity files on disk cred, err := NewDynamicIdentityFileCreds("./identity") if err != nil { log.Fatal(err) } // periodically reload credentials from disk go func() { for { log.Println("reloading credentials") if err := cred.Reload(); err != nil { log.Fatal(err) } log.Println("reloaded credentials") time.Sleep(5 * time.Minute) } }() ctx := context.Background() clt, err := New(ctx, Config{ Addrs: []string{"leaf.tele.ottr.sh:443"}, Credentials: []Credentials{cred}, }) if err != nil { panic(err) } for { log.Println("Fetching nodes") _, err := clt.GetNodes(ctx, defaults.Namespace) if err != nil { log.Printf("ERROR Fetching nodes: %v", err) } else { log.Println("Fetching nodes: OK") } time.Sleep(1 * time.Second) }
Output:
func NewDynamicIdentityFileCreds ¶
func NewDynamicIdentityFileCreds(path string) (*DynamicIdentityFileCreds, error)
NewDynamicIdentityFileCreds returns a DynamicIdentityFileCreds which has been initially loaded and is ready for use.
func (*DynamicIdentityFileCreds) Expiry ¶
func (d *DynamicIdentityFileCreds) Expiry() (time.Time, bool)
Expiry returns the current credential expiry.
func (*DynamicIdentityFileCreds) Reload ¶
func (d *DynamicIdentityFileCreds) Reload() error
Reload causes the identity file to be re-read from the disk. It will return an error if loading the credentials fails.
func (*DynamicIdentityFileCreds) SSHClientConfig ¶
func (d *DynamicIdentityFileCreds) SSHClientConfig() (*ssh.ClientConfig, error)
SSHClientConfig returns SSH configuration, implementing the Credentials interface.
type GetClusterCAsFunc ¶
GetClusterCAsFunc is a function to fetch cluster CAs.
func ClusterCAsFromCertPool ¶
func ClusterCAsFromCertPool(cas *x509.CertPool) GetClusterCAsFunc
ClusterCAsFromCertPool returns a GetClusterCAsFunc with provided static cert pool.
type GetResourcesClient ¶
type GetResourcesClient interface {
GetResources(ctx context.Context, req *proto.ListResourcesRequest) (*proto.ListResourcesResponse, error)
}
GetResourcesClient is an interface used by GetResources to abstract over implementations of the ListResources method.
type ICSPipeOption ¶
type ICSPipeOption func(*pipeOptions)
func ICSPipePeerAddr ¶
func ICSPipePeerAddr(peerAddr string) ICSPipeOption
func ICSPipePeerAddrFn ¶
func ICSPipePeerAddrFn(fn func() string) ICSPipeOption
type JoinServiceClient ¶
type JoinServiceClient struct {
// contains filtered or unexported fields
}
JoinServiceClient is a client for the JoinService, which runs on both the auth and proxy.
func NewJoinServiceClient ¶
func NewJoinServiceClient(grpcClient proto.JoinServiceClient) *JoinServiceClient
NewJoinServiceClient returns a new JoinServiceClient wrapping the given grpc client.
func (*JoinServiceClient) RegisterUsingAzureMethod ¶
func (c *JoinServiceClient) RegisterUsingAzureMethod(ctx context.Context, challengeResponse RegisterAzureChallengeResponseFunc) (*proto.Certs, error)
RegisterUsingAzureMethod registers the caller using the Azure join method and returns signed certs to join the cluster.
The caller must provide a ChallengeResponseFunc which returns a *proto.RegisterUsingAzureMethodRequest with a signed attested data document including the challenge as a nonce.
func (*JoinServiceClient) RegisterUsingIAMMethod ¶
func (c *JoinServiceClient) RegisterUsingIAMMethod(ctx context.Context, challengeResponse RegisterIAMChallengeResponseFunc) (*proto.Certs, error)
RegisterUsingIAMMethod registers the caller using the IAM join method and returns signed certs to join the cluster.
The caller must provide a ChallengeResponseFunc which returns a *types.RegisterUsingTokenRequest with a signed sts:GetCallerIdentity request including the challenge as a signed header.
func (*JoinServiceClient) RegisterUsingTPMMethod ¶
func (c *JoinServiceClient) RegisterUsingTPMMethod( ctx context.Context, initReq *proto.RegisterUsingTPMMethodInitialRequest, solveChallenge RegisterTPMChallengeResponseFunc, ) (*proto.Certs, error)
RegisterUsingTPMMethod registers the caller using the TPM join method and returns signed certs to join the cluster. The caller must provide a ChallengeResponseFunc which returns a *proto.RegisterUsingTPMMethodRequest for a given challenge, or an error.
func (*JoinServiceClient) RegisterUsingToken ¶
func (c *JoinServiceClient) RegisterUsingToken( ctx context.Context, req *types.RegisterUsingTokenRequest, ) (*proto.Certs, error)
RegisterUsingToken registers the caller using a token and returns signed certs. This is used where a more specific RPC has not been introduced for the join method.
type ListResourcesClient ¶
type ListResourcesClient interface {
ListResources(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error)
}
ListResourcesClient is an interface used by GetResourcesWithFilters to abstract over implementations of the ListResources method.
type ListUnifiedResourcesClient ¶
type ListUnifiedResourcesClient interface {
ListUnifiedResources(ctx context.Context, req *proto.ListUnifiedResourcesRequest) (*proto.ListUnifiedResourcesResponse, error)
}
ListUnifiedResourcesClient is an interface used by ListUnifiedResources to abstract over implementations of the ListUnifiedResources method.
type PROXYHeaderGetter ¶
PROXYHeaderGetter is used if present to get signed PROXY headers to propagate client's IP. Used by proxy's web server to make calls on behalf of connected clients.
type RegisterAzureChallengeResponseFunc ¶
type RegisterAzureChallengeResponseFunc func(challenge string) (*proto.RegisterUsingAzureMethodRequest, error)
RegisterAzureChallengeResponseFunc is a function type meant to be passed to RegisterUsingAzureMethod. It must return a *proto.RegisterUsingAzureMethodRequest for a given challenge, or an error.
type RegisterIAMChallengeResponseFunc ¶
type RegisterIAMChallengeResponseFunc func(challenge string) (*proto.RegisterUsingIAMMethodRequest, error)
RegisterIAMChallengeResponseFunc is a function type meant to be passed to RegisterUsingIAMMethod. It must return a *proto.RegisterUsingIAMMethodRequest for a given challenge, or an error.
type RegisterTPMChallengeResponseFunc ¶
type RegisterTPMChallengeResponseFunc func(challenge *proto.TPMEncryptedCredential) (*proto.RegisterUsingTPMMethodChallengeResponse, error)
RegisterTPMChallengeResponseFunc is a function type meant to be passed to RegisterUsingTPMMethod. It must return a *proto.RegisterUsingTPMMethodChallengeResponse for a given challenge, or an error.
type ResourcePage ¶
type ResourcePage[T types.ResourceWithLabels] struct { // Resources retrieved for a single [proto.ListResourcesRequest]. The length of // the slice will be at most [proto.ListResourcesRequest.Limit]. Resources []T // Total number of all resources matching the request. It will be greater than // the length of [Resources] if the number of matches exceeds the request limit. Total int // NextKey is the start of the next page NextKey string }
ResourcePage holds a page of results from GetResourcePage.
func GetEnrichedResourcePage ¶
func GetEnrichedResourcePage(ctx context.Context, clt GetResourcesClient, req *proto.ListResourcesRequest) (ResourcePage[*types.EnrichedResource], error)
GetEnrichedResourcePage is a helper for getting a single page of enriched resources.
func GetResourcePage ¶
func GetResourcePage[T types.ResourceWithLabels](ctx context.Context, clt GetResourcesClient, req *proto.ListResourcesRequest) (ResourcePage[T], error)
GetResourcePage is a helper for getting a single page of resources that match the provide request.
type UpstreamInventoryControlStream ¶
type UpstreamInventoryControlStream interface { // Send attempts to send a downstream message. An error returned from this // method either indicates that the stream itself has failed, or that the // supplied context was canceled. Send(ctx context.Context, msg proto.DownstreamInventoryMessage) error // Recv access the incoming/upstream message channel. Recv() <-chan proto.UpstreamInventoryMessage // PeerAddr gets the underlying TCP peer address (may be empty in some cases). PeerAddr() string // Close closes the underlying stream without error. Close() error // CloseWithError closes the underlying stream with an error that can later // be retrieved with Error(). Subsequent calls to CloseWithError have no effect. CloseWithError(err error) error // Done signals that the stream has been closed. Done() <-chan struct{} // Error checks for any error associated with stream closure (returns `nil` if // the stream is open, or io.EOF if the stream closed without error). Error() error }
UpstreamInventoryControlStream is the server/controller side of a bidirectional stream established between teleport instances and auth servers.
func NewUpstreamInventoryControlStream ¶
func NewUpstreamInventoryControlStream(stream proto.AuthService_InventoryControlStreamServer, peerAddr string) UpstreamInventoryControlStream
NewUpstreamInventoryControlStream wraps the server-side control stream handle. For use as part of the internals of the auth server's gRPC API implementation.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package proto provides the protobuf API specification for Teleport.
|
Package proto provides the protobuf API specification for Teleport. |
Package webclient provides a client for the Teleport Proxy API endpoints.
|
Package webclient provides a client for the Teleport Proxy API endpoints. |