local

package
v1.2.3-fred.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 20, 2022 License: Apache-2.0 Imports: 35 Imported by: 56

Documentation

Overview

Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd

Index

Constants

View Source 
const (
	// DELETE IN 9.0.0 in favor of userTokenPrefix.
	LegacyPasswordTokensPrefix = "resetpasswordtokens"
)

Variables

View Source 
var GlobalSessionDataMaxEntries = 5000 // arbitrary

GlobalSessionDataMaxEntries represents the maximum number of in-flight global WebAuthn challenges for a given scope. Attempting to write more instances than the max limit causes an error. The limit is enforced separately by Auth Server instances.

Functions

func CreateResources 

func CreateResources(ctx context.Context, b backend.Backend, resources ...types.Resource) error

CreateResources attempts to dynamically create the supplied resources. This function returns `trace.AlreadyExistsError` if one or more resources would be overwritten, and `trace.NotImplementedError` if any resources are of an unsupported type (see `ItemsFromResources(...)`).

NOTE: This function is non-atomic and performs no internal synchronization; backend must be locked by caller when operating in parallel environment.

func FakePaginate 

func FakePaginate(resources []types.ResourceWithLabels, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error)

FakePaginate is used when we are working with an entire list of resources upfront but still requires pagination. While applying filters, it will also deduplicate matches found.

func ItemsFromResources 

func ItemsFromResources(resources ...types.Resource) ([]backend.Item, error)

ItemsFromResources attempts to convert resources into instances of backend.Item. NOTE: this is not necessarily a 1-to-1 conversion.

func ItemsToResources 

func ItemsToResources(items ...backend.Item) ([]types.Resource, error)

ItemsToResources converts one or more items into one or more resources. NOTE: This is not necessarily a 1-to-1 conversion, and order is not preserved.

func NewSessionTrackerService 

func NewSessionTrackerService(bk backend.Backend) (services.SessionTrackerService, error)

func WaitForEvent 

func WaitForEvent(ctx context.Context, watcher types.Watcher, m EventMatcher, clock clockwork.Clock) (types.Resource, error)

WaitForEvent waits for the event matched by the specified event matcher in the given watcher.

Types

type AccessService 

type AccessService struct {
	backend.Backend
}

AccessService manages roles

func NewAccessService 

func NewAccessService(backend backend.Backend) *AccessService

NewAccessService returns new access service instance

func (*AccessService) CreateRole 

func (s *AccessService) CreateRole(ctx context.Context, role types.Role) error

CreateRole creates a role on the backend.

func (*AccessService) DeleteAllLocks 

func (s *AccessService) DeleteAllLocks(ctx context.Context) error

DeleteLock deletes all/in-force locks.

func (*AccessService) DeleteAllRoles 

func (s *AccessService) DeleteAllRoles() error

DeleteAllRoles deletes all roles

func (*AccessService) DeleteLock 

func (s *AccessService) DeleteLock(ctx context.Context, name string) error

DeleteLock deletes a lock.

func (*AccessService) DeleteRole 

func (s *AccessService) DeleteRole(ctx context.Context, name string) error

DeleteRole deletes a role from the backend

func (*AccessService) GetLock 

func (s *AccessService) GetLock(ctx context.Context, name string) (types.Lock, error)

GetLock gets a lock by name.

func (*AccessService) GetLocks 

func (s *AccessService) GetLocks(ctx context.Context, inForceOnly bool, targets ...types.LockTarget) ([]types.Lock, error)

GetLocks gets all/in-force locks that match at least one of the targets when specified.

func (*AccessService) GetRole 

func (s *AccessService) GetRole(ctx context.Context, name string) (types.Role, error)

GetRole returns a role by name

func (*AccessService) GetRoles 

func (s *AccessService) GetRoles(ctx context.Context) ([]types.Role, error)

GetRoles returns a list of roles registered with the local auth server

func (*AccessService) ReplaceRemoteLocks 

func (s *AccessService) ReplaceRemoteLocks(ctx context.Context, clusterName string, newRemoteLocks []types.Lock) error

ReplaceRemoteLocks replaces the set of locks associated with a remote cluster.

func (*AccessService) UpsertLock 

func (s *AccessService) UpsertLock(ctx context.Context, lock types.Lock) error

UpsertLock upserts a lock.

func (*AccessService) UpsertRole 

func (s *AccessService) UpsertRole(ctx context.Context, role types.Role) error

UpsertRole updates parameters about role

type AppService 

type AppService struct {
	backend.Backend
}

AppService manages application resources in the backend.

func NewAppService 

func NewAppService(backend backend.Backend) *AppService

NewAppService creates a new AppService.

func (*AppService) CreateApp 

func (s *AppService) CreateApp(ctx context.Context, app types.Application) error

CreateApp creates a new application resource.

func (*AppService) DeleteAllApps 

func (s *AppService) DeleteAllApps(ctx context.Context) error

DeleteAllApps removes all application resources.

func (*AppService) DeleteApp 

func (s *AppService) DeleteApp(ctx context.Context, name string) error

DeleteApp removes the specified application resource.

func (*AppService) GetApp 

func (s *AppService) GetApp(ctx context.Context, name string) (types.Application, error)

GetApp returns the specified application resource.

func (*AppService) GetApps 

func (s *AppService) GetApps(ctx context.Context) ([]types.Application, error)

GetApps returns all application resources.

func (*AppService) UpdateApp 

func (s *AppService) UpdateApp(ctx context.Context, app types.Application) error

UpdateApp updates an existing application resource.

type AssertionReplayService 

type AssertionReplayService struct {
	// contains filtered or unexported fields
}

AssertionReplayService tracks used SSO assertions to mitigate replay attacks. Assertions are automatically derecognized when their signed expiry passes.

func NewAssertionReplayService 

func NewAssertionReplayService(bk backend.Backend) *AssertionReplayService

NewAssertionReplayService creates a new instance of AssertionReplayService.

func (*AssertionReplayService) RecognizeSSOAssertion 

func (s *AssertionReplayService) RecognizeSSOAssertion(ctx context.Context, connectorID string, assertionID string, user string, safeAfter time.Time) error

RecognizeSSOAssertion will remember a new assertion until it becomes invalid. This will error with `trace.AlreadyExists` if the assertion has been previously recognized.

`safeAfter` must be either at or after the point in time that a given SSO assertion becomes invalid in order to mitigate replay attacks. This function shouldn't be used if the assertion never verifiably expires.

type CA 

type CA struct {
	backend.Backend
}

CA is local implementation of Trust service that is using local backend

func NewCAService 

func NewCAService(b backend.Backend) *CA

NewCAService returns new instance of CAService

func (*CA) ActivateCertAuthority 

func (s *CA) ActivateCertAuthority(id types.CertAuthID) error

ActivateCertAuthority moves a CertAuthority from the deactivated list to the normal list.

func (*CA) CompareAndSwapCertAuthority 

func (s *CA) CompareAndSwapCertAuthority(new, expected types.CertAuthority) error

CompareAndSwapCertAuthority updates the cert authority value if the existing value matches expected parameter, returns nil if succeeds, trace.CompareFailed otherwise.

func (*CA) CreateCertAuthority 

func (s *CA) CreateCertAuthority(ca types.CertAuthority) error

CreateCertAuthority updates or inserts a new certificate authority

func (*CA) DeactivateCertAuthority 

func (s *CA) DeactivateCertAuthority(id types.CertAuthID) error

DeactivateCertAuthority moves a CertAuthority from the normal list to the deactivated list.

func (*CA) DeleteAllCertAuthorities 

func (s *CA) DeleteAllCertAuthorities(caType types.CertAuthType) error

DeleteAllCertAuthorities deletes all certificate authorities of a certain type

func (*CA) DeleteCertAuthority 

func (s *CA) DeleteCertAuthority(id types.CertAuthID) error

DeleteCertAuthority deletes particular certificate authority

func (*CA) GetCertAuthorities 

func (s *CA) GetCertAuthorities(ctx context.Context, caType types.CertAuthType, loadSigningKeys bool, opts ...services.MarshalOption) ([]types.CertAuthority, error)

GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not

func (*CA) GetCertAuthority 

func (s *CA) GetCertAuthority(ctx context.Context, id types.CertAuthID, loadSigningKeys bool, opts ...services.MarshalOption) (types.CertAuthority, error)

GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded

func (*CA) UpsertCertAuthority 

func (s *CA) UpsertCertAuthority(ca types.CertAuthority) error

UpsertCertAuthority updates or inserts a new certificate authority

type ClusterConfigurationService 

type ClusterConfigurationService struct {
	backend.Backend
}

ClusterConfigurationService is responsible for managing cluster configuration.

func NewClusterConfigurationService 

func NewClusterConfigurationService(backend backend.Backend) (*ClusterConfigurationService, error)

NewClusterConfigurationService returns a new ClusterConfigurationService.

func (*ClusterConfigurationService) DeleteAllInstallers 

func (s *ClusterConfigurationService) DeleteAllInstallers(ctx context.Context) error

DeleteAllInstallers removes all installer resources.

func (*ClusterConfigurationService) DeleteAuthPreference 

func (s *ClusterConfigurationService) DeleteAuthPreference(ctx context.Context) error

DeleteAuthPreference deletes types.AuthPreference from the backend.

func (*ClusterConfigurationService) DeleteClusterAuditConfig 

func (s *ClusterConfigurationService) DeleteClusterAuditConfig(ctx context.Context) error

DeleteClusterAuditConfig deletes ClusterAuditConfig from the backend.

func (*ClusterConfigurationService) DeleteClusterName 

func (s *ClusterConfigurationService) DeleteClusterName() error

DeleteClusterName deletes types.ClusterName from the backend.

func (*ClusterConfigurationService) DeleteClusterNetworkingConfig 

func (s *ClusterConfigurationService) DeleteClusterNetworkingConfig(ctx context.Context) error

DeleteClusterNetworkingConfig deletes ClusterNetworkingConfig from the backend.

func (*ClusterConfigurationService) DeleteInstaller 

func (s *ClusterConfigurationService) DeleteInstaller(ctx context.Context, name string) error

DeleteInstaller sets the installer script to default script in the backend.

func (*ClusterConfigurationService) DeleteSessionRecordingConfig 

func (s *ClusterConfigurationService) DeleteSessionRecordingConfig(ctx context.Context) error

DeleteSessionRecordingConfig deletes SessionRecordingConfig from the backend.

func (*ClusterConfigurationService) DeleteStaticTokens 

func (s *ClusterConfigurationService) DeleteStaticTokens() error

DeleteStaticTokens deletes static tokens

func (*ClusterConfigurationService) GetAuthPreference 

func (s *ClusterConfigurationService) GetAuthPreference(ctx context.Context) (types.AuthPreference, error)

GetAuthPreference fetches the cluster authentication preferences from the backend and return them.

func (*ClusterConfigurationService) GetClusterAuditConfig 

func (s *ClusterConfigurationService) GetClusterAuditConfig(ctx context.Context, opts ...services.MarshalOption) (types.ClusterAuditConfig, error)

GetClusterAuditConfig gets cluster audit config from the backend.

func (*ClusterConfigurationService) GetClusterName 

func (s *ClusterConfigurationService) GetClusterName(opts ...services.MarshalOption) (types.ClusterName, error)

GetClusterName gets the name of the cluster from the backend.

func (*ClusterConfigurationService) GetClusterNetworkingConfig 

func (s *ClusterConfigurationService) GetClusterNetworkingConfig(ctx context.Context, opts ...services.MarshalOption) (types.ClusterNetworkingConfig, error)

GetClusterNetworkingConfig gets cluster networking config from the backend.

func (*ClusterConfigurationService) GetInstaller 

func (s *ClusterConfigurationService) GetInstaller(ctx context.Context, name string) (types.Installer, error)

GetInstaller gets the script of the cluster from the backend.

func (*ClusterConfigurationService) GetInstallers 

func (s *ClusterConfigurationService) GetInstallers(ctx context.Context) ([]types.Installer, error)

GetInstallers retrieves all the install scripts.

func (*ClusterConfigurationService) GetSessionRecordingConfig 

func (s *ClusterConfigurationService) GetSessionRecordingConfig(ctx context.Context, opts ...services.MarshalOption) (types.SessionRecordingConfig, error)

GetSessionRecordingConfig gets session recording config from the backend.

func (*ClusterConfigurationService) GetStaticTokens 

func (s *ClusterConfigurationService) GetStaticTokens() (types.StaticTokens, error)

GetStaticTokens gets the list of static tokens used to provision nodes.

func (*ClusterConfigurationService) SetAuthPreference 

func (s *ClusterConfigurationService) SetAuthPreference(ctx context.Context, preferences types.AuthPreference) error

SetAuthPreference sets the cluster authentication preferences on the backend.

func (*ClusterConfigurationService) SetClusterAuditConfig 

func (s *ClusterConfigurationService) SetClusterAuditConfig(ctx context.Context, auditConfig types.ClusterAuditConfig) error

SetClusterAuditConfig sets the cluster audit config on the backend.

func (*ClusterConfigurationService) SetClusterName 

func (s *ClusterConfigurationService) SetClusterName(c types.ClusterName) error

SetClusterName sets the name of the cluster in the backend. SetClusterName can only be called once on a cluster after which it will return trace.AlreadyExists.

func (*ClusterConfigurationService) SetClusterNetworkingConfig 

func (s *ClusterConfigurationService) SetClusterNetworkingConfig(ctx context.Context, netConfig types.ClusterNetworkingConfig) error

SetClusterNetworkingConfig sets the cluster networking config on the backend.

func (*ClusterConfigurationService) SetInstaller 

func (s *ClusterConfigurationService) SetInstaller(ctx context.Context, ins types.Installer) error

SetInstaller sets the script of the cluster in the backend

func (*ClusterConfigurationService) SetSessionRecordingConfig 

func (s *ClusterConfigurationService) SetSessionRecordingConfig(ctx context.Context, recConfig types.SessionRecordingConfig) error

SetSessionRecordingConfig sets session recording config on the backend.

func (*ClusterConfigurationService) SetStaticTokens 

func (s *ClusterConfigurationService) SetStaticTokens(c types.StaticTokens) error

SetStaticTokens sets the list of static tokens used to provision nodes.

func (*ClusterConfigurationService) UpsertClusterName 

func (s *ClusterConfigurationService) UpsertClusterName(c types.ClusterName) error

UpsertClusterName sets the name of the cluster in the backend.

type ConnectionDiagnosticService 

type ConnectionDiagnosticService struct {
	backend.Backend
}

ConnectionDiagnosticService manages connection diagnostic resources in the backend.

func NewConnectionsDiagnosticService 

func NewConnectionsDiagnosticService(backend backend.Backend) *ConnectionDiagnosticService

NewConnectionsDiagnosticService creates a new ConnectionsDiagnosticService.

func (*ConnectionDiagnosticService) AppendDiagnosticTrace 

func (s *ConnectionDiagnosticService) AppendDiagnosticTrace(ctx context.Context, name string, t *types.ConnectionDiagnosticTrace) (types.ConnectionDiagnostic, error)

AppendDiagnosticTrace adds a Trace into the ConnectionDiagnostics. It does a CompareAndSwap to ensure atomicity.

func (*ConnectionDiagnosticService) CreateConnectionDiagnostic 

func (s *ConnectionDiagnosticService) CreateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error

CreateConnectionDiagnostic creates a Connection Diagnostic resource.

func (*ConnectionDiagnosticService) GetConnectionDiagnostic 

func (s *ConnectionDiagnosticService) GetConnectionDiagnostic(ctx context.Context, name string) (types.ConnectionDiagnostic, error)

GetConnectionDiagnostic receives a name and returns the Connection Diagnostic matching that name

If not found, a `trace.NotFound` error is returned

func (*ConnectionDiagnosticService) UpdateConnectionDiagnostic 

func (s *ConnectionDiagnosticService) UpdateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error

UpdateConnectionDiagnostic updates a Connection Diagnostic resource.

type DatabaseService 

type DatabaseService struct {
	backend.Backend
}

DatabaseService manages database resources in the backend.

func NewDatabasesService 

func NewDatabasesService(backend backend.Backend) *DatabaseService

NewDatabasesService creates a new DatabasesService.

func (*DatabaseService) CreateDatabase 

func (s *DatabaseService) CreateDatabase(ctx context.Context, database types.Database) error

CreateDatabase creates a new database resource.

func (*DatabaseService) DeleteAllDatabases 

func (s *DatabaseService) DeleteAllDatabases(ctx context.Context) error

DeleteAllDatabases removes all database resources.

func (*DatabaseService) DeleteDatabase 

func (s *DatabaseService) DeleteDatabase(ctx context.Context, name string) error

DeleteDatabase removes the specified database resource.

func (*DatabaseService) GetDatabase 

func (s *DatabaseService) GetDatabase(ctx context.Context, name string) (types.Database, error)

GetDatabase returns the specified database resource.

func (*DatabaseService) GetDatabases 

func (s *DatabaseService) GetDatabases(ctx context.Context) ([]types.Database, error)

GetDatabases returns all database resources.

func (*DatabaseService) UpdateDatabase 

func (s *DatabaseService) UpdateDatabase(ctx context.Context, database types.Database) error

UpdateDatabase updates an existing database resource.

type DynamicAccessService 

type DynamicAccessService struct {
	backend.Backend
}

DynamicAccessService manages dynamic RBAC

func NewDynamicAccessService 

func NewDynamicAccessService(backend backend.Backend) *DynamicAccessService

NewDynamicAccessService returns new dynamic access service instance

func (*DynamicAccessService) ApplyAccessReview 

func (s *DynamicAccessService) ApplyAccessReview(ctx context.Context, params types.AccessReviewSubmission, checker services.ReviewPermissionChecker) (types.AccessRequest, error)

ApplyAccessReview applies a review to a request and returns the post-application state.

func (*DynamicAccessService) CreateAccessRequest 

func (s *DynamicAccessService) CreateAccessRequest(ctx context.Context, req types.AccessRequest) error

CreateAccessRequest stores a new access request.

func (*DynamicAccessService) DeleteAccessRequest 

func (s *DynamicAccessService) DeleteAccessRequest(ctx context.Context, name string) error

DeleteAccessRequest deletes an access request.

func (*DynamicAccessService) DeleteAllAccessRequests 

func (s *DynamicAccessService) DeleteAllAccessRequests(ctx context.Context) error

func (*DynamicAccessService) GetAccessRequest 

func (s *DynamicAccessService) GetAccessRequest(ctx context.Context, name string) (types.AccessRequest, error)

func (*DynamicAccessService) GetAccessRequests 

func (s *DynamicAccessService) GetAccessRequests(ctx context.Context, filter types.AccessRequestFilter) ([]types.AccessRequest, error)

GetAccessRequests gets all currently active access requests.

func (*DynamicAccessService) GetPluginData 

func (s *DynamicAccessService) GetPluginData(ctx context.Context, filter types.PluginDataFilter) ([]types.PluginData, error)

GetPluginData loads all plugin data matching the supplied filter.

func (*DynamicAccessService) SetAccessRequestState 

func (s *DynamicAccessService) SetAccessRequestState(ctx context.Context, params types.AccessRequestUpdate) (types.AccessRequest, error)

SetAccessRequestState updates the state of an existing access request.

func (*DynamicAccessService) UpdatePluginData 

func (s *DynamicAccessService) UpdatePluginData(ctx context.Context, params types.PluginDataUpdateParams) error

UpdatePluginData updates a per-resource PluginData entry.

func (*DynamicAccessService) UpsertAccessRequest 

func (s *DynamicAccessService) UpsertAccessRequest(ctx context.Context, req types.AccessRequest) error

type EventMatcher 

type EventMatcher interface {
	// Match matches the specified event.
	// Returns the matched resource if successful.
	// Returns trace.CompareFailedError for no match.
	Match(types.Event) (types.Resource, error)
}

EventMatcher matches a specific resource event

type EventMatcherFunc 

type EventMatcherFunc func(types.Event) (types.Resource, error)

EventMatcherFunc matches the specified resource event. Implements EventMatcher

func (EventMatcherFunc) Match 

func (r EventMatcherFunc) Match(event types.Event) (types.Resource, error)

Match matches the specified resource event by applying itself

type EventsService 

type EventsService struct {
	*logrus.Entry
	// contains filtered or unexported fields
}

EventsService implements service to watch for events

func NewEventsService 

func NewEventsService(b backend.Backend) *EventsService

NewEventsService returns new events service instance

func (*EventsService) NewWatcher 

func (e *EventsService) NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error)

NewWatcher returns a new event watcher

type IdentityService 

type IdentityService struct {
	backend.Backend
	// contains filtered or unexported fields
}

IdentityService is responsible for managing web users and currently user accounts as well

func NewIdentityService 

func NewIdentityService(backend backend.Backend) *IdentityService

NewIdentityService returns a new instance of IdentityService object

func (*IdentityService) AddUserLoginAttempt 

func (s *IdentityService) AddUserLoginAttempt(user string, attempt services.LoginAttempt, ttl time.Duration) error

AddUserLoginAttempt logs user login attempt

func (*IdentityService) CompareAndSwapUser 

func (s *IdentityService) CompareAndSwapUser(ctx context.Context, new, existing types.User) error

CompareAndSwapUser updates a user, but fails if the value (as exists in the backend) differs from the provided `existing` value. If the existing value matches, returns no error, otherwise returns `trace.CompareFailed`.

func (*IdentityService) CreateGithubAuthRequest 

func (s *IdentityService) CreateGithubAuthRequest(ctx context.Context, req types.GithubAuthRequest) error

CreateGithubAuthRequest creates a new auth request for Github OAuth2 flow

func (*IdentityService) CreateOIDCAuthRequest 

func (s *IdentityService) CreateOIDCAuthRequest(ctx context.Context, req types.OIDCAuthRequest, ttl time.Duration) error

CreateOIDCAuthRequest creates new auth request

func (*IdentityService) CreateSAMLAuthRequest 

func (s *IdentityService) CreateSAMLAuthRequest(ctx context.Context, req types.SAMLAuthRequest, ttl time.Duration) error

CreateSAMLAuthRequest creates new auth request

func (*IdentityService) CreateSSODiagnosticInfo 

func (s *IdentityService) CreateSSODiagnosticInfo(ctx context.Context, authKind string, authRequestID string, entry types.SSODiagnosticInfo) error

CreateSSODiagnosticInfo creates new SAML diagnostic info record.

func (*IdentityService) CreateUser 

func (s *IdentityService) CreateUser(user types.User) error

CreateUser creates user if it does not exist.

func (*IdentityService) CreateUserRecoveryAttempt 

func (s *IdentityService) CreateUserRecoveryAttempt(ctx context.Context, user string, attempt *types.RecoveryAttempt) error

CreateUserRecoveryAttempt creates new user recovery attempt.

func (*IdentityService) CreateUserToken 

func (s *IdentityService) CreateUserToken(ctx context.Context, token types.UserToken) (types.UserToken, error)

CreateUserToken creates a user token.

func (*IdentityService) DeleteAllAppSessions 

func (s *IdentityService) DeleteAllAppSessions(ctx context.Context) error

DeleteAllAppSessions removes all application web sessions.

func (*IdentityService) DeleteAllSnowflakeSessions 

func (s *IdentityService) DeleteAllSnowflakeSessions(ctx context.Context) error

DeleteAllSnowflakeSessions removes all Snowflake web sessions.

func (*IdentityService) DeleteAllUsers 

func (s *IdentityService) DeleteAllUsers() error

DeleteAllUsers deletes all users

func (*IdentityService) DeleteAppSession 

func (s *IdentityService) DeleteAppSession(ctx context.Context, req types.DeleteAppSessionRequest) error

DeleteAppSession removes an application web session.

func (*IdentityService) DeleteGithubConnector 

func (s *IdentityService) DeleteGithubConnector(ctx context.Context, name string) error

DeleteGithubConnector deletes the specified connector

func (*IdentityService) DeleteGlobalWebauthnSessionData 

func (s *IdentityService) DeleteGlobalWebauthnSessionData(ctx context.Context, scope, id string) error

func (*IdentityService) DeleteMFADevice 

func (s *IdentityService) DeleteMFADevice(ctx context.Context, user, id string) error

func (*IdentityService) DeleteOIDCConnector 

func (s *IdentityService) DeleteOIDCConnector(ctx context.Context, name string) error

DeleteOIDCConnector deletes OIDC Connector by name

func (*IdentityService) DeleteSAMLConnector 

func (s *IdentityService) DeleteSAMLConnector(ctx context.Context, name string) error

DeleteSAMLConnector deletes SAML Connector by name

func (*IdentityService) DeleteSnowflakeSession 

func (s *IdentityService) DeleteSnowflakeSession(ctx context.Context, req types.DeleteSnowflakeSessionRequest) error

DeleteSnowflakeSession removes a Snowflake web session.

func (*IdentityService) DeleteUsedTOTPToken 

func (s *IdentityService) DeleteUsedTOTPToken(user string) error

DeleteUsedTOTPToken removes the used token from the backend. This should only be used during tests.

func (*IdentityService) DeleteUser 

func (s *IdentityService) DeleteUser(ctx context.Context, user string) error

DeleteUser deletes a user with all the keys from the backend

func (*IdentityService) DeleteUserAppSessions 

func (s *IdentityService) DeleteUserAppSessions(ctx context.Context, req *proto.DeleteUserAppSessionsRequest) error

DeleteUserAppSessions removes all application web sessions for a particular user.

func (*IdentityService) DeleteUserLoginAttempts 

func (s *IdentityService) DeleteUserLoginAttempts(user string) error

DeleteUserLoginAttempts removes all login attempts of a user. Should be called after successful login.

func (*IdentityService) DeleteUserRecoveryAttempts 

func (s *IdentityService) DeleteUserRecoveryAttempts(ctx context.Context, user string) error

DeleteUserRecoveryAttempts removes all recovery attempts of a user.

func (*IdentityService) DeleteUserToken 

func (s *IdentityService) DeleteUserToken(ctx context.Context, tokenID string) error

DeleteUserToken deletes user token by ID.

func (*IdentityService) DeleteWebauthnSessionData 

func (s *IdentityService) DeleteWebauthnSessionData(ctx context.Context, user, sessionID string) error

func (*IdentityService) GetAppSession 

func (s *IdentityService) GetAppSession(ctx context.Context, req types.GetAppSessionRequest) (types.WebSession, error)

GetAppSession gets an application web session.

func (*IdentityService) GetAppSessions 

func (s *IdentityService) GetAppSessions(ctx context.Context) ([]types.WebSession, error)

GetAppSessions gets all application web sessions.

func (*IdentityService) GetGithubAuthRequest 

func (s *IdentityService) GetGithubAuthRequest(ctx context.Context, stateToken string) (*types.GithubAuthRequest, error)

GetGithubAuthRequest retrieves Github auth request by the token

func (*IdentityService) GetGithubConnector 

func (s *IdentityService) GetGithubConnector(ctx context.Context, name string, withSecrets bool) (types.GithubConnector, error)

GetGithubConnector returns a particular Github connector.

func (*IdentityService) GetGithubConnectors 

func (s *IdentityService) GetGithubConnectors(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error)

GetGithubConnectors returns all configured Github connectors

func (*IdentityService) GetGlobalWebauthnSessionData 

func (s *IdentityService) GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wantypes.SessionData, error)

func (*IdentityService) GetKeyAttestationData 

func (s *IdentityService) GetKeyAttestationData(ctx context.Context, publicKey crypto.PublicKey) (*keys.AttestationData, error)

GetKeyAttestationData gets a verified public key attestation response.

func (*IdentityService) GetMFADevices 

func (s *IdentityService) GetMFADevices(ctx context.Context, user string, withSecrets bool) ([]*types.MFADevice, error)

func (*IdentityService) GetOIDCAuthRequest 

func (s *IdentityService) GetOIDCAuthRequest(ctx context.Context, stateToken string) (*types.OIDCAuthRequest, error)

GetOIDCAuthRequest returns OIDC auth request

func (*IdentityService) GetOIDCConnector 

func (s *IdentityService) GetOIDCConnector(ctx context.Context, name string, withSecrets bool) (types.OIDCConnector, error)

GetOIDCConnector returns OIDC connector data, parameter 'withSecrets' includes or excludes client secret from return results

func (*IdentityService) GetOIDCConnectors 

func (s *IdentityService) GetOIDCConnectors(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error)

GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results

func (*IdentityService) GetPasswordHash 

func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)

GetPasswordHash returns the password hash for a given user

func (*IdentityService) GetRecoveryCodes 

func (s *IdentityService) GetRecoveryCodes(ctx context.Context, user string, withSecrets bool) (*types.RecoveryCodesV1, error)

GetRecoveryCodes returns user's recovery codes.

func (*IdentityService) GetSAMLAuthRequest 

func (s *IdentityService) GetSAMLAuthRequest(ctx context.Context, id string) (*types.SAMLAuthRequest, error)

GetSAMLAuthRequest returns SAML auth request if found

func (*IdentityService) GetSAMLConnector 

func (s *IdentityService) GetSAMLConnector(ctx context.Context, name string, withSecrets bool) (types.SAMLConnector, error)

GetSAMLConnector returns SAML connector data, withSecrets includes or excludes secrets from return results

func (*IdentityService) GetSAMLConnectors 

func (s *IdentityService) GetSAMLConnectors(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error)

GetSAMLConnectors returns registered connectors withSecrets includes or excludes private key values from return results

func (*IdentityService) GetSSODiagnosticInfo 

func (s *IdentityService) GetSSODiagnosticInfo(ctx context.Context, authKind string, authRequestID string) (*types.SSODiagnosticInfo, error)

GetSSODiagnosticInfo returns SSO diagnostic info records.

func (*IdentityService) GetSnowflakeSession 

func (s *IdentityService) GetSnowflakeSession(ctx context.Context, req types.GetSnowflakeSessionRequest) (types.WebSession, error)

GetSnowflakeSession gets an application web session.

func (*IdentityService) GetSnowflakeSessions 

func (s *IdentityService) GetSnowflakeSessions(ctx context.Context) ([]types.WebSession, error)

GetSnowflakeSessions gets all Snowflake web sessions.

func (*IdentityService) GetTeleportUserByWebauthnID 

func (s *IdentityService) GetTeleportUserByWebauthnID(ctx context.Context, webID []byte) (string, error)

func (*IdentityService) GetUsedTOTPToken 

func (s *IdentityService) GetUsedTOTPToken(user string) (string, error)

GetUsedTOTPToken returns the last successfully used TOTP token. If no token is found zero is returned.

func (*IdentityService) GetUser 

func (s *IdentityService) GetUser(user string, withSecrets bool) (types.User, error)

GetUser returns a user by name

func (*IdentityService) GetUserAppSessions 

func (s *IdentityService) GetUserAppSessions(ctx context.Context, user string) ([]types.WebSession, error)

GetUserAppSessions gets all user's application sessions.

func (*IdentityService) GetUserByGithubIdentity 

func (s *IdentityService) GetUserByGithubIdentity(id types.ExternalIdentity) (types.User, error)

GetUserByGithubIdentity returns the first found user with specified Github identity

func (*IdentityService) GetUserByOIDCIdentity 

func (s *IdentityService) GetUserByOIDCIdentity(id types.ExternalIdentity) (types.User, error)

GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity

func (*IdentityService) GetUserBySAMLIdentity 

func (s *IdentityService) GetUserBySAMLIdentity(id types.ExternalIdentity) (types.User, error)

GetUserBySAMLIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity.

func (*IdentityService) GetUserLoginAttempts 

func (s *IdentityService) GetUserLoginAttempts(user string) ([]services.LoginAttempt, error)

GetUserLoginAttempts returns user login attempts

func (*IdentityService) GetUserRecoveryAttempts 

func (s *IdentityService) GetUserRecoveryAttempts(ctx context.Context, user string) ([]*types.RecoveryAttempt, error)

GetUserRecoveryAttempts returns users recovery attempts.

func (*IdentityService) GetUserToken 

func (s *IdentityService) GetUserToken(ctx context.Context, tokenID string) (types.UserToken, error)

GetUserToken returns a token by its ID.

func (*IdentityService) GetUserTokenSecrets 

func (s *IdentityService) GetUserTokenSecrets(ctx context.Context, tokenID string) (types.UserTokenSecrets, error)

GetUserTokenSecrets returns token secrets.

func (*IdentityService) GetUserTokens 

func (s *IdentityService) GetUserTokens(ctx context.Context) ([]types.UserToken, error)

GetUserTokens returns all user tokens.

func (*IdentityService) GetUsers 

func (s *IdentityService) GetUsers(withSecrets bool) ([]types.User, error)

GetUsers returns a list of users registered with the local auth server

func (*IdentityService) GetWebauthnLocalAuth 

func (s *IdentityService) GetWebauthnLocalAuth(ctx context.Context, user string) (*types.WebauthnLocalAuth, error)

func (*IdentityService) GetWebauthnSessionData 

func (s *IdentityService) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error)

func (*IdentityService) UpdateUser 

func (s *IdentityService) UpdateUser(ctx context.Context, user types.User) error

UpdateUser updates an existing user.

func (*IdentityService) UpsertAppSession 

func (s *IdentityService) UpsertAppSession(ctx context.Context, session types.WebSession) error

UpsertAppSession creates an application web session.

func (*IdentityService) UpsertGithubConnector 

func (s *IdentityService) UpsertGithubConnector(ctx context.Context, connector types.GithubConnector) error

UpsertGithubConnector creates or updates a Github connector

func (*IdentityService) UpsertGlobalWebauthnSessionData 

func (s *IdentityService) UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wantypes.SessionData) error

func (*IdentityService) UpsertKeyAttestationData 

func (s *IdentityService) UpsertKeyAttestationData(ctx context.Context, attestationData *keys.AttestationData, ttl time.Duration) error

UpsertKeyAttestationData upserts a verified public key attestation response.

func (*IdentityService) UpsertMFADevice 

func (s *IdentityService) UpsertMFADevice(ctx context.Context, user string, d *types.MFADevice) error

func (*IdentityService) UpsertOIDCConnector 

func (s *IdentityService) UpsertOIDCConnector(ctx context.Context, connector types.OIDCConnector) error

UpsertOIDCConnector upserts OIDC Connector

func (*IdentityService) UpsertPassword 

func (s *IdentityService) UpsertPassword(user string, password []byte) error

UpsertPassword upserts new password hash into a backend.

func (*IdentityService) UpsertPasswordHash 

func (s *IdentityService) UpsertPasswordHash(username string, hash []byte) error

UpsertPasswordHash upserts user password hash

func (*IdentityService) UpsertRecoveryCodes 

func (s *IdentityService) UpsertRecoveryCodes(ctx context.Context, user string, recovery *types.RecoveryCodesV1) error

UpsertRecoveryCodes creates or updates user's account recovery codes. Each recovery code are hashed before upsert.

func (*IdentityService) UpsertSAMLConnector 

func (s *IdentityService) UpsertSAMLConnector(ctx context.Context, connector types.SAMLConnector) error

UpsertSAMLConnector upserts SAML Connector

func (*IdentityService) UpsertSnowflakeSession 

func (s *IdentityService) UpsertSnowflakeSession(ctx context.Context, session types.WebSession) error

UpsertSnowflakeSession creates a Snowflake web session.

func (*IdentityService) UpsertUsedTOTPToken 

func (s *IdentityService) UpsertUsedTOTPToken(user string, otpToken string) error

UpsertUsedTOTPToken upserts a TOTP token to the backend so it can't be used again during the 30 second window it's valid.

func (*IdentityService) UpsertUser 

func (s *IdentityService) UpsertUser(user types.User) error

UpsertUser updates parameters about user, or creates an entry if not exist.

func (*IdentityService) UpsertUserTokenSecrets 

func (s *IdentityService) UpsertUserTokenSecrets(ctx context.Context, secrets types.UserTokenSecrets) error

UpsertUserTokenSecrets upserts token secrets

func (*IdentityService) UpsertWebauthnLocalAuth 

func (s *IdentityService) UpsertWebauthnLocalAuth(ctx context.Context, user string, wla *types.WebauthnLocalAuth) error

func (*IdentityService) UpsertWebauthnSessionData 

func (s *IdentityService) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error

func (*IdentityService) WebSessions 

func (s *IdentityService) WebSessions() types.WebSessionInterface

WebSessions returns the web sessions manager.

func (*IdentityService) WebTokens 

func (s *IdentityService) WebTokens() types.WebTokenInterface

WebTokens returns the web token manager.

type KubernetesService 

type KubernetesService struct {
	backend.Backend
}

KubernetesService manages kubernetes resources in the backend.

func NewKubernetesService 

func NewKubernetesService(backend backend.Backend) *KubernetesService

NewKubernetesService creates a new KubernetesService.

func (*KubernetesService) CreateKubernetesCluster 

func (s *KubernetesService) CreateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error

CreateKubernetesCluster creates a new kubernetes cluster resource.

func (*KubernetesService) DeleteAllKubernetesClusters 

func (s *KubernetesService) DeleteAllKubernetesClusters(ctx context.Context) error

DeleteAllKubernetesClusters removes all kubernetes cluster resources.

func (*KubernetesService) DeleteKubernetesCluster 

func (s *KubernetesService) DeleteKubernetesCluster(ctx context.Context, name string) error

DeleteKubernetesCluster removes the specified kubernetes cluster resource.

func (*KubernetesService) GetKubernetesCluster 

func (s *KubernetesService) GetKubernetesCluster(ctx context.Context, name string) (types.KubeCluster, error)

GetKubernetesCluster returns the specified kubernetes cluster resource.

func (*KubernetesService) GetKubernetesClusters 

func (s *KubernetesService) GetKubernetesClusters(ctx context.Context) ([]types.KubeCluster, error)

GetKubernetesClusters returns all kubernetes cluster resources.

func (*KubernetesService) UpdateKubernetesCluster 

func (s *KubernetesService) UpdateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error

UpdateKubernetesCluster updates an existing kubernetes cluster resource.

type NoopEnforcer 

type NoopEnforcer struct{}

NoopEnforcer is a no-op enforcer.

func NewNoopEnforcer 

func NewNoopEnforcer() *NoopEnforcer

NewNoopEnforcer returns a new no-op enforcer.

func (*NoopEnforcer) GetLicenseCheckResult 

func (r *NoopEnforcer) GetLicenseCheckResult(ctx context.Context) (*types.Heartbeat, error)

GetLicenseCheckResult returns the default heartbeat.

type PresenceService 

type PresenceService struct {
	backend.Backend
	// contains filtered or unexported fields
}

PresenceService records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes

func NewPresenceService 

func NewPresenceService(b backend.Backend) *PresenceService

NewPresenceService returns new presence service instance

func (*PresenceService) AcquireSemaphore 

func (s *PresenceService) AcquireSemaphore(ctx context.Context, req types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error)

AcquireSemaphore attempts to acquire the specified semaphore. AcquireSemaphore will automatically handle retry on contention. If the semaphore has already reached MaxLeases, or there is too much contention, a LimitExceeded error is returned (contention in this context means concurrent attempts to update the *same* semaphore, separate semaphores can be modified concurrently without issue). Note that this function is the only semaphore method that handles retries internally. This is because this method both blocks user-facing operations, and contains multiple different potential contention points.

func (*PresenceService) CancelSemaphoreLease 

func (s *PresenceService) CancelSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error

CancelSemaphoreLease cancels semaphore lease early.

func (*PresenceService) CreateRemoteCluster 

func (s *PresenceService) CreateRemoteCluster(rc types.RemoteCluster) error

CreateRemoteCluster creates remote cluster

func (*PresenceService) DeleteAllApplicationServers 

func (s *PresenceService) DeleteAllApplicationServers(ctx context.Context, namespace string) error

DeleteAllApplicationServers removes all registered application servers.

func (*PresenceService) DeleteAllAuthServers 

func (s *PresenceService) DeleteAllAuthServers() error

DeleteAllAuthServers deletes all auth servers

func (*PresenceService) DeleteAllDatabaseServers 

func (s *PresenceService) DeleteAllDatabaseServers(ctx context.Context, namespace string) error

DeleteAllDatabaseServers removes all registered database proxy servers.

func (*PresenceService) DeleteAllKubeServices 

func (s *PresenceService) DeleteAllKubeServices(ctx context.Context) error

DeleteAllKubeServices deletes all registered kubernetes services. DELETE IN 13.0. Deprecated, use DeleteAllKubernetesServers.

func (*PresenceService) DeleteAllKubernetesServers 

func (s *PresenceService) DeleteAllKubernetesServers(ctx context.Context) error

DeleteAllKubernetesServers removes all registered kubernetes servers.

func (*PresenceService) DeleteAllNamespaces 

func (s *PresenceService) DeleteAllNamespaces() error

DeleteAllNamespaces deletes all namespaces

func (*PresenceService) DeleteAllNodes 

func (s *PresenceService) DeleteAllNodes(ctx context.Context, namespace string) error

DeleteAllNodes deletes all nodes in a namespace

func (*PresenceService) DeleteAllProxies 

func (s *PresenceService) DeleteAllProxies() error

DeleteAllProxies deletes all proxies

func (*PresenceService) DeleteAllRemoteClusters 

func (s *PresenceService) DeleteAllRemoteClusters() error

DeleteAllRemoteClusters deletes all remote clusters

func (*PresenceService) DeleteAllReverseTunnels 

func (s *PresenceService) DeleteAllReverseTunnels() error

DeleteAllReverseTunnels deletes all reverse tunnels

func (*PresenceService) DeleteAllTunnelConnections 

func (s *PresenceService) DeleteAllTunnelConnections() error

DeleteAllTunnelConnections deletes all tunnel connections

func (*PresenceService) DeleteAllWindowsDesktopServices 

func (s *PresenceService) DeleteAllWindowsDesktopServices(ctx context.Context) error

DeleteAllWindowsDesktopServices removes all registered Windows desktop services.

func (*PresenceService) DeleteApplicationServer 

func (s *PresenceService) DeleteApplicationServer(ctx context.Context, namespace, hostID, name string) error

DeleteApplicationServer removes specified application server.

func (*PresenceService) DeleteAuthServer 

func (s *PresenceService) DeleteAuthServer(name string) error

DeleteAuthServer deletes auth server by name

func (*PresenceService) DeleteDatabaseServer 

func (s *PresenceService) DeleteDatabaseServer(ctx context.Context, namespace, hostID, name string) error

DeleteDatabaseServer removes the specified database proxy server.

func (*PresenceService) DeleteKubeService 

func (s *PresenceService) DeleteKubeService(ctx context.Context, name string) error

DeleteKubeService deletes a named kubernetes service. DELETE IN 13.0. Deprecated, use DeleteKubernetesServer.

func (*PresenceService) DeleteKubernetesServer 

func (s *PresenceService) DeleteKubernetesServer(ctx context.Context, hostID, name string) error

DeleteKubernetesServer removes specified kubernetes server.

func (*PresenceService) DeleteNamespace 

func (s *PresenceService) DeleteNamespace(namespace string) error

DeleteNamespace deletes a namespace with all the keys from the backend

func (*PresenceService) DeleteNode 

func (s *PresenceService) DeleteNode(ctx context.Context, namespace string, name string) error

DeleteNode deletes node

func (*PresenceService) DeleteProxy 

func (s *PresenceService) DeleteProxy(name string) error

DeleteProxy deletes proxy

func (*PresenceService) DeleteRemoteCluster 

func (s *PresenceService) DeleteRemoteCluster(clusterName string) error

DeleteRemoteCluster deletes remote cluster by name

func (*PresenceService) DeleteReverseTunnel 

func (s *PresenceService) DeleteReverseTunnel(clusterName string) error

DeleteReverseTunnel deletes reverse tunnel by it's cluster name

func (*PresenceService) DeleteSemaphore 

func (s *PresenceService) DeleteSemaphore(ctx context.Context, filter types.SemaphoreFilter) error

DeleteSemaphore deletes a semaphore matching the supplied filter

func (*PresenceService) DeleteTrustedCluster 

func (s *PresenceService) DeleteTrustedCluster(ctx context.Context, name string) error

DeleteTrustedCluster removes a TrustedCluster from the backend by name.

func (*PresenceService) DeleteTunnelConnection 

func (s *PresenceService) DeleteTunnelConnection(clusterName, connectionName string) error

DeleteTunnelConnection deletes tunnel connection by name

func (*PresenceService) DeleteTunnelConnections 

func (s *PresenceService) DeleteTunnelConnections(clusterName string) error

DeleteTunnelConnections deletes all tunnel connections for cluster

func (*PresenceService) DeleteWindowsDesktopService 

func (s *PresenceService) DeleteWindowsDesktopService(ctx context.Context, name string) error

DeleteWindowsDesktopService removes the specified Windows desktop service.

func (*PresenceService) GetAllTunnelConnections 

func (s *PresenceService) GetAllTunnelConnections(opts ...services.MarshalOption) ([]types.TunnelConnection, error)

GetAllTunnelConnections returns all tunnel connections

func (*PresenceService) GetApplicationServers 

func (s *PresenceService) GetApplicationServers(ctx context.Context, namespace string) ([]types.AppServer, error)

GetApplicationServers returns all registered application servers.

func (*PresenceService) GetAuthServers 

func (s *PresenceService) GetAuthServers() ([]types.Server, error)

GetAuthServers returns a list of registered servers

func (*PresenceService) GetDatabaseServers 

func (s *PresenceService) GetDatabaseServers(ctx context.Context, namespace string, opts ...services.MarshalOption) ([]types.DatabaseServer, error)

GetDatabaseServers returns all registered database proxy servers.

func (*PresenceService) GetHostUserInteractionTime 

func (s *PresenceService) GetHostUserInteractionTime(ctx context.Context, name string) (time.Time, error)

GetHostUserInteractionTime retrieves a unix user's interaction time

func (*PresenceService) GetKubeServices 

func (s *PresenceService) GetKubeServices(ctx context.Context) ([]types.Server, error)

GetKubeServices returns a list of registered kubernetes services.

func (*PresenceService) GetKubernetesServers 

func (s *PresenceService) GetKubernetesServers(ctx context.Context) ([]types.KubeServer, error)

GetKubernetesServers returns all registered kubernetes servers.

func (*PresenceService) GetNamespace 

func (s *PresenceService) GetNamespace(name string) (*types.Namespace, error)

GetNamespace returns a namespace by name

func (*PresenceService) GetNamespaces 

func (s *PresenceService) GetNamespaces() ([]types.Namespace, error)

GetNamespaces returns a list of namespaces

func (*PresenceService) GetNode 

func (s *PresenceService) GetNode(ctx context.Context, namespace, name string) (types.Server, error)

GetNode returns a node by name and namespace.

func (*PresenceService) GetNodes 

func (s *PresenceService) GetNodes(ctx context.Context, namespace string) ([]types.Server, error)

GetNodes returns a list of registered servers

func (*PresenceService) GetProxies 

func (s *PresenceService) GetProxies() ([]types.Server, error)

GetProxies returns a list of registered proxies

func (*PresenceService) GetRemoteCluster 

func (s *PresenceService) GetRemoteCluster(clusterName string) (types.RemoteCluster, error)

GetRemoteCluster returns a remote cluster by name

func (*PresenceService) GetRemoteClusters 

func (s *PresenceService) GetRemoteClusters(opts ...services.MarshalOption) ([]types.RemoteCluster, error)

GetRemoteClusters returns a list of remote clusters

func (*PresenceService) GetReverseTunnel 

func (s *PresenceService) GetReverseTunnel(name string, opts ...services.MarshalOption) (types.ReverseTunnel, error)

GetReverseTunnel returns reverse tunnel by name

func (*PresenceService) GetReverseTunnels 

func (s *PresenceService) GetReverseTunnels(ctx context.Context, opts ...services.MarshalOption) ([]types.ReverseTunnel, error)

GetReverseTunnels returns a list of registered servers

func (*PresenceService) GetSemaphores 

func (s *PresenceService) GetSemaphores(ctx context.Context, filter types.SemaphoreFilter) ([]types.Semaphore, error)

GetSemaphores returns all semaphores matching the supplied filter.

func (*PresenceService) GetTrustedCluster 

func (s *PresenceService) GetTrustedCluster(ctx context.Context, name string) (types.TrustedCluster, error)

GetTrustedCluster returns a single TrustedCluster by name.

func (*PresenceService) GetTrustedClusters 

func (s *PresenceService) GetTrustedClusters(ctx context.Context) ([]types.TrustedCluster, error)

GetTrustedClusters returns all TrustedClusters in the backend.

func (*PresenceService) GetTunnelConnection 

func (s *PresenceService) GetTunnelConnection(clusterName, connectionName string, opts ...services.MarshalOption) (types.TunnelConnection, error)

GetTunnelConnection returns connection by cluster name and connection name

func (*PresenceService) GetTunnelConnections 

func (s *PresenceService) GetTunnelConnections(clusterName string, opts ...services.MarshalOption) ([]types.TunnelConnection, error)

GetTunnelConnections returns connections for a trusted cluster

func (*PresenceService) GetWindowsDesktopService 

func (s *PresenceService) GetWindowsDesktopService(ctx context.Context, name string) (types.WindowsDesktopService, error)

func (*PresenceService) GetWindowsDesktopServices 

func (s *PresenceService) GetWindowsDesktopServices(ctx context.Context) ([]types.WindowsDesktopService, error)

GetWindowsDesktopServices returns all registered Windows desktop services.

func (*PresenceService) KeepAliveNode 

func (s *PresenceService) KeepAliveNode(ctx context.Context, h types.KeepAlive) error

DELETE IN: 5.1.0.

This logic has been moved to KeepAliveServer.

KeepAliveNode updates node expiry

func (*PresenceService) KeepAliveSemaphoreLease 

func (s *PresenceService) KeepAliveSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error

KeepAliveSemaphoreLease updates semaphore lease, if the lease expiry is updated, semaphore is renewed

func (*PresenceService) KeepAliveServer 

func (s *PresenceService) KeepAliveServer(ctx context.Context, h types.KeepAlive) error

KeepAliveServer updates expiry time of a server resource.

func (*PresenceService) ListResources 

func (s *PresenceService) ListResources(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error)

ListResources returns a paginated list of resources. It implements various filtering for scenarios where the call comes directly here (without passing through the RBAC).

func (*PresenceService) UpdateRemoteCluster 

func (s *PresenceService) UpdateRemoteCluster(ctx context.Context, rc types.RemoteCluster) error

UpdateRemoteCluster updates selected remote cluster fields: expiry and labels other changed fields will be ignored by the method

func (*PresenceService) UpsertApplicationServer 

func (s *PresenceService) UpsertApplicationServer(ctx context.Context, server types.AppServer) (*types.KeepAlive, error)

UpsertApplicationServer registers an application server.

func (*PresenceService) UpsertAuthServer 

func (s *PresenceService) UpsertAuthServer(server types.Server) error

UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertDatabaseServer 

func (s *PresenceService) UpsertDatabaseServer(ctx context.Context, server types.DatabaseServer) (*types.KeepAlive, error)

UpsertDatabaseServer registers new database proxy server.

func (*PresenceService) UpsertHostUserInteractionTime 

func (s *PresenceService) UpsertHostUserInteractionTime(ctx context.Context, name string, loginTime time.Time) error

UpsertHostUserInteractionTime upserts a unix user's interaction time

func (*PresenceService) UpsertKubeService 

func (s *PresenceService) UpsertKubeService(ctx context.Context, server types.Server) error

UpsertKubeService registers kubernetes service presence. DELETE IN 11.0. Deprecated, use UpsertKubeServiceV2.

func (*PresenceService) UpsertKubeServiceV2 

func (s *PresenceService) UpsertKubeServiceV2(ctx context.Context, server types.Server) (*types.KeepAlive, error)

UpsertKubeServiceV2 registers kubernetes service presence.

func (*PresenceService) UpsertKubernetesServer 

func (s *PresenceService) UpsertKubernetesServer(ctx context.Context, server types.KubeServer) (*types.KeepAlive, error)

UpsertKubernetesServer registers an kubernetes server.

func (*PresenceService) UpsertNamespace 

func (s *PresenceService) UpsertNamespace(n types.Namespace) error

UpsertNamespace upserts namespace

func (*PresenceService) UpsertNode 

func (s *PresenceService) UpsertNode(ctx context.Context, server types.Server) (*types.KeepAlive, error)

UpsertNode registers node presence, permanently if TTL is 0 or for the specified duration with second resolution if it's >= 1 second.

func (*PresenceService) UpsertProxy 

func (s *PresenceService) UpsertProxy(server types.Server) error

UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertReverseTunnel 

func (s *PresenceService) UpsertReverseTunnel(tunnel types.ReverseTunnel) error

UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently

func (*PresenceService) UpsertTrustedCluster 

func (s *PresenceService) UpsertTrustedCluster(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)

UpsertTrustedCluster creates or updates a TrustedCluster in the backend.

func (*PresenceService) UpsertTunnelConnection 

func (s *PresenceService) UpsertTunnelConnection(conn types.TunnelConnection) error

UpsertTunnelConnection updates or creates tunnel connection

func (*PresenceService) UpsertWindowsDesktopService 

func (s *PresenceService) UpsertWindowsDesktopService(ctx context.Context, srv types.WindowsDesktopService) (*types.KeepAlive, error)

UpsertWindowsDesktopService registers new Windows desktop service.

type ProvisioningService 

type ProvisioningService struct {
	backend.Backend
}

ProvisioningService governs adding new nodes to the cluster

func NewProvisioningService 

func NewProvisioningService(backend backend.Backend) *ProvisioningService

NewProvisioningService returns a new instance of provisioning service

func (*ProvisioningService) CreateToken 

func (s *ProvisioningService) CreateToken(ctx context.Context, p types.ProvisionToken) error

CreateToken creates a new token for the auth server

func (*ProvisioningService) DeleteAllTokens 

func (s *ProvisioningService) DeleteAllTokens() error

DeleteAllTokens deletes all provisioning tokens

func (*ProvisioningService) DeleteToken 

func (s *ProvisioningService) DeleteToken(ctx context.Context, token string) error

DeleteToken deletes a token by ID

func (*ProvisioningService) GetToken 

func (s *ProvisioningService) GetToken(ctx context.Context, token string) (types.ProvisionToken, error)

GetToken finds and returns token by ID

func (*ProvisioningService) GetTokens 

func (s *ProvisioningService) GetTokens(ctx context.Context) ([]types.ProvisionToken, error)

GetTokens returns all active (non-expired) provisioning tokens

func (*ProvisioningService) UpsertToken 

func (s *ProvisioningService) UpsertToken(ctx context.Context, p types.ProvisionToken) error

UpsertToken adds provisioning tokens for the auth server

type RestrictionsService 

type RestrictionsService struct {
	backend.Backend
}

RestrictionsService manages restrictions to be enforced by restricted shell

func NewRestrictionsService 

func NewRestrictionsService(backend backend.Backend) *RestrictionsService

NewRestrictionsService creates a new RestrictionsService

func (*RestrictionsService) DeleteNetworkRestrictions 

func (s *RestrictionsService) DeleteNetworkRestrictions(ctx context.Context) error

SetNetworkRestrictions upserts NetworkRestrictions

func (*RestrictionsService) GetNetworkRestrictions 

func (s *RestrictionsService) GetNetworkRestrictions(ctx context.Context) (types.NetworkRestrictions, error)

func (*RestrictionsService) SetNetworkRestrictions 

func (s *RestrictionsService) SetNetworkRestrictions(ctx context.Context, nr types.NetworkRestrictions) error

SetNetworkRestrictions upserts NetworkRestrictions

type Status 

type Status interface {
	GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error)
	UpsertClusterAlert(ctx context.Context, alert types.ClusterAlert) error
	DeleteClusterAlert(ctx context.Context, alertID string) error
}

Status service manages alerts.

type StatusService 

type StatusService struct {
	backend.Backend
	// contains filtered or unexported fields
}

StatusService manages cluster status info.

func NewStatusService 

func NewStatusService(bk backend.Backend) *StatusService

func (*StatusService) DeleteClusterAlert 

func (s *StatusService) DeleteClusterAlert(ctx context.Context, alertID string) error

func (*StatusService) GetClusterAlerts 

func (s *StatusService) GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error)

func (*StatusService) UpsertClusterAlert 

func (s *StatusService) UpsertClusterAlert(ctx context.Context, alert types.ClusterAlert) error

type UnstableService 

type UnstableService struct {
	backend.Backend
	*AssertionReplayService
}

UnstableService is a catch-all for unstable backend operations related to migrations/compatibility that don't fit into, or merit the change of, one of the primary service interfaces.

func NewUnstableService 

func NewUnstableService(backend backend.Backend, assertion *AssertionReplayService) UnstableService

NewUnstableService returns new unstable service instance.

func (UnstableService) AssertSystemRole 

func (s UnstableService) AssertSystemRole(ctx context.Context, req proto.UnstableSystemRoleAssertion) error

func (UnstableService) GetSystemRoleAssertions 

func (s UnstableService) GetSystemRoleAssertions(ctx context.Context, serverID string, assertionID string) (proto.UnstableSystemRoleAssertionSet, error)

type WindowsDesktopService 

type WindowsDesktopService struct {
	backend.Backend
}

WindowsDesktopService manages windows desktop resources in the backend.

func NewWindowsDesktopService 

func NewWindowsDesktopService(backend backend.Backend) *WindowsDesktopService

NewWindowsDesktopService creates a new WindowsDesktopsService.

func (*WindowsDesktopService) CreateWindowsDesktop 

func (s *WindowsDesktopService) CreateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

CreateWindowsDesktop creates a windows desktop resource.

func (*WindowsDesktopService) DeleteAllWindowsDesktops 

func (s *WindowsDesktopService) DeleteAllWindowsDesktops(ctx context.Context) error

DeleteAllWindowsDesktops removes all windows desktop resources.

func (*WindowsDesktopService) DeleteWindowsDesktop 

func (s *WindowsDesktopService) DeleteWindowsDesktop(ctx context.Context, hostID, name string) error

DeleteWindowsDesktop removes the specified windows desktop resource.

func (*WindowsDesktopService) GetWindowsDesktops 

func (s *WindowsDesktopService) GetWindowsDesktops(ctx context.Context, filter types.WindowsDesktopFilter) ([]types.WindowsDesktop, error)

GetWindowsDesktops returns all Windows desktops matching filter.

func (*WindowsDesktopService) ListWindowsDesktopServices 

func (s *WindowsDesktopService) ListWindowsDesktopServices(ctx context.Context, req types.ListWindowsDesktopServicesRequest) (*types.ListWindowsDesktopServicesResponse, error)

func (*WindowsDesktopService) ListWindowsDesktops 

func (s *WindowsDesktopService) ListWindowsDesktops(ctx context.Context, req types.ListWindowsDesktopsRequest) (*types.ListWindowsDesktopsResponse, error)

ListWindowsDesktops returns all Windows desktops matching filter.

func (*WindowsDesktopService) UpdateWindowsDesktop 

func (s *WindowsDesktopService) UpdateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

UpdateWindowsDesktop updates a windows desktop resource.

func (*WindowsDesktopService) UpsertWindowsDesktop 

func (s *WindowsDesktopService) UpsertWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

UpsertWindowsDesktop updates a windows desktop resource, creating it if it doesn't exist.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.