local

package
v1.2.3-fred.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 20, 2022 License: Apache-2.0 Imports: 35 Imported by: 56

Documentation

Overview

Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd

Index

Constants

View Source
const (
	// DELETE IN 9.0.0 in favor of userTokenPrefix.
	LegacyPasswordTokensPrefix = "resetpasswordtokens"
)

Variables

View Source
var GlobalSessionDataMaxEntries = 5000 // arbitrary

GlobalSessionDataMaxEntries represents the maximum number of in-flight global WebAuthn challenges for a given scope. Attempting to write more instances than the max limit causes an error. The limit is enforced separately by Auth Server instances.

Functions

func CreateResources

func CreateResources(ctx context.Context, b backend.Backend, resources ...types.Resource) error

CreateResources attempts to dynamically create the supplied resources. This function returns `trace.AlreadyExistsError` if one or more resources would be overwritten, and `trace.NotImplementedError` if any resources are of an unsupported type (see `ItemsFromResources(...)`).

NOTE: This function is non-atomic and performs no internal synchronization; backend must be locked by caller when operating in parallel environment.

func FakePaginate

FakePaginate is used when we are working with an entire list of resources upfront but still requires pagination. While applying filters, it will also deduplicate matches found.

func ItemsFromResources

func ItemsFromResources(resources ...types.Resource) ([]backend.Item, error)

ItemsFromResources attempts to convert resources into instances of backend.Item. NOTE: this is not necessarily a 1-to-1 conversion.

func ItemsToResources

func ItemsToResources(items ...backend.Item) ([]types.Resource, error)

ItemsToResources converts one or more items into one or more resources. NOTE: This is not necessarily a 1-to-1 conversion, and order is not preserved.

func NewSessionTrackerService

func NewSessionTrackerService(bk backend.Backend) (services.SessionTrackerService, error)

func WaitForEvent

func WaitForEvent(ctx context.Context, watcher types.Watcher, m EventMatcher, clock clockwork.Clock) (types.Resource, error)

WaitForEvent waits for the event matched by the specified event matcher in the given watcher.

Types

type AccessService

type AccessService struct {
	backend.Backend
}

AccessService manages roles

func NewAccessService

func NewAccessService(backend backend.Backend) *AccessService

NewAccessService returns new access service instance

func (*AccessService) CreateRole

func (s *AccessService) CreateRole(ctx context.Context, role types.Role) error

CreateRole creates a role on the backend.

func (*AccessService) DeleteAllLocks

func (s *AccessService) DeleteAllLocks(ctx context.Context) error

DeleteLock deletes all/in-force locks.

func (*AccessService) DeleteAllRoles

func (s *AccessService) DeleteAllRoles() error

DeleteAllRoles deletes all roles

func (*AccessService) DeleteLock

func (s *AccessService) DeleteLock(ctx context.Context, name string) error

DeleteLock deletes a lock.

func (*AccessService) DeleteRole

func (s *AccessService) DeleteRole(ctx context.Context, name string) error

DeleteRole deletes a role from the backend

func (*AccessService) GetLock

func (s *AccessService) GetLock(ctx context.Context, name string) (types.Lock, error)

GetLock gets a lock by name.

func (*AccessService) GetLocks

func (s *AccessService) GetLocks(ctx context.Context, inForceOnly bool, targets ...types.LockTarget) ([]types.Lock, error)

GetLocks gets all/in-force locks that match at least one of the targets when specified.

func (*AccessService) GetRole

func (s *AccessService) GetRole(ctx context.Context, name string) (types.Role, error)

GetRole returns a role by name

func (*AccessService) GetRoles

func (s *AccessService) GetRoles(ctx context.Context) ([]types.Role, error)

GetRoles returns a list of roles registered with the local auth server

func (*AccessService) ReplaceRemoteLocks

func (s *AccessService) ReplaceRemoteLocks(ctx context.Context, clusterName string, newRemoteLocks []types.Lock) error

ReplaceRemoteLocks replaces the set of locks associated with a remote cluster.

func (*AccessService) UpsertLock

func (s *AccessService) UpsertLock(ctx context.Context, lock types.Lock) error

UpsertLock upserts a lock.

func (*AccessService) UpsertRole

func (s *AccessService) UpsertRole(ctx context.Context, role types.Role) error

UpsertRole updates parameters about role

type AppService

type AppService struct {
	backend.Backend
}

AppService manages application resources in the backend.

func NewAppService

func NewAppService(backend backend.Backend) *AppService

NewAppService creates a new AppService.

func (*AppService) CreateApp

func (s *AppService) CreateApp(ctx context.Context, app types.Application) error

CreateApp creates a new application resource.

func (*AppService) DeleteAllApps

func (s *AppService) DeleteAllApps(ctx context.Context) error

DeleteAllApps removes all application resources.

func (*AppService) DeleteApp

func (s *AppService) DeleteApp(ctx context.Context, name string) error

DeleteApp removes the specified application resource.

func (*AppService) GetApp

func (s *AppService) GetApp(ctx context.Context, name string) (types.Application, error)

GetApp returns the specified application resource.

func (*AppService) GetApps

func (s *AppService) GetApps(ctx context.Context) ([]types.Application, error)

GetApps returns all application resources.

func (*AppService) UpdateApp

func (s *AppService) UpdateApp(ctx context.Context, app types.Application) error

UpdateApp updates an existing application resource.

type AssertionReplayService

type AssertionReplayService struct {
	// contains filtered or unexported fields
}

AssertionReplayService tracks used SSO assertions to mitigate replay attacks. Assertions are automatically derecognized when their signed expiry passes.

func NewAssertionReplayService

func NewAssertionReplayService(bk backend.Backend) *AssertionReplayService

NewAssertionReplayService creates a new instance of AssertionReplayService.

func (*AssertionReplayService) RecognizeSSOAssertion

func (s *AssertionReplayService) RecognizeSSOAssertion(ctx context.Context, connectorID string, assertionID string, user string, safeAfter time.Time) error

RecognizeSSOAssertion will remember a new assertion until it becomes invalid. This will error with `trace.AlreadyExists` if the assertion has been previously recognized.

`safeAfter` must be either at or after the point in time that a given SSO assertion becomes invalid in order to mitigate replay attacks. This function shouldn't be used if the assertion never verifiably expires.

type CA

type CA struct {
	backend.Backend
}

CA is local implementation of Trust service that is using local backend

func NewCAService

func NewCAService(b backend.Backend) *CA

NewCAService returns new instance of CAService

func (*CA) ActivateCertAuthority

func (s *CA) ActivateCertAuthority(id types.CertAuthID) error

ActivateCertAuthority moves a CertAuthority from the deactivated list to the normal list.

func (*CA) CompareAndSwapCertAuthority

func (s *CA) CompareAndSwapCertAuthority(new, expected types.CertAuthority) error

CompareAndSwapCertAuthority updates the cert authority value if the existing value matches expected parameter, returns nil if succeeds, trace.CompareFailed otherwise.

func (*CA) CreateCertAuthority

func (s *CA) CreateCertAuthority(ca types.CertAuthority) error

CreateCertAuthority updates or inserts a new certificate authority

func (*CA) DeactivateCertAuthority

func (s *CA) DeactivateCertAuthority(id types.CertAuthID) error

DeactivateCertAuthority moves a CertAuthority from the normal list to the deactivated list.

func (*CA) DeleteAllCertAuthorities

func (s *CA) DeleteAllCertAuthorities(caType types.CertAuthType) error

DeleteAllCertAuthorities deletes all certificate authorities of a certain type

func (*CA) DeleteCertAuthority

func (s *CA) DeleteCertAuthority(id types.CertAuthID) error

DeleteCertAuthority deletes particular certificate authority

func (*CA) GetCertAuthorities

func (s *CA) GetCertAuthorities(ctx context.Context, caType types.CertAuthType, loadSigningKeys bool, opts ...services.MarshalOption) ([]types.CertAuthority, error)

GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not

func (*CA) GetCertAuthority

func (s *CA) GetCertAuthority(ctx context.Context, id types.CertAuthID, loadSigningKeys bool, opts ...services.MarshalOption) (types.CertAuthority, error)

GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded

func (*CA) UpsertCertAuthority

func (s *CA) UpsertCertAuthority(ca types.CertAuthority) error

UpsertCertAuthority updates or inserts a new certificate authority

type ClusterConfigurationService

type ClusterConfigurationService struct {
	backend.Backend
}

ClusterConfigurationService is responsible for managing cluster configuration.

func NewClusterConfigurationService

func NewClusterConfigurationService(backend backend.Backend) (*ClusterConfigurationService, error)

NewClusterConfigurationService returns a new ClusterConfigurationService.

func (*ClusterConfigurationService) DeleteAllInstallers

func (s *ClusterConfigurationService) DeleteAllInstallers(ctx context.Context) error

DeleteAllInstallers removes all installer resources.

func (*ClusterConfigurationService) DeleteAuthPreference

func (s *ClusterConfigurationService) DeleteAuthPreference(ctx context.Context) error

DeleteAuthPreference deletes types.AuthPreference from the backend.

func (*ClusterConfigurationService) DeleteClusterAuditConfig

func (s *ClusterConfigurationService) DeleteClusterAuditConfig(ctx context.Context) error

DeleteClusterAuditConfig deletes ClusterAuditConfig from the backend.

func (*ClusterConfigurationService) DeleteClusterName

func (s *ClusterConfigurationService) DeleteClusterName() error

DeleteClusterName deletes types.ClusterName from the backend.

func (*ClusterConfigurationService) DeleteClusterNetworkingConfig

func (s *ClusterConfigurationService) DeleteClusterNetworkingConfig(ctx context.Context) error

DeleteClusterNetworkingConfig deletes ClusterNetworkingConfig from the backend.

func (*ClusterConfigurationService) DeleteInstaller

func (s *ClusterConfigurationService) DeleteInstaller(ctx context.Context, name string) error

DeleteInstaller sets the installer script to default script in the backend.

func (*ClusterConfigurationService) DeleteSessionRecordingConfig

func (s *ClusterConfigurationService) DeleteSessionRecordingConfig(ctx context.Context) error

DeleteSessionRecordingConfig deletes SessionRecordingConfig from the backend.

func (*ClusterConfigurationService) DeleteStaticTokens

func (s *ClusterConfigurationService) DeleteStaticTokens() error

DeleteStaticTokens deletes static tokens

func (*ClusterConfigurationService) GetAuthPreference

GetAuthPreference fetches the cluster authentication preferences from the backend and return them.

func (*ClusterConfigurationService) GetClusterAuditConfig

GetClusterAuditConfig gets cluster audit config from the backend.

func (*ClusterConfigurationService) GetClusterName

GetClusterName gets the name of the cluster from the backend.

func (*ClusterConfigurationService) GetClusterNetworkingConfig

GetClusterNetworkingConfig gets cluster networking config from the backend.

func (*ClusterConfigurationService) GetInstaller

func (s *ClusterConfigurationService) GetInstaller(ctx context.Context, name string) (types.Installer, error)

GetInstaller gets the script of the cluster from the backend.

func (*ClusterConfigurationService) GetInstallers

func (s *ClusterConfigurationService) GetInstallers(ctx context.Context) ([]types.Installer, error)

GetInstallers retrieves all the install scripts.

func (*ClusterConfigurationService) GetSessionRecordingConfig

GetSessionRecordingConfig gets session recording config from the backend.

func (*ClusterConfigurationService) GetStaticTokens

func (s *ClusterConfigurationService) GetStaticTokens() (types.StaticTokens, error)

GetStaticTokens gets the list of static tokens used to provision nodes.

func (*ClusterConfigurationService) SetAuthPreference

func (s *ClusterConfigurationService) SetAuthPreference(ctx context.Context, preferences types.AuthPreference) error

SetAuthPreference sets the cluster authentication preferences on the backend.

func (*ClusterConfigurationService) SetClusterAuditConfig

func (s *ClusterConfigurationService) SetClusterAuditConfig(ctx context.Context, auditConfig types.ClusterAuditConfig) error

SetClusterAuditConfig sets the cluster audit config on the backend.

func (*ClusterConfigurationService) SetClusterName

func (s *ClusterConfigurationService) SetClusterName(c types.ClusterName) error

SetClusterName sets the name of the cluster in the backend. SetClusterName can only be called once on a cluster after which it will return trace.AlreadyExists.

func (*ClusterConfigurationService) SetClusterNetworkingConfig

func (s *ClusterConfigurationService) SetClusterNetworkingConfig(ctx context.Context, netConfig types.ClusterNetworkingConfig) error

SetClusterNetworkingConfig sets the cluster networking config on the backend.

func (*ClusterConfigurationService) SetInstaller

func (s *ClusterConfigurationService) SetInstaller(ctx context.Context, ins types.Installer) error

SetInstaller sets the script of the cluster in the backend

func (*ClusterConfigurationService) SetSessionRecordingConfig

func (s *ClusterConfigurationService) SetSessionRecordingConfig(ctx context.Context, recConfig types.SessionRecordingConfig) error

SetSessionRecordingConfig sets session recording config on the backend.

func (*ClusterConfigurationService) SetStaticTokens

func (s *ClusterConfigurationService) SetStaticTokens(c types.StaticTokens) error

SetStaticTokens sets the list of static tokens used to provision nodes.

func (*ClusterConfigurationService) UpsertClusterName

func (s *ClusterConfigurationService) UpsertClusterName(c types.ClusterName) error

UpsertClusterName sets the name of the cluster in the backend.

type ConnectionDiagnosticService

type ConnectionDiagnosticService struct {
	backend.Backend
}

ConnectionDiagnosticService manages connection diagnostic resources in the backend.

func NewConnectionsDiagnosticService

func NewConnectionsDiagnosticService(backend backend.Backend) *ConnectionDiagnosticService

NewConnectionsDiagnosticService creates a new ConnectionsDiagnosticService.

func (*ConnectionDiagnosticService) AppendDiagnosticTrace

AppendDiagnosticTrace adds a Trace into the ConnectionDiagnostics. It does a CompareAndSwap to ensure atomicity.

func (*ConnectionDiagnosticService) CreateConnectionDiagnostic

func (s *ConnectionDiagnosticService) CreateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error

CreateConnectionDiagnostic creates a Connection Diagnostic resource.

func (*ConnectionDiagnosticService) GetConnectionDiagnostic

func (s *ConnectionDiagnosticService) GetConnectionDiagnostic(ctx context.Context, name string) (types.ConnectionDiagnostic, error)

GetConnectionDiagnostic receives a name and returns the Connection Diagnostic matching that name

If not found, a `trace.NotFound` error is returned

func (*ConnectionDiagnosticService) UpdateConnectionDiagnostic

func (s *ConnectionDiagnosticService) UpdateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error

UpdateConnectionDiagnostic updates a Connection Diagnostic resource.

type DatabaseService

type DatabaseService struct {
	backend.Backend
}

DatabaseService manages database resources in the backend.

func NewDatabasesService

func NewDatabasesService(backend backend.Backend) *DatabaseService

NewDatabasesService creates a new DatabasesService.

func (*DatabaseService) CreateDatabase

func (s *DatabaseService) CreateDatabase(ctx context.Context, database types.Database) error

CreateDatabase creates a new database resource.

func (*DatabaseService) DeleteAllDatabases

func (s *DatabaseService) DeleteAllDatabases(ctx context.Context) error

DeleteAllDatabases removes all database resources.

func (*DatabaseService) DeleteDatabase

func (s *DatabaseService) DeleteDatabase(ctx context.Context, name string) error

DeleteDatabase removes the specified database resource.

func (*DatabaseService) GetDatabase

func (s *DatabaseService) GetDatabase(ctx context.Context, name string) (types.Database, error)

GetDatabase returns the specified database resource.

func (*DatabaseService) GetDatabases

func (s *DatabaseService) GetDatabases(ctx context.Context) ([]types.Database, error)

GetDatabases returns all database resources.

func (*DatabaseService) UpdateDatabase

func (s *DatabaseService) UpdateDatabase(ctx context.Context, database types.Database) error

UpdateDatabase updates an existing database resource.

type DynamicAccessService

type DynamicAccessService struct {
	backend.Backend
}

DynamicAccessService manages dynamic RBAC

func NewDynamicAccessService

func NewDynamicAccessService(backend backend.Backend) *DynamicAccessService

NewDynamicAccessService returns new dynamic access service instance

func (*DynamicAccessService) ApplyAccessReview

ApplyAccessReview applies a review to a request and returns the post-application state.

func (*DynamicAccessService) CreateAccessRequest

func (s *DynamicAccessService) CreateAccessRequest(ctx context.Context, req types.AccessRequest) error

CreateAccessRequest stores a new access request.

func (*DynamicAccessService) DeleteAccessRequest

func (s *DynamicAccessService) DeleteAccessRequest(ctx context.Context, name string) error

DeleteAccessRequest deletes an access request.

func (*DynamicAccessService) DeleteAllAccessRequests

func (s *DynamicAccessService) DeleteAllAccessRequests(ctx context.Context) error

func (*DynamicAccessService) GetAccessRequest

func (s *DynamicAccessService) GetAccessRequest(ctx context.Context, name string) (types.AccessRequest, error)

func (*DynamicAccessService) GetAccessRequests

func (s *DynamicAccessService) GetAccessRequests(ctx context.Context, filter types.AccessRequestFilter) ([]types.AccessRequest, error)

GetAccessRequests gets all currently active access requests.

func (*DynamicAccessService) GetPluginData

func (s *DynamicAccessService) GetPluginData(ctx context.Context, filter types.PluginDataFilter) ([]types.PluginData, error)

GetPluginData loads all plugin data matching the supplied filter.

func (*DynamicAccessService) SetAccessRequestState

func (s *DynamicAccessService) SetAccessRequestState(ctx context.Context, params types.AccessRequestUpdate) (types.AccessRequest, error)

SetAccessRequestState updates the state of an existing access request.

func (*DynamicAccessService) UpdatePluginData

func (s *DynamicAccessService) UpdatePluginData(ctx context.Context, params types.PluginDataUpdateParams) error

UpdatePluginData updates a per-resource PluginData entry.

func (*DynamicAccessService) UpsertAccessRequest

func (s *DynamicAccessService) UpsertAccessRequest(ctx context.Context, req types.AccessRequest) error

type EventMatcher

type EventMatcher interface {
	// Match matches the specified event.
	// Returns the matched resource if successful.
	// Returns trace.CompareFailedError for no match.
	Match(types.Event) (types.Resource, error)
}

EventMatcher matches a specific resource event

type EventMatcherFunc

type EventMatcherFunc func(types.Event) (types.Resource, error)

EventMatcherFunc matches the specified resource event. Implements EventMatcher

func (EventMatcherFunc) Match

func (r EventMatcherFunc) Match(event types.Event) (types.Resource, error)

Match matches the specified resource event by applying itself

type EventsService

type EventsService struct {
	*logrus.Entry
	// contains filtered or unexported fields
}

EventsService implements service to watch for events

func NewEventsService

func NewEventsService(b backend.Backend) *EventsService

NewEventsService returns new events service instance

func (*EventsService) NewWatcher

func (e *EventsService) NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error)

NewWatcher returns a new event watcher

type IdentityService

type IdentityService struct {
	backend.Backend
	// contains filtered or unexported fields
}

IdentityService is responsible for managing web users and currently user accounts as well

func NewIdentityService

func NewIdentityService(backend backend.Backend) *IdentityService

NewIdentityService returns a new instance of IdentityService object

func (*IdentityService) AddUserLoginAttempt

func (s *IdentityService) AddUserLoginAttempt(user string, attempt services.LoginAttempt, ttl time.Duration) error

AddUserLoginAttempt logs user login attempt

func (*IdentityService) CompareAndSwapUser

func (s *IdentityService) CompareAndSwapUser(ctx context.Context, new, existing types.User) error

CompareAndSwapUser updates a user, but fails if the value (as exists in the backend) differs from the provided `existing` value. If the existing value matches, returns no error, otherwise returns `trace.CompareFailed`.

func (*IdentityService) CreateGithubAuthRequest

func (s *IdentityService) CreateGithubAuthRequest(ctx context.Context, req types.GithubAuthRequest) error

CreateGithubAuthRequest creates a new auth request for Github OAuth2 flow

func (*IdentityService) CreateOIDCAuthRequest

func (s *IdentityService) CreateOIDCAuthRequest(ctx context.Context, req types.OIDCAuthRequest, ttl time.Duration) error

CreateOIDCAuthRequest creates new auth request

func (*IdentityService) CreateSAMLAuthRequest

func (s *IdentityService) CreateSAMLAuthRequest(ctx context.Context, req types.SAMLAuthRequest, ttl time.Duration) error

CreateSAMLAuthRequest creates new auth request

func (*IdentityService) CreateSSODiagnosticInfo

func (s *IdentityService) CreateSSODiagnosticInfo(ctx context.Context, authKind string, authRequestID string, entry types.SSODiagnosticInfo) error

CreateSSODiagnosticInfo creates new SAML diagnostic info record.

func (*IdentityService) CreateUser

func (s *IdentityService) CreateUser(user types.User) error

CreateUser creates user if it does not exist.

func (*IdentityService) CreateUserRecoveryAttempt

func (s *IdentityService) CreateUserRecoveryAttempt(ctx context.Context, user string, attempt *types.RecoveryAttempt) error

CreateUserRecoveryAttempt creates new user recovery attempt.

func (*IdentityService) CreateUserToken

func (s *IdentityService) CreateUserToken(ctx context.Context, token types.UserToken) (types.UserToken, error)

CreateUserToken creates a user token.

func (*IdentityService) DeleteAllAppSessions

func (s *IdentityService) DeleteAllAppSessions(ctx context.Context) error

DeleteAllAppSessions removes all application web sessions.

func (*IdentityService) DeleteAllSnowflakeSessions

func (s *IdentityService) DeleteAllSnowflakeSessions(ctx context.Context) error

DeleteAllSnowflakeSessions removes all Snowflake web sessions.

func (*IdentityService) DeleteAllUsers

func (s *IdentityService) DeleteAllUsers() error

DeleteAllUsers deletes all users

func (*IdentityService) DeleteAppSession

func (s *IdentityService) DeleteAppSession(ctx context.Context, req types.DeleteAppSessionRequest) error

DeleteAppSession removes an application web session.

func (*IdentityService) DeleteGithubConnector

func (s *IdentityService) DeleteGithubConnector(ctx context.Context, name string) error

DeleteGithubConnector deletes the specified connector

func (*IdentityService) DeleteGlobalWebauthnSessionData

func (s *IdentityService) DeleteGlobalWebauthnSessionData(ctx context.Context, scope, id string) error

func (*IdentityService) DeleteMFADevice

func (s *IdentityService) DeleteMFADevice(ctx context.Context, user, id string) error

func (*IdentityService) DeleteOIDCConnector

func (s *IdentityService) DeleteOIDCConnector(ctx context.Context, name string) error

DeleteOIDCConnector deletes OIDC Connector by name

func (*IdentityService) DeleteSAMLConnector

func (s *IdentityService) DeleteSAMLConnector(ctx context.Context, name string) error

DeleteSAMLConnector deletes SAML Connector by name

func (*IdentityService) DeleteSnowflakeSession

func (s *IdentityService) DeleteSnowflakeSession(ctx context.Context, req types.DeleteSnowflakeSessionRequest) error

DeleteSnowflakeSession removes a Snowflake web session.

func (*IdentityService) DeleteUsedTOTPToken

func (s *IdentityService) DeleteUsedTOTPToken(user string) error

DeleteUsedTOTPToken removes the used token from the backend. This should only be used during tests.

func (*IdentityService) DeleteUser

func (s *IdentityService) DeleteUser(ctx context.Context, user string) error

DeleteUser deletes a user with all the keys from the backend

func (*IdentityService) DeleteUserAppSessions

func (s *IdentityService) DeleteUserAppSessions(ctx context.Context, req *proto.DeleteUserAppSessionsRequest) error

DeleteUserAppSessions removes all application web sessions for a particular user.

func (*IdentityService) DeleteUserLoginAttempts

func (s *IdentityService) DeleteUserLoginAttempts(user string) error

DeleteUserLoginAttempts removes all login attempts of a user. Should be called after successful login.

func (*IdentityService) DeleteUserRecoveryAttempts

func (s *IdentityService) DeleteUserRecoveryAttempts(ctx context.Context, user string) error

DeleteUserRecoveryAttempts removes all recovery attempts of a user.

func (*IdentityService) DeleteUserToken

func (s *IdentityService) DeleteUserToken(ctx context.Context, tokenID string) error

DeleteUserToken deletes user token by ID.

func (*IdentityService) DeleteWebauthnSessionData

func (s *IdentityService) DeleteWebauthnSessionData(ctx context.Context, user, sessionID string) error

func (*IdentityService) GetAppSession

GetAppSession gets an application web session.

func (*IdentityService) GetAppSessions

func (s *IdentityService) GetAppSessions(ctx context.Context) ([]types.WebSession, error)

GetAppSessions gets all application web sessions.

func (*IdentityService) GetGithubAuthRequest

func (s *IdentityService) GetGithubAuthRequest(ctx context.Context, stateToken string) (*types.GithubAuthRequest, error)

GetGithubAuthRequest retrieves Github auth request by the token

func (*IdentityService) GetGithubConnector

func (s *IdentityService) GetGithubConnector(ctx context.Context, name string, withSecrets bool) (types.GithubConnector, error)

GetGithubConnector returns a particular Github connector.

func (*IdentityService) GetGithubConnectors

func (s *IdentityService) GetGithubConnectors(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error)

GetGithubConnectors returns all configured Github connectors

func (*IdentityService) GetGlobalWebauthnSessionData

func (s *IdentityService) GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wantypes.SessionData, error)

func (*IdentityService) GetKeyAttestationData

func (s *IdentityService) GetKeyAttestationData(ctx context.Context, publicKey crypto.PublicKey) (*keys.AttestationData, error)

GetKeyAttestationData gets a verified public key attestation response.

func (*IdentityService) GetMFADevices

func (s *IdentityService) GetMFADevices(ctx context.Context, user string, withSecrets bool) ([]*types.MFADevice, error)

func (*IdentityService) GetOIDCAuthRequest

func (s *IdentityService) GetOIDCAuthRequest(ctx context.Context, stateToken string) (*types.OIDCAuthRequest, error)

GetOIDCAuthRequest returns OIDC auth request

func (*IdentityService) GetOIDCConnector

func (s *IdentityService) GetOIDCConnector(ctx context.Context, name string, withSecrets bool) (types.OIDCConnector, error)

GetOIDCConnector returns OIDC connector data, parameter 'withSecrets' includes or excludes client secret from return results

func (*IdentityService) GetOIDCConnectors

func (s *IdentityService) GetOIDCConnectors(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error)

GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results

func (*IdentityService) GetPasswordHash

func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)

GetPasswordHash returns the password hash for a given user

func (*IdentityService) GetRecoveryCodes

func (s *IdentityService) GetRecoveryCodes(ctx context.Context, user string, withSecrets bool) (*types.RecoveryCodesV1, error)

GetRecoveryCodes returns user's recovery codes.

func (*IdentityService) GetSAMLAuthRequest

func (s *IdentityService) GetSAMLAuthRequest(ctx context.Context, id string) (*types.SAMLAuthRequest, error)

GetSAMLAuthRequest returns SAML auth request if found

func (*IdentityService) GetSAMLConnector

func (s *IdentityService) GetSAMLConnector(ctx context.Context, name string, withSecrets bool) (types.SAMLConnector, error)

GetSAMLConnector returns SAML connector data, withSecrets includes or excludes secrets from return results

func (*IdentityService) GetSAMLConnectors

func (s *IdentityService) GetSAMLConnectors(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error)

GetSAMLConnectors returns registered connectors withSecrets includes or excludes private key values from return results

func (*IdentityService) GetSSODiagnosticInfo

func (s *IdentityService) GetSSODiagnosticInfo(ctx context.Context, authKind string, authRequestID string) (*types.SSODiagnosticInfo, error)

GetSSODiagnosticInfo returns SSO diagnostic info records.

func (*IdentityService) GetSnowflakeSession

GetSnowflakeSession gets an application web session.

func (*IdentityService) GetSnowflakeSessions

func (s *IdentityService) GetSnowflakeSessions(ctx context.Context) ([]types.WebSession, error)

GetSnowflakeSessions gets all Snowflake web sessions.

func (*IdentityService) GetTeleportUserByWebauthnID

func (s *IdentityService) GetTeleportUserByWebauthnID(ctx context.Context, webID []byte) (string, error)

func (*IdentityService) GetUsedTOTPToken

func (s *IdentityService) GetUsedTOTPToken(user string) (string, error)

GetUsedTOTPToken returns the last successfully used TOTP token. If no token is found zero is returned.

func (*IdentityService) GetUser

func (s *IdentityService) GetUser(user string, withSecrets bool) (types.User, error)

GetUser returns a user by name

func (*IdentityService) GetUserAppSessions

func (s *IdentityService) GetUserAppSessions(ctx context.Context, user string) ([]types.WebSession, error)

GetUserAppSessions gets all user's application sessions.

func (*IdentityService) GetUserByGithubIdentity

func (s *IdentityService) GetUserByGithubIdentity(id types.ExternalIdentity) (types.User, error)

GetUserByGithubIdentity returns the first found user with specified Github identity

func (*IdentityService) GetUserByOIDCIdentity

func (s *IdentityService) GetUserByOIDCIdentity(id types.ExternalIdentity) (types.User, error)

GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity

func (*IdentityService) GetUserBySAMLIdentity

func (s *IdentityService) GetUserBySAMLIdentity(id types.ExternalIdentity) (types.User, error)

GetUserBySAMLIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity.

func (*IdentityService) GetUserLoginAttempts

func (s *IdentityService) GetUserLoginAttempts(user string) ([]services.LoginAttempt, error)

GetUserLoginAttempts returns user login attempts

func (*IdentityService) GetUserRecoveryAttempts

func (s *IdentityService) GetUserRecoveryAttempts(ctx context.Context, user string) ([]*types.RecoveryAttempt, error)

GetUserRecoveryAttempts returns users recovery attempts.

func (*IdentityService) GetUserToken

func (s *IdentityService) GetUserToken(ctx context.Context, tokenID string) (types.UserToken, error)

GetUserToken returns a token by its ID.

func (*IdentityService) GetUserTokenSecrets

func (s *IdentityService) GetUserTokenSecrets(ctx context.Context, tokenID string) (types.UserTokenSecrets, error)

GetUserTokenSecrets returns token secrets.

func (*IdentityService) GetUserTokens

func (s *IdentityService) GetUserTokens(ctx context.Context) ([]types.UserToken, error)

GetUserTokens returns all user tokens.

func (*IdentityService) GetUsers

func (s *IdentityService) GetUsers(withSecrets bool) ([]types.User, error)

GetUsers returns a list of users registered with the local auth server

func (*IdentityService) GetWebauthnLocalAuth

func (s *IdentityService) GetWebauthnLocalAuth(ctx context.Context, user string) (*types.WebauthnLocalAuth, error)

func (*IdentityService) GetWebauthnSessionData

func (s *IdentityService) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error)

func (*IdentityService) UpdateUser

func (s *IdentityService) UpdateUser(ctx context.Context, user types.User) error

UpdateUser updates an existing user.

func (*IdentityService) UpsertAppSession

func (s *IdentityService) UpsertAppSession(ctx context.Context, session types.WebSession) error

UpsertAppSession creates an application web session.

func (*IdentityService) UpsertGithubConnector

func (s *IdentityService) UpsertGithubConnector(ctx context.Context, connector types.GithubConnector) error

UpsertGithubConnector creates or updates a Github connector

func (*IdentityService) UpsertGlobalWebauthnSessionData

func (s *IdentityService) UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wantypes.SessionData) error

func (*IdentityService) UpsertKeyAttestationData

func (s *IdentityService) UpsertKeyAttestationData(ctx context.Context, attestationData *keys.AttestationData, ttl time.Duration) error

UpsertKeyAttestationData upserts a verified public key attestation response.

func (*IdentityService) UpsertMFADevice

func (s *IdentityService) UpsertMFADevice(ctx context.Context, user string, d *types.MFADevice) error

func (*IdentityService) UpsertOIDCConnector

func (s *IdentityService) UpsertOIDCConnector(ctx context.Context, connector types.OIDCConnector) error

UpsertOIDCConnector upserts OIDC Connector

func (*IdentityService) UpsertPassword

func (s *IdentityService) UpsertPassword(user string, password []byte) error

UpsertPassword upserts new password hash into a backend.

func (*IdentityService) UpsertPasswordHash

func (s *IdentityService) UpsertPasswordHash(username string, hash []byte) error

UpsertPasswordHash upserts user password hash

func (*IdentityService) UpsertRecoveryCodes

func (s *IdentityService) UpsertRecoveryCodes(ctx context.Context, user string, recovery *types.RecoveryCodesV1) error

UpsertRecoveryCodes creates or updates user's account recovery codes. Each recovery code are hashed before upsert.

func (*IdentityService) UpsertSAMLConnector

func (s *IdentityService) UpsertSAMLConnector(ctx context.Context, connector types.SAMLConnector) error

UpsertSAMLConnector upserts SAML Connector

func (*IdentityService) UpsertSnowflakeSession

func (s *IdentityService) UpsertSnowflakeSession(ctx context.Context, session types.WebSession) error

UpsertSnowflakeSession creates a Snowflake web session.

func (*IdentityService) UpsertUsedTOTPToken

func (s *IdentityService) UpsertUsedTOTPToken(user string, otpToken string) error

UpsertUsedTOTPToken upserts a TOTP token to the backend so it can't be used again during the 30 second window it's valid.

func (*IdentityService) UpsertUser

func (s *IdentityService) UpsertUser(user types.User) error

UpsertUser updates parameters about user, or creates an entry if not exist.

func (*IdentityService) UpsertUserTokenSecrets

func (s *IdentityService) UpsertUserTokenSecrets(ctx context.Context, secrets types.UserTokenSecrets) error

UpsertUserTokenSecrets upserts token secrets

func (*IdentityService) UpsertWebauthnLocalAuth

func (s *IdentityService) UpsertWebauthnLocalAuth(ctx context.Context, user string, wla *types.WebauthnLocalAuth) error

func (*IdentityService) UpsertWebauthnSessionData

func (s *IdentityService) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error

func (*IdentityService) WebSessions

func (s *IdentityService) WebSessions() types.WebSessionInterface

WebSessions returns the web sessions manager.

func (*IdentityService) WebTokens

func (s *IdentityService) WebTokens() types.WebTokenInterface

WebTokens returns the web token manager.

type KubernetesService

type KubernetesService struct {
	backend.Backend
}

KubernetesService manages kubernetes resources in the backend.

func NewKubernetesService

func NewKubernetesService(backend backend.Backend) *KubernetesService

NewKubernetesService creates a new KubernetesService.

func (*KubernetesService) CreateKubernetesCluster

func (s *KubernetesService) CreateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error

CreateKubernetesCluster creates a new kubernetes cluster resource.

func (*KubernetesService) DeleteAllKubernetesClusters

func (s *KubernetesService) DeleteAllKubernetesClusters(ctx context.Context) error

DeleteAllKubernetesClusters removes all kubernetes cluster resources.

func (*KubernetesService) DeleteKubernetesCluster

func (s *KubernetesService) DeleteKubernetesCluster(ctx context.Context, name string) error

DeleteKubernetesCluster removes the specified kubernetes cluster resource.

func (*KubernetesService) GetKubernetesCluster

func (s *KubernetesService) GetKubernetesCluster(ctx context.Context, name string) (types.KubeCluster, error)

GetKubernetesCluster returns the specified kubernetes cluster resource.

func (*KubernetesService) GetKubernetesClusters

func (s *KubernetesService) GetKubernetesClusters(ctx context.Context) ([]types.KubeCluster, error)

GetKubernetesClusters returns all kubernetes cluster resources.

func (*KubernetesService) UpdateKubernetesCluster

func (s *KubernetesService) UpdateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error

UpdateKubernetesCluster updates an existing kubernetes cluster resource.

type NoopEnforcer

type NoopEnforcer struct{}

NoopEnforcer is a no-op enforcer.

func NewNoopEnforcer

func NewNoopEnforcer() *NoopEnforcer

NewNoopEnforcer returns a new no-op enforcer.

func (*NoopEnforcer) GetLicenseCheckResult

func (r *NoopEnforcer) GetLicenseCheckResult(ctx context.Context) (*types.Heartbeat, error)

GetLicenseCheckResult returns the default heartbeat.

type PresenceService

type PresenceService struct {
	backend.Backend
	// contains filtered or unexported fields
}

PresenceService records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes

func NewPresenceService

func NewPresenceService(b backend.Backend) *PresenceService

NewPresenceService returns new presence service instance

func (*PresenceService) AcquireSemaphore

AcquireSemaphore attempts to acquire the specified semaphore. AcquireSemaphore will automatically handle retry on contention. If the semaphore has already reached MaxLeases, or there is too much contention, a LimitExceeded error is returned (contention in this context means concurrent attempts to update the *same* semaphore, separate semaphores can be modified concurrently without issue). Note that this function is the only semaphore method that handles retries internally. This is because this method both blocks user-facing operations, and contains multiple different potential contention points.

func (*PresenceService) CancelSemaphoreLease

func (s *PresenceService) CancelSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error

CancelSemaphoreLease cancels semaphore lease early.

func (*PresenceService) CreateRemoteCluster

func (s *PresenceService) CreateRemoteCluster(rc types.RemoteCluster) error

CreateRemoteCluster creates remote cluster

func (*PresenceService) DeleteAllApplicationServers

func (s *PresenceService) DeleteAllApplicationServers(ctx context.Context, namespace string) error

DeleteAllApplicationServers removes all registered application servers.

func (*PresenceService) DeleteAllAuthServers

func (s *PresenceService) DeleteAllAuthServers() error

DeleteAllAuthServers deletes all auth servers

func (*PresenceService) DeleteAllDatabaseServers

func (s *PresenceService) DeleteAllDatabaseServers(ctx context.Context, namespace string) error

DeleteAllDatabaseServers removes all registered database proxy servers.

func (*PresenceService) DeleteAllKubeServices

func (s *PresenceService) DeleteAllKubeServices(ctx context.Context) error

DeleteAllKubeServices deletes all registered kubernetes services. DELETE IN 13.0. Deprecated, use DeleteAllKubernetesServers.

func (*PresenceService) DeleteAllKubernetesServers

func (s *PresenceService) DeleteAllKubernetesServers(ctx context.Context) error

DeleteAllKubernetesServers removes all registered kubernetes servers.

func (*PresenceService) DeleteAllNamespaces

func (s *PresenceService) DeleteAllNamespaces() error

DeleteAllNamespaces deletes all namespaces

func (*PresenceService) DeleteAllNodes

func (s *PresenceService) DeleteAllNodes(ctx context.Context, namespace string) error

DeleteAllNodes deletes all nodes in a namespace

func (*PresenceService) DeleteAllProxies

func (s *PresenceService) DeleteAllProxies() error

DeleteAllProxies deletes all proxies

func (*PresenceService) DeleteAllRemoteClusters

func (s *PresenceService) DeleteAllRemoteClusters() error

DeleteAllRemoteClusters deletes all remote clusters

func (*PresenceService) DeleteAllReverseTunnels

func (s *PresenceService) DeleteAllReverseTunnels() error

DeleteAllReverseTunnels deletes all reverse tunnels

func (*PresenceService) DeleteAllTunnelConnections

func (s *PresenceService) DeleteAllTunnelConnections() error

DeleteAllTunnelConnections deletes all tunnel connections

func (*PresenceService) DeleteAllWindowsDesktopServices

func (s *PresenceService) DeleteAllWindowsDesktopServices(ctx context.Context) error

DeleteAllWindowsDesktopServices removes all registered Windows desktop services.

func (*PresenceService) DeleteApplicationServer

func (s *PresenceService) DeleteApplicationServer(ctx context.Context, namespace, hostID, name string) error

DeleteApplicationServer removes specified application server.

func (*PresenceService) DeleteAuthServer

func (s *PresenceService) DeleteAuthServer(name string) error

DeleteAuthServer deletes auth server by name

func (*PresenceService) DeleteDatabaseServer

func (s *PresenceService) DeleteDatabaseServer(ctx context.Context, namespace, hostID, name string) error

DeleteDatabaseServer removes the specified database proxy server.

func (*PresenceService) DeleteKubeService

func (s *PresenceService) DeleteKubeService(ctx context.Context, name string) error

DeleteKubeService deletes a named kubernetes service. DELETE IN 13.0. Deprecated, use DeleteKubernetesServer.

func (*PresenceService) DeleteKubernetesServer

func (s *PresenceService) DeleteKubernetesServer(ctx context.Context, hostID, name string) error

DeleteKubernetesServer removes specified kubernetes server.

func (*PresenceService) DeleteNamespace

func (s *PresenceService) DeleteNamespace(namespace string) error

DeleteNamespace deletes a namespace with all the keys from the backend

func (*PresenceService) DeleteNode

func (s *PresenceService) DeleteNode(ctx context.Context, namespace string, name string) error

DeleteNode deletes node

func (*PresenceService) DeleteProxy

func (s *PresenceService) DeleteProxy(name string) error

DeleteProxy deletes proxy

func (*PresenceService) DeleteRemoteCluster

func (s *PresenceService) DeleteRemoteCluster(clusterName string) error

DeleteRemoteCluster deletes remote cluster by name

func (*PresenceService) DeleteReverseTunnel

func (s *PresenceService) DeleteReverseTunnel(clusterName string) error

DeleteReverseTunnel deletes reverse tunnel by it's cluster name

func (*PresenceService) DeleteSemaphore

func (s *PresenceService) DeleteSemaphore(ctx context.Context, filter types.SemaphoreFilter) error

DeleteSemaphore deletes a semaphore matching the supplied filter

func (*PresenceService) DeleteTrustedCluster

func (s *PresenceService) DeleteTrustedCluster(ctx context.Context, name string) error

DeleteTrustedCluster removes a TrustedCluster from the backend by name.

func (*PresenceService) DeleteTunnelConnection

func (s *PresenceService) DeleteTunnelConnection(clusterName, connectionName string) error

DeleteTunnelConnection deletes tunnel connection by name

func (*PresenceService) DeleteTunnelConnections

func (s *PresenceService) DeleteTunnelConnections(clusterName string) error

DeleteTunnelConnections deletes all tunnel connections for cluster

func (*PresenceService) DeleteWindowsDesktopService

func (s *PresenceService) DeleteWindowsDesktopService(ctx context.Context, name string) error

DeleteWindowsDesktopService removes the specified Windows desktop service.

func (*PresenceService) GetAllTunnelConnections

func (s *PresenceService) GetAllTunnelConnections(opts ...services.MarshalOption) ([]types.TunnelConnection, error)

GetAllTunnelConnections returns all tunnel connections

func (*PresenceService) GetApplicationServers

func (s *PresenceService) GetApplicationServers(ctx context.Context, namespace string) ([]types.AppServer, error)

GetApplicationServers returns all registered application servers.

func (*PresenceService) GetAuthServers

func (s *PresenceService) GetAuthServers() ([]types.Server, error)

GetAuthServers returns a list of registered servers

func (*PresenceService) GetDatabaseServers

func (s *PresenceService) GetDatabaseServers(ctx context.Context, namespace string, opts ...services.MarshalOption) ([]types.DatabaseServer, error)

GetDatabaseServers returns all registered database proxy servers.

func (*PresenceService) GetHostUserInteractionTime

func (s *PresenceService) GetHostUserInteractionTime(ctx context.Context, name string) (time.Time, error)

GetHostUserInteractionTime retrieves a unix user's interaction time

func (*PresenceService) GetKubeServices

func (s *PresenceService) GetKubeServices(ctx context.Context) ([]types.Server, error)

GetKubeServices returns a list of registered kubernetes services.

func (*PresenceService) GetKubernetesServers

func (s *PresenceService) GetKubernetesServers(ctx context.Context) ([]types.KubeServer, error)

GetKubernetesServers returns all registered kubernetes servers.

func (*PresenceService) GetNamespace

func (s *PresenceService) GetNamespace(name string) (*types.Namespace, error)

GetNamespace returns a namespace by name

func (*PresenceService) GetNamespaces

func (s *PresenceService) GetNamespaces() ([]types.Namespace, error)

GetNamespaces returns a list of namespaces

func (*PresenceService) GetNode

func (s *PresenceService) GetNode(ctx context.Context, namespace, name string) (types.Server, error)

GetNode returns a node by name and namespace.

func (*PresenceService) GetNodes

func (s *PresenceService) GetNodes(ctx context.Context, namespace string) ([]types.Server, error)

GetNodes returns a list of registered servers

func (*PresenceService) GetProxies

func (s *PresenceService) GetProxies() ([]types.Server, error)

GetProxies returns a list of registered proxies

func (*PresenceService) GetRemoteCluster

func (s *PresenceService) GetRemoteCluster(clusterName string) (types.RemoteCluster, error)

GetRemoteCluster returns a remote cluster by name

func (*PresenceService) GetRemoteClusters

func (s *PresenceService) GetRemoteClusters(opts ...services.MarshalOption) ([]types.RemoteCluster, error)

GetRemoteClusters returns a list of remote clusters

func (*PresenceService) GetReverseTunnel

func (s *PresenceService) GetReverseTunnel(name string, opts ...services.MarshalOption) (types.ReverseTunnel, error)

GetReverseTunnel returns reverse tunnel by name

func (*PresenceService) GetReverseTunnels

func (s *PresenceService) GetReverseTunnels(ctx context.Context, opts ...services.MarshalOption) ([]types.ReverseTunnel, error)

GetReverseTunnels returns a list of registered servers

func (*PresenceService) GetSemaphores

func (s *PresenceService) GetSemaphores(ctx context.Context, filter types.SemaphoreFilter) ([]types.Semaphore, error)

GetSemaphores returns all semaphores matching the supplied filter.

func (*PresenceService) GetTrustedCluster

func (s *PresenceService) GetTrustedCluster(ctx context.Context, name string) (types.TrustedCluster, error)

GetTrustedCluster returns a single TrustedCluster by name.

func (*PresenceService) GetTrustedClusters

func (s *PresenceService) GetTrustedClusters(ctx context.Context) ([]types.TrustedCluster, error)

GetTrustedClusters returns all TrustedClusters in the backend.

func (*PresenceService) GetTunnelConnection

func (s *PresenceService) GetTunnelConnection(clusterName, connectionName string, opts ...services.MarshalOption) (types.TunnelConnection, error)

GetTunnelConnection returns connection by cluster name and connection name

func (*PresenceService) GetTunnelConnections

func (s *PresenceService) GetTunnelConnections(clusterName string, opts ...services.MarshalOption) ([]types.TunnelConnection, error)

GetTunnelConnections returns connections for a trusted cluster

func (*PresenceService) GetWindowsDesktopService

func (s *PresenceService) GetWindowsDesktopService(ctx context.Context, name string) (types.WindowsDesktopService, error)

func (*PresenceService) GetWindowsDesktopServices

func (s *PresenceService) GetWindowsDesktopServices(ctx context.Context) ([]types.WindowsDesktopService, error)

GetWindowsDesktopServices returns all registered Windows desktop services.

func (*PresenceService) KeepAliveNode

func (s *PresenceService) KeepAliveNode(ctx context.Context, h types.KeepAlive) error

DELETE IN: 5.1.0.

This logic has been moved to KeepAliveServer.

KeepAliveNode updates node expiry

func (*PresenceService) KeepAliveSemaphoreLease

func (s *PresenceService) KeepAliveSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error

KeepAliveSemaphoreLease updates semaphore lease, if the lease expiry is updated, semaphore is renewed

func (*PresenceService) KeepAliveServer

func (s *PresenceService) KeepAliveServer(ctx context.Context, h types.KeepAlive) error

KeepAliveServer updates expiry time of a server resource.

func (*PresenceService) ListResources

ListResources returns a paginated list of resources. It implements various filtering for scenarios where the call comes directly here (without passing through the RBAC).

func (*PresenceService) UpdateRemoteCluster

func (s *PresenceService) UpdateRemoteCluster(ctx context.Context, rc types.RemoteCluster) error

UpdateRemoteCluster updates selected remote cluster fields: expiry and labels other changed fields will be ignored by the method

func (*PresenceService) UpsertApplicationServer

func (s *PresenceService) UpsertApplicationServer(ctx context.Context, server types.AppServer) (*types.KeepAlive, error)

UpsertApplicationServer registers an application server.

func (*PresenceService) UpsertAuthServer

func (s *PresenceService) UpsertAuthServer(server types.Server) error

UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertDatabaseServer

func (s *PresenceService) UpsertDatabaseServer(ctx context.Context, server types.DatabaseServer) (*types.KeepAlive, error)

UpsertDatabaseServer registers new database proxy server.

func (*PresenceService) UpsertHostUserInteractionTime

func (s *PresenceService) UpsertHostUserInteractionTime(ctx context.Context, name string, loginTime time.Time) error

UpsertHostUserInteractionTime upserts a unix user's interaction time

func (*PresenceService) UpsertKubeService

func (s *PresenceService) UpsertKubeService(ctx context.Context, server types.Server) error

UpsertKubeService registers kubernetes service presence. DELETE IN 11.0. Deprecated, use UpsertKubeServiceV2.

func (*PresenceService) UpsertKubeServiceV2

func (s *PresenceService) UpsertKubeServiceV2(ctx context.Context, server types.Server) (*types.KeepAlive, error)

UpsertKubeServiceV2 registers kubernetes service presence.

func (*PresenceService) UpsertKubernetesServer

func (s *PresenceService) UpsertKubernetesServer(ctx context.Context, server types.KubeServer) (*types.KeepAlive, error)

UpsertKubernetesServer registers an kubernetes server.

func (*PresenceService) UpsertNamespace

func (s *PresenceService) UpsertNamespace(n types.Namespace) error

UpsertNamespace upserts namespace

func (*PresenceService) UpsertNode

func (s *PresenceService) UpsertNode(ctx context.Context, server types.Server) (*types.KeepAlive, error)

UpsertNode registers node presence, permanently if TTL is 0 or for the specified duration with second resolution if it's >= 1 second.

func (*PresenceService) UpsertProxy

func (s *PresenceService) UpsertProxy(server types.Server) error

UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertReverseTunnel

func (s *PresenceService) UpsertReverseTunnel(tunnel types.ReverseTunnel) error

UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently

func (*PresenceService) UpsertTrustedCluster

func (s *PresenceService) UpsertTrustedCluster(ctx context.Context, trustedCluster types.TrustedCluster) (types.TrustedCluster, error)

UpsertTrustedCluster creates or updates a TrustedCluster in the backend.

func (*PresenceService) UpsertTunnelConnection

func (s *PresenceService) UpsertTunnelConnection(conn types.TunnelConnection) error

UpsertTunnelConnection updates or creates tunnel connection

func (*PresenceService) UpsertWindowsDesktopService

func (s *PresenceService) UpsertWindowsDesktopService(ctx context.Context, srv types.WindowsDesktopService) (*types.KeepAlive, error)

UpsertWindowsDesktopService registers new Windows desktop service.

type ProvisioningService

type ProvisioningService struct {
	backend.Backend
}

ProvisioningService governs adding new nodes to the cluster

func NewProvisioningService

func NewProvisioningService(backend backend.Backend) *ProvisioningService

NewProvisioningService returns a new instance of provisioning service

func (*ProvisioningService) CreateToken

CreateToken creates a new token for the auth server

func (*ProvisioningService) DeleteAllTokens

func (s *ProvisioningService) DeleteAllTokens() error

DeleteAllTokens deletes all provisioning tokens

func (*ProvisioningService) DeleteToken

func (s *ProvisioningService) DeleteToken(ctx context.Context, token string) error

DeleteToken deletes a token by ID

func (*ProvisioningService) GetToken

func (s *ProvisioningService) GetToken(ctx context.Context, token string) (types.ProvisionToken, error)

GetToken finds and returns token by ID

func (*ProvisioningService) GetTokens

GetTokens returns all active (non-expired) provisioning tokens

func (*ProvisioningService) UpsertToken

UpsertToken adds provisioning tokens for the auth server

type RestrictionsService

type RestrictionsService struct {
	backend.Backend
}

RestrictionsService manages restrictions to be enforced by restricted shell

func NewRestrictionsService

func NewRestrictionsService(backend backend.Backend) *RestrictionsService

NewRestrictionsService creates a new RestrictionsService

func (*RestrictionsService) DeleteNetworkRestrictions

func (s *RestrictionsService) DeleteNetworkRestrictions(ctx context.Context) error

SetNetworkRestrictions upserts NetworkRestrictions

func (*RestrictionsService) GetNetworkRestrictions

func (s *RestrictionsService) GetNetworkRestrictions(ctx context.Context) (types.NetworkRestrictions, error)

func (*RestrictionsService) SetNetworkRestrictions

func (s *RestrictionsService) SetNetworkRestrictions(ctx context.Context, nr types.NetworkRestrictions) error

SetNetworkRestrictions upserts NetworkRestrictions

type Status

type Status interface {
	GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error)
	UpsertClusterAlert(ctx context.Context, alert types.ClusterAlert) error
	DeleteClusterAlert(ctx context.Context, alertID string) error
}

Status service manages alerts.

type StatusService

type StatusService struct {
	backend.Backend
	// contains filtered or unexported fields
}

StatusService manages cluster status info.

func NewStatusService

func NewStatusService(bk backend.Backend) *StatusService

func (*StatusService) DeleteClusterAlert

func (s *StatusService) DeleteClusterAlert(ctx context.Context, alertID string) error

func (*StatusService) GetClusterAlerts

func (s *StatusService) GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error)

func (*StatusService) UpsertClusterAlert

func (s *StatusService) UpsertClusterAlert(ctx context.Context, alert types.ClusterAlert) error

type UnstableService

type UnstableService struct {
	backend.Backend
	*AssertionReplayService
}

UnstableService is a catch-all for unstable backend operations related to migrations/compatibility that don't fit into, or merit the change of, one of the primary service interfaces.

func NewUnstableService

func NewUnstableService(backend backend.Backend, assertion *AssertionReplayService) UnstableService

NewUnstableService returns new unstable service instance.

func (UnstableService) AssertSystemRole

func (UnstableService) GetSystemRoleAssertions

func (s UnstableService) GetSystemRoleAssertions(ctx context.Context, serverID string, assertionID string) (proto.UnstableSystemRoleAssertionSet, error)

type WindowsDesktopService

type WindowsDesktopService struct {
	backend.Backend
}

WindowsDesktopService manages windows desktop resources in the backend.

func NewWindowsDesktopService

func NewWindowsDesktopService(backend backend.Backend) *WindowsDesktopService

NewWindowsDesktopService creates a new WindowsDesktopsService.

func (*WindowsDesktopService) CreateWindowsDesktop

func (s *WindowsDesktopService) CreateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

CreateWindowsDesktop creates a windows desktop resource.

func (*WindowsDesktopService) DeleteAllWindowsDesktops

func (s *WindowsDesktopService) DeleteAllWindowsDesktops(ctx context.Context) error

DeleteAllWindowsDesktops removes all windows desktop resources.

func (*WindowsDesktopService) DeleteWindowsDesktop

func (s *WindowsDesktopService) DeleteWindowsDesktop(ctx context.Context, hostID, name string) error

DeleteWindowsDesktop removes the specified windows desktop resource.

func (*WindowsDesktopService) GetWindowsDesktops

func (s *WindowsDesktopService) GetWindowsDesktops(ctx context.Context, filter types.WindowsDesktopFilter) ([]types.WindowsDesktop, error)

GetWindowsDesktops returns all Windows desktops matching filter.

func (*WindowsDesktopService) ListWindowsDesktops

ListWindowsDesktops returns all Windows desktops matching filter.

func (*WindowsDesktopService) UpdateWindowsDesktop

func (s *WindowsDesktopService) UpdateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

UpdateWindowsDesktop updates a windows desktop resource.

func (*WindowsDesktopService) UpsertWindowsDesktop

func (s *WindowsDesktopService) UpsertWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

UpsertWindowsDesktop updates a windows desktop resource, creating it if it doesn't exist.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL