defaults

package
v1.2.3-fred.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 20, 2022 License: Apache-2.0 Imports: 13 Imported by: 840

Documentation

Overview

Package defaults contains default constants set in various parts of teleport codebase

Index

Constants

View Source 
const (
	// Web UI over HTTP(s)
	HTTPListenPort = 3080

	// When running in "SSH Server" mode behind a proxy, this
	// listening port will be used to connect users to:
	SSHServerListenPort = 3022

	// When running in "SSH Proxy" role this port will be used to
	// accept incoming client connections and proxy them to SSHServerListenPort of
	// one of many SSH nodes
	SSHProxyListenPort = 3023

	SSHProxyTunnelListenPort = defaults.SSHProxyTunnelListenPort

	// KubeListenPort is a default port for kubernetes proxies
	KubeListenPort = 3026

	// When running as a "SSH Proxy" this port will be used to
	// serve auth requests.
	AuthListenPort = 3025

	// MySQLListenPort is the default listen port for MySQL proxy.
	MySQLListenPort = 3036

	// PostgresListenPort is the default listen port for PostgreSQL proxy.
	PostgresListenPort = 5432

	// MongoListenPort is the default listen port for Mongo proxy.
	MongoListenPort = 27017

	// RedisListenPort is the default listen port for Redis proxy.
	RedisListenPort = 6379

	// MetricsListenPort is the default listen port for the metrics service.
	MetricsListenPort = 3081

	// WindowsDesktopListenPort is the default listed port for
	// windows_desktop_service.
	//
	// TODO(awly): update to match HTTPListenPort once SNI routing is
	// implemented.
	WindowsDesktopListenPort = 3028

	// ProxyPeeringListenPort is the default port proxies will listen on when
	// proxy peering is enabled.
	ProxyPeeringListenPort = 3021

	// RDPListenPort is the standard port for RDP servers.
	RDPListenPort = 3389

	// BackendDir is a default backend subdirectory
	BackendDir = "backend"

	// BackendPath is a default backend path parameter
	BackendPath = "path"

	// By default SSH server (and SSH proxy) will bind to this IP
	BindIP = "0.0.0.0"

	// By default all users use /bin/bash
	DefaultShell = "/bin/bash"

	// InviteTokenTTL sets the lifespan of tokens used for adding nodes and users
	// to a cluster
	InviteTokenTTL = 15 * time.Minute

	// HTTPMaxIdleConns is the max idle connections across all hosts.
	HTTPMaxIdleConns = 2000

	// HTTPMaxIdleConnsPerHost is the max idle connections per-host.
	HTTPMaxIdleConnsPerHost = 1000

	// HTTPMaxConnsPerHost is the maximum number of connections per-host.
	HTTPMaxConnsPerHost = 250

	// HTTPIdleTimeout is a default timeout for idle HTTP connections
	HTTPIdleTimeout = 30 * time.Second

	// HTTPRequestTimeout is a default timeout for HTTP requests
	HTTPRequestTimeout = 30 * time.Second

	// WebHeadersTimeout is a timeout that is set for web requests
	// before browsers raise "Timeout waiting web headers" error in
	// the browser
	WebHeadersTimeout = 10 * time.Second

	// DefaultIdleConnectionDuration indicates for how long Teleport will hold
	// the SSH connection open if there are no reads/writes happening over it.
	// 15 minutes default is compliant with PCI DSS standards
	DefaultIdleConnectionDuration = 15 * time.Minute

	// DefaultGracefulShutdownTimeout is a default timeout for
	// graceful shutdown waiting for connections to drain off
	// before cutting the connections forcefully.
	DefaultGracefulShutdownTimeout = 5 * time.Minute

	// ShutdownPollPeriod is a polling period for graceful shutdowns of SSH servers
	ShutdownPollPeriod = 500 * time.Millisecond

	// ReadHeadersTimeout is a default TCP timeout when we wait
	// for the response headers to arrive
	ReadHeadersTimeout = time.Second

	// DatabaseConnectTimeout is a timeout for connecting to a database via
	// database access.
	DatabaseConnectTimeout = time.Minute

	// HandshakeReadDeadline is the default time to wait for the client during
	// the TLS handshake.
	HandshakeReadDeadline = 5 * time.Second

	// SignupTokenTTL is a default TTL for a web signup one time token
	SignupTokenTTL = time.Hour

	// MaxSignupTokenTTL is a maximum TTL for a web signup one time token
	// clients can reduce this time, not increase it
	MaxSignupTokenTTL = 48 * time.Hour

	// MaxChangePasswordTokenTTL is a maximum TTL for password change token
	MaxChangePasswordTokenTTL = 24 * time.Hour

	// ChangePasswordTokenTTL is a default password change token expiry time
	ChangePasswordTokenTTL = 8 * time.Hour

	// DefaultRenewableCertTTL is the default TTL for a renewable user certificate.
	DefaultRenewableCertTTL = 1 * time.Hour

	// MaxRenewableCertTTL is the maximum TTL that a certificate renewal bot
	// can request for a renewable user certificate.
	MaxRenewableCertTTL = 24 * time.Hour

	// DefaultBotJoinTTL is the default TTL for bot join tokens.
	DefaultBotJoinTTL = 1 * time.Hour

	// RecoveryStartTokenTTL is a default expiry time for a recovery start token.
	RecoveryStartTokenTTL = 3 * time.Hour

	// RecoveryApprovedTokenTTL is a default expiry time for a recovery approved token.
	RecoveryApprovedTokenTTL = 15 * time.Minute

	// PrivilegeTokenTTL is a default expiry time for a privilege token.
	PrivilegeTokenTTL = 5 * time.Minute

	// ResetPasswordLength is the length of the reset user password
	ResetPasswordLength = 16

	// ProvisioningTokenTTL is a the default TTL for server provisioning
	// tokens. When a user generates a token without an explicit TTL, this
	// value is used.
	ProvisioningTokenTTL = 30 * time.Minute

	// MinPasswordLength is minimum password length
	MinPasswordLength = 6

	// MaxPasswordLength is maximum password length (for sanity)
	MaxPasswordLength = 128

	// IterationLimit is a default limit if it's not set
	IterationLimit = 100

	// MaxIterationLimit is max iteration limit
	MaxIterationLimit = 1000

	// EventsIterationLimit is a default limit if it's not set for events
	EventsIterationLimit = 500

	// EventsIterationLimit is max iteration limit for events
	EventsMaxIterationLimit = 10000

	// ActiveSessionTTL is a TTL when session is marked as inactive
	ActiveSessionTTL = 30 * time.Second

	// OIDCAuthRequestTTL is TTL of internally stored auth request created by client
	OIDCAuthRequestTTL = 10 * 60 * time.Second

	// SAMLAuthRequestTTL is TTL of internally stored auth request created by client
	SAMLAuthRequestTTL = 10 * 60 * time.Second

	// GithubAuthRequestTTL is TTL of internally stored Github auth request
	GithubAuthRequestTTL = 10 * 60 * time.Second

	// LogRotationPeriod defines how frequently to rotate the audit log file
	LogRotationPeriod = time.Hour * 24

	// UploaderScanPeriod is a default uploader scan period
	UploaderScanPeriod = 5 * time.Second

	// UploaderConcurrentUploads is a default number of concurrent
	UploaderConcurrentUploads = 10

	// MaxLoginAttempts sets the max. number of allowed failed login attempts
	// before a user account is locked for AccountLockInterval
	MaxLoginAttempts int = 5

	// MaxAccountRecoveryAttempts sets the max number of allowed failed recovery attempts
	// before a user is locked from login and further recovery attempts for AccountLockInterval.
	MaxAccountRecoveryAttempts = 3

	// AccountLockInterval defines a time interval during which a user account
	// is locked after MaxLoginAttempts
	AccountLockInterval = 20 * time.Minute

	// AttemptTTL is TTL for login attempt
	AttemptTTL = time.Minute * 30

	// AuditLogTimeFormat is the format for the timestamp on audit log files.
	AuditLogTimeFormat = "2006-01-02.15:04:05"

	// PlaybackRecycleTTL is the TTL for unpacked session playback files
	PlaybackRecycleTTL = 3 * time.Hour

	// WaitCopyTimeout is how long Teleport will wait for a session to finish
	// copying data from the PTY after "exit-status" has been received.
	WaitCopyTimeout = 5 * time.Second

	// ClientCacheSize is the size of the RPC clients expiring cache
	ClientCacheSize = 1024

	// Localhost is the address of localhost. Used for the default binding
	// address for port forwarding.
	Localhost = "127.0.0.1"

	// AnyAddress is used to refer to the non-routable meta-address used to
	// refer to all addresses on the machine.
	AnyAddress = "0.0.0.0"

	// CallbackTimeout is how long to wait for a response from SSO provider
	// before timeout.
	CallbackTimeout = 180 * time.Second

	// ConcurrentUploadsPerStream limits the amount of concurrent uploads
	// per stream
	ConcurrentUploadsPerStream = 1

	// InactivityFlushPeriod is a period of inactivity
	// that triggers upload of the data - flush.
	InactivityFlushPeriod = 5 * time.Minute

	// NodeJoinTokenTTL is when a token for nodes expires.
	NodeJoinTokenTTL = 4 * time.Hour

	// LockMaxStaleness is the maximum staleness for cached lock resources
	// to be deemed acceptable for strict locking mode.
	LockMaxStaleness = 5 * time.Minute

	// DefaultRedisUsername is a default username used by Redis when
	// no name is provided at connection time.
	DefaultRedisUsername = "default"

	// AbandonedUploadPollingRate defines how often to check for
	// abandoned uploads which need to be completed.
	AbandonedUploadPollingRate = defaults.SessionTrackerTTL / 6

	// ProxyPingInterval is the interval ping messages are going to be sent.
	// This is only applicable for TLS routing protocols that support ping
	// wrapping.
	ProxyPingInterval = 30 * time.Second
)

Default port numbers used by all teleport tools

View Source 
const (
	// LimiterMaxConnections Number of max. simultaneous connections to a service
	LimiterMaxConnections = 15000

	// LimiterMaxConcurrentUsers Number of max. simultaneous connected users/logins
	LimiterMaxConcurrentUsers = 250

	// LimiterMaxConcurrentSignatures limits maximum number of concurrently
	// generated signatures by the auth server
	LimiterMaxConcurrentSignatures = 10
)

Default connection limits, they can be applied separately on any of the Teleport services (SSH, auth, proxy)

View Source 
const (
	// LimiterPasswordlessPeriod is the default period for passwordless limiters.
	LimiterPasswordlessPeriod = 1 * time.Minute
	// LimiterPasswordlessAverage is the default average for passwordless
	// limiters.
	LimiterPasswordlessAverage = 10
	// LimiterPasswordlessBurst is the default burst for passwordless limiters.
	LimiterPasswordlessBurst = 20
)

Default rate limits for unauthenticated passwordless endpoints.

View Source 
const (
	// HostCertCacheSize is the number of host certificates to cache at any moment.
	HostCertCacheSize = 4000

	// HostCertCacheTime is how long a certificate stays in the cache.
	HostCertCacheTime = 24 * time.Hour
)
View Source 
const (
	// RotationGracePeriod is a default rotation period for graceful
	// certificate rotations, by default to set to maximum allowed user
	// cert duration
	RotationGracePeriod = defaults.MaxCertDuration

	// PendingAccessDuration defines the expiry of a pending access request.
	PendingAccessDuration = time.Hour

	// MaxAccessDuration defines the maximum time for which an access request
	// can be active.
	MaxAccessDuration = defaults.MaxCertDuration
)
View Source 
const (
	// RoleNode is SSH stateless node
	RoleNode = "node"
	// RoleProxy is a stateless SSH access proxy (bastion)
	RoleProxy = "proxy"
	// RoleAuthService is authentication and authorization service,
	// the only stateful role in the system
	RoleAuthService = "auth"
	// RoleApp is an application proxy.
	RoleApp = "app"
	// RoleDatabase is a database proxy role.
	RoleDatabase = "db"
	// RoleWindowsDesktop is a Windows desktop service.
	RoleWindowsDesktop = "windowsdesktop"
	// RoleDiscovery is a discovery service
	RoleDiscovery = "discovery"
)

list of roles teleport service can run as:

View Source 
const (
	// ProtocolPostgres is the PostgreSQL database protocol.
	ProtocolPostgres = "postgres"
	// ProtocolMySQL is the MySQL/MariaDB database protocol.
	ProtocolMySQL = "mysql"
	// ProtocolMongoDB is the MongoDB database protocol.
	ProtocolMongoDB = "mongodb"
	// ProtocolRedis is the Redis database protocol.
	ProtocolRedis = "redis"
	// ProtocolCockroachDB is the CockroachDB database protocol.
	//
	// Technically it's the same as the Postgres protocol, but it's used to
	// differentiate between Cockroach and Postgres databases e.g. when
	// selecting a CLI client to use.
	ProtocolCockroachDB = "cockroachdb"
	// ProtocolSQLServer is the Microsoft SQL Server database protocol.
	ProtocolSQLServer = "sqlserver"
	// ProtocolSnowflake is the Snowflake REST database protocol.
	ProtocolSnowflake = "snowflake"
	// ProtocolCassandra is the Cassandra database protocol.
	ProtocolCassandra = "cassandra"
	// ProtocolElasticsearch is the Elasticsearch database protocol.
	ProtocolElasticsearch = "elasticsearch"
)
View Source 
const (
	// PerfBufferPageCount is the size of the perf ring buffer in number of pages.
	// Must be power of 2.
	PerfBufferPageCount = 8

	// OpenPerfBufferPageCount is the page count for the perf buffer. Open
	// events generate many events so this buffer needs to be extra large.
	// Must be power of 2.
	OpenPerfBufferPageCount = 128

	// CgroupPath is where the cgroupv2 hierarchy will be mounted.
	CgroupPath = "/cgroup2"
)
View Source 
const (
	// WebauthnChallengeTimeout is the timeout for ongoing Webauthn authentication
	// or registration challenges.
	WebauthnChallengeTimeout = 5 * time.Minute
	// WebauthnGlobalChallengeTimeout is the timeout for global authentication
	// challenges.
	// Stricter than WebauthnChallengeTimeout because global challenges are
	// anonymous.
	WebauthnGlobalChallengeTimeout = 1 * time.Minute
)
View Source 
const (
	// path to a self-signed TLS PRIVATE key file for HTTPS connection for the web proxy
	SelfSignedKeyPath = "webproxy_key.pem"
	// path to a self-signed TLS PUBLIC key file for HTTPS connection for the web proxy
	SelfSignedPubPath = "webproxy_pub.pem"
	// path to a self-signed TLS cert file for HTTPS connection for the web proxy
	SelfSignedCertPath = "webproxy_cert.pem"
)

TLS constants for Web Proxy HTTPS connection

View Source 
const (
	// WebsocketVersion is the version of the protocol.
	WebsocketVersion = "1"

	// WebsocketClose is sent when the SSH session is over without any errors.
	WebsocketClose = "c"

	// WebsocketAudit is sending a audit event over the websocket to the web client.
	WebsocketAudit = "a"

	// WebsocketRaw is sending raw terminal bytes over the websocket to the web
	// client.
	WebsocketRaw = "r"

	// WebsocketResize is receiving a resize request.
	WebsocketResize = "w"

	// WebsocketWebauthnChallenge is sending a webauthn challenge.
	WebsocketWebauthnChallenge = "n"
)
View Source 
const (
	DiffieHellmanGroup14SHA1 = "diffie-hellman-group14-sha1"
	DiffieHellmanGroup1SHA1  = "diffie-hellman-group1-sha1"
	HMACSHA1                 = "hmac-sha1"
	HMACSHA196               = "hmac-sha1-96"
)

The following are cryptographic primitives Teleport does not support in it's default configuration.

View Source 
const (
	// ApplicationTokenKeyType is the type of asymmetric key used to sign tokens.
	// See https://tools.ietf.org/html/rfc7518#section-6.1 for possible values.
	ApplicationTokenKeyType = "RSA"
	// ApplicationTokenAlgorithm is the default algorithm used to sign
	// application access tokens.
	ApplicationTokenAlgorithm = jose.RS256
)
View Source 
const (
	// TeleportConfigVersionV1 is the teleport proxy configuration v1 version.
	TeleportConfigVersionV1 string = "v1"
	// TeleportConfigVersionV2 is the teleport proxy configuration v2 version.
	TeleportConfigVersionV2 string = "v2"
	// TeleportConfigVersionV3 is the teleport proxy configuration v3 version.
	TeleportConfigVersionV3 string = "v3"
)
View Source 
const (
	// Use more human readable format than RFC3339
	TshTctlSessionListTimeFormat = "2006-01-02"
	TshTctlSessionListLimit      = "50"
	TshTctlSessionDayLimit       = 365
)

Default values for tsh and tctl commands.

View Source 
const (
	// AWSInstallerDocument is the name of the default AWS document
	// that will be called when executing the SSM command.
	AWSInstallerDocument = "TeleportDiscoveryInstaller"
	// IAMInviteTokenName is the name of the default Teleport IAM
	// token to use when templating the script to be executed.
	IAMInviteTokenName = "aws-discovery-iam-token"
)
View Source 
const CATTL = time.Hour * 24 * 365 * 10

CATTL is a default lifetime of a CA certificate

View Source 
const (
	// LookaheadBufSize is a reasonable buffer size for decoders that need
	// to buffer for the purposes of lookahead (e.g. `YAMLOrJSONDecoder`).
	LookaheadBufSize = 32 * 1024
)
View Source 
const (
	// ServiceName is the default PAM policy to use if one is not passed in
	// configuration.
	ServiceName = "sshd"
)
View Source 
const (
	// SnowflakeURL is the Snowflake URL used for address validation.
	SnowflakeURL = "snowflakecomputing.com"
)

Variables

View Source 
var (
	// ResyncInterval is how often tunnels are resynced.
	ResyncInterval = 5 * time.Second

	// TerminalResizePeriod is how long tsh waits before updating the size of the
	// terminal window.
	TerminalResizePeriod = 2 * time.Second

	// SessionRefreshPeriod is how often session data is updated on the backend.
	// The web client polls this information about session to update the UI.
	//
	// TODO(klizhentas): All polling periods should go away once backend supports
	// events.
	SessionRefreshPeriod = 2 * time.Second

	// SessionIdlePeriod is the period of inactivity after which the
	// session will be considered idle
	SessionIdlePeriod = SessionRefreshPeriod * 10

	// NetworkBackoffDuration is a standard backoff on network requests
	// usually is slow, e.g. once in 30 seconds
	NetworkBackoffDuration = time.Second * 30

	// AuditBackoffTimeout is a time out before audit logger will
	// start losing events
	AuditBackoffTimeout = 5 * time.Second

	// NetworkRetryDuration is a standard retry on network requests
	// to retry quickly, e.g. once in one second
	NetworkRetryDuration = time.Second

	// FastAttempts is the initial amount of fast retry attempts
	// before switching to slow mode
	FastAttempts = 10

	// ReportingPeriod is a period for reports in logs
	ReportingPeriod = 5 * time.Minute

	// HighResPollingPeriod is a default high resolution polling period
	HighResPollingPeriod = 10 * time.Second

	// HeartbeatCheckPeriod is a period between heartbeat status checks
	HeartbeatCheckPeriod = 5 * time.Second

	// LowResPollingPeriod is a default low resolution polling period
	LowResPollingPeriod = 600 * time.Second

	// HighResReportingPeriod is a high resolution polling reporting
	// period used in services
	HighResReportingPeriod = 10 * time.Second

	// DiskAlertThreshold is the disk space alerting threshold.
	DiskAlertThreshold = 90

	// DiskAlertInterval is disk space check interval.
	DiskAlertInterval = 5 * time.Minute

	// AuthQueueSize is auth service queue size
	AuthQueueSize = 8192

	// ProxyQueueSize is proxy service queue size
	ProxyQueueSize = 8192

	// NodeQueueSize is node service queue size
	NodeQueueSize = 128

	// KubernetesQueueSize is kubernetes service watch queue size
	KubernetesQueueSize = 128

	// AppsQueueSize is apps service queue size.
	AppsQueueSize = 128

	// DatabasesQueueSize is db service queue size.
	DatabasesQueueSize = 128

	// WindowsDesktopQueueSize is windows_desktop service watch queue size.
	WindowsDesktopQueueSize = 128

	// DiscoveryQueueSize is discovery service queue size.
	DiscoveryQueueSize = 128

	// SessionControlTimeout is the maximum amount of time a controlled session
	// may persist after contact with the auth server is lost (sessctl semaphore
	// leases are refreshed at a rate of ~1/2 this duration).
	SessionControlTimeout = time.Minute * 2

	// AsyncBufferSize is a default buffer size for async emitters
	AsyncBufferSize = 1024

	// MaxWatcherBackoff is the maximum retry time a watcher should use in
	// the event of connection issues
	MaxWatcherBackoff = time.Minute

	// PrometheusScrapeInterval is the default time interval for prometheus scrapes. Used for metric update periods.
	PrometheusScrapeInterval = 15 * time.Second
)
View Source 
var (
	// ConfigFilePath is default path to teleport config file
	ConfigFilePath = "/etc/teleport.yaml"

	// DataDir is where all mutable data is stored (user keys, recorded sessions,
	// registered SSH servers, etc):
	DataDir = "/var/lib/teleport"

	// StartRoles is default roles teleport assumes when started via 'start' command
	StartRoles = []string{RoleProxy, RoleNode, RoleAuthService, RoleApp, RoleDatabase}

	// ConfigEnvar is a name of teleport's configuration environment variable
	ConfigEnvar = "TELEPORT_CONFIG"

	// ConfigFileEnvar is the name of the environment variable used to specify a path to
	// the Teleport configuration file that tctl reads on use
	ConfigFileEnvar = "TELEPORT_CONFIG_FILE"

	// LicenseFile is the default name of the license file
	LicenseFile = "license.pem"

	// CACertFile is the default name of the certificate authority file to watch
	CACertFile = "ca.cert"

	// Krb5FilePath is the default location of Kerberos configuration file.
	Krb5FilePath = "/etc/krb5.conf"
)
View Source 
var (
	// FIPSCipherSuites is a list of supported FIPS compliant TLS cipher suites.
	FIPSCipherSuites = []uint16{

		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	}

	// FIPSCiphers is a list of supported FIPS compliant SSH ciphers.
	FIPSCiphers = []string{
		"aes128-ctr",
		"aes192-ctr",
		"aes256-ctr",
		"aes128-gcm@openssh.com",
	}

	// FIPSKEXAlgorithms is a list of supported FIPS compliant SSH kex algorithms.
	FIPSKEXAlgorithms = []string{
		"ecdh-sha2-nistp256",
		"ecdh-sha2-nistp384",
		"echd-sha2-nistp521",
	}

	// FIPSMACAlgorithms is a list of supported FIPS compliant SSH mac algorithms.
	FIPSMACAlgorithms = []string{
		"hmac-sha2-256-etm@openssh.com",
		"hmac-sha2-256",
	}
)
View Source 
var DatabaseProtocols = []string{
	ProtocolPostgres,
	ProtocolMySQL,
	ProtocolMongoDB,
	ProtocolCockroachDB,
	ProtocolRedis,
	ProtocolSnowflake,
	ProtocolSQLServer,
	ProtocolCassandra,
	ProtocolElasticsearch,
}

DatabaseProtocols is a list of all supported database protocols.

View Source 
var DefaultFormats = []string{teleport.Text, teleport.JSON, teleport.YAML}

DefaultFormats is the default set of formats to use for commands that have the --format flag.

View Source 
var TeleportConfigVersions = []string{
	TeleportConfigVersionV1,
	TeleportConfigVersionV2,
	TeleportConfigVersionV3,
}

TeleportConfigVersions is an exported slice of the allowed versions in the config file, for convenience (looping through, etc)

Functions

func AuthConnectAddr 

func AuthConnectAddr() *utils.NetAddr

AuthConnectAddr returns the default address to search for auth. service on

func AuthListenAddr 

func AuthListenAddr() *utils.NetAddr

AuthListenAddr returns the default listening address for the Auth service

func CheckPasswordLimiter 

func CheckPasswordLimiter() *limiter.Limiter

CheckPasswordLimiter creates a rate limit that can be used to slow down requests that come to the check password endpoint.

func ConfigureLimiter 

func ConfigureLimiter(lc *limiter.Config)

ConfigureLimiter assigns the default parameters to a connection throttler (AKA limiter)

func FormatFlagDescription 

func FormatFlagDescription(formats ...string) string

FormatFlagDescription creates the description for the --format flag.

func HTTPClient 

func HTTPClient() (*http.Client, error)

Transport returns a new http.Client with sensible defaults.

func KubeProxyListenAddr 

func KubeProxyListenAddr() *utils.NetAddr

KubeProxyListenAddr returns the default listening address for the Kubernetes Proxy service

func MetricsServiceListenAddr 

func MetricsServiceListenAddr() *utils.NetAddr

MetricsServiceListenAddr returns the default listening address for the metrics service

func ProxyListenAddr 

func ProxyListenAddr() *utils.NetAddr

ProxyListenAddr returns the default listening address for the SSH Proxy service

func ProxyPeeringListenAddr 

func ProxyPeeringListenAddr() *utils.NetAddr

func ProxyWebListenAddr 

func ProxyWebListenAddr() *utils.NetAddr

ProxyWebListenAddr returns the default listening address for the Web-based SSH Proxy service

func ReadableDatabaseProtocol 

func ReadableDatabaseProtocol(p string) string

ReadableDatabaseProtocol returns a more human readable string of the provided database protocol.

func ReverseTunnelListenAddr 

func ReverseTunnelListenAddr() *utils.NetAddr

ReverseTunnelListenAddr returns the default listening address for the SSH Proxy service used by the SSH nodes to establish proxy<->ssh_node connection from behind a firewall which blocks inbound connecions to ssh_nodes

func SSHServerListenAddr 

func SSHServerListenAddr() *utils.NetAddr

SSHServerListenAddr returns the default listening address for the Web-based SSH Proxy service

func SearchSessionRange 

func SearchSessionRange(clock clockwork.Clock, fromUTC, toUTC, recordingsSince string) (from time.Time, to time.Time, err error)

func Transport 

func Transport() (*http.Transport, error)

Transport returns a new http.RoundTripper with sensible defaults.

func ValidateConfigVersion 

func ValidateConfigVersion(version string) error

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.