Documentation ¶
Overview ¶
Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd
Index ¶
- func CreateResources(ctx context.Context, b backend.Backend, resources ...services.Resource) error
- func ItemsFromResources(resources ...services.Resource) ([]backend.Item, error)
- func ItemsToResources(items ...backend.Item) ([]services.Resource, error)
- type AccessService
- func (s *AccessService) CreateRole(role services.Role) error
- func (s *AccessService) DeleteAllRoles() error
- func (s *AccessService) DeleteRole(name string) error
- func (s *AccessService) GetRole(name string) (services.Role, error)
- func (s *AccessService) GetRoles() ([]services.Role, error)
- func (s *AccessService) UpsertRole(role services.Role) error
- type CA
- func (s *CA) ActivateCertAuthority(id services.CertAuthID) error
- func (s *CA) CompareAndSwapCertAuthority(new, existing services.CertAuthority) error
- func (s *CA) CreateCertAuthority(ca services.CertAuthority) error
- func (s *CA) DeactivateCertAuthority(id services.CertAuthID) error
- func (s *CA) DeleteAllCertAuthorities(caType services.CertAuthType) error
- func (s *CA) DeleteCertAuthority(id services.CertAuthID) error
- func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool, ...) ([]services.CertAuthority, error)
- func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool, opts ...services.MarshalOption) (services.CertAuthority, error)
- func (s *CA) UpsertCertAuthority(ca services.CertAuthority) error
- type ClusterConfigurationService
- func (s *ClusterConfigurationService) DeleteClusterConfig() error
- func (s *ClusterConfigurationService) DeleteClusterName() error
- func (s *ClusterConfigurationService) DeleteStaticTokens() error
- func (s *ClusterConfigurationService) GetAuthPreference() (services.AuthPreference, error)
- func (s *ClusterConfigurationService) GetClusterConfig(opts ...services.MarshalOption) (services.ClusterConfig, error)
- func (s *ClusterConfigurationService) GetClusterName(opts ...services.MarshalOption) (services.ClusterName, error)
- func (s *ClusterConfigurationService) GetStaticTokens() (services.StaticTokens, error)
- func (s *ClusterConfigurationService) SetAuthPreference(preferences services.AuthPreference) error
- func (s *ClusterConfigurationService) SetClusterConfig(c services.ClusterConfig) error
- func (s *ClusterConfigurationService) SetClusterName(c services.ClusterName) error
- func (s *ClusterConfigurationService) SetStaticTokens(c services.StaticTokens) error
- func (s *ClusterConfigurationService) UpsertClusterName(c services.ClusterName) error
- type DynamicAccessService
- func (s *DynamicAccessService) CreateAccessRequest(ctx context.Context, req services.AccessRequest) error
- func (s *DynamicAccessService) DeleteAccessRequest(ctx context.Context, name string) error
- func (s *DynamicAccessService) DeleteAllAccessRequests(ctx context.Context) error
- func (s *DynamicAccessService) GetAccessRequest(ctx context.Context, name string) (services.AccessRequest, error)
- func (s *DynamicAccessService) GetAccessRequests(ctx context.Context, filter services.AccessRequestFilter) ([]services.AccessRequest, error)
- func (s *DynamicAccessService) GetPluginData(ctx context.Context, filter services.PluginDataFilter) ([]services.PluginData, error)
- func (s *DynamicAccessService) SetAccessRequestState(ctx context.Context, name string, state services.RequestState) error
- func (s *DynamicAccessService) UpdatePluginData(ctx context.Context, params services.PluginDataUpdateParams) error
- func (s *DynamicAccessService) UpsertAccessRequest(ctx context.Context, req services.AccessRequest) error
- type EventsService
- type IdentityService
- func (s *IdentityService) AddUserLoginAttempt(user string, attempt services.LoginAttempt, ttl time.Duration) error
- func (s *IdentityService) CreateGithubAuthRequest(req services.GithubAuthRequest) error
- func (s *IdentityService) CreateGithubConnector(connector services.GithubConnector) error
- func (s *IdentityService) CreateOIDCAuthRequest(req services.OIDCAuthRequest, ttl time.Duration) error
- func (s *IdentityService) CreateResetPasswordToken(ctx context.Context, token services.ResetPasswordToken) (services.ResetPasswordToken, error)
- func (s *IdentityService) CreateSAMLAuthRequest(req services.SAMLAuthRequest, ttl time.Duration) error
- func (s *IdentityService) CreateSAMLConnector(connector services.SAMLConnector) error
- func (s *IdentityService) CreateUser(user services.User) error
- func (s *IdentityService) DeleteAllUsers() error
- func (s *IdentityService) DeleteGithubConnector(name string) error
- func (s *IdentityService) DeleteOIDCConnector(name string) error
- func (s *IdentityService) DeleteResetPasswordToken(ctx context.Context, tokenID string) error
- func (s *IdentityService) DeleteSAMLConnector(name string) error
- func (s *IdentityService) DeleteUsedTOTPToken(user string) error
- func (s *IdentityService) DeleteUser(ctx context.Context, user string) error
- func (s *IdentityService) DeleteUserLoginAttempts(user string) error
- func (s *IdentityService) DeleteWebSession(user, sid string) error
- func (s *IdentityService) GetGithubAuthRequest(stateToken string) (*services.GithubAuthRequest, error)
- func (s *IdentityService) GetGithubConnector(name string, withSecrets bool) (services.GithubConnector, error)
- func (s *IdentityService) GetGithubConnectors(withSecrets bool) ([]services.GithubConnector, error)
- func (s *IdentityService) GetHOTP(user string) (*hotp.HOTP, error)
- func (s *IdentityService) GetOIDCAuthRequest(stateToken string) (*services.OIDCAuthRequest, error)
- func (s *IdentityService) GetOIDCConnector(name string, withSecrets bool) (services.OIDCConnector, error)
- func (s *IdentityService) GetOIDCConnectors(withSecrets bool) ([]services.OIDCConnector, error)
- func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)
- func (s *IdentityService) GetResetPasswordToken(ctx context.Context, tokenID string) (services.ResetPasswordToken, error)
- func (s *IdentityService) GetResetPasswordTokenSecrets(ctx context.Context, tokenID string) (services.ResetPasswordTokenSecrets, error)
- func (s *IdentityService) GetResetPasswordTokens(ctx context.Context) ([]services.ResetPasswordToken, error)
- func (s *IdentityService) GetSAMLAuthRequest(id string) (*services.SAMLAuthRequest, error)
- func (s *IdentityService) GetSAMLConnector(name string, withSecrets bool) (services.SAMLConnector, error)
- func (s *IdentityService) GetSAMLConnectors(withSecrets bool) ([]services.SAMLConnector, error)
- func (s *IdentityService) GetTOTP(user string) (string, error)
- func (s *IdentityService) GetU2FRegisterChallenge(token string) (*u2f.Challenge, error)
- func (s *IdentityService) GetU2FRegistration(user string) (*u2f.Registration, error)
- func (s *IdentityService) GetU2FRegistrationCounter(user string) (uint32, error)
- func (s *IdentityService) GetU2FSignChallenge(user string) (*u2f.Challenge, error)
- func (s *IdentityService) GetUsedTOTPToken(user string) (string, error)
- func (s *IdentityService) GetUser(user string, withSecrets bool) (services.User, error)
- func (s *IdentityService) GetUserByGithubIdentity(id services.ExternalIdentity) (services.User, error)
- func (s *IdentityService) GetUserByOIDCIdentity(id services.ExternalIdentity) (services.User, error)
- func (s *IdentityService) GetUserBySAMLIdentity(id services.ExternalIdentity) (services.User, error)
- func (s *IdentityService) GetUserLoginAttempts(user string) ([]services.LoginAttempt, error)
- func (s *IdentityService) GetUsers(withSecrets bool) ([]services.User, error)
- func (s *IdentityService) GetWebSession(user, sid string) (services.WebSession, error)
- func (s *IdentityService) UpdateUser(ctx context.Context, user services.User) error
- func (s *IdentityService) UpsertGithubConnector(connector services.GithubConnector) error
- func (s *IdentityService) UpsertHOTP(user string, otp *hotp.HOTP) error
- func (s *IdentityService) UpsertOIDCConnector(connector services.OIDCConnector) error
- func (s *IdentityService) UpsertPassword(user string, password []byte) error
- func (s *IdentityService) UpsertPasswordHash(username string, hash []byte) error
- func (s *IdentityService) UpsertResetPasswordTokenSecrets(ctx context.Context, secrets services.ResetPasswordTokenSecrets) error
- func (s *IdentityService) UpsertSAMLConnector(connector services.SAMLConnector) error
- func (s *IdentityService) UpsertTOTP(user string, secretKey string) error
- func (s *IdentityService) UpsertU2FRegisterChallenge(token string, u2fChallenge *u2f.Challenge) error
- func (s *IdentityService) UpsertU2FRegistration(user string, u2fReg *u2f.Registration) error
- func (s *IdentityService) UpsertU2FRegistrationCounter(user string, counter uint32) error
- func (s *IdentityService) UpsertU2FSignChallenge(user string, challenge *u2f.Challenge) error
- func (s *IdentityService) UpsertUsedTOTPToken(user string, otpToken string) error
- func (s *IdentityService) UpsertUser(user services.User) error
- func (s *IdentityService) UpsertWebSession(user, sid string, session services.WebSession) error
- type PresenceService
- func (s *PresenceService) CreateRemoteCluster(rc services.RemoteCluster) error
- func (s *PresenceService) DeleteAllAuthServers() error
- func (s *PresenceService) DeleteAllNamespaces() error
- func (s *PresenceService) DeleteAllNodes(namespace string) error
- func (s *PresenceService) DeleteAllProxies() error
- func (s *PresenceService) DeleteAllRemoteClusters() error
- func (s *PresenceService) DeleteAllReverseTunnels() error
- func (s *PresenceService) DeleteAllTunnelConnections() error
- func (s *PresenceService) DeleteAuthServer(name string) error
- func (s *PresenceService) DeleteNamespace(namespace string) error
- func (s *PresenceService) DeleteNode(namespace string, name string) error
- func (s *PresenceService) DeleteProxy(name string) error
- func (s *PresenceService) DeleteRemoteCluster(clusterName string) error
- func (s *PresenceService) DeleteReverseTunnel(clusterName string) error
- func (s *PresenceService) DeleteTrustedCluster(name string) error
- func (s *PresenceService) DeleteTunnelConnection(clusterName, connectionName string) error
- func (s *PresenceService) DeleteTunnelConnections(clusterName string) error
- func (s *PresenceService) GetAllTunnelConnections(opts ...services.MarshalOption) ([]services.TunnelConnection, error)
- func (s *PresenceService) GetAuthServers() ([]services.Server, error)
- func (s *PresenceService) GetLocalClusterName() (string, error)
- func (s *PresenceService) GetNamespace(name string) (*services.Namespace, error)
- func (s *PresenceService) GetNamespaces() ([]services.Namespace, error)
- func (s *PresenceService) GetNodes(namespace string, opts ...services.MarshalOption) ([]services.Server, error)
- func (s *PresenceService) GetProxies() ([]services.Server, error)
- func (s *PresenceService) GetRemoteCluster(clusterName string) (services.RemoteCluster, error)
- func (s *PresenceService) GetRemoteClusters(opts ...services.MarshalOption) ([]services.RemoteCluster, error)
- func (s *PresenceService) GetReverseTunnel(name string, opts ...services.MarshalOption) (services.ReverseTunnel, error)
- func (s *PresenceService) GetReverseTunnels(opts ...services.MarshalOption) ([]services.ReverseTunnel, error)
- func (s *PresenceService) GetTrustedCluster(name string) (services.TrustedCluster, error)
- func (s *PresenceService) GetTrustedClusters() ([]services.TrustedCluster, error)
- func (s *PresenceService) GetTunnelConnection(clusterName, connectionName string, opts ...services.MarshalOption) (services.TunnelConnection, error)
- func (s *PresenceService) GetTunnelConnections(clusterName string, opts ...services.MarshalOption) ([]services.TunnelConnection, error)
- func (s *PresenceService) KeepAliveNode(ctx context.Context, h services.KeepAlive) error
- func (s *PresenceService) UpsertAuthServer(server services.Server) error
- func (s *PresenceService) UpsertLocalClusterName(name string) error
- func (s *PresenceService) UpsertNamespace(n services.Namespace) error
- func (s *PresenceService) UpsertNode(server services.Server) (*services.KeepAlive, error)
- func (s *PresenceService) UpsertNodes(namespace string, servers []services.Server) error
- func (s *PresenceService) UpsertProxy(server services.Server) error
- func (s *PresenceService) UpsertReverseTunnel(tunnel services.ReverseTunnel) error
- func (s *PresenceService) UpsertTrustedCluster(trustedCluster services.TrustedCluster) (services.TrustedCluster, error)
- func (s *PresenceService) UpsertTunnelConnection(conn services.TunnelConnection) error
- type ProvisioningService
- func (s *ProvisioningService) DeleteAllTokens() error
- func (s *ProvisioningService) DeleteToken(token string) error
- func (s *ProvisioningService) GetToken(token string) (services.ProvisionToken, error)
- func (s *ProvisioningService) GetTokens(opts ...services.MarshalOption) ([]services.ProvisionToken, error)
- func (s *ProvisioningService) UpsertToken(p services.ProvisionToken) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateResources ¶
CreateResources attempts to dynamically create the supplied resources. This function returns `trace.AlreadyExistsError` if one or more resources would be overwritten, and `trace.NotImplementedError` if any resources are of an unsupported type (see `ItemsFromResources(...)`).
NOTE: This function is non-atomic and performs no internal synchronization; backend must be locked by caller when operating in parallel environment.
func ItemsFromResources ¶
ItemsFromResources attempts to convert resources into instances of backend.Item. NOTE: this is not necessarily a 1-to-1 conversion.
Types ¶
type AccessService ¶
AccessService manages roles
func NewAccessService ¶
func NewAccessService(backend backend.Backend) *AccessService
NewAccessService returns new access service instance
func (*AccessService) CreateRole ¶
func (s *AccessService) CreateRole(role services.Role) error
CreateRole creates a role on the backend.
func (*AccessService) DeleteAllRoles ¶
func (s *AccessService) DeleteAllRoles() error
DeleteAllRoles deletes all roles
func (*AccessService) DeleteRole ¶
func (s *AccessService) DeleteRole(name string) error
DeleteRole deletes a role from the backend
func (*AccessService) GetRole ¶
func (s *AccessService) GetRole(name string) (services.Role, error)
GetRole returns a role by name
func (*AccessService) GetRoles ¶
func (s *AccessService) GetRoles() ([]services.Role, error)
GetRoles returns a list of roles registered with the local auth server
func (*AccessService) UpsertRole ¶
func (s *AccessService) UpsertRole(role services.Role) error
UpsertRole updates parameters about role
type CA ¶
CA is local implementation of Trust service that is using local backend
func NewCAService ¶
NewCAService returns new instance of CAService
func (*CA) ActivateCertAuthority ¶
func (s *CA) ActivateCertAuthority(id services.CertAuthID) error
ActivateCertAuthority moves a CertAuthority from the deactivated list to the normal list.
func (*CA) CompareAndSwapCertAuthority ¶
func (s *CA) CompareAndSwapCertAuthority(new, existing services.CertAuthority) error
CompareAndSwapCertAuthority updates the cert authority value if the existing value matches existing parameter, returns nil if succeeds, trace.CompareFailed otherwise.
func (*CA) CreateCertAuthority ¶
func (s *CA) CreateCertAuthority(ca services.CertAuthority) error
CreateCertAuthority updates or inserts a new certificate authority
func (*CA) DeactivateCertAuthority ¶
func (s *CA) DeactivateCertAuthority(id services.CertAuthID) error
DeactivateCertAuthority moves a CertAuthority from the normal list to the deactivated list.
func (*CA) DeleteAllCertAuthorities ¶
func (s *CA) DeleteAllCertAuthorities(caType services.CertAuthType) error
DeleteAllCertAuthorities deletes all certificate authorities of a certain type
func (*CA) DeleteCertAuthority ¶
func (s *CA) DeleteCertAuthority(id services.CertAuthID) error
DeleteCertAuthority deletes particular certificate authority
func (*CA) GetCertAuthorities ¶
func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool, opts ...services.MarshalOption) ([]services.CertAuthority, error)
GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not
func (*CA) GetCertAuthority ¶
func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool, opts ...services.MarshalOption) (services.CertAuthority, error)
GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded
func (*CA) UpsertCertAuthority ¶
func (s *CA) UpsertCertAuthority(ca services.CertAuthority) error
UpsertCertAuthority updates or inserts a new certificate authority
type ClusterConfigurationService ¶
ClusterConfigurationService is responsible for managing cluster configuration.
func NewClusterConfigurationService ¶
func NewClusterConfigurationService(backend backend.Backend) *ClusterConfigurationService
NewClusterConfigurationService returns a new ClusterConfigurationService.
func (*ClusterConfigurationService) DeleteClusterConfig ¶
func (s *ClusterConfigurationService) DeleteClusterConfig() error
DeleteClusterConfig deletes services.ClusterConfig from the backend.
func (*ClusterConfigurationService) DeleteClusterName ¶
func (s *ClusterConfigurationService) DeleteClusterName() error
DeleteClusterName deletes services.ClusterName from the backend.
func (*ClusterConfigurationService) DeleteStaticTokens ¶
func (s *ClusterConfigurationService) DeleteStaticTokens() error
DeleteStaticTokens deletes static tokens
func (*ClusterConfigurationService) GetAuthPreference ¶
func (s *ClusterConfigurationService) GetAuthPreference() (services.AuthPreference, error)
GetAuthPreference fetches the cluster authentication preferences from the backend and return them.
func (*ClusterConfigurationService) GetClusterConfig ¶
func (s *ClusterConfigurationService) GetClusterConfig(opts ...services.MarshalOption) (services.ClusterConfig, error)
GetClusterConfig gets services.ClusterConfig from the backend.
func (*ClusterConfigurationService) GetClusterName ¶
func (s *ClusterConfigurationService) GetClusterName(opts ...services.MarshalOption) (services.ClusterName, error)
GetClusterName gets the name of the cluster from the backend.
func (*ClusterConfigurationService) GetStaticTokens ¶
func (s *ClusterConfigurationService) GetStaticTokens() (services.StaticTokens, error)
GetStaticTokens gets the list of static tokens used to provision nodes.
func (*ClusterConfigurationService) SetAuthPreference ¶
func (s *ClusterConfigurationService) SetAuthPreference(preferences services.AuthPreference) error
SetAuthPreference sets the cluster authentication preferences on the backend.
func (*ClusterConfigurationService) SetClusterConfig ¶
func (s *ClusterConfigurationService) SetClusterConfig(c services.ClusterConfig) error
SetClusterConfig sets services.ClusterConfig on the backend.
func (*ClusterConfigurationService) SetClusterName ¶
func (s *ClusterConfigurationService) SetClusterName(c services.ClusterName) error
SetClusterName sets the name of the cluster in the backend. SetClusterName can only be called once on a cluster after which it will return trace.AlreadyExists.
func (*ClusterConfigurationService) SetStaticTokens ¶
func (s *ClusterConfigurationService) SetStaticTokens(c services.StaticTokens) error
SetStaticTokens sets the list of static tokens used to provision nodes.
func (*ClusterConfigurationService) UpsertClusterName ¶
func (s *ClusterConfigurationService) UpsertClusterName(c services.ClusterName) error
UpsertClusterName sets the name of the cluster in the backend.
type DynamicAccessService ¶
DynamicAccessService manages dynamic RBAC
func NewDynamicAccessService ¶
func NewDynamicAccessService(backend backend.Backend) *DynamicAccessService
NewDynamicAccessService returns new dynamic access service instance
func (*DynamicAccessService) CreateAccessRequest ¶
func (s *DynamicAccessService) CreateAccessRequest(ctx context.Context, req services.AccessRequest) error
CreateAccessRequest stores a new access request.
func (*DynamicAccessService) DeleteAccessRequest ¶
func (s *DynamicAccessService) DeleteAccessRequest(ctx context.Context, name string) error
DeleteAccessRequest deletes an access request.
func (*DynamicAccessService) DeleteAllAccessRequests ¶
func (s *DynamicAccessService) DeleteAllAccessRequests(ctx context.Context) error
func (*DynamicAccessService) GetAccessRequest ¶
func (s *DynamicAccessService) GetAccessRequest(ctx context.Context, name string) (services.AccessRequest, error)
func (*DynamicAccessService) GetAccessRequests ¶
func (s *DynamicAccessService) GetAccessRequests(ctx context.Context, filter services.AccessRequestFilter) ([]services.AccessRequest, error)
GetAccessRequests gets all currently active access requests.
func (*DynamicAccessService) GetPluginData ¶
func (s *DynamicAccessService) GetPluginData(ctx context.Context, filter services.PluginDataFilter) ([]services.PluginData, error)
GetPluginData loads all plugin data matching the supplied filter.
func (*DynamicAccessService) SetAccessRequestState ¶
func (s *DynamicAccessService) SetAccessRequestState(ctx context.Context, name string, state services.RequestState) error
SetAccessRequestState updates the state of an existing access request.
func (*DynamicAccessService) UpdatePluginData ¶
func (s *DynamicAccessService) UpdatePluginData(ctx context.Context, params services.PluginDataUpdateParams) error
UpdatePluginData updates a per-resource PluginData entry.
func (*DynamicAccessService) UpsertAccessRequest ¶
func (s *DynamicAccessService) UpsertAccessRequest(ctx context.Context, req services.AccessRequest) error
type EventsService ¶
EventsService implements service to watch for events
func NewEventsService ¶
func NewEventsService(b backend.Backend) *EventsService
NewEventsService returns new events service instance
func (*EventsService) NewWatcher ¶
func (e *EventsService) NewWatcher(ctx context.Context, watch services.Watch) (services.Watcher, error)
NewWatcher returns a new event watcher
type IdentityService ¶
IdentityService is responsible for managing web users and currently user accounts as well
func NewIdentityService ¶
func NewIdentityService(backend backend.Backend) *IdentityService
NewIdentityService returns a new instance of IdentityService object
func (*IdentityService) AddUserLoginAttempt ¶
func (s *IdentityService) AddUserLoginAttempt(user string, attempt services.LoginAttempt, ttl time.Duration) error
AddUserLoginAttempt logs user login attempt
func (*IdentityService) CreateGithubAuthRequest ¶
func (s *IdentityService) CreateGithubAuthRequest(req services.GithubAuthRequest) error
CreateGithubAuthRequest creates a new auth request for Github OAuth2 flow
func (*IdentityService) CreateGithubConnector ¶
func (s *IdentityService) CreateGithubConnector(connector services.GithubConnector) error
CreateGithubConnector creates a new Github connector
func (*IdentityService) CreateOIDCAuthRequest ¶
func (s *IdentityService) CreateOIDCAuthRequest(req services.OIDCAuthRequest, ttl time.Duration) error
CreateOIDCAuthRequest creates new auth request
func (*IdentityService) CreateResetPasswordToken ¶
func (s *IdentityService) CreateResetPasswordToken(ctx context.Context, token services.ResetPasswordToken) (services.ResetPasswordToken, error)
CreateResetPasswordToken creates a token that is used for signups and resets
func (*IdentityService) CreateSAMLAuthRequest ¶
func (s *IdentityService) CreateSAMLAuthRequest(req services.SAMLAuthRequest, ttl time.Duration) error
CreateSAMLAuthRequest creates new auth request
func (*IdentityService) CreateSAMLConnector ¶
func (s *IdentityService) CreateSAMLConnector(connector services.SAMLConnector) error
CreateSAMLConnector creates SAML Connector
func (*IdentityService) CreateUser ¶
func (s *IdentityService) CreateUser(user services.User) error
CreateUser creates user if it does not exist
func (*IdentityService) DeleteAllUsers ¶
func (s *IdentityService) DeleteAllUsers() error
DeleteAllUsers deletes all users
func (*IdentityService) DeleteGithubConnector ¶
func (s *IdentityService) DeleteGithubConnector(name string) error
DeleteGithubConnector deletes the specified connector
func (*IdentityService) DeleteOIDCConnector ¶
func (s *IdentityService) DeleteOIDCConnector(name string) error
DeleteOIDCConnector deletes OIDC Connector by name
func (*IdentityService) DeleteResetPasswordToken ¶
func (s *IdentityService) DeleteResetPasswordToken(ctx context.Context, tokenID string) error
DeleteResetPasswordToken deletes ResetPasswordToken by ID
func (*IdentityService) DeleteSAMLConnector ¶
func (s *IdentityService) DeleteSAMLConnector(name string) error
DeleteSAMLConnector deletes SAML Connector by name
func (*IdentityService) DeleteUsedTOTPToken ¶
func (s *IdentityService) DeleteUsedTOTPToken(user string) error
DeleteUsedTOTPToken removes the used token from the backend. This should only be used during tests.
func (*IdentityService) DeleteUser ¶
func (s *IdentityService) DeleteUser(ctx context.Context, user string) error
DeleteUser deletes a user with all the keys from the backend
func (*IdentityService) DeleteUserLoginAttempts ¶
func (s *IdentityService) DeleteUserLoginAttempts(user string) error
DeleteUserLoginAttempts removes all login attempts of a user. Should be called after successful login.
func (*IdentityService) DeleteWebSession ¶
func (s *IdentityService) DeleteWebSession(user, sid string) error
DeleteWebSession deletes web session from the storage
func (*IdentityService) GetGithubAuthRequest ¶
func (s *IdentityService) GetGithubAuthRequest(stateToken string) (*services.GithubAuthRequest, error)
GetGithubAuthRequest retrieves Github auth request by the token
func (*IdentityService) GetGithubConnector ¶
func (s *IdentityService) GetGithubConnector(name string, withSecrets bool) (services.GithubConnector, error)
GetGithubConnectot returns a particular Github connector
func (*IdentityService) GetGithubConnectors ¶
func (s *IdentityService) GetGithubConnectors(withSecrets bool) ([]services.GithubConnector, error)
GetGithubConnectors returns all configured Github connectors
func (*IdentityService) GetHOTP ¶
func (s *IdentityService) GetHOTP(user string) (*hotp.HOTP, error)
GetHOTP gets HOTP token state for a user Deprecated: HOTP use is deprecated, use GetTOTP instead.
func (*IdentityService) GetOIDCAuthRequest ¶
func (s *IdentityService) GetOIDCAuthRequest(stateToken string) (*services.OIDCAuthRequest, error)
GetOIDCAuthRequest returns OIDC auth request
func (*IdentityService) GetOIDCConnector ¶
func (s *IdentityService) GetOIDCConnector(name string, withSecrets bool) (services.OIDCConnector, error)
GetOIDCConnector returns OIDC connector data, parameter 'withSecrets' includes or excludes client secret from return results
func (*IdentityService) GetOIDCConnectors ¶
func (s *IdentityService) GetOIDCConnectors(withSecrets bool) ([]services.OIDCConnector, error)
GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results
func (*IdentityService) GetPasswordHash ¶
func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)
GetPasswordHash returns the password hash for a given user
func (*IdentityService) GetResetPasswordToken ¶
func (s *IdentityService) GetResetPasswordToken(ctx context.Context, tokenID string) (services.ResetPasswordToken, error)
GetResetPasswordToken returns a token by its ID
func (*IdentityService) GetResetPasswordTokenSecrets ¶
func (s *IdentityService) GetResetPasswordTokenSecrets(ctx context.Context, tokenID string) (services.ResetPasswordTokenSecrets, error)
GetResetPasswordTokenSecrets returns token secrets
func (*IdentityService) GetResetPasswordTokens ¶
func (s *IdentityService) GetResetPasswordTokens(ctx context.Context) ([]services.ResetPasswordToken, error)
GetResetPasswordTokens returns all ResetPasswordTokens
func (*IdentityService) GetSAMLAuthRequest ¶
func (s *IdentityService) GetSAMLAuthRequest(id string) (*services.SAMLAuthRequest, error)
GetSAMLAuthRequest returns SAML auth request if found
func (*IdentityService) GetSAMLConnector ¶
func (s *IdentityService) GetSAMLConnector(name string, withSecrets bool) (services.SAMLConnector, error)
GetSAMLConnector returns SAML connector data, withSecrets includes or excludes secrets from return results
func (*IdentityService) GetSAMLConnectors ¶
func (s *IdentityService) GetSAMLConnectors(withSecrets bool) ([]services.SAMLConnector, error)
GetSAMLConnectors returns registered connectors withSecrets includes or excludes private key values from return results
func (*IdentityService) GetTOTP ¶
func (s *IdentityService) GetTOTP(user string) (string, error)
GetTOTP returns the secret key used by the TOTP algorithm to validate tokens
func (*IdentityService) GetU2FRegisterChallenge ¶ added in v1.3.0
func (s *IdentityService) GetU2FRegisterChallenge(token string) (*u2f.Challenge, error)
func (*IdentityService) GetU2FRegistration ¶ added in v1.3.0
func (s *IdentityService) GetU2FRegistration(user string) (*u2f.Registration, error)
func (*IdentityService) GetU2FRegistrationCounter ¶ added in v1.3.0
func (s *IdentityService) GetU2FRegistrationCounter(user string) (uint32, error)
func (*IdentityService) GetU2FSignChallenge ¶ added in v1.3.0
func (s *IdentityService) GetU2FSignChallenge(user string) (*u2f.Challenge, error)
func (*IdentityService) GetUsedTOTPToken ¶
func (s *IdentityService) GetUsedTOTPToken(user string) (string, error)
GetUsedTOTPToken returns the last successfully used TOTP token. If no token is found zero is returned.
func (*IdentityService) GetUserByGithubIdentity ¶
func (s *IdentityService) GetUserByGithubIdentity(id services.ExternalIdentity) (services.User, error)
GetUserByGithubIdentity returns the first found user with specified Github identity
func (*IdentityService) GetUserByOIDCIdentity ¶
func (s *IdentityService) GetUserByOIDCIdentity(id services.ExternalIdentity) (services.User, error)
GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity
func (*IdentityService) GetUserBySAMLIdentity ¶
func (s *IdentityService) GetUserBySAMLIdentity(id services.ExternalIdentity) (services.User, error)
GetUserBySAMLCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity
func (*IdentityService) GetUserLoginAttempts ¶
func (s *IdentityService) GetUserLoginAttempts(user string) ([]services.LoginAttempt, error)
GetUserLoginAttempts returns user login attempts
func (*IdentityService) GetUsers ¶
func (s *IdentityService) GetUsers(withSecrets bool) ([]services.User, error)
GetUsers returns a list of users registered with the local auth server
func (*IdentityService) GetWebSession ¶
func (s *IdentityService) GetWebSession(user, sid string) (services.WebSession, error)
GetWebSession returns a web session state for a given user and session id
func (*IdentityService) UpdateUser ¶
UpdateUser updates an existing user.
func (*IdentityService) UpsertGithubConnector ¶
func (s *IdentityService) UpsertGithubConnector(connector services.GithubConnector) error
UpsertGithubConnector creates or updates a Github connector
func (*IdentityService) UpsertHOTP ¶
func (s *IdentityService) UpsertHOTP(user string, otp *hotp.HOTP) error
UpsertHOTP upserts HOTP state for user Deprecated: HOTP use is deprecated, use UpsertTOTP instead.
func (*IdentityService) UpsertOIDCConnector ¶
func (s *IdentityService) UpsertOIDCConnector(connector services.OIDCConnector) error
UpsertOIDCConnector upserts OIDC Connector
func (*IdentityService) UpsertPassword ¶
func (s *IdentityService) UpsertPassword(user string, password []byte) error
UpsertPassword upserts new password hash into a backend.
func (*IdentityService) UpsertPasswordHash ¶
func (s *IdentityService) UpsertPasswordHash(username string, hash []byte) error
UpsertPasswordHash upserts user password hash
func (*IdentityService) UpsertResetPasswordTokenSecrets ¶
func (s *IdentityService) UpsertResetPasswordTokenSecrets(ctx context.Context, secrets services.ResetPasswordTokenSecrets) error
UpsertResetPasswordTokenSecrets upserts token secrets
func (*IdentityService) UpsertSAMLConnector ¶
func (s *IdentityService) UpsertSAMLConnector(connector services.SAMLConnector) error
UpsertSAMLConnector upserts SAML Connector
func (*IdentityService) UpsertTOTP ¶
func (s *IdentityService) UpsertTOTP(user string, secretKey string) error
UpsertTOTP upserts TOTP secret key for a user that can be used to generate and validate tokens.
func (*IdentityService) UpsertU2FRegisterChallenge ¶ added in v1.3.0
func (s *IdentityService) UpsertU2FRegisterChallenge(token string, u2fChallenge *u2f.Challenge) error
func (*IdentityService) UpsertU2FRegistration ¶ added in v1.3.0
func (s *IdentityService) UpsertU2FRegistration(user string, u2fReg *u2f.Registration) error
func (*IdentityService) UpsertU2FRegistrationCounter ¶ added in v1.3.0
func (s *IdentityService) UpsertU2FRegistrationCounter(user string, counter uint32) error
func (*IdentityService) UpsertU2FSignChallenge ¶ added in v1.3.0
func (s *IdentityService) UpsertU2FSignChallenge(user string, challenge *u2f.Challenge) error
func (*IdentityService) UpsertUsedTOTPToken ¶
func (s *IdentityService) UpsertUsedTOTPToken(user string, otpToken string) error
UpsertUsedTOTPToken upserts a TOTP token to the backend so it can't be used again during the 30 second window it's valid.
func (*IdentityService) UpsertUser ¶
func (s *IdentityService) UpsertUser(user services.User) error
UpsertUser updates parameters about user, or creates an entry if not exist.
func (*IdentityService) UpsertWebSession ¶
func (s *IdentityService) UpsertWebSession(user, sid string, session services.WebSession) error
UpsertWebSession updates or inserts a web session for a user and session id the session will be created with bearer token expiry time TTL, because it is expected to be extended by the client before then
type PresenceService ¶
PresenceService records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes
func NewPresenceService ¶
func NewPresenceService(b backend.Backend) *PresenceService
NewPresenceService returns new presence service instance
func (*PresenceService) CreateRemoteCluster ¶
func (s *PresenceService) CreateRemoteCluster(rc services.RemoteCluster) error
CreateRemoteCluster creates remote cluster
func (*PresenceService) DeleteAllAuthServers ¶
func (s *PresenceService) DeleteAllAuthServers() error
DeleteAllAuthServers deletes all auth servers
func (*PresenceService) DeleteAllNamespaces ¶
func (s *PresenceService) DeleteAllNamespaces() error
DeleteAllNamespaces deletes all namespaces
func (*PresenceService) DeleteAllNodes ¶
func (s *PresenceService) DeleteAllNodes(namespace string) error
DeleteAllNodes deletes all nodes in a namespace
func (*PresenceService) DeleteAllProxies ¶
func (s *PresenceService) DeleteAllProxies() error
DeleteAllProxies deletes all proxies
func (*PresenceService) DeleteAllRemoteClusters ¶
func (s *PresenceService) DeleteAllRemoteClusters() error
DeleteAllRemoteClusters deletes all remote clusters
func (*PresenceService) DeleteAllReverseTunnels ¶
func (s *PresenceService) DeleteAllReverseTunnels() error
DeleteAllReverseTunnels deletes all reverse tunnels
func (*PresenceService) DeleteAllTunnelConnections ¶
func (s *PresenceService) DeleteAllTunnelConnections() error
DeleteAllTunnelConnections deletes all tunnel connections
func (*PresenceService) DeleteAuthServer ¶
func (s *PresenceService) DeleteAuthServer(name string) error
DeleteAuthServer deletes auth server by name
func (*PresenceService) DeleteNamespace ¶
func (s *PresenceService) DeleteNamespace(namespace string) error
DeleteNamespace deletes a namespace with all the keys from the backend
func (*PresenceService) DeleteNode ¶
func (s *PresenceService) DeleteNode(namespace string, name string) error
DeleteNode deletes node
func (*PresenceService) DeleteProxy ¶
func (s *PresenceService) DeleteProxy(name string) error
DeleteProxy deletes proxy
func (*PresenceService) DeleteRemoteCluster ¶
func (s *PresenceService) DeleteRemoteCluster(clusterName string) error
DeleteRemoteCluster deletes remote cluster by name
func (*PresenceService) DeleteReverseTunnel ¶
func (s *PresenceService) DeleteReverseTunnel(clusterName string) error
DeleteReverseTunnel deletes reverse tunnel by it's cluster name
func (*PresenceService) DeleteTrustedCluster ¶
func (s *PresenceService) DeleteTrustedCluster(name string) error
DeleteTrustedCluster removes a TrustedCluster from the backend by name.
func (*PresenceService) DeleteTunnelConnection ¶
func (s *PresenceService) DeleteTunnelConnection(clusterName, connectionName string) error
DeleteTunnelConnection deletes tunnel connection by name
func (*PresenceService) DeleteTunnelConnections ¶
func (s *PresenceService) DeleteTunnelConnections(clusterName string) error
DeleteTunnelConnections deletes all tunnel connections for cluster
func (*PresenceService) GetAllTunnelConnections ¶
func (s *PresenceService) GetAllTunnelConnections(opts ...services.MarshalOption) ([]services.TunnelConnection, error)
GetAllTunnelConnections returns all tunnel connections
func (*PresenceService) GetAuthServers ¶
func (s *PresenceService) GetAuthServers() ([]services.Server, error)
GetAuthServers returns a list of registered servers
func (*PresenceService) GetLocalClusterName ¶
func (s *PresenceService) GetLocalClusterName() (string, error)
GetLocalClusterName upserts local domain
func (*PresenceService) GetNamespace ¶
func (s *PresenceService) GetNamespace(name string) (*services.Namespace, error)
GetNamespace returns a namespace by name
func (*PresenceService) GetNamespaces ¶
func (s *PresenceService) GetNamespaces() ([]services.Namespace, error)
GetNamespaces returns a list of namespaces
func (*PresenceService) GetNodes ¶
func (s *PresenceService) GetNodes(namespace string, opts ...services.MarshalOption) ([]services.Server, error)
GetNodes returns a list of registered servers
func (*PresenceService) GetProxies ¶
func (s *PresenceService) GetProxies() ([]services.Server, error)
GetProxies returns a list of registered proxies
func (*PresenceService) GetRemoteCluster ¶
func (s *PresenceService) GetRemoteCluster(clusterName string) (services.RemoteCluster, error)
GetRemoteCluster returns a remote cluster by name
func (*PresenceService) GetRemoteClusters ¶
func (s *PresenceService) GetRemoteClusters(opts ...services.MarshalOption) ([]services.RemoteCluster, error)
GetRemoteClusters returns a list of remote clusters
func (*PresenceService) GetReverseTunnel ¶
func (s *PresenceService) GetReverseTunnel(name string, opts ...services.MarshalOption) (services.ReverseTunnel, error)
GetReverseTunnel returns reverse tunnel by name
func (*PresenceService) GetReverseTunnels ¶
func (s *PresenceService) GetReverseTunnels(opts ...services.MarshalOption) ([]services.ReverseTunnel, error)
GetReverseTunnels returns a list of registered servers
func (*PresenceService) GetTrustedCluster ¶
func (s *PresenceService) GetTrustedCluster(name string) (services.TrustedCluster, error)
GetTrustedCluster returns a single TrustedCluster by name.
func (*PresenceService) GetTrustedClusters ¶
func (s *PresenceService) GetTrustedClusters() ([]services.TrustedCluster, error)
GetTrustedClusters returns all TrustedClusters in the backend.
func (*PresenceService) GetTunnelConnection ¶
func (s *PresenceService) GetTunnelConnection(clusterName, connectionName string, opts ...services.MarshalOption) (services.TunnelConnection, error)
GetTunnelConnection returns connection by cluster name and connection name
func (*PresenceService) GetTunnelConnections ¶
func (s *PresenceService) GetTunnelConnections(clusterName string, opts ...services.MarshalOption) ([]services.TunnelConnection, error)
GetTunnelConnections returns connections for a trusted cluster
func (*PresenceService) KeepAliveNode ¶
KeepAliveNode updates node expiry
func (*PresenceService) UpsertAuthServer ¶
func (s *PresenceService) UpsertAuthServer(server services.Server) error
UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
func (*PresenceService) UpsertLocalClusterName ¶
func (s *PresenceService) UpsertLocalClusterName(name string) error
UpsertLocalClusterName upserts local cluster name
func (*PresenceService) UpsertNamespace ¶
func (s *PresenceService) UpsertNamespace(n services.Namespace) error
UpsertNamespace upserts namespace
func (*PresenceService) UpsertNode ¶
UpsertNode registers node presence, permanently if TTL is 0 or for the specified duration with second resolution if it's >= 1 second.
func (*PresenceService) UpsertNodes ¶
func (s *PresenceService) UpsertNodes(namespace string, servers []services.Server) error
UpsertNodes is used for bulk insertion of nodes. Schema validation is always skipped during bulk insertion.
func (*PresenceService) UpsertProxy ¶
func (s *PresenceService) UpsertProxy(server services.Server) error
UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
func (*PresenceService) UpsertReverseTunnel ¶
func (s *PresenceService) UpsertReverseTunnel(tunnel services.ReverseTunnel) error
UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently
func (*PresenceService) UpsertTrustedCluster ¶
func (s *PresenceService) UpsertTrustedCluster(trustedCluster services.TrustedCluster) (services.TrustedCluster, error)
UpsertTrustedCluster creates or updates a TrustedCluster in the backend.
func (*PresenceService) UpsertTunnelConnection ¶
func (s *PresenceService) UpsertTunnelConnection(conn services.TunnelConnection) error
UpsertTunnelConnection updates or creates tunnel connection
type ProvisioningService ¶
ProvisioningService governs adding new nodes to the cluster
func NewProvisioningService ¶
func NewProvisioningService(backend backend.Backend) *ProvisioningService
NewProvisioningService returns a new instance of provisioning service
func (*ProvisioningService) DeleteAllTokens ¶
func (s *ProvisioningService) DeleteAllTokens() error
DeleteAllTokens deletes all provisioning tokens
func (*ProvisioningService) DeleteToken ¶
func (s *ProvisioningService) DeleteToken(token string) error
func (*ProvisioningService) GetToken ¶
func (s *ProvisioningService) GetToken(token string) (services.ProvisionToken, error)
GetToken finds and returns token by ID
func (*ProvisioningService) GetTokens ¶
func (s *ProvisioningService) GetTokens(opts ...services.MarshalOption) ([]services.ProvisionToken, error)
GetTokens returns all active (non-expired) provisioning tokens
func (*ProvisioningService) UpsertToken ¶
func (s *ProvisioningService) UpsertToken(p services.ProvisionToken) error
UpsertToken adds provisioning tokens for the auth server