Documentation ¶
Index ¶
- func AddMetadataToRetryableError(ctx context.Context, fn func() error) error
- func NewDBCLICmdBuilder(cluster *Cluster, routeToDb tlsca.RouteToDatabase, ...) *dbcmd.CLICommandBuilder
- func UserTypeFromString(userType types.UserType) (api.LoggedInUser_UserType, error)
- type AccessRequest
- type App
- type AppOrSAMLIdPServiceProvider
- type Cluster
- func (c *Cluster) AssembleAppFQDN(app types.Application) string
- func (c *Cluster) AssumeRole(ctx context.Context, req *api.AssumeRoleRequest) error
- func (c *Cluster) Connected() bool
- func (c *Cluster) CreateAccessRequest(ctx context.Context, req *api.CreateAccessRequestRequest) (*AccessRequest, error)
- func (c *Cluster) CreateGateway(ctx context.Context, params CreateGatewayParams) (gateway.Gateway, error)
- func (c *Cluster) DeleteAccessRequest(ctx context.Context, req *api.DeleteAccessRequestRequest) error
- func (c *Cluster) GetAWSRoles(app types.Application) aws.Roles
- func (c *Cluster) GetAWSRolesARNs() []string
- func (c *Cluster) GetAccessRequest(ctx context.Context, req types.AccessRequestFilter) (*AccessRequest, error)
- func (c *Cluster) GetAccessRequests(ctx context.Context, req types.AccessRequestFilter) ([]AccessRequest, error)
- func (c *Cluster) GetAllowedDatabaseUsers(ctx context.Context, dbURI string) ([]string, error)
- func (c *Cluster) GetApps(ctx context.Context, r *api.GetAppsRequest) (*GetAppsResponse, error)
- func (c *Cluster) GetDatabase(ctx context.Context, dbURI uri.ResourceURI) (*Database, error)
- func (c *Cluster) GetDatabases(ctx context.Context, r *api.GetDatabasesRequest) (*GetDatabasesResponse, error)
- func (c *Cluster) GetKubes(ctx context.Context, r *api.GetKubesRequest) (*GetKubesResponse, error)
- func (c *Cluster) GetLeafClusters(ctx context.Context) ([]LeafCluster, error)
- func (c *Cluster) GetLoggedInUser() LoggedInUser
- func (c *Cluster) GetProxyHost() string
- func (c *Cluster) GetProxyHostname() string
- func (c *Cluster) GetRequestableRoles(ctx context.Context, req *api.GetRequestableRolesRequest) (*types.AccessCapabilities, error)
- func (c *Cluster) GetRoles(ctx context.Context) ([]*types.Role, error)
- func (c *Cluster) GetServers(ctx context.Context, r *api.GetServersRequest) (*GetServersResponse, error)
- func (c *Cluster) GetWithDetails(ctx context.Context) (*ClusterWithDetails, error)
- func (c *Cluster) LocalLogin(ctx context.Context, user, password, otpToken string) error
- func (c *Cluster) Logout(ctx context.Context) error
- func (c *Cluster) PasswordlessLogin(ctx context.Context, stream api.TerminalService_LoginPasswordlessServer) error
- func (c *Cluster) ReissueGatewayCerts(ctx context.Context, g gateway.Gateway) (tls.Certificate, error)
- func (c *Cluster) ReviewAccessRequest(ctx context.Context, req *api.ReviewAccessRequestRequest) (*AccessRequest, error)
- func (c *Cluster) SSOLogin(ctx context.Context, providerType, providerName string) error
- func (c *Cluster) SyncAuthPreference(ctx context.Context) (*webclient.WebConfigAuthSettings, error)
- func (c *Cluster) TransferFile(ctx context.Context, request *api.FileTransferRequest, ...) error
- func (c *Cluster) UpdateHeadlessAuthenticationState(ctx context.Context, headlessID string, ...) error
- func (c *Cluster) WatchHeadlessAuthentications(ctx context.Context) (watcher types.Watcher, close func(), err error)
- func (c *Cluster) WatchPendingHeadlessAuthentications(ctx context.Context) (watcher types.Watcher, close func(), err error)
- type ClusterWithDetails
- type Config
- type CreateGatewayParams
- type Database
- type FileTransferProgressSender
- type GatewayCreator
- type GetAppsResponse
- type GetDatabasesResponse
- type GetKubesResponse
- type GetServersResponse
- type Kube
- type LeafCluster
- type LoggedInUser
- type Resolver
- type ResourceDetails
- type SAMLIdPServiceProvider
- type SSHLoginFunc
- type Server
- type Storage
- func (s *Storage) Add(ctx context.Context, webProxyAddress string) (*Cluster, *client.TeleportClient, error)
- func (s *Storage) GetByResourceURI(resourceURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)
- func (s *Storage) GetByURI(clusterURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)
- func (s *Storage) ReadAll() ([]*Cluster, error)
- func (s *Storage) Remove(ctx context.Context, profileName string) error
- func (s *Storage) ResolveCluster(resourceURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddMetadataToRetryableError ¶
AddMetadataToRetryableError is Connect's equivalent of client.RetryWithRelogin. By adding the metadata to the error, we're letting the Electron app know that the given error was caused by expired certs and letting the user log in again should resolve the error upon another attempt.
func NewDBCLICmdBuilder ¶
func NewDBCLICmdBuilder(cluster *Cluster, routeToDb tlsca.RouteToDatabase, options ...dbcmd.ConnectCommandFunc) *dbcmd.CLICommandBuilder
NewDBCLICmdBuilder creates a dbcmd.CLICommandBuilder with provided cluster, db route, and options.
func UserTypeFromString ¶
func UserTypeFromString(userType types.UserType) (api.LoggedInUser_UserType, error)
UserTypeFromString converts a string representation of UserType used internally by Teleport to a proto representation used by TerminalService.
Types ¶
type AccessRequest ¶
type AccessRequest struct { URI uri.ResourceURI types.AccessRequest ResourceDetails map[string]ResourceDetails }
type App ¶
type App struct { // URI is the app URI URI uri.ResourceURI // FQDN is the hostname under which the app is accessible within the root cluster. // It is included in this struct because the callsite which constructs FQDN must have access to // clusters.Cluster. FQDN string // AWSRoles is a list of AWS IAM roles for the application representing AWS console. AWSRoles aws.Roles App types.Application }
App describes an app resource.
type AppOrSAMLIdPServiceProvider ¶
type AppOrSAMLIdPServiceProvider struct { App *App SAMLIdPServiceProvider *SAMLIdPServiceProvider }
AppOrSAMLIdPServiceProvider holds either App or SAMLIdPServiceProvider but not both. It is a teleterm version of proto.PaginatedResource_AppServerOrSAMLIdPServiceProvider.
type Cluster ¶
type Cluster struct { // URI is the cluster URI URI uri.ResourceURI // Name is the cluster name, AKA SiteName. Name string // ProfileName is the name of the tsh profile ProfileName string // Log is a component logger Log *logrus.Entry // contains filtered or unexported fields }
Cluster describes user settings and access to various resources.
func (*Cluster) AssembleAppFQDN ¶
func (c *Cluster) AssembleAppFQDN(app types.Application) string
AssembleAppFQDN is a wrapper on top of utils.AssembleAppFQDN which encapsulates translation between lib/teleterm and lib/web terminology.
It assumes that app was fetched from c, as there's no way to check that in runtime.
func (*Cluster) AssumeRole ¶
func (*Cluster) CreateAccessRequest ¶
func (c *Cluster) CreateAccessRequest(ctx context.Context, req *api.CreateAccessRequestRequest) (*AccessRequest, error)
Creates an access request.
func (*Cluster) CreateGateway ¶
func (c *Cluster) CreateGateway(ctx context.Context, params CreateGatewayParams) (gateway.Gateway, error)
CreateGateway creates a gateway
func (*Cluster) DeleteAccessRequest ¶
func (*Cluster) GetAWSRoles ¶
func (c *Cluster) GetAWSRoles(app types.Application) aws.Roles
GetAWSRoles returns a list of allowed AWS role ARNs user can assume, associated with the app's AWS account ID.
func (*Cluster) GetAWSRolesARNs ¶
GetAWSRolesARNs returns a list of allowed AWS role ARNs user can assume.
func (*Cluster) GetAccessRequest ¶
func (c *Cluster) GetAccessRequest(ctx context.Context, req types.AccessRequestFilter) (*AccessRequest, error)
GetAccessRequest returns a specific access request by ID and includes resource details
func (*Cluster) GetAccessRequests ¶
func (c *Cluster) GetAccessRequests(ctx context.Context, req types.AccessRequestFilter) ([]AccessRequest, error)
Returns all access requests available to the user.
func (*Cluster) GetAllowedDatabaseUsers ¶
GetAllowedDatabaseUsers returns allowed users for the given database based on the role set.
func (*Cluster) GetApps ¶
func (c *Cluster) GetApps(ctx context.Context, r *api.GetAppsRequest) (*GetAppsResponse, error)
GetApps returns a paginated apps list
func (*Cluster) GetDatabase ¶
GetDatabase returns a database
func (*Cluster) GetDatabases ¶
func (c *Cluster) GetDatabases(ctx context.Context, r *api.GetDatabasesRequest) (*GetDatabasesResponse, error)
func (*Cluster) GetKubes ¶
func (c *Cluster) GetKubes(ctx context.Context, r *api.GetKubesRequest) (*GetKubesResponse, error)
GetKubes returns a paginated kubes list
func (*Cluster) GetLeafClusters ¶
func (c *Cluster) GetLeafClusters(ctx context.Context) ([]LeafCluster, error)
GetLeafClusters returns leaf clusters
func (*Cluster) GetLoggedInUser ¶
func (c *Cluster) GetLoggedInUser() LoggedInUser
GetLoggedInUser returns currently logged-in user
func (*Cluster) GetProxyHost ¶
GetProxyHost returns proxy address (hostname:port) of the root cluster, even when called on a Cluster that represents a leaf cluster.
func (*Cluster) GetProxyHostname ¶
GetProxyHostname returns just the hostname part of the proxy address of the root cluster (without the port number), even when called on a Cluster that represents a leaf cluster.
func (*Cluster) GetRequestableRoles ¶
func (c *Cluster) GetRequestableRoles(ctx context.Context, req *api.GetRequestableRolesRequest) (*types.AccessCapabilities, error)
GetRequestableRoles returns the requestable roles for the currently logged-in user
func (*Cluster) GetServers ¶
func (c *Cluster) GetServers(ctx context.Context, r *api.GetServersRequest) (*GetServersResponse, error)
GetServers returns a paginated list of servers.
func (*Cluster) GetWithDetails ¶
func (c *Cluster) GetWithDetails(ctx context.Context) (*ClusterWithDetails, error)
GetWithDetails makes requests to the auth server to return details of the current Cluster that cannot be found on the disk only, including details about the user and enabled enterprise features. This method requires a valid cert.
func (*Cluster) LocalLogin ¶
LocalLogin processes local logins for this cluster
func (*Cluster) PasswordlessLogin ¶
func (c *Cluster) PasswordlessLogin(ctx context.Context, stream api.TerminalService_LoginPasswordlessServer) error
PasswordlessLogin processes passwordless logins for this cluster.
func (*Cluster) ReissueGatewayCerts ¶
func (c *Cluster) ReissueGatewayCerts(ctx context.Context, g gateway.Gateway) (tls.Certificate, error)
ReissueGatewayCerts reissues certificate for the provided gateway.
At the moment, kube gateways reload their certs in memory while db gateways use the old approach of saving a cert to disk and only then loading it to memory. TODO(ravicious): Refactor db gateways to reload cert in memory and support MFA.
func (*Cluster) ReviewAccessRequest ¶
func (c *Cluster) ReviewAccessRequest(ctx context.Context, req *api.ReviewAccessRequestRequest) (*AccessRequest, error)
func (*Cluster) SSOLogin ¶
SSOLogin logs in a user to the Teleport cluster using supported SSO provider
func (*Cluster) SyncAuthPreference ¶
SyncAuthPreference fetches Teleport auth preferences and stores it in the cluster profile
func (*Cluster) TransferFile ¶
func (c *Cluster) TransferFile(ctx context.Context, request *api.FileTransferRequest, sendProgress FileTransferProgressSender) error
func (*Cluster) UpdateHeadlessAuthenticationState ¶
func (c *Cluster) UpdateHeadlessAuthenticationState(ctx context.Context, headlessID string, state types.HeadlessAuthenticationState) error
UpdateHeadlessAuthenticationState updates the headless authentication matching the given id to the given state. MFA will be prompted when updating to the approve state.
type ClusterWithDetails ¶
type ClusterWithDetails struct { *Cluster // Auth server features Features *proto.Features // AuthClusterID is the unique cluster ID that is set once // during the first auth server startup. AuthClusterID string // SuggestedReviewers for the given user. SuggestedReviewers []string // RequestableRoles for the given user. RequestableRoles []string // ACL contains user access control list. ACL *api.ACL // UserType identifies whether the user is a local user or comes from an SSO provider. UserType types.UserType // ProxyVersion is the cluster proxy's service version. ProxyVersion string }
type Config ¶
type Config struct { // Dir is the directory to store cluster profiles Dir string // Clock is a clock for time-related operations Clock clockwork.Clock // InsecureSkipVerify is an option to skip TLS cert check InsecureSkipVerify bool // Log is a component logger Log *logrus.Entry // WebauthnLogin allows tests to override the Webauthn Login func. // Defaults to wancli.Login. WebauthnLogin client.WebauthnLoginFunc }
Config is the cluster service config
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults checks the configuration for its validity and sets default values if needed
type CreateGatewayParams ¶
type CreateGatewayParams struct { // TargetURI is the cluster resource URI TargetURI uri.ResourceURI // TargetUser is the target user name TargetUser string // TargetSubresourceName points at a subresource of the remote resource, for example a database // name on a database server. TargetSubresourceName string // LocalPort is the gateway local port LocalPort string TCPPortAllocator gateway.TCPPortAllocator OnExpiredCert gateway.OnExpiredCertFunc KubeconfigsDir string MFAPromptConstructor func(cfg *libmfa.PromptConfig) mfa.Prompt }
type Database ¶
type Database struct { // URI is the database URI URI uri.ResourceURI types.Database }
Database describes database
type FileTransferProgressSender ¶
type FileTransferProgressSender = func(progress *api.FileTransferProgress) error
type GatewayCreator ¶
type GatewayCreator struct {
// contains filtered or unexported fields
}
func NewGatewayCreator ¶
func NewGatewayCreator(resolver Resolver) GatewayCreator
func (GatewayCreator) CreateGateway ¶
func (g GatewayCreator) CreateGateway(ctx context.Context, params CreateGatewayParams) (gateway.Gateway, error)
type GetAppsResponse ¶
type GetAppsResponse struct { Apps []AppOrSAMLIdPServiceProvider // StartKey is the next key to use as a starting point. StartKey string // TotalCount is the total number of resources available as a whole. TotalCount int }
type GetDatabasesResponse ¶
type GetKubesResponse ¶
type GetServersResponse ¶
type Kube ¶
type Kube struct { // URI is the kube URI URI uri.ResourceURI KubernetesCluster types.KubeCluster }
Kube describes kubernetes service
type LeafCluster ¶
type LeafCluster struct { // URI is the leaf cluster URI URI uri.ResourceURI // LoggedInUser is the logged in user LoggedInUser LoggedInUser // Name is the leaf cluster name Name string // Connected indicates if this leaf cluster is connected Connected bool }
LeafCluster describes a leaf (trusted) cluster
type LoggedInUser ¶
type LoggedInUser struct { // Name is the user name Name string // SSHLogins is the user sshlogins SSHLogins []string // Roles is the user roles Roles []string // ActiveRequests is the user active requests ActiveRequests []string }
LoggedInUser is the currently logged-in user
type Resolver ¶
type Resolver interface { // ResolveCluster returns a cluster from storage given the URI. See [Storage.ResolveCluster]. ResolveCluster(uri.ResourceURI) (*Cluster, *client.TeleportClient, error) }
Resolver is a subset of Storage, mostly so that it's possible to provide a mock implementation in tests.
type ResourceDetails ¶
type SAMLIdPServiceProvider ¶
type SAMLIdPServiceProvider struct { // URI is the app URI URI uri.ResourceURI Provider types.SAMLIdPServiceProvider }
SAMLIdPServiceProvider describes a SAML IdP resource.
type SSHLoginFunc ¶
type SSHLoginFunc func(context.Context, *keys.PrivateKey) (*auth.SSHLoginResponse, error)
type Server ¶
type Server struct { // URI is the database URI URI uri.ResourceURI types.Server }
Database describes database
type Storage ¶
type Storage struct {
Config
}
Storage is the cluster storage
func NewStorage ¶
NewStorage creates an instance of Cluster profile storage.
func (*Storage) Add ¶
func (s *Storage) Add(ctx context.Context, webProxyAddress string) (*Cluster, *client.TeleportClient, error)
Add adds a cluster
clusterClient being returned as the second return value is a stopgap in an effort to make clusters.Cluster a regular struct with no extra behavior and a much smaller interface. https://github.com/gravitational/teleport/issues/13278
func (*Storage) GetByResourceURI ¶
func (s *Storage) GetByResourceURI(resourceURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)
GetByResourceURI returns a cluster by a URI of its resource. Accepts both root and leaf cluster resources and will return a root or a leaf cluster accordingly.
clusterClient being returned as the second return value is a stopgap in an effort to make clusters.Cluster a regular struct with no extra behavior and a much smaller interface. https://github.com/gravitational/teleport/issues/13278
func (*Storage) GetByURI ¶
func (s *Storage) GetByURI(clusterURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)
GetByURI returns a cluster by URI. Assumes the URI has been successfully parsed and is of a cluster.
clusterClient being returned as the second return value is a stopgap in an effort to make clusters.Cluster a regular struct with no extra behavior and a much smaller interface. https://github.com/gravitational/teleport/issues/13278
func (*Storage) ResolveCluster ¶
func (s *Storage) ResolveCluster(resourceURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)
ResolveCluster is an alias for GetByResourceURI.
clusterClient being returned as the second return value is a stopgap in an effort to make clusters.Cluster a regular struct with no extra behavior and a much smaller interface. https://github.com/gravitational/teleport/issues/13278