Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type App ¶
type App interface {
Gateway
// LocalProxyURL returns the URL of the local proxy.
LocalProxyURL() string
}
App defines an app gateway.
type Config ¶
type Config struct {
// URI is the gateway URI
URI uri.ResourceURI
// TargetName is the remote resource name
TargetName string
// TargetURI is the remote resource URI
TargetURI uri.ResourceURI
// TargetUser is the target user name
TargetUser string
// TargetGroups is a list of target groups
TargetGroups []string
// TargetSubresourceName points at a subresource of the remote resource, for example a database
// name on a database server. It is used only for generating the CLI command.
TargetSubresourceName string
// Port is the gateway port
LocalPort string
// LocalAddress is the local address
LocalAddress string
// Protocol is the gateway protocol
Protocol string
// CertPath is deprecated, use the Cert field instead.
// CertPath specifies the path to the user certificate that the local proxy
// uses to connect to the Teleport Proxy. The path may depend on the type
// and the parameters of the gateway.
// TODO(ravicious): Refactor db gateways to use Cert and support MFA.
CertPath string
// KeyPath is deprecated, use the Cert field instead.
// KeyPath specifies the path to the private key of the cert specified in
// the CertPath. This is usually the private key of the user profile.
// TODO(ravicious): Refactor db gateways to use Cert and support MFA.
KeyPath string
// Cert is used by the local proxy to connect to the Teleport proxy.
Cert tls.Certificate
// Insecure
Insecure bool
// ClusterName is the Teleport cluster name.
ClusterName string
// Username is the username of the profile.
Username string
// WebProxyAddr
WebProxyAddr string
// Log is a component logger
Log *logrus.Entry
// TCPPortAllocator creates listeners on the given ports. This interface lets us avoid occupying
// hardcoded ports in tests.
TCPPortAllocator TCPPortAllocator
// Clock is used by Gateway.localProxy to check cert expiration.
Clock clockwork.Clock
// OnExpiredCert is called when a new downstream connection is accepted by the
// gateway but cannot be proxied because the cert used by the gateway has expired.
//
// Returns a fresh valid cert.
//
// Handling of the connection is blocked until OnExpiredCert returns.
OnExpiredCert OnExpiredCertFunc
// TLSRoutingConnUpgradeRequired indicates that ALPN connection upgrades
// are required for making TLS routing requests.
TLSRoutingConnUpgradeRequired bool
// RootClusterCACertPoolFunc is callback function to fetch Root cluster CAs
// when ALPN connection upgrade is required.
RootClusterCACertPoolFunc alpnproxy.GetClusterCACertPoolFunc
// KubeconfigsDir is the directory containing kubeconfigs for kube gateways.
KubeconfigsDir string
}
Config describes gateway configuration
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults checks and sets the defaults
func (*Config) RouteToDatabase ¶
func (c *Config) RouteToDatabase() tlsca.RouteToDatabase
RouteToDatabase returns tlsca.RouteToDatabase based on the config of the gateway.
The tlsca.RouteToDatabase.Database field is skipped, as it's an optional field and gateways can change their Config.TargetSubresourceName at any moment.
type Database ¶
type Database interface {
Gateway
// RouteToDatabase returns tlsca.RouteToDatabase based on the config of the gateway.
//
// The tlsca.RouteToDatabase.Database field is skipped, as it's an optional field and gateways can
// change their Config.TargetSubresourceName at any moment.
RouteToDatabase() tlsca.RouteToDatabase
}
Database defines a database gateway.
func AsDatabase ¶
AsDatabase converts provided gateway to a database gateway.
type Gateway ¶
type Gateway interface {
// Serve starts the underlying ALPN proxy. Blocks until closeContext is
// canceled.
Serve() error
// Close terminates gateway connection.
Close() error
// ReloadCert loads the key pair from cfg.CertPath & cfg.KeyPath and
// updates the cert of the running local proxy.
ReloadCert() error
URI() uri.ResourceURI
TargetURI() uri.ResourceURI
TargetName() string
Protocol() string
TargetUser() string
TargetSubresourceName() string
SetTargetSubresourceName(value string)
Log() *logrus.Entry
LocalAddress() string
LocalPort() string
LocalPortInt() int
}
Gateway is a interface defines all gateway functions.
type Kube ¶
type Kube interface {
Gateway
// KubeconfigPath returns the path to the kubeconfig used to connect the
// local proxy.
KubeconfigPath() string
}
Kube defines a kube gateway.
type NetTCPPortAllocator ¶
type NetTCPPortAllocator struct{}
type OnExpiredCertFunc ¶
OnExpiredCertFunc is the type of a function that is called when a new downstream connection is accepted by the gateway but cannot be proxied because the cert used by the gateway has expired.
Handling of the connection is blocked until the function returns.
Source Files
Click to show internal directories.
Click to hide internal directories.