Documentation ¶
Overview ¶
Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd
Index ¶
- type CA
- func (s *CA) DeleteCertAuthority(id services.CertAuthID) error
- func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool) ([]*services.CertAuthority, error)
- func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool) (*services.CertAuthority, error)
- func (s *CA) UpsertCertAuthority(ca services.CertAuthority, ttl time.Duration) error
- type IdentityService
- func (s *IdentityService) CheckPassword(user string, password []byte, hotpToken string) error
- func (s *IdentityService) CheckPasswordWOToken(user string, password []byte) error
- func (s *IdentityService) CreateOIDCAuthRequest(req services.OIDCAuthRequest, ttl time.Duration) error
- func (s *IdentityService) DeleteOIDCConnector(connectorID string) error
- func (s *IdentityService) DeleteSignupToken(token string) error
- func (s *IdentityService) DeleteUser(user string) error
- func (s *IdentityService) DeleteWebSession(user, sid string) error
- func (s *IdentityService) GetHOTP(user string) (*hotp.HOTP, error)
- func (s *IdentityService) GetOIDCAuthRequest(stateToken string) (*services.OIDCAuthRequest, error)
- func (s *IdentityService) GetOIDCConnector(id string, withSecrets bool) (*services.OIDCConnector, error)
- func (s *IdentityService) GetOIDCConnectors(withSecrets bool) ([]services.OIDCConnector, error)
- func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)
- func (s *IdentityService) GetSignupToken(token string) (*services.SignupToken, error)
- func (s *IdentityService) GetSignupTokens() (tokens []services.SignupToken, err error)
- func (s *IdentityService) GetUser(user string) (services.User, error)
- func (s *IdentityService) GetUserByOIDCIdentity(id services.OIDCIdentity) (services.User, error)
- func (s *IdentityService) GetUsers() ([]services.User, error)
- func (s *IdentityService) GetWebSession(user, sid string) (*services.WebSession, error)
- func (s *IdentityService) IncreaseLoginAttempts(user string) error
- func (s *IdentityService) ResetLoginAttempts(user string) error
- func (s *IdentityService) UpsertHOTP(user string, otp *hotp.HOTP) error
- func (s *IdentityService) UpsertOIDCConnector(connector services.OIDCConnector, ttl time.Duration) error
- func (s *IdentityService) UpsertPassword(user string, password []byte) (hotpURL string, hotpQR []byte, err error)
- func (s *IdentityService) UpsertPasswordHash(user string, hash []byte) error
- func (s *IdentityService) UpsertSignupToken(token string, tokenData services.SignupToken, ttl time.Duration) error
- func (s *IdentityService) UpsertUser(user services.User) error
- func (s *IdentityService) UpsertWebSession(user, sid string, session services.WebSession, ttl time.Duration) error
- type Lock
- type PresenceService
- func (s *PresenceService) DeleteReverseTunnel(domainName string) error
- func (s *PresenceService) GetAuthServers() ([]services.Server, error)
- func (s *PresenceService) GetNodes() ([]services.Server, error)
- func (s *PresenceService) GetProxies() ([]services.Server, error)
- func (s *PresenceService) GetReverseTunnels() ([]services.ReverseTunnel, error)
- func (s *PresenceService) UpsertAuthServer(server services.Server, ttl time.Duration) error
- func (s *PresenceService) UpsertNode(server services.Server, ttl time.Duration) error
- func (s *PresenceService) UpsertProxy(server services.Server, ttl time.Duration) error
- func (s *PresenceService) UpsertReverseTunnel(tunnel services.ReverseTunnel, ttl time.Duration) error
- type ProvisioningService
- func (s *ProvisioningService) DeleteToken(token string) error
- func (s *ProvisioningService) GetToken(token string) (*services.ProvisionToken, error)
- func (s *ProvisioningService) GetTokens() (tokens []services.ProvisionToken, err error)
- func (s *ProvisioningService) UpsertToken(token string, roles teleport.Roles, ttl time.Duration) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA is local implementation of Trust service that is using local backend
func NewCAService ¶
NewCAService returns new instance of CAService
func (*CA) DeleteCertAuthority ¶
func (s *CA) DeleteCertAuthority(id services.CertAuthID) error
DeleteCertAuthority deletes particular certificate authority
func (*CA) GetCertAuthorities ¶
func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool) ([]*services.CertAuthority, error)
GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not
func (*CA) GetCertAuthority ¶
func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool) (*services.CertAuthority, error)
GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded
func (*CA) UpsertCertAuthority ¶
UpsertCertAuthority updates or inserts a new certificate authority
type IdentityService ¶
type IdentityService struct {
// contains filtered or unexported fields
}
IdentityService is responsible for managing web users and currently user accounts as well
func NewIdentityService ¶
func NewIdentityService( backend backend.Backend, lockAfter byte, lockDuration time.Duration) *IdentityService
NewIdentityService returns a new instance of IdentityService object
func (*IdentityService) CheckPassword ¶
func (s *IdentityService) CheckPassword(user string, password []byte, hotpToken string) error
CheckPassword is called on web user or tsh user login
func (*IdentityService) CheckPasswordWOToken ¶
func (s *IdentityService) CheckPasswordWOToken(user string, password []byte) error
CheckPasswordWOToken checks just password without checking HOTP tokens used in case of SSH authentication, when token has been validated
func (*IdentityService) CreateOIDCAuthRequest ¶
func (s *IdentityService) CreateOIDCAuthRequest(req services.OIDCAuthRequest, ttl time.Duration) error
CreateOIDCAuthRequest creates new auth request
func (*IdentityService) DeleteOIDCConnector ¶
func (s *IdentityService) DeleteOIDCConnector(connectorID string) error
DeleteOIDCConnector deletes OIDC Connector
func (*IdentityService) DeleteSignupToken ¶
func (s *IdentityService) DeleteSignupToken(token string) error
DeleteSignupToken deletes signup token from the storage
func (*IdentityService) DeleteUser ¶
func (s *IdentityService) DeleteUser(user string) error
DeleteUser deletes a user with all the keys from the backend
func (*IdentityService) DeleteWebSession ¶
func (s *IdentityService) DeleteWebSession(user, sid string) error
DeleteWebSession deletes web session from the storage
func (*IdentityService) GetHOTP ¶
func (s *IdentityService) GetHOTP(user string) (*hotp.HOTP, error)
GetHOTP gets HOTP token state for a user
func (*IdentityService) GetOIDCAuthRequest ¶
func (s *IdentityService) GetOIDCAuthRequest(stateToken string) (*services.OIDCAuthRequest, error)
GetOIDCAuthRequest returns OIDC auth request if found
func (*IdentityService) GetOIDCConnector ¶
func (s *IdentityService) GetOIDCConnector(id string, withSecrets bool) (*services.OIDCConnector, error)
GetOIDCConnector returns OIDC connector data, , withSecrets adds or removes client secret from return results
func (*IdentityService) GetOIDCConnectors ¶
func (s *IdentityService) GetOIDCConnectors(withSecrets bool) ([]services.OIDCConnector, error)
GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results
func (*IdentityService) GetPasswordHash ¶
func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)
GetPasswordHash returns the password hash for a given user
func (*IdentityService) GetSignupToken ¶
func (s *IdentityService) GetSignupToken(token string) (*services.SignupToken, error)
GetSignupToken returns signup token data
func (*IdentityService) GetSignupTokens ¶
func (s *IdentityService) GetSignupTokens() (tokens []services.SignupToken, err error)
GetSignupTokens returns all non-expired user tokens
func (*IdentityService) GetUser ¶
func (s *IdentityService) GetUser(user string) (services.User, error)
GetUser returns a user by name
func (*IdentityService) GetUserByOIDCIdentity ¶
func (s *IdentityService) GetUserByOIDCIdentity(id services.OIDCIdentity) (services.User, error)
GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity
func (*IdentityService) GetUsers ¶
func (s *IdentityService) GetUsers() ([]services.User, error)
GetUsers returns a list of users registered with the local auth server
func (*IdentityService) GetWebSession ¶
func (s *IdentityService) GetWebSession(user, sid string) (*services.WebSession, error)
GetWebSession returns a web session state for a given user and session id
func (*IdentityService) IncreaseLoginAttempts ¶
func (s *IdentityService) IncreaseLoginAttempts(user string) error
IncreaseLoginAttempts bumps "login attempt" counter for the given user. If the counter reaches 'lockAfter' value, it locks the account and returns access denied error.
func (*IdentityService) ResetLoginAttempts ¶
func (s *IdentityService) ResetLoginAttempts(user string) error
ResetLoginAttempts resets the "login attempt" counter to zero.
func (*IdentityService) UpsertHOTP ¶
func (s *IdentityService) UpsertHOTP(user string, otp *hotp.HOTP) error
UpsertHOTP upserts HOTP state for user
func (*IdentityService) UpsertOIDCConnector ¶
func (s *IdentityService) UpsertOIDCConnector(connector services.OIDCConnector, ttl time.Duration) error
UpsertOIDCConnector upserts OIDC Connector
func (*IdentityService) UpsertPassword ¶
func (s *IdentityService) UpsertPassword(user string, password []byte) (hotpURL string, hotpQR []byte, err error)
UpsertPassword upserts new password and HOTP token
func (*IdentityService) UpsertPasswordHash ¶
func (s *IdentityService) UpsertPasswordHash(user string, hash []byte) error
UpsertPasswordHash upserts user password hash
func (*IdentityService) UpsertSignupToken ¶
func (s *IdentityService) UpsertSignupToken(token string, tokenData services.SignupToken, ttl time.Duration) error
UpsertSignupToken upserts signup token - one time token that lets user to create a user account
func (*IdentityService) UpsertUser ¶
func (s *IdentityService) UpsertUser(user services.User) error
UpsertUser updates parameters about user
func (*IdentityService) UpsertWebSession ¶
func (s *IdentityService) UpsertWebSession(user, sid string, session services.WebSession, ttl time.Duration) error
UpsertWebSession updates or inserts a web session for a user and session id
type Lock ¶
type Lock struct {
// contains filtered or unexported fields
}
Lock is lock service using local lock backend
func NewLockService ¶
func (*Lock) ReleaseLock ¶
type PresenceService ¶
type PresenceService struct {
// contains filtered or unexported fields
}
PresenceService records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes
func NewPresenceService ¶
func NewPresenceService(backend backend.Backend) *PresenceService
NewPresenceService returns new presence service instance
func (*PresenceService) DeleteReverseTunnel ¶
func (s *PresenceService) DeleteReverseTunnel(domainName string) error
DeleteReverseTunnel deletes reverse tunnel by it's domain name
func (*PresenceService) GetAuthServers ¶
func (s *PresenceService) GetAuthServers() ([]services.Server, error)
GetAuthServers returns a list of registered servers
func (*PresenceService) GetNodes ¶
func (s *PresenceService) GetNodes() ([]services.Server, error)
GetNodes returns a list of registered servers
func (*PresenceService) GetProxies ¶
func (s *PresenceService) GetProxies() ([]services.Server, error)
GetProxies returns a list of registered proxies
func (*PresenceService) GetReverseTunnels ¶
func (s *PresenceService) GetReverseTunnels() ([]services.ReverseTunnel, error)
GetReverseTunnels returns a list of registered servers
func (*PresenceService) UpsertAuthServer ¶
UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
func (*PresenceService) UpsertNode ¶
UpsertNode registers node presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
func (*PresenceService) UpsertProxy ¶
UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
func (*PresenceService) UpsertReverseTunnel ¶
func (s *PresenceService) UpsertReverseTunnel(tunnel services.ReverseTunnel, ttl time.Duration) error
UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently
type ProvisioningService ¶
type ProvisioningService struct {
// contains filtered or unexported fields
}
ProvisioningService governs adding new nodes to the cluster
func NewProvisioningService ¶
func NewProvisioningService(backend backend.Backend) *ProvisioningService
NewProvisioningService returns a new instance of provisioning service
func (*ProvisioningService) DeleteToken ¶
func (s *ProvisioningService) DeleteToken(token string) error
func (*ProvisioningService) GetToken ¶
func (s *ProvisioningService) GetToken(token string) (*services.ProvisionToken, error)
GetToken finds and returns token by id
func (*ProvisioningService) GetTokens ¶
func (s *ProvisioningService) GetTokens() (tokens []services.ProvisionToken, err error)
GetTokens returns all active (non-expired) provisioning tokens
func (*ProvisioningService) UpsertToken ¶
func (s *ProvisioningService) UpsertToken(token string, roles teleport.Roles, ttl time.Duration) error
UpsertToken adds provisioning tokens for the auth server