local

package
v2.0.6+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2017 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessService 

type AccessService struct {
	backend.Backend
}

AccessService manages roles

func NewAccessService 

func NewAccessService(backend backend.Backend) *AccessService

NewAccessService returns new access service instance

func (*AccessService) DeleteRole 

func (s *AccessService) DeleteRole(role string) error

DeleteRole deletes a role with all the keys from the backend

func (*AccessService) GetRole 

func (s *AccessService) GetRole(name string) (services.Role, error)

GetRole returns a role by name

func (*AccessService) GetRoles 

func (s *AccessService) GetRoles() ([]services.Role, error)

GetRoles returns a list of roles registered with the local auth server

func (*AccessService) UpsertRole 

func (s *AccessService) UpsertRole(role services.Role, ttl time.Duration) error

UpsertRole updates parameters about role

type CA 

type CA struct {
	// contains filtered or unexported fields
}

CA is local implementation of Trust service that is using local backend

func NewCAService 

func NewCAService(backend backend.Backend) *CA

NewCAService returns new instance of CAService

func (*CA) DeleteCertAuthority 

func (s *CA) DeleteCertAuthority(id services.CertAuthID) error

DeleteCertAuthority deletes particular certificate authority

func (*CA) GetCertAuthorities 

func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool) ([]services.CertAuthority, error)

GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not

func (*CA) GetCertAuthority 

func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool) (services.CertAuthority, error)

GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded

func (*CA) UpsertCertAuthority 

func (s *CA) UpsertCertAuthority(ca services.CertAuthority, ttl time.Duration) error

UpsertCertAuthority updates or inserts a new certificate authority

type ClusterAuthPreferenceService 

type ClusterAuthPreferenceService struct {
	backend.Backend
}

ClusterAuthPreferenceService is responsible for managing cluster authentication preferences.

func NewClusterAuthPreferenceService 

func NewClusterAuthPreferenceService(backend backend.Backend) *ClusterAuthPreferenceService

NewClusterAuthPreferenceService returns a new ClusterAuthPreferenceService.

func (*ClusterAuthPreferenceService) GetClusterAuthPreference 

func (s *ClusterAuthPreferenceService) GetClusterAuthPreference() (services.AuthPreference, error)

GetClusterAuthPreference fetches the cluster authentication preferences from the backend and return them.

func (*ClusterAuthPreferenceService) SetClusterAuthPreference 

func (s *ClusterAuthPreferenceService) SetClusterAuthPreference(preferences services.AuthPreference) error

SetClusterAuthPreference sets the cluster authentication preferences on the backend.

type IdentityService 

type IdentityService struct {
	// contains filtered or unexported fields
}

IdentityService is responsible for managing web users and currently user accounts as well

func NewIdentityService 

func NewIdentityService(backend backend.Backend) *IdentityService

NewIdentityService returns a new instance of IdentityService object

func (*IdentityService) AddUserLoginAttempt 

func (s *IdentityService) AddUserLoginAttempt(user string, attempt services.LoginAttempt, ttl time.Duration) error

AddUserLoginAttempt logs user login attempt

func (*IdentityService) CreateOIDCAuthRequest 

func (s *IdentityService) CreateOIDCAuthRequest(req services.OIDCAuthRequest, ttl time.Duration) error

CreateOIDCAuthRequest creates new auth request

func (*IdentityService) CreateUser 

func (s *IdentityService) CreateUser(user services.User) error

CreateUser creates user if it does not exist

func (*IdentityService) DeleteOIDCConnector 

func (s *IdentityService) DeleteOIDCConnector(connectorID string) error

DeleteOIDCConnector deletes OIDC Connector

func (*IdentityService) DeleteSignupToken 

func (s *IdentityService) DeleteSignupToken(token string) error

DeleteSignupToken deletes signup token from the storage

func (*IdentityService) DeleteUsedTOTPToken 

func (s *IdentityService) DeleteUsedTOTPToken(user string) error

DeleteUsedTOTPToken removes the used token from the backend. This should only be used during tests.

func (*IdentityService) DeleteUser 

func (s *IdentityService) DeleteUser(user string) error

DeleteUser deletes a user with all the keys from the backend

func (*IdentityService) DeleteWebSession 

func (s *IdentityService) DeleteWebSession(user, sid string) error

DeleteWebSession deletes web session from the storage

func (*IdentityService) GetHOTP 

func (s *IdentityService) GetHOTP(user string) (*hotp.HOTP, error)

GetHOTP gets HOTP token state for a user Deprecated: HOTP use is deprecated, use GetTOTP instead.

func (*IdentityService) GetOIDCAuthRequest 

func (s *IdentityService) GetOIDCAuthRequest(stateToken string) (*services.OIDCAuthRequest, error)

GetOIDCAuthRequest returns OIDC auth request if found

func (*IdentityService) GetOIDCConnector 

func (s *IdentityService) GetOIDCConnector(id string, withSecrets bool) (services.OIDCConnector, error)

GetOIDCConnector returns OIDC connector data, , withSecrets adds or removes client secret from return results

func (*IdentityService) GetOIDCConnectors 

func (s *IdentityService) GetOIDCConnectors(withSecrets bool) ([]services.OIDCConnector, error)

GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results

func (*IdentityService) GetPasswordHash 

func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)

GetPasswordHash returns the password hash for a given user

func (*IdentityService) GetSignupToken 

func (s *IdentityService) GetSignupToken(token string) (*services.SignupToken, error)

GetSignupToken returns signup token data

func (*IdentityService) GetSignupTokens 

func (s *IdentityService) GetSignupTokens() (tokens []services.SignupToken, err error)

GetSignupTokens returns all non-expired user tokens

func (*IdentityService) GetTOTP 

func (s *IdentityService) GetTOTP(user string) (string, error)

GetTOTP returns the secret key used by the TOTP algorithm to validate tokens

func (*IdentityService) GetU2FRegisterChallenge added in v1.3.0 

func (s *IdentityService) GetU2FRegisterChallenge(token string) (*u2f.Challenge, error)

func (*IdentityService) GetU2FRegistration added in v1.3.0 

func (s *IdentityService) GetU2FRegistration(user string) (*u2f.Registration, error)

func (*IdentityService) GetU2FRegistrationCounter added in v1.3.0 

func (s *IdentityService) GetU2FRegistrationCounter(user string) (counter uint32, e error)

func (*IdentityService) GetU2FSignChallenge added in v1.3.0 

func (s *IdentityService) GetU2FSignChallenge(user string) (*u2f.Challenge, error)

func (*IdentityService) GetUsedTOTPToken 

func (s *IdentityService) GetUsedTOTPToken(user string) (string, error)

GetUsedTOTPToken returns the last successfully used TOTP token. If no token is found zero is returned.

func (*IdentityService) GetUser 

func (s *IdentityService) GetUser(user string) (services.User, error)

GetUser returns a user by name

func (*IdentityService) GetUserByOIDCIdentity 

func (s *IdentityService) GetUserByOIDCIdentity(id services.OIDCIdentity) (services.User, error)

GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity

func (*IdentityService) GetUserLoginAttempts 

func (s *IdentityService) GetUserLoginAttempts(user string) ([]services.LoginAttempt, error)

GetUserLoginAttempts returns user login attempts

func (*IdentityService) GetUsers 

func (s *IdentityService) GetUsers() ([]services.User, error)

GetUsers returns a list of users registered with the local auth server

func (*IdentityService) GetWebSession 

func (s *IdentityService) GetWebSession(user, sid string) (services.WebSession, error)

GetWebSession returns a web session state for a given user and session id

func (*IdentityService) UpsertHOTP 

func (s *IdentityService) UpsertHOTP(user string, otp *hotp.HOTP) error

UpsertHOTP upserts HOTP state for user Deprecated: HOTP use is deprecated, use UpsertTOTP instead.

func (*IdentityService) UpsertOIDCConnector 

func (s *IdentityService) UpsertOIDCConnector(connector services.OIDCConnector, ttl time.Duration) error

UpsertOIDCConnector upserts OIDC Connector

func (*IdentityService) UpsertPassword 

func (s *IdentityService) UpsertPassword(user string, password []byte) error

UpsertPassword upserts new password hash into a backend.

func (*IdentityService) UpsertPasswordHash 

func (s *IdentityService) UpsertPasswordHash(username string, hash []byte) error

UpsertPasswordHash upserts user password hash

func (*IdentityService) UpsertSignupToken 

func (s *IdentityService) UpsertSignupToken(token string, tokenData services.SignupToken, ttl time.Duration) error

UpsertSignupToken upserts signup token - one time token that lets user to create a user account

func (*IdentityService) UpsertTOTP 

func (s *IdentityService) UpsertTOTP(user string, secretKey string) error

UpsertTOTP upserts TOTP secret key for a user that can be used to generate and validate tokens.

func (*IdentityService) UpsertU2FRegisterChallenge added in v1.3.0 

func (s *IdentityService) UpsertU2FRegisterChallenge(token string, u2fChallenge *u2f.Challenge) error

func (*IdentityService) UpsertU2FRegistration added in v1.3.0 

func (s *IdentityService) UpsertU2FRegistration(user string, u2fReg *u2f.Registration) error

func (*IdentityService) UpsertU2FRegistrationCounter added in v1.3.0 

func (s *IdentityService) UpsertU2FRegistrationCounter(user string, counter uint32) error

func (*IdentityService) UpsertU2FSignChallenge added in v1.3.0 

func (s *IdentityService) UpsertU2FSignChallenge(user string, u2fChallenge *u2f.Challenge) error

func (*IdentityService) UpsertUsedTOTPToken 

func (s *IdentityService) UpsertUsedTOTPToken(user string, otpToken string) error

UpsertUsedTOTPToken upserts a TOTP token to the backend so it can't be used again during the 30 second window it's valid.

func (*IdentityService) UpsertUser 

func (s *IdentityService) UpsertUser(user services.User) error

UpsertUser updates parameters about user

func (*IdentityService) UpsertWebSession 

func (s *IdentityService) UpsertWebSession(user, sid string, session services.WebSession) error

UpsertWebSession updates or inserts a web session for a user and session id the session will be created with bearer token expiry time TTL, because it is expected to be extended by the client before then

type MarshallableU2FRegistration added in v1.3.0 

type MarshallableU2FRegistration struct {
	Raw              []byte `json:"raw"`
	KeyHandle        []byte `json:"keyhandle"`
	MarshalledPubKey []byte `json:"marshalled_pubkey"`
}

u2f.Registration cannot be json marshalled due to the pointer in the public key so we have this marshallable version

type PresenceService 

type PresenceService struct {
	// contains filtered or unexported fields
}

PresenceService records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes

func NewPresenceService 

func NewPresenceService(backend backend.Backend) *PresenceService

NewPresenceService returns new presence service instance

func (*PresenceService) DeleteNamespace 

func (s *PresenceService) DeleteNamespace(namespace string) error

DeleteNamespace deletes a namespace with all the keys from the backend

func (*PresenceService) DeleteReverseTunnel 

func (s *PresenceService) DeleteReverseTunnel(domainName string) error

DeleteReverseTunnel deletes reverse tunnel by it's domain name

func (*PresenceService) DeleteTrustedCluster 

func (s *PresenceService) DeleteTrustedCluster(name string) error

DeleteTrustedCluster removes a TrustedCluster from the backend by name.

func (*PresenceService) GetAuthServers 

func (s *PresenceService) GetAuthServers() ([]services.Server, error)

GetAuthServers returns a list of registered servers

func (*PresenceService) GetNamespace 

func (s *PresenceService) GetNamespace(name string) (*services.Namespace, error)

GetNamespace returns a namespace by name

func (*PresenceService) GetNamespaces 

func (s *PresenceService) GetNamespaces() ([]services.Namespace, error)

GetNamespaces returns a list of namespaces

func (*PresenceService) GetNodes 

func (s *PresenceService) GetNodes(namespace string) ([]services.Server, error)

GetNodes returns a list of registered servers

func (*PresenceService) GetProxies 

func (s *PresenceService) GetProxies() ([]services.Server, error)

GetProxies returns a list of registered proxies

func (*PresenceService) GetReverseTunnels 

func (s *PresenceService) GetReverseTunnels() ([]services.ReverseTunnel, error)

GetReverseTunnels returns a list of registered servers

func (*PresenceService) GetTrustedCluster 

func (s *PresenceService) GetTrustedCluster(name string) (services.TrustedCluster, error)

GetTrustedCluster returns a single TrustedCluster by name.

func (*PresenceService) GetTrustedClusters 

func (s *PresenceService) GetTrustedClusters() ([]services.TrustedCluster, error)

GetTrustedClusters returns all TrustedClusters in the backend.

func (*PresenceService) UpsertAuthServer 

func (s *PresenceService) UpsertAuthServer(server services.Server, ttl time.Duration) error

UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertNamespace 

func (s *PresenceService) UpsertNamespace(n services.Namespace) error

UpsertNamespace upserts namespace

func (*PresenceService) UpsertNode 

func (s *PresenceService) UpsertNode(server services.Server, ttl time.Duration) error

UpsertNode registers node presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertProxy 

func (s *PresenceService) UpsertProxy(server services.Server, ttl time.Duration) error

UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertReverseTunnel 

func (s *PresenceService) UpsertReverseTunnel(tunnel services.ReverseTunnel, ttl time.Duration) error

UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently

func (*PresenceService) UpsertTrustedCluster 

func (s *PresenceService) UpsertTrustedCluster(trustedCluster services.TrustedCluster) error

UpsertTrustedCluster creates or updates a TrustedCluster in the backend.

type ProvisioningService 

type ProvisioningService struct {
	// contains filtered or unexported fields
}

ProvisioningService governs adding new nodes to the cluster

func NewProvisioningService 

func NewProvisioningService(backend backend.Backend) *ProvisioningService

NewProvisioningService returns a new instance of provisioning service

func (*ProvisioningService) DeleteToken 

func (s *ProvisioningService) DeleteToken(token string) error

func (*ProvisioningService) GetToken 

func (s *ProvisioningService) GetToken(token string) (*services.ProvisionToken, error)

GetToken finds and returns token by id

func (*ProvisioningService) GetTokens 

func (s *ProvisioningService) GetTokens() (tokens []services.ProvisionToken, err error)

GetTokens returns all active (non-expired) provisioning tokens

func (*ProvisioningService) UpsertToken 

func (s *ProvisioningService) UpsertToken(token string, roles teleport.Roles, ttl time.Duration) error

UpsertToken adds provisioning tokens for the auth server

type U2FRegistrationCounter added in v1.3.0 

type U2FRegistrationCounter struct {
	Counter uint32 `json:"counter"`
}

type UniversalSecondFactorService 

type UniversalSecondFactorService struct {
	backend.Backend
}

UniversalSecondFactorService is responsible for managing universal second factor settings.

func NewUniversalSecondFactorService 

func NewUniversalSecondFactorService(backend backend.Backend) *UniversalSecondFactorService

NewUniversalSecondFactorService returns a new UniversalSecondFactorService.

func (*UniversalSecondFactorService) GetUniversalSecondFactor 

func (s *UniversalSecondFactorService) GetUniversalSecondFactor() (services.UniversalSecondFactor, error)

GetUniversalSecondFactor fetches the universal second factor settings from the backend and returns them.

func (*UniversalSecondFactorService) SetUniversalSecondFactor 

func (s *UniversalSecondFactorService) SetUniversalSecondFactor(settings services.UniversalSecondFactor) error

GetUniversalSecondFactor sets the universal second factor settings on the backend.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.