Documentation ¶
Overview ¶
Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd
Index ¶
- type AccessService
- type CA
- func (s *CA) DeleteCertAuthority(id services.CertAuthID) error
- func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool) ([]services.CertAuthority, error)
- func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool) (services.CertAuthority, error)
- func (s *CA) UpsertCertAuthority(ca services.CertAuthority, ttl time.Duration) error
- type ClusterAuthPreferenceService
- type IdentityService
- func (s *IdentityService) AddUserLoginAttempt(user string, attempt services.LoginAttempt, ttl time.Duration) error
- func (s *IdentityService) CreateOIDCAuthRequest(req services.OIDCAuthRequest, ttl time.Duration) error
- func (s *IdentityService) CreateUser(user services.User) error
- func (s *IdentityService) DeleteOIDCConnector(connectorID string) error
- func (s *IdentityService) DeleteSignupToken(token string) error
- func (s *IdentityService) DeleteUsedTOTPToken(user string) error
- func (s *IdentityService) DeleteUser(user string) error
- func (s *IdentityService) DeleteWebSession(user, sid string) error
- func (s *IdentityService) GetHOTP(user string) (*hotp.HOTP, error)
- func (s *IdentityService) GetOIDCAuthRequest(stateToken string) (*services.OIDCAuthRequest, error)
- func (s *IdentityService) GetOIDCConnector(id string, withSecrets bool) (services.OIDCConnector, error)
- func (s *IdentityService) GetOIDCConnectors(withSecrets bool) ([]services.OIDCConnector, error)
- func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)
- func (s *IdentityService) GetSignupToken(token string) (*services.SignupToken, error)
- func (s *IdentityService) GetSignupTokens() (tokens []services.SignupToken, err error)
- func (s *IdentityService) GetTOTP(user string) (string, error)
- func (s *IdentityService) GetU2FRegisterChallenge(token string) (*u2f.Challenge, error)
- func (s *IdentityService) GetU2FRegistration(user string) (*u2f.Registration, error)
- func (s *IdentityService) GetU2FRegistrationCounter(user string) (counter uint32, e error)
- func (s *IdentityService) GetU2FSignChallenge(user string) (*u2f.Challenge, error)
- func (s *IdentityService) GetUsedTOTPToken(user string) (string, error)
- func (s *IdentityService) GetUser(user string) (services.User, error)
- func (s *IdentityService) GetUserByOIDCIdentity(id services.OIDCIdentity) (services.User, error)
- func (s *IdentityService) GetUserLoginAttempts(user string) ([]services.LoginAttempt, error)
- func (s *IdentityService) GetUsers() ([]services.User, error)
- func (s *IdentityService) GetWebSession(user, sid string) (services.WebSession, error)
- func (s *IdentityService) UpsertHOTP(user string, otp *hotp.HOTP) error
- func (s *IdentityService) UpsertOIDCConnector(connector services.OIDCConnector, ttl time.Duration) error
- func (s *IdentityService) UpsertPassword(user string, password []byte) error
- func (s *IdentityService) UpsertPasswordHash(username string, hash []byte) error
- func (s *IdentityService) UpsertSignupToken(token string, tokenData services.SignupToken, ttl time.Duration) error
- func (s *IdentityService) UpsertTOTP(user string, secretKey string) error
- func (s *IdentityService) UpsertU2FRegisterChallenge(token string, u2fChallenge *u2f.Challenge) error
- func (s *IdentityService) UpsertU2FRegistration(user string, u2fReg *u2f.Registration) error
- func (s *IdentityService) UpsertU2FRegistrationCounter(user string, counter uint32) error
- func (s *IdentityService) UpsertU2FSignChallenge(user string, u2fChallenge *u2f.Challenge) error
- func (s *IdentityService) UpsertUsedTOTPToken(user string, otpToken string) error
- func (s *IdentityService) UpsertUser(user services.User) error
- func (s *IdentityService) UpsertWebSession(user, sid string, session services.WebSession) error
- type MarshallableU2FRegistration
- type PresenceService
- func (s *PresenceService) DeleteNamespace(namespace string) error
- func (s *PresenceService) DeleteReverseTunnel(domainName string) error
- func (s *PresenceService) DeleteTrustedCluster(name string) error
- func (s *PresenceService) GetAuthServers() ([]services.Server, error)
- func (s *PresenceService) GetNamespace(name string) (*services.Namespace, error)
- func (s *PresenceService) GetNamespaces() ([]services.Namespace, error)
- func (s *PresenceService) GetNodes(namespace string) ([]services.Server, error)
- func (s *PresenceService) GetProxies() ([]services.Server, error)
- func (s *PresenceService) GetReverseTunnels() ([]services.ReverseTunnel, error)
- func (s *PresenceService) GetTrustedCluster(name string) (services.TrustedCluster, error)
- func (s *PresenceService) GetTrustedClusters() ([]services.TrustedCluster, error)
- func (s *PresenceService) UpsertAuthServer(server services.Server, ttl time.Duration) error
- func (s *PresenceService) UpsertNamespace(n services.Namespace) error
- func (s *PresenceService) UpsertNode(server services.Server, ttl time.Duration) error
- func (s *PresenceService) UpsertProxy(server services.Server, ttl time.Duration) error
- func (s *PresenceService) UpsertReverseTunnel(tunnel services.ReverseTunnel, ttl time.Duration) error
- func (s *PresenceService) UpsertTrustedCluster(trustedCluster services.TrustedCluster) error
- type ProvisioningService
- func (s *ProvisioningService) DeleteToken(token string) error
- func (s *ProvisioningService) GetToken(token string) (*services.ProvisionToken, error)
- func (s *ProvisioningService) GetTokens() (tokens []services.ProvisionToken, err error)
- func (s *ProvisioningService) UpsertToken(token string, roles teleport.Roles, ttl time.Duration) error
- type U2FRegistrationCounter
- type UniversalSecondFactorService
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessService ¶
AccessService manages roles
func NewAccessService ¶
func NewAccessService(backend backend.Backend) *AccessService
NewAccessService returns new access service instance
func (*AccessService) DeleteRole ¶
func (s *AccessService) DeleteRole(role string) error
DeleteRole deletes a role with all the keys from the backend
func (*AccessService) GetRole ¶
func (s *AccessService) GetRole(name string) (services.Role, error)
GetRole returns a role by name
func (*AccessService) GetRoles ¶
func (s *AccessService) GetRoles() ([]services.Role, error)
GetRoles returns a list of roles registered with the local auth server
func (*AccessService) UpsertRole ¶
UpsertRole updates parameters about role
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA is local implementation of Trust service that is using local backend
func NewCAService ¶
NewCAService returns new instance of CAService
func (*CA) DeleteCertAuthority ¶
func (s *CA) DeleteCertAuthority(id services.CertAuthID) error
DeleteCertAuthority deletes particular certificate authority
func (*CA) GetCertAuthorities ¶
func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool) ([]services.CertAuthority, error)
GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not
func (*CA) GetCertAuthority ¶
func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool) (services.CertAuthority, error)
GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded
func (*CA) UpsertCertAuthority ¶
UpsertCertAuthority updates or inserts a new certificate authority
type ClusterAuthPreferenceService ¶
ClusterAuthPreferenceService is responsible for managing cluster authentication preferences.
func NewClusterAuthPreferenceService ¶
func NewClusterAuthPreferenceService(backend backend.Backend) *ClusterAuthPreferenceService
NewClusterAuthPreferenceService returns a new ClusterAuthPreferenceService.
func (*ClusterAuthPreferenceService) GetClusterAuthPreference ¶
func (s *ClusterAuthPreferenceService) GetClusterAuthPreference() (services.AuthPreference, error)
GetClusterAuthPreference fetches the cluster authentication preferences from the backend and return them.
func (*ClusterAuthPreferenceService) SetClusterAuthPreference ¶
func (s *ClusterAuthPreferenceService) SetClusterAuthPreference(preferences services.AuthPreference) error
SetClusterAuthPreference sets the cluster authentication preferences on the backend.
type IdentityService ¶
type IdentityService struct {
// contains filtered or unexported fields
}
IdentityService is responsible for managing web users and currently user accounts as well
func NewIdentityService ¶
func NewIdentityService(backend backend.Backend) *IdentityService
NewIdentityService returns a new instance of IdentityService object
func (*IdentityService) AddUserLoginAttempt ¶
func (s *IdentityService) AddUserLoginAttempt(user string, attempt services.LoginAttempt, ttl time.Duration) error
AddUserLoginAttempt logs user login attempt
func (*IdentityService) CreateOIDCAuthRequest ¶
func (s *IdentityService) CreateOIDCAuthRequest(req services.OIDCAuthRequest, ttl time.Duration) error
CreateOIDCAuthRequest creates new auth request
func (*IdentityService) CreateUser ¶
func (s *IdentityService) CreateUser(user services.User) error
CreateUser creates user if it does not exist
func (*IdentityService) DeleteOIDCConnector ¶
func (s *IdentityService) DeleteOIDCConnector(connectorID string) error
DeleteOIDCConnector deletes OIDC Connector
func (*IdentityService) DeleteSignupToken ¶
func (s *IdentityService) DeleteSignupToken(token string) error
DeleteSignupToken deletes signup token from the storage
func (*IdentityService) DeleteUsedTOTPToken ¶
func (s *IdentityService) DeleteUsedTOTPToken(user string) error
DeleteUsedTOTPToken removes the used token from the backend. This should only be used during tests.
func (*IdentityService) DeleteUser ¶
func (s *IdentityService) DeleteUser(user string) error
DeleteUser deletes a user with all the keys from the backend
func (*IdentityService) DeleteWebSession ¶
func (s *IdentityService) DeleteWebSession(user, sid string) error
DeleteWebSession deletes web session from the storage
func (*IdentityService) GetHOTP ¶
func (s *IdentityService) GetHOTP(user string) (*hotp.HOTP, error)
GetHOTP gets HOTP token state for a user Deprecated: HOTP use is deprecated, use GetTOTP instead.
func (*IdentityService) GetOIDCAuthRequest ¶
func (s *IdentityService) GetOIDCAuthRequest(stateToken string) (*services.OIDCAuthRequest, error)
GetOIDCAuthRequest returns OIDC auth request if found
func (*IdentityService) GetOIDCConnector ¶
func (s *IdentityService) GetOIDCConnector(id string, withSecrets bool) (services.OIDCConnector, error)
GetOIDCConnector returns OIDC connector data, , withSecrets adds or removes client secret from return results
func (*IdentityService) GetOIDCConnectors ¶
func (s *IdentityService) GetOIDCConnectors(withSecrets bool) ([]services.OIDCConnector, error)
GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results
func (*IdentityService) GetPasswordHash ¶
func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)
GetPasswordHash returns the password hash for a given user
func (*IdentityService) GetSignupToken ¶
func (s *IdentityService) GetSignupToken(token string) (*services.SignupToken, error)
GetSignupToken returns signup token data
func (*IdentityService) GetSignupTokens ¶
func (s *IdentityService) GetSignupTokens() (tokens []services.SignupToken, err error)
GetSignupTokens returns all non-expired user tokens
func (*IdentityService) GetTOTP ¶
func (s *IdentityService) GetTOTP(user string) (string, error)
GetTOTP returns the secret key used by the TOTP algorithm to validate tokens
func (*IdentityService) GetU2FRegisterChallenge ¶ added in v1.3.0
func (s *IdentityService) GetU2FRegisterChallenge(token string) (*u2f.Challenge, error)
func (*IdentityService) GetU2FRegistration ¶ added in v1.3.0
func (s *IdentityService) GetU2FRegistration(user string) (*u2f.Registration, error)
func (*IdentityService) GetU2FRegistrationCounter ¶ added in v1.3.0
func (s *IdentityService) GetU2FRegistrationCounter(user string) (counter uint32, e error)
func (*IdentityService) GetU2FSignChallenge ¶ added in v1.3.0
func (s *IdentityService) GetU2FSignChallenge(user string) (*u2f.Challenge, error)
func (*IdentityService) GetUsedTOTPToken ¶
func (s *IdentityService) GetUsedTOTPToken(user string) (string, error)
GetUsedTOTPToken returns the last successfully used TOTP token. If no token is found zero is returned.
func (*IdentityService) GetUser ¶
func (s *IdentityService) GetUser(user string) (services.User, error)
GetUser returns a user by name
func (*IdentityService) GetUserByOIDCIdentity ¶
func (s *IdentityService) GetUserByOIDCIdentity(id services.OIDCIdentity) (services.User, error)
GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity
func (*IdentityService) GetUserLoginAttempts ¶
func (s *IdentityService) GetUserLoginAttempts(user string) ([]services.LoginAttempt, error)
GetUserLoginAttempts returns user login attempts
func (*IdentityService) GetUsers ¶
func (s *IdentityService) GetUsers() ([]services.User, error)
GetUsers returns a list of users registered with the local auth server
func (*IdentityService) GetWebSession ¶
func (s *IdentityService) GetWebSession(user, sid string) (services.WebSession, error)
GetWebSession returns a web session state for a given user and session id
func (*IdentityService) UpsertHOTP ¶
func (s *IdentityService) UpsertHOTP(user string, otp *hotp.HOTP) error
UpsertHOTP upserts HOTP state for user Deprecated: HOTP use is deprecated, use UpsertTOTP instead.
func (*IdentityService) UpsertOIDCConnector ¶
func (s *IdentityService) UpsertOIDCConnector(connector services.OIDCConnector, ttl time.Duration) error
UpsertOIDCConnector upserts OIDC Connector
func (*IdentityService) UpsertPassword ¶
func (s *IdentityService) UpsertPassword(user string, password []byte) error
UpsertPassword upserts new password hash into a backend.
func (*IdentityService) UpsertPasswordHash ¶
func (s *IdentityService) UpsertPasswordHash(username string, hash []byte) error
UpsertPasswordHash upserts user password hash
func (*IdentityService) UpsertSignupToken ¶
func (s *IdentityService) UpsertSignupToken(token string, tokenData services.SignupToken, ttl time.Duration) error
UpsertSignupToken upserts signup token - one time token that lets user to create a user account
func (*IdentityService) UpsertTOTP ¶
func (s *IdentityService) UpsertTOTP(user string, secretKey string) error
UpsertTOTP upserts TOTP secret key for a user that can be used to generate and validate tokens.
func (*IdentityService) UpsertU2FRegisterChallenge ¶ added in v1.3.0
func (s *IdentityService) UpsertU2FRegisterChallenge(token string, u2fChallenge *u2f.Challenge) error
func (*IdentityService) UpsertU2FRegistration ¶ added in v1.3.0
func (s *IdentityService) UpsertU2FRegistration(user string, u2fReg *u2f.Registration) error
func (*IdentityService) UpsertU2FRegistrationCounter ¶ added in v1.3.0
func (s *IdentityService) UpsertU2FRegistrationCounter(user string, counter uint32) error
func (*IdentityService) UpsertU2FSignChallenge ¶ added in v1.3.0
func (s *IdentityService) UpsertU2FSignChallenge(user string, u2fChallenge *u2f.Challenge) error
func (*IdentityService) UpsertUsedTOTPToken ¶
func (s *IdentityService) UpsertUsedTOTPToken(user string, otpToken string) error
UpsertUsedTOTPToken upserts a TOTP token to the backend so it can't be used again during the 30 second window it's valid.
func (*IdentityService) UpsertUser ¶
func (s *IdentityService) UpsertUser(user services.User) error
UpsertUser updates parameters about user
func (*IdentityService) UpsertWebSession ¶
func (s *IdentityService) UpsertWebSession(user, sid string, session services.WebSession) error
UpsertWebSession updates or inserts a web session for a user and session id the session will be created with bearer token expiry time TTL, because it is expected to be extended by the client before then
type MarshallableU2FRegistration ¶ added in v1.3.0
type MarshallableU2FRegistration struct { Raw []byte `json:"raw"` KeyHandle []byte `json:"keyhandle"` MarshalledPubKey []byte `json:"marshalled_pubkey"` }
u2f.Registration cannot be json marshalled due to the pointer in the public key so we have this marshallable version
type PresenceService ¶
type PresenceService struct {
// contains filtered or unexported fields
}
PresenceService records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes
func NewPresenceService ¶
func NewPresenceService(backend backend.Backend) *PresenceService
NewPresenceService returns new presence service instance
func (*PresenceService) DeleteNamespace ¶
func (s *PresenceService) DeleteNamespace(namespace string) error
DeleteNamespace deletes a namespace with all the keys from the backend
func (*PresenceService) DeleteReverseTunnel ¶
func (s *PresenceService) DeleteReverseTunnel(domainName string) error
DeleteReverseTunnel deletes reverse tunnel by it's domain name
func (*PresenceService) DeleteTrustedCluster ¶
func (s *PresenceService) DeleteTrustedCluster(name string) error
DeleteTrustedCluster removes a TrustedCluster from the backend by name.
func (*PresenceService) GetAuthServers ¶
func (s *PresenceService) GetAuthServers() ([]services.Server, error)
GetAuthServers returns a list of registered servers
func (*PresenceService) GetNamespace ¶
func (s *PresenceService) GetNamespace(name string) (*services.Namespace, error)
GetNamespace returns a namespace by name
func (*PresenceService) GetNamespaces ¶
func (s *PresenceService) GetNamespaces() ([]services.Namespace, error)
GetNamespaces returns a list of namespaces
func (*PresenceService) GetNodes ¶
func (s *PresenceService) GetNodes(namespace string) ([]services.Server, error)
GetNodes returns a list of registered servers
func (*PresenceService) GetProxies ¶
func (s *PresenceService) GetProxies() ([]services.Server, error)
GetProxies returns a list of registered proxies
func (*PresenceService) GetReverseTunnels ¶
func (s *PresenceService) GetReverseTunnels() ([]services.ReverseTunnel, error)
GetReverseTunnels returns a list of registered servers
func (*PresenceService) GetTrustedCluster ¶
func (s *PresenceService) GetTrustedCluster(name string) (services.TrustedCluster, error)
GetTrustedCluster returns a single TrustedCluster by name.
func (*PresenceService) GetTrustedClusters ¶
func (s *PresenceService) GetTrustedClusters() ([]services.TrustedCluster, error)
GetTrustedClusters returns all TrustedClusters in the backend.
func (*PresenceService) UpsertAuthServer ¶
UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
func (*PresenceService) UpsertNamespace ¶
func (s *PresenceService) UpsertNamespace(n services.Namespace) error
UpsertNamespace upserts namespace
func (*PresenceService) UpsertNode ¶
UpsertNode registers node presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
func (*PresenceService) UpsertProxy ¶
UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second
func (*PresenceService) UpsertReverseTunnel ¶
func (s *PresenceService) UpsertReverseTunnel(tunnel services.ReverseTunnel, ttl time.Duration) error
UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently
func (*PresenceService) UpsertTrustedCluster ¶
func (s *PresenceService) UpsertTrustedCluster(trustedCluster services.TrustedCluster) error
UpsertTrustedCluster creates or updates a TrustedCluster in the backend.
type ProvisioningService ¶
type ProvisioningService struct {
// contains filtered or unexported fields
}
ProvisioningService governs adding new nodes to the cluster
func NewProvisioningService ¶
func NewProvisioningService(backend backend.Backend) *ProvisioningService
NewProvisioningService returns a new instance of provisioning service
func (*ProvisioningService) DeleteToken ¶
func (s *ProvisioningService) DeleteToken(token string) error
func (*ProvisioningService) GetToken ¶
func (s *ProvisioningService) GetToken(token string) (*services.ProvisionToken, error)
GetToken finds and returns token by id
func (*ProvisioningService) GetTokens ¶
func (s *ProvisioningService) GetTokens() (tokens []services.ProvisionToken, err error)
GetTokens returns all active (non-expired) provisioning tokens
func (*ProvisioningService) UpsertToken ¶
func (s *ProvisioningService) UpsertToken(token string, roles teleport.Roles, ttl time.Duration) error
UpsertToken adds provisioning tokens for the auth server
type U2FRegistrationCounter ¶ added in v1.3.0
type U2FRegistrationCounter struct {
Counter uint32 `json:"counter"`
}
type UniversalSecondFactorService ¶
UniversalSecondFactorService is responsible for managing universal second factor settings.
func NewUniversalSecondFactorService ¶
func NewUniversalSecondFactorService(backend backend.Backend) *UniversalSecondFactorService
NewUniversalSecondFactorService returns a new UniversalSecondFactorService.
func (*UniversalSecondFactorService) GetUniversalSecondFactor ¶
func (s *UniversalSecondFactorService) GetUniversalSecondFactor() (services.UniversalSecondFactor, error)
GetUniversalSecondFactor fetches the universal second factor settings from the backend and returns them.
func (*UniversalSecondFactorService) SetUniversalSecondFactor ¶
func (s *UniversalSecondFactorService) SetUniversalSecondFactor(settings services.UniversalSecondFactor) error
GetUniversalSecondFactor sets the universal second factor settings on the backend.