Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertAuthoritySpecV2 ¶
type CertAuthoritySpecV2 struct {
// Type is either user or host certificate authority
Type services.CertAuthType `json:"type"`
// DELETE IN(2.7.0) this field is deprecated,
// as resource name matches cluster name after migrations.
// and this property is enforced by the auth server code.
// ClusterName identifies cluster name this authority serves,
// for host authorities that means base hostname of all servers,
// for user authorities that means organization name
ClusterName string `json:"cluster_name"`
// Checkers is a list of SSH public keys that can be used to check
// certificate signatures
CheckingKeys [][]byte `json:"checking_keys"`
// SigningKeys is a list of private keys used for signing
SigningKeys [][]byte `json:"signing_keys,omitempty"`
// Roles is a list of roles assumed by users signed by this CA
Roles []string `json:"roles,omitempty"`
// RoleMap specifies role mappings to remote roles
RoleMap RoleMap `json:"role_map,omitempty"`
// TLS is a list of TLS key pairs
TLSKeyPairs []TLSKeyPair `json:"tls_key_pairs,omitempty"`
// Rotation is a status of the certificate authority rotation
Rotation *Rotation `json:"rotation,omitempty"`
}
CertAuthoritySpecV2 is a host or user certificate authority that can check and if it has private key stored as well, sign it too
type CertAuthorityV1 ¶
type CertAuthorityV1 struct {
// Type is either user or host certificate authority
Type services.CertAuthType `json:"type"`
// DomainName identifies domain name this authority serves,
// for host authorities that means base hostname of all servers,
// for user authorities that means organization name
DomainName string `json:"domain_name"`
// Checkers is a list of SSH public keys that can be used to check
// certificate signatures
CheckingKeys [][]byte `json:"checking_keys"`
// SigningKeys is a list of private keys used for signing
SigningKeys [][]byte `json:"signing_keys"`
// AllowedLogins is a list of allowed logins for users within
// this certificate authority
AllowedLogins []string `json:"allowed_logins"`
}
CertAuthorityV1 is a host or user certificate authority that can check and if it has private key stored as well, sign it too
type CertAuthorityV2 ¶
type CertAuthorityV2 struct {
// Kind is a resource kind
Kind string `json:"kind"`
// Version is version
Version string `json:"version"`
// Metadata is connector metadata
Metadata Metadata `json:"metadata"`
// Spec contains cert authority specification
Spec CertAuthoritySpecV2 `json:"spec"`
// contains filtered or unexported fields
}
CertAuthorityV2 is version 2 resource spec for Cert Authority
type CommandLabelV2 ¶
type CommandLabelV2 struct {
// Period is a time between command runs
Period Duration `json:"period"`
// Command is a command to run
Command []string `json:"command"` //["/usr/bin/hostname", "--long"]
// Result captures standard output
Result string `json:"result"`
}
CommandLabelV2 is a label that has a value as a result of the output generated by running command, e.g. hostname
type Duration ¶
Duration is a wrapper around duration to set up custom marshal/unmarshal
func NewDuration ¶
NewDuration returns Duration struct based on time.Duration
func (Duration) MarshalJSON ¶
MarshalJSON marshals Duration to string
func (Duration) MarshalYAML ¶
MarshalYAML marshals duration into YAML value, encodes it as a string in format "1m"
func (*Duration) UnmarshalJSON ¶
UnmarshalJSON marshals Duration to string
func (*Duration) UnmarshalYAML ¶
type Metadata ¶
type Metadata struct {
// Name is an object name
Name string `json:"name"`
// Namespace is object namespace. The field should be called "namespace"
// when it returns in Teleport 2.4.
Namespace string `json:"-"`
// Description is object description
Description string `json:"description,omitempty"`
// Labels is a set of labels
Labels map[string]string `json:"labels,omitempty"`
// Expires is a global expiry time header can be set on any resource in the system.
Expires *time.Time `json:"expires,omitempty"`
}
Metadata is resource metadata
type RoleMapping ¶
type RoleMapping struct {
// Remote specifies remote role name to map from
Remote string `json:"remote"`
// Local specifies local roles to map to
Local []string `json:"local"`
}
RoleMappping provides mapping of remote roles to local roles for trusted clusters
type Rotation ¶
type Rotation struct {
// State could be one of "init" or "in_progress".
State string `json:"state,omitempty"`
// Phase is the current rotation phase.
Phase string `json:"phase,omitempty"`
// Mode sets manual or automatic rotation mode.
Mode string `json:"mode,omitempty"`
// CurrentID is the ID of the rotation operation
// to differentiate between rotation attempts.
CurrentID string `json:"current_id"`
// Started is set to the time when rotation has been started
// in case if the state of the rotation is "in_progress".
Started time.Time `json:"started,omitempty"`
// GracePeriod is a period during which old and new CA
// are valid for checking purposes, but only new CA is issuing certificates.
GracePeriod Duration `json:"grace_period,omitempty"`
// LastRotated specifies the last time of the completed rotation.
LastRotated time.Time `json:"last_rotated,omitempty"`
// Schedule is a rotation schedule - used in
// automatic mode to switch beetween phases.
Schedule RotationSchedule `json:"schedule,omitempty"`
}
Rotation is a status of the rotation of the certificate authority
type RotationSchedule ¶
type RotationSchedule struct {
// UpdateClients specifies time to switch to the "Update clients" phase
UpdateClients time.Time `json:"update_clients,omitempty"`
// UpdateServers specifies time to switch to the "Update servers" phase.
UpdateServers time.Time `json:"update_servers,omitempty"`
// Standby specifies time to switch to the "Standby" phase.
Standby time.Time `json:"standby,omitempty"`
}
RotationSchedule is a rotation schedule setting time switches for different phases.
type ServerSpecV2 ¶
type ServerSpecV2 struct {
// Addr is server host:port address
Addr string `json:"addr"`
// PublicAddr is the public address this cluster can be reached at.
PublicAddr string `json:"public_addr,omitempty"`
// Hostname is server hostname
Hostname string `json:"hostname"`
// CmdLabels is server dynamic labels
CmdLabels map[string]CommandLabelV2 `json:"cmd_labels,omitempty"`
// Rotation specifies server rotatoin status
Rotation Rotation `json:"rotation,omitempty"`
}
ServerSpecV2 is a specification for V2 Server
type ServerV2 ¶
type ServerV2 struct {
// Kind is a resource kind
Kind string `json:"kind"`
// Version is version
Version string `json:"version"`
// Metadata is User metadata
Metadata Metadata `json:"metadata"`
// Spec contains user specification
Spec ServerSpecV2 `json:"spec"`
}
ServerV2 is version1 resource spec of the server
type TLSKeyPair ¶
type TLSKeyPair struct {
// Cert is a PEM encoded TLS cert
Cert []byte `json:"cert,omitempty"`
// Key is a PEM encoded TLS key
Key []byte `json:"key,omitempty"`
}
TLSKeyPair is a TLS key pair
Source Files
Click to show internal directories.
Click to hide internal directories.