webclient

package
v0.0.0-...-3aec24a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2022 License: Apache-2.0 Imports: 24 Imported by: 9

Documentation

Overview

Package webclient provides a client for the Teleport Proxy API endpoints.

Index

Constants

View Source 
const (
	// WebConfigAuthProviderOIDCType is OIDC provider type
	WebConfigAuthProviderOIDCType = "oidc"
	// WebConfigAuthProviderOIDCURL is OIDC webapi endpoint.
	// redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation.
	WebConfigAuthProviderOIDCURL = "/v1/webapi/oidc/login/web?connector_id=:providerName&redirect_url=:redirect"

	// WebConfigAuthProviderSAMLType is SAML provider type
	WebConfigAuthProviderSAMLType = "saml"
	// WebConfigAuthProviderSAMLURL is SAML webapi endpoint.
	// redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation.
	WebConfigAuthProviderSAMLURL = "/v1/webapi/saml/sso?connector_id=:providerName&redirect_url=:redirect"

	// WebConfigAuthProviderGitHubType is GitHub provider type
	WebConfigAuthProviderGitHubType = "github"
	// WebConfigAuthProviderGitHubURL is GitHub webapi endpoint
	// redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation.
	WebConfigAuthProviderGitHubURL = "/v1/webapi/github/login/web?connector_id=:providerName&redirect_url=:redirect"
)

Variables

This section is empty.

Functions

func ParseHostPort 

func ParseHostPort(addr string, opts ...ParseHostPortOpt) (host, port string, err error)

ParseHostPort parses host and port from the given address.

Types

type AuthenticationSettings 

type AuthenticationSettings struct {
	// Type is the type of authentication, can be either local or oidc.
	Type string `json:"type"`
	// SecondFactor is the type of second factor to use in authentication.
	SecondFactor constants.SecondFactorType `json:"second_factor,omitempty"`
	// PreferredLocalMFA is a server-side hint for clients to pick an MFA method
	// when various options are available.
	// It is empty if there is nothing to suggest.
	PreferredLocalMFA constants.SecondFactorType `json:"preferred_local_mfa,omitempty"`
	// AllowPasswordless is true if passwordless logins are allowed.
	AllowPasswordless bool `json:"allow_passwordless,omitempty"`
	// Local contains settings for local authentication.
	Local *LocalSettings `json:"local,omitempty"`
	// Webauthn contains MFA settings for Web Authentication.
	Webauthn *Webauthn `json:"webauthn,omitempty"`
	// U2F contains the Universal Second Factor settings needed for authentication.
	U2F *U2FSettings `json:"u2f,omitempty"`
	// OIDC contains OIDC connector settings needed for authentication.
	OIDC *OIDCSettings `json:"oidc,omitempty"`
	// SAML contains SAML connector settings needed for authentication.
	SAML *SAMLSettings `json:"saml,omitempty"`
	// Github contains Github connector settings needed for authentication.
	Github *GithubSettings `json:"github,omitempty"`
	// PrivateKeyPolicy contains the cluster-wide private key policy.
	PrivateKeyPolicy keys.PrivateKeyPolicy `json:"private_key_policy"`

	// HasMessageOfTheDay is a flag indicating that the cluster has MOTD
	// banner text that must be retrieved, displayed and acknowledged by
	// the user.
	HasMessageOfTheDay bool `json:"has_motd"`
	// LoadAllCAs tells tsh to load CAs for all clusters when trying to ssh into a node.
	LoadAllCAs bool `json:"load_all_cas,omitempty"`
}

AuthenticationSettings contains information about server authentication settings.

type Config 

type Config struct {
	// Context is a context for creating webclient requests.
	Context context.Context
	// ProxyAddr specifies the teleport proxy address for requests.
	ProxyAddr string
	// Insecure turns off TLS certificate verification when enabled.
	Insecure bool
	// Pool defines the set of root CAs to use when verifying server
	// certificates.
	Pool *x509.CertPool
	// ConnectorName is the name of the ODIC or SAML connector.
	ConnectorName string
	// ExtraHeaders is a map of extra HTTP headers to be included in
	// requests.
	ExtraHeaders map[string]string
	// Timeout is a timeout for requests.
	Timeout time.Duration
	// TraceProvider is used to retrieve a Tracer for creating spans
	TraceProvider oteltrace.TracerProvider
}

Config specifies information when building requests with the webclient.

func (*Config) CheckAndSetDefaults 

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets defaults

type DBProxySettings 

type DBProxySettings struct {
	// PostgresListenAddr is Postgres proxy listen address.
	PostgresListenAddr string `json:"postgres_listen_addr,omitempty"`
	// PostgresPublicAddr is advertised to Postgres clients.
	PostgresPublicAddr string `json:"postgres_public_addr,omitempty"`
	// MySQLListenAddr is MySQL proxy listen address.
	MySQLListenAddr string `json:"mysql_listen_addr,omitempty"`
	// MySQLPublicAddr is advertised to MySQL clients.
	MySQLPublicAddr string `json:"mysql_public_addr,omitempty"`
	// MongoListenAddr is Mongo proxy listen address.
	MongoListenAddr string `json:"mongo_listen_addr,omitempty"`
	// MongoPublicAddr is advertised to Mongo clients.
	MongoPublicAddr string `json:"mongo_public_addr,omitempty"`
}

DBProxySettings contains database access specific proxy settings.

type GithubSettings 

type GithubSettings struct {
	// Name is the internal name of the connector
	Name string `json:"name"`
	// Display is the connector display name
	Display string `json:"display"`
}

GithubSettings contains the Name and Display string for Github connector.

type KubeProxySettings 

type KubeProxySettings struct {
	// Enabled is true when kubernetes proxy is enabled
	Enabled bool `json:"enabled,omitempty"`
	// PublicAddr is a kubernetes proxy public address if set
	PublicAddr string `json:"public_addr,omitempty"`
	// ListenAddr is the address that the kubernetes proxy is listening for
	// connections on.
	ListenAddr string `json:"listen_addr,omitempty"`
}

KubeProxySettings is kubernetes proxy settings

type LocalSettings 

type LocalSettings struct {
	// Name is the name of the local connector.
	Name string `json:"name"`
}

LocalSettings holds settings for local authentication.

type MotD 

type MotD struct {
	Text string
}

MotD holds data about the current message of the day.

func GetMOTD 

func GetMOTD(cfg *Config) (*MotD, error)

type OIDCSettings 

type OIDCSettings struct {
	// Name is the internal name of the connector.
	Name string `json:"name"`
	// Display is the display name for the connector.
	Display string `json:"display"`
}

OIDCSettings contains the Name and Display string for OIDC.

type ParseHostPortOpt 

type ParseHostPortOpt func(host, port string) (hostR, portR string)

func WithDefaultPort 

func WithDefaultPort(defaultPort int) ParseHostPortOpt

WithDefaultPort replaces the parse port with the default port if empty.

func WithOverridePort 

func WithOverridePort(overridePort int) ParseHostPortOpt

WithOverridePort replaces the parsed port with the override port.

type PingError 

type PingError struct {
	Message string `json:"message"`
}

PingError contains the string message from the PingErrorResponse

type PingErrorResponse 

type PingErrorResponse struct {
	Error PingError `json:"error"`
}

PingErrorResponse contains the error message if the requested connector does not match one that has been registered.

type PingResponse 

type PingResponse struct {
	// Auth contains the forms of authentication the auth server supports.
	Auth AuthenticationSettings `json:"auth"`
	// Proxy contains the proxy settings.
	Proxy ProxySettings `json:"proxy"`
	// ServerVersion is the version of Teleport that is running.
	ServerVersion string `json:"server_version"`
	// MinClientVersion is the minimum client version required by the server.
	MinClientVersion string `json:"min_client_version"`
	// ClusterName contains the name of the Teleport cluster.
	ClusterName string `json:"cluster_name"`
	// LicenseWarnings contains a list of license compliance warning messages
	LicenseWarnings []string `json:"license_warnings,omitempty"`
}

PingResponse contains data about the Teleport server like supported authentication types, server version, etc.

func Find 

func Find(cfg *Config) (*PingResponse, error)

Find fetches discovery data by connecting to the given web proxy address. It is designed to fetch proxy public addresses without any inefficiencies.

func Ping 

func Ping(cfg *Config) (*PingResponse, error)

Ping serves two purposes. The first is to validate the HTTP endpoint of a Teleport proxy. This leads to better user experience: users get connection errors before being asked for passwords. The second is to return the form of authentication that the server supports. This also leads to better user experience: users only get prompted for the type of authentication the server supports.

type ProxySettings 

type ProxySettings struct {
	// Kube is a kubernetes specific proxy section
	Kube KubeProxySettings `json:"kube"`
	// SSH is SSH specific proxy settings
	SSH SSHProxySettings `json:"ssh"`
	// DB contains database access specific proxy settings
	DB DBProxySettings `json:"db"`
	// TLSRoutingEnabled indicates that proxy supports ALPN SNI server where
	// all proxy services are exposed on a single TLS listener (Proxy Web Listener).
	TLSRoutingEnabled bool `json:"tls_routing_enabled"`
}

ProxySettings contains basic information about proxy settings

func (*ProxySettings) SSHProxyHostPort 

func (ps *ProxySettings) SSHProxyHostPort() (host, port string, err error)

SSHProxyHostPort returns the ssh proxy host and port for the proxy settings.

func (*ProxySettings) TunnelAddr 

func (ps *ProxySettings) TunnelAddr() (string, error)

type SAMLSettings 

type SAMLSettings struct {
	// Name is the internal name of the connector.
	Name string `json:"name"`
	// Display is the display name for the connector.
	Display string `json:"display"`
}

SAMLSettings contains the Name and Display string for SAML

type SSHProxySettings 

type SSHProxySettings struct {
	// ListenAddr is the address that the SSH proxy is listening for
	// connections on.
	ListenAddr string `json:"listen_addr,omitempty"`

	// TunnelListenAddr is the address that the SSH reverse tunnel is
	// listening for connections on.
	TunnelListenAddr string `json:"tunnel_listen_addr,omitempty"`

	// WebListenAddr is the address where the proxy web handler is listening.
	WebListenAddr string `json:"web_listen_addr,omitempty"`

	// PublicAddr is the public address of the HTTP proxy.
	PublicAddr string `json:"public_addr,omitempty"`

	// SSHPublicAddr is the public address of the SSH proxy.
	SSHPublicAddr string `json:"ssh_public_addr,omitempty"`

	// TunnelPublicAddr is the public address of the SSH reverse tunnel.
	TunnelPublicAddr string `json:"ssh_tunnel_public_addr,omitempty"`
}

SSHProxySettings is SSH specific proxy settings.

type U2FSettings 

type U2FSettings struct {
	// AppID is the U2F AppID.
	AppID string `json:"app_id"`
}

U2FSettings contains the AppID for Universal Second Factor.

type WebConfig 

type WebConfig struct {
	// Auth contains Teleport auth. preferences
	Auth WebConfigAuthSettings `json:"auth,omitempty"`
	// CanJoinSessions disables joining sessions
	CanJoinSessions bool `json:"canJoinSessions"`
	// ProxyClusterName is the name of the local cluster
	ProxyClusterName string `json:"proxyCluster,omitempty"`
	// IsCloud is a flag that determines if cloud features are enabled.
	IsCloud bool `json:"isCloud,omitempty"`
	// TunnelPublicAddress is the public ssh tunnel address
	TunnelPublicAddress string `json:"tunnelPublicAddress,omitempty"`
	// RecoveryCodesEnabled is a flag that determines if recovery codes are enabled in the cluster.
	RecoveryCodesEnabled bool `json:"recoveryCodesEnabled,omitempty"`
}

WebConfig is web application configuration served by the backend to be used in frontend apps.

type WebConfigAuthProvider 

type WebConfigAuthProvider struct {
	// Name is this provider ID
	Name string `json:"name,omitempty"`
	// DisplayName is this provider display name
	DisplayName string `json:"displayName,omitempty"`
	// Type is this provider type
	Type string `json:"type,omitempty"`
	// WebAPIURL is this provider webapi URL
	WebAPIURL string `json:"url,omitempty"`
}

WebConfigAuthProvider describes auth. provider

type WebConfigAuthSettings 

type WebConfigAuthSettings struct {
	// SecondFactor is the type of second factor to use in authentication.
	SecondFactor constants.SecondFactorType `json:"second_factor,omitempty"`
	// Providers contains a list of configured auth providers
	Providers []WebConfigAuthProvider `json:"providers,omitempty"`
	// LocalAuthEnabled is a flag that enables local authentication
	LocalAuthEnabled bool `json:"localAuthEnabled"`
	// AllowPasswordless is true if passwordless logins are allowed.
	AllowPasswordless bool `json:"allowPasswordless,omitempty"`
	// AuthType is the authentication type.
	AuthType string `json:"authType"`
	// PreferredLocalMFA is a server-side hint for clients to pick an MFA method
	// when various options are available.
	// It is empty if there is nothing to suggest.
	PreferredLocalMFA constants.SecondFactorType `json:"preferredLocalMfa,omitempty"`
	// LocalConnectorName is the name of the local connector.
	LocalConnectorName string `json:"localConnectorName,omitempty"`
	// PrivateKeyPolicy is the configured private key policy for the cluster.
	PrivateKeyPolicy keys.PrivateKeyPolicy `json:"privateKeyPolicy,omitempty"`
}

WebConfigAuthSettings describes auth configuration

type Webauthn 

type Webauthn struct {
	// RPID is the Webauthn Relying Party ID used by the server.
	RPID string `json:"rp_id"`
}

Webauthn holds MFA settings for Web Authentication.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.