Documentation ¶
Overview ¶
Package service implements teleport running service, takes care of initialization, cleanup and shutdown procedures
Index ¶
- Constants
- Variables
- func ApplyDefaults(cfg *Config)
- func ApplyFIPSDefaults(cfg *Config)
- func Run(ctx context.Context, cfg Config, newTeleport NewProcess) error
- type ACME
- type App
- type AppAWS
- type AppsConfig
- type AuthConfig
- type CachePolicy
- type Config
- func (cfg *Config) ApplyCAPins(caPins []string) error
- func (cfg *Config) AuthServerAddresses() []utils.NetAddr
- func (cfg *Config) DebugDumpToYAML() string
- func (cfg *Config) HasToken() bool
- func (cfg *Config) RoleConfig() RoleConfig
- func (cfg *Config) SetAuthServerAddress(addr utils.NetAddr)
- func (cfg *Config) SetAuthServerAddresses(addrs []utils.NetAddr) error
- func (cfg *Config) SetToken(token string)
- func (cfg *Config) Token() (string, error)
- type Connector
- type Database
- type DatabaseAD
- type DatabaseAWS
- type DatabaseAWSElastiCache
- type DatabaseAWSMemoryDB
- type DatabaseAWSRDS
- type DatabaseAWSRedshift
- type DatabaseAWSSecretStore
- type DatabaseAzure
- type DatabaseGCP
- type DatabaseTLS
- type DatabasesConfig
- type DiscoveryConfig
- type Event
- type EventMapping
- type ExitEventPayload
- type FileDescriptor
- type Func
- type Header
- type HostLabelRule
- type HostLabelRules
- type KeyPair
- type KeyPairPath
- type KubeConfig
- type KubeProxyConfig
- type LDAPConfig
- type LDAPDiscoveryConfig
- type ListenerType
- type LocalService
- type LocalSupervisor
- func (s *LocalSupervisor) BroadcastEvent(event Event)
- func (s *LocalSupervisor) ExitContext() context.Context
- func (s *LocalSupervisor) GracefulExitContext() context.Context
- func (s *LocalSupervisor) ListenForEvents(ctx context.Context, name string, eventC chan<- Event)
- func (s *LocalSupervisor) Register(srv Service)
- func (s *LocalSupervisor) RegisterCriticalFunc(name string, fn Func)
- func (s *LocalSupervisor) RegisterEventMapping(m EventMapping)
- func (s *LocalSupervisor) RegisterFunc(name string, fn Func)
- func (s *LocalSupervisor) ReloadContext() context.Context
- func (s *LocalSupervisor) RemoveService(srv Service) error
- func (s *LocalSupervisor) Run() error
- func (s *LocalSupervisor) ServiceCount() int
- func (s *LocalSupervisor) Services() []string
- func (s *LocalSupervisor) Start() error
- func (s *LocalSupervisor) Wait() error
- func (s *LocalSupervisor) WaitForEvent(ctx context.Context, name string) (Event, error)
- func (s *LocalSupervisor) WaitForEventTimeout(timeout time.Duration, name string) (Event, error)
- type MetricsConfig
- type MySQLOptions
- type NewProcess
- type NewTeleportOption
- type Process
- type ProxyConfig
- type Rate
- type Rewrite
- type RoleConfig
- type SSHConfig
- type Service
- type Supervisor
- type TLSMode
- type TeleportProcess
- func (process *TeleportProcess) AuthAddr() (*utils.NetAddr, error)
- func (process *TeleportProcess) Close() error
- func (process *TeleportProcess) DiagnosticAddr() (*utils.NetAddr, error)
- func (process *TeleportProcess) ExportFileDescriptors() ([]FileDescriptor, error)
- func (process *TeleportProcess) GetAuditLog() events.IAuditLog
- func (process *TeleportProcess) GetAuthServer() *auth.Server
- func (process *TeleportProcess) GetBackend() backend.Backend
- func (process *TeleportProcess) GetIdentity(role types.SystemRole) (i *auth.Identity, err error)
- func (process *TeleportProcess) NodeSSHAddr() (*utils.NetAddr, error)
- func (process *TeleportProcess) OnExit(serviceName string, callback func(interface{}))
- func (process *TeleportProcess) ProxyKubeAddr() (*utils.NetAddr, error)
- func (process *TeleportProcess) ProxyPeerAddr() (*utils.NetAddr, error)
- func (process *TeleportProcess) ProxySSHAddr() (*utils.NetAddr, error)
- func (process *TeleportProcess) ProxyTunnelAddr() (*utils.NetAddr, error)
- func (process *TeleportProcess) ProxyWebAddr() (*utils.NetAddr, error)
- func (process *TeleportProcess) Shutdown(ctx context.Context)
- func (process *TeleportProcess) StartShutdown(ctx context.Context) context.Context
- func (process *TeleportProcess) WaitForSignals(ctx context.Context) error
- func (process *TeleportProcess) WaitWithContext(ctx context.Context)
- type TracingConfig
- type WindowsDesktopConfig
Constants ¶
const ( // AuthIdentityEvent is generated when the Auth Servers identity has been // initialized in the backend. AuthIdentityEvent = "AuthIdentity" // InstanceIdentityEvent is generated by the supervisor when the instance-level // identity has been registered with the Auth server. InstanceIdentityEvent = "InstanceIdentity" // ProxyIdentityEvent is generated by the supervisor when the proxy's // identity has been registered with the Auth Server. ProxyIdentityEvent = "ProxyIdentity" // SSHIdentityEvent is generated when node's identity has been registered // with the Auth Server. SSHIdentityEvent = "SSHIdentity" // KubeIdentityEvent is generated by the supervisor when the kubernetes // service's identity has been registered with the Auth Server. KubeIdentityEvent = "KubeIdentity" // AppsIdentityEvent is generated when the identity of the application proxy // service has been registered with the Auth Server. AppsIdentityEvent = "AppsIdentity" // DatabasesIdentityEvent is generated when the identity of the database // proxy service has been registered with the auth server. DatabasesIdentityEvent = "DatabasesIdentity" // WindowsDesktopIdentityEvent is generated by the supervisor when the // windows desktop service's identity has been registered with the Auth // Server. WindowsDesktopIdentityEvent = "WindowsDesktopIdentity" // DiscoveryIdentityEvent is generated when the identity of the DiscoveryIdentityEvent = "DiscoveryIdentityEvent" // AuthTLSReady is generated when the Auth Server has initialized the // TLS Mutual Auth endpoint and is ready to start accepting connections. AuthTLSReady = "AuthTLSReady" // ProxyWebServerReady is generated when the proxy has initialized the web // server and is ready to start accepting connections. ProxyWebServerReady = "ProxyWebServerReady" // ProxyReverseTunnelReady is generated when the proxy has initialized the // reverse tunnel server and is ready to start accepting connections. ProxyReverseTunnelReady = "ProxyReverseTunnelReady" // DebugAppReady is generated when the debugging application has been started // and is ready to serve requests. DebugAppReady = "DebugAppReady" // ProxyAgentPoolReady is generated when the proxy has initialized the // remote cluster watcher (to spawn reverse tunnels) and is ready to start // accepting connections. ProxyAgentPoolReady = "ProxyAgentPoolReady" // ProxySSHReady is generated when the proxy has initialized a SSH server // and is ready to start accepting connections. ProxySSHReady = "ProxySSHReady" // NodeSSHReady is generated when the Teleport node has initialized a SSH server // and is ready to start accepting SSH connections. NodeSSHReady = "NodeReady" // KubernetesReady is generated when the kubernetes service has been initialized. KubernetesReady = "KubernetesReady" // AppsReady is generated when the Teleport app proxy service is ready to // start accepting connections. AppsReady = "AppsReady" // DatabasesReady is generated when the Teleport database proxy service // is ready to start accepting connections. DatabasesReady = "DatabasesReady" // MetricsReady is generated when the Teleport metrics service is ready to // start accepting connections. MetricsReady = "MetricsReady" // WindowsDesktopReady is generated when the Teleport windows desktop // service is ready to start accepting connections. WindowsDesktopReady = "WindowsDesktopReady" // TracingReady is generated when the Teleport tracing service is ready to // start exporting spans. TracingReady = "TracingReady" // InstanceReady is generated when the teleport instance control handle has // been set up. InstanceReady = "InstanceReady" // DiscoveryReady is generated when the Teleport database proxy service // is ready to start accepting connections. DiscoveryReady = "DiscoveryReady" // TeleportExitEvent is generated when the Teleport process begins closing // all listening sockets and exiting. TeleportExitEvent = "TeleportExit" // TeleportReloadEvent is generated to trigger in-process teleport // service reload - all servers and clients will be re-created // in a graceful way. TeleportReloadEvent = "TeleportReload" // TeleportPhaseChangeEvent is generated to indidate that teleport // CA rotation phase has been updated, used in tests TeleportPhaseChangeEvent = "TeleportPhaseChange" // TeleportReadyEvent is generated to signal that all teleport // internal components have started successfully. TeleportReadyEvent = "TeleportReady" // ServiceExitedWithErrorEvent is emitted whenever a service // has exited with an error, the payload includes the error ServiceExitedWithErrorEvent = "ServiceExitedWithError" // TeleportDegradedEvent is emitted whenever a service is operating in a // degraded manner. TeleportDegradedEvent = "TeleportDegraded" // TeleportOKEvent is emitted whenever a service is operating normally. TeleportOKEvent = "TeleportOKEvent" )
Variables ¶
var ( ListenerAuth = ListenerType(teleport.ComponentAuth) ListenerNodeSSH = ListenerType(teleport.ComponentNode) ListenerProxySSH = ListenerType(teleport.Component(teleport.ComponentProxy, "ssh")) ListenerDiagnostic = ListenerType(teleport.ComponentDiagnostic) ListenerProxyKube = ListenerType(teleport.Component(teleport.ComponentProxy, "kube")) ListenerKube = ListenerType(teleport.ComponentKube) // Proxy can use the same listener for tunnels and web interface // (multiplexing the requests). ListenerProxyTunnelAndWeb = ListenerType(teleport.Component(teleport.ComponentProxy, "tunnel", "web")) ListenerProxyWeb = ListenerType(teleport.Component(teleport.ComponentProxy, "web")) ListenerProxyTunnel = ListenerType(teleport.Component(teleport.ComponentProxy, "tunnel")) ListenerProxyMySQL = ListenerType(teleport.Component(teleport.ComponentProxy, "mysql")) ListenerProxyPostgres = ListenerType(teleport.Component(teleport.ComponentProxy, "postgres")) ListenerProxyMongo = ListenerType(teleport.Component(teleport.ComponentProxy, "mongo")) ListenerProxyPeer = ListenerType(teleport.Component(teleport.ComponentProxy, "peer")) ListenerMetrics = ListenerType(teleport.ComponentMetrics) ListenerWindowsDesktop = ListenerType(teleport.ComponentWindowsDesktop) )
var AllTLSModes = []TLSMode{VerifyFull, VerifyCA, Insecure}
AllTLSModes keeps all possible database TLS modes for easy access.
var ErrTeleportExited = &trace.CompareFailedError{Message: "teleport process has shutdown"}
ErrTeleportExited means that teleport has exited
var ErrTeleportReloading = &trace.CompareFailedError{Message: "teleport process is reloading"}
ErrTeleportReloading is returned when signal waiter exits because the teleport process has initiaded shutdown
Functions ¶
func ApplyDefaults ¶
func ApplyDefaults(cfg *Config)
ApplyDefaults applies default values to the existing config structure
func ApplyFIPSDefaults ¶
func ApplyFIPSDefaults(cfg *Config)
ApplyFIPSDefaults updates default configuration to be FedRAMP/FIPS 140-2 compliant.
Types ¶
type ACME ¶
type ACME struct { // Enabled enables or disables ACME support Enabled bool // Email receives notifications from ACME server Email string // URI is ACME server URI URI string }
ACME configures ACME automatic certificate renewal
type App ¶
type App struct { // Name of the application. Name string // Description is the app description. Description string // URI is the internal address of the application. URI string // Public address of the application. This is the address users will access // the application at. PublicAddr string // StaticLabels is a map of static labels to apply to this application. StaticLabels map[string]string // DynamicLabels is a list of dynamic labels to apply to this application. DynamicLabels services.CommandLabels // InsecureSkipVerify is used to skip validating the server's certificate. InsecureSkipVerify bool // Rewrite defines a block that is used to rewrite requests and responses. Rewrite *Rewrite // AWS contains additional options for AWS applications. AWS *AppAWS `yaml:"aws,omitempty"` }
App is the specific application that will be proxied by the application service. This needs to exist because if the "config" package tries to directly create a services.App it will get into circular imports.
func (*App) CheckAndSetDefaults ¶
CheckAndSetDefaults validates an application.
type AppAWS ¶
type AppAWS struct { // ExternalID is the AWS External ID used when assuming roles in this app. ExternalID string `yaml:"external_id,omitempty"` }
AppAWS contains additional options for AWS applications.
type AppsConfig ¶
type AppsConfig struct { // Enabled enables application proxying service. Enabled bool // DebugApp enabled a header dumping debugging application. DebugApp bool // Apps is the list of applications that are being proxied. Apps []App // ResourceMatchers match cluster database resources. ResourceMatchers []services.ResourceMatcher // MonitorCloseChannel will be signaled when a monitor closes a connection. // Used only for testing. Optional. MonitorCloseChannel chan struct{} }
AppsConfig configures application proxy service.
type AuthConfig ¶
type AuthConfig struct { // Enabled turns auth role on or off for this process Enabled bool // EnableProxyProtocol enables proxy protocol support EnableProxyProtocol bool // ListenAddr is the listening address of the auth service ListenAddr utils.NetAddr // Authorities is a set of trusted certificate authorities // that will be added by this auth server on the first start Authorities []types.CertAuthority // Resources is a set of previously backed up resources // used to bootstrap backend state on the first start. Resources []types.Resource // Roles is a set of roles to pre-provision for this cluster Roles []types.Role // ClusterName is a name that identifies this authority and all // host nodes in the cluster that will share this authority domain name // as a base name, e.g. if authority domain name is example.com, // all nodes in the cluster will have UUIDs in the form: <uuid>.example.com ClusterName types.ClusterName // StaticTokens are pre-defined host provisioning tokens supplied via config file for // environments where paranoid security is not needed StaticTokens types.StaticTokens // StorageConfig contains configuration settings for the storage backend. StorageConfig backend.Config Limiter limiter.Config // NoAudit, when set to true, disables session recording and event audit NoAudit bool // Preference defines the authentication preference (type and second factor) for // the auth server. Preference types.AuthPreference // AuditConfig stores cluster audit configuration. AuditConfig types.ClusterAuditConfig // NetworkingConfig stores cluster networking configuration. NetworkingConfig types.ClusterNetworkingConfig // SessionRecordingConfig stores session recording configuration. SessionRecordingConfig types.SessionRecordingConfig // LicenseFile is a full path to the license file LicenseFile string // PublicAddrs affects the SSH host principals and DNS names added to the SSH and TLS certs. PublicAddrs []utils.NetAddr // KeyStore configuration. Handles CA private keys which may be held in a HSM. KeyStore keystore.Config // LoadAllCAs sends the host CAs of all clusters to SSH clients logging in when enabled, // instead of just the host CA for the current cluster. LoadAllCAs bool }
AuthConfig is a configuration of the auth server
type CachePolicy ¶
type CachePolicy struct { // Enabled enables or disables caching Enabled bool }
CachePolicy sets caching policy for proxies and nodes
func (*CachePolicy) CheckAndSetDefaults ¶
func (c *CachePolicy) CheckAndSetDefaults() error
CheckAndSetDefaults checks and sets default values
func (CachePolicy) String ¶
func (c CachePolicy) String() string
String returns human-friendly representation of the policy
type Config ¶
type Config struct { // Teleport configuration version. Version string // DataDir is the directory where teleport stores its permanent state // (in case of auth server backed by BoltDB) or local state, e.g. keys DataDir string // Hostname is a node host name Hostname string // JoinMethod is the method the instance will use to join the auth server JoinMethod types.JoinMethod // ProxyServer is the address of the proxy ProxyServer utils.NetAddr // Identities is an optional list of pre-generated key pairs // for teleport roles, this is helpful when server is preconfigured Identities []*auth.Identity // AdvertiseIP is used to "publish" an alternative IP address or hostname this node // can be reached on, if running behind NAT AdvertiseIP string // CachePolicy sets caching policy for nodes and proxies // in case if they lose connection to auth servers CachePolicy CachePolicy // Auth service configuration. Manages cluster state and configuration. Auth AuthConfig // Proxy service configuration. Manages incoming and outbound // connections to the cluster. Proxy ProxyConfig // SSH service configuration. Manages SSH servers running within the cluster. SSH SSHConfig // App service configuration. Manages applications running within the cluster. Apps AppsConfig // Databases defines database proxy service configuration. Databases DatabasesConfig // Metrics defines the metrics service configuration. Metrics MetricsConfig // WindowsDesktop defines the Windows desktop service configuration. WindowsDesktop WindowsDesktopConfig // Discovery defines the discovery service configuration. Discovery DiscoveryConfig // Tracing defines the tracing service configuration. Tracing TracingConfig // Keygen points to a key generator implementation Keygen sshca.Authority // HostUUID is a unique UUID of this host (it will be known via this UUID within // a teleport cluster). It's automatically generated on 1st start HostUUID string // Console writer to speak to a user Console io.Writer // ReverseTunnels is a list of reverse tunnels to create on the // first cluster start ReverseTunnels []types.ReverseTunnel // OIDCConnectors is a list of trusted OpenID Connect identity providers OIDCConnectors []types.OIDCConnector // PidFile is a full path of the PID file for teleport daemon PIDFile string // Trust is a service that manages users and credentials Trust services.Trust // Presence service is a discovery and hearbeat tracker Presence services.Presence // Events is events service Events types.Events // Provisioner is a service that keeps track of provisioning tokens Provisioner services.Provisioner // Trust is a service that manages users and credentials Identity services.Identity // Access is a service that controls access Access services.Access // UsageReporter is a service that reports usage events. UsageReporter services.UsageReporter // ClusterConfiguration is a service that provides cluster configuration ClusterConfiguration services.ClusterConfiguration // CipherSuites is a list of TLS ciphersuites that Teleport supports. If // omitted, a Teleport selected list of defaults will be used. CipherSuites []uint16 // Ciphers is a list of SSH ciphers that the server supports. If omitted, // the defaults will be used. Ciphers []string // KEXAlgorithms is a list of SSH key exchange (KEX) algorithms that the // server supports. If omitted, the defaults will be used. KEXAlgorithms []string // MACAlgorithms is a list of SSH message authentication codes (MAC) that // the server supports. If omitted the defaults will be used. MACAlgorithms []string // DiagnosticAddr is an address for diagnostic and healthz endpoint service DiagnosticAddr utils.NetAddr // Debug sets debugging mode, results in diagnostic address // endpoint extended with additional /debug handlers Debug bool // UploadEventsC is a channel for upload events // used in tests UploadEventsC chan events.UploadEvent `json:"-"` // FileDescriptors is an optional list of file descriptors for the process // to inherit and use for listeners, used for in-process updates. FileDescriptors []FileDescriptor // PollingPeriod is set to override default internal polling periods // of sync agents, used to speed up integration tests. PollingPeriod time.Duration // ClientTimeout is set to override default client timeouts // used by internal clients, used to speed up integration tests. ClientTimeout time.Duration // ShutdownTimeout is set to override default shutdown timeout. ShutdownTimeout time.Duration // CAPins are the SKPI hashes of the CAs used to verify the Auth Server. CAPins []string // Clock is used to control time in tests. Clock clockwork.Clock // TeleportVersion is used to control the Teleport version in tests. TeleportVersion string // FIPS means FedRAMP/FIPS 140-2 compliant configuration was requested. FIPS bool // SkipVersionCheck means the version checking between server and client // will be skipped. SkipVersionCheck bool // BPFConfig holds configuration for the BPF service. BPFConfig *bpf.Config // Kube is a Kubernetes API gateway using Teleport client identities. Kube KubeConfig // Log optionally specifies the logger Log utils.Logger // PluginRegistry allows adding enterprise logic to Teleport services PluginRegistry plugin.Registry // RotationConnectionInterval is the interval between connection // attempts as used by the rotation state service RotationConnectionInterval time.Duration // MaxRetryPeriod is the maximum period between reconnection attempts to auth MaxRetryPeriod time.Duration // ConnectFailureC is a channel to notify of failures to connect to auth (used in tests). ConnectFailureC chan time.Duration // TeleportHome is the path to tsh configuration and data, used // for loading profiles when TELEPORT_HOME is set TeleportHome string // CircuitBreakerConfig configures the auth client circuit breaker. CircuitBreakerConfig breaker.Config // contains filtered or unexported fields }
Config structure is used to initialize _all_ services Teleport can run. Some settings are global (like DataDir) while others are grouped into sections, like AuthConfig
func MakeDefaultConfig ¶
func MakeDefaultConfig() (config *Config)
MakeDefaultConfig creates a new Config structure and populates it with defaults
func (*Config) ApplyCAPins ¶
ApplyCAPins assigns the given CA pin(s), filtering out empty pins. If a pin is specified as a path to a file, that file must not be empty.
func (*Config) AuthServerAddresses ¶
AuthServerAddresses returns the value of authServers for config versions v1 and v2 and will return just the first (as only one should be set) address for config versions v3 onwards.
func (*Config) DebugDumpToYAML ¶
DebugDumpToYAML is useful for debugging: it dumps the Config structure into a string
func (*Config) HasToken ¶
HasToken gives the ability to check if there has been a token value stored in the config
func (*Config) RoleConfig ¶
func (cfg *Config) RoleConfig() RoleConfig
RoleConfig is a config for particular Teleport role
func (*Config) SetAuthServerAddress ¶
SetAuthServerAddress sets the value of authServers to a single value
func (*Config) SetAuthServerAddresses ¶
SetAuthServerAddresses sets the value of authServers If the config version is v1 or v2, it will set the value to all the given addresses (as multiple can be specified). If the config version is v3 or onwards, it'll error if more than one address is given.
func (*Config) SetToken ¶
SetToken stores the value for --token or auth_token in the config
This can be either the token or an absolute path to a file containing the token.
func (*Config) Token ¶
Token returns token needed to join the auth server
If the value stored points to a file, it will attempt to read the token value from the file and return an error if it wasn't successful If the value stored doesn't point to a file, it'll return the value stored If the token hasn't been set, an empty string will be returned
type Connector ¶
type Connector struct { // ClientIdentity is the identity to be used in internal cluster // clients to the auth service. ClientIdentity *auth.Identity // ServerIdentity is the identity to be used in servers - serving SSH // and x509 certificates to clients. ServerIdentity *auth.Identity // Client is authenticated client with credentials from ClientIdentity. Client *auth.Client }
Connector has all resources process needs to connect to other parts of the cluster: client and identity.
func (*Connector) TunnelProxyResolver ¶
func (c *Connector) TunnelProxyResolver() reversetunnel.Resolver
TunnelProxyResolver if non-nil, indicates that the client is connected to the Auth Server through the reverse SSH tunnel proxy
type Database ¶
type Database struct { // Name is the database name, used to refer to in CLI. Name string // Description is a free-form database description. Description string // Protocol is the database type, e.g. postgres or mysql. Protocol string // URI is the database endpoint to connect to. URI string // StaticLabels is a map of database static labels. StaticLabels map[string]string // MySQL are additional MySQL database options. MySQL MySQLOptions // DynamicLabels is a list of database dynamic labels. DynamicLabels services.CommandLabels // TLS keeps database connection TLS configuration. TLS DatabaseTLS // AWS contains AWS specific settings for RDS/Aurora/Redshift databases. AWS DatabaseAWS // GCP contains GCP specific settings for Cloud SQL databases. GCP DatabaseGCP // AD contains Active Directory configuration for database. AD DatabaseAD // Azure contains Azure database configuration. Azure DatabaseAzure }
Database represents a single database that's being proxied.
func (*Database) CheckAndSetDefaults ¶
CheckAndSetDefaults validates the database proxy configuration.
type DatabaseAD ¶
type DatabaseAD struct { // KeytabFile is the path to the Kerberos keytab file. KeytabFile string // Krb5File is the path to the Kerberos configuration file. Defaults to /etc/krb5.conf. Krb5File string // Domain is the Active Directory domain the database resides in. Domain string // SPN is the service principal name for the database. SPN string }
DatabaseAD contains database Active Directory configuration.
func (*DatabaseAD) CheckAndSetDefaults ¶
func (d *DatabaseAD) CheckAndSetDefaults(name string) error
CheckAndSetDefaults validates database Active Directory configuration.
func (*DatabaseAD) IsEmpty ¶
func (d *DatabaseAD) IsEmpty() bool
IsEmpty returns true if the database AD configuration is empty.
type DatabaseAWS ¶
type DatabaseAWS struct { // Region is the cloud region database is running in when using AWS RDS. Region string // Redshift contains Redshift specific settings. Redshift DatabaseAWSRedshift // RDS contains RDS specific settings. RDS DatabaseAWSRDS // ElastiCache contains ElastiCache specific settings. ElastiCache DatabaseAWSElastiCache // MemoryDB contains MemoryDB specific settings. MemoryDB DatabaseAWSMemoryDB // SecretStore contains settings for managing secrets. SecretStore DatabaseAWSSecretStore // AccountID is the AWS account ID. AccountID string }
DatabaseAWS contains AWS specific settings for RDS/Aurora databases.
type DatabaseAWSElastiCache ¶
type DatabaseAWSElastiCache struct { // ReplicationGroupID is the ElastiCache replication group ID. ReplicationGroupID string }
DatabaseAWSElastiCache contains settings for ElastiCache databases.
type DatabaseAWSMemoryDB ¶
type DatabaseAWSMemoryDB struct { // ClusterName is the MemoryDB cluster name. ClusterName string }
DatabaseAWSMemoryDB contains settings for MemoryDB databases.
type DatabaseAWSRDS ¶
type DatabaseAWSRDS struct { // InstanceID is the RDS instance identifier. InstanceID string // ClusterID is the RDS cluster (Aurora) identifier. ClusterID string }
DatabaseAWSRDS contains AWS RDS specific settings.
type DatabaseAWSRedshift ¶
type DatabaseAWSRedshift struct { // ClusterID is the Redshift cluster identifier. ClusterID string }
DatabaseAWSRedshift contains AWS Redshift specific settings.
type DatabaseAWSSecretStore ¶
type DatabaseAWSSecretStore struct { // KeyPrefix specifies the secret key prefix. KeyPrefix string // KMSKeyID specifies the AWS KMS key for encryption. KMSKeyID string }
DatabaseAWSSecretStore contains secret store configurations.
type DatabaseAzure ¶
type DatabaseAzure struct { // ResourceID is the Azure fully qualified ID for the resource. ResourceID string `yaml:"resource_id,omitempty"` }
DatabaseAzure contains Azure database configuration.
type DatabaseGCP ¶
type DatabaseGCP struct { // ProjectID is the GCP project ID where the database is deployed. ProjectID string // InstanceID is the Cloud SQL instance ID. InstanceID string }
DatabaseGCP contains GCP specific settings for Cloud SQL databases.
type DatabaseTLS ¶
type DatabaseTLS struct { // Mode is the TLS connection mode. See TLSMode for more details. Mode TLSMode // ServerName allows providing custom server name. // This name will override DNS name when validating certificate presented by the database. ServerName string // CACert is an optional database CA certificate. CACert []byte }
DatabaseTLS keeps TLS settings used when connecting to database.
type DatabasesConfig ¶
type DatabasesConfig struct { // Enabled enables the database proxy service. Enabled bool // Databases is a list of databases proxied by this service. Databases []Database // ResourceMatchers match cluster database resources. ResourceMatchers []services.ResourceMatcher // AWSMatchers match AWS hosted databases. AWSMatchers []services.AWSMatcher // AzureMatchers match Azure hosted databases. AzureMatchers []services.AzureMatcher // Limiter limits the connection and request rates. Limiter limiter.Config }
DatabasesConfig configures the database proxy service.
type DiscoveryConfig ¶
type DiscoveryConfig struct { Enabled bool // AWSMatchers are used to match EC2 instances for auto enrollment. AWSMatchers []services.AWSMatcher // AzureMatchers are used to match resources for auto discovery. AzureMatchers []services.AzureMatcher // GCPMatchers are used to match GCP resources for auto discovery. GCPMatchers []services.GCPMatcher }
func (DiscoveryConfig) IsEmpty ¶
func (d DiscoveryConfig) IsEmpty() bool
IsEmpty validates if the Discovery Service config has no cloud matchers.
type Event ¶
type Event struct { Name string Payload interface{} }
Event is a special service event that can be generated by various goroutines in the supervisor
type EventMapping ¶
type EventMapping struct { // In is the incoming event sequence. In []string // Out is the outbound event to generate. Out string }
EventMapping maps a sequence of incoming events and if triggered, generates an out event.
func (EventMapping) String ¶
func (e EventMapping) String() string
String returns user-friendly representation of the mapping.
type ExitEventPayload ¶
type ExitEventPayload struct { // Service is the service that exited Service Service // Error is the error of the service exit Error error }
ExitEventPayload contains information about service name, and service error if it exited with error
type FileDescriptor ¶
type FileDescriptor struct { // Type is a listener type, e.g. auth:ssh Type string // Address is an address of the listener, e.g. 127.0.0.1:3025 Address string // File is a file descriptor associated with the listener File *os.File }
FileDescriptor is a file descriptor associated with a listener
func (*FileDescriptor) ToListener ¶
func (fd *FileDescriptor) ToListener() (net.Listener, error)
type Header ¶
type Header struct { // Name is the http header name. Name string // Value is the http header value. Value string }
Header represents a single http header passed over to the proxied application.
func ParseHeader ¶
ParseHeader parses the provided string as a http header.
func ParseHeaders ¶
ParseHeaders parses the provided list as http headers.
type HostLabelRule ¶
HostLabelRule specifies a set of labels that should be applied to hosts matching the provided regexp.
type HostLabelRules ¶
type HostLabelRules struct {
// contains filtered or unexported fields
}
HostLabelRules is a collection of rules describing how to apply labels to hosts.
func NewHostLabelRules ¶
func NewHostLabelRules(rules ...HostLabelRule) HostLabelRules
func (HostLabelRules) LabelsForHost ¶
func (h HostLabelRules) LabelsForHost(host string) map[string]string
LabelsForHost returns the set of all labels that should be applied to the specified host. If multiple rules match and specify the same label keys, the value will be that of the last matching rule.
type KeyPair ¶
type KeyPair struct { // PrivateKey is a private key in PEM format PrivateKey []byte // PublicSSHKey is a public key in SSH format PublicSSHKey []byte // PublicTLSKey is a public key in X509 format PublicTLSKey []byte }
KeyPair is a private/public key pair
type KeyPairPath ¶
type KeyPairPath struct { // PrivateKey is the path to a PEM encoded private key. PrivateKey string // Certificate is the path to a PEM encoded certificate. Certificate string }
KeyPairPath are paths to a key and certificate file.
type KubeConfig ¶
type KubeConfig struct { // Enabled turns kubernetes service role on or off for this process Enabled bool // ListenAddr is the address to listen on for incoming kubernetes requests. // Optional. ListenAddr *utils.NetAddr // PublicAddrs is a list of the public addresses the Teleport kubernetes // service can be reached by the proxy service. PublicAddrs []utils.NetAddr // KubeClusterName is the name of a kubernetes cluster this proxy is running // in. If empty, defaults to the Teleport cluster name. KubeClusterName string // KubeconfigPath is a path to kubeconfig KubeconfigPath string // Labels are used for RBAC on clusters. StaticLabels map[string]string DynamicLabels services.CommandLabels // Limiter limits the connection and request rates. Limiter limiter.Config // CheckImpersonationPermissions is an optional override to the default // impersonation permissions check, for use in testing. CheckImpersonationPermissions proxy.ImpersonationPermissionsChecker // ResourceMatchers match dynamic kube_cluster resources. ResourceMatchers []services.ResourceMatcher }
KubeConfig specifies configuration for kubernetes service
type KubeProxyConfig ¶
type KubeProxyConfig struct { // Enabled turns kubernetes proxy role on or off for this process Enabled bool // ListenAddr is the address to listen on for incoming kubernetes requests. ListenAddr utils.NetAddr // ClusterOverride causes all traffic to go to a specific remote // cluster, used only in tests ClusterOverride string // PublicAddrs is a list of the public addresses the Teleport Kube proxy can be accessed by, // it also affects the host principals and routing logic PublicAddrs []utils.NetAddr // KubeconfigPath is a path to kubeconfig KubeconfigPath string // LegacyKubeProxy specifies that this proxy was configured using the // legacy kubernetes section. LegacyKubeProxy bool }
KubeProxyConfig specifies configuration for proxy service
type LDAPConfig ¶
type LDAPConfig struct { // Addr is the address:port of the LDAP server (typically port 389). Addr string // Domain is the ActiveDirectory domain name. Domain string // Username for LDAP authentication. Username string // InsecureSkipVerify decides whether whether we skip verifying with the LDAP server's CA when making the LDAPS connection. InsecureSkipVerify bool // ServerName is the name of the LDAP server for TLS. ServerName string // CA is an optional CA cert to be used for verification if InsecureSkipVerify is set to false. CA *x509.Certificate }
LDAPConfig is the LDAP connection parameters.
type LDAPDiscoveryConfig ¶
type LDAPDiscoveryConfig struct { // BaseDN is the base DN to search for desktops. // Use the value '*' to search from the root of the domain, // or leave blank to disable desktop discovery. BaseDN string `yaml:"base_dn"` // Filters are additional LDAP filters to apply to the search. // See: https://ldap.com/ldap-filters/ Filters []string `yaml:"filters"` // LabelAttributes are LDAP attributes to apply to hosts discovered // via LDAP. Teleport labels hosts by prefixing the attribute with // "ldap/" - for example, a value of "location" here would result in // discovered desktops having a label with key "ldap/location" and // the value being the value of the "location" attribute. LabelAttributes []string `yaml:"label_attributes"` }
type ListenerType ¶
type ListenerType string
ListenerType identifies different registered listeners in process.registeredListeners.
type LocalService ¶
type LocalService struct { // Function is a function to call Function Func // ServiceName is a service name ServiceName string // Critical is set to true // when the service is critical and program can't continue // without it Critical bool }
LocalService is a locally defined service
func (*LocalService) IsCritical ¶
func (l *LocalService) IsCritical() bool
IsCritical returns true if the service is critical and program can't continue without it
func (*LocalService) String ¶
func (l *LocalService) String() string
String returns user-friendly service name
type LocalSupervisor ¶
LocalSupervisor is a Teleport's implementation of the Supervisor interface.
func (*LocalSupervisor) BroadcastEvent ¶
func (s *LocalSupervisor) BroadcastEvent(event Event)
BroadcastEvent generates event and broadcasts it to all subscribed parties.
func (*LocalSupervisor) ExitContext ¶
func (s *LocalSupervisor) ExitContext() context.Context
ExitContext returns context that will be closed when a hard TeleportExitEvent is broadcasted.
func (*LocalSupervisor) GracefulExitContext ¶
func (s *LocalSupervisor) GracefulExitContext() context.Context
GracefulExitContext returns context that will be closed when a hard or graceful TeleportExitEvent is broadcasted.
func (*LocalSupervisor) ListenForEvents ¶
func (s *LocalSupervisor) ListenForEvents(ctx context.Context, name string, eventC chan<- Event)
func (*LocalSupervisor) Register ¶
func (s *LocalSupervisor) Register(srv Service)
func (*LocalSupervisor) RegisterCriticalFunc ¶
func (s *LocalSupervisor) RegisterCriticalFunc(name string, fn Func)
RegisterCriticalFunc creates a critical service from function spec and registers it within the system, if this service exits with error, the process shuts down.
func (*LocalSupervisor) RegisterEventMapping ¶
func (s *LocalSupervisor) RegisterEventMapping(m EventMapping)
RegisterEventMapping registers event mapping - when the sequence in the event mapping triggers, the outbound event will be generated.
func (*LocalSupervisor) RegisterFunc ¶
func (s *LocalSupervisor) RegisterFunc(name string, fn Func)
RegisterFunc creates a service from function spec and registers it within the system
func (*LocalSupervisor) ReloadContext ¶
func (s *LocalSupervisor) ReloadContext() context.Context
ReloadContext returns context that will be closed when TeleportReloadEvent is broadcasted.
func (*LocalSupervisor) RemoveService ¶
func (s *LocalSupervisor) RemoveService(srv Service) error
RemoveService removes service from supervisor tracking list
func (*LocalSupervisor) Run ¶
func (s *LocalSupervisor) Run() error
func (*LocalSupervisor) ServiceCount ¶
func (s *LocalSupervisor) ServiceCount() int
ServiceCount returns the number of registered and actively running services
func (*LocalSupervisor) Services ¶
func (s *LocalSupervisor) Services() []string
func (*LocalSupervisor) Start ¶
func (s *LocalSupervisor) Start() error
func (*LocalSupervisor) Wait ¶
func (s *LocalSupervisor) Wait() error
func (*LocalSupervisor) WaitForEvent ¶
func (*LocalSupervisor) WaitForEventTimeout ¶
type MetricsConfig ¶
type MetricsConfig struct { // Enabled turns the metrics service role on or off for this process Enabled bool // ListenAddr is the address to listen on for incoming metrics requests. // Optional. ListenAddr *utils.NetAddr // MTLS turns mTLS on the metrics service on or off MTLS bool // KeyPairs are the key and certificate pairs that the metrics service will // use for mTLS. // Used in conjunction with MTLS = true KeyPairs []KeyPairPath // CACerts are prometheus ca certs // use for mTLS. // Used in conjunction with MTLS = true CACerts []string // GRPCServerLatency enables histogram metrics for each grpc endpoint on the auth server GRPCServerLatency bool // GRPCServerLatency enables histogram metrics for each grpc endpoint on the auth server GRPCClientLatency bool }
MetricsConfig specifies configuration for the metrics service
type MySQLOptions ¶
type MySQLOptions struct { // ServerVersion is the version reported by Teleport DB Proxy on initial handshake. ServerVersion string }
MySQLOptions are additional MySQL options.
type NewProcess ¶
NewProcess is a function that creates new teleport from config
type NewTeleportOption ¶
type NewTeleportOption func(*newTeleportConfig)
func WithIMDSClient ¶
func WithIMDSClient(client cloud.InstanceMetadata) NewTeleportOption
WithIMDSClient provides NewTeleport with a custom EC2 instance metadata client.
type Process ¶
type Process interface { // Closer closes all resources used by the process io.Closer // Start starts the process in a non-blocking way Start() error // WaitForSignals waits for and handles system process signals. WaitForSignals(context.Context) error // ExportFileDescriptors exports service listeners // file descriptors used by the process. ExportFileDescriptors() ([]FileDescriptor, error) // Shutdown starts graceful shutdown of the process, // blocks until all resources are freed and go-routines are // shut down. Shutdown(context.Context) // WaitForEvent waits for one event with the specified name (returns the // latest such event if at least one has been broadcasted already, ignoring // the context). Returns an error if the context is canceled before an event // is received. WaitForEvent(ctx context.Context, name string) (Event, error) // WaitWithContext waits for the service to stop. This is a blocking // function. WaitWithContext(ctx context.Context) }
Process is a interface for processes
type ProxyConfig ¶
type ProxyConfig struct { // Enabled turns proxy role on or off for this process Enabled bool // DisableTLS is enabled if we don't want self-signed certs DisableTLS bool // DisableWebInterface allows turning off serving the Web UI interface DisableWebInterface bool // DisableWebService turns off serving web service completely, including web UI DisableWebService bool // DisableReverseTunnel disables reverse tunnel on the proxy DisableReverseTunnel bool // DisableDatabaseProxy disables database access proxy listener DisableDatabaseProxy bool // ReverseTunnelListenAddr is address where reverse tunnel dialers connect to ReverseTunnelListenAddr utils.NetAddr // EnableProxyProtocol enables proxy protocol support EnableProxyProtocol bool // WebAddr is address for web portal of the proxy WebAddr utils.NetAddr // SSHAddr is address of ssh proxy SSHAddr utils.NetAddr // MySQLAddr is address of MySQL proxy. MySQLAddr utils.NetAddr // PostgresAddr is address of Postgres proxy. PostgresAddr utils.NetAddr // MongoAddr is address of Mongo proxy. MongoAddr utils.NetAddr // PeerAddr is the proxy peering address. PeerAddr utils.NetAddr // PeerPublicAddr is the public address the proxy advertises for proxy // peering clients. PeerPublicAddr utils.NetAddr Limiter limiter.Config // PublicAddrs is a list of the public addresses the proxy advertises // for the HTTP endpoint. The hosts in PublicAddr are included in the // list of host principals on the TLS and SSH certificate. PublicAddrs []utils.NetAddr // SSHPublicAddrs is a list of the public addresses the proxy advertises // for the SSH endpoint. The hosts in PublicAddr are included in the // list of host principals on the TLS and SSH certificate. SSHPublicAddrs []utils.NetAddr // TunnelPublicAddrs is a list of the public addresses the proxy advertises // for the tunnel endpoint. The hosts in PublicAddr are included in the // list of host principals on the TLS and SSH certificate. TunnelPublicAddrs []utils.NetAddr // PostgresPublicAddrs is a list of the public addresses the proxy // advertises for Postgres clients. PostgresPublicAddrs []utils.NetAddr // MySQLPublicAddrs is a list of the public addresses the proxy // advertises for MySQL clients. MySQLPublicAddrs []utils.NetAddr // MongoPublicAddrs is a list of the public addresses the proxy // advertises for Mongo clients. MongoPublicAddrs []utils.NetAddr // Kube specifies kubernetes proxy configuration Kube KubeProxyConfig // KeyPairs are the key and certificate pairs that the proxy will load. KeyPairs []KeyPairPath // ACME is ACME protocol support config ACME ACME // DisableALPNSNIListener allows turning off the ALPN Proxy listener. Used in tests. DisableALPNSNIListener bool }
ProxyConfig specifies configuration for proxy service
func (ProxyConfig) KubeAddr ¶
func (c ProxyConfig) KubeAddr() (string, error)
KubeAddr returns the address for the Kubernetes endpoint on this proxy that can be reached by clients.
type Rate ¶
Rate describes a rate ratio, i.e. the number of "events" that happen over some unit time period
type Rewrite ¶
type Rewrite struct { // Redirect is a list of hosts that should be rewritten to the public address. Redirect []string // Headers is a list of extra headers to inject in the request. Headers []Header }
Rewrite is a list of rewriting rules to apply to requests and responses.
type RoleConfig ¶
type RoleConfig struct { DataDir string HostUUID string HostName string AuthServers []utils.NetAddr Auth AuthConfig Console io.Writer }
RoleConfig is a configuration for a server role (either proxy or node)
type SSHConfig ¶
type SSHConfig struct { Enabled bool Addr utils.NetAddr Namespace string Shell string Limiter limiter.Config Labels map[string]string CmdLabels services.CommandLabels PermitUserEnvironment bool // PAM holds PAM configuration for Teleport. PAM *pam.Config // PublicAddrs affects the SSH host principals and DNS names added to the SSH and TLS certs. PublicAddrs []utils.NetAddr // BPF holds BPF configuration for Teleport. BPF *bpf.Config // RestrictedSession holds kernel objects restrictions for Teleport. RestrictedSession *restricted.Config // AllowTCPForwarding indicates that TCP port forwarding is allowed on this node AllowTCPForwarding bool // IdleTimeoutMessage is sent to the client when a session expires due to // the inactivity timeout expiring. The empty string indicates that no // timeout message will be sent. IdleTimeoutMessage string // X11 holds x11 forwarding configuration for Teleport. X11 *x11.ServerConfig // AllowFileCopying indicates whether this node is allowed to handle // remote file operations via SCP or SFTP. AllowFileCopying bool // DisableCreateHostUser disables automatic user provisioning on this // SSH node. DisableCreateHostUser bool }
SSHConfig configures SSH server node role
type Service ¶
type Service interface { // Serve starts the function Serve() error // String returns user-friendly description of service String() string // Name returns service name Name() string // IsCritical returns true if the service is critical // and program can't continue without it IsCritical() bool }
Service is a running teleport service function
type Supervisor ¶
type Supervisor interface { // Register adds the service to the pool, if supervisor is in // the started state, the service will be started immediately // otherwise, it will be started after Start() has been called Register(srv Service) // RegisterFunc creates a service from function spec and registers // it within the system RegisterFunc(name string, fn Func) // RegisterCriticalFunc creates a critical service from function spec and registers // it within the system, if this service exits with error, // the process shuts down. RegisterCriticalFunc(name string, fn Func) // ServiceCount returns the number of registered and actively running // services ServiceCount() int // Start starts all unstarted services Start() error // Wait waits until all services exit Wait() error // Run starts and waits for the service to complete // it's a combinatioin Start() and Wait() Run() error // Services returns list of running services Services() []string // BroadcastEvent generates event and broadcasts it to all // subscribed parties. BroadcastEvent(Event) // WaitForEvent waits for one event with the specified name (returns the // latest such event if at least one has been broadcasted already, ignoring // the context). Returns an error if the context is canceled before an event // is received. WaitForEvent(ctx context.Context, name string) (Event, error) // WaitForEventTimeout waits for one event with the specified name (returns the // latest such event if at least one has been broadcasted already). Returns // an error if the timeout triggers before an event is received. WaitForEventTimeout(timeout time.Duration, name string) (Event, error) // ListenForEvents arranges for eventC to receive events with the specified // name; if the event was already broadcasted, eventC will receive the latest // value immediately. The broadcasting will stop when the context is done. ListenForEvents(ctx context.Context, name string, eventC chan<- Event) // RegisterEventMapping registers event mapping - // when the sequence in the event mapping triggers, the // outbound event will be generated. RegisterEventMapping(EventMapping) // ExitContext returns context that will be closed when // a hard TeleportExitEvent is broadcasted. ExitContext() context.Context // GracefulExitContext returns context that will be closed when // a graceful or hard TeleportExitEvent is broadcast. GracefulExitContext() context.Context // ReloadContext returns context that will be closed when // TeleportReloadEvent is broadcasted. ReloadContext() context.Context }
Supervisor implements the simple service logic - registering service functions and de-registering the service goroutines
func NewSupervisor ¶
func NewSupervisor(id string, parentLog logrus.FieldLogger) Supervisor
NewSupervisor returns new instance of initialized supervisor
type TLSMode ¶
type TLSMode string
TLSMode defines all possible database verification modes.
func (*TLSMode) CheckAndSetDefaults ¶
CheckAndSetDefaults check if TLSMode holds a correct value. If the value is not set VerifyFull is set as a default. BadParameter error is returned if value set is incorrect.
func (TLSMode) ToProto ¶
func (m TLSMode) ToProto() types.DatabaseTLSMode
ToProto returns a matching protobuf type or VerifyFull for empty value.
type TeleportProcess ¶
type TeleportProcess struct { Clock clockwork.Clock sync.Mutex Supervisor Config *Config // PluginsRegistry handles plugin registrations with Teleport services PluginRegistry plugin.Registry // identities of this process (credentials to auth sever, basically) Identities map[types.SystemRole]*auth.Identity // TracingProvider is the provider to be used for exporting traces. In the event // that tracing is disabled this will be a no-op provider that drops all spans. TracingProvider *tracing.Provider // contains filtered or unexported fields }
TeleportProcess structure holds the state of the Teleport daemon, controlling execution and configuration of the teleport services: ssh, auth and proxy.
func NewTeleport ¶
func NewTeleport(cfg *Config, opts ...NewTeleportOption) (*TeleportProcess, error)
NewTeleport takes the daemon configuration, instantiates all required services and starts them under a supervisor, returning the supervisor object.
func (*TeleportProcess) AuthAddr ¶
func (process *TeleportProcess) AuthAddr() (*utils.NetAddr, error)
AuthAddr returns auth server endpoint, if configured and started.
func (*TeleportProcess) Close ¶
func (process *TeleportProcess) Close() error
Close broadcasts close signals and exits immediately
func (*TeleportProcess) DiagnosticAddr ¶
func (process *TeleportProcess) DiagnosticAddr() (*utils.NetAddr, error)
DiagnosticAddr returns the diagnostic endpoint, if configured and started.
func (*TeleportProcess) ExportFileDescriptors ¶
func (process *TeleportProcess) ExportFileDescriptors() ([]FileDescriptor, error)
ExportFileDescriptors exports file descriptors to be passed to child process
func (*TeleportProcess) GetAuditLog ¶
func (process *TeleportProcess) GetAuditLog() events.IAuditLog
GetAuditLog returns the process' audit log
func (*TeleportProcess) GetAuthServer ¶
func (process *TeleportProcess) GetAuthServer() *auth.Server
GetAuthServer returns the process' auth server
func (*TeleportProcess) GetBackend ¶
func (process *TeleportProcess) GetBackend() backend.Backend
GetBackend returns the process' backend
func (*TeleportProcess) GetIdentity ¶
func (process *TeleportProcess) GetIdentity(role types.SystemRole) (i *auth.Identity, err error)
GetIdentity returns the process identity (credentials to the auth server) for a given teleport Role. A teleport process can have any combination of 3 roles: auth, node, proxy and they have their own identities
func (*TeleportProcess) NodeSSHAddr ¶
func (process *TeleportProcess) NodeSSHAddr() (*utils.NetAddr, error)
NodeSSHAddr returns the node SSH endpoint, if configured and started.
func (*TeleportProcess) OnExit ¶
func (process *TeleportProcess) OnExit(serviceName string, callback func(interface{}))
OnExit allows individual services to register a callback function which will be called when Teleport Process is asked to exit. Usually services terminate themselves when the callback is called
func (*TeleportProcess) ProxyKubeAddr ¶
func (process *TeleportProcess) ProxyKubeAddr() (*utils.NetAddr, error)
ProxyKubeAddr returns the proxy kubernetes endpoint, if configured and started.
func (*TeleportProcess) ProxyPeerAddr ¶
func (process *TeleportProcess) ProxyPeerAddr() (*utils.NetAddr, error)
ProxyTunnelAddr returns the proxy peer address, if configured and started.
func (*TeleportProcess) ProxySSHAddr ¶
func (process *TeleportProcess) ProxySSHAddr() (*utils.NetAddr, error)
ProxySSHAddr returns the proxy SSH endpoint, if configured and started.
func (*TeleportProcess) ProxyTunnelAddr ¶
func (process *TeleportProcess) ProxyTunnelAddr() (*utils.NetAddr, error)
ProxyTunnelAddr returns the proxy reverse tunnel endpoint, if configured and started.
func (*TeleportProcess) ProxyWebAddr ¶
func (process *TeleportProcess) ProxyWebAddr() (*utils.NetAddr, error)
ProxyWebAddr returns the proxy web interface endpoint, if configured and started.
func (*TeleportProcess) Shutdown ¶
func (process *TeleportProcess) Shutdown(ctx context.Context)
Shutdown launches graceful shutdown process and waits for it to complete
func (*TeleportProcess) StartShutdown ¶
func (process *TeleportProcess) StartShutdown(ctx context.Context) context.Context
StartShutdown launches non-blocking graceful shutdown process that signals completion, returns context that will be closed once the shutdown is done
func (*TeleportProcess) WaitForSignals ¶
func (process *TeleportProcess) WaitForSignals(ctx context.Context) error
WaitForSignals waits for system signals and processes them. Should not be called twice by the process.
func (*TeleportProcess) WaitWithContext ¶
func (process *TeleportProcess) WaitWithContext(ctx context.Context)
WaitWithContext waits until all internal services stop.
type TracingConfig ¶
type TracingConfig struct { // Enabled turns the tracing service role on or off for this process. Enabled bool // ExporterURL is the OTLP exporter URL to send spans to. ExporterURL string // KeyPairs are the paths for key and certificate pairs that the tracing // service will use for outbound TLS connections. KeyPairs []KeyPairPath // CACerts are the paths to the CA certs used to validate the collector. CACerts []string // SamplingRate is the sampling rate for the exporter. // 1.0 will record and export all spans and 0.0 won't record any spans. SamplingRate float64 }
TracingConfig specifies the configuration for the tracing service
type WindowsDesktopConfig ¶
type WindowsDesktopConfig struct { Enabled bool // ListenAddr is the address to listed on for incoming desktop connections. ListenAddr utils.NetAddr // PublicAddrs is a list of advertised public addresses of the service. PublicAddrs []utils.NetAddr // LDAP is the LDAP connection parameters. LDAP LDAPConfig // Discovery configures automatic desktop discovery via LDAP. Discovery LDAPDiscoveryConfig // Hosts is an optional list of static Windows hosts to expose through this // service. Hosts []utils.NetAddr // ConnLimiter limits the connection and request rates. ConnLimiter limiter.Config // HostLabels specifies rules that are used to apply labels to Windows hosts. HostLabels HostLabelRules Labels map[string]string }
WindowsDesktopConfig specifies the configuration for the Windows Desktop Access service.