Versions in this module Expand all Collapse all v11 v11.3.3 Dec 13, 2022 Changes in this version + const AWSMatcherEC2 + const AWSMatcherElastiCache + const AWSMatcherMemoryDB + const AWSMatcherRDS + const AWSMatcherRDSProxy + const AWSMatcherRedshift + const AzureEngineMySQL + const AzureEnginePostgres + const AzureMatcherMySQL + const AzureMatcherPostgres + const AzureMatcherRedis + const Different + const Equal + const EventWatcherRemoved + const HostCertIdentifier + const ImpersonateRoleIdentifier + const ImpersonateUserIdentifier + const OnlyTimestampsDifferent + const RDSEngineAurora + const RDSEngineAuroraMySQL + const RDSEngineAuroraPostgres + const RDSEngineMariaDB + const RDSEngineModeGlobal + const RDSEngineModeMultiMaster + const RDSEngineModeParallelQuery + const RDSEngineModeProvisioned + const RDSEngineModeServerless + const RDSEngineMySQL + const RDSEnginePostgres + const ResourceIdentifier + const ResourceLabelsIdentifier + const ResourceNameIdentifier + const SSHSessionIdentifier + const SessionIdentifier + const SessionTrackerIdentifier + const UserIdentifier + var CertAuthorityTypeExpr = builder.Identifier(`system.catype()`) + var DefaultCertAuthorityRules = []types.Rule + var DefaultImplicitRules = []types.Rule + var ErrRequiresEnterprise = trace.AccessDenied("this feature requires Teleport Enterprise") + var ErrSessionMFARequired = trace.AccessDenied("access to resource requires MFA") + var ResourceNameExpr = builder.Identifier("resource.metadata.name") + var StrictLockingModeAccessDenied = trace.AccessDenied("preventive lock-out due to local lock view becoming unreliable") + func AccessRequestsToLockTargets(accessRequests []string) []types.LockTarget + func AcquireSemaphoreWithRetry(ctx context.Context, req AcquireSemaphoreWithRetryConfig) (*types.SemaphoreLease, error) + func AddDefaultAllowRules(role types.Role) types.Role + func ApplyAccessReview(req types.AccessRequest, rev types.AccessReview, author types.User) error + func ApplyTraits(r types.Role, traits map[string][]string) types.Role + func ApplyValueTraits(val string, traits map[string][]string) ([]string, error) + func CalculateAccessCapabilities(ctx context.Context, clt RequestValidatorGetter, ...) (*types.AccessCapabilities, error) + func CertAuthoritiesEquivalent(lhs, rhs types.CertAuthority) bool + func CertPool(ca types.CertAuthority) (*x509.CertPool, error) + func CertPoolFromCertAuthorities(cas []types.CertAuthority) (*x509.CertPool, int, error) + func CheckSAMLEntityDescriptor(entityDescriptor string) ([]*x509.Certificate, error) + func ClusterAuditConfigSpecFromObject(in interface{}) (*types.ClusterAuditConfigSpecV2, error) + func CompareResources(resA, resB types.Resource) int + func CompareRuleScore(r *types.Rule, o *types.Rule) bool + func CompareServers(a, b types.Resource) int + func ConvertGithubConnector(c types.GithubConnector) (*types.GithubConnectorV3, error) + func DowngradeRoleToV4(r *types.RoleV5) (*types.RoleV5, error) + func ExtraElastiCacheLabels(cluster *elasticache.ReplicationGroup, tags []*elasticache.Tag, ...) map[string]string + func ExtraMemoryDBLabels(cluster *memorydb.Cluster, tags []*memorydb.Tag, ...) map[string]string + func ExtractAllowedResourcesFromCert(cert *ssh.Certificate) ([]types.ResourceID, error) + func ExtractFromCertificate(cert *ssh.Certificate) ([]string, wrappers.Traits, error) + func ExtractFromIdentity(access UserGetter, identity tlsca.Identity) ([]string, wrappers.Traits, error) + func ExtractRolesFromCert(cert *ssh.Certificate) ([]string, error) + func ExtractTraitsFromCert(cert *ssh.Certificate) (wrappers.Traits, error) + func GetAccessRequest(ctx context.Context, acc DynamicAccess, reqID string) (types.AccessRequest, error) + func GetAttributeNames(attributes map[string]samltypes.Attribute) []string + func GetClaimNames(claims jose.Claims) []string + func GetJWTSigner(signer crypto.Signer, clusterName string, clock clockwork.Clock) (*jwt.Key, error) + func GetMySQLEngineVersion(labels map[string]string) string + func GetRedirectURL(conn types.OIDCConnector, proxyAddr string) (string, error) + func GetResourceMarshalerKinds() []string + func GetResourcesByResourceIDs(ctx context.Context, lister ResourceLister, resourceIDs []types.ResourceID, ...) ([]types.ResourceWithLabels, error) + func GetSAMLServiceProvider(sc types.SAMLConnector, clock clockwork.Clock) (*saml2.SAMLServiceProvider, error) + func GetSSHCheckingKeys(ca types.CertAuthority) [][]byte + func GetStringMapValue(mapVal, keyVal interface{}) (interface{}, error) + func GetTLSCerts(ca types.CertAuthority) [][]byte + func GetTraitMappings(cms []types.ClaimMapping) types.TraitMappingSet + func GuessProxyHostAndVersion(proxies []types.Server) (string, string, error) + func InitGithubConnector(c types.GithubConnector) (types.GithubConnector, error) + func IsElastiCacheClusterAvailable(cluster *elasticache.ReplicationGroup) bool + func IsElastiCacheClusterSupported(cluster *elasticache.ReplicationGroup) bool + func IsMemoryDBClusterAvailable(cluster *memorydb.Cluster) bool + func IsMemoryDBClusterSupported(cluster *memorydb.Cluster) bool + func IsRDSClusterAvailable(cluster *rds.DBCluster) bool + func IsRDSClusterSupported(cluster *rds.DBCluster) bool + func IsRDSInstanceAvailable(instance *rds.DBInstance) bool + func IsRDSInstanceSupported(instance *rds.DBInstance) bool + func IsRDSProxyAvailable(dbProxy *rds.DBProxy) bool + func IsRDSProxyCustomEndpointAvailable(customEndpoint *rds.DBProxyEndpoint) bool + func IsRecordAtProxy(mode string) bool + func IsRecordSync(mode string) bool + func IsRedshiftClusterAvailable(cluster *redshift.Cluster) bool + func LastFailed(x int, attempts []LoginAttempt) bool + func LatestTunnelConnection(conns []types.TunnelConnection) (types.TunnelConnection, error) + func LockInForceAccessDenied(lock types.Lock) error + func LockTargetsFromTLSIdentity(id tlsca.Identity) []types.LockTarget + func MapListResourcesResultToLeafResource(resource types.ResourceWithLabels, hint string) (types.ResourcesWithLabels, error) + func MapResourceKindToListResourcesType(kind string) string + func MapRoles(r types.RoleMap, remoteRoles []string) ([]string, error) + func MarshalAccessRequest(accessRequest types.AccessRequest, opts ...MarshalOption) ([]byte, error) + func MarshalApp(app types.Application, opts ...MarshalOption) ([]byte, error) + func MarshalAppServer(appServer types.AppServer, opts ...MarshalOption) ([]byte, error) + func MarshalAuthPreference(c types.AuthPreference, opts ...MarshalOption) ([]byte, error) + func MarshalCertAuthority(certAuthority types.CertAuthority, opts ...MarshalOption) ([]byte, error) + func MarshalCertRoles(roles []string) (string, error) + func MarshalClusterAuditConfig(auditConfig types.ClusterAuditConfig, opts ...MarshalOption) ([]byte, error) + func MarshalClusterName(clusterName types.ClusterName, opts ...MarshalOption) ([]byte, error) + func MarshalClusterNetworkingConfig(netConfig types.ClusterNetworkingConfig, opts ...MarshalOption) ([]byte, error) + func MarshalConnectionDiagnostic(s types.ConnectionDiagnostic, opts ...MarshalOption) ([]byte, error) + func MarshalDatabase(database types.Database, opts ...MarshalOption) ([]byte, error) + func MarshalDatabaseServer(databaseServer types.DatabaseServer, opts ...MarshalOption) ([]byte, error) + func MarshalGithubConnector(connector types.GithubConnector, opts ...MarshalOption) ([]byte, error) + func MarshalInstaller(installer types.Installer, opts ...MarshalOption) ([]byte, error) + func MarshalKubeCluster(kubeCluster types.KubeCluster, opts ...MarshalOption) ([]byte, error) + func MarshalKubeServer(kubeServer types.KubeServer, opts ...MarshalOption) ([]byte, error) + func MarshalLicense(license types.License, opts ...MarshalOption) ([]byte, error) + func MarshalLock(lock types.Lock, opts ...MarshalOption) ([]byte, error) + func MarshalNamespace(resource types.Namespace, opts ...MarshalOption) ([]byte, error) + func MarshalNetworkRestrictions(restrictions types.NetworkRestrictions, opts ...MarshalOption) ([]byte, error) + func MarshalOIDCConnector(oidcConnector types.OIDCConnector, opts ...MarshalOption) ([]byte, error) + func MarshalPluginData(pluginData types.PluginData, opts ...MarshalOption) ([]byte, error) + func MarshalProvisionToken(provisionToken types.ProvisionToken, opts ...MarshalOption) ([]byte, error) + func MarshalRemoteCluster(remoteCluster types.RemoteCluster, opts ...MarshalOption) ([]byte, error) + func MarshalResource(resource types.Resource, opts ...MarshalOption) ([]byte, error) + func MarshalReverseTunnel(reverseTunnel types.ReverseTunnel, opts ...MarshalOption) ([]byte, error) + func MarshalRole(role types.Role, opts ...MarshalOption) ([]byte, error) + func MarshalSAMLConnector(samlConnector types.SAMLConnector, opts ...MarshalOption) ([]byte, error) + func MarshalSemaphore(semaphore types.Semaphore, opts ...MarshalOption) ([]byte, error) + func MarshalServer(server types.Server, opts ...MarshalOption) ([]byte, error) + func MarshalServers(s []types.Server) ([]byte, error) + func MarshalSessionRecordingConfig(recConfig types.SessionRecordingConfig, opts ...MarshalOption) ([]byte, error) + func MarshalSessionTracker(session types.SessionTracker) ([]byte, error) + func MarshalStaticTokens(staticToken types.StaticTokens, opts ...MarshalOption) ([]byte, error) + func MarshalTrustedCluster(trustedCluster types.TrustedCluster, opts ...MarshalOption) ([]byte, error) + func MarshalTunnelConnection(tunnelConnection types.TunnelConnection, opts ...MarshalOption) ([]byte, error) + func MarshalUser(user types.User, opts ...MarshalOption) ([]byte, error) + func MarshalUserToken(token types.UserToken, opts ...MarshalOption) ([]byte, error) + func MarshalUserTokenSecrets(secrets types.UserTokenSecrets, opts ...MarshalOption) ([]byte, error) + func MarshalWebSession(webSession types.WebSession, opts ...MarshalOption) ([]byte, error) + func MarshalWebToken(webToken types.WebToken, opts ...MarshalOption) ([]byte, error) + func MarshalWindowsDesktop(s types.WindowsDesktop, opts ...MarshalOption) ([]byte, error) + func MarshalWindowsDesktopService(s types.WindowsDesktopService, opts ...MarshalOption) ([]byte, error) + func MatchAWSRoleARN(selectors []string, roleARN string) (bool, string) + func MatchDatabaseName(selectors []string, name string) (bool, string) + func MatchDatabaseUser(selectors []string, user string) (bool, string) + func MatchLabels(selector types.Labels, target map[string]string) (bool, string, error) + func MatchNamespace(selectors []string, namespace string) (bool, string) + func MatchResourceByFilters(resource types.ResourceWithLabels, filter MatchResourceFilter, ...) (bool, error) + func MatchResourceLabels(matchers []ResourceMatcher, resource types.ResourceWithLabels) bool + func MetadataFromElastiCacheCluster(cluster *elasticache.ReplicationGroup, endpointType string) (*types.AWS, error) + func MetadataFromMemoryDBCluster(cluster *memorydb.Cluster, endpointType string) (*types.AWS, error) + func MetadataFromRDSCluster(rdsCluster *rds.DBCluster) (*types.AWS, error) + func MetadataFromRDSInstance(rdsInstance *rds.DBInstance) (*types.AWS, error) + func MetadataFromRDSProxy(rdsProxy *rds.DBProxy) (*types.AWS, error) + func MetadataFromRDSProxyCustomEndpoint(rdsProxy *rds.DBProxy, customEndpoint *rds.DBProxyEndpoint) (*types.AWS, error) + func MetadataFromRedshiftCluster(cluster *redshift.Cluster) (*types.AWS, error) + func MustCreateProvisionToken(token string, roles types.SystemRoles, expires time.Time) types.ProvisionToken + func NewAccessRequest(user string, roles ...string) (types.AccessRequest, error) + func NewAccessRequestWithResources(user string, roles []string, resourceIDs []types.ResourceID) (types.AccessRequest, error) + func NewActionsParser(ctx RuleContext) (predicate.Parser, error) + func NewClusterNameWithRandomID(spec types.ClusterNameSpecV2) (types.ClusterName, error) + func NewDatabaseFromAzureRedis(server *armredis.ResourceInfo) (types.Database, error) + func NewDatabaseFromAzureRedisEnterprise(cluster *armredisenterprise.Cluster, database *armredisenterprise.Database) (types.Database, error) + func NewDatabaseFromAzureServer(server *azure.DBServer) (types.Database, error) + func NewDatabaseFromElastiCacheConfigurationEndpoint(cluster *elasticache.ReplicationGroup, extraLabels map[string]string) (types.Database, error) + func NewDatabaseFromMemoryDBCluster(cluster *memorydb.Cluster, extraLabels map[string]string) (types.Database, error) + func NewDatabaseFromRDSCluster(cluster *rds.DBCluster) (types.Database, error) + func NewDatabaseFromRDSClusterReaderEndpoint(cluster *rds.DBCluster) (types.Database, error) + func NewDatabaseFromRDSInstance(instance *rds.DBInstance) (types.Database, error) + func NewDatabaseFromRDSProxy(dbProxy *rds.DBProxy, port int64, tags []*rds.Tag) (types.Database, error) + func NewDatabaseFromRDSProxyCustomEndpoint(dbProxy *rds.DBProxy, customEndpoint *rds.DBProxyEndpoint, port int64, ...) (types.Database, error) + func NewDatabaseFromRedshiftCluster(cluster *redshift.Cluster) (types.Database, error) + func NewDatabasesFromElastiCacheNodeGroups(cluster *elasticache.ReplicationGroup, extraLabels map[string]string) (types.Databases, error) + func NewDatabasesFromRDSClusterCustomEndpoints(cluster *rds.DBCluster) (types.Databases, error) + func NewGithubConnector(name string, spec types.GithubConnectorSpecV3) (types.GithubConnector, error) + func NewImplicitRole() types.Role + func NewKubeClusterFromAWSEKS(cluster *eks.Cluster) (types.KubeCluster, error) + func NewKubeClusterFromAzureAKS(cluster *azure.AKSCluster) (types.KubeCluster, error) + func NewKubeClusterFromGCPGKE(cluster gcp.GKECluster) (types.KubeCluster, error) + func NewLogActionFn(ctx RuleContext) interface + func NewPresetAccessRole() types.Role + func NewPresetAuditorRole() types.Role + func NewPresetEditorRole() types.Role + func NewTOTPDevice(name, key string, addedAt time.Time) (*types.MFADevice, error) + func NewWhereParser(ctx RuleContext) (predicate.Parser, error) + func NodeHasMissedKeepAlives(s types.Server) bool + func OIDCClaimsToTraits(claims jose.Claims) map[string][]string + func ParseShortcut(in string) (string, error) + func RO() []string + func RW() []string + func ReadNoSecrets() []string + func RegisterGithubAuthConverter(convert GithubAuthConverter) + func RegisterGithubAuthCreator(creator GithubAuthCreator) + func RegisterGithubAuthInitializer(init GithubAuthInitializer) + func RegisterResourceMarshaler(kind string, marshaler ResourceMarshaler) + func RegisterResourceUnmarshaler(kind string, unmarshaler ResourceUnmarshaler) + func RoleForCertAuthority(ca types.CertAuthority) types.Role + func RoleForUser(u types.User) types.Role + func RoleFromSpec(name string, spec types.RoleSpecV5) (types.Role, error) + func RoleMapToString(r types.RoleMap) string + func RoleNameForCertAuthority(name string) string + func RoleNameForUser(name string) string + func RolesToLockTargets(roles []string) []types.LockTarget + func SAMLAssertionsToTraits(assertions saml2.AssertionInfo) map[string][]string + func TraitsToRoleMatchers(ms types.TraitMappingSet, traits map[string][]string) ([]parse.Matcher, error) + func TraitsToRoles(ms types.TraitMappingSet, traits map[string][]string) (warnings []string, roles []string) + func TunnelConnectionStatus(clock clockwork.Clock, conn types.TunnelConnection, ...) string + func UnmarshalAccessRequest(data []byte, opts ...MarshalOption) (types.AccessRequest, error) + func UnmarshalApp(data []byte, opts ...MarshalOption) (types.Application, error) + func UnmarshalAppServer(data []byte, opts ...MarshalOption) (types.AppServer, error) + func UnmarshalAuthPreference(bytes []byte, opts ...MarshalOption) (types.AuthPreference, error) + func UnmarshalCertAuthority(bytes []byte, opts ...MarshalOption) (types.CertAuthority, error) + func UnmarshalCertRoles(data string) ([]string, error) + func UnmarshalClusterAuditConfig(bytes []byte, opts ...MarshalOption) (types.ClusterAuditConfig, error) + func UnmarshalClusterName(bytes []byte, opts ...MarshalOption) (types.ClusterName, error) + func UnmarshalClusterNetworkingConfig(bytes []byte, opts ...MarshalOption) (types.ClusterNetworkingConfig, error) + func UnmarshalConnectionDiagnostic(data []byte, opts ...MarshalOption) (types.ConnectionDiagnostic, error) + func UnmarshalDatabase(data []byte, opts ...MarshalOption) (types.Database, error) + func UnmarshalDatabaseServer(data []byte, opts ...MarshalOption) (types.DatabaseServer, error) + func UnmarshalGithubConnector(bytes []byte) (types.GithubConnector, error) + func UnmarshalInstaller(data []byte, opts ...MarshalOption) (types.Installer, error) + func UnmarshalKubeCluster(data []byte, opts ...MarshalOption) (types.KubeCluster, error) + func UnmarshalKubeServer(data []byte, opts ...MarshalOption) (types.KubeServer, error) + func UnmarshalLicense(bytes []byte) (types.License, error) + func UnmarshalLock(bytes []byte, opts ...MarshalOption) (types.Lock, error) + func UnmarshalNamespace(data []byte, opts ...MarshalOption) (*types.Namespace, error) + func UnmarshalNetworkRestrictions(bytes []byte, opts ...MarshalOption) (types.NetworkRestrictions, error) + func UnmarshalOIDCConnector(bytes []byte, opts ...MarshalOption) (types.OIDCConnector, error) + func UnmarshalPluginData(raw []byte, opts ...MarshalOption) (types.PluginData, error) + func UnmarshalProvisionToken(data []byte, opts ...MarshalOption) (types.ProvisionToken, error) + func UnmarshalRemoteCluster(bytes []byte, opts ...MarshalOption) (types.RemoteCluster, error) + func UnmarshalResource(kind string, raw []byte, opts ...MarshalOption) (types.Resource, error) + func UnmarshalReverseTunnel(bytes []byte, opts ...MarshalOption) (types.ReverseTunnel, error) + func UnmarshalRole(bytes []byte, opts ...MarshalOption) (types.Role, error) + func UnmarshalSAMLConnector(bytes []byte, opts ...MarshalOption) (types.SAMLConnector, error) + func UnmarshalSemaphore(bytes []byte, opts ...MarshalOption) (types.Semaphore, error) + func UnmarshalServer(bytes []byte, kind string, opts ...MarshalOption) (types.Server, error) + func UnmarshalServers(bytes []byte) ([]types.Server, error) + func UnmarshalSessionRecordingConfig(bytes []byte, opts ...MarshalOption) (types.SessionRecordingConfig, error) + func UnmarshalSessionTracker(bytes []byte) (types.SessionTracker, error) + func UnmarshalStaticTokens(bytes []byte, opts ...MarshalOption) (types.StaticTokens, error) + func UnmarshalTrustedCluster(bytes []byte, opts ...MarshalOption) (types.TrustedCluster, error) + func UnmarshalTunnelConnection(data []byte, opts ...MarshalOption) (types.TunnelConnection, error) + func UnmarshalUser(bytes []byte, opts ...MarshalOption) (types.User, error) + func UnmarshalUserToken(bytes []byte, opts ...MarshalOption) (types.UserToken, error) + func UnmarshalUserTokenSecrets(bytes []byte, opts ...MarshalOption) (types.UserTokenSecrets, error) + func UnmarshalWebSession(bytes []byte, opts ...MarshalOption) (types.WebSession, error) + func UnmarshalWebToken(bytes []byte, opts ...MarshalOption) (types.WebToken, error) + func UnmarshalWindowsDesktop(data []byte, opts ...MarshalOption) (types.WindowsDesktop, error) + func UnmarshalWindowsDesktopService(data []byte, opts ...MarshalOption) (types.WindowsDesktopService, error) + func UsersEquals(u types.User, other types.User) bool + func ValidateAccessPredicates(role types.Role) error + func ValidateAccessRequest(ar types.AccessRequest) error + func ValidateAccessRequestForUser(ctx context.Context, getter RequestValidatorGetter, req types.AccessRequest, ...) error + func ValidateCertAuthority(ca types.CertAuthority) (err error) + func ValidateDatabase(db types.Database) error + func ValidateLocalAuthSecrets(l *types.LocalAuthSecrets) error + func ValidateNetworkRestrictions(nr *types.NetworkRestrictionsV4) error + func ValidateReverseTunnel(rt types.ReverseTunnel) error + func ValidateRole(r types.Role) error + func ValidateRoleName(role types.Role) error + func ValidateSAMLConnector(sc types.SAMLConnector, rg RoleGetter) error + func ValidateTrustedCluster(tc types.TrustedCluster, allowEmptyRolesOpts ...bool) error + func ValidateUser(u types.User) error + func ValidateUserRoles(ctx context.Context, u types.User, roleGetter RoleGetter) error + func VerifyPassword(password []byte) error + type AWSMatcher struct + Params InstallerParams + Regions []string + SSM *AWSSSM + Tags types.Labels + Types []string + type AWSRoleARNMatcher struct + RoleARN string + func (m *AWSRoleARNMatcher) Match(role types.Role, condition types.RoleConditionType) (bool, error) + func (m *AWSRoleARNMatcher) String() string + type AWSSSM struct + DocumentName string + type Access interface + CreateRole func(ctx context.Context, role types.Role) error + DeleteAllLocks func(context.Context) error + DeleteAllRoles func() error + DeleteLock func(context.Context, string) error + DeleteRole func(ctx context.Context, name string) error + GetRole func(ctx context.Context, name string) (types.Role, error) + GetRoles func(ctx context.Context) ([]types.Role, error) + ReplaceRemoteLocks func(ctx context.Context, clusterName string, locks []types.Lock) error + UpsertLock func(context.Context, types.Lock) error + UpsertRole func(ctx context.Context, role types.Role) error + type AccessCheckable interface + GetAllLabels func() map[string]string + GetKind func() string + GetMetadata func() types.Metadata + GetName func() string + type AccessChecker interface + AdjustClientIdleTimeout func(ttl time.Duration) time.Duration + AdjustDisconnectExpiredCert func(disconnect bool) bool + AdjustSessionTTL func(ttl time.Duration) time.Duration + CanCopyFiles func() bool + CanForwardAgents func() bool + CanImpersonateSomeone func() bool + CanPortForward func() bool + CertificateExtensions func() []*types.CertExtension + CertificateFormat func() string + CheckAWSRoleARNs func(ttl time.Duration, overrideTTL bool) ([]string, error) + CheckAccess func(r AccessCheckable, mfa AccessMFAParams, matchers ...RoleMatcher) error + CheckAccessToRemoteCluster func(cluster types.RemoteCluster) error + CheckAccessToRule func(context RuleContext, namespace string, rule string, verb string, silent bool) error + CheckAgentForward func(login string) error + CheckDatabaseNamesAndUsers func(ttl time.Duration, overrideTTL bool) (names []string, users []string, err error) + CheckImpersonate func(currentUser, impersonateUser types.User, impersonateRoles []types.Role) error + CheckImpersonateRoles func(currentUser types.User, impersonateRoles []types.Role) error + CheckKubeGroupsAndUsers func(ttl time.Duration, overrideTTL bool, matchers ...RoleMatcher) (groups []string, users []string, err error) + CheckLoginDuration func(ttl time.Duration) ([]string, error) + DesktopClipboard func() bool + DesktopDirectorySharing func() bool + EnhancedRecordingSet func() map[string]bool + ExtractConditionForIdentifier func(ctx RuleContext, namespace, resource, verb, identifier string) (*types.WhereExpr, error) + GetAllLogins func() []string + GetAllowedPreviewAsRoles func() []string + GetAllowedResourceIDs func() []types.ResourceID + GetAllowedSearchAsRoles func() []string + HasRole func(role string) bool + HostUsers func(types.Server) (*HostUsersInfo, error) + LockingMode func(defaultMode constants.LockingMode) constants.LockingMode + MFAParams func(authPrefMFARequirement types.RequireMFAType) AccessMFAParams + MaxConnections func() int64 + MaxSessions func() int64 + MaybeCanReviewRequests func() bool + PermitX11Forwarding func() bool + PinSourceIP func() bool + PrivateKeyPolicy func(defaultPolicy keys.PrivateKeyPolicy) keys.PrivateKeyPolicy + RecordDesktopSession func() bool + RoleNames func() []string + Roles func() []types.Role + SessionPolicySets func() []*types.SessionTrackerPolicySet + SessionRecordingMode func(service constants.SessionRecordingService) constants.SessionRecordingMode + func NewAccessChecker(info *AccessInfo, localCluster string, access RoleGetter) (AccessChecker, error) + func NewAccessCheckerWithRoleSet(info *AccessInfo, localCluster string, roleSet RoleSet) AccessChecker + type AccessInfo struct + AllowedResourceIDs []types.ResourceID + Roles []string + Traits wrappers.Traits + func AccessInfoFromLocalCertificate(cert *ssh.Certificate) (*AccessInfo, error) + func AccessInfoFromLocalIdentity(identity tlsca.Identity, access UserGetter) (*AccessInfo, error) + func AccessInfoFromRemoteCertificate(cert *ssh.Certificate, roleMap types.RoleMap) (*AccessInfo, error) + func AccessInfoFromRemoteIdentity(identity tlsca.Identity, roleMap types.RoleMap) (*AccessInfo, error) + func AccessInfoFromUser(user types.User) *AccessInfo + type AccessMFAParams struct + Required MFARequired + Verified bool + type AcquireSemaphoreWithRetryConfig struct + Request types.AcquireSemaphoreRequest + Retry retryutils.LinearConfig + Service types.Semaphores + type AppGetter interface + GetApp func(ctx context.Context, name string) (types.Application, error) + GetApps func(context.Context) ([]types.Application, error) + type AppSession interface + DeleteAllAppSessions func(context.Context) error + DeleteAppSession func(context.Context, types.DeleteAppSessionRequest) error + DeleteUserAppSessions func(ctx context.Context, req *proto.DeleteUserAppSessionsRequest) error + GetAppSession func(context.Context, types.GetAppSessionRequest) (types.WebSession, error) + GetAppSessions func(context.Context) ([]types.WebSession, error) + UpsertAppSession func(context.Context, types.WebSession) error + type AppWatcher struct + func NewAppWatcher(ctx context.Context, cfg AppWatcherConfig) (*AppWatcher, error) + func (p AppWatcher) Close() + func (p AppWatcher) Done() <-chan struct{} + func (p AppWatcher) IsInitialized() bool + func (p AppWatcher) WaitInitialization() error + type AppWatcherConfig struct + AppsC chan types.Apps + func (cfg *AppWatcherConfig) CheckAndSetDefaults() error + type Apps interface + CreateApp func(context.Context, types.Application) error + DeleteAllApps func(context.Context) error + DeleteApp func(ctx context.Context, name string) error + UpdateApp func(context.Context, types.Application) error + type AuthorityGetter interface + GetCertAuthorities func(ctx context.Context, caType types.CertAuthType, loadKeys bool, ...) ([]types.CertAuthority, error) + GetCertAuthority func(ctx context.Context, id types.CertAuthID, loadKeys bool, opts ...MarshalOption) (types.CertAuthority, error) + type AzureMatcher struct + Regions []string + ResourceGroups []string + ResourceTags types.Labels + Subscriptions []string + Types []string + type BoolPredicateParser interface + EvalBoolPredicate func(string) (bool, error) + func NewJSONBoolParser(ctx interface{}) (BoolPredicateParser, error) + func NewResourceParser(resource types.ResourceWithLabels) (BoolPredicateParser, error) + type CertAuthorityWatcher struct + func NewCertAuthorityWatcher(ctx context.Context, cfg CertAuthorityWatcherConfig) (*CertAuthorityWatcher, error) + func (c CertAuthorityWatcher) Subscribe(ctx context.Context, filter types.CertAuthorityFilter) (types.Watcher, error) + func (p CertAuthorityWatcher) Close() + func (p CertAuthorityWatcher) Done() <-chan struct{} + func (p CertAuthorityWatcher) IsInitialized() bool + func (p CertAuthorityWatcher) WaitInitialization() error + type CertAuthorityWatcherConfig struct + Types []types.CertAuthType + func (cfg *CertAuthorityWatcherConfig) CheckAndSetDefaults() error + type ChangePasswordReq struct + NewPassword []byte + OldPassword []byte + SecondFactorToken string + User string + WebauthnResponse *wanlib.CredentialAssertionResponse + type ClusterConfiguration interface + DeleteAllInstallers func(context.Context) error + DeleteAuthPreference func(ctx context.Context) error + DeleteClusterAuditConfig func(ctx context.Context) error + DeleteClusterName func() error + DeleteClusterNetworkingConfig func(ctx context.Context) error + DeleteInstaller func(ctx context.Context, name string) error + DeleteSessionRecordingConfig func(ctx context.Context) error + DeleteStaticTokens func() error + GetAuthPreference func(context.Context) (types.AuthPreference, error) + GetClusterAuditConfig func(context.Context, ...MarshalOption) (types.ClusterAuditConfig, error) + GetClusterName func(opts ...MarshalOption) (types.ClusterName, error) + GetClusterNetworkingConfig func(context.Context, ...MarshalOption) (types.ClusterNetworkingConfig, error) + GetInstaller func(ctx context.Context, name string) (types.Installer, error) + GetInstallers func(context.Context) ([]types.Installer, error) + GetSessionRecordingConfig func(context.Context, ...MarshalOption) (types.SessionRecordingConfig, error) + GetStaticTokens func() (types.StaticTokens, error) + SetAuthPreference func(context.Context, types.AuthPreference) error + SetClusterAuditConfig func(context.Context, types.ClusterAuditConfig) error + SetClusterName func(types.ClusterName) error + SetClusterNetworkingConfig func(context.Context, types.ClusterNetworkingConfig) error + SetInstaller func(context.Context, types.Installer) error + SetSessionRecordingConfig func(context.Context, types.SessionRecordingConfig) error + SetStaticTokens func(types.StaticTokens) error + UpsertClusterName func(types.ClusterName) error + type CommandLabels map[string]types.CommandLabel + func (c *CommandLabels) Clone() CommandLabels + func (c *CommandLabels) SetEnv(v string) error + type ConnectionDiagnosticTraceAppender interface + AppendDiagnosticTrace func(ctx context.Context, name string, t *types.ConnectionDiagnosticTrace) (types.ConnectionDiagnostic, error) + type ConnectionsDiagnostic interface + CreateConnectionDiagnostic func(context.Context, types.ConnectionDiagnostic) error + GetConnectionDiagnostic func(ctx context.Context, name string) (types.ConnectionDiagnostic, error) + UpdateConnectionDiagnostic func(context.Context, types.ConnectionDiagnostic) error + type Context struct + HostCert *HostCertContext + Resource types.Resource + SSHSession *session.Session + Session events.AuditEvent + SessionTracker types.SessionTracker + User types.User + func (ctx *Context) GetIdentifier(fields []string) (interface{}, error) + func (ctx *Context) GetResource() (types.Resource, error) + func (ctx *Context) String() string + type CurrentUserRoleGetter interface + GetCurrentUser func(context.Context) (types.User, error) + GetCurrentUserRoles func(context.Context) ([]types.Role, error) + type DatabaseGetter interface + GetDatabase func(ctx context.Context, name string) (types.Database, error) + GetDatabases func(context.Context) ([]types.Database, error) + type DatabaseNameMatcher struct + Name string + func (m *DatabaseNameMatcher) Match(role types.Role, condition types.RoleConditionType) (bool, error) + func (m *DatabaseNameMatcher) String() string + type DatabaseUserMatcher struct + User string + func (m *DatabaseUserMatcher) Match(role types.Role, condition types.RoleConditionType) (bool, error) + func (m *DatabaseUserMatcher) String() string + type DatabaseWatcher struct + func NewDatabaseWatcher(ctx context.Context, cfg DatabaseWatcherConfig) (*DatabaseWatcher, error) + func (p DatabaseWatcher) Close() + func (p DatabaseWatcher) Done() <-chan struct{} + func (p DatabaseWatcher) IsInitialized() bool + func (p DatabaseWatcher) WaitInitialization() error + type DatabaseWatcherConfig struct + DatabasesC chan types.Databases + func (cfg *DatabaseWatcherConfig) CheckAndSetDefaults() error + type Databases interface + CreateDatabase func(context.Context, types.Database) error + DeleteAllDatabases func(context.Context) error + DeleteDatabase func(ctx context.Context, name string) error + UpdateDatabase func(context.Context, types.Database) error + type DynamicAccess interface + SetAccessRequestState func(ctx context.Context, params types.AccessRequestUpdate) error + SubmitAccessReview func(ctx context.Context, params types.AccessReviewSubmission) (types.AccessRequest, error) + type DynamicAccessCore interface + CreateAccessRequest func(ctx context.Context, req types.AccessRequest) error + DeleteAccessRequest func(ctx context.Context, reqID string) error + GetAccessRequests func(ctx context.Context, filter types.AccessRequestFilter) ([]types.AccessRequest, error) + GetPluginData func(ctx context.Context, filter types.PluginDataFilter) ([]types.PluginData, error) + UpdatePluginData func(ctx context.Context, params types.PluginDataUpdateParams) error + type DynamicAccessExt interface + ApplyAccessReview func(ctx context.Context, params types.AccessReviewSubmission, ...) (types.AccessRequest, error) + DeleteAllAccessRequests func(ctx context.Context) error + SetAccessRequestState func(ctx context.Context, params types.AccessRequestUpdate) (types.AccessRequest, error) + UpsertAccessRequest func(ctx context.Context, req types.AccessRequest) error + type DynamicAccessOracle interface + GetAccessCapabilities func(ctx context.Context, req types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error) + type EmptyResource struct + Kind string + Metadata types.Metadata + SubKind string + Version string + func (r *EmptyResource) CheckAndSetDefaults() error + func (r *EmptyResource) Expiry() time.Time + func (r *EmptyResource) GetKind() string + func (r *EmptyResource) GetMetadata() types.Metadata + func (r *EmptyResource) GetName() string + func (r *EmptyResource) GetResourceID() int64 + func (r *EmptyResource) GetSubKind() string + func (r *EmptyResource) GetVersion() string + func (r *EmptyResource) SetExpiry(expires time.Time) + func (r *EmptyResource) SetName(s string) + func (r *EmptyResource) SetResourceID(id int64) + func (r *EmptyResource) SetSubKind(s string) + type Enforcer interface + GetLicenseCheckResult func(ctx context.Context) (*types.Heartbeat, error) + type EnumerationResult struct + func NewEnumerationResult() EnumerationResult + func (result *EnumerationResult) Allowed() []string + func (result *EnumerationResult) Denied() []string + func (result *EnumerationResult) WildcardAllowed() bool + func (result *EnumerationResult) WildcardDenied() bool + type Fanout struct + func NewFanout(eventsCh ...chan FanoutEvent) *Fanout + func (f *Fanout) Close() + func (f *Fanout) Emit(events ...types.Event) + func (f *Fanout) Len() int + func (f *Fanout) NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error) + func (f *Fanout) Reset() + func (f *Fanout) SetInit() + type FanoutEvent struct + Kind int + type FanoutSet struct + func NewFanoutSet() *FanoutSet + func (s *FanoutSet) Close() + func (s *FanoutSet) Emit(events ...types.Event) + func (s *FanoutSet) NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error) + func (s *FanoutSet) Reset() + func (s *FanoutSet) SetInit() + type GCPMatcher struct + Locations []string + ProjectIDs []string + Tags types.Labels + Types []string + type GithubAuthConverter func(types.GithubConnector) (*types.GithubConnectorV3, error) + type GithubAuthCreator func(string, types.GithubConnectorSpecV3) (types.GithubConnector, error) + type GithubAuthInitializer func(types.GithubConnector) (types.GithubConnector, error) + type HostCertContext struct + ClusterName string + HostID string + NodeName string + Principals []string + Role types.SystemRole + TTL time.Duration + type HostCertParams struct + CASigner ssh.Signer + ClusterName string + HostID string + NodeName string + Principals []string + PublicHostKey []byte + Role types.SystemRole + TTL time.Duration + func (c HostCertParams) Check() error + type HostUsersInfo struct + Groups []string + Sudoers []string + type Identity interface + AddUserLoginAttempt func(user string, attempt LoginAttempt, ttl time.Duration) error + CreateGithubAuthRequest func(ctx context.Context, req types.GithubAuthRequest) error + CreateOIDCAuthRequest func(ctx context.Context, req types.OIDCAuthRequest, ttl time.Duration) error + CreateSAMLAuthRequest func(ctx context.Context, req types.SAMLAuthRequest, ttl time.Duration) error + CreateSSODiagnosticInfo func(ctx context.Context, authKind string, authRequestID string, ...) error + CreateUser func(user types.User) error + CreateUserRecoveryAttempt func(ctx context.Context, user string, attempt *types.RecoveryAttempt) error + CreateUserToken func(ctx context.Context, token types.UserToken) (types.UserToken, error) + DeleteGithubConnector func(ctx context.Context, name string) error + DeleteGlobalWebauthnSessionData func(ctx context.Context, scope, id string) error + DeleteMFADevice func(ctx context.Context, user, id string) error + DeleteOIDCConnector func(ctx context.Context, connectorID string) error + DeleteSAMLConnector func(ctx context.Context, connectorID string) error + DeleteUserLoginAttempts func(user string) error + DeleteUserRecoveryAttempts func(ctx context.Context, user string) error + DeleteUserToken func(ctx context.Context, tokenID string) error + DeleteWebauthnSessionData func(ctx context.Context, user, sessionID string) error + GetGithubAuthRequest func(ctx context.Context, stateToken string) (*types.GithubAuthRequest, error) + GetGithubConnector func(ctx context.Context, name string, withSecrets bool) (types.GithubConnector, error) + GetGithubConnectors func(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error) + GetGlobalWebauthnSessionData func(ctx context.Context, scope, id string) (*wantypes.SessionData, error) + GetKeyAttestationData func(ctx context.Context, publicKey crypto.PublicKey) (*keys.AttestationData, error) + GetMFADevices func(ctx context.Context, user string, withSecrets bool) ([]*types.MFADevice, error) + GetOIDCAuthRequest func(ctx context.Context, stateToken string) (*types.OIDCAuthRequest, error) + GetOIDCConnector func(ctx context.Context, id string, withSecrets bool) (types.OIDCConnector, error) + GetOIDCConnectors func(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error) + GetPasswordHash func(user string) ([]byte, error) + GetRecoveryCodes func(ctx context.Context, user string, withSecrets bool) (*types.RecoveryCodesV1, error) + GetSAMLAuthRequest func(ctx context.Context, id string) (*types.SAMLAuthRequest, error) + GetSAMLConnector func(ctx context.Context, id string, withSecrets bool) (types.SAMLConnector, error) + GetSAMLConnectors func(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error) + GetSSODiagnosticInfo func(ctx context.Context, authKind string, authRequestID string) (*types.SSODiagnosticInfo, error) + GetTeleportUserByWebauthnID func(ctx context.Context, webID []byte) (string, error) + GetUsedTOTPToken func(user string) (string, error) + GetUserByGithubIdentity func(id types.ExternalIdentity) (types.User, error) + GetUserByOIDCIdentity func(id types.ExternalIdentity) (types.User, error) + GetUserBySAMLIdentity func(id types.ExternalIdentity) (types.User, error) + GetUserLoginAttempts func(user string) ([]LoginAttempt, error) + GetUserRecoveryAttempts func(ctx context.Context, user string) ([]*types.RecoveryAttempt, error) + GetUserToken func(ctx context.Context, tokenID string) (types.UserToken, error) + GetUserTokenSecrets func(ctx context.Context, tokenID string) (types.UserTokenSecrets, error) + GetUserTokens func(ctx context.Context) ([]types.UserToken, error) + GetWebauthnLocalAuth func(ctx context.Context, user string) (*types.WebauthnLocalAuth, error) + GetWebauthnSessionData func(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error) + UpsertGithubConnector func(ctx context.Context, connector types.GithubConnector) error + UpsertGlobalWebauthnSessionData func(ctx context.Context, scope, id string, sd *wantypes.SessionData) error + UpsertKeyAttestationData func(ctx context.Context, attestationData *keys.AttestationData, ttl time.Duration) error + UpsertMFADevice func(ctx context.Context, user string, d *types.MFADevice) error + UpsertOIDCConnector func(ctx context.Context, connector types.OIDCConnector) error + UpsertPassword func(user string, password []byte) error + UpsertPasswordHash func(user string, hash []byte) error + UpsertRecoveryCodes func(ctx context.Context, user string, recovery *types.RecoveryCodesV1) error + UpsertSAMLConnector func(ctx context.Context, connector types.SAMLConnector) error + UpsertUsedTOTPToken func(user string, otpToken string) error + UpsertUserTokenSecrets func(ctx context.Context, secrets types.UserTokenSecrets) error + UpsertWebauthnLocalAuth func(ctx context.Context, user string, wla *types.WebauthnLocalAuth) error + UpsertWebauthnSessionData func(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error + type InstallerParams struct + JoinMethod types.JoinMethod + JoinToken string + ScriptName string + type KubeClusterWatcher struct + func NewKubeClusterWatcher(ctx context.Context, cfg KubeClusterWatcherConfig) (*KubeClusterWatcher, error) + func (p KubeClusterWatcher) Close() + func (p KubeClusterWatcher) Done() <-chan struct{} + func (p KubeClusterWatcher) IsInitialized() bool + func (p KubeClusterWatcher) WaitInitialization() error + type KubeClusterWatcherConfig struct + KubeClustersC chan types.KubeClusters + func (cfg *KubeClusterWatcherConfig) CheckAndSetDefaults() error + type Kubernetes interface + CreateKubernetesCluster func(context.Context, types.KubeCluster) error + DeleteAllKubernetesClusters func(context.Context) error + DeleteKubernetesCluster func(ctx context.Context, name string) error + UpdateKubernetesCluster func(context.Context, types.KubeCluster) error + type KubernetesGetter interface + GetKubernetesCluster func(ctx context.Context, name string) (types.KubeCluster, error) + GetKubernetesClusters func(context.Context) ([]types.KubeCluster, error) + type ListResourcesRequestOption func(*proto.ListResourcesRequest) + type LockGetter interface + GetLock func(ctx context.Context, name string) (types.Lock, error) + GetLocks func(ctx context.Context, inForceOnly bool, targets ...types.LockTarget) ([]types.Lock, error) + type LockWatcher struct + func NewLockWatcher(ctx context.Context, cfg LockWatcherConfig) (*LockWatcher, error) + func (p LockWatcher) CheckLockInForce(mode constants.LockingMode, targets ...types.LockTarget) error + func (p LockWatcher) Close() + func (p LockWatcher) Done() <-chan struct{} + func (p LockWatcher) GetCurrent() []types.Lock + func (p LockWatcher) IsInitialized() bool + func (p LockWatcher) Subscribe(ctx context.Context, targets ...types.LockTarget) (types.Watcher, error) + func (p LockWatcher) WaitInitialization() error + type LockWatcherConfig struct + func (cfg *LockWatcherConfig) CheckAndSetDefaults() error + type LogAction struct + func (l *LogAction) Log(level, format string, args ...interface{}) predicate.BoolPredicate + type LoginAttempt struct + Success bool + Time time.Time + func (la *LoginAttempt) Check() error + type MFARequired string + const MFARequiredAlways + const MFARequiredNever + const MFARequiredPerRole + type MarshalConfig struct + Expires time.Time + ID int64 + PreserveResourceID bool + Version string + func CollectOptions(opts []MarshalOption) (*MarshalConfig, error) + func (m *MarshalConfig) GetVersion() string + type MarshalOption func(c *MarshalConfig) error + func AddOptions(opts []MarshalOption, add ...MarshalOption) []MarshalOption + func PreserveResourceID() MarshalOption + func WithExpires(expires time.Time) MarshalOption + func WithResourceID(id int64) MarshalOption + func WithVersion(v string) MarshalOption + type MatchResourceFilter struct + Labels map[string]string + PredicateExpression string + ResourceKind string + SearchKeywords []string + type Matcher func(types.ResourceWithLabels) bool + type Node interface + GetAddr func() string + GetCmdLabels func() map[string]types.CommandLabel + GetHostname func() string + GetNamespace func() string + GetProxyIDs func() []string + GetPublicAddr func() string + GetRotation func() types.Rotation + GetTeleportVersion func() string + GetUseTunnel func() bool + type NodeWatcher struct + func NewNodeWatcher(ctx context.Context, cfg NodeWatcherConfig) (*NodeWatcher, error) + func (n NodeWatcher) GetNodes(fn func(n Node) bool) []types.Server + func (n NodeWatcher) NodeCount() int + func (p NodeWatcher) Close() + func (p NodeWatcher) Done() <-chan struct{} + func (p NodeWatcher) IsInitialized() bool + func (p NodeWatcher) WaitInitialization() error + type NodeWatcherConfig struct + func (cfg *NodeWatcherConfig) CheckAndSetDefaults() error + type NodesGetter interface + GetNodes func(ctx context.Context, namespace string) ([]types.Server, error) + type Presence interface + CreateRemoteCluster func(types.RemoteCluster) error + DeleteAllApplicationServers func(context.Context, string) error + DeleteAllAuthServers func() error + DeleteAllDatabaseServers func(context.Context, string) error + DeleteAllKubeServices func(context.Context) error + DeleteAllKubernetesServers func(context.Context) error + DeleteAllNamespaces func() error + DeleteAllNodes func(ctx context.Context, namespace string) error + DeleteAllProxies func() error + DeleteAllRemoteClusters func() error + DeleteAllReverseTunnels func() error + DeleteAllTunnelConnections func() error + DeleteAllWindowsDesktopServices func(context.Context) error + DeleteApplicationServer func(ctx context.Context, namespace, hostID, name string) error + DeleteAuthServer func(name string) error + DeleteDatabaseServer func(ctx context.Context, namespace, hostID, name string) error + DeleteKubeService func(ctx context.Context, name string) error + DeleteKubernetesServer func(ctx context.Context, hostID, name string) error + DeleteNamespace func(name string) error + DeleteNode func(ctx context.Context, namespace, name string) error + DeleteProxy func(name string) error + DeleteRemoteCluster func(clusterName string) error + DeleteReverseTunnel func(domainName string) error + DeleteTrustedCluster func(ctx context.Context, name string) error + DeleteTunnelConnection func(clusterName string, connName string) error + DeleteTunnelConnections func(clusterName string) error + DeleteWindowsDesktopService func(ctx context.Context, name string) error + GetAllTunnelConnections func(opts ...MarshalOption) ([]types.TunnelConnection, error) + GetApplicationServers func(context.Context, string) ([]types.AppServer, error) + GetAuthServers func() ([]types.Server, error) + GetDatabaseServers func(context.Context, string, ...MarshalOption) ([]types.DatabaseServer, error) + GetKubeServices func(context.Context) ([]types.Server, error) + GetKubernetesServers func(context.Context) ([]types.KubeServer, error) + GetNamespace func(name string) (*types.Namespace, error) + GetNamespaces func() ([]types.Namespace, error) + GetNode func(ctx context.Context, namespace, name string) (types.Server, error) + GetRemoteCluster func(clusterName string) (types.RemoteCluster, error) + GetRemoteClusters func(opts ...MarshalOption) ([]types.RemoteCluster, error) + GetReverseTunnel func(name string, opts ...MarshalOption) (types.ReverseTunnel, error) + GetReverseTunnels func(ctx context.Context, opts ...MarshalOption) ([]types.ReverseTunnel, error) + GetTrustedCluster func(ctx context.Context, name string) (types.TrustedCluster, error) + GetTrustedClusters func(ctx context.Context) ([]types.TrustedCluster, error) + GetTunnelConnections func(clusterName string, opts ...MarshalOption) ([]types.TunnelConnection, error) + GetWindowsDesktopService func(ctx context.Context, name string) (types.WindowsDesktopService, error) + GetWindowsDesktopServices func(context.Context) ([]types.WindowsDesktopService, error) + KeepAliveNode func(ctx context.Context, h types.KeepAlive) error + KeepAliveServer func(ctx context.Context, h types.KeepAlive) error + ListResources func(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error) + UpdateRemoteCluster func(ctx context.Context, rc types.RemoteCluster) error + UpsertApplicationServer func(context.Context, types.AppServer) (*types.KeepAlive, error) + UpsertAuthServer func(server types.Server) error + UpsertDatabaseServer func(context.Context, types.DatabaseServer) (*types.KeepAlive, error) + UpsertKubeService func(context.Context, types.Server) error + UpsertKubeServiceV2 func(context.Context, types.Server) (*types.KeepAlive, error) + UpsertKubernetesServer func(context.Context, types.KubeServer) (*types.KeepAlive, error) + UpsertNamespace func(types.Namespace) error + UpsertNode func(ctx context.Context, server types.Server) (*types.KeepAlive, error) + UpsertProxy func(server types.Server) error + UpsertReverseTunnel func(tunnel types.ReverseTunnel) error + UpsertTrustedCluster func(ctx context.Context, tc types.TrustedCluster) (types.TrustedCluster, error) + UpsertTunnelConnection func(types.TunnelConnection) error + UpsertWindowsDesktopService func(context.Context, types.WindowsDesktopService) (*types.KeepAlive, error) + type Provisioner interface + CreateToken func(ctx context.Context, token types.ProvisionToken) error + DeleteAllTokens func() error + DeleteToken func(ctx context.Context, token string) error + GetToken func(ctx context.Context, token string) (types.ProvisionToken, error) + GetTokens func(ctx context.Context) ([]types.ProvisionToken, error) + UpsertToken func(ctx context.Context, token types.ProvisionToken) error + type ProxyGetter interface + GetProxies func() ([]types.Server, error) + type ProxyWatcher struct + func NewProxyWatcher(ctx context.Context, cfg ProxyWatcherConfig) (*ProxyWatcher, error) + func (p ProxyWatcher) Close() + func (p ProxyWatcher) Done() <-chan struct{} + func (p ProxyWatcher) GetCurrent() []types.Server + func (p ProxyWatcher) IsInitialized() bool + func (p ProxyWatcher) WaitInitialization() error + type ProxyWatcherConfig struct + ProxiesC chan []types.Server + ProxyDiffer func(old, new types.Server) bool + func (cfg *ProxyWatcherConfig) CheckAndSetDefaults() error + type RDSEndpointType string + const RDSEndpointTypeCustom + const RDSEndpointTypeInstance + const RDSEndpointTypePrimary + const RDSEndpointTypeReader + type Reconciler struct + func NewReconciler(cfg ReconcilerConfig) (*Reconciler, error) + func (r *Reconciler) Reconcile(ctx context.Context) error + type ReconcilerConfig struct + GetCurrentResources func() types.ResourcesWithLabelsMap + GetNewResources func() types.ResourcesWithLabelsMap + Log logrus.FieldLogger + Matcher Matcher + OnCreate func(context.Context, types.ResourceWithLabels) error + OnDelete func(context.Context, types.ResourceWithLabels) error + OnUpdate func(context.Context, types.ResourceWithLabels) error + func (c *ReconcilerConfig) CheckAndSetDefaults() error + type Ref struct + Kind string + Name string + SubKind string + func ParseRef(ref string) (*Ref, error) + func (r *Ref) Set(v string) error + func (r *Ref) String() string + type Refs []Ref + func ParseRefs(refs string) (Refs, error) + func (r *Refs) IsAll() bool + func (r *Refs) Set(v string) error + func (r *Refs) String() string + type RequestIDs struct + AccessRequests []string + func (r *RequestIDs) Check() error + func (r *RequestIDs) IsEmpty() bool + func (r *RequestIDs) Marshal() ([]byte, error) + func (r *RequestIDs) Unmarshal(data []byte) error + type RequestValidator struct + Annotations struct{ ... } + Roles struct{ ... } + SuggestedReviewers []string + ThresholdMatchers []struct{ ... } + func NewRequestValidator(ctx context.Context, getter RequestValidatorGetter, username string, ...) (RequestValidator, error) + func (m *RequestValidator) CanRequestRole(name string) bool + func (m *RequestValidator) CanSearchAsRole(name string) bool + func (m *RequestValidator) GetRequestableRoles() ([]string, error) + func (m *RequestValidator) SystemAnnotations() map[string][]string + func (m *RequestValidator) Validate(ctx context.Context, req types.AccessRequest) error + type RequestValidatorGetter interface + GetClusterName func(opts ...MarshalOption) (types.ClusterName, error) + GetRoles func(ctx context.Context) ([]types.Role, error) + type ResourceLister interface + ListResources func(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error) + type ResourceMarshaler func(types.Resource, ...MarshalOption) ([]byte, error) + type ResourceMatcher struct + Labels types.Labels + type ResourceSeenKey struct + type ResourceUnmarshaler func([]byte, ...MarshalOption) (types.Resource, error) + type ResourceWatcherConfig struct + Client types.Events + Clock clockwork.Clock + Component string + Log logrus.FieldLogger + MaxRetryPeriod time.Duration + MaxStaleness time.Duration + ResetC chan time.Duration + func (cfg *ResourceWatcherConfig) CheckAndSetDefaults() error + type Restrictions interface + DeleteNetworkRestrictions func(context.Context) error + GetNetworkRestrictions func(context.Context) (types.NetworkRestrictions, error) + SetNetworkRestrictions func(context.Context, types.NetworkRestrictions) error + type ReviewPermissionChecker struct + Roles struct{ ... } + User types.User + func NewReviewPermissionChecker(ctx context.Context, getter RequestValidatorGetter, username string) (ReviewPermissionChecker, error) + func (c *ReviewPermissionChecker) CanReviewRequest(req types.AccessRequest) (bool, error) + func (c *ReviewPermissionChecker) HasAllowDirectives() bool + type RoleGetter interface + GetRole func(ctx context.Context, name string) (types.Role, error) + type RoleMatcher interface + Match func(types.Role, types.RoleConditionType) (bool, error) + func NewKubernetesClusterLabelMatcher(clustersLabels map[string]string) RoleMatcher + func NewLoginMatcher(login string) RoleMatcher + func NewWindowsLoginMatcher(login string) RoleMatcher + type RoleMatchers []RoleMatcher + func (m RoleMatchers) MatchAll(role types.Role, condition types.RoleConditionType) (bool, error) + func (m RoleMatchers) MatchAny(role types.Role, condition types.RoleConditionType) (bool, RoleMatcher, error) + type RoleSet []types.Role + func FetchAllClusterRoles(ctx context.Context, access CurrentUserRoleGetter, defaultRoleNames []string, ...) (RoleSet, error) + func FetchRoleList(roleNames []string, access RoleGetter, traits map[string][]string) (RoleSet, error) + func FetchRoles(roleNames []string, access RoleGetter, traits map[string][]string) (RoleSet, error) + func NewRoleSet(roles ...types.Role) RoleSet + func RoleSetFromSpec(name string, spec types.RoleSpecV5) (RoleSet, error) + func (set RoleSet) AdjustClientIdleTimeout(timeout time.Duration) time.Duration + func (set RoleSet) AdjustDisconnectExpiredCert(disconnect bool) bool + func (set RoleSet) AdjustSessionTTL(ttl time.Duration) time.Duration + func (set RoleSet) CanCopyFiles() bool + func (set RoleSet) CanForwardAgents() bool + func (set RoleSet) CanImpersonateSomeone() bool + func (set RoleSet) CanPortForward() bool + func (set RoleSet) CertificateExtensions() []*types.CertExtension + func (set RoleSet) CertificateFormat() string + func (set RoleSet) CheckAWSRoleARNs(ttl time.Duration, overrideTTL bool) ([]string, error) + func (set RoleSet) CheckAccessToRemoteCluster(rc types.RemoteCluster) error + func (set RoleSet) CheckAccessToRule(ctx RuleContext, namespace string, resource string, verb string, silent bool) error + func (set RoleSet) CheckAgentForward(login string) error + func (set RoleSet) CheckDatabaseNamesAndUsers(ttl time.Duration, overrideTTL bool) ([]string, []string, error) + func (set RoleSet) CheckImpersonate(currentUser, impersonateUser types.User, impersonateRoles []types.Role) error + func (set RoleSet) CheckImpersonateRoles(currentUser types.User, impersonateRoles []types.Role) error + func (set RoleSet) CheckKubeGroupsAndUsers(ttl time.Duration, overrideTTL bool, matchers ...RoleMatcher) ([]string, []string, error) + func (set RoleSet) CheckLoginDuration(ttl time.Duration) ([]string, error) + func (set RoleSet) DesktopClipboard() bool + func (set RoleSet) DesktopDirectorySharing() bool + func (set RoleSet) EnhancedRecordingSet() map[string]bool + func (set RoleSet) EnumerateDatabaseUsers(database types.Database, extraUsers ...string) EnumerationResult + func (set RoleSet) EnumerateServerLogins(server types.Server) EnumerationResult + func (set RoleSet) ExtractConditionForIdentifier(ctx RuleContext, namespace, resource, verb, identifier string) (*types.WhereExpr, error) + func (set RoleSet) GetAllLogins() []string + func (set RoleSet) GetAllowedPreviewAsRoles() []string + func (set RoleSet) GetAllowedSearchAsRoles() []string + func (set RoleSet) GetLoginsForTTL(ttl time.Duration) (logins []string, matchedTTL bool) + func (set RoleSet) GuessIfAccessIsPossible(ctx RuleContext, namespace string, resource string, verb string, silent bool) error + func (set RoleSet) HasRole(role string) bool + func (set RoleSet) HostUsers(s types.Server) (*HostUsersInfo, error) + func (set RoleSet) LockingMode(defaultMode constants.LockingMode) constants.LockingMode + func (set RoleSet) MFAParams(authPrefRequirement types.RequireMFAType) (params AccessMFAParams) + func (set RoleSet) MaxConnections() int64 + func (set RoleSet) MaxKubernetesConnections() int64 + func (set RoleSet) MaxSessions() int64 + func (set RoleSet) MaybeCanReviewRequests() bool + func (set RoleSet) PermitX11Forwarding() bool + func (set RoleSet) PinSourceIP() bool + func (set RoleSet) PrivateKeyPolicy(defaultPolicy keys.PrivateKeyPolicy) keys.PrivateKeyPolicy + func (set RoleSet) RecordDesktopSession() bool + func (set RoleSet) RoleNames() []string + func (set RoleSet) Roles() []types.Role + func (set RoleSet) SessionPolicySets() []*types.SessionTrackerPolicySet + func (set RoleSet) SessionRecordingMode(service constants.SessionRecordingService) constants.SessionRecordingMode + func (set RoleSet) String() string + func (set RoleSet) WithoutImplicit() (out RoleSet) + type RotationGetter func(role types.SystemRole) (*types.Rotation, error) + type RuleContext interface + GetIdentifier func(fields []string) (interface{}, error) + GetResource func() (types.Resource, error) + type RuleSet map[string][]types.Rule + func MakeRuleSet(rules []types.Rule) RuleSet + func (set RuleSet) Match(whereParser predicate.Parser, actionsParser predicate.Parser, resource string, ...) (bool, error) + func (set RuleSet) Slice() []types.Rule + type SemaphoreLock struct + func AcquireSemaphoreLock(ctx context.Context, cfg SemaphoreLockConfig) (*SemaphoreLock, error) + func (l *SemaphoreLock) Done() <-chan struct{} + func (l *SemaphoreLock) Renewed() <-chan struct{} + func (l *SemaphoreLock) Stop() + func (l *SemaphoreLock) Wait() error + type SemaphoreLockConfig struct + Clock clockwork.Clock + Expiry time.Duration + Params types.AcquireSemaphoreRequest + Service types.Semaphores + TickRate time.Duration + func (l *SemaphoreLockConfig) CheckAndSetDefaults() error + type Services interface + type SessionTrackerService interface + CreateSessionTracker func(ctx context.Context, st types.SessionTracker) (types.SessionTracker, error) + GetActiveSessionTrackers func(ctx context.Context) ([]types.SessionTracker, error) + GetActiveSessionTrackersWithFilter func(ctx context.Context, filter *types.SessionTrackerFilter) ([]types.SessionTracker, error) + GetSessionTracker func(ctx context.Context, sessionID string) (types.SessionTracker, error) + RemoveSessionTracker func(ctx context.Context, sessionID string) error + UpdatePresence func(ctx context.Context, sessionID, user string) error + UpdateSessionTracker func(ctx context.Context, req *proto.UpdateSessionTrackerRequest) error + type SnowflakeSession interface + DeleteAllSnowflakeSessions func(context.Context) error + DeleteSnowflakeSession func(context.Context, types.DeleteSnowflakeSessionRequest) error + GetSnowflakeSession func(context.Context, types.GetSnowflakeSessionRequest) (types.WebSession, error) + GetSnowflakeSessions func(context.Context) ([]types.WebSession, error) + UpsertSnowflakeSession func(context.Context, types.WebSession) error + type SortedLoginAttempts []LoginAttempt + func (s SortedLoginAttempts) Len() int + func (s SortedLoginAttempts) Less(i, j int) bool + func (s SortedLoginAttempts) Swap(i, j int) + type SortedReverseTunnels []types.ReverseTunnel + func (s SortedReverseTunnels) Len() int + func (s SortedReverseTunnels) Less(i, j int) bool + func (s SortedReverseTunnels) Swap(i, j int) + type SortedRoles []types.Role + func (s SortedRoles) Len() int + func (s SortedRoles) Less(i, j int) bool + func (s SortedRoles) Swap(i, j int) + type SortedServers []types.Server + func (s SortedServers) Len() int + func (s SortedServers) Less(i, j int) bool + func (s SortedServers) Swap(i, j int) + type Status interface + GetClusterAlerts func(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error) + UpsertClusterAlert func(ctx context.Context, alert types.ClusterAlert) error + type StatusInternal interface + DeleteClusterAlert func(ctx context.Context, alertID string) error + type Trust interface + ActivateCertAuthority func(id types.CertAuthID) error + CompareAndSwapCertAuthority func(new, existing types.CertAuthority) error + CreateCertAuthority func(ca types.CertAuthority) error + DeactivateCertAuthority func(id types.CertAuthID) error + DeleteAllCertAuthorities func(caType types.CertAuthType) error + DeleteCertAuthority func(id types.CertAuthID) error + UpsertCertAuthority func(ca types.CertAuthority) error + type UnknownResource struct + Raw []byte + func (u *UnknownResource) UnmarshalJSON(raw []byte) error + type UsageAnonymizable interface + Anonymize func(utils.Anonymizer) prehogv1.SubmitEventRequest + func ConvertUsageEvent(event *usageevents.UsageEventOneOf, identityUsername string) (UsageAnonymizable, error) + type UsageReporter interface + SubmitAnonymizedUsageEvents func(event ...UsageAnonymizable) error + type UsageResourceCreate prehogv1.ResourceCreateEvent + func (u *UsageResourceCreate) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageSSOCreate prehogv1.SSOCreateEvent + func (u *UsageSSOCreate) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageSessionStart prehogv1.SessionStartEvent + func (u *UsageSessionStart) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUIBannerClick prehogv1.UIBannerClickEvent + func (u *UsageUIBannerClick) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUIOnboardAddFirstResourceClickEvent prehogv1.UIOnboardAddFirstResourceClickEvent + func (u *UsageUIOnboardAddFirstResourceClickEvent) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUIOnboardAddFirstResourceLaterClickEvent prehogv1.UIOnboardAddFirstResourceLaterClickEvent + func (u *UsageUIOnboardAddFirstResourceLaterClickEvent) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUIOnboardCompleteGoToDashboardClickEvent prehogv1.UIOnboardCompleteGoToDashboardClickEvent + func (u *UsageUIOnboardCompleteGoToDashboardClickEvent) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUIOnboardGetStartedClickEvent prehogv1.UIOnboardGetStartedClickEvent + func (u *UsageUIOnboardGetStartedClickEvent) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUIOnboardRegisterChallengeSubmit prehogv1.UIOnboardRegisterChallengeSubmitEvent + func (u *UsageUIOnboardRegisterChallengeSubmit) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUIOnboardSetCredentialSubmit prehogv1.UIOnboardSetCredentialSubmitEvent + func (u *UsageUIOnboardSetCredentialSubmit) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUIRecoveryCodesContinueClick prehogv1.UIRecoveryCodesContinueClickEvent + func (u *UsageUIRecoveryCodesContinueClick) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UsageUserLogin prehogv1.UserLoginEvent + func (u *UsageUserLogin) Anonymize(a utils.Anonymizer) prehogv1.SubmitEventRequest + type UserCertParams struct + ActiveRequests RequestIDs + AllowedLogins []string + AllowedResourceIDs string + CASigner ssh.Signer + CertificateExtensions []*types.CertExtension + CertificateFormat string + ClientIP string + ConnectionDiagnosticID string + DisallowReissue bool + Generation uint64 + Impersonator string + MFAVerified string + PermitAgentForwarding bool + PermitFileCopying bool + PermitPortForwarding bool + PermitX11Forwarding bool + PreviousIdentityExpires time.Time + PrivateKeyPolicy keys.PrivateKeyPolicy + PublicUserKey []byte + Renewable bool + Roles []string + RouteToCluster string + SourceIP string + TTL time.Duration + Traits wrappers.Traits + Username string + func (c *UserCertParams) CheckAndSetDefaults() error + type UserGetter interface + GetUser func(user string, withSecrets bool) (types.User, error) + type Users []types.User + func (u Users) Len() int + func (u Users) Less(i, j int) bool + func (u Users) Swap(i, j int) + type UsersService interface + CompareAndSwapUser func(ctx context.Context, new, existing types.User) error + DeleteAllUsers func() error + DeleteUser func(ctx context.Context, user string) error + GetUsers func(withSecrets bool) ([]types.User, error) + UpdateUser func(ctx context.Context, user types.User) error + UpsertUser func(user types.User) error + type ValidateRequestOption func(*RequestValidator) + func ExpandVars(expand bool) ValidateRequestOption + type WindowsDesktops interface + CreateWindowsDesktop func(context.Context, types.WindowsDesktop) error + DeleteAllWindowsDesktops func(context.Context) error + DeleteWindowsDesktop func(ctx context.Context, hostID, name string) error + GetWindowsDesktops func(context.Context, types.WindowsDesktopFilter) ([]types.WindowsDesktop, error) + ListWindowsDesktopServices func(ctx context.Context, req types.ListWindowsDesktopServicesRequest) (*types.ListWindowsDesktopServicesResponse, error) + ListWindowsDesktops func(ctx context.Context, req types.ListWindowsDesktopsRequest) (*types.ListWindowsDesktopsResponse, error) + UpdateWindowsDesktop func(context.Context, types.WindowsDesktop) error + UpsertWindowsDesktop func(ctx context.Context, desktop types.WindowsDesktop) error Other modules containing this package github.com/zmb3/teleport