usersservice

package

v0.0.0-...-3bfe646 Latest Latest Go to latest Published: Jun 28, 2023 License: Apache-2.0 Imports: 21 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gravitational/gravity

Links

Open Source Insights

Documentation ¶

Index ¶

func New(cfg Config) (users.Identity, error)
func NewLocalKeyStore(path string) (*users.KeyStore, error)
type Config
type LocalLogins
type UsersService

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(cfg Config) (users.Identity, error)

New returns a new instance of UsersService

func NewLocalKeyStore ¶

func NewLocalKeyStore(path string) (*users.KeyStore, error)

NewLocalKeyStore returns new user-local key storage

Types ¶

type Config ¶

type Config struct {
	// Backend is a storage backend
	Backend storage.Backend
	// Clock is an optional clock that helps to fake time in with tests,
	// if omitted, system time is used
	Clock clockwork.Clock
}

Config holds configuration parameters for users service

type LocalLogins ¶

type LocalLogins struct {
	clockwork.Clock
	// contains filtered or unexported fields
}

LocalLogins store local logins with remote ops centers

func (*LocalLogins) DeleteLoginEntry ¶

func (l *LocalLogins) DeleteLoginEntry(opsCenterURL string) error

func (*LocalLogins) GetCurrentOpsCenter ¶

func (l *LocalLogins) GetCurrentOpsCenter() string

func (*LocalLogins) GetLoginEntries ¶

func (l *LocalLogins) GetLoginEntries() ([]storage.LoginEntry, error)

func (*LocalLogins) GetLoginEntry ¶

func (l *LocalLogins) GetLoginEntry(opsCenterURL string) (*storage.LoginEntry, error)

func (*LocalLogins) SetCurrentOpsCenter ¶

func (l *LocalLogins) SetCurrentOpsCenter(o string) error

func (*LocalLogins) UpsertLoginEntry ¶

func (l *LocalLogins) UpsertLoginEntry(e storage.LoginEntry) (*storage.LoginEntry, error)

type UsersService ¶

type UsersService struct {
	// contains filtered or unexported fields
}

func (*UsersService) AcquireLock ¶

func (c *UsersService) AcquireLock(token string, ttl time.Duration) error

AcquireLock grabs a lock that will be released automatically in ttl time

func (*UsersService) ActivateCertAuthority ¶

func (c *UsersService) ActivateCertAuthority(id teleservices.CertAuthID) error

ActivateCertAuthority moves a CertAuthority from the deactivated list to the normal list.

func (*UsersService) AddUserLoginAttempt ¶

func (c *UsersService) AddUserLoginAttempt(user string, attempt teleservices.LoginAttempt, ttl time.Duration) error

AddUserLoginAttempt logs user login attempt

func (*UsersService) AuthenticateUser ¶

func (c *UsersService) AuthenticateUser(creds httplib.AuthCreds) (storage.User, teleservices.AccessChecker, error)

AuthenticateUser authenticates a user by given credentials, it supports basic auth only that is used by agents running on sites

func (*UsersService) AuthenticateUserBasicAuth ¶

func (c *UsersService) AuthenticateUserBasicAuth(username, password string) (storage.User, error)

AuthenticateUserBasicAuth authenticates user using basic auth, where password's hash is checked against stored hash for AdminUser and token is compared as is for AgentUser (treated as API key)

func (*UsersService) AuthenticateUserBearerAuth ¶

func (c *UsersService) AuthenticateUserBearerAuth(token string) (storage.User, error)

AuthenticateUserBearerAuth is used to authenticate site agent users that connect using provisioning tokens or API keys

func (*UsersService) CompareAndSwapCertAuthority ¶

func (c *UsersService) CompareAndSwapCertAuthority(new, existing teleservices.CertAuthority) error

CompareAndSwapCertAuthority updates existing cert authority if the existing cert authority value matches the value stored in the backend

func (*UsersService) CreateAPIKey ¶

func (c *UsersService) CreateAPIKey(key storage.APIKey, upsert bool) (*storage.APIKey, error)

func (*UsersService) CreateAccount ¶

func (c *UsersService) CreateAccount(a users.Account) (*users.Account, error)

CreateAccount creates a new user account from the specified attributes

func (*UsersService) CreateAdmin ¶

func (c *UsersService) CreateAdmin(email, password string) error

CreateAdmin creates a new admin user for the locally running site.

func (*UsersService) CreateAgent ¶

func (c *UsersService) CreateAgent(agent storage.User) (storage.User, error)

CreateAgent creates a new "robot" agent user used by various automation tools (e.g. release automation) with correct privileges

func (*UsersService) CreateAgentFromLoginEntry ¶

func (c *UsersService) CreateAgentFromLoginEntry(clusterName string, entry storage.LoginEntry, admin bool) (storage.User, error)

CreateAgentFromLoginEntry creates a new agent user from the provided login entry

func (*UsersService) CreateCertAuthority ¶

func (c *UsersService) CreateCertAuthority(ca teleservices.CertAuthority) error

CreateCertAuthority creates a new certificate authority

func (*UsersService) CreateClusterAdminAgent ¶

func (c *UsersService) CreateClusterAdminAgent(clusterName string, agent storage.User) (storage.User, error)

CreateClusterAdminAgent creates privileged agent user

func (*UsersService) CreateClusterAgent ¶

func (c *UsersService) CreateClusterAgent(clusterName string, agent storage.User) (storage.User, error)

CreateClusterAgent creates unprivileged agent user

func (*UsersService) CreateGatekeeper ¶

func (c *UsersService) CreateGatekeeper(gatekeeper users.RemoteAccessUser) (*users.RemoteAccessUser, error)

CreateGatekeeper creates a new remote access agent user used to connect remote sites to Ops Centers.

func (*UsersService) CreateGithubAuthRequest ¶

func (c *UsersService) CreateGithubAuthRequest(req teleservices.GithubAuthRequest) error

CreateGithubAuthRequest creates a new auth request for Github OAuth2 flow

func (*UsersService) CreateGithubConnector ¶

func (c *UsersService) CreateGithubConnector(connector teleservices.GithubConnector) error

CreateGithubConnector creates a new Github connector

func (*UsersService) CreateInstallToken ¶

func (c *UsersService) CreateInstallToken(t storage.InstallToken) (token *storage.InstallToken, err error)

CreateInstallToken creates a new one-time installation token

func (*UsersService) CreateInviteToken ¶

func (c *UsersService) CreateInviteToken(advertiseURL string, userInvite storage.UserInvite) (*storage.UserToken, error)

CreateInviteToken invites a user

func (*UsersService) CreateOIDCAuthRequest ¶

func (c *UsersService) CreateOIDCAuthRequest(req teleservices.OIDCAuthRequest, ttl time.Duration) error

CreateOIDCAuthRequest creates new auth request

func (*UsersService) CreateProvisioningToken ¶

func (c *UsersService) CreateProvisioningToken(t storage.ProvisioningToken) (*storage.ProvisioningToken, error)

CreateProvisioningToken creates a new token from the specified template t

func (*UsersService) CreateRemoteAgent ¶

func (c *UsersService) CreateRemoteAgent(agent users.RemoteAccessUser) (storage.User, error)

CreateRemoteAgent creates a new site agent user that replicates the agent of a remote site. The user usually has a bound API key which is replicated locally.

func (*UsersService) CreateRemoteCluster ¶

func (c *UsersService) CreateRemoteCluster(conn teleservices.RemoteCluster) error

CreateRemoteCluster creates a remote cluster

func (*UsersService) CreateResetToken ¶

func (c *UsersService) CreateResetToken(advertiseURL string, username string, ttl time.Duration) (*storage.UserToken, error)

CreateResetToken resets user password and creates a token to let existing user to change it

func (*UsersService) CreateRole ¶

func (c *UsersService) CreateRole(role teleservices.Role, ttl time.Duration) error

CreateRole creates new role

func (*UsersService) CreateSAMLAuthRequest ¶

func (c *UsersService) CreateSAMLAuthRequest(req teleservices.SAMLAuthRequest, ttl time.Duration) error

CreateSAMLAuthRequest creates new auth request

func (*UsersService) CreateSAMLConnector ¶

func (c *UsersService) CreateSAMLConnector(connector teleservices.SAMLConnector) error

CreateSAMLConnector upserts SAML Connector

func (*UsersService) CreateUser ¶

func (c *UsersService) CreateUser(user teleservices.User) error

CreateUser creates a new generic user without privileges

func (*UsersService) CreateUserWithToken ¶

func (c *UsersService) CreateUserWithToken(completeReq users.UserTokenCompleteRequest) (teleservices.WebSession, error)

CreateUserWithToken creates a user with a token

func (*UsersService) DeactivateCertAuthority ¶

func (c *UsersService) DeactivateCertAuthority(id teleservices.CertAuthID) error

DeactivateCertAuthority moves a CertAuthority from the normal list to the deactivated list.

func (*UsersService) DeleteAPIKey ¶

func (c *UsersService) DeleteAPIKey(userEmail, token string) error

func (*UsersService) DeleteAllCertAuthorities ¶

func (c *UsersService) DeleteAllCertAuthorities(caType teleservices.CertAuthType) error

DeleteAllCertAuthorities deletes all cert authorities

func (*UsersService) DeleteAllNamespaces ¶

func (c *UsersService) DeleteAllNamespaces() error

DeleteAllNamespaces deletes all namespaces

func (*UsersService) DeleteAllNodes ¶

func (c *UsersService) DeleteAllNodes(namespace string) error

DeleteAllNodes deletes all nodes

func (*UsersService) DeleteAllProxies ¶

func (c *UsersService) DeleteAllProxies() error

DeleteAllProxies deletes all proxies

func (*UsersService) DeleteAllRemoteClusters ¶

func (c *UsersService) DeleteAllRemoteClusters() error

DeleteAllRemoteClusters deletes all remote clusters

func (*UsersService) DeleteAllReverseTunnels ¶

func (c *UsersService) DeleteAllReverseTunnels() error

DeleteAllReverseTunnels deletes all reverse tunnels

func (*UsersService) DeleteAllRoles ¶

func (c *UsersService) DeleteAllRoles() error

DeleteAllRoles deletes all roles

func (*UsersService) DeleteAllTunnelConnections ¶

func (c *UsersService) DeleteAllTunnelConnections() error

DeleteAllTunnelConnections deletes all tunnel connections for cluster

func (*UsersService) DeleteAllUsers ¶

func (c *UsersService) DeleteAllUsers() error

DeleteAllUsers deletes all users

func (*UsersService) DeleteCertAuthority ¶

func (c *UsersService) DeleteCertAuthority(id teleservices.CertAuthID) error

DeleteCertAuthority deletes particular certificate authority

func (*UsersService) DeleteGithubConnector ¶

func (c *UsersService) DeleteGithubConnector(name string) error

DeleteGithubConnector deletes a Github connector by its name

func (*UsersService) DeleteNamespace ¶

func (c *UsersService) DeleteNamespace(namespace string) error

DeleteNamespace deletes a namespace with all the keys from the backend

func (*UsersService) DeleteOIDCConnector ¶

func (c *UsersService) DeleteOIDCConnector(connectorID string) error

DeleteOIDCConnector deletes OIDC Connector

func (*UsersService) DeleteRemoteCluster ¶

func (c *UsersService) DeleteRemoteCluster(clusterName string) error

DeleteRemoteCluster deletes remote cluster by name

func (*UsersService) DeleteReverseTunnel ¶

func (c *UsersService) DeleteReverseTunnel(domainName string) error

DeleteReverseTunnel deletes reverse tunnel by it's domain name

func (*UsersService) DeleteRole ¶

func (c *UsersService) DeleteRole(roleName string) error

DeleteRole deletes a role with all the keys from the backend

func (*UsersService) DeleteSAMLConnector ¶

func (c *UsersService) DeleteSAMLConnector(connectorID string) error

DeleteSAMLConnector deletes SAML Connector

func (*UsersService) DeleteSignupToken ¶

func (c *UsersService) DeleteSignupToken(token string) error

DeleteSignupToken deletes signup token from the storage

func (*UsersService) DeleteToken ¶

func (*UsersService) DeleteToken(token string) error

DeleteToken deletes provisioning token

func (*UsersService) DeleteTrustedCluster ¶

func (c *UsersService) DeleteTrustedCluster(name string) error

DeleteTrustedCluster removes a TrustedCluster from the backend by name.

func (*UsersService) DeleteTunnelConnection ¶

func (c *UsersService) DeleteTunnelConnection(clusterName string, connName string) error

DeleteTunnelConnection deletes tunnel connection by name

func (*UsersService) DeleteTunnelConnections ¶

func (c *UsersService) DeleteTunnelConnections(clusterName string) error

DeleteTunnelConnections deletes all tunnel connections for cluster

func (*UsersService) DeleteUsedTOTPToken ¶

func (c *UsersService) DeleteUsedTOTPToken(user string) error

DeleteUsedTOTPToken removes the used token from the backend. This should only be used during tests.

func (*UsersService) DeleteUser ¶

func (c *UsersService) DeleteUser(email string) error

DeleteUser deletes a user by email

func (*UsersService) DeleteUserInvite ¶

func (c *UsersService) DeleteUserInvite(accountID, email string) error

DeleteUserInvite deletes user invite

func (*UsersService) DeleteUserLoginAttempts ¶

func (c *UsersService) DeleteUserLoginAttempts(user string) error

DeleteUserLoginAttempts removes all login attempts of a user. Should be called after successful login.

func (*UsersService) DeleteWebSession ¶

func (c *UsersService) DeleteWebSession(user, sid string) error

DeleteWebSession deletes web session from the storage

func (*UsersService) GetAPIKeyByToken ¶

func (c *UsersService) GetAPIKeyByToken(token string) (key *storage.APIKey, err error)

func (*UsersService) GetAPIKeys ¶

func (c *UsersService) GetAPIKeys(userEmail string) (keys []storage.APIKey, err error)

func (*UsersService) GetAccessChecker ¶

func (c *UsersService) GetAccessChecker(user storage.User) (teleservices.AccessChecker, error)

GetAccessChecker returns access checker for user based on users roles

func (*UsersService) GetAccount ¶

func (c *UsersService) GetAccount(accountID string) (*users.Account, error)

func (*UsersService) GetAccounts ¶

func (c *UsersService) GetAccounts() ([]users.Account, error)

GetAccounts returns accounts

func (*UsersService) GetAllTunnelConnections ¶

func (c *UsersService) GetAllTunnelConnections(opts ...teleservices.MarshalOption) ([]teleservices.TunnelConnection, error)

GetAllTunnelConnections returns all tunnel connections

func (*UsersService) GetAuthPreference ¶

func (c *UsersService) GetAuthPreference() (teleservices.AuthPreference, error)

GetAuthPreference returns cluster auth preference

func (*UsersService) GetAuthServers ¶

func (c *UsersService) GetAuthServers() ([]teleservices.Server, error)

GetAuthServers returns a list of registered servers

func (*UsersService) GetCertAuthorities ¶

func (c *UsersService) GetCertAuthorities(caType teleservices.CertAuthType, loadSigningKeys bool, opts ...teleservices.MarshalOption) ([]teleservices.CertAuthority, error)

GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not

func (*UsersService) GetCertAuthority ¶

func (c *UsersService) GetCertAuthority(id teleservices.CertAuthID, loadSigningKeys bool, opts ...teleservices.MarshalOption) (teleservices.CertAuthority, error)

GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded

func (*UsersService) GetClusterConfig ¶

func (c *UsersService) GetClusterConfig() (teleservices.ClusterConfig, error)

GetClusterConfig returns cluster configuration

func (*UsersService) GetClusterName ¶

func (c *UsersService) GetClusterName() (teleservices.ClusterName, error)

GetClusterName returns cluster name from cluster configuration

func (*UsersService) GetGithubAuthRequest ¶

func (c *UsersService) GetGithubAuthRequest(stateToken string) (*teleservices.GithubAuthRequest, error)

GetGithubAuthRequest retrieves Github auth request by the token

func (*UsersService) GetGithubConnector ¶

func (c *UsersService) GetGithubConnector(name string, withSecrets bool) (teleservices.GithubConnector, error)

GetGithubConnector returns a Github connector by its name

func (*UsersService) GetGithubConnectors ¶

func (c *UsersService) GetGithubConnectors(withSecrets bool) ([]teleservices.GithubConnector, error)

GetGithubConnectors returns all configured Github connectors

func (*UsersService) GetHOTP ¶

func (c *UsersService) GetHOTP(username string) (*hotp.HOTP, error)

GetHOTP gets HOTP token state for a user

func (*UsersService) GetInstallToken ¶

func (c *UsersService) GetInstallToken(tokenID string) (*storage.InstallToken, error)

GetInstallToken returns the token by ID

func (*UsersService) GetInstallTokenByUser ¶

func (c *UsersService) GetInstallTokenByUser(email string) (*storage.InstallToken, error)

GetInstallTokenByUser returns the token by user ID

func (*UsersService) GetInstallTokenForCluster ¶

func (c *UsersService) GetInstallTokenForCluster(name string) (*storage.InstallToken, error)

GetInstallTokenForCluster returns token by cluster name

func (*UsersService) GetLocalClusterName ¶

func (c *UsersService) GetLocalClusterName() (string, error)

func (*UsersService) GetNamespace ¶

func (c *UsersService) GetNamespace(name string) (*teleservices.Namespace, error)

GetNamespace returns a namespace by name

func (*UsersService) GetNamespaces ¶

func (c *UsersService) GetNamespaces() ([]teleservices.Namespace, error)

GetNamespaces returns a list of namespaces

func (*UsersService) GetNodes ¶

func (c *UsersService) GetNodes(namespace string, opts ...teleservices.MarshalOption) ([]teleservices.Server, error)

GetNodes returns a list of registered servers

func (*UsersService) GetOIDCAuthRequest ¶

func (c *UsersService) GetOIDCAuthRequest(stateToken string) (*teleservices.OIDCAuthRequest, error)

GetOIDCAuthRequest returns OIDC auth request if found

func (*UsersService) GetOIDCConnector ¶

func (c *UsersService) GetOIDCConnector(id string, withSecrets bool) (teleservices.OIDCConnector, error)

GetOIDCConnector returns OIDC connector data, withSecrets adds or removes client secret from return results

func (*UsersService) GetOIDCConnectors ¶

func (c *UsersService) GetOIDCConnectors(withSecrets bool) ([]teleservices.OIDCConnector, error)

GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results

func (*UsersService) GetOperationProvisioningToken ¶

func (c *UsersService) GetOperationProvisioningToken(clusterName, operationID string) (*storage.ProvisioningToken, error)

GetOperationProvisioningToken returns token created for the particular site operation

func (*UsersService) GetPasswordHash ¶

func (c *UsersService) GetPasswordHash(username string) ([]byte, error)

GetPasswordHash returns the password hash for a given user

func (*UsersService) GetProvisioningToken ¶

func (c *UsersService) GetProvisioningToken(token string) (*storage.ProvisioningToken, error)

GetProvisioningToken returns token by ID

func (*UsersService) GetProxies ¶

func (c *UsersService) GetProxies() ([]teleservices.Server, error)

GetProxies returns a list of registered proxies

func (*UsersService) GetRemoteCluster ¶

func (c *UsersService) GetRemoteCluster(clusterName string) (teleservices.RemoteCluster, error)

GetRemoteCluster returns a remote cluster by name

func (*UsersService) GetRemoteClusters ¶

func (c *UsersService) GetRemoteClusters(opts ...teleservices.MarshalOption) ([]teleservices.RemoteCluster, error)

GetRemoteClusters returns a list of remote clusters

func (*UsersService) GetReverseTunnel ¶

func (c *UsersService) GetReverseTunnel(name string) (teleservices.ReverseTunnel, error)

GetReverseTunnel returns reverse tunnel by name

func (*UsersService) GetReverseTunnels ¶

func (c *UsersService) GetReverseTunnels() ([]teleservices.ReverseTunnel, error)

GetReverseTunnels returns a list of registered servers

func (*UsersService) GetRole ¶

func (c *UsersService) GetRole(name string) (teleservices.Role, error)

GetRole returns a role by name

func (*UsersService) GetRoles ¶

func (c *UsersService) GetRoles() ([]teleservices.Role, error)

GetRoles returns a list of roles registered with the local auth server

func (*UsersService) GetSAMLAuthRequest ¶

func (c *UsersService) GetSAMLAuthRequest(stateToken string) (*teleservices.SAMLAuthRequest, error)

GetSAMLAuthRequest returns SAML auth request if found

func (*UsersService) GetSAMLConnector ¶

func (c *UsersService) GetSAMLConnector(id string, withSecrets bool) (teleservices.SAMLConnector, error)

GetSAMLConnector returns SAML connector data, withSecrets adds or removes client secret from return results

func (*UsersService) GetSAMLConnectors ¶

func (c *UsersService) GetSAMLConnectors(withSecrets bool) ([]teleservices.SAMLConnector, error)

GetSAMLConnectors returns registered connectors, withSecrets adds or removes client secret from return results

func (*UsersService) GetSignupToken ¶

func (c *UsersService) GetSignupToken(token string) (*teleservices.SignupToken, error)

GetSignupToken returns signup token data

func (*UsersService) GetSignupTokens ¶

func (c *UsersService) GetSignupTokens() ([]teleservices.SignupToken, error)

GetSignupTokens returns a list of signup tokens

func (*UsersService) GetSiteProvisioningTokens ¶

func (c *UsersService) GetSiteProvisioningTokens(siteDomain string) ([]storage.ProvisioningToken, error)

func (*UsersService) GetStaticTokens ¶

func (c *UsersService) GetStaticTokens() (teleservices.StaticTokens, error)

GetStaticTokens returns static tokens from cluster configuration

func (*UsersService) GetTOTP ¶

func (c *UsersService) GetTOTP(user string) (string, error)

GetTOTP returns the secret key used by the TOTP algorithm to validate tokens

func (*UsersService) GetTelekubeUser ¶

func (c *UsersService) GetTelekubeUser(email string) (storage.User, error)

GetTelekubeUser finds user by email

func (*UsersService) GetToken ¶

func (c *UsersService) GetToken(token string) (*teleservices.ProvisionToken, error)

GetToken is called by Teleport to verify the token supplied by a connecting trusted cluster, it is expected to be an API key of Gatekeeper user

func (*UsersService) GetTokens ¶

func (*UsersService) GetTokens() ([]teleservices.ProvisionToken, error)

GetTokens returns all non-expired tokens

func (*UsersService) GetTrustedCluster ¶

func (c *UsersService) GetTrustedCluster(name string) (teleservices.TrustedCluster, error)

GetTrustedCluster returns a single TrustedCluster by name.

func (*UsersService) GetTrustedClusters ¶

func (c *UsersService) GetTrustedClusters() ([]teleservices.TrustedCluster, error)

GetTrustedClusters returns all TrustedClusters in the backend.

func (*UsersService) GetTunnelConnections ¶

func (c *UsersService) GetTunnelConnections(clusterName string, opts ...teleservices.MarshalOption) ([]teleservices.TunnelConnection, error)

GetTunnelConnections returns tunnel connections for a given cluster

func (*UsersService) GetU2FRegisterChallenge ¶

func (c *UsersService) GetU2FRegisterChallenge(token string) (*u2f.Challenge, error)

GetU2FRegisterChallenge returns a U2F challenge for a new user corresponding to the token

func (*UsersService) GetU2FRegistration ¶

func (c *UsersService) GetU2FRegistration(user string) (*u2f.Registration, error)

GetU2FRegistration returns a U2F registration from a valid register response

func (*UsersService) GetU2FRegistrationCounter ¶

func (c *UsersService) GetU2FRegistrationCounter(user string) (counter uint32, e error)

GetU2FRegistrationCounter returns a counter associated with a U2F registration

func (*UsersService) GetU2FSignChallenge ¶

func (c *UsersService) GetU2FSignChallenge(user string) (*u2f.Challenge, error)

GetU2FSignChallenge returns a U2F sign (auth) challenge

func (*UsersService) GetUsedTOTPToken ¶

func (c *UsersService) GetUsedTOTPToken(user string) (string, error)

GetUsedTOTPToken returns the last successfully used TOTP token. If no token is found zero is returned.

func (*UsersService) GetUser ¶

func (c *UsersService) GetUser(email string) (teleservices.User, error)

GetUser finds user by email

func (*UsersService) GetUserByGithubIdentity ¶

func (c *UsersService) GetUserByGithubIdentity(id teleservices.ExternalIdentity) (teleservices.User, error)

GetUserByGithubIdentity returns a user by it's specified Github Identity, returns first user specified with this identity

func (*UsersService) GetUserByOIDCIdentity ¶

func (c *UsersService) GetUserByOIDCIdentity(id teleservices.ExternalIdentity) (teleservices.User, error)

GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity

func (*UsersService) GetUserBySAMLIdentity ¶

func (c *UsersService) GetUserBySAMLIdentity(id teleservices.ExternalIdentity) (teleservices.User, error)

GetUserBySAMLIdentity returns a user by it's specified SAML Identity, returns first user specified with this identity

func (*UsersService) GetUserInvites ¶

func (c *UsersService) GetUserInvites(accountID string) ([]storage.UserInvite, error)

GetUserInvites returns user invites

func (*UsersService) GetUserLoginAttempts ¶

func (c *UsersService) GetUserLoginAttempts(user string) ([]teleservices.LoginAttempt, error)

GetUserLoginAttempts returns user login attempts

func (*UsersService) GetUserToken ¶

func (c *UsersService) GetUserToken(token string) (*storage.UserToken, error)

GetUserToken returns information about this signup token based on its id

func (*UsersService) GetUsers ¶

func (c *UsersService) GetUsers() ([]teleservices.User, error)

func (*UsersService) GetUsersByAccountID ¶

func (c *UsersService) GetUsersByAccountID(accountID string) ([]storage.User, error)

GetUsersByAccountID returns user account

func (*UsersService) GetWebSession ¶

func (c *UsersService) GetWebSession(user, sid string) (teleservices.WebSession, error)

GetWebSession returns a web session state for a given user and session id

func (*UsersService) LoginWithInstallToken ¶

func (c *UsersService) LoginWithInstallToken(tokenID string) (*users.LoginResult, error)

func (*UsersService) Migrate ¶

func (c *UsersService) Migrate() error

Migrate launches migrations for users and roles

func (*UsersService) ProcessUserTokenCompleteRequest ¶

func (c *UsersService) ProcessUserTokenCompleteRequest(tokenType string, req users.UserTokenCompleteRequest) (*storage.UserToken, []byte, error)

ProcessUserTokenCompleteRequest processes user token complete request

func (*UsersService) ReleaseLock ¶

func (c *UsersService) ReleaseLock(token string) error

ReleaseLock releases lock by token name

func (*UsersService) ResetPassword ¶

func (c *UsersService) ResetPassword(email string) (string, error)

ResetPassword resets the user password and returns the new one

func (*UsersService) ResetUserWithToken ¶

func (c *UsersService) ResetUserWithToken(req users.UserTokenCompleteRequest) (teleservices.WebSession, error)

ResetUserWithToken sets user password based on user token and logs in user after that in case of successful operation

func (*UsersService) SetAuth ¶

func (c *UsersService) SetAuth(auth teleauth.ClientI)

func (*UsersService) SetAuthPreference ¶

func (c *UsersService) SetAuthPreference(authP teleservices.AuthPreference) error

SetAuthPreference updates cluster auth preference

func (*UsersService) SetClusterConfig ¶

func (c *UsersService) SetClusterConfig(config teleservices.ClusterConfig) error

SetClusterConfig returns cluster configuration

func (*UsersService) SetClusterName ¶

func (c *UsersService) SetClusterName(clusterName teleservices.ClusterName) error

SetClusterName sets the name of the cluster in the backend. SetClusterName can only be called once on a cluster after which it will return trace.AlreadyExists.

func (*UsersService) SetStaticTokens ¶

func (c *UsersService) SetStaticTokens(tokens teleservices.StaticTokens) error

SetStaticTokens updates static tokens in cluster configuration

func (*UsersService) TryAcquireLock ¶

func (c *UsersService) TryAcquireLock(token string, ttl time.Duration) error

TryAcquireLock grabs a lock that will be released automatically in ttl time

func (*UsersService) UpdateInstallToken ¶

func (c *UsersService) UpdateInstallToken(req users.InstallTokenUpdateRequest) (*storage.InstallToken, teleservices.Role, error)

UpdateInstallToken updates an existing install token and changes role for the user associated with the install token to reduce it's scope to the just created cluster

func (*UsersService) UpdatePassword ¶

func (c *UsersService) UpdatePassword(email string, oldPassword, newPassword users.Password) error

UpdatePassword updates users password based on the old password

func (*UsersService) UpdateUser ¶

func (c *UsersService) UpdateUser(username string, req storage.UpdateUserReq) error

UpdateUser updates certain user fields

func (*UsersService) UpsertAuthServer ¶

func (c *UsersService) UpsertAuthServer(server teleservices.Server) error

UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*UsersService) UpsertCertAuthority ¶

func (c *UsersService) UpsertCertAuthority(ca teleservices.CertAuthority) error

UpsertCertAuthority updates or inserts a new certificate authority

func (*UsersService) UpsertGithubConnector ¶

func (c *UsersService) UpsertGithubConnector(connector teleservices.GithubConnector) error

UpsertGithubConnector creates or updates a new Github connector

func (*UsersService) UpsertHOTP ¶

func (c *UsersService) UpsertHOTP(user string, otp *hotp.HOTP) error

UpsertHOTP upserts HOTP state for user

func (*UsersService) UpsertLocalClusterName ¶

func (c *UsersService) UpsertLocalClusterName(clusterName string) error

func (*UsersService) UpsertNamespace ¶

func (c *UsersService) UpsertNamespace(n teleservices.Namespace) error

UpsertNamespace upserts namespace

func (*UsersService) UpsertNode ¶

func (c *UsersService) UpsertNode(server teleservices.Server) error

UpsertNode registers node presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*UsersService) UpsertNodes ¶

func (c *UsersService) UpsertNodes(namespace string, servers []teleservices.Server) error

UpsertNodes upserts multiple nodes

func (*UsersService) UpsertOIDCConnector ¶

func (c *UsersService) UpsertOIDCConnector(connector teleservices.OIDCConnector) error

UpsertOIDCConnector upserts OIDC Connector

func (*UsersService) UpsertPassword ¶

func (c *UsersService) UpsertPassword(user string, password []byte) error

UpsertPassword upserts new password and HOTP token

func (*UsersService) UpsertPasswordHash ¶

func (c *UsersService) UpsertPasswordHash(user string, hash []byte) error

UpsertPasswordHash upserts user password hash

func (*UsersService) UpsertProxy ¶

func (c *UsersService) UpsertProxy(server teleservices.Server) error

UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*UsersService) UpsertReverseTunnel ¶

func (c *UsersService) UpsertReverseTunnel(tunnel teleservices.ReverseTunnel) error

UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently

func (*UsersService) UpsertRole ¶

func (c *UsersService) UpsertRole(role teleservices.Role, ttl time.Duration) error

UpsertRole updates parameters about role

func (*UsersService) UpsertSAMLConnector ¶

func (c *UsersService) UpsertSAMLConnector(connector teleservices.SAMLConnector) error

UpsertSAMLConnector upserts SAML Connector

func (*UsersService) UpsertSignupToken ¶

func (c *UsersService) UpsertSignupToken(token string, tokenData teleservices.SignupToken, ttl time.Duration) error

UpsertSignupToken upserts signup token - one time token that lets user to create a user account

func (*UsersService) UpsertTOTP ¶

func (c *UsersService) UpsertTOTP(user string, secretKey string) error

UpsertTOTP upserts TOTP secret key for a user that can be used to generate and validate tokens.

func (*UsersService) UpsertToken ¶

func (*UsersService) UpsertToken(token string, roles teleport.Roles, ttl time.Duration) error

UpsertToken adds provisioning tokens for the auth server

func (*UsersService) UpsertTrustedCluster ¶

func (c *UsersService) UpsertTrustedCluster(trustedCluster teleservices.TrustedCluster) (teleservices.TrustedCluster, error)

UpsertTrustedCluster creates or updates a TrustedCluster in the backend.

func (*UsersService) UpsertTunnelConnection ¶

func (c *UsersService) UpsertTunnelConnection(conn teleservices.TunnelConnection) error

UpsertTunnelConnection upserts tunnel connection

func (*UsersService) UpsertU2FRegisterChallenge ¶

func (c *UsersService) UpsertU2FRegisterChallenge(token string, u2fChallenge *u2f.Challenge) error

UpsertU2FRegisterChallenge upserts a U2F challenge for a new user corresponding to the token

func (*UsersService) UpsertU2FRegistration ¶

func (c *UsersService) UpsertU2FRegistration(user string, u2fReg *u2f.Registration) error

UpsertU2FRegistration upserts a U2F registration from a valid register response

func (*UsersService) UpsertU2FRegistrationCounter ¶

func (c *UsersService) UpsertU2FRegistrationCounter(user string, counter uint32) error

UpsertU2FRegistrationCounter upserts a counter associated with a U2F registration

func (*UsersService) UpsertU2FSignChallenge ¶

func (c *UsersService) UpsertU2FSignChallenge(user string, u2fChallenge *u2f.Challenge) error

UpsertU2FSignChallenge upserts a U2F sign (auth) challenge

func (*UsersService) UpsertUsedTOTPToken ¶

func (c *UsersService) UpsertUsedTOTPToken(user string, otpToken string) error

UpsertUsedTOTPToken upserts a TOTP token to the backend so it can't be used again during the 30 second window it's valid.

func (*UsersService) UpsertUser ¶

func (c *UsersService) UpsertUser(teleuser teleservices.User) error

UpsertUser creates a new user or updates existing user In case of AgentUser it will generate a random token - API key In case of AdminUser or Regular user it requires a password to be set and uses bcrypt to store password's hash

func (*UsersService) UpsertWebSession ¶

func (c *UsersService) UpsertWebSession(user, sid string, session teleservices.WebSession) error

UpsertWebSession updates or inserts a web session for a user and session id

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL