client

package
Version: v0.0.0-...-245e67a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 26, 2022 License: Apache-2.0 Imports: 45 Imported by: 4

README

This package is documented using a combination of pkg.go.dev and Teleport Docs.

Reference

Documentation

Overview

Package client provides a gRPC implementation of the Teleport Auth client. This client can be used to programatically interact with a Teleport Auth server.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConfigureALPN

func ConfigureALPN(tlsConfig *tls.Config, clusterName string) *tls.Config

ConfigureALPN configures ALPN SNI cluster routing information in TLS settings allowing for allowing to dial auth service through Teleport Proxy directly without using SSH Tunnels.

func DialProxy

func DialProxy(ctx context.Context, proxyURL *url.URL, addr string) (net.Conn, error)

DialProxy creates a connection to a server via an HTTP Proxy.

func DialProxyWithDialer

func DialProxyWithDialer(ctx context.Context, proxyURL *url.URL, addr string, dialer ContextDialer) (net.Conn, error)

DialProxyWithDialer creates a connection to a server via an HTTP Proxy using a specified dialer.

func EventFromGRPC

func EventFromGRPC(in proto.Event) (*types.Event, error)

EventFromGRPC converts proto.Event to types.Event

func EventToGRPC

func EventToGRPC(in types.Event) (*proto.Event, error)

EventToGRPC converts types.Event to proto.Event

func EventTypeFromGRPC

func EventTypeFromGRPC(in proto.Operation) (types.OpType, error)

EventTypeFromGRPC converts proto.Operation to types.OpType

func EventTypeToGRPC

func EventTypeToGRPC(in types.OpType) (proto.Operation, error)

EventTypeToGRPC converts types.OpType to proto.Operation

func GetResourcesWithFilters

func GetResourcesWithFilters(ctx context.Context, clt ListResourcesClient, req proto.ListResourcesRequest) ([]types.ResourceWithLabels, error)

GetResourcesWithFilters is a helper for getting a list of resources with optional filtering. In addition to iterating pages, it also correctly handles downsizing pages when LimitExceeded errors are encountered.

func InventoryControlStreamPipe

InventoryControlStreamPipe creates the two halves of an inventory control stream over an in-memory pipe.

func NewTracingClient

func NewTracingClient(ctx context.Context, cfg Config) (*tracing.Client, error)

NewTracingClient creates a new tracing.Client that will forward spans to the connected Teleport server. See New for details on how the connection it established.

Types

type Client

type Client struct {

	// JoinServiceClient is a client for the JoinService, which runs on both the
	// auth and proxy.
	*JoinServiceClient
	// contains filtered or unexported fields
}

Client is a gRPC Client that connects to a Teleport Auth server either locally or over ssh through a Teleport web proxy or tunnel proxy.

This client can be used to cover a variety of Teleport use cases, such as programmatically handling access requests, integrating with external tools, or dynamically configuring Teleport.

Example (RoleCRUD)

Below is an example of creating a new Teleport Auth client with Profile credentials, and using that client to create, get, and delete a Role resource object.

Make sure to look at the Getting Started guide before attempting to run this example.

package main

import (
	"context"
	"log"
	"time"

	"github.com/gravitational/teleport/api/client"
	"github.com/gravitational/teleport/api/types"
)

func main() {
	ctx := context.Background()

	// Create a new client in your go file.
	clt, err := client.New(ctx, client.Config{
		Credentials: []client.Credentials{
			client.LoadProfile("", ""),
		},
		// set to true if your Teleport web proxy doesn't have HTTP/TLS certificate
		// configured yet (never use this in production).
		InsecureAddressDiscovery: false,
	})
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	defer clt.Close()

	// Resource Spec structs reflect their Resource's yaml definition.
	roleSpec := types.RoleSpecV5{
		Options: types.RoleOptions{
			MaxSessionTTL: types.Duration(time.Hour),
		},
		Allow: types.RoleConditions{
			Logins: []string{"role1"},
			Rules: []types.Rule{
				types.NewRule(types.KindAccessRequest, []string{types.VerbList, types.VerbRead}),
			},
		},
		Deny: types.RoleConditions{
			NodeLabels: types.Labels{"*": []string{"*"}},
		},
	}

	// There are helper functions for creating Teleport resources.
	role, err := types.NewRole("role1", roleSpec)
	if err != nil {
		log.Fatalf("failed to get role: %v", err)
	}

	// Getters and setters can be used to alter specs.
	role.SetLogins(types.Allow, []string{"root"})

	// Upsert overwrites the resource if it exists. Use this to create/update resources.
	// Equivalent to `tctl create -f role1.yaml`.
	err = clt.UpsertRole(ctx, role)
	if err != nil {
		log.Fatalf("failed to create role: %v", err)
	}

	// Equivalent to `tctl get role/role1`.
	role, err = clt.GetRole(ctx, "role1")
	if err != nil {
		log.Fatalf("failed to get role: %v", err)
	}

	// Equivalent to `tctl rm role/role1`.
	err = clt.DeleteRole(ctx, "role1")
	if err != nil {
		log.Fatalf("failed to delete role: %v", err)
	}
}
Output:

func New

func New(ctx context.Context, cfg Config) (clt *Client, err error)

New creates a new Client with an open connection to a Teleport server.

New will try to open a connection with all combinations of addresses and credentials. The first successful connection to a server will be used, or an aggregated error will be returned if all combinations fail.

cfg.Credentials must be non-empty. One of cfg.Addrs and cfg.Dialer must be non-empty, unless LoadProfile is used to fetch Credentials and load a web proxy dialer.

See the example below for usage.

Example
package main

import (
	"context"
	"log"
	"os"

	"github.com/gravitational/teleport/api/client"
)

func main() {
	ctx := context.Background()
	clt, err := client.New(ctx, client.Config{
		// Multiple Addresses can be provided to attempt to
		// connect to the auth server. At least one address
		// must be provided, except when using the ProfileCreds.
		Addrs: []string{
			// The Auth server address can be provided to connect locally.
			"auth.example.com:3025",
			// The tunnel proxy address can be provided
			// to connect to the Auth server over SSH.
			"proxy.example.com:3024",
			// The web proxy address can be provided to automatically
			// find the tunnel proxy address and connect using it.
			"proxy.example.com:3080",
		},
		// Multiple Credentials can be provided to attempt to authenticate
		// the client. At least one Credentials object must be provided.
		Credentials: []client.Credentials{
			client.LoadProfile("", ""),
			client.LoadIdentityFile("identity-path"),
			client.LoadKeyPair("cert.crt", "cert.key", "cert.cas"),
			client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY")),
		},
		// set to true if your web proxy doesn't have HTTP/TLS certificate
		// configured yet (never use this in production).
		InsecureAddressDiscovery: false,
	})
	if err != nil {
		log.Fatal(err)
	}
	defer clt.Close()

	clt.Ping(ctx)
}
Output:

func (*Client) AcquireSemaphore

func (c *Client) AcquireSemaphore(ctx context.Context, params types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error)

AcquireSemaphore acquires lease with requested resources from semaphore.

func (*Client) AddMFADevice

func (*Client) AddMFADeviceSync

AddMFADeviceSync adds a new MFA device (nonstream).

func (*Client) AppendDiagnosticTrace

func (c *Client) AppendDiagnosticTrace(ctx context.Context, name string, t *types.ConnectionDiagnosticTrace) (types.ConnectionDiagnostic, error)

AppendDiagnosticTrace adds a new trace for the given ConnectionDiagnostic.

func (*Client) CancelSemaphoreLease

func (c *Client) CancelSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error

CancelSemaphoreLease cancels semaphore lease early.

func (*Client) ChangeUserAuthentication

ChangeUserAuthentication allows a user with a reset or invite token to change their password and if enabled also adds a new mfa device. Upon success, creates new web session and creates new set of recovery codes (if user meets requirements).

func (*Client) Close

func (c *Client) Close() error

Close closes the Client connection to the auth server.

func (*Client) CompleteAccountRecovery

func (c *Client) CompleteAccountRecovery(ctx context.Context, req *proto.CompleteAccountRecoveryRequest) error

CompleteAccountRecovery sets a new password or adds a new mfa device, allowing user to regain access to their account using the new credentials. Represents the last step in the account recovery process after RPC's StartAccountRecovery and VerifyAccountRecovery.

func (*Client) Config

func (c *Client) Config() *tls.Config

Config returns the tls.Config the client connected with.

func (*Client) CreateAccessRequest

func (c *Client) CreateAccessRequest(ctx context.Context, req types.AccessRequest) error

CreateAccessRequest registers a new access request with the auth server.

func (*Client) CreateAccountRecoveryCodes

func (c *Client) CreateAccountRecoveryCodes(ctx context.Context, req *proto.CreateAccountRecoveryCodesRequest) (*proto.RecoveryCodes, error)

CreateAccountRecoveryCodes creates new set of recovery codes for a user, replacing and invalidating any previously owned codes.

func (*Client) CreateApp

func (c *Client) CreateApp(ctx context.Context, app types.Application) error

CreateApp creates a new application resource.

func (*Client) CreateAppSession

func (c *Client) CreateAppSession(ctx context.Context, req types.CreateAppSessionRequest) (types.WebSession, error)

CreateAppSession creates an application web session. Application web sessions represent a browser session the client holds.

func (*Client) CreateAuditStream

func (c *Client) CreateAuditStream(ctx context.Context, sessionID string) (events.Stream, error)

CreateAuditStream creates new audit stream.

func (*Client) CreateAuthenticateChallenge

CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA devices.

func (*Client) CreateBot

CreateBot creates a new bot from the specified descriptor.

func (*Client) CreateConnectionDiagnostic

func (c *Client) CreateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error

CreateConnectionDiagnostic creates a new connection diagnostic.

func (*Client) CreateDatabase

func (c *Client) CreateDatabase(ctx context.Context, database types.Database) error

CreateDatabase creates a new database resource.

func (*Client) CreateGithubAuthRequest

func (c *Client) CreateGithubAuthRequest(ctx context.Context, req types.GithubAuthRequest) (*types.GithubAuthRequest, error)

CreateGithubAuthRequest creates GithubAuthRequest.

func (*Client) CreateKubernetesCluster

func (c *Client) CreateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error

CreateKubernetesCluster creates a new kubernetes cluster resource.

func (*Client) CreateOIDCAuthRequest

func (c *Client) CreateOIDCAuthRequest(ctx context.Context, req types.OIDCAuthRequest) (*types.OIDCAuthRequest, error)

CreateOIDCAuthRequest creates OIDCAuthRequest.

func (*Client) CreatePrivilegeToken

func (c *Client) CreatePrivilegeToken(ctx context.Context, req *proto.CreatePrivilegeTokenRequest) (*types.UserTokenV3, error)

CreatePrivilegeToken is implemented by AuthService.CreatePrivilegeToken.

func (*Client) CreateRegisterChallenge

func (c *Client) CreateRegisterChallenge(ctx context.Context, in *proto.CreateRegisterChallengeRequest) (*proto.MFARegisterChallenge, error)

CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device.

func (*Client) CreateResetPasswordToken

func (c *Client) CreateResetPasswordToken(ctx context.Context, req *proto.CreateResetPasswordTokenRequest) (types.UserToken, error)

CreateResetPasswordToken creates reset password token.

func (*Client) CreateSAMLAuthRequest

func (c *Client) CreateSAMLAuthRequest(ctx context.Context, req types.SAMLAuthRequest) (*types.SAMLAuthRequest, error)

CreateSAMLAuthRequest creates SAMLAuthRequest.

func (*Client) CreateSessionTracker

func (c *Client) CreateSessionTracker(ctx context.Context, st types.SessionTracker) (types.SessionTracker, error)

CreateSessionTracker creates a tracker resource for an active session.

func (*Client) CreateSnowflakeSession

func (c *Client) CreateSnowflakeSession(ctx context.Context, req types.CreateSnowflakeSessionRequest) (types.WebSession, error)

CreateSnowflakeSession creates a Snowflake web session.

func (*Client) CreateToken

func (c *Client) CreateToken(ctx context.Context, token types.ProvisionToken) error

CreateToken creates a provision token.

func (*Client) CreateUser

func (c *Client) CreateUser(ctx context.Context, user types.User) error

CreateUser creates a new user from the specified descriptor.

func (*Client) CreateWindowsDesktop

func (c *Client) CreateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

CreateWindowsDesktop registers a new windows desktop host.

func (*Client) DeleteAccessRequest

func (c *Client) DeleteAccessRequest(ctx context.Context, reqID string) error

DeleteAccessRequest deletes an access request.

func (*Client) DeleteAllAppServers

func (c *Client) DeleteAllAppServers(ctx context.Context, namespace string) error

DeleteAllAppServers removes all application servers.

DELETE IN 9.0. Deprecated, use DeleteAllApplicationServers.

func (*Client) DeleteAllAppSessions

func (c *Client) DeleteAllAppSessions(ctx context.Context) error

DeleteAllAppSessions removes all application web sessions.

func (*Client) DeleteAllApplicationServers

func (c *Client) DeleteAllApplicationServers(ctx context.Context, namespace string) error

DeleteAllApplicationServers removes all registered application servers.

func (*Client) DeleteAllApps

func (c *Client) DeleteAllApps(ctx context.Context) error

DeleteAllApps deletes all application resources.

func (*Client) DeleteAllDatabaseServers

func (c *Client) DeleteAllDatabaseServers(ctx context.Context, namespace string) error

DeleteAllDatabaseServers removes all registered database proxy servers.

func (*Client) DeleteAllDatabases

func (c *Client) DeleteAllDatabases(ctx context.Context) error

DeleteAllDatabases deletes all database resources.

func (*Client) DeleteAllInstallers

func (c *Client) DeleteAllInstallers(ctx context.Context) error

DeleteAllInstallers deletes all the installer resources.

func (*Client) DeleteAllKubeServices

func (c *Client) DeleteAllKubeServices(ctx context.Context) error

DeleteAllKubeServices deletes all registered kubernetes services. DELETE IN 12.0.0

func (*Client) DeleteAllKubernetesClusters

func (c *Client) DeleteAllKubernetesClusters(ctx context.Context) error

DeleteAllKubernetesClusters deletes all kubernetes cluster resources.

func (*Client) DeleteAllKubernetesServers

func (c *Client) DeleteAllKubernetesServers(ctx context.Context) error

DeleteAllKubernetesServers deletes all registered kubernetes servers.

func (*Client) DeleteAllNodes

func (c *Client) DeleteAllNodes(ctx context.Context, namespace string) error

DeleteAllNodes deletes all nodes in a given namespace.

func (*Client) DeleteAllSnowflakeSessions

func (c *Client) DeleteAllSnowflakeSessions(ctx context.Context) error

DeleteAllSnowflakeSessions removes all Snowflake web sessions.

func (*Client) DeleteAllWindowsDesktopServices

func (c *Client) DeleteAllWindowsDesktopServices(ctx context.Context) error

DeleteAllWindowsDesktopServices removes all registered windows desktop services.

func (*Client) DeleteAllWindowsDesktops

func (c *Client) DeleteAllWindowsDesktops(ctx context.Context) error

DeleteAllWindowsDesktops removes all registered windows desktop hosts.

func (*Client) DeleteApp

func (c *Client) DeleteApp(ctx context.Context, name string) error

DeleteApp deletes specified application resource.

func (*Client) DeleteAppServer

func (c *Client) DeleteAppServer(ctx context.Context, namespace string, name string) error

DeleteAppServer removes an application server.

DELETE IN 9.0. Deprecated, use DeleteApplicationServer.

func (*Client) DeleteAppSession

func (c *Client) DeleteAppSession(ctx context.Context, req types.DeleteAppSessionRequest) error

DeleteAppSession removes an application web session.

func (*Client) DeleteApplicationServer

func (c *Client) DeleteApplicationServer(ctx context.Context, namespace, hostID, name string) error

DeleteApplicationServer removes specified application server.

func (*Client) DeleteBot

func (c *Client) DeleteBot(ctx context.Context, botName string) error

DeleteBot deletes a bot and associated resources.

func (*Client) DeleteDatabase

func (c *Client) DeleteDatabase(ctx context.Context, name string) error

DeleteDatabase deletes specified database resource.

func (*Client) DeleteDatabaseServer

func (c *Client) DeleteDatabaseServer(ctx context.Context, namespace, hostID, name string) error

DeleteDatabaseServer removes the specified database proxy server.

func (*Client) DeleteGithubConnector

func (c *Client) DeleteGithubConnector(ctx context.Context, name string) error

DeleteGithubConnector deletes a Github connector by name.

func (*Client) DeleteInstaller

func (c *Client) DeleteInstaller(ctx context.Context, name string) error

DeleteInstaller deletes the cluster installer resource

func (*Client) DeleteKubeService

func (c *Client) DeleteKubeService(ctx context.Context, name string) error

DeleteKubeService deletes a named kubernetes service. DELETE IN 12.0.0

func (*Client) DeleteKubernetesCluster

func (c *Client) DeleteKubernetesCluster(ctx context.Context, name string) error

DeleteKubernetesCluster deletes specified kubernetes cluster resource.

func (*Client) DeleteKubernetesServer

func (c *Client) DeleteKubernetesServer(ctx context.Context, hostID, name string) error

DeleteKubernetesServer deletes a named kubernetes server.

func (*Client) DeleteLock

func (c *Client) DeleteLock(ctx context.Context, name string) error

DeleteLock deletes a lock.

func (*Client) DeleteMFADevice

func (*Client) DeleteMFADeviceSync

func (c *Client) DeleteMFADeviceSync(ctx context.Context, in *proto.DeleteMFADeviceSyncRequest) error

DeleteMFADeviceSync deletes a users MFA device (nonstream).

func (*Client) DeleteNetworkRestrictions

func (c *Client) DeleteNetworkRestrictions(ctx context.Context) error

DeleteNetworkRestrictions deletes the network restrictions

func (*Client) DeleteNode

func (c *Client) DeleteNode(ctx context.Context, namespace, name string) error

DeleteNode deletes a node by name and namespace.

func (*Client) DeleteOIDCConnector

func (c *Client) DeleteOIDCConnector(ctx context.Context, name string) error

DeleteOIDCConnector deletes an OIDC connector by name.

func (*Client) DeleteRole

func (c *Client) DeleteRole(ctx context.Context, name string) error

DeleteRole deletes role by name

func (*Client) DeleteSAMLConnector

func (c *Client) DeleteSAMLConnector(ctx context.Context, name string) error

DeleteSAMLConnector deletes a SAML connector by name.

func (*Client) DeleteSemaphore

func (c *Client) DeleteSemaphore(ctx context.Context, filter types.SemaphoreFilter) error

DeleteSemaphore deletes a semaphore matching the supplied filter.

func (*Client) DeleteSnowflakeSession

func (c *Client) DeleteSnowflakeSession(ctx context.Context, req types.DeleteSnowflakeSessionRequest) error

DeleteSnowflakeSession removes a Snowflake web session.

func (*Client) DeleteToken

func (c *Client) DeleteToken(ctx context.Context, name string) error

DeleteToken deletes a provision token by name.

func (*Client) DeleteTrustedCluster

func (c *Client) DeleteTrustedCluster(ctx context.Context, name string) error

DeleteTrustedCluster deletes a Trusted Cluster by name.

func (*Client) DeleteUser

func (c *Client) DeleteUser(ctx context.Context, user string) error

DeleteUser deletes a user by name.

func (*Client) DeleteUserAppSessions

func (c *Client) DeleteUserAppSessions(ctx context.Context, req *proto.DeleteUserAppSessionsRequest) error

DeleteUserAppSessions deletes all user’s application sessions.

func (*Client) DeleteWindowsDesktop

func (c *Client) DeleteWindowsDesktop(ctx context.Context, hostID, name string) error

DeleteWindowsDesktop removes the specified windows desktop host. Note: unlike GetWindowsDesktops, this will delete at-most one desktop. Passing an empty host ID will not trigger "delete all" behavior. To delete all desktops, use DeleteAllWindowsDesktops.

func (*Client) DeleteWindowsDesktopService

func (c *Client) DeleteWindowsDesktopService(ctx context.Context, name string) error

DeleteWindowsDesktopService removes the specified windows desktop service.

func (*Client) Dialer

func (c *Client) Dialer() ContextDialer

Dialer returns the ContextDialer the client connected with.

func (*Client) EmitAuditEvent

func (c *Client) EmitAuditEvent(ctx context.Context, event events.AuditEvent) error

EmitAuditEvent sends an auditable event to the auth server.

func (*Client) GenerateAppToken

func (c *Client) GenerateAppToken(ctx context.Context, req types.GenerateAppTokenRequest) (string, error)

GenerateAppToken creates a JWT token with application access.

func (*Client) GenerateCertAuthorityCRL

func (c *Client) GenerateCertAuthorityCRL(ctx context.Context, req *proto.CertAuthorityRequest) (*proto.CRL, error)

GenerateCertAuthorityCRL generates an empty CRL for a CA.

func (*Client) GenerateDatabaseCert

func (c *Client) GenerateDatabaseCert(ctx context.Context, req *proto.DatabaseCertRequest) (*proto.DatabaseCertResponse, error)

GenerateDatabaseCert generates client certificate used by a database service to authenticate with the database instance.

func (*Client) GenerateHostCerts

func (c *Client) GenerateHostCerts(ctx context.Context, req *proto.HostCertsRequest) (*proto.Certs, error)

GenerateHostCerts generates host certificates.

func (*Client) GenerateSnowflakeJWT

func (c *Client) GenerateSnowflakeJWT(ctx context.Context, req types.GenerateSnowflakeJWT) (string, error)

GenerateSnowflakeJWT generates JWT in the Snowflake required format.

func (*Client) GenerateToken

func (c *Client) GenerateToken(ctx context.Context, req *proto.GenerateTokenRequest) (string, error)

GenerateToken generates a new auth token for the given service roles. This token can be used by corresponding services to authenticate with the Auth server and get a signed certificate and private key.

func (*Client) GenerateUserCerts

func (c *Client) GenerateUserCerts(ctx context.Context, req proto.UserCertsRequest) (*proto.Certs, error)

GenerateUserCerts takes the public key in the OpenSSH `authorized_keys` plain text format, signs it using User Certificate Authority signing key and returns the resulting certificates.

func (*Client) GenerateUserSingleUseCerts

func (c *Client) GenerateUserSingleUseCerts(ctx context.Context) (proto.AuthService_GenerateUserSingleUseCertsClient, error)

func (*Client) GenerateWindowsDesktopCert

func (c *Client) GenerateWindowsDesktopCert(ctx context.Context, req *proto.WindowsDesktopCertRequest) (*proto.WindowsDesktopCertResponse, error)

GenerateWindowsDesktopCert generates client certificate for Windows RDP authentication.

func (*Client) GetAccessCapabilities

func (c *Client) GetAccessCapabilities(ctx context.Context, req types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error)

GetAccessCapabilities requests the access capabilities of a user.

func (*Client) GetAccessRequests

func (c *Client) GetAccessRequests(ctx context.Context, filter types.AccessRequestFilter) ([]types.AccessRequest, error)

GetAccessRequests retrieves a list of all access requests matching the provided filter.

func (*Client) GetAccountRecoveryCodes

func (c *Client) GetAccountRecoveryCodes(ctx context.Context, req *proto.GetAccountRecoveryCodesRequest) (*proto.RecoveryCodes, error)

GetAccountRecoveryCodes returns the user in context their recovery codes resource without any secrets.

func (*Client) GetAccountRecoveryToken

func (c *Client) GetAccountRecoveryToken(ctx context.Context, req *proto.GetAccountRecoveryTokenRequest) (types.UserToken, error)

GetAccountRecoveryToken returns a user token resource after verifying the token in request is not expired and is of the correct recovery type.

func (*Client) GetActiveSessionTrackers

func (c *Client) GetActiveSessionTrackers(ctx context.Context) ([]types.SessionTracker, error)

GetActiveSessionTrackers returns a list of active session trackers.

func (*Client) GetApp

func (c *Client) GetApp(ctx context.Context, name string) (types.Application, error)

GetApp returns the specified application resource.

func (*Client) GetAppServers

func (c *Client) GetAppServers(ctx context.Context, namespace string) ([]types.Server, error)

GetAppServers gets all application servers.

DELETE IN 9.0. Deprecated, use GetApplicationServers.

func (*Client) GetAppSession

func (c *Client) GetAppSession(ctx context.Context, req types.GetAppSessionRequest) (types.WebSession, error)

GetAppSession gets an application web session.

func (*Client) GetAppSessions

func (c *Client) GetAppSessions(ctx context.Context) ([]types.WebSession, error)

GetAppSessions gets all application web sessions.

func (*Client) GetApplicationServers

func (c *Client) GetApplicationServers(ctx context.Context, namespace string) ([]types.AppServer, error)

GetApplicationServers returns all registered application servers.

func (*Client) GetApps

func (c *Client) GetApps(ctx context.Context) ([]types.Application, error)

GetApps returns all application resources.

func (*Client) GetAuthPreference

func (c *Client) GetAuthPreference(ctx context.Context) (types.AuthPreference, error)

GetAuthPreference gets cluster auth preference.

func (*Client) GetBotUsers

func (c *Client) GetBotUsers(ctx context.Context) ([]types.User, error)

GetBotUsers fetches all bot users.

func (*Client) GetClusterAlerts

func (c *Client) GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error)

GetClusterAlerts loads matching cluster alerts.

func (*Client) GetClusterAuditConfig

func (c *Client) GetClusterAuditConfig(ctx context.Context) (types.ClusterAuditConfig, error)

GetClusterAuditConfig gets cluster audit configuration.

func (*Client) GetClusterCACert

func (c *Client) GetClusterCACert(ctx context.Context) (*proto.GetClusterCACertResponse, error)

GetClusterCACert returns the PEM-encoded TLS certs for the local cluster. If the cluster has multiple TLS certs, they will all be concatenated.

func (*Client) GetClusterNetworkingConfig

func (c *Client) GetClusterNetworkingConfig(ctx context.Context) (types.ClusterNetworkingConfig, error)

GetClusterNetworkingConfig gets cluster networking configuration.

func (*Client) GetConnection

func (c *Client) GetConnection() *grpc.ClientConn

GetConnection returns GRPC connection.

func (*Client) GetConnectionDiagnostic

func (c *Client) GetConnectionDiagnostic(ctx context.Context, name string) (types.ConnectionDiagnostic, error)

GetConnectionDiagnostic reads a connection diagnostic

func (*Client) GetCurrentUser

func (c *Client) GetCurrentUser(ctx context.Context) (types.User, error)

GetCurrentUser returns current user as seen by the server. Useful especially in the context of remote clusters which perform role and trait mapping.

func (*Client) GetCurrentUserRoles

func (c *Client) GetCurrentUserRoles(ctx context.Context) ([]types.Role, error)

GetCurrentUserRoles returns current user's roles.

func (*Client) GetDatabase

func (c *Client) GetDatabase(ctx context.Context, name string) (types.Database, error)

GetDatabase returns the specified database resource.

func (*Client) GetDatabaseServers

func (c *Client) GetDatabaseServers(ctx context.Context, namespace string) ([]types.DatabaseServer, error)

GetDatabaseServers returns all registered database proxy servers.

func (*Client) GetDatabases

func (c *Client) GetDatabases(ctx context.Context) ([]types.Database, error)

GetDatabases returns all database resources.

func (*Client) GetDomainName

func (c *Client) GetDomainName(ctx context.Context) (string, error)

GetDomainName returns local auth domain of the current auth server

func (*Client) GetGithubAuthRequest

func (c *Client) GetGithubAuthRequest(ctx context.Context, stateToken string) (*types.GithubAuthRequest, error)

GetGithubAuthRequest gets a GithubAuthRequest by state token.

func (*Client) GetGithubConnector

func (c *Client) GetGithubConnector(ctx context.Context, name string, withSecrets bool) (types.GithubConnector, error)

GetGithubConnector returns a Github connector by name.

func (*Client) GetGithubConnectors

func (c *Client) GetGithubConnectors(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error)

GetGithubConnectors returns a list of Github connectors.

func (*Client) GetInstaller

func (c *Client) GetInstaller(ctx context.Context, name string) (types.Installer, error)

GetInstaller gets the cluster installer resource

func (*Client) GetInstallers

func (c *Client) GetInstallers(ctx context.Context) ([]types.Installer, error)

GetInstaller gets all installer script resources

func (*Client) GetInventoryStatus

func (*Client) GetKubeServices

func (c *Client) GetKubeServices(ctx context.Context) ([]types.Server, error)

GetKubeServices returns the list of kubernetes services registered in the cluster. DELETE IN 12.0.0

func (*Client) GetKubernetesCluster

func (c *Client) GetKubernetesCluster(ctx context.Context, name string) (types.KubeCluster, error)

GetKubernetesCluster returns the specified kubernetes resource.

func (*Client) GetKubernetesClusters

func (c *Client) GetKubernetesClusters(ctx context.Context) ([]types.KubeCluster, error)

GetKubernetesClusters returns all kubernetes cluster resources.

func (*Client) GetKubernetesServers

func (c *Client) GetKubernetesServers(ctx context.Context) ([]types.KubeServer, error)

GetKubernetesServers returns the list of kubernetes servers registered in the cluster.

func (*Client) GetLock

func (c *Client) GetLock(ctx context.Context, name string) (types.Lock, error)

GetLock gets a lock by name.

func (*Client) GetLocks

func (c *Client) GetLocks(ctx context.Context, inForceOnly bool, targets ...types.LockTarget) ([]types.Lock, error)

GetLocks gets all/in-force locks that match at least one of the targets when specified.

func (*Client) GetMFADevices

func (*Client) GetNetworkRestrictions

func (c *Client) GetNetworkRestrictions(ctx context.Context) (types.NetworkRestrictions, error)

GetNetworkRestrictions retrieves the network restrictions

func (*Client) GetNode

func (c *Client) GetNode(ctx context.Context, namespace, name string) (types.Server, error)

GetNode returns a node by name and namespace.

func (*Client) GetNodes

func (c *Client) GetNodes(ctx context.Context, namespace string) ([]types.Server, error)

GetNodes returns a complete list of nodes that the user has access to in the given namespace.

func (*Client) GetOIDCAuthRequest

func (c *Client) GetOIDCAuthRequest(ctx context.Context, stateToken string) (*types.OIDCAuthRequest, error)

GetOIDCAuthRequest gets an OIDCAuthRequest by state token.

func (*Client) GetOIDCConnector

func (c *Client) GetOIDCConnector(ctx context.Context, name string, withSecrets bool) (types.OIDCConnector, error)

GetOIDCConnector returns an OIDC connector by name.

func (*Client) GetOIDCConnectors

func (c *Client) GetOIDCConnectors(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error)

GetOIDCConnectors returns a list of OIDC connectors.

func (*Client) GetPluginData

func (c *Client) GetPluginData(ctx context.Context, filter types.PluginDataFilter) ([]types.PluginData, error)

GetPluginData loads all plugin data matching the supplied filter.

func (*Client) GetResetPasswordToken

func (c *Client) GetResetPasswordToken(ctx context.Context, tokenID string) (types.UserToken, error)

GetResetPasswordToken returns a reset password token for the specified tokenID.

func (*Client) GetRole

func (c *Client) GetRole(ctx context.Context, name string) (types.Role, error)

GetRole returns role by name

func (*Client) GetRoles

func (c *Client) GetRoles(ctx context.Context) ([]types.Role, error)

GetRoles returns a list of roles

func (*Client) GetSAMLAuthRequest

func (c *Client) GetSAMLAuthRequest(ctx context.Context, id string) (*types.SAMLAuthRequest, error)

GetSAMLAuthRequest gets a SAMLAuthRequest by id.

func (*Client) GetSAMLConnector

func (c *Client) GetSAMLConnector(ctx context.Context, name string, withSecrets bool) (types.SAMLConnector, error)

GetSAMLConnector returns a SAML connector by name.

func (*Client) GetSAMLConnectors

func (c *Client) GetSAMLConnectors(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error)

GetSAMLConnectors returns a list of SAML connectors.

func (*Client) GetSSODiagnosticInfo

func (c *Client) GetSSODiagnosticInfo(ctx context.Context, authRequestKind string, authRequestID string) (*types.SSODiagnosticInfo, error)

GetSSODiagnosticInfo returns SSO diagnostic info records for a specific SSO Auth request.

func (*Client) GetSemaphores

func (c *Client) GetSemaphores(ctx context.Context, filter types.SemaphoreFilter) ([]types.Semaphore, error)

GetSemaphores returns a list of all semaphores matching the supplied filter.

func (*Client) GetSessionRecordingConfig

func (c *Client) GetSessionRecordingConfig(ctx context.Context) (types.SessionRecordingConfig, error)

GetSessionRecordingConfig gets session recording configuration.

func (*Client) GetSessionTracker

func (c *Client) GetSessionTracker(ctx context.Context, sessionID string) (types.SessionTracker, error)

GetSessionTracker returns the current state of a session tracker for an active session.

func (*Client) GetSnowflakeSession

func (c *Client) GetSnowflakeSession(ctx context.Context, req types.GetSnowflakeSessionRequest) (types.WebSession, error)

GetSnowflakeSession gets a Snowflake web session.

func (*Client) GetSnowflakeSessions

func (c *Client) GetSnowflakeSessions(ctx context.Context) ([]types.WebSession, error)

GetSnowflakeSessions gets all Snowflake web sessions.

func (*Client) GetToken

func (c *Client) GetToken(ctx context.Context, name string) (types.ProvisionToken, error)

GetToken returns a provision token by name.

func (*Client) GetTokens

func (c *Client) GetTokens(ctx context.Context) ([]types.ProvisionToken, error)

GetTokens returns a list of active provision tokens for nodes and users.

func (*Client) GetTrustedCluster

func (c *Client) GetTrustedCluster(ctx context.Context, name string) (types.TrustedCluster, error)

GetTrustedCluster returns a Trusted Cluster by name.

func (*Client) GetTrustedClusters

func (c *Client) GetTrustedClusters(ctx context.Context) ([]types.TrustedCluster, error)

GetTrustedClusters returns a list of Trusted Clusters.

func (*Client) GetUser

func (c *Client) GetUser(name string, withSecrets bool) (types.User, error)

GetUser returns a list of usernames registered in the system. withSecrets controls whether authentication details are returned.

func (*Client) GetUsers

func (c *Client) GetUsers(withSecrets bool) ([]types.User, error)

GetUsers returns a list of users. withSecrets controls whether authentication details are returned.

func (*Client) GetWebSession

func (c *Client) GetWebSession(ctx context.Context, req types.GetWebSessionRequest) (types.WebSession, error)

GetWebSession returns the web session for the specified request. Implements ReadAccessPoint

func (*Client) GetWebToken

func (c *Client) GetWebToken(ctx context.Context, req types.GetWebTokenRequest) (types.WebToken, error)

GetWebToken returns the web token for the specified request. Implements ReadAccessPoint

func (*Client) GetWindowsDesktopService

func (c *Client) GetWindowsDesktopService(ctx context.Context, name string) (types.WindowsDesktopService, error)

GetWindowsDesktopService returns a registered windows desktop service by name.

func (*Client) GetWindowsDesktopServices

func (c *Client) GetWindowsDesktopServices(ctx context.Context) ([]types.WindowsDesktopService, error)

GetWindowsDesktopServices returns all registered windows desktop services.

func (*Client) GetWindowsDesktops

func (c *Client) GetWindowsDesktops(ctx context.Context, filter types.WindowsDesktopFilter) ([]types.WindowsDesktop, error)

GetWindowsDesktops returns all registered windows desktop hosts.

func (*Client) InventoryControlStream

func (c *Client) InventoryControlStream(ctx context.Context) (DownstreamInventoryControlStream, error)

InventoryControlStream opens a new control stream. The first message sent must be an UpstreamInventoryHello, and the first message received must be a DownstreamInventoryHello.

func (*Client) IsMFARequired

func (*Client) KeepAliveSemaphoreLease

func (c *Client) KeepAliveSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error

KeepAliveSemaphoreLease updates semaphore lease.

func (*Client) ListResources

ListResources returns a paginated list of nodes that the user has access to. `nextKey` is used as `startKey` in another call to ListResources to retrieve the next page. If you want to list all resources pages, check the `GetResources` function. It will return a `trace.LimitExceeded` error if the page exceeds gRPC max message size.

func (*Client) MaintainSessionPresence

func (c *Client) MaintainSessionPresence(ctx context.Context) (proto.AuthService_MaintainSessionPresenceClient, error)

MaintainSessionPresence establishes a channel used to continuously verify the presence for a session.

func (*Client) NewKeepAliver

func (c *Client) NewKeepAliver(ctx context.Context) (types.KeepAliver, error)

NewKeepAliver returns a new instance of keep aliver. It is the caller's responsibility to invoke Close on the returned value to release the keepAliver resources.

func (*Client) NewWatcher

func (c *Client) NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error)

NewWatcher returns a new streamWatcher

func (*Client) Ping

func (c *Client) Ping(ctx context.Context) (proto.PingResponse, error)

Ping gets basic info about the auth server.

func (*Client) PingInventory

func (*Client) RemoveSessionTracker

func (c *Client) RemoveSessionTracker(ctx context.Context, sessionID string) error

RemoveSessionTracker removes a tracker resource for an active session.

func (*Client) ReplaceRemoteLocks

func (c *Client) ReplaceRemoteLocks(ctx context.Context, clusterName string, locks []types.Lock) error

ReplaceRemoteLocks replaces the set of locks associated with a remote cluster.

func (*Client) ResetAuthPreference

func (c *Client) ResetAuthPreference(ctx context.Context) error

ResetAuthPreference resets cluster auth preference to defaults.

func (*Client) ResetClusterNetworkingConfig

func (c *Client) ResetClusterNetworkingConfig(ctx context.Context) error

ResetClusterNetworkingConfig resets cluster networking configuration to defaults.

func (*Client) ResetSessionRecordingConfig

func (c *Client) ResetSessionRecordingConfig(ctx context.Context) error

ResetSessionRecordingConfig resets session recording configuration to defaults.

func (*Client) ResumeAuditStream

func (c *Client) ResumeAuditStream(ctx context.Context, sessionID, uploadID string) (events.Stream, error)

ResumeAuditStream resumes existing audit stream.

func (*Client) RotateUserTokenSecrets

func (c *Client) RotateUserTokenSecrets(ctx context.Context, tokenID string) (types.UserTokenSecrets, error)

RotateUserTokenSecrets rotates secrets for a given tokenID. It gets called every time a user fetches 2nd-factor secrets during registration attempt. This ensures that an attacker that gains the ResetPasswordToken link can not view it, extract the OTP key from the QR code, then allow the user to signup with the same OTP token.

func (*Client) SearchEvents

func (c *Client) SearchEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)

SearchEvents allows searching for events with a full pagination support.

func (*Client) SearchSessionEvents

func (c *Client) SearchSessionEvents(ctx context.Context, fromUTC time.Time, toUTC time.Time, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)

SearchSessionEvents allows searching for session events with a full pagination support.

func (*Client) SetAccessRequestState

func (c *Client) SetAccessRequestState(ctx context.Context, params types.AccessRequestUpdate) error

SetAccessRequestState updates the state of an existing access request.

func (*Client) SetAuthPreference

func (c *Client) SetAuthPreference(ctx context.Context, authPref types.AuthPreference) error

SetAuthPreference sets cluster auth preference.

func (*Client) SetClusterNetworkingConfig

func (c *Client) SetClusterNetworkingConfig(ctx context.Context, netConfig types.ClusterNetworkingConfig) error

SetClusterNetworkingConfig sets cluster networking configuration.

func (*Client) SetInstaller

func (c *Client) SetInstaller(ctx context.Context, inst types.Installer) error

SetInstaller sets the cluster installer resource

func (*Client) SetNetworkRestrictions

func (c *Client) SetNetworkRestrictions(ctx context.Context, nr types.NetworkRestrictions) error

SetNetworkRestrictions updates the network restrictions

func (*Client) SetSessionRecordingConfig

func (c *Client) SetSessionRecordingConfig(ctx context.Context, recConfig types.SessionRecordingConfig) error

SetSessionRecordingConfig sets session recording configuration.

func (*Client) SignDatabaseCSR

func (c *Client) SignDatabaseCSR(ctx context.Context, req *proto.DatabaseCSRRequest) (*proto.DatabaseCSRResponse, error)

SignDatabaseCSR generates a client certificate used by proxy when talking to a remote database service.

func (*Client) StartAccountRecovery

func (c *Client) StartAccountRecovery(ctx context.Context, req *proto.StartAccountRecoveryRequest) (types.UserToken, error)

StartAccountRecovery creates a recovery start token for a user who successfully verified their username and their recovery code. This token is used as part of a URL that will be emailed to the user (not done in this request). Represents step 1 of the account recovery process.

func (*Client) StreamSessionEvents

func (c *Client) StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan events.AuditEvent, chan error)

StreamSessionEvents streams audit events from a given session recording.

func (*Client) SubmitAccessReview

func (c *Client) SubmitAccessReview(ctx context.Context, params types.AccessReviewSubmission) (types.AccessRequest, error)

SubmitAccessReview applies a review to a request and returns the post-application state.

func (*Client) UnstableAssertSystemRole

func (c *Client) UnstableAssertSystemRole(ctx context.Context, req proto.UnstableSystemRoleAssertion) error

UnstableAssertSystemRole is not a stable part of the public API. Used by older instances to prove that they hold a given system role.

DELETE IN: 11.0 (server side method should continue to exist until 12.0 for back-compat reasons, but v11 clients should no longer need this method)

func (*Client) UpdateApp

func (c *Client) UpdateApp(ctx context.Context, app types.Application) error

UpdateApp updates existing application resource.

func (*Client) UpdateConnectionDiagnostic

func (c *Client) UpdateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error

UpdateConnectionDiagnostic updates a connection diagnostic.

func (*Client) UpdateDatabase

func (c *Client) UpdateDatabase(ctx context.Context, database types.Database) error

UpdateDatabase updates existing database resource.

func (*Client) UpdateKubernetesCluster

func (c *Client) UpdateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error

UpdateKubernetesCluster updates existing kubernetes cluster resource.

func (*Client) UpdatePluginData

func (c *Client) UpdatePluginData(ctx context.Context, params types.PluginDataUpdateParams) error

UpdatePluginData updates a per-resource PluginData entry.

func (*Client) UpdateRemoteCluster

func (c *Client) UpdateRemoteCluster(ctx context.Context, rc types.RemoteCluster) error

UpdateRemoteCluster updates remote cluster from the specified value.

func (*Client) UpdateSessionTracker

func (c *Client) UpdateSessionTracker(ctx context.Context, req *proto.UpdateSessionTrackerRequest) error

UpdateSessionTracker updates a tracker resource for an active session.

func (*Client) UpdateUser

func (c *Client) UpdateUser(ctx context.Context, user types.User) error

UpdateUser updates an existing user in a backend.

func (*Client) UpdateWindowsDesktop

func (c *Client) UpdateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

UpdateWindowsDesktop updates an existing windows desktop host.

func (*Client) UpsertAppServer

func (c *Client) UpsertAppServer(ctx context.Context, server types.Server) (*types.KeepAlive, error)

UpsertAppServer adds an application server.

DELETE IN 9.0. Deprecated, use UpsertApplicationServer.

func (*Client) UpsertApplicationServer

func (c *Client) UpsertApplicationServer(ctx context.Context, server types.AppServer) (*types.KeepAlive, error)

UpsertApplicationServer registers an application server.

func (*Client) UpsertClusterAlert

func (c *Client) UpsertClusterAlert(ctx context.Context, alert types.ClusterAlert) error

UpsertClusterAlert creates a cluster alert.

func (*Client) UpsertDatabaseServer

func (c *Client) UpsertDatabaseServer(ctx context.Context, server types.DatabaseServer) (*types.KeepAlive, error)

UpsertDatabaseServer registers a new database proxy server.

func (*Client) UpsertGithubConnector

func (c *Client) UpsertGithubConnector(ctx context.Context, connector types.GithubConnector) error

UpsertGithubConnector creates or updates a Github connector.

func (*Client) UpsertKubeService

func (c *Client) UpsertKubeService(ctx context.Context, s types.Server) error

UpsertKubeService is used by kubernetes services to report their presence to other auth servers in form of hearbeat expiring after ttl period. DELETE IN 12.0.0

func (*Client) UpsertKubeServiceV2

func (c *Client) UpsertKubeServiceV2(ctx context.Context, s types.Server) (*types.KeepAlive, error)

UpsertKubeServiceV2 is used by kubernetes services to report their presence to other auth servers in form of hearbeat expiring after ttl period. DELETE IN 12.0.0

func (*Client) UpsertKubernetesServer

func (c *Client) UpsertKubernetesServer(ctx context.Context, s types.KubeServer) (*types.KeepAlive, error)

UpsertKubernetesServer is used by kubernetes services to report their presence to other auth servers in form of hearbeat expiring after ttl period.

func (*Client) UpsertLock

func (c *Client) UpsertLock(ctx context.Context, lock types.Lock) error

UpsertLock upserts a lock.

func (*Client) UpsertNode

func (c *Client) UpsertNode(ctx context.Context, node types.Server) (*types.KeepAlive, error)

UpsertNode is used by SSH servers to report their presence to the auth servers in form of heartbeat expiring after ttl period.

func (*Client) UpsertOIDCConnector

func (c *Client) UpsertOIDCConnector(ctx context.Context, oidcConnector types.OIDCConnector) error

UpsertOIDCConnector creates or updates an OIDC connector.

func (*Client) UpsertRole

func (c *Client) UpsertRole(ctx context.Context, role types.Role) error

UpsertRole creates or updates role

func (*Client) UpsertSAMLConnector

func (c *Client) UpsertSAMLConnector(ctx context.Context, connector types.SAMLConnector) error

UpsertSAMLConnector creates or updates a SAML connector.

func (*Client) UpsertToken

func (c *Client) UpsertToken(ctx context.Context, token types.ProvisionToken) error

UpsertToken creates or updates a provision token.

func (*Client) UpsertTrustedCluster

func (c *Client) UpsertTrustedCluster(ctx context.Context, trusedCluster types.TrustedCluster) (types.TrustedCluster, error)

UpsertTrustedCluster creates or updates a Trusted Cluster.

func (*Client) UpsertWindowsDesktop

func (c *Client) UpsertWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

UpsertWindowsDesktop updates a windows desktop resource, creating it if it doesn't exist.

func (*Client) UpsertWindowsDesktopService

func (c *Client) UpsertWindowsDesktopService(ctx context.Context, service types.WindowsDesktopService) (*types.KeepAlive, error)

UpsertWindowsDesktopService registers a new windows desktop service.

func (*Client) VerifyAccountRecovery

func (c *Client) VerifyAccountRecovery(ctx context.Context, req *proto.VerifyAccountRecoveryRequest) (types.UserToken, error)

VerifyAccountRecovery creates a recovery approved token after successful verification of users password or second factor (authn depending on what user needed to recover). This token will allow users to perform protected actions while not logged in. Represents step 2 of the account recovery process after RPC StartAccountRecovery.

func (*Client) WebSessions

func (c *Client) WebSessions() types.WebSessionInterface

WebSessions returns the web sessions controller

func (*Client) WebTokens

func (c *Client) WebTokens() types.WebTokenInterface

WebTokens returns the web tokens controller

func (*Client) WithCallOptions

func (c *Client) WithCallOptions(opts ...grpc.CallOption) *Client

WithCallOptions returns a copy of the client with the given call options set. This function should be used for chaining - client.WithCallOptions().Ping()

type Config

type Config struct {
	// Addrs is a list of teleport auth/proxy server addresses to dial.
	Addrs []string
	// Credentials are a list of credentials to use when attempting
	// to connect to the server.
	Credentials []Credentials
	// Dialer is a custom dialer used to dial a server. The Dialer should
	// have custom logic to provide an address to the dialer. If set, Dialer
	// takes precedence over all other connection options.
	Dialer ContextDialer
	// DialOpts define options for dialing the client connection.
	DialOpts []grpc.DialOption
	// DialInBackground specifies to dial the connection in the background
	// rather than blocking until the connection is up. A predefined Dialer
	// or an auth server address must be provided.
	DialInBackground bool
	// DialTimeout defines how long to attempt dialing before timing out.
	DialTimeout time.Duration
	// KeepAlivePeriod defines period between keep alives.
	KeepAlivePeriod time.Duration
	// KeepAliveCount specifies the amount of missed keep alives
	// to wait for before declaring the connection as broken.
	KeepAliveCount int
	// The web proxy uses a self-signed TLS certificate by default, which
	// requires this field to be set. If the web proxy was provided with
	// signed TLS certificates, this field should not be set.
	InsecureAddressDiscovery bool
	// ALPNSNIAuthDialClusterName if present the client will include ALPN SNI routing information in TLS Hello message
	// allowing to dial auth service through Teleport Proxy directly without using SSH Tunnels.
	ALPNSNIAuthDialClusterName string
	// CircuitBreakerConfig defines how the circuit breaker should behave.
	CircuitBreakerConfig breaker.Config
	// Context is the base context to use for dialing. If not provided context.Background is used
	Context context.Context
}

Config contains configuration of the client

func (*Config) CheckAndSetDefaults

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default config values.

type ContextDialer

type ContextDialer interface {
	// DialContext is a function that dials the specified address
	DialContext(ctx context.Context, network, addr string) (net.Conn, error)
}

ContextDialer represents network dialer interface that uses context

func NewDialer

func NewDialer(ctx context.Context, keepAlivePeriod, dialTimeout time.Duration) ContextDialer

NewDialer makes a new dialer that connects to an Auth server either directly or via an HTTP proxy, depending on the environment.

func NewProxyDialer

func NewProxyDialer(ssh ssh.ClientConfig, keepAlivePeriod, dialTimeout time.Duration, discoveryAddr string, insecure bool) ContextDialer

NewProxyDialer makes a dialer to connect to an Auth server through the SSH reverse tunnel on the proxy. The dialer will ping the web client to discover the tunnel proxy address on each dial.

type ContextDialerFunc

type ContextDialerFunc func(ctx context.Context, network, addr string) (net.Conn, error)

ContextDialerFunc is a function wrapper that implements the ContextDialer interface.

func (ContextDialerFunc) DialContext

func (f ContextDialerFunc) DialContext(ctx context.Context, network, addr string) (net.Conn, error)

DialContext is a function that dials to the specified address

type Credentials

type Credentials interface {
	// Dialer is used to create a dialer used to connect to the Auth server.
	Dialer(cfg Config) (ContextDialer, error)
	// TLSConfig returns TLS configuration used to authenticate the client.
	TLSConfig() (*tls.Config, error)
	// SSHClientConfig returns SSH configuration used to connect to the
	// Auth server through a reverse tunnel.
	SSHClientConfig() (*ssh.ClientConfig, error)
}

Credentials are used to authenticate the API auth client. Some Credentials also provide other functionality, such as automatic address discovery and ssh connectivity.

See the examples below for an example of each loader.

Example (LoadIdentity)

Generate identity file with tsh or tctl.

$ tsh login --user=api-user --out=identity-file-path
$ tctl auth sign --user=api-user --out=identity-file-path

Load credentials from the specified identity file.

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadIdentityFile("identity-file-path")
}
Output:

Example (LoadIdentityString)

Generate identity file with tsh or tctl.

$ tsh login --user=api-user --out=identity-file-path
$ tctl auth sign --user=api-user --out=identity-file-path
$ export TELEPORT_IDENTITY=$(cat identity-file-path)

Load credentials from the envrironment variable.

package main

import (
	"os"

	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY"))
}
Output:

Example (LoadKeyPair)

Generate certificate key pair with tctl.

$ tctl auth sign --format=tls --user=api-user --out=path/to/certs

Load credentials from the specified certificate files.

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadKeyPair(
		"path/to/certs.crt",
		"path/to/certs.key",
		"path/to/certs.cas",
	)
}
Output:

Example (LoadProfile)

Generate tsh profile with tsh.

$ tsh login --user=api-user

Load credentials from the default directory and current profile, or specify the directory and profile.

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadProfile("", "")
	client.LoadProfile("profile-directory", "api-user")
}
Output:

func LoadIdentityFile

func LoadIdentityFile(path string) Credentials

LoadIdentityFile is used to load Credentials from an identity file on disk.

Identity Credentials can be used to connect to an auth server directly or through a reverse tunnel.

A new identity file can be generated with tsh or tctl.

$ tsh login --user=api-user --out=identity-file-path
$ tctl auth sign --user=api-user --out=identity-file-path

The identity file's time to live can be specified with --ttl.

See the example below for usage.

Example

Load credentials from the specified identity file.

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadIdentityFile("identity-file-path")
}
Output:

func LoadIdentityFileFromString

func LoadIdentityFileFromString(content string) Credentials

LoadIdentityFileFromString is used to load Credentials from a string containing identity file contents.

Identity Credentials can be used to connect to an auth server directly or through a reverse tunnel.

A new identity file can be generated with tsh or tctl.

$ tsh login --user=api-user --out=identity-file-path
$ tctl auth sign --user=api-user --out=identity-file-path

The identity file's time to live can be specified with --ttl.

See the example below for usage.

Example

Load credentials from the specified environment variable.

package main

import (
	"os"

	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY"))
}
Output:

func LoadKeyPair

func LoadKeyPair(certFile, keyFile, caFile string) Credentials

LoadKeyPair is used to load Credentials from a certicate keypair on disk.

KeyPair Credentials can only be used to connect directly to a Teleport Auth server.

New KeyPair files can be generated with tsh or tctl.

$ tctl auth sign --format=tls --user=api-user --out=path/to/certs

The certificates' time to live can be specified with --ttl.

See the example below for usage.

Example

Load credentials from the specified certificate files.

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadKeyPair(
		"path/to/certs.crt",
		"path/to/certs.key",
		"path/to/certs.cas",
	)
}
Output:

func LoadProfile

func LoadProfile(dir, name string) Credentials

LoadProfile is used to load Credentials from a tsh profile on disk.

dir is the profile directory. It will defaults to "~/.tsh".

name is the profile name. It will default to the currently active tsh profile.

Profile Credentials can be used to connect to an auth server directly or through a reverse tunnel.

Profile Credentials will automatically attempt to find your reverse tunnel address and make a connection through it.

A new profile can be generated with tsh.

$ tsh login --user=api-user
Example

Load credentials from the default directory and current profile, or specify the directory and profile.

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadProfile("", "")
	client.LoadProfile("profile-directory", "api-user")
}
Output:

func LoadTLS

func LoadTLS(tlsConfig *tls.Config) Credentials

LoadTLS is used to load Credentials directly from a *tls.Config.

TLS creds can only be used to connect directly to a Teleport Auth server.

type DownstreamInventoryControlStream

type DownstreamInventoryControlStream interface {
	// Send attempts to send an upstream message. An error returned from this
	// method either indicates that the stream itself has failed, or that the
	// supplied context was canceled.
	Send(ctx context.Context, msg proto.UpstreamInventoryMessage) error
	// Recv accesses the incoming/downstream message channel.
	Recv() <-chan proto.DownstreamInventoryMessage
	// Close closes the underlying stream without error.
	Close() error
	// CloseWithError closes the underlying stream with an error that can later
	// be retrieved with Error(). Subsequent calls to CloseWithError have no effect.
	CloseWithError(err error) error
	// Done signals that the stream has been closed.
	Done() <-chan struct{}
	// Error checks for any error associated with stream closure (returns `nil` if
	// the stream is open, or io.EOF if the stream was closed without error).
	Error() error
}

DownstreamInventoryControlStream is the client/agent side of a bidirectional stream established between teleport instances and auth servers.

type ICSPipeOption

type ICSPipeOption func(*pipeOptions)

func ICSPipePeerAddr

func ICSPipePeerAddr(peerAddr string) ICSPipeOption

func ICSPipePeerAddrFn

func ICSPipePeerAddrFn(fn func() string) ICSPipeOption

type JoinServiceClient

type JoinServiceClient struct {
	// contains filtered or unexported fields
}

JoinServiceClient is a client for the JoinService, which runs on both the auth and proxy.

func NewJoinServiceClient

func NewJoinServiceClient(grpcClient proto.JoinServiceClient) *JoinServiceClient

NewJoinServiceClient returns a new JoinServiceClient wrapping the given grpc client.

func (*JoinServiceClient) RegisterUsingIAMMethod

func (c *JoinServiceClient) RegisterUsingIAMMethod(ctx context.Context, challengeResponse RegisterChallengeResponseFunc) (*proto.Certs, error)

RegisterUsingIAMMethod registers the caller using the IAM join method and returns signed certs to join the cluster.

The caller must provide a ChallengeResponseFunc which returns a *types.RegisterUsingTokenRequest with a signed sts:GetCallerIdentity request including the challenge as a signed header.

type ListResourcesClient

type ListResourcesClient interface {
	ListResources(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error)
}

ListResourcesClient is an interface used by GetResourcesWithFilters to abstract over implementations of the ListResources method.

type RegisterChallengeResponseFunc

type RegisterChallengeResponseFunc func(challenge string) (*proto.RegisterUsingIAMMethodRequest, error)

RegisterChallengeResponseFunc is a function type meant to be passed to RegisterUsingIAMMethod. It must return a *types.RegisterUsingTokenRequest for a given challenge, or an error.

type UpstreamInventoryControlStream

type UpstreamInventoryControlStream interface {
	// Send attempts to send a downstream message.  An error returned from this
	// method either indicates that the stream itself has failed, or that the
	// supplied context was canceled.
	Send(ctx context.Context, msg proto.DownstreamInventoryMessage) error
	// Recv access the incoming/upstream message channel.
	Recv() <-chan proto.UpstreamInventoryMessage
	// PeerAddr gets the underlying TCP peer address (may be empty in some cases).
	PeerAddr() string
	// Close closes the underlying stream without error.
	Close() error
	// CloseWithError closes the underlying stream with an error that can later
	// be retrieved with Error(). Subsequent calls to CloseWithError have no effect.
	CloseWithError(err error) error
	// Done signals that the stream has been closed.
	Done() <-chan struct{}
	// Error checks for any error associated with stream closure (returns `nil` if
	// the stream is open, or io.EOF if the stream closed without error).
	Error() error
}

UpstreamInventoryControlStream is the server/controller side of a bidirectional stream established between teleport instances and auth servers.

func NewUpstreamInventoryControlStream

func NewUpstreamInventoryControlStream(stream proto.AuthService_InventoryControlStreamServer, peerAddr string) UpstreamInventoryControlStream

NewUpstreamInventoryControlStream wraps the server-side control stream handle. For use as part of the internals of the auth server's GRPC API implementation.

Directories

Path Synopsis
Package proto provides the protobuf API specification for Teleport.
Package proto provides the protobuf API specification for Teleport.
Package webclient provides a client for the Teleport Proxy API endpoints.
Package webclient provides a client for the Teleport Proxy API endpoints.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL