types

package
v0.0.0-...-f70dfbe Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 5, 2025 License: Apache-2.0 Imports: 64 Imported by: 366

Documentation

Overview

Package types contains all types and logic required by the Teleport API.

Copyright 2024 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// RequireMFATypeHardwareKeyString is the string representation of RequireMFATypeHardwareKey
	RequireMFATypeHardwareKeyString = "hardware_key"
	// RequireMFATypeHardwareKeyTouchString is the string representation of RequireMFATypeHardwareKeyTouch
	RequireMFATypeHardwareKeyTouchString = "hardware_key_touch"
	// RequireMFATypeHardwareKeyPINString is the string representation of RequireMFATypeHardwareKeyPIN
	RequireMFATypeHardwareKeyPINString = "hardware_key_pin"
	// RequireMFATypeHardwareKeyTouchAndPINString is the string representation of RequireMFATypeHardwareKeyTouchAndPIN
	RequireMFATypeHardwareKeyTouchAndPINString = "hardware_key_touch_and_pin"
)
View Source 
const (
	// RotationStateStandby is initial status of the rotation -
	// nothing is being rotated.
	RotationStateStandby = "standby"
	// RotationStateInProgress - that rotation is in progress.
	RotationStateInProgress = "in_progress"
	// RotationPhaseStandby is the initial phase of the rotation
	// it means no operations have started.
	RotationPhaseStandby = "standby"
	// RotationPhaseInit = is a phase of the rotation
	// when new certificate authority is issued, but not used
	// It is necessary for remote trusted clusters to fetch the
	// new certificate authority, otherwise the new clients
	// will reject it
	RotationPhaseInit = "init"
	// RotationPhaseUpdateClients is a phase of the rotation
	// when client credentials will have to be updated and reloaded
	// but servers will use and respond with old credentials
	// because clients have no idea about new credentials at first.
	RotationPhaseUpdateClients = "update_clients"
	// RotationPhaseUpdateServers is a phase of the rotation
	// when servers will have to reload and should start serving
	// TLS and SSH certificates signed by new CA.
	RotationPhaseUpdateServers = "update_servers"
	// RotationPhaseRollback means that rotation is rolling
	// back to the old certificate authority.
	RotationPhaseRollback = "rollback"
	// RotationModeManual is a manual rotation mode when all phases
	// are set by the operator.
	RotationModeManual = "manual"
	// RotationModeAuto is set to go through all phases by the schedule.
	RotationModeAuto = "auto"
)
View Source 
const (
	// DiagnosticMessageSuccess is the message used when we the Connection was successful
	DiagnosticMessageSuccess = "success"

	// DiagnosticMessageFailed is the message used when we the Connection failed
	DiagnosticMessageFailed = "failed"
)
View Source 
const (

	// DefaultAPIGroup is a default group of permissions API,
	// lets us to add different permission types
	DefaultAPIGroup = "gravitational.io/teleport"

	// DefaultReleaseServerAddr is the default release service URL
	DefaultReleaseServerAddr = "rlz.teleport.sh"

	// ReleaseServerEnvVar is the environment variable used to overwrite
	// the default release server address
	ReleaseServerEnvVar = "RELEASE_SERVER_HOSTPORT"

	// EnterpriseReleaseEndpoint is the endpoint of Teleport Enterprise
	// releases on the release server
	EnterpriseReleaseEndpoint = "teleport-ent"

	// PackageNameOSS is the teleport package name for the OSS version.
	PackageNameOSS = "teleport"
	// PackageNameEnt is the teleport package name for the Enterprise version.
	PackageNameEnt = "teleport-ent"
	// PackageNameEntFIPS is the teleport package name for the Enterprise with FIPS enabled version.
	PackageNameEntFIPS = "teleport-ent-fips"

	// ActionRead grants read access (get, list)
	ActionRead = "read"

	// ActionWrite allows to write (create, update, delete)
	ActionWrite = "write"

	// Wildcard is a special wildcard character matching everything
	Wildcard = "*"

	// True holds "true" string value
	True = "true"

	// HomeEnvVar specifies the home location for tsh configuration
	// and data
	HomeEnvVar = "TELEPORT_HOME"

	// KindNamespace is a namespace
	KindNamespace = "namespace"

	// KindUser is a user resource
	KindUser = "user"

	// KindBot is a Machine ID bot resource
	KindBot = "bot"
	// KindBotInstance is an instance of a Machine ID bot
	KindBotInstance = "bot_instance"
	// KindSPIFFEFederation is a SPIFFE federation resource
	KindSPIFFEFederation = "spiffe_federation"

	// KindHostCert is a host certificate
	KindHostCert = "host_cert"

	// KindJWT is a JWT token signer.
	KindJWT = "jwt"

	// KindLicense is a license resource
	KindLicense = "license"

	// KindRole is a role resource
	KindRole = "role"

	// KindAccessRequest is an AccessRequest resource
	KindAccessRequest = "access_request"

	// KindAccessMonitoringRule is an access monitoring rule resource
	KindAccessMonitoringRule = "access_monitoring_rule"

	// KindPluginData is a PluginData resource
	KindPluginData = "plugin_data"

	// KindAccessPluginData is a resource directive that applies
	// only to plugin data associated with access requests.
	KindAccessPluginData = "access_plugin_data"

	// KindOIDC is OIDC connector resource
	KindOIDC = "oidc"

	// KindSAML is SAML connector resource
	KindSAML = "saml"

	// KindGithub is Github connector resource
	KindGithub = "github"

	// KindOIDCRequest is OIDC auth request resource
	KindOIDCRequest = "oidc_request"

	// KindSAMLRequest is SAML auth request resource
	KindSAMLRequest = "saml_request"

	// KindGithubRequest is Github auth request resource
	KindGithubRequest = "github_request"

	// KindSession is a recorded SSH session.
	KindSession = "session"

	// KindSSHSession represents an active SSH session in early versions of Teleport
	// prior to the introduction of moderated sessions. Note that ssh_session is not
	// a "real" resource, and it is never used as the "session kind" value in the
	// session_tracker resource.
	KindSSHSession = "ssh_session"

	// KindWebSession is a web session resource
	KindWebSession = "web_session"

	// KindWebToken is a web token resource
	KindWebToken = "web_token"

	// KindAppSession represents an application specific web session.
	KindAppSession = "app_session"

	// KindSnowflakeSession represents a Snowflake specific web session.
	KindSnowflakeSession = "snowflake_session"

	// KindEvent is structured audit logging event
	KindEvent = "event"

	// KindAuthServer is auth server resource
	KindAuthServer = "auth_server"

	// KindProxy is proxy resource
	KindProxy = "proxy"

	// KindNode is node resource. It can be either a Teleport node or
	// a registered OpenSSH (agentless) node.
	KindNode = "node"

	// SubKindTeleportNode is a Teleport node.
	SubKindTeleportNode = "teleport"

	// SubKindOpenSSHNode is a registered OpenSSH (agentless) node.
	SubKindOpenSSHNode = "openssh"

	// SubKindOpenSSHEICENode is a registered OpenSSH (agentless) node that doesn't require trust in Teleport CA.
	// For each session an SSH Key is created and uploaded to the target host using a side-channel.
	//
	// For Amazon EC2 Instances, it uploads the key using:
	// https://docs.aws.amazon.com/ec2-instance-connect/latest/APIReference/API_SendSSHPublicKey.html
	// This Key is valid for 60 seconds.
	//
	// It uses the private key created above to SSH into the host.
	SubKindOpenSSHEICENode = "openssh-ec2-ice"

	// KindUnifiedResource is a meta Kind that is used for the unified resource search present on
	// the webUI and Connect. It allows us to query and return multiple kinds at the same time
	KindUnifiedResource = "unified_resource"

	// KindAppServer is an application server resource.
	KindAppServer = "app_server"

	// KindApp is a web app resource.
	KindApp = "app"

	// SubKindMCP represents an MCP server as a subkind of app.
	SubKindMCP = KindMCP

	// KindMCP is an MCP server resource.
	// Currently, MCP servers are accessed through apps.
	// In the future, they may become a standalone resource kind.
	KindMCP = "mcp"

	// KindDatabaseServer is a database proxy server resource.
	KindDatabaseServer = "db_server"

	// KindDatabaseService is a database service resource.
	KindDatabaseService = "db_service"

	// KindDatabase is a database resource.
	KindDatabase = "db"

	// KindDatabaseObjectImportRule is a database object import rule resource.
	KindDatabaseObjectImportRule = "db_object_import_rule"

	// KindDatabaseObject is a database object resource.
	KindDatabaseObject = "db_object"

	// KindKubeServer is an kubernetes server resource.
	KindKubeServer = "kube_server"
	// KindCrownJewel is a crown jewel resource
	KindCrownJewel = "crown_jewel"
	// KindKubernetesCluster is a Kubernetes cluster.
	KindKubernetesCluster = "kube_cluster"

	// KindKubePod is a Kubernetes Pod resource type.
	KindKubePod = "pod"

	// KindKubeSecret is a Kubernetes Secret resource type.
	KindKubeSecret = "secret"

	// KindKubeConfigMap is a Kubernetes Configmap resource type.
	KindKubeConfigmap = "configmap"

	// KindKubeNamespace is a Kubernetes namespace resource type.
	KindKubeNamespace = "namespace"

	// KindKubeService is a Kubernetes Service resource type.
	KindKubeService = "service"

	// KindKubeServiceAccount is an Kubernetes Service Account resource type.
	KindKubeServiceAccount = "serviceaccount"

	// KindKubeNode is a Kubernetes Node resource type.
	KindKubeNode = "kube_node"

	// KindKubePersistentVolume is a Kubernetes Persistent Volume resource type.
	KindKubePersistentVolume = "persistentvolume"

	// KindKubePersistentVolumeClaim is a Kubernetes Persistent Volume Claim resource type.
	KindKubePersistentVolumeClaim = "persistentvolumeclaim"

	// KindKubeDeployment is a Kubernetes Deployment resource type.
	KindKubeDeployment = "deployment"

	// KindKubeReplicaSet is a Kubernetes Replicaset resource type.
	KindKubeReplicaSet = "replicaset"

	// KindKubeReplicationController is a Kubernetes ReplicationController resource type.
	KindKubeReplicationController = "replicationcontroller"

	// KindKubeStatefulset is a Kubernetes Statefulset resource type.
	KindKubeStatefulset = "statefulset"

	// KindKubeDaemonSet is a Kubernetes Daemonset resource type.
	KindKubeDaemonSet = "daemonset"

	// KindKubeClusterRole is a Kubernetes ClusterRole resource type.
	KindKubeClusterRole = "clusterrole"

	// KindKubeRole is a Kubernetes Role resource type.
	KindKubeRole = "kube_role"

	// KindKubeClusterRoleBinding is a Kubernetes Cluster Role Binding resource type.
	KindKubeClusterRoleBinding = "clusterrolebinding"

	// KindKubeRoleBinding is a Kubernetes Role Binding resource type.
	KindKubeRoleBinding = "rolebinding"

	// KindKubeCronjob is a Kubernetes Cronjob resource type.
	KindKubeCronjob = "cronjob"

	// KindKubeJob is a Kubernetes job resource type.
	KindKubeJob = "job"

	// KindKubeCertificateSigningRequest is a Certificate Signing Request resource type.
	KindKubeCertificateSigningRequest = "certificatesigningrequest"

	// KindKubeIngress is a Kubernetes Ingress resource type.
	KindKubeIngress = "ingress"

	// KindKubeWaitingContainer is a Kubernetes ephemeral
	// container that are waiting to be created until moderated
	// session conditions are met.
	KindKubeWaitingContainer = "kube_ephemeral_container"

	// KindToken is a provisioning token resource
	KindToken = "token"

	// KindCertAuthority is a certificate authority resource
	KindCertAuthority = "cert_authority"

	// KindReverseTunnel is a reverse tunnel connection
	KindReverseTunnel = "tunnel"

	// KindOIDCConnector is a OIDC connector resource
	KindOIDCConnector = "oidc"

	// KindSAMLConnector is a SAML connector resource
	KindSAMLConnector = "saml"

	// KindGithubConnector is Github OAuth2 connector resource
	KindGithubConnector = "github"

	// KindConnectors is a shortcut for all authentication connector
	KindConnectors = "connectors"

	// KindClusterAuthPreference is the type of authentication for this cluster.
	KindClusterAuthPreference = "cluster_auth_preference"

	// MetaNameClusterAuthPreference is the type of authentication for this cluster.
	MetaNameClusterAuthPreference = "cluster-auth-preference"

	// KindSessionRecordingConfig is the resource for session recording configuration.
	KindSessionRecordingConfig = "session_recording_config"

	// KindRecordingEncryption is the collection of active session recording encryption keys.
	KindRecordingEncryption = "recording_encryption"

	// MetaNameSessionRecordingConfig is the exact name of the singleton resource for
	// session recording configuration.
	MetaNameSessionRecordingConfig = "session-recording-config"

	// MetaNameRecordingEncryption is the exact name of the singleton resource for
	// session recording configuration.
	MetaNameRecordingEncryption = "recording-encryption"

	// KindExternalAuditStorage the resource kind for External Audit Storage
	// configuration.
	KindExternalAuditStorage = "external_audit_storage"
	// MetaNameExternalAuditStorageDraft is the exact name of the singleton resource
	// holding External Audit Storage draft configuration.
	MetaNameExternalAuditStorageDraft = "draft"
	// MetaNameExternalAuditStorageCluster is the exact name of the singleton resource
	// holding External Audit Storage cluster configuration.
	MetaNameExternalAuditStorageCluster = "cluster"

	// KindClusterConfig is the resource that holds cluster level configuration.
	// Deprecated: This does not correspond to an actual resource anymore but is
	// still used when checking access to the new configuration resources, as an
	// alternative to their individual resource kinds.
	KindClusterConfig = "cluster_config"

	// KindAutoUpdateConfig is the resource with autoupdate configuration.
	KindAutoUpdateConfig = "autoupdate_config"

	// KindAutoUpdateVersion is the resource with autoupdate versions.
	KindAutoUpdateVersion = "autoupdate_version"

	// KindAutoUpdateAgentRollout is the resource that controls and tracks agent rollouts.
	KindAutoUpdateAgentRollout = "autoupdate_agent_rollout"

	// KindAutoUpdateAgentReport is the resource that tracks connected agents.
	KindAutoUpdateAgentReport = "autoupdate_agent_report"

	// MetaNameAutoUpdateConfig is the name of a configuration resource for autoupdate config.
	MetaNameAutoUpdateConfig = "autoupdate-config"

	// MetaNameAutoUpdateVersion is the name of a resource for autoupdate version.
	MetaNameAutoUpdateVersion = "autoupdate-version"

	// MetaNameAutoUpdateAgentRollout is the name of the autoupdate agent rollout resource.
	MetaNameAutoUpdateAgentRollout = "autoupdate-agent-rollout"

	// KindClusterAuditConfig is the resource that holds cluster audit configuration.
	KindClusterAuditConfig = "cluster_audit_config"

	// MetaNameClusterAuditConfig is the exact name of the singleton resource holding
	// cluster audit configuration.
	MetaNameClusterAuditConfig = "cluster-audit-config"

	// MetaNameUIConfig is the exact name of the singleton resource holding
	// proxy service UI configuration.
	MetaNameUIConfig = "ui-config"

	// KindClusterNetworkingConfig is the resource that holds cluster networking configuration.
	KindClusterNetworkingConfig = "cluster_networking_config"

	// MetaNameClusterNetworkingConfig is the exact name of the singleton resource holding
	// cluster networking configuration.
	MetaNameClusterNetworkingConfig = "cluster-networking-config"

	// KindSemaphore is the resource that provides distributed semaphore functionality
	KindSemaphore = "semaphore"

	// KindClusterName is a type of configuration resource that contains the cluster name.
	KindClusterName = "cluster_name"

	// MetaNameClusterName is the name of a configuration resource for cluster name.
	MetaNameClusterName = "cluster-name"

	// MetaNameWatchStatus is the name of a watch status resource.
	MetaNameWatchStatus = "watch-status"

	// KindStaticTokens is a type of configuration resource that contains static tokens.
	KindStaticTokens = "static_tokens"

	// MetaNameStaticTokens is the name of a configuration resource for static tokens.
	MetaNameStaticTokens = "static-tokens"

	// MetaNameSessionTracker is the prefix of resources used to track live sessions.
	MetaNameSessionTracker = "session-tracker"

	// KindTrustedCluster is a resource that contains trusted cluster configuration.
	KindTrustedCluster = "trusted_cluster"

	// KindAuthConnector allows access to OIDC and SAML connectors.
	KindAuthConnector = "auth_connector"

	// KindTunnelConnection specifies connection of a reverse tunnel to proxy
	KindTunnelConnection = "tunnel_connection"

	// KindRemoteCluster represents remote cluster connected via reverse tunnel
	// to proxy
	KindRemoteCluster = "remote_cluster"

	// KindUserToken is a user token used for various user related actions.
	KindUserToken = "user_token"

	// KindUserTokenSecrets is user token secrets.
	KindUserTokenSecrets = "user_token_secrets"

	// KindIdentity is local on disk identity resource
	KindIdentity = "identity"

	// KindState is local on disk process state
	KindState = "state"

	// KindMFADevice is an MFA device for a user.
	KindMFADevice = "mfa_device"

	// KindBilling represents access to cloud billing features
	KindBilling = "billing"

	// KindLock is a lock resource.
	KindLock = "lock"

	// KindNetworkRestrictions are restrictions for SSH sessions
	KindNetworkRestrictions = "network_restrictions"

	// MetaNameNetworkRestrictions is the exact name of the singleton resource for
	// network restrictions
	MetaNameNetworkRestrictions = "network-restrictions"

	// KindWindowsDesktopService is a Windows desktop service resource.
	KindWindowsDesktopService = "windows_desktop_service"

	// KindWindowsDesktop is a Windows desktop host.
	KindWindowsDesktop = "windows_desktop"

	// KindDynamicWindowsDesktop is a dynamic Windows desktop host.
	KindDynamicWindowsDesktop = "dynamic_windows_desktop"

	// KindRecoveryCodes is a resource that holds users recovery codes.
	KindRecoveryCodes = "recovery_codes"

	// KindSessionTracker is a resource that tracks a live session.
	KindSessionTracker = "session_tracker"

	// KindConnectionDiagnostic is a resource that tracks the result of testing a connection
	KindConnectionDiagnostic = "connection_diagnostic"

	// KindDatabaseCertificate is a resource to control db CA cert
	// generation.
	KindDatabaseCertificate = "database_certificate"

	// KindInstaller is a resource that holds a node installer script
	// used to install teleport on discovered nodes
	KindInstaller = "installer"

	// KindUIConfig is a resource that holds configuration for the UI
	// served by the proxy service
	KindUIConfig = "ui_config"

	// KindClusterAlert is a resource that conveys a cluster-level alert message.
	KindClusterAlert = "cluster_alert"

	// KindDevice represents a registered or trusted device.
	KindDevice = "device"

	// KindDownload represents Teleport binaries downloads.
	KindDownload = "download"

	// KindUsageEvent is an external cluster usage event. Similar to
	// KindHostCert, this kind is not backed by a real resource.
	KindUsageEvent = "usage_event"

	// KindInstance represents a teleport instance independent of any specific service.
	KindInstance = "instance"

	// KindLoginRule is a login rule resource.
	KindLoginRule = "login_rule"

	// KindPlugin represents a plugin instance
	KindPlugin = "plugin"

	// KindPluginStaticCredentials represents plugin static credentials.
	KindPluginStaticCredentials = "plugin_static_credentials"

	// KindSAMLIdPServiceProvider is a SAML service provider for the built in Teleport IdP.
	KindSAMLIdPServiceProvider = "saml_idp_service_provider"

	// KindUserGroup is an externally sourced user group.
	KindUserGroup = "user_group"

	// KindOktaImportRule is a rule for importing Okta objects.
	KindOktaImportRule = "okta_import_rule"

	// KindOktaAssignment is a set of actions to apply to Okta.
	KindOktaAssignment = "okta_assignment"

	// KindHeadlessAuthentication is a headless authentication resource.
	KindHeadlessAuthentication = "headless_authentication"

	// KindHealthCheckConfig is the resource for health check configuration.
	KindHealthCheckConfig = "health_check_config"

	// KindAccessGraph is the RBAC kind for access graph.
	KindAccessGraph = "access_graph"

	// KindIntegration is a connection to a 3rd party system API.
	KindIntegration = "integration"

	// KindUserTask is a task representing an issue with some other resource.
	KindUserTask = "user_task"

	// KindClusterMaintenanceConfig determines maintenance times for the cluster.
	KindClusterMaintenanceConfig = "cluster_maintenance_config"

	// KindServerInfo contains info that should be applied to joining Nodes.
	KindServerInfo = "server_info"

	// KindBackendInfo contains backend info.
	KindBackendInfo = "backend_info"

	// MetaNameBackendInfo name backend info entity.
	MetaNameBackendInfo = "backend-info"

	// SubKindCloudInfo is a ServerInfo that was created by the Discovery
	// service to match with a single discovered instance.
	SubKindCloudInfo = "cloud_info"

	// MetaNameClusterMaintenanceConfig is the only allowed metadata.name value for the maintenance
	// window singleton resource.
	MetaNameClusterMaintenanceConfig = "cluster-maintenance-config"

	// KindWatchStatus is a kind for WatchStatus resource which contains information about a successful Watch request.
	KindWatchStatus = "watch_status"

	// KindAccessList is an AccessList resource
	KindAccessList = "access_list"

	// KindUserLoginState is a UserLoginState resource
	KindUserLoginState = "user_login_state"

	// KindAccessListMember is an AccessListMember resource
	KindAccessListMember = "access_list_member"

	// KindAccessListReview is an AccessListReview resource
	KindAccessListReview = "access_list_review"

	// KindDiscoveryConfig is a DiscoveryConfig resource.
	// Used for adding additional matchers in Discovery Service.
	KindDiscoveryConfig = "discovery_config"
	// KindAuditQuery is an AuditQuery resource.
	KindAuditQuery = "audit_query"
	// KindSecurityReport is a SecurityReport resource.
	KindSecurityReport = "security_report"
	// KindSecurityReportState is a SecurityReportState resource.
	KindSecurityReportState = "security_report_state"
	// KindSecurityReportCostLimiter const limiter
	KindSecurityReportCostLimiter = "security_report_cost_limiter"

	// KindNotification is a notification resource.
	KindNotification = "notification"
	// KindGlobalNotification is a global notification resource.
	KindGlobalNotification = "global_notification"
	// KindUserLastSeenNotification is a resource which stores the timestamp of a user's last seen notification.
	KindUserLastSeenNotification = "user_last_seen_notification"
	// KindUserNotificationState is a resource which tracks whether a user has clicked on or dismissed a notification.
	KindUserNotificationState = "user_notification_state"
	// KindUniqueNotificationIdentifier is a resource which tracks a unique identifier for a notification and is used to prevent duplicate notifications in certain cases.
	KindUniqueNotificationIdentifier = "unique_notification_identifier"

	// KindAccessGraphSecretAuthorizedKey is a authorized key entry found in
	// a Teleport SSH node type.
	KindAccessGraphSecretAuthorizedKey = "access_graph_authorized_key"

	// KindAccessGraphSecretPrivateKey is a private key entry found in
	// a managed device.
	KindAccessGraphSecretPrivateKey = "access_graph_private_key"

	// KindProvisioningPrincipalState is a resource that tracks provisioning of a user or access
	// list in a downstream SCIM server
	KindProvisioningPrincipalState = "provisioning_principal_state"

	// KindVnetConfig is a resource which holds cluster-wide configuration for VNet.
	KindVnetConfig = "vnet_config"

	// KindAccessGraphSettings is a resource which holds cluster-wide configuration for dynamic access graph settings.
	KindAccessGraphSettings = "access_graph_settings"

	// KindStaticHostUser is a host user to be created on matching SSH nodes.
	KindStaticHostUser = "static_host_user"

	// KindIdentityCenter is an umbrella kind, representing all KindIdentityCenter*
	// resource kinds in RBAC checks. This is to simplify Role condition statements
	// so that they don't have to individually specify all of the Identity Center
	// resource kinds.
	KindIdentityCenter = "aws_identity_center"

	// KindIdentityCenterAccount describes an Identity-Center managed AWS Account
	KindIdentityCenterAccount = "aws_ic_account"

	// KindIdentityCenterPermissionSet describes an AWS Identity Center Permission Set
	KindIdentityCenterPermissionSet = "aws_ic_permission_set"

	// KindIdentityCenterPermissionSet describes an AWS Principal Assignment, representing
	// a collection Account Assignments assigned to a Teleport User or AccessList
	KindIdentityCenterPrincipalAssignment = "aws_ic_principal_assignment"

	// KindIdentityCenterAccountAssignment describes an AWS Account and Permission Set
	// pair that can be requested by a Teleport User.
	KindIdentityCenterAccountAssignment = "aws_ic_account_assignment"

	// KindContact is a resource that holds contact information
	// for Teleport Enterprise customers.
	KindContact = "contact"

	// KindWorkloadIdentity is the WorkloadIdentity resource.
	KindWorkloadIdentity = "workload_identity"

	// KindWorkloadIdentityX509Revocation is the WorkloadIdentityX509Revocation
	// resource.
	KindWorkloadIdentityX509Revocation = "workload_identity_x509_revocation"

	// KindWorkloadIdentityX509IssuerOverride is the kind of
	// teleport.workloadidentity.v1.X509IssuerOverride.
	KindWorkloadIdentityX509IssuerOverride = "workload_identity_x509_issuer_override"

	// KindWorkloadIdentityX509IssuerOverrideCSR is the pseudo-kind representing
	// the act of signing CSRs on behalf of the SPIFFE CA (with [VerbCreate]).
	KindWorkloadIdentityX509IssuerOverrideCSR = "workload_identity_x509_issuer_override_csr"

	// KindSigstorePolicy is the kind of teleport.workloadidentity.v1.SigstorePolicy.
	KindSigstorePolicy = "sigstore_policy"

	// KindGitServer represents a Git server that can proxy git commands.
	KindGitServer = "git_server"
	// SubKindGitHub specifies the GitHub subkind of a Git server.
	SubKindGitHub = "github"

	// KindStableUNIXUser is the RBAC-only kind to refer to interactions with
	// stable UNIX users.
	KindStableUNIXUser = "stable_unix_user"

	// MetaNameAccessGraphSettings is the exact name of the singleton resource holding
	// access graph settings.
	MetaNameAccessGraphSettings = "access-graph-settings"

	// MetaNameVnetConfig is the exact name of the singleton resource holding VNet config.
	MetaNameVnetConfig = "vnet-config"

	// V8 is the eighth version of resources.
	V8 = "v8"

	// V7 is the seventh version of resources.
	V7 = "v7"

	// V6 is the sixth version of resources.
	V6 = "v6"

	// V5 is the fifth version of resources.
	V5 = "v5"

	// V4 is the fourth version of resources.
	V4 = "v4"

	// V3 is the third version of resources.
	V3 = "v3"

	// V2 is the second version of resources.
	V2 = "v2"

	// V1 is the first version of resources. Note: The first version was
	// not explicitly versioned.
	V1 = "v1"
)
View Source 
const (
	// VerbList is used to list all objects. Does not imply the ability to read a single object.
	VerbList = "list"

	// VerbCreate is used to create an object.
	VerbCreate = "create"

	// VerbRead is used to read a single object.
	VerbRead = "read"

	// VerbReadNoSecrets is used to read a single object without secrets.
	VerbReadNoSecrets = "readnosecrets"

	// VerbUpdate is used to update an object.
	VerbUpdate = "update"

	// VerbDelete is used to remove an object.
	VerbDelete = "delete"

	// VerbRotate is used to rotate certificate authorities
	// used only internally
	VerbRotate = "rotate"

	// VerbCreateEnrollToken allows the creation of device enrollment tokens.
	// Device Trust is a Teleport Enterprise feature.
	VerbCreateEnrollToken = "create_enroll_token"

	// VerbEnroll allows enrollment of trusted devices.
	// Device Trust is a Teleport Enterprise feature.
	VerbEnroll = "enroll"

	// VerbUse allows the usage of an Integration.
	// Roles with this verb can issue API calls using the integration.
	VerbUse = "use"
)
View Source 
const (
	// TeleportNamespace is used as the namespace prefix for labels defined by Teleport which can
	// carry metadata such as cloud AWS account or instance. Those labels can be used for RBAC.
	//
	// If a label with this prefix is used in a config file, the associated feature must take into
	// account that the label might be removed, modified or could have been set by the user.
	//
	// See also TeleportInternalLabelPrefix and TeleportHiddenLabelPrefix.
	TeleportNamespace = common.TeleportNamespace

	// OriginLabel is a resource metadata label name used to identify a source
	// that the resource originates from.
	OriginLabel = common.OriginLabel

	// ClusterLabel is a label that identifies the current cluster when creating resources on another systems.
	// Eg, when creating a resource in AWS, this label must be set as a Tag in the resource.
	ClusterLabel = TeleportNamespace + "/cluster"

	// ADLabel is a resource metadata label name used to identify if resource is part of Active Directory
	ADLabel = TeleportNamespace + "/ad"

	// OriginDefaults is an origin value indicating that the resource was
	// constructed as a default value.
	OriginDefaults = common.OriginDefaults

	// OriginConfigFile is an origin value indicating that the resource is
	// derived from static configuration.
	OriginConfigFile = common.OriginConfigFile

	// OriginDynamic is an origin value indicating that the resource was
	// committed as dynamic configuration.
	OriginDynamic = common.OriginDynamic

	// OriginCloud is an origin value indicating that the resource was
	// imported from a cloud provider.
	OriginCloud = common.OriginCloud

	// OriginKubernetes is an origin value indicating that the resource was
	// created from the Kubernetes Operator.
	OriginKubernetes = common.OriginKubernetes

	// OriginOkta is an origin value indicating that the resource was
	// created from the Okta service.
	OriginOkta = common.OriginOkta

	// OriginIntegrationAWSOIDC is an origin value indicating that the resource was
	// created from the AWS OIDC Integration.
	OriginIntegrationAWSOIDC = common.OriginIntegrationAWSOIDC

	// OriginIntegrationAWSRolesAnywhere is an origin value indicating that the resource was
	// created from the AWS IAM Roles Anywhere Integration.
	OriginIntegrationAWSRolesAnywhere = common.OriginIntegrationAWSRolesAnywhere

	// OriginDiscoveryKubernetes indicates that the resource was imported
	// from kubernetes cluster by discovery service.
	OriginDiscoveryKubernetes = common.OriginDiscoveryKubernetes

	// OriginEntraID indicates that the resource was imported
	// from the Entra ID directory.
	OriginEntraID = common.OriginEntraID

	// IntegrationLabel is a resource metadata label name used to identify the integration name that created the resource.
	IntegrationLabel = TeleportNamespace + "/integration"

	// AWSAccountIDLabel is used to identify nodes by AWS account ID
	// found via automatic discovery, to avoid re-running installation
	// commands on the node.
	AWSAccountIDLabel = TeleportNamespace + "/account-id"
	// AWSInstanceIDLabel is used to identify nodes by EC2 instance ID
	// found via automatic discovery, to avoid re-running installation
	// commands on the node.
	AWSInstanceIDLabel = TeleportNamespace + "/instance-id"
	// AWSInstanceRegion is used to identify the region an EC2
	// instance is running in
	AWSInstanceRegion = TeleportNamespace + "/aws-region"
	// SubscriptionIDLabel is used to identify virtual machines by Azure
	// subscription ID found via automatic discovery, to avoid re-running
	// installation commands on the node.
	SubscriptionIDLabel = TeleportInternalLabelPrefix + "subscription-id"
	// VMIDLabel is used to identify virtual machines by ID found
	// via automatic discovery, to avoid re-running installation commands
	// on the node.
	VMIDLabel = TeleportInternalLabelPrefix + "vm-id"

	// ProjectIDLabelDiscovery is used to identify virtual machines by GCP project
	// id found via automatic discovery, to avoid re-running
	// installation commands on the node.
	ProjectIDLabelDiscovery = TeleportInternalLabelPrefix + projectIDLabelSuffix
	// ProjectIDLabel is used to identify the project ID for a virtual machine in GCP.
	// The difference between this and ProjectIDLabelDiscovery, is that this one will be visible to the user
	// and can be used in RBAC checks.
	ProjectIDLabel = TeleportNamespace + "/" + projectIDLabelSuffix
	// RegionLabel is used to identify virtual machines by region found
	// via automatic discovery, to avoid re-running installation commands
	// on the node.
	RegionLabel = TeleportInternalLabelPrefix + "region"
	// ResourceGroupLabel is used to identify virtual machines by resource-group found
	// via automatic discovery, to avoid re-running installation commands
	// on the node.
	ResourceGroupLabel = TeleportInternalLabelPrefix + "resource-group"
	// ZoneLabelDiscovery is used to identify virtual machines by GCP zone
	// found via automatic discovery, to avoid re-running installation
	// commands on the node.
	ZoneLabelDiscovery = TeleportInternalLabelPrefix + "zone"
	// NameLabelDiscovery is used to identify virtual machines by GCP VM name
	// found via automatic discovery, to avoid re-running installation
	// commands on the node.
	NameLabelDiscovery = TeleportInternalLabelPrefix + "name"

	// CloudLabel is used to identify the cloud where the resource was discovered.
	CloudLabel = TeleportNamespace + "/cloud"

	// DatabaseAdminLabel is used to identify database admin user for auto-
	// discovered databases.
	DatabaseAdminLabel = TeleportNamespace + "/db-admin"

	// DatabaseAdminDefaultDatabaseLabel is used to identify the database that
	// the admin user logs into by default.
	DatabaseAdminDefaultDatabaseLabel = TeleportNamespace + "/db-admin-default-database"

	// AzureDatabaseNameOverrideLabel is the label key containing the database
	// name override for discovered Azure databases.
	// Azure tags cannot contain these characters: "<>%&\?/", so it doesn't
	// start with the namespace prefix.
	AzureDatabaseNameOverrideLabel = cloudDatabaseNameOverrideLabel

	// AzureKubeClusterNameOverrideLabel is the label key containing the
	// kubernetes cluster name override for discovered Azure kube clusters.
	AzureKubeClusterNameOverrideLabel = cloudKubeClusterNameOverrideLabel

	// GCPKubeClusterNameOverrideLabel is the label key containing the
	// kubernetes cluster name override for discovered GCP kube clusters.
	GCPKubeClusterNameOverrideLabel = cloudKubeClusterNameOverrideLabel

	// KubernetesClusterLabel indicates name of the kubernetes cluster for auto-discovered services inside kubernetes.
	KubernetesClusterLabel = TeleportNamespace + "/kubernetes-cluster"

	// DiscoveryTypeLabel specifies type of discovered service that should be created from Kubernetes service.
	// Also added by discovery service to indicate the type of discovered
	// resource, e.g. "rds" for RDS databases, "eks" for EKS kube clusters, etc.
	DiscoveryTypeLabel = TeleportNamespace + "/discovery-type"
	// DiscoveryPortLabel specifies preferred port for a discovered app created from Kubernetes service.
	DiscoveryPortLabel = TeleportNamespace + "/port"
	// DiscoveryProtocolLabel specifies protocol for a discovered app created from Kubernetes service.
	DiscoveryProtocolLabel = TeleportNamespace + "/protocol"
	// DiscoveryAppRewriteLabel specifies rewrite rules for a discovered app created from Kubernetes service.
	DiscoveryAppRewriteLabel = TeleportNamespace + "/app-rewrite"
	// DiscoveryAppNameLabel specifies explicitly name of an app created from Kubernetes service.
	DiscoveryAppNameLabel = TeleportNamespace + "/name"
	// DiscoveryPathLabel optionally specifies a context path for apps created from Kubernetes services.
	DiscoveryPathLabel = TeleportNamespace + "/path"
	// DiscoveryAppInsecureSkipVerify specifies the TLS verification enforcement for a discovered app created from Kubernetes service.
	DiscoveryAppInsecureSkipVerify = TeleportNamespace + "/insecure-skip-verify"
	// DiscoveryAppIgnore specifies if a Kubernetes service should be ignored by discovery service.
	DiscoveryAppIgnore = TeleportNamespace + "/ignore"
	// DiscoveryPublicAddr specifies the public address for a discovered app created from a Kubernetes service.
	DiscoveryPublicAddr = TeleportNamespace + "/public-addr"

	// ReqAnnotationApproveSchedulesLabel is the request annotation key at which schedules are stored for access plugins.
	ReqAnnotationApproveSchedulesLabel = "/schedules"
	// ReqAnnotationNotifySchedulesLabel is the request annotation key at which notify schedules are stored for access plugins.
	ReqAnnotationNotifySchedulesLabel = "/notify-services"
	// ReqAnnotationTeamsLabel is the request annotation key at which teams are stored for access plugins.
	ReqAnnotationTeamsLabel = "/teams"

	// CloudAWS identifies that a resource was discovered in AWS.
	CloudAWS = "AWS"
	// CloudAzure identifies that a resource was discovered in Azure.
	CloudAzure = "Azure"
	// CloudGCP identifies that a resource was discovered in GCP.
	CloudGCP = "GCP"

	// SchemaMCPStdio is a URI schema for MCP servers using stdio transport.
	SchemaMCPStdio = "mcp+stdio://"
	// MCPTransportStdio indicates the MCP server uses stdio transport.
	MCPTransportStdio = "stdio"

	// DiscoveredResourceNode identifies a discovered SSH node.
	DiscoveredResourceNode = "node"
	// DiscoveredResourceDatabase identifies a discovered database.
	DiscoveredResourceDatabase = "db"
	// DiscoveredResourceKubernetes identifies a discovered kubernetes cluster.
	DiscoveredResourceKubernetes = "k8s"
	// DiscoveredResourceAgentlessNode identifies a discovered agentless SSH node.
	DiscoveredResourceAgentlessNode = "node.openssh"
	// DiscoveredResourceEICENode identifies a discovered AWS EC2 Instance using the EICE access method.
	DiscoveredResourceEICENode = "node.openssh-eice"
	// DiscoveredResourceApp identifies a discovered Kubernetes App.
	DiscoveredResourceApp = "app"

	// TeleportAzureMSIEndpoint is a special URL intercepted by TSH local proxy, serving Azure credentials.
	TeleportAzureMSIEndpoint = "azure-msi." + TeleportNamespace
	// TeleportAzureIdentityEndpoint is a special URL intercepted by TSH local proxy, serving Azure credentials.
	TeleportAzureIdentityEndpoint = "azure-identity." + TeleportNamespace

	// ConnectMyComputerNodeOwnerLabel is a label used to control access to the node managed by
	// Teleport Connect as part of Connect My Computer. See [teleterm.connectmycomputer.RoleSetup].
	ConnectMyComputerNodeOwnerLabel = TeleportNamespace + "/connect-my-computer/owner"
)
View Source 
const (
	// DiscoveryLabelRegion identifies a discovered cloud resource's region.
	DiscoveryLabelRegion = "region"
	// DiscoveryLabelAccountID is the label key containing AWS account ID.
	DiscoveryLabelAccountID = "account-id"
	// DiscoveryLabelEngine is the label key containing database engine name.
	DiscoveryLabelEngine = "engine"
	// DiscoveryLabelEngineVersion is the label key containing database engine version.
	DiscoveryLabelEngineVersion = "engine-version"
	// DiscoveryLabelEndpointType is the label key containing the endpoint type.
	DiscoveryLabelEndpointType = "endpoint-type"
	// DiscoveryLabelVPCID is the label key containing the VPC ID.
	DiscoveryLabelVPCID = "vpc-id"
	// DiscoveryLabelNamespace is the label key for namespace name.
	DiscoveryLabelNamespace = "namespace"
	// DiscoveryLabelWorkgroup is the label key for workgroup name.
	DiscoveryLabelWorkgroup = "workgroup"
	// DiscoveryLabelStatus is the label key containing the database status, e.g. "available"
	DiscoveryLabelStatus = "status"
	// DiscoveryLabelAWSArn is an internal label that contains AWS Arn of the resource.
	DiscoveryLabelAWSArn = TeleportInternalLabelPrefix + "aws-arn"

	// DiscoveryLabelAzureSubscriptionID is the label key for Azure subscription ID.
	DiscoveryLabelAzureSubscriptionID = "subscription-id"
	// DiscoveryLabelAzureResourceGroup is the label key for the Azure resource group name.
	DiscoveryLabelAzureResourceGroup = "resource-group"
	// DiscoveryLabelAzureReplicationRole is the replication role of an Azure DB Flexible server, e.g. "Source" or "Replica".
	DiscoveryLabelAzureReplicationRole = "replication-role"
	// DiscoveryLabelAzureSourceServer is the source server for replica Azure DB Flexible servers.
	// This is the source (primary) database resource name.
	DiscoveryLabelAzureSourceServer = "source-server"

	// DiscoveryLabelGCPProjectID is the label key for GCP project ID.
	DiscoveryLabelGCPProjectID = "project-id"
	// DiscoveryLabelGCPLocation is the label key for GCP location.
	DiscoveryLabelGCPLocation = "location"

	// DiscoveryLabelWindowsDNSHostName is the DNS hostname of an LDAP object.
	DiscoveryLabelWindowsDNSHostName = TeleportNamespace + "/dns_host_name"
	// DiscoveryLabelWindowsComputerName is the name of an LDAP object.
	DiscoveryLabelWindowsComputerName = TeleportNamespace + "/computer_name"
	// DiscoveryLabelWindowsOS is the operating system of an LDAP object.
	DiscoveryLabelWindowsOS = TeleportNamespace + "/os"
	// DiscoveryLabelWindowsOSVersion operating system version of an LDAP object.
	DiscoveryLabelWindowsOSVersion = TeleportNamespace + "/os_version"
	// DiscoveryLabelWindowsOU is an LDAP objects's OU.
	DiscoveryLabelWindowsOU = TeleportNamespace + "/ou"
	// DiscoveryLabelWindowsIsDomainController is whether an LDAP object is a
	// domain controller.
	DiscoveryLabelWindowsIsDomainController = TeleportNamespace + "/is_domain_controller"
	// DiscoveryLabelWindowsDomain is an Active Directory domain name.
	DiscoveryLabelWindowsDomain = TeleportNamespace + "/windows_domain"
	// DiscoveryLabelLDAPPrefix is the prefix used when applying any custom
	// labels per the discovery LDAP attribute labels configuration.
	DiscoveryLabelLDAPPrefix = "ldap/"
)

Labels added by the discovery service to discovered databases, Kubernetes clusters, and Windows desktops.

View Source 
const (
	// TeleportInternalLabelPrefix is the prefix used by all Teleport internal labels. Those labels
	// are automatically populated by Teleport and are expected to be used by Teleport internal
	// components and not for RBAC.
	//
	// See also TeleportNamespace and TeleportHiddenLabelPrefix.
	TeleportInternalLabelPrefix = "teleport.internal/"

	// TeleportHiddenLabelPrefix is the prefix used by all user specified hidden labels.
	//
	// See also TeleportNamespace and TeleportInternalLabelPrefix.
	TeleportHiddenLabelPrefix = "teleport.hidden/"

	// TeleportDynamicLabelPrefix is the prefix used by labels that can change
	// over time and should not be used as part of a role's deny rules.
	TeleportDynamicLabelPrefix = "dynamic/"

	// DiscoveredNameLabel is a resource metadata label name used to identify
	// the discovered name of a resource, i.e. the name of a resource before a
	// uniquely distinguishing suffix is added by the discovery service.
	// See: RFD 129 - Avoid Discovery Resource Name Collisions.
	DiscoveredNameLabel = TeleportInternalLabelPrefix + "discovered-name"

	// BotLabel is a label used to identify a resource used by a certificate renewal bot.
	BotLabel = TeleportInternalLabelPrefix + "bot"

	// BotGenerationLabel is a label used to record the certificate generation counter.
	BotGenerationLabel = TeleportInternalLabelPrefix + "bot-generation"

	// InternalResourceIDLabel is a label used to store an ID to correlate between two resources
	// A pratical example of this is to create a correlation between a Node Provision Token and
	// the Node that used that token to join the cluster
	InternalResourceIDLabel = TeleportInternalLabelPrefix + "resource-id"

	// AlertOnLogin is an internal label that indicates an alert should be displayed to users on login
	AlertOnLogin = TeleportInternalLabelPrefix + "alert-on-login"

	// AlertPermitAll is an internal label that indicates that an alert is suitable for display
	// to all users.
	AlertPermitAll = TeleportInternalLabelPrefix + "alert-permit-all"

	// AlertLink is an internal label that indicates that an alert is a link.
	AlertLink = TeleportInternalLabelPrefix + "link"

	// AlertLinkText is a text that will be rendered by Web UI on the action
	// button accompanying the alert.
	AlertLinkText = TeleportInternalLabelPrefix + "link-text"

	// AlertVerbPermit is an internal label that permits a user to view the alert if they
	// hold a specific resource permission verb (e.g. 'node:list'). Note that this label is
	// a coarser control than it might initially appear and has the potential for accidental
	// misuse. Because this permitting strategy doesn't take into account constraints such as
	// label selectors or where clauses, it can't reliably protect information related to a
	// specific resource. This label should be used only for permitting of alerts that are
	// of concern to holders of a given <resource>:<verb> capability in the most general case.
	AlertVerbPermit = TeleportInternalLabelPrefix + "alert-verb-permit"

	// AlertSupersedes is an internal label used to indicate when one alert supersedes
	// another. Teleport may choose to hide the superseded alert if the superseding alert
	// is also visible to the user and of higher or equivalent severity. This intended as
	// a mechanism for reducing noise/redundancy, and is not a form of access control. Use
	// one of the "permit" labels if you need to restrict viewership of an alert.
	AlertSupersedes = TeleportInternalLabelPrefix + "alert-supersedes"

	// AlertLicenseExpired is an internal label that indicates that the license has expired.
	AlertLicenseExpired = TeleportInternalLabelPrefix + "license-expired-warning"

	// TeleportInternalDiscoveryGroupName is the label used to store the name of the discovery group
	// that the discovered resource is owned by. It is used to differentiate resources
	// that belong to different discovery services that operate on different sets of resources.
	TeleportInternalDiscoveryGroupName = TeleportInternalLabelPrefix + "discovery-group-name"

	// TeleportInternalDiscoveryIntegrationName is the label used to store the name of the integration
	// whose credentials were used to discover the resource.
	// It is used to report stats for a given Integration / DiscoveryConfig.
	TeleportInternalDiscoveryIntegrationName = TeleportInternalLabelPrefix + "discovery-integration-name"

	// TeleportInternalDiscoveryConfigName is the label used to store the name of the discovery config
	// whose matchers originated the resource.
	// It is used to report stats for a given Integration / DiscoveryConfig.
	TeleportInternalDiscoveryConfigName = TeleportInternalLabelPrefix + "discovery-config-name"

	// TeleportDowngradedLabel identifies resources that have been automatically
	// downgraded before being returned to clients on older versions that do not
	// support one or more features enabled in that resource.
	TeleportDowngradedLabel = TeleportInternalLabelPrefix + "downgraded"

	// TeleportInternalResourceType indicates the type of internal Teleport resource a resource is.
	// Valid values are:
	// - system: These resources will be automatically created and overwritten on startup. Users should
	//           not change these resources.
	// - preset: These resources will be created if they don't exist. Updates may be applied to them,
	//           but user changes to these resources will be preserved.
	TeleportInternalResourceType = TeleportInternalLabelPrefix + "resource-type"

	// TeleportResourceRevision marks a teleport-managed resource with a reversion
	// number to aid future migrations. Label value is expected to be a number.
	TeleportResourceRevision = TeleportInternalLabelPrefix + "revision"

	// SystemResource are resources that will be automatically created and overwritten on startup. Users
	// should not change these resources.
	SystemResource = "system"

	// PresetResource are resources resources will be created if they don't exist. Updates may be applied
	// to them, but user changes to these resources will be preserved.
	PresetResource = "preset"

	// ProxyGroupIDLabel is the internal-use label for proxy heartbeats that's
	// used by reverse tunnel agents to keep track of multiple independent sets
	// of proxies in proxy peering mode.
	ProxyGroupIDLabel = TeleportInternalLabelPrefix + "proxygroup-id"

	// ProxyGroupGenerationLabel is the internal-use label for proxy heartbeats
	// that's used by reverse tunnel agents to know which proxies in each proxy
	// group they should attempt to be connected to.
	ProxyGroupGenerationLabel = TeleportInternalLabelPrefix + "proxygroup-gen"

	// UnstableProxyPeerQUICLabel is the internal-use label for proxy heartbeats
	// that's used to signal that the proxy supports receiving proxy peering
	// connections over QUIC. The value should be "yes".
	UnstableProxyPeerQUICLabel = TeleportInternalLabelPrefix + "proxy-peer-quic"

	// OktaAppNameLabel is the individual app name label.
	OktaAppNameLabel = TeleportInternalLabelPrefix + "okta-app-name"

	// OktaAppDescriptionLabel is the individual app description label.
	OktaAppDescriptionLabel = TeleportInternalLabelPrefix + "okta-app-description"

	// OktaGroupNameLabel is the individual group name label.
	OktaGroupNameLabel = TeleportInternalLabelPrefix + "okta-group-name"

	// OktaGroupDescriptionLabel is the individual group description label.
	OktaGroupDescriptionLabel = TeleportInternalLabelPrefix + "okta-group-description"

	// OktaRoleNameLabel is the human readable name for a role sourced from Okta.
	OktaRoleNameLabel = TeleportInternalLabelPrefix + "okta-role-name"

	// PluginGenerationLabel is the label for the current generation of the plugin.
	PluginGenerationLabel = TeleportInternalLabelPrefix + "plugin-generation"

	// EntraTenantIDLabel is the label for the Entra tenant ID.
	EntraTenantIDLabel = TeleportInternalLabelPrefix + "entra-tenant"

	// EntraUniqueIDLabel is the label for the unique identifier of the object in the Entra ID directory.
	EntraUniqueIDLabel = TeleportInternalLabelPrefix + "entra-unique-id"

	// EntraUPNLabel is the label for the user principal name in Entra ID.
	EntraUPNLabel = TeleportInternalLabelPrefix + "entra-upn"

	// EntraDisplayNameLabel is the label for the display name of the object in the Entra ID directory.
	// The display name may not be unique.
	EntraDisplayNameLabel = TeleportInternalLabelPrefix + "entra-display-name"

	// EntraSAMAccountNameLabel is the label for user's on-premises sAMAccountName.
	EntraSAMAccountNameLabel = TeleportInternalLabelPrefix + "entra-sam-account-name"

	// GitHubOrgLabel is the label for GitHub organization.
	GitHubOrgLabel = TeleportInternalLabelPrefix + "github-org"
)
View Source 
const (
	// NotificationTitleLabel is the label which contains the title of the notification.
	NotificationTitleLabel = TeleportInternalLabelPrefix + "title"
	// NotificationClickedLabel is the label which contains whether the notification has been clicked on by the user.
	NotificationClickedLabel = TeleportInternalLabelPrefix + "clicked"
	// NotificationScope is the label which contains the scope of the notification, either "user" or "global"
	NotificationScope = TeleportInternalLabelPrefix + "scope"
	// NotificationTextContentLabel is the label which contains the text content of a user-created notification.
	NotificationTextContentLabel = TeleportInternalLabelPrefix + "content"

	// NotificationDefaultInformationalSubKind is the default subkind for an informational notification.
	NotificationDefaultInformationalSubKind = "default-informational"
	// NotificationDefaultWarningSubKind is the default subkind for a warning notification.
	NotificationDefaultWarningSubKind = "default-warning"

	// NotificationUserCreatedInformationalSubKind is the subkind for a user-created informational notification.
	NotificationUserCreatedInformationalSubKind = "user-created-informational"
	// NotificationUserCreatedWarningSubKind is the subkind for a user-created warning notification.
	NotificationUserCreatedWarningSubKind = "user-created-warning"

	// NotificationAccessRequestPendingSubKind is the subkind for a notification for an access request pending review.
	NotificationAccessRequestPendingSubKind = "access-request-pending"
	// NotificationAccessRequestApprovedSubKind is the subkind for a notification for a user's access request being approved.
	NotificationAccessRequestApprovedSubKind = "access-request-approved"
	// NotificationAccessRequestDeniedSubKind is the subkind for a notification for a user's access request being denied.
	NotificationAccessRequestDeniedSubKind = "access-request-denied"
	// NotificationAccessRequestPromotedSubKind is the subkind for a notification for a user's access request being promoted to an access list.
	NotificationAccessRequestPromotedSubKind = "access-request-promoted"

	// NotificationAccessListReviewDue14dSubKind is the subkind for a notification for an access list review due in less than 14 days.
	NotificationAccessListReviewDue14dSubKind = "access-list-review-due-14d"

	// NotificationAccessListReviewDue7dSubKind is the subkind for a notification for an access list review due in less than 7 days.
	NotificationAccessListReviewDue7dSubKind = "access-list-review-due-7d"

	// NotificationAccessListReviewDue3dSubKind is the subkind for a notification for an access list review due in less than 3 days.
	NotificationAccessListReviewDue3dSubKind = "access-list-review-due-3d"

	// NotificationAccessListReviewDue0dSubKind is the subkind for a notification for an access list review due today.
	NotificationAccessListReviewDue0dSubKind = "access-list-review-due-0d"

	// NotificationAccessListReviewOverdue3dSubKind is the subkind for a notification for an access list review overdue by 3 days.
	NotificationAccessListReviewOverdue3dSubKind = "access-list-review-overdue-3d"

	// NotificationAccessListReviewOverdue7dSubKind is the subkind for a notification for an access list review overdue by 7 days.
	NotificationAccessListReviewOverdue7dSubKind = "access-list-review-overdue-7d"
)
View Source 
const (
	// NotificationIdentifierPrefixAccessListDueReminder14d is the prefix for unique notification identifiers for 14d access list review reminders.
	NotificationIdentifierPrefixAccessListDueReminder14d = "access_list_14d_due_reminder"
	// NotificationIdentifierPrefixAccessListDueReminder7d is the prefix for unique notification identifiers for 7d access list review reminders.
	NotificationIdentifierPrefixAccessListDueReminder7d = "access_list_7d_due_reminder"
	// NotificationIdentifierPrefixAccessListDueReminder3d is the prefix for unique notification identifiers for 3d access list review reminders.
	NotificationIdentifierPrefixAccessListDueReminder3d = "access_list_3d_due_reminder"
	// NotificationIdentifierPrefixAccessListDueReminder0d is the prefix for unique notification identifiers for 0d (today) access list review reminders.
	NotificationIdentifierPrefixAccessListDueReminder0d = "access_list_0d_due_reminder"
	// NotificationIdentifierPrefixAccessListDueReminder30d is the prefix for unique notification identifiers for 3d overdue access list review reminders.
	NotificationIdentifierPrefixAccessListOverdue3d = "access_list_3d_overdue_reminder"
	// NotificationIdentifierPrefixAccessListDueReminder30d is the prefix for unique notification identifiers for 7d overdue access list review reminders.
	NotificationIdentifierPrefixAccessListOverdue7d = "access_list_7d_overdue_reminder"
)
View Source 
const (
	// InstallMethodAWSOIDCDeployServiceEnvVar is the env var used to detect if the agent was installed
	// using the DeployService action of the AWS OIDC integration.
	InstallMethodAWSOIDCDeployServiceEnvVar = "TELEPORT_INSTALL_METHOD_AWSOIDC_DEPLOYSERVICE"

	// AWSOIDCAgentLabel is a label that indicates that the service was deployed into ECS/Fargate using the AWS OIDC Integration.
	AWSOIDCAgentLabel = TeleportNamespace + "/awsoidc-agent"
)
View Source 
const (
	// RecordAtNode is the default. Sessions are recorded at Teleport nodes.
	RecordAtNode = "node"

	// RecordAtProxy enables the recording proxy which intercepts and records
	// all sessions.
	RecordAtProxy = "proxy"

	// RecordOff is used to disable session recording completely.
	RecordOff = "off"

	// RecordAtNodeSync enables the nodes to stream sessions in sync mode
	// to the auth server
	RecordAtNodeSync = "node-sync"

	// RecordAtProxySync enables the recording proxy which intercepts and records
	// all sessions, streams the records synchronously
	RecordAtProxySync = "proxy-sync"
)
View Source 
const (
	// ResourceMetadataName refers to a resource metadata field named "name".
	ResourceMetadataName = "name"

	// ResourceSpecDescription refers to a resource spec field named "description".
	ResourceSpecDescription = "description"

	// ResourceSpecHostname refers to a resource spec field named "hostname".
	ResourceSpecHostname = "hostname"

	// ResourceSpecAddr refers to a resource spec field named "address".
	ResourceSpecAddr = "address"

	// ResourceSpecPublicAddr refers to a resource field named "address".
	ResourceSpecPublicAddr = "publicAddress"

	// ResourceSpecType refers to a resource field named "type".
	ResourceSpecType = "type"

	// ResourceKind refers to a resource field named "kind".
	ResourceKind = "kind"
)
View Source 
const (
	// KubeVerbGet is the Kubernetes verb for "get".
	KubeVerbGet = "get"
	// KubeVerbCreate is the Kubernetes verb for "create".
	KubeVerbCreate = "create"
	// KubeVerbUpdate is the Kubernetes verb for "update".
	KubeVerbUpdate = "update"
	// KubeVerbPatch is the Kubernetes verb for "patch".
	KubeVerbPatch = "patch"
	// KubeVerbDelete is the Kubernetes verb for "delete".
	KubeVerbDelete = "delete"
	// KubeVerbList is the Kubernetes verb for "list".
	KubeVerbList = "list"
	// KubeVerbWatch is the Kubernetes verb for "watch".
	KubeVerbWatch = "watch"
	// KubeVerbDeleteCollection is the Kubernetes verb for "deletecollection".
	KubeVerbDeleteCollection = "deletecollection"
	// KubeVerbExec is the Kubernetes verb for "pod/exec".
	KubeVerbExec = "exec"
	// KubeVerbPortForward is the Kubernetes verb for "pod/portforward".
	KubeVerbPortForward = "portforward"
)
View Source 
const (
	// TeleportDropGroup is a default group that users of the teleport automated user
	// provisioning system get added to when provisioned in INSECURE_DROP mode. This
	// prevents already existing users from being tampered with or deleted.
	TeleportDropGroup = "teleport-system"
	// TeleportKeepGroup is a default group that users of the teleport automated user
	// provisioning system get added to when provisioned in KEEP mode. This prevents
	// already existing users from being tampered with or deleted.
	TeleportKeepGroup = "teleport-keep"
	// TeleportStaticGroup is a default group that static host users get added to. This
	// prevents already existing users from being tampered with or deleted.
	TeleportStaticGroup = "teleport-static"
)
View Source 
const (
	// JWTClaimsRewriteRolesAndTraits includes both roles and traits in the JWT token.
	JWTClaimsRewriteRolesAndTraits = "roles-and-traits"
	// JWTClaimsRewriteRoles includes only the roles in the JWT token.
	JWTClaimsRewriteRoles = "roles"
	// JWTClaimsRewriteTraits includes only the traits in the JWT token.
	JWTClaimsRewriteTraits = "traits"
	// JWTClaimsRewriteNone include neither traits nor roles in the JWT token.
	JWTClaimsRewriteNone = "none"
)
View Source 
const (
	// DefaultInstallerScriptName is the name of the by default populated, EC2
	// installer script
	DefaultInstallerScriptName = "default-installer"

	// DefaultInstallerScriptNameAgentless is the name of the by default populated, EC2
	// installer script when agentless mode is enabled for a matcher
	DefaultInstallerScriptNameAgentless = "default-agentless-installer"
)
View Source 
const (
	// ApplicationProtocolHTTP is the HTTP (Web) apps protocol
	ApplicationProtocolHTTP = "HTTP"
	// ApplicationProtocolTCP is the TCP apps protocol.
	ApplicationProtocolTCP = "TCP"
)
View Source 
const (
	// OktaOrgURLLabel is the label used by Okta-managed resources to indicate
	// the upstream Okta organization that they come from.
	OktaOrgURLLabel = "okta/org"

	// OktaAppIDLabel is the label for the Okta application ID on appserver objects.
	OktaAppIDLabel = TeleportInternalLabelPrefix + "okta-app-id"

	// OktaCredPurposeLabel is used by Okta-managed PluginStaticCredentials to
	// indicate their purpose
	OktaCredPurposeLabel = "okta/purpose"

	// OktaCredPurposeAuth indicates that the credential is intended for
	// authenticating with the Okta REST API
	OktaCredPurposeAuth = "okta-auth"

	// OktaCredPurposeSCIMToken indicates that theis to be used for authenticating
	// SCIM requests from the upstream organization. The content of the credential
	// is a bcrypt hash of actual token.
	OktaCredPurposeSCIMToken = "scim-bearer-token"

	// CredPurposeOKTAAPITokenWithSCIMOnlyIntegration is used when okta integration was enabled without
	// app groups sync. Due to backward compatibility when teleport was downgraded to version where the
	// AppGroupSyncDisabled flag is not supported we need to prevent plugin from starting.
	// This is done by distinguishing between OktaCredPurposeAuth and CredPurposeOKTAAPITokenWithSCIMOnlyIntegration
	// that are only set when AppGroupSyncDisabled is set to true.
	CredPurposeOKTAAPITokenWithSCIMOnlyIntegration = "okta-auth-scim-only"
)
View Source 
const (
	// DatadogCredentialLabel is used by Datadog-managed PluginStaticCredentials
	// to indiciate credential type.
	DatadogCredentialLabel = "datadog/credential"

	// DatadogCredentialAPIKey indicates that the credential is used as a
	// Datadog API key.
	DatadogCredentialAPIKey = "datadog-api-key"

	// DatadogCredentialApplicationKey indicates that the credential is used as
	// a Datadog Application key.
	DatadogCredentialApplicationKey = "datadog-application-key"
)
View Source 
const (
	// DatabaseProtocolPostgreSQL is the PostgreSQL database protocol.
	DatabaseProtocolPostgreSQL = "postgres"
	// DatabaseProtocolClickHouseHTTP is the ClickHouse database HTTP protocol.
	DatabaseProtocolClickHouseHTTP = "clickhouse-http"
	// DatabaseProtocolClickHouse is the ClickHouse database native write protocol.
	DatabaseProtocolClickHouse = "clickhouse"
	// DatabaseProtocolMySQL is the MySQL database protocol.
	DatabaseProtocolMySQL = "mysql"
	// DatabaseProtocolMongoDB is the MongoDB database protocol.
	DatabaseProtocolMongoDB = "mongodb"
	// DatabaseProtocolCockroachDB is the CockroachDB database protocol.
	DatabaseProtocolCockroachDB = "cockroachdb"
	// DatabaseProtocolOracle is the Oracle database protocol.
	DatabaseProtocolOracle = "oracle"

	// DatabaseTypeSelfHosted is the self-hosted type of database.
	DatabaseTypeSelfHosted = "self-hosted"
	// DatabaseTypeRDS is AWS-hosted RDS or Aurora database.
	DatabaseTypeRDS = "rds"
	// DatabaseTypeRDSProxy is an AWS-hosted RDS Proxy.
	DatabaseTypeRDSProxy = "rdsproxy"
	// DatabaseTypeRedshift is AWS Redshift database.
	DatabaseTypeRedshift = "redshift"
	// DatabaseTypeRedshiftServerless is AWS Redshift Serverless database.
	DatabaseTypeRedshiftServerless = "redshift-serverless"
	// DatabaseTypeCloudSQL is GCP-hosted Cloud SQL database.
	DatabaseTypeCloudSQL = "gcp"
	// DatabaseTypeSpanner is a GCP Spanner instance.
	DatabaseTypeSpanner = "spanner"
	// DatabaseTypeAzure is Azure-hosted database.
	DatabaseTypeAzure = "azure"
	// DatabaseTypeElastiCache is AWS-hosted ElastiCache database.
	DatabaseTypeElastiCache = "elasticache"
	// DatabaseTypeMemoryDB is AWS-hosted MemoryDB database.
	DatabaseTypeMemoryDB = "memorydb"
	// DatabaseTypeAWSKeyspaces is AWS-hosted Keyspaces database (Cassandra).
	DatabaseTypeAWSKeyspaces = "keyspace"
	// DatabaseTypeCassandra is AWS-hosted Keyspace database.
	DatabaseTypeCassandra = "cassandra"
	// DatabaseTypeDynamoDB is a DynamoDB database.
	DatabaseTypeDynamoDB = "dynamodb"
	// DatabaseTypeOpenSearch is AWS-hosted OpenSearch instance.
	DatabaseTypeOpenSearch = "opensearch"
	// DatabaseTypeMongoAtlas
	DatabaseTypeMongoAtlas = "mongo-atlas"
	// DatabaseTypeDocumentDB is the database type for AWS-hosted DocumentDB.
	DatabaseTypeDocumentDB = "docdb"
	// DatabaseTypeRDSOracle is AWS-hosted Oracle instance.
	DatabaseTypeRDSOracle = "rds-oracle"
)
View Source 
const (
	MaxRDPScreenWidth  = 8192
	MaxRDPScreenHeight = 8192
)
View Source 
const (
	GithubURL    = "https://github.com"
	GithubAPIURL = "https://api.github.com"
)
View Source 
const (
	// IntegrationSubKindAWSOIDC is an integration with AWS that uses OpenID Connect as an Identity Provider.
	IntegrationSubKindAWSOIDC = "aws-oidc"

	// IntegrationSubKindAzureOIDC is an integration with Azure that uses OpenID Connect as an Identity Provider.
	IntegrationSubKindAzureOIDC = "azure-oidc"

	// IntegrationSubKindGitHub is an integration with GitHub.
	IntegrationSubKindGitHub = "github"

	// IntegrationSubKindAWSRolesAnywhere is an integration with AWS that uses AWS IAM Roles Anywhere as trust and source of credentials.
	IntegrationSubKindAWSRolesAnywhere = "aws-ra"
)
View Source 
const (
	// IntegrationAWSOIDCAudienceUnspecified denotes an empty audience value. Empty audience value
	// is used to maintain default OIDC integration behavior and backward compatibility.
	IntegrationAWSOIDCAudienceUnspecified = ""
	// IntegrationAWSOIDCAudienceAWSIdentityCenter is an audience name for the Teleport AWS Idenity Center plugin.
	IntegrationAWSOIDCAudienceAWSIdentityCenter = "aws-identity-center"
)
View Source 
const (
	// IntegrationAWSOIDCAudience is the client id used to generate the JWT.
	// This value must match the Audience defined in the IAM Identity Provider of the Integration.
	IntegrationAWSOIDCAudience = "discover.teleport"

	// IntegrationAWSOIDCSubject identifies the system that is going to use the
	// token as the Teleport Proxy.
	IntegrationAWSOIDCSubject = "system:proxy"

	// IntegrationAWSOIDCSubject identifies the system that is going to use the
	// token as the Teleport Auth service.
	IntegrationAWSOIDCSubjectAuth = "system:auth"
)
View Source 
const (
	// JamfOnMissingNOOP is the textual representation for the NOOP on_missing
	// action.
	JamfOnMissingNoop = "NOOP"
	// JamfOnMissingDelete is the textual representation for the DELETE on_missing
	// action.
	JamfOnMissingDelete = "DELETE"
)
View Source 
const (
	// UpgraderKindKubeController is a short name used to identify the kube-controller-based
	// external upgrader variant.
	UpgraderKindKubeController = "kube"

	// UpgraderKindSystemdUnit is a short name used to identify the systemd-unit-based
	// external upgrader variant.
	UpgraderKindSystemdUnit = "unit"

	// UpgraderKindTeleportUpdate is a short name used to identify the teleport-update
	// external upgrader variant.
	UpgraderKindTeleportUpdate = "binary"
)
View Source 
const (
	// IAMInviteTokenName is the name of the default Teleport IAM
	// token to use when templating the script to be executed.
	IAMInviteTokenName = "aws-discovery-iam-token"

	// SSHDConfigPath is the path to the sshd config file to modify
	// when using the agentless installer
	SSHDConfigPath = "/etc/ssh/sshd_config"

	// AWSInstallerDocument is the name of the default AWS document
	// that will be called when executing the SSM command.
	AWSInstallerDocument = "TeleportDiscoveryInstaller"

	// AWSAgentlessInstallerDocument is the name of the default AWS document
	// that will be called when executing the SSM command .
	AWSAgentlessInstallerDocument = "TeleportAgentlessDiscoveryInstaller"

	// AWSMatcherEC2 is the AWS matcher type for EC2 instances.
	AWSMatcherEC2 = "ec2"
	// AWSMatcherEKS is the AWS matcher type for AWS Kubernetes.
	AWSMatcherEKS = "eks"
	// AWSMatcherRDS is the AWS matcher type for RDS databases.
	AWSMatcherRDS = "rds"
	// AWSMatcherRDSProxy is the AWS matcher type for RDS Proxy databases.
	AWSMatcherRDSProxy = "rdsproxy"
	// AWSMatcherRedshift is the AWS matcher type for Redshift databases.
	AWSMatcherRedshift = "redshift"
	// AWSMatcherRedshiftServerless is the AWS matcher type for Redshift Serverless databases.
	AWSMatcherRedshiftServerless = "redshift-serverless"
	// AWSMatcherElastiCache is the AWS matcher type for ElastiCache databases.
	AWSMatcherElastiCache = "elasticache"
	// AWSMatcherMemoryDB is the AWS matcher type for MemoryDB databases.
	AWSMatcherMemoryDB = "memorydb"
	// AWSMatcherOpenSearch is the AWS matcher type for OpenSearch databases.
	AWSMatcherOpenSearch = "opensearch"
	// AWSMatcherDocumentDB is the AWS matcher type for DocumentDB databases.
	AWSMatcherDocumentDB = "docdb"
)
View Source 
const (
	// AzureInviteTokenName is the name of the default token to use
	// when templating the script to be executed on Azure.
	AzureInviteTokenName = "azure-discovery-token"

	// AzureMatcherVM is the Azure matcher type for Azure VMs.
	AzureMatcherVM = "vm"
	// AzureMatcherKubernetes is the Azure matcher type for Azure Kubernetes.
	AzureMatcherKubernetes = "aks"
	// AzureMatcherMySQL is the Azure matcher type for Azure MySQL databases.
	AzureMatcherMySQL = "mysql"
	// AzureMatcherPostgres is the Azure matcher type for Azure Postgres databases.
	AzureMatcherPostgres = "postgres"
	// AzureMatcherRedis is the Azure matcher type for Azure Cache for Redis databases.
	AzureMatcherRedis = "redis"
	// AzureMatcherSQLServer is the Azure matcher type for SQL Server databases.
	AzureMatcherSQLServer = "sqlserver"
)
View Source 
const (
	// GCPInviteTokenName is the name of the default token to use
	// when templating the script to be executed on GCP.
	GCPInviteTokenName = "gcp-discovery-token"

	// GCPMatcherKubernetes is the GCP matcher type for GCP kubernetes.
	GCPMatcherKubernetes = "gke"
	// GCPMatcherCompute is the GCP matcher for GCP VMs.
	GCPMatcherCompute = "gce"
)
View Source 
const (
	// PluginTypeUnknown is returned when no plugin type matches.
	PluginTypeUnknown PluginType = ""
	// PluginTypeServiceNow is the Servicenow access request plugin
	PluginTypeServiceNow = "servicenow"
	// PluginTypeSlack is the Slack access request plugin
	PluginTypeSlack = "slack"
	// PluginTypeOpenAI is the OpenAI plugin
	PluginTypeOpenAI = "openai"
	// PluginTypeOkta is the Okta plugin
	PluginTypeOkta = "okta"
	// PluginTypeJamf is the Jamf MDM plugin
	PluginTypeJamf = "jamf"
	// PluginTypeJira is the Jira access plugin
	PluginTypeJira = "jira"
	// PluginTypeOpsgenie is the Opsgenie access request plugin
	PluginTypeOpsgenie = "opsgenie"
	// PluginTypePagerDuty is the PagerDuty access plugin
	PluginTypePagerDuty = "pagerduty"
	// PluginTypeMattermost is the Mattermost access plugin
	PluginTypeMattermost = "mattermost"
	// PluginTypeDiscord indicates the Discord access plugin
	PluginTypeDiscord = "discord"
	// PluginTypeGitlab indicates the Gitlab access plugin
	PluginTypeGitlab = "gitlab"
	// PluginTypeGithub indicates the Github access plugin
	PluginTypeGithub = "github"
	// PluginTypeEntraID indicates the Entra ID sync plugin
	PluginTypeEntraID = "entra-id"
	// PluginTypeSCIM indicates a generic SCIM integration
	PluginTypeSCIM = "scim"
	// PluginTypeDatadog indicates the Datadog Incident Management plugin
	PluginTypeDatadog = "datadog"
	// PluginTypeAWSIdentityCenter indicates AWS Identity Center plugin
	PluginTypeAWSIdentityCenter = "aws-identity-center"
	// PluginTypeEmail indicates an Email Access Request plugin
	PluginTypeEmail = "email"
	// PluginTypeMSTeams indicates a Microsoft Teams integration
	PluginTypeMSTeams = "msteams"
	// PluginTypeNetIQ indicates a NetIQ integration
	PluginTypeNetIQ = "netiq"
)
View Source 
const (
	// PluginSubkindUnknown is returned when no plugin subkind matches.
	PluginSubkindUnknown PluginSubkind = ""
	// PluginSubkindMDM represents MDM plugins collectively
	PluginSubkindMDM = "mdm"
	// PluginSubkindAccess represents access request plugins collectively
	PluginSubkindAccess = "access"
	// PluginSubkindAccessGraph represents access graph plugins collectively
	PluginSubkindAccessGraph = "accessgraph"
	// PluginSubkindProvisioning represents plugins that create and manage
	// Teleport users and/or other resources from an external source
	PluginSubkindProvisioning = "provisioning"
)
View Source 
const (
	// SAMLRequestHTTPRedirectBinding is the SAML http-redirect binding request name.
	SAMLRequestHTTPRedirectBinding = "http-redirect"
	// SAMLRequestHTTPPostBinding is the SAML http-post binding request name.
	SAMLRequestHTTPPostBinding = "http-post"
)
View Source 
const (
	// SAMLURINameFormat is an attribute name format that follows the convention for URI references [RFC 2396].
	SAMLURINameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
	// SAMLBasicNameFormat is an attribute name format that specifies a simple string value.
	SAMLBasicNameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
	// SAMLUnspecifiedNameFormat is an attribute name format for names that does not fall into Basic or URI category.
	SAMLUnspecifiedNameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"

	// SAMLStringType is a string value type.
	SAMLStringType = "xs:string"
)

The following name formats are defined in the SAML 2.0 Core OS Standard - https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

View Source 
const (
	// SAMLUnspecifiedNameIDFormat is a Name ID format of unknown type and it is upto the
	// service provider to interpret the format of the value. [Saml Core v2, 8.3.1]
	SAMLUnspecifiedNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
	// SAMLEmailAddressNameIDFormat is a Name ID format of email address type as specified
	// in IETF RFC 2822 [RFC 2822] Section 3.4.1. [Saml Core v2, 8.3.2]
	SAMLEmailAddressNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
	// SAMLX509SubjectNameNameIDFormat is a Name ID format of the X.509 certificate
	// subject name which is used in XML Signature Recommendation (XMLSig). [Saml Core v2, 8.3.3].
	SAMLX509SubjectNameNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
	// SAMLWindowsDomainQualifiedNameNameIDFormat is a Name ID format of Windows Domain Qualified
	// Name whose syntax "DomainName\UserName". [Saml Core v2, 8.3.4].
	SAMLWindowsDomainQualifiedNameNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName"
	// SAMLKerberosPrincipalNameNameNameIDFormat is a Name ID format of Kerberos Principal Name
	// whose syntax is "name[/instance]@REALM". IETF RFC 1510 [RFC 1510]. [Saml Core v2, 8.3.5].
	SAMLKerberosPrincipalNameNameNameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"
	// SAMLEntityNameIDFormat is a Name ID format for SAML IdP Entity ID value. [Saml Core v2, 8.3.6].
	SAMLEntityNameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
	// SAMLPersistentNameIDFormat is a Name ID format whose value is to be treated as a persistent
	// user identitifer by the service provider. [Saml Core v2, 8.3.7]
	SAMLPersistentNameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
	// SAMLTransientNameIDFormat is a Name ID format whose value is to be treated as a temporary value by the
	// service provider. [Saml Core v2, 8.3.8]
	SAMLTransientNameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
)

SAML Name ID formats. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.

View Source 
const (
	// SAMLAuthnContextPublicKeyX509ClassRef is a Public Key X.509 reference authentication standard.
	// Defined in SAML 2.0 Authentication Context Standard -
	// https://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf
	SAMLAuthnContextPublicKeyX509ClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:X509"

	// SAMLBearerMethod is a subject confirmation method, which tells the service provider
	// that the user in the context of authentication (the bearer of SAML assertion) lay claim to the SAML
	// assertion value. Defined in the SAML 2.0 Technical Overview -
	// http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.pdf
	SAMLBearerMethod = "urn:oasis:names:tc:SAML:2.0:cm:bearer"

	// SAMLSubjectIDName is a general purpose subject identifier as defined in SAML Subject Indentifier Attribuets -
	// http://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/csprd03/saml-subject-id-attr-v1.0-csprd03.pdf
	SAMLSubjectIDName = "urn:oasis:names:tc:SAML:attribute:subject-id"
)
View Source 
const (
	// SAMLUIDFriendlyName is a user friendly name with a userid format as defiend in OID-info db -
	// http://www.oid-info.com/cgi-bin/display?oid=urn%3Aoid%3A0.9.2342.19200300.100.1.1&a=display
	SAMLUIDFriendlyName = "uid"
	// SAMLUIDName is a URN value of UIDFriendlyName.
	SAMLUIDName = "urn:oid:0.9.2342.19200300.100.1.1"
	// SAMLEduPersonAffiliationFriendlyName is used to reference groups associated with a user as
	// defiend in OID-info db - http://www.oid-info.com/cgi-bin/display?oid=urn%3Aoid%3A1.3.6.1.4.1.5923.1.1.1.1&a=display
	SAMLEduPersonAffiliationFriendlyName = "eduPersonAffiliation"
	// SAMLEduPersonAffiliationName is a URN value of EduPersonAffiliationFriendlyName.
	SAMLEduPersonAffiliationName = "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
)
View Source 
const (
	// AccessMonitoringRuleStateReviewed indicates that the access monitoring
	// rule subject should be reviewed.
	AccessMonitoringRuleStateReviewed = "reviewed"
)
View Source 
const BuiltInAutomaticReview = "builtin"

BuiltInAutomaticReview is used within access monitoring rules and indicates that the automatic_review rule should be monitored by Teleport.

View Source 
const CloudHostnameTag = "TeleportHostname"

CloudHostnameTag is the name of the tag in a cloud instance used to override a node's hostname.

View Source 
const DefaultRoleVersion = V8

DefaultRoleVersion for NewRole() and test helpers. When incrementing the role version, make sure to update the role version in the asset file used by the UI. See: web/packages/teleport/src/Roles/templates/role.yaml

View Source 
const EventOrderAscending = 0

EventOrderAscending is an ascending event order. In essence, events go from oldest to newest.

View Source 
const EventOrderDescending = 1

EventOrderDescending is an descending event order. In this ordering events go from newest to oldest.

View Source 
const (
	// GitHubOrgServerDomain is the sub domain used in the hostname of a
	// types.Server to indicate the GitHub organization of a Git server.
	GitHubOrgServerDomain = "teleport-github-org"
)
View Source 
const (
	// HostedPluginLabel defines the name for the hosted plugin label.
	// When this label is set to "true" on a Plugin resource,
	// it indicates that the Plugin should be run by the Cloud service,
	// rather than self-hosted plugin services.
	HostedPluginLabel = TeleportNamespace + "/hosted-plugin"
)
View Source 
const (
	// KubernetesMatchersApp is app matcher type for Kubernetes services
	KubernetesMatchersApp = "app"
)
View Source 
const (
	// SCIMBaseURLLabel defines a label indicating the base URL for
	// interacting with a plugin via SCIM. Useful for diagnostic display.
	SCIMBaseURLLabel = TeleportNamespace + "/scim-base-url"
)
View Source 
const SemaphoreKindAccessListReminderLimiter = "access_list_reminder_limiter"

SemaphoreKindAccessListReminderLimiter is the semaphore kind used by the periodic check which creates access list reminder notifications.

View Source 
const SemaphoreKindAccessMonitoringLimiter = "access_monitoring_limiter"

SemaphoreKindAccessMonitoringLimiter is the semaphore kind used by the Access Monitoring feature during handling user queries.

View Source 
const SemaphoreKindConnection = "connection"

SemaphoreKindConnection is the semaphore kind used by the Concurrent Session Control feature to limit concurrent connections (corresponds to the `max_connections` role option).

View Source 
const SemaphoreKindHostUserModification = "host_user_modification"

SemaphoreKindHostUserModification is the semaphore kind used to limit the number of operations that can occur on a unix user to one at a time

View Source 
const SemaphoreKindKubernetesConnection = "kubernetes_connection"

SemaphoreKindKubernetesConnection is the semaphore kind used by the Concurrent Session Control feature to limit concurrent connections for Kubernetes (corresponds to the `max_kubernetes_connections` role option).

View Source 
const SemaphoreKindUploadCompleter = "upload_completer"

SemaphoreKindUploadCompleter is the semaphore kind used by the auth server's upload completer to protect access to the shared session recordings backend.

Variables

View Source 
var (
	// ErrPasswordlessRequiresWebauthn is issued if a passwordless challenge is
	// requested but WebAuthn isn't enabled.
	ErrPasswordlessRequiresWebauthn = &trace.BadParameterError{
		Message: "passwordless requires WebAuthn",
	}

	// ErrPasswordlessDisabledBySettings is issued if a passwordless challenge is
	// requested but passwordless is disabled by cluster settings.
	// See AuthPreferenceV2.AuthPreferenceV2.
	ErrPasswordlessDisabledBySettings = &trace.BadParameterError{
		Message: "passwordless disabled by cluster settings",
	}

	// ErrPassswordlessLoginBySSOUser is issued if an SSO user tries to login
	// using passwordless.
	ErrPassswordlessLoginBySSOUser = &trace.AccessDeniedError{
		Message: "SSO user cannot login using passwordless",
	}
)
View Source 
var (
	// AWSKubeClusterNameOverrideLabels are the label keys that Teleport
	// supports to override the kubernetes cluster name of discovered AWS kube
	// clusters.
	// Originally Teleport supported just the namespaced label
	// "teleport.dev/kubernetes-name", but this was an invalid label key in
	// other clouds.
	// For consistency and backwards compatibility, Teleport now supports both
	// the generic cloud kube cluster name override label and the original
	// namespaced label.
	AWSKubeClusterNameOverrideLabels = []string{
		cloudKubeClusterNameOverrideLabel,

		TeleportNamespace + "/kubernetes-name",
	}
	// AWSDatabaseNameOverrideLabels are the label keys that Teleport
	// supports to override the database name of discovered AWS databases.
	// Originally Teleport supported just the namespaced label
	// "teleport.dev/database_name", but this was an invalid label key in
	// other clouds.
	// For consistency and backwards compatibility, Teleport now supports both
	// the generic cloud database name override label and the original
	// namespaced label.
	AWSDatabaseNameOverrideLabels = []string{
		cloudDatabaseNameOverrideLabel,

		TeleportNamespace + "/database_name",
	}
)
View Source 
var (
	ErrInvalidLengthDevice        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowDevice          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupDevice = fmt.Errorf("proto: unexpected end of group")
)
View Source 
var (
	// ErrMissingEntityDescriptorAndEntityID is returned when both entity descriptor and entity ID is empty.
	ErrEmptyEntityDescriptorAndEntityID = &trace.BadParameterError{Message: "either entity_descriptor or entity_id must be provided"}
	// ErrMissingEntityDescriptorAndACSURL is returned when both entity descriptor and ACS URL is empty.
	ErrEmptyEntityDescriptorAndACSURL = &trace.BadParameterError{Message: "either entity_descriptor or acs_url must be provided"}
	// ErrDuplicateAttributeName is returned when attribute mapping declares two or more
	// attributes with the same name.
	ErrDuplicateAttributeName = &trace.BadParameterError{Message: "duplicate attribute name not allowed"}
	ErrUnsupportedPresetName  = &trace.BadParameterError{Message: "unsupported preset name"}
)
View Source 
var (
	ErrInvalidLengthTypes        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowTypes          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupTypes = fmt.Errorf("proto: unexpected end of group")
)
View Source 
var AWSICCredentialsSource_name = map[int32]string{
	0: "AWSIC_CREDENTIALS_SOURCE_UNKNOWN",
	1: "AWSIC_CREDENTIALS_SOURCE_OIDC",
	2: "AWSIC_CREDENTIALS_SOURCE_SYSTEM",
}
View Source 
var AWSICCredentialsSource_value = map[string]int32{
	"AWSIC_CREDENTIALS_SOURCE_UNKNOWN": 0,
	"AWSIC_CREDENTIALS_SOURCE_OIDC":    1,
	"AWSIC_CREDENTIALS_SOURCE_SYSTEM":  2,
}
View Source 
var AWSICGroupImportStatusCode_name = map[int32]string{
	0: "UNSPECIFIED",
	1: "DONE",
	2: "FAILED",
	3: "REIMPORT_REQUESTED",
}
View Source 
var AWSICGroupImportStatusCode_value = map[string]int32{
	"UNSPECIFIED":        0,
	"DONE":               1,
	"FAILED":             2,
	"REIMPORT_REQUESTED": 3,
}
View Source 
var AccessRequestScope_name = map[int32]string{
	0: "DEFAULT",
	1: "MY_REQUESTS",
	2: "NEEDS_REVIEW",
	3: "REVIEWED",
}
View Source 
var AccessRequestScope_value = map[string]int32{
	"DEFAULT":      0,
	"MY_REQUESTS":  1,
	"NEEDS_REVIEW": 2,
	"REVIEWED":     3,
}
View Source 
var AlertSeverity_name = map[int32]string{
	0:  "LOW",
	5:  "MEDIUM",
	10: "HIGH",
}
View Source 
var AlertSeverity_value = map[string]int32{
	"LOW":    0,
	"MEDIUM": 5,
	"HIGH":   10,
}
View Source 
var AllPluginTypes = []PluginType{
	PluginTypeServiceNow,
	PluginTypeSlack,
	PluginTypeOpenAI,
	PluginTypeOkta,
	PluginTypeJamf,
	PluginTypeJira,
	PluginTypeOpsgenie,
	PluginTypePagerDuty,
	PluginTypeMattermost,
	PluginTypeDiscord,
	PluginTypeEntraID,
	PluginTypeSCIM,
	PluginTypeDatadog,
	PluginTypeAWSIdentityCenter,
	PluginTypeEmail,
}

AllPluginTypes is a list of all plugins known to Teleport.

View Source 
var BackSortedLabelPrefixes = []string{CloudAWS, CloudAzure, CloudGCP, DiscoveryLabelLDAPPrefix, TeleportNamespace}

BackSortedLabelPrefixes are label names that we want to always be at the end of the sorted labels list to reduce visual clutter. This will generally be automatically discovered cloud provider labels such as azure/aks-managed-createOperationID=123123123123 or internal labels

View Source 
var CertAuthTypes = []CertAuthType{HostCA,
	UserCA,
	DatabaseCA,
	DatabaseClientCA,
	OpenSSHCA,
	JWTSigner,
	SAMLIDPCA,
	OIDCIdPCA,
	SPIFFECA,
	OktaCA,
	AWSRACA,
	BoundKeypairCA,
}

CertAuthTypes lists all certificate authority types.

View Source 
var CertAuthoritySpecV2_SigningAlgType_name = map[int32]string{
	0: "UNKNOWN",
	1: "RSA_SHA1",
	2: "RSA_SHA2_256",
	3: "RSA_SHA2_512",
}
View Source 
var CertAuthoritySpecV2_SigningAlgType_value = map[string]int32{
	"UNKNOWN":      0,
	"RSA_SHA1":     1,
	"RSA_SHA2_256": 2,
	"RSA_SHA2_512": 3,
}
View Source 
var CertExtensionMode_name = map[int32]string{
	0: "EXTENSION",
}
View Source 
var CertExtensionMode_value = map[string]int32{
	"EXTENSION": 0,
}
View Source 
var CertExtensionType_name = map[int32]string{
	0: "SSH",
}
View Source 
var CertExtensionType_value = map[string]int32{
	"SSH": 0,
}
View Source 
var ClusterAuditConfigSpecV2_FIPSEndpointState_name = map[int32]string{
	0: "FIPS_UNSET",
	1: "FIPS_ENABLED",
	2: "FIPS_DISABLED",
}
View Source 
var ClusterAuditConfigSpecV2_FIPSEndpointState_value = map[string]int32{
	"FIPS_UNSET":    0,
	"FIPS_ENABLED":  1,
	"FIPS_DISABLED": 2,
}
View Source 
var ConnectionDiagnosticTrace_StatusType_name = map[int32]string{
	0: "STATUS_UNSPECIFIED",
	1: "SUCCESS",
	2: "FAILED",
}
View Source 
var ConnectionDiagnosticTrace_StatusType_value = map[string]int32{
	"STATUS_UNSPECIFIED": 0,
	"SUCCESS":            1,
	"FAILED":             2,
}
View Source 
var ConnectionDiagnosticTrace_TraceType_name = map[int32]string{
	0:  "TRACE_TYPE_UNSPECIFIED",
	1:  "UNKNOWN_ERROR",
	2:  "RBAC_NODE",
	3:  "CONNECTIVITY",
	4:  "RBAC_PRINCIPAL",
	5:  "NODE_PRINCIPAL",
	6:  "RBAC_KUBE",
	7:  "KUBE_PRINCIPAL",
	8:  "RBAC_DATABASE",
	9:  "RBAC_DATABASE_LOGIN",
	10: "DATABASE_DB_USER",
	11: "DATABASE_DB_NAME",
}
View Source 
var ConnectionDiagnosticTrace_TraceType_value = map[string]int32{
	"TRACE_TYPE_UNSPECIFIED": 0,
	"UNKNOWN_ERROR":          1,
	"RBAC_NODE":              2,
	"CONNECTIVITY":           3,
	"RBAC_PRINCIPAL":         4,
	"NODE_PRINCIPAL":         5,
	"RBAC_KUBE":              6,
	"KUBE_PRINCIPAL":         7,
	"RBAC_DATABASE":          8,
	"RBAC_DATABASE_LOGIN":    9,
	"DATABASE_DB_USER":       10,
	"DATABASE_DB_NAME":       11,
}
View Source 
var CreateDatabaseUserMode_name = map[int32]string{
	0: "DB_USER_MODE_UNSPECIFIED",
	1: "DB_USER_MODE_OFF",
	2: "DB_USER_MODE_KEEP",
	3: "DB_USER_MODE_BEST_EFFORT_DROP",
}
View Source 
var CreateDatabaseUserMode_value = map[string]int32{
	"DB_USER_MODE_UNSPECIFIED":      0,
	"DB_USER_MODE_OFF":              1,
	"DB_USER_MODE_KEEP":             2,
	"DB_USER_MODE_BEST_EFFORT_DROP": 3,
}
View Source 
var CreateHostUserMode_name = map[int32]string{
	0: "HOST_USER_MODE_UNSPECIFIED",
	1: "HOST_USER_MODE_OFF",
	2: "HOST_USER_MODE_DROP",
	3: "HOST_USER_MODE_KEEP",
	4: "HOST_USER_MODE_INSECURE_DROP",
}
View Source 
var CreateHostUserMode_value = map[string]int32{
	"HOST_USER_MODE_UNSPECIFIED":   0,
	"HOST_USER_MODE_OFF":           1,
	"HOST_USER_MODE_DROP":          2,
	"HOST_USER_MODE_KEEP":          3,
	"HOST_USER_MODE_INSECURE_DROP": 4,
}
View Source 
var DatabaseTLSMode_name = map[int32]string{
	0: "VERIFY_FULL",
	1: "VERIFY_CA",
	2: "INSECURE",
}
View Source 
var DatabaseTLSMode_value = map[string]int32{
	"VERIFY_FULL": 0,
	"VERIFY_CA":   1,
	"INSECURE":    2,
}
View Source 
var EntraIDCredentialsSource_name = map[int32]string{
	0: "ENTRAID_CREDENTIALS_SOURCE_UNKNOWN",
	1: "ENTRAID_CREDENTIALS_SOURCE_OIDC",
	2: "ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS",
}
View Source 
var EntraIDCredentialsSource_value = map[string]int32{
	"ENTRAID_CREDENTIALS_SOURCE_UNKNOWN":            0,
	"ENTRAID_CREDENTIALS_SOURCE_OIDC":               1,
	"ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS": 2,
}
View Source 
var HeadlessAuthenticationState_name = map[int32]string{
	0: "HEADLESS_AUTHENTICATION_STATE_UNSPECIFIED",
	1: "HEADLESS_AUTHENTICATION_STATE_PENDING",
	2: "HEADLESS_AUTHENTICATION_STATE_DENIED",
	3: "HEADLESS_AUTHENTICATION_STATE_APPROVED",
}
View Source 
var HeadlessAuthenticationState_value = map[string]int32{
	"HEADLESS_AUTHENTICATION_STATE_UNSPECIFIED": 0,
	"HEADLESS_AUTHENTICATION_STATE_PENDING":     1,
	"HEADLESS_AUTHENTICATION_STATE_DENIED":      2,
	"HEADLESS_AUTHENTICATION_STATE_APPROVED":    3,
}
View Source 
var IAMPolicyStatus_name = map[int32]string{
	0: "IAM_POLICY_STATUS_UNSPECIFIED",
	1: "IAM_POLICY_STATUS_PENDING",
	2: "IAM_POLICY_STATUS_FAILED",
	3: "IAM_POLICY_STATUS_SUCCESS",
}
View Source 
var IAMPolicyStatus_value = map[string]int32{
	"IAM_POLICY_STATUS_UNSPECIFIED": 0,
	"IAM_POLICY_STATUS_PENDING":     1,
	"IAM_POLICY_STATUS_FAILED":      2,
	"IAM_POLICY_STATUS_SUCCESS":     3,
}
View Source 
var InstallParamEnrollMode_name = map[int32]string{
	0: "INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED",
	1: "INSTALL_PARAM_ENROLL_MODE_SCRIPT",
	2: "INSTALL_PARAM_ENROLL_MODE_EICE",
}
View Source 
var InstallParamEnrollMode_value = map[string]int32{
	"INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED": 0,
	"INSTALL_PARAM_ENROLL_MODE_SCRIPT":      1,
	"INSTALL_PARAM_ENROLL_MODE_EICE":        2,
}
View Source 
var JamfOnMissingActions = []string{
	JamfOnMissingNoop,
	JamfOnMissingDelete,
}

JamfOnMissingActions is a slice of all textual on_missing representations, excluding the empty string.

View Source 
var JoinMethods = []JoinMethod{
	JoinMethodAzure,
	JoinMethodAzureDevops,
	JoinMethodBitbucket,
	JoinMethodCircleCI,
	JoinMethodEC2,
	JoinMethodGCP,
	JoinMethodGitHub,
	JoinMethodGitLab,
	JoinMethodIAM,
	JoinMethodKubernetes,
	JoinMethodSpacelift,
	JoinMethodToken,
	JoinMethodTPM,
	JoinMethodTerraformCloud,
	JoinMethodOracle,
	JoinMethodBoundKeypair,
}
View Source 
var KeepAlive_KeepAliveType_name = map[int32]string{
	0: "UNKNOWN",
	1: "NODE",
	2: "APP",
	3: "DATABASE",
	4: "WINDOWS_DESKTOP",
	5: "KUBERNETES",
	6: "DATABASE_SERVICE",
}
View Source 
var KeepAlive_KeepAliveType_value = map[string]int32{
	"UNKNOWN":          0,
	"NODE":             1,
	"APP":              2,
	"DATABASE":         3,
	"WINDOWS_DESKTOP":  4,
	"KUBERNETES":       5,
	"DATABASE_SERVICE": 6,
}
View Source 
var KubernetesClusterWideResourceKinds = []string{
	KindKubeNamespace,
	KindKubeNode,
	KindKubePersistentVolume,
	KindKubeClusterRole,
	KindKubeClusterRoleBinding,
	KindKubeCertificateSigningRequest,
}

KubernetesClusterWideResourceKinds is the list of supported Kubernetes cluster resource kinds that are not namespaced. Needed to maintain backward compatibility.

View Source 
var KubernetesCoreResourceKinds = map[string]struct{}{
	"bindings":               {},
	"componentstatuses":      {},
	"configmaps":             {},
	"endpoints":              {},
	"events":                 {},
	"limitranges":            {},
	"namespaces":             {},
	"nodes":                  {},
	"persistentvolumeclaims": {},
	"persistentvolumes":      {},
	"pods":                   {},
	"podtemplates":           {},
	"replicationcontrollers": {},
	"resourcequotas":         {},
	"secrets":                {},
	"serviceaccounts":        {},
	"services":               {},
}

List of "" (core / legacy) resources.

Used to validate the api_group field.

Generated with: 

(kubectl api-resources --api-group "" --output=name --namespaced=true && kubectl api-resources --api-group "" --output=name --namespaced=false) | sort
View Source 
var KubernetesResourcesKinds = []string{
	KindKubePod,
	KindKubeSecret,
	KindKubeConfigmap,
	KindKubeNamespace,
	KindKubeService,
	KindKubeServiceAccount,
	KindKubeNode,
	KindKubePersistentVolume,
	KindKubePersistentVolumeClaim,
	KindKubeDeployment,
	KindKubeReplicaSet,
	KindKubeStatefulset,
	KindKubeDaemonSet,
	KindKubeClusterRole,
	KindKubeRole,
	KindKubeClusterRoleBinding,
	KindKubeRoleBinding,
	KindKubeCronjob,
	KindKubeJob,
	KindKubeCertificateSigningRequest,
	KindKubeIngress,
}

KubernetesResourcesKinds lists the supported Kubernetes resource kinds. This is for the latest version of Role resources; roles whose version is set to v6 or prior only support KindKubePod.

View Source 
var KubernetesResourcesKindsPlurals = map[string]string{
	KindKubePod:                       "pods",
	KindKubeSecret:                    "secrets",
	KindKubeConfigmap:                 "configmaps",
	KindKubeService:                   "services",
	KindKubeServiceAccount:            "serviceaccounts",
	KindKubeNode:                      "nodes",
	KindKubePersistentVolume:          "persistentvolumes",
	KindKubePersistentVolumeClaim:     "persistentvolumeclaims",
	KindKubeDeployment:                "deployments",
	KindKubeReplicaSet:                "replicasets",
	KindKubeReplicationController:     "replicationcontrollers",
	KindKubeStatefulset:               "statefulsets",
	KindKubeDaemonSet:                 "daemonsets",
	KindKubeClusterRole:               "clusterroles",
	KindKubeRole:                      "roles",
	KindKubeClusterRoleBinding:        "clusterrolebindings",
	KindKubeRoleBinding:               "rolebindings",
	KindKubeCronjob:                   "cronjobs",
	KindKubeJob:                       "jobs",
	KindKubeCertificateSigningRequest: "certificatesigningrequests",
	KindKubeIngress:                   "ingresses",
}

KubernetesResourcesKindsPlurals maps the legacy Teleport kube kinds to their kubernetes name. Used to upgrade roles <=v7 as well as to support existing access request format. NOTE: Namespace having a different behavior between versions, it is omitted from this map.

View Source 
var KubernetesResourcesV7KindGroups = map[string]string{
	KindKubePod:                       "",
	KindKubeSecret:                    "",
	KindKubeConfigmap:                 "",
	KindKubeNamespace:                 "",
	KindKubeService:                   "",
	KindKubeServiceAccount:            "",
	KindKubeNode:                      "",
	KindKubePersistentVolume:          "",
	KindKubePersistentVolumeClaim:     "",
	KindKubeDeployment:                "apps",
	KindKubeReplicaSet:                "apps",
	KindKubeStatefulset:               "apps",
	KindKubeDaemonSet:                 "apps",
	KindKubeClusterRole:               "rbac.authorization.k8s.io",
	KindKubeRole:                      "rbac.authorization.k8s.io",
	KindKubeClusterRoleBinding:        "rbac.authorization.k8s.io",
	KindKubeRoleBinding:               "rbac.authorization.k8s.io",
	KindKubeCronjob:                   "batch",
	KindKubeJob:                       "batch",
	KindKubeCertificateSigningRequest: "certificates.k8s.io",
	KindKubeIngress:                   "networking.k8s.io",
}

KubernetesResourcesV7KindGroups maps the legacy Teleport kube kinds to their kubernetes group. Used for validation in role >=v8 to check whether an older value has been accidentally used.

View Source 
var KubernetesVerbs = []string{
	Wildcard,
	KubeVerbGet,
	KubeVerbCreate,
	KubeVerbUpdate,
	KubeVerbPatch,
	KubeVerbDelete,
	KubeVerbList,
	KubeVerbWatch,
	KubeVerbDeleteCollection,
	KubeVerbExec,
	KubeVerbPortForward,
}

KubernetesVerbs lists the supported Kubernetes verbs.

View Source 
var LabelMatcherKinds = []string{
	KindRemoteCluster,
	KindNode,
	KindKubernetesCluster,
	KindApp,
	KindDatabase,
	KindDatabaseService,
	KindWindowsDesktop,
	KindWindowsDesktopService,
	KindUserGroup,
}

LabelMatcherKinds is the complete list of resource kinds that support label matchers.

View Source 
var MFADeviceKind_name = map[int32]string{
	0: "MFA_DEVICE_KIND_UNSPECIFIED",
	1: "MFA_DEVICE_KIND_UNSET",
	2: "MFA_DEVICE_KIND_TOTP",
	3: "MFA_DEVICE_KIND_WEBAUTHN",
}
View Source 
var MFADeviceKind_value = map[string]int32{
	"MFA_DEVICE_KIND_UNSPECIFIED": 0,
	"MFA_DEVICE_KIND_UNSET":       1,
	"MFA_DEVICE_KIND_TOTP":        2,
	"MFA_DEVICE_KIND_WEBAUTHN":    3,
}
View Source 
var OktaAssignmentSpecV1_OktaAssignmentStatus_name = map[int32]string{
	0: "UNKNOWN",
	1: "PENDING",
	2: "PROCESSING",
	3: "SUCCESSFUL",
	4: "FAILED",
}
View Source 
var OktaAssignmentSpecV1_OktaAssignmentStatus_value = map[string]int32{
	"UNKNOWN":    0,
	"PENDING":    1,
	"PROCESSING": 2,
	"SUCCESSFUL": 3,
	"FAILED":     4,
}
View Source 
var OktaAssignmentTargetV1_OktaAssignmentTargetType_name = map[int32]string{
	0: "UNKNOWN",
	1: "APPLICATION",
	2: "GROUP",
}
View Source 
var OktaAssignmentTargetV1_OktaAssignmentTargetType_value = map[string]int32{
	"UNKNOWN":     0,
	"APPLICATION": 1,
	"GROUP":       2,
}
View Source 
var OktaPluginSyncStatusCode_name = map[int32]string{
	0: "OKTA_PLUGIN_SYNC_STATUS_CODE_UNSPECIFIED",
	1: "OKTA_PLUGIN_SYNC_STATUS_CODE_SUCCESS",
	2: "OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR",
}
View Source 
var OktaPluginSyncStatusCode_value = map[string]int32{
	"OKTA_PLUGIN_SYNC_STATUS_CODE_UNSPECIFIED": 0,
	"OKTA_PLUGIN_SYNC_STATUS_CODE_SUCCESS":     1,
	"OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR":       2,
}
View Source 
var OriginValues = common.OriginValues

OriginValues lists all possible origin values.

View Source 
var PackageNameKinds = []string{PackageNameOSS, PackageNameEnt, PackageNameEntFIPS}

PackageNameKinds is the list of valid teleport package names.

View Source 
var PasswordState_name = map[int32]string{
	0: "PASSWORD_STATE_UNSPECIFIED",
	1: "PASSWORD_STATE_UNSET",
	2: "PASSWORD_STATE_SET",
}
View Source 
var PasswordState_value = map[string]int32{
	"PASSWORD_STATE_UNSPECIFIED": 0,
	"PASSWORD_STATE_UNSET":       1,
	"PASSWORD_STATE_SET":         2,
}
View Source 
var PluginStatusCode_name = map[int32]string{
	0:  "UNKNOWN",
	1:  "RUNNING",
	2:  "OTHER_ERROR",
	3:  "UNAUTHORIZED",
	10: "SLACK_NOT_IN_CHANNEL",
	20: "OKTA_CONFIG_ERROR",
}
View Source 
var PluginStatusCode_value = map[string]int32{
	"UNKNOWN":              0,
	"RUNNING":              1,
	"OTHER_ERROR":          2,
	"UNAUTHORIZED":         3,
	"SLACK_NOT_IN_CHANNEL": 10,
	"OKTA_CONFIG_ERROR":    20,
}
View Source 
var PrivateKeyType_name = map[int32]string{
	0: "RAW",
	1: "PKCS11",
	2: "GCP_KMS",
	3: "AWS_KMS",
}
View Source 
var PrivateKeyType_value = map[string]int32{
	"RAW":     0,
	"PKCS11":  1,
	"GCP_KMS": 2,
	"AWS_KMS": 3,
}
View Source 
var ProxyListenerMode_name = map[int32]string{
	0: "Separate",
	1: "Multiplex",
}
View Source 
var ProxyListenerMode_value = map[string]int32{
	"Separate":  0,
	"Multiplex": 1,
}
View Source 
var RequestState_name = map[int32]string{
	0: "NONE",
	1: "PENDING",
	2: "APPROVED",
	3: "DENIED",
	4: "PROMOTED",
}
View Source 
var RequestState_value = map[string]int32{
	"NONE":     0,
	"PENDING":  1,
	"APPROVED": 2,
	"DENIED":   3,
	"PROMOTED": 4,
}
View Source 
var RequestableResourceKinds = []string{
	KindNode,
	KindKubernetesCluster,
	KindDatabase,
	KindApp,
	KindWindowsDesktop,
	KindUserGroup,
	KindKubePod,
	KindKubeSecret,
	KindKubeConfigmap,
	KindKubeNamespace,
	KindKubeService,
	KindKubeServiceAccount,
	KindKubeNode,
	KindKubePersistentVolume,
	KindKubePersistentVolumeClaim,
	KindKubeDeployment,
	KindKubeReplicaSet,
	KindKubeStatefulset,
	KindKubeDaemonSet,
	KindKubeClusterRole,
	KindKubeRole,
	KindKubeClusterRoleBinding,
	KindKubeRoleBinding,
	KindKubeCronjob,
	KindKubeJob,
	KindKubeCertificateSigningRequest,
	KindKubeIngress,
	KindSAMLIdPServiceProvider,
	KindIdentityCenterAccount,
	KindIdentityCenterAccountAssignment,
	KindGitServer,
}

RequestableResourceKinds lists all Teleport resource kinds users can request access to.

View Source 
var RequireAWSIAMRolesAsUsersMatchers = []string{
	AWSMatcherRedshiftServerless,
	AWSMatcherOpenSearch,
	AWSMatcherDocumentDB,
}

RequireAWSIAMRolesAsUsersMatchers is a list of the AWS databases that require AWS IAM roles as database users. IMPORTANT: if you add database matchers for AWS keyspaces, OpenSearch, or DynamoDB discovery, add them here and in RequireAWSIAMRolesAsUsers in api/types.

View Source 
var RequireMFAType_name = map[int32]string{
	0: "OFF",
	1: "SESSION",
	2: "SESSION_AND_HARDWARE_KEY",
	3: "HARDWARE_KEY_TOUCH",
	4: "HARDWARE_KEY_PIN",
	5: "HARDWARE_KEY_TOUCH_AND_PIN",
}
View Source 
var RequireMFAType_value = map[string]int32{
	"OFF":                        0,
	"SESSION":                    1,
	"SESSION_AND_HARDWARE_KEY":   2,
	"HARDWARE_KEY_TOUCH":         3,
	"HARDWARE_KEY_PIN":           4,
	"HARDWARE_KEY_TOUCH_AND_PIN": 5,
}
View Source 
var RotatePhases = []string{
	RotationPhaseInit,
	RotationPhaseStandby,
	RotationPhaseUpdateClients,
	RotationPhaseUpdateServers,
	RotationPhaseRollback,
}

RotatePhases lists all supported rotation phases

View Source 
var RoutingStrategy_name = map[int32]string{
	0: "UNAMBIGUOUS_MATCH",
	1: "MOST_RECENT",
}
View Source 
var RoutingStrategy_value = map[string]int32{
	"UNAMBIGUOUS_MATCH": 0,
	"MOST_RECENT":       1,
}
View Source 
var SAMLForceAuthn_name = map[int32]string{
	0: "FORCE_AUTHN_UNSPECIFIED",
	1: "FORCE_AUTHN_YES",
	2: "FORCE_AUTHN_NO",
}
View Source 
var SAMLForceAuthn_value = map[string]int32{
	"FORCE_AUTHN_UNSPECIFIED": 0,
	"FORCE_AUTHN_YES":         1,
	"FORCE_AUTHN_NO":          2,
}
View Source 
var SAMLRequestBindingValues = []string{SAMLRequestHTTPRedirectBinding, SAMLRequestHTTPPostBinding}

SAMLRequestBindingValues includes supported SAML request binding values.

View Source 
var SecondFactorType_name = map[int32]string{
	0: "SECOND_FACTOR_TYPE_UNSPECIFIED",
	1: "SECOND_FACTOR_TYPE_OTP",
	2: "SECOND_FACTOR_TYPE_WEBAUTHN",
	3: "SECOND_FACTOR_TYPE_SSO",
}
View Source 
var SecondFactorType_value = map[string]int32{
	"SECOND_FACTOR_TYPE_UNSPECIFIED": 0,
	"SECOND_FACTOR_TYPE_OTP":         1,
	"SECOND_FACTOR_TYPE_WEBAUTHN":    2,
	"SECOND_FACTOR_TYPE_SSO":         3,
}
View Source 
var SessionRecordingModes = []string{RecordAtNode, RecordAtProxy, RecordOff, RecordAtNodeSync, RecordAtProxySync}

SessionRecordingModes lists all possible session recording modes.

View Source 
var SessionState_name = map[int32]string{
	0: "SessionStatePending",
	1: "SessionStateRunning",
	2: "SessionStateTerminated",
}
View Source 
var SessionState_value = map[string]int32{
	"SessionStatePending":    0,
	"SessionStateRunning":    1,
	"SessionStateTerminated": 2,
}
View Source 
var SignatureAlgorithmSuite_name = map[int32]string{
	0: "SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED",
	1: "SIGNATURE_ALGORITHM_SUITE_LEGACY",
	2: "SIGNATURE_ALGORITHM_SUITE_BALANCED_V1",
	3: "SIGNATURE_ALGORITHM_SUITE_FIPS_V1",
	4: "SIGNATURE_ALGORITHM_SUITE_HSM_V1",
}
View Source 
var SignatureAlgorithmSuite_value = map[string]int32{
	"SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED": 0,
	"SIGNATURE_ALGORITHM_SUITE_LEGACY":      1,
	"SIGNATURE_ALGORITHM_SUITE_BALANCED_V1": 2,
	"SIGNATURE_ALGORITHM_SUITE_FIPS_V1":     3,
	"SIGNATURE_ALGORITHM_SUITE_HSM_V1":      4,
}
View Source 
var SupportedAWSDatabaseMatchers = []string{
	AWSMatcherRDS,
	AWSMatcherRDSProxy,
	AWSMatcherRedshift,
	AWSMatcherRedshiftServerless,
	AWSMatcherElastiCache,
	AWSMatcherMemoryDB,
	AWSMatcherOpenSearch,
	AWSMatcherDocumentDB,
}

SupportedAWSDatabaseMatchers is a list of the AWS databases currently supported by the Teleport discovery service. IMPORTANT: when adding new Database matchers, make sure reference configs for both Discovery and Database Service are updated in docs.

View Source 
var SupportedAWSMatchers = append([]string{
	AWSMatcherEC2,
	AWSMatcherEKS,
}, SupportedAWSDatabaseMatchers...)

SupportedAWSMatchers is list of AWS services currently supported by the Teleport discovery service.

View Source 
var SupportedAzureMatchers = []string{
	AzureMatcherVM,
	AzureMatcherKubernetes,
	AzureMatcherMySQL,
	AzureMatcherPostgres,
	AzureMatcherRedis,
	AzureMatcherSQLServer,
}

SupportedAzureMatchers is list of Azure services currently supported by the Teleport discovery service. IMPORTANT: when adding new Database matchers, make sure reference configs for both Discovery and Database Service are updated in docs.

View Source 
var SupportedGCPMatchers = []string{
	GCPMatcherKubernetes,
	GCPMatcherCompute,
}

SupportedGCPMatchers is list of GCP services currently supported by the Teleport discovery service.

View Source 
var SupportedKubernetesMatchers = []string{
	KubernetesMatchersApp,
}

SupportedKubernetesMatchers is a list of Kubernetes matchers supported by Teleport discovery service

View Source 
var TrustedDeviceRequirement_name = map[int32]string{
	0: "TRUSTED_DEVICE_REQUIREMENT_UNSPECIFIED",
	1: "TRUSTED_DEVICE_REQUIREMENT_NOT_REQUIRED",
	2: "TRUSTED_DEVICE_REQUIREMENT_REQUIRED",
}
View Source 
var TrustedDeviceRequirement_value = map[string]int32{
	"TRUSTED_DEVICE_REQUIREMENT_UNSPECIFIED":  0,
	"TRUSTED_DEVICE_REQUIREMENT_NOT_REQUIRED": 1,
	"TRUSTED_DEVICE_REQUIREMENT_REQUIRED":     2,
}
View Source 
var UpdaterStatus_name = map[int32]string{
	0: "UPDATER_STATUS_UNSPECIFIED",
	1: "UPDATER_STATUS_OK",
	2: "UPDATER_STATUS_DISABLED",
	3: "UPDATER_STATUS_PINNED",
	4: "UPDATER_STATUS_UNREADABLE",
}
View Source 
var UpdaterStatus_value = map[string]int32{
	"UPDATER_STATUS_UNSPECIFIED": 0,
	"UPDATER_STATUS_OK":          1,
	"UPDATER_STATUS_DISABLED":    2,
	"UPDATER_STATUS_PINNED":      3,
	"UPDATER_STATUS_UNREADABLE":  4,
}
View Source 
var UserTokenUsage_name = map[int32]string{
	0: "USER_TOKEN_USAGE_UNSPECIFIED",
	1: "USER_TOKEN_RECOVER_PASSWORD",
	2: "USER_TOKEN_RECOVER_MFA",
	3: "USER_TOKEN_RENEWAL_BOT",
}
View Source 
var UserTokenUsage_value = map[string]int32{
	"USER_TOKEN_USAGE_UNSPECIFIED": 0,
	"USER_TOKEN_RECOVER_PASSWORD":  1,
	"USER_TOKEN_RECOVER_MFA":       2,
	"USER_TOKEN_RENEWAL_BOT":       3,
}
View Source 
var WebSessionSubKinds = []string{KindAppSession, KindWebSession, KindSnowflakeSession}

WebSessionSubKinds lists subkinds of web session resources

Functions

func BoolDefaultTrue 

func BoolDefaultTrue(v *BoolOption) bool

BoolDefaultTrue returns true if v is not set (pointer is nil) otherwise returns real boolean value

func CombineLabels 

func CombineLabels(static map[string]string, dynamic map[string]CommandLabelV2) map[string]string

CombineLabels combines the passed in static and dynamic labels.

func DeviceFromResource 

func DeviceFromResource(res *DeviceV1) (*devicepb.Device, error)

DeviceFromResource converts a resource DeviceV1 to an API devicepb.Device.

func FriendlyName 

func FriendlyName(resource ResourceWithLabels) string

FriendlyName will return the friendly name for a resource if it has one. Otherwise, it will return an empty string.

func GetExpiry 

func GetExpiry(v any) (time.Time, error)

GetExpiry returns the expiration, if one can be obtained, otherwise returns an empty time `time.Time{}`, which is equivalent to no expiry.

Works for both Resource and ResourceMetadata instances.

func GetGitHubOrgFromNodeAddr 

func GetGitHubOrgFromNodeAddr(addr string) (string, bool)

GetGitHubOrgFromNodeAddr parses the organization from the node address.

func GetKind 

func GetKind(v any) (string, error)

GetKind returns the kind, if one can be obtained, otherwise an empty string is returned.

Works for both Resource and ResourceMetadata instances.

func GetMCPServerTransportType 

func GetMCPServerTransportType(uri string) string

GetMCPServerTransportType returns the transport of the MCP server based on the URI. If no MCP transport type can be determined from the URI, an empty string is returned.

func GetName 

func GetName[R Resource](r R) string

GetName fetches the name of the supplied resource. Useful when sorting lists of resources or building maps, etc.

func GetOrigin 

func GetOrigin(v any) (string, error)

GetOrigin returns the value set for the OriginLabel. If the label is missing, an empty string is returned.

Works for both ResourceWithOrigin and ResourceMetadata instances.

func GetRevision 

func GetRevision(v any) (string, error)

GetRevision returns the revision, if one can be obtained, otherwise an empty string is returned.

Works for both Resource and ResourceMetadata instances.

func IsAppMCP 

func IsAppMCP(uri string) bool

IsAppMCP returns true if provided uri is an MCP app.

func IsAppTCP 

func IsAppTCP(uri string) bool

func IsLegacySAMLRBAC 

func IsLegacySAMLRBAC(roleVersion string) bool

IsLegacySAMLRBAC matches a role version v7 and below, considered as the legacy SAML IdP RBAC.

func IsMaxFailedRecoveryAttempt 

func IsMaxFailedRecoveryAttempt(maxAttempts int, attempts []*RecoveryAttempt, now time.Time) bool

IsMaxFailedRecoveryAttempt determines if user reached their max failed attempts. Attempts list is expected to come sorted from oldest to latest time.

func IsOpenSSHNodeSubKind 

func IsOpenSSHNodeSubKind(subkind string) bool

IsOpenSSHNodeSubKind returns whether the Node SubKind is from a server which accepts connections over the OpenSSH daemon (instead of a Teleport Node).

func IsSystemResource 

func IsSystemResource(r Resource) bool

IsSystemResource checks to see if the given resource is considered part of the teleport system, as opposed to some user created resource or preset.

func IsUnsupportedAuthorityErr 

func IsUnsupportedAuthorityErr(err error) bool

IsUnsupportedAuthorityErr returns whether an error is due to an unsupported CertAuthType.

func IsValidLabelKey 

func IsValidLabelKey(s string) bool

IsValidLabelKey checks if the supplied string is a valid label key.

func IsValidNamespace 

func IsValidNamespace(s string) bool

IsValidNamespace checks if the namespace provided is valid

func LabelsToV2 

func LabelsToV2(labels map[string]CommandLabel) map[string]CommandLabelV2

LabelsToV2 converts labels from interface to V2 spec

func LegacySecondFactorFromSecondFactors 

func LegacySecondFactorFromSecondFactors(secondFactors []SecondFactorType) constants.SecondFactorType

LegacySecondFactorFromSecondFactors returns a suitable legacy second factor for the given list of second factors.

func LegacyTo153Metadata 

func LegacyTo153Metadata(md Metadata) *headerv1.Metadata

LegacyTo153Metadata converts a legacy Metadata object an RFD153-style headerv1.Metadata block

func MakeGitHubOrgServerDomain 

func MakeGitHubOrgServerDomain(org string) string

MakeGitHubOrgServerDomain creates a special domain name used in server's host address to identify the GitHub organization.

func MatchKinds 

func MatchKinds(resource ResourceWithLabels, kinds []string) bool

MatchKinds takes an array of strings that represent a Kind and returns true if the resource's kind matches any item in the given array.

func MatchLabels 

func MatchLabels(resource ResourceWithLabels, labels map[string]string) bool

MatchLabels takes a map of labels and returns `true` if the resource has ALL of them.

func MatchSearch 

func MatchSearch(fieldVals []string, searchVals []string, customMatch func(val string) bool) bool

MatchSearch goes through select field values from a resource and tries to match against the list of search values, ignoring case and order. Returns true if all search vals were matched (or if nil search vals). Returns false if no or partial match (or nil field values).

func OktaAssignmentStatusProtoToString 

func OktaAssignmentStatusProtoToString(status OktaAssignmentSpecV1_OktaAssignmentStatus) string

OktaAssignmentStatusProtoToString will convert the Okta status known to protobuf into the internal notion of an Okta status.

func ParseWeekday 

func ParseWeekday(s string) (day time.Weekday, ok bool)

ParseWeekday attempts to interpret a string as a time.Weekday. In the interest of flexibility, parsing is case-insensitive and supports the common three-letter shorthand accepted by many common scheduling utilites (e.g. contab, systemd timers).

func ParseWeekdays 

func ParseWeekdays(days []string) (map[time.Weekday]struct{}, error)

ParseWeekdays attempts to parse a slice of strings representing week days. The slice must not be empty but can also contain a single value "*", representing the whole week. Day order doesn't matter but the same week day must not be present multiple times. In the interest of flexibility, parsing is case-insensitive and supports the common three-letter shorthand accepted by many common scheduling utilites (e.g. contab, systemd timers).

func ProcessNamespace 

func ProcessNamespace(namespace string) string

ProcessNamespace returns the default namespace in case the namespace is empty.

func RemoveCASecrets 

func RemoveCASecrets(ca CertAuthority)

RemoveCASecrets removes private (SSH, TLS, and JWT) keys from certificate authority.

func ResourceDeviceAttestationTypeFromString 

func ResourceDeviceAttestationTypeFromString(
	attestationType string,
) (devicepb.DeviceAttestationType, error)

func ResourceDeviceAttestationTypeToString 

func ResourceDeviceAttestationTypeToString(
	attestationType devicepb.DeviceAttestationType,
) string

func ResourceDeviceEnrollStatusFromString 

func ResourceDeviceEnrollStatusFromString(enrollStatus string) (devicepb.DeviceEnrollStatus, error)

ResourceDeviceEnrollStatusFromString converts a string representation of DeviceEnrollStatus suitable for resource fields to DeviceEnrollStatus.

func ResourceDeviceEnrollStatusToString 

func ResourceDeviceEnrollStatusToString(enrollStatus devicepb.DeviceEnrollStatus) string

ResourceDeviceEnrollStatusToString converts DeviceEnrollStatus to a string representation suitable for use in resource fields.

func ResourceDeviceOriginFromString 

func ResourceDeviceOriginFromString(s string) (devicepb.DeviceOrigin, error)

func ResourceDeviceOriginToString 

func ResourceDeviceOriginToString(o devicepb.DeviceOrigin) string

func ResourceIDToString 

func ResourceIDToString(id ResourceID) string

ResourceIDToString marshals a ResourceID to a string.

func ResourceIDsToString 

func ResourceIDsToString(ids []ResourceID) (string, error)

ResourceIDsToString marshals a list of ResourceIDs to a string.

func ResourceNames 

func ResourceNames[R Resource, S ~[]R](s S) iter.Seq[string]

ResourceNames creates an iterator that loops through the provided slice of resources and return their names.

func ResourceOSTypeFromString 

func ResourceOSTypeFromString(osType string) (devicepb.OSType, error)

ResourceOSTypeFromString converts a string representation of OSType suitable for resource fields to OSType.

func ResourceOSTypeToString 

func ResourceOSTypeToString(osType devicepb.OSType) string

ResourceOSTypeToString converts OSType to a string representation suitable for use in resource fields.

func ServerInfoNameFromAWS 

func ServerInfoNameFromAWS(accountID, instanceID string) string

ServerInfoNameFromAWS gets the name of the ServerInfo that matches the node with the given AWS account ID and instance ID.

func ServerInfoNameFromNodeName 

func ServerInfoNameFromNodeName(name string) string

ServerInfoNameFromNodeName gets the name of the ServerInfo that matches the node with the given name.

func SetRevision 

func SetRevision(v any, revision string) error

SetRevision updates the revision if v supports the concept of revisions.

Works for both Resource and ResourceMetadata instances.

func SortClusterAlerts 

func SortClusterAlerts(alerts []ClusterAlert)

SortClusterAlerts applies the default cluster alert sorting, prioritizing elements by a combination of severity and creation time. Alerts are sorted with higher severity alerts first, and alerts of the same priority are sorted with newer alerts first.

func V2ToLabels 

func V2ToLabels(l map[string]CommandLabelV2) map[string]CommandLabel

V2ToLabels converts concrete type to command label interface.

func ValidateAssumeStartTime 

func ValidateAssumeStartTime(assumeStartTime time.Time, accessExpiry time.Time, creationTime time.Time) error

ValidateAssumeStartTime returns error if start time is in an invalid range.

func ValidateDatabaseName 

func ValidateDatabaseName(name string) error

ValidateDatabaseName returns an error if a given string is not a valid Database name. Unlike application access proxy, database name doesn't necessarily need to be a valid subdomain but use the same validation logic for the simplicity and consistency, except two differences: don't restrict names to 63 chars in length and allow upper case chars.

func ValidateGitHubOrganizationName 

func ValidateGitHubOrganizationName(name string) error

ValidateGitHubOrganizationName returns an error if a given string is not a valid GitHub organization name.

func ValidateJamfSpecV1 

func ValidateJamfSpecV1(s *JamfSpecV1) error

ValidateJamfSpecV1 validates a JamfSpecV1 instance.

func ValidateJoinMethod 

func ValidateJoinMethod(method JoinMethod) error

func ValidateKubeClusterName 

func ValidateKubeClusterName(name string) error

ValidateKubeClusterName returns an error if a given string is not a valid KubeCluster name.

func ValidateNamespaceDefault 

func ValidateNamespaceDefault(ns string) error

ValidateNamespaceDefault ensures that the namespace is the "default" namespace. This is a precursor to a hard-removal of namespaces.

func ValidateResourceName 

func ValidateResourceName(validationRegex *regexp.Regexp, name string) error

ValidateResourceName validates a resource name using a given regexp.

Types 

type AD struct {
	// KeytabFile is the path to the Kerberos keytab file.
	KeytabFile string `protobuf:"bytes,1,opt,name=KeytabFile,proto3" json:"keytab_file,omitempty"`
	// Krb5File is the path to the Kerberos configuration file. Defaults to /etc/krb5.conf.
	Krb5File string `protobuf:"bytes,2,opt,name=Krb5File,proto3" json:"krb5_file,omitempty"`
	// Domain is the Active Directory domain the database resides in.
	Domain string `protobuf:"bytes,3,opt,name=Domain,proto3" json:"domain"`
	// SPN is the service principal name for the database.
	SPN string `protobuf:"bytes,4,opt,name=SPN,proto3" json:"spn"`
	// LDAPCert is a certificate from Windows LDAP/AD, optional; only for x509 Authentication.
	LDAPCert string `protobuf:"bytes,5,opt,name=LDAPCert,proto3" json:"ldap_cert,omitempty"`
	// KDCHostName is the host name for a KDC for x509 Authentication.
	KDCHostName string `protobuf:"bytes,6,opt,name=KDCHostName,proto3" json:"kdc_host_name,omitempty"`
	// LDAPServiceAccountName is the name of service account for performing LDAP queries. Required for x509 Auth / PKINIT.
	LDAPServiceAccountName string `protobuf:"bytes,7,opt,name=LDAPServiceAccountName,proto3" json:"ldap_service_account_name,omitempty"`
	// LDAPServiceAccountSID is the SID of service account for performing LDAP queries. Required for x509 Auth / PKINIT.
	LDAPServiceAccountSID string   `protobuf:"bytes,8,opt,name=LDAPServiceAccountSID,proto3" json:"ldap_service_account_sid,omitempty"`
	XXX_NoUnkeyedLiteral  struct{} `json:"-"`
	XXX_unrecognized      []byte   `json:"-"`
	XXX_sizecache         int32    `json:"-"`
}

AD contains Active Directory specific database configuration.

func (*AD) Descriptor 

func (*AD) Descriptor() ([]byte, []int)

func (*AD) Marshal 

func (m *AD) Marshal() (dAtA []byte, err error)

func (*AD) MarshalTo 

func (m *AD) MarshalTo(dAtA []byte) (int, error)

func (*AD) MarshalToSizedBuffer 

func (m *AD) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AD) ProtoMessage 

func (*AD) ProtoMessage()

func (*AD) Reset 

func (m *AD) Reset()

func (*AD) Size 

func (m *AD) Size() (n int)

func (*AD) String 

func (m *AD) String() string

func (*AD) Unmarshal 

func (m *AD) Unmarshal(dAtA []byte) error

func (*AD) XXX_DiscardUnknown 

func (m *AD) XXX_DiscardUnknown()

func (*AD) XXX_Marshal 

func (m *AD) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AD) XXX_Merge 

func (m *AD) XXX_Merge(src proto.Message)

func (*AD) XXX_Size 

func (m *AD) XXX_Size() int

func (*AD) XXX_Unmarshal 

func (m *AD) XXX_Unmarshal(b []byte) error

type AWS 

type AWS struct {
	// Region is a AWS cloud region.
	Region string `protobuf:"bytes,1,opt,name=Region,proto3" json:"region,omitempty"`
	// Redshift contains Redshift specific metadata.
	Redshift Redshift `protobuf:"bytes,2,opt,name=Redshift,proto3" json:"redshift,omitempty"`
	// RDS contains RDS specific metadata.
	RDS RDS `protobuf:"bytes,3,opt,name=RDS,proto3" json:"rds,omitempty"`
	// AccountID is the AWS account ID this database belongs to.
	AccountID string `protobuf:"bytes,4,opt,name=AccountID,proto3" json:"account_id,omitempty"`
	// ElastiCache contains AWS ElastiCache Redis specific metadata.
	ElastiCache ElastiCache `protobuf:"bytes,5,opt,name=ElastiCache,proto3" json:"elasticache,omitempty"`
	// SecretStore contains secret store configurations.
	SecretStore SecretStore `protobuf:"bytes,6,opt,name=SecretStore,proto3" json:"secret_store,omitempty"`
	// MemoryDB contains AWS MemoryDB specific metadata.
	MemoryDB MemoryDB `protobuf:"bytes,7,opt,name=MemoryDB,proto3" json:"memorydb,omitempty"`
	// RDSProxy contains AWS Proxy specific metadata.
	RDSProxy RDSProxy `protobuf:"bytes,8,opt,name=RDSProxy,proto3" json:"rdsproxy,omitempty"`
	// RedshiftServerless contains AWS Redshift Serverless specific metadata.
	RedshiftServerless RedshiftServerless `protobuf:"bytes,9,opt,name=RedshiftServerless,proto3" json:"redshift_serverless,omitempty"`
	// ExternalID is an optional AWS external ID used to enable assuming an AWS role across accounts.
	ExternalID string `protobuf:"bytes,10,opt,name=ExternalID,proto3" json:"external_id,omitempty"`
	// AssumeRoleARN is an optional AWS role ARN to assume when accessing a database.
	// Set this field and ExternalID to enable access across AWS accounts.
	AssumeRoleARN string `protobuf:"bytes,11,opt,name=AssumeRoleARN,proto3" json:"assume_role_arn,omitempty"`
	// OpenSearch contains AWS OpenSearch specific metadata.
	OpenSearch OpenSearch `protobuf:"bytes,12,opt,name=OpenSearch,proto3" json:"opensearch,omitempty"`
	// IAMPolicyStatus indicates whether the IAM Policy is configured properly for database access.
	// If not, the user must update the AWS profile identity to allow access to the Database.
	// Eg for an RDS Database: the underlying AWS profile allows for `rds-db:connect` for the Database.
	IAMPolicyStatus IAMPolicyStatus `protobuf:"varint,14,opt,name=IAMPolicyStatus,proto3,enum=types.IAMPolicyStatus" json:"iam_policy_status"`
	// SessionTags is a list of AWS STS session tags.
	SessionTags map[string]string `` /* 165-byte string literal not displayed */
	// DocumentDB contains AWS DocumentDB specific metadata.
	DocumentDB           DocumentDB `protobuf:"bytes,16,opt,name=DocumentDB,proto3" json:"docdb,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

AWS contains AWS metadata about the database.

func (*AWS) Descriptor 

func (*AWS) Descriptor() ([]byte, []int)

func (AWS) IsEmpty 

func (a AWS) IsEmpty() bool

IsEmpty returns true if AWS metadata is empty.

func (*AWS) Marshal 

func (m *AWS) Marshal() (dAtA []byte, err error)

func (*AWS) MarshalTo 

func (m *AWS) MarshalTo(dAtA []byte) (int, error)

func (*AWS) MarshalToSizedBuffer 

func (m *AWS) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (AWS) Partition 

func (a AWS) Partition() string

Partition returns the AWS partition based on the region.

func (*AWS) ProtoMessage 

func (*AWS) ProtoMessage()

func (*AWS) Reset 

func (m *AWS) Reset()

func (*AWS) Size 

func (m *AWS) Size() (n int)

func (*AWS) String 

func (m *AWS) String() string

func (*AWS) Unmarshal 

func (m *AWS) Unmarshal(dAtA []byte) error

func (*AWS) XXX_DiscardUnknown 

func (m *AWS) XXX_DiscardUnknown()

func (*AWS) XXX_Marshal 

func (m *AWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWS) XXX_Merge 

func (m *AWS) XXX_Merge(src proto.Message)

func (*AWS) XXX_Size 

func (m *AWS) XXX_Size() int

func (*AWS) XXX_Unmarshal 

func (m *AWS) XXX_Unmarshal(b []byte) error

type AWSICCredentialSourceOIDC 

type AWSICCredentialSourceOIDC struct {
	// IntegrationName is the name of the Teleport OIDC integration used by the
	// Identity Center integration to authenticate with AWS.
	IntegrationName      string   `protobuf:"bytes,1,opt,name=integration_name,json=integrationName,proto3" json:"integration_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSICCredentialSourceSystem holds AWSIC credentials drawn from a Teleport OIDC integration

func (*AWSICCredentialSourceOIDC) Descriptor 

func (*AWSICCredentialSourceOIDC) Descriptor() ([]byte, []int)

func (*AWSICCredentialSourceOIDC) Equal 

func (this *AWSICCredentialSourceOIDC) Equal(that interface{}) bool

func (*AWSICCredentialSourceOIDC) Marshal 

func (m *AWSICCredentialSourceOIDC) Marshal() (dAtA []byte, err error)

func (*AWSICCredentialSourceOIDC) MarshalTo 

func (m *AWSICCredentialSourceOIDC) MarshalTo(dAtA []byte) (int, error)

func (*AWSICCredentialSourceOIDC) MarshalToSizedBuffer 

func (m *AWSICCredentialSourceOIDC) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICCredentialSourceOIDC) ProtoMessage 

func (*AWSICCredentialSourceOIDC) ProtoMessage()

func (*AWSICCredentialSourceOIDC) Reset 

func (m *AWSICCredentialSourceOIDC) Reset()

func (*AWSICCredentialSourceOIDC) Size 

func (m *AWSICCredentialSourceOIDC) Size() (n int)

func (*AWSICCredentialSourceOIDC) String 

func (m *AWSICCredentialSourceOIDC) String() string

func (*AWSICCredentialSourceOIDC) Unmarshal 

func (m *AWSICCredentialSourceOIDC) Unmarshal(dAtA []byte) error

func (*AWSICCredentialSourceOIDC) XXX_DiscardUnknown 

func (m *AWSICCredentialSourceOIDC) XXX_DiscardUnknown()

func (*AWSICCredentialSourceOIDC) XXX_Marshal 

func (m *AWSICCredentialSourceOIDC) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSICCredentialSourceOIDC) XXX_Merge 

func (m *AWSICCredentialSourceOIDC) XXX_Merge(src proto.Message)

func (*AWSICCredentialSourceOIDC) XXX_Size 

func (m *AWSICCredentialSourceOIDC) XXX_Size() int

func (*AWSICCredentialSourceOIDC) XXX_Unmarshal 

func (m *AWSICCredentialSourceOIDC) XXX_Unmarshal(b []byte) error

type AWSICCredentialSourceSystem 

type AWSICCredentialSourceSystem struct {
	// AwsRoleArn is an optional AWS role for the IC client to assume, overriding
	// any roles
	AssumeRoleArn        string   `protobuf:"bytes,1,opt,name=assume_role_arn,json=assumeRoleArn,proto3" json:"assume_role_arn,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSICCredentialSourceSystem holds AWSIC credentials drawn from the ambient system configuration

func (*AWSICCredentialSourceSystem) Descriptor 

func (*AWSICCredentialSourceSystem) Descriptor() ([]byte, []int)

func (*AWSICCredentialSourceSystem) Equal 

func (this *AWSICCredentialSourceSystem) Equal(that interface{}) bool

func (*AWSICCredentialSourceSystem) Marshal 

func (m *AWSICCredentialSourceSystem) Marshal() (dAtA []byte, err error)

func (*AWSICCredentialSourceSystem) MarshalTo 

func (m *AWSICCredentialSourceSystem) MarshalTo(dAtA []byte) (int, error)

func (*AWSICCredentialSourceSystem) MarshalToSizedBuffer 

func (m *AWSICCredentialSourceSystem) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICCredentialSourceSystem) ProtoMessage 

func (*AWSICCredentialSourceSystem) ProtoMessage()

func (*AWSICCredentialSourceSystem) Reset 

func (m *AWSICCredentialSourceSystem) Reset()

func (*AWSICCredentialSourceSystem) Size 

func (m *AWSICCredentialSourceSystem) Size() (n int)

func (*AWSICCredentialSourceSystem) String 

func (m *AWSICCredentialSourceSystem) String() string

func (*AWSICCredentialSourceSystem) Unmarshal 

func (m *AWSICCredentialSourceSystem) Unmarshal(dAtA []byte) error

func (*AWSICCredentialSourceSystem) XXX_DiscardUnknown 

func (m *AWSICCredentialSourceSystem) XXX_DiscardUnknown()

func (*AWSICCredentialSourceSystem) XXX_Marshal 

func (m *AWSICCredentialSourceSystem) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSICCredentialSourceSystem) XXX_Merge 

func (m *AWSICCredentialSourceSystem) XXX_Merge(src proto.Message)

func (*AWSICCredentialSourceSystem) XXX_Size 

func (m *AWSICCredentialSourceSystem) XXX_Size() int

func (*AWSICCredentialSourceSystem) XXX_Unmarshal 

func (m *AWSICCredentialSourceSystem) XXX_Unmarshal(b []byte) error

type AWSICCredentials 

type AWSICCredentials struct {
	// Types that are valid to be assigned to Source:
	//
	//	*AWSICCredentials_System
	//	*AWSICCredentials_Oidc
	Source               isAWSICCredentials_Source `protobuf_oneof:"source"`
	XXX_NoUnkeyedLiteral struct{}                  `json:"-"`
	XXX_unrecognized     []byte                    `json:"-"`
	XXX_sizecache        int32                     `json:"-"`
}

AWSICCredentials holds the credentials for authenticating with AWS

func (*AWSICCredentials) Descriptor 

func (*AWSICCredentials) Descriptor() ([]byte, []int)

func (*AWSICCredentials) Equal 

func (this *AWSICCredentials) Equal(that interface{}) bool

func (*AWSICCredentials) GetOidc 

func (m *AWSICCredentials) GetOidc() *AWSICCredentialSourceOIDC

func (*AWSICCredentials) GetSource 

func (m *AWSICCredentials) GetSource() isAWSICCredentials_Source

func (*AWSICCredentials) GetSystem 

func (m *AWSICCredentials) GetSystem() *AWSICCredentialSourceSystem

func (*AWSICCredentials) Marshal 

func (m *AWSICCredentials) Marshal() (dAtA []byte, err error)

func (*AWSICCredentials) MarshalJSON 

func (s *AWSICCredentials) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for the AWSICCredentials, forcing it to use the `jsonpb` marshaler, which understands how to pack values generated from a protobuf `oneof` directive.

func (*AWSICCredentials) MarshalTo 

func (m *AWSICCredentials) MarshalTo(dAtA []byte) (int, error)

func (*AWSICCredentials) MarshalToSizedBuffer 

func (m *AWSICCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICCredentials) ProtoMessage 

func (*AWSICCredentials) ProtoMessage()

func (*AWSICCredentials) Reset 

func (m *AWSICCredentials) Reset()

func (*AWSICCredentials) Size 

func (m *AWSICCredentials) Size() (n int)

func (*AWSICCredentials) String 

func (m *AWSICCredentials) String() string

func (*AWSICCredentials) Unmarshal 

func (m *AWSICCredentials) Unmarshal(dAtA []byte) error

func (*AWSICCredentials) UnmarshalJSON 

func (s *AWSICCredentials) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler for the AWSICCredentialsSource, forcing it to use the `jsonpb` unmarshaler, which understands how to unpack values generated from a protobuf `oneof` directive.

func (*AWSICCredentials) XXX_DiscardUnknown 

func (m *AWSICCredentials) XXX_DiscardUnknown()

func (*AWSICCredentials) XXX_Marshal 

func (m *AWSICCredentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSICCredentials) XXX_Merge 

func (m *AWSICCredentials) XXX_Merge(src proto.Message)

func (*AWSICCredentials) XXX_OneofWrappers 

func (*AWSICCredentials) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*AWSICCredentials) XXX_Size 

func (m *AWSICCredentials) XXX_Size() int

func (*AWSICCredentials) XXX_Unmarshal 

func (m *AWSICCredentials) XXX_Unmarshal(b []byte) error

type AWSICCredentialsSource 

type AWSICCredentialsSource int32

AWSICCredentialsSource indicates where the AWS Identity Center plugin will draw its AWS credentials from.

DEPRECATED: Superceded by individual message types. TODO(tcsc): Remove in Teleport 19+ 

const (
	// AWSIC_CREDENTIALS_SOURCE_UNKNOWN is used when the credentials source is not
	// specified. For backwards compatability, UNKNOWN is handled as OIDC.
	AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_UNKNOWN AWSICCredentialsSource = 0
	// AWSIC_CREDENTIALS_SOURCE_OIDC indicates that the Identity Center plugin will
	// draw its credentials from a configured Teleport OIDC integration and
	// authenticate  woth OIDC
	AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_OIDC AWSICCredentialsSource = 1
	// AWSIC_CREDENTIALS_SOURCE_SYSTEM indicates that the Identity Center plugin
	// will rely on system-provided credentials
	AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_SYSTEM AWSICCredentialsSource = 2
)

func (AWSICCredentialsSource) EnumDescriptor 

func (AWSICCredentialsSource) EnumDescriptor() ([]byte, []int)

func (AWSICCredentialsSource) String 

func (x AWSICCredentialsSource) String() string

type AWSICCredentials_Oidc 

type AWSICCredentials_Oidc struct {
	Oidc *AWSICCredentialSourceOIDC `protobuf:"bytes,2,opt,name=oidc,proto3,oneof" json:"oidc,omitempty"`
}

func (*AWSICCredentials_Oidc) Equal 

func (this *AWSICCredentials_Oidc) Equal(that interface{}) bool

func (*AWSICCredentials_Oidc) MarshalTo 

func (m *AWSICCredentials_Oidc) MarshalTo(dAtA []byte) (int, error)

func (*AWSICCredentials_Oidc) MarshalToSizedBuffer 

func (m *AWSICCredentials_Oidc) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICCredentials_Oidc) Size 

func (m *AWSICCredentials_Oidc) Size() (n int)

type AWSICCredentials_System 

type AWSICCredentials_System struct {
	System *AWSICCredentialSourceSystem `protobuf:"bytes,1,opt,name=system,proto3,oneof" json:"system,omitempty"`
}

func (*AWSICCredentials_System) Equal 

func (this *AWSICCredentials_System) Equal(that interface{}) bool

func (*AWSICCredentials_System) MarshalTo 

func (m *AWSICCredentials_System) MarshalTo(dAtA []byte) (int, error)

func (*AWSICCredentials_System) MarshalToSizedBuffer 

func (m *AWSICCredentials_System) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICCredentials_System) Size 

func (m *AWSICCredentials_System) Size() (n int)

type AWSICGroupImportStatus 

type AWSICGroupImportStatus struct {
	// StatusCode is a status code of group and group members import operation.
	StatusCode AWSICGroupImportStatusCode `` /* 130-byte string literal not displayed */
	// ErrorMessage contains error message for a group and group members import attempt
	// that met with an error.
	ErrorMessage         string   `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSICGroupImportStatus defines Identity Center group and group members import status.

func (*AWSICGroupImportStatus) Descriptor 

func (*AWSICGroupImportStatus) Descriptor() ([]byte, []int)

func (*AWSICGroupImportStatus) Marshal 

func (m *AWSICGroupImportStatus) Marshal() (dAtA []byte, err error)

func (*AWSICGroupImportStatus) MarshalTo 

func (m *AWSICGroupImportStatus) MarshalTo(dAtA []byte) (int, error)

func (*AWSICGroupImportStatus) MarshalToSizedBuffer 

func (m *AWSICGroupImportStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICGroupImportStatus) ProtoMessage 

func (*AWSICGroupImportStatus) ProtoMessage()

func (*AWSICGroupImportStatus) Reset 

func (m *AWSICGroupImportStatus) Reset()

func (*AWSICGroupImportStatus) Size 

func (m *AWSICGroupImportStatus) Size() (n int)

func (*AWSICGroupImportStatus) String 

func (m *AWSICGroupImportStatus) String() string

func (*AWSICGroupImportStatus) Unmarshal 

func (m *AWSICGroupImportStatus) Unmarshal(dAtA []byte) error

func (*AWSICGroupImportStatus) XXX_DiscardUnknown 

func (m *AWSICGroupImportStatus) XXX_DiscardUnknown()

func (*AWSICGroupImportStatus) XXX_Marshal 

func (m *AWSICGroupImportStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSICGroupImportStatus) XXX_Merge 

func (m *AWSICGroupImportStatus) XXX_Merge(src proto.Message)

func (*AWSICGroupImportStatus) XXX_Size 

func (m *AWSICGroupImportStatus) XXX_Size() int

func (*AWSICGroupImportStatus) XXX_Unmarshal 

func (m *AWSICGroupImportStatus) XXX_Unmarshal(b []byte) error

type AWSICGroupImportStatusCode 

type AWSICGroupImportStatusCode int32

AWSICGroupImportStatus defines Identity Center group and group members import status codes. 

const (
	// UNSPECIFIED denotes that a status is unknown.
	AWSICGroupImportStatusCode_UNSPECIFIED AWSICGroupImportStatusCode = 0
	// DONE denotes that the group and group members import operation was
	// completed.
	AWSICGroupImportStatusCode_DONE AWSICGroupImportStatusCode = 1
	// FAILED denotes that the group and group members import met with an error.
	AWSICGroupImportStatusCode_FAILED AWSICGroupImportStatusCode = 2
	// REIMPORT_REQUESTED denotes that the user has requested that the import
	// process be re-run.
	AWSICGroupImportStatusCode_REIMPORT_REQUESTED AWSICGroupImportStatusCode = 3
)

func (AWSICGroupImportStatusCode) EnumDescriptor 

func (AWSICGroupImportStatusCode) EnumDescriptor() ([]byte, []int)

func (AWSICGroupImportStatusCode) String 

func (x AWSICGroupImportStatusCode) String() string

type AWSICProvisioningSpec 

type AWSICProvisioningSpec struct {
	// BaseURL is the SCIM base URL
	BaseUrl string `protobuf:"bytes,1,opt,name=base_url,json=baseUrl,proto3" json:"base_url,omitempty"`
	// BearerToken is used to authenticate with AWS when provisioning users and
	// groups via SCIM. This is expected to be empty in serialized records, as the
	// actual credential is stored separetely ain a PluginStaticCredentials
	// service, and populated at runtime as necessary.
	BearerToken          string   `protobuf:"bytes,2,opt,name=bearer_token,json=bearerToken,proto3" json:"bearer_token,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSICProvisioningSpec holds provisioning-specific Identity Center settings

func (*AWSICProvisioningSpec) CheckAndSetDefaults 

func (c *AWSICProvisioningSpec) CheckAndSetDefaults() error

func (*AWSICProvisioningSpec) Descriptor 

func (*AWSICProvisioningSpec) Descriptor() ([]byte, []int)

func (*AWSICProvisioningSpec) Equal 

func (this *AWSICProvisioningSpec) Equal(that interface{}) bool

func (*AWSICProvisioningSpec) Marshal 

func (m *AWSICProvisioningSpec) Marshal() (dAtA []byte, err error)

func (*AWSICProvisioningSpec) MarshalTo 

func (m *AWSICProvisioningSpec) MarshalTo(dAtA []byte) (int, error)

func (*AWSICProvisioningSpec) MarshalToSizedBuffer 

func (m *AWSICProvisioningSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICProvisioningSpec) ProtoMessage 

func (*AWSICProvisioningSpec) ProtoMessage()

func (*AWSICProvisioningSpec) Reset 

func (m *AWSICProvisioningSpec) Reset()

func (*AWSICProvisioningSpec) Size 

func (m *AWSICProvisioningSpec) Size() (n int)

func (*AWSICProvisioningSpec) String 

func (m *AWSICProvisioningSpec) String() string

func (*AWSICProvisioningSpec) Unmarshal 

func (m *AWSICProvisioningSpec) Unmarshal(dAtA []byte) error

func (*AWSICProvisioningSpec) XXX_DiscardUnknown 

func (m *AWSICProvisioningSpec) XXX_DiscardUnknown()

func (*AWSICProvisioningSpec) XXX_Marshal 

func (m *AWSICProvisioningSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSICProvisioningSpec) XXX_Merge 

func (m *AWSICProvisioningSpec) XXX_Merge(src proto.Message)

func (*AWSICProvisioningSpec) XXX_Size 

func (m *AWSICProvisioningSpec) XXX_Size() int

func (*AWSICProvisioningSpec) XXX_Unmarshal 

func (m *AWSICProvisioningSpec) XXX_Unmarshal(b []byte) error

type AWSICResourceFilter 

type AWSICResourceFilter struct {
	// Include describes the AWS Resource filter to apply
	//
	// Types that are valid to be assigned to Include:
	//
	//	*AWSICResourceFilter_Id
	//	*AWSICResourceFilter_NameRegex
	Include isAWSICResourceFilter_Include `protobuf_oneof:"include"`
	// Exclude specifies which AWS resources should be explicitly excluded.
	//
	// Types that are valid to be assigned to Exclude:
	//
	//	*AWSICResourceFilter_ExcludeId
	//	*AWSICResourceFilter_ExcludeNameRegex
	Exclude              isAWSICResourceFilter_Exclude `protobuf_oneof:"exclude"`
	XXX_NoUnkeyedLiteral struct{}                      `json:"-"`
	XXX_unrecognized     []byte                        `json:"-"`
	XXX_sizecache        int32                         `json:"-"`
}

AWSICResourceFilter is an entry in the AWS IC plugin settings' allow-list of resources to import. The filter can specify inclusion either by account ID or regex on the resource name.

func (*AWSICResourceFilter) Descriptor 

func (*AWSICResourceFilter) Descriptor() ([]byte, []int)

func (*AWSICResourceFilter) Equal 

func (this *AWSICResourceFilter) Equal(that interface{}) bool

func (*AWSICResourceFilter) GetExclude 

func (m *AWSICResourceFilter) GetExclude() isAWSICResourceFilter_Exclude

func (*AWSICResourceFilter) GetExcludeId 

func (m *AWSICResourceFilter) GetExcludeId() string

func (*AWSICResourceFilter) GetExcludeNameRegex 

func (m *AWSICResourceFilter) GetExcludeNameRegex() string

func (*AWSICResourceFilter) GetId 

func (m *AWSICResourceFilter) GetId() string

func (*AWSICResourceFilter) GetInclude 

func (m *AWSICResourceFilter) GetInclude() isAWSICResourceFilter_Include

func (*AWSICResourceFilter) GetNameRegex 

func (m *AWSICResourceFilter) GetNameRegex() string

func (*AWSICResourceFilter) Marshal 

func (m *AWSICResourceFilter) Marshal() (dAtA []byte, err error)

func (AWSICResourceFilter) MarshalJSON 

func (s AWSICResourceFilter) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for the AWSICResourceFilter, forcing it to use the `jsonpb` marshaler, which understands how to pack values generated from a protobuf `oneof` directive.

func (*AWSICResourceFilter) MarshalTo 

func (m *AWSICResourceFilter) MarshalTo(dAtA []byte) (int, error)

func (*AWSICResourceFilter) MarshalToSizedBuffer 

func (m *AWSICResourceFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICResourceFilter) ProtoMessage 

func (*AWSICResourceFilter) ProtoMessage()

func (*AWSICResourceFilter) Reset 

func (m *AWSICResourceFilter) Reset()

func (*AWSICResourceFilter) Size 

func (m *AWSICResourceFilter) Size() (n int)

func (*AWSICResourceFilter) String 

func (m *AWSICResourceFilter) String() string

func (*AWSICResourceFilter) Unmarshal 

func (m *AWSICResourceFilter) Unmarshal(dAtA []byte) error

func (*AWSICResourceFilter) UnmarshalJSON 

func (s *AWSICResourceFilter) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler for the AWSICResourceFilter, forcing it to use the `jsonpb` unmarshaler, which understands how to unpack values generated from a protobuf `oneof` directive.

func (*AWSICResourceFilter) XXX_DiscardUnknown 

func (m *AWSICResourceFilter) XXX_DiscardUnknown()

func (*AWSICResourceFilter) XXX_Marshal 

func (m *AWSICResourceFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSICResourceFilter) XXX_Merge 

func (m *AWSICResourceFilter) XXX_Merge(src proto.Message)

func (*AWSICResourceFilter) XXX_OneofWrappers 

func (*AWSICResourceFilter) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*AWSICResourceFilter) XXX_Size 

func (m *AWSICResourceFilter) XXX_Size() int

func (*AWSICResourceFilter) XXX_Unmarshal 

func (m *AWSICResourceFilter) XXX_Unmarshal(b []byte) error

type AWSICResourceFilter_ExcludeId 

type AWSICResourceFilter_ExcludeId struct {
	ExcludeId string `protobuf:"bytes,3,opt,name=exclude_id,json=excludeId,proto3,oneof" json:"id,omitempty"`
}

func (*AWSICResourceFilter_ExcludeId) Equal 

func (this *AWSICResourceFilter_ExcludeId) Equal(that interface{}) bool

func (*AWSICResourceFilter_ExcludeId) MarshalTo 

func (m *AWSICResourceFilter_ExcludeId) MarshalTo(dAtA []byte) (int, error)

func (*AWSICResourceFilter_ExcludeId) MarshalToSizedBuffer 

func (m *AWSICResourceFilter_ExcludeId) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICResourceFilter_ExcludeId) Size 

func (m *AWSICResourceFilter_ExcludeId) Size() (n int)

type AWSICResourceFilter_ExcludeNameRegex 

type AWSICResourceFilter_ExcludeNameRegex struct {
	ExcludeNameRegex string `protobuf:"bytes,4,opt,name=exclude_name_regex,json=excludeNameRegex,proto3,oneof" json:"name_regex,omitempty"`
}

func (*AWSICResourceFilter_ExcludeNameRegex) Equal 

func (this *AWSICResourceFilter_ExcludeNameRegex) Equal(that interface{}) bool

func (*AWSICResourceFilter_ExcludeNameRegex) MarshalTo 

func (m *AWSICResourceFilter_ExcludeNameRegex) MarshalTo(dAtA []byte) (int, error)

func (*AWSICResourceFilter_ExcludeNameRegex) MarshalToSizedBuffer 

func (m *AWSICResourceFilter_ExcludeNameRegex) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICResourceFilter_ExcludeNameRegex) Size 

func (m *AWSICResourceFilter_ExcludeNameRegex) Size() (n int)

type AWSICResourceFilter_Id 

type AWSICResourceFilter_Id struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3,oneof" json:"id,omitempty"`
}

func (*AWSICResourceFilter_Id) Equal 

func (this *AWSICResourceFilter_Id) Equal(that interface{}) bool

func (*AWSICResourceFilter_Id) MarshalTo 

func (m *AWSICResourceFilter_Id) MarshalTo(dAtA []byte) (int, error)

func (*AWSICResourceFilter_Id) MarshalToSizedBuffer 

func (m *AWSICResourceFilter_Id) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICResourceFilter_Id) Size 

func (m *AWSICResourceFilter_Id) Size() (n int)

type AWSICResourceFilter_NameRegex 

type AWSICResourceFilter_NameRegex struct {
	NameRegex string `protobuf:"bytes,2,opt,name=name_regex,json=nameRegex,proto3,oneof" json:"name_regex,omitempty"`
}

func (*AWSICResourceFilter_NameRegex) Equal 

func (this *AWSICResourceFilter_NameRegex) Equal(that interface{}) bool

func (*AWSICResourceFilter_NameRegex) MarshalTo 

func (m *AWSICResourceFilter_NameRegex) MarshalTo(dAtA []byte) (int, error)

func (*AWSICResourceFilter_NameRegex) MarshalToSizedBuffer 

func (m *AWSICResourceFilter_NameRegex) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICResourceFilter_NameRegex) Size 

func (m *AWSICResourceFilter_NameRegex) Size() (n int)

type AWSICUserSyncFilter 

type AWSICUserSyncFilter struct {
	Labels               map[string]string `` /* 153-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

UserSyncFilter is a map of key-value pairs used to filter users based on their metadata labels.

func (*AWSICUserSyncFilter) Descriptor 

func (*AWSICUserSyncFilter) Descriptor() ([]byte, []int)

func (*AWSICUserSyncFilter) Equal 

func (this *AWSICUserSyncFilter) Equal(that interface{}) bool

func (*AWSICUserSyncFilter) Marshal 

func (m *AWSICUserSyncFilter) Marshal() (dAtA []byte, err error)

func (*AWSICUserSyncFilter) MarshalTo 

func (m *AWSICUserSyncFilter) MarshalTo(dAtA []byte) (int, error)

func (*AWSICUserSyncFilter) MarshalToSizedBuffer 

func (m *AWSICUserSyncFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSICUserSyncFilter) ProtoMessage 

func (*AWSICUserSyncFilter) ProtoMessage()

func (*AWSICUserSyncFilter) Reset 

func (m *AWSICUserSyncFilter) Reset()

func (*AWSICUserSyncFilter) Size 

func (m *AWSICUserSyncFilter) Size() (n int)

func (*AWSICUserSyncFilter) String 

func (m *AWSICUserSyncFilter) String() string

func (*AWSICUserSyncFilter) Unmarshal 

func (m *AWSICUserSyncFilter) Unmarshal(dAtA []byte) error

func (*AWSICUserSyncFilter) XXX_DiscardUnknown 

func (m *AWSICUserSyncFilter) XXX_DiscardUnknown()

func (*AWSICUserSyncFilter) XXX_Marshal 

func (m *AWSICUserSyncFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSICUserSyncFilter) XXX_Merge 

func (m *AWSICUserSyncFilter) XXX_Merge(src proto.Message)

func (*AWSICUserSyncFilter) XXX_Size 

func (m *AWSICUserSyncFilter) XXX_Size() int

func (*AWSICUserSyncFilter) XXX_Unmarshal 

func (m *AWSICUserSyncFilter) XXX_Unmarshal(b []byte) error

type AWSInfo 

type AWSInfo struct {
	// AccountID is an AWS account ID.
	AccountID string `protobuf:"bytes,1,opt,name=AccountID,proto3" json:"account_id"`
	// InstanceID is an EC2 instance ID.
	InstanceID string `protobuf:"bytes,2,opt,name=InstanceID,proto3" json:"instance_id"`
	// Region is the AWS EC2 Instance Region.
	Region string `protobuf:"bytes,3,opt,name=Region,proto3" json:"region,omitempty"`
	// VPCID is the AWS VPC ID where the Instance is running.
	VPCID string `protobuf:"bytes,4,opt,name=VPCID,proto3" json:"vpc_id,omitempty"`
	// Integration is the integration name that added this Node.
	// When connecting to it, it will use this integration to issue AWS API calls in order to set up the connection.
	// This includes sending an SSH Key and then opening a tunnel (EC2 Instance Connect Endpoint) so Teleport can connect to it.
	Integration string `protobuf:"bytes,5,opt,name=Integration,proto3" json:"integration,omitempty"`
	// SubnetID is the Subnet ID in use by the instance.
	SubnetID             string   `protobuf:"bytes,6,opt,name=SubnetID,proto3" json:"subnet_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSInfo contains attributes to match to an EC2 instance.

func (*AWSInfo) Descriptor 

func (*AWSInfo) Descriptor() ([]byte, []int)

func (*AWSInfo) Marshal 

func (m *AWSInfo) Marshal() (dAtA []byte, err error)

func (*AWSInfo) MarshalTo 

func (m *AWSInfo) MarshalTo(dAtA []byte) (int, error)

func (*AWSInfo) MarshalToSizedBuffer 

func (m *AWSInfo) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSInfo) ProtoMessage 

func (*AWSInfo) ProtoMessage()

func (*AWSInfo) Reset 

func (m *AWSInfo) Reset()

func (*AWSInfo) Size 

func (m *AWSInfo) Size() (n int)

func (*AWSInfo) String 

func (m *AWSInfo) String() string

func (*AWSInfo) Unmarshal 

func (m *AWSInfo) Unmarshal(dAtA []byte) error

func (*AWSInfo) XXX_DiscardUnknown 

func (m *AWSInfo) XXX_DiscardUnknown()

func (*AWSInfo) XXX_Marshal 

func (m *AWSInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSInfo) XXX_Merge 

func (m *AWSInfo) XXX_Merge(src proto.Message)

func (*AWSInfo) XXX_Size 

func (m *AWSInfo) XXX_Size() int

func (*AWSInfo) XXX_Unmarshal 

func (m *AWSInfo) XXX_Unmarshal(b []byte) error

type AWSMatcher 

type AWSMatcher struct {
	// Types are AWS database types to match, "ec2", "rds", "redshift", "elasticache",
	// or "memorydb".
	Types []string `protobuf:"bytes,1,rep,name=Types,proto3" json:"types,omitempty"`
	// Regions are AWS regions to query for databases.
	Regions []string `protobuf:"bytes,2,rep,name=Regions,proto3" json:"regions,omitempty"`
	// AssumeRoleARN is the AWS role to assume for database discovery.
	AssumeRole *AssumeRole `protobuf:"bytes,3,opt,name=AssumeRole,proto3" json:"assume_role,omitempty"`
	// Tags are AWS resource Tags to match.
	Tags Labels `protobuf:"bytes,4,opt,name=Tags,proto3,customtype=Labels" json:"tags,omitempty"`
	// Params sets the join method when installing on discovered EC2 nodes
	Params *InstallerParams `protobuf:"bytes,5,opt,name=Params,proto3" json:"install,omitempty"`
	// SSM provides options to use when sending a document command to
	// an EC2 node
	SSM *AWSSSM `protobuf:"bytes,6,opt,name=SSM,proto3" json:"ssm,omitempty"`
	// Integration is the integration name used to generate credentials to interact with AWS APIs.
	// Environment credentials will not be used when this value is set.
	Integration string `protobuf:"bytes,7,opt,name=Integration,proto3" json:"integration,omitempty"`
	// KubeAppDiscovery controls whether Kubernetes App Discovery will be enabled for agents running on
	// discovered clusters, currently only affects AWS EKS discovery in integration mode.
	KubeAppDiscovery bool `protobuf:"varint,8,opt,name=KubeAppDiscovery,proto3" json:"kube_app_discovery,omitempty"`
	// SetupAccessForARN is the role that the discovery service should create EKS Access Entries for.
	// This value should match the IAM identity that Teleport Kubernetes Service uses.
	// If this value is empty, the discovery service will attempt to set up access for its own identity (self).
	SetupAccessForARN    string   `protobuf:"bytes,9,opt,name=SetupAccessForARN,proto3" json:"setup_access_for_arn,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSMatcher matches AWS EC2 instances and AWS Databases

func (*AWSMatcher) CheckAndSetDefaults 

func (m *AWSMatcher) CheckAndSetDefaults() error

CheckAndSetDefaults that the matcher is correct and adds default values.

func (AWSMatcher) CopyWithTypes 

func (m AWSMatcher) CopyWithTypes(t []string) Matcher

CopyWithTypes copies the matcher with new types.

func (*AWSMatcher) Descriptor 

func (*AWSMatcher) Descriptor() ([]byte, []int)

func (AWSMatcher) GetTypes 

func (m AWSMatcher) GetTypes() []string

GetTypes gets the types that the matcher can match.

func (*AWSMatcher) Marshal 

func (m *AWSMatcher) Marshal() (dAtA []byte, err error)

func (*AWSMatcher) MarshalTo 

func (m *AWSMatcher) MarshalTo(dAtA []byte) (int, error)

func (*AWSMatcher) MarshalToSizedBuffer 

func (m *AWSMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSMatcher) ProtoMessage 

func (*AWSMatcher) ProtoMessage()

func (*AWSMatcher) Reset 

func (m *AWSMatcher) Reset()

func (*AWSMatcher) Size 

func (m *AWSMatcher) Size() (n int)

func (*AWSMatcher) String 

func (m *AWSMatcher) String() string

func (*AWSMatcher) Unmarshal 

func (m *AWSMatcher) Unmarshal(dAtA []byte) error

func (*AWSMatcher) XXX_DiscardUnknown 

func (m *AWSMatcher) XXX_DiscardUnknown()

func (*AWSMatcher) XXX_Marshal 

func (m *AWSMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSMatcher) XXX_Merge 

func (m *AWSMatcher) XXX_Merge(src proto.Message)

func (*AWSMatcher) XXX_Size 

func (m *AWSMatcher) XXX_Size() int

func (*AWSMatcher) XXX_Unmarshal 

func (m *AWSMatcher) XXX_Unmarshal(b []byte) error

type AWSOIDCIntegrationSpecV1 

type AWSOIDCIntegrationSpecV1 struct {
	// RoleARN contains the Role ARN used to set up the Integration.
	// This is the AWS Role that Teleport will use to issue tokens for API Calls.
	RoleARN string `protobuf:"bytes,1,opt,name=RoleARN,proto3" json:"role_arn,omitempty"`
	// IssuerS3URI is the Identity Provider that was configured in AWS.
	// This bucket/prefix/* files must be publicly accessible and contain the following:
	// > .well-known/openid-configuration
	// > .well-known/jwks
	// Format: s3://<bucket>/<prefix>
	// Optional. The proxy's endpoint is used if it is not specified.
	//
	// DEPRECATED: Thumbprint validation requires the issuer to update the IdP in AWS everytime the issuer changes the certificate.
	// Amazon had some whitelisted providers where the thumbprint was ignored. S3 hosted providers was in that list.
	// Amazon is now trusting all the root certificate authorities, and this workaround is no longer needed.
	// DELETE IN 18.0.
	IssuerS3URI string `protobuf:"bytes,2,opt,name=IssuerS3URI,proto3" json:"issuer_s3_uri,omitempty"` // Deprecated: Do not use.
	// Audience is used to record a name of a plugin or a discover service in Teleport
	// that depends on this integration.
	// Audience value can be empty or configured with supported preset audience type.
	// Preset audience may impose specific behavior on the integration CRUD API,
	// such as preventing integration from update or deletion. Empty audience value
	// should be treated as a default and backward-compatible behavior of the integration.
	Audience             string   `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSOIDCIntegrationSpecV1 contains the spec properties for the AWS OIDC SubKind Integration.

func (*AWSOIDCIntegrationSpecV1) Descriptor 

func (*AWSOIDCIntegrationSpecV1) Descriptor() ([]byte, []int)

func (*AWSOIDCIntegrationSpecV1) Marshal 

func (m *AWSOIDCIntegrationSpecV1) Marshal() (dAtA []byte, err error)

func (*AWSOIDCIntegrationSpecV1) MarshalTo 

func (m *AWSOIDCIntegrationSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*AWSOIDCIntegrationSpecV1) MarshalToSizedBuffer 

func (m *AWSOIDCIntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSOIDCIntegrationSpecV1) ProtoMessage 

func (*AWSOIDCIntegrationSpecV1) ProtoMessage()

func (*AWSOIDCIntegrationSpecV1) Reset 

func (m *AWSOIDCIntegrationSpecV1) Reset()

func (*AWSOIDCIntegrationSpecV1) Size 

func (m *AWSOIDCIntegrationSpecV1) Size() (n int)

func (*AWSOIDCIntegrationSpecV1) String 

func (m *AWSOIDCIntegrationSpecV1) String() string

func (*AWSOIDCIntegrationSpecV1) Unmarshal 

func (m *AWSOIDCIntegrationSpecV1) Unmarshal(dAtA []byte) error

func (*AWSOIDCIntegrationSpecV1) XXX_DiscardUnknown 

func (m *AWSOIDCIntegrationSpecV1) XXX_DiscardUnknown()

func (*AWSOIDCIntegrationSpecV1) XXX_Marshal 

func (m *AWSOIDCIntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSOIDCIntegrationSpecV1) XXX_Merge 

func (m *AWSOIDCIntegrationSpecV1) XXX_Merge(src proto.Message)

func (*AWSOIDCIntegrationSpecV1) XXX_Size 

func (m *AWSOIDCIntegrationSpecV1) XXX_Size() int

func (*AWSOIDCIntegrationSpecV1) XXX_Unmarshal 

func (m *AWSOIDCIntegrationSpecV1) XXX_Unmarshal(b []byte) error

type AWSRAIntegrationSpecV1 

type AWSRAIntegrationSpecV1 struct {
	// TrustAnchorARN contains the AWS IAM Roles Anywhere Trust Anchor ARN used to set up the Integration.
	TrustAnchorARN string `protobuf:"bytes,1,opt,name=TrustAnchorARN,proto3" json:"trust_anchor_arn,omitempty"`
	// ProfileSyncConfig contains the configuration for the AWS Roles Anywhere Profile sync.
	// This is used to create AWS Roles Anywhere profiles as application servers.
	ProfileSyncConfig    *AWSRolesAnywhereProfileSyncConfig `protobuf:"bytes,2,opt,name=ProfileSyncConfig,proto3" json:"profile_sync_config"`
	XXX_NoUnkeyedLiteral struct{}                           `json:"-"`
	XXX_unrecognized     []byte                             `json:"-"`
	XXX_sizecache        int32                              `json:"-"`
}

AWSRAIntegrationSpecV1 contains the spec properties for the AWS IAM Roles Anywhere SubKind Integration.

func (*AWSRAIntegrationSpecV1) Descriptor 

func (*AWSRAIntegrationSpecV1) Descriptor() ([]byte, []int)

func (*AWSRAIntegrationSpecV1) Marshal 

func (m *AWSRAIntegrationSpecV1) Marshal() (dAtA []byte, err error)

func (*AWSRAIntegrationSpecV1) MarshalTo 

func (m *AWSRAIntegrationSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*AWSRAIntegrationSpecV1) MarshalToSizedBuffer 

func (m *AWSRAIntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSRAIntegrationSpecV1) ProtoMessage 

func (*AWSRAIntegrationSpecV1) ProtoMessage()

func (*AWSRAIntegrationSpecV1) Reset 

func (m *AWSRAIntegrationSpecV1) Reset()

func (*AWSRAIntegrationSpecV1) Size 

func (m *AWSRAIntegrationSpecV1) Size() (n int)

func (*AWSRAIntegrationSpecV1) String 

func (m *AWSRAIntegrationSpecV1) String() string

func (*AWSRAIntegrationSpecV1) Unmarshal 

func (m *AWSRAIntegrationSpecV1) Unmarshal(dAtA []byte) error

func (*AWSRAIntegrationSpecV1) XXX_DiscardUnknown 

func (m *AWSRAIntegrationSpecV1) XXX_DiscardUnknown()

func (*AWSRAIntegrationSpecV1) XXX_Marshal 

func (m *AWSRAIntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSRAIntegrationSpecV1) XXX_Merge 

func (m *AWSRAIntegrationSpecV1) XXX_Merge(src proto.Message)

func (*AWSRAIntegrationSpecV1) XXX_Size 

func (m *AWSRAIntegrationSpecV1) XXX_Size() int

func (*AWSRAIntegrationSpecV1) XXX_Unmarshal 

func (m *AWSRAIntegrationSpecV1) XXX_Unmarshal(b []byte) error

type AWSRolesAnywhereProfileSyncConfig 

type AWSRolesAnywhereProfileSyncConfig struct {
	// Enabled is set to true if this integration should sync profiles as application servers.
	Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"enabled"`
	// ProfileARN is the ARN of the Roles Anywhere Profile used to generate credentials to access the AWS APIs.
	ProfileARN string `protobuf:"bytes,2,opt,name=ProfileARN,proto3" json:"profile_arn"`
	// ProfileAcceptsRoleSessionName indicates whether the profile accepts a custom Role Session name.
	ProfileAcceptsRoleSessionName bool `protobuf:"varint,3,opt,name=ProfileAcceptsRoleSessionName,proto3" json:"profile_accepts_role_session_name"`
	// RoleARN is the ARN of the IAM Role to assume when accessing the AWS APIs.
	RoleARN              string   `protobuf:"bytes,4,opt,name=RoleARN,proto3" json:"role_arn"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSRolesAnywhereProfileSyncConfig contains the configuration for the AWS Roles Anywhere Profile sync. This is used to sync AWS Roles Anywhere profiles as application servers.

func (*AWSRolesAnywhereProfileSyncConfig) Descriptor 

func (*AWSRolesAnywhereProfileSyncConfig) Descriptor() ([]byte, []int)

func (*AWSRolesAnywhereProfileSyncConfig) Marshal 

func (m *AWSRolesAnywhereProfileSyncConfig) Marshal() (dAtA []byte, err error)

func (*AWSRolesAnywhereProfileSyncConfig) MarshalTo 

func (m *AWSRolesAnywhereProfileSyncConfig) MarshalTo(dAtA []byte) (int, error)

func (*AWSRolesAnywhereProfileSyncConfig) MarshalToSizedBuffer 

func (m *AWSRolesAnywhereProfileSyncConfig) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSRolesAnywhereProfileSyncConfig) ProtoMessage 

func (*AWSRolesAnywhereProfileSyncConfig) ProtoMessage()

func (*AWSRolesAnywhereProfileSyncConfig) Reset 

func (m *AWSRolesAnywhereProfileSyncConfig) Reset()

func (*AWSRolesAnywhereProfileSyncConfig) Size 

func (m *AWSRolesAnywhereProfileSyncConfig) Size() (n int)

func (*AWSRolesAnywhereProfileSyncConfig) String 

func (m *AWSRolesAnywhereProfileSyncConfig) String() string

func (*AWSRolesAnywhereProfileSyncConfig) Unmarshal 

func (m *AWSRolesAnywhereProfileSyncConfig) Unmarshal(dAtA []byte) error

func (*AWSRolesAnywhereProfileSyncConfig) XXX_DiscardUnknown 

func (m *AWSRolesAnywhereProfileSyncConfig) XXX_DiscardUnknown()

func (*AWSRolesAnywhereProfileSyncConfig) XXX_Marshal 

func (m *AWSRolesAnywhereProfileSyncConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSRolesAnywhereProfileSyncConfig) XXX_Merge 

func (m *AWSRolesAnywhereProfileSyncConfig) XXX_Merge(src proto.Message)

func (*AWSRolesAnywhereProfileSyncConfig) XXX_Size 

func (m *AWSRolesAnywhereProfileSyncConfig) XXX_Size() int

func (*AWSRolesAnywhereProfileSyncConfig) XXX_Unmarshal 

func (m *AWSRolesAnywhereProfileSyncConfig) XXX_Unmarshal(b []byte) error

type AWSSSM 

type AWSSSM struct {
	// DocumentName is the name of the document to use when executing an
	// SSM command
	DocumentName         string   `protobuf:"bytes,1,opt,name=DocumentName,proto3" json:"document_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AWSSSM provides options to use when executing SSM documents

func (*AWSSSM) Descriptor 

func (*AWSSSM) Descriptor() ([]byte, []int)

func (*AWSSSM) Marshal 

func (m *AWSSSM) Marshal() (dAtA []byte, err error)

func (*AWSSSM) MarshalTo 

func (m *AWSSSM) MarshalTo(dAtA []byte) (int, error)

func (*AWSSSM) MarshalToSizedBuffer 

func (m *AWSSSM) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AWSSSM) ProtoMessage 

func (*AWSSSM) ProtoMessage()

func (*AWSSSM) Reset 

func (m *AWSSSM) Reset()

func (*AWSSSM) Size 

func (m *AWSSSM) Size() (n int)

func (*AWSSSM) String 

func (m *AWSSSM) String() string

func (*AWSSSM) Unmarshal 

func (m *AWSSSM) Unmarshal(dAtA []byte) error

func (*AWSSSM) XXX_DiscardUnknown 

func (m *AWSSSM) XXX_DiscardUnknown()

func (*AWSSSM) XXX_Marshal 

func (m *AWSSSM) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AWSSSM) XXX_Merge 

func (m *AWSSSM) XXX_Merge(src proto.Message)

func (*AWSSSM) XXX_Size 

func (m *AWSSSM) XXX_Size() int

func (*AWSSSM) XXX_Unmarshal 

func (m *AWSSSM) XXX_Unmarshal(b []byte) error

type AccessCapabilities 

type AccessCapabilities struct {
	// RequestableRoles is a list of existent roles which the user is allowed to request.
	RequestableRoles []string `protobuf:"bytes,1,rep,name=RequestableRoles,proto3" json:"requestable_roles,omitempty"`
	// SuggestedReviewers is a list of all reviewers which are suggested by the user's roles.
	SuggestedReviewers []string `protobuf:"bytes,2,rep,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"`
	// ApplicableRolesForResources is a list of the roles applicable for access to a given set of resources.
	ApplicableRolesForResources []string `protobuf:"bytes,3,rep,name=ApplicableRolesForResources,proto3" json:"applicable_roles,omitempty"`
	// RequestPrompt is an optional message which tells users what they aught to request.
	RequestPrompt string `protobuf:"bytes,4,opt,name=RequestPrompt,proto3" json:"request_prompt,omitempty"`
	// RequireReason indicates whether the request strategy is one that requires
	// users to always supply reasons with their requests.
	RequireReason bool `protobuf:"varint,5,opt,name=RequireReason,proto3" json:"require_reason,omitempty"`
	// AutoRequest indicates whether the request strategy indicates that a
	// request should be automatically generated on login.
	AutoRequest          bool     `protobuf:"varint,6,opt,name=AutoRequest,proto3" json:"auto_request,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AccessCapabilities is a summary of capabilities that a user is granted via their dynamic access privileges which may not be calculable by directly examining the user's own static roles.

func (*AccessCapabilities) Descriptor 

func (*AccessCapabilities) Descriptor() ([]byte, []int)

func (*AccessCapabilities) Marshal 

func (m *AccessCapabilities) Marshal() (dAtA []byte, err error)

func (*AccessCapabilities) MarshalTo 

func (m *AccessCapabilities) MarshalTo(dAtA []byte) (int, error)

func (*AccessCapabilities) MarshalToSizedBuffer 

func (m *AccessCapabilities) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessCapabilities) ProtoMessage 

func (*AccessCapabilities) ProtoMessage()

func (*AccessCapabilities) Reset 

func (m *AccessCapabilities) Reset()

func (*AccessCapabilities) Size 

func (m *AccessCapabilities) Size() (n int)

func (*AccessCapabilities) String 

func (m *AccessCapabilities) String() string

func (*AccessCapabilities) Unmarshal 

func (m *AccessCapabilities) Unmarshal(dAtA []byte) error

func (*AccessCapabilities) XXX_DiscardUnknown 

func (m *AccessCapabilities) XXX_DiscardUnknown()

func (*AccessCapabilities) XXX_Marshal 

func (m *AccessCapabilities) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessCapabilities) XXX_Merge 

func (m *AccessCapabilities) XXX_Merge(src proto.Message)

func (*AccessCapabilities) XXX_Size 

func (m *AccessCapabilities) XXX_Size() int

func (*AccessCapabilities) XXX_Unmarshal 

func (m *AccessCapabilities) XXX_Unmarshal(b []byte) error

type AccessCapabilitiesRequest 

type AccessCapabilitiesRequest struct {
	// User is the name of the user whose capabilities we are interested in (defaults to
	// the caller's own username).
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user,omitempty"`
	// RequestableRoles is a flag indicating that we would like to view the list of roles
	// that the user is able to request.
	RequestableRoles bool `protobuf:"varint,2,opt,name=RequestableRoles,proto3" json:"requestable_roles,omitempty"`
	// SuggestedReviewers is a flag indicating that we would like to view the list of all
	// reviewers which are suggested by the user's roles.
	SuggestedReviewers bool `protobuf:"varint,3,opt,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"`
	// ResourceIDs is the list of the ResourceIDs of the resources we would like to view
	// the necessary roles for.
	ResourceIDs []ResourceID `protobuf:"bytes,4,rep,name=ResourceIDs,proto3" json:"resource_ids,omitempty"`
	// Login is the host login the user is requesting access for.
	Login string `protobuf:"bytes,5,opt,name=Login,proto3" json:"login,omitempty"`
	// FilterRequestableRolesByResource is a flag indicating that the returned
	// list of roles that the user can request should be filtered to only include
	// roles that allow access to the provided ResourceIDs.
	FilterRequestableRolesByResource bool     `protobuf:"varint,6,opt,name=FilterRequestableRolesByResource,proto3" json:"filter_requestable_roles_by_resource,omitempty"`
	XXX_NoUnkeyedLiteral             struct{} `json:"-"`
	XXX_unrecognized                 []byte   `json:"-"`
	XXX_sizecache                    int32    `json:"-"`
}

AccessCapabilitiesRequest encodes parameters for the GetAccessCapabilities method.

func (*AccessCapabilitiesRequest) Descriptor 

func (*AccessCapabilitiesRequest) Descriptor() ([]byte, []int)

func (*AccessCapabilitiesRequest) Marshal 

func (m *AccessCapabilitiesRequest) Marshal() (dAtA []byte, err error)

func (*AccessCapabilitiesRequest) MarshalTo 

func (m *AccessCapabilitiesRequest) MarshalTo(dAtA []byte) (int, error)

func (*AccessCapabilitiesRequest) MarshalToSizedBuffer 

func (m *AccessCapabilitiesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessCapabilitiesRequest) ProtoMessage 

func (*AccessCapabilitiesRequest) ProtoMessage()

func (*AccessCapabilitiesRequest) Reset 

func (m *AccessCapabilitiesRequest) Reset()

func (*AccessCapabilitiesRequest) Size 

func (m *AccessCapabilitiesRequest) Size() (n int)

func (*AccessCapabilitiesRequest) String 

func (m *AccessCapabilitiesRequest) String() string

func (*AccessCapabilitiesRequest) Unmarshal 

func (m *AccessCapabilitiesRequest) Unmarshal(dAtA []byte) error

func (*AccessCapabilitiesRequest) XXX_DiscardUnknown 

func (m *AccessCapabilitiesRequest) XXX_DiscardUnknown()

func (*AccessCapabilitiesRequest) XXX_Marshal 

func (m *AccessCapabilitiesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessCapabilitiesRequest) XXX_Merge 

func (m *AccessCapabilitiesRequest) XXX_Merge(src proto.Message)

func (*AccessCapabilitiesRequest) XXX_Size 

func (m *AccessCapabilitiesRequest) XXX_Size() int

func (*AccessCapabilitiesRequest) XXX_Unmarshal 

func (m *AccessCapabilitiesRequest) XXX_Unmarshal(b []byte) error

type AccessGraphAWSSync 

type AccessGraphAWSSync struct {
	// Regions are AWS regions to import resources from.
	Regions []string `protobuf:"bytes,1,rep,name=Regions,proto3" json:"regions,omitempty"`
	// AssumeRoleARN is the AWS role to assume for database discovery.
	AssumeRole *AssumeRole `protobuf:"bytes,3,opt,name=AssumeRole,proto3" json:"assume_role,omitempty"`
	// Integration is the integration name used to generate credentials to interact with AWS APIs.
	Integration string `protobuf:"bytes,4,opt,name=Integration,proto3" json:"integration,omitempty"`
	// Configuration settings for collecting AWS CloudTrail logs via an SQS queue.
	CloudTrailLogs       *AccessGraphAWSSyncCloudTrailLogs `protobuf:"bytes,5,opt,name=cloud_trail_logs,json=cloudTrailLogs,proto3" json:"cloud_trail_logs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

AccessGraphAWSSync is a configuration for AWS Access Graph service poll service.

func (*AccessGraphAWSSync) CheckAndSetDefaults 

func (a *AccessGraphAWSSync) CheckAndSetDefaults() error

func (*AccessGraphAWSSync) Descriptor 

func (*AccessGraphAWSSync) Descriptor() ([]byte, []int)

func (*AccessGraphAWSSync) Marshal 

func (m *AccessGraphAWSSync) Marshal() (dAtA []byte, err error)

func (*AccessGraphAWSSync) MarshalTo 

func (m *AccessGraphAWSSync) MarshalTo(dAtA []byte) (int, error)

func (*AccessGraphAWSSync) MarshalToSizedBuffer 

func (m *AccessGraphAWSSync) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessGraphAWSSync) ProtoMessage 

func (*AccessGraphAWSSync) ProtoMessage()

func (*AccessGraphAWSSync) Reset 

func (m *AccessGraphAWSSync) Reset()

func (*AccessGraphAWSSync) Size 

func (m *AccessGraphAWSSync) Size() (n int)

func (*AccessGraphAWSSync) String 

func (m *AccessGraphAWSSync) String() string

func (*AccessGraphAWSSync) Unmarshal 

func (m *AccessGraphAWSSync) Unmarshal(dAtA []byte) error

func (*AccessGraphAWSSync) XXX_DiscardUnknown 

func (m *AccessGraphAWSSync) XXX_DiscardUnknown()

func (*AccessGraphAWSSync) XXX_Marshal 

func (m *AccessGraphAWSSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessGraphAWSSync) XXX_Merge 

func (m *AccessGraphAWSSync) XXX_Merge(src proto.Message)

func (*AccessGraphAWSSync) XXX_Size 

func (m *AccessGraphAWSSync) XXX_Size() int

func (*AccessGraphAWSSync) XXX_Unmarshal 

func (m *AccessGraphAWSSync) XXX_Unmarshal(b []byte) error

type AccessGraphAWSSyncCloudTrailLogs 

type AccessGraphAWSSyncCloudTrailLogs struct {
	// The AWS region of the SQS queue for CloudTrail notifications, ex.: "us-east-2".
	Region string `protobuf:"bytes,1,opt,name=Region,proto3" json:"region,omitempty"`
	// The name or URL for CloudTrail log events, ex.: "demo-cloudtrail-queue".
	SQSQueue             string   `protobuf:"bytes,2,opt,name=SQSQueue,proto3" json:"sqs_queue,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AccessGraphAWSSyncCloudTrailLogs defines settings for ingesting AWS CloudTrail logs by polling an SQS queue that receives notifications about new log files.

func (*AccessGraphAWSSyncCloudTrailLogs) Descriptor 

func (*AccessGraphAWSSyncCloudTrailLogs) Descriptor() ([]byte, []int)

func (*AccessGraphAWSSyncCloudTrailLogs) Marshal 

func (m *AccessGraphAWSSyncCloudTrailLogs) Marshal() (dAtA []byte, err error)

func (*AccessGraphAWSSyncCloudTrailLogs) MarshalTo 

func (m *AccessGraphAWSSyncCloudTrailLogs) MarshalTo(dAtA []byte) (int, error)

func (*AccessGraphAWSSyncCloudTrailLogs) MarshalToSizedBuffer 

func (m *AccessGraphAWSSyncCloudTrailLogs) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessGraphAWSSyncCloudTrailLogs) ProtoMessage 

func (*AccessGraphAWSSyncCloudTrailLogs) ProtoMessage()

func (*AccessGraphAWSSyncCloudTrailLogs) Reset 

func (m *AccessGraphAWSSyncCloudTrailLogs) Reset()

func (*AccessGraphAWSSyncCloudTrailLogs) Size 

func (m *AccessGraphAWSSyncCloudTrailLogs) Size() (n int)

func (*AccessGraphAWSSyncCloudTrailLogs) String 

func (m *AccessGraphAWSSyncCloudTrailLogs) String() string

func (*AccessGraphAWSSyncCloudTrailLogs) Unmarshal 

func (m *AccessGraphAWSSyncCloudTrailLogs) Unmarshal(dAtA []byte) error

func (*AccessGraphAWSSyncCloudTrailLogs) XXX_DiscardUnknown 

func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_DiscardUnknown()

func (*AccessGraphAWSSyncCloudTrailLogs) XXX_Marshal 

func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessGraphAWSSyncCloudTrailLogs) XXX_Merge 

func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_Merge(src proto.Message)

func (*AccessGraphAWSSyncCloudTrailLogs) XXX_Size 

func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_Size() int

func (*AccessGraphAWSSyncCloudTrailLogs) XXX_Unmarshal 

func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_Unmarshal(b []byte) error

type AccessGraphAzureSync 

type AccessGraphAzureSync struct {
	// SubscriptionID Is the ID of the Azure subscription to sync resources from
	SubscriptionID string `protobuf:"bytes,1,opt,name=SubscriptionID,proto3" json:"subscription_id,omitempty"`
	// Integration is the integration name used to generate credentials to interact with AWS APIs.
	Integration          string   `protobuf:"bytes,2,opt,name=Integration,proto3" json:"integration,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AccessGraphAzureSync is a configuration for Azure Access Graph service poll service.

func (*AccessGraphAzureSync) Descriptor 

func (*AccessGraphAzureSync) Descriptor() ([]byte, []int)

func (*AccessGraphAzureSync) Marshal 

func (m *AccessGraphAzureSync) Marshal() (dAtA []byte, err error)

func (*AccessGraphAzureSync) MarshalTo 

func (m *AccessGraphAzureSync) MarshalTo(dAtA []byte) (int, error)

func (*AccessGraphAzureSync) MarshalToSizedBuffer 

func (m *AccessGraphAzureSync) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessGraphAzureSync) ProtoMessage 

func (*AccessGraphAzureSync) ProtoMessage()

func (*AccessGraphAzureSync) Reset 

func (m *AccessGraphAzureSync) Reset()

func (*AccessGraphAzureSync) Size 

func (m *AccessGraphAzureSync) Size() (n int)

func (*AccessGraphAzureSync) String 

func (m *AccessGraphAzureSync) String() string

func (*AccessGraphAzureSync) Unmarshal 

func (m *AccessGraphAzureSync) Unmarshal(dAtA []byte) error

func (*AccessGraphAzureSync) XXX_DiscardUnknown 

func (m *AccessGraphAzureSync) XXX_DiscardUnknown()

func (*AccessGraphAzureSync) XXX_Marshal 

func (m *AccessGraphAzureSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessGraphAzureSync) XXX_Merge 

func (m *AccessGraphAzureSync) XXX_Merge(src proto.Message)

func (*AccessGraphAzureSync) XXX_Size 

func (m *AccessGraphAzureSync) XXX_Size() int

func (*AccessGraphAzureSync) XXX_Unmarshal 

func (m *AccessGraphAzureSync) XXX_Unmarshal(b []byte) error

type AccessGraphSync 

type AccessGraphSync struct {
	// AWS is a configuration for AWS Access Graph service poll service.
	AWS []*AccessGraphAWSSync `protobuf:"bytes,1,rep,name=AWS,proto3" json:"aws,omitempty"`
	// PollInterval is the frequency at which to poll for resources
	PollInterval time.Duration `protobuf:"bytes,2,opt,name=PollInterval,proto3,stdduration" json:"poll_interval,omitempty"`
	// Azure is a configuration for Azure Access Graph service poll service.
	Azure                []*AccessGraphAzureSync `protobuf:"bytes,3,rep,name=Azure,proto3" json:"azure,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

AccessGraphSync is a configuration for Access Graph service.

func (*AccessGraphSync) CheckAndSetDefaults 

func (a *AccessGraphSync) CheckAndSetDefaults() error

CheckAndSetDefaults that the matcher is correct and adds default values.

func (*AccessGraphSync) Descriptor 

func (*AccessGraphSync) Descriptor() ([]byte, []int)

func (*AccessGraphSync) Marshal 

func (m *AccessGraphSync) Marshal() (dAtA []byte, err error)

func (*AccessGraphSync) MarshalTo 

func (m *AccessGraphSync) MarshalTo(dAtA []byte) (int, error)

func (*AccessGraphSync) MarshalToSizedBuffer 

func (m *AccessGraphSync) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessGraphSync) ProtoMessage 

func (*AccessGraphSync) ProtoMessage()

func (*AccessGraphSync) Reset 

func (m *AccessGraphSync) Reset()

func (*AccessGraphSync) Size 

func (m *AccessGraphSync) Size() (n int)

func (*AccessGraphSync) String 

func (m *AccessGraphSync) String() string

func (*AccessGraphSync) Unmarshal 

func (m *AccessGraphSync) Unmarshal(dAtA []byte) error

func (*AccessGraphSync) XXX_DiscardUnknown 

func (m *AccessGraphSync) XXX_DiscardUnknown()

func (*AccessGraphSync) XXX_Marshal 

func (m *AccessGraphSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessGraphSync) XXX_Merge 

func (m *AccessGraphSync) XXX_Merge(src proto.Message)

func (*AccessGraphSync) XXX_Size 

func (m *AccessGraphSync) XXX_Size() int

func (*AccessGraphSync) XXX_Unmarshal 

func (m *AccessGraphSync) XXX_Unmarshal(b []byte) error

type AccessMonitoringRuleState 

type AccessMonitoringRuleState string

AccessMonitoringRuleState specifies the desired state of an access monitoring rule subject.

type AccessRequest 

type AccessRequest interface {
	ResourceWithLabels
	// GetUser gets the name of the requesting user
	GetUser() string
	// GetRoles gets the roles being requested by the user
	GetRoles() []string
	// SetRoles overrides the roles being requested by the user
	SetRoles([]string)
	// GetState gets the current state of the request
	GetState() RequestState
	// SetState sets the approval state of the request
	SetState(RequestState) error
	// GetCreationTime gets the time at which the request was
	// originally registered with the auth server.
	GetCreationTime() time.Time
	// SetCreationTime sets the creation time of the request.
	SetCreationTime(time.Time)
	// GetAccessExpiry gets the expiration time for the elevated certificate
	// that will be issued if the Access Request is approved.
	GetAccessExpiry() time.Time
	// GetAssumeStartTime gets the time the roles can be assumed
	// if the Access Request is approved.
	GetAssumeStartTime() *time.Time
	// SetAssumeStartTime sets the time the roles can be assumed
	// if the Access Request is approved.
	SetAssumeStartTime(time.Time)
	// SetAccessExpiry sets the expiration time for the elevated certificate
	// that will be issued if the Access Request is approved.
	SetAccessExpiry(time.Time)
	// GetSessionTLL gets the session TTL for generated certificates.
	GetSessionTLL() time.Time
	// SetSessionTLL sets the session TTL for generated certificates.
	SetSessionTLL(time.Time)
	// GetRequestReason gets the reason for the request's creation.
	GetRequestReason() string
	// SetRequestReason sets the reason for the request's creation.
	SetRequestReason(string)
	// GetResolveReason gets the reason for the request's resolution.
	GetResolveReason() string
	// SetResolveReason sets the reason for the request's resolution.
	SetResolveReason(string)
	// GetResolveAnnotations gets the annotations associated with
	// the request's resolution.
	GetResolveAnnotations() map[string][]string
	// SetResolveAnnotations sets the annotations associated with
	// the request's resolution.
	SetResolveAnnotations(map[string][]string)
	// GetSystemAnnotations gets the teleport-applied annotations.
	GetSystemAnnotations() map[string][]string
	// SetSystemAnnotations sets the teleport-applied annotations.
	SetSystemAnnotations(map[string][]string)
	// GetOriginalRoles gets the original (pre-override) role list.
	GetOriginalRoles() []string
	// GetThresholds gets the review thresholds.
	GetThresholds() []AccessReviewThreshold
	// SetThresholds sets the review thresholds (internal use only).
	SetThresholds([]AccessReviewThreshold)
	// GetRoleThresholdMapping gets the rtm.  See documentation of the
	// AccessRequestSpecV3.RoleThresholdMapping field for details.
	GetRoleThresholdMapping() map[string]ThresholdIndexSets
	// SetRoleThresholdMapping sets the rtm (internal use only).  See documentation
	// of the AccessRequestSpecV3.RoleThresholdMapping field for details.
	SetRoleThresholdMapping(map[string]ThresholdIndexSets)
	// GetReviews gets the list of currently applied access reviews.
	GetReviews() []AccessReview
	// SetReviews sets the list of currently applied access reviews (internal use only).
	SetReviews([]AccessReview)
	// GetPromotedAccessListName returns the access list name that this access request
	// was promoted to.
	GetPromotedAccessListName() string
	// SetPromotedAccessListName sets the access list name that this access request
	// was promoted to.
	SetPromotedAccessListName(name string)
	// GetPromotedAccessListTitle returns the access list title that this access request
	// was promoted to.
	GetPromotedAccessListTitle() string
	// SetPromotedAccessListTitle sets the access list title that this access request
	// was promoted to.
	SetPromotedAccessListTitle(string)
	// GetSuggestedReviewers gets the suggested reviewer list.
	GetSuggestedReviewers() []string
	// SetSuggestedReviewers sets the suggested reviewer list.
	SetSuggestedReviewers([]string)
	// GetRequestedResourceIDs gets the resource IDs to which access is being requested.
	GetRequestedResourceIDs() []ResourceID
	// SetRequestedResourceIDs sets the resource IDs to which access is being requested.
	SetRequestedResourceIDs([]ResourceID)
	// GetLoginHint gets the requested login hint.
	GetLoginHint() string
	// SetLoginHint sets the requested login hint.
	SetLoginHint(string)
	// GetMaxDuration gets the maximum time at which the access should be approved for.
	GetMaxDuration() time.Time
	// SetMaxDuration sets the maximum time at which the access should be approved for.
	SetMaxDuration(time.Time)
	// GetDryRun returns true if this request should not be created and is only
	// a dry run to validate request capabilities.
	GetDryRun() bool
	// SetDryRun sets the dry run flag on the request.
	SetDryRun(bool)
	// GetDryRunEnrichment gets the dry run enrichment data.
	GetDryRunEnrichment() *AccessRequestDryRunEnrichment
	// SetDryRunEnrichment sets the dry run enrichment data.
	SetDryRunEnrichment(*AccessRequestDryRunEnrichment)
	// Copy returns a copy of the access request resource.
	Copy() AccessRequest
}

AccessRequest is a request for temporarily granted roles

func NewAccessRequest 

func NewAccessRequest(name string, user string, roles ...string) (AccessRequest, error)

NewAccessRequest assembles an AccessRequest resource.

func NewAccessRequestWithResources 

func NewAccessRequestWithResources(name string, user string, roles []string, resourceIDs []ResourceID) (AccessRequest, error)

NewAccessRequestWithResources assembles an AccessRequest resource with requested resources.

type AccessRequestAllowedPromotion 

type AccessRequestAllowedPromotion struct {
	// associated access list
	AccessListName       string   `protobuf:"bytes,1,opt,name=accessListName,proto3" json:"accessListName,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AccessRequestAllowedPromotion describes an allowed promotion to an Access List.

func (*AccessRequestAllowedPromotion) Descriptor 

func (*AccessRequestAllowedPromotion) Descriptor() ([]byte, []int)

func (*AccessRequestAllowedPromotion) Marshal 

func (m *AccessRequestAllowedPromotion) Marshal() (dAtA []byte, err error)

func (*AccessRequestAllowedPromotion) MarshalTo 

func (m *AccessRequestAllowedPromotion) MarshalTo(dAtA []byte) (int, error)

func (*AccessRequestAllowedPromotion) MarshalToSizedBuffer 

func (m *AccessRequestAllowedPromotion) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessRequestAllowedPromotion) ProtoMessage 

func (*AccessRequestAllowedPromotion) ProtoMessage()

func (*AccessRequestAllowedPromotion) Reset 

func (m *AccessRequestAllowedPromotion) Reset()

func (*AccessRequestAllowedPromotion) Size 

func (m *AccessRequestAllowedPromotion) Size() (n int)

func (*AccessRequestAllowedPromotion) String 

func (m *AccessRequestAllowedPromotion) String() string

func (*AccessRequestAllowedPromotion) Unmarshal 

func (m *AccessRequestAllowedPromotion) Unmarshal(dAtA []byte) error

func (*AccessRequestAllowedPromotion) XXX_DiscardUnknown 

func (m *AccessRequestAllowedPromotion) XXX_DiscardUnknown()

func (*AccessRequestAllowedPromotion) XXX_Marshal 

func (m *AccessRequestAllowedPromotion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRequestAllowedPromotion) XXX_Merge 

func (m *AccessRequestAllowedPromotion) XXX_Merge(src proto.Message)

func (*AccessRequestAllowedPromotion) XXX_Size 

func (m *AccessRequestAllowedPromotion) XXX_Size() int

func (*AccessRequestAllowedPromotion) XXX_Unmarshal 

func (m *AccessRequestAllowedPromotion) XXX_Unmarshal(b []byte) error

type AccessRequestAllowedPromotions 

type AccessRequestAllowedPromotions struct {
	// suggestions is a list of allowed access lists promotions.
	Promotions           []*AccessRequestAllowedPromotion `protobuf:"bytes,1,rep,name=promotions,proto3" json:"promotions,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                         `json:"-"`
	XXX_unrecognized     []byte                           `json:"-"`
	XXX_sizecache        int32                            `json:"-"`
}

AccessRequestAllowedPromotions describes an valid promotion from an access request to an access list.

func NewAccessRequestAllowedPromotions 

func NewAccessRequestAllowedPromotions(promotions []*AccessRequestAllowedPromotion) *AccessRequestAllowedPromotions

NewAccessRequestAllowedPromotions returns a new AccessRequestAllowedPromotions resource.

func (*AccessRequestAllowedPromotions) Descriptor 

func (*AccessRequestAllowedPromotions) Descriptor() ([]byte, []int)

func (*AccessRequestAllowedPromotions) Marshal 

func (m *AccessRequestAllowedPromotions) Marshal() (dAtA []byte, err error)

func (*AccessRequestAllowedPromotions) MarshalTo 

func (m *AccessRequestAllowedPromotions) MarshalTo(dAtA []byte) (int, error)

func (*AccessRequestAllowedPromotions) MarshalToSizedBuffer 

func (m *AccessRequestAllowedPromotions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessRequestAllowedPromotions) ProtoMessage 

func (*AccessRequestAllowedPromotions) ProtoMessage()

func (*AccessRequestAllowedPromotions) Reset 

func (m *AccessRequestAllowedPromotions) Reset()

func (*AccessRequestAllowedPromotions) Size 

func (m *AccessRequestAllowedPromotions) Size() (n int)

func (*AccessRequestAllowedPromotions) String 

func (m *AccessRequestAllowedPromotions) String() string

func (*AccessRequestAllowedPromotions) Unmarshal 

func (m *AccessRequestAllowedPromotions) Unmarshal(dAtA []byte) error

func (*AccessRequestAllowedPromotions) XXX_DiscardUnknown 

func (m *AccessRequestAllowedPromotions) XXX_DiscardUnknown()

func (*AccessRequestAllowedPromotions) XXX_Marshal 

func (m *AccessRequestAllowedPromotions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRequestAllowedPromotions) XXX_Merge 

func (m *AccessRequestAllowedPromotions) XXX_Merge(src proto.Message)

func (*AccessRequestAllowedPromotions) XXX_Size 

func (m *AccessRequestAllowedPromotions) XXX_Size() int

func (*AccessRequestAllowedPromotions) XXX_Unmarshal 

func (m *AccessRequestAllowedPromotions) XXX_Unmarshal(b []byte) error

type AccessRequestConditions 

type AccessRequestConditions struct {
	// Roles is the name of roles which will match the request rule.
	Roles []string `protobuf:"bytes,1,rep,name=Roles,proto3" json:"roles,omitempty"`
	// ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.
	ClaimsToRoles []ClaimMapping `protobuf:"bytes,2,rep,name=ClaimsToRoles,proto3" json:"claims_to_roles,omitempty"`
	// Annotations is a collection of annotations to be programmatically
	// appended to pending Access Requests at the time of their creation.
	// These annotations serve as a mechanism to propagate extra information
	// to plugins.  Since these annotations support variable interpolation
	// syntax, they also offer a mechanism for forwarding claims from an
	// external identity provider, to a plugin via `{{external.trait_name}}`
	// style substitutions.
	Annotations github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 146-byte string literal not displayed */
	// Thresholds is a list of thresholds, one of which must be met in order for reviews
	// to trigger a state-transition.  If no thresholds are provided, a default threshold
	// of 1 for approval and denial is used.
	Thresholds []AccessReviewThreshold `protobuf:"bytes,4,rep,name=Thresholds,proto3" json:"thresholds,omitempty"`
	// SuggestedReviewers is a list of reviewer suggestions.  These can be teleport usernames, but
	// that is not a requirement.
	SuggestedReviewers []string `protobuf:"bytes,5,rep,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"`
	// SearchAsRoles is a list of extra roles which should apply to a user while
	// they are searching for resources as part of a Resource Access Request, and
	// defines the underlying roles which will be requested as part of any
	// Resource Access Request.
	SearchAsRoles []string `protobuf:"bytes,6,rep,name=SearchAsRoles,proto3" json:"search_as_roles,omitempty"`
	// MaxDuration is the amount of time the access will be granted for.
	// If this is zero, the default duration is used.
	MaxDuration Duration `protobuf:"varint,7,opt,name=MaxDuration,proto3,casttype=Duration" json:"max_duration,omitempty"`
	// kubernetes_resources can optionally enforce a requester to request only certain kinds of kube resources.
	// Eg: Users can make request to either a resource kind "kube_cluster" or any of its
	// subresources like "namespaces". This field can be defined such that it prevents a user
	// from requesting "kube_cluster" and enforce requesting any of its subresources.
	KubernetesResources []RequestKubernetesResource `protobuf:"bytes,8,rep,name=kubernetes_resources,json=kubernetesResources,proto3" json:"kubernetes_resources,omitempty"`
	// Reason defines settings for the reason for the access provided by the user.
	Reason               *AccessRequestConditionsReason `protobuf:"bytes,9,opt,name=Reason,proto3" json:"reason,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                       `json:"-"`
	XXX_unrecognized     []byte                         `json:"-"`
	XXX_sizecache        int32                          `json:"-"`
}

AccessRequestConditions is a matcher for allow/deny restrictions on access-requests. Please remember to update IsEmpty when updating this message.

func (*AccessRequestConditions) Descriptor 

func (*AccessRequestConditions) Descriptor() ([]byte, []int)

func (AccessRequestConditions) IsEmpty 

func (a AccessRequestConditions) IsEmpty() bool

IsEmpty will return true if the condition is empty.

func (*AccessRequestConditions) Marshal 

func (m *AccessRequestConditions) Marshal() (dAtA []byte, err error)

func (*AccessRequestConditions) MarshalTo 

func (m *AccessRequestConditions) MarshalTo(dAtA []byte) (int, error)

func (*AccessRequestConditions) MarshalToSizedBuffer 

func (m *AccessRequestConditions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessRequestConditions) ProtoMessage 

func (*AccessRequestConditions) ProtoMessage()

func (*AccessRequestConditions) Reset 

func (m *AccessRequestConditions) Reset()

func (*AccessRequestConditions) Size 

func (m *AccessRequestConditions) Size() (n int)

func (*AccessRequestConditions) String 

func (m *AccessRequestConditions) String() string

func (*AccessRequestConditions) Unmarshal 

func (m *AccessRequestConditions) Unmarshal(dAtA []byte) error

func (*AccessRequestConditions) XXX_DiscardUnknown 

func (m *AccessRequestConditions) XXX_DiscardUnknown()

func (*AccessRequestConditions) XXX_Marshal 

func (m *AccessRequestConditions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRequestConditions) XXX_Merge 

func (m *AccessRequestConditions) XXX_Merge(src proto.Message)

func (*AccessRequestConditions) XXX_Size 

func (m *AccessRequestConditions) XXX_Size() int

func (*AccessRequestConditions) XXX_Unmarshal 

func (m *AccessRequestConditions) XXX_Unmarshal(b []byte) error

type AccessRequestConditionsReason 

type AccessRequestConditionsReason struct {
	// Mode can be either "required" or "optional". Empty string is treated as "optional". If a role
	// has the request reason mode set to "required", then reason is required for all Access Requests
	// requesting roles or resources allowed by this role. It applies only to users who have this
	// role assigned.
	Mode                 RequestReasonMode `protobuf:"bytes,1,opt,name=Mode,proto3,casttype=RequestReasonMode" json:"mode,omitempty"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

AccessRequestConditionsReason defines settings for the reason for the access provided by the user.

func (*AccessRequestConditionsReason) Descriptor 

func (*AccessRequestConditionsReason) Descriptor() ([]byte, []int)

func (*AccessRequestConditionsReason) Marshal 

func (m *AccessRequestConditionsReason) Marshal() (dAtA []byte, err error)

func (*AccessRequestConditionsReason) MarshalTo 

func (m *AccessRequestConditionsReason) MarshalTo(dAtA []byte) (int, error)

func (*AccessRequestConditionsReason) MarshalToSizedBuffer 

func (m *AccessRequestConditionsReason) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessRequestConditionsReason) ProtoMessage 

func (*AccessRequestConditionsReason) ProtoMessage()

func (*AccessRequestConditionsReason) Reset 

func (m *AccessRequestConditionsReason) Reset()

func (*AccessRequestConditionsReason) Size 

func (m *AccessRequestConditionsReason) Size() (n int)

func (*AccessRequestConditionsReason) String 

func (m *AccessRequestConditionsReason) String() string

func (*AccessRequestConditionsReason) Unmarshal 

func (m *AccessRequestConditionsReason) Unmarshal(dAtA []byte) error

func (*AccessRequestConditionsReason) XXX_DiscardUnknown 

func (m *AccessRequestConditionsReason) XXX_DiscardUnknown()

func (*AccessRequestConditionsReason) XXX_Marshal 

func (m *AccessRequestConditionsReason) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRequestConditionsReason) XXX_Merge 

func (m *AccessRequestConditionsReason) XXX_Merge(src proto.Message)

func (*AccessRequestConditionsReason) XXX_Size 

func (m *AccessRequestConditionsReason) XXX_Size() int

func (*AccessRequestConditionsReason) XXX_Unmarshal 

func (m *AccessRequestConditionsReason) XXX_Unmarshal(b []byte) error

type AccessRequestDryRunEnrichment 

type AccessRequestDryRunEnrichment struct {
	// ReasonMode specifies the reason mode for this Access Request as defined in
	// [AccessRequestConditionsReason].reason.
	ReasonMode RequestReasonMode `protobuf:"bytes,1,opt,name=ReasonMode,proto3,casttype=RequestReasonMode" json:"reason_mode,omitempty"`
	// ReasonPrompts is a sorted and deduplicated list of reason prompts for this Access Request.
	ReasonPrompts        []string `protobuf:"bytes,2,rep,name=ReasonPrompts,proto3" json:"reason_prompt,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AccessRequestDryRunEnrichment contains the extra info added in a response to a dry run request.

func (*AccessRequestDryRunEnrichment) Descriptor 

func (*AccessRequestDryRunEnrichment) Descriptor() ([]byte, []int)

func (*AccessRequestDryRunEnrichment) Marshal 

func (m *AccessRequestDryRunEnrichment) Marshal() (dAtA []byte, err error)

func (*AccessRequestDryRunEnrichment) MarshalTo 

func (m *AccessRequestDryRunEnrichment) MarshalTo(dAtA []byte) (int, error)

func (*AccessRequestDryRunEnrichment) MarshalToSizedBuffer 

func (m *AccessRequestDryRunEnrichment) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessRequestDryRunEnrichment) ProtoMessage 

func (*AccessRequestDryRunEnrichment) ProtoMessage()

func (*AccessRequestDryRunEnrichment) Reset 

func (m *AccessRequestDryRunEnrichment) Reset()

func (*AccessRequestDryRunEnrichment) Size 

func (m *AccessRequestDryRunEnrichment) Size() (n int)

func (*AccessRequestDryRunEnrichment) String 

func (m *AccessRequestDryRunEnrichment) String() string

func (*AccessRequestDryRunEnrichment) Unmarshal 

func (m *AccessRequestDryRunEnrichment) Unmarshal(dAtA []byte) error

func (*AccessRequestDryRunEnrichment) XXX_DiscardUnknown 

func (m *AccessRequestDryRunEnrichment) XXX_DiscardUnknown()

func (*AccessRequestDryRunEnrichment) XXX_Marshal 

func (m *AccessRequestDryRunEnrichment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRequestDryRunEnrichment) XXX_Merge 

func (m *AccessRequestDryRunEnrichment) XXX_Merge(src proto.Message)

func (*AccessRequestDryRunEnrichment) XXX_Size 

func (m *AccessRequestDryRunEnrichment) XXX_Size() int

func (*AccessRequestDryRunEnrichment) XXX_Unmarshal 

func (m *AccessRequestDryRunEnrichment) XXX_Unmarshal(b []byte) error

type AccessRequestFilter 

type AccessRequestFilter struct {
	// ID specifies a request ID if set.
	ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id,omitempty"`
	// User specifies a username if set.
	User string `protobuf:"bytes,2,opt,name=User,proto3" json:"user,omitempty"`
	// RequestState filters for requests in a specific state.
	State RequestState `protobuf:"varint,3,opt,name=State,proto3,enum=types.RequestState" json:"state,omitempty"`
	// SearchKeywords is a list of search keywords to match against resource field values.
	// The matcher goes through select field values from a resource
	// and tries to match against the list of search values, ignoring case and order.
	// Returns true if all search vals were matched (or if nil search vals).
	// Returns false if no or partial match (or nil field values).
	SearchKeywords []string `protobuf:"bytes,4,rep,name=SearchKeywords,proto3" json:"search,omitempty"`
	// Scope is an aditional filter to view requests based on needs review, reviewed, my requests
	Scope AccessRequestScope `protobuf:"varint,5,opt,name=Scope,proto3,enum=types.AccessRequestScope" json:"scope,omitempty"`
	// Requester is the requester of the api call. This is set by the Auth Service
	// Use User for the requester of the request.
	Requester            string   `protobuf:"bytes,6,opt,name=Requester,proto3" json:"requester,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AccessRequestFilter encodes filter params for Access Requests.

func (*AccessRequestFilter) Descriptor 

func (*AccessRequestFilter) Descriptor() ([]byte, []int)

func (*AccessRequestFilter) FromMap 

func (f *AccessRequestFilter) FromMap(m map[string]string) error

FromMap copies values from a map into this AccessRequestFilter value

func (*AccessRequestFilter) IntoMap 

func (f *AccessRequestFilter) IntoMap() map[string]string

IntoMap copies AccessRequestFilter values into a map

func (*AccessRequestFilter) Marshal 

func (m *AccessRequestFilter) Marshal() (dAtA []byte, err error)

func (*AccessRequestFilter) MarshalTo 

func (m *AccessRequestFilter) MarshalTo(dAtA []byte) (int, error)

func (*AccessRequestFilter) MarshalToSizedBuffer 

func (m *AccessRequestFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessRequestFilter) Match 

func (f *AccessRequestFilter) Match(req AccessRequest) bool

Match checks if a given access request matches this filter.

func (*AccessRequestFilter) ProtoMessage 

func (*AccessRequestFilter) ProtoMessage()

func (*AccessRequestFilter) Reset 

func (m *AccessRequestFilter) Reset()

func (*AccessRequestFilter) Size 

func (m *AccessRequestFilter) Size() (n int)

func (*AccessRequestFilter) String 

func (m *AccessRequestFilter) String() string

func (*AccessRequestFilter) Unmarshal 

func (m *AccessRequestFilter) Unmarshal(dAtA []byte) error

func (*AccessRequestFilter) XXX_DiscardUnknown 

func (m *AccessRequestFilter) XXX_DiscardUnknown()

func (*AccessRequestFilter) XXX_Marshal 

func (m *AccessRequestFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRequestFilter) XXX_Merge 

func (m *AccessRequestFilter) XXX_Merge(src proto.Message)

func (*AccessRequestFilter) XXX_Size 

func (m *AccessRequestFilter) XXX_Size() int

func (*AccessRequestFilter) XXX_Unmarshal 

func (m *AccessRequestFilter) XXX_Unmarshal(b []byte) error

type AccessRequestScope 

type AccessRequestScope int32
const (
	// DEFAULT allows all requests to be viewed
	AccessRequestScope_DEFAULT AccessRequestScope = 0
	// MY_REQUESTS will return only requests created by the requester
	AccessRequestScope_MY_REQUESTS AccessRequestScope = 1
	// NEEDS_REVIEW will return only requests that were not created by
	// the requester and do not include a review made by the requester
	AccessRequestScope_NEEDS_REVIEW AccessRequestScope = 2
	// REVIEWED will return only requests that were not created by
	// the requester and have a review submitted by the requester. This
	// can include requests that have no yet been completely approved/denied.
	AccessRequestScope_REVIEWED AccessRequestScope = 3
)

func (AccessRequestScope) EnumDescriptor 

func (AccessRequestScope) EnumDescriptor() ([]byte, []int)

func (AccessRequestScope) String 

func (x AccessRequestScope) String() string

type AccessRequestSpecV3 

type AccessRequestSpecV3 struct {
	// User is the name of the user to whom the roles will be applied.
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// Roles is the name of the roles being requested.
	Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles"`
	// State is the current state of this Access Request.
	State RequestState `protobuf:"varint,3,opt,name=State,proto3,enum=types.RequestState" json:"state,omitempty"`
	// Created encodes the time at which the request was registered with the auth
	// server.
	Created time.Time `protobuf:"bytes,4,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
	// Expires constrains the maximum lifetime of any login session for which this
	// request is active.
	Expires time.Time `protobuf:"bytes,5,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
	// RequestReason is an optional message explaining the reason for the request.
	RequestReason string `protobuf:"bytes,6,opt,name=RequestReason,proto3" json:"request_reason,omitempty"`
	// ResolveReason is an optional message explaining the reason for the resolution
	// of the request (approval, denial, etc...).
	ResolveReason string `protobuf:"bytes,7,opt,name=ResolveReason,proto3" json:"resolve_reason,omitempty"`
	// ResolveAnnotations is a set of arbitrary values received from plugins or other
	// resolving parties during approval/denial.  Importantly, these annotations are
	// included in the access_request.update event, allowing plugins to propagate
	// arbitrary structured data to the audit log.
	ResolveAnnotations github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 161-byte string literal not displayed */
	// SystemAnnotations is a set of programmatically generated annotations attached
	// to pending Access Requests by teleport.  These annotations are generated by
	// applying variable interpolation to the RoleConditions.Request.Annotations block
	// of a user's role(s).  These annotations serve as a mechanism for administrators
	// to pass extra information to plugins when they process pending Access Requests.
	SystemAnnotations github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 159-byte string literal not displayed */
	// Thresholds is a list of review thresholds relevant to this request.  Order must be
	// preserved, as thresholds are referenced by index (internal use only).
	Thresholds []AccessReviewThreshold `protobuf:"bytes,10,rep,name=Thresholds,proto3" json:"thresholds,omitempty"`
	// RoleThresholdMapping encodes the relationship between the requested roles and
	// the review threshold requirements for the given role (internal use only).
	// By storing a representation of which thresholds must pass for each requested role, we
	// both eliminate the need to cache the requestor's roles directly, and allow future
	// versions of teleport to become smarter about calculating more granular requirements
	// in a backwards-compatible manner (i.e. calculation can become smarter in minor releases).
	// Storing this relationship on the request is necessary in order to avoid unexpected or
	// inconsistent behavior due to review submission timing.
	RoleThresholdMapping map[string]ThresholdIndexSets `` /* 165-byte string literal not displayed */
	// Reviews is a list of reviews applied to this request (internal use only).
	Reviews []AccessReview `protobuf:"bytes,12,rep,name=Reviews,proto3" json:"reviews,omitempty"`
	// SuggestedReviewers is a list of reviewer suggestions.  These can be teleport usernames, but
	// that is not a requirement.
	SuggestedReviewers []string `protobuf:"bytes,13,rep,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"`
	// RequestedResourceIDs is a set of resources to which access is being requested.
	RequestedResourceIDs []ResourceID `protobuf:"bytes,14,rep,name=RequestedResourceIDs,proto3" json:"resource_ids,omitempty"`
	// LoginHint is used as a hint for search-based Access Requests to select
	// roles based on the login the user is attempting.
	LoginHint string `protobuf:"bytes,15,opt,name=LoginHint,proto3" json:"login_hint,omitempty"`
	// DryRun indicates that the request should not actually be created, the
	// Auth Service should only validate the Access Request.
	DryRun bool `protobuf:"varint,16,opt,name=DryRun,proto3" json:"dry_run,omitempty"`
	// MaxDuration indicates how long the access should be granted for.
	MaxDuration time.Time `protobuf:"bytes,17,opt,name=MaxDuration,proto3,stdtime" json:"max_duration,omitempty"`
	// SessionTLL indicated how long a certificate for a session should be valid for.
	SessionTTL time.Time `protobuf:"bytes,18,opt,name=SessionTTL,proto3,stdtime" json:"session_ttl,omitempty"`
	// PromotedAccessListTitle is the title of the access list that this request
	// was promoted to. Used by WebUI to display the title of the access list.
	// This field is only populated when the request is in the PROMOTED state.
	AccessList *PromotedAccessList `protobuf:"bytes,20,opt,name=accessList,proto3" json:"access_list,omitempty"`
	// AssumeStartTime is the time the requested roles can be assumed.
	AssumeStartTime *time.Time `protobuf:"bytes,21,opt,name=AssumeStartTime,proto3,stdtime" json:"assume_start_time,omitempty"`
	// ResourceExpiry is the time at which the access request resource will expire.
	ResourceExpiry *time.Time `protobuf:"bytes,22,opt,name=ResourceExpiry,proto3,stdtime" json:"expiry,omitempty"`
	// DryRunEnrichment contains the extra info added in response to a dry run request.
	DryRunEnrichment     *AccessRequestDryRunEnrichment `protobuf:"bytes,23,opt,name=DryRunEnrichment,proto3" json:"dry_run_enrichment,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                       `json:"-"`
	XXX_unrecognized     []byte                         `json:"-"`
	XXX_sizecache        int32                          `json:"-"`
}

AccessRequestSpec is the specification for AccessRequest

func (*AccessRequestSpecV3) Descriptor 

func (*AccessRequestSpecV3) Descriptor() ([]byte, []int)

func (*AccessRequestSpecV3) Marshal 

func (m *AccessRequestSpecV3) Marshal() (dAtA []byte, err error)

func (*AccessRequestSpecV3) MarshalTo 

func (m *AccessRequestSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*AccessRequestSpecV3) MarshalToSizedBuffer 

func (m *AccessRequestSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessRequestSpecV3) ProtoMessage 

func (*AccessRequestSpecV3) ProtoMessage()

func (*AccessRequestSpecV3) Reset 

func (m *AccessRequestSpecV3) Reset()

func (*AccessRequestSpecV3) Size 

func (m *AccessRequestSpecV3) Size() (n int)

func (*AccessRequestSpecV3) String 

func (m *AccessRequestSpecV3) String() string

func (*AccessRequestSpecV3) Unmarshal 

func (m *AccessRequestSpecV3) Unmarshal(dAtA []byte) error

func (*AccessRequestSpecV3) XXX_DiscardUnknown 

func (m *AccessRequestSpecV3) XXX_DiscardUnknown()

func (*AccessRequestSpecV3) XXX_Marshal 

func (m *AccessRequestSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRequestSpecV3) XXX_Merge 

func (m *AccessRequestSpecV3) XXX_Merge(src proto.Message)

func (*AccessRequestSpecV3) XXX_Size 

func (m *AccessRequestSpecV3) XXX_Size() int

func (*AccessRequestSpecV3) XXX_Unmarshal 

func (m *AccessRequestSpecV3) XXX_Unmarshal(b []byte) error

type AccessRequestUpdate 

type AccessRequestUpdate struct {
	// RequestID is the ID of the request to be updated.
	RequestID string
	// State is the state that the target request
	// should resolve to.
	State RequestState
	// Reason is an optional description of *why* the
	// the request is being resolved.
	Reason string
	// Annotations supplies extra data associated with
	// the resolution; primarily for audit purposes.
	Annotations map[string][]string
	// Roles, if non-empty declares a list of roles
	// that should override the role list of the request.
	// This parameter is only accepted on approvals
	// and must be a subset of the role list originally
	// present on the request.
	Roles []string
	// AssumeStartTime sets the time the requestor can assume
	// the requested roles.
	AssumeStartTime *time.Time
}

AccessRequestUpdate encompasses the parameters of a SetAccessRequestState call.

func (*AccessRequestUpdate) Check 

func (u *AccessRequestUpdate) Check() error

Check validates the request's fields

type AccessRequestV3 

type AccessRequestV3 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is AccessRequest metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is an AccessRequest specification
	Spec                 AccessRequestSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

AccessRequest represents an Access Request resource specification

func (*AccessRequestV3) CheckAndSetDefaults 

func (r *AccessRequestV3) CheckAndSetDefaults() error

CheckAndSetDefaults validates set values and sets default values

func (*AccessRequestV3) Copy 

func (r *AccessRequestV3) Copy() AccessRequest

Copy returns a copy of the access request resource.

func (*AccessRequestV3) Descriptor 

func (*AccessRequestV3) Descriptor() ([]byte, []int)

func (*AccessRequestV3) Expiry 

func (r *AccessRequestV3) Expiry() time.Time

Expiry gets Expiry

func (*AccessRequestV3) GetAccessExpiry 

func (r *AccessRequestV3) GetAccessExpiry() time.Time

GetAccessExpiry gets AccessExpiry

func (*AccessRequestV3) GetAllLabels 

func (r *AccessRequestV3) GetAllLabels() map[string]string

GetAllLabels returns the access request static labels.

func (*AccessRequestV3) GetAssumeStartTime 

func (r *AccessRequestV3) GetAssumeStartTime() *time.Time

GetAssumeStartTime gets AssumeStartTime

func (*AccessRequestV3) GetCreationTime 

func (r *AccessRequestV3) GetCreationTime() time.Time

GetCreationTime gets CreationTime

func (*AccessRequestV3) GetDryRun 

func (r *AccessRequestV3) GetDryRun() bool

GetDryRun returns true if this request should not be created and is only a dry run to validate request capabilities.

func (*AccessRequestV3) GetDryRunEnrichment 

func (r *AccessRequestV3) GetDryRunEnrichment() *AccessRequestDryRunEnrichment

GetDryRunEnrichment gets the dry run enrichment data.

func (*AccessRequestV3) GetKind 

func (r *AccessRequestV3) GetKind() string

GetKind gets Kind

func (*AccessRequestV3) GetLabel 

func (r *AccessRequestV3) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*AccessRequestV3) GetLoginHint 

func (r *AccessRequestV3) GetLoginHint() string

GetLoginHint gets the requested login hint.

func (*AccessRequestV3) GetMaxDuration 

func (r *AccessRequestV3) GetMaxDuration() time.Time

GetMaxDuration gets the maximum time at which the access should be approved for.

func (*AccessRequestV3) GetMetadata 

func (r *AccessRequestV3) GetMetadata() Metadata

GetMetadata gets Metadata

func (*AccessRequestV3) GetName 

func (r *AccessRequestV3) GetName() string

GetName gets Name

func (*AccessRequestV3) GetOriginalRoles 

func (r *AccessRequestV3) GetOriginalRoles() []string

func (*AccessRequestV3) GetPromotedAccessListName 

func (r *AccessRequestV3) GetPromotedAccessListName() string

GetPromotedAccessListName returns PromotedAccessListName.

func (*AccessRequestV3) GetPromotedAccessListTitle 

func (r *AccessRequestV3) GetPromotedAccessListTitle() string

GetPromotedAccessListTitle returns PromotedAccessListTitle.

func (*AccessRequestV3) GetRequestReason 

func (r *AccessRequestV3) GetRequestReason() string

GetRequestReason gets RequestReason

func (*AccessRequestV3) GetRequestedResourceIDs 

func (r *AccessRequestV3) GetRequestedResourceIDs() []ResourceID

GetRequestedResourceIDs gets the resource IDs to which access is being requested.

func (*AccessRequestV3) GetResolveAnnotations 

func (r *AccessRequestV3) GetResolveAnnotations() map[string][]string

GetResolveAnnotations gets ResolveAnnotations

func (*AccessRequestV3) GetResolveReason 

func (r *AccessRequestV3) GetResolveReason() string

GetResolveReason gets ResolveReason

func (*AccessRequestV3) GetReviews 

func (r *AccessRequestV3) GetReviews() []AccessReview

GetReviews gets the list of currently applied access reviews.

func (*AccessRequestV3) GetRevision 

func (r *AccessRequestV3) GetRevision() string

GetRevision returns the revision

func (*AccessRequestV3) GetRoleThresholdMapping 

func (r *AccessRequestV3) GetRoleThresholdMapping() map[string]ThresholdIndexSets

GetRoleThresholdMapping gets the rtm.

func (*AccessRequestV3) GetRoles 

func (r *AccessRequestV3) GetRoles() []string

GetRoles gets Roles

func (*AccessRequestV3) GetSessionTLL 

func (r *AccessRequestV3) GetSessionTLL() time.Time

GetSessionTLL gets SessionTLL

func (*AccessRequestV3) GetState 

func (r *AccessRequestV3) GetState() RequestState

GetState gets State

func (*AccessRequestV3) GetStaticLabels 

func (r *AccessRequestV3) GetStaticLabels() map[string]string

GetStaticLabels returns the access request static labels.

func (*AccessRequestV3) GetSubKind 

func (r *AccessRequestV3) GetSubKind() string

GetSubKind gets SubKind

func (*AccessRequestV3) GetSuggestedReviewers 

func (r *AccessRequestV3) GetSuggestedReviewers() []string

GetSuggestedReviewers gets the suggested reviewer list.

func (*AccessRequestV3) GetSystemAnnotations 

func (r *AccessRequestV3) GetSystemAnnotations() map[string][]string

GetSystemAnnotations gets SystemAnnotations

func (*AccessRequestV3) GetThresholds 

func (r *AccessRequestV3) GetThresholds() []AccessReviewThreshold

GetThresholds gets the review thresholds.

func (*AccessRequestV3) GetUser 

func (r *AccessRequestV3) GetUser() string

GetUser gets User

func (*AccessRequestV3) GetVersion 

func (r *AccessRequestV3) GetVersion() string

GetVersion gets Version

func (*AccessRequestV3) Marshal 

func (m *AccessRequestV3) Marshal() (dAtA []byte, err error)

func (*AccessRequestV3) MarshalTo 

func (m *AccessRequestV3) MarshalTo(dAtA []byte) (int, error)

func (*AccessRequestV3) MarshalToSizedBuffer 

func (m *AccessRequestV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessRequestV3) MatchSearch 

func (r *AccessRequestV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*AccessRequestV3) Origin 

func (r *AccessRequestV3) Origin() string

Origin returns the origin value of the resource.

func (*AccessRequestV3) ProtoMessage 

func (*AccessRequestV3) ProtoMessage()

func (*AccessRequestV3) Reset 

func (m *AccessRequestV3) Reset()

func (*AccessRequestV3) SetAccessExpiry 

func (r *AccessRequestV3) SetAccessExpiry(expiry time.Time)

SetAccessExpiry sets AccessExpiry

func (*AccessRequestV3) SetAssumeStartTime 

func (r *AccessRequestV3) SetAssumeStartTime(t time.Time)

SetAssumeStartTime sets AssumeStartTime

func (*AccessRequestV3) SetCreationTime 

func (r *AccessRequestV3) SetCreationTime(t time.Time)

SetCreationTime sets CreationTime

func (*AccessRequestV3) SetDryRun 

func (r *AccessRequestV3) SetDryRun(dryRun bool)

SetDryRun sets the dry run flag on the request.

func (*AccessRequestV3) SetDryRunEnrichment 

func (r *AccessRequestV3) SetDryRunEnrichment(enrichment *AccessRequestDryRunEnrichment)

SetDryRunEnrichment sets the dry run enrichment data.

func (*AccessRequestV3) SetExpiry 

func (r *AccessRequestV3) SetExpiry(expiry time.Time)

SetExpiry sets Expiry

func (*AccessRequestV3) SetLoginHint 

func (r *AccessRequestV3) SetLoginHint(login string)

SetLoginHint sets the requested login hint.

func (*AccessRequestV3) SetMaxDuration 

func (r *AccessRequestV3) SetMaxDuration(t time.Time)

SetMaxDuration sets the maximum time at which the access should be approved for.

func (*AccessRequestV3) SetName 

func (r *AccessRequestV3) SetName(name string)

SetName sets Name

func (*AccessRequestV3) SetOrigin 

func (r *AccessRequestV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*AccessRequestV3) SetPromotedAccessListName 

func (r *AccessRequestV3) SetPromotedAccessListName(name string)

SetPromotedAccessListName sets PromotedAccessListName.

func (*AccessRequestV3) SetPromotedAccessListTitle 

func (r *AccessRequestV3) SetPromotedAccessListTitle(title string)

SetPromotedAccessListTitle sets PromotedAccessListTitle.

func (*AccessRequestV3) SetRequestReason 

func (r *AccessRequestV3) SetRequestReason(reason string)

SetRequestReason sets RequestReason

func (*AccessRequestV3) SetRequestedResourceIDs 

func (r *AccessRequestV3) SetRequestedResourceIDs(ids []ResourceID)

SetRequestedResourceIDs sets the resource IDs to which access is being requested.

func (*AccessRequestV3) SetResolveAnnotations 

func (r *AccessRequestV3) SetResolveAnnotations(annotations map[string][]string)

SetResolveAnnotations sets ResolveAnnotations

func (*AccessRequestV3) SetResolveReason 

func (r *AccessRequestV3) SetResolveReason(reason string)

SetResolveReason sets ResolveReason

func (*AccessRequestV3) SetReviews 

func (r *AccessRequestV3) SetReviews(revs []AccessReview)

SetReviews sets the list of currently applied access reviews.

func (*AccessRequestV3) SetRevision 

func (r *AccessRequestV3) SetRevision(rev string)

SetRevision sets the revision

func (*AccessRequestV3) SetRoleThresholdMapping 

func (r *AccessRequestV3) SetRoleThresholdMapping(rtm map[string]ThresholdIndexSets)

SetRoleThresholdMapping sets the rtm (internal use only).

func (*AccessRequestV3) SetRoles 

func (r *AccessRequestV3) SetRoles(roles []string)

SetRoles sets Roles

func (*AccessRequestV3) SetSessionTLL 

func (r *AccessRequestV3) SetSessionTLL(t time.Time)

SetSessionTLL sets SessionTLL

func (*AccessRequestV3) SetState 

func (r *AccessRequestV3) SetState(state RequestState) error

SetState sets State

func (*AccessRequestV3) SetStaticLabels 

func (r *AccessRequestV3) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the access request static labels.

func (*AccessRequestV3) SetSubKind 

func (r *AccessRequestV3) SetSubKind(subKind string)

SetSubKind sets SubKind

func (*AccessRequestV3) SetSuggestedReviewers 

func (r *AccessRequestV3) SetSuggestedReviewers(reviewers []string)

SetSuggestedReviewers sets the suggested reviewer list.

func (*AccessRequestV3) SetSystemAnnotations 

func (r *AccessRequestV3) SetSystemAnnotations(annotations map[string][]string)

SetSystemAnnotations sets SystemAnnotations

func (*AccessRequestV3) SetThresholds 

func (r *AccessRequestV3) SetThresholds(thresholds []AccessReviewThreshold)

SetThresholds sets the review thresholds.

func (*AccessRequestV3) Size 

func (m *AccessRequestV3) Size() (n int)

func (*AccessRequestV3) String 

func (r *AccessRequestV3) String() string

String returns a text representation of this AccessRequest

func (*AccessRequestV3) Unmarshal 

func (m *AccessRequestV3) Unmarshal(dAtA []byte) error

func (*AccessRequestV3) XXX_DiscardUnknown 

func (m *AccessRequestV3) XXX_DiscardUnknown()

func (*AccessRequestV3) XXX_Marshal 

func (m *AccessRequestV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRequestV3) XXX_Merge 

func (m *AccessRequestV3) XXX_Merge(src proto.Message)

func (*AccessRequestV3) XXX_Size 

func (m *AccessRequestV3) XXX_Size() int

func (*AccessRequestV3) XXX_Unmarshal 

func (m *AccessRequestV3) XXX_Unmarshal(b []byte) error

type AccessRequests 

type AccessRequests []AccessRequest

AccessRequests is a list of AccessRequest resources.

func (AccessRequests) AsResources 

func (a AccessRequests) AsResources() (resources ResourcesWithLabels)

AsResources returns these access requests as resources with labels.

func (AccessRequests) Len 

func (a AccessRequests) Len() int

Len returns the slice length.

func (AccessRequests) Less 

func (a AccessRequests) Less(i, j int) bool

Less compares access requests by name.

func (AccessRequests) Swap 

func (a AccessRequests) Swap(i, j int)

Swap swaps two access requests.

func (AccessRequests) ToMap 

func (a AccessRequests) ToMap() map[string]AccessRequest

ToMap returns these access requests as a map keyed by access request name.

type AccessReview 

type AccessReview struct {
	// Author is the teleport username of the review author.
	Author string `protobuf:"bytes,1,opt,name=Author,proto3" json:"author"`
	// Roles is a list used for role-subselection (not yet fully supported).
	Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles,omitempty"`
	// ProposedState is the proposed state (must be APPROVED or DENIED).
	ProposedState RequestState `protobuf:"varint,3,opt,name=ProposedState,proto3,enum=types.RequestState" json:"proposed_state,omitempty"`
	// Reason is an optional human-readable reason for why the above state
	// is being proposed.
	Reason string `protobuf:"bytes,4,opt,name=Reason,proto3" json:"reason,omitempty"`
	// Created is the time at which the review was created.
	Created time.Time `protobuf:"bytes,5,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
	// Annotations is the proposed value of the request's resolve_annotations field.
	Annotations github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 146-byte string literal not displayed */
	// ThresholdIndexes stores the indexes of thresholds which this review matches
	// (internal use only).
	ThresholdIndexes []uint32 `protobuf:"varint,7,rep,packed,name=ThresholdIndexes,proto3" json:"i,omitempty"`
	// AccessList is the access list that this request was promoted to.
	// This field is only populated when the request is in the PROMOTED state.
	AccessList *PromotedAccessList `protobuf:"bytes,9,opt,name=accessList,proto3" json:"access_list,omitempty"`
	// AssumeStartTime is the time the requested roles can be assumed.
	AssumeStartTime      *time.Time `protobuf:"bytes,10,opt,name=AssumeStartTime,proto3,stdtime" json:"assume_start_time,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

AccessReview is a review to be applied to an Access Request.

func (AccessReview) Check 

func (s AccessReview) Check() error

func (*AccessReview) Descriptor 

func (*AccessReview) Descriptor() ([]byte, []int)

func (AccessReview) GetAccessListName 

func (s AccessReview) GetAccessListName() string

GetAccessListName returns the access list name used for the promotion.

func (AccessReview) GetAccessListTitle 

func (s AccessReview) GetAccessListTitle() string

GetAccessListTitle returns the access list title used for the promotion.

func (*AccessReview) Marshal 

func (m *AccessReview) Marshal() (dAtA []byte, err error)

func (*AccessReview) MarshalTo 

func (m *AccessReview) MarshalTo(dAtA []byte) (int, error)

func (*AccessReview) MarshalToSizedBuffer 

func (m *AccessReview) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessReview) ProtoMessage 

func (*AccessReview) ProtoMessage()

func (*AccessReview) Reset 

func (m *AccessReview) Reset()

func (*AccessReview) Size 

func (m *AccessReview) Size() (n int)

func (*AccessReview) String 

func (m *AccessReview) String() string

func (*AccessReview) Unmarshal 

func (m *AccessReview) Unmarshal(dAtA []byte) error

func (*AccessReview) XXX_DiscardUnknown 

func (m *AccessReview) XXX_DiscardUnknown()

func (*AccessReview) XXX_Marshal 

func (m *AccessReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessReview) XXX_Merge 

func (m *AccessReview) XXX_Merge(src proto.Message)

func (*AccessReview) XXX_Size 

func (m *AccessReview) XXX_Size() int

func (*AccessReview) XXX_Unmarshal 

func (m *AccessReview) XXX_Unmarshal(b []byte) error

type AccessReviewConditions 

type AccessReviewConditions struct {
	// Roles is the name of roles which may be reviewed.
	Roles []string `protobuf:"bytes,1,rep,name=Roles,proto3" json:"roles,omitempty"`
	// ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.
	ClaimsToRoles []ClaimMapping `protobuf:"bytes,2,rep,name=ClaimsToRoles,proto3" json:"claims_to_roles,omitempty"`
	// Where is an optional predicate which further limits which requests are
	// reviewable.
	Where string `protobuf:"bytes,3,opt,name=Where,proto3" json:"where,omitempty"`
	// PreviewAsRoles is a list of extra roles which should apply to a reviewer
	// while they are viewing a Resource Access Request for the purposes of
	// viewing details such as the hostname and labels of requested resources.
	PreviewAsRoles       []string `protobuf:"bytes,4,rep,name=PreviewAsRoles,proto3" json:"preview_as_roles,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AccessReviewConditions is a matcher for allow/deny restrictions on access reviews. Please remember to update IsEmpty when updating this message.

func (*AccessReviewConditions) Descriptor 

func (*AccessReviewConditions) Descriptor() ([]byte, []int)

func (AccessReviewConditions) IsEmpty 

func (a AccessReviewConditions) IsEmpty() bool

IsEmpty will return true if the condition is empty.

func (AccessReviewConditions) IsZero 

func (c AccessReviewConditions) IsZero() bool

func (*AccessReviewConditions) Marshal 

func (m *AccessReviewConditions) Marshal() (dAtA []byte, err error)

func (*AccessReviewConditions) MarshalTo 

func (m *AccessReviewConditions) MarshalTo(dAtA []byte) (int, error)

func (*AccessReviewConditions) MarshalToSizedBuffer 

func (m *AccessReviewConditions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessReviewConditions) ProtoMessage 

func (*AccessReviewConditions) ProtoMessage()

func (*AccessReviewConditions) Reset 

func (m *AccessReviewConditions) Reset()

func (*AccessReviewConditions) Size 

func (m *AccessReviewConditions) Size() (n int)

func (*AccessReviewConditions) String 

func (m *AccessReviewConditions) String() string

func (*AccessReviewConditions) Unmarshal 

func (m *AccessReviewConditions) Unmarshal(dAtA []byte) error

func (*AccessReviewConditions) XXX_DiscardUnknown 

func (m *AccessReviewConditions) XXX_DiscardUnknown()

func (*AccessReviewConditions) XXX_Marshal 

func (m *AccessReviewConditions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessReviewConditions) XXX_Merge 

func (m *AccessReviewConditions) XXX_Merge(src proto.Message)

func (*AccessReviewConditions) XXX_Size 

func (m *AccessReviewConditions) XXX_Size() int

func (*AccessReviewConditions) XXX_Unmarshal 

func (m *AccessReviewConditions) XXX_Unmarshal(b []byte) error

type AccessReviewSubmission 

type AccessReviewSubmission struct {
	// RequestID is the unique ID of the request to be reviewed.
	RequestID string `protobuf:"bytes,1,opt,name=RequestID,proto3" json:"id,omitempty"`
	// Review is the review to be applied.
	Review               AccessReview `protobuf:"bytes,2,opt,name=Review,proto3" json:"review,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

AccessReviewSubmission encodes the necessary parameters for submitting a new access review.

func (AccessReviewSubmission) Check 

func (s AccessReviewSubmission) Check() error

func (*AccessReviewSubmission) Descriptor 

func (*AccessReviewSubmission) Descriptor() ([]byte, []int)

func (*AccessReviewSubmission) Marshal 

func (m *AccessReviewSubmission) Marshal() (dAtA []byte, err error)

func (*AccessReviewSubmission) MarshalTo 

func (m *AccessReviewSubmission) MarshalTo(dAtA []byte) (int, error)

func (*AccessReviewSubmission) MarshalToSizedBuffer 

func (m *AccessReviewSubmission) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessReviewSubmission) ProtoMessage 

func (*AccessReviewSubmission) ProtoMessage()

func (*AccessReviewSubmission) Reset 

func (m *AccessReviewSubmission) Reset()

func (*AccessReviewSubmission) Size 

func (m *AccessReviewSubmission) Size() (n int)

func (*AccessReviewSubmission) String 

func (m *AccessReviewSubmission) String() string

func (*AccessReviewSubmission) Unmarshal 

func (m *AccessReviewSubmission) Unmarshal(dAtA []byte) error

func (*AccessReviewSubmission) XXX_DiscardUnknown 

func (m *AccessReviewSubmission) XXX_DiscardUnknown()

func (*AccessReviewSubmission) XXX_Marshal 

func (m *AccessReviewSubmission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessReviewSubmission) XXX_Merge 

func (m *AccessReviewSubmission) XXX_Merge(src proto.Message)

func (*AccessReviewSubmission) XXX_Size 

func (m *AccessReviewSubmission) XXX_Size() int

func (*AccessReviewSubmission) XXX_Unmarshal 

func (m *AccessReviewSubmission) XXX_Unmarshal(b []byte) error

type AccessReviewThreshold 

type AccessReviewThreshold struct {
	// Name is the optional human-readable name of the threshold.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
	// Filter is an optional predicate used to determine which reviews
	// count toward this threshold.
	Filter string `protobuf:"bytes,2,opt,name=Filter,proto3" json:"filter,omitempty"`
	// Approve is the number of matching approvals needed for state-transition.
	Approve uint32 `protobuf:"varint,3,opt,name=Approve,proto3" json:"approve,omitempty"`
	// Deny is the number of denials needed for state-transition.
	Deny                 uint32   `protobuf:"varint,4,opt,name=Deny,proto3" json:"deny,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AccessReviewThreshold describes a filter used to match access reviews, as well as approval/denial counts which trigger state-transitions. This type can be used to describe policies such as "can be approved by 2 admins" or "can be denied by any non-contractor".

func (*AccessReviewThreshold) Descriptor 

func (*AccessReviewThreshold) Descriptor() ([]byte, []int)

func (*AccessReviewThreshold) IsEqual 

func (t *AccessReviewThreshold) IsEqual(o *AccessReviewThreshold) bool

IsEqual t is equivalent to the provide AccessReviewThreshold.

func (*AccessReviewThreshold) Marshal 

func (m *AccessReviewThreshold) Marshal() (dAtA []byte, err error)

func (*AccessReviewThreshold) MarshalTo 

func (m *AccessReviewThreshold) MarshalTo(dAtA []byte) (int, error)

func (*AccessReviewThreshold) MarshalToSizedBuffer 

func (m *AccessReviewThreshold) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AccessReviewThreshold) ProtoMessage 

func (*AccessReviewThreshold) ProtoMessage()

func (*AccessReviewThreshold) Reset 

func (m *AccessReviewThreshold) Reset()

func (*AccessReviewThreshold) Size 

func (m *AccessReviewThreshold) Size() (n int)

func (*AccessReviewThreshold) String 

func (m *AccessReviewThreshold) String() string

func (*AccessReviewThreshold) Unmarshal 

func (m *AccessReviewThreshold) Unmarshal(dAtA []byte) error

func (*AccessReviewThreshold) XXX_DiscardUnknown 

func (m *AccessReviewThreshold) XXX_DiscardUnknown()

func (*AccessReviewThreshold) XXX_Marshal 

func (m *AccessReviewThreshold) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessReviewThreshold) XXX_Merge 

func (m *AccessReviewThreshold) XXX_Merge(src proto.Message)

func (*AccessReviewThreshold) XXX_Size 

func (m *AccessReviewThreshold) XXX_Size() int

func (*AccessReviewThreshold) XXX_Unmarshal 

func (m *AccessReviewThreshold) XXX_Unmarshal(b []byte) error

type AcquireSemaphoreRequest 

type AcquireSemaphoreRequest struct {
	// SemaphoreKind is the kind of the semaphore.
	SemaphoreKind string `protobuf:"bytes,1,opt,name=SemaphoreKind,proto3" json:"kind"`
	// SemaphoreName is the name of the semaphore.
	SemaphoreName string `protobuf:"bytes,2,opt,name=SemaphoreName,proto3" json:"name"`
	// MaxLeases is the maximum number of concurrent leases.  If acquisition
	// would cause more than MaxLeases to exist, acquisition must fail.
	MaxLeases int64 `protobuf:"varint,3,opt,name=MaxLeases,proto3" json:"max_resources"`
	// Expires is the time at which this lease expires.
	Expires time.Time `protobuf:"bytes,4,opt,name=Expires,proto3,stdtime" json:"expires"`
	// Holder identifies the entity holding the lease.
	Holder               string   `protobuf:"bytes,5,opt,name=Holder,proto3" json:"holder"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AcquireSemaphoreRequest holds semaphore lease acquisition parameters.

func (*AcquireSemaphoreRequest) Check 

func (s *AcquireSemaphoreRequest) Check() error

Check verifies that all required parameters have been supplied.

func (*AcquireSemaphoreRequest) ConfigureSemaphore 

func (s *AcquireSemaphoreRequest) ConfigureSemaphore() (Semaphore, error)

ConfigureSemaphore configures an empty semaphore resource matching these acquire parameters.

func (*AcquireSemaphoreRequest) Descriptor 

func (*AcquireSemaphoreRequest) Descriptor() ([]byte, []int)

func (*AcquireSemaphoreRequest) Marshal 

func (m *AcquireSemaphoreRequest) Marshal() (dAtA []byte, err error)

func (*AcquireSemaphoreRequest) MarshalTo 

func (m *AcquireSemaphoreRequest) MarshalTo(dAtA []byte) (int, error)

func (*AcquireSemaphoreRequest) MarshalToSizedBuffer 

func (m *AcquireSemaphoreRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AcquireSemaphoreRequest) ProtoMessage 

func (*AcquireSemaphoreRequest) ProtoMessage()

func (*AcquireSemaphoreRequest) Reset 

func (m *AcquireSemaphoreRequest) Reset()

func (*AcquireSemaphoreRequest) Size 

func (m *AcquireSemaphoreRequest) Size() (n int)

func (*AcquireSemaphoreRequest) String 

func (m *AcquireSemaphoreRequest) String() string

func (*AcquireSemaphoreRequest) Unmarshal 

func (m *AcquireSemaphoreRequest) Unmarshal(dAtA []byte) error

func (*AcquireSemaphoreRequest) XXX_DiscardUnknown 

func (m *AcquireSemaphoreRequest) XXX_DiscardUnknown()

func (*AcquireSemaphoreRequest) XXX_Marshal 

func (m *AcquireSemaphoreRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AcquireSemaphoreRequest) XXX_Merge 

func (m *AcquireSemaphoreRequest) XXX_Merge(src proto.Message)

func (*AcquireSemaphoreRequest) XXX_Size 

func (m *AcquireSemaphoreRequest) XXX_Size() int

func (*AcquireSemaphoreRequest) XXX_Unmarshal 

func (m *AcquireSemaphoreRequest) XXX_Unmarshal(b []byte) error

type AddressCondition 

type AddressCondition struct {
	// CIDR is IPv4 or IPv6 address. Valid value are either CIDR ranges (e.g. "10.0.1.0/24",
	// "fe::/8") or a single IP address (e.g "10.1.2.3")
	CIDR                 string   `protobuf:"bytes,1,opt,name=CIDR,proto3" json:"cidr"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AddressCondition represents a set of addresses. Presently the addresses are specified exclusively in terms of IPv4/IPv6 ranges.

func (*AddressCondition) Descriptor 

func (*AddressCondition) Descriptor() ([]byte, []int)

func (*AddressCondition) Marshal 

func (m *AddressCondition) Marshal() (dAtA []byte, err error)

func (*AddressCondition) MarshalTo 

func (m *AddressCondition) MarshalTo(dAtA []byte) (int, error)

func (*AddressCondition) MarshalToSizedBuffer 

func (m *AddressCondition) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AddressCondition) ProtoMessage 

func (*AddressCondition) ProtoMessage()

func (*AddressCondition) Reset 

func (m *AddressCondition) Reset()

func (*AddressCondition) Size 

func (m *AddressCondition) Size() (n int)

func (*AddressCondition) String 

func (m *AddressCondition) String() string

func (*AddressCondition) Unmarshal 

func (m *AddressCondition) Unmarshal(dAtA []byte) error

func (*AddressCondition) XXX_DiscardUnknown 

func (m *AddressCondition) XXX_DiscardUnknown()

func (*AddressCondition) XXX_Marshal 

func (m *AddressCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AddressCondition) XXX_Merge 

func (m *AddressCondition) XXX_Merge(src proto.Message)

func (*AddressCondition) XXX_Size 

func (m *AddressCondition) XXX_Size() int

func (*AddressCondition) XXX_Unmarshal 

func (m *AddressCondition) XXX_Unmarshal(b []byte) error

type AgeEncryptionKey 

type AgeEncryptionKey struct {
	// PublicKey is a Bech32 encoded age X25519 public key.
	PublicKey            []byte   `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AgeEncryptionKey is a Bech32 encoded age X25519 public key.

func (*AgeEncryptionKey) Descriptor 

func (*AgeEncryptionKey) Descriptor() ([]byte, []int)

func (*AgeEncryptionKey) Marshal 

func (m *AgeEncryptionKey) Marshal() (dAtA []byte, err error)

func (*AgeEncryptionKey) MarshalTo 

func (m *AgeEncryptionKey) MarshalTo(dAtA []byte) (int, error)

func (*AgeEncryptionKey) MarshalToSizedBuffer 

func (m *AgeEncryptionKey) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AgeEncryptionKey) ProtoMessage 

func (*AgeEncryptionKey) ProtoMessage()

func (*AgeEncryptionKey) Reset 

func (m *AgeEncryptionKey) Reset()

func (*AgeEncryptionKey) Size 

func (m *AgeEncryptionKey) Size() (n int)

func (*AgeEncryptionKey) String 

func (m *AgeEncryptionKey) String() string

func (*AgeEncryptionKey) Unmarshal 

func (m *AgeEncryptionKey) Unmarshal(dAtA []byte) error

func (*AgeEncryptionKey) XXX_DiscardUnknown 

func (m *AgeEncryptionKey) XXX_DiscardUnknown()

func (*AgeEncryptionKey) XXX_Marshal 

func (m *AgeEncryptionKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AgeEncryptionKey) XXX_Merge 

func (m *AgeEncryptionKey) XXX_Merge(src proto.Message)

func (*AgeEncryptionKey) XXX_Size 

func (m *AgeEncryptionKey) XXX_Size() int

func (*AgeEncryptionKey) XXX_Unmarshal 

func (m *AgeEncryptionKey) XXX_Unmarshal(b []byte) error

type AgentMeshTunnelStrategy 

type AgentMeshTunnelStrategy struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AgentMeshTunnelStrategy requires reverse tunnels to dial every proxy.

func DefaultAgentMeshTunnelStrategy 

func DefaultAgentMeshTunnelStrategy() *AgentMeshTunnelStrategy

DefaultAgentMeshTunnelStrategy sets default values for a agent mesh tunnel strategy.

func (*AgentMeshTunnelStrategy) Descriptor 

func (*AgentMeshTunnelStrategy) Descriptor() ([]byte, []int)

func (*AgentMeshTunnelStrategy) Marshal 

func (m *AgentMeshTunnelStrategy) Marshal() (dAtA []byte, err error)

func (*AgentMeshTunnelStrategy) MarshalTo 

func (m *AgentMeshTunnelStrategy) MarshalTo(dAtA []byte) (int, error)

func (*AgentMeshTunnelStrategy) MarshalToSizedBuffer 

func (m *AgentMeshTunnelStrategy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AgentMeshTunnelStrategy) ProtoMessage 

func (*AgentMeshTunnelStrategy) ProtoMessage()

func (*AgentMeshTunnelStrategy) Reset 

func (m *AgentMeshTunnelStrategy) Reset()

func (*AgentMeshTunnelStrategy) Size 

func (m *AgentMeshTunnelStrategy) Size() (n int)

func (*AgentMeshTunnelStrategy) String 

func (m *AgentMeshTunnelStrategy) String() string

func (*AgentMeshTunnelStrategy) Unmarshal 

func (m *AgentMeshTunnelStrategy) Unmarshal(dAtA []byte) error

func (*AgentMeshTunnelStrategy) XXX_DiscardUnknown 

func (m *AgentMeshTunnelStrategy) XXX_DiscardUnknown()

func (*AgentMeshTunnelStrategy) XXX_Marshal 

func (m *AgentMeshTunnelStrategy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AgentMeshTunnelStrategy) XXX_Merge 

func (m *AgentMeshTunnelStrategy) XXX_Merge(src proto.Message)

func (*AgentMeshTunnelStrategy) XXX_Size 

func (m *AgentMeshTunnelStrategy) XXX_Size() int

func (*AgentMeshTunnelStrategy) XXX_Unmarshal 

func (m *AgentMeshTunnelStrategy) XXX_Unmarshal(b []byte) error

type AgentUpgradeSchedule 

type AgentUpgradeSchedule struct {
	// Windows is the list of upcoming windows.
	Windows              []ScheduledAgentUpgradeWindow `protobuf:"bytes,1,rep,name=Windows,proto3" json:"windows"`
	XXX_NoUnkeyedLiteral struct{}                      `json:"-"`
	XXX_unrecognized     []byte                        `json:"-"`
	XXX_sizecache        int32                         `json:"-"`
}

AgentUpgradeSchedule is the canonical representation of upcoming agent upgrade windows as generated by the AgentUpgradeWindow config object.

func (*AgentUpgradeSchedule) Clone 

func (s *AgentUpgradeSchedule) Clone() *AgentUpgradeSchedule

func (*AgentUpgradeSchedule) Descriptor 

func (*AgentUpgradeSchedule) Descriptor() ([]byte, []int)

func (*AgentUpgradeSchedule) Marshal 

func (m *AgentUpgradeSchedule) Marshal() (dAtA []byte, err error)

func (*AgentUpgradeSchedule) MarshalTo 

func (m *AgentUpgradeSchedule) MarshalTo(dAtA []byte) (int, error)

func (*AgentUpgradeSchedule) MarshalToSizedBuffer 

func (m *AgentUpgradeSchedule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AgentUpgradeSchedule) ProtoMessage 

func (*AgentUpgradeSchedule) ProtoMessage()

func (*AgentUpgradeSchedule) Reset 

func (m *AgentUpgradeSchedule) Reset()

func (*AgentUpgradeSchedule) Size 

func (m *AgentUpgradeSchedule) Size() (n int)

func (*AgentUpgradeSchedule) String 

func (m *AgentUpgradeSchedule) String() string

func (*AgentUpgradeSchedule) Unmarshal 

func (m *AgentUpgradeSchedule) Unmarshal(dAtA []byte) error

func (*AgentUpgradeSchedule) XXX_DiscardUnknown 

func (m *AgentUpgradeSchedule) XXX_DiscardUnknown()

func (*AgentUpgradeSchedule) XXX_Marshal 

func (m *AgentUpgradeSchedule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AgentUpgradeSchedule) XXX_Merge 

func (m *AgentUpgradeSchedule) XXX_Merge(src proto.Message)

func (*AgentUpgradeSchedule) XXX_Size 

func (m *AgentUpgradeSchedule) XXX_Size() int

func (*AgentUpgradeSchedule) XXX_Unmarshal 

func (m *AgentUpgradeSchedule) XXX_Unmarshal(b []byte) error

type AgentUpgradeWindow 

type AgentUpgradeWindow struct {
	// UTCStartHour is the start hour of the maintenance window in UTC.
	UTCStartHour uint32 `protobuf:"varint,1,opt,name=UTCStartHour,proto3" json:"utc_start_hour"`
	// Weekdays is an optional list of weekdays. If not specified, an agent upgrade window
	// occurs every day.
	Weekdays             []string `protobuf:"bytes,2,rep,name=Weekdays,proto3" json:"weekdays,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AgentUpgradeWindow is the config object used to determine upcoming agent upgrade windows.

func (*AgentUpgradeWindow) Descriptor 

func (*AgentUpgradeWindow) Descriptor() ([]byte, []int)

func (*AgentUpgradeWindow) Export 

func (w *AgentUpgradeWindow) Export(from time.Time, n int) AgentUpgradeSchedule

Export exports the next `n` upgrade windows as a schedule object, starting from `from`.

func (*AgentUpgradeWindow) Marshal 

func (m *AgentUpgradeWindow) Marshal() (dAtA []byte, err error)

func (*AgentUpgradeWindow) MarshalTo 

func (m *AgentUpgradeWindow) MarshalTo(dAtA []byte) (int, error)

func (*AgentUpgradeWindow) MarshalToSizedBuffer 

func (m *AgentUpgradeWindow) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AgentUpgradeWindow) ProtoMessage 

func (*AgentUpgradeWindow) ProtoMessage()

func (*AgentUpgradeWindow) Reset 

func (m *AgentUpgradeWindow) Reset()

func (*AgentUpgradeWindow) Size 

func (m *AgentUpgradeWindow) Size() (n int)

func (*AgentUpgradeWindow) String 

func (m *AgentUpgradeWindow) String() string

func (*AgentUpgradeWindow) Unmarshal 

func (m *AgentUpgradeWindow) Unmarshal(dAtA []byte) error

func (*AgentUpgradeWindow) XXX_DiscardUnknown 

func (m *AgentUpgradeWindow) XXX_DiscardUnknown()

func (*AgentUpgradeWindow) XXX_Marshal 

func (m *AgentUpgradeWindow) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AgentUpgradeWindow) XXX_Merge 

func (m *AgentUpgradeWindow) XXX_Merge(src proto.Message)

func (*AgentUpgradeWindow) XXX_Size 

func (m *AgentUpgradeWindow) XXX_Size() int

func (*AgentUpgradeWindow) XXX_Unmarshal 

func (m *AgentUpgradeWindow) XXX_Unmarshal(b []byte) error

type AlertAcknowledgement 

type AlertAcknowledgement struct {
	// AlertID is the ID of the alert being acknowledged.
	AlertID string `protobuf:"bytes,1,opt,name=AlertID,proto3" json:"alert_id,omitempty"`
	// Reason describes the reason why the alert can be considered
	// acknowledged (e.g. 'alice will fix next week').
	Reason string `protobuf:"bytes,2,opt,name=Reason,proto3" json:"reason,omitempty"`
	// Expires is the time after which the acknowledgement expires.
	Expires              time.Time `protobuf:"bytes,4,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

AlertAcknowledgement marks a cluster alert as having been "acknowledged". This causes the alert to no longer be displayed in 'tsh login', UI banners, etc. Acknowledgements must have an expiry and a message describing why the alert can be considered acknowledged.

func (*AlertAcknowledgement) Check 

func (ack *AlertAcknowledgement) Check() error

func (*AlertAcknowledgement) Descriptor 

func (*AlertAcknowledgement) Descriptor() ([]byte, []int)

func (*AlertAcknowledgement) Marshal 

func (m *AlertAcknowledgement) Marshal() (dAtA []byte, err error)

func (*AlertAcknowledgement) MarshalTo 

func (m *AlertAcknowledgement) MarshalTo(dAtA []byte) (int, error)

func (*AlertAcknowledgement) MarshalToSizedBuffer 

func (m *AlertAcknowledgement) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AlertAcknowledgement) ProtoMessage 

func (*AlertAcknowledgement) ProtoMessage()

func (*AlertAcknowledgement) Reset 

func (m *AlertAcknowledgement) Reset()

func (*AlertAcknowledgement) Size 

func (m *AlertAcknowledgement) Size() (n int)

func (*AlertAcknowledgement) String 

func (m *AlertAcknowledgement) String() string

func (*AlertAcknowledgement) Unmarshal 

func (m *AlertAcknowledgement) Unmarshal(dAtA []byte) error

func (*AlertAcknowledgement) XXX_DiscardUnknown 

func (m *AlertAcknowledgement) XXX_DiscardUnknown()

func (*AlertAcknowledgement) XXX_Marshal 

func (m *AlertAcknowledgement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AlertAcknowledgement) XXX_Merge 

func (m *AlertAcknowledgement) XXX_Merge(src proto.Message)

func (*AlertAcknowledgement) XXX_Size 

func (m *AlertAcknowledgement) XXX_Size() int

func (*AlertAcknowledgement) XXX_Unmarshal 

func (m *AlertAcknowledgement) XXX_Unmarshal(b []byte) error

type AlertOption 

type AlertOption func(options *alertOptions)

AlertOption is a functional option for alert construction.

func WithAlertCreated 

func WithAlertCreated(created time.Time) AlertOption

WithAlertCreated sets the alert's creation time. Auth server automatically fills this before inserting the alert in the backend if none is set.

func WithAlertExpires 

func WithAlertExpires(expires time.Time) AlertOption

WithAlertExpires sets the alerts expiry time. Auth server automatically applies a 24h expiry before inserting the alert in the backend if none is set.

func WithAlertLabel 

func WithAlertLabel(key, val string) AlertOption

WithAlertLabel constructs an alert with the specified label.

func WithAlertSeverity 

func WithAlertSeverity(severity AlertSeverity) AlertOption

WithAlertSeverity sets the severity of an alert (defaults to MEDIUM).

type AlertSeverity 

type AlertSeverity int32

AlertSeverity represents how problematic/urgent an alert is, and is used to assist in sorting alerts for display. 

const (
	AlertSeverity_LOW    AlertSeverity = 0
	AlertSeverity_MEDIUM AlertSeverity = 5
	AlertSeverity_HIGH   AlertSeverity = 10
)

func (AlertSeverity) EnumDescriptor 

func (AlertSeverity) EnumDescriptor() ([]byte, []int)

func (AlertSeverity) String 

func (x AlertSeverity) String() string

type AppAWS 

type AppAWS struct {
	// ExternalID is the AWS External ID used when assuming roles in this app.
	ExternalID string `protobuf:"bytes,1,opt,name=ExternalID,proto3" json:"external_id,omitempty"`
	// RolesAnywhereProfile contains the IAM Roles Anywhere fields associated with this Application.
	// These fields are set when performing the synchronization of AWS IAM Roles Anywhere Profiles into Teleport Apps.
	RolesAnywhereProfile *AppAWSRolesAnywhereProfile `protobuf:"bytes,2,opt,name=RolesAnywhereProfile,proto3" json:"roles_anywhere_profile,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                    `json:"-"`
	XXX_unrecognized     []byte                      `json:"-"`
	XXX_sizecache        int32                       `json:"-"`
}

AppAWS contains additional options for AWS applications.

func (*AppAWS) Descriptor 

func (*AppAWS) Descriptor() ([]byte, []int)

func (*AppAWS) Marshal 

func (m *AppAWS) Marshal() (dAtA []byte, err error)

func (*AppAWS) MarshalTo 

func (m *AppAWS) MarshalTo(dAtA []byte) (int, error)

func (*AppAWS) MarshalToSizedBuffer 

func (m *AppAWS) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AppAWS) ProtoMessage 

func (*AppAWS) ProtoMessage()

func (*AppAWS) Reset 

func (m *AppAWS) Reset()

func (*AppAWS) Size 

func (m *AppAWS) Size() (n int)

func (*AppAWS) String 

func (m *AppAWS) String() string

func (*AppAWS) Unmarshal 

func (m *AppAWS) Unmarshal(dAtA []byte) error

func (*AppAWS) XXX_DiscardUnknown 

func (m *AppAWS) XXX_DiscardUnknown()

func (*AppAWS) XXX_Marshal 

func (m *AppAWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AppAWS) XXX_Merge 

func (m *AppAWS) XXX_Merge(src proto.Message)

func (*AppAWS) XXX_Size 

func (m *AppAWS) XXX_Size() int

func (*AppAWS) XXX_Unmarshal 

func (m *AppAWS) XXX_Unmarshal(b []byte) error

type AppAWSRolesAnywhereProfile 

type AppAWSRolesAnywhereProfile struct {
	// ProfileARN is the AWS IAM Roles Anywhere Profile ARN that originated this Teleport App.
	ProfileARN string `protobuf:"bytes,1,opt,name=ProfileARN,proto3" json:"profile_arn,omitempty"`
	// Whether this Roles Anywhere Profile accepts a custom role session name.
	// When not supported, the AWS Session Name will be the X.509 certificate's serial number.
	// When supported, the AWS Session Name will be the identity's username.
	// This values comes from:
	// https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_ProfileDetail.html / acceptRoleSessionName
	AcceptRoleSessionName bool     `protobuf:"varint,2,opt,name=AcceptRoleSessionName,proto3" json:"accept_role_session_name"`
	XXX_NoUnkeyedLiteral  struct{} `json:"-"`
	XXX_unrecognized      []byte   `json:"-"`
	XXX_sizecache         int32    `json:"-"`
}

AppAWSRolesAnywhereProfile contains the fields that represent an AWS IAM Roles Anywhere Profile.

func (*AppAWSRolesAnywhereProfile) Descriptor 

func (*AppAWSRolesAnywhereProfile) Descriptor() ([]byte, []int)

func (*AppAWSRolesAnywhereProfile) Marshal 

func (m *AppAWSRolesAnywhereProfile) Marshal() (dAtA []byte, err error)

func (*AppAWSRolesAnywhereProfile) MarshalTo 

func (m *AppAWSRolesAnywhereProfile) MarshalTo(dAtA []byte) (int, error)

func (*AppAWSRolesAnywhereProfile) MarshalToSizedBuffer 

func (m *AppAWSRolesAnywhereProfile) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AppAWSRolesAnywhereProfile) ProtoMessage 

func (*AppAWSRolesAnywhereProfile) ProtoMessage()

func (*AppAWSRolesAnywhereProfile) Reset 

func (m *AppAWSRolesAnywhereProfile) Reset()

func (*AppAWSRolesAnywhereProfile) Size 

func (m *AppAWSRolesAnywhereProfile) Size() (n int)

func (*AppAWSRolesAnywhereProfile) String 

func (m *AppAWSRolesAnywhereProfile) String() string

func (*AppAWSRolesAnywhereProfile) Unmarshal 

func (m *AppAWSRolesAnywhereProfile) Unmarshal(dAtA []byte) error

func (*AppAWSRolesAnywhereProfile) XXX_DiscardUnknown 

func (m *AppAWSRolesAnywhereProfile) XXX_DiscardUnknown()

func (*AppAWSRolesAnywhereProfile) XXX_Marshal 

func (m *AppAWSRolesAnywhereProfile) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AppAWSRolesAnywhereProfile) XXX_Merge 

func (m *AppAWSRolesAnywhereProfile) XXX_Merge(src proto.Message)

func (*AppAWSRolesAnywhereProfile) XXX_Size 

func (m *AppAWSRolesAnywhereProfile) XXX_Size() int

func (*AppAWSRolesAnywhereProfile) XXX_Unmarshal 

func (m *AppAWSRolesAnywhereProfile) XXX_Unmarshal(b []byte) error

type AppIdentityCenter 

type AppIdentityCenter struct {
	// Account ID is the AWS-assigned ID of the account
	AccountID string `protobuf:"bytes,1,opt,name=AccountID,proto3" json:"account_id,omitempty"`
	// PermissionSets lists the available permission sets on the given account
	PermissionSets       []*IdentityCenterPermissionSet `protobuf:"bytes,2,rep,name=PermissionSets,proto3" json:"permission_sets,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                       `json:"-"`
	XXX_unrecognized     []byte                         `json:"-"`
	XXX_sizecache        int32                          `json:"-"`
}

AppIdentityCenter encapsulates information about an AWS Identity Center account application.

func (*AppIdentityCenter) Descriptor 

func (*AppIdentityCenter) Descriptor() ([]byte, []int)

func (*AppIdentityCenter) GetPermissionSets 

func (a *AppIdentityCenter) GetPermissionSets() []*IdentityCenterPermissionSet

GetPermissionSets fetches the list of permission sets from the Identity Center app information. Handles nil identity center values.

func (*AppIdentityCenter) Marshal 

func (m *AppIdentityCenter) Marshal() (dAtA []byte, err error)

func (*AppIdentityCenter) MarshalTo 

func (m *AppIdentityCenter) MarshalTo(dAtA []byte) (int, error)

func (*AppIdentityCenter) MarshalToSizedBuffer 

func (m *AppIdentityCenter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AppIdentityCenter) ProtoMessage 

func (*AppIdentityCenter) ProtoMessage()

func (*AppIdentityCenter) Reset 

func (m *AppIdentityCenter) Reset()

func (*AppIdentityCenter) Size 

func (m *AppIdentityCenter) Size() (n int)

func (*AppIdentityCenter) String 

func (m *AppIdentityCenter) String() string

func (*AppIdentityCenter) Unmarshal 

func (m *AppIdentityCenter) Unmarshal(dAtA []byte) error

func (*AppIdentityCenter) XXX_DiscardUnknown 

func (m *AppIdentityCenter) XXX_DiscardUnknown()

func (*AppIdentityCenter) XXX_Marshal 

func (m *AppIdentityCenter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AppIdentityCenter) XXX_Merge 

func (m *AppIdentityCenter) XXX_Merge(src proto.Message)

func (*AppIdentityCenter) XXX_Size 

func (m *AppIdentityCenter) XXX_Size() int

func (*AppIdentityCenter) XXX_Unmarshal 

func (m *AppIdentityCenter) XXX_Unmarshal(b []byte) error

type AppServer 

type AppServer interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetNamespace returns server namespace.
	GetNamespace() string
	// GetTeleportVersion returns the teleport version the server is running on.
	GetTeleportVersion() string
	// GetHostname returns the server hostname.
	GetHostname() string
	// GetHostID returns ID of the host the server is running on.
	GetHostID() string
	// GetRotation gets the state of certificate authority rotation.
	GetRotation() Rotation
	// SetRotation sets the state of certificate authority rotation.
	SetRotation(Rotation)
	// String returns string representation of the server.
	String() string
	// Copy returns a copy of this app server object.
	Copy() AppServer

	// CloneResource returns a copy of the AppServer as a ResourceWithLabels
	CloneResource() ResourceWithLabels
	// GetApp returns the app this app server proxies.
	GetApp() Application
	// SetApp sets the app this app server proxies.
	SetApp(Application) error
	// GetTunnelType returns the tunnel type associated with the app server.
	GetTunnelType() TunnelType
	// ProxiedService provides common methods for a proxied service.
	ProxiedService
}

AppServer represents a single proxied web app.

type AppServerSpecV3 

type AppServerSpecV3 struct {
	// Version is the Teleport version that the server is running.
	Version string `protobuf:"bytes,1,opt,name=Version,proto3" json:"version"`
	// Hostname is the app server hostname.
	Hostname string `protobuf:"bytes,2,opt,name=Hostname,proto3" json:"hostname"`
	// HostID is the app server host uuid.
	HostID string `protobuf:"bytes,3,opt,name=HostID,proto3" json:"host_id"`
	// Rotation contains the app server CA rotation information.
	Rotation Rotation `protobuf:"bytes,4,opt,name=Rotation,proto3" json:"rotation,omitempty"`
	// App is the app proxied by this app server.
	App *AppV3 `protobuf:"bytes,5,opt,name=App,proto3" json:"app"`
	// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
	ProxyIDs             []string `protobuf:"bytes,6,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AppServerSpecV3 is the app access server spec.

func (*AppServerSpecV3) Descriptor 

func (*AppServerSpecV3) Descriptor() ([]byte, []int)

func (*AppServerSpecV3) Marshal 

func (m *AppServerSpecV3) Marshal() (dAtA []byte, err error)

func (*AppServerSpecV3) MarshalTo 

func (m *AppServerSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*AppServerSpecV3) MarshalToSizedBuffer 

func (m *AppServerSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AppServerSpecV3) ProtoMessage 

func (*AppServerSpecV3) ProtoMessage()

func (*AppServerSpecV3) Reset 

func (m *AppServerSpecV3) Reset()

func (*AppServerSpecV3) Size 

func (m *AppServerSpecV3) Size() (n int)

func (*AppServerSpecV3) String 

func (m *AppServerSpecV3) String() string

func (*AppServerSpecV3) Unmarshal 

func (m *AppServerSpecV3) Unmarshal(dAtA []byte) error

func (*AppServerSpecV3) XXX_DiscardUnknown 

func (m *AppServerSpecV3) XXX_DiscardUnknown()

func (*AppServerSpecV3) XXX_Marshal 

func (m *AppServerSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AppServerSpecV3) XXX_Merge 

func (m *AppServerSpecV3) XXX_Merge(src proto.Message)

func (*AppServerSpecV3) XXX_Size 

func (m *AppServerSpecV3) XXX_Size() int

func (*AppServerSpecV3) XXX_Unmarshal 

func (m *AppServerSpecV3) XXX_Unmarshal(b []byte) error

type AppServerV3 

type AppServerV3 struct {
	// Kind is the app server resource kind. Always "app_server".
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the app server metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the app server spec.
	Spec                 AppServerSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

AppServerV3 represents a single proxied web app.

func NewAppServerForAWSOIDCIntegration 

func NewAppServerForAWSOIDCIntegration(integrationName, hostID, publicAddr string, labels map[string]string) (*AppServerV3, error)

NewAppServerForAWSOIDCIntegration creates a new AppServer that will be used to grant AWS App Access using the AWSOIDC credentials.

func NewAppServerV3 

func NewAppServerV3(meta Metadata, spec AppServerSpecV3) (*AppServerV3, error)

NewAppServerV3 creates a new app server instance.

func NewAppServerV3FromApp 

func NewAppServerV3FromApp(app *AppV3, hostname, hostID string) (*AppServerV3, error)

NewAppServerV3FromApp creates a new app server from the provided app.

func (*AppServerV3) CheckAndSetDefaults 

func (s *AppServerV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*AppServerV3) CloneResource 

func (s *AppServerV3) CloneResource() ResourceWithLabels

func (*AppServerV3) Copy 

func (s *AppServerV3) Copy() AppServer

Copy returns a copy of this app server object.

func (*AppServerV3) Descriptor 

func (*AppServerV3) Descriptor() ([]byte, []int)

func (*AppServerV3) Expiry 

func (s *AppServerV3) Expiry() time.Time

Expiry returns the resource expiry time.

func (*AppServerV3) GetAllLabels 

func (s *AppServerV3) GetAllLabels() map[string]string

GetAllLabels returns all resource's labels. Considering: * Static labels from `Metadata.Labels` and `Spec.App`. * Dynamic labels from `Spec.App.Spec`.

func (*AppServerV3) GetApp 

func (s *AppServerV3) GetApp() Application

GetApp returns the app this app server proxies.

func (*AppServerV3) GetHostID 

func (s *AppServerV3) GetHostID() string

GetHostID returns ID of the host the server is running on.

func (*AppServerV3) GetHostname 

func (s *AppServerV3) GetHostname() string

GetHostname returns the database server hostname.

func (*AppServerV3) GetKind 

func (s *AppServerV3) GetKind() string

GetKind returns the resource kind.

func (*AppServerV3) GetLabel 

func (s *AppServerV3) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*AppServerV3) GetMetadata 

func (s *AppServerV3) GetMetadata() Metadata

GetMetadata returns the resource metadata.

func (*AppServerV3) GetName 

func (s *AppServerV3) GetName() string

GetName returns the resource name.

func (*AppServerV3) GetNamespace 

func (s *AppServerV3) GetNamespace() string

GetNamespace returns the resource namespace.

func (*AppServerV3) GetProxyIDs 

func (s *AppServerV3) GetProxyIDs() []string

GetProxyID returns a list of proxy ids this server is connected to.

func (*AppServerV3) GetRevision 

func (s *AppServerV3) GetRevision() string

GetRevision returns the revision

func (*AppServerV3) GetRotation 

func (s *AppServerV3) GetRotation() Rotation

GetRotation returns the server CA rotation state.

func (*AppServerV3) GetStaticLabels 

func (s *AppServerV3) GetStaticLabels() map[string]string

GetStaticLabels returns the app server static labels.

func (*AppServerV3) GetSubKind 

func (s *AppServerV3) GetSubKind() string

GetSubKind returns the resource subkind.

func (*AppServerV3) GetTeleportVersion 

func (s *AppServerV3) GetTeleportVersion() string

GetTeleportVersion returns the Teleport version the server is running.

func (*AppServerV3) GetTunnelType 

func (s *AppServerV3) GetTunnelType() TunnelType

GetTunnelType returns the tunnel type associated with the app server.

func (*AppServerV3) GetVersion 

func (s *AppServerV3) GetVersion() string

GetVersion returns the database server resource version.

func (*AppServerV3) Marshal 

func (m *AppServerV3) Marshal() (dAtA []byte, err error)

func (*AppServerV3) MarshalTo 

func (m *AppServerV3) MarshalTo(dAtA []byte) (int, error)

func (*AppServerV3) MarshalToSizedBuffer 

func (m *AppServerV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AppServerV3) MatchSearch 

func (s *AppServerV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*AppServerV3) Origin 

func (s *AppServerV3) Origin() string

Origin returns the origin value of the resource.

func (*AppServerV3) ProtoMessage 

func (*AppServerV3) ProtoMessage()

func (*AppServerV3) Reset 

func (m *AppServerV3) Reset()

func (*AppServerV3) SetApp 

func (s *AppServerV3) SetApp(app Application) error

SetApp sets the app this app server proxies.

func (*AppServerV3) SetExpiry 

func (s *AppServerV3) SetExpiry(expiry time.Time)

SetExpiry sets the resource expiry time.

func (*AppServerV3) SetName 

func (s *AppServerV3) SetName(name string)

SetName sets the resource name.

func (*AppServerV3) SetOrigin 

func (s *AppServerV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*AppServerV3) SetProxyIDs 

func (s *AppServerV3) SetProxyIDs(proxyIDs []string)

SetProxyID sets the proxy ids this server is connected to.

func (*AppServerV3) SetRevision 

func (s *AppServerV3) SetRevision(rev string)

SetRevision sets the revision

func (*AppServerV3) SetRotation 

func (s *AppServerV3) SetRotation(r Rotation)

SetRotation sets the server CA rotation state.

func (*AppServerV3) SetStaticLabels 

func (s *AppServerV3) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the app server static labels.

func (*AppServerV3) SetSubKind 

func (s *AppServerV3) SetSubKind(sk string)

SetSubKind sets the resource subkind.

func (*AppServerV3) Size 

func (m *AppServerV3) Size() (n int)

func (*AppServerV3) String 

func (s *AppServerV3) String() string

String returns the server string representation.

func (*AppServerV3) Unmarshal 

func (m *AppServerV3) Unmarshal(dAtA []byte) error

func (*AppServerV3) XXX_DiscardUnknown 

func (m *AppServerV3) XXX_DiscardUnknown()

func (*AppServerV3) XXX_Marshal 

func (m *AppServerV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AppServerV3) XXX_Merge 

func (m *AppServerV3) XXX_Merge(src proto.Message)

func (*AppServerV3) XXX_Size 

func (m *AppServerV3) XXX_Size() int

func (*AppServerV3) XXX_Unmarshal 

func (m *AppServerV3) XXX_Unmarshal(b []byte) error

type AppServers 

type AppServers []AppServer

AppServers represents a list of app servers.

func (AppServers) AsResources 

func (s AppServers) AsResources() []ResourceWithLabels

AsResources returns app servers as type resources with labels.

func (AppServers) GetFieldVals 

func (s AppServers) GetFieldVals(field string) ([]string, error)

GetFieldVals returns list of select field values.

func (AppServers) Len 

func (s AppServers) Len() int

Len returns the slice length.

func (AppServers) Less 

func (s AppServers) Less(i, j int) bool

Less compares app servers by name and host ID.

func (AppServers) SortByCustom 

func (s AppServers) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (AppServers) Swap 

func (s AppServers) Swap(i, j int)

Swap swaps two app servers.

type AppSpecV3 

type AppSpecV3 struct {
	// URI is the web app endpoint.
	URI string `protobuf:"bytes,1,opt,name=URI,proto3" json:"uri"`
	// PublicAddr is the public address the application is accessible at.
	PublicAddr string `protobuf:"bytes,2,opt,name=PublicAddr,proto3" json:"public_addr,omitempty"`
	// DynamicLabels are the app's command labels.
	DynamicLabels map[string]CommandLabelV2 `` /* 168-byte string literal not displayed */
	// InsecureSkipVerify disables app's TLS certificate verification.
	InsecureSkipVerify bool `protobuf:"varint,4,opt,name=InsecureSkipVerify,proto3" json:"insecure_skip_verify"`
	// Rewrite is a list of rewriting rules to apply to requests and responses.
	Rewrite *Rewrite `protobuf:"bytes,5,opt,name=Rewrite,proto3" json:"rewrite,omitempty"`
	// AWS contains additional options for AWS applications.
	AWS *AppAWS `protobuf:"bytes,6,opt,name=AWS,proto3" json:"aws,omitempty"`
	// Cloud identifies the cloud instance the app represents.
	Cloud string `protobuf:"bytes,7,opt,name=Cloud,proto3" json:"cloud,omitempty"`
	// UserGroups are a list of user group IDs that this app is associated with.
	UserGroups []string `protobuf:"bytes,8,rep,name=UserGroups,proto3" json:"UserGroups,omitempty"`
	// Integration is the integration name that must be used to access this Application.
	// Only applicable to AWS App Access.
	// If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.
	Integration string `protobuf:"bytes,9,opt,name=Integration,proto3" json:"integration,omitempty"`
	// RequiredAppNames is a list of app names that are required for this app to function. Any app listed here will
	// be part of the authentication redirect flow and authenticate along side this app.
	RequiredAppNames []string `protobuf:"bytes,10,rep,name=RequiredAppNames,proto3" json:"required_app_names,omitempty"`
	// CORSPolicy defines the Cross-Origin Resource Sharing settings for the app.
	CORS *CORSPolicy `protobuf:"bytes,11,opt,name=CORS,proto3" json:"cors,omitempty"`
	// IdentityCenter encasulates AWS identity-center specific information. Only
	// valid for Identity Center account apps.
	IdentityCenter *AppIdentityCenter `protobuf:"bytes,12,opt,name=IdentityCenter,proto3" json:"identity_center,omitempty"`
	// TCPPorts is a list of ports and port ranges that an app agent can forward connections to.
	// Only applicable to TCP App Access.
	// If this field is not empty, URI is expected to contain no port number and start with the tcp
	// protocol.
	TCPPorts []*PortRange `protobuf:"bytes,13,rep,name=TCPPorts,proto3" json:"tcp_ports,omitempty"`
	// UseAnyProxyPublicAddr will rebuild this app's fqdn based on the proxy public addr that the
	// request originated from. This should be true if your proxy has multiple proxy public addrs and you
	// want the app to be accessible from any of them. If `public_addr` is explicitly set in the app spec,
	// setting this value to true will overwrite that public address in the web UI.
	UseAnyProxyPublicAddr bool `protobuf:"varint,14,opt,name=UseAnyProxyPublicAddr,proto3" json:"use_any_proxy_public_addr,omitempty"`
	// MCP contains MCP server related configurations.
	MCP                  *MCP     `protobuf:"bytes,15,opt,name=MCP,proto3" json:"mcp,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AppSpecV3 is the AppV3 resource spec.

func (*AppSpecV3) Descriptor 

func (*AppSpecV3) Descriptor() ([]byte, []int)

func (*AppSpecV3) Marshal 

func (m *AppSpecV3) Marshal() (dAtA []byte, err error)

func (*AppSpecV3) MarshalTo 

func (m *AppSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*AppSpecV3) MarshalToSizedBuffer 

func (m *AppSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AppSpecV3) ProtoMessage 

func (*AppSpecV3) ProtoMessage()

func (*AppSpecV3) Reset 

func (m *AppSpecV3) Reset()

func (*AppSpecV3) Size 

func (m *AppSpecV3) Size() (n int)

func (*AppSpecV3) String 

func (m *AppSpecV3) String() string

func (*AppSpecV3) Unmarshal 

func (m *AppSpecV3) Unmarshal(dAtA []byte) error

func (*AppSpecV3) XXX_DiscardUnknown 

func (m *AppSpecV3) XXX_DiscardUnknown()

func (*AppSpecV3) XXX_Marshal 

func (m *AppSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AppSpecV3) XXX_Merge 

func (m *AppSpecV3) XXX_Merge(src proto.Message)

func (*AppSpecV3) XXX_Size 

func (m *AppSpecV3) XXX_Size() int

func (*AppSpecV3) XXX_Unmarshal 

func (m *AppSpecV3) XXX_Unmarshal(b []byte) error

type AppV3 

type AppV3 struct {
	// Kind is the app resource kind. Always "app".
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are:`v3`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the app resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the app resource spec.
	Spec                 AppSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

AppV3 represents an app resource.

func NewAppV3 

func NewAppV3(meta Metadata, spec AppSpecV3) (*AppV3, error)

NewAppV3 creates a new app resource.

func (*AppV3) CheckAndSetDefaults 

func (a *AppV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*AppV3) Copy 

func (a *AppV3) Copy() *AppV3

Copy returns a copy of this database resource.

func (*AppV3) Descriptor 

func (*AppV3) Descriptor() ([]byte, []int)

func (*AppV3) Expiry 

func (a *AppV3) Expiry() time.Time

Expiry returns the app resource expiration time.

func (*AppV3) GetAWSAccountID 

func (a *AppV3) GetAWSAccountID() string

GetAWSAccountID returns value of label containing AWS account ID on this app.

func (*AppV3) GetAWSExternalID 

func (a *AppV3) GetAWSExternalID() string

GetAWSExternalID returns the AWS External ID configured for this app.

func (*AppV3) GetAWSRolesAnywhereAcceptRoleSessionName 

func (a *AppV3) GetAWSRolesAnywhereAcceptRoleSessionName() bool

GetAWSRolesAnywhereAcceptRoleSessionName returns whether the IAM Roles Anywhere Profile supports defining a custom AWS Session Name.

func (*AppV3) GetAWSRolesAnywhereProfileARN 

func (a *AppV3) GetAWSRolesAnywhereProfileARN() string

GetAWSRolesAnywhereProfileARN returns the AWS IAM Roles Anywhere Profile ARN which originated this App.

func (*AppV3) GetAllLabels 

func (a *AppV3) GetAllLabels() map[string]string

GetAllLabels returns the app combined static and dynamic labels.

func (*AppV3) GetCORS 

func (a *AppV3) GetCORS() *CORSPolicy

func (*AppV3) GetDescription 

func (a *AppV3) GetDescription() string

GetDescription returns the app description.

func (*AppV3) GetDisplayName 

func (a *AppV3) GetDisplayName() string

GetDisplayName fetches a human-readable display name for the App.

func (*AppV3) GetDynamicLabels 

func (a *AppV3) GetDynamicLabels() map[string]CommandLabel

GetDynamicLabels returns the app dynamic labels.

func (*AppV3) GetIdentityCenter 

func (a *AppV3) GetIdentityCenter() *AppIdentityCenter

GetIdentityCenter returns the Identity Center information for the app, if any. May be nil.

func (*AppV3) GetInsecureSkipVerify 

func (a *AppV3) GetInsecureSkipVerify() bool

GetInsecureSkipVerify returns the app insecure setting.

func (*AppV3) GetIntegration 

func (a *AppV3) GetIntegration() string

GetIntegration will return the Integration. If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.

func (*AppV3) GetKind 

func (a *AppV3) GetKind() string

GetKind returns the app resource kind.

func (*AppV3) GetLabel 

func (a *AppV3) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*AppV3) GetMCP 

func (a *AppV3) GetMCP() *MCP

GetMCP returns MCP specific configuration.

func (*AppV3) GetMetadata 

func (a *AppV3) GetMetadata() Metadata

GetMetadata returns the app resource metadata.

func (*AppV3) GetName 

func (a *AppV3) GetName() string

GetName returns the app resource name.

func (*AppV3) GetNamespace 

func (a *AppV3) GetNamespace() string

GetNamespace returns the app resource namespace.

func (*AppV3) GetProtocol 

func (a *AppV3) GetProtocol() string

GetProtocol returns the application protocol.

func (*AppV3) GetPublicAddr 

func (a *AppV3) GetPublicAddr() string

GetPublicAddr returns the app public address.

func (*AppV3) GetRequiredAppNames 

func (a *AppV3) GetRequiredAppNames() []string

func (*AppV3) GetRevision 

func (a *AppV3) GetRevision() string

GetRevision returns the revision

func (*AppV3) GetRewrite 

func (a *AppV3) GetRewrite() *Rewrite

GetRewrite returns the app rewrite configuration.

func (*AppV3) GetStaticLabels 

func (a *AppV3) GetStaticLabels() map[string]string

GetStaticLabels returns the app static labels.

func (*AppV3) GetSubKind 

func (a *AppV3) GetSubKind() string

GetSubKind returns the app resource subkind.

func (*AppV3) GetTCPPorts 

func (a *AppV3) GetTCPPorts() PortRanges

GetTCPPorts returns port ranges supported by the app to which connections can be forwarded to.

func (*AppV3) GetURI 

func (a *AppV3) GetURI() string

GetURI returns the app connection address.

func (*AppV3) GetUseAnyProxyPublicAddr 

func (a *AppV3) GetUseAnyProxyPublicAddr() bool

func (*AppV3) GetUserGroups 

func (a *AppV3) GetUserGroups() []string

GetUserGroups will get the list of user group IDss associated with the application.

func (*AppV3) GetVersion 

func (a *AppV3) GetVersion() string

GetVersion returns the app resource version.

func (*AppV3) IsAWSConsole 

func (a *AppV3) IsAWSConsole() bool

IsAWSConsole returns true if this app is AWS management console.

func (*AppV3) IsAzureCloud 

func (a *AppV3) IsAzureCloud() bool

IsAzureCloud returns true if this app is Azure Cloud instance.

func (*AppV3) IsEqual 

func (a *AppV3) IsEqual(i Application) bool

IsEqual determines if two application resources are equivalent to one another.

func (*AppV3) IsGCP 

func (a *AppV3) IsGCP() bool

IsGCP returns true if this app is GCP instance.

func (*AppV3) IsMCP 

func (a *AppV3) IsMCP() bool

IsMCP returns true if provided uri is an MCP app.

func (*AppV3) IsTCP 

func (a *AppV3) IsTCP() bool

IsTCP returns true if this app represents a TCP endpoint.

func (*AppV3) Marshal 

func (m *AppV3) Marshal() (dAtA []byte, err error)

func (*AppV3) MarshalTo 

func (m *AppV3) MarshalTo(dAtA []byte) (int, error)

func (*AppV3) MarshalToSizedBuffer 

func (m *AppV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AppV3) MatchSearch 

func (a *AppV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*AppV3) Origin 

func (a *AppV3) Origin() string

Origin returns the origin value of the resource.

func (*AppV3) ProtoMessage 

func (*AppV3) ProtoMessage()

func (*AppV3) Reset 

func (m *AppV3) Reset()

func (*AppV3) SetDynamicLabels 

func (a *AppV3) SetDynamicLabels(dl map[string]CommandLabel)

SetDynamicLabels sets the app dynamic labels

func (*AppV3) SetExpiry 

func (a *AppV3) SetExpiry(expiry time.Time)

SetExpiry sets the app resource expiration time.

func (*AppV3) SetName 

func (a *AppV3) SetName(name string)

SetName sets the app resource name.

func (*AppV3) SetOrigin 

func (a *AppV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*AppV3) SetRevision 

func (a *AppV3) SetRevision(rev string)

SetRevision sets the revision

func (*AppV3) SetStaticLabels 

func (a *AppV3) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the app static labels.

func (*AppV3) SetSubKind 

func (a *AppV3) SetSubKind(sk string)

SetSubKind sets the app resource subkind.

func (*AppV3) SetTCPPorts 

func (a *AppV3) SetTCPPorts(ports []*PortRange)

SetTCPPorts sets port ranges to which connections can be forwarded to.

func (*AppV3) SetURI 

func (a *AppV3) SetURI(uri string)

SetURI sets the app connection address.

func (*AppV3) SetUserGroups 

func (a *AppV3) SetUserGroups(userGroups []string)

SetUserGroups will set the list of user group IDs associated with the application.

func (*AppV3) Size 

func (m *AppV3) Size() (n int)

func (*AppV3) String 

func (a *AppV3) String() string

String returns the app string representation.

func (*AppV3) Unmarshal 

func (m *AppV3) Unmarshal(dAtA []byte) error

func (*AppV3) XXX_DiscardUnknown 

func (m *AppV3) XXX_DiscardUnknown()

func (*AppV3) XXX_Marshal 

func (m *AppV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AppV3) XXX_Merge 

func (m *AppV3) XXX_Merge(src proto.Message)

func (*AppV3) XXX_Size 

func (m *AppV3) XXX_Size() int

func (*AppV3) XXX_Unmarshal 

func (m *AppV3) XXX_Unmarshal(b []byte) error

type AppV3List 

type AppV3List struct {
	// Apps is a list of app resources.
	Apps                 []*AppV3 `protobuf:"bytes,1,rep,name=Apps,proto3" json:"Apps,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AppV3List represents a list of app resources.

func (*AppV3List) Descriptor 

func (*AppV3List) Descriptor() ([]byte, []int)

func (*AppV3List) Marshal 

func (m *AppV3List) Marshal() (dAtA []byte, err error)

func (*AppV3List) MarshalTo 

func (m *AppV3List) MarshalTo(dAtA []byte) (int, error)

func (*AppV3List) MarshalToSizedBuffer 

func (m *AppV3List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AppV3List) ProtoMessage 

func (*AppV3List) ProtoMessage()

func (*AppV3List) Reset 

func (m *AppV3List) Reset()

func (*AppV3List) Size 

func (m *AppV3List) Size() (n int)

func (*AppV3List) String 

func (m *AppV3List) String() string

func (*AppV3List) Unmarshal 

func (m *AppV3List) Unmarshal(dAtA []byte) error

func (*AppV3List) XXX_DiscardUnknown 

func (m *AppV3List) XXX_DiscardUnknown()

func (*AppV3List) XXX_Marshal 

func (m *AppV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AppV3List) XXX_Merge 

func (m *AppV3List) XXX_Merge(src proto.Message)

func (*AppV3List) XXX_Size 

func (m *AppV3List) XXX_Size() int

func (*AppV3List) XXX_Unmarshal 

func (m *AppV3List) XXX_Unmarshal(b []byte) error

type Application 

type Application interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetNamespace returns the app namespace.
	GetNamespace() string
	// GetStaticLabels returns the app static labels.
	GetStaticLabels() map[string]string
	// SetStaticLabels sets the app static labels.
	SetStaticLabels(map[string]string)
	// GetDynamicLabels returns the app dynamic labels.
	GetDynamicLabels() map[string]CommandLabel
	// SetDynamicLabels sets the app dynamic labels.
	SetDynamicLabels(map[string]CommandLabel)
	// String returns string representation of the app.
	String() string
	// GetDescription returns the app description.
	GetDescription() string
	// GetURI returns the app connection endpoint.
	GetURI() string
	// SetURI sets the app endpoint.
	SetURI(string)
	// GetPublicAddr returns the app public address.
	GetPublicAddr() string
	// GetInsecureSkipVerify returns the app insecure setting.
	GetInsecureSkipVerify() bool
	// GetRewrite returns the app rewrite configuration.
	GetRewrite() *Rewrite
	// IsAWSConsole returns true if this app is AWS management console.
	IsAWSConsole() bool
	// IsAzureCloud returns true if this app represents Azure Cloud instance.
	IsAzureCloud() bool
	// IsGCP returns true if this app represents GCP instance.
	IsGCP() bool
	// IsTCP returns true if this app represents a TCP endpoint.
	IsTCP() bool
	// IsMCP returns true if this app represents a MCP server.
	IsMCP() bool
	// GetProtocol returns the application protocol.
	GetProtocol() string
	// GetAWSAccountID returns value of label containing AWS account ID on this app.
	GetAWSAccountID() string
	// GetAWSExternalID returns the AWS External ID configured for this app.
	GetAWSExternalID() string
	// GetAWSRolesAnywhereProfileARN returns the AWS IAM Roles Anywhere Profile ARN which originated this App.
	GetAWSRolesAnywhereProfileARN() string
	// GetAWSRolesAnywhereAcceptRoleSessionName returns whether the IAM Roles Anywhere Profile supports defining a custom AWS Session Name.
	GetAWSRolesAnywhereAcceptRoleSessionName() bool
	// GetUserGroups will get the list of user group IDs associated with the application.
	GetUserGroups() []string
	// SetUserGroups will set the list of user group IDs associated with the application.
	SetUserGroups([]string)
	// Copy returns a copy of this app resource.
	Copy() *AppV3
	// GetIntegration will return the Integration.
	// If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.
	GetIntegration() string
	// GetRequiredAppNames will return a list of required apps names that should be authenticated during this apps authentication process.
	GetRequiredAppNames() []string
	// GetUseAnyProxyPublicAddr will return true if a client should rebuild this app's fqdn based on the proxy's public addr.
	GetUseAnyProxyPublicAddr() bool
	// GetCORS returns the CORS configuration for the app.
	GetCORS() *CORSPolicy
	// GetTCPPorts returns port ranges supported by the app to which connections can be forwarded to.
	GetTCPPorts() PortRanges
	// SetTCPPorts sets port ranges to which connections can be forwarded to.
	SetTCPPorts([]*PortRange)
	// GetIdentityCenter fetches identity center info for the app, if any.
	GetIdentityCenter() *AppIdentityCenter
	// GetMCP fetches MCP specific configuration.
	GetMCP() *MCP
}

Application represents a web, TCP or cloud console application.

func DeduplicateApps 

func DeduplicateApps(apps []Application) (result []Application)

DeduplicateApps deduplicates apps by combination of app name and public address. Apps can have the same name but also could have different addresses.

type Apps 

type Apps []Application

Apps is a list of app resources.

func (Apps) AsResources 

func (a Apps) AsResources() (resources ResourcesWithLabels)

AsResources returns these apps as resources with labels.

func (Apps) Find 

func (a Apps) Find(name string) Application

Find returns app with the specified name or nil.

func (Apps) Len 

func (a Apps) Len() int

Len returns the slice length.

func (Apps) Less 

func (a Apps) Less(i, j int) bool

Less compares apps by name.

func (Apps) Swap 

func (a Apps) Swap(i, j int)

Swap swaps two apps.

type AssertionInfo 

type AssertionInfo saml2.AssertionInfo

AssertionInfo is an alias for saml2.AssertionInfo with additional methods, required for serialization to/from protobuf. With those we can reference it with an option like so: `(gogoproto.customtype) = "AssertionInfo"`

func (*AssertionInfo) MarshalTo 

func (a *AssertionInfo) MarshalTo(bytes []byte) (int, error)

func (*AssertionInfo) Size 

func (a *AssertionInfo) Size() int

func (*AssertionInfo) Unmarshal 

func (a *AssertionInfo) Unmarshal(bytes []byte) error

type Asset 

type Asset struct {
	// Arch is the architecture of the asset
	Arch string `protobuf:"bytes,1,opt,name=Arch,proto3" json:"arch"`
	// Description is the description of the asset
	Description string `protobuf:"bytes,2,opt,name=Description,proto3" json:"description"`
	// Name is the name of the asset
	Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name"`
	// OS is which OS the asset is built for
	OS string `protobuf:"bytes,4,opt,name=OS,proto3" json:"os"`
	// SHA256 is the sha256 of the asset
	SHA256 string `protobuf:"bytes,5,opt,name=SHA256,proto3" json:"sha256"`
	// Size is the size of the release in bytes
	AssetSize int64 `protobuf:"varint,6,opt,name=AssetSize,proto3" json:"asset_size"`
	// DisplaySize is the human-readable size of the asset
	DisplaySize string `protobuf:"bytes,7,opt,name=DisplaySize,proto3" json:"display_size"`
	// ReleaseIDs is a list of releases that have the asset included
	ReleaseIDs []string `protobuf:"bytes,8,rep,name=ReleaseIDs,proto3" json:"release_ids"`
	// PublicURL is the public URL used to download the asset
	PublicURL            string   `protobuf:"bytes,9,opt,name=PublicURL,proto3" json:"public_url"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Asset represents a release asset

func (*Asset) Descriptor 

func (*Asset) Descriptor() ([]byte, []int)

func (*Asset) Marshal 

func (m *Asset) Marshal() (dAtA []byte, err error)

func (*Asset) MarshalTo 

func (m *Asset) MarshalTo(dAtA []byte) (int, error)

func (*Asset) MarshalToSizedBuffer 

func (m *Asset) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Asset) ProtoMessage 

func (*Asset) ProtoMessage()

func (*Asset) Reset 

func (m *Asset) Reset()

func (*Asset) Size 

func (m *Asset) Size() (n int)

func (*Asset) String 

func (m *Asset) String() string

func (*Asset) Unmarshal 

func (m *Asset) Unmarshal(dAtA []byte) error

func (*Asset) XXX_DiscardUnknown 

func (m *Asset) XXX_DiscardUnknown()

func (*Asset) XXX_Marshal 

func (m *Asset) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Asset) XXX_Merge 

func (m *Asset) XXX_Merge(src proto.Message)

func (*Asset) XXX_Size 

func (m *Asset) XXX_Size() int

func (*Asset) XXX_Unmarshal 

func (m *Asset) XXX_Unmarshal(b []byte) error

type AssumeRole 

type AssumeRole struct {
	// RoleARN is the fully specified AWS IAM role ARN.
	RoleARN string `protobuf:"bytes,1,opt,name=RoleARN,proto3" json:"role_arn"`
	// ExternalID is the external ID used to assume a role in another account.
	ExternalID           string   `protobuf:"bytes,2,opt,name=ExternalID,proto3" json:"external_id"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AssumeRole provides a role ARN and ExternalID to assume an AWS role when interacting with AWS resources.

func (*AssumeRole) Descriptor 

func (*AssumeRole) Descriptor() ([]byte, []int)

func (*AssumeRole) Marshal 

func (m *AssumeRole) Marshal() (dAtA []byte, err error)

func (*AssumeRole) MarshalTo 

func (m *AssumeRole) MarshalTo(dAtA []byte) (int, error)

func (*AssumeRole) MarshalToSizedBuffer 

func (m *AssumeRole) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AssumeRole) ProtoMessage 

func (*AssumeRole) ProtoMessage()

func (*AssumeRole) Reset 

func (m *AssumeRole) Reset()

func (*AssumeRole) Size 

func (m *AssumeRole) Size() (n int)

func (*AssumeRole) String 

func (m *AssumeRole) String() string

func (*AssumeRole) Unmarshal 

func (m *AssumeRole) Unmarshal(dAtA []byte) error

func (*AssumeRole) XXX_DiscardUnknown 

func (m *AssumeRole) XXX_DiscardUnknown()

func (*AssumeRole) XXX_Marshal 

func (m *AssumeRole) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AssumeRole) XXX_Merge 

func (m *AssumeRole) XXX_Merge(src proto.Message)

func (*AssumeRole) XXX_Size 

func (m *AssumeRole) XXX_Size() int

func (*AssumeRole) XXX_Unmarshal 

func (m *AssumeRole) XXX_Unmarshal(b []byte) error

type AsymmetricKeyPair 

type AsymmetricKeyPair struct {
	// PrivateKey is a PEM encoded x509 private key.
	PrivateKey string `protobuf:"bytes,1,opt,name=PrivateKey,proto3" json:"private_key"`
	// Cert is a PEM-encoded x509 certificate.
	Cert                 string   `protobuf:"bytes,2,opt,name=Cert,proto3" json:"cert"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AsymmetricKeyPair is a combination of a public certificate and private key that can be used for encryption and signing.

func (*AsymmetricKeyPair) Descriptor 

func (*AsymmetricKeyPair) Descriptor() ([]byte, []int)

func (*AsymmetricKeyPair) Marshal 

func (m *AsymmetricKeyPair) Marshal() (dAtA []byte, err error)

func (*AsymmetricKeyPair) MarshalTo 

func (m *AsymmetricKeyPair) MarshalTo(dAtA []byte) (int, error)

func (*AsymmetricKeyPair) MarshalToSizedBuffer 

func (m *AsymmetricKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AsymmetricKeyPair) ProtoMessage 

func (*AsymmetricKeyPair) ProtoMessage()

func (*AsymmetricKeyPair) Reset 

func (m *AsymmetricKeyPair) Reset()

func (*AsymmetricKeyPair) Size 

func (m *AsymmetricKeyPair) Size() (n int)

func (*AsymmetricKeyPair) String 

func (m *AsymmetricKeyPair) String() string

func (*AsymmetricKeyPair) Unmarshal 

func (m *AsymmetricKeyPair) Unmarshal(dAtA []byte) error

func (*AsymmetricKeyPair) XXX_DiscardUnknown 

func (m *AsymmetricKeyPair) XXX_DiscardUnknown()

func (*AsymmetricKeyPair) XXX_Marshal 

func (m *AsymmetricKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AsymmetricKeyPair) XXX_Merge 

func (m *AsymmetricKeyPair) XXX_Merge(src proto.Message)

func (*AsymmetricKeyPair) XXX_Size 

func (m *AsymmetricKeyPair) XXX_Size() int

func (*AsymmetricKeyPair) XXX_Unmarshal 

func (m *AsymmetricKeyPair) XXX_Unmarshal(b []byte) error

type AttributeMapping 

type AttributeMapping struct {
	// Name is an attribute statement name.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// Value is an attribute statement value to match.
	Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
	// Roles is a list of static teleport roles to map to.
	Roles                []string `protobuf:"bytes,3,rep,name=Roles,proto3" json:"roles,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AttributeMapping maps a SAML attribute statement to teleport roles.

func (*AttributeMapping) Descriptor 

func (*AttributeMapping) Descriptor() ([]byte, []int)

func (*AttributeMapping) Marshal 

func (m *AttributeMapping) Marshal() (dAtA []byte, err error)

func (*AttributeMapping) MarshalTo 

func (m *AttributeMapping) MarshalTo(dAtA []byte) (int, error)

func (*AttributeMapping) MarshalToSizedBuffer 

func (m *AttributeMapping) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AttributeMapping) ProtoMessage 

func (*AttributeMapping) ProtoMessage()

func (*AttributeMapping) Reset 

func (m *AttributeMapping) Reset()

func (*AttributeMapping) Size 

func (m *AttributeMapping) Size() (n int)

func (*AttributeMapping) String 

func (m *AttributeMapping) String() string

func (*AttributeMapping) Unmarshal 

func (m *AttributeMapping) Unmarshal(dAtA []byte) error

func (*AttributeMapping) XXX_DiscardUnknown 

func (m *AttributeMapping) XXX_DiscardUnknown()

func (*AttributeMapping) XXX_Marshal 

func (m *AttributeMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AttributeMapping) XXX_Merge 

func (m *AttributeMapping) XXX_Merge(src proto.Message)

func (*AttributeMapping) XXX_Size 

func (m *AttributeMapping) XXX_Size() int

func (*AttributeMapping) XXX_Unmarshal 

func (m *AttributeMapping) XXX_Unmarshal(b []byte) error

type AuthPreference 

type AuthPreference interface {
	// Resource provides common resource properties.
	ResourceWithOrigin

	// GetType gets the type of authentication: local, saml, or oidc.
	GetType() string
	// SetType sets the type of authentication: local, saml, or oidc.
	SetType(string)

	// SetSecondFactor sets the type of second factor.
	// Deprecated: only used in tests to set the deprecated off/optional values.
	SetSecondFactor(constants.SecondFactorType)
	// GetSecondFactors gets a list of supported second factors.
	GetSecondFactors() []SecondFactorType
	// SetSecondFactors sets the list of supported second factors.
	SetSecondFactors(...SecondFactorType)
	// GetPreferredLocalMFA returns a server-side hint for clients to pick an MFA
	// method when various options are available.
	// It is empty if there is nothing to suggest.
	GetPreferredLocalMFA() constants.SecondFactorType
	// IsSecondFactorEnabled checks if second factor is enabled.
	IsSecondFactorEnabled() bool
	// IsSecondFactorEnforced checks if second factor is enforced.
	IsSecondFactorEnforced() bool
	// IsSecondFactorLocalAllowed checks if a local second factor method is enabled (webauthn, totp).
	IsSecondFactorLocalAllowed() bool
	// IsSecondFactorTOTPAllowed checks if users can use TOTP as an MFA method.
	IsSecondFactorTOTPAllowed() bool
	// IsSecondFactorWebauthnAllowed checks if users can use WebAuthn as an MFA method.
	IsSecondFactorWebauthnAllowed() bool
	// IsSecondFactorSSOAllowed checks if users can use SSO as an MFA method.
	IsSecondFactorSSOAllowed() bool
	// IsAdminActionMFAEnforced checks if admin action MFA is enforced.
	IsAdminActionMFAEnforced() bool

	// GetConnectorName gets the name of the OIDC or SAML connector to use. If
	// this value is empty, we fall back to the first connector in the backend.
	GetConnectorName() string
	// SetConnectorName sets the name of the OIDC or SAML connector to use. If
	// this value is empty, we fall back to the first connector in the backend.
	SetConnectorName(string)

	// GetU2F gets the U2F configuration settings.
	GetU2F() (*U2F, error)
	// SetU2F sets the U2F configuration settings.
	SetU2F(*U2F)

	// GetWebauthn returns the Webauthn configuration settings.
	GetWebauthn() (*Webauthn, error)
	// SetWebauthn sets the Webauthn configuration settings.
	SetWebauthn(*Webauthn)

	// GetAllowPasswordless returns if passwordless is allowed by cluster
	// settings.
	GetAllowPasswordless() bool
	// SetAllowPasswordless sets the value of the allow passwordless setting.
	SetAllowPasswordless(b bool)

	// GetAllowHeadless returns if headless is allowed by cluster settings.
	GetAllowHeadless() bool
	// SetAllowHeadless sets the value of the allow headless setting.
	SetAllowHeadless(b bool)

	// SetRequireMFAType sets the type of MFA requirement enforced for this cluster.
	SetRequireMFAType(RequireMFAType)
	// GetRequireMFAType returns the type of MFA requirement enforced for this cluster.
	GetRequireMFAType() RequireMFAType

	// GetPrivateKeyPolicy returns the configured private key policy for the cluster.
	GetPrivateKeyPolicy() keys.PrivateKeyPolicy

	// GetHardwareKey returns the hardware key settings configured for the cluster.
	GetHardwareKey() (*HardwareKey, error)
	// GetPIVSlot returns the configured piv slot for the cluster.
	GetPIVSlot() hardwarekey.PIVSlotKeyString
	// GetHardwareKeySerialNumberValidation returns the cluster's hardware key
	// serial number validation settings.
	GetHardwareKeySerialNumberValidation() (*HardwareKeySerialNumberValidation, error)
	// GetPIVPINCacheTTL returns the configured piv pin cache duration for the cluster.
	GetPIVPINCacheTTL() time.Duration

	// GetDisconnectExpiredCert returns disconnect expired certificate setting
	GetDisconnectExpiredCert() bool
	// SetDisconnectExpiredCert sets disconnect client with expired certificate setting
	SetDisconnectExpiredCert(bool)

	// GetAllowLocalAuth gets if local authentication is allowed.
	GetAllowLocalAuth() bool
	// SetAllowLocalAuth sets if local authentication is allowed.
	SetAllowLocalAuth(bool)

	// GetMessageOfTheDay fetches the MOTD
	GetMessageOfTheDay() string
	// SetMessageOfTheDay sets the MOTD
	SetMessageOfTheDay(string)

	// GetLockingMode gets the cluster-wide locking mode default.
	GetLockingMode() constants.LockingMode
	// SetLockingMode sets the cluster-wide locking mode default.
	SetLockingMode(constants.LockingMode)

	// GetDeviceTrust returns the cluster device trust settings, or nil if no
	// explicit configurations are present.
	GetDeviceTrust() *DeviceTrust
	// SetDeviceTrust sets the cluster device trust settings.
	SetDeviceTrust(*DeviceTrust)

	// IsSAMLIdPEnabled returns true if the SAML IdP is enabled.
	IsSAMLIdPEnabled() bool
	// SetSAMLIdPEnabled sets the SAML IdP to enabled.
	SetSAMLIdPEnabled(bool)

	// GetDefaultSessionTTL retrieves the max session ttl
	GetDefaultSessionTTL() Duration
	// SetDefaultSessionTTL sets the max session ttl
	SetDefaultSessionTTL(Duration)

	// GetOktaSyncPeriod returns the duration between Okta synchronization calls if the Okta service is running.
	GetOktaSyncPeriod() time.Duration
	// SetOktaSyncPeriod sets the duration between Okta synchronzation calls.
	SetOktaSyncPeriod(timeBetweenSyncs time.Duration)

	// GetSignatureAlgorithmSuite gets the signature algorithm suite.
	GetSignatureAlgorithmSuite() SignatureAlgorithmSuite
	// SetSignatureAlgorithmSuite sets the signature algorithm suite.
	SetSignatureAlgorithmSuite(SignatureAlgorithmSuite)
	// SetDefaultSignatureAlgorithmSuite sets default signature algorithm suite
	// based on the params. This is meant for a default auth preference in a
	// brand new cluster or after resetting the auth preference.
	SetDefaultSignatureAlgorithmSuite(SignatureAlgorithmSuiteParams)
	// CheckSignatureAlgorithmSuite returns an error if the current signature
	// algorithm suite is incompatible with [params].
	CheckSignatureAlgorithmSuite(SignatureAlgorithmSuiteParams) error

	// GetStableUNIXUserConfig returns the stable UNIX user configuration.
	GetStableUNIXUserConfig() *StableUNIXUserConfig
	// SetStableUNIXUserConfig sets the stable UNIX user configuration.
	SetStableUNIXUserConfig(*StableUNIXUserConfig)

	// String represents a human readable version of authentication settings.
	String() string

	// Clone makes a deep copy of the AuthPreference.
	Clone() AuthPreference
}

AuthPreference defines the authentication preferences for a specific cluster. It defines the type (local, oidc) and second factor (off, otp, oidc). AuthPreference is a configuration resource, never create more than one instance of it.

func DefaultAuthPreference 

func DefaultAuthPreference() AuthPreference

DefaultAuthPreference returns the default authentication preferences.

func NewAuthPreference 

func NewAuthPreference(spec AuthPreferenceSpecV2) (AuthPreference, error)

NewAuthPreference is a convenience method to to create AuthPreferenceV2.

func NewAuthPreferenceFromConfigFile 

func NewAuthPreferenceFromConfigFile(spec AuthPreferenceSpecV2) (AuthPreference, error)

NewAuthPreferenceFromConfigFile is a convenience method to create AuthPreferenceV2 labeled as originating from config file.

type AuthPreferenceSpecV2 

type AuthPreferenceSpecV2 struct {
	// Type is the type of authentication.
	Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type"`
	// SecondFactor is the type of mult-factor.
	// Deprecated: Prefer using SecondFactors instead.
	SecondFactor github_com_gravitational_teleport_api_constants.SecondFactorType `` // Deprecated: Do not use.
	/* 152-byte string literal not displayed */
	// ConnectorName is the name of the OIDC or SAML connector. If this value is
	// not set the first connector in the backend will be used.
	ConnectorName string `protobuf:"bytes,3,opt,name=ConnectorName,proto3" json:"connector_name,omitempty"`
	// U2F are the settings for the U2F device.
	U2F *U2F `protobuf:"bytes,4,opt,name=U2F,proto3" json:"u2f,omitempty"`
	// DisconnectExpiredCert provides disconnect expired certificate setting -
	// if true, connections with expired client certificates will get disconnected
	DisconnectExpiredCert *BoolOption `protobuf:"bytes,6,opt,name=DisconnectExpiredCert,proto3,customtype=BoolOption" json:"disconnect_expired_cert,omitempty"`
	// AllowLocalAuth is true if local authentication is enabled.
	AllowLocalAuth  *BoolOption `protobuf:"bytes,7,opt,name=AllowLocalAuth,proto3,customtype=BoolOption" json:"allow_local_auth,omitempty"`
	MessageOfTheDay string      `protobuf:"bytes,8,opt,name=MessageOfTheDay,proto3" json:"message_of_the_day,omitempty"`
	// LockingMode is the cluster-wide locking mode default.
	LockingMode github_com_gravitational_teleport_api_constants.LockingMode `` /* 145-byte string literal not displayed */
	// Webauthn are the settings for server-side Web Authentication support.
	Webauthn *Webauthn `protobuf:"bytes,10,opt,name=Webauthn,proto3" json:"webauthn,omitempty"`
	// AllowPasswordless enables/disables passwordless support.
	// Passwordless requires Webauthn to work.
	// Defaults to true if the Webauthn is configured, defaults to false
	// otherwise.
	AllowPasswordless *BoolOption `protobuf:"bytes,11,opt,name=AllowPasswordless,proto3,customtype=BoolOption" json:"allow_passwordless,omitempty"`
	// RequireMFAType is the type of MFA requirement enforced for this cluster.
	// 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH",
	// 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN".
	RequireMFAType RequireMFAType `protobuf:"varint,12,opt,name=RequireMFAType,proto3,enum=types.RequireMFAType" json:"require_session_mfa,omitempty"`
	// DeviceTrust holds settings related to trusted device verification.
	// Requires Teleport Enterprise.
	DeviceTrust *DeviceTrust `protobuf:"bytes,13,opt,name=DeviceTrust,proto3" json:"device_trust,omitempty"`
	// IDP is a set of options related to accessing IdPs within Teleport.
	// Requires Teleport Enterprise.
	IDP *IdPOptions `protobuf:"bytes,14,opt,name=IDP,proto3" json:"idp,omitempty"`
	// AllowHeadless enables/disables headless support.
	// Headless authentication requires Webauthn to work.
	// Defaults to true if the Webauthn is configured, defaults to false
	// otherwise.
	AllowHeadless *BoolOption `protobuf:"bytes,15,opt,name=AllowHeadless,proto3,customtype=BoolOption" json:"allow_headless,omitempty"`
	// DefaultSessionTTL is the TTL to use for user certs when
	// an explicit TTL is not requested.
	DefaultSessionTTL Duration `protobuf:"varint,16,opt,name=DefaultSessionTTL,proto3,casttype=Duration" json:"default_session_ttl,omitempty"`
	// Okta is a set of options related to the Okta service in Teleport.
	// Requires Teleport Enterprise.
	Okta *OktaOptions `protobuf:"bytes,17,opt,name=Okta,proto3" json:"okta,omitempty"`
	// HardwareKey are the settings for hardware key support.
	HardwareKey *HardwareKey `protobuf:"bytes,19,opt,name=HardwareKey,proto3" json:"hardware_key,omitempty"`
	// SignatureAlgorithmSuite is the configured signature algorithm suite for the cluster.
	// If unspecified, the current default value is "legacy".
	// 1 is "legacy", 2 is "balanced-v1", 3 is "fips-v1", 4 is "hsm-v1".
	SignatureAlgorithmSuite SignatureAlgorithmSuite `` /* 169-byte string literal not displayed */
	// SecondFactors is a list of supported multi-factor types.
	// 1 is "otp", 2 is "webauthn", 3 is "sso",
	// If unspecified, the current default value is [1], or ["otp"].
	SecondFactors []SecondFactorType `protobuf:"varint,21,rep,packed,name=SecondFactors,proto3,enum=types.SecondFactorType" json:"second_factors,omitempty"`
	// StableUnixUserConfig contains the cluster-wide configuration for stable
	// UNIX users.
	StableUnixUserConfig *StableUNIXUserConfig `` /* 126-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

AuthPreferenceSpecV2 is the actual data we care about for AuthPreference.

func (*AuthPreferenceSpecV2) Descriptor 

func (*AuthPreferenceSpecV2) Descriptor() ([]byte, []int)

func (*AuthPreferenceSpecV2) Marshal 

func (m *AuthPreferenceSpecV2) Marshal() (dAtA []byte, err error)

func (*AuthPreferenceSpecV2) MarshalTo 

func (m *AuthPreferenceSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*AuthPreferenceSpecV2) MarshalToSizedBuffer 

func (m *AuthPreferenceSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AuthPreferenceSpecV2) ProtoMessage 

func (*AuthPreferenceSpecV2) ProtoMessage()

func (*AuthPreferenceSpecV2) Reset 

func (m *AuthPreferenceSpecV2) Reset()

func (*AuthPreferenceSpecV2) Size 

func (m *AuthPreferenceSpecV2) Size() (n int)

func (*AuthPreferenceSpecV2) String 

func (m *AuthPreferenceSpecV2) String() string

func (*AuthPreferenceSpecV2) Unmarshal 

func (m *AuthPreferenceSpecV2) Unmarshal(dAtA []byte) error

func (*AuthPreferenceSpecV2) XXX_DiscardUnknown 

func (m *AuthPreferenceSpecV2) XXX_DiscardUnknown()

func (*AuthPreferenceSpecV2) XXX_Marshal 

func (m *AuthPreferenceSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthPreferenceSpecV2) XXX_Merge 

func (m *AuthPreferenceSpecV2) XXX_Merge(src proto.Message)

func (*AuthPreferenceSpecV2) XXX_Size 

func (m *AuthPreferenceSpecV2) XXX_Size() int

func (*AuthPreferenceSpecV2) XXX_Unmarshal 

func (m *AuthPreferenceSpecV2) XXX_Unmarshal(b []byte) error

type AuthPreferenceV2 

type AuthPreferenceV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v2`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is an AuthPreference specification
	Spec                 AuthPreferenceSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

AuthPreferenceV2 implements the AuthPreference interface.

func (*AuthPreferenceV2) CheckAndSetDefaults 

func (c *AuthPreferenceV2) CheckAndSetDefaults() error

CheckAndSetDefaults verifies the constraints for AuthPreference.

func (*AuthPreferenceV2) CheckSignatureAlgorithmSuite 

func (c *AuthPreferenceV2) CheckSignatureAlgorithmSuite(params SignatureAlgorithmSuiteParams) error

CheckSignatureAlgorithmSuite returns an error if the current signature algorithm suite is incompatible with [params].

func (*AuthPreferenceV2) Clone 

func (c *AuthPreferenceV2) Clone() AuthPreference

Clone returns a copy of the AuthPreference resource.

func (*AuthPreferenceV2) Descriptor 

func (*AuthPreferenceV2) Descriptor() ([]byte, []int)

func (*AuthPreferenceV2) Expiry 

func (c *AuthPreferenceV2) Expiry() time.Time

Expiry returns object expiry setting.

func (*AuthPreferenceV2) GetAllowHeadless 

func (c *AuthPreferenceV2) GetAllowHeadless() bool

func (*AuthPreferenceV2) GetAllowLocalAuth 

func (c *AuthPreferenceV2) GetAllowLocalAuth() bool

GetAllowLocalAuth gets if local authentication is allowed.

func (*AuthPreferenceV2) GetAllowPasswordless 

func (c *AuthPreferenceV2) GetAllowPasswordless() bool

func (*AuthPreferenceV2) GetConnectorName 

func (c *AuthPreferenceV2) GetConnectorName() string

GetConnectorName gets the name of the OIDC or SAML connector to use. If this value is empty, we fall back to the first connector in the backend.

func (*AuthPreferenceV2) GetDefaultSessionTTL 

func (c *AuthPreferenceV2) GetDefaultSessionTTL() Duration

GetDefaultSessionTTL retrieves the default session ttl

func (*AuthPreferenceV2) GetDeviceTrust 

func (c *AuthPreferenceV2) GetDeviceTrust() *DeviceTrust

GetDeviceTrust returns the cluster device trust settings, or nil if no explicit configurations are present.

func (*AuthPreferenceV2) GetDisconnectExpiredCert 

func (c *AuthPreferenceV2) GetDisconnectExpiredCert() bool

GetDisconnectExpiredCert returns disconnect expired certificate setting

func (*AuthPreferenceV2) GetHardwareKey 

func (c *AuthPreferenceV2) GetHardwareKey() (*HardwareKey, error)

GetHardwareKey returns the hardware key settings configured for the cluster.

func (*AuthPreferenceV2) GetHardwareKeySerialNumberValidation 

func (c *AuthPreferenceV2) GetHardwareKeySerialNumberValidation() (*HardwareKeySerialNumberValidation, error)

GetHardwareKeySerialNumberValidation returns the cluster's hardware key serial number validation settings.

func (*AuthPreferenceV2) GetKind 

func (c *AuthPreferenceV2) GetKind() string

GetKind returns resource kind.

func (*AuthPreferenceV2) GetLockingMode 

func (c *AuthPreferenceV2) GetLockingMode() constants.LockingMode

GetLockingMode gets the cluster-wide locking mode default.

func (*AuthPreferenceV2) GetMessageOfTheDay 

func (c *AuthPreferenceV2) GetMessageOfTheDay() string

GetMessageOfTheDay gets the current Message Of The Day. May be empty.

func (*AuthPreferenceV2) GetMetadata 

func (c *AuthPreferenceV2) GetMetadata() Metadata

GetMetadata returns object metadata.

func (*AuthPreferenceV2) GetName 

func (c *AuthPreferenceV2) GetName() string

GetName returns the name of the resource.

func (*AuthPreferenceV2) GetOktaSyncPeriod 

func (c *AuthPreferenceV2) GetOktaSyncPeriod() time.Duration

GetOktaSyncPeriod returns the duration between Okta synchronization calls if the Okta service is running.

func (*AuthPreferenceV2) GetPIVPINCacheTTL 

func (c *AuthPreferenceV2) GetPIVPINCacheTTL() time.Duration

GetPIVPINCacheTTL returns the configured piv pin cache duration for the cluster.

func (*AuthPreferenceV2) GetPIVSlot 

func (c *AuthPreferenceV2) GetPIVSlot() hardwarekey.PIVSlotKeyString

GetPIVSlot returns the configured piv slot for the cluster.

func (*AuthPreferenceV2) GetPreferredLocalMFA 

func (c *AuthPreferenceV2) GetPreferredLocalMFA() constants.SecondFactorType

GetPreferredLocalMFA returns a server-side hint for clients to pick an MFA method when various options are available. It is empty if there is nothing to suggest.

func (*AuthPreferenceV2) GetPrivateKeyPolicy 

func (c *AuthPreferenceV2) GetPrivateKeyPolicy() keys.PrivateKeyPolicy

GetPrivateKeyPolicy returns the configured private key policy for the cluster.

func (*AuthPreferenceV2) GetRequireMFAType 

func (c *AuthPreferenceV2) GetRequireMFAType() RequireMFAType

GetRequireMFAType returns the type of MFA requirement enforced for this cluster.

func (*AuthPreferenceV2) GetRevision 

func (c *AuthPreferenceV2) GetRevision() string

GetRevision returns the revision

func (*AuthPreferenceV2) GetSecondFactors 

func (c *AuthPreferenceV2) GetSecondFactors() []SecondFactorType

GetSecondFactors gets a list of supported second factors.

func (*AuthPreferenceV2) GetSignatureAlgorithmSuite 

func (c *AuthPreferenceV2) GetSignatureAlgorithmSuite() SignatureAlgorithmSuite

GetSignatureAlgorithmSuite gets the signature algorithm suite.

func (*AuthPreferenceV2) GetStableUNIXUserConfig 

func (c *AuthPreferenceV2) GetStableUNIXUserConfig() *StableUNIXUserConfig

GetStableUNIXUserConfig implements AuthPreference.

func (*AuthPreferenceV2) GetSubKind 

func (c *AuthPreferenceV2) GetSubKind() string

GetSubKind returns resource subkind.

func (*AuthPreferenceV2) GetType 

func (c *AuthPreferenceV2) GetType() string

GetType returns the type of authentication.

func (*AuthPreferenceV2) GetU2F 

func (c *AuthPreferenceV2) GetU2F() (*U2F, error)

GetU2F gets the U2F configuration settings.

func (*AuthPreferenceV2) GetVersion 

func (c *AuthPreferenceV2) GetVersion() string

GetVersion returns resource version.

func (*AuthPreferenceV2) GetWebauthn 

func (c *AuthPreferenceV2) GetWebauthn() (*Webauthn, error)

func (*AuthPreferenceV2) IsAdminActionMFAEnforced 

func (c *AuthPreferenceV2) IsAdminActionMFAEnforced() bool

IsAdminActionMFAEnforced checks if admin action MFA is enforced.

func (*AuthPreferenceV2) IsSAMLIdPEnabled 

func (c *AuthPreferenceV2) IsSAMLIdPEnabled() bool

IsSAMLIdPEnabled returns true if the SAML IdP is enabled.

func (*AuthPreferenceV2) IsSecondFactorEnabled 

func (c *AuthPreferenceV2) IsSecondFactorEnabled() bool

IsSecondFactorEnforced checks if second factor is enabled.

func (*AuthPreferenceV2) IsSecondFactorEnforced 

func (c *AuthPreferenceV2) IsSecondFactorEnforced() bool

IsSecondFactorEnforced checks if second factor is enforced.

func (*AuthPreferenceV2) IsSecondFactorLocalAllowed 

func (c *AuthPreferenceV2) IsSecondFactorLocalAllowed() bool

IsSecondFactorLocalAllowed checks if a local second factor method is enabled.

func (*AuthPreferenceV2) IsSecondFactorSSOAllowed 

func (c *AuthPreferenceV2) IsSecondFactorSSOAllowed() bool

IsSecondFactorSSOAllowed checks if users can use SSO as an MFA method.

func (*AuthPreferenceV2) IsSecondFactorTOTPAllowed 

func (c *AuthPreferenceV2) IsSecondFactorTOTPAllowed() bool

IsSecondFactorTOTPAllowed checks if users can use TOTP as an MFA method.

func (*AuthPreferenceV2) IsSecondFactorWebauthnAllowed 

func (c *AuthPreferenceV2) IsSecondFactorWebauthnAllowed() bool

IsSecondFactorWebauthnAllowed checks if users can use WebAuthn as an MFA method.

func (*AuthPreferenceV2) Marshal 

func (m *AuthPreferenceV2) Marshal() (dAtA []byte, err error)

func (*AuthPreferenceV2) MarshalTo 

func (m *AuthPreferenceV2) MarshalTo(dAtA []byte) (int, error)

func (*AuthPreferenceV2) MarshalToSizedBuffer 

func (m *AuthPreferenceV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AuthPreferenceV2) Origin 

func (c *AuthPreferenceV2) Origin() string

Origin returns the origin value of the resource.

func (*AuthPreferenceV2) ProtoMessage 

func (*AuthPreferenceV2) ProtoMessage()

func (*AuthPreferenceV2) Reset 

func (m *AuthPreferenceV2) Reset()

func (*AuthPreferenceV2) SetAllowHeadless 

func (c *AuthPreferenceV2) SetAllowHeadless(b bool)

func (*AuthPreferenceV2) SetAllowLocalAuth 

func (c *AuthPreferenceV2) SetAllowLocalAuth(b bool)

SetAllowLocalAuth gets if local authentication is allowed.

func (*AuthPreferenceV2) SetAllowPasswordless 

func (c *AuthPreferenceV2) SetAllowPasswordless(b bool)

func (*AuthPreferenceV2) SetConnectorName 

func (c *AuthPreferenceV2) SetConnectorName(cn string)

SetConnectorName sets the name of the OIDC or SAML connector to use. If this value is empty, we fall back to the first connector in the backend.

func (*AuthPreferenceV2) SetDefaultSessionTTL 

func (c *AuthPreferenceV2) SetDefaultSessionTTL(sessionTTL Duration)

SetDefaultSessionTTL sets the default session ttl

func (*AuthPreferenceV2) SetDefaultSignatureAlgorithmSuite 

func (c *AuthPreferenceV2) SetDefaultSignatureAlgorithmSuite(params SignatureAlgorithmSuiteParams)

SetDefaultSignatureAlgorithmSuite sets default signature algorithm suite based on the params. This is meant for a default auth preference in a brand new cluster or after resetting the auth preference.

func (*AuthPreferenceV2) SetDeviceTrust 

func (c *AuthPreferenceV2) SetDeviceTrust(dt *DeviceTrust)

SetDeviceTrust sets the cluster device trust settings.

func (*AuthPreferenceV2) SetDisconnectExpiredCert 

func (c *AuthPreferenceV2) SetDisconnectExpiredCert(b bool)

SetDisconnectExpiredCert sets disconnect client with expired certificate setting

func (*AuthPreferenceV2) SetExpiry 

func (c *AuthPreferenceV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object.

func (*AuthPreferenceV2) SetLockingMode 

func (c *AuthPreferenceV2) SetLockingMode(mode constants.LockingMode)

SetLockingMode sets the cluster-wide locking mode default.

func (*AuthPreferenceV2) SetMessageOfTheDay 

func (c *AuthPreferenceV2) SetMessageOfTheDay(motd string)

SetMessageOfTheDay sets the current Message Of The Day. May be empty.

func (*AuthPreferenceV2) SetName 

func (c *AuthPreferenceV2) SetName(e string)

SetName sets the name of the resource.

func (*AuthPreferenceV2) SetOktaSyncPeriod 

func (c *AuthPreferenceV2) SetOktaSyncPeriod(syncPeriod time.Duration)

SetOktaSyncPeriod sets the duration between Okta synchronzation calls.

func (*AuthPreferenceV2) SetOrigin 

func (c *AuthPreferenceV2) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*AuthPreferenceV2) SetRequireMFAType 

func (c *AuthPreferenceV2) SetRequireMFAType(t RequireMFAType)

SetRequireMFAType sets the type of MFA requirement enforced for this cluster.

func (*AuthPreferenceV2) SetRevision 

func (c *AuthPreferenceV2) SetRevision(rev string)

SetRevision sets the revision

func (*AuthPreferenceV2) SetSAMLIdPEnabled 

func (c *AuthPreferenceV2) SetSAMLIdPEnabled(enabled bool)

SetSAMLIdPEnabled sets the SAML IdP to enabled.

func (*AuthPreferenceV2) SetSecondFactor 

func (c *AuthPreferenceV2) SetSecondFactor(s constants.SecondFactorType)

SetSecondFactor sets the type of second factor.

func (*AuthPreferenceV2) SetSecondFactors 

func (c *AuthPreferenceV2) SetSecondFactors(sfs ...SecondFactorType)

SetSecondFactors sets the list of supported second factors.

func (*AuthPreferenceV2) SetSignatureAlgorithmSuite 

func (c *AuthPreferenceV2) SetSignatureAlgorithmSuite(suite SignatureAlgorithmSuite)

SetSignatureAlgorithmSuite sets the signature algorithm suite.

func (*AuthPreferenceV2) SetStableUNIXUserConfig 

func (c *AuthPreferenceV2) SetStableUNIXUserConfig(cfg *StableUNIXUserConfig)

SetStableUNIXUserConfig implements AuthPreference.

func (*AuthPreferenceV2) SetSubKind 

func (c *AuthPreferenceV2) SetSubKind(sk string)

SetSubKind sets resource subkind.

func (*AuthPreferenceV2) SetType 

func (c *AuthPreferenceV2) SetType(s string)

SetType sets the type of authentication.

func (*AuthPreferenceV2) SetU2F 

func (c *AuthPreferenceV2) SetU2F(u2f *U2F)

SetU2F sets the U2F configuration settings.

func (*AuthPreferenceV2) SetWebauthn 

func (c *AuthPreferenceV2) SetWebauthn(w *Webauthn)

func (*AuthPreferenceV2) Size 

func (m *AuthPreferenceV2) Size() (n int)

func (*AuthPreferenceV2) String 

func (c *AuthPreferenceV2) String() string

String represents a human readable version of authentication settings.

func (*AuthPreferenceV2) Unmarshal 

func (m *AuthPreferenceV2) Unmarshal(dAtA []byte) error

func (*AuthPreferenceV2) XXX_DiscardUnknown 

func (m *AuthPreferenceV2) XXX_DiscardUnknown()

func (*AuthPreferenceV2) XXX_Marshal 

func (m *AuthPreferenceV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthPreferenceV2) XXX_Merge 

func (m *AuthPreferenceV2) XXX_Merge(src proto.Message)

func (*AuthPreferenceV2) XXX_Size 

func (m *AuthPreferenceV2) XXX_Size() int

func (*AuthPreferenceV2) XXX_Unmarshal 

func (m *AuthPreferenceV2) XXX_Unmarshal(b []byte) error

type Azure 

type Azure struct {
	// Name is the Azure database server name.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
	// ResourceID is the Azure fully qualified ID for the resource.
	ResourceID string `protobuf:"bytes,2,opt,name=ResourceID,proto3" json:"resource_id,omitempty"`
	// Redis contains Azure Cache for Redis specific database metadata.
	Redis AzureRedis `protobuf:"bytes,3,opt,name=Redis,proto3" json:"redis,omitempty"`
	// IsFlexiServer is true if the database is an Azure Flexible server.
	IsFlexiServer        bool     `protobuf:"varint,4,opt,name=IsFlexiServer,proto3" json:"is_flexi_server,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Azure contains Azure specific database metadata.

func (*Azure) Descriptor 

func (*Azure) Descriptor() ([]byte, []int)

func (Azure) IsEmpty 

func (a Azure) IsEmpty() bool

IsEmpty returns true if Azure metadata is empty.

func (*Azure) Marshal 

func (m *Azure) Marshal() (dAtA []byte, err error)

func (*Azure) MarshalTo 

func (m *Azure) MarshalTo(dAtA []byte) (int, error)

func (*Azure) MarshalToSizedBuffer 

func (m *Azure) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Azure) ProtoMessage 

func (*Azure) ProtoMessage()

func (*Azure) Reset 

func (m *Azure) Reset()

func (*Azure) Size 

func (m *Azure) Size() (n int)

func (*Azure) String 

func (m *Azure) String() string

func (*Azure) Unmarshal 

func (m *Azure) Unmarshal(dAtA []byte) error

func (*Azure) XXX_DiscardUnknown 

func (m *Azure) XXX_DiscardUnknown()

func (*Azure) XXX_Marshal 

func (m *Azure) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Azure) XXX_Merge 

func (m *Azure) XXX_Merge(src proto.Message)

func (*Azure) XXX_Size 

func (m *Azure) XXX_Size() int

func (*Azure) XXX_Unmarshal 

func (m *Azure) XXX_Unmarshal(b []byte) error

type AzureInstallerParams 

type AzureInstallerParams struct {
	// ClientID is the client ID of the managed identity discovered nodes
	// should use to join the cluster.
	ClientID             string   `protobuf:"bytes,1,opt,name=ClientID,proto3" json:"client_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AzureInstallerParams is the set of Azure-specific installation parameters.

func (*AzureInstallerParams) Descriptor 

func (*AzureInstallerParams) Descriptor() ([]byte, []int)

func (*AzureInstallerParams) Marshal 

func (m *AzureInstallerParams) Marshal() (dAtA []byte, err error)

func (*AzureInstallerParams) MarshalTo 

func (m *AzureInstallerParams) MarshalTo(dAtA []byte) (int, error)

func (*AzureInstallerParams) MarshalToSizedBuffer 

func (m *AzureInstallerParams) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AzureInstallerParams) ProtoMessage 

func (*AzureInstallerParams) ProtoMessage()

func (*AzureInstallerParams) Reset 

func (m *AzureInstallerParams) Reset()

func (*AzureInstallerParams) Size 

func (m *AzureInstallerParams) Size() (n int)

func (*AzureInstallerParams) String 

func (m *AzureInstallerParams) String() string

func (*AzureInstallerParams) Unmarshal 

func (m *AzureInstallerParams) Unmarshal(dAtA []byte) error

func (*AzureInstallerParams) XXX_DiscardUnknown 

func (m *AzureInstallerParams) XXX_DiscardUnknown()

func (*AzureInstallerParams) XXX_Marshal 

func (m *AzureInstallerParams) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureInstallerParams) XXX_Merge 

func (m *AzureInstallerParams) XXX_Merge(src proto.Message)

func (*AzureInstallerParams) XXX_Size 

func (m *AzureInstallerParams) XXX_Size() int

func (*AzureInstallerParams) XXX_Unmarshal 

func (m *AzureInstallerParams) XXX_Unmarshal(b []byte) error

type AzureMatcher 

type AzureMatcher struct {
	// Subscriptions are Azure subscriptions to query for resources.
	Subscriptions []string `protobuf:"bytes,1,rep,name=Subscriptions,proto3" json:"subscriptions,omitempty"`
	// ResourceGroups are Azure resource groups to query for resources.
	ResourceGroups []string `protobuf:"bytes,2,rep,name=ResourceGroups,proto3" json:"resource_groups,omitempty"`
	// Types are Azure types to match: "mysql", "postgres", "aks", "vm"
	Types []string `protobuf:"bytes,3,rep,name=Types,proto3" json:"types,omitempty"`
	// Regions are Azure locations to match for databases.
	Regions []string `protobuf:"bytes,4,rep,name=Regions,proto3" json:"regions,omitempty"`
	// ResourceTags are Azure tags on resources to match.
	ResourceTags Labels `protobuf:"bytes,5,opt,name=ResourceTags,proto3,customtype=Labels" json:"tags,omitempty"`
	// Params sets the join method when installing on
	// discovered Azure nodes.
	Params               *InstallerParams `protobuf:"bytes,6,opt,name=Params,proto3" json:"install_params,omitempty"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

AzureMatcher matches Azure resources. It defines which resource types, filters and some configuration params.

func (*AzureMatcher) CheckAndSetDefaults 

func (m *AzureMatcher) CheckAndSetDefaults() error

CheckAndSetDefaults that the matcher is correct and adds default values.

func (AzureMatcher) CopyWithTypes 

func (m AzureMatcher) CopyWithTypes(t []string) Matcher

CopyWithTypes copies the matcher with new types.

func (*AzureMatcher) Descriptor 

func (*AzureMatcher) Descriptor() ([]byte, []int)

func (AzureMatcher) GetTypes 

func (m AzureMatcher) GetTypes() []string

GetTypes gets the types that the matcher can match.

func (*AzureMatcher) Marshal 

func (m *AzureMatcher) Marshal() (dAtA []byte, err error)

func (*AzureMatcher) MarshalTo 

func (m *AzureMatcher) MarshalTo(dAtA []byte) (int, error)

func (*AzureMatcher) MarshalToSizedBuffer 

func (m *AzureMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AzureMatcher) ProtoMessage 

func (*AzureMatcher) ProtoMessage()

func (*AzureMatcher) Reset 

func (m *AzureMatcher) Reset()

func (*AzureMatcher) Size 

func (m *AzureMatcher) Size() (n int)

func (*AzureMatcher) String 

func (m *AzureMatcher) String() string

func (*AzureMatcher) Unmarshal 

func (m *AzureMatcher) Unmarshal(dAtA []byte) error

func (*AzureMatcher) XXX_DiscardUnknown 

func (m *AzureMatcher) XXX_DiscardUnknown()

func (*AzureMatcher) XXX_Marshal 

func (m *AzureMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureMatcher) XXX_Merge 

func (m *AzureMatcher) XXX_Merge(src proto.Message)

func (*AzureMatcher) XXX_Size 

func (m *AzureMatcher) XXX_Size() int

func (*AzureMatcher) XXX_Unmarshal 

func (m *AzureMatcher) XXX_Unmarshal(b []byte) error

type AzureOIDCIntegrationSpecV1 

type AzureOIDCIntegrationSpecV1 struct {
	// TenantID specifies the ID of Entra Tenant (Directory)
	// that this plugin integrates with.
	TenantID string `protobuf:"bytes,1,opt,name=TenantID,proto3" json:"tenant_id,omitempty"`
	// ClientID specifies the ID of Azure enterprise application (client)
	// that corresponds to this plugin.
	ClientID             string   `protobuf:"bytes,2,opt,name=ClientID,proto3" json:"client_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AzureOIDCIntegrationSpecV1 contains the spec properties for the Azure OIDC SubKind Integration.

func (*AzureOIDCIntegrationSpecV1) Descriptor 

func (*AzureOIDCIntegrationSpecV1) Descriptor() ([]byte, []int)

func (*AzureOIDCIntegrationSpecV1) Marshal 

func (m *AzureOIDCIntegrationSpecV1) Marshal() (dAtA []byte, err error)

func (*AzureOIDCIntegrationSpecV1) MarshalTo 

func (m *AzureOIDCIntegrationSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*AzureOIDCIntegrationSpecV1) MarshalToSizedBuffer 

func (m *AzureOIDCIntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AzureOIDCIntegrationSpecV1) ProtoMessage 

func (*AzureOIDCIntegrationSpecV1) ProtoMessage()

func (*AzureOIDCIntegrationSpecV1) Reset 

func (m *AzureOIDCIntegrationSpecV1) Reset()

func (*AzureOIDCIntegrationSpecV1) Size 

func (m *AzureOIDCIntegrationSpecV1) Size() (n int)

func (*AzureOIDCIntegrationSpecV1) String 

func (m *AzureOIDCIntegrationSpecV1) String() string

func (*AzureOIDCIntegrationSpecV1) Unmarshal 

func (m *AzureOIDCIntegrationSpecV1) Unmarshal(dAtA []byte) error

func (*AzureOIDCIntegrationSpecV1) XXX_DiscardUnknown 

func (m *AzureOIDCIntegrationSpecV1) XXX_DiscardUnknown()

func (*AzureOIDCIntegrationSpecV1) XXX_Marshal 

func (m *AzureOIDCIntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureOIDCIntegrationSpecV1) XXX_Merge 

func (m *AzureOIDCIntegrationSpecV1) XXX_Merge(src proto.Message)

func (*AzureOIDCIntegrationSpecV1) XXX_Size 

func (m *AzureOIDCIntegrationSpecV1) XXX_Size() int

func (*AzureOIDCIntegrationSpecV1) XXX_Unmarshal 

func (m *AzureOIDCIntegrationSpecV1) XXX_Unmarshal(b []byte) error

type AzureRedis 

type AzureRedis struct {
	// ClusteringPolicy is the clustering policy for Redis Enterprise.
	ClusteringPolicy     string   `protobuf:"bytes,1,opt,name=ClusteringPolicy,proto3" json:"clustering_policy,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

AzureRedis contains Azure Cache for Redis specific database metadata.

func (*AzureRedis) Descriptor 

func (*AzureRedis) Descriptor() ([]byte, []int)

func (*AzureRedis) Marshal 

func (m *AzureRedis) Marshal() (dAtA []byte, err error)

func (*AzureRedis) MarshalTo 

func (m *AzureRedis) MarshalTo(dAtA []byte) (int, error)

func (*AzureRedis) MarshalToSizedBuffer 

func (m *AzureRedis) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AzureRedis) ProtoMessage 

func (*AzureRedis) ProtoMessage()

func (*AzureRedis) Reset 

func (m *AzureRedis) Reset()

func (*AzureRedis) Size 

func (m *AzureRedis) Size() (n int)

func (*AzureRedis) String 

func (m *AzureRedis) String() string

func (*AzureRedis) Unmarshal 

func (m *AzureRedis) Unmarshal(dAtA []byte) error

func (*AzureRedis) XXX_DiscardUnknown 

func (m *AzureRedis) XXX_DiscardUnknown()

func (*AzureRedis) XXX_Marshal 

func (m *AzureRedis) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureRedis) XXX_Merge 

func (m *AzureRedis) XXX_Merge(src proto.Message)

func (*AzureRedis) XXX_Size 

func (m *AzureRedis) XXX_Size() int

func (*AzureRedis) XXX_Unmarshal 

func (m *AzureRedis) XXX_Unmarshal(b []byte) error

type Bool 

type Bool bool

Bool is a wrapper around boolean values

func NewBool 

func NewBool(b bool) Bool

NewBool returns Bool struct based on bool value

func NewBoolP 

func NewBoolP(b bool) *Bool

NewBoolP returns Bool pointer

func (Bool) MarshalJSON 

func (b Bool) MarshalJSON() ([]byte, error)

MarshalJSON marshals boolean value.

func (Bool) MarshalYAML 

func (b Bool) MarshalYAML() (interface{}, error)

MarshalYAML marshals bool into yaml value

func (*Bool) UnmarshalJSON 

func (b *Bool) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals JSON from string or bool, in case if value is missing or not recognized, defaults to false

func (*Bool) UnmarshalYAML 

func (b *Bool) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML unmarshals bool value from yaml

func (Bool) Value 

func (b Bool) Value() bool

Value returns boolean value of the wrapper

type BoolOption 

type BoolOption struct {
	// Value is a value of the option
	Value bool
}

BoolOption is a wrapper around bool that can take multiple values: * true, false and non-set (when pointer is nil) and can marshal itself to protobuf equivalent BoolValue

func NewBoolOption 

func NewBoolOption(b bool) *BoolOption

NewBoolOption returns Bool struct based on bool value

func (BoolOption) Marshal 

func (b BoolOption) Marshal() ([]byte, error)

Marshal marshals value into protobuf representation

func (BoolOption) MarshalJSON 

func (b BoolOption) MarshalJSON() ([]byte, error)

MarshalJSON marshals boolean value.

func (BoolOption) MarshalTo 

func (b BoolOption) MarshalTo(data []byte) (int, error)

MarshalTo marshals value to the slice

func (BoolOption) MarshalToSizedBuffer 

func (b BoolOption) MarshalToSizedBuffer(data []byte) (int, error)

MarshalToSizedBuffer marshals value to the slice

func (*BoolOption) MarshalYAML 

func (b *BoolOption) MarshalYAML() (interface{}, error)

MarshalYAML marshals BoolOption into yaml value

func (BoolOption) Size 

func (b BoolOption) Size() int

Size returns protobuf size

func (*BoolOption) Unmarshal 

func (b *BoolOption) Unmarshal(data []byte) error

Unmarshal unmarshals value from protobuf

func (*BoolOption) UnmarshalJSON 

func (b *BoolOption) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals JSON from string or bool, in case if value is missing or not recognized, defaults to false

func (*BoolOption) UnmarshalYAML 

func (b *BoolOption) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML unmarshals BoolOption to YAML

type BoolValue 

type BoolValue struct {
	Value                bool     `protobuf:"varint,1,opt,name=Value,proto3" json:"Value,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

BoolValue is a wrapper around bool, used in cases whenever bool value can have different default value when missing

func (*BoolValue) Descriptor 

func (*BoolValue) Descriptor() ([]byte, []int)

func (*BoolValue) Marshal 

func (m *BoolValue) Marshal() (dAtA []byte, err error)

func (*BoolValue) MarshalTo 

func (m *BoolValue) MarshalTo(dAtA []byte) (int, error)

func (*BoolValue) MarshalToSizedBuffer 

func (m *BoolValue) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*BoolValue) ProtoMessage 

func (*BoolValue) ProtoMessage()

func (*BoolValue) Reset 

func (m *BoolValue) Reset()

func (*BoolValue) Size 

func (m *BoolValue) Size() (n int)

func (*BoolValue) String 

func (m *BoolValue) String() string

func (*BoolValue) Unmarshal 

func (m *BoolValue) Unmarshal(dAtA []byte) error

func (*BoolValue) XXX_DiscardUnknown 

func (m *BoolValue) XXX_DiscardUnknown()

func (*BoolValue) XXX_Marshal 

func (m *BoolValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BoolValue) XXX_Merge 

func (m *BoolValue) XXX_Merge(src proto.Message)

func (*BoolValue) XXX_Size 

func (m *BoolValue) XXX_Size() int

func (*BoolValue) XXX_Unmarshal 

func (m *BoolValue) XXX_Unmarshal(b []byte) error

type CAKeySet 

type CAKeySet struct {
	// SSH contains SSH CA key pairs.
	SSH []*SSHKeyPair `protobuf:"bytes,1,rep,name=SSH,proto3" json:"ssh,omitempty"`
	// TLS contains TLS CA key/cert pairs.
	TLS []*TLSKeyPair `protobuf:"bytes,2,rep,name=TLS,proto3" json:"tls,omitempty"`
	// JWT contains JWT signing key pairs.
	JWT                  []*JWTKeyPair `protobuf:"bytes,3,rep,name=JWT,proto3" json:"jwt,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

CAKeySet is the set of CA keys.

func (CAKeySet) CheckAndSetDefaults 

func (ks CAKeySet) CheckAndSetDefaults() error

CheckAndSetDefaults validates CAKeySet and sets defaults on any empty fields as needed.

func (CAKeySet) Clone 

func (ks CAKeySet) Clone() CAKeySet

Clone returns a deep copy of CAKeySet that can be mutated without modifying the original.

func (*CAKeySet) Descriptor 

func (*CAKeySet) Descriptor() ([]byte, []int)

func (*CAKeySet) Empty 

func (ks *CAKeySet) Empty() bool

Empty returns true if the CAKeySet holds no keys

func (*CAKeySet) Marshal 

func (m *CAKeySet) Marshal() (dAtA []byte, err error)

func (*CAKeySet) MarshalTo 

func (m *CAKeySet) MarshalTo(dAtA []byte) (int, error)

func (*CAKeySet) MarshalToSizedBuffer 

func (m *CAKeySet) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CAKeySet) ProtoMessage 

func (*CAKeySet) ProtoMessage()

func (*CAKeySet) Reset 

func (m *CAKeySet) Reset()

func (*CAKeySet) Size 

func (m *CAKeySet) Size() (n int)

func (*CAKeySet) String 

func (m *CAKeySet) String() string

func (*CAKeySet) Unmarshal 

func (m *CAKeySet) Unmarshal(dAtA []byte) error

func (CAKeySet) WithoutSecrets 

func (ks CAKeySet) WithoutSecrets() CAKeySet

WithoutSecrets returns a deep copy of CAKeySet with all secret fields (private keys) removed.

func (*CAKeySet) XXX_DiscardUnknown 

func (m *CAKeySet) XXX_DiscardUnknown()

func (*CAKeySet) XXX_Marshal 

func (m *CAKeySet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CAKeySet) XXX_Merge 

func (m *CAKeySet) XXX_Merge(src proto.Message)

func (*CAKeySet) XXX_Size 

func (m *CAKeySet) XXX_Size() int

func (*CAKeySet) XXX_Unmarshal 

func (m *CAKeySet) XXX_Unmarshal(b []byte) error

type CORSPolicy 

type CORSPolicy struct {
	// allowed_origins specifies which origins are allowed to access the app.
	AllowedOrigins []string `protobuf:"bytes,1,rep,name=allowed_origins,json=allowedOrigins,proto3" json:"allowed_origins,omitempty"`
	// allowed_methods specifies which methods are allowed when accessing the app.
	AllowedMethods []string `protobuf:"bytes,2,rep,name=allowed_methods,json=allowedMethods,proto3" json:"allowed_methods,omitempty"`
	// allowed_headers specifies which headers can be used when accessing the app.
	AllowedHeaders []string `protobuf:"bytes,3,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"`
	// allow_credentials indicates whether credentials are allowed.
	AllowCredentials bool `protobuf:"varint,4,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"`
	// max_age indicates how long (in seconds) the results of a preflight request can be cached.
	MaxAge uint32 `protobuf:"varint,5,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"`
	// exposed_headers indicates which headers are made available to scripts via the browser.
	ExposedHeaders       []string `protobuf:"bytes,6,rep,name=exposed_headers,json=exposedHeaders,proto3" json:"exposed_headers,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

CORSPolicy defines the CORS policy for AppSpecV3

func (*CORSPolicy) Descriptor 

func (*CORSPolicy) Descriptor() ([]byte, []int)

func (*CORSPolicy) Marshal 

func (m *CORSPolicy) Marshal() (dAtA []byte, err error)

func (*CORSPolicy) MarshalTo 

func (m *CORSPolicy) MarshalTo(dAtA []byte) (int, error)

func (*CORSPolicy) MarshalToSizedBuffer 

func (m *CORSPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CORSPolicy) ProtoMessage 

func (*CORSPolicy) ProtoMessage()

func (*CORSPolicy) Reset 

func (m *CORSPolicy) Reset()

func (*CORSPolicy) Size 

func (m *CORSPolicy) Size() (n int)

func (*CORSPolicy) String 

func (m *CORSPolicy) String() string

func (*CORSPolicy) Unmarshal 

func (m *CORSPolicy) Unmarshal(dAtA []byte) error

func (*CORSPolicy) XXX_DiscardUnknown 

func (m *CORSPolicy) XXX_DiscardUnknown()

func (*CORSPolicy) XXX_Marshal 

func (m *CORSPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CORSPolicy) XXX_Merge 

func (m *CORSPolicy) XXX_Merge(src proto.Message)

func (*CORSPolicy) XXX_Size 

func (m *CORSPolicy) XXX_Size() int

func (*CORSPolicy) XXX_Unmarshal 

func (m *CORSPolicy) XXX_Unmarshal(b []byte) error

type CertAuthID 

type CertAuthID struct {
	Type       CertAuthType `json:"type"`
	DomainName string       `json:"domain_name"`
}

CertAuthID - id of certificate authority (it's type and domain name)

func (*CertAuthID) Check 

func (c *CertAuthID) Check() error

Check returns error if any of the id parameters are bad, nil otherwise

func (CertAuthID) String 

func (c CertAuthID) String() string

type CertAuthType 

type CertAuthType string

CertAuthType specifies certificate authority type. New variants should be added to CertAuthTypes and, for one major version, to NewlyAdded(). 

const (
	// HostCA identifies the key as a host certificate authority
	HostCA CertAuthType = "host"
	// UserCA identifies the key as a user certificate authority
	UserCA CertAuthType = "user"
	// DatabaseCA is a certificate authority used as a server CA in database
	// access.
	DatabaseCA CertAuthType = "db"
	// DatabaseClientCA is a certificate authority used as a client CA in
	// database access.
	DatabaseClientCA CertAuthType = "db_client"
	// OpenSSHCA is a certificate authority used when connecting to agentless nodes.
	OpenSSHCA CertAuthType = "openssh"
	// JWTSigner identifies type of certificate authority as JWT signer. In this
	// case JWT is not a certificate authority because it does not issue
	// certificates but rather is an authority that signs tokens, however it behaves
	// much like a CA in terms of rotation and storage.
	JWTSigner CertAuthType = "jwt"
	// SAMLIDPCA identifies the certificate authority that will be used by the
	// SAML identity provider.
	SAMLIDPCA CertAuthType = "saml_idp"
	// OIDCIdPCA (OpenID Connect Identity Provider Certificate Authority) identifies
	// the certificate authority that will be used by the OIDC Identity Provider.
	// Similar to JWTSigner, it doesn't issue Certificates but signs JSON Web Tokens.
	OIDCIdPCA CertAuthType = "oidc_idp"
	// SPIFFECA identifies the certificate authority that will be used by the
	// SPIFFE Workload Identity provider functionality.
	SPIFFECA CertAuthType = "spiffe"
	// OktaCA identifies the certificate authority that will be used by the
	// integration with Okta.
	OktaCA CertAuthType = "okta"
	// AWSRACA identifies the certificate authority that will be used by the
	// AWS IAM Roles Anywhere integration functionality.
	AWSRACA CertAuthType = "awsra"
	// BoundKeypairCA identifies the CA used to sign bound keypair client state
	// documents.
	BoundKeypairCA CertAuthType = "bound_keypair"
)

func (CertAuthType) Check 

func (c CertAuthType) Check() error

Check checks if certificate authority type value is correct

func (CertAuthType) NewlyAdded 

func (c CertAuthType) NewlyAdded() bool

NewlyAdded should return true for CA types that were added in the current major version, so that we can avoid erroring out when a potentially older remote server doesn't know about them.

type CertAuthority 

type CertAuthority interface {
	// ResourceWithSecrets sets common resource properties
	ResourceWithSecrets
	// SetMetadata sets CA metadata
	SetMetadata(meta Metadata)
	// GetID returns certificate authority ID -
	// combined type and name
	GetID() CertAuthID
	// GetType returns user or host certificate authority
	GetType() CertAuthType
	// GetClusterName returns cluster name this cert authority
	// is associated with
	GetClusterName() string

	GetActiveKeys() CAKeySet
	SetActiveKeys(CAKeySet) error
	GetAdditionalTrustedKeys() CAKeySet
	SetAdditionalTrustedKeys(CAKeySet) error

	GetTrustedSSHKeyPairs() []*SSHKeyPair
	GetTrustedTLSKeyPairs() []*TLSKeyPair
	GetTrustedJWTKeyPairs() []*JWTKeyPair

	// CombinedMapping is used to specify combined mapping from legacy property Roles
	// and new property RoleMap
	CombinedMapping() RoleMap
	// GetRoleMap returns role map property
	GetRoleMap() RoleMap
	// SetRoleMap sets role map
	SetRoleMap(m RoleMap)
	// GetRoles returns a list of roles assumed by users signed by this CA
	GetRoles() []string
	// SetRoles sets assigned roles for this certificate authority
	SetRoles(roles []string)
	// AddRole adds a role to ca role list
	AddRole(name string)
	// String returns human readable version of the CertAuthority
	String() string
	// GetRotation returns rotation state.
	GetRotation() Rotation
	// SetRotation sets rotation state.
	SetRotation(Rotation)
	// AllKeyTypes returns the set of all different key types in the CA.
	AllKeyTypes() []string
	// Clone returns a copy of the cert authority object.
	Clone() CertAuthority
}

CertAuthority is a host or user certificate authority that can check and if it has private key stored as well, sign it too.

func NewCertAuthority 

func NewCertAuthority(spec CertAuthoritySpecV2) (CertAuthority, error)

NewCertAuthority returns new cert authority

type CertAuthorityFilter 

type CertAuthorityFilter map[CertAuthType]string

func (CertAuthorityFilter) Contains 

func (f CertAuthorityFilter) Contains(other CertAuthorityFilter) bool

Contains checks if the CA filter contains another CA filter as a subset. Unlike other filters, a CA filter's scope becomes more broad as map keys are added to it. Therefore, to check if kind's filter contains the subset's filter, we should check that the subset's keys are all present in kind and as narrow or narrower. A special case is when kind's filter is either empty or specifies all authorities, in which case it is as broad as possible and subset's filter is always contained within it.

func (*CertAuthorityFilter) FromMap 

func (f *CertAuthorityFilter) FromMap(m map[string]string)

FromMap converts the provided map into this filter.

func (CertAuthorityFilter) IntoMap 

func (f CertAuthorityFilter) IntoMap() map[string]string

IntoMap makes this filter into a map for use as the Filter in a WatchKind.

func (CertAuthorityFilter) IsEmpty 

func (f CertAuthorityFilter) IsEmpty() bool

func (CertAuthorityFilter) Match 

func (f CertAuthorityFilter) Match(ca CertAuthority) bool

Match checks if a given CA matches this filter.

type CertAuthoritySpecV2 

type CertAuthoritySpecV2 struct {
	// Type is either user or host certificate authority
	Type CertAuthType `protobuf:"bytes,1,opt,name=Type,proto3,casttype=CertAuthType" json:"type"`
	// ClusterName identifies the cluster name this authority serves.
	ClusterName string `protobuf:"bytes,2,opt,name=ClusterName,proto3" json:"cluster_name"`
	// Roles is a list of roles assumed by users signed by this CA
	Roles []string `protobuf:"bytes,5,rep,name=Roles,proto3" json:"roles,omitempty"`
	// RoleMap specifies role mappings to remote roles
	RoleMap []RoleMapping `protobuf:"bytes,6,rep,name=RoleMap,proto3" json:"role_map,omitempty"`
	// Rotation is a status of the certificate authority rotation
	Rotation *Rotation `protobuf:"bytes,8,opt,name=Rotation,proto3" json:"rotation,omitempty"`
	// SigningAlg is unused.
	//
	// Deprecated: SigningAlg is unused.
	SigningAlg CertAuthoritySpecV2_SigningAlgType `protobuf:"varint,9,opt,name=SigningAlg,proto3,enum=types.CertAuthoritySpecV2_SigningAlgType" json:"signing_alg,omitempty"` // Deprecated: Do not use.
	// ActiveKeys are the CA key sets used to sign any new certificates.
	ActiveKeys CAKeySet `protobuf:"bytes,11,opt,name=ActiveKeys,proto3" json:"active_keys,omitempty"`
	// AdditionalTrustedKeys are additional CA key sets that can be used to
	// verify certificates. Certificates should be verified with
	// AdditionalTrustedKeys and ActiveKeys combined.
	AdditionalTrustedKeys CAKeySet `protobuf:"bytes,12,opt,name=AdditionalTrustedKeys,proto3" json:"additional_trusted_keys,omitempty"`
	XXX_NoUnkeyedLiteral  struct{} `json:"-"`
	XXX_unrecognized      []byte   `json:"-"`
	XXX_sizecache         int32    `json:"-"`
}

CertAuthoritySpecV2 is a host or user certificate authority that can check and if it has private key stored as well, sign it too

func (*CertAuthoritySpecV2) Descriptor 

func (*CertAuthoritySpecV2) Descriptor() ([]byte, []int)

func (*CertAuthoritySpecV2) Marshal 

func (m *CertAuthoritySpecV2) Marshal() (dAtA []byte, err error)

func (*CertAuthoritySpecV2) MarshalTo 

func (m *CertAuthoritySpecV2) MarshalTo(dAtA []byte) (int, error)

func (*CertAuthoritySpecV2) MarshalToSizedBuffer 

func (m *CertAuthoritySpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CertAuthoritySpecV2) ProtoMessage 

func (*CertAuthoritySpecV2) ProtoMessage()

func (*CertAuthoritySpecV2) Reset 

func (m *CertAuthoritySpecV2) Reset()

func (*CertAuthoritySpecV2) Size 

func (m *CertAuthoritySpecV2) Size() (n int)

func (*CertAuthoritySpecV2) String 

func (m *CertAuthoritySpecV2) String() string

func (*CertAuthoritySpecV2) Unmarshal 

func (m *CertAuthoritySpecV2) Unmarshal(dAtA []byte) error

func (*CertAuthoritySpecV2) XXX_DiscardUnknown 

func (m *CertAuthoritySpecV2) XXX_DiscardUnknown()

func (*CertAuthoritySpecV2) XXX_Marshal 

func (m *CertAuthoritySpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertAuthoritySpecV2) XXX_Merge 

func (m *CertAuthoritySpecV2) XXX_Merge(src proto.Message)

func (*CertAuthoritySpecV2) XXX_Size 

func (m *CertAuthoritySpecV2) XXX_Size() int

func (*CertAuthoritySpecV2) XXX_Unmarshal 

func (m *CertAuthoritySpecV2) XXX_Unmarshal(b []byte) error

type CertAuthoritySpecV2_SigningAlgType deprecated 

type CertAuthoritySpecV2_SigningAlgType int32 // Deprecated: Do not use.

SigningAlgType is unused.

Deprecated: SigningAlgType is unused. 

const (
	CertAuthoritySpecV2_UNKNOWN      CertAuthoritySpecV2_SigningAlgType = 0
	CertAuthoritySpecV2_RSA_SHA1     CertAuthoritySpecV2_SigningAlgType = 1
	CertAuthoritySpecV2_RSA_SHA2_256 CertAuthoritySpecV2_SigningAlgType = 2
	CertAuthoritySpecV2_RSA_SHA2_512 CertAuthoritySpecV2_SigningAlgType = 3
)

func (CertAuthoritySpecV2_SigningAlgType) EnumDescriptor 

func (CertAuthoritySpecV2_SigningAlgType) EnumDescriptor() ([]byte, []int)

func (CertAuthoritySpecV2_SigningAlgType) String 

func (x CertAuthoritySpecV2_SigningAlgType) String() string

type CertAuthorityV2 

type CertAuthorityV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is connector metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec contains cert authority specification
	Spec                 CertAuthoritySpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

CertAuthorityV2 is version 2 resource spec for Cert Authority

func (*CertAuthorityV2) AddRole 

func (ca *CertAuthorityV2) AddRole(name string)

AddRole adds a role to ca role list

func (*CertAuthorityV2) AllKeyTypes 

func (ca *CertAuthorityV2) AllKeyTypes() []string

AllKeyTypes returns the set of all different key types in the CA.

func (*CertAuthorityV2) CheckAndSetDefaults 

func (ca *CertAuthorityV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks and set default values for any missing fields.

func (*CertAuthorityV2) Clone 

func (ca *CertAuthorityV2) Clone() CertAuthority

Clone returns a copy of the cert authority object.

func (*CertAuthorityV2) CombinedMapping 

func (ca *CertAuthorityV2) CombinedMapping() RoleMap

CombinedMapping is used to specify combined mapping from legacy property Roles and new property RoleMap

func (*CertAuthorityV2) Descriptor 

func (*CertAuthorityV2) Descriptor() ([]byte, []int)

func (*CertAuthorityV2) Expiry 

func (ca *CertAuthorityV2) Expiry() time.Time

Expiry returns object expiry setting

func (*CertAuthorityV2) GetActiveKeys 

func (ca *CertAuthorityV2) GetActiveKeys() CAKeySet

func (*CertAuthorityV2) GetAdditionalTrustedKeys 

func (ca *CertAuthorityV2) GetAdditionalTrustedKeys() CAKeySet

func (*CertAuthorityV2) GetClusterName 

func (ca *CertAuthorityV2) GetClusterName() string

GetClusterName returns cluster name this cert authority is associated with.

func (*CertAuthorityV2) GetID 

func (ca *CertAuthorityV2) GetID() CertAuthID

GetID returns certificate authority ID - combined type and name

func (*CertAuthorityV2) GetKind 

func (ca *CertAuthorityV2) GetKind() string

GetKind returns resource kind

func (*CertAuthorityV2) GetMetadata 

func (ca *CertAuthorityV2) GetMetadata() Metadata

GetMetadata returns object metadata

func (*CertAuthorityV2) GetName 

func (ca *CertAuthorityV2) GetName() string

GetName returns cert authority name

func (*CertAuthorityV2) GetRevision 

func (ca *CertAuthorityV2) GetRevision() string

GetRevision returns the revision

func (*CertAuthorityV2) GetRoleMap 

func (ca *CertAuthorityV2) GetRoleMap() RoleMap

GetRoleMap returns role map property

func (*CertAuthorityV2) GetRoles 

func (ca *CertAuthorityV2) GetRoles() []string

GetRoles returns a list of roles assumed by users signed by this CA

func (*CertAuthorityV2) GetRotation 

func (ca *CertAuthorityV2) GetRotation() Rotation

GetRotation returns rotation state.

func (*CertAuthorityV2) GetSubKind 

func (ca *CertAuthorityV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*CertAuthorityV2) GetTrustedJWTKeyPairs 

func (ca *CertAuthorityV2) GetTrustedJWTKeyPairs() []*JWTKeyPair

func (*CertAuthorityV2) GetTrustedSSHKeyPairs 

func (ca *CertAuthorityV2) GetTrustedSSHKeyPairs() []*SSHKeyPair

func (*CertAuthorityV2) GetTrustedTLSKeyPairs 

func (ca *CertAuthorityV2) GetTrustedTLSKeyPairs() []*TLSKeyPair

func (*CertAuthorityV2) GetType 

func (ca *CertAuthorityV2) GetType() CertAuthType

GetType returns user or host certificate authority

func (*CertAuthorityV2) GetVersion 

func (ca *CertAuthorityV2) GetVersion() string

GetVersion returns resource version

func (*CertAuthorityV2) ID 

func (ca *CertAuthorityV2) ID() *CertAuthID

ID returns id (consisting of domain name and type) that identifies the authority this key belongs to

func (*CertAuthorityV2) Marshal 

func (m *CertAuthorityV2) Marshal() (dAtA []byte, err error)

func (*CertAuthorityV2) MarshalTo 

func (m *CertAuthorityV2) MarshalTo(dAtA []byte) (int, error)

func (*CertAuthorityV2) MarshalToSizedBuffer 

func (m *CertAuthorityV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CertAuthorityV2) ProtoMessage 

func (*CertAuthorityV2) ProtoMessage()

func (*CertAuthorityV2) Reset 

func (m *CertAuthorityV2) Reset()

func (*CertAuthorityV2) SetActiveKeys 

func (ca *CertAuthorityV2) SetActiveKeys(ks CAKeySet) error

func (*CertAuthorityV2) SetAdditionalTrustedKeys 

func (ca *CertAuthorityV2) SetAdditionalTrustedKeys(ks CAKeySet) error

func (*CertAuthorityV2) SetExpiry 

func (ca *CertAuthorityV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*CertAuthorityV2) SetMetadata 

func (ca *CertAuthorityV2) SetMetadata(meta Metadata)

SetMetadata sets object metadata

func (*CertAuthorityV2) SetName 

func (ca *CertAuthorityV2) SetName(name string)

SetName sets cert authority name

func (*CertAuthorityV2) SetRevision 

func (ca *CertAuthorityV2) SetRevision(rev string)

SetRevision sets the revision

func (*CertAuthorityV2) SetRoleMap 

func (ca *CertAuthorityV2) SetRoleMap(m RoleMap)

SetRoleMap sets role map

func (*CertAuthorityV2) SetRoles 

func (ca *CertAuthorityV2) SetRoles(roles []string)

SetRoles sets assigned roles for this certificate authority

func (*CertAuthorityV2) SetRotation 

func (ca *CertAuthorityV2) SetRotation(r Rotation)

SetRotation sets rotation state.

func (*CertAuthorityV2) SetSubKind 

func (ca *CertAuthorityV2) SetSubKind(s string)

SetSubKind sets resource subkind

func (*CertAuthorityV2) Size 

func (m *CertAuthorityV2) Size() (n int)

func (*CertAuthorityV2) String 

func (ca *CertAuthorityV2) String() string

String returns human readable version of the CertAuthorityV2.

func (*CertAuthorityV2) Unmarshal 

func (m *CertAuthorityV2) Unmarshal(dAtA []byte) error

func (*CertAuthorityV2) WithoutSecrets 

func (ca *CertAuthorityV2) WithoutSecrets() Resource

WithoutSecrets returns an instance of resource without secrets.

func (*CertAuthorityV2) XXX_DiscardUnknown 

func (m *CertAuthorityV2) XXX_DiscardUnknown()

func (*CertAuthorityV2) XXX_Marshal 

func (m *CertAuthorityV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertAuthorityV2) XXX_Merge 

func (m *CertAuthorityV2) XXX_Merge(src proto.Message)

func (*CertAuthorityV2) XXX_Size 

func (m *CertAuthorityV2) XXX_Size() int

func (*CertAuthorityV2) XXX_Unmarshal 

func (m *CertAuthorityV2) XXX_Unmarshal(b []byte) error

type CertExtension 

type CertExtension struct {
	// Type represents the certificate type being extended, only ssh
	// is supported at this time.
	// 0 is "ssh".
	Type CertExtensionType `protobuf:"varint,1,opt,name=Type,proto3,enum=types.CertExtensionType" json:"type"`
	// Mode is the type of extension to be used -- currently
	// critical-option is not supported.
	// 0 is "extension".
	Mode CertExtensionMode `protobuf:"varint,2,opt,name=Mode,proto3,enum=types.CertExtensionMode" json:"mode"`
	// Name specifies the key to be used in the cert extension.
	Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name"`
	// Value specifies the value to be used in the cert extension.
	Value                string   `protobuf:"bytes,4,opt,name=Value,proto3" json:"value"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

CertExtension represents a key/value for a certificate extension

func (*CertExtension) Descriptor 

func (*CertExtension) Descriptor() ([]byte, []int)

func (*CertExtension) Marshal 

func (m *CertExtension) Marshal() (dAtA []byte, err error)

func (*CertExtension) MarshalTo 

func (m *CertExtension) MarshalTo(dAtA []byte) (int, error)

func (*CertExtension) MarshalToSizedBuffer 

func (m *CertExtension) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CertExtension) ProtoMessage 

func (*CertExtension) ProtoMessage()

func (*CertExtension) Reset 

func (m *CertExtension) Reset()

func (*CertExtension) Size 

func (m *CertExtension) Size() (n int)

func (*CertExtension) String 

func (m *CertExtension) String() string

func (*CertExtension) Unmarshal 

func (m *CertExtension) Unmarshal(dAtA []byte) error

func (*CertExtension) XXX_DiscardUnknown 

func (m *CertExtension) XXX_DiscardUnknown()

func (*CertExtension) XXX_Marshal 

func (m *CertExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertExtension) XXX_Merge 

func (m *CertExtension) XXX_Merge(src proto.Message)

func (*CertExtension) XXX_Size 

func (m *CertExtension) XXX_Size() int

func (*CertExtension) XXX_Unmarshal 

func (m *CertExtension) XXX_Unmarshal(b []byte) error

type CertExtensionMode 

type CertExtensionMode int32

CertExtensionMode specifies the type of extension to use in the cert. 

const (
	// EXTENSION represents a cert extension that may or may not be
	// honored by the server.
	CertExtensionMode_EXTENSION CertExtensionMode = 0
)

func (CertExtensionMode) EnumDescriptor 

func (CertExtensionMode) EnumDescriptor() ([]byte, []int)

func (CertExtensionMode) MarshalJSON 

func (t CertExtensionMode) MarshalJSON() ([]byte, error)

func (CertExtensionMode) String 

func (x CertExtensionMode) String() string

func (*CertExtensionMode) UnmarshalJSON 

func (t *CertExtensionMode) UnmarshalJSON(b []byte) error

type CertExtensionType 

type CertExtensionType int32

CertExtensionType represents the certificate type the extension is for. Currently only ssh is supported. 

const (
	// SSH is used when extending an ssh certificate
	CertExtensionType_SSH CertExtensionType = 0
)

func (CertExtensionType) EnumDescriptor 

func (CertExtensionType) EnumDescriptor() ([]byte, []int)

func (CertExtensionType) MarshalJSON 

func (t CertExtensionType) MarshalJSON() ([]byte, error)

func (CertExtensionType) String 

func (x CertExtensionType) String() string

func (*CertExtensionType) UnmarshalJSON 

func (t *CertExtensionType) UnmarshalJSON(b []byte) error

type ClaimMapping 

type ClaimMapping struct {
	// Claim is a claim name.
	Claim string `protobuf:"bytes,1,opt,name=Claim,proto3" json:"claim"`
	// Value is a claim value to match.
	Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
	// Roles is a list of static teleport roles to match.
	Roles                []string `protobuf:"bytes,3,rep,name=Roles,proto3" json:"roles,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ClaimMapping maps a claim to teleport roles.

func (*ClaimMapping) Descriptor 

func (*ClaimMapping) Descriptor() ([]byte, []int)

func (*ClaimMapping) Marshal 

func (m *ClaimMapping) Marshal() (dAtA []byte, err error)

func (*ClaimMapping) MarshalTo 

func (m *ClaimMapping) MarshalTo(dAtA []byte) (int, error)

func (*ClaimMapping) MarshalToSizedBuffer 

func (m *ClaimMapping) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClaimMapping) ProtoMessage 

func (*ClaimMapping) ProtoMessage()

func (*ClaimMapping) Reset 

func (m *ClaimMapping) Reset()

func (*ClaimMapping) Size 

func (m *ClaimMapping) Size() (n int)

func (*ClaimMapping) String 

func (m *ClaimMapping) String() string

func (*ClaimMapping) Unmarshal 

func (m *ClaimMapping) Unmarshal(dAtA []byte) error

func (*ClaimMapping) XXX_DiscardUnknown 

func (m *ClaimMapping) XXX_DiscardUnknown()

func (*ClaimMapping) XXX_Marshal 

func (m *ClaimMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClaimMapping) XXX_Merge 

func (m *ClaimMapping) XXX_Merge(src proto.Message)

func (*ClaimMapping) XXX_Size 

func (m *ClaimMapping) XXX_Size() int

func (*ClaimMapping) XXX_Unmarshal 

func (m *ClaimMapping) XXX_Unmarshal(b []byte) error

type CloudMetadata 

type CloudMetadata struct {
	// AWSInfo contains attributes to match to an EC2 instance.
	AWS                  *AWSInfo `protobuf:"bytes,1,opt,name=AWS,proto3" json:"aws,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

CloudMetadata contains info about the cloud instance a server is running on, if any.

func (*CloudMetadata) Descriptor 

func (*CloudMetadata) Descriptor() ([]byte, []int)

func (*CloudMetadata) Marshal 

func (m *CloudMetadata) Marshal() (dAtA []byte, err error)

func (*CloudMetadata) MarshalTo 

func (m *CloudMetadata) MarshalTo(dAtA []byte) (int, error)

func (*CloudMetadata) MarshalToSizedBuffer 

func (m *CloudMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CloudMetadata) ProtoMessage 

func (*CloudMetadata) ProtoMessage()

func (*CloudMetadata) Reset 

func (m *CloudMetadata) Reset()

func (*CloudMetadata) Size 

func (m *CloudMetadata) Size() (n int)

func (*CloudMetadata) String 

func (m *CloudMetadata) String() string

func (*CloudMetadata) Unmarshal 

func (m *CloudMetadata) Unmarshal(dAtA []byte) error

func (*CloudMetadata) XXX_DiscardUnknown 

func (m *CloudMetadata) XXX_DiscardUnknown()

func (*CloudMetadata) XXX_Marshal 

func (m *CloudMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CloudMetadata) XXX_Merge 

func (m *CloudMetadata) XXX_Merge(src proto.Message)

func (*CloudMetadata) XXX_Size 

func (m *CloudMetadata) XXX_Size() int

func (*CloudMetadata) XXX_Unmarshal 

func (m *CloudMetadata) XXX_Unmarshal(b []byte) error

type ClusterAlert 

type ClusterAlert struct {
	ResourceHeader       `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	Spec                 ClusterAlertSpec `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

ClusterAlert is a cluster-level alert message.

func NewClusterAlert 

func NewClusterAlert(name string, message string, opts ...AlertOption) (ClusterAlert, error)

NewClusterAlert creates a new cluster alert.

func (*ClusterAlert) CheckAndSetDefaults 

func (c *ClusterAlert) CheckAndSetDefaults() error

CheckAndSetDefaults verifies required fields.

func (*ClusterAlert) CheckMessage 

func (c *ClusterAlert) CheckMessage() error

func (*ClusterAlert) Descriptor 

func (*ClusterAlert) Descriptor() ([]byte, []int)

func (*ClusterAlert) Marshal 

func (m *ClusterAlert) Marshal() (dAtA []byte, err error)

func (*ClusterAlert) MarshalTo 

func (m *ClusterAlert) MarshalTo(dAtA []byte) (int, error)

func (*ClusterAlert) MarshalToSizedBuffer 

func (m *ClusterAlert) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterAlert) ProtoMessage 

func (*ClusterAlert) ProtoMessage()

func (*ClusterAlert) Reset 

func (m *ClusterAlert) Reset()

func (*ClusterAlert) Size 

func (m *ClusterAlert) Size() (n int)

func (*ClusterAlert) String 

func (m *ClusterAlert) String() string

func (*ClusterAlert) Unmarshal 

func (m *ClusterAlert) Unmarshal(dAtA []byte) error

func (*ClusterAlert) XXX_DiscardUnknown 

func (m *ClusterAlert) XXX_DiscardUnknown()

func (*ClusterAlert) XXX_Marshal 

func (m *ClusterAlert) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterAlert) XXX_Merge 

func (m *ClusterAlert) XXX_Merge(src proto.Message)

func (*ClusterAlert) XXX_Size 

func (m *ClusterAlert) XXX_Size() int

func (*ClusterAlert) XXX_Unmarshal 

func (m *ClusterAlert) XXX_Unmarshal(b []byte) error

type ClusterAlertSpec 

type ClusterAlertSpec struct {
	// Severity represents how problematic/urgent the alert is.
	Severity AlertSeverity `protobuf:"varint,1,opt,name=Severity,proto3,enum=types.AlertSeverity" json:"severity"`
	// Message is the user-facing message associated with the alert.
	Message string `protobuf:"bytes,2,opt,name=Message,proto3" json:"message"`
	// Created is the time at which the alert was generated.
	Created              time.Time `protobuf:"bytes,3,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

ClusterAlertSpec is a cluster alert specification.

func (*ClusterAlertSpec) Descriptor 

func (*ClusterAlertSpec) Descriptor() ([]byte, []int)

func (*ClusterAlertSpec) Marshal 

func (m *ClusterAlertSpec) Marshal() (dAtA []byte, err error)

func (*ClusterAlertSpec) MarshalTo 

func (m *ClusterAlertSpec) MarshalTo(dAtA []byte) (int, error)

func (*ClusterAlertSpec) MarshalToSizedBuffer 

func (m *ClusterAlertSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterAlertSpec) ProtoMessage 

func (*ClusterAlertSpec) ProtoMessage()

func (*ClusterAlertSpec) Reset 

func (m *ClusterAlertSpec) Reset()

func (*ClusterAlertSpec) Size 

func (m *ClusterAlertSpec) Size() (n int)

func (*ClusterAlertSpec) String 

func (m *ClusterAlertSpec) String() string

func (*ClusterAlertSpec) Unmarshal 

func (m *ClusterAlertSpec) Unmarshal(dAtA []byte) error

func (*ClusterAlertSpec) XXX_DiscardUnknown 

func (m *ClusterAlertSpec) XXX_DiscardUnknown()

func (*ClusterAlertSpec) XXX_Marshal 

func (m *ClusterAlertSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterAlertSpec) XXX_Merge 

func (m *ClusterAlertSpec) XXX_Merge(src proto.Message)

func (*ClusterAlertSpec) XXX_Size 

func (m *ClusterAlertSpec) XXX_Size() int

func (*ClusterAlertSpec) XXX_Unmarshal 

func (m *ClusterAlertSpec) XXX_Unmarshal(b []byte) error

type ClusterAuditConfig 

type ClusterAuditConfig interface {
	Resource

	// Type gets the audit backend type.
	Type() string
	// SetType sets the audit backend type.
	SetType(string)

	// Region gets a cloud provider region.
	Region() string
	// SetRegion sets a cloud provider region.
	SetRegion(string)

	// ShouldUploadSessions returns whether audit config
	// instructs server to upload sessions.
	ShouldUploadSessions() bool

	// AuditSessionsURI gets the audit sessions URI.
	AuditSessionsURI() string
	// SetAuditSessionsURI sets the audit sessions URI.
	SetAuditSessionsURI(string)

	// AuditEventsURIs gets the audit events URIs.
	AuditEventsURIs() []string
	// SetAuditEventsURIs sets the audit events URIs.
	SetAuditEventsURIs([]string)

	// SetUseFIPSEndpoint sets the FIPS endpoint state for S3/Dynamo backends.
	SetUseFIPSEndpoint(state ClusterAuditConfigSpecV2_FIPSEndpointState)
	// GetUseFIPSEndpoint gets the current FIPS endpoint setting
	GetUseFIPSEndpoint() ClusterAuditConfigSpecV2_FIPSEndpointState

	// EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery).
	EnableContinuousBackups() bool
	// EnableAutoScaling is used to enable (or disable) auto scaling policy.
	EnableAutoScaling() bool
	// ReadMaxCapacity is the maximum provisioned read capacity.
	ReadMaxCapacity() int64
	// ReadMinCapacity is the minimum provisioned read capacity.
	ReadMinCapacity() int64
	// ReadTargetValue is the ratio of consumed read to provisioned capacity.
	ReadTargetValue() float64
	// WriteMaxCapacity is the maximum provisioned write capacity.
	WriteMaxCapacity() int64
	// WriteMinCapacity is the minimum provisioned write capacity.
	WriteMinCapacity() int64
	// WriteTargetValue is the ratio of consumed write to provisioned capacity.
	WriteTargetValue() float64
	// RetentionPeriod is the retention period for audit events.
	RetentionPeriod() *Duration
	// Clone performs a deep copy.
	Clone() ClusterAuditConfig
}

ClusterAuditConfig defines cluster-wide audit log configuration. This is a configuration resource, never create more than one instance of it.

func DefaultClusterAuditConfig 

func DefaultClusterAuditConfig() ClusterAuditConfig

DefaultClusterAuditConfig returns the default audit log configuration.

func NewClusterAuditConfig 

func NewClusterAuditConfig(spec ClusterAuditConfigSpecV2) (ClusterAuditConfig, error)

NewClusterAuditConfig is a convenience method to to create ClusterAuditConfigV2.

type ClusterAuditConfigSpecV2 

type ClusterAuditConfigSpecV2 struct {
	// Type is audit backend type
	Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type,omitempty"`
	// Region is a region setting for audit sessions used by cloud providers
	Region string `protobuf:"bytes,2,opt,name=Region,proto3" json:"region,omitempty"`
	// AuditSessionsURI is a parameter where to upload sessions
	AuditSessionsURI string `protobuf:"bytes,3,opt,name=AuditSessionsURI,proto3" json:"audit_sessions_uri,omitempty"`
	// AuditEventsURI is a parameter with all supported outputs
	// for audit events
	AuditEventsURI github_com_gravitational_teleport_api_types_wrappers.Strings `` /* 155-byte string literal not displayed */
	// EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery).
	EnableContinuousBackups bool `protobuf:"varint,6,opt,name=EnableContinuousBackups,proto3" json:"continuous_backups,omitempty"`
	// EnableAutoScaling is used to enable (or disable) auto scaling policy.
	EnableAutoScaling bool `protobuf:"varint,7,opt,name=EnableAutoScaling,proto3" json:"auto_scaling,omitempty"`
	// ReadMaxCapacity is the maximum provisioned read capacity.
	ReadMaxCapacity int64 `protobuf:"varint,8,opt,name=ReadMaxCapacity,proto3" json:"read_max_capacity,omitempty"`
	// ReadMinCapacity is the minimum provisioned read capacity.
	ReadMinCapacity int64 `protobuf:"varint,9,opt,name=ReadMinCapacity,proto3" json:"read_min_capacity,omitempty"`
	// ReadTargetValue is the ratio of consumed read to provisioned capacity.
	ReadTargetValue float64 `protobuf:"fixed64,10,opt,name=ReadTargetValue,proto3" json:"read_target_value,omitempty"`
	// WriteMaxCapacity is the maximum provisioned write capacity.
	WriteMaxCapacity int64 `protobuf:"varint,11,opt,name=WriteMaxCapacity,proto3" json:"write_max_capacity,omitempty"`
	// WriteMinCapacity is the minimum provisioned write capacity.
	WriteMinCapacity int64 `protobuf:"varint,12,opt,name=WriteMinCapacity,proto3" json:"write_min_capacity,omitempty"`
	// WriteTargetValue is the ratio of consumed write to provisioned capacity.
	WriteTargetValue float64 `protobuf:"fixed64,13,opt,name=WriteTargetValue,proto3" json:"write_target_value,omitempty"`
	// RetentionPeriod is the retention period for audit events.
	RetentionPeriod Duration `protobuf:"varint,14,opt,name=RetentionPeriod,proto3,casttype=Duration" json:"retention_period"`
	// UseFIPSEndpoint configures AWS endpoints to use FIPS.
	UseFIPSEndpoint      ClusterAuditConfigSpecV2_FIPSEndpointState `` /* 141-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
	XXX_unrecognized     []byte                                     `json:"-"`
	XXX_sizecache        int32                                      `json:"-"`
}

ClusterAuditConfigSpecV2 is the actual data we care about for ClusterAuditConfig.

func (*ClusterAuditConfigSpecV2) Descriptor 

func (*ClusterAuditConfigSpecV2) Descriptor() ([]byte, []int)

func (*ClusterAuditConfigSpecV2) Marshal 

func (m *ClusterAuditConfigSpecV2) Marshal() (dAtA []byte, err error)

func (*ClusterAuditConfigSpecV2) MarshalTo 

func (m *ClusterAuditConfigSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*ClusterAuditConfigSpecV2) MarshalToSizedBuffer 

func (m *ClusterAuditConfigSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterAuditConfigSpecV2) ProtoMessage 

func (*ClusterAuditConfigSpecV2) ProtoMessage()

func (*ClusterAuditConfigSpecV2) Reset 

func (m *ClusterAuditConfigSpecV2) Reset()

func (*ClusterAuditConfigSpecV2) Size 

func (m *ClusterAuditConfigSpecV2) Size() (n int)

func (*ClusterAuditConfigSpecV2) String 

func (m *ClusterAuditConfigSpecV2) String() string

func (*ClusterAuditConfigSpecV2) Unmarshal 

func (m *ClusterAuditConfigSpecV2) Unmarshal(dAtA []byte) error

func (*ClusterAuditConfigSpecV2) XXX_DiscardUnknown 

func (m *ClusterAuditConfigSpecV2) XXX_DiscardUnknown()

func (*ClusterAuditConfigSpecV2) XXX_Marshal 

func (m *ClusterAuditConfigSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterAuditConfigSpecV2) XXX_Merge 

func (m *ClusterAuditConfigSpecV2) XXX_Merge(src proto.Message)

func (*ClusterAuditConfigSpecV2) XXX_Size 

func (m *ClusterAuditConfigSpecV2) XXX_Size() int

func (*ClusterAuditConfigSpecV2) XXX_Unmarshal 

func (m *ClusterAuditConfigSpecV2) XXX_Unmarshal(b []byte) error

type ClusterAuditConfigSpecV2_FIPSEndpointState 

type ClusterAuditConfigSpecV2_FIPSEndpointState int32

FIPSEndpointState represents an AWS FIPS endpoint state. 

const (
	// FIPS_UNSET allows setting FIPS state for AWS S3/Dynamo using configuration files or
	// environment variables
	ClusterAuditConfigSpecV2_FIPS_UNSET ClusterAuditConfigSpecV2_FIPSEndpointState = 0
	// FIPS_ENABLED explicitly enables FIPS support for AWS S3/Dynamo
	ClusterAuditConfigSpecV2_FIPS_ENABLED ClusterAuditConfigSpecV2_FIPSEndpointState = 1
	// FIPS_DISABLED explicitly disables FIPS support for AWS S3/Dynamo
	ClusterAuditConfigSpecV2_FIPS_DISABLED ClusterAuditConfigSpecV2_FIPSEndpointState = 2
)

func (ClusterAuditConfigSpecV2_FIPSEndpointState) EnumDescriptor 

func (ClusterAuditConfigSpecV2_FIPSEndpointState) EnumDescriptor() ([]byte, []int)

func (ClusterAuditConfigSpecV2_FIPSEndpointState) String 

func (x ClusterAuditConfigSpecV2_FIPSEndpointState) String() string

type ClusterAuditConfigV2 

type ClusterAuditConfigV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is a resource version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a ClusterAuditConfig specification
	Spec                 ClusterAuditConfigSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
	XXX_unrecognized     []byte                   `json:"-"`
	XXX_sizecache        int32                    `json:"-"`
}

ClusterAuditConfigV2 represents audit log settings in the cluster.

func (*ClusterAuditConfigV2) AuditEventsURIs 

func (c *ClusterAuditConfigV2) AuditEventsURIs() []string

AuditEventsURIs gets the audit events URIs.

func (*ClusterAuditConfigV2) AuditSessionsURI 

func (c *ClusterAuditConfigV2) AuditSessionsURI() string

AuditSessionsURI gets the audit sessions URI.

func (*ClusterAuditConfigV2) CheckAndSetDefaults 

func (c *ClusterAuditConfigV2) CheckAndSetDefaults() error

CheckAndSetDefaults verifies the constraints for ClusterAuditConfig.

func (*ClusterAuditConfigV2) Clone 

func (c *ClusterAuditConfigV2) Clone() ClusterAuditConfig

Clone performs a deep copy.

func (*ClusterAuditConfigV2) Descriptor 

func (*ClusterAuditConfigV2) Descriptor() ([]byte, []int)

func (*ClusterAuditConfigV2) EnableAutoScaling 

func (c *ClusterAuditConfigV2) EnableAutoScaling() bool

EnableAutoScaling is used to enable (or disable) auto scaling policy.

func (*ClusterAuditConfigV2) EnableContinuousBackups 

func (c *ClusterAuditConfigV2) EnableContinuousBackups() bool

EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery).

func (*ClusterAuditConfigV2) Expiry 

func (c *ClusterAuditConfigV2) Expiry() time.Time

Expiry returns object expiry setting.

func (*ClusterAuditConfigV2) GetKind 

func (c *ClusterAuditConfigV2) GetKind() string

GetKind returns resource kind.

func (*ClusterAuditConfigV2) GetMetadata 

func (c *ClusterAuditConfigV2) GetMetadata() Metadata

GetMetadata returns object metadata.

func (*ClusterAuditConfigV2) GetName 

func (c *ClusterAuditConfigV2) GetName() string

GetName returns the name of the resource.

func (*ClusterAuditConfigV2) GetRevision 

func (c *ClusterAuditConfigV2) GetRevision() string

GetRevision returns the revision

func (*ClusterAuditConfigV2) GetSubKind 

func (c *ClusterAuditConfigV2) GetSubKind() string

GetSubKind returns resource subkind.

func (*ClusterAuditConfigV2) GetUseFIPSEndpoint 

func (c *ClusterAuditConfigV2) GetUseFIPSEndpoint() ClusterAuditConfigSpecV2_FIPSEndpointState

GetUseFIPSEndpoint gets the current FIPS endpoint setting

func (*ClusterAuditConfigV2) GetVersion 

func (c *ClusterAuditConfigV2) GetVersion() string

GetVersion returns resource version.

func (*ClusterAuditConfigV2) Marshal 

func (m *ClusterAuditConfigV2) Marshal() (dAtA []byte, err error)

func (*ClusterAuditConfigV2) MarshalTo 

func (m *ClusterAuditConfigV2) MarshalTo(dAtA []byte) (int, error)

func (*ClusterAuditConfigV2) MarshalToSizedBuffer 

func (m *ClusterAuditConfigV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterAuditConfigV2) ProtoMessage 

func (*ClusterAuditConfigV2) ProtoMessage()

func (*ClusterAuditConfigV2) ReadMaxCapacity 

func (c *ClusterAuditConfigV2) ReadMaxCapacity() int64

ReadMaxCapacity is the maximum provisioned read capacity.

func (*ClusterAuditConfigV2) ReadMinCapacity 

func (c *ClusterAuditConfigV2) ReadMinCapacity() int64

ReadMinCapacity is the minimum provisioned read capacity.

func (*ClusterAuditConfigV2) ReadTargetValue 

func (c *ClusterAuditConfigV2) ReadTargetValue() float64

ReadTargetValue is the ratio of consumed read to provisioned capacity.

func (*ClusterAuditConfigV2) Region 

func (c *ClusterAuditConfigV2) Region() string

Region gets a cloud provider region.

func (*ClusterAuditConfigV2) Reset 

func (m *ClusterAuditConfigV2) Reset()

func (*ClusterAuditConfigV2) RetentionPeriod 

func (c *ClusterAuditConfigV2) RetentionPeriod() *Duration

RetentionPeriod is the retention period for audit events.

func (*ClusterAuditConfigV2) SetAuditEventsURIs 

func (c *ClusterAuditConfigV2) SetAuditEventsURIs(uris []string)

SetAuditEventsURIs sets the audit events URIs.

func (*ClusterAuditConfigV2) SetAuditSessionsURI 

func (c *ClusterAuditConfigV2) SetAuditSessionsURI(uri string)

SetAuditSessionsURI sets the audit sessions URI.

func (*ClusterAuditConfigV2) SetExpiry 

func (c *ClusterAuditConfigV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object.

func (*ClusterAuditConfigV2) SetName 

func (c *ClusterAuditConfigV2) SetName(e string)

SetName sets the name of the resource.

func (*ClusterAuditConfigV2) SetRegion 

func (c *ClusterAuditConfigV2) SetRegion(region string)

SetRegion sets a cloud provider region.

func (*ClusterAuditConfigV2) SetRevision 

func (c *ClusterAuditConfigV2) SetRevision(rev string)

SetRevision sets the revision

func (*ClusterAuditConfigV2) SetSubKind 

func (c *ClusterAuditConfigV2) SetSubKind(sk string)

SetSubKind sets resource subkind.

func (*ClusterAuditConfigV2) SetType 

func (c *ClusterAuditConfigV2) SetType(backendType string)

SetType sets the audit backend type.

func (*ClusterAuditConfigV2) SetUseFIPSEndpoint 

func (c *ClusterAuditConfigV2) SetUseFIPSEndpoint(state ClusterAuditConfigSpecV2_FIPSEndpointState)

SetUseFIPSEndpoint sets the FIPS endpoint state for S3/Dynamo backends.

func (*ClusterAuditConfigV2) ShouldUploadSessions 

func (c *ClusterAuditConfigV2) ShouldUploadSessions() bool

ShouldUploadSessions returns whether audit config instructs server to upload sessions.

func (*ClusterAuditConfigV2) Size 

func (m *ClusterAuditConfigV2) Size() (n int)

func (*ClusterAuditConfigV2) String 

func (m *ClusterAuditConfigV2) String() string

func (*ClusterAuditConfigV2) Type 

func (c *ClusterAuditConfigV2) Type() string

Type gets the audit backend type.

func (*ClusterAuditConfigV2) Unmarshal 

func (m *ClusterAuditConfigV2) Unmarshal(dAtA []byte) error

func (*ClusterAuditConfigV2) WriteMaxCapacity 

func (c *ClusterAuditConfigV2) WriteMaxCapacity() int64

WriteMaxCapacity is the maximum provisioned write capacity.

func (*ClusterAuditConfigV2) WriteMinCapacity 

func (c *ClusterAuditConfigV2) WriteMinCapacity() int64

WriteMinCapacity is the minimum provisioned write capacity.

func (*ClusterAuditConfigV2) WriteTargetValue 

func (c *ClusterAuditConfigV2) WriteTargetValue() float64

WriteTargetValue is the ratio of consumed write to provisioned capacity.

func (*ClusterAuditConfigV2) XXX_DiscardUnknown 

func (m *ClusterAuditConfigV2) XXX_DiscardUnknown()

func (*ClusterAuditConfigV2) XXX_Marshal 

func (m *ClusterAuditConfigV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterAuditConfigV2) XXX_Merge 

func (m *ClusterAuditConfigV2) XXX_Merge(src proto.Message)

func (*ClusterAuditConfigV2) XXX_Size 

func (m *ClusterAuditConfigV2) XXX_Size() int

func (*ClusterAuditConfigV2) XXX_Unmarshal 

func (m *ClusterAuditConfigV2) XXX_Unmarshal(b []byte) error

type ClusterMaintenanceConfig 

type ClusterMaintenanceConfig interface {
	Resource

	// GetNonce gets the nonce of the maintenance config.
	GetNonce() uint64

	// WithNonce creates a shallow copy with a new nonce.
	WithNonce(nonce uint64) any

	// GetAgentUpgradeWindow gets the agent upgrade window.
	GetAgentUpgradeWindow() (win AgentUpgradeWindow, ok bool)

	// SetAgentUpgradeWindow sets the agent upgrade window.
	SetAgentUpgradeWindow(win AgentUpgradeWindow)

	// WithinUpgradeWindow returns true if the time is within the configured
	// upgrade window.
	WithinUpgradeWindow(t time.Time) bool

	CheckAndSetDefaults() error
}

ClusterMaintenanceConfig represents a singleton config object used to schedule maintenance windows. Currently this config object's only purpose is to configure a global agent upgrade window, used to coordinate upgrade timing for non-control-plane agents.

func NewClusterMaintenanceConfig 

func NewClusterMaintenanceConfig() ClusterMaintenanceConfig

NewClusterMaintenanceConfig creates a new maintenance config with no parameters set.

type ClusterMaintenanceConfigSpecV1 

type ClusterMaintenanceConfigSpecV1 struct {
	// AgentUpgrades encodes the agent upgrade window.
	AgentUpgrades        *AgentUpgradeWindow `protobuf:"bytes,1,opt,name=AgentUpgrades,proto3" json:"agent_upgrades,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

ClusterMaintenanceConfigSpecV1 encodes the parameters of the upgrade window config object.

func (*ClusterMaintenanceConfigSpecV1) Descriptor 

func (*ClusterMaintenanceConfigSpecV1) Descriptor() ([]byte, []int)

func (*ClusterMaintenanceConfigSpecV1) Marshal 

func (m *ClusterMaintenanceConfigSpecV1) Marshal() (dAtA []byte, err error)

func (*ClusterMaintenanceConfigSpecV1) MarshalTo 

func (m *ClusterMaintenanceConfigSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*ClusterMaintenanceConfigSpecV1) MarshalToSizedBuffer 

func (m *ClusterMaintenanceConfigSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterMaintenanceConfigSpecV1) ProtoMessage 

func (*ClusterMaintenanceConfigSpecV1) ProtoMessage()

func (*ClusterMaintenanceConfigSpecV1) Reset 

func (m *ClusterMaintenanceConfigSpecV1) Reset()

func (*ClusterMaintenanceConfigSpecV1) Size 

func (m *ClusterMaintenanceConfigSpecV1) Size() (n int)

func (*ClusterMaintenanceConfigSpecV1) String 

func (m *ClusterMaintenanceConfigSpecV1) String() string

func (*ClusterMaintenanceConfigSpecV1) Unmarshal 

func (m *ClusterMaintenanceConfigSpecV1) Unmarshal(dAtA []byte) error

func (*ClusterMaintenanceConfigSpecV1) XXX_DiscardUnknown 

func (m *ClusterMaintenanceConfigSpecV1) XXX_DiscardUnknown()

func (*ClusterMaintenanceConfigSpecV1) XXX_Marshal 

func (m *ClusterMaintenanceConfigSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterMaintenanceConfigSpecV1) XXX_Merge 

func (m *ClusterMaintenanceConfigSpecV1) XXX_Merge(src proto.Message)

func (*ClusterMaintenanceConfigSpecV1) XXX_Size 

func (m *ClusterMaintenanceConfigSpecV1) XXX_Size() int

func (*ClusterMaintenanceConfigSpecV1) XXX_Unmarshal 

func (m *ClusterMaintenanceConfigSpecV1) XXX_Unmarshal(b []byte) error

type ClusterMaintenanceConfigV1 

type ClusterMaintenanceConfigV1 struct {
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	Spec           ClusterMaintenanceConfigSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	// Nonce is used to protect against concurrent modification of the maintenance
	// window. Clients should treat nonces as opaque.
	Nonce                uint64   `protobuf:"varint,3,opt,name=Nonce,proto3" json:"nonce,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ClusterMaintenanceConfigV1 is a config singleton used to configure infrequent cluster maintenance operations.

func (*ClusterMaintenanceConfigV1) CheckAndSetDefaults 

func (m *ClusterMaintenanceConfigV1) CheckAndSetDefaults() error

func (*ClusterMaintenanceConfigV1) Descriptor 

func (*ClusterMaintenanceConfigV1) Descriptor() ([]byte, []int)

func (*ClusterMaintenanceConfigV1) GetAgentUpgradeWindow 

func (m *ClusterMaintenanceConfigV1) GetAgentUpgradeWindow() (win AgentUpgradeWindow, ok bool)

func (*ClusterMaintenanceConfigV1) GetNonce 

func (m *ClusterMaintenanceConfigV1) GetNonce() uint64

func (*ClusterMaintenanceConfigV1) Marshal 

func (m *ClusterMaintenanceConfigV1) Marshal() (dAtA []byte, err error)

func (*ClusterMaintenanceConfigV1) MarshalTo 

func (m *ClusterMaintenanceConfigV1) MarshalTo(dAtA []byte) (int, error)

func (*ClusterMaintenanceConfigV1) MarshalToSizedBuffer 

func (m *ClusterMaintenanceConfigV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterMaintenanceConfigV1) ProtoMessage 

func (*ClusterMaintenanceConfigV1) ProtoMessage()

func (*ClusterMaintenanceConfigV1) Reset 

func (m *ClusterMaintenanceConfigV1) Reset()

func (*ClusterMaintenanceConfigV1) SetAgentUpgradeWindow 

func (m *ClusterMaintenanceConfigV1) SetAgentUpgradeWindow(win AgentUpgradeWindow)

func (*ClusterMaintenanceConfigV1) Size 

func (m *ClusterMaintenanceConfigV1) Size() (n int)

func (*ClusterMaintenanceConfigV1) String 

func (m *ClusterMaintenanceConfigV1) String() string

func (*ClusterMaintenanceConfigV1) Unmarshal 

func (m *ClusterMaintenanceConfigV1) Unmarshal(dAtA []byte) error

func (*ClusterMaintenanceConfigV1) WithNonce 

func (m *ClusterMaintenanceConfigV1) WithNonce(nonce uint64) any

func (*ClusterMaintenanceConfigV1) WithinUpgradeWindow 

func (m *ClusterMaintenanceConfigV1) WithinUpgradeWindow(t time.Time) bool

WithinUpgradeWindow returns true if the time is within the configured upgrade window.

func (*ClusterMaintenanceConfigV1) XXX_DiscardUnknown 

func (m *ClusterMaintenanceConfigV1) XXX_DiscardUnknown()

func (*ClusterMaintenanceConfigV1) XXX_Marshal 

func (m *ClusterMaintenanceConfigV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterMaintenanceConfigV1) XXX_Merge 

func (m *ClusterMaintenanceConfigV1) XXX_Merge(src proto.Message)

func (*ClusterMaintenanceConfigV1) XXX_Size 

func (m *ClusterMaintenanceConfigV1) XXX_Size() int

func (*ClusterMaintenanceConfigV1) XXX_Unmarshal 

func (m *ClusterMaintenanceConfigV1) XXX_Unmarshal(b []byte) error

type ClusterName 

type ClusterName interface {
	// Resource provides common resource properties.
	Resource

	// SetClusterName sets the name of the cluster.
	SetClusterName(string)
	// GetClusterName gets the name of the cluster.
	GetClusterName() string

	// SetClusterID sets the ID of the cluster.
	SetClusterID(string)
	// GetClusterID gets the ID of the cluster.
	GetClusterID() string

	// Clone performs a deep copy.
	Clone() ClusterName
}

ClusterName defines the name of the cluster. This is a configuration resource, never create more than one instance of it.

func NewClusterName 

func NewClusterName(spec ClusterNameSpecV2) (ClusterName, error)

NewClusterName is a convenience wrapper to create a ClusterName resource.

type ClusterNameSpecV2 

type ClusterNameSpecV2 struct {
	// ClusterName is the name of the cluster. Changing this value once the
	// cluster is setup can and will cause catastrophic problems.
	ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name"`
	// ClusterID is the unique cluster ID that is set once during the first
	// Auth Service startup.
	ClusterID            string   `protobuf:"bytes,2,opt,name=ClusterID,proto3" json:"cluster_id"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ClusterNameSpecV2 is the actual data we care about for ClusterName.

func (*ClusterNameSpecV2) Descriptor 

func (*ClusterNameSpecV2) Descriptor() ([]byte, []int)

func (*ClusterNameSpecV2) Marshal 

func (m *ClusterNameSpecV2) Marshal() (dAtA []byte, err error)

func (*ClusterNameSpecV2) MarshalTo 

func (m *ClusterNameSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*ClusterNameSpecV2) MarshalToSizedBuffer 

func (m *ClusterNameSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterNameSpecV2) ProtoMessage 

func (*ClusterNameSpecV2) ProtoMessage()

func (*ClusterNameSpecV2) Reset 

func (m *ClusterNameSpecV2) Reset()

func (*ClusterNameSpecV2) Size 

func (m *ClusterNameSpecV2) Size() (n int)

func (*ClusterNameSpecV2) String 

func (m *ClusterNameSpecV2) String() string

func (*ClusterNameSpecV2) Unmarshal 

func (m *ClusterNameSpecV2) Unmarshal(dAtA []byte) error

func (*ClusterNameSpecV2) XXX_DiscardUnknown 

func (m *ClusterNameSpecV2) XXX_DiscardUnknown()

func (*ClusterNameSpecV2) XXX_Marshal 

func (m *ClusterNameSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterNameSpecV2) XXX_Merge 

func (m *ClusterNameSpecV2) XXX_Merge(src proto.Message)

func (*ClusterNameSpecV2) XXX_Size 

func (m *ClusterNameSpecV2) XXX_Size() int

func (*ClusterNameSpecV2) XXX_Unmarshal 

func (m *ClusterNameSpecV2) XXX_Unmarshal(b []byte) error

type ClusterNameV2 

type ClusterNameV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a cluster name V2 spec
	Spec                 ClusterNameSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

ClusterNameV2 implements the ClusterName interface.

func (*ClusterNameV2) CheckAndSetDefaults 

func (c *ClusterNameV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults.

func (*ClusterNameV2) Clone 

func (c *ClusterNameV2) Clone() ClusterName

Clone performs a deep copy.

func (*ClusterNameV2) Descriptor 

func (*ClusterNameV2) Descriptor() ([]byte, []int)

func (*ClusterNameV2) Expiry 

func (c *ClusterNameV2) Expiry() time.Time

Expiry returns object expiry setting

func (*ClusterNameV2) GetClusterID 

func (c *ClusterNameV2) GetClusterID() string

GetClusterID gets the ID of the cluster.

func (*ClusterNameV2) GetClusterName 

func (c *ClusterNameV2) GetClusterName() string

GetClusterName gets the name of the cluster.

func (*ClusterNameV2) GetKind 

func (c *ClusterNameV2) GetKind() string

GetKind returns resource kind

func (*ClusterNameV2) GetMetadata 

func (c *ClusterNameV2) GetMetadata() Metadata

GetMetadata returns object metadata

func (*ClusterNameV2) GetName 

func (c *ClusterNameV2) GetName() string

GetName returns the name of the cluster.

func (*ClusterNameV2) GetRevision 

func (c *ClusterNameV2) GetRevision() string

GetRevision returns the revision

func (*ClusterNameV2) GetSubKind 

func (c *ClusterNameV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*ClusterNameV2) GetVersion 

func (c *ClusterNameV2) GetVersion() string

GetVersion returns resource version

func (*ClusterNameV2) Marshal 

func (m *ClusterNameV2) Marshal() (dAtA []byte, err error)

func (*ClusterNameV2) MarshalTo 

func (m *ClusterNameV2) MarshalTo(dAtA []byte) (int, error)

func (*ClusterNameV2) MarshalToSizedBuffer 

func (m *ClusterNameV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterNameV2) ProtoMessage 

func (*ClusterNameV2) ProtoMessage()

func (*ClusterNameV2) Reset 

func (m *ClusterNameV2) Reset()

func (*ClusterNameV2) SetClusterID 

func (c *ClusterNameV2) SetClusterID(id string)

SetClusterID sets the ID of the cluster.

func (*ClusterNameV2) SetClusterName 

func (c *ClusterNameV2) SetClusterName(n string)

SetClusterName sets the name of the cluster.

func (*ClusterNameV2) SetExpiry 

func (c *ClusterNameV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*ClusterNameV2) SetName 

func (c *ClusterNameV2) SetName(e string)

SetName sets the name of the cluster.

func (*ClusterNameV2) SetRevision 

func (c *ClusterNameV2) SetRevision(rev string)

SetRevision sets the revision

func (*ClusterNameV2) SetSubKind 

func (c *ClusterNameV2) SetSubKind(sk string)

SetSubKind sets resource subkind

func (*ClusterNameV2) Size 

func (m *ClusterNameV2) Size() (n int)

func (*ClusterNameV2) String 

func (c *ClusterNameV2) String() string

String represents a human readable version of the cluster name.

func (*ClusterNameV2) Unmarshal 

func (m *ClusterNameV2) Unmarshal(dAtA []byte) error

func (*ClusterNameV2) XXX_DiscardUnknown 

func (m *ClusterNameV2) XXX_DiscardUnknown()

func (*ClusterNameV2) XXX_Marshal 

func (m *ClusterNameV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterNameV2) XXX_Merge 

func (m *ClusterNameV2) XXX_Merge(src proto.Message)

func (*ClusterNameV2) XXX_Size 

func (m *ClusterNameV2) XXX_Size() int

func (*ClusterNameV2) XXX_Unmarshal 

func (m *ClusterNameV2) XXX_Unmarshal(b []byte) error

type ClusterNetworkingConfig 

type ClusterNetworkingConfig interface {
	ResourceWithOrigin

	// GetClientIdleTimeout returns client idle timeout setting
	GetClientIdleTimeout() time.Duration

	// SetClientIdleTimeout sets client idle timeout setting
	SetClientIdleTimeout(t time.Duration)

	// GetKeepAliveInterval gets the keep-alive interval for server to client
	// connections.
	GetKeepAliveInterval() time.Duration

	// SetKeepAliveInterval sets the keep-alive interval for server to client
	// connections.
	SetKeepAliveInterval(t time.Duration)

	// GetKeepAliveCountMax gets the number of missed keep-alive messages before
	// the server disconnects the client.
	GetKeepAliveCountMax() int64

	// SetKeepAliveCountMax sets the number of missed keep-alive messages before
	// the server disconnects the client.
	SetKeepAliveCountMax(c int64)

	// GetSessionControlTimeout gets the session control timeout.
	GetSessionControlTimeout() time.Duration

	// SetSessionControlTimeout sets the session control timeout.
	SetSessionControlTimeout(t time.Duration)

	// GetClientIdleTimeoutMessage fetches the message to be sent to the client in
	// the event of an idle timeout. An empty string implies no message should
	// be sent.
	GetClientIdleTimeoutMessage() string

	// SetClientIdleTimeoutMessage sets the inactivity timeout disconnection message
	// to be sent to the user.
	SetClientIdleTimeoutMessage(string)

	// GetWebIdleTimeout gets web idle timeout duration.
	GetWebIdleTimeout() time.Duration

	// SetWebIdleTimeout sets the web idle timeout duration.
	SetWebIdleTimeout(time.Duration)

	// GetProxyListenerMode gets the proxy listener mode.
	GetProxyListenerMode() ProxyListenerMode

	// SetProxyListenerMode sets the proxy listener mode.
	SetProxyListenerMode(ProxyListenerMode)

	// Clone performs a deep copy.
	Clone() ClusterNetworkingConfig

	// GetRoutingStrategy gets the routing strategy setting.
	GetRoutingStrategy() RoutingStrategy

	// SetRoutingStrategy sets the routing strategy setting.
	SetRoutingStrategy(strategy RoutingStrategy)

	// GetTunnelStrategy gets the tunnel strategy.
	GetTunnelStrategyType() (TunnelStrategyType, error)

	// GetAgentMeshTunnelStrategy gets the agent mesh tunnel strategy.
	GetAgentMeshTunnelStrategy() *AgentMeshTunnelStrategy

	// GetProxyPeeringTunnelStrategy gets the proxy peering tunnel strategy.
	GetProxyPeeringTunnelStrategy() *ProxyPeeringTunnelStrategy

	// SetTunnelStrategy sets the tunnel strategy.
	SetTunnelStrategy(*TunnelStrategyV1)

	// GetProxyPingInterval gets the proxy ping interval.
	GetProxyPingInterval() time.Duration

	// SetProxyPingInterval sets the proxy ping interval.
	SetProxyPingInterval(time.Duration)

	// GetCaseInsensitiveRouting gets the case-insensitive routing option.
	GetCaseInsensitiveRouting() bool

	// SetCaseInsensitiveRouting sets the case-insenstivie routing option.
	SetCaseInsensitiveRouting(cir bool)

	// GetSSHDialTimeout gets timeout value that should be used for SSH connections.
	GetSSHDialTimeout() time.Duration

	// SetSSHDialTimeout sets the timeout value that should be used for SSH connections.
	SetSSHDialTimeout(t time.Duration)
}

ClusterNetworkingConfig defines cluster networking configuration. This is a configuration resource, never create more than one instance of it.

func DefaultClusterNetworkingConfig 

func DefaultClusterNetworkingConfig() ClusterNetworkingConfig

DefaultClusterNetworkingConfig returns the default cluster networking config.

func NewClusterNetworkingConfigFromConfigFile 

func NewClusterNetworkingConfigFromConfigFile(spec ClusterNetworkingConfigSpecV2) (ClusterNetworkingConfig, error)

NewClusterNetworkingConfigFromConfigFile is a convenience method to create ClusterNetworkingConfigV2 labeled as originating from config file.

type ClusterNetworkingConfigSpecV2 

type ClusterNetworkingConfigSpecV2 struct {
	// ClientIdleTimeout sets global cluster default setting for client idle
	// timeouts.
	ClientIdleTimeout Duration `protobuf:"varint,1,opt,name=ClientIdleTimeout,proto3,casttype=Duration" json:"client_idle_timeout"`
	// KeepAliveInterval is the interval at which the server sends keep-alive messages
	// to the client.
	KeepAliveInterval Duration `protobuf:"varint,2,opt,name=KeepAliveInterval,proto3,casttype=Duration" json:"keep_alive_interval"`
	// KeepAliveCountMax is the number of keep-alive messages that can be
	// missed before the server disconnects the connection to the client.
	KeepAliveCountMax int64 `protobuf:"varint,3,opt,name=KeepAliveCountMax,proto3" json:"keep_alive_count_max"`
	// SessionControlTimeout is the session control lease expiry and defines
	// the upper limit of how long a node may be out of contact with the auth
	// server before it begins terminating controlled sessions.
	SessionControlTimeout Duration `protobuf:"varint,4,opt,name=SessionControlTimeout,proto3,casttype=Duration" json:"session_control_timeout"`
	// ClientIdleTimeoutMessage is the message sent to the user when a connection times out.
	ClientIdleTimeoutMessage string `protobuf:"bytes,5,opt,name=ClientIdleTimeoutMessage,proto3" json:"idle_timeout_message"`
	// WebIdleTimeout sets global cluster default setting for the web UI idle
	// timeouts.
	WebIdleTimeout Duration `protobuf:"varint,6,opt,name=WebIdleTimeout,proto3,casttype=Duration" json:"web_idle_timeout"`
	// ProxyListenerMode is proxy listener mode used by Teleport Proxies.
	// 0 is "separate"; 1 is "multiplex".
	ProxyListenerMode ProxyListenerMode `protobuf:"varint,7,opt,name=ProxyListenerMode,proto3,enum=types.ProxyListenerMode" json:"proxy_listener_mode,omitempty"`
	// RoutingStrategy determines the strategy used to route to nodes.
	// 0 is "unambiguous_match"; 1 is "most_recent".
	RoutingStrategy RoutingStrategy `protobuf:"varint,8,opt,name=RoutingStrategy,proto3,enum=types.RoutingStrategy" json:"routing_strategy,omitempty"`
	// TunnelStrategyV1 determines the tunnel strategy used in the cluster.
	TunnelStrategy *TunnelStrategyV1 `protobuf:"bytes,9,opt,name=TunnelStrategy,proto3" json:"tunnel_strategy,omitempty"`
	// ProxyPingInterval defines in which interval the TLS routing ping message
	// should be sent. This is applicable only when using ping-wrapped
	// connections, regular TLS routing connections are not affected.
	ProxyPingInterval Duration `protobuf:"varint,10,opt,name=ProxyPingInterval,proto3,casttype=Duration" json:"proxy_ping_interval,omitempty"`
	// AssistCommandExecutionWorkers determines the number of workers that will
	// execute arbitrary Assist commands on servers in parallel
	AssistCommandExecutionWorkers int32 `protobuf:"varint,11,opt,name=AssistCommandExecutionWorkers,proto3" json:"assist_command_execution_workers,omitempty"`
	// CaseInsensitiveRouting causes proxies to use case-insensitive hostname matching.
	CaseInsensitiveRouting bool `protobuf:"varint,12,opt,name=CaseInsensitiveRouting,proto3" json:"case_insensitive_routing,omitempty"`
	// SSHDialTimeout is a custom dial timeout used when establishing
	// SSH connections. If not set, the default timeout of 30s will be used.
	SSHDialTimeout       Duration `protobuf:"varint,13,opt,name=SSHDialTimeout,proto3,casttype=Duration" json:"ssh_dial_timeout,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ClusterNetworkingConfigSpecV2 is the actual data we care about for ClusterNetworkingConfig.

func (*ClusterNetworkingConfigSpecV2) Descriptor 

func (*ClusterNetworkingConfigSpecV2) Descriptor() ([]byte, []int)

func (*ClusterNetworkingConfigSpecV2) Marshal 

func (m *ClusterNetworkingConfigSpecV2) Marshal() (dAtA []byte, err error)

func (*ClusterNetworkingConfigSpecV2) MarshalTo 

func (m *ClusterNetworkingConfigSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*ClusterNetworkingConfigSpecV2) MarshalToSizedBuffer 

func (m *ClusterNetworkingConfigSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterNetworkingConfigSpecV2) ProtoMessage 

func (*ClusterNetworkingConfigSpecV2) ProtoMessage()

func (*ClusterNetworkingConfigSpecV2) Reset 

func (m *ClusterNetworkingConfigSpecV2) Reset()

func (*ClusterNetworkingConfigSpecV2) Size 

func (m *ClusterNetworkingConfigSpecV2) Size() (n int)

func (*ClusterNetworkingConfigSpecV2) String 

func (m *ClusterNetworkingConfigSpecV2) String() string

func (*ClusterNetworkingConfigSpecV2) Unmarshal 

func (m *ClusterNetworkingConfigSpecV2) Unmarshal(dAtA []byte) error

func (*ClusterNetworkingConfigSpecV2) XXX_DiscardUnknown 

func (m *ClusterNetworkingConfigSpecV2) XXX_DiscardUnknown()

func (*ClusterNetworkingConfigSpecV2) XXX_Marshal 

func (m *ClusterNetworkingConfigSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterNetworkingConfigSpecV2) XXX_Merge 

func (m *ClusterNetworkingConfigSpecV2) XXX_Merge(src proto.Message)

func (*ClusterNetworkingConfigSpecV2) XXX_Size 

func (m *ClusterNetworkingConfigSpecV2) XXX_Size() int

func (*ClusterNetworkingConfigSpecV2) XXX_Unmarshal 

func (m *ClusterNetworkingConfigSpecV2) XXX_Unmarshal(b []byte) error

type ClusterNetworkingConfigV2 

type ClusterNetworkingConfigV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are:`v2`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a ClusterNetworkingConfig specification
	Spec                 ClusterNetworkingConfigSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                      `json:"-"`
	XXX_unrecognized     []byte                        `json:"-"`
	XXX_sizecache        int32                         `json:"-"`
}

ClusterNetworkingConfigV2 contains cluster-wide networking configuration.

func (*ClusterNetworkingConfigV2) CheckAndSetDefaults 

func (c *ClusterNetworkingConfigV2) CheckAndSetDefaults() error

CheckAndSetDefaults verifies the constraints for ClusterNetworkingConfig.

func (*ClusterNetworkingConfigV2) Clone 

func (c *ClusterNetworkingConfigV2) Clone() ClusterNetworkingConfig

Clone performs a deep copy.

func (*ClusterNetworkingConfigV2) Descriptor 

func (*ClusterNetworkingConfigV2) Descriptor() ([]byte, []int)

func (*ClusterNetworkingConfigV2) Expiry 

func (c *ClusterNetworkingConfigV2) Expiry() time.Time

Expiry returns object expiry setting.

func (*ClusterNetworkingConfigV2) GetAgentMeshTunnelStrategy 

func (c *ClusterNetworkingConfigV2) GetAgentMeshTunnelStrategy() *AgentMeshTunnelStrategy

GetAgentMeshTunnelStrategy gets the agent mesh tunnel strategy.

func (*ClusterNetworkingConfigV2) GetCaseInsensitiveRouting 

func (c *ClusterNetworkingConfigV2) GetCaseInsensitiveRouting() bool

GetCaseInsensitiveRouting gets the case-insensitive routing option.

func (*ClusterNetworkingConfigV2) GetClientIdleTimeout 

func (c *ClusterNetworkingConfigV2) GetClientIdleTimeout() time.Duration

GetClientIdleTimeout returns client idle timeout setting.

func (*ClusterNetworkingConfigV2) GetClientIdleTimeoutMessage 

func (c *ClusterNetworkingConfigV2) GetClientIdleTimeoutMessage() string

func (*ClusterNetworkingConfigV2) GetKeepAliveCountMax 

func (c *ClusterNetworkingConfigV2) GetKeepAliveCountMax() int64

GetKeepAliveCountMax gets the number of missed keep-alive messages before the server disconnects the client.

func (*ClusterNetworkingConfigV2) GetKeepAliveInterval 

func (c *ClusterNetworkingConfigV2) GetKeepAliveInterval() time.Duration

GetKeepAliveInterval gets the keep-alive interval.

func (*ClusterNetworkingConfigV2) GetKind 

func (c *ClusterNetworkingConfigV2) GetKind() string

GetKind returns resource kind.

func (*ClusterNetworkingConfigV2) GetMetadata 

func (c *ClusterNetworkingConfigV2) GetMetadata() Metadata

GetMetadata returns object metadata.

func (*ClusterNetworkingConfigV2) GetName 

func (c *ClusterNetworkingConfigV2) GetName() string

GetName returns the name of the resource.

func (*ClusterNetworkingConfigV2) GetProxyListenerMode 

func (c *ClusterNetworkingConfigV2) GetProxyListenerMode() ProxyListenerMode

GetProxyListenerMode gets the proxy listener mode.

func (*ClusterNetworkingConfigV2) GetProxyPeeringTunnelStrategy 

func (c *ClusterNetworkingConfigV2) GetProxyPeeringTunnelStrategy() *ProxyPeeringTunnelStrategy

GetProxyPeeringTunnelStrategy gets the proxy peering tunnel strategy.

func (*ClusterNetworkingConfigV2) GetProxyPingInterval 

func (c *ClusterNetworkingConfigV2) GetProxyPingInterval() time.Duration

GetProxyPingInterval gets the proxy ping interval.

func (*ClusterNetworkingConfigV2) GetRevision 

func (c *ClusterNetworkingConfigV2) GetRevision() string

GetRevision returns the revision

func (*ClusterNetworkingConfigV2) GetRoutingStrategy 

func (c *ClusterNetworkingConfigV2) GetRoutingStrategy() RoutingStrategy

GetRoutingStrategy gets the routing strategy setting.

func (*ClusterNetworkingConfigV2) GetSSHDialTimeout 

func (c *ClusterNetworkingConfigV2) GetSSHDialTimeout() time.Duration

GetSSHDialTimeout returns the timeout to be used for SSH connections. If the value is not set, or was intentionally set to zero or a negative value, defaults.DefaultIOTimeout is returned instead. This is because a zero value cannot be distinguished to mean no timeout, or that a value had never been set.

func (*ClusterNetworkingConfigV2) GetSessionControlTimeout 

func (c *ClusterNetworkingConfigV2) GetSessionControlTimeout() time.Duration

GetSessionControlTimeout gets the session control timeout.

func (*ClusterNetworkingConfigV2) GetSubKind 

func (c *ClusterNetworkingConfigV2) GetSubKind() string

GetSubKind returns resource subkind.

func (*ClusterNetworkingConfigV2) GetTunnelStrategyType 

func (c *ClusterNetworkingConfigV2) GetTunnelStrategyType() (TunnelStrategyType, error)

GetTunnelStrategy gets the tunnel strategy type.

func (*ClusterNetworkingConfigV2) GetVersion 

func (c *ClusterNetworkingConfigV2) GetVersion() string

GetVersion returns resource version.

func (*ClusterNetworkingConfigV2) GetWebIdleTimeout 

func (c *ClusterNetworkingConfigV2) GetWebIdleTimeout() time.Duration

GetWebIdleTimeout gets the web idle timeout.

func (*ClusterNetworkingConfigV2) Marshal 

func (m *ClusterNetworkingConfigV2) Marshal() (dAtA []byte, err error)

func (*ClusterNetworkingConfigV2) MarshalTo 

func (m *ClusterNetworkingConfigV2) MarshalTo(dAtA []byte) (int, error)

func (*ClusterNetworkingConfigV2) MarshalToSizedBuffer 

func (m *ClusterNetworkingConfigV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ClusterNetworkingConfigV2) Origin 

func (c *ClusterNetworkingConfigV2) Origin() string

Origin returns the origin value of the resource.

func (*ClusterNetworkingConfigV2) ProtoMessage 

func (*ClusterNetworkingConfigV2) ProtoMessage()

func (*ClusterNetworkingConfigV2) Reset 

func (m *ClusterNetworkingConfigV2) Reset()

func (*ClusterNetworkingConfigV2) SetCaseInsensitiveRouting 

func (c *ClusterNetworkingConfigV2) SetCaseInsensitiveRouting(cir bool)

SetCaseInsensitiveRouting sets the case-insensitive routing option.

func (*ClusterNetworkingConfigV2) SetClientIdleTimeout 

func (c *ClusterNetworkingConfigV2) SetClientIdleTimeout(d time.Duration)

SetClientIdleTimeout sets client idle timeout setting.

func (*ClusterNetworkingConfigV2) SetClientIdleTimeoutMessage 

func (c *ClusterNetworkingConfigV2) SetClientIdleTimeoutMessage(msg string)

func (*ClusterNetworkingConfigV2) SetExpiry 

func (c *ClusterNetworkingConfigV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object.

func (*ClusterNetworkingConfigV2) SetKeepAliveCountMax 

func (c *ClusterNetworkingConfigV2) SetKeepAliveCountMax(m int64)

SetKeepAliveCountMax sets the number of missed keep-alive messages before the server disconnects the client.

func (*ClusterNetworkingConfigV2) SetKeepAliveInterval 

func (c *ClusterNetworkingConfigV2) SetKeepAliveInterval(t time.Duration)

SetKeepAliveInterval sets the keep-alive interval.

func (*ClusterNetworkingConfigV2) SetName 

func (c *ClusterNetworkingConfigV2) SetName(name string)

SetName sets the name of the resource.

func (*ClusterNetworkingConfigV2) SetOrigin 

func (c *ClusterNetworkingConfigV2) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*ClusterNetworkingConfigV2) SetProxyListenerMode 

func (c *ClusterNetworkingConfigV2) SetProxyListenerMode(mode ProxyListenerMode)

SetProxyListenerMode sets the proxy listener mode.

func (*ClusterNetworkingConfigV2) SetProxyPingInterval 

func (c *ClusterNetworkingConfigV2) SetProxyPingInterval(interval time.Duration)

SetProxyPingInterval sets the proxy ping interval.

func (*ClusterNetworkingConfigV2) SetRevision 

func (c *ClusterNetworkingConfigV2) SetRevision(rev string)

SetRevision sets the revision

func (*ClusterNetworkingConfigV2) SetRoutingStrategy 

func (c *ClusterNetworkingConfigV2) SetRoutingStrategy(strategy RoutingStrategy)

SetRoutingStrategy sets the routing strategy setting.

func (*ClusterNetworkingConfigV2) SetSSHDialTimeout 

func (c *ClusterNetworkingConfigV2) SetSSHDialTimeout(t time.Duration)

SetSSHDialTimeout updates the SSH connection timeout. The value is not validated, but will not be respected if zero or negative. See the docs on ClusterNetworkingConfigV2.GetSSHDialTimeout for more details.

func (*ClusterNetworkingConfigV2) SetSessionControlTimeout 

func (c *ClusterNetworkingConfigV2) SetSessionControlTimeout(d time.Duration)

SetSessionControlTimeout sets the session control timeout.

func (*ClusterNetworkingConfigV2) SetSubKind 

func (c *ClusterNetworkingConfigV2) SetSubKind(sk string)

SetSubKind sets resource subkind.

func (*ClusterNetworkingConfigV2) SetTunnelStrategy 

func (c *ClusterNetworkingConfigV2) SetTunnelStrategy(strategy *TunnelStrategyV1)

SetTunnelStrategy sets the tunnel strategy.

func (*ClusterNetworkingConfigV2) SetWebIdleTimeout 

func (c *ClusterNetworkingConfigV2) SetWebIdleTimeout(ttl time.Duration)

SetWebIdleTimeout sets the web idle timeout.

func (*ClusterNetworkingConfigV2) Size 

func (m *ClusterNetworkingConfigV2) Size() (n int)

func (*ClusterNetworkingConfigV2) String 

func (m *ClusterNetworkingConfigV2) String() string

func (*ClusterNetworkingConfigV2) Unmarshal 

func (m *ClusterNetworkingConfigV2) Unmarshal(dAtA []byte) error

func (*ClusterNetworkingConfigV2) XXX_DiscardUnknown 

func (m *ClusterNetworkingConfigV2) XXX_DiscardUnknown()

func (*ClusterNetworkingConfigV2) XXX_Marshal 

func (m *ClusterNetworkingConfigV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ClusterNetworkingConfigV2) XXX_Merge 

func (m *ClusterNetworkingConfigV2) XXX_Merge(src proto.Message)

func (*ClusterNetworkingConfigV2) XXX_Size 

func (m *ClusterNetworkingConfigV2) XXX_Size() int

func (*ClusterNetworkingConfigV2) XXX_Unmarshal 

func (m *ClusterNetworkingConfigV2) XXX_Unmarshal(b []byte) error

type CommandLabel 

type CommandLabel interface {
	// GetPeriod returns label period
	GetPeriod() time.Duration
	// SetPeriod sets label period
	SetPeriod(time.Duration)
	// GetResult returns label result
	GetResult() string
	// SetResult sets label result
	SetResult(string)
	// GetCommand returns to execute and set as a label result
	GetCommand() []string
	// Clone returns label copy
	Clone() CommandLabel
}

CommandLabel is a label that has a value as a result of the output generated by running command, e.g. hostname

type CommandLabelV2 

type CommandLabelV2 struct {
	// Period is a time between command runs
	Period Duration `protobuf:"varint,1,opt,name=Period,proto3,casttype=Duration" json:"period"`
	// Command is a command to run
	Command []string `protobuf:"bytes,2,rep,name=Command,proto3" json:"command"`
	// Result captures standard output
	Result               string   `protobuf:"bytes,3,opt,name=Result,proto3" json:"result"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

CommandLabelV2 is a label that has a value as a result of the output generated by running command, e.g. hostname

func (*CommandLabelV2) Clone 

func (c *CommandLabelV2) Clone() CommandLabel

Clone returns non-shallow copy of the label

func (*CommandLabelV2) Descriptor 

func (*CommandLabelV2) Descriptor() ([]byte, []int)

func (*CommandLabelV2) GetCommand 

func (c *CommandLabelV2) GetCommand() []string

GetCommand returns to execute and set as a label result

func (*CommandLabelV2) GetPeriod 

func (c *CommandLabelV2) GetPeriod() time.Duration

GetPeriod returns label period

func (*CommandLabelV2) GetResult 

func (c *CommandLabelV2) GetResult() string

GetResult returns label result

func (*CommandLabelV2) Marshal 

func (m *CommandLabelV2) Marshal() (dAtA []byte, err error)

func (*CommandLabelV2) MarshalTo 

func (m *CommandLabelV2) MarshalTo(dAtA []byte) (int, error)

func (*CommandLabelV2) MarshalToSizedBuffer 

func (m *CommandLabelV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CommandLabelV2) ProtoMessage 

func (*CommandLabelV2) ProtoMessage()

func (*CommandLabelV2) Reset 

func (m *CommandLabelV2) Reset()

func (*CommandLabelV2) SetPeriod 

func (c *CommandLabelV2) SetPeriod(p time.Duration)

SetPeriod sets label period

func (*CommandLabelV2) SetResult 

func (c *CommandLabelV2) SetResult(r string)

SetResult sets label result

func (*CommandLabelV2) Size 

func (m *CommandLabelV2) Size() (n int)

func (*CommandLabelV2) String 

func (m *CommandLabelV2) String() string

func (*CommandLabelV2) Unmarshal 

func (m *CommandLabelV2) Unmarshal(dAtA []byte) error

func (*CommandLabelV2) XXX_DiscardUnknown 

func (m *CommandLabelV2) XXX_DiscardUnknown()

func (*CommandLabelV2) XXX_Marshal 

func (m *CommandLabelV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CommandLabelV2) XXX_Merge 

func (m *CommandLabelV2) XXX_Merge(src proto.Message)

func (*CommandLabelV2) XXX_Size 

func (m *CommandLabelV2) XXX_Size() int

func (*CommandLabelV2) XXX_Unmarshal 

func (m *CommandLabelV2) XXX_Unmarshal(b []byte) error

type ConnectionDiagnostic 

type ConnectionDiagnostic interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels

	// Whether the connection was successful
	IsSuccess() bool
	// Sets the success flag
	SetSuccess(bool)

	// The underlying message
	GetMessage() string
	// Sets the undderlying message
	SetMessage(string)

	// The connection test traces
	GetTraces() []*ConnectionDiagnosticTrace

	// AppendTrace adds a trace to the ConnectionDiagnostic Traces
	AppendTrace(*ConnectionDiagnosticTrace)
}

ConnectionDiagnostic represents a Connection Diagnostic.

type ConnectionDiagnosticSpecV1 

type ConnectionDiagnosticSpecV1 struct {
	// Success describes whether the connection was a success or a failure.
	Success bool `protobuf:"varint,1,opt,name=Success,proto3" json:"success"`
	// Message may contain some user friendly message to let the user know whether it was
	// successful or a failure.
	Message string `protobuf:"bytes,2,opt,name=Message,proto3" json:"message"`
	// Traces contain a list of checkpoints defined by
	Traces               []*ConnectionDiagnosticTrace `protobuf:"bytes,3,rep,name=Traces,proto3" json:"traces"`
	XXX_NoUnkeyedLiteral struct{}                     `json:"-"`
	XXX_unrecognized     []byte                       `json:"-"`
	XXX_sizecache        int32                        `json:"-"`
}

ConnectionDiagnosticSpecV1 is the ConnectionDiagnostic Spec. It contains the result of testing a connection. It has the overall result of the connection and then a list of traces. Each trace contains checkpoints of the connection attempt and its result.

func (*ConnectionDiagnosticSpecV1) Descriptor 

func (*ConnectionDiagnosticSpecV1) Descriptor() ([]byte, []int)

func (*ConnectionDiagnosticSpecV1) Marshal 

func (m *ConnectionDiagnosticSpecV1) Marshal() (dAtA []byte, err error)

func (*ConnectionDiagnosticSpecV1) MarshalTo 

func (m *ConnectionDiagnosticSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*ConnectionDiagnosticSpecV1) MarshalToSizedBuffer 

func (m *ConnectionDiagnosticSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ConnectionDiagnosticSpecV1) ProtoMessage 

func (*ConnectionDiagnosticSpecV1) ProtoMessage()

func (*ConnectionDiagnosticSpecV1) Reset 

func (m *ConnectionDiagnosticSpecV1) Reset()

func (*ConnectionDiagnosticSpecV1) Size 

func (m *ConnectionDiagnosticSpecV1) Size() (n int)

func (*ConnectionDiagnosticSpecV1) String 

func (m *ConnectionDiagnosticSpecV1) String() string

func (*ConnectionDiagnosticSpecV1) Unmarshal 

func (m *ConnectionDiagnosticSpecV1) Unmarshal(dAtA []byte) error

func (*ConnectionDiagnosticSpecV1) XXX_DiscardUnknown 

func (m *ConnectionDiagnosticSpecV1) XXX_DiscardUnknown()

func (*ConnectionDiagnosticSpecV1) XXX_Marshal 

func (m *ConnectionDiagnosticSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ConnectionDiagnosticSpecV1) XXX_Merge 

func (m *ConnectionDiagnosticSpecV1) XXX_Merge(src proto.Message)

func (*ConnectionDiagnosticSpecV1) XXX_Size 

func (m *ConnectionDiagnosticSpecV1) XXX_Size() int

func (*ConnectionDiagnosticSpecV1) XXX_Unmarshal 

func (m *ConnectionDiagnosticSpecV1) XXX_Unmarshal(b []byte) error

type ConnectionDiagnosticTrace 

type ConnectionDiagnosticTrace struct {
	Type   ConnectionDiagnosticTrace_TraceType  `protobuf:"varint,1,opt,name=Type,proto3,enum=types.ConnectionDiagnosticTrace_TraceType" json:"type"`
	Status ConnectionDiagnosticTrace_StatusType `protobuf:"varint,2,opt,name=Status,proto3,enum=types.ConnectionDiagnosticTrace_StatusType" json:"status"`
	// Details contains a User friendly message of the check's result.
	Details string `protobuf:"bytes,3,opt,name=Details,proto3" json:"details"`
	// Error contains the low level error message in case of a failure.
	Error                string   `protobuf:"bytes,4,opt,name=Error,proto3" json:"error"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ConnectionDiagnosticTrace describes a trace of a connection diagnostic

func NewTraceDiagnosticConnection 

func NewTraceDiagnosticConnection(traceType ConnectionDiagnosticTrace_TraceType, details string, traceErr error) *ConnectionDiagnosticTrace

NewTraceDiagnosticConnection creates a new Connection Diagnostic Trace. If traceErr is not nil, it will set the Status to FAILED, SUCCESS otherwise.

func (*ConnectionDiagnosticTrace) Descriptor 

func (*ConnectionDiagnosticTrace) Descriptor() ([]byte, []int)

func (*ConnectionDiagnosticTrace) Marshal 

func (m *ConnectionDiagnosticTrace) Marshal() (dAtA []byte, err error)

func (*ConnectionDiagnosticTrace) MarshalTo 

func (m *ConnectionDiagnosticTrace) MarshalTo(dAtA []byte) (int, error)

func (*ConnectionDiagnosticTrace) MarshalToSizedBuffer 

func (m *ConnectionDiagnosticTrace) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ConnectionDiagnosticTrace) ProtoMessage 

func (*ConnectionDiagnosticTrace) ProtoMessage()

func (*ConnectionDiagnosticTrace) Reset 

func (m *ConnectionDiagnosticTrace) Reset()

func (*ConnectionDiagnosticTrace) Size 

func (m *ConnectionDiagnosticTrace) Size() (n int)

func (*ConnectionDiagnosticTrace) String 

func (m *ConnectionDiagnosticTrace) String() string

func (*ConnectionDiagnosticTrace) Unmarshal 

func (m *ConnectionDiagnosticTrace) Unmarshal(dAtA []byte) error

func (*ConnectionDiagnosticTrace) XXX_DiscardUnknown 

func (m *ConnectionDiagnosticTrace) XXX_DiscardUnknown()

func (*ConnectionDiagnosticTrace) XXX_Marshal 

func (m *ConnectionDiagnosticTrace) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ConnectionDiagnosticTrace) XXX_Merge 

func (m *ConnectionDiagnosticTrace) XXX_Merge(src proto.Message)

func (*ConnectionDiagnosticTrace) XXX_Size 

func (m *ConnectionDiagnosticTrace) XXX_Size() int

func (*ConnectionDiagnosticTrace) XXX_Unmarshal 

func (m *ConnectionDiagnosticTrace) XXX_Unmarshal(b []byte) error

type ConnectionDiagnosticTrace_StatusType 

type ConnectionDiagnosticTrace_StatusType int32

StatusType describes whether this was a success or a failure. 

const (
	ConnectionDiagnosticTrace_STATUS_UNSPECIFIED ConnectionDiagnosticTrace_StatusType = 0
	ConnectionDiagnosticTrace_SUCCESS            ConnectionDiagnosticTrace_StatusType = 1
	ConnectionDiagnosticTrace_FAILED             ConnectionDiagnosticTrace_StatusType = 2
)

func (ConnectionDiagnosticTrace_StatusType) EnumDescriptor 

func (ConnectionDiagnosticTrace_StatusType) EnumDescriptor() ([]byte, []int)

func (ConnectionDiagnosticTrace_StatusType) String 

func (x ConnectionDiagnosticTrace_StatusType) String() string

type ConnectionDiagnosticTrace_TraceType 

type ConnectionDiagnosticTrace_TraceType int32

TraceType is an identification of the checkpoint. 

const (
	ConnectionDiagnosticTrace_TRACE_TYPE_UNSPECIFIED ConnectionDiagnosticTrace_TraceType = 0
	// UNKNOWN_ERROR is used when we don't know the error.
	// It's not always possible to offer guidance based on the received error.
	// This trace type should be used when the error is too generic given the context we
	// have.
	ConnectionDiagnosticTrace_UNKNOWN_ERROR ConnectionDiagnosticTrace_TraceType = 1
	// RBAC_NODE is for RBAC checks for the node.
	ConnectionDiagnosticTrace_RBAC_NODE ConnectionDiagnosticTrace_TraceType = 2
	// CONNECTIVITY is for network connectivity checks.
	ConnectionDiagnosticTrace_CONNECTIVITY ConnectionDiagnosticTrace_TraceType = 3
	// RBAC_PRINCIPAL is used when checking if the principal is allowed per RBAC rules.
	ConnectionDiagnosticTrace_RBAC_PRINCIPAL ConnectionDiagnosticTrace_TraceType = 4
	// NODE_PRINCIPAL is used when checking if the Node has the requested principal.
	ConnectionDiagnosticTrace_NODE_PRINCIPAL ConnectionDiagnosticTrace_TraceType = 5
	// RBAC_KUBE is for RBAC checks to kubernetes the cluster.
	ConnectionDiagnosticTrace_RBAC_KUBE ConnectionDiagnosticTrace_TraceType = 6
	// KUBE_PRINCIPAL is used when checking if the Kube Cluster has at least one user principals.
	ConnectionDiagnosticTrace_KUBE_PRINCIPAL ConnectionDiagnosticTrace_TraceType = 7
	// RBAC_DATABASE is for RBAC checks to database access (db_labels).
	ConnectionDiagnosticTrace_RBAC_DATABASE ConnectionDiagnosticTrace_TraceType = 8
	// RBAC_DATABASE_LOGIN is for RBAC checks to database login (db_name and db_user).
	ConnectionDiagnosticTrace_RBAC_DATABASE_LOGIN ConnectionDiagnosticTrace_TraceType = 9
	// DATABASE_DB_USER is used when checking whether the Database has the requested Database User.
	ConnectionDiagnosticTrace_DATABASE_DB_USER ConnectionDiagnosticTrace_TraceType = 10
	// DATABASE_DB_NAME is used when checking whether the Database has the requested Database Name.
	ConnectionDiagnosticTrace_DATABASE_DB_NAME ConnectionDiagnosticTrace_TraceType = 11
)

func (ConnectionDiagnosticTrace_TraceType) EnumDescriptor 

func (ConnectionDiagnosticTrace_TraceType) EnumDescriptor() ([]byte, []int)

func (ConnectionDiagnosticTrace_TraceType) String 

func (x ConnectionDiagnosticTrace_TraceType) String() string

type ConnectionDiagnosticV1 

type ConnectionDiagnosticV1 struct {
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the resource spec.
	Spec                 ConnectionDiagnosticSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
	XXX_unrecognized     []byte                     `json:"-"`
	XXX_sizecache        int32                      `json:"-"`
}

ConnectionDiagnosticV1 is the result of testing a connection. When setting up a new resource in Teleport, it's useful to know if we can connect to it. This can be done using the test connection feature. The user can then receive the result as feedback using the UI

func NewConnectionDiagnosticV1 

func NewConnectionDiagnosticV1(name string, labels map[string]string, spec ConnectionDiagnosticSpecV1) (*ConnectionDiagnosticV1, error)

NewConnectionDiagnosticV1 creates a new ConnectionDiagnosticV1 resource.

func (*ConnectionDiagnosticV1) AppendTrace 

func (c *ConnectionDiagnosticV1) AppendTrace(trace *ConnectionDiagnosticTrace)

AppendTrace adds a trace into the Traces list

func (*ConnectionDiagnosticV1) CheckAndSetDefaults 

func (c *ConnectionDiagnosticV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*ConnectionDiagnosticV1) Descriptor 

func (*ConnectionDiagnosticV1) Descriptor() ([]byte, []int)

func (*ConnectionDiagnosticV1) GetMessage 

func (c *ConnectionDiagnosticV1) GetMessage() string

GetMessage returns the connection diagnostic message.

func (*ConnectionDiagnosticV1) GetTraces 

func (c *ConnectionDiagnosticV1) GetTraces() []*ConnectionDiagnosticTrace

GetTraces returns the connection test traces

func (*ConnectionDiagnosticV1) IsSuccess 

func (c *ConnectionDiagnosticV1) IsSuccess() bool

IsSuccess returns whether the connection was successful

func (*ConnectionDiagnosticV1) Marshal 

func (m *ConnectionDiagnosticV1) Marshal() (dAtA []byte, err error)

func (*ConnectionDiagnosticV1) MarshalTo 

func (m *ConnectionDiagnosticV1) MarshalTo(dAtA []byte) (int, error)

func (*ConnectionDiagnosticV1) MarshalToSizedBuffer 

func (m *ConnectionDiagnosticV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ConnectionDiagnosticV1) MatchSearch 

func (c *ConnectionDiagnosticV1) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*ConnectionDiagnosticV1) ProtoMessage 

func (*ConnectionDiagnosticV1) ProtoMessage()

func (*ConnectionDiagnosticV1) Reset 

func (m *ConnectionDiagnosticV1) Reset()

func (*ConnectionDiagnosticV1) SetMessage 

func (c *ConnectionDiagnosticV1) SetMessage(s string)

SetMessage sets the summary message of the Connection Diagnostic

func (*ConnectionDiagnosticV1) SetStaticLabels 

func (c *ConnectionDiagnosticV1) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the connection diagnostic static labels.

func (*ConnectionDiagnosticV1) SetSuccess 

func (c *ConnectionDiagnosticV1) SetSuccess(b bool)

SetSuccess sets whether the Connection was a success or not

func (*ConnectionDiagnosticV1) Size 

func (m *ConnectionDiagnosticV1) Size() (n int)

func (*ConnectionDiagnosticV1) String 

func (m *ConnectionDiagnosticV1) String() string

func (*ConnectionDiagnosticV1) Unmarshal 

func (m *ConnectionDiagnosticV1) Unmarshal(dAtA []byte) error

func (*ConnectionDiagnosticV1) XXX_DiscardUnknown 

func (m *ConnectionDiagnosticV1) XXX_DiscardUnknown()

func (*ConnectionDiagnosticV1) XXX_Marshal 

func (m *ConnectionDiagnosticV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ConnectionDiagnosticV1) XXX_Merge 

func (m *ConnectionDiagnosticV1) XXX_Merge(src proto.Message)

func (*ConnectionDiagnosticV1) XXX_Size 

func (m *ConnectionDiagnosticV1) XXX_Size() int

func (*ConnectionDiagnosticV1) XXX_Unmarshal 

func (m *ConnectionDiagnosticV1) XXX_Unmarshal(b []byte) error

type ConnectionsDiagnostic 

type ConnectionsDiagnostic []ConnectionDiagnostic

type ConnectorRef 

type ConnectorRef struct {
	// Type is connector type
	Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type"`
	// ID is connector ID
	ID string `protobuf:"bytes,2,opt,name=ID,proto3" json:"id"`
	// Identity is external identity of the user
	Identity             string   `protobuf:"bytes,3,opt,name=Identity,proto3" json:"identity"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ConnectorRef holds information about OIDC connector

func (*ConnectorRef) Descriptor 

func (*ConnectorRef) Descriptor() ([]byte, []int)

func (*ConnectorRef) IsSameProvider 

func (r *ConnectorRef) IsSameProvider(other *ConnectorRef) bool

IsSameProvider returns true if the provided connector has the same ID/type as this one

func (*ConnectorRef) Marshal 

func (m *ConnectorRef) Marshal() (dAtA []byte, err error)

func (*ConnectorRef) MarshalTo 

func (m *ConnectorRef) MarshalTo(dAtA []byte) (int, error)

func (*ConnectorRef) MarshalToSizedBuffer 

func (m *ConnectorRef) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ConnectorRef) ProtoMessage 

func (*ConnectorRef) ProtoMessage()

func (*ConnectorRef) Reset 

func (m *ConnectorRef) Reset()

func (*ConnectorRef) Size 

func (m *ConnectorRef) Size() (n int)

func (*ConnectorRef) String 

func (m *ConnectorRef) String() string

func (*ConnectorRef) Unmarshal 

func (m *ConnectorRef) Unmarshal(dAtA []byte) error

func (*ConnectorRef) XXX_DiscardUnknown 

func (m *ConnectorRef) XXX_DiscardUnknown()

func (*ConnectorRef) XXX_Marshal 

func (m *ConnectorRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ConnectorRef) XXX_Merge 

func (m *ConnectorRef) XXX_Merge(src proto.Message)

func (*ConnectorRef) XXX_Size 

func (m *ConnectorRef) XXX_Size() int

func (*ConnectorRef) XXX_Unmarshal 

func (m *ConnectorRef) XXX_Unmarshal(b []byte) error

type CreateDatabaseUserMode 

type CreateDatabaseUserMode int32

CreateDatabaseUserMode determines whether database user creation should be disabled or if users should be cleaned up or kept after sessions end. 

const (
	CreateDatabaseUserMode_DB_USER_MODE_UNSPECIFIED CreateDatabaseUserMode = 0
	// DB_USER_MODE_OFF disables user creation.
	CreateDatabaseUserMode_DB_USER_MODE_OFF CreateDatabaseUserMode = 1
	// DB_USER_MODE_KEEP allows user creation and disable users at session end.
	CreateDatabaseUserMode_DB_USER_MODE_KEEP CreateDatabaseUserMode = 2
	// DB_USER_MODE_BEST_EFFORT_DROP allows user creation and tries to drop user
	// at session end. If the drop fails, fallback to disabling them.
	CreateDatabaseUserMode_DB_USER_MODE_BEST_EFFORT_DROP CreateDatabaseUserMode = 3
)

func (CreateDatabaseUserMode) EnumDescriptor 

func (CreateDatabaseUserMode) EnumDescriptor() ([]byte, []int)

func (CreateDatabaseUserMode) IsEnabled 

func (m CreateDatabaseUserMode) IsEnabled() bool

IsEnabled returns true if database automatic user provisioning is enabled.

func (*CreateDatabaseUserMode) MarshalJSON 

func (h *CreateDatabaseUserMode) MarshalJSON() ([]byte, error)

MarshalJSON marshals CreateDatabaseUserMode to json bytes.

func (*CreateDatabaseUserMode) MarshalYAML 

func (h *CreateDatabaseUserMode) MarshalYAML() (interface{}, error)

MarshalYAML marshals CreateDatabaseUserMode to yaml.

func (CreateDatabaseUserMode) String 

func (x CreateDatabaseUserMode) String() string

func (*CreateDatabaseUserMode) UnmarshalJSON 

func (h *CreateDatabaseUserMode) UnmarshalJSON(data []byte) error

UnmarshalJSON supports parsing CreateDatabaseUserMode from string.

func (*CreateDatabaseUserMode) UnmarshalYAML 

func (h *CreateDatabaseUserMode) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML supports parsing CreateDatabaseUserMode from string.

type CreateHostUserMode 

type CreateHostUserMode int32

CreateHostUserMode determines whether host user creation should be disabled or if host users should be cleaned up or kept after sessions end. 

const (
	CreateHostUserMode_HOST_USER_MODE_UNSPECIFIED CreateHostUserMode = 0
	// HOST_USER_MODE_OFF disables host user creation.
	CreateHostUserMode_HOST_USER_MODE_OFF CreateHostUserMode = 1
	// HOST_USER_MODE_DROP enables host user creation and deletes users at session end.
	// Deprecated: replaced by HOST_USER_MODE_INSECURE_DROP.
	CreateHostUserMode_HOST_USER_MODE_DROP CreateHostUserMode = 2 // Deprecated: Do not use.
	// HOST_USER_MODE_KEEP enables host user creation and leaves users behind at session end.
	CreateHostUserMode_HOST_USER_MODE_KEEP CreateHostUserMode = 3
	// HOST_USER_MODE_INSECURE_DROP enables host user creation without a home directory and deletes
	// users at session end.
	CreateHostUserMode_HOST_USER_MODE_INSECURE_DROP CreateHostUserMode = 4
)

func (CreateHostUserMode) EnumDescriptor 

func (CreateHostUserMode) EnumDescriptor() ([]byte, []int)

func (*CreateHostUserMode) MarshalJSON 

func (h *CreateHostUserMode) MarshalJSON() ([]byte, error)

MarshalJSON marshals CreateHostUserMode to json bytes.

func (*CreateHostUserMode) MarshalYAML 

func (h *CreateHostUserMode) MarshalYAML() (interface{}, error)

MarshalYAML marshals CreateHostUserMode to yaml.

func (CreateHostUserMode) String 

func (x CreateHostUserMode) String() string

func (*CreateHostUserMode) UnmarshalJSON 

func (h *CreateHostUserMode) UnmarshalJSON(data []byte) error

UnmarshalJSON supports parsing CreateHostUserMode from string.

func (*CreateHostUserMode) UnmarshalYAML 

func (h *CreateHostUserMode) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML supports parsing CreateHostUserMode from string.

type CreateSnowflakeSessionRequest 

type CreateSnowflakeSessionRequest struct {
	// Username is the identity of the user requesting the session.
	Username string
	// SessionToken is the Snowflake server session token.
	SessionToken string
	// TokenTTL is the token validity period.
	TokenTTL time.Duration
}

CreateSnowflakeSessionRequest contains the parameters needed to request creating a Snowflake web session.

type CreateUserParams 

type CreateUserParams struct {
	// ConnectorName is the name of the connector used for SSO login flow.
	ConnectorName string `protobuf:"bytes,1,opt,name=ConnectorName,proto3" json:"connector_name,omitempty"`
	// Username is the name of the user to be created.
	Username string `protobuf:"bytes,2,opt,name=Username,proto3" json:"username,omitempty"`
	// Logins is a list of available unix logins.
	Logins []string `protobuf:"bytes,3,rep,name=Logins,proto3" json:"logins,omitempty"`
	// KubeGroups is a list of assigned kube groups.
	KubeGroups []string `protobuf:"bytes,4,rep,name=KubeGroups,proto3" json:"kube_groups,omitempty"`
	// KubeUsers is a list of available kube users.
	KubeUsers []string `protobuf:"bytes,5,rep,name=KubeUsers,proto3" json:"kube_users,omitempty"`
	// Roles is a list of assigned roles.
	Roles []string `protobuf:"bytes,6,rep,name=Roles,proto3" json:"roles,omitempty"`
	// Traits is the set of traits the user is assigned.
	Traits github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 136-byte string literal not displayed */
	// SessionTTL determines the TTL.
	SessionTTL           Duration `protobuf:"varint,8,opt,name=SessionTTL,proto3,casttype=Duration" json:"session_ttl,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

CreateUserParams represents the user creation parameters as called during SSO login flow.

func (*CreateUserParams) Descriptor 

func (*CreateUserParams) Descriptor() ([]byte, []int)

func (*CreateUserParams) Marshal 

func (m *CreateUserParams) Marshal() (dAtA []byte, err error)

func (*CreateUserParams) MarshalTo 

func (m *CreateUserParams) MarshalTo(dAtA []byte) (int, error)

func (*CreateUserParams) MarshalToSizedBuffer 

func (m *CreateUserParams) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CreateUserParams) ProtoMessage 

func (*CreateUserParams) ProtoMessage()

func (*CreateUserParams) Reset 

func (m *CreateUserParams) Reset()

func (*CreateUserParams) Size 

func (m *CreateUserParams) Size() (n int)

func (*CreateUserParams) String 

func (m *CreateUserParams) String() string

func (*CreateUserParams) Unmarshal 

func (m *CreateUserParams) Unmarshal(dAtA []byte) error

func (*CreateUserParams) XXX_DiscardUnknown 

func (m *CreateUserParams) XXX_DiscardUnknown()

func (*CreateUserParams) XXX_Marshal 

func (m *CreateUserParams) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CreateUserParams) XXX_Merge 

func (m *CreateUserParams) XXX_Merge(src proto.Message)

func (*CreateUserParams) XXX_Size 

func (m *CreateUserParams) XXX_Size() int

func (*CreateUserParams) XXX_Unmarshal 

func (m *CreateUserParams) XXX_Unmarshal(b []byte) error

type CreatedBy 

type CreatedBy struct {
	// Identity if present means that user was automatically created by identity
	Connector *ConnectorRef `protobuf:"bytes,1,opt,name=Connector,proto3" json:"connector,omitempty"`
	// Time specifies when user was created
	Time time.Time `protobuf:"bytes,2,opt,name=Time,proto3,stdtime" json:"time"`
	// User holds information about user
	User                 UserRef  `protobuf:"bytes,3,opt,name=User,proto3" json:"user"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

CreatedBy holds information about the person or agent who created the user

func (*CreatedBy) Descriptor 

func (*CreatedBy) Descriptor() ([]byte, []int)

func (CreatedBy) IsEmpty 

func (c CreatedBy) IsEmpty() bool

IsEmpty returns true if there's no info about who created this user

func (*CreatedBy) Marshal 

func (m *CreatedBy) Marshal() (dAtA []byte, err error)

func (*CreatedBy) MarshalTo 

func (m *CreatedBy) MarshalTo(dAtA []byte) (int, error)

func (*CreatedBy) MarshalToSizedBuffer 

func (m *CreatedBy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CreatedBy) ProtoMessage 

func (*CreatedBy) ProtoMessage()

func (*CreatedBy) Reset 

func (m *CreatedBy) Reset()

func (*CreatedBy) Size 

func (m *CreatedBy) Size() (n int)

func (CreatedBy) String 

func (c CreatedBy) String() string

String returns human readable information about the user

func (*CreatedBy) Unmarshal 

func (m *CreatedBy) Unmarshal(dAtA []byte) error

func (*CreatedBy) XXX_DiscardUnknown 

func (m *CreatedBy) XXX_DiscardUnknown()

func (*CreatedBy) XXX_Marshal 

func (m *CreatedBy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CreatedBy) XXX_Merge 

func (m *CreatedBy) XXX_Merge(src proto.Message)

func (*CreatedBy) XXX_Size 

func (m *CreatedBy) XXX_Size() int

func (*CreatedBy) XXX_Unmarshal 

func (m *CreatedBy) XXX_Unmarshal(b []byte) error

type Database 

type Database interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetNamespace returns the database namespace.
	GetNamespace() string
	// GetStaticLabels returns the database static labels.
	GetStaticLabels() map[string]string
	// SetStaticLabels sets the database static labels.
	SetStaticLabels(map[string]string)
	// GetDynamicLabels returns the database dynamic labels.
	GetDynamicLabels() map[string]CommandLabel
	// SetDynamicLabels sets the database dynamic labels.
	SetDynamicLabels(map[string]CommandLabel)
	// String returns string representation of the database.
	String() string
	// GetDescription returns the database description.
	GetDescription() string
	// GetProtocol returns the database protocol.
	GetProtocol() string
	// GetURI returns the database connection endpoint.
	GetURI() string
	// SetURI sets the database connection endpoint.
	SetURI(string)
	// GetCA returns the database CA certificate.
	GetCA() string
	// SetCA sets the database CA certificate in the Spec.TLS field.
	SetCA(string)
	// GetTLS returns the database TLS configuration.
	GetTLS() DatabaseTLS
	// SetStatusCA sets the database CA certificate in the status field.
	SetStatusCA(string)
	// GetStatusCA gets the database CA certificate in the status field.
	GetStatusCA() string
	// GetMySQL returns the database options from spec.
	GetMySQL() MySQLOptions
	// GetOracle returns the database options from spec.
	GetOracle() OracleOptions
	// GetMySQLServerVersion returns the MySQL server version either from configuration or
	// reported by the database.
	GetMySQLServerVersion() string
	// SetMySQLServerVersion sets the runtime MySQL server version.
	SetMySQLServerVersion(version string)
	// GetAWS returns the database AWS metadata.
	GetAWS() AWS
	// SetStatusAWS sets the database AWS metadata in the status field.
	SetStatusAWS(AWS)
	// SetAWSExternalID sets the database AWS external ID in the Spec.AWS field.
	SetAWSExternalID(id string)
	// SetAWSAssumeRole sets the database AWS assume role arn in the Spec.AWS field.
	SetAWSAssumeRole(roleARN string)
	// GetGCP returns GCP information for Cloud SQL databases.
	GetGCP() GCPCloudSQL
	// GetAzure returns Azure database server metadata.
	GetAzure() Azure
	// SetStatusAzure sets the database Azure metadata in the status field.
	SetStatusAzure(Azure)
	// GetAD returns Active Directory database configuration.
	GetAD() AD
	// GetType returns the database authentication type: self-hosted, RDS, Redshift or Cloud SQL.
	GetType() string
	// GetSecretStore returns secret store configurations.
	GetSecretStore() SecretStore
	// GetManagedUsers returns a list of database users that are managed by Teleport.
	GetManagedUsers() []string
	// SetManagedUsers sets a list of database users that are managed by Teleport.
	SetManagedUsers(users []string)
	// GetMongoAtlas returns Mongo Atlas database metadata.
	GetMongoAtlas() MongoAtlas
	// IsRDS returns true if this is an RDS/Aurora database.
	IsRDS() bool
	// IsRDSProxy returns true if this is an RDS Proxy database.
	IsRDSProxy() bool
	// IsRedshift returns true if this is a Redshift database.
	IsRedshift() bool
	// IsCloudSQL returns true if this is a Cloud SQL database.
	IsCloudSQL() bool
	// IsAzure returns true if this is an Azure database.
	IsAzure() bool
	// IsElastiCache returns true if this is an AWS ElastiCache database.
	IsElastiCache() bool
	// IsMemoryDB returns true if this is an AWS MemoryDB database.
	IsMemoryDB() bool
	// IsAWSHosted returns true if database is hosted by AWS.
	IsAWSHosted() bool
	// IsCloudHosted returns true if database is hosted in the cloud (AWS, Azure or Cloud SQL).
	IsCloudHosted() bool
	// RequireAWSIAMRolesAsUsers returns true for database types that require
	// AWS IAM roles as database users.
	RequireAWSIAMRolesAsUsers() bool
	// SupportAWSIAMRoleARNAsUsers returns true for database types that support
	// AWS IAM roles as database users.
	SupportAWSIAMRoleARNAsUsers() bool
	// Copy returns a copy of this database resource.
	Copy() *DatabaseV3
	// GetAdminUser returns database privileged user information.
	GetAdminUser() DatabaseAdminUser
	// SupportsAutoUsers returns true if this database supports automatic
	// user provisioning.
	SupportsAutoUsers() bool
	// GetEndpointType returns the endpoint type of the database, if available.
	GetEndpointType() string
	// GetCloud gets the cloud this database is running on, or an empty string if it
	// isn't running on a cloud provider.
	GetCloud() string
	// IsUsernameCaseInsensitive returns true if the database username is case
	// insensitive.
	IsUsernameCaseInsensitive() bool
	// IsAutoUsersEnabled returns true if the database has auto user
	// provisioning enabled.
	IsAutoUsersEnabled() bool
}

Database represents a single database proxied by a database server.

func DeduplicateDatabases 

func DeduplicateDatabases(databases []Database) (result []Database)

DeduplicateDatabases deduplicates databases by name.

type DatabaseAdminUser 

type DatabaseAdminUser struct {
	// Name is the username of the privileged database user.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// DefaultDatabase is the database that the privileged database user logs
	// into by default.
	//
	// Depending on the database type, this database may be used to store
	// procedures or data for managing database users.
	DefaultDatabase      string   `protobuf:"bytes,2,opt,name=DefaultDatabase,proto3" json:"default_database"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DatabaseAdminUser contains information about privileged database user used for automatic user provisioning.

func (*DatabaseAdminUser) Descriptor 

func (*DatabaseAdminUser) Descriptor() ([]byte, []int)

func (*DatabaseAdminUser) Marshal 

func (m *DatabaseAdminUser) Marshal() (dAtA []byte, err error)

func (*DatabaseAdminUser) MarshalTo 

func (m *DatabaseAdminUser) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseAdminUser) MarshalToSizedBuffer 

func (m *DatabaseAdminUser) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseAdminUser) ProtoMessage 

func (*DatabaseAdminUser) ProtoMessage()

func (*DatabaseAdminUser) Reset 

func (m *DatabaseAdminUser) Reset()

func (*DatabaseAdminUser) Size 

func (m *DatabaseAdminUser) Size() (n int)

func (*DatabaseAdminUser) String 

func (m *DatabaseAdminUser) String() string

func (*DatabaseAdminUser) Unmarshal 

func (m *DatabaseAdminUser) Unmarshal(dAtA []byte) error

func (*DatabaseAdminUser) XXX_DiscardUnknown 

func (m *DatabaseAdminUser) XXX_DiscardUnknown()

func (*DatabaseAdminUser) XXX_Marshal 

func (m *DatabaseAdminUser) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseAdminUser) XXX_Merge 

func (m *DatabaseAdminUser) XXX_Merge(src proto.Message)

func (*DatabaseAdminUser) XXX_Size 

func (m *DatabaseAdminUser) XXX_Size() int

func (*DatabaseAdminUser) XXX_Unmarshal 

func (m *DatabaseAdminUser) XXX_Unmarshal(b []byte) error

type DatabasePermission 

type DatabasePermission struct {
	// Permission is the list of string representations of the permission to be given, e.g. SELECT, INSERT, UPDATE, ...
	Permissions []string `protobuf:"bytes,1,rep,name=Permissions,proto3" json:"permissions"`
	// Match is a list of object labels that must be matched for the permission to be granted.
	Match                Labels   `protobuf:"bytes,2,opt,name=Match,proto3,customtype=Labels" json:"match"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DatabasePermission specifies the database object permission for the user.

func (*DatabasePermission) CheckAndSetDefaults 

func (m *DatabasePermission) CheckAndSetDefaults() error

func (*DatabasePermission) Descriptor 

func (*DatabasePermission) Descriptor() ([]byte, []int)

func (*DatabasePermission) Marshal 

func (m *DatabasePermission) Marshal() (dAtA []byte, err error)

func (*DatabasePermission) MarshalTo 

func (m *DatabasePermission) MarshalTo(dAtA []byte) (int, error)

func (*DatabasePermission) MarshalToSizedBuffer 

func (m *DatabasePermission) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabasePermission) ProtoMessage 

func (*DatabasePermission) ProtoMessage()

func (*DatabasePermission) Reset 

func (m *DatabasePermission) Reset()

func (*DatabasePermission) Size 

func (m *DatabasePermission) Size() (n int)

func (*DatabasePermission) String 

func (m *DatabasePermission) String() string

func (*DatabasePermission) Unmarshal 

func (m *DatabasePermission) Unmarshal(dAtA []byte) error

func (*DatabasePermission) XXX_DiscardUnknown 

func (m *DatabasePermission) XXX_DiscardUnknown()

func (*DatabasePermission) XXX_Marshal 

func (m *DatabasePermission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabasePermission) XXX_Merge 

func (m *DatabasePermission) XXX_Merge(src proto.Message)

func (*DatabasePermission) XXX_Size 

func (m *DatabasePermission) XXX_Size() int

func (*DatabasePermission) XXX_Unmarshal 

func (m *DatabasePermission) XXX_Unmarshal(b []byte) error

type DatabasePermissions 

type DatabasePermissions []DatabasePermission

DatabasePermissions is a list of DatabasePermission objects.

type DatabaseResourceMatcher 

type DatabaseResourceMatcher struct {
	Labels               *Labels            `protobuf:"bytes,1,opt,name=Labels,proto3,customtype=Labels" json:"labels"`
	AWS                  ResourceMatcherAWS `protobuf:"bytes,2,opt,name=AWS,proto3" json:"aws"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

DatabaseResourceMatcher is a set of properties that is used to match on resources.

func (*DatabaseResourceMatcher) Descriptor 

func (*DatabaseResourceMatcher) Descriptor() ([]byte, []int)

func (*DatabaseResourceMatcher) Marshal 

func (m *DatabaseResourceMatcher) Marshal() (dAtA []byte, err error)

func (*DatabaseResourceMatcher) MarshalTo 

func (m *DatabaseResourceMatcher) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseResourceMatcher) MarshalToSizedBuffer 

func (m *DatabaseResourceMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseResourceMatcher) ProtoMessage 

func (*DatabaseResourceMatcher) ProtoMessage()

func (*DatabaseResourceMatcher) Reset 

func (m *DatabaseResourceMatcher) Reset()

func (*DatabaseResourceMatcher) Size 

func (m *DatabaseResourceMatcher) Size() (n int)

func (*DatabaseResourceMatcher) String 

func (m *DatabaseResourceMatcher) String() string

func (*DatabaseResourceMatcher) Unmarshal 

func (m *DatabaseResourceMatcher) Unmarshal(dAtA []byte) error

func (*DatabaseResourceMatcher) XXX_DiscardUnknown 

func (m *DatabaseResourceMatcher) XXX_DiscardUnknown()

func (*DatabaseResourceMatcher) XXX_Marshal 

func (m *DatabaseResourceMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseResourceMatcher) XXX_Merge 

func (m *DatabaseResourceMatcher) XXX_Merge(src proto.Message)

func (*DatabaseResourceMatcher) XXX_Size 

func (m *DatabaseResourceMatcher) XXX_Size() int

func (*DatabaseResourceMatcher) XXX_Unmarshal 

func (m *DatabaseResourceMatcher) XXX_Unmarshal(b []byte) error

type DatabaseServer 

type DatabaseServer interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetNamespace returns server namespace.
	GetNamespace() string
	// GetTeleportVersion returns the teleport version the server is running on.
	GetTeleportVersion() string
	// GetHostname returns the server hostname.
	GetHostname() string
	// GetHostID returns ID of the host the server is running on.
	GetHostID() string
	// GetRotation gets the state of certificate authority rotation.
	GetRotation() Rotation
	// SetRotation sets the state of certificate authority rotation.
	SetRotation(Rotation)
	// String returns string representation of the server.
	String() string
	// Copy returns a copy of this database server object.
	Copy() DatabaseServer

	// CloneResource returns a copy of the DatabaseServer as a ResourceWithLabels
	CloneResource() ResourceWithLabels
	// GetDatabase returns the database this database server proxies.
	GetDatabase() Database
	// SetDatabase sets the database this database server proxies.
	SetDatabase(Database) error
	// ProxiedService provides common methods for a proxied service.
	ProxiedService
	// GetTargetHealth returns the database server's target health.
	GetTargetHealth() TargetHealth
	// SetTargetHealth sets the database server's target health.
	SetTargetHealth(h TargetHealth)
	// GetTargetHealthStatus returns target health status
	GetTargetHealthStatus() TargetHealthStatus
	// SetTargetHealthStatus sets target health status
	SetTargetHealthStatus(status TargetHealthStatus)
}

DatabaseServer represents a database access server.

type DatabaseServerSpecV3 

type DatabaseServerSpecV3 struct {
	// Version is the Teleport version that the server is running.
	Version string `protobuf:"bytes,6,opt,name=Version,proto3" json:"version"`
	// Hostname is the database server hostname.
	Hostname string `protobuf:"bytes,7,opt,name=Hostname,proto3" json:"hostname"`
	// HostID is the ID of the host the database server is running on.
	HostID string `protobuf:"bytes,8,opt,name=HostID,proto3" json:"host_id"`
	// Rotation contains the server CA rotation information.
	Rotation Rotation `protobuf:"bytes,10,opt,name=Rotation,proto3" json:"rotation,omitempty"`
	// Database is the database proxied by this database server.
	Database *DatabaseV3 `protobuf:"bytes,12,opt,name=Database,proto3" json:"database,omitempty"`
	// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
	ProxyIDs             []string `protobuf:"bytes,13,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DatabaseServerSpecV3 is the database server spec.

func (*DatabaseServerSpecV3) Descriptor 

func (*DatabaseServerSpecV3) Descriptor() ([]byte, []int)

func (*DatabaseServerSpecV3) Marshal 

func (m *DatabaseServerSpecV3) Marshal() (dAtA []byte, err error)

func (*DatabaseServerSpecV3) MarshalTo 

func (m *DatabaseServerSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseServerSpecV3) MarshalToSizedBuffer 

func (m *DatabaseServerSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseServerSpecV3) ProtoMessage 

func (*DatabaseServerSpecV3) ProtoMessage()

func (*DatabaseServerSpecV3) Reset 

func (m *DatabaseServerSpecV3) Reset()

func (*DatabaseServerSpecV3) Size 

func (m *DatabaseServerSpecV3) Size() (n int)

func (*DatabaseServerSpecV3) String 

func (m *DatabaseServerSpecV3) String() string

func (*DatabaseServerSpecV3) Unmarshal 

func (m *DatabaseServerSpecV3) Unmarshal(dAtA []byte) error

func (*DatabaseServerSpecV3) XXX_DiscardUnknown 

func (m *DatabaseServerSpecV3) XXX_DiscardUnknown()

func (*DatabaseServerSpecV3) XXX_Marshal 

func (m *DatabaseServerSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseServerSpecV3) XXX_Merge 

func (m *DatabaseServerSpecV3) XXX_Merge(src proto.Message)

func (*DatabaseServerSpecV3) XXX_Size 

func (m *DatabaseServerSpecV3) XXX_Size() int

func (*DatabaseServerSpecV3) XXX_Unmarshal 

func (m *DatabaseServerSpecV3) XXX_Unmarshal(b []byte) error

type DatabaseServerStatusV3 

type DatabaseServerStatusV3 struct {
	// TargetHealth is the health status of network connectivity between
	// the agent and the database.
	TargetHealth         *TargetHealth `protobuf:"bytes,14,opt,name=TargetHealth,proto3" json:"target_health,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

DatabaseServerStatusV3 is the database server status.

func (*DatabaseServerStatusV3) Descriptor 

func (*DatabaseServerStatusV3) Descriptor() ([]byte, []int)

func (*DatabaseServerStatusV3) Marshal 

func (m *DatabaseServerStatusV3) Marshal() (dAtA []byte, err error)

func (*DatabaseServerStatusV3) MarshalTo 

func (m *DatabaseServerStatusV3) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseServerStatusV3) MarshalToSizedBuffer 

func (m *DatabaseServerStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseServerStatusV3) ProtoMessage 

func (*DatabaseServerStatusV3) ProtoMessage()

func (*DatabaseServerStatusV3) Reset 

func (m *DatabaseServerStatusV3) Reset()

func (*DatabaseServerStatusV3) Size 

func (m *DatabaseServerStatusV3) Size() (n int)

func (*DatabaseServerStatusV3) String 

func (m *DatabaseServerStatusV3) String() string

func (*DatabaseServerStatusV3) Unmarshal 

func (m *DatabaseServerStatusV3) Unmarshal(dAtA []byte) error

func (*DatabaseServerStatusV3) XXX_DiscardUnknown 

func (m *DatabaseServerStatusV3) XXX_DiscardUnknown()

func (*DatabaseServerStatusV3) XXX_Marshal 

func (m *DatabaseServerStatusV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseServerStatusV3) XXX_Merge 

func (m *DatabaseServerStatusV3) XXX_Merge(src proto.Message)

func (*DatabaseServerStatusV3) XXX_Size 

func (m *DatabaseServerStatusV3) XXX_Size() int

func (*DatabaseServerStatusV3) XXX_Unmarshal 

func (m *DatabaseServerStatusV3) XXX_Unmarshal(b []byte) error

type DatabaseServerV3 

type DatabaseServerV3 struct {
	// Kind is the database server resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the database server metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the database server spec.
	Spec DatabaseServerSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	// Status is the database server status.
	Status               DatabaseServerStatusV3 `protobuf:"bytes,6,opt,name=Status,proto3" json:"status"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

DatabaseServerV3 represents a database access server.

func NewDatabaseServerV3 

func NewDatabaseServerV3(meta Metadata, spec DatabaseServerSpecV3) (*DatabaseServerV3, error)

NewDatabaseServerV3 creates a new database server instance.

func (*DatabaseServerV3) CheckAndSetDefaults 

func (s *DatabaseServerV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*DatabaseServerV3) CloneResource 

func (s *DatabaseServerV3) CloneResource() ResourceWithLabels

CloneResource returns a copy of this database server object.

func (*DatabaseServerV3) Copy 

func (s *DatabaseServerV3) Copy() DatabaseServer

Copy returns a copy of this database server object.

func (*DatabaseServerV3) Descriptor 

func (*DatabaseServerV3) Descriptor() ([]byte, []int)

func (*DatabaseServerV3) Expiry 

func (s *DatabaseServerV3) Expiry() time.Time

Expiry returns the resource expiry time.

func (*DatabaseServerV3) GetAllLabels 

func (s *DatabaseServerV3) GetAllLabels() map[string]string

GetAllLabels returns all resource's labels. Considering: * Static labels from `Metadata.Labels` and `Spec.Database`. * Dynamic labels from `Spec.DynamicLabels`.

func (*DatabaseServerV3) GetDatabase 

func (s *DatabaseServerV3) GetDatabase() Database

GetDatabase returns the database this database server proxies.

func (*DatabaseServerV3) GetHostID 

func (s *DatabaseServerV3) GetHostID() string

GetHostID returns ID of the host the server is running on.

func (*DatabaseServerV3) GetHostname 

func (s *DatabaseServerV3) GetHostname() string

GetHostname returns the database server hostname.

func (*DatabaseServerV3) GetKind 

func (s *DatabaseServerV3) GetKind() string

GetKind returns the resource kind.

func (*DatabaseServerV3) GetLabel 

func (s *DatabaseServerV3) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*DatabaseServerV3) GetMetadata 

func (s *DatabaseServerV3) GetMetadata() Metadata

GetMetadata returns the resource metadata.

func (*DatabaseServerV3) GetName 

func (s *DatabaseServerV3) GetName() string

GetName returns the resource name.

func (*DatabaseServerV3) GetNamespace 

func (s *DatabaseServerV3) GetNamespace() string

GetNamespace returns the resource namespace.

func (*DatabaseServerV3) GetProxyIDs 

func (s *DatabaseServerV3) GetProxyIDs() []string

GetProxyID returns a list of proxy ids this server is connected to.

func (*DatabaseServerV3) GetRevision 

func (s *DatabaseServerV3) GetRevision() string

GetRevision returns the revision

func (*DatabaseServerV3) GetRotation 

func (s *DatabaseServerV3) GetRotation() Rotation

GetRotation returns the server CA rotation state.

func (*DatabaseServerV3) GetStaticLabels 

func (s *DatabaseServerV3) GetStaticLabels() map[string]string

GetStaticLabels returns the database server static labels.

func (*DatabaseServerV3) GetSubKind 

func (s *DatabaseServerV3) GetSubKind() string

GetSubKind returns the resource subkind.

func (*DatabaseServerV3) GetTargetHealth 

func (s *DatabaseServerV3) GetTargetHealth() TargetHealth

GetTargetHealth returns the database server's target health.

func (*DatabaseServerV3) GetTargetHealthStatus 

func (s *DatabaseServerV3) GetTargetHealthStatus() TargetHealthStatus

GetTargetHealthStatus returns target health status

func (*DatabaseServerV3) GetTeleportVersion 

func (s *DatabaseServerV3) GetTeleportVersion() string

GetTeleportVersion returns the Teleport version the server is running.

func (*DatabaseServerV3) GetVersion 

func (s *DatabaseServerV3) GetVersion() string

GetVersion returns the database server resource version.

func (*DatabaseServerV3) Marshal 

func (m *DatabaseServerV3) Marshal() (dAtA []byte, err error)

func (*DatabaseServerV3) MarshalTo 

func (m *DatabaseServerV3) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseServerV3) MarshalToSizedBuffer 

func (m *DatabaseServerV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseServerV3) MatchSearch 

func (s *DatabaseServerV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*DatabaseServerV3) Origin 

func (s *DatabaseServerV3) Origin() string

Origin returns the origin value of the resource.

func (*DatabaseServerV3) ProtoMessage 

func (*DatabaseServerV3) ProtoMessage()

func (*DatabaseServerV3) Reset 

func (m *DatabaseServerV3) Reset()

func (*DatabaseServerV3) SetDatabase 

func (s *DatabaseServerV3) SetDatabase(database Database) error

SetDatabase sets the database this database server proxies.

func (*DatabaseServerV3) SetExpiry 

func (s *DatabaseServerV3) SetExpiry(expiry time.Time)

SetExpiry sets the resource expiry time.

func (*DatabaseServerV3) SetName 

func (s *DatabaseServerV3) SetName(name string)

SetName sets the resource name.

func (*DatabaseServerV3) SetOrigin 

func (s *DatabaseServerV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*DatabaseServerV3) SetProxyIDs 

func (s *DatabaseServerV3) SetProxyIDs(proxyIDs []string)

SetProxyID sets the proxy ids this server is connected to.

func (*DatabaseServerV3) SetRevision 

func (s *DatabaseServerV3) SetRevision(rev string)

SetRevision sets the revision

func (*DatabaseServerV3) SetRotation 

func (s *DatabaseServerV3) SetRotation(r Rotation)

SetRotation sets the server CA rotation state.

func (*DatabaseServerV3) SetStaticLabels 

func (s *DatabaseServerV3) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the database server static labels.

func (*DatabaseServerV3) SetSubKind 

func (s *DatabaseServerV3) SetSubKind(sk string)

SetSubKind sets the resource subkind.

func (*DatabaseServerV3) SetTargetHealth 

func (s *DatabaseServerV3) SetTargetHealth(h TargetHealth)

SetTargetHealth sets the database server's target health status.

func (*DatabaseServerV3) SetTargetHealthStatus 

func (s *DatabaseServerV3) SetTargetHealthStatus(status TargetHealthStatus)

SetTargetHealthStatus sets target health status

func (*DatabaseServerV3) Size 

func (m *DatabaseServerV3) Size() (n int)

func (*DatabaseServerV3) String 

func (s *DatabaseServerV3) String() string

String returns the server string representation.

func (*DatabaseServerV3) Unmarshal 

func (m *DatabaseServerV3) Unmarshal(dAtA []byte) error

func (*DatabaseServerV3) XXX_DiscardUnknown 

func (m *DatabaseServerV3) XXX_DiscardUnknown()

func (*DatabaseServerV3) XXX_Marshal 

func (m *DatabaseServerV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseServerV3) XXX_Merge 

func (m *DatabaseServerV3) XXX_Merge(src proto.Message)

func (*DatabaseServerV3) XXX_Size 

func (m *DatabaseServerV3) XXX_Size() int

func (*DatabaseServerV3) XXX_Unmarshal 

func (m *DatabaseServerV3) XXX_Unmarshal(b []byte) error

type DatabaseServers 

type DatabaseServers []DatabaseServer

DatabaseServers represents a list of database servers.

func (DatabaseServers) AsResources 

func (s DatabaseServers) AsResources() []ResourceWithLabels

AsResources returns db servers as type resources with labels.

func (DatabaseServers) GetFieldVals 

func (s DatabaseServers) GetFieldVals(field string) ([]string, error)

GetFieldVals returns list of select field values.

func (DatabaseServers) Len 

func (s DatabaseServers) Len() int

Len returns the slice length.

func (DatabaseServers) Less 

func (s DatabaseServers) Less(i, j int) bool

Less compares database servers by name and host ID.

func (DatabaseServers) SortByCustom 

func (s DatabaseServers) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (DatabaseServers) Swap 

func (s DatabaseServers) Swap(i, j int)

Swap swaps two database servers.

func (DatabaseServers) ToDatabases 

func (s DatabaseServers) ToDatabases() []Database

ToDatabases converts database servers to a list of databases and deduplicates the databases by name.

type DatabaseService 

type DatabaseService interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels

	// GetNamespace returns the resource namespace.
	GetNamespace() string

	// GetResourceMatchers returns the resource matchers of the DatabaseService.
	// Database services deployed by Teleport have known configurations where
	// we will only define a single resource matcher.
	GetResourceMatchers() []*DatabaseResourceMatcher

	// GetHostname returns the hostname where this Database Service is running.
	GetHostname() string

	// Clone creates a copy of the service.
	Clone() DatabaseService
}

DatabaseService represents a DatabaseService (agent).

type DatabaseServiceSpecV1 

type DatabaseServiceSpecV1 struct {
	// ResourceMatchers is the configured match for Database resources.
	ResourceMatchers []*DatabaseResourceMatcher `protobuf:"bytes,1,rep,name=ResourceMatchers,proto3" json:"resources"`
	// Hostname is the hostname where this service is running.
	Hostname             string   `protobuf:"bytes,2,opt,name=Hostname,proto3" json:"hostname"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DatabaseServiceSpecV1 is the DatabaseService Spec.

func (*DatabaseServiceSpecV1) Descriptor 

func (*DatabaseServiceSpecV1) Descriptor() ([]byte, []int)

func (*DatabaseServiceSpecV1) Marshal 

func (m *DatabaseServiceSpecV1) Marshal() (dAtA []byte, err error)

func (*DatabaseServiceSpecV1) MarshalTo 

func (m *DatabaseServiceSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseServiceSpecV1) MarshalToSizedBuffer 

func (m *DatabaseServiceSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseServiceSpecV1) ProtoMessage 

func (*DatabaseServiceSpecV1) ProtoMessage()

func (*DatabaseServiceSpecV1) Reset 

func (m *DatabaseServiceSpecV1) Reset()

func (*DatabaseServiceSpecV1) Size 

func (m *DatabaseServiceSpecV1) Size() (n int)

func (*DatabaseServiceSpecV1) String 

func (m *DatabaseServiceSpecV1) String() string

func (*DatabaseServiceSpecV1) Unmarshal 

func (m *DatabaseServiceSpecV1) Unmarshal(dAtA []byte) error

func (*DatabaseServiceSpecV1) XXX_DiscardUnknown 

func (m *DatabaseServiceSpecV1) XXX_DiscardUnknown()

func (*DatabaseServiceSpecV1) XXX_Marshal 

func (m *DatabaseServiceSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseServiceSpecV1) XXX_Merge 

func (m *DatabaseServiceSpecV1) XXX_Merge(src proto.Message)

func (*DatabaseServiceSpecV1) XXX_Size 

func (m *DatabaseServiceSpecV1) XXX_Size() int

func (*DatabaseServiceSpecV1) XXX_Unmarshal 

func (m *DatabaseServiceSpecV1) XXX_Unmarshal(b []byte) error

type DatabaseServiceV1 

type DatabaseServiceV1 struct {
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the resource spec.
	Spec                 DatabaseServiceSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

DatabaseServiceV1 is the representation of a DatabaseService (agent) process.

func NewDatabaseServiceV1 

func NewDatabaseServiceV1(meta Metadata, spec DatabaseServiceSpecV1) (*DatabaseServiceV1, error)

NewDatabaseServiceV1 creates a new DatabaseService instance.

func (*DatabaseServiceV1) CheckAndSetDefaults 

func (s *DatabaseServiceV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*DatabaseServiceV1) Clone 

func (s *DatabaseServiceV1) Clone() DatabaseService

Clone creates a clone of this service.

func (*DatabaseServiceV1) Descriptor 

func (*DatabaseServiceV1) Descriptor() ([]byte, []int)

func (*DatabaseServiceV1) GetHostname 

func (s *DatabaseServiceV1) GetHostname() string

GetHostname returns the hostname where this Database Service is running.

func (*DatabaseServiceV1) GetNamespace 

func (s *DatabaseServiceV1) GetNamespace() string

GetNamespace returns the resource namespace.

func (*DatabaseServiceV1) GetResourceMatchers 

func (s *DatabaseServiceV1) GetResourceMatchers() []*DatabaseResourceMatcher

GetResourceMatchers returns the resource matchers of the DatabaseService.

func (*DatabaseServiceV1) Marshal 

func (m *DatabaseServiceV1) Marshal() (dAtA []byte, err error)

func (*DatabaseServiceV1) MarshalTo 

func (m *DatabaseServiceV1) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseServiceV1) MarshalToSizedBuffer 

func (m *DatabaseServiceV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseServiceV1) MatchSearch 

func (s *DatabaseServiceV1) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*DatabaseServiceV1) ProtoMessage 

func (*DatabaseServiceV1) ProtoMessage()

func (*DatabaseServiceV1) Reset 

func (m *DatabaseServiceV1) Reset()

func (*DatabaseServiceV1) Size 

func (m *DatabaseServiceV1) Size() (n int)

func (*DatabaseServiceV1) String 

func (m *DatabaseServiceV1) String() string

func (*DatabaseServiceV1) Unmarshal 

func (m *DatabaseServiceV1) Unmarshal(dAtA []byte) error

func (*DatabaseServiceV1) XXX_DiscardUnknown 

func (m *DatabaseServiceV1) XXX_DiscardUnknown()

func (*DatabaseServiceV1) XXX_Marshal 

func (m *DatabaseServiceV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseServiceV1) XXX_Merge 

func (m *DatabaseServiceV1) XXX_Merge(src proto.Message)

func (*DatabaseServiceV1) XXX_Size 

func (m *DatabaseServiceV1) XXX_Size() int

func (*DatabaseServiceV1) XXX_Unmarshal 

func (m *DatabaseServiceV1) XXX_Unmarshal(b []byte) error

type DatabaseSpecV3 

type DatabaseSpecV3 struct {
	// Protocol is the database protocol: postgres, mysql, mongodb, etc.
	Protocol string `protobuf:"bytes,1,opt,name=Protocol,proto3" json:"protocol"`
	// URI is the database connection endpoint.
	URI string `protobuf:"bytes,2,opt,name=URI,proto3" json:"uri"`
	// CACert is the PEM-encoded database CA certificate.
	//
	// DEPRECATED: Moved to TLS.CACert. DELETE IN 10.0.
	CACert string `protobuf:"bytes,3,opt,name=CACert,proto3" json:"ca_cert,omitempty"` // Deprecated: Do not use.
	// DynamicLabels is the database dynamic labels.
	DynamicLabels map[string]CommandLabelV2 `` /* 168-byte string literal not displayed */
	// AWS contains AWS specific settings for RDS/Aurora/Redshift databases.
	AWS AWS `protobuf:"bytes,5,opt,name=AWS,proto3" json:"aws,omitempty"`
	// GCP contains parameters specific to GCP Cloud SQL databases.
	GCP GCPCloudSQL `protobuf:"bytes,6,opt,name=GCP,proto3" json:"gcp,omitempty"`
	// Azure contains Azure specific database metadata.
	Azure Azure `protobuf:"bytes,7,opt,name=Azure,proto3" json:"azure,omitempty"`
	// TLS is the TLS configuration used when establishing connection to target database.
	// Allows to provide custom CA cert or override server name.
	TLS DatabaseTLS `protobuf:"bytes,8,opt,name=TLS,proto3" json:"tls,omitempty"`
	// AD is the Active Directory configuration for the database.
	AD AD `protobuf:"bytes,9,opt,name=AD,proto3" json:"ad,omitempty"`
	// MySQL is an additional section with MySQL database options.
	MySQL MySQLOptions `protobuf:"bytes,10,opt,name=MySQL,proto3" json:"mysql,omitempty"`
	// AdminUser is the database admin user for automatic user provisioning.
	AdminUser *DatabaseAdminUser `protobuf:"bytes,11,opt,name=AdminUser,proto3" json:"admin_user,omitempty"`
	// MongoAtlas contains Atlas metadata about the database.
	MongoAtlas MongoAtlas `protobuf:"bytes,12,opt,name=MongoAtlas,proto3" json:"mongo_atlas,omitempty"`
	// Oracle is an additional Oracle configuration options.
	Oracle               OracleOptions `protobuf:"bytes,13,opt,name=Oracle,proto3" json:"oracle,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

DatabaseSpecV3 is the database spec.

func (*DatabaseSpecV3) Descriptor 

func (*DatabaseSpecV3) Descriptor() ([]byte, []int)

func (*DatabaseSpecV3) Marshal 

func (m *DatabaseSpecV3) Marshal() (dAtA []byte, err error)

func (*DatabaseSpecV3) MarshalTo 

func (m *DatabaseSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseSpecV3) MarshalToSizedBuffer 

func (m *DatabaseSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseSpecV3) ProtoMessage 

func (*DatabaseSpecV3) ProtoMessage()

func (*DatabaseSpecV3) Reset 

func (m *DatabaseSpecV3) Reset()

func (*DatabaseSpecV3) Size 

func (m *DatabaseSpecV3) Size() (n int)

func (*DatabaseSpecV3) String 

func (m *DatabaseSpecV3) String() string

func (*DatabaseSpecV3) Unmarshal 

func (m *DatabaseSpecV3) Unmarshal(dAtA []byte) error

func (*DatabaseSpecV3) XXX_DiscardUnknown 

func (m *DatabaseSpecV3) XXX_DiscardUnknown()

func (*DatabaseSpecV3) XXX_Marshal 

func (m *DatabaseSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseSpecV3) XXX_Merge 

func (m *DatabaseSpecV3) XXX_Merge(src proto.Message)

func (*DatabaseSpecV3) XXX_Size 

func (m *DatabaseSpecV3) XXX_Size() int

func (*DatabaseSpecV3) XXX_Unmarshal 

func (m *DatabaseSpecV3) XXX_Unmarshal(b []byte) error

type DatabaseStatusV3 

type DatabaseStatusV3 struct {
	// CACert is the auto-downloaded cloud database CA certificate.
	CACert string `protobuf:"bytes,1,opt,name=CACert,proto3" json:"ca_cert,omitempty"`
	// AWS is the auto-discovered AWS cloud database metadata.
	AWS AWS `protobuf:"bytes,2,opt,name=AWS,proto3" json:"aws"`
	// MySQL is an additional section with MySQL runtime database information.
	MySQL MySQLOptions `protobuf:"bytes,3,opt,name=MySQL,proto3" json:"mysql,omitempty"`
	// ManagedUsers is a list of database users that are managed by Teleport.
	ManagedUsers []string `protobuf:"bytes,4,rep,name=ManagedUsers,proto3" json:"managed_users,omitempty"`
	// Azure is the auto-discovered Azure cloud database metadata.
	Azure                Azure    `protobuf:"bytes,5,opt,name=Azure,proto3" json:"azure"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DatabaseStatusV3 contains runtime information about the database.

func (*DatabaseStatusV3) Descriptor 

func (*DatabaseStatusV3) Descriptor() ([]byte, []int)

func (*DatabaseStatusV3) Marshal 

func (m *DatabaseStatusV3) Marshal() (dAtA []byte, err error)

func (*DatabaseStatusV3) MarshalTo 

func (m *DatabaseStatusV3) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseStatusV3) MarshalToSizedBuffer 

func (m *DatabaseStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseStatusV3) ProtoMessage 

func (*DatabaseStatusV3) ProtoMessage()

func (*DatabaseStatusV3) Reset 

func (m *DatabaseStatusV3) Reset()

func (*DatabaseStatusV3) Size 

func (m *DatabaseStatusV3) Size() (n int)

func (*DatabaseStatusV3) String 

func (m *DatabaseStatusV3) String() string

func (*DatabaseStatusV3) Unmarshal 

func (m *DatabaseStatusV3) Unmarshal(dAtA []byte) error

func (*DatabaseStatusV3) XXX_DiscardUnknown 

func (m *DatabaseStatusV3) XXX_DiscardUnknown()

func (*DatabaseStatusV3) XXX_Marshal 

func (m *DatabaseStatusV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseStatusV3) XXX_Merge 

func (m *DatabaseStatusV3) XXX_Merge(src proto.Message)

func (*DatabaseStatusV3) XXX_Size 

func (m *DatabaseStatusV3) XXX_Size() int

func (*DatabaseStatusV3) XXX_Unmarshal 

func (m *DatabaseStatusV3) XXX_Unmarshal(b []byte) error

type DatabaseTLS 

type DatabaseTLS struct {
	// Mode is a TLS connection mode.
	// 0 is "verify-full"; 1 is "verify-ca", 2 is "insecure".
	Mode DatabaseTLSMode `protobuf:"varint,1,opt,name=Mode,proto3,enum=types.DatabaseTLSMode" json:"mode"`
	// CACert is an optional user provided CA certificate used for verifying
	// database TLS connection.
	CACert string `protobuf:"bytes,2,opt,name=CACert,proto3" json:"ca_cert,omitempty"`
	// ServerName allows to provide custom hostname. This value will override the
	// servername/hostname on a certificate during validation.
	ServerName string `protobuf:"bytes,3,opt,name=ServerName,proto3" json:"server_name,omitempty"`
	// TrustSystemCertPool allows Teleport to trust certificate authorities
	// available on the host system. If not set (by default), Teleport only
	// trusts self-signed databases with TLS certificates signed by Teleport's
	// Database Server CA or the ca_cert specified in this TLS setting. For
	// cloud-hosted databases, Teleport downloads the corresponding required CAs
	// for validation.
	TrustSystemCertPool  bool     `protobuf:"varint,4,opt,name=TrustSystemCertPool,proto3" json:"trust_system_cert_pool,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DatabaseTLS contains TLS configuration options.

func (*DatabaseTLS) Descriptor 

func (*DatabaseTLS) Descriptor() ([]byte, []int)

func (*DatabaseTLS) Marshal 

func (m *DatabaseTLS) Marshal() (dAtA []byte, err error)

func (*DatabaseTLS) MarshalTo 

func (m *DatabaseTLS) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseTLS) MarshalToSizedBuffer 

func (m *DatabaseTLS) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseTLS) ProtoMessage 

func (*DatabaseTLS) ProtoMessage()

func (*DatabaseTLS) Reset 

func (m *DatabaseTLS) Reset()

func (*DatabaseTLS) Size 

func (m *DatabaseTLS) Size() (n int)

func (*DatabaseTLS) String 

func (m *DatabaseTLS) String() string

func (*DatabaseTLS) Unmarshal 

func (m *DatabaseTLS) Unmarshal(dAtA []byte) error

func (*DatabaseTLS) XXX_DiscardUnknown 

func (m *DatabaseTLS) XXX_DiscardUnknown()

func (*DatabaseTLS) XXX_Marshal 

func (m *DatabaseTLS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseTLS) XXX_Merge 

func (m *DatabaseTLS) XXX_Merge(src proto.Message)

func (*DatabaseTLS) XXX_Size 

func (m *DatabaseTLS) XXX_Size() int

func (*DatabaseTLS) XXX_Unmarshal 

func (m *DatabaseTLS) XXX_Unmarshal(b []byte) error

type DatabaseTLSMode 

type DatabaseTLSMode int32

DatabaseTLSMode represents the level of TLS verification performed by DB agent when connecting to a database. 

const (
	// VERIFY_FULL performs full certificate validation.
	DatabaseTLSMode_VERIFY_FULL DatabaseTLSMode = 0
	// VERIFY_CA works the same as VERIFY_FULL, but it skips the hostname check.
	DatabaseTLSMode_VERIFY_CA DatabaseTLSMode = 1
	// INSECURE accepts any certificate provided by server. This is the least secure option.
	DatabaseTLSMode_INSECURE DatabaseTLSMode = 2
)

func (DatabaseTLSMode) EnumDescriptor 

func (DatabaseTLSMode) EnumDescriptor() ([]byte, []int)

func (DatabaseTLSMode) String 

func (x DatabaseTLSMode) String() string

func (*DatabaseTLSMode) UnmarshalJSON 

func (d *DatabaseTLSMode) UnmarshalJSON(data []byte) error

UnmarshalJSON supports parsing DatabaseTLSMode from number or string.

func (*DatabaseTLSMode) UnmarshalYAML 

func (d *DatabaseTLSMode) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML supports parsing DatabaseTLSMode from number or string.

type DatabaseV3 

type DatabaseV3 struct {
	// Kind is the database resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v3`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the database metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the database spec.
	Spec DatabaseSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	// Status is the database runtime information.
	Status               DatabaseStatusV3 `protobuf:"bytes,6,opt,name=Status,proto3" json:"status"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

DatabaseV3 represents a single proxied database.

func NewDatabaseV3 

func NewDatabaseV3(meta Metadata, spec DatabaseSpecV3) (*DatabaseV3, error)

NewDatabaseV3 creates a new database resource.

func (*DatabaseV3) CheckAndSetDefaults 

func (d *DatabaseV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*DatabaseV3) Copy 

func (d *DatabaseV3) Copy() *DatabaseV3

Copy returns a copy of this database resource.

func (*DatabaseV3) Descriptor 

func (*DatabaseV3) Descriptor() ([]byte, []int)

func (*DatabaseV3) Expiry 

func (d *DatabaseV3) Expiry() time.Time

Expiry returns the database resource expiration time.

func (*DatabaseV3) GetAD 

func (d *DatabaseV3) GetAD() AD

GetAD returns Active Directory database configuration.

func (*DatabaseV3) GetAWS 

func (d *DatabaseV3) GetAWS() AWS

GetAWS returns the database AWS metadata.

func (*DatabaseV3) GetAdminUser 

func (d *DatabaseV3) GetAdminUser() (ret DatabaseAdminUser)

GetAdminUser returns database privileged user information.

func (*DatabaseV3) GetAllLabels 

func (d *DatabaseV3) GetAllLabels() map[string]string

GetAllLabels returns the database combined static and dynamic labels.

func (*DatabaseV3) GetAzure 

func (d *DatabaseV3) GetAzure() Azure

GetAzure returns Azure database server metadata.

func (*DatabaseV3) GetCA 

func (d *DatabaseV3) GetCA() string

GetCA returns the database CA certificate. If more than one CA is set, then the user provided CA is returned first (Spec field). Auto-downloaded CA certificate is returned otherwise.

func (*DatabaseV3) GetCloud 

func (d *DatabaseV3) GetCloud() string

GetCloud gets the cloud this database is running on, or an empty string if it isn't running on a cloud provider.

func (*DatabaseV3) GetDescription 

func (d *DatabaseV3) GetDescription() string

GetDescription returns the database description.

func (*DatabaseV3) GetDynamicLabels 

func (d *DatabaseV3) GetDynamicLabels() map[string]CommandLabel

GetDynamicLabels returns the database dynamic labels.

func (*DatabaseV3) GetEndpointType 

func (d *DatabaseV3) GetEndpointType() string

GetEndpointType returns the endpoint type of the database, if available.

func (*DatabaseV3) GetGCP 

func (d *DatabaseV3) GetGCP() GCPCloudSQL

GetGCP returns GCP information for Cloud SQL databases.

func (*DatabaseV3) GetKind 

func (d *DatabaseV3) GetKind() string

GetKind returns the database resource kind.

func (*DatabaseV3) GetLabel 

func (d *DatabaseV3) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*DatabaseV3) GetManagedUsers 

func (d *DatabaseV3) GetManagedUsers() []string

GetManagedUsers returns a list of database users that are managed by Teleport.

func (*DatabaseV3) GetMetadata 

func (d *DatabaseV3) GetMetadata() Metadata

GetMetadata returns the database resource metadata.

func (*DatabaseV3) GetMongoAtlas 

func (d *DatabaseV3) GetMongoAtlas() MongoAtlas

GetMongoAtlas returns Mongo Atlas database metadata.

func (*DatabaseV3) GetMySQL 

func (d *DatabaseV3) GetMySQL() MySQLOptions

GetMySQL returns the MySQL options from spec.

func (*DatabaseV3) GetMySQLServerVersion 

func (d *DatabaseV3) GetMySQLServerVersion() string

GetMySQLServerVersion returns the MySQL server version reported by the database or the value from configuration if the first one is not available.

func (*DatabaseV3) GetName 

func (d *DatabaseV3) GetName() string

GetName returns the database resource name.

func (*DatabaseV3) GetNamespace 

func (d *DatabaseV3) GetNamespace() string

GetNamespace returns the database resource namespace.

func (*DatabaseV3) GetOracle 

func (d *DatabaseV3) GetOracle() OracleOptions

GetOracle returns the Oracle options from spec.

func (*DatabaseV3) GetProtocol 

func (d *DatabaseV3) GetProtocol() string

GetProtocol returns the database protocol.

func (*DatabaseV3) GetRevision 

func (d *DatabaseV3) GetRevision() string

GetRevision returns the revision

func (*DatabaseV3) GetSecretStore 

func (d *DatabaseV3) GetSecretStore() SecretStore

GetSecretStore returns secret store configurations.

func (*DatabaseV3) GetStaticLabels 

func (d *DatabaseV3) GetStaticLabels() map[string]string

GetStaticLabels returns the database static labels.

func (*DatabaseV3) GetStatusCA 

func (d *DatabaseV3) GetStatusCA() string

GetStatusCA gets the database CA certificate in the status field.

func (*DatabaseV3) GetSubKind 

func (d *DatabaseV3) GetSubKind() string

GetSubKind returns the database resource subkind.

func (*DatabaseV3) GetTLS 

func (d *DatabaseV3) GetTLS() DatabaseTLS

GetTLS returns Database TLS configuration.

func (*DatabaseV3) GetType 

func (d *DatabaseV3) GetType() string

GetType returns the database type.

func (*DatabaseV3) GetURI 

func (d *DatabaseV3) GetURI() string

GetURI returns the database connection address.

func (*DatabaseV3) GetVersion 

func (d *DatabaseV3) GetVersion() string

GetVersion returns the database resource version.

func (*DatabaseV3) IsAWSHosted 

func (d *DatabaseV3) IsAWSHosted() bool

IsAWSHosted returns true if database is hosted by AWS.

func (*DatabaseV3) IsAWSKeyspaces 

func (d *DatabaseV3) IsAWSKeyspaces() bool

IsAWSKeyspaces returns true if this is an AWS hosted Cassandra database.

func (*DatabaseV3) IsAutoUsersEnabled 

func (d *DatabaseV3) IsAutoUsersEnabled() bool

IsAutoUsersEnabled returns true if the database has auto user provisioning enabled.

func (*DatabaseV3) IsAzure 

func (d *DatabaseV3) IsAzure() bool

IsAzure returns true if this is Azure hosted database.

func (*DatabaseV3) IsCloudHosted 

func (d *DatabaseV3) IsCloudHosted() bool

IsCloudHosted returns true if database is hosted in the cloud (AWS, Azure or Cloud SQL).

func (*DatabaseV3) IsCloudSQL 

func (d *DatabaseV3) IsCloudSQL() bool

IsCloudSQL returns true if this database is a Cloud SQL instance.

func (*DatabaseV3) IsDynamoDB 

func (d *DatabaseV3) IsDynamoDB() bool

IsDynamoDB returns true if this is an AWS hosted DynamoDB database.

func (*DatabaseV3) IsElastiCache 

func (d *DatabaseV3) IsElastiCache() bool

IsElastiCache returns true if this is an AWS ElastiCache database.

func (*DatabaseV3) IsEqual 

func (d *DatabaseV3) IsEqual(i Database) bool

IsEqual determines if two database resources are equivalent to one another.

func (*DatabaseV3) IsGCPHosted 

func (d *DatabaseV3) IsGCPHosted() bool

IsGCPHosted returns true if the database is hosted by GCP.

func (*DatabaseV3) IsMemoryDB 

func (d *DatabaseV3) IsMemoryDB() bool

IsMemoryDB returns true if this is an AWS MemoryDB database.

func (*DatabaseV3) IsOpenSearch 

func (d *DatabaseV3) IsOpenSearch() bool

IsOpenSearch returns true if this is an AWS hosted OpenSearch instance.

func (*DatabaseV3) IsRDS 

func (d *DatabaseV3) IsRDS() bool

IsRDS returns true if this is an AWS RDS/Aurora instance.

func (*DatabaseV3) IsRDSProxy 

func (d *DatabaseV3) IsRDSProxy() bool

IsRDSProxy returns true if this is an AWS RDS Proxy database.

func (*DatabaseV3) IsRedshift 

func (d *DatabaseV3) IsRedshift() bool

IsRedshift returns true if this is a Redshift database instance.

func (*DatabaseV3) IsSpanner 

func (d *DatabaseV3) IsSpanner() bool

IsSpanner returns true if this is a GCloud Spanner database.

func (*DatabaseV3) IsUsernameCaseInsensitive 

func (d *DatabaseV3) IsUsernameCaseInsensitive() bool

IsUsernameCaseInsensitive returns true if the database username is case insensitive.

func (*DatabaseV3) Marshal 

func (m *DatabaseV3) Marshal() (dAtA []byte, err error)

func (*DatabaseV3) MarshalTo 

func (m *DatabaseV3) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseV3) MarshalToSizedBuffer 

func (m *DatabaseV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseV3) MatchSearch 

func (d *DatabaseV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*DatabaseV3) Origin 

func (d *DatabaseV3) Origin() string

Origin returns the origin value of the resource.

func (*DatabaseV3) ProtoMessage 

func (*DatabaseV3) ProtoMessage()

func (*DatabaseV3) RequireAWSIAMRolesAsUsers 

func (d *DatabaseV3) RequireAWSIAMRolesAsUsers() bool

RequireAWSIAMRolesAsUsers returns true for database types that require AWS IAM roles as database users. IMPORTANT: if you add a database that requires AWS IAM Roles as users, and that database supports discovery, be sure to update RequireAWSIAMRolesAsUsersMatchers in matchers_aws.go as well.

func (*DatabaseV3) Reset 

func (m *DatabaseV3) Reset()

func (*DatabaseV3) SetAWSAssumeRole 

func (d *DatabaseV3) SetAWSAssumeRole(roleARN string)

SetAWSAssumeRole sets the database AWS assume role arn in the Spec.AWS field.

func (*DatabaseV3) SetAWSExternalID 

func (d *DatabaseV3) SetAWSExternalID(id string)

SetAWSExternalID sets the database AWS external ID in the Spec.AWS field.

func (*DatabaseV3) SetCA 

func (d *DatabaseV3) SetCA(caCert string)

SetCA sets the database CA certificate in the Spec.TLS.CACert field.

func (*DatabaseV3) SetDynamicLabels 

func (d *DatabaseV3) SetDynamicLabels(dl map[string]CommandLabel)

SetDynamicLabels sets the database dynamic labels

func (*DatabaseV3) SetExpiry 

func (d *DatabaseV3) SetExpiry(expiry time.Time)

SetExpiry sets the database resource expiration time.

func (*DatabaseV3) SetManagedUsers 

func (d *DatabaseV3) SetManagedUsers(users []string)

SetManagedUsers sets a list of database users that are managed by Teleport.

func (*DatabaseV3) SetMySQLServerVersion 

func (d *DatabaseV3) SetMySQLServerVersion(version string)

SetMySQLServerVersion sets the runtime MySQL server version.

func (*DatabaseV3) SetName 

func (d *DatabaseV3) SetName(name string)

SetName sets the database resource name.

func (*DatabaseV3) SetOrigin 

func (d *DatabaseV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*DatabaseV3) SetRevision 

func (d *DatabaseV3) SetRevision(rev string)

SetRevision sets the revision

func (*DatabaseV3) SetStaticLabels 

func (d *DatabaseV3) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the database static labels.

func (*DatabaseV3) SetStatusAWS 

func (d *DatabaseV3) SetStatusAWS(aws AWS)

SetStatusAWS sets the database AWS metadata in the status field.

func (*DatabaseV3) SetStatusAzure 

func (d *DatabaseV3) SetStatusAzure(azure Azure)

SetStatusAzure sets the database Azure metadata in the status field.

func (*DatabaseV3) SetStatusCA 

func (d *DatabaseV3) SetStatusCA(ca string)

SetStatusCA sets the database CA certificate in the status field.

func (*DatabaseV3) SetSubKind 

func (d *DatabaseV3) SetSubKind(sk string)

SetSubKind sets the database resource subkind.

func (*DatabaseV3) SetURI 

func (d *DatabaseV3) SetURI(uri string)

SetURI sets the database connection address.

func (*DatabaseV3) Size 

func (m *DatabaseV3) Size() (n int)

func (*DatabaseV3) String 

func (d *DatabaseV3) String() string

String returns the database string representation.

func (*DatabaseV3) SupportAWSIAMRoleARNAsUsers 

func (d *DatabaseV3) SupportAWSIAMRoleARNAsUsers() bool

SupportAWSIAMRoleARNAsUsers returns true for database types that support AWS IAM roles as database users.

func (*DatabaseV3) SupportsAutoUsers 

func (d *DatabaseV3) SupportsAutoUsers() bool

SupportsAutoUsers returns true if this database supports automatic user provisioning.

func (*DatabaseV3) Unmarshal 

func (m *DatabaseV3) Unmarshal(dAtA []byte) error

func (*DatabaseV3) XXX_DiscardUnknown 

func (m *DatabaseV3) XXX_DiscardUnknown()

func (*DatabaseV3) XXX_Marshal 

func (m *DatabaseV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseV3) XXX_Merge 

func (m *DatabaseV3) XXX_Merge(src proto.Message)

func (*DatabaseV3) XXX_Size 

func (m *DatabaseV3) XXX_Size() int

func (*DatabaseV3) XXX_Unmarshal 

func (m *DatabaseV3) XXX_Unmarshal(b []byte) error

type DatabaseV3List 

type DatabaseV3List struct {
	// Databases is a list of database resources.
	Databases            []*DatabaseV3 `protobuf:"bytes,1,rep,name=Databases,proto3" json:"Databases,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

DatabaseV3List represents a list of databases.

func (*DatabaseV3List) Descriptor 

func (*DatabaseV3List) Descriptor() ([]byte, []int)

func (*DatabaseV3List) Marshal 

func (m *DatabaseV3List) Marshal() (dAtA []byte, err error)

func (*DatabaseV3List) MarshalTo 

func (m *DatabaseV3List) MarshalTo(dAtA []byte) (int, error)

func (*DatabaseV3List) MarshalToSizedBuffer 

func (m *DatabaseV3List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DatabaseV3List) ProtoMessage 

func (*DatabaseV3List) ProtoMessage()

func (*DatabaseV3List) Reset 

func (m *DatabaseV3List) Reset()

func (*DatabaseV3List) Size 

func (m *DatabaseV3List) Size() (n int)

func (*DatabaseV3List) String 

func (m *DatabaseV3List) String() string

func (*DatabaseV3List) Unmarshal 

func (m *DatabaseV3List) Unmarshal(dAtA []byte) error

func (*DatabaseV3List) XXX_DiscardUnknown 

func (m *DatabaseV3List) XXX_DiscardUnknown()

func (*DatabaseV3List) XXX_Marshal 

func (m *DatabaseV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DatabaseV3List) XXX_Merge 

func (m *DatabaseV3List) XXX_Merge(src proto.Message)

func (*DatabaseV3List) XXX_Size 

func (m *DatabaseV3List) XXX_Size() int

func (*DatabaseV3List) XXX_Unmarshal 

func (m *DatabaseV3List) XXX_Unmarshal(b []byte) error

type Databases 

type Databases []Database

Databases is a list of database resources.

func (Databases) AsResources 

func (d Databases) AsResources() (resources ResourcesWithLabels)

AsResources returns these databases as resources with labels.

func (Databases) Len 

func (d Databases) Len() int

Len returns the slice length.

func (Databases) Less 

func (d Databases) Less(i, j int) bool

Less compares databases by name.

func (Databases) Swap 

func (d Databases) Swap(i, j int)

Swap swaps two databases.

func (Databases) ToMap 

func (d Databases) ToMap() map[string]Database

ToMap returns these databases as a map keyed by database name.

type DeleteAppSessionRequest 

type DeleteAppSessionRequest struct {
	SessionID string `json:"session_id"`
}

DeleteAppSessionRequest are the parameters used to request removal of an application web session.

type DeleteSnowflakeSessionRequest 

type DeleteSnowflakeSessionRequest struct {
	SessionID string `json:"session_id"`
}

DeleteSnowflakeSessionRequest are the parameters used to request removal of a Snowflake web session.

type DeleteWebSessionRequest 

type DeleteWebSessionRequest struct {
	// User specifies the user the session is bound to
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// SessionID specifies the web session ID to delete.
	SessionID            string   `protobuf:"bytes,2,opt,name=SessionID,proto3" json:"session_id"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DeleteWebSessionRequest describes a request to delete a web session

func (*DeleteWebSessionRequest) Check 

func (r *DeleteWebSessionRequest) Check() error

Check validates the request.

func (*DeleteWebSessionRequest) Descriptor 

func (*DeleteWebSessionRequest) Descriptor() ([]byte, []int)

func (*DeleteWebSessionRequest) Marshal 

func (m *DeleteWebSessionRequest) Marshal() (dAtA []byte, err error)

func (*DeleteWebSessionRequest) MarshalTo 

func (m *DeleteWebSessionRequest) MarshalTo(dAtA []byte) (int, error)

func (*DeleteWebSessionRequest) MarshalToSizedBuffer 

func (m *DeleteWebSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeleteWebSessionRequest) ProtoMessage 

func (*DeleteWebSessionRequest) ProtoMessage()

func (*DeleteWebSessionRequest) Reset 

func (m *DeleteWebSessionRequest) Reset()

func (*DeleteWebSessionRequest) Size 

func (m *DeleteWebSessionRequest) Size() (n int)

func (*DeleteWebSessionRequest) String 

func (m *DeleteWebSessionRequest) String() string

func (*DeleteWebSessionRequest) Unmarshal 

func (m *DeleteWebSessionRequest) Unmarshal(dAtA []byte) error

func (*DeleteWebSessionRequest) XXX_DiscardUnknown 

func (m *DeleteWebSessionRequest) XXX_DiscardUnknown()

func (*DeleteWebSessionRequest) XXX_Marshal 

func (m *DeleteWebSessionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeleteWebSessionRequest) XXX_Merge 

func (m *DeleteWebSessionRequest) XXX_Merge(src proto.Message)

func (*DeleteWebSessionRequest) XXX_Size 

func (m *DeleteWebSessionRequest) XXX_Size() int

func (*DeleteWebSessionRequest) XXX_Unmarshal 

func (m *DeleteWebSessionRequest) XXX_Unmarshal(b []byte) error

type DeleteWebTokenRequest 

type DeleteWebTokenRequest struct {
	// User specifies the user the token is for.
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// Token specifies the token to delete.
	Token                string   `protobuf:"bytes,2,opt,name=Token,proto3" json:"token"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DeleteWebTokenRequest describes a request to delete a web token

func (*DeleteWebTokenRequest) Check 

func (r *DeleteWebTokenRequest) Check() error

Check validates the request.

func (*DeleteWebTokenRequest) Descriptor 

func (*DeleteWebTokenRequest) Descriptor() ([]byte, []int)

func (*DeleteWebTokenRequest) Marshal 

func (m *DeleteWebTokenRequest) Marshal() (dAtA []byte, err error)

func (*DeleteWebTokenRequest) MarshalTo 

func (m *DeleteWebTokenRequest) MarshalTo(dAtA []byte) (int, error)

func (*DeleteWebTokenRequest) MarshalToSizedBuffer 

func (m *DeleteWebTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeleteWebTokenRequest) ProtoMessage 

func (*DeleteWebTokenRequest) ProtoMessage()

func (*DeleteWebTokenRequest) Reset 

func (m *DeleteWebTokenRequest) Reset()

func (*DeleteWebTokenRequest) Size 

func (m *DeleteWebTokenRequest) Size() (n int)

func (*DeleteWebTokenRequest) String 

func (m *DeleteWebTokenRequest) String() string

func (*DeleteWebTokenRequest) Unmarshal 

func (m *DeleteWebTokenRequest) Unmarshal(dAtA []byte) error

func (*DeleteWebTokenRequest) XXX_DiscardUnknown 

func (m *DeleteWebTokenRequest) XXX_DiscardUnknown()

func (*DeleteWebTokenRequest) XXX_Marshal 

func (m *DeleteWebTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeleteWebTokenRequest) XXX_Merge 

func (m *DeleteWebTokenRequest) XXX_Merge(src proto.Message)

func (*DeleteWebTokenRequest) XXX_Size 

func (m *DeleteWebTokenRequest) XXX_Size() int

func (*DeleteWebTokenRequest) XXX_Unmarshal 

func (m *DeleteWebTokenRequest) XXX_Unmarshal(b []byte) error

type DeviceCollectedData 

type DeviceCollectedData struct {
	CollectTime             *time.Time              `protobuf:"bytes,1,opt,name=collect_time,json=collectTime,proto3,stdtime" json:"collect_time"`
	RecordTime              *time.Time              `protobuf:"bytes,2,opt,name=record_time,json=recordTime,proto3,stdtime" json:"record_time"`
	OsType                  string                  `protobuf:"bytes,3,opt,name=os_type,json=osType,proto3" json:"os_type"`
	SerialNumber            string                  `protobuf:"bytes,4,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`
	ModelIdentifier         string                  `protobuf:"bytes,5,opt,name=model_identifier,json=modelIdentifier,proto3" json:"model_identifier,omitempty"`
	OsVersion               string                  `protobuf:"bytes,6,opt,name=os_version,json=osVersion,proto3" json:"os_version,omitempty"`
	OsBuild                 string                  `protobuf:"bytes,7,opt,name=os_build,json=osBuild,proto3" json:"os_build,omitempty"`
	OsUsername              string                  `protobuf:"bytes,8,opt,name=os_username,json=osUsername,proto3" json:"os_username,omitempty"`
	JamfBinaryVersion       string                  `protobuf:"bytes,9,opt,name=jamf_binary_version,json=jamfBinaryVersion,proto3" json:"jamf_binary_version,omitempty"`
	MacosEnrollmentProfiles string                  `` /* 133-byte string literal not displayed */
	ReportedAssetTag        string                  `protobuf:"bytes,11,opt,name=reported_asset_tag,json=reportedAssetTag,proto3" json:"reported_asset_tag,omitempty"`
	SystemSerialNumber      string                  `protobuf:"bytes,12,opt,name=system_serial_number,json=systemSerialNumber,proto3" json:"system_serial_number,omitempty"`
	BaseBoardSerialNumber   string                  `` /* 129-byte string literal not displayed */
	TpmPlatformAttestation  *TPMPlatformAttestation `` /* 130-byte string literal not displayed */
	OsId                    string                  `protobuf:"bytes,15,opt,name=os_id,json=osId,proto3" json:"os_id,omitempty"`
	XXX_NoUnkeyedLiteral    struct{}                `json:"-"`
	XXX_unrecognized        []byte                  `json:"-"`
	XXX_sizecache           int32                   `json:"-"`
}

DeviceCollectedData is the resource representation of teleport.devicetrust.v1.DeviceCollectedData.

func (*DeviceCollectedData) Descriptor 

func (*DeviceCollectedData) Descriptor() ([]byte, []int)

func (*DeviceCollectedData) Marshal 

func (m *DeviceCollectedData) Marshal() (dAtA []byte, err error)

func (*DeviceCollectedData) MarshalTo 

func (m *DeviceCollectedData) MarshalTo(dAtA []byte) (int, error)

func (*DeviceCollectedData) MarshalToSizedBuffer 

func (m *DeviceCollectedData) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeviceCollectedData) ProtoMessage 

func (*DeviceCollectedData) ProtoMessage()

func (*DeviceCollectedData) Reset 

func (m *DeviceCollectedData) Reset()

func (*DeviceCollectedData) Size 

func (m *DeviceCollectedData) Size() (n int)

func (*DeviceCollectedData) String 

func (m *DeviceCollectedData) String() string

func (*DeviceCollectedData) Unmarshal 

func (m *DeviceCollectedData) Unmarshal(dAtA []byte) error

func (*DeviceCollectedData) XXX_DiscardUnknown 

func (m *DeviceCollectedData) XXX_DiscardUnknown()

func (*DeviceCollectedData) XXX_Marshal 

func (m *DeviceCollectedData) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeviceCollectedData) XXX_Merge 

func (m *DeviceCollectedData) XXX_Merge(src proto.Message)

func (*DeviceCollectedData) XXX_Size 

func (m *DeviceCollectedData) XXX_Size() int

func (*DeviceCollectedData) XXX_Unmarshal 

func (m *DeviceCollectedData) XXX_Unmarshal(b []byte) error

type DeviceCredential 

type DeviceCredential struct {
	Id                    string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id"`
	PublicKeyDer          []byte   `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der,omitempty"`
	DeviceAttestationType string   `` /* 126-byte string literal not displayed */
	TpmEkcertSerial       string   `protobuf:"bytes,4,opt,name=tpm_ekcert_serial,json=tpmEkcertSerial,proto3" json:"tpm_ekcert_serial,omitempty"`
	TpmAkPublic           []byte   `protobuf:"bytes,5,opt,name=tpm_ak_public,json=tpmAkPublic,proto3" json:"tpm_ak_public,omitempty"`
	XXX_NoUnkeyedLiteral  struct{} `json:"-"`
	XXX_unrecognized      []byte   `json:"-"`
	XXX_sizecache         int32    `json:"-"`
}

DeviceCredential is the resource representation of teleport.devicetrust.v1.DeviceCredential.

func (*DeviceCredential) Descriptor 

func (*DeviceCredential) Descriptor() ([]byte, []int)

func (*DeviceCredential) Marshal 

func (m *DeviceCredential) Marshal() (dAtA []byte, err error)

func (*DeviceCredential) MarshalTo 

func (m *DeviceCredential) MarshalTo(dAtA []byte) (int, error)

func (*DeviceCredential) MarshalToSizedBuffer 

func (m *DeviceCredential) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeviceCredential) ProtoMessage 

func (*DeviceCredential) ProtoMessage()

func (*DeviceCredential) Reset 

func (m *DeviceCredential) Reset()

func (*DeviceCredential) Size 

func (m *DeviceCredential) Size() (n int)

func (*DeviceCredential) String 

func (m *DeviceCredential) String() string

func (*DeviceCredential) Unmarshal 

func (m *DeviceCredential) Unmarshal(dAtA []byte) error

func (*DeviceCredential) XXX_DiscardUnknown 

func (m *DeviceCredential) XXX_DiscardUnknown()

func (*DeviceCredential) XXX_Marshal 

func (m *DeviceCredential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeviceCredential) XXX_Merge 

func (m *DeviceCredential) XXX_Merge(src proto.Message)

func (*DeviceCredential) XXX_Size 

func (m *DeviceCredential) XXX_Size() int

func (*DeviceCredential) XXX_Unmarshal 

func (m *DeviceCredential) XXX_Unmarshal(b []byte) error

type DeviceProfile 

type DeviceProfile struct {
	UpdateTime           *time.Time `protobuf:"bytes,1,opt,name=update_time,json=updateTime,proto3,stdtime" json:"update_time,omitempty"`
	ModelIdentifier      string     `protobuf:"bytes,2,opt,name=model_identifier,json=modelIdentifier,proto3" json:"model_identifier,omitempty"`
	OsVersion            string     `protobuf:"bytes,3,opt,name=os_version,json=osVersion,proto3" json:"os_version,omitempty"`
	OsBuild              string     `protobuf:"bytes,4,opt,name=os_build,json=osBuild,proto3" json:"os_build,omitempty"`
	OsUsernames          []string   `protobuf:"bytes,5,rep,name=os_usernames,json=osUsernames,proto3" json:"os_usernames,omitempty"`
	JamfBinaryVersion    string     `protobuf:"bytes,6,opt,name=jamf_binary_version,json=jamfBinaryVersion,proto3" json:"jamf_binary_version,omitempty"`
	ExternalId           string     `protobuf:"bytes,7,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"`
	OsBuildSupplemental  string     `protobuf:"bytes,8,opt,name=os_build_supplemental,json=osBuildSupplemental,proto3" json:"os_build_supplemental,omitempty"`
	OsId                 string     `protobuf:"bytes,9,opt,name=os_id,json=osId,proto3" json:"os_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

DeviceProfile is the resource representation of teleport.devicetrust.v1.DeviceProfile.

func (*DeviceProfile) Descriptor 

func (*DeviceProfile) Descriptor() ([]byte, []int)

func (*DeviceProfile) Marshal 

func (m *DeviceProfile) Marshal() (dAtA []byte, err error)

func (*DeviceProfile) MarshalTo 

func (m *DeviceProfile) MarshalTo(dAtA []byte) (int, error)

func (*DeviceProfile) MarshalToSizedBuffer 

func (m *DeviceProfile) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeviceProfile) ProtoMessage 

func (*DeviceProfile) ProtoMessage()

func (*DeviceProfile) Reset 

func (m *DeviceProfile) Reset()

func (*DeviceProfile) Size 

func (m *DeviceProfile) Size() (n int)

func (*DeviceProfile) String 

func (m *DeviceProfile) String() string

func (*DeviceProfile) Unmarshal 

func (m *DeviceProfile) Unmarshal(dAtA []byte) error

func (*DeviceProfile) XXX_DiscardUnknown 

func (m *DeviceProfile) XXX_DiscardUnknown()

func (*DeviceProfile) XXX_Marshal 

func (m *DeviceProfile) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeviceProfile) XXX_Merge 

func (m *DeviceProfile) XXX_Merge(src proto.Message)

func (*DeviceProfile) XXX_Size 

func (m *DeviceProfile) XXX_Size() int

func (*DeviceProfile) XXX_Unmarshal 

func (m *DeviceProfile) XXX_Unmarshal(b []byte) error

type DeviceSource 

type DeviceSource struct {
	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name"`
	Origin               string   `protobuf:"bytes,2,opt,name=origin,proto3" json:"origin"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DeviceSource is the resource representation of teleport.devicetrust.v1.DeviceSource..

func (*DeviceSource) Descriptor 

func (*DeviceSource) Descriptor() ([]byte, []int)

func (*DeviceSource) Marshal 

func (m *DeviceSource) Marshal() (dAtA []byte, err error)

func (*DeviceSource) MarshalTo 

func (m *DeviceSource) MarshalTo(dAtA []byte) (int, error)

func (*DeviceSource) MarshalToSizedBuffer 

func (m *DeviceSource) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeviceSource) ProtoMessage 

func (*DeviceSource) ProtoMessage()

func (*DeviceSource) Reset 

func (m *DeviceSource) Reset()

func (*DeviceSource) Size 

func (m *DeviceSource) Size() (n int)

func (*DeviceSource) String 

func (m *DeviceSource) String() string

func (*DeviceSource) Unmarshal 

func (m *DeviceSource) Unmarshal(dAtA []byte) error

func (*DeviceSource) XXX_DiscardUnknown 

func (m *DeviceSource) XXX_DiscardUnknown()

func (*DeviceSource) XXX_Marshal 

func (m *DeviceSource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeviceSource) XXX_Merge 

func (m *DeviceSource) XXX_Merge(src proto.Message)

func (*DeviceSource) XXX_Size 

func (m *DeviceSource) XXX_Size() int

func (*DeviceSource) XXX_Unmarshal 

func (m *DeviceSource) XXX_Unmarshal(b []byte) error

type DeviceSpec 

type DeviceSpec struct {
	OsType               string                 `protobuf:"bytes,1,opt,name=os_type,json=osType,proto3" json:"os_type"`
	AssetTag             string                 `protobuf:"bytes,2,opt,name=asset_tag,json=assetTag,proto3" json:"asset_tag"`
	CreateTime           *time.Time             `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3,stdtime" json:"create_time"`
	UpdateTime           *time.Time             `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3,stdtime" json:"update_time"`
	EnrollStatus         string                 `protobuf:"bytes,5,opt,name=enroll_status,json=enrollStatus,proto3" json:"enroll_status"`
	Credential           *DeviceCredential      `protobuf:"bytes,6,opt,name=credential,proto3" json:"credential,omitempty"`
	CollectedData        []*DeviceCollectedData `protobuf:"bytes,7,rep,name=collected_data,json=collectedData,proto3" json:"collected_data,omitempty"`
	Source               *DeviceSource          `protobuf:"bytes,8,opt,name=source,proto3" json:"source,omitempty"`
	Profile              *DeviceProfile         `protobuf:"bytes,9,opt,name=profile,proto3" json:"profile,omitempty"`
	Owner                string                 `protobuf:"bytes,10,opt,name=owner,proto3" json:"owner,omitempty"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

DeviceSpec is a device specification. Roughly matches teleport.devicetrust.v1.Device, with some fields changed for better UX.

func (*DeviceSpec) Descriptor 

func (*DeviceSpec) Descriptor() ([]byte, []int)

func (*DeviceSpec) Marshal 

func (m *DeviceSpec) Marshal() (dAtA []byte, err error)

func (*DeviceSpec) MarshalTo 

func (m *DeviceSpec) MarshalTo(dAtA []byte) (int, error)

func (*DeviceSpec) MarshalToSizedBuffer 

func (m *DeviceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeviceSpec) ProtoMessage 

func (*DeviceSpec) ProtoMessage()

func (*DeviceSpec) Reset 

func (m *DeviceSpec) Reset()

func (*DeviceSpec) Size 

func (m *DeviceSpec) Size() (n int)

func (*DeviceSpec) String 

func (m *DeviceSpec) String() string

func (*DeviceSpec) Unmarshal 

func (m *DeviceSpec) Unmarshal(dAtA []byte) error

func (*DeviceSpec) XXX_DiscardUnknown 

func (m *DeviceSpec) XXX_DiscardUnknown()

func (*DeviceSpec) XXX_Marshal 

func (m *DeviceSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeviceSpec) XXX_Merge 

func (m *DeviceSpec) XXX_Merge(src proto.Message)

func (*DeviceSpec) XXX_Size 

func (m *DeviceSpec) XXX_Size() int

func (*DeviceSpec) XXX_Unmarshal 

func (m *DeviceSpec) XXX_Unmarshal(b []byte) error

type DeviceTrust 

type DeviceTrust struct {
	// Mode of verification for trusted devices.
	//
	// The following modes are supported:
	//
	//   - "off": disables both device authentication and authorization.
	//   - "optional": allows both device authentication and authorization, but
	//     doesn't enforce the presence of device extensions for sensitive
	//     endpoints.
	//   - "required": enforces the presence of device extensions for sensitive
	//     endpoints.
	//
	// Mode is always "off" for OSS.
	// Defaults to "optional" for Enterprise.
	Mode string `protobuf:"bytes,1,opt,name=Mode,proto3" json:"mode,omitempty"`
	// Enable device auto-enroll.
	// Auto-enroll lets any user issue a device enrollment token for a known
	// device that is not already enrolled.
	// `tsh` takes advantage of auto-enroll to automatically enroll devices on
	// user login, when appropriate.
	// The effective cluster Mode still applies: AutoEnroll=true is meaningless if
	// Mode="off".
	AutoEnroll bool `protobuf:"varint,2,opt,name=AutoEnroll,proto3" json:"auto_enroll,omitempty"`
	// Allow list of EKCert CAs in PEM format.
	// If present, only TPM devices that present an EKCert that is signed by a
	// CA specified here may be enrolled (existing enrollments are
	// unchanged).
	//
	// If not present, then the CA of TPM EKCerts will not be checked during
	// enrollment, this allows any device to enroll.
	EKCertAllowedCAs     []string `protobuf:"bytes,3,rep,name=EKCertAllowedCAs,proto3" json:"ekcert_allowed_cas,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DeviceTrust holds settings related to trusted device verification. Requires Teleport Enterprise.

func (*DeviceTrust) Descriptor 

func (*DeviceTrust) Descriptor() ([]byte, []int)

func (*DeviceTrust) Marshal 

func (m *DeviceTrust) Marshal() (dAtA []byte, err error)

func (*DeviceTrust) MarshalTo 

func (m *DeviceTrust) MarshalTo(dAtA []byte) (int, error)

func (*DeviceTrust) MarshalToSizedBuffer 

func (m *DeviceTrust) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeviceTrust) ProtoMessage 

func (*DeviceTrust) ProtoMessage()

func (*DeviceTrust) Reset 

func (m *DeviceTrust) Reset()

func (*DeviceTrust) Size 

func (m *DeviceTrust) Size() (n int)

func (*DeviceTrust) String 

func (m *DeviceTrust) String() string

func (*DeviceTrust) Unmarshal 

func (m *DeviceTrust) Unmarshal(dAtA []byte) error

func (*DeviceTrust) XXX_DiscardUnknown 

func (m *DeviceTrust) XXX_DiscardUnknown()

func (*DeviceTrust) XXX_Marshal 

func (m *DeviceTrust) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeviceTrust) XXX_Merge 

func (m *DeviceTrust) XXX_Merge(src proto.Message)

func (*DeviceTrust) XXX_Size 

func (m *DeviceTrust) XXX_Size() int

func (*DeviceTrust) XXX_Unmarshal 

func (m *DeviceTrust) XXX_Unmarshal(b []byte) error

type DeviceV1 

type DeviceV1 struct {
	// Header is the common resource header.
	//
	// - Kind is always "device".
	// - SubKind is unused.
	// - Version is equivalent to teleport.devicetrust.v1.Device.api_version.
	// - Metadata.Name is equivalent to teleport.devicetrust.v1.Device.Id.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Specification of the device.
	Spec                 *DeviceSpec `protobuf:"bytes,5,opt,name=spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

DeviceV1 is the resource representation of teleport.devicetrust.v1.Device.

func DeviceToResource 

func DeviceToResource(dev *devicepb.Device) *DeviceV1

DeviceToResource converts an API devicepb.Device to a resource DeviceV1 and assigns all default fields.

func (*DeviceV1) CheckAndSetDefaults 

func (d *DeviceV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks DeviceV1 fields to catch simple errors, and sets default values for all fields with defaults.

func (*DeviceV1) Descriptor 

func (*DeviceV1) Descriptor() ([]byte, []int)

func (*DeviceV1) Marshal 

func (m *DeviceV1) Marshal() (dAtA []byte, err error)

func (*DeviceV1) MarshalTo 

func (m *DeviceV1) MarshalTo(dAtA []byte) (int, error)

func (*DeviceV1) MarshalToSizedBuffer 

func (m *DeviceV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeviceV1) ProtoMessage 

func (*DeviceV1) ProtoMessage()

func (*DeviceV1) Reset 

func (m *DeviceV1) Reset()

func (*DeviceV1) Size 

func (m *DeviceV1) Size() (n int)

func (*DeviceV1) String 

func (m *DeviceV1) String() string

func (*DeviceV1) Unmarshal 

func (m *DeviceV1) Unmarshal(dAtA []byte) error

func (*DeviceV1) XXX_DiscardUnknown 

func (m *DeviceV1) XXX_DiscardUnknown()

func (*DeviceV1) XXX_Marshal 

func (m *DeviceV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeviceV1) XXX_Merge 

func (m *DeviceV1) XXX_Merge(src proto.Message)

func (*DeviceV1) XXX_Size 

func (m *DeviceV1) XXX_Size() int

func (*DeviceV1) XXX_Unmarshal 

func (m *DeviceV1) XXX_Unmarshal(b []byte) error

type DeviceWebToken 

type DeviceWebToken struct {
	// Opaque token identifier.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Opaque device web token, in plaintext, encoded in base64.RawURLEncoding
	// (so it is inherently safe for URl use).
	Token                string   `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Web-focused view of teleport.devicetrust.v1.DeviceWebToken.

func (*DeviceWebToken) Descriptor 

func (*DeviceWebToken) Descriptor() ([]byte, []int)

func (*DeviceWebToken) Marshal 

func (m *DeviceWebToken) Marshal() (dAtA []byte, err error)

func (*DeviceWebToken) MarshalTo 

func (m *DeviceWebToken) MarshalTo(dAtA []byte) (int, error)

func (*DeviceWebToken) MarshalToSizedBuffer 

func (m *DeviceWebToken) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DeviceWebToken) ProtoMessage 

func (*DeviceWebToken) ProtoMessage()

func (*DeviceWebToken) Reset 

func (m *DeviceWebToken) Reset()

func (*DeviceWebToken) Size 

func (m *DeviceWebToken) Size() (n int)

func (*DeviceWebToken) String 

func (m *DeviceWebToken) String() string

func (*DeviceWebToken) Unmarshal 

func (m *DeviceWebToken) Unmarshal(dAtA []byte) error

func (*DeviceWebToken) XXX_DiscardUnknown 

func (m *DeviceWebToken) XXX_DiscardUnknown()

func (*DeviceWebToken) XXX_Marshal 

func (m *DeviceWebToken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DeviceWebToken) XXX_Merge 

func (m *DeviceWebToken) XXX_Merge(src proto.Message)

func (*DeviceWebToken) XXX_Size 

func (m *DeviceWebToken) XXX_Size() int

func (*DeviceWebToken) XXX_Unmarshal 

func (m *DeviceWebToken) XXX_Unmarshal(b []byte) error

type DiscordChannels 

type DiscordChannels struct {
	ChannelIds           []string `protobuf:"bytes,1,rep,name=channel_ids,json=channelIds,proto3" json:"channel_ids,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Defines a set of discord channel IDs

func (*DiscordChannels) Descriptor 

func (*DiscordChannels) Descriptor() ([]byte, []int)

func (*DiscordChannels) Equal 

func (this *DiscordChannels) Equal(that interface{}) bool

func (*DiscordChannels) Marshal 

func (m *DiscordChannels) Marshal() (dAtA []byte, err error)

func (*DiscordChannels) MarshalTo 

func (m *DiscordChannels) MarshalTo(dAtA []byte) (int, error)

func (*DiscordChannels) MarshalToSizedBuffer 

func (m *DiscordChannels) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DiscordChannels) ProtoMessage 

func (*DiscordChannels) ProtoMessage()

func (*DiscordChannels) Reset 

func (m *DiscordChannels) Reset()

func (*DiscordChannels) Size 

func (m *DiscordChannels) Size() (n int)

func (*DiscordChannels) String 

func (m *DiscordChannels) String() string

func (*DiscordChannels) Unmarshal 

func (m *DiscordChannels) Unmarshal(dAtA []byte) error

func (*DiscordChannels) XXX_DiscardUnknown 

func (m *DiscordChannels) XXX_DiscardUnknown()

func (*DiscordChannels) XXX_Marshal 

func (m *DiscordChannels) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DiscordChannels) XXX_Merge 

func (m *DiscordChannels) XXX_Merge(src proto.Message)

func (*DiscordChannels) XXX_Size 

func (m *DiscordChannels) XXX_Size() int

func (*DiscordChannels) XXX_Unmarshal 

func (m *DiscordChannels) XXX_Unmarshal(b []byte) error

type DiscoveredEKSCluster 

type DiscoveredEKSCluster interface {
	// KubeCluster is base discovered cluster.
	KubeCluster
	// GetKubeCluster returns base cluster.
	GetKubeCluster() KubeCluster
	// GetIntegration returns integration name used when discovering this cluster.
	GetIntegration() string
	// GetKubeAppDiscovery returns setting showing if Kubernetes App Discovery show be enabled for the discovered cluster.
	GetKubeAppDiscovery() bool
}

DiscoveredEKSCluster represents a server discovered by EKS discovery fetchers.

type DocumentDB 

type DocumentDB struct {
	// ClusterID is the cluster identifier.
	ClusterID string `protobuf:"bytes,1,opt,name=ClusterID,proto3" json:"cluster_id,omitempty"`
	// InstanceID is the instance identifier.
	InstanceID string `protobuf:"bytes,2,opt,name=InstanceID,proto3" json:"instance_id,omitempty"`
	// EndpointType is the type of the endpoint.
	EndpointType         string   `protobuf:"bytes,3,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

DocumentDB contains AWS DocumentDB specific metadata.

func (*DocumentDB) Descriptor 

func (*DocumentDB) Descriptor() ([]byte, []int)

func (*DocumentDB) Marshal 

func (m *DocumentDB) Marshal() (dAtA []byte, err error)

func (*DocumentDB) MarshalTo 

func (m *DocumentDB) MarshalTo(dAtA []byte) (int, error)

func (*DocumentDB) MarshalToSizedBuffer 

func (m *DocumentDB) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DocumentDB) ProtoMessage 

func (*DocumentDB) ProtoMessage()

func (*DocumentDB) Reset 

func (m *DocumentDB) Reset()

func (*DocumentDB) Size 

func (m *DocumentDB) Size() (n int)

func (*DocumentDB) String 

func (m *DocumentDB) String() string

func (*DocumentDB) Unmarshal 

func (m *DocumentDB) Unmarshal(dAtA []byte) error

func (*DocumentDB) XXX_DiscardUnknown 

func (m *DocumentDB) XXX_DiscardUnknown()

func (*DocumentDB) XXX_Marshal 

func (m *DocumentDB) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DocumentDB) XXX_Merge 

func (m *DocumentDB) XXX_Merge(src proto.Message)

func (*DocumentDB) XXX_Size 

func (m *DocumentDB) XXX_Size() int

func (*DocumentDB) XXX_Unmarshal 

func (m *DocumentDB) XXX_Unmarshal(b []byte) error

type Duration 

type Duration time.Duration

Duration is a wrapper around duration to set up custom marshal/unmarshal

func MaxDuration 

func MaxDuration() Duration

MaxDuration returns the maximum duration value

func NewDuration 

func NewDuration(d time.Duration) Duration

NewDuration converts the given time.Duration value to a duration

func (Duration) Duration 

func (d Duration) Duration() time.Duration

Duration returns time.Duration from Duration typex

func (Duration) MarshalJSON 

func (d Duration) MarshalJSON() ([]byte, error)

MarshalJSON marshals Duration to string

func (Duration) MarshalYAML 

func (d Duration) MarshalYAML() (interface{}, error)

MarshalYAML marshals duration into YAML value, encodes it as a string in format "1m"

func (*Duration) UnmarshalJSON 

func (d *Duration) UnmarshalJSON(data []byte) error

UnmarshalJSON interprets the given bytes as a Duration value

func (*Duration) UnmarshalYAML 

func (d *Duration) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML unmarshals duration from YAML value.

func (Duration) Value 

func (d Duration) Value() time.Duration

Value returns time.Duration value of this wrapper

type DynamicWindowsDesktop 

type DynamicWindowsDesktop interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetAddr returns the network address of this host.
	GetAddr() string
	// GetDomain returns the ActiveDirectory domain of this host.
	GetDomain() string
	// NonAD checks whether this is a standalone host that
	// is not joined to an Active Directory domain.
	NonAD() bool
	// GetScreenSize returns the desired size of the screen to use for sessions
	// to this host. Returns (0, 0) if no screen size is set, which means to
	// use the size passed by the client over TDP.
	GetScreenSize() (width, height uint32)
	// Copy returns a copy of this dynamic Windows desktop
	Copy() DynamicWindowsDesktop
}

DynamicWindowsDesktop represents a Windows desktop host that is automatically discovered by Windows Desktop Service.

type DynamicWindowsDesktopSpecV1 

type DynamicWindowsDesktopSpecV1 struct {
	// Addr is the address that this host can be reached at.
	Addr string `protobuf:"bytes,1,opt,name=Addr,proto3" json:"addr"`
	// Domain is the ActiveDirectory domain that this host belongs to.
	Domain string `protobuf:"bytes,2,opt,name=Domain,proto3" json:"domain"`
	// NonAD marks this desktop as a standalone host that is
	// not joined to an Active Directory domain.
	NonAD bool `protobuf:"varint,4,opt,name=NonAD,proto3" json:"non_ad"`
	// ScreenSize specifies the size of the screen to use for sessions
	// on this host. In most cases this should be unspecified, in which
	// case Teleport will fill the browser window.
	ScreenSize           *Resolution `protobuf:"bytes,5,opt,name=ScreenSize,proto3" json:"screen_size,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

DynamicWindowsDesktopSpecV1 is the dynamic windows host spec.

func (*DynamicWindowsDesktopSpecV1) Descriptor 

func (*DynamicWindowsDesktopSpecV1) Descriptor() ([]byte, []int)

func (*DynamicWindowsDesktopSpecV1) Marshal 

func (m *DynamicWindowsDesktopSpecV1) Marshal() (dAtA []byte, err error)

func (*DynamicWindowsDesktopSpecV1) MarshalTo 

func (m *DynamicWindowsDesktopSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*DynamicWindowsDesktopSpecV1) MarshalToSizedBuffer 

func (m *DynamicWindowsDesktopSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DynamicWindowsDesktopSpecV1) ProtoMessage 

func (*DynamicWindowsDesktopSpecV1) ProtoMessage()

func (*DynamicWindowsDesktopSpecV1) Reset 

func (m *DynamicWindowsDesktopSpecV1) Reset()

func (*DynamicWindowsDesktopSpecV1) Size 

func (m *DynamicWindowsDesktopSpecV1) Size() (n int)

func (*DynamicWindowsDesktopSpecV1) String 

func (m *DynamicWindowsDesktopSpecV1) String() string

func (*DynamicWindowsDesktopSpecV1) Unmarshal 

func (m *DynamicWindowsDesktopSpecV1) Unmarshal(dAtA []byte) error

func (*DynamicWindowsDesktopSpecV1) XXX_DiscardUnknown 

func (m *DynamicWindowsDesktopSpecV1) XXX_DiscardUnknown()

func (*DynamicWindowsDesktopSpecV1) XXX_Marshal 

func (m *DynamicWindowsDesktopSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DynamicWindowsDesktopSpecV1) XXX_Merge 

func (m *DynamicWindowsDesktopSpecV1) XXX_Merge(src proto.Message)

func (*DynamicWindowsDesktopSpecV1) XXX_Size 

func (m *DynamicWindowsDesktopSpecV1) XXX_Size() int

func (*DynamicWindowsDesktopSpecV1) XXX_Unmarshal 

func (m *DynamicWindowsDesktopSpecV1) XXX_Unmarshal(b []byte) error

type DynamicWindowsDesktopV1 

type DynamicWindowsDesktopV1 struct {
	// Header is the common resource header.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the DynamicWindows host spec.
	Spec                 DynamicWindowsDesktopSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                    `json:"-"`
	XXX_unrecognized     []byte                      `json:"-"`
	XXX_sizecache        int32                       `json:"-"`
}

DynamicWindowsDesktopV1 represents a dynamic windows host for desktop access.

func NewDynamicWindowsDesktopV1 

func NewDynamicWindowsDesktopV1(name string, labels map[string]string, spec DynamicWindowsDesktopSpecV1) (*DynamicWindowsDesktopV1, error)

NewDynamicWindowsDesktopV1 creates a new DynamicWindowsDesktopV1 resource.

func (*DynamicWindowsDesktopV1) CheckAndSetDefaults 

func (d *DynamicWindowsDesktopV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*DynamicWindowsDesktopV1) Copy 

func (d *DynamicWindowsDesktopV1) Copy() DynamicWindowsDesktop

Copy returns a deep copy of this dynamic Windows desktop object.

func (*DynamicWindowsDesktopV1) Descriptor 

func (*DynamicWindowsDesktopV1) Descriptor() ([]byte, []int)

func (*DynamicWindowsDesktopV1) GetAddr 

func (d *DynamicWindowsDesktopV1) GetAddr() string

GetAddr returns the network address of this host.

func (*DynamicWindowsDesktopV1) GetDomain 

func (d *DynamicWindowsDesktopV1) GetDomain() string

GetDomain returns the Active Directory domain of this host.

func (*DynamicWindowsDesktopV1) GetScreenSize 

func (d *DynamicWindowsDesktopV1) GetScreenSize() (width, height uint32)

func (*DynamicWindowsDesktopV1) IsEqual 

func (d *DynamicWindowsDesktopV1) IsEqual(i DynamicWindowsDesktop) bool

IsEqual determines if two dynamic Windows desktop resources are equivalent to one another.

func (*DynamicWindowsDesktopV1) Marshal 

func (m *DynamicWindowsDesktopV1) Marshal() (dAtA []byte, err error)

func (*DynamicWindowsDesktopV1) MarshalTo 

func (m *DynamicWindowsDesktopV1) MarshalTo(dAtA []byte) (int, error)

func (*DynamicWindowsDesktopV1) MarshalToSizedBuffer 

func (m *DynamicWindowsDesktopV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DynamicWindowsDesktopV1) MatchSearch 

func (d *DynamicWindowsDesktopV1) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*DynamicWindowsDesktopV1) NonAD 

func (d *DynamicWindowsDesktopV1) NonAD() bool

NonAD checks whether host is part of Active Directory

func (*DynamicWindowsDesktopV1) ProtoMessage 

func (*DynamicWindowsDesktopV1) ProtoMessage()

func (*DynamicWindowsDesktopV1) Reset 

func (m *DynamicWindowsDesktopV1) Reset()

func (*DynamicWindowsDesktopV1) Size 

func (m *DynamicWindowsDesktopV1) Size() (n int)

func (*DynamicWindowsDesktopV1) String 

func (m *DynamicWindowsDesktopV1) String() string

func (*DynamicWindowsDesktopV1) Unmarshal 

func (m *DynamicWindowsDesktopV1) Unmarshal(dAtA []byte) error

func (*DynamicWindowsDesktopV1) XXX_DiscardUnknown 

func (m *DynamicWindowsDesktopV1) XXX_DiscardUnknown()

func (*DynamicWindowsDesktopV1) XXX_Marshal 

func (m *DynamicWindowsDesktopV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DynamicWindowsDesktopV1) XXX_Merge 

func (m *DynamicWindowsDesktopV1) XXX_Merge(src proto.Message)

func (*DynamicWindowsDesktopV1) XXX_Size 

func (m *DynamicWindowsDesktopV1) XXX_Size() int

func (*DynamicWindowsDesktopV1) XXX_Unmarshal 

func (m *DynamicWindowsDesktopV1) XXX_Unmarshal(b []byte) error

type DynamicWindowsDesktops 

type DynamicWindowsDesktops []DynamicWindowsDesktop

DynamicWindowsDesktops represents a list of Windows desktops.

func (DynamicWindowsDesktops) AsResources 

func (s DynamicWindowsDesktops) AsResources() []ResourceWithLabels

AsResources returns dynamic windows desktops as type resources with labels.

func (DynamicWindowsDesktops) GetFieldVals 

func (s DynamicWindowsDesktops) GetFieldVals(field string) ([]string, error)

GetFieldVals returns list of select field values.

func (DynamicWindowsDesktops) Len 

func (s DynamicWindowsDesktops) Len() int

Len returns the slice length.

func (DynamicWindowsDesktops) Less 

func (s DynamicWindowsDesktops) Less(i, j int) bool

Less compares desktops by name and host ID.

func (DynamicWindowsDesktops) SortByCustom 

func (s DynamicWindowsDesktops) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (DynamicWindowsDesktops) Swap 

func (s DynamicWindowsDesktops) Swap(i, j int)

Swap swaps two windows desktops.

type ElastiCache 

type ElastiCache struct {
	// ReplicationGroupID is the Redis replication group ID.
	ReplicationGroupID string `protobuf:"bytes,1,opt,name=ReplicationGroupID,proto3" json:"replication_group_id,omitempty"`
	// UserGroupIDs is a list of user group IDs.
	UserGroupIDs []string `protobuf:"bytes,2,rep,name=UserGroupIDs,proto3" json:"user_group_ids,omitempty"`
	// TransitEncryptionEnabled indicates whether in-transit encryption (TLS) is enabled.
	TransitEncryptionEnabled bool `protobuf:"varint,3,opt,name=TransitEncryptionEnabled,proto3" json:"transit_encryption_enabled,omitempty"`
	// EndpointType is the type of the endpoint.
	EndpointType         string   `protobuf:"bytes,4,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ElastiCache contains AWS ElastiCache Redis specific metadata.

func (*ElastiCache) Descriptor 

func (*ElastiCache) Descriptor() ([]byte, []int)

func (*ElastiCache) Marshal 

func (m *ElastiCache) Marshal() (dAtA []byte, err error)

func (*ElastiCache) MarshalTo 

func (m *ElastiCache) MarshalTo(dAtA []byte) (int, error)

func (*ElastiCache) MarshalToSizedBuffer 

func (m *ElastiCache) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ElastiCache) ProtoMessage 

func (*ElastiCache) ProtoMessage()

func (*ElastiCache) Reset 

func (m *ElastiCache) Reset()

func (*ElastiCache) Size 

func (m *ElastiCache) Size() (n int)

func (*ElastiCache) String 

func (m *ElastiCache) String() string

func (*ElastiCache) Unmarshal 

func (m *ElastiCache) Unmarshal(dAtA []byte) error

func (*ElastiCache) XXX_DiscardUnknown 

func (m *ElastiCache) XXX_DiscardUnknown()

func (*ElastiCache) XXX_Marshal 

func (m *ElastiCache) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ElastiCache) XXX_Merge 

func (m *ElastiCache) XXX_Merge(src proto.Message)

func (*ElastiCache) XXX_Size 

func (m *ElastiCache) XXX_Size() int

func (*ElastiCache) XXX_Unmarshal 

func (m *ElastiCache) XXX_Unmarshal(b []byte) error

type EncryptionKeyPair 

type EncryptionKeyPair struct {
	// PublicKey is a PEM encoded public key.
	PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// PrivateKey is a PEM encoded private key.
	PrivateKey []byte `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
	// PrivateKeyType is the type of the PrivateKey.
	PrivateKeyType PrivateKeyType `` /* 132-byte string literal not displayed */
	// Hash function used during OAEP encryption/decryption. It maps directly to the possible
	// values of [crypto.Hash] in the go crypto package.
	Hash                 uint32   `protobuf:"varint,4,opt,name=hash,proto3" json:"hash,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

EncryptionKeyPair is a PEM encoded keypair used for encrypting and decrypting data.

func (*EncryptionKeyPair) Descriptor 

func (*EncryptionKeyPair) Descriptor() ([]byte, []int)

func (EncryptionKeyPair) EncryptOAEP 

func (k EncryptionKeyPair) EncryptOAEP(plaintext []byte) ([]byte, error)

EncryptOAEP encrypts data using OAEP with the public key and hash present in the EncryptionKey receiver.

func (*EncryptionKeyPair) Marshal 

func (m *EncryptionKeyPair) Marshal() (dAtA []byte, err error)

func (*EncryptionKeyPair) MarshalTo 

func (m *EncryptionKeyPair) MarshalTo(dAtA []byte) (int, error)

func (*EncryptionKeyPair) MarshalToSizedBuffer 

func (m *EncryptionKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*EncryptionKeyPair) ProtoMessage 

func (*EncryptionKeyPair) ProtoMessage()

func (*EncryptionKeyPair) Reset 

func (m *EncryptionKeyPair) Reset()

func (*EncryptionKeyPair) Size 

func (m *EncryptionKeyPair) Size() (n int)

func (*EncryptionKeyPair) String 

func (m *EncryptionKeyPair) String() string

func (*EncryptionKeyPair) Unmarshal 

func (m *EncryptionKeyPair) Unmarshal(dAtA []byte) error

func (*EncryptionKeyPair) XXX_DiscardUnknown 

func (m *EncryptionKeyPair) XXX_DiscardUnknown()

func (*EncryptionKeyPair) XXX_Marshal 

func (m *EncryptionKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptionKeyPair) XXX_Merge 

func (m *EncryptionKeyPair) XXX_Merge(src proto.Message)

func (*EncryptionKeyPair) XXX_Size 

func (m *EncryptionKeyPair) XXX_Size() int

func (*EncryptionKeyPair) XXX_Unmarshal 

func (m *EncryptionKeyPair) XXX_Unmarshal(b []byte) error

type EnrichedResource 

type EnrichedResource struct {
	// ResourceWithLabels is the underlying resource.
	ResourceWithLabels
	// Logins that the user is allowed to access the above resource with.
	Logins []string
	// RequiresRequest is true if a resource is being returned to the user but requires
	// an access request to access. This is done during `ListUnifiedResources` when
	// searchAsRoles is true
	RequiresRequest bool
}

EnrichedResource is a ResourceWithLabels wrapped with additional user-specific information.

type EnrichedResources 

type EnrichedResources []*EnrichedResource

EnrichedResources is a wrapper of []*EnrichedResource. A EnrichedResource is a ResourceWithLabels wrapped with additional user-specific information.

func (EnrichedResources) ToResourcesWithLabels 

func (r EnrichedResources) ToResourcesWithLabels() ResourcesWithLabels

ToResourcesWithLabels converts to ResourcesWithLabels.

type EntitlementInfo 

type EntitlementInfo struct {
	// Enabled indicates the feature is 'on' if true; feature is disabled if false
	Enabled Bool
	// Limit indicates the allotted amount of use when limited; if 0 use is unlimited
	Limit int32
}

EntitlementInfo is the state and limits of a particular entitlement; Example for feature X: { Enabled: true, Limit: 0 } => unlimited access to feature X { Enabled: true, Limit: >0 } => limited access to feature X { Enabled: false, Limit: >=0 } => no access to feature X

type EntraIDCredentialsSource 

type EntraIDCredentialsSource int32

EntraIDCredentialsSource defines the credentials source for Entra ID. 

const (
	// ENTRAID_CREDENTIALS_SOURCE_UNKNOWN is used when the credentials source is not specified.
	// Due to legacy reasons, UNKNOWN is handled as OIDC.
	EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_UNKNOWN EntraIDCredentialsSource = 0
	// ENTRAID_CREDENTIALS_SOURCE_OIDC indicates that the plugin will authenticate with Azure/Entra ID using OIDC.
	EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_OIDC EntraIDCredentialsSource = 1
	// ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS means the plugin will rely on system-provided credentials
	// for authentication with Azure Entra ID, especially for clusters with no internet access.
	EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS EntraIDCredentialsSource = 2
)

func (EntraIDCredentialsSource) EnumDescriptor 

func (EntraIDCredentialsSource) EnumDescriptor() ([]byte, []int)

func (EntraIDCredentialsSource) String 

func (x EntraIDCredentialsSource) String() string

type Event 

type Event struct {
	// Type is the event type
	Type OpType
	// Resource is a modified or deleted resource
	// in case of deleted resources, only resource header
	// will be provided
	Resource Resource
}

Event represents an event that happened in the backend

func (Event) String 

func (r Event) String() string

String returns text description of this event

type EventOrder 

type EventOrder int

EventOrder is an ordering of events, either ascending or descending.

type Events 

type Events interface {
	// NewWatcher returns a new event watcher
	NewWatcher(ctx context.Context, watch Watch) (Watcher, error)
}

Events returns new events interface

type ExternalIdentity 

type ExternalIdentity struct {
	// ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
	ConnectorID string `protobuf:"bytes,1,opt,name=ConnectorID,proto3" json:"connector_id,omitempty"`
	// Username is username supplied by external identity provider
	Username string `protobuf:"bytes,2,opt,name=Username,proto3" json:"username,omitempty"`
	// SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
	SAMLSingleLogoutURL string `protobuf:"bytes,3,opt,name=SAMLSingleLogoutURL,proto3" json:"samlSingleLogoutUrl,omitempty"`
	// UserID is the ID of the identity. Some connectors like GitHub have an
	// unique ID apart from the username.
	UserID               string   `protobuf:"bytes,4,opt,name=UserID,proto3" json:"user_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ExternalIdentity is OpenID Connect/SAML or Github identity that is linked to particular user and connector and lets user to log in using external credentials, e.g. google

func (*ExternalIdentity) Check 

func (i *ExternalIdentity) Check() error

Check returns nil if all parameters are great, err otherwise

func (*ExternalIdentity) Descriptor 

func (*ExternalIdentity) Descriptor() ([]byte, []int)

func (*ExternalIdentity) Marshal 

func (m *ExternalIdentity) Marshal() (dAtA []byte, err error)

func (*ExternalIdentity) MarshalTo 

func (m *ExternalIdentity) MarshalTo(dAtA []byte) (int, error)

func (*ExternalIdentity) MarshalToSizedBuffer 

func (m *ExternalIdentity) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ExternalIdentity) ProtoMessage 

func (*ExternalIdentity) ProtoMessage()

func (*ExternalIdentity) Reset 

func (m *ExternalIdentity) Reset()

func (*ExternalIdentity) Size 

func (m *ExternalIdentity) Size() (n int)

func (*ExternalIdentity) String 

func (i *ExternalIdentity) String() string

String returns debug friendly representation of this identity

func (*ExternalIdentity) Unmarshal 

func (m *ExternalIdentity) Unmarshal(dAtA []byte) error

func (*ExternalIdentity) XXX_DiscardUnknown 

func (m *ExternalIdentity) XXX_DiscardUnknown()

func (*ExternalIdentity) XXX_Marshal 

func (m *ExternalIdentity) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExternalIdentity) XXX_Merge 

func (m *ExternalIdentity) XXX_Merge(src proto.Message)

func (*ExternalIdentity) XXX_Size 

func (m *ExternalIdentity) XXX_Size() int

func (*ExternalIdentity) XXX_Unmarshal 

func (m *ExternalIdentity) XXX_Unmarshal(b []byte) error

type FeatureSource 

type FeatureSource string

FeatureSource defines where the list of features enabled by the license is. 

const (
	FeatureSourceLicense FeatureSource = "license"
	FeatureSourceCloud   FeatureSource = "cloud"
)

type GCPCloudSQL 

type GCPCloudSQL struct {
	// ProjectID is the GCP project ID the Cloud SQL instance resides in.
	ProjectID string `protobuf:"bytes,1,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
	// InstanceID is the Cloud SQL instance ID.
	InstanceID           string   `protobuf:"bytes,2,opt,name=InstanceID,proto3" json:"instance_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GCPCloudSQL contains parameters specific to GCP Cloud SQL databases.

func (*GCPCloudSQL) Descriptor 

func (*GCPCloudSQL) Descriptor() ([]byte, []int)

func (GCPCloudSQL) GetServerName 

func (gcp GCPCloudSQL) GetServerName() string

GetServerName returns the GCP database project and instance as "<project-id>:<instance-id>".

func (GCPCloudSQL) IsEmpty 

func (g GCPCloudSQL) IsEmpty() bool

IsEmpty returns true if GCP metadata is empty.

func (*GCPCloudSQL) Marshal 

func (m *GCPCloudSQL) Marshal() (dAtA []byte, err error)

func (*GCPCloudSQL) MarshalTo 

func (m *GCPCloudSQL) MarshalTo(dAtA []byte) (int, error)

func (*GCPCloudSQL) MarshalToSizedBuffer 

func (m *GCPCloudSQL) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GCPCloudSQL) ProtoMessage 

func (*GCPCloudSQL) ProtoMessage()

func (*GCPCloudSQL) Reset 

func (m *GCPCloudSQL) Reset()

func (*GCPCloudSQL) Size 

func (m *GCPCloudSQL) Size() (n int)

func (*GCPCloudSQL) String 

func (m *GCPCloudSQL) String() string

func (*GCPCloudSQL) Unmarshal 

func (m *GCPCloudSQL) Unmarshal(dAtA []byte) error

func (*GCPCloudSQL) XXX_DiscardUnknown 

func (m *GCPCloudSQL) XXX_DiscardUnknown()

func (*GCPCloudSQL) XXX_Marshal 

func (m *GCPCloudSQL) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GCPCloudSQL) XXX_Merge 

func (m *GCPCloudSQL) XXX_Merge(src proto.Message)

func (*GCPCloudSQL) XXX_Size 

func (m *GCPCloudSQL) XXX_Size() int

func (*GCPCloudSQL) XXX_Unmarshal 

func (m *GCPCloudSQL) XXX_Unmarshal(b []byte) error

type GCPMatcher 

type GCPMatcher struct {
	// Types are GKE resource types to match: "gke", "vm".
	Types []string `protobuf:"bytes,1,rep,name=Types,proto3" json:"types,omitempty"`
	// Locations are GKE locations to search resources for.
	Locations []string `protobuf:"bytes,2,rep,name=Locations,proto3" json:"locations,omitempty"`
	// Tags is obsolete and only exists for backwards compatibility. Use Labels instead.
	Tags Labels `protobuf:"bytes,3,opt,name=Tags,proto3,customtype=Labels" json:"tags,omitempty"`
	// ProjectIDs are the GCP project ID where the resources are deployed.
	ProjectIDs []string `protobuf:"bytes,4,rep,name=ProjectIDs,proto3" json:"project_ids,omitempty"`
	// ServiceAccounts are the emails of service accounts attached to VMs.
	ServiceAccounts []string `protobuf:"bytes,5,rep,name=ServiceAccounts,proto3" json:"service_accounts,omitempty"`
	// Params sets the join method when installing on
	// discovered GCP nodes.
	Params *InstallerParams `protobuf:"bytes,6,opt,name=Params,proto3" json:"install_params,omitempty"`
	// Labels are GCP labels to match.
	Labels               Labels   `protobuf:"bytes,7,opt,name=Labels,proto3,customtype=Labels" json:"labels,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GCPMatcher matches GCP resources.

func (*GCPMatcher) CheckAndSetDefaults 

func (m *GCPMatcher) CheckAndSetDefaults() error

CheckAndSetDefaults that the matcher is correct and adds default values.

func (GCPMatcher) CopyWithTypes 

func (m GCPMatcher) CopyWithTypes(t []string) Matcher

CopyWithTypes copies the matcher with new types.

func (*GCPMatcher) Descriptor 

func (*GCPMatcher) Descriptor() ([]byte, []int)

func (GCPMatcher) GetLabels 

func (m GCPMatcher) GetLabels() Labels

GetLabels gets the matcher's labels.

func (GCPMatcher) GetTypes 

func (m GCPMatcher) GetTypes() []string

GetTypes gets the types that the matcher can match.

func (*GCPMatcher) Marshal 

func (m *GCPMatcher) Marshal() (dAtA []byte, err error)

func (*GCPMatcher) MarshalTo 

func (m *GCPMatcher) MarshalTo(dAtA []byte) (int, error)

func (*GCPMatcher) MarshalToSizedBuffer 

func (m *GCPMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GCPMatcher) ProtoMessage 

func (*GCPMatcher) ProtoMessage()

func (*GCPMatcher) Reset 

func (m *GCPMatcher) Reset()

func (*GCPMatcher) Size 

func (m *GCPMatcher) Size() (n int)

func (*GCPMatcher) String 

func (m *GCPMatcher) String() string

func (*GCPMatcher) Unmarshal 

func (m *GCPMatcher) Unmarshal(dAtA []byte) error

func (*GCPMatcher) XXX_DiscardUnknown 

func (m *GCPMatcher) XXX_DiscardUnknown()

func (*GCPMatcher) XXX_Marshal 

func (m *GCPMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GCPMatcher) XXX_Merge 

func (m *GCPMatcher) XXX_Merge(src proto.Message)

func (*GCPMatcher) XXX_Size 

func (m *GCPMatcher) XXX_Size() int

func (*GCPMatcher) XXX_Unmarshal 

func (m *GCPMatcher) XXX_Unmarshal(b []byte) error

type GenerateAppTokenRequest 

type GenerateAppTokenRequest struct {
	// Username is the Teleport identity.
	Username string

	// Roles are the roles assigned to the user within Teleport.
	Roles []string

	// Traits are the traits assigned to the user within Teleport.
	Traits wrappers.Traits

	// Expiry is time to live for the token.
	Expires time.Time

	// URI is the URI of the recipient application.
	URI string
}

GenerateAppTokenRequest are the parameters used to generate an application token.

func (*GenerateAppTokenRequest) Check 

func (p *GenerateAppTokenRequest) Check() error

Check validates the request.

type GenerateSnowflakeJWT 

type GenerateSnowflakeJWT struct {
	// Username is the Teleport identity.
	Username string
	// Account is the Snowflake account name.
	Account string
}

GenerateSnowflakeJWT are the parameters used to generate a Snowflake JWT.

func (*GenerateSnowflakeJWT) Check 

func (p *GenerateSnowflakeJWT) Check() error

Check validates the request.

type GetAppSessionRequest 

type GetAppSessionRequest struct {
	// SessionID is the session ID of the application session itself.
	SessionID string
}

GetAppSessionRequest contains the parameters to request an application web session.

func (*GetAppSessionRequest) Check 

func (r *GetAppSessionRequest) Check() error

Check validates the request.

type GetClusterAlertsRequest 

type GetClusterAlertsRequest struct {
	// Severity is an optional minimum severity.
	Severity AlertSeverity `protobuf:"varint,1,opt,name=Severity,proto3,enum=types.AlertSeverity" json:"Severity,omitempty"`
	// AlertID optionally specifies the ID of the alert being requested.
	AlertID string `protobuf:"bytes,2,opt,name=AlertID,proto3" json:"AlertID,omitempty"`
	// Labels is an optional label selector.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// WithSuperseded includes superseded alerts in the output of the request.
	WithSuperseded bool `protobuf:"varint,4,opt,name=WithSuperseded,proto3" json:"WithSuperseded,omitempty"`
	// WithAcknowledged includes acknowledged alerts in the output of the request.
	WithAcknowledged bool `protobuf:"varint,5,opt,name=WithAcknowledged,proto3" json:"WithAcknowledged,omitempty"`
	// WithUntargeted requests that alerts be included even if they are not specifically
	// targeted toward the caller. This has no effect unless the caller has `cluster_alert:list`.
	WithUntargeted       bool     `protobuf:"varint,6,opt,name=WithUntargeted,proto3" json:"WithUntargeted,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GetClusterAlertsRequest matches cluster alerts.

func (*GetClusterAlertsRequest) Descriptor 

func (*GetClusterAlertsRequest) Descriptor() ([]byte, []int)

func (*GetClusterAlertsRequest) Marshal 

func (m *GetClusterAlertsRequest) Marshal() (dAtA []byte, err error)

func (*GetClusterAlertsRequest) MarshalTo 

func (m *GetClusterAlertsRequest) MarshalTo(dAtA []byte) (int, error)

func (*GetClusterAlertsRequest) MarshalToSizedBuffer 

func (m *GetClusterAlertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GetClusterAlertsRequest) Match 

func (r *GetClusterAlertsRequest) Match(alert ClusterAlert) bool

Match checks if the given cluster alert matches this query.

func (*GetClusterAlertsRequest) ProtoMessage 

func (*GetClusterAlertsRequest) ProtoMessage()

func (*GetClusterAlertsRequest) Reset 

func (m *GetClusterAlertsRequest) Reset()

func (*GetClusterAlertsRequest) Size 

func (m *GetClusterAlertsRequest) Size() (n int)

func (*GetClusterAlertsRequest) String 

func (m *GetClusterAlertsRequest) String() string

func (*GetClusterAlertsRequest) Unmarshal 

func (m *GetClusterAlertsRequest) Unmarshal(dAtA []byte) error

func (*GetClusterAlertsRequest) XXX_DiscardUnknown 

func (m *GetClusterAlertsRequest) XXX_DiscardUnknown()

func (*GetClusterAlertsRequest) XXX_Marshal 

func (m *GetClusterAlertsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GetClusterAlertsRequest) XXX_Merge 

func (m *GetClusterAlertsRequest) XXX_Merge(src proto.Message)

func (*GetClusterAlertsRequest) XXX_Size 

func (m *GetClusterAlertsRequest) XXX_Size() int

func (*GetClusterAlertsRequest) XXX_Unmarshal 

func (m *GetClusterAlertsRequest) XXX_Unmarshal(b []byte) error

type GetSnowflakeSessionRequest 

type GetSnowflakeSessionRequest struct {
	// SessionID is the session ID of the Snowflake session itself.
	SessionID string
}

GetSnowflakeSessionRequest contains the parameters to request a Snowflake web session.

func (*GetSnowflakeSessionRequest) Check 

func (r *GetSnowflakeSessionRequest) Check() error

Check validates the request.

type GetWebSessionRequest 

type GetWebSessionRequest struct {
	// User specifies the user the web session is for.
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// SessionID specifies the web session ID.
	SessionID            string   `protobuf:"bytes,2,opt,name=SessionID,proto3" json:"session_id"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GetWebSessionRequest describes a request to query a web session

func (*GetWebSessionRequest) Check 

func (r *GetWebSessionRequest) Check() error

Check validates the request.

func (*GetWebSessionRequest) Descriptor 

func (*GetWebSessionRequest) Descriptor() ([]byte, []int)

func (*GetWebSessionRequest) Marshal 

func (m *GetWebSessionRequest) Marshal() (dAtA []byte, err error)

func (*GetWebSessionRequest) MarshalTo 

func (m *GetWebSessionRequest) MarshalTo(dAtA []byte) (int, error)

func (*GetWebSessionRequest) MarshalToSizedBuffer 

func (m *GetWebSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GetWebSessionRequest) ProtoMessage 

func (*GetWebSessionRequest) ProtoMessage()

func (*GetWebSessionRequest) Reset 

func (m *GetWebSessionRequest) Reset()

func (*GetWebSessionRequest) Size 

func (m *GetWebSessionRequest) Size() (n int)

func (*GetWebSessionRequest) String 

func (m *GetWebSessionRequest) String() string

func (*GetWebSessionRequest) Unmarshal 

func (m *GetWebSessionRequest) Unmarshal(dAtA []byte) error

func (*GetWebSessionRequest) XXX_DiscardUnknown 

func (m *GetWebSessionRequest) XXX_DiscardUnknown()

func (*GetWebSessionRequest) XXX_Marshal 

func (m *GetWebSessionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GetWebSessionRequest) XXX_Merge 

func (m *GetWebSessionRequest) XXX_Merge(src proto.Message)

func (*GetWebSessionRequest) XXX_Size 

func (m *GetWebSessionRequest) XXX_Size() int

func (*GetWebSessionRequest) XXX_Unmarshal 

func (m *GetWebSessionRequest) XXX_Unmarshal(b []byte) error

type GetWebTokenRequest 

type GetWebTokenRequest struct {
	// User specifies the user the token is for.
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// Token specifies the token to get.
	Token                string   `protobuf:"bytes,2,opt,name=Token,proto3" json:"token"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GetWebTokenRequest describes a request to query a web token

func (*GetWebTokenRequest) Check 

func (r *GetWebTokenRequest) Check() error

Check validates the request.

func (*GetWebTokenRequest) Descriptor 

func (*GetWebTokenRequest) Descriptor() ([]byte, []int)

func (*GetWebTokenRequest) Marshal 

func (m *GetWebTokenRequest) Marshal() (dAtA []byte, err error)

func (*GetWebTokenRequest) MarshalTo 

func (m *GetWebTokenRequest) MarshalTo(dAtA []byte) (int, error)

func (*GetWebTokenRequest) MarshalToSizedBuffer 

func (m *GetWebTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GetWebTokenRequest) ProtoMessage 

func (*GetWebTokenRequest) ProtoMessage()

func (*GetWebTokenRequest) Reset 

func (m *GetWebTokenRequest) Reset()

func (*GetWebTokenRequest) Size 

func (m *GetWebTokenRequest) Size() (n int)

func (*GetWebTokenRequest) String 

func (m *GetWebTokenRequest) String() string

func (*GetWebTokenRequest) Unmarshal 

func (m *GetWebTokenRequest) Unmarshal(dAtA []byte) error

func (*GetWebTokenRequest) XXX_DiscardUnknown 

func (m *GetWebTokenRequest) XXX_DiscardUnknown()

func (*GetWebTokenRequest) XXX_Marshal 

func (m *GetWebTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GetWebTokenRequest) XXX_Merge 

func (m *GetWebTokenRequest) XXX_Merge(src proto.Message)

func (*GetWebTokenRequest) XXX_Size 

func (m *GetWebTokenRequest) XXX_Size() int

func (*GetWebTokenRequest) XXX_Unmarshal 

func (m *GetWebTokenRequest) XXX_Unmarshal(b []byte) error

type GitHubIntegrationSpecV1 

type GitHubIntegrationSpecV1 struct {
	// Organization specifies the name of the organization for the GitHub integration.
	Organization         string   `protobuf:"bytes,1,opt,name=Organization,proto3" json:"organization,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GitHubIntegrationSpecV1 contains the specific fields to handle the GitHub integration subkind.

func (*GitHubIntegrationSpecV1) Descriptor 

func (*GitHubIntegrationSpecV1) Descriptor() ([]byte, []int)

func (*GitHubIntegrationSpecV1) Marshal 

func (m *GitHubIntegrationSpecV1) Marshal() (dAtA []byte, err error)

func (*GitHubIntegrationSpecV1) MarshalTo 

func (m *GitHubIntegrationSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*GitHubIntegrationSpecV1) MarshalToSizedBuffer 

func (m *GitHubIntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GitHubIntegrationSpecV1) ProtoMessage 

func (*GitHubIntegrationSpecV1) ProtoMessage()

func (*GitHubIntegrationSpecV1) Reset 

func (m *GitHubIntegrationSpecV1) Reset()

func (*GitHubIntegrationSpecV1) Size 

func (m *GitHubIntegrationSpecV1) Size() (n int)

func (*GitHubIntegrationSpecV1) String 

func (m *GitHubIntegrationSpecV1) String() string

func (*GitHubIntegrationSpecV1) Unmarshal 

func (m *GitHubIntegrationSpecV1) Unmarshal(dAtA []byte) error

func (*GitHubIntegrationSpecV1) XXX_DiscardUnknown 

func (m *GitHubIntegrationSpecV1) XXX_DiscardUnknown()

func (*GitHubIntegrationSpecV1) XXX_Marshal 

func (m *GitHubIntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GitHubIntegrationSpecV1) XXX_Merge 

func (m *GitHubIntegrationSpecV1) XXX_Merge(src proto.Message)

func (*GitHubIntegrationSpecV1) XXX_Size 

func (m *GitHubIntegrationSpecV1) XXX_Size() int

func (*GitHubIntegrationSpecV1) XXX_Unmarshal 

func (m *GitHubIntegrationSpecV1) XXX_Unmarshal(b []byte) error

type GitHubPermission 

type GitHubPermission struct {
	Organizations        []string `protobuf:"bytes,1,rep,name=organizations,proto3" json:"orgs,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GitHubPermission defines GitHub integration related permissions.

func (*GitHubPermission) Descriptor 

func (*GitHubPermission) Descriptor() ([]byte, []int)

func (*GitHubPermission) Marshal 

func (m *GitHubPermission) Marshal() (dAtA []byte, err error)

func (*GitHubPermission) MarshalTo 

func (m *GitHubPermission) MarshalTo(dAtA []byte) (int, error)

func (*GitHubPermission) MarshalToSizedBuffer 

func (m *GitHubPermission) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GitHubPermission) ProtoMessage 

func (*GitHubPermission) ProtoMessage()

func (*GitHubPermission) Reset 

func (m *GitHubPermission) Reset()

func (*GitHubPermission) Size 

func (m *GitHubPermission) Size() (n int)

func (*GitHubPermission) String 

func (m *GitHubPermission) String() string

func (*GitHubPermission) Unmarshal 

func (m *GitHubPermission) Unmarshal(dAtA []byte) error

func (*GitHubPermission) XXX_DiscardUnknown 

func (m *GitHubPermission) XXX_DiscardUnknown()

func (*GitHubPermission) XXX_Marshal 

func (m *GitHubPermission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GitHubPermission) XXX_Merge 

func (m *GitHubPermission) XXX_Merge(src proto.Message)

func (*GitHubPermission) XXX_Size 

func (m *GitHubPermission) XXX_Size() int

func (*GitHubPermission) XXX_Unmarshal 

func (m *GitHubPermission) XXX_Unmarshal(b []byte) error

type GitHubServerMetadata 

type GitHubServerMetadata struct {
	// Organization specifies the name of the organization for the GitHub integration.
	Organization string `protobuf:"bytes,1,opt,name=organization,proto3" json:"organization,omitempty"`
	// Integration is the integration that is associated with this Server.
	Integration          string   `protobuf:"bytes,2,opt,name=integration,proto3" json:"integration,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GitHubServerMetadata contains info about GitHub proxies where each server represents a GitHub organization.

func (*GitHubServerMetadata) Descriptor 

func (*GitHubServerMetadata) Descriptor() ([]byte, []int)

func (*GitHubServerMetadata) GetOrganizationURL 

func (m *GitHubServerMetadata) GetOrganizationURL() string

GetOrganizationURL returns the URL to the GitHub organization.

func (*GitHubServerMetadata) Marshal 

func (m *GitHubServerMetadata) Marshal() (dAtA []byte, err error)

func (*GitHubServerMetadata) MarshalTo 

func (m *GitHubServerMetadata) MarshalTo(dAtA []byte) (int, error)

func (*GitHubServerMetadata) MarshalToSizedBuffer 

func (m *GitHubServerMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GitHubServerMetadata) ProtoMessage 

func (*GitHubServerMetadata) ProtoMessage()

func (*GitHubServerMetadata) Reset 

func (m *GitHubServerMetadata) Reset()

func (*GitHubServerMetadata) Size 

func (m *GitHubServerMetadata) Size() (n int)

func (*GitHubServerMetadata) String 

func (m *GitHubServerMetadata) String() string

func (*GitHubServerMetadata) Unmarshal 

func (m *GitHubServerMetadata) Unmarshal(dAtA []byte) error

func (*GitHubServerMetadata) XXX_DiscardUnknown 

func (m *GitHubServerMetadata) XXX_DiscardUnknown()

func (*GitHubServerMetadata) XXX_Marshal 

func (m *GitHubServerMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GitHubServerMetadata) XXX_Merge 

func (m *GitHubServerMetadata) XXX_Merge(src proto.Message)

func (*GitHubServerMetadata) XXX_Size 

func (m *GitHubServerMetadata) XXX_Size() int

func (*GitHubServerMetadata) XXX_Unmarshal 

func (m *GitHubServerMetadata) XXX_Unmarshal(b []byte) error

type GithubAuthRequest 

type GithubAuthRequest struct {
	// ConnectorID is the name of the connector to use.
	ConnectorID string `protobuf:"bytes,1,opt,name=ConnectorID,proto3" json:"connector_id"`
	// Type is opaque string that helps callbacks identify the request type.
	Type string `protobuf:"bytes,2,opt,name=Type,proto3" json:"type"`
	// StateToken is used to validate the request.
	StateToken string `protobuf:"bytes,3,opt,name=StateToken,proto3" json:"state_token"`
	// CSRFToken is used to protect against CSRF attacks.
	CSRFToken string `protobuf:"bytes,4,opt,name=CSRFToken,proto3" json:"csrf_token"`
	// CertTTL is TTL of the cert that's generated in case of successful auth.
	CertTTL time.Duration `protobuf:"varint,6,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"`
	// CreateWebSession indicates that a user wants to generate a web session
	// after successful authentication.
	CreateWebSession bool `protobuf:"varint,7,opt,name=CreateWebSession,proto3" json:"create_web_session"`
	// RedirectURL will be used by browser.
	RedirectURL string `protobuf:"bytes,8,opt,name=RedirectURL,proto3" json:"redirect_url"`
	// ClientRedirectURL is the URL where client will be redirected after
	// successful auth.
	ClientRedirectURL string `protobuf:"bytes,9,opt,name=ClientRedirectURL,proto3" json:"client_redirect_url"`
	// Compatibility specifies OpenSSH compatibility flags.
	Compatibility string `protobuf:"bytes,10,opt,name=Compatibility,proto3" json:"compatibility,omitempty"`
	// Expires is a global expiry time header can be set on any resource in the system.
	Expires *time.Time `protobuf:"bytes,11,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
	// RouteToCluster is the name of Teleport cluster to issue credentials for.
	RouteToCluster string `protobuf:"bytes,12,opt,name=RouteToCluster,proto3" json:"route_to_cluster,omitempty"`
	// KubernetesCluster is the name of Kubernetes cluster to issue credentials for.
	KubernetesCluster string `protobuf:"bytes,13,opt,name=KubernetesCluster,proto3" json:"kubernetes_cluster,omitempty"`
	// SSOTestFlow indicates if the request is part of the test flow.
	SSOTestFlow bool `protobuf:"varint,14,opt,name=SSOTestFlow,proto3" json:"sso_test_flow"`
	// ConnectorSpec is embedded connector spec for use in test flow or authenticated user flow.
	ConnectorSpec *GithubConnectorSpecV3 `protobuf:"bytes,15,opt,name=ConnectorSpec,proto3" json:"connector_spec,omitempty"`
	// ClientLoginIP specifies IP address of the client for login, it will be written to the user's certificates.
	ClientLoginIP string `protobuf:"bytes,17,opt,name=ClientLoginIP,proto3" json:"client_login_ip,omitempty"`
	// ClientUserAgent is the user agent of the Web browser, used for issuing
	// a DeviceWebToken.
	ClientUserAgent string `protobuf:"bytes,18,opt,name=ClientUserAgent,proto3" json:"client_user_agent,omitempty"`
	// SshPublicKey is an optional public key to use as the subject of an issued
	// SSH cert in case of successful auth.
	SshPublicKey []byte `protobuf:"bytes,19,opt,name=ssh_public_key,json=sshPublicKey,proto3" json:"ssh_pub_key,omitempty"`
	// TlsPublicKey is an optional public key to use as the subject of an issued
	// TLS cert in case of successful auth.
	TlsPublicKey []byte `protobuf:"bytes,20,opt,name=tls_public_key,json=tlsPublicKey,proto3" json:"tls_pub_key,omitempty"`
	// SshAttestationStatement is an attestation statement for the given SSH public key.
	SshAttestationStatement *v1.AttestationStatement `` /* 133-byte string literal not displayed */
	// TlsAttestationStatement is an attestation statement for the given TLS public key.
	TlsAttestationStatement *v1.AttestationStatement `` /* 133-byte string literal not displayed */
	// AuthenticatedUser is the username of an authenticated Teleport user. This
	// OAuth flow is used to retrieve GitHub identity info which will be added to
	// the existing user.
	AuthenticatedUser    string   `protobuf:"bytes,23,opt,name=authenticated_user,json=authenticatedUser,proto3" json:"authenticated_user,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GithubAuthRequest is the request to start Github OAuth2 flow.

func (*GithubAuthRequest) Check 

func (r *GithubAuthRequest) Check() error

Check makes sure the request is valid

func (*GithubAuthRequest) Descriptor 

func (*GithubAuthRequest) Descriptor() ([]byte, []int)

func (*GithubAuthRequest) Expiry 

func (r *GithubAuthRequest) Expiry() time.Time

Expiry returns object expiry setting.

func (*GithubAuthRequest) Marshal 

func (m *GithubAuthRequest) Marshal() (dAtA []byte, err error)

func (*GithubAuthRequest) MarshalTo 

func (m *GithubAuthRequest) MarshalTo(dAtA []byte) (int, error)

func (*GithubAuthRequest) MarshalToSizedBuffer 

func (m *GithubAuthRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GithubAuthRequest) ProtoMessage 

func (*GithubAuthRequest) ProtoMessage()

func (*GithubAuthRequest) Reset 

func (m *GithubAuthRequest) Reset()

func (*GithubAuthRequest) SetExpiry 

func (r *GithubAuthRequest) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*GithubAuthRequest) Size 

func (m *GithubAuthRequest) Size() (n int)

func (*GithubAuthRequest) String 

func (m *GithubAuthRequest) String() string

func (*GithubAuthRequest) Unmarshal 

func (m *GithubAuthRequest) Unmarshal(dAtA []byte) error

func (*GithubAuthRequest) XXX_DiscardUnknown 

func (m *GithubAuthRequest) XXX_DiscardUnknown()

func (*GithubAuthRequest) XXX_Marshal 

func (m *GithubAuthRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GithubAuthRequest) XXX_Merge 

func (m *GithubAuthRequest) XXX_Merge(src proto.Message)

func (*GithubAuthRequest) XXX_Size 

func (m *GithubAuthRequest) XXX_Size() int

func (*GithubAuthRequest) XXX_Unmarshal 

func (m *GithubAuthRequest) XXX_Unmarshal(b []byte) error

type GithubClaims 

type GithubClaims struct {
	// Username is the user's username
	Username string `protobuf:"bytes,1,opt,name=Username,proto3" json:"username"`
	// OrganizationToTeams is the user's organization and team membership
	OrganizationToTeams github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 154-byte string literal not displayed */
	// Teams is the users team membership
	Teams []string `protobuf:"bytes,3,rep,name=Teams,proto3" json:"teams"`
	// UserID is a global unique integer that is assigned to each GitHub user. The
	// user ID is immutable (unlike the GitHub username) and can be found in APIs
	// like get user.
	// https://docs.github.com/en/rest/users/users
	UserID               string   `protobuf:"bytes,4,opt,name=UserID,proto3" json:"user_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GithubClaims represents Github user information obtained during OAuth2 flow

func (*GithubClaims) Descriptor 

func (*GithubClaims) Descriptor() ([]byte, []int)

func (*GithubClaims) Marshal 

func (m *GithubClaims) Marshal() (dAtA []byte, err error)

func (*GithubClaims) MarshalTo 

func (m *GithubClaims) MarshalTo(dAtA []byte) (int, error)

func (*GithubClaims) MarshalToSizedBuffer 

func (m *GithubClaims) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GithubClaims) ProtoMessage 

func (*GithubClaims) ProtoMessage()

func (*GithubClaims) Reset 

func (m *GithubClaims) Reset()

func (*GithubClaims) Size 

func (m *GithubClaims) Size() (n int)

func (*GithubClaims) String 

func (m *GithubClaims) String() string

func (*GithubClaims) Unmarshal 

func (m *GithubClaims) Unmarshal(dAtA []byte) error

func (*GithubClaims) XXX_DiscardUnknown 

func (m *GithubClaims) XXX_DiscardUnknown()

func (*GithubClaims) XXX_Marshal 

func (m *GithubClaims) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GithubClaims) XXX_Merge 

func (m *GithubClaims) XXX_Merge(src proto.Message)

func (*GithubClaims) XXX_Size 

func (m *GithubClaims) XXX_Size() int

func (*GithubClaims) XXX_Unmarshal 

func (m *GithubClaims) XXX_Unmarshal(b []byte) error

type GithubConnector 

type GithubConnector interface {
	// ResourceWithSecrets is a common interface for all resources
	ResourceWithSecrets
	ResourceWithOrigin
	// SetMetadata sets object metadata
	SetMetadata(meta Metadata)
	// GetClientID returns the connector client ID
	GetClientID() string
	// SetClientID sets the connector client ID
	SetClientID(string)
	// GetClientSecret returns the connector client secret
	GetClientSecret() string
	// SetClientSecret sets the connector client secret
	SetClientSecret(string)
	// GetRedirectURL returns the connector redirect URL
	GetRedirectURL() string
	// SetRedirectURL sets the connector redirect URL
	SetRedirectURL(string)
	// GetTeamsToLogins returns the mapping of Github teams to allowed logins
	GetTeamsToLogins() []TeamMapping
	// SetTeamsToLogins sets the mapping of Github teams to allowed logins
	SetTeamsToLogins([]TeamMapping)
	// GetTeamsToRoles returns the mapping of Github teams to allowed roles
	GetTeamsToRoles() []TeamRolesMapping
	// SetTeamsToRoles sets the mapping of Github teams to allowed roles
	SetTeamsToRoles([]TeamRolesMapping)
	// MapClaims returns the list of allows logins based on the retrieved claims
	// returns list of logins and kubernetes groups
	MapClaims(GithubClaims) (roles []string, kubeGroups []string, kubeUsers []string)
	// GetDisplay returns the connector display name
	GetDisplay() string
	// SetDisplay sets the connector display name
	SetDisplay(string)
	// GetEndpointURL returns the endpoint URL
	GetEndpointURL() string
	// GetAPIEndpointURL returns the API endpoint URL
	GetAPIEndpointURL() string
	// GetClientRedirectSettings returns the client redirect settings.
	GetClientRedirectSettings() *SSOClientRedirectSettings
}

GithubConnector defines an interface for a Github OAuth2 connector

func NewGithubConnector 

func NewGithubConnector(name string, spec GithubConnectorSpecV3) (GithubConnector, error)

NewGithubConnector creates a new Github connector from name and spec

type GithubConnectorSpecV3 

type GithubConnectorSpecV3 struct {
	// ClientID is the Github OAuth app client ID.
	ClientID string `protobuf:"bytes,1,opt,name=ClientID,proto3" json:"client_id"`
	// ClientSecret is the Github OAuth app client secret.
	ClientSecret string `protobuf:"bytes,2,opt,name=ClientSecret,proto3" json:"client_secret"`
	// RedirectURL is the authorization callback URL.
	RedirectURL string `protobuf:"bytes,3,opt,name=RedirectURL,proto3" json:"redirect_url"`
	// TeamsToLogins maps Github team memberships onto allowed logins/roles.
	//
	// DELETE IN 11.0.0
	// Deprecated: use GithubTeamsToRoles instead.
	TeamsToLogins []TeamMapping `protobuf:"bytes,4,rep,name=TeamsToLogins,proto3" json:"teams_to_logins"`
	// Display is the connector display name.
	Display string `protobuf:"bytes,5,opt,name=Display,proto3" json:"display"`
	// TeamsToRoles maps Github team memberships onto allowed roles.
	TeamsToRoles []TeamRolesMapping `protobuf:"bytes,6,rep,name=TeamsToRoles,proto3" json:"teams_to_roles"`
	// EndpointURL is the URL of the GitHub instance this connector is for.
	EndpointURL string `protobuf:"bytes,7,opt,name=EndpointURL,proto3" json:"endpoint_url"`
	// APIEndpointURL is the URL of the API endpoint of the Github instance
	// this connector is for.
	APIEndpointURL string `protobuf:"bytes,8,opt,name=APIEndpointURL,proto3" json:"api_endpoint_url"`
	// ClientRedirectSettings defines which client redirect URLs are allowed for
	// non-browser SSO logins other than the standard localhost ones.
	ClientRedirectSettings *SSOClientRedirectSettings `protobuf:"bytes,9,opt,name=ClientRedirectSettings,proto3" json:"client_redirect_settings,omitempty"`
	XXX_NoUnkeyedLiteral   struct{}                   `json:"-"`
	XXX_unrecognized       []byte                     `json:"-"`
	XXX_sizecache          int32                      `json:"-"`
}

GithubConnectorSpecV3 is a Github connector specification.

func (*GithubConnectorSpecV3) Descriptor 

func (*GithubConnectorSpecV3) Descriptor() ([]byte, []int)

func (*GithubConnectorSpecV3) Marshal 

func (m *GithubConnectorSpecV3) Marshal() (dAtA []byte, err error)

func (*GithubConnectorSpecV3) MarshalTo 

func (m *GithubConnectorSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*GithubConnectorSpecV3) MarshalToSizedBuffer 

func (m *GithubConnectorSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GithubConnectorSpecV3) ProtoMessage 

func (*GithubConnectorSpecV3) ProtoMessage()

func (*GithubConnectorSpecV3) Reset 

func (m *GithubConnectorSpecV3) Reset()

func (*GithubConnectorSpecV3) Size 

func (m *GithubConnectorSpecV3) Size() (n int)

func (*GithubConnectorSpecV3) String 

func (m *GithubConnectorSpecV3) String() string

func (*GithubConnectorSpecV3) Unmarshal 

func (m *GithubConnectorSpecV3) Unmarshal(dAtA []byte) error

func (*GithubConnectorSpecV3) XXX_DiscardUnknown 

func (m *GithubConnectorSpecV3) XXX_DiscardUnknown()

func (*GithubConnectorSpecV3) XXX_Marshal 

func (m *GithubConnectorSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GithubConnectorSpecV3) XXX_Merge 

func (m *GithubConnectorSpecV3) XXX_Merge(src proto.Message)

func (*GithubConnectorSpecV3) XXX_Size 

func (m *GithubConnectorSpecV3) XXX_Size() int

func (*GithubConnectorSpecV3) XXX_Unmarshal 

func (m *GithubConnectorSpecV3) XXX_Unmarshal(b []byte) error

type GithubConnectorV3 

type GithubConnectorV3 struct {
	// Kind is a resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v3`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata holds resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is an Github connector specification.
	Spec                 GithubConnectorSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

GithubConnectorV3 represents a Github connector.

func (*GithubConnectorV3) CheckAndSetDefaults 

func (c *GithubConnectorV3) CheckAndSetDefaults() error

CheckAndSetDefaults verifies the connector is valid and sets some defaults

func (*GithubConnectorV3) Descriptor 

func (*GithubConnectorV3) Descriptor() ([]byte, []int)

func (*GithubConnectorV3) Expiry 

func (c *GithubConnectorV3) Expiry() time.Time

Expiry returns the connector expiration time

func (*GithubConnectorV3) GetAPIEndpointURL 

func (c *GithubConnectorV3) GetAPIEndpointURL() string

GetEndpointURL returns the API endpoint URL

func (*GithubConnectorV3) GetClientID 

func (c *GithubConnectorV3) GetClientID() string

GetClientID returns the connector client ID

func (*GithubConnectorV3) GetClientRedirectSettings 

func (c *GithubConnectorV3) GetClientRedirectSettings() *SSOClientRedirectSettings

GetClientRedirectSettings returns the client redirect settings.

func (*GithubConnectorV3) GetClientSecret 

func (c *GithubConnectorV3) GetClientSecret() string

GetClientSecret returns the connector client secret

func (*GithubConnectorV3) GetDisplay 

func (c *GithubConnectorV3) GetDisplay() string

GetDisplay returns the connector display name

func (*GithubConnectorV3) GetEndpointURL 

func (c *GithubConnectorV3) GetEndpointURL() string

GetEndpointURL returns the endpoint URL

func (*GithubConnectorV3) GetKind 

func (c *GithubConnectorV3) GetKind() string

GetKind returns resource kind

func (*GithubConnectorV3) GetMetadata 

func (c *GithubConnectorV3) GetMetadata() Metadata

GetMetadata returns the connector metadata

func (*GithubConnectorV3) GetName 

func (c *GithubConnectorV3) GetName() string

GetName returns the name of the connector

func (*GithubConnectorV3) GetRedirectURL 

func (c *GithubConnectorV3) GetRedirectURL() string

GetRedirectURL returns the connector redirect URL

func (*GithubConnectorV3) GetRevision 

func (c *GithubConnectorV3) GetRevision() string

GetRevision returns the revision

func (*GithubConnectorV3) GetSubKind 

func (c *GithubConnectorV3) GetSubKind() string

GetSubKind returns resource sub kind

func (*GithubConnectorV3) GetTeamsToLogins 

func (c *GithubConnectorV3) GetTeamsToLogins() []TeamMapping

GetTeamsToLogins returns the connector team membership mappings

DEPRECATED: use GetTeamsToRoles instead

func (*GithubConnectorV3) GetTeamsToRoles 

func (c *GithubConnectorV3) GetTeamsToRoles() []TeamRolesMapping

GetTeamsToRoles returns the mapping of Github teams to allowed roles

func (*GithubConnectorV3) GetVersion 

func (c *GithubConnectorV3) GetVersion() string

GetVersion returns resource version

func (*GithubConnectorV3) MapClaims 

func (c *GithubConnectorV3) MapClaims(claims GithubClaims) ([]string, []string, []string)

MapClaims returns a list of logins based on the provided claims, returns a list of logins and list of kubernetes groups

func (*GithubConnectorV3) Marshal 

func (m *GithubConnectorV3) Marshal() (dAtA []byte, err error)

func (*GithubConnectorV3) MarshalTo 

func (m *GithubConnectorV3) MarshalTo(dAtA []byte) (int, error)

func (*GithubConnectorV3) MarshalToSizedBuffer 

func (m *GithubConnectorV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GithubConnectorV3) Origin 

func (c *GithubConnectorV3) Origin() string

Origin returns the origin value of the resource.

func (*GithubConnectorV3) ProtoMessage 

func (*GithubConnectorV3) ProtoMessage()

func (*GithubConnectorV3) Reset 

func (m *GithubConnectorV3) Reset()

func (*GithubConnectorV3) SetClientID 

func (c *GithubConnectorV3) SetClientID(id string)

SetClientID sets the connector client ID

func (*GithubConnectorV3) SetClientSecret 

func (c *GithubConnectorV3) SetClientSecret(secret string)

SetClientSecret sets the connector client secret

func (*GithubConnectorV3) SetDisplay 

func (c *GithubConnectorV3) SetDisplay(display string)

SetDisplay sets the connector display name

func (*GithubConnectorV3) SetExpiry 

func (c *GithubConnectorV3) SetExpiry(expires time.Time)

SetExpiry sets the connector expiration time

func (*GithubConnectorV3) SetMetadata 

func (c *GithubConnectorV3) SetMetadata(meta Metadata)

SetMetadata sets connector metadata

func (*GithubConnectorV3) SetName 

func (c *GithubConnectorV3) SetName(name string)

SetName sets the connector name

func (*GithubConnectorV3) SetOrigin 

func (c *GithubConnectorV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*GithubConnectorV3) SetRedirectURL 

func (c *GithubConnectorV3) SetRedirectURL(redirectURL string)

SetRedirectURL sets the connector redirect URL

func (*GithubConnectorV3) SetRevision 

func (c *GithubConnectorV3) SetRevision(rev string)

SetRevision sets the revision

func (*GithubConnectorV3) SetSubKind 

func (c *GithubConnectorV3) SetSubKind(s string)

SetSubKind sets resource subkind

func (*GithubConnectorV3) SetTeamsToLogins 

func (c *GithubConnectorV3) SetTeamsToLogins(teamsToLogins []TeamMapping)

SetTeamsToLogins sets the connector team membership mappings

DEPRECATED: use SetTeamsToRoles instead

func (*GithubConnectorV3) SetTeamsToRoles 

func (c *GithubConnectorV3) SetTeamsToRoles(m []TeamRolesMapping)

SetTeamsToRoles sets the mapping of Github teams to allowed roles

func (*GithubConnectorV3) Size 

func (m *GithubConnectorV3) Size() (n int)

func (*GithubConnectorV3) String 

func (m *GithubConnectorV3) String() string

func (*GithubConnectorV3) Unmarshal 

func (m *GithubConnectorV3) Unmarshal(dAtA []byte) error

func (*GithubConnectorV3) WithoutSecrets 

func (c *GithubConnectorV3) WithoutSecrets() Resource

WithoutSecrets returns an instance of resource without secrets.

func (*GithubConnectorV3) XXX_DiscardUnknown 

func (m *GithubConnectorV3) XXX_DiscardUnknown()

func (*GithubConnectorV3) XXX_Marshal 

func (m *GithubConnectorV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GithubConnectorV3) XXX_Merge 

func (m *GithubConnectorV3) XXX_Merge(src proto.Message)

func (*GithubConnectorV3) XXX_Size 

func (m *GithubConnectorV3) XXX_Size() int

func (*GithubConnectorV3) XXX_Unmarshal 

func (m *GithubConnectorV3) XXX_Unmarshal(b []byte) error

type GithubConnectorV3List 

type GithubConnectorV3List struct {
	// GithubConnectors is a list of Github connectors.
	GithubConnectors     []*GithubConnectorV3 `protobuf:"bytes,1,rep,name=GithubConnectors,proto3" json:"GithubConnectors,omitempty"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

GithubConnectorV3List is a list of Github connectors.

func (*GithubConnectorV3List) Descriptor 

func (*GithubConnectorV3List) Descriptor() ([]byte, []int)

func (*GithubConnectorV3List) Marshal 

func (m *GithubConnectorV3List) Marshal() (dAtA []byte, err error)

func (*GithubConnectorV3List) MarshalTo 

func (m *GithubConnectorV3List) MarshalTo(dAtA []byte) (int, error)

func (*GithubConnectorV3List) MarshalToSizedBuffer 

func (m *GithubConnectorV3List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GithubConnectorV3List) ProtoMessage 

func (*GithubConnectorV3List) ProtoMessage()

func (*GithubConnectorV3List) Reset 

func (m *GithubConnectorV3List) Reset()

func (*GithubConnectorV3List) Size 

func (m *GithubConnectorV3List) Size() (n int)

func (*GithubConnectorV3List) String 

func (m *GithubConnectorV3List) String() string

func (*GithubConnectorV3List) Unmarshal 

func (m *GithubConnectorV3List) Unmarshal(dAtA []byte) error

func (*GithubConnectorV3List) XXX_DiscardUnknown 

func (m *GithubConnectorV3List) XXX_DiscardUnknown()

func (*GithubConnectorV3List) XXX_Marshal 

func (m *GithubConnectorV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GithubConnectorV3List) XXX_Merge 

func (m *GithubConnectorV3List) XXX_Merge(src proto.Message)

func (*GithubConnectorV3List) XXX_Size 

func (m *GithubConnectorV3List) XXX_Size() int

func (*GithubConnectorV3List) XXX_Unmarshal 

func (m *GithubConnectorV3List) XXX_Unmarshal(b []byte) error

type GithubTokenInfo 

type GithubTokenInfo struct {
	TokenType            string   `protobuf:"bytes,1,opt,name=TokenType,proto3" json:"token_type"`
	Expires              int64    `protobuf:"varint,2,opt,name=Expires,proto3" json:"expires"`
	Scope                string   `protobuf:"bytes,3,opt,name=Scope,proto3" json:"scope"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

GithubTokenInfo stores diagnostic info about Github OAuth2 token obtained during SSO flow. The token itself is secret and therefore not included.

func (*GithubTokenInfo) Descriptor 

func (*GithubTokenInfo) Descriptor() ([]byte, []int)

func (*GithubTokenInfo) Marshal 

func (m *GithubTokenInfo) Marshal() (dAtA []byte, err error)

func (*GithubTokenInfo) MarshalTo 

func (m *GithubTokenInfo) MarshalTo(dAtA []byte) (int, error)

func (*GithubTokenInfo) MarshalToSizedBuffer 

func (m *GithubTokenInfo) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GithubTokenInfo) ProtoMessage 

func (*GithubTokenInfo) ProtoMessage()

func (*GithubTokenInfo) Reset 

func (m *GithubTokenInfo) Reset()

func (*GithubTokenInfo) Size 

func (m *GithubTokenInfo) Size() (n int)

func (*GithubTokenInfo) String 

func (m *GithubTokenInfo) String() string

func (*GithubTokenInfo) Unmarshal 

func (m *GithubTokenInfo) Unmarshal(dAtA []byte) error

func (*GithubTokenInfo) XXX_DiscardUnknown 

func (m *GithubTokenInfo) XXX_DiscardUnknown()

func (*GithubTokenInfo) XXX_Marshal 

func (m *GithubTokenInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GithubTokenInfo) XXX_Merge 

func (m *GithubTokenInfo) XXX_Merge(src proto.Message)

func (*GithubTokenInfo) XXX_Size 

func (m *GithubTokenInfo) XXX_Size() int

func (*GithubTokenInfo) XXX_Unmarshal 

func (m *GithubTokenInfo) XXX_Unmarshal(b []byte) error

type HardwareKey 

type HardwareKey struct {
	// PIVSlot is a PIV slot that Teleport clients should use instead of the
	// default based on private key policy. For example, "9a" or "9e".
	PIVSlot string `protobuf:"bytes,1,opt,name=PIVSlot,proto3" json:"piv_slot,omitempty"`
	// SerialNumberValidation holds settings for hardware key serial number validation.
	// By default, serial number validation is disabled.
	SerialNumberValidation *HardwareKeySerialNumberValidation `protobuf:"bytes,2,opt,name=SerialNumberValidation,proto3" json:"serial_number_validation,omitempty"`
	// PinCacheTTL is the amount of time in nanoseconds that Teleport clients
	// will cache the user's PIV PIN when hardware key PIN policy is enabled.
	PinCacheTTL          Duration `protobuf:"varint,3,opt,name=PinCacheTTL,proto3,casttype=Duration" json:"pin_cache_ttl,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

HardwareKey holds settings related to hardware key support. Requires Teleport Enterprise.

func (*HardwareKey) Descriptor 

func (*HardwareKey) Descriptor() ([]byte, []int)

func (*HardwareKey) Marshal 

func (m *HardwareKey) Marshal() (dAtA []byte, err error)

func (*HardwareKey) MarshalTo 

func (m *HardwareKey) MarshalTo(dAtA []byte) (int, error)

func (*HardwareKey) MarshalToSizedBuffer 

func (m *HardwareKey) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*HardwareKey) ProtoMessage 

func (*HardwareKey) ProtoMessage()

func (*HardwareKey) Reset 

func (m *HardwareKey) Reset()

func (*HardwareKey) Size 

func (m *HardwareKey) Size() (n int)

func (*HardwareKey) String 

func (m *HardwareKey) String() string

func (*HardwareKey) Unmarshal 

func (m *HardwareKey) Unmarshal(dAtA []byte) error

func (*HardwareKey) XXX_DiscardUnknown 

func (m *HardwareKey) XXX_DiscardUnknown()

func (*HardwareKey) XXX_Marshal 

func (m *HardwareKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HardwareKey) XXX_Merge 

func (m *HardwareKey) XXX_Merge(src proto.Message)

func (*HardwareKey) XXX_Size 

func (m *HardwareKey) XXX_Size() int

func (*HardwareKey) XXX_Unmarshal 

func (m *HardwareKey) XXX_Unmarshal(b []byte) error

type HardwareKeySerialNumberValidation 

type HardwareKeySerialNumberValidation struct {
	// Enabled indicates whether hardware key serial number validation is enabled.
	Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"enabled,omitempty"`
	// SerialNumberTraitName is an optional custom user trait name for hardware key
	// serial numbers to replace the default: "hardware_key_serial_numbers".
	//
	// Note: Values for this user trait should be a comma-separated list of serial numbers,
	// or a list of comm-separated lists. e.g ["123", "345,678"]
	SerialNumberTraitName string   `protobuf:"bytes,2,opt,name=SerialNumberTraitName,proto3" json:"serial_number_trait_name,omitempty"`
	XXX_NoUnkeyedLiteral  struct{} `json:"-"`
	XXX_unrecognized      []byte   `json:"-"`
	XXX_sizecache         int32    `json:"-"`
}

func (*HardwareKeySerialNumberValidation) Descriptor 

func (*HardwareKeySerialNumberValidation) Descriptor() ([]byte, []int)

func (*HardwareKeySerialNumberValidation) Marshal 

func (m *HardwareKeySerialNumberValidation) Marshal() (dAtA []byte, err error)

func (*HardwareKeySerialNumberValidation) MarshalTo 

func (m *HardwareKeySerialNumberValidation) MarshalTo(dAtA []byte) (int, error)

func (*HardwareKeySerialNumberValidation) MarshalToSizedBuffer 

func (m *HardwareKeySerialNumberValidation) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*HardwareKeySerialNumberValidation) ProtoMessage 

func (*HardwareKeySerialNumberValidation) ProtoMessage()

func (*HardwareKeySerialNumberValidation) Reset 

func (m *HardwareKeySerialNumberValidation) Reset()

func (*HardwareKeySerialNumberValidation) Size 

func (m *HardwareKeySerialNumberValidation) Size() (n int)

func (*HardwareKeySerialNumberValidation) String 

func (m *HardwareKeySerialNumberValidation) String() string

func (*HardwareKeySerialNumberValidation) Unmarshal 

func (m *HardwareKeySerialNumberValidation) Unmarshal(dAtA []byte) error

func (*HardwareKeySerialNumberValidation) XXX_DiscardUnknown 

func (m *HardwareKeySerialNumberValidation) XXX_DiscardUnknown()

func (*HardwareKeySerialNumberValidation) XXX_Marshal 

func (m *HardwareKeySerialNumberValidation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HardwareKeySerialNumberValidation) XXX_Merge 

func (m *HardwareKeySerialNumberValidation) XXX_Merge(src proto.Message)

func (*HardwareKeySerialNumberValidation) XXX_Size 

func (m *HardwareKeySerialNumberValidation) XXX_Size() int

func (*HardwareKeySerialNumberValidation) XXX_Unmarshal 

func (m *HardwareKeySerialNumberValidation) XXX_Unmarshal(b []byte) error
type Header struct {
	// Name is the http header name.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// Value is the http header value.
	Value                string   `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Header represents a single http header passed over to the proxied application.

func (*Header) Descriptor 

func (*Header) Descriptor() ([]byte, []int)

func (*Header) Marshal 

func (m *Header) Marshal() (dAtA []byte, err error)

func (*Header) MarshalTo 

func (m *Header) MarshalTo(dAtA []byte) (int, error)

func (*Header) MarshalToSizedBuffer 

func (m *Header) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Header) ProtoMessage 

func (*Header) ProtoMessage()

func (*Header) Reset 

func (m *Header) Reset()

func (*Header) Size 

func (m *Header) Size() (n int)

func (*Header) String 

func (m *Header) String() string

func (*Header) Unmarshal 

func (m *Header) Unmarshal(dAtA []byte) error

func (*Header) XXX_DiscardUnknown 

func (m *Header) XXX_DiscardUnknown()

func (*Header) XXX_Marshal 

func (m *Header) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Header) XXX_Merge 

func (m *Header) XXX_Merge(src proto.Message)

func (*Header) XXX_Size 

func (m *Header) XXX_Size() int

func (*Header) XXX_Unmarshal 

func (m *Header) XXX_Unmarshal(b []byte) error

type HeadlessAuthentication 

type HeadlessAuthentication struct {
	// Header is the resource header.
	ResourceHeader `protobuf:"bytes,1,opt,name=header,proto3,embedded=header" json:"header"`
	// User is a teleport user name.
	User string `protobuf:"bytes,2,opt,name=user,proto3" json:"user,omitempty"`
	// State is the headless authentication request state.
	State HeadlessAuthenticationState `protobuf:"varint,4,opt,name=state,proto3,enum=types.HeadlessAuthenticationState" json:"state,omitempty"`
	// MFADevice is the mfa device used to approve the request in case of successful auth.
	MfaDevice *MFADevice `protobuf:"bytes,5,opt,name=mfa_device,json=mfaDevice,proto3" json:"mfa_device,omitempty"`
	// ClientIPAddress is the IP address of the client being authenticated.
	ClientIpAddress string `protobuf:"bytes,6,opt,name=client_ip_address,json=clientIpAddress,proto3" json:"client_ip_address,omitempty"`
	// SshPublicKey is a public key that will be used as the subject of the issued
	// SSH certificate in case of successful auth. It must be in SSH authorized_keys format.
	SshPublicKey []byte `protobuf:"bytes,7,opt,name=ssh_public_key,json=sshPublicKey,proto3" json:"ssh_public_key,omitempty"`
	// TlsPublicKey is a public key that will be used as the subject of the issued
	// TLS certificate in case of successful auth. It must be in PEM-encoded
	// PKCS#1 or PKIX format.
	TlsPublicKey         []byte   `protobuf:"bytes,8,opt,name=tls_public_key,json=tlsPublicKey,proto3" json:"tls_public_key,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

HeadlessAuthentication holds data for an ongoing headless authentication attempt.

func NewHeadlessAuthentication 

func NewHeadlessAuthentication(username, name string, expires time.Time) (*HeadlessAuthentication, error)

NewHeadlessAuthentication creates a new a headless authentication resource.

func (*HeadlessAuthentication) CheckAndSetDefaults 

func (h *HeadlessAuthentication) CheckAndSetDefaults() error

CheckAndSetDefaults does basic validation and default setting.

func (*HeadlessAuthentication) Descriptor 

func (*HeadlessAuthentication) Descriptor() ([]byte, []int)

func (*HeadlessAuthentication) Marshal 

func (m *HeadlessAuthentication) Marshal() (dAtA []byte, err error)

func (*HeadlessAuthentication) MarshalTo 

func (m *HeadlessAuthentication) MarshalTo(dAtA []byte) (int, error)

func (*HeadlessAuthentication) MarshalToSizedBuffer 

func (m *HeadlessAuthentication) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*HeadlessAuthentication) ProtoMessage 

func (*HeadlessAuthentication) ProtoMessage()

func (*HeadlessAuthentication) Reset 

func (m *HeadlessAuthentication) Reset()

func (*HeadlessAuthentication) Size 

func (m *HeadlessAuthentication) Size() (n int)

func (*HeadlessAuthentication) String 

func (m *HeadlessAuthentication) String() string

func (*HeadlessAuthentication) Unmarshal 

func (m *HeadlessAuthentication) Unmarshal(dAtA []byte) error

func (*HeadlessAuthentication) XXX_DiscardUnknown 

func (m *HeadlessAuthentication) XXX_DiscardUnknown()

func (*HeadlessAuthentication) XXX_Marshal 

func (m *HeadlessAuthentication) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HeadlessAuthentication) XXX_Merge 

func (m *HeadlessAuthentication) XXX_Merge(src proto.Message)

func (*HeadlessAuthentication) XXX_Size 

func (m *HeadlessAuthentication) XXX_Size() int

func (*HeadlessAuthentication) XXX_Unmarshal 

func (m *HeadlessAuthentication) XXX_Unmarshal(b []byte) error

type HeadlessAuthenticationFilter 

type HeadlessAuthenticationFilter struct {
	Name     string
	Username string
	State    HeadlessAuthenticationState
}

HeadlessAuthenticationFilter encodes filter params for headless authentications.

func (*HeadlessAuthenticationFilter) FromMap 

func (f *HeadlessAuthenticationFilter) FromMap(m map[string]string) error

FromMap copies values from a map into this HeadlessAuthenticationFilter value.

func (*HeadlessAuthenticationFilter) IntoMap 

func (f *HeadlessAuthenticationFilter) IntoMap() map[string]string

IntoMap copies HeadlessAuthenticationFilter values into a map.

func (*HeadlessAuthenticationFilter) Match 

func (f *HeadlessAuthenticationFilter) Match(req *HeadlessAuthentication) bool

Match checks if a given headless authentication matches this filter.

type HeadlessAuthenticationState 

type HeadlessAuthenticationState int32

HeadlessAuthenticationState is a headless authentication state. 

const (
	HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_UNSPECIFIED HeadlessAuthenticationState = 0
	// authentication pending.
	HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_PENDING HeadlessAuthenticationState = 1
	// authentication denied.
	HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_DENIED HeadlessAuthenticationState = 2
	// authentication approved.
	HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_APPROVED HeadlessAuthenticationState = 3
)

func (HeadlessAuthenticationState) EnumDescriptor 

func (HeadlessAuthenticationState) EnumDescriptor() ([]byte, []int)

func (HeadlessAuthenticationState) IsPending 

func (s HeadlessAuthenticationState) IsPending() bool

IsPending headless authentication state.

func (HeadlessAuthenticationState) IsUnspecified 

func (s HeadlessAuthenticationState) IsUnspecified() bool

IsUnspecified headless authentication state. This usually means the headless authentication resource is a headless authentication stub, with limited data.

func (*HeadlessAuthenticationState) Parse 

func (s *HeadlessAuthenticationState) Parse(val string) error

Parse attempts to interpret a value as a string representation of a HeadlessAuthenticationState.

func (HeadlessAuthenticationState) String 

func (x HeadlessAuthenticationState) String() string

func (HeadlessAuthenticationState) Stringify 

func (h HeadlessAuthenticationState) Stringify() string

Stringify returns the readable string for a headless authentication state.

type IAMPolicyStatus 

type IAMPolicyStatus int32

IAMPolicyStatus represents states that describe if an AWS database has its IAM policy properly configured or not. This enum is set in a Sync.Map during an IAM task that checks for the validity of IAM policy, and the database gets updated with the value from this map during a heartbeat. 

const (
	// IAM_POLICY_STATUS_UNSPECIFIED represents a zero value where
	// nothing has been attempted yet.
	IAMPolicyStatus_IAM_POLICY_STATUS_UNSPECIFIED IAMPolicyStatus = 0
	// IAM_POLICY_STATUS_PENDING represents a state where iam policy status
	// is pending to be checked. This enum value is set at the start of
	// registering a database -> IAM setup (before the db heartbeat starts).
	//
	// This state was required for two reasons:
	//   1) To be able to tell apart from an older service that do not update
	//      the IAMPolicyStatus (in which case the enum value will remain the
	//      zero value).
	//   2) When starting a database, the heartbeat and its IAM task starts,
	//      and the heartbeat may run first before the IAM task finishes.
	IAMPolicyStatus_IAM_POLICY_STATUS_PENDING IAMPolicyStatus = 1
	// IAM_POLICY_STATUS_FAILED represents a state where an error occured
	// while checking for IAM policy status eg: no AWS credentials provider found
	// or the policy was misconfigured.
	IAMPolicyStatus_IAM_POLICY_STATUS_FAILED IAMPolicyStatus = 2
	// IAM_POLICY_STATUS_SUCCESS represents a state where IAM policy was configured
	// correctly.
	IAMPolicyStatus_IAM_POLICY_STATUS_SUCCESS IAMPolicyStatus = 3
)

func (IAMPolicyStatus) EnumDescriptor 

func (IAMPolicyStatus) EnumDescriptor() ([]byte, []int)

func (*IAMPolicyStatus) MarshalJSON 

func (s *IAMPolicyStatus) MarshalJSON() ([]byte, error)

MarshalJSON supports marshaling enum value into it's string value.

func (IAMPolicyStatus) String 

func (x IAMPolicyStatus) String() string

func (*IAMPolicyStatus) UnmarshalJSON 

func (s *IAMPolicyStatus) UnmarshalJSON(data []byte) error

UnmarshalJSON supports unmarshaling enum string value back to number.

type IdPOptions 

type IdPOptions struct {
	// SAML are options related to the Teleport SAML IdP.
	SAML                 *IdPSAMLOptions `protobuf:"bytes,1,opt,name=SAML,proto3" json:"saml"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

IdPOptions specify options related to access Teleport IdPs.

func (*IdPOptions) Descriptor 

func (*IdPOptions) Descriptor() ([]byte, []int)

func (*IdPOptions) Marshal 

func (m *IdPOptions) Marshal() (dAtA []byte, err error)

func (*IdPOptions) MarshalTo 

func (m *IdPOptions) MarshalTo(dAtA []byte) (int, error)

func (*IdPOptions) MarshalToSizedBuffer 

func (m *IdPOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IdPOptions) ProtoMessage 

func (*IdPOptions) ProtoMessage()

func (*IdPOptions) Reset 

func (m *IdPOptions) Reset()

func (*IdPOptions) Size 

func (m *IdPOptions) Size() (n int)

func (*IdPOptions) String 

func (m *IdPOptions) String() string

func (*IdPOptions) Unmarshal 

func (m *IdPOptions) Unmarshal(dAtA []byte) error

func (*IdPOptions) XXX_DiscardUnknown 

func (m *IdPOptions) XXX_DiscardUnknown()

func (*IdPOptions) XXX_Marshal 

func (m *IdPOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IdPOptions) XXX_Merge 

func (m *IdPOptions) XXX_Merge(src proto.Message)

func (*IdPOptions) XXX_Size 

func (m *IdPOptions) XXX_Size() int

func (*IdPOptions) XXX_Unmarshal 

func (m *IdPOptions) XXX_Unmarshal(b []byte) error

type IdPSAMLOptions 

type IdPSAMLOptions struct {
	// Enabled is set to true if this option allows access to the Teleport SAML IdP.
	Enabled              *BoolOption `protobuf:"bytes,1,opt,name=Enabled,proto3,customtype=BoolOption" json:"enabled"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

IdPSAMLOptions specifies options related to accessing the Teleport SAML IdP.

func (*IdPSAMLOptions) Descriptor 

func (*IdPSAMLOptions) Descriptor() ([]byte, []int)

func (*IdPSAMLOptions) Marshal 

func (m *IdPSAMLOptions) Marshal() (dAtA []byte, err error)

func (*IdPSAMLOptions) MarshalTo 

func (m *IdPSAMLOptions) MarshalTo(dAtA []byte) (int, error)

func (*IdPSAMLOptions) MarshalToSizedBuffer 

func (m *IdPSAMLOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IdPSAMLOptions) ProtoMessage 

func (*IdPSAMLOptions) ProtoMessage()

func (*IdPSAMLOptions) Reset 

func (m *IdPSAMLOptions) Reset()

func (*IdPSAMLOptions) Size 

func (m *IdPSAMLOptions) Size() (n int)

func (*IdPSAMLOptions) String 

func (m *IdPSAMLOptions) String() string

func (*IdPSAMLOptions) Unmarshal 

func (m *IdPSAMLOptions) Unmarshal(dAtA []byte) error

func (*IdPSAMLOptions) XXX_DiscardUnknown 

func (m *IdPSAMLOptions) XXX_DiscardUnknown()

func (*IdPSAMLOptions) XXX_Marshal 

func (m *IdPSAMLOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IdPSAMLOptions) XXX_Merge 

func (m *IdPSAMLOptions) XXX_Merge(src proto.Message)

func (*IdPSAMLOptions) XXX_Size 

func (m *IdPSAMLOptions) XXX_Size() int

func (*IdPSAMLOptions) XXX_Unmarshal 

func (m *IdPSAMLOptions) XXX_Unmarshal(b []byte) error

type IdentityCenterAccountAssignment 

type IdentityCenterAccountAssignment struct {
	PermissionSet        string   `protobuf:"bytes,1,opt,name=PermissionSet,proto3" json:"permission_set,omitempty"`
	Account              string   `protobuf:"bytes,2,opt,name=Account,proto3" json:"account,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

IdentityCenterAccountAssignment captures an AWS Identity Center account assignment (acccount + permission set) pair.

func (*IdentityCenterAccountAssignment) Descriptor 

func (*IdentityCenterAccountAssignment) Descriptor() ([]byte, []int)

func (IdentityCenterAccountAssignment) GetAccount 

func (a IdentityCenterAccountAssignment) GetAccount() string

GetAccount fetches the Account ID from a Role Condition Account Assignment

func (*IdentityCenterAccountAssignment) Marshal 

func (m *IdentityCenterAccountAssignment) Marshal() (dAtA []byte, err error)

func (*IdentityCenterAccountAssignment) MarshalTo 

func (m *IdentityCenterAccountAssignment) MarshalTo(dAtA []byte) (int, error)

func (*IdentityCenterAccountAssignment) MarshalToSizedBuffer 

func (m *IdentityCenterAccountAssignment) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IdentityCenterAccountAssignment) ProtoMessage 

func (*IdentityCenterAccountAssignment) ProtoMessage()

func (*IdentityCenterAccountAssignment) Reset 

func (m *IdentityCenterAccountAssignment) Reset()

func (*IdentityCenterAccountAssignment) Size 

func (m *IdentityCenterAccountAssignment) Size() (n int)

func (*IdentityCenterAccountAssignment) String 

func (m *IdentityCenterAccountAssignment) String() string

func (*IdentityCenterAccountAssignment) Unmarshal 

func (m *IdentityCenterAccountAssignment) Unmarshal(dAtA []byte) error

func (*IdentityCenterAccountAssignment) XXX_DiscardUnknown 

func (m *IdentityCenterAccountAssignment) XXX_DiscardUnknown()

func (*IdentityCenterAccountAssignment) XXX_Marshal 

func (m *IdentityCenterAccountAssignment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IdentityCenterAccountAssignment) XXX_Merge 

func (m *IdentityCenterAccountAssignment) XXX_Merge(src proto.Message)

func (*IdentityCenterAccountAssignment) XXX_Size 

func (m *IdentityCenterAccountAssignment) XXX_Size() int

func (*IdentityCenterAccountAssignment) XXX_Unmarshal 

func (m *IdentityCenterAccountAssignment) XXX_Unmarshal(b []byte) error

type IdentityCenterPermissionSet 

type IdentityCenterPermissionSet struct {
	// ARN is the fully-formed ARN of the Permission Set.
	ARN string `protobuf:"bytes,1,opt,name=ARN,proto3" json:"arn,omitempty"`
	// Name is the human-readable name of the Permission Set.
	Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"name,omitempty"`
	// AssignmentID is the ID of the Teleport Account Assignment resource that
	// represents this permission being assigned on the enclosing Account.
	AssignmentID         string   `protobuf:"bytes,3,opt,name=AssignmentID,proto3" json:"assignment_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

IdentityCenterPermissionSet defines a permission set that is available on an IdentityCenter account app

func (*IdentityCenterPermissionSet) Descriptor 

func (*IdentityCenterPermissionSet) Descriptor() ([]byte, []int)

func (*IdentityCenterPermissionSet) Marshal 

func (m *IdentityCenterPermissionSet) Marshal() (dAtA []byte, err error)

func (*IdentityCenterPermissionSet) MarshalTo 

func (m *IdentityCenterPermissionSet) MarshalTo(dAtA []byte) (int, error)

func (*IdentityCenterPermissionSet) MarshalToSizedBuffer 

func (m *IdentityCenterPermissionSet) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IdentityCenterPermissionSet) ProtoMessage 

func (*IdentityCenterPermissionSet) ProtoMessage()

func (*IdentityCenterPermissionSet) Reset 

func (m *IdentityCenterPermissionSet) Reset()

func (*IdentityCenterPermissionSet) Size 

func (m *IdentityCenterPermissionSet) Size() (n int)

func (*IdentityCenterPermissionSet) String 

func (m *IdentityCenterPermissionSet) String() string

func (*IdentityCenterPermissionSet) Unmarshal 

func (m *IdentityCenterPermissionSet) Unmarshal(dAtA []byte) error

func (*IdentityCenterPermissionSet) XXX_DiscardUnknown 

func (m *IdentityCenterPermissionSet) XXX_DiscardUnknown()

func (*IdentityCenterPermissionSet) XXX_Marshal 

func (m *IdentityCenterPermissionSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IdentityCenterPermissionSet) XXX_Merge 

func (m *IdentityCenterPermissionSet) XXX_Merge(src proto.Message)

func (*IdentityCenterPermissionSet) XXX_Size 

func (m *IdentityCenterPermissionSet) XXX_Size() int

func (*IdentityCenterPermissionSet) XXX_Unmarshal 

func (m *IdentityCenterPermissionSet) XXX_Unmarshal(b []byte) error

type ImpersonateConditions 

type ImpersonateConditions struct {
	// Users is a list of resources this role is allowed to impersonate,
	// could be an empty list or a Wildcard pattern
	Users []string `protobuf:"bytes,1,rep,name=Users,proto3" json:"users,omitempty"`
	// Roles is a list of resources this role is allowed to impersonate
	Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles,omitempty"`
	// Where specifies optional advanced matcher
	Where                string   `protobuf:"bytes,3,opt,name=Where,proto3" json:"where,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ImpersonateConditions specifies whether users are allowed to issue certificates for other users or groups.

func (ImpersonateConditions) CheckAndSetDefaults 

func (i ImpersonateConditions) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*ImpersonateConditions) Descriptor 

func (*ImpersonateConditions) Descriptor() ([]byte, []int)

func (ImpersonateConditions) IsEmpty 

func (i ImpersonateConditions) IsEmpty() bool

IsEmpty returns true if conditions are unspecified

func (*ImpersonateConditions) Marshal 

func (m *ImpersonateConditions) Marshal() (dAtA []byte, err error)

func (*ImpersonateConditions) MarshalTo 

func (m *ImpersonateConditions) MarshalTo(dAtA []byte) (int, error)

func (*ImpersonateConditions) MarshalToSizedBuffer 

func (m *ImpersonateConditions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ImpersonateConditions) ProtoMessage 

func (*ImpersonateConditions) ProtoMessage()

func (*ImpersonateConditions) Reset 

func (m *ImpersonateConditions) Reset()

func (*ImpersonateConditions) Size 

func (m *ImpersonateConditions) Size() (n int)

func (*ImpersonateConditions) String 

func (m *ImpersonateConditions) String() string

func (*ImpersonateConditions) Unmarshal 

func (m *ImpersonateConditions) Unmarshal(dAtA []byte) error

func (*ImpersonateConditions) XXX_DiscardUnknown 

func (m *ImpersonateConditions) XXX_DiscardUnknown()

func (*ImpersonateConditions) XXX_Marshal 

func (m *ImpersonateConditions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ImpersonateConditions) XXX_Merge 

func (m *ImpersonateConditions) XXX_Merge(src proto.Message)

func (*ImpersonateConditions) XXX_Size 

func (m *ImpersonateConditions) XXX_Size() int

func (*ImpersonateConditions) XXX_Unmarshal 

func (m *ImpersonateConditions) XXX_Unmarshal(b []byte) error

type InstallParamEnrollMode 

type InstallParamEnrollMode int32

InstallParamEnrollMode is the mode used to enroll the node into the cluster. 

const (
	// INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED uses the EICE mode for EC2 Matchers with an Integration and SCRIPT mode otherwise.
	InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED InstallParamEnrollMode = 0
	// INSTALL_PARAM_ENROLL_MODE_SCRIPT runs a script on the target host.
	InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_SCRIPT InstallParamEnrollMode = 1
	// INSTALL_PARAM_ENROLL_MODE_EICE uses EC2 Instance Connect Endpoint to access the node and DiscoveryService handles the heartbeat.
	// Only available for AWS EC2 instances.
	InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_EICE InstallParamEnrollMode = 2
)

func (InstallParamEnrollMode) EnumDescriptor 

func (InstallParamEnrollMode) EnumDescriptor() ([]byte, []int)

func (InstallParamEnrollMode) String 

func (x InstallParamEnrollMode) String() string

type Installer 

type Installer interface {
	Resource

	// GetScript returns the contents of the installer script
	GetScript() string
	// SetScript sets the installer script
	SetScript(string)

	String() string

	// Clone returns a copy of the installer.
	Clone() Installer
}

Installer is an installer script resource

type InstallerParams 

type InstallerParams struct {
	// JoinMethod is the method to use when joining the cluster
	JoinMethod JoinMethod `protobuf:"bytes,1,opt,name=JoinMethod,proto3,casttype=JoinMethod" json:"join_method"`
	// JoinToken is the token to use when joining the cluster
	JoinToken string `protobuf:"bytes,2,opt,name=JoinToken,proto3" json:"join_token"`
	// ScriptName is the name of the teleport installer script
	// resource for the cloud instance to execute
	ScriptName string `protobuf:"bytes,3,opt,name=ScriptName,proto3" json:"script_name,omitempty"`
	// InstallTeleport disables agentless discovery
	InstallTeleport bool `protobuf:"varint,4,opt,name=InstallTeleport,proto3" json:"install_teleport,omitempty"`
	// SSHDConfig provides the path to write sshd configuration changes
	SSHDConfig string `protobuf:"bytes,5,opt,name=SSHDConfig,proto3" json:"sshd_config,omitempty"`
	// PublicProxyAddr is the address of the proxy the discovered node should use
	// to connect to the cluster.
	PublicProxyAddr string `protobuf:"bytes,6,opt,name=PublicProxyAddr,proto3" json:"proxy_addr,omitempty"`
	// Azure is the set of Azure-specific installation parameters.
	Azure *AzureInstallerParams `protobuf:"bytes,7,opt,name=Azure,proto3" json:"azure,omitempty"`
	// EnrollMode indicates the enrollment mode to be used when adding a node.
	// Valid values:
	// 0: uses eice for EC2 matchers which use an integration and script for all the other methods
	// 1: uses script mode
	// 2: uses eice mode
	EnrollMode           InstallParamEnrollMode `protobuf:"varint,8,opt,name=EnrollMode,proto3,enum=types.InstallParamEnrollMode" json:"enroll_mode,omitempty"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

InstallParams sets join method to use on discovered nodes

func (*InstallerParams) Descriptor 

func (*InstallerParams) Descriptor() ([]byte, []int)

func (*InstallerParams) Marshal 

func (m *InstallerParams) Marshal() (dAtA []byte, err error)

func (*InstallerParams) MarshalTo 

func (m *InstallerParams) MarshalTo(dAtA []byte) (int, error)

func (*InstallerParams) MarshalToSizedBuffer 

func (m *InstallerParams) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*InstallerParams) ProtoMessage 

func (*InstallerParams) ProtoMessage()

func (*InstallerParams) Reset 

func (m *InstallerParams) Reset()

func (*InstallerParams) Size 

func (m *InstallerParams) Size() (n int)

func (*InstallerParams) String 

func (m *InstallerParams) String() string

func (*InstallerParams) Unmarshal 

func (m *InstallerParams) Unmarshal(dAtA []byte) error

func (*InstallerParams) XXX_DiscardUnknown 

func (m *InstallerParams) XXX_DiscardUnknown()

func (*InstallerParams) XXX_Marshal 

func (m *InstallerParams) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InstallerParams) XXX_Merge 

func (m *InstallerParams) XXX_Merge(src proto.Message)

func (*InstallerParams) XXX_Size 

func (m *InstallerParams) XXX_Size() int

func (*InstallerParams) XXX_Unmarshal 

func (m *InstallerParams) XXX_Unmarshal(b []byte) error

type InstallerSpecV1 

type InstallerSpecV1 struct {
	// Script represents the contents of a installer shell script
	Script               string   `protobuf:"bytes,1,opt,name=Script,proto3" json:"script"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

InstallerSpecV1 is the specification for an Installer

func (*InstallerSpecV1) Descriptor 

func (*InstallerSpecV1) Descriptor() ([]byte, []int)

func (*InstallerSpecV1) Marshal 

func (m *InstallerSpecV1) Marshal() (dAtA []byte, err error)

func (*InstallerSpecV1) MarshalTo 

func (m *InstallerSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*InstallerSpecV1) MarshalToSizedBuffer 

func (m *InstallerSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*InstallerSpecV1) ProtoMessage 

func (*InstallerSpecV1) ProtoMessage()

func (*InstallerSpecV1) Reset 

func (m *InstallerSpecV1) Reset()

func (*InstallerSpecV1) Size 

func (m *InstallerSpecV1) Size() (n int)

func (*InstallerSpecV1) String 

func (m *InstallerSpecV1) String() string

func (*InstallerSpecV1) Unmarshal 

func (m *InstallerSpecV1) Unmarshal(dAtA []byte) error

func (*InstallerSpecV1) XXX_DiscardUnknown 

func (m *InstallerSpecV1) XXX_DiscardUnknown()

func (*InstallerSpecV1) XXX_Marshal 

func (m *InstallerSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InstallerSpecV1) XXX_Merge 

func (m *InstallerSpecV1) XXX_Merge(src proto.Message)

func (*InstallerSpecV1) XXX_Size 

func (m *InstallerSpecV1) XXX_Size() int

func (*InstallerSpecV1) XXX_Unmarshal 

func (m *InstallerSpecV1) XXX_Unmarshal(b []byte) error

type InstallerV1 

type InstallerV1 struct {
	// Kind is the resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind. Currently unused for this resource.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the resource spec.
	Spec                 InstallerSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

InstallerV1 represents an installer script resource. Used to provide a script to install teleport on discovered nodes.

func MustNewInstallerV1 

func MustNewInstallerV1(name, script string) *InstallerV1

MustNewInstallerV1 creates a new installer resource from the provided script.

Panics in case of any error when creating the resource.

func NewInstallerV1 

func NewInstallerV1(name, script string) (*InstallerV1, error)

NewInstallerV1 returns a new installer resource

func (*InstallerV1) CheckAndSetDefaults 

func (c *InstallerV1) CheckAndSetDefaults() error

CheckAndSetDefaults implements Installer

func (*InstallerV1) Clone 

func (c *InstallerV1) Clone() Installer

Clone returns a copy of the installer.

func (*InstallerV1) Descriptor 

func (*InstallerV1) Descriptor() ([]byte, []int)

func (*InstallerV1) Expiry 

func (c *InstallerV1) Expiry() time.Time

Expiry returns object expiry setting.

func (*InstallerV1) GetKind 

func (c *InstallerV1) GetKind() string

GetKind returns resource kind.

func (*InstallerV1) GetMetadata 

func (c *InstallerV1) GetMetadata() Metadata

GetMetadata returns object metadata.

func (*InstallerV1) GetName 

func (c *InstallerV1) GetName() string

GetName returns the name of the resource.

func (*InstallerV1) GetRevision 

func (c *InstallerV1) GetRevision() string

GetRevision returns the revision

func (*InstallerV1) GetScript 

func (c *InstallerV1) GetScript() string

func (*InstallerV1) GetSubKind 

func (c *InstallerV1) GetSubKind() string

GetSubKind returns resource subkind.

func (*InstallerV1) GetVersion 

func (c *InstallerV1) GetVersion() string

GetVersion returns resource version.

func (*InstallerV1) Marshal 

func (m *InstallerV1) Marshal() (dAtA []byte, err error)

func (*InstallerV1) MarshalTo 

func (m *InstallerV1) MarshalTo(dAtA []byte) (int, error)

func (*InstallerV1) MarshalToSizedBuffer 

func (m *InstallerV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*InstallerV1) ProtoMessage 

func (*InstallerV1) ProtoMessage()

func (*InstallerV1) Reset 

func (m *InstallerV1) Reset()

func (*InstallerV1) SetExpiry 

func (c *InstallerV1) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object.

func (*InstallerV1) SetName 

func (c *InstallerV1) SetName(e string)

SetName sets the name of the resource.

func (*InstallerV1) SetRevision 

func (c *InstallerV1) SetRevision(rev string)

SetRevision sets the revision

func (*InstallerV1) SetScript 

func (c *InstallerV1) SetScript(s string)

func (*InstallerV1) SetSubKind 

func (c *InstallerV1) SetSubKind(sk string)

SetSubKind sets resource subkind.

func (*InstallerV1) Size 

func (m *InstallerV1) Size() (n int)

func (*InstallerV1) String 

func (m *InstallerV1) String() string

func (*InstallerV1) Unmarshal 

func (m *InstallerV1) Unmarshal(dAtA []byte) error

func (*InstallerV1) XXX_DiscardUnknown 

func (m *InstallerV1) XXX_DiscardUnknown()

func (*InstallerV1) XXX_Marshal 

func (m *InstallerV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InstallerV1) XXX_Merge 

func (m *InstallerV1) XXX_Merge(src proto.Message)

func (*InstallerV1) XXX_Size 

func (m *InstallerV1) XXX_Size() int

func (*InstallerV1) XXX_Unmarshal 

func (m *InstallerV1) XXX_Unmarshal(b []byte) error

type InstallerV1List 

type InstallerV1List struct {
	// Installers is a list of installer resources.
	Installers           []*InstallerV1 `protobuf:"bytes,1,rep,name=installers,proto3" json:"installers,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

InstallerV1List represents a list of installer resources.

func (*InstallerV1List) Descriptor 

func (*InstallerV1List) Descriptor() ([]byte, []int)

func (*InstallerV1List) Marshal 

func (m *InstallerV1List) Marshal() (dAtA []byte, err error)

func (*InstallerV1List) MarshalTo 

func (m *InstallerV1List) MarshalTo(dAtA []byte) (int, error)

func (*InstallerV1List) MarshalToSizedBuffer 

func (m *InstallerV1List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*InstallerV1List) ProtoMessage 

func (*InstallerV1List) ProtoMessage()

func (*InstallerV1List) Reset 

func (m *InstallerV1List) Reset()

func (*InstallerV1List) Size 

func (m *InstallerV1List) Size() (n int)

func (*InstallerV1List) String 

func (m *InstallerV1List) String() string

func (*InstallerV1List) Unmarshal 

func (m *InstallerV1List) Unmarshal(dAtA []byte) error

func (*InstallerV1List) XXX_DiscardUnknown 

func (m *InstallerV1List) XXX_DiscardUnknown()

func (*InstallerV1List) XXX_Marshal 

func (m *InstallerV1List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InstallerV1List) XXX_Merge 

func (m *InstallerV1List) XXX_Merge(src proto.Message)

func (*InstallerV1List) XXX_Size 

func (m *InstallerV1List) XXX_Size() int

func (*InstallerV1List) XXX_Unmarshal 

func (m *InstallerV1List) XXX_Unmarshal(b []byte) error

type Instance 

type Instance interface {
	Resource

	// GetTeleportVersion gets the teleport version reported by the instance.
	GetTeleportVersion() string

	// GetServices gets the running services reported by the instance. This list is not
	// guaranteed to consist only of valid teleport services. Invalid/unexpected services
	// should be ignored.
	GetServices() []SystemRole

	// HasService checks if this instance advertises the specified service.
	HasService(SystemRole) bool

	// GetHostname gets the hostname reported by the instance.
	GetHostname() string

	// GetAuthID gets the server ID of the auth server that most recently reported
	// having observed this instance.
	GetAuthID() string

	// GetLastSeen gets the most recent time that an auth server reported having
	// seen this instance.
	GetLastSeen() time.Time

	// SetLastSeen sets the most recent time that an auth server reported having
	// seen this instance. Generally, if this value is being updated, the caller
	// should follow up by calling SyncLogAndResourceExpiry so that the control log
	// and resource-level expiry values can be reevaluated.
	SetLastSeen(time.Time)

	// GetExternalUpgrader gets the upgrader value as represented in the most recent
	// hello message from this instance. This value corresponds to the TELEPORT_EXT_UPGRADER
	// env var that is set when agents are configured to export schedule values to external
	// upgraders.
	GetExternalUpgrader() string

	// GetExternalUpgraderVersion gets the reported upgrader version. This value corresponds
	// to the TELEPORT_EXT_UPGRADER_VERSION env var that is set when agents are configured.
	GetExternalUpgraderVersion() string

	// SyncLogAndResourceExpiry filters expired entries from the control log and updates
	// the resource-level expiry. All calculations are performed relative to the value of
	// the LastSeen field, and the supplied TTL is used only as a default. The actual TTL
	// of an instance resource may be longer than the supplied TTL if one or more control
	// log entries use a custom TTL.
	SyncLogAndResourceExpiry(ttl time.Duration)

	// GetControlLog gets the instance control log entries associated with this instance.
	// The control log is a log of recent events related to an auth server's administration
	// of an instance's state. Auth servers generally ensure that they have successfully
	// written to the log *prior* to actually attempting the planned action. As a result,
	// the log may contain things that never actually happened.
	GetControlLog() []InstanceControlLogEntry

	// AppendControlLog appends entries to the control log. The control log is sorted by time,
	// so appends do not need to be performed in any particular order.
	AppendControlLog(entries ...InstanceControlLogEntry)

	// GetLastMeasurement returns information about the system clocks of the auth service and
	// another instance.
	GetLastMeasurement() *SystemClockMeasurement

	// GetUpdaterInfo returns information about the instance updater.
	GetUpdaterInfo() *UpdaterV2Info

	// Clone performs a deep copy on this instance.
	Clone() Instance
}

Instance describes the configuration/status of a unique teleport server identity. Each instance may be running one or more teleport services, and may have multiple processes associated with it.

func NewInstance 

func NewInstance(serverID string, spec InstanceSpecV1) (Instance, error)

NewInstance assembles a new instance resource.

type InstanceControlLogEntry 

type InstanceControlLogEntry struct {
	// Type represents the type of control log entry this is (e.g. 'upgrade-attempt').
	Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type,omitempty"`
	// ID is a random identifier used to assist in uniquely identifying entries. This value may
	// be unique, or it may be used to associate a collection of related entries (e.g. an upgrade
	// attempt entry may use the same ID as an associated upgrade failure entry if appropriate).
	ID uint64 `protobuf:"varint,2,opt,name=ID,proto3" json:"id,omitempty"`
	// Time is the time at which the event represented by this entry occurred (used in determining
	// ordering and expiry).
	Time time.Time `protobuf:"bytes,3,opt,name=Time,proto3,stdtime" json:"time,omitempty"`
	// TTL is an optional custom time to live for this control log entry. Some control log entries
	// (e.g. an upgrade failure) may require longer than normal TTLs in order to ensure visibility.
	// If a log entry's TTL results in it having an intended expiry further in the future than the
	// expiry of the enclosing Instance resource, the instance resource's expiry will be bumped
	// to accommodate preservation of the log. Because of this fact, custom entry TTLs should be
	// used sparingly, as excess usage could result in unexpected backend growth for high churn
	// clusters.
	TTL time.Duration `protobuf:"varint,4,opt,name=TTL,proto3,casttype=time.Duration" json:"ttl,omitempty"`
	// Labels is an arbitrary collection of key-value pairs. The expected labels are determined by the
	// type of the entry. Use of labels is preferable to adding new fields in some cases in order to
	// preserve fields across auth downgrades (this is mostly relevant for the version-control system).
	Labels               map[string]string `` /* 153-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

InstanceControlLogEntry represents an entry in a given instance's control log. The control log of an instance is protected by CompareAndSwap semantics, allowing entries to function as a means of synchronization as well as recordkeeping. For example, an Auth Service instance intending to trigger an upgrade for a given instance can check its control log for 'upgrade-attempt' entries. If no such entry exists, it can attempt to write an 'upgrade-attempt' entry of its own. If that entry successfully writes without hitting a CompareFailed, the Auth Service instance knows that no other Auth Service instances will make concurrent upgrade attempts while that entry persists.

NOTE: Due to resource size and backend throughput limitations, care should be taken to minimize the use and size of instance control log entries.

func (*InstanceControlLogEntry) Clone 

func (e *InstanceControlLogEntry) Clone() InstanceControlLogEntry

func (*InstanceControlLogEntry) Descriptor 

func (*InstanceControlLogEntry) Descriptor() ([]byte, []int)

func (*InstanceControlLogEntry) Marshal 

func (m *InstanceControlLogEntry) Marshal() (dAtA []byte, err error)

func (*InstanceControlLogEntry) MarshalTo 

func (m *InstanceControlLogEntry) MarshalTo(dAtA []byte) (int, error)

func (*InstanceControlLogEntry) MarshalToSizedBuffer 

func (m *InstanceControlLogEntry) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*InstanceControlLogEntry) ProtoMessage 

func (*InstanceControlLogEntry) ProtoMessage()

func (*InstanceControlLogEntry) Reset 

func (m *InstanceControlLogEntry) Reset()

func (*InstanceControlLogEntry) Size 

func (m *InstanceControlLogEntry) Size() (n int)

func (*InstanceControlLogEntry) String 

func (m *InstanceControlLogEntry) String() string

func (*InstanceControlLogEntry) Unmarshal 

func (m *InstanceControlLogEntry) Unmarshal(dAtA []byte) error

func (*InstanceControlLogEntry) XXX_DiscardUnknown 

func (m *InstanceControlLogEntry) XXX_DiscardUnknown()

func (*InstanceControlLogEntry) XXX_Marshal 

func (m *InstanceControlLogEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InstanceControlLogEntry) XXX_Merge 

func (m *InstanceControlLogEntry) XXX_Merge(src proto.Message)

func (*InstanceControlLogEntry) XXX_Size 

func (m *InstanceControlLogEntry) XXX_Size() int

func (*InstanceControlLogEntry) XXX_Unmarshal 

func (m *InstanceControlLogEntry) XXX_Unmarshal(b []byte) error

type InstanceFilter 

type InstanceFilter struct {
	// ServerID matches exactly one instance by server ID if specified.
	ServerID string `protobuf:"bytes,1,opt,name=ServerID,proto3" json:"ServerID,omitempty"`
	// Version matches instance version if specified.
	Version string `protobuf:"bytes,2,opt,name=Version,proto3" json:"Version,omitempty"`
	// Services matches the instance services if specified. Note that this field matches all instances which
	// expose *at least* one of the listed services. This is in contrast to service matching in version
	// directives which match instances that expose a *at most* the listed services.
	Services []SystemRole `protobuf:"bytes,3,rep,name=Services,proto3,casttype=SystemRole" json:"Services,omitempty"`
	// ExternalUpgrader matches instance upgrader if specified.
	ExternalUpgrader string `protobuf:"bytes,4,opt,name=ExternalUpgrader,proto3" json:"ExternalUpgrader,omitempty"`
	// NoExtUpgrader explicitly matches instances for which no upgrader is defined.
	NoExtUpgrader bool `protobuf:"varint,5,opt,name=NoExtUpgrader,proto3" json:"NoExtUpgrader,omitempty"`
	// OlderThanVersion is an optional exclusive upper version bound.
	OlderThanVersion string `protobuf:"bytes,6,opt,name=OlderThanVersion,proto3" json:"OlderThanVersion,omitempty"`
	// NewerThanVersion is an optional exclusive lower version bound.
	NewerThanVersion string `protobuf:"bytes,7,opt,name=NewerThanVersion,proto3" json:"NewerThanVersion,omitempty"`
	// UpdateGroup matches instance update group if specified.
	UpdateGroup          string   `protobuf:"bytes,8,opt,name=UpdateGroup,proto3" json:"UpdateGroup,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

InstanceFilter matches instance resources.

func (*InstanceFilter) Descriptor 

func (*InstanceFilter) Descriptor() ([]byte, []int)

func (*InstanceFilter) Marshal 

func (m *InstanceFilter) Marshal() (dAtA []byte, err error)

func (*InstanceFilter) MarshalTo 

func (m *InstanceFilter) MarshalTo(dAtA []byte) (int, error)

func (*InstanceFilter) MarshalToSizedBuffer 

func (m *InstanceFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (InstanceFilter) Match 

func (f InstanceFilter) Match(i Instance) bool

Match checks if the given instance appears to match this filter.

func (*InstanceFilter) ProtoMessage 

func (*InstanceFilter) ProtoMessage()

func (*InstanceFilter) Reset 

func (m *InstanceFilter) Reset()

func (*InstanceFilter) Size 

func (m *InstanceFilter) Size() (n int)

func (*InstanceFilter) String 

func (m *InstanceFilter) String() string

func (*InstanceFilter) Unmarshal 

func (m *InstanceFilter) Unmarshal(dAtA []byte) error

func (*InstanceFilter) XXX_DiscardUnknown 

func (m *InstanceFilter) XXX_DiscardUnknown()

func (*InstanceFilter) XXX_Marshal 

func (m *InstanceFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InstanceFilter) XXX_Merge 

func (m *InstanceFilter) XXX_Merge(src proto.Message)

func (*InstanceFilter) XXX_Size 

func (m *InstanceFilter) XXX_Size() int

func (*InstanceFilter) XXX_Unmarshal 

func (m *InstanceFilter) XXX_Unmarshal(b []byte) error

type InstanceMetadataType 

type InstanceMetadataType string

InstanceMetadataType is the type of cloud instance metadata client. 

const (
	InstanceMetadataTypeDisabled InstanceMetadataType = "disabled"
	InstanceMetadataTypeEC2      InstanceMetadataType = "EC2"
	InstanceMetadataTypeAzure    InstanceMetadataType = "Azure"
	InstanceMetadataTypeGCP      InstanceMetadataType = "GCP"
	InstanceMetadataTypeOracle   InstanceMetadataType = "Oracle"
)

type InstanceSpecV1 

type InstanceSpecV1 struct {
	// Version is the version of teleport this instance most recently advertised.
	Version string `protobuf:"bytes,1,opt,name=Version,proto3" json:"version,omitempty"`
	// Services is the list of active services this instance most recently advertised.
	Services []SystemRole `protobuf:"bytes,2,rep,name=Services,proto3,casttype=SystemRole" json:"services,omitempty"`
	// Hostname is the hostname this instance most recently advertised.
	Hostname string `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname,omitempty"`
	// AuthID is the ID of the Auth Service that most recently observed this instance.
	AuthID string `protobuf:"bytes,4,opt,name=AuthID,proto3" json:"auth_id,omitempty"`
	// LastSeen is the last time an Auth Service server reported observing this instance.
	LastSeen time.Time `protobuf:"bytes,5,opt,name=LastSeen,proto3,stdtime" json:"last_seen,omitempty"`
	// ControlLog is the log of recent important instance control events related to this instance. See comments
	// on the InstanceControlLogEntry type for details.
	ControlLog []InstanceControlLogEntry `protobuf:"bytes,6,rep,name=ControlLog,proto3" json:"control_log,omitempty"`
	// ExternalUpgrader identifies the external upgrader that the instance is configured to
	// export schedules to (e.g. 'kube'). Empty if no upgrader is defined.
	ExternalUpgrader string `protobuf:"bytes,7,opt,name=ExternalUpgrader,proto3" json:"ext_upgrader,omitempty"`
	// ExternalUpgraderVersion identifies the external upgrader version. Empty if no upgrader is defined.
	ExternalUpgraderVersion string `protobuf:"bytes,8,opt,name=ExternalUpgraderVersion,proto3" json:"ext_upgrader_version,omitempty"`
	// LastMeasurement stores information about the latest measurement between services.
	LastMeasurement *SystemClockMeasurement `protobuf:"bytes,9,opt,name=LastMeasurement,proto3" json:"LastMeasurement,omitempty"`
	// UpdaterInfo stores information about how the Teleport updater is doing.
	UpdaterInfo          *UpdaterV2Info `protobuf:"bytes,10,opt,name=UpdaterInfo,proto3" json:"UpdaterInfo,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

func (*InstanceSpecV1) Descriptor 

func (*InstanceSpecV1) Descriptor() ([]byte, []int)

func (*InstanceSpecV1) Marshal 

func (m *InstanceSpecV1) Marshal() (dAtA []byte, err error)

func (*InstanceSpecV1) MarshalTo 

func (m *InstanceSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*InstanceSpecV1) MarshalToSizedBuffer 

func (m *InstanceSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*InstanceSpecV1) ProtoMessage 

func (*InstanceSpecV1) ProtoMessage()

func (*InstanceSpecV1) Reset 

func (m *InstanceSpecV1) Reset()

func (*InstanceSpecV1) Size 

func (m *InstanceSpecV1) Size() (n int)

func (*InstanceSpecV1) String 

func (m *InstanceSpecV1) String() string

func (*InstanceSpecV1) Unmarshal 

func (m *InstanceSpecV1) Unmarshal(dAtA []byte) error

func (*InstanceSpecV1) XXX_DiscardUnknown 

func (m *InstanceSpecV1) XXX_DiscardUnknown()

func (*InstanceSpecV1) XXX_Marshal 

func (m *InstanceSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InstanceSpecV1) XXX_Merge 

func (m *InstanceSpecV1) XXX_Merge(src proto.Message)

func (*InstanceSpecV1) XXX_Size 

func (m *InstanceSpecV1) XXX_Size() int

func (*InstanceSpecV1) XXX_Unmarshal 

func (m *InstanceSpecV1) XXX_Unmarshal(b []byte) error

type InstanceV1 

type InstanceV1 struct {
	ResourceHeader       `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	Spec                 InstanceSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

InstanceV1 represents the state of a running teleport instance independent of the specific services that instance exposes.

func (*InstanceV1) AppendControlLog 

func (i *InstanceV1) AppendControlLog(entries ...InstanceControlLogEntry)

func (*InstanceV1) CheckAndSetDefaults 

func (i *InstanceV1) CheckAndSetDefaults() error

func (*InstanceV1) Clone 

func (i *InstanceV1) Clone() Instance

func (*InstanceV1) Descriptor 

func (*InstanceV1) Descriptor() ([]byte, []int)

func (*InstanceV1) GetAuthID 

func (i *InstanceV1) GetAuthID() string

func (*InstanceV1) GetControlLog 

func (i *InstanceV1) GetControlLog() []InstanceControlLogEntry

func (*InstanceV1) GetExternalUpgrader 

func (i *InstanceV1) GetExternalUpgrader() string

func (*InstanceV1) GetExternalUpgraderVersion 

func (i *InstanceV1) GetExternalUpgraderVersion() string

func (*InstanceV1) GetHostname 

func (i *InstanceV1) GetHostname() string

func (*InstanceV1) GetLastMeasurement 

func (i *InstanceV1) GetLastMeasurement() *SystemClockMeasurement

func (*InstanceV1) GetLastSeen 

func (i *InstanceV1) GetLastSeen() time.Time

func (*InstanceV1) GetServices 

func (i *InstanceV1) GetServices() []SystemRole

func (*InstanceV1) GetTeleportVersion 

func (i *InstanceV1) GetTeleportVersion() string

func (*InstanceV1) GetUpdaterInfo 

func (i *InstanceV1) GetUpdaterInfo() *UpdaterV2Info

func (*InstanceV1) HasService 

func (i *InstanceV1) HasService(s SystemRole) bool

func (*InstanceV1) Marshal 

func (m *InstanceV1) Marshal() (dAtA []byte, err error)

func (*InstanceV1) MarshalTo 

func (m *InstanceV1) MarshalTo(dAtA []byte) (int, error)

func (*InstanceV1) MarshalToSizedBuffer 

func (m *InstanceV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*InstanceV1) ProtoMessage 

func (*InstanceV1) ProtoMessage()

func (*InstanceV1) Reset 

func (m *InstanceV1) Reset()

func (*InstanceV1) SetLastSeen 

func (i *InstanceV1) SetLastSeen(t time.Time)

func (*InstanceV1) Size 

func (m *InstanceV1) Size() (n int)

func (*InstanceV1) String 

func (m *InstanceV1) String() string

func (*InstanceV1) SyncLogAndResourceExpiry 

func (i *InstanceV1) SyncLogAndResourceExpiry(ttl time.Duration)

func (*InstanceV1) Unmarshal 

func (m *InstanceV1) Unmarshal(dAtA []byte) error

func (*InstanceV1) XXX_DiscardUnknown 

func (m *InstanceV1) XXX_DiscardUnknown()

func (*InstanceV1) XXX_Marshal 

func (m *InstanceV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InstanceV1) XXX_Merge 

func (m *InstanceV1) XXX_Merge(src proto.Message)

func (*InstanceV1) XXX_Size 

func (m *InstanceV1) XXX_Size() int

func (*InstanceV1) XXX_Unmarshal 

func (m *InstanceV1) XXX_Unmarshal(b []byte) error

type Integration 

type Integration interface {
	ResourceWithLabels

	// CanChangeStateTo checks if the current Integration can be updated for the provided integration.
	CanChangeStateTo(Integration) error

	// GetAWSOIDCIntegrationSpec returns the `aws-oidc` spec fields.
	GetAWSOIDCIntegrationSpec() *AWSOIDCIntegrationSpecV1
	// SetAWSOIDCIntegrationSpec sets the `aws-oidc` spec fields.
	SetAWSOIDCIntegrationSpec(*AWSOIDCIntegrationSpecV1)
	// SetAWSOIDCRoleARN sets the RoleARN of the AWS OIDC Spec.
	SetAWSOIDCRoleARN(string)
	// SetAWSOIDCIssuerS3URI sets the IssuerS3URI of the AWS OIDC Spec.
	// Eg, s3://my-bucket/my-prefix
	SetAWSOIDCIssuerS3URI(string)

	// GetAzureOIDCIntegrationSpec returns the `azure-oidc` spec fields.
	GetAzureOIDCIntegrationSpec() *AzureOIDCIntegrationSpecV1

	// GetGitHubIntegrationSpec returns the GitHub spec.
	GetGitHubIntegrationSpec() *GitHubIntegrationSpecV1
	// SetGitHubIntegrationSpec returns the GitHub spec.
	SetGitHubIntegrationSpec(*GitHubIntegrationSpecV1)

	// GetAWSRolesAnywhereIntegrationSpec returns the `aws-ra` spec fields.
	GetAWSRolesAnywhereIntegrationSpec() *AWSRAIntegrationSpecV1
	// SetAWSRolesAnywhereIntegrationSpec sets the `aws-ra` spec fields.
	SetAWSRolesAnywhereIntegrationSpec(*AWSRAIntegrationSpecV1)

	// SetCredentials updates credentials.
	SetCredentials(creds PluginCredentials) error
	// GetCredentials retrieves credentials.
	GetCredentials() PluginCredentials
	// WithoutCredentials returns a copy without credentials.
	WithoutCredentials() Integration
	// Clone returns a copy of the integration.
	Clone() Integration
}

Integration specifies is a connection configuration between Teleport and a 3rd party system.

type IntegrationSpecV1 

type IntegrationSpecV1 struct {
	// Types that are valid to be assigned to SubKindSpec:
	//
	//	*IntegrationSpecV1_AWSOIDC
	//	*IntegrationSpecV1_AzureOIDC
	//	*IntegrationSpecV1_GitHub
	//	*IntegrationSpecV1_AWSRA
	SubKindSpec isIntegrationSpecV1_SubKindSpec `protobuf_oneof:"SubKindSpec"`
	// Credentials contains credentials for the integration.
	Credentials          *PluginCredentialsV1 `protobuf:"bytes,4,opt,name=credentials,proto3" json:"credentials,omitempty"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

IntegrationSpecV1 contains properties of all the supported integrations.

func (*IntegrationSpecV1) CheckAndSetDefaults 

func (s *IntegrationSpecV1) CheckAndSetDefaults() error

CheckAndSetDefaults validates and sets default values for a integration.

func (*IntegrationSpecV1) Descriptor 

func (*IntegrationSpecV1) Descriptor() ([]byte, []int)

func (*IntegrationSpecV1) GetAWSOIDC 

func (m *IntegrationSpecV1) GetAWSOIDC() *AWSOIDCIntegrationSpecV1

func (*IntegrationSpecV1) GetAWSRA 

func (m *IntegrationSpecV1) GetAWSRA() *AWSRAIntegrationSpecV1

func (*IntegrationSpecV1) GetAzureOIDC 

func (m *IntegrationSpecV1) GetAzureOIDC() *AzureOIDCIntegrationSpecV1

func (*IntegrationSpecV1) GetGitHub 

func (m *IntegrationSpecV1) GetGitHub() *GitHubIntegrationSpecV1

func (*IntegrationSpecV1) GetSubKindSpec 

func (m *IntegrationSpecV1) GetSubKindSpec() isIntegrationSpecV1_SubKindSpec

func (*IntegrationSpecV1) Marshal 

func (m *IntegrationSpecV1) Marshal() (dAtA []byte, err error)

func (*IntegrationSpecV1) MarshalTo 

func (m *IntegrationSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*IntegrationSpecV1) MarshalToSizedBuffer 

func (m *IntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IntegrationSpecV1) ProtoMessage 

func (*IntegrationSpecV1) ProtoMessage()

func (*IntegrationSpecV1) Reset 

func (m *IntegrationSpecV1) Reset()

func (*IntegrationSpecV1) Size 

func (m *IntegrationSpecV1) Size() (n int)

func (*IntegrationSpecV1) String 

func (m *IntegrationSpecV1) String() string

func (*IntegrationSpecV1) Unmarshal 

func (m *IntegrationSpecV1) Unmarshal(dAtA []byte) error

func (*IntegrationSpecV1) XXX_DiscardUnknown 

func (m *IntegrationSpecV1) XXX_DiscardUnknown()

func (*IntegrationSpecV1) XXX_Marshal 

func (m *IntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IntegrationSpecV1) XXX_Merge 

func (m *IntegrationSpecV1) XXX_Merge(src proto.Message)

func (*IntegrationSpecV1) XXX_OneofWrappers 

func (*IntegrationSpecV1) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*IntegrationSpecV1) XXX_Size 

func (m *IntegrationSpecV1) XXX_Size() int

func (*IntegrationSpecV1) XXX_Unmarshal 

func (m *IntegrationSpecV1) XXX_Unmarshal(b []byte) error

type IntegrationSpecV1_AWSOIDC 

type IntegrationSpecV1_AWSOIDC struct {
	AWSOIDC *AWSOIDCIntegrationSpecV1 `protobuf:"bytes,1,opt,name=AWSOIDC,proto3,oneof" json:"aws_oidc,omitempty"`
}

func (*IntegrationSpecV1_AWSOIDC) CheckAndSetDefaults 

func (s *IntegrationSpecV1_AWSOIDC) CheckAndSetDefaults() error

CheckAndSetDefaults validates the configuration for AWS OIDC integration subkind.

func (*IntegrationSpecV1_AWSOIDC) MarshalTo 

func (m *IntegrationSpecV1_AWSOIDC) MarshalTo(dAtA []byte) (int, error)

func (*IntegrationSpecV1_AWSOIDC) MarshalToSizedBuffer 

func (m *IntegrationSpecV1_AWSOIDC) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IntegrationSpecV1_AWSOIDC) Size 

func (m *IntegrationSpecV1_AWSOIDC) Size() (n int)

func (*IntegrationSpecV1_AWSOIDC) ValidateAudience 

func (s *IntegrationSpecV1_AWSOIDC) ValidateAudience() error

ValidateAudience validates if the audience field is configured with a supported audience value.

type IntegrationSpecV1_AWSRA 

type IntegrationSpecV1_AWSRA struct {
	AWSRA *AWSRAIntegrationSpecV1 `protobuf:"bytes,5,opt,name=AWSRA,proto3,oneof" json:"aws_ra,omitempty"`
}

func (*IntegrationSpecV1_AWSRA) CheckAndSetDefaults 

func (s *IntegrationSpecV1_AWSRA) CheckAndSetDefaults() error

CheckAndSetDefaults validates the configuration for AWS IAM Roles Anywhere integration subkind.

func (*IntegrationSpecV1_AWSRA) MarshalTo 

func (m *IntegrationSpecV1_AWSRA) MarshalTo(dAtA []byte) (int, error)

func (*IntegrationSpecV1_AWSRA) MarshalToSizedBuffer 

func (m *IntegrationSpecV1_AWSRA) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IntegrationSpecV1_AWSRA) Size 

func (m *IntegrationSpecV1_AWSRA) Size() (n int)

type IntegrationSpecV1_AzureOIDC 

type IntegrationSpecV1_AzureOIDC struct {
	AzureOIDC *AzureOIDCIntegrationSpecV1 `protobuf:"bytes,2,opt,name=AzureOIDC,proto3,oneof" json:"azure_oidc,omitempty"`
}

func (*IntegrationSpecV1_AzureOIDC) MarshalTo 

func (m *IntegrationSpecV1_AzureOIDC) MarshalTo(dAtA []byte) (int, error)

func (*IntegrationSpecV1_AzureOIDC) MarshalToSizedBuffer 

func (m *IntegrationSpecV1_AzureOIDC) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IntegrationSpecV1_AzureOIDC) Size 

func (m *IntegrationSpecV1_AzureOIDC) Size() (n int)

func (*IntegrationSpecV1_AzureOIDC) Validate 

func (s *IntegrationSpecV1_AzureOIDC) Validate() error

Validate validates the configuration for Azure OIDC integration subkind.

type IntegrationSpecV1_GitHub 

type IntegrationSpecV1_GitHub struct {
	GitHub *GitHubIntegrationSpecV1 `protobuf:"bytes,3,opt,name=GitHub,proto3,oneof" json:"github,omitempty"`
}

func (*IntegrationSpecV1_GitHub) CheckAndSetDefaults 

func (s *IntegrationSpecV1_GitHub) CheckAndSetDefaults() error

CheckAndSetDefaults validates the configuration for GitHub integration subkind.

func (*IntegrationSpecV1_GitHub) MarshalTo 

func (m *IntegrationSpecV1_GitHub) MarshalTo(dAtA []byte) (int, error)

func (*IntegrationSpecV1_GitHub) MarshalToSizedBuffer 

func (m *IntegrationSpecV1_GitHub) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IntegrationSpecV1_GitHub) Size 

func (m *IntegrationSpecV1_GitHub) Size() (n int)

type IntegrationV1 

type IntegrationV1 struct {
	// Header is the resource header.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is an Integration specification.
	Spec                 IntegrationSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

IntegrationV1 represents a connection between Teleport and some other 3rd party system. This connection allows API access to that service from Teleport. Each Integration instance must have a SubKind defined which identifies the external system.

func NewIntegrationAWSOIDC 

func NewIntegrationAWSOIDC(md Metadata, spec *AWSOIDCIntegrationSpecV1) (*IntegrationV1, error)

NewIntegrationAWSOIDC returns a new `aws-oidc` subkind Integration

func NewIntegrationAWSRA 

func NewIntegrationAWSRA(md Metadata, spec *AWSRAIntegrationSpecV1) (*IntegrationV1, error)

NewIntegrationAWSRA returns a new `aws-ra` subkind Integration

func NewIntegrationAzureOIDC 

func NewIntegrationAzureOIDC(md Metadata, spec *AzureOIDCIntegrationSpecV1) (*IntegrationV1, error)

NewIntegrationAzureOIDC returns a new `azure-oidc` subkind Integration

func NewIntegrationGitHub 

func NewIntegrationGitHub(md Metadata, spec *GitHubIntegrationSpecV1) (*IntegrationV1, error)

NewIntegrationGitHub returns a new `github` subkind Integration

func (*IntegrationV1) CanChangeStateTo 

func (ig *IntegrationV1) CanChangeStateTo(newState Integration) error

CanChangeStateTo checks if the current Integration can be updated for the provided integration.

func (*IntegrationV1) CheckAndSetDefaults 

func (ig *IntegrationV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*IntegrationV1) Clone 

func (ig *IntegrationV1) Clone() Integration

Clone returns a copy of the integration.

func (*IntegrationV1) Descriptor 

func (*IntegrationV1) Descriptor() ([]byte, []int)

func (*IntegrationV1) GetAWSOIDCIntegrationSpec 

func (ig *IntegrationV1) GetAWSOIDCIntegrationSpec() *AWSOIDCIntegrationSpecV1

GetAWSOIDCIntegrationSpec returns the specific spec fields for `aws-oidc` subkind integrations.

func (*IntegrationV1) GetAWSRolesAnywhereIntegrationSpec 

func (ig *IntegrationV1) GetAWSRolesAnywhereIntegrationSpec() *AWSRAIntegrationSpecV1

GetAWSRolesAnywhereIntegrationSpec returns the specific spec fields for `aws-ra` subkind integrations.

func (*IntegrationV1) GetAzureOIDCIntegrationSpec 

func (ig *IntegrationV1) GetAzureOIDCIntegrationSpec() *AzureOIDCIntegrationSpecV1

GetAzureOIDCIntegrationSpec returns the specific spec fields for `azure-oidc` subkind integrations.

func (*IntegrationV1) GetCredentials 

func (ig *IntegrationV1) GetCredentials() PluginCredentials

GetCredentials retrieves credentials.

func (*IntegrationV1) GetGitHubIntegrationSpec 

func (ig *IntegrationV1) GetGitHubIntegrationSpec() *GitHubIntegrationSpecV1

GetGitHubIntegrationSpec returns the GitHub spec.

func (*IntegrationV1) Marshal 

func (m *IntegrationV1) Marshal() (dAtA []byte, err error)

func (*IntegrationV1) MarshalJSON 

func (ig *IntegrationV1) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaller for JSON format. gogoproto doesn't allow for oneof json tags [https://github.com/gogo/protobuf/issues/623] So, this is required to correctly use snake_case for every field. Please see IntegrationV1.UnmarshalJSON for more information.

func (*IntegrationV1) MarshalTo 

func (m *IntegrationV1) MarshalTo(dAtA []byte) (int, error)

func (*IntegrationV1) MarshalToSizedBuffer 

func (m *IntegrationV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IntegrationV1) MatchSearch 

func (ig *IntegrationV1) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*IntegrationV1) ProtoMessage 

func (*IntegrationV1) ProtoMessage()

func (*IntegrationV1) Reset 

func (m *IntegrationV1) Reset()

func (*IntegrationV1) SetAWSOIDCIntegrationSpec 

func (ig *IntegrationV1) SetAWSOIDCIntegrationSpec(awsOIDCSpec *AWSOIDCIntegrationSpecV1)

SetAWSOIDCIntegrationSpec sets the specific fields for the `aws-oidc` subkind integration.

func (*IntegrationV1) SetAWSOIDCIssuerS3URI 

func (ig *IntegrationV1) SetAWSOIDCIssuerS3URI(issuerS3URI string)

SetAWSOIDCIssuer sets the Issuer of the AWS OIDC Spec.

func (*IntegrationV1) SetAWSOIDCRoleARN 

func (ig *IntegrationV1) SetAWSOIDCRoleARN(roleARN string)

SetAWSOIDCRoleARN sets the RoleARN of the AWS OIDC Spec.

func (*IntegrationV1) SetAWSRolesAnywhereIntegrationSpec 

func (ig *IntegrationV1) SetAWSRolesAnywhereIntegrationSpec(awsRASpec *AWSRAIntegrationSpecV1)

SetAWSRolesAnywhereIntegrationSpec sets the specific fields for the `aws-ra` subkind integration.

func (*IntegrationV1) SetCredentials 

func (ig *IntegrationV1) SetCredentials(creds PluginCredentials) error

SetCredentials updates credentials.

func (*IntegrationV1) SetGitHubIntegrationSpec 

func (ig *IntegrationV1) SetGitHubIntegrationSpec(spec *GitHubIntegrationSpecV1)

SetGitHubIntegrationSpec returns the GitHub spec.

func (*IntegrationV1) Size 

func (m *IntegrationV1) Size() (n int)

func (*IntegrationV1) String 

func (ig *IntegrationV1) String() string

String returns the integration string representation.

func (*IntegrationV1) Unmarshal 

func (m *IntegrationV1) Unmarshal(dAtA []byte) error

func (*IntegrationV1) UnmarshalJSON 

func (ig *IntegrationV1) UnmarshalJSON(data []byte) error

UnmarshalJSON is a custom unmarshaller for JSON format. It is required because the Spec.SubKindSpec proto field is a oneof. This translates into two issues when generating golang code: - the Spec.SubKindSpec field in Go is an interface - it creates an extra field to store the oneof values

Spec.SubKindSpec is an interface because it can have one of multiple values, even though there's only one type for now: aws_oidc. When trying to unmarshal this field, we must provide a concrete type. To do so, we unmarshal just the root fields (ResourceHeader: Name, Kind, SubKind, Version, Metadata) and then use its SubKind to provide a concrete type for the Spec.SubKindSpec field. Unmarshalling the remaining fields uses the standard json.Unmarshal over the Spec field.

Spec.SubKindSpec is an extra field which only adds clutter This method pulls those fields into a higher level. So, instead of:

spec.subkind_spec.aws_oidc.role_arn: xyz

It will be:

spec.aws_oidc.role_arn: xyz

func (*IntegrationV1) WithoutCredentials 

func (ig *IntegrationV1) WithoutCredentials() Integration

WithoutCredentials returns a copy without credentials.

func (*IntegrationV1) XXX_DiscardUnknown 

func (m *IntegrationV1) XXX_DiscardUnknown()

func (*IntegrationV1) XXX_Marshal 

func (m *IntegrationV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IntegrationV1) XXX_Merge 

func (m *IntegrationV1) XXX_Merge(src proto.Message)

func (*IntegrationV1) XXX_Size 

func (m *IntegrationV1) XXX_Size() int

func (*IntegrationV1) XXX_Unmarshal 

func (m *IntegrationV1) XXX_Unmarshal(b []byte) error

type Integrations 

type Integrations []Integration

Integrations is a list of Integration resources.

func (Integrations) AsResources 

func (igs Integrations) AsResources() []ResourceWithLabels

AsResources returns these groups as resources with labels.

func (Integrations) Len 

func (igs Integrations) Len() int

Len returns the slice length.

func (Integrations) Less 

func (igs Integrations) Less(i, j int) bool

Less compares integrations by name.

func (Integrations) Swap 

func (igs Integrations) Swap(i, j int)

Swap swaps two integrations.

type JWTKeyPair 

type JWTKeyPair struct {
	// PublicKey is a PEM encoded public key.
	PublicKey []byte `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"public_key,omitempty"`
	// PrivateKey is a PEM encoded private key.
	PrivateKey []byte `protobuf:"bytes,2,opt,name=PrivateKey,proto3" json:"private_key,omitempty"`
	// PrivateKeyType is the type of the PrivateKey.
	PrivateKeyType       PrivateKeyType `protobuf:"varint,3,opt,name=PrivateKeyType,proto3,enum=types.PrivateKeyType" json:"private_key_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

JWTKeyPair is a PEM encoded keypair used for signing JWT tokens.

func (*JWTKeyPair) CheckAndSetDefaults 

func (k *JWTKeyPair) CheckAndSetDefaults() error

CheckAndSetDefaults validates JWTKeyPair and sets defaults on any empty fields as needed.

func (*JWTKeyPair) Clone 

func (k *JWTKeyPair) Clone() *JWTKeyPair

Clone returns a deep copy of JWTKeyPair that can be mutated without modifying the original.

func (*JWTKeyPair) Descriptor 

func (*JWTKeyPair) Descriptor() ([]byte, []int)

func (*JWTKeyPair) Marshal 

func (m *JWTKeyPair) Marshal() (dAtA []byte, err error)

func (*JWTKeyPair) MarshalTo 

func (m *JWTKeyPair) MarshalTo(dAtA []byte) (int, error)

func (*JWTKeyPair) MarshalToSizedBuffer 

func (m *JWTKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*JWTKeyPair) ProtoMessage 

func (*JWTKeyPair) ProtoMessage()

func (*JWTKeyPair) Reset 

func (m *JWTKeyPair) Reset()

func (*JWTKeyPair) Size 

func (m *JWTKeyPair) Size() (n int)

func (*JWTKeyPair) String 

func (m *JWTKeyPair) String() string

func (*JWTKeyPair) Unmarshal 

func (m *JWTKeyPair) Unmarshal(dAtA []byte) error

func (*JWTKeyPair) XXX_DiscardUnknown 

func (m *JWTKeyPair) XXX_DiscardUnknown()

func (*JWTKeyPair) XXX_Marshal 

func (m *JWTKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JWTKeyPair) XXX_Merge 

func (m *JWTKeyPair) XXX_Merge(src proto.Message)

func (*JWTKeyPair) XXX_Size 

func (m *JWTKeyPair) XXX_Size() int

func (*JWTKeyPair) XXX_Unmarshal 

func (m *JWTKeyPair) XXX_Unmarshal(b []byte) error

type JamfInventoryEntry 

type JamfInventoryEntry struct {
	// Jamf Pro API RSQL filter, used when querying endpoints like
	// "/api/v1/computers-inventory".
	// See https://developer.jamf.com/jamf-pro/reference/get_v1-computers-inventory.
	FilterRsql string `protobuf:"bytes,1,opt,name=filter_rsql,json=filterRsql,proto3" json:"filter_rsql,omitempty"`
	// Sync period for PARTIAL syncs.
	// PARTIAL syncs are scheduled in the time window between FULL syncs, so
	// sync_period_partial must always be smaller than sync_period_full, otherwise
	// it would never trigger.
	// Set to zero or negative to disable PARTIAL syncs.
	SyncPeriodPartial Duration `` /* 133-byte string literal not displayed */
	// Sync period for FULL syncs.
	// Ideally sync_period_full is a multiple of sync_period_partial, so schedules
	// line up perfectly.
	// Set to zero or negative to disable FULL syncs.
	SyncPeriodFull Duration `protobuf:"varint,3,opt,name=sync_period_full,json=syncPeriodFull,proto3,casttype=Duration" json:"sync_period_full,omitempty"`
	// on_missing is the trigger used on devices missing from the MDM view in a
	// FULL sync.
	// Only runs on successful FULL syncs.
	// Corresponds to [teleport.devicetrust.v1.SyncInventoryDeviceAction].
	// Must be either "NOOP" or "DELETE".
	// Defaults to "NOOP".
	OnMissing string `protobuf:"bytes,4,opt,name=on_missing,json=onMissing,proto3" json:"on_missing,omitempty"`
	// Custom page size for inventory queries.
	// A server default is used if zeroed or negative.
	PageSize             int32    `protobuf:"varint,5,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

JamfInventoryEntry is an inventory sync entry for JamfSpecV1.

func (*JamfInventoryEntry) Descriptor 

func (*JamfInventoryEntry) Descriptor() ([]byte, []int)

func (*JamfInventoryEntry) Equal 

func (this *JamfInventoryEntry) Equal(that interface{}) bool

func (*JamfInventoryEntry) Marshal 

func (m *JamfInventoryEntry) Marshal() (dAtA []byte, err error)

func (*JamfInventoryEntry) MarshalTo 

func (m *JamfInventoryEntry) MarshalTo(dAtA []byte) (int, error)

func (*JamfInventoryEntry) MarshalToSizedBuffer 

func (m *JamfInventoryEntry) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*JamfInventoryEntry) ProtoMessage 

func (*JamfInventoryEntry) ProtoMessage()

func (*JamfInventoryEntry) Reset 

func (m *JamfInventoryEntry) Reset()

func (*JamfInventoryEntry) Size 

func (m *JamfInventoryEntry) Size() (n int)

func (*JamfInventoryEntry) String 

func (m *JamfInventoryEntry) String() string

func (*JamfInventoryEntry) Unmarshal 

func (m *JamfInventoryEntry) Unmarshal(dAtA []byte) error

func (*JamfInventoryEntry) XXX_DiscardUnknown 

func (m *JamfInventoryEntry) XXX_DiscardUnknown()

func (*JamfInventoryEntry) XXX_Marshal 

func (m *JamfInventoryEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JamfInventoryEntry) XXX_Merge 

func (m *JamfInventoryEntry) XXX_Merge(src proto.Message)

func (*JamfInventoryEntry) XXX_Size 

func (m *JamfInventoryEntry) XXX_Size() int

func (*JamfInventoryEntry) XXX_Unmarshal 

func (m *JamfInventoryEntry) XXX_Unmarshal(b []byte) error

type JamfSpecV1 

type JamfSpecV1 struct {
	// Enabled toggles the service on or off.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// Name of the service device source.
	// See the teleport.devicetrust.v1.DeviceSource proto.
	// Defaults to "jamf".
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// Initial sync delay for the service.
	// Set to negative to perform syncs immediately on startup.
	// Defaults to a random delay (a few minutes max).
	SyncDelay Duration `protobuf:"varint,3,opt,name=sync_delay,json=syncDelay,proto3,casttype=Duration" json:"sync_delay,omitempty"`
	// Jamf Pro API endpoint.
	// Example: "https://yourtenant.jamfcloud.com/api".
	// Required.
	ApiEndpoint string `protobuf:"bytes,4,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
	// Inventory sync entries.
	// If empty a default sync configuration is used.
	Inventory            []*JamfInventoryEntry `protobuf:"bytes,7,rep,name=inventory,proto3" json:"inventory,omitempty"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

JamfSpecV1 is the base configuration for the Jamf MDM service.

func (*JamfSpecV1) Descriptor 

func (*JamfSpecV1) Descriptor() ([]byte, []int)

func (*JamfSpecV1) Equal 

func (this *JamfSpecV1) Equal(that interface{}) bool

func (*JamfSpecV1) Marshal 

func (m *JamfSpecV1) Marshal() (dAtA []byte, err error)

func (*JamfSpecV1) MarshalTo 

func (m *JamfSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*JamfSpecV1) MarshalToSizedBuffer 

func (m *JamfSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*JamfSpecV1) ProtoMessage 

func (*JamfSpecV1) ProtoMessage()

func (*JamfSpecV1) Reset 

func (m *JamfSpecV1) Reset()

func (*JamfSpecV1) Size 

func (m *JamfSpecV1) Size() (n int)

func (*JamfSpecV1) String 

func (m *JamfSpecV1) String() string

func (*JamfSpecV1) Unmarshal 

func (m *JamfSpecV1) Unmarshal(dAtA []byte) error

func (*JamfSpecV1) XXX_DiscardUnknown 

func (m *JamfSpecV1) XXX_DiscardUnknown()

func (*JamfSpecV1) XXX_Marshal 

func (m *JamfSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JamfSpecV1) XXX_Merge 

func (m *JamfSpecV1) XXX_Merge(src proto.Message)

func (*JamfSpecV1) XXX_Size 

func (m *JamfSpecV1) XXX_Size() int

func (*JamfSpecV1) XXX_Unmarshal 

func (m *JamfSpecV1) XXX_Unmarshal(b []byte) error

type JoinMethod 

type JoinMethod string

JoinMethod is the method used for new nodes to join the cluster. 

const (
	JoinMethodUnspecified JoinMethod = ""
	// JoinMethodToken is the default join method, nodes join the cluster by
	// presenting a secret token.
	JoinMethodToken JoinMethod = "token"
	// JoinMethodEC2 indicates that the node will join with the EC2 join method.
	JoinMethodEC2 JoinMethod = "ec2"
	// JoinMethodIAM indicates that the node will join with the IAM join method.
	JoinMethodIAM JoinMethod = "iam"
	// JoinMethodGitHub indicates that the node will join with the GitHub join
	// method. Documentation regarding the implementation of this can be found
	// in lib/githubactions
	JoinMethodGitHub JoinMethod = "github"
	// JoinMethodCircleCI indicates that the node will join with the CircleCI\
	// join method. Documentation regarding the implementation of this can be
	// found in lib/circleci
	JoinMethodCircleCI JoinMethod = "circleci"
	// JoinMethodKubernetes indicates that the node will join with the
	// Kubernetes join method. Documentation regarding implementation can be
	// found in lib/kubernetestoken
	JoinMethodKubernetes JoinMethod = "kubernetes"
	// JoinMethodAzure indicates that the node will join with the Azure join
	// method.
	JoinMethodAzure JoinMethod = "azure"
	// JoinMethodGitLab indicates that the node will join with the GitLab
	// join method. Documentation regarding implementation of this
	// can be found in lib/gitlab
	JoinMethodGitLab JoinMethod = "gitlab"
	// JoinMethodGCP indicates that the node will join with the GCP join method.
	// Documentation regarding implementation of this can be found in lib/gcp.
	JoinMethodGCP JoinMethod = "gcp"
	// JoinMethodSpacelift indicates the node will join with the SpaceLift join
	// method. Documentation regarding implementation of this can be found in
	// lib/spacelift.
	JoinMethodSpacelift JoinMethod = "spacelift"
	// JoinMethodTPM indicates that the node will join with the TPM join method.
	// The core implementation of this join method can be found in lib/tpm.
	JoinMethodTPM JoinMethod = "tpm"
	// JoinMethodTerraformCloud indicates that the node will join using the Terraform
	// join method. See lib/terraformcloud for more.
	JoinMethodTerraformCloud JoinMethod = "terraform_cloud"
	// JoinMethodBitbucket indicates that the node will join using the Bitbucket
	// join method. See lib/bitbucket for more.
	JoinMethodBitbucket JoinMethod = "bitbucket"
	// JoinMethodOracle indicates that the node will join using the Oracle join
	// method.
	JoinMethodOracle JoinMethod = "oracle"
	// JoinMethodAzureDevops indicates that the node will join using the Azure
	// Devops join method.
	JoinMethodAzureDevops JoinMethod = "azure_devops"
	// JoinMethodBoundKeypair indicates the node will join using the Bound
	// Keypair join method. See lib/boundkeypair for more.
	JoinMethodBoundKeypair JoinMethod = "bound_keypair"
)

type KeepAlive 

type KeepAlive struct {
	// Name of the resource to keep alive.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"server_name"`
	// Namespace is the namespace of the resource.
	Namespace string `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"namespace"`
	// Expires is set to update expiry time of the resource.
	Expires time.Time `protobuf:"bytes,4,opt,name=Expires,proto3,stdtime" json:"expires"`
	// Type is the type (or kind) of the resource that's being kept alive.
	Type KeepAlive_KeepAliveType `protobuf:"varint,9,opt,name=Type,proto3,enum=types.KeepAlive_KeepAliveType" json:"type"`
	// HostID is an optional UUID of the host the resource belongs to.
	HostID               string   `protobuf:"bytes,10,opt,name=HostID,proto3" json:"host_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*KeepAlive) CheckAndSetDefaults 

func (s *KeepAlive) CheckAndSetDefaults() error

CheckAndSetDefaults validates this KeepAlive value and sets default values

func (*KeepAlive) Descriptor 

func (*KeepAlive) Descriptor() ([]byte, []int)

func (*KeepAlive) GetType 

func (s *KeepAlive) GetType() string

GetType return the type of keep alive: either application or server.

func (*KeepAlive) IsEmpty 

func (s *KeepAlive) IsEmpty() bool

IsEmpty returns true if keepalive is empty, used to indicate that keepalive is not supported

func (*KeepAlive) Marshal 

func (m *KeepAlive) Marshal() (dAtA []byte, err error)

func (*KeepAlive) MarshalTo 

func (m *KeepAlive) MarshalTo(dAtA []byte) (int, error)

func (*KeepAlive) MarshalToSizedBuffer 

func (m *KeepAlive) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KeepAlive) ProtoMessage 

func (*KeepAlive) ProtoMessage()

func (*KeepAlive) Reset 

func (m *KeepAlive) Reset()

func (*KeepAlive) Size 

func (m *KeepAlive) Size() (n int)

func (*KeepAlive) String 

func (m *KeepAlive) String() string

func (*KeepAlive) Unmarshal 

func (m *KeepAlive) Unmarshal(dAtA []byte) error

func (*KeepAlive) XXX_DiscardUnknown 

func (m *KeepAlive) XXX_DiscardUnknown()

func (*KeepAlive) XXX_Marshal 

func (m *KeepAlive) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeepAlive) XXX_Merge 

func (m *KeepAlive) XXX_Merge(src proto.Message)

func (*KeepAlive) XXX_Size 

func (m *KeepAlive) XXX_Size() int

func (*KeepAlive) XXX_Unmarshal 

func (m *KeepAlive) XXX_Unmarshal(b []byte) error

type KeepAlive_KeepAliveType 

type KeepAlive_KeepAliveType int32

The type of a KeepAlive. When adding a new type, please double-check lib/usagereporter/teleport to see if we need any change in the resource heartbeat event. 

const (
	KeepAlive_UNKNOWN KeepAlive_KeepAliveType = 0
	// "node", KindNode. For the sake of correct usage reporting, it shouldn't
	// be used for OpenSSH nodes.
	KeepAlive_NODE KeepAlive_KeepAliveType = 1
	// "app_server", KindAppServer
	KeepAlive_APP KeepAlive_KeepAliveType = 2
	// "db_server", KindDatabaseServer
	KeepAlive_DATABASE KeepAlive_KeepAliveType = 3
	// "windows_desktop_service", KindWindowsDesktopService
	KeepAlive_WINDOWS_DESKTOP KeepAlive_KeepAliveType = 4
	// "kube_server", KindKubeServer
	KeepAlive_KUBERNETES KeepAlive_KeepAliveType = 5
	// "db_service", KindDatabaseService
	KeepAlive_DATABASE_SERVICE KeepAlive_KeepAliveType = 6
)

func (KeepAlive_KeepAliveType) EnumDescriptor 

func (KeepAlive_KeepAliveType) EnumDescriptor() ([]byte, []int)

func (KeepAlive_KeepAliveType) String 

func (x KeepAlive_KeepAliveType) String() string

type KeepAliver 

type KeepAliver interface {
	// KeepAlives allows to receive keep alives
	KeepAlives() chan<- KeepAlive

	// Done returns the channel signaling the closure
	Done() <-chan struct{}

	// Close closes the watcher and releases
	// all associated resources
	Close() error

	// Error returns error associated with keep aliver if any
	Error() error
}

KeepAliver keeps object alive

type KubeAWS 

type KubeAWS struct {
	// Region is a AWS cloud region.
	Region string `protobuf:"bytes,1,opt,name=Region,proto3" json:"region,omitempty"`
	// AccountID is a AWS Account ID.
	AccountID string `protobuf:"bytes,2,opt,name=AccountID,proto3" json:"account_id,omitempty"`
	// Name is a AWS EKS cluster name.
	Name                 string   `protobuf:"bytes,3,opt,name=Name,proto3" json:"name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KubeAWS contains the AWS information about the cluster.

func (KubeAWS) CheckAndSetDefaults 

func (k KubeAWS) CheckAndSetDefaults() error

func (*KubeAWS) Descriptor 

func (*KubeAWS) Descriptor() ([]byte, []int)

func (*KubeAWS) Marshal 

func (m *KubeAWS) Marshal() (dAtA []byte, err error)

func (*KubeAWS) MarshalTo 

func (m *KubeAWS) MarshalTo(dAtA []byte) (int, error)

func (*KubeAWS) MarshalToSizedBuffer 

func (m *KubeAWS) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubeAWS) ProtoMessage 

func (*KubeAWS) ProtoMessage()

func (*KubeAWS) Reset 

func (m *KubeAWS) Reset()

func (*KubeAWS) Size 

func (m *KubeAWS) Size() (n int)

func (*KubeAWS) String 

func (m *KubeAWS) String() string

func (*KubeAWS) Unmarshal 

func (m *KubeAWS) Unmarshal(dAtA []byte) error

func (*KubeAWS) XXX_DiscardUnknown 

func (m *KubeAWS) XXX_DiscardUnknown()

func (*KubeAWS) XXX_Marshal 

func (m *KubeAWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubeAWS) XXX_Merge 

func (m *KubeAWS) XXX_Merge(src proto.Message)

func (*KubeAWS) XXX_Size 

func (m *KubeAWS) XXX_Size() int

func (*KubeAWS) XXX_Unmarshal 

func (m *KubeAWS) XXX_Unmarshal(b []byte) error

type KubeAzure 

type KubeAzure struct {
	// ResourceName is the AKS cluster name.
	ResourceName string `protobuf:"bytes,1,opt,name=ResourceName,proto3" json:"resource_name,omitempty"`
	// ResourceGroup is the Azure resource group name.
	ResourceGroup string `protobuf:"bytes,2,opt,name=ResourceGroup,proto3" json:"resource_group,omitempty"`
	// TenantID is the AKS cluster Tenant ID.
	TenantID string `protobuf:"bytes,3,opt,name=TenantID,proto3" json:"tenant_id,omitempty"`
	// SubscriptionID is the AKS cluster SubscriptionID.
	SubscriptionID       string   `protobuf:"bytes,4,opt,name=SubscriptionID,proto3" json:"subscription_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KubeAzure contains the Azure information about the cluster.

func (KubeAzure) CheckAndSetDefaults 

func (k KubeAzure) CheckAndSetDefaults() error

func (*KubeAzure) Descriptor 

func (*KubeAzure) Descriptor() ([]byte, []int)

func (*KubeAzure) Marshal 

func (m *KubeAzure) Marshal() (dAtA []byte, err error)

func (*KubeAzure) MarshalTo 

func (m *KubeAzure) MarshalTo(dAtA []byte) (int, error)

func (*KubeAzure) MarshalToSizedBuffer 

func (m *KubeAzure) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubeAzure) ProtoMessage 

func (*KubeAzure) ProtoMessage()

func (*KubeAzure) Reset 

func (m *KubeAzure) Reset()

func (*KubeAzure) Size 

func (m *KubeAzure) Size() (n int)

func (*KubeAzure) String 

func (m *KubeAzure) String() string

func (*KubeAzure) Unmarshal 

func (m *KubeAzure) Unmarshal(dAtA []byte) error

func (*KubeAzure) XXX_DiscardUnknown 

func (m *KubeAzure) XXX_DiscardUnknown()

func (*KubeAzure) XXX_Marshal 

func (m *KubeAzure) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubeAzure) XXX_Merge 

func (m *KubeAzure) XXX_Merge(src proto.Message)

func (*KubeAzure) XXX_Size 

func (m *KubeAzure) XXX_Size() int

func (*KubeAzure) XXX_Unmarshal 

func (m *KubeAzure) XXX_Unmarshal(b []byte) error

type KubeCluster 

type KubeCluster interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetNamespace returns the kube cluster namespace.
	GetNamespace() string
	// GetStaticLabels returns the kube cluster static labels.
	GetStaticLabels() map[string]string
	// SetStaticLabels sets the kube cluster static labels.
	SetStaticLabels(map[string]string)
	// GetDynamicLabels returns the kube cluster dynamic labels.
	GetDynamicLabels() map[string]CommandLabel
	// SetDynamicLabels sets the kube cluster dynamic labels.
	SetDynamicLabels(map[string]CommandLabel)
	// GetKubeconfig returns the kubeconfig payload.
	GetKubeconfig() []byte
	// SetKubeconfig sets the kubeconfig.
	SetKubeconfig([]byte)
	// String returns string representation of the kube cluster.
	String() string
	// GetDescription returns the kube cluster description.
	GetDescription() string
	// GetAzureConfig gets the Azure config.
	GetAzureConfig() KubeAzure
	// SetAzureConfig sets the Azure config.
	SetAzureConfig(KubeAzure)
	// GetAWSConfig gets the AWS config.
	GetAWSConfig() KubeAWS
	// SetAWSConfig sets the AWS config.
	SetAWSConfig(KubeAWS)
	// GetGCPConfig gets the GCP config.
	GetGCPConfig() KubeGCP
	// SetGCPConfig sets the GCP config.
	SetGCPConfig(KubeGCP)
	// IsAzure indentifies if the KubeCluster contains Azure details.
	IsAzure() bool
	// IsAWS indentifies if the KubeCluster contains AWS details.
	IsAWS() bool
	// IsGCP indentifies if the KubeCluster contains GCP details.
	IsGCP() bool
	// IsKubeconfig identifies if the KubeCluster contains kubeconfig data.
	IsKubeconfig() bool
	// Copy returns a copy of this kube cluster resource.
	Copy() KubeCluster
	// GetCloud gets the cloud this kube cluster is running on, or an empty string if it
	// isn't running on a cloud provider.
	GetCloud() string
}

KubeCluster represents a kubernetes cluster.

func DeduplicateKubeClusters 

func DeduplicateKubeClusters(kubeclusters []KubeCluster) []KubeCluster

DeduplicateKubeClusters deduplicates kube clusters by name.

type KubeClusters 

type KubeClusters []KubeCluster

KubeClusters represents a list of kube clusters.

func (KubeClusters) AsResources 

func (s KubeClusters) AsResources() ResourcesWithLabels

AsResources returns as type resources with labels.

func (KubeClusters) Find 

func (s KubeClusters) Find(name string) KubeCluster

Find returns kube cluster with the specified name or nil.

func (KubeClusters) GetFieldVals 

func (s KubeClusters) GetFieldVals(field string) ([]string, error)

GetFieldVals returns list of select field values.

func (KubeClusters) Len 

func (s KubeClusters) Len() int

Len returns the slice length.

func (KubeClusters) Less 

func (s KubeClusters) Less(i, j int) bool

Less compares kube clusters by name.

func (KubeClusters) SortByCustom 

func (s KubeClusters) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (KubeClusters) Swap 

func (s KubeClusters) Swap(i, j int)

Swap swaps two kube clusters.

func (KubeClusters) ToMap 

func (s KubeClusters) ToMap() map[string]KubeCluster

ToMap returns these kubernetes clusters as a map keyed by cluster name.

type KubeGCP 

type KubeGCP struct {
	// Location is a GKE cluster location.
	Location string `protobuf:"bytes,1,opt,name=Location,proto3" json:"location,omitempty"`
	// ProjectID is the GKE Project ID.
	ProjectID string `protobuf:"bytes,2,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
	// Name is a GCP GKE cluster name.
	Name                 string   `protobuf:"bytes,3,opt,name=Name,proto3" json:"name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KubeGCP contains the GCP information about the cluster.

func (KubeGCP) CheckAndSetDefaults 

func (k KubeGCP) CheckAndSetDefaults() error

func (*KubeGCP) Descriptor 

func (*KubeGCP) Descriptor() ([]byte, []int)

func (*KubeGCP) Marshal 

func (m *KubeGCP) Marshal() (dAtA []byte, err error)

func (*KubeGCP) MarshalTo 

func (m *KubeGCP) MarshalTo(dAtA []byte) (int, error)

func (*KubeGCP) MarshalToSizedBuffer 

func (m *KubeGCP) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubeGCP) ProtoMessage 

func (*KubeGCP) ProtoMessage()

func (*KubeGCP) Reset 

func (m *KubeGCP) Reset()

func (*KubeGCP) Size 

func (m *KubeGCP) Size() (n int)

func (*KubeGCP) String 

func (m *KubeGCP) String() string

func (*KubeGCP) Unmarshal 

func (m *KubeGCP) Unmarshal(dAtA []byte) error

func (*KubeGCP) XXX_DiscardUnknown 

func (m *KubeGCP) XXX_DiscardUnknown()

func (*KubeGCP) XXX_Marshal 

func (m *KubeGCP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubeGCP) XXX_Merge 

func (m *KubeGCP) XXX_Merge(src proto.Message)

func (*KubeGCP) XXX_Size 

func (m *KubeGCP) XXX_Size() int

func (*KubeGCP) XXX_Unmarshal 

func (m *KubeGCP) XXX_Unmarshal(b []byte) error

type KubeResources 

type KubeResources []*KubernetesResourceV1

KubeResources represents a list of Kubernetes resources.

func (KubeResources) AsResources 

func (k KubeResources) AsResources() ResourcesWithLabels

AsResources returns as type resources with labels.

func (KubeResources) Find 

func (k KubeResources) Find(name string) *KubernetesResourceV1

Find returns Kubernetes resource with the specified name or nil if the resource was not found.

func (KubeResources) Len 

func (k KubeResources) Len() int

Len returns the slice length.

func (KubeResources) Less 

func (k KubeResources) Less(i, j int) bool

Less compares Kubernetes resources by name.

func (KubeResources) SortByCustom 

func (k KubeResources) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (KubeResources) Swap 

func (k KubeResources) Swap(i, j int)

Swap swaps two Kubernetes resources.

func (KubeResources) ToMap 

func (k KubeResources) ToMap() map[string]*KubernetesResourceV1

ToMap returns these kubernetes resources as a map keyed by resource name.

type KubeServer 

type KubeServer interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetNamespace returns server namespace.
	GetNamespace() string
	// GetTeleportVersion returns the teleport version the server is running on.
	GetTeleportVersion() string
	// GetHostname returns the server hostname.
	GetHostname() string
	// GetHostID returns ID of the host the server is running on.
	GetHostID() string
	// GetRotation gets the state of certificate authority rotation.
	GetRotation() Rotation
	// SetRotation sets the state of certificate authority rotation.
	SetRotation(Rotation)
	// String returns string representation of the server.
	String() string
	// Copy returns a copy of this kube server object.
	Copy() KubeServer
	// CloneResource returns a copy of the KubeServer as a ResourceWithLabels
	CloneResource() ResourceWithLabels
	// GetCluster returns the Kubernetes Cluster this kube server proxies.
	GetCluster() KubeCluster
	// SetCluster sets the kube cluster this kube server server proxies.
	SetCluster(KubeCluster) error
	// ProxiedService provides common methods for a proxied service.
	ProxiedService
}

KubeServer represents a single Kubernetes server.

type KubeServers 

type KubeServers []KubeServer

KubeServers represents a list of kube servers.

func (KubeServers) AsResources 

func (s KubeServers) AsResources() []ResourceWithLabels

AsResources returns kube servers as type resources with labels.

func (KubeServers) GetFieldVals 

func (s KubeServers) GetFieldVals(field string) ([]string, error)

GetFieldVals returns list of select field values.

func (KubeServers) Len 

func (s KubeServers) Len() int

Len returns the slice length.

func (KubeServers) Less 

func (s KubeServers) Less(i, j int) bool

Less compares kube servers by name and host ID.

func (KubeServers) SortByCustom 

func (s KubeServers) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (KubeServers) Swap 

func (s KubeServers) Swap(i, j int)

Swap swaps two kube servers.

func (KubeServers) ToMap 

func (s KubeServers) ToMap() map[string]KubeServer

ToMap returns these kubernetes clusters as a map keyed by cluster name.

type KubernetesCluster 

type KubernetesCluster struct {
	// Name is the name of this kubernetes cluster.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// StaticLabels is map of static labels associated with this cluster.
	// Used for RBAC.
	StaticLabels map[string]string `` /* 166-byte string literal not displayed */
	// DynamicLabels is map of dynamic labels associated with this cluster.
	// Used for RBAC.
	DynamicLabels        map[string]CommandLabelV2 `` /* 168-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                  `json:"-"`
	XXX_unrecognized     []byte                    `json:"-"`
	XXX_sizecache        int32                     `json:"-"`
}

KubernetesCluster is a named kubernetes API endpoint handled by a Server.

TODO: deprecate and convert all usage to KubernetesClusterV3

func (*KubernetesCluster) Descriptor 

func (*KubernetesCluster) Descriptor() ([]byte, []int)

func (*KubernetesCluster) Marshal 

func (m *KubernetesCluster) Marshal() (dAtA []byte, err error)

func (*KubernetesCluster) MarshalTo 

func (m *KubernetesCluster) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesCluster) MarshalToSizedBuffer 

func (m *KubernetesCluster) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesCluster) ProtoMessage 

func (*KubernetesCluster) ProtoMessage()

func (*KubernetesCluster) Reset 

func (m *KubernetesCluster) Reset()

func (*KubernetesCluster) Size 

func (m *KubernetesCluster) Size() (n int)

func (*KubernetesCluster) String 

func (m *KubernetesCluster) String() string

func (*KubernetesCluster) Unmarshal 

func (m *KubernetesCluster) Unmarshal(dAtA []byte) error

func (*KubernetesCluster) XXX_DiscardUnknown 

func (m *KubernetesCluster) XXX_DiscardUnknown()

func (*KubernetesCluster) XXX_Marshal 

func (m *KubernetesCluster) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesCluster) XXX_Merge 

func (m *KubernetesCluster) XXX_Merge(src proto.Message)

func (*KubernetesCluster) XXX_Size 

func (m *KubernetesCluster) XXX_Size() int

func (*KubernetesCluster) XXX_Unmarshal 

func (m *KubernetesCluster) XXX_Unmarshal(b []byte) error

type KubernetesClusterSpecV3 

type KubernetesClusterSpecV3 struct {
	// DynamicLabels are the cluster's dynamic labels.
	DynamicLabels map[string]CommandLabelV2 `` /* 168-byte string literal not displayed */
	// Kubeconfig is the kubeconfig file payload that grants access to the cluster.
	// If multiple contexts are specified, the first will be selected.
	Kubeconfig []byte `protobuf:"bytes,2,opt,name=Kubeconfig,proto3" json:"kubeconfig,omitempty"`
	// Azure holds the required Azure information for Teleport to access the cluster.
	Azure KubeAzure `protobuf:"bytes,3,opt,name=Azure,proto3" json:"azure,omitempty"`
	// AWS holds the required AWS information for Teleport to access the cluster.
	AWS KubeAWS `protobuf:"bytes,4,opt,name=AWS,proto3" json:"aws,omitempty"`
	// GCP holds the required GCP information for Teleport to access the cluster.
	GCP                  KubeGCP  `protobuf:"bytes,5,opt,name=GCP,proto3" json:"gcp,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KubernetesClusterSpecV3 is a specification for a Kubernetes cluster.

func (*KubernetesClusterSpecV3) Descriptor 

func (*KubernetesClusterSpecV3) Descriptor() ([]byte, []int)

func (*KubernetesClusterSpecV3) Marshal 

func (m *KubernetesClusterSpecV3) Marshal() (dAtA []byte, err error)

func (*KubernetesClusterSpecV3) MarshalTo 

func (m *KubernetesClusterSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesClusterSpecV3) MarshalToSizedBuffer 

func (m *KubernetesClusterSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesClusterSpecV3) ProtoMessage 

func (*KubernetesClusterSpecV3) ProtoMessage()

func (*KubernetesClusterSpecV3) Reset 

func (m *KubernetesClusterSpecV3) Reset()

func (*KubernetesClusterSpecV3) Size 

func (m *KubernetesClusterSpecV3) Size() (n int)

func (*KubernetesClusterSpecV3) String 

func (m *KubernetesClusterSpecV3) String() string

func (*KubernetesClusterSpecV3) Unmarshal 

func (m *KubernetesClusterSpecV3) Unmarshal(dAtA []byte) error

func (*KubernetesClusterSpecV3) XXX_DiscardUnknown 

func (m *KubernetesClusterSpecV3) XXX_DiscardUnknown()

func (*KubernetesClusterSpecV3) XXX_Marshal 

func (m *KubernetesClusterSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesClusterSpecV3) XXX_Merge 

func (m *KubernetesClusterSpecV3) XXX_Merge(src proto.Message)

func (*KubernetesClusterSpecV3) XXX_Size 

func (m *KubernetesClusterSpecV3) XXX_Size() int

func (*KubernetesClusterSpecV3) XXX_Unmarshal 

func (m *KubernetesClusterSpecV3) XXX_Unmarshal(b []byte) error

type KubernetesClusterV3 

type KubernetesClusterV3 struct {
	// Kind is the cluster resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the resource spec.
	Spec                 KubernetesClusterSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

KubernetesClusterV3 represents a named kubernetes API endpoint.

func NewKubernetesClusterV3 

func NewKubernetesClusterV3(meta Metadata, spec KubernetesClusterSpecV3) (*KubernetesClusterV3, error)

NewKubernetesClusterV3 creates a new Kubernetes cluster resource.

func NewKubernetesClusterV3FromLegacyCluster 

func NewKubernetesClusterV3FromLegacyCluster(namespace string, cluster *KubernetesCluster) (*KubernetesClusterV3, error)

NewKubernetesClusterV3FromLegacyCluster creates a new Kubernetes cluster resource from the legacy type.

func NewKubernetesClusterV3WithoutSecrets 

func NewKubernetesClusterV3WithoutSecrets(cluster KubeCluster) (*KubernetesClusterV3, error)

NewKubernetesClusterV3WithoutSecrets creates a new copy of the provided cluster but without secrets/credentials.

func (*KubernetesClusterV3) CheckAndSetDefaults 

func (k *KubernetesClusterV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*KubernetesClusterV3) Copy 

func (k *KubernetesClusterV3) Copy() KubeCluster

Copy returns a copy of this resource.

func (*KubernetesClusterV3) Descriptor 

func (*KubernetesClusterV3) Descriptor() ([]byte, []int)

func (*KubernetesClusterV3) Expiry 

func (k *KubernetesClusterV3) Expiry() time.Time

Expiry returns the kube resource expiration time.

func (*KubernetesClusterV3) GetAWSConfig 

func (k *KubernetesClusterV3) GetAWSConfig() KubeAWS

GetAWSConfig gets the AWS config.

func (*KubernetesClusterV3) GetAllLabels 

func (k *KubernetesClusterV3) GetAllLabels() map[string]string

GetAllLabels returns the combined static and dynamic labels.

func (*KubernetesClusterV3) GetAzureConfig 

func (k *KubernetesClusterV3) GetAzureConfig() KubeAzure

GetAzureConfig gets the Azure config.

func (*KubernetesClusterV3) GetCloud 

func (k *KubernetesClusterV3) GetCloud() string

GetCloud gets the cloud this kube cluster is running on, or an empty string if it isn't running on a cloud provider.

func (*KubernetesClusterV3) GetDescription 

func (k *KubernetesClusterV3) GetDescription() string

GetDescription returns the description.

func (*KubernetesClusterV3) GetDynamicLabels 

func (k *KubernetesClusterV3) GetDynamicLabels() map[string]CommandLabel

GetDynamicLabels returns the dynamic labels.

func (*KubernetesClusterV3) GetGCPConfig 

func (k *KubernetesClusterV3) GetGCPConfig() KubeGCP

GetGCPConfig gets the GCP config.

func (*KubernetesClusterV3) GetKind 

func (k *KubernetesClusterV3) GetKind() string

GetKind returns the resource kind.

func (*KubernetesClusterV3) GetKubeconfig 

func (k *KubernetesClusterV3) GetKubeconfig() []byte

GetKubeconfig returns the kubeconfig payload.

func (*KubernetesClusterV3) GetLabel 

func (k *KubernetesClusterV3) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*KubernetesClusterV3) GetMetadata 

func (k *KubernetesClusterV3) GetMetadata() Metadata

GetMetadata returns the resource metadata.

func (*KubernetesClusterV3) GetName 

func (k *KubernetesClusterV3) GetName() string

GetName returns the kube resource name.

func (*KubernetesClusterV3) GetNamespace 

func (k *KubernetesClusterV3) GetNamespace() string

GetNamespace returns the kube resource namespace.

func (*KubernetesClusterV3) GetRevision 

func (k *KubernetesClusterV3) GetRevision() string

GetRevision returns the revision

func (*KubernetesClusterV3) GetStaticLabels 

func (k *KubernetesClusterV3) GetStaticLabels() map[string]string

GetStaticLabels returns the static labels.

func (*KubernetesClusterV3) GetSubKind 

func (k *KubernetesClusterV3) GetSubKind() string

GetSubKind returns the app resource subkind.

func (*KubernetesClusterV3) GetVersion 

func (k *KubernetesClusterV3) GetVersion() string

GetVersion returns the resource version.

func (*KubernetesClusterV3) IsAWS 

func (k *KubernetesClusterV3) IsAWS() bool

IsAWS indentifies if the KubeCluster contains AWS details.

func (*KubernetesClusterV3) IsAzure 

func (k *KubernetesClusterV3) IsAzure() bool

IsAzure indentifies if the KubeCluster contains Azure details.

func (*KubernetesClusterV3) IsEqual 

func (k *KubernetesClusterV3) IsEqual(i KubeCluster) bool

IsEqual determines if two user resources are equivalent to one another.

func (*KubernetesClusterV3) IsGCP 

func (k *KubernetesClusterV3) IsGCP() bool

IsGCP indentifies if the KubeCluster contains GCP details.

func (*KubernetesClusterV3) IsKubeconfig 

func (k *KubernetesClusterV3) IsKubeconfig() bool

IsKubeconfig identifies if the KubeCluster contains kubeconfig data.

func (*KubernetesClusterV3) Marshal 

func (m *KubernetesClusterV3) Marshal() (dAtA []byte, err error)

func (*KubernetesClusterV3) MarshalTo 

func (m *KubernetesClusterV3) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesClusterV3) MarshalToSizedBuffer 

func (m *KubernetesClusterV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesClusterV3) MatchSearch 

func (k *KubernetesClusterV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*KubernetesClusterV3) Origin 

func (k *KubernetesClusterV3) Origin() string

Origin returns the origin value of the resource.

func (*KubernetesClusterV3) ProtoMessage 

func (*KubernetesClusterV3) ProtoMessage()

func (*KubernetesClusterV3) Reset 

func (m *KubernetesClusterV3) Reset()

func (*KubernetesClusterV3) SetAWSConfig 

func (k *KubernetesClusterV3) SetAWSConfig(cfg KubeAWS)

SetAWSConfig sets the AWS config.

func (*KubernetesClusterV3) SetAzureConfig 

func (k *KubernetesClusterV3) SetAzureConfig(cfg KubeAzure)

SetAzureConfig sets the Azure config.

func (*KubernetesClusterV3) SetDynamicLabels 

func (k *KubernetesClusterV3) SetDynamicLabels(dl map[string]CommandLabel)

SetDynamicLabels sets the dynamic labels

func (*KubernetesClusterV3) SetExpiry 

func (k *KubernetesClusterV3) SetExpiry(expiry time.Time)

SetExpiry sets the kube resource expiration time.

func (*KubernetesClusterV3) SetGCPConfig 

func (k *KubernetesClusterV3) SetGCPConfig(cfg KubeGCP)

SetGCPConfig sets the GCP config.

func (*KubernetesClusterV3) SetKubeconfig 

func (k *KubernetesClusterV3) SetKubeconfig(cfg []byte)

SetKubeconfig sets the kubeconfig.

func (*KubernetesClusterV3) SetName 

func (k *KubernetesClusterV3) SetName(name string)

SetName sets the resource name.

func (*KubernetesClusterV3) SetOrigin 

func (k *KubernetesClusterV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*KubernetesClusterV3) SetRevision 

func (k *KubernetesClusterV3) SetRevision(rev string)

SetRevision sets the revision

func (*KubernetesClusterV3) SetStaticLabels 

func (k *KubernetesClusterV3) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the static labels.

func (*KubernetesClusterV3) SetSubKind 

func (k *KubernetesClusterV3) SetSubKind(sk string)

SetSubKind sets the app resource subkind.

func (*KubernetesClusterV3) Size 

func (m *KubernetesClusterV3) Size() (n int)

func (*KubernetesClusterV3) String 

func (k *KubernetesClusterV3) String() string

String returns the string representation.

func (*KubernetesClusterV3) Unmarshal 

func (m *KubernetesClusterV3) Unmarshal(dAtA []byte) error

func (*KubernetesClusterV3) XXX_DiscardUnknown 

func (m *KubernetesClusterV3) XXX_DiscardUnknown()

func (*KubernetesClusterV3) XXX_Marshal 

func (m *KubernetesClusterV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesClusterV3) XXX_Merge 

func (m *KubernetesClusterV3) XXX_Merge(src proto.Message)

func (*KubernetesClusterV3) XXX_Size 

func (m *KubernetesClusterV3) XXX_Size() int

func (*KubernetesClusterV3) XXX_Unmarshal 

func (m *KubernetesClusterV3) XXX_Unmarshal(b []byte) error

type KubernetesClusterV3List 

type KubernetesClusterV3List struct {
	// KubernetesClusters is a list of kubernetes clusters resources.
	KubernetesClusters   []*KubernetesClusterV3 `protobuf:"bytes,1,rep,name=KubernetesClusters,proto3" json:"KubernetesClusters,omitempty"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

KubernetesClusterV3List represents a list of kubernetes clusters.

func (*KubernetesClusterV3List) Descriptor 

func (*KubernetesClusterV3List) Descriptor() ([]byte, []int)

func (*KubernetesClusterV3List) Marshal 

func (m *KubernetesClusterV3List) Marshal() (dAtA []byte, err error)

func (*KubernetesClusterV3List) MarshalTo 

func (m *KubernetesClusterV3List) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesClusterV3List) MarshalToSizedBuffer 

func (m *KubernetesClusterV3List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesClusterV3List) ProtoMessage 

func (*KubernetesClusterV3List) ProtoMessage()

func (*KubernetesClusterV3List) Reset 

func (m *KubernetesClusterV3List) Reset()

func (*KubernetesClusterV3List) Size 

func (m *KubernetesClusterV3List) Size() (n int)

func (*KubernetesClusterV3List) String 

func (m *KubernetesClusterV3List) String() string

func (*KubernetesClusterV3List) Unmarshal 

func (m *KubernetesClusterV3List) Unmarshal(dAtA []byte) error

func (*KubernetesClusterV3List) XXX_DiscardUnknown 

func (m *KubernetesClusterV3List) XXX_DiscardUnknown()

func (*KubernetesClusterV3List) XXX_Marshal 

func (m *KubernetesClusterV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesClusterV3List) XXX_Merge 

func (m *KubernetesClusterV3List) XXX_Merge(src proto.Message)

func (*KubernetesClusterV3List) XXX_Size 

func (m *KubernetesClusterV3List) XXX_Size() int

func (*KubernetesClusterV3List) XXX_Unmarshal 

func (m *KubernetesClusterV3List) XXX_Unmarshal(b []byte) error

type KubernetesJoinType 

type KubernetesJoinType string
var (
	KubernetesJoinTypeUnspecified KubernetesJoinType = ""
	KubernetesJoinTypeInCluster   KubernetesJoinType = "in_cluster"
	KubernetesJoinTypeStaticJWKS  KubernetesJoinType = "static_jwks"
)

type KubernetesMatcher 

type KubernetesMatcher struct {
	// Types are Kubernetes services types to match. Currently only 'app' is supported.
	Types []string `protobuf:"bytes,1,rep,name=Types,proto3" json:"types,omitempty"`
	// Namespaces are Kubernetes namespaces in which to discover services
	Namespaces []string `protobuf:"bytes,2,rep,name=Namespaces,proto3" json:"namespaces,omitempty"`
	// Labels are Kubernetes services labels to match.
	Labels               Labels   `protobuf:"bytes,3,opt,name=Labels,proto3,customtype=Labels" json:"labels,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KubernetesMatcher matches Kubernetes services.

func (*KubernetesMatcher) CheckAndSetDefaults 

func (m *KubernetesMatcher) CheckAndSetDefaults() error

CheckAndSetDefaults that the matcher is correct and adds default values.

func (*KubernetesMatcher) Descriptor 

func (*KubernetesMatcher) Descriptor() ([]byte, []int)

func (*KubernetesMatcher) Marshal 

func (m *KubernetesMatcher) Marshal() (dAtA []byte, err error)

func (*KubernetesMatcher) MarshalTo 

func (m *KubernetesMatcher) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesMatcher) MarshalToSizedBuffer 

func (m *KubernetesMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesMatcher) ProtoMessage 

func (*KubernetesMatcher) ProtoMessage()

func (*KubernetesMatcher) Reset 

func (m *KubernetesMatcher) Reset()

func (*KubernetesMatcher) Size 

func (m *KubernetesMatcher) Size() (n int)

func (*KubernetesMatcher) String 

func (m *KubernetesMatcher) String() string

func (*KubernetesMatcher) Unmarshal 

func (m *KubernetesMatcher) Unmarshal(dAtA []byte) error

func (*KubernetesMatcher) XXX_DiscardUnknown 

func (m *KubernetesMatcher) XXX_DiscardUnknown()

func (*KubernetesMatcher) XXX_Marshal 

func (m *KubernetesMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesMatcher) XXX_Merge 

func (m *KubernetesMatcher) XXX_Merge(src proto.Message)

func (*KubernetesMatcher) XXX_Size 

func (m *KubernetesMatcher) XXX_Size() int

func (*KubernetesMatcher) XXX_Unmarshal 

func (m *KubernetesMatcher) XXX_Unmarshal(b []byte) error

type KubernetesResource 

type KubernetesResource struct {
	// Kind specifies the Kubernetes Resource type.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind,omitempty"`
	// Namespace is the resource namespace.
	// It supports wildcards.
	Namespace string `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"namespace,omitempty"`
	// Name is the resource name.
	// It supports wildcards.
	Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name,omitempty"`
	// Verbs are the allowed Kubernetes verbs for the following resource.
	Verbs []string `protobuf:"bytes,4,rep,name=Verbs,proto3" json:"verbs,omitempty"`
	// APIGroup specifies the Kubernetes API group of the Kubernetes resource.
	// It supports wildcards.
	APIGroup             string   `protobuf:"bytes,5,opt,name=APIGroup,proto3" json:"api_group,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KubernetesResource is the Kubernetes resource identifier.

func (*KubernetesResource) ClusterResource 

func (k *KubernetesResource) ClusterResource() string

ClusterResource returns the resource name in the following format <namespace>/<name>.

func (*KubernetesResource) Descriptor 

func (*KubernetesResource) Descriptor() ([]byte, []int)

func (*KubernetesResource) Marshal 

func (m *KubernetesResource) Marshal() (dAtA []byte, err error)

func (*KubernetesResource) MarshalTo 

func (m *KubernetesResource) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesResource) MarshalToSizedBuffer 

func (m *KubernetesResource) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesResource) ProtoMessage 

func (*KubernetesResource) ProtoMessage()

func (*KubernetesResource) Reset 

func (m *KubernetesResource) Reset()

func (*KubernetesResource) Size 

func (m *KubernetesResource) Size() (n int)

func (*KubernetesResource) String 

func (m *KubernetesResource) String() string

func (*KubernetesResource) Unmarshal 

func (m *KubernetesResource) Unmarshal(dAtA []byte) error

func (*KubernetesResource) XXX_DiscardUnknown 

func (m *KubernetesResource) XXX_DiscardUnknown()

func (*KubernetesResource) XXX_Marshal 

func (m *KubernetesResource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesResource) XXX_Merge 

func (m *KubernetesResource) XXX_Merge(src proto.Message)

func (*KubernetesResource) XXX_Size 

func (m *KubernetesResource) XXX_Size() int

func (*KubernetesResource) XXX_Unmarshal 

func (m *KubernetesResource) XXX_Unmarshal(b []byte) error

type KubernetesResourceSpecV1 

type KubernetesResourceSpecV1 struct {
	// Namespace is the resource namespace.
	Namespace            string   `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"namespace"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KubernetesResourceSpecV1 is the Kubernetes resource spec.

func (*KubernetesResourceSpecV1) Descriptor 

func (*KubernetesResourceSpecV1) Descriptor() ([]byte, []int)

func (*KubernetesResourceSpecV1) Marshal 

func (m *KubernetesResourceSpecV1) Marshal() (dAtA []byte, err error)

func (*KubernetesResourceSpecV1) MarshalTo 

func (m *KubernetesResourceSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesResourceSpecV1) MarshalToSizedBuffer 

func (m *KubernetesResourceSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesResourceSpecV1) ProtoMessage 

func (*KubernetesResourceSpecV1) ProtoMessage()

func (*KubernetesResourceSpecV1) Reset 

func (m *KubernetesResourceSpecV1) Reset()

func (*KubernetesResourceSpecV1) Size 

func (m *KubernetesResourceSpecV1) Size() (n int)

func (*KubernetesResourceSpecV1) String 

func (m *KubernetesResourceSpecV1) String() string

func (*KubernetesResourceSpecV1) Unmarshal 

func (m *KubernetesResourceSpecV1) Unmarshal(dAtA []byte) error

func (*KubernetesResourceSpecV1) XXX_DiscardUnknown 

func (m *KubernetesResourceSpecV1) XXX_DiscardUnknown()

func (*KubernetesResourceSpecV1) XXX_Marshal 

func (m *KubernetesResourceSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesResourceSpecV1) XXX_Merge 

func (m *KubernetesResourceSpecV1) XXX_Merge(src proto.Message)

func (*KubernetesResourceSpecV1) XXX_Size 

func (m *KubernetesResourceSpecV1) XXX_Size() int

func (*KubernetesResourceSpecV1) XXX_Unmarshal 

func (m *KubernetesResourceSpecV1) XXX_Unmarshal(b []byte) error

type KubernetesResourceV1 

type KubernetesResourceV1 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is KubernetesResourceV1 metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec contains the Kubernetes resource data.
	Spec                 KubernetesResourceSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
	XXX_unrecognized     []byte                   `json:"-"`
	XXX_sizecache        int32                    `json:"-"`
}

KubernetesResourceV1 represents a Kubernetes resource.

func NewKubernetesPodV1 

func NewKubernetesPodV1(meta Metadata, spec KubernetesResourceSpecV1) (*KubernetesResourceV1, error)

NewKubernetesPodV1 creates a new kubernetes resource with kind "pod".

func NewKubernetesResourceV1 

func NewKubernetesResourceV1(kind string, meta Metadata, spec KubernetesResourceSpecV1) (*KubernetesResourceV1, error)

NewKubernetesResourceV1 creates a new kubernetes resource .

func (*KubernetesResourceV1) CheckAndSetDefaults 

func (k *KubernetesResourceV1) CheckAndSetDefaults() error

CheckAndSetDefaults validates the Resource and sets any empty fields to default values.

func (*KubernetesResourceV1) Descriptor 

func (*KubernetesResourceV1) Descriptor() ([]byte, []int)

func (*KubernetesResourceV1) Expiry 

func (k *KubernetesResourceV1) Expiry() time.Time

Expiry returns object expiry setting.

func (*KubernetesResourceV1) GetAllLabels 

func (k *KubernetesResourceV1) GetAllLabels() map[string]string

GetAllLabels returns all resource's labels.

func (*KubernetesResourceV1) GetKind 

func (k *KubernetesResourceV1) GetKind() string

GetKind returns resource kind.

func (*KubernetesResourceV1) GetLabel 

func (k *KubernetesResourceV1) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*KubernetesResourceV1) GetMetadata 

func (k *KubernetesResourceV1) GetMetadata() Metadata

GetMetadata returns object metadata.

func (*KubernetesResourceV1) GetName 

func (k *KubernetesResourceV1) GetName() string

GetName returns the name of the resource.

func (*KubernetesResourceV1) GetRevision 

func (k *KubernetesResourceV1) GetRevision() string

GetRevision returns the revision

func (*KubernetesResourceV1) GetStaticLabels 

func (k *KubernetesResourceV1) GetStaticLabels() map[string]string

GetStaticLabels returns the resource's static labels.

func (*KubernetesResourceV1) GetSubKind 

func (k *KubernetesResourceV1) GetSubKind() string

GetSubKind returns resource subkind.

func (*KubernetesResourceV1) GetVersion 

func (k *KubernetesResourceV1) GetVersion() string

GetVersion returns resource version.

func (*KubernetesResourceV1) Marshal 

func (m *KubernetesResourceV1) Marshal() (dAtA []byte, err error)

func (*KubernetesResourceV1) MarshalTo 

func (m *KubernetesResourceV1) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesResourceV1) MarshalToSizedBuffer 

func (m *KubernetesResourceV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesResourceV1) MatchSearch 

func (k *KubernetesResourceV1) MatchSearch(searchValues []string) bool

MatchSearch goes through select field values of a resource and tries to match against the list of search values.

func (*KubernetesResourceV1) Origin 

func (k *KubernetesResourceV1) Origin() string

Origin returns the origin value of the resource.

func (*KubernetesResourceV1) ProtoMessage 

func (*KubernetesResourceV1) ProtoMessage()

func (*KubernetesResourceV1) Reset 

func (m *KubernetesResourceV1) Reset()

func (*KubernetesResourceV1) SetExpiry 

func (k *KubernetesResourceV1) SetExpiry(expire time.Time)

SetExpiry sets object expiry.

func (*KubernetesResourceV1) SetName 

func (k *KubernetesResourceV1) SetName(name string)

SetName sets the name of the resource.

func (*KubernetesResourceV1) SetOrigin 

func (k *KubernetesResourceV1) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*KubernetesResourceV1) SetRevision 

func (k *KubernetesResourceV1) SetRevision(rev string)

SetRevision sets the revision

func (*KubernetesResourceV1) SetStaticLabels 

func (k *KubernetesResourceV1) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the resource's static labels.

func (*KubernetesResourceV1) SetSubKind 

func (k *KubernetesResourceV1) SetSubKind(subKind string)

SetSubKind sets resource subkind.

func (*KubernetesResourceV1) Size 

func (m *KubernetesResourceV1) Size() (n int)

func (*KubernetesResourceV1) String 

func (m *KubernetesResourceV1) String() string

func (*KubernetesResourceV1) Unmarshal 

func (m *KubernetesResourceV1) Unmarshal(dAtA []byte) error

func (*KubernetesResourceV1) XXX_DiscardUnknown 

func (m *KubernetesResourceV1) XXX_DiscardUnknown()

func (*KubernetesResourceV1) XXX_Marshal 

func (m *KubernetesResourceV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesResourceV1) XXX_Merge 

func (m *KubernetesResourceV1) XXX_Merge(src proto.Message)

func (*KubernetesResourceV1) XXX_Size 

func (m *KubernetesResourceV1) XXX_Size() int

func (*KubernetesResourceV1) XXX_Unmarshal 

func (m *KubernetesResourceV1) XXX_Unmarshal(b []byte) error

type KubernetesServerSpecV3 

type KubernetesServerSpecV3 struct {
	// Version is the Teleport version that the server is running.
	Version string `protobuf:"bytes,1,opt,name=Version,proto3" json:"version"`
	// Hostname is the Kubernetes server hostname.
	Hostname string `protobuf:"bytes,2,opt,name=Hostname,proto3" json:"hostname"`
	// HostID is the Kubernetes server host uuid.
	HostID string `protobuf:"bytes,3,opt,name=HostID,proto3" json:"host_id"`
	// Rotation contains the Kubernetes server CA rotation information.
	Rotation Rotation `protobuf:"bytes,4,opt,name=Rotation,proto3" json:"rotation,omitempty"`
	// Cluster is a Kubernetes Cluster proxied by this Kubernetes server.
	Cluster *KubernetesClusterV3 `protobuf:"bytes,5,opt,name=Cluster,proto3" json:"cluster"`
	// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
	ProxyIDs             []string `protobuf:"bytes,6,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KubernetesServerSpecV3 is the Kubernetes server spec.

func (*KubernetesServerSpecV3) Descriptor 

func (*KubernetesServerSpecV3) Descriptor() ([]byte, []int)

func (*KubernetesServerSpecV3) Marshal 

func (m *KubernetesServerSpecV3) Marshal() (dAtA []byte, err error)

func (*KubernetesServerSpecV3) MarshalTo 

func (m *KubernetesServerSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesServerSpecV3) MarshalToSizedBuffer 

func (m *KubernetesServerSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesServerSpecV3) ProtoMessage 

func (*KubernetesServerSpecV3) ProtoMessage()

func (*KubernetesServerSpecV3) Reset 

func (m *KubernetesServerSpecV3) Reset()

func (*KubernetesServerSpecV3) Size 

func (m *KubernetesServerSpecV3) Size() (n int)

func (*KubernetesServerSpecV3) String 

func (m *KubernetesServerSpecV3) String() string

func (*KubernetesServerSpecV3) Unmarshal 

func (m *KubernetesServerSpecV3) Unmarshal(dAtA []byte) error

func (*KubernetesServerSpecV3) XXX_DiscardUnknown 

func (m *KubernetesServerSpecV3) XXX_DiscardUnknown()

func (*KubernetesServerSpecV3) XXX_Marshal 

func (m *KubernetesServerSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesServerSpecV3) XXX_Merge 

func (m *KubernetesServerSpecV3) XXX_Merge(src proto.Message)

func (*KubernetesServerSpecV3) XXX_Size 

func (m *KubernetesServerSpecV3) XXX_Size() int

func (*KubernetesServerSpecV3) XXX_Unmarshal 

func (m *KubernetesServerSpecV3) XXX_Unmarshal(b []byte) error

type KubernetesServerV3 

type KubernetesServerV3 struct {
	// Kind is the Kubernetes server resource kind. Always "kube_server".
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the Kubernetes server metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the Kubernetes server spec.
	Spec                 KubernetesServerSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

KubernetesServerV3 represents a Kubernetes server.

func NewKubernetesServerV3 

func NewKubernetesServerV3(meta Metadata, spec KubernetesServerSpecV3) (*KubernetesServerV3, error)

NewKubernetesServerV3 creates a new kube server instance.

func NewKubernetesServerV3FromCluster 

func NewKubernetesServerV3FromCluster(cluster *KubernetesClusterV3, hostname, hostID string) (*KubernetesServerV3, error)

NewKubernetesServerV3FromCluster creates a new kubernetes server from the provided clusters.

func (*KubernetesServerV3) CheckAndSetDefaults 

func (s *KubernetesServerV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*KubernetesServerV3) CloneResource 

func (s *KubernetesServerV3) CloneResource() ResourceWithLabels

CloneResource returns a copy of this kube server object.

func (*KubernetesServerV3) Copy 

func (s *KubernetesServerV3) Copy() KubeServer

Copy returns a copy of this kube server object.

func (*KubernetesServerV3) Descriptor 

func (*KubernetesServerV3) Descriptor() ([]byte, []int)

func (*KubernetesServerV3) Expiry 

func (s *KubernetesServerV3) Expiry() time.Time

Expiry returns the resource expiry time.

func (*KubernetesServerV3) GetAllLabels 

func (s *KubernetesServerV3) GetAllLabels() map[string]string

GetAllLabels returns all resource's labels. Considering: * Static labels from `Metadata.Labels` and `Spec.Cluster`. * Dynamic labels from `Spec.Cluster.Spec`.

func (*KubernetesServerV3) GetCluster 

func (s *KubernetesServerV3) GetCluster() KubeCluster

GetCluster returns the cluster this kube server proxies.

func (*KubernetesServerV3) GetHostID 

func (s *KubernetesServerV3) GetHostID() string

GetHostID returns ID of the host the server is running on.

func (*KubernetesServerV3) GetHostname 

func (s *KubernetesServerV3) GetHostname() string

GetHostname returns the kubernetes server hostname.

func (*KubernetesServerV3) GetKind 

func (s *KubernetesServerV3) GetKind() string

GetKind returns the resource kind.

func (*KubernetesServerV3) GetLabel 

func (s *KubernetesServerV3) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*KubernetesServerV3) GetMetadata 

func (s *KubernetesServerV3) GetMetadata() Metadata

GetMetadata returns the resource metadata.

func (*KubernetesServerV3) GetName 

func (s *KubernetesServerV3) GetName() string

GetName returns the resource name.

func (*KubernetesServerV3) GetNamespace 

func (s *KubernetesServerV3) GetNamespace() string

GetNamespace returns the resource namespace.

func (*KubernetesServerV3) GetProxyIDs 

func (s *KubernetesServerV3) GetProxyIDs() []string

GetProxyIDs returns a list of proxy ids this server is connected to.

func (*KubernetesServerV3) GetRevision 

func (s *KubernetesServerV3) GetRevision() string

GetRevision returns the revision

func (*KubernetesServerV3) GetRotation 

func (s *KubernetesServerV3) GetRotation() Rotation

GetRotation returns the server CA rotation state.

func (*KubernetesServerV3) GetStaticLabels 

func (s *KubernetesServerV3) GetStaticLabels() map[string]string

GetStaticLabels returns the kube server static labels.

func (*KubernetesServerV3) GetSubKind 

func (s *KubernetesServerV3) GetSubKind() string

GetSubKind returns the resource subkind.

func (*KubernetesServerV3) GetTeleportVersion 

func (s *KubernetesServerV3) GetTeleportVersion() string

GetTeleportVersion returns the Teleport version the server is running.

func (*KubernetesServerV3) GetVersion 

func (s *KubernetesServerV3) GetVersion() string

GetVersion returns the kubernetes server resource version.

func (*KubernetesServerV3) IsEqual 

func (k *KubernetesServerV3) IsEqual(i KubeServer) bool

IsEqual determines if two kube server resources are equivalent to one another.

func (*KubernetesServerV3) Marshal 

func (m *KubernetesServerV3) Marshal() (dAtA []byte, err error)

func (*KubernetesServerV3) MarshalTo 

func (m *KubernetesServerV3) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesServerV3) MarshalToSizedBuffer 

func (m *KubernetesServerV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesServerV3) MatchSearch 

func (s *KubernetesServerV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*KubernetesServerV3) Origin 

func (s *KubernetesServerV3) Origin() string

Origin returns the origin value of the resource.

func (*KubernetesServerV3) ProtoMessage 

func (*KubernetesServerV3) ProtoMessage()

func (*KubernetesServerV3) Reset 

func (m *KubernetesServerV3) Reset()

func (*KubernetesServerV3) SetCluster 

func (s *KubernetesServerV3) SetCluster(cluster KubeCluster) error

SetCluster sets the cluster this kube server proxies.

func (*KubernetesServerV3) SetExpiry 

func (s *KubernetesServerV3) SetExpiry(expiry time.Time)

SetExpiry sets the resource expiry time.

func (*KubernetesServerV3) SetName 

func (s *KubernetesServerV3) SetName(name string)

SetName sets the resource name.

func (*KubernetesServerV3) SetOrigin 

func (s *KubernetesServerV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*KubernetesServerV3) SetProxyIDs 

func (s *KubernetesServerV3) SetProxyIDs(proxyIDs []string)

SetProxyID sets the proxy ids this server is connected to.

func (*KubernetesServerV3) SetRevision 

func (s *KubernetesServerV3) SetRevision(rev string)

SetRevision sets the revision

func (*KubernetesServerV3) SetRotation 

func (s *KubernetesServerV3) SetRotation(r Rotation)

SetRotation sets the server CA rotation state.

func (*KubernetesServerV3) SetStaticLabels 

func (s *KubernetesServerV3) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the kube server static labels.

func (*KubernetesServerV3) SetSubKind 

func (s *KubernetesServerV3) SetSubKind(sk string)

SetSubKind sets the resource subkind.

func (*KubernetesServerV3) Size 

func (m *KubernetesServerV3) Size() (n int)

func (*KubernetesServerV3) String 

func (s *KubernetesServerV3) String() string

String returns the server string representation.

func (*KubernetesServerV3) Unmarshal 

func (m *KubernetesServerV3) Unmarshal(dAtA []byte) error

func (*KubernetesServerV3) XXX_DiscardUnknown 

func (m *KubernetesServerV3) XXX_DiscardUnknown()

func (*KubernetesServerV3) XXX_Marshal 

func (m *KubernetesServerV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesServerV3) XXX_Merge 

func (m *KubernetesServerV3) XXX_Merge(src proto.Message)

func (*KubernetesServerV3) XXX_Size 

func (m *KubernetesServerV3) XXX_Size() int

func (*KubernetesServerV3) XXX_Unmarshal 

func (m *KubernetesServerV3) XXX_Unmarshal(b []byte) error

type LabelMatchers 

type LabelMatchers struct {
	Labels     Labels
	Expression string
}

LabelMatchers holds the role label matchers and label expression that are used to match resource labels of a specific resource kind and condition (allow/deny).

func (LabelMatchers) Empty 

func (l LabelMatchers) Empty() bool

Empty returns true if all elements of the LabelMatchers are empty/unset.

type Labels 

type Labels map[string]utils.Strings

Labels is a wrapper around map that can marshal and unmarshal itself from scalar and list values

func (Labels) Clone 

func (l Labels) Clone() Labels

Clone returns non-shallow copy of the labels set

func (Labels) Marshal 

func (l Labels) Marshal() ([]byte, error)

Marshal marshals value into protobuf representation

func (Labels) MarshalTo 

func (l Labels) MarshalTo(data []byte) (int, error)

MarshalTo marshals value to the array

func (Labels) Size 

func (l Labels) Size() int

Size returns protobuf size

func (Labels) ToProto 

func (l Labels) ToProto() *wrappers.LabelValues

ToProto returns a protobuf-compatible representation of Labels.

func (*Labels) Unmarshal 

func (l *Labels) Unmarshal(data []byte) error

Unmarshal unmarshals value from protobuf

type License 

type License interface {
	Resource

	// GetReportsUsage returns true if the Teleport cluster should report usage
	// to the Houston control plane.
	GetReportsUsage() Bool
	// SetReportsUsage sets the Houston usage reporting flag.
	SetReportsUsage(Bool)
	// GetSalesCenterReporting returns true if the Teleport cluster should
	// report usage to Sales Center.
	GetSalesCenterReporting() Bool
	// SetSalesCenterReporting sets the Sales Center usage reporting flag.
	SetSalesCenterReporting(Bool)

	// GetCloud returns true if teleport cluster is hosted by Gravitational
	GetCloud() Bool
	// SetCloud sets cloud flag
	SetCloud(Bool)

	// GetAWSProductID returns product id that limits usage to AWS instance
	// with a similar product ID
	GetAWSProductID() string
	// SetAWSProductID sets AWS product ID
	SetAWSProductID(string)

	// GetAWSAccountID limits usage to AWS instance within account ID
	GetAWSAccountID() string
	// SetAWSAccountID sets AWS account ID that will be limiting
	// usage to AWS instance
	SetAWSAccountID(accountID string)

	// GetSupportsKubernetes returns kubernetes support flag
	GetSupportsKubernetes() Bool
	// SetSupportsKubernetes sets kubernetes support flag
	SetSupportsKubernetes(Bool)

	// GetSupportsApplicationAccess returns application access support flag
	GetSupportsApplicationAccess() Bool
	// SetSupportsApplicationAccess sets application access support flag
	SetSupportsApplicationAccess(Bool)

	// GetSupportsDatabaseAccess returns database access support flag
	GetSupportsDatabaseAccess() Bool
	// SetSupportsDatabaseAccess sets database access support flag
	SetSupportsDatabaseAccess(Bool)

	// GetSupportsDesktopAccess returns desktop access support flag
	GetSupportsDesktopAccess() Bool
	// SetSupportsDesktopAccess sets desktop access support flag
	SetSupportsDesktopAccess(Bool)

	// GetSupportsModeratedSessions returns moderated sessions support flag
	// Note: this flag is unused in Teleport v11+ but it's still used to
	// generate licenses that support older versions of Teleport
	GetSupportsModeratedSessions() Bool
	// SetSupportsModeratedSessions sets moderated sessions support flag
	// Note: this flag is unused in Teleport v11+ but it's still used to
	// generate licenses that support older versions of Teleport
	SetSupportsModeratedSessions(Bool)

	// GetSupportsMachineID returns MachineID support flag
	// Note: this flag is unused in Teleport v11+ but it's still used to
	// generate licenses that support older versions of Teleport
	GetSupportsMachineID() Bool
	// SetSupportsMachineID sets MachineID support flag
	// Note: this flag is unused in Teleport v11+ but it's still used to
	// generate licenses that support older versions of Teleport
	SetSupportsMachineID(Bool)

	// GetSupportsResourceAccessRequests returns resource access requests support flag
	// Note: this flag is unused in Teleport v11+ but it's still used to
	// generate licenses that support older versions of Teleport
	GetSupportsResourceAccessRequests() Bool
	// SetSupportsResourceAccessRequests sets resource access requests support flag
	// Note: this flag is unused in Teleport v11+ but it's still used to
	// generate licenses that support older versions of Teleport
	SetSupportsResourceAccessRequests(Bool)

	// GetSupportsFeatureHiding returns feature hiding support flag.
	GetSupportsFeatureHiding() Bool
	// SetSupportsFeatureHiding sets feature hiding support flag.
	SetSupportsFeatureHiding(Bool)

	// GetTrial returns the trial flag.
	//  Note: This is not applicable to Cloud licenses
	GetTrial() Bool
	// SetTrial sets the trial flag.
	//  Note: This is not applicable to Cloud licenses
	SetTrial(Bool)

	// SetLabels sets metadata labels
	SetLabels(labels map[string]string)

	// GetAccountID returns Account ID.
	//  Note: This is not applicable to all Cloud licenses
	GetAccountID() string

	// GetFeatureSource returns where the features should be loaded from.
	//
	// Deprecated.
	// FeatureSource was used to differentiate between
	// cloud+team vs cloud+enterprise. cloud+enterprise read from license
	// and cloud+team read from salescenter. With the new EUB product,
	// all cloud+ will read from salescenter.
	GetFeatureSource() FeatureSource

	// GetCustomTheme returns the name of the WebUI custom theme
	GetCustomTheme() string

	// SetCustomTheme sets the name of the WebUI custom theme
	SetCustomTheme(themeName string)

	// GetSupportsIdentityGovernanceSecurity returns IGS features support flag.
	// IGS includes: access list, access request, access monitoring and device trust.
	GetSupportsIdentityGovernanceSecurity() Bool
	// SetSupportsIdentityGovernanceSecurity sets IGS feature support flag.
	// IGS includes: access list, access request, access monitoring and device trust.
	SetSupportsIdentityGovernanceSecurity(Bool)
	// GetUsageBasedBilling returns if usage based billing is turned on or off
	GetUsageBasedBilling() Bool
	// SetUsageBasedBilling sets flag for usage based billing
	SetUsageBasedBilling(Bool)

	// GetAnonymizationKey returns a key that should be used to
	// anonymize usage data if it's set.
	GetAnonymizationKey() string
	// SetAnonymizationKey sets the anonymization key.
	SetAnonymizationKey(string)

	// GetSupportsPolicy returns Teleport Policy support flag.
	GetSupportsPolicy() Bool
	// SetSupportsPolicy sets Teleport Policy support flag.
	SetSupportsPolicy(Bool)

	// GetEntitlements returns the Entitlements object
	GetEntitlements() map[string]EntitlementInfo
	// SetEntitlements sets the Entitlements object
	SetEntitlements(map[string]EntitlementInfo)
}

License defines teleport License Information

func NewLicense 

func NewLicense(name string, spec LicenseSpecV3) (License, error)

NewLicense is a convenience method to create LicenseV3.

type LicenseSpecV3 

type LicenseSpecV3 struct {
	// AccountID is a customer account ID
	AccountID string `json:"account_id,omitempty"`
	// AWSProductID limits usage to AWS instance with a product ID
	AWSProductID string `json:"aws_pid,omitempty"`
	// AWSAccountID limits usage to AWS instance within account ID
	AWSAccountID string `json:"aws_account,omitempty"`
	// SupportsKubernetes turns kubernetes support on or off
	SupportsKubernetes Bool `json:"k8s"`
	// SupportsApplicationAccess turns application access on or off
	// Note it's a pointer for backward compatibility
	SupportsApplicationAccess *Bool `json:"app,omitempty"`
	// SupportsDatabaseAccess turns database access on or off
	SupportsDatabaseAccess Bool `json:"db,omitempty"`
	// SupportsDesktopAccess turns desktop access on or off
	SupportsDesktopAccess Bool `json:"desktop,omitempty"`
	// ReportsUsage turns Houston usage reporting on or off
	ReportsUsage Bool `json:"usage,omitempty"`
	// SalesCenterReporting turns Sales Center usage reporting on or off
	SalesCenterReporting Bool `json:"reporting,omitempty"`
	// Cloud is turned on when teleport is hosted by Gravitational
	Cloud Bool `json:"cloud,omitempty"`
	// SupportsModeratedSessions turns on moderated sessions
	SupportsModeratedSessions Bool `json:"moderated_sessions,omitempty"`
	// SupportsMachineID turns MachineID support on or off
	SupportsMachineID Bool `json:"machine_id,omitempty"`
	// SupportsResourceAccessRequests turns resource access request support on or off
	SupportsResourceAccessRequests Bool `json:"resource_access_requests,omitempty"`
	// SupportsFeatureHiding turns feature hiding support on or off
	SupportsFeatureHiding Bool `json:"feature_hiding,omitempty"`
	// Trial is true for trial licenses
	Trial Bool `json:"trial,omitempty"`
	// FeatureSource is the source of the set of enabled feature
	//
	// Deprecated.
	// FeatureSource was used to differentiate between
	// cloud+team vs cloud+enterprise. cloud+enterprise read from license
	// and cloud+team read from salescenter. With the new EUB product,
	// all cloud+ will read from salescenter.
	FeatureSource FeatureSource `json:"feature_source"`
	// CustomTheme is the name of the WebUI custom theme
	CustomTheme string `json:"custom_theme,omitempty"`
	// SupportsIdentityGovernanceSecurity turns IGS features on or off.
	SupportsIdentityGovernanceSecurity Bool `json:"identity_governance_security,omitempty"`
	// UsageBasedBilling determines if the user subscription is usage-based (pay-as-you-go).
	UsageBasedBilling Bool `json:"usage_based_billing,omitempty"`
	// AnonymizationKey is a key that is used to anonymize usage data when it is set.
	// It should only be set when UsageBasedBilling is true.
	AnonymizationKey string `json:"anonymization_key,omitempty"`
	// SupportsPolicy turns Teleport Policy features on or off.
	SupportsPolicy Bool `json:"policy,omitempty"`

	// entitlements define a customer’s access to a specific features
	Entitlements map[string]EntitlementInfo `json:"entitlements,omitempty"`
}

LicenseSpecV3 is the actual data we care about for LicenseV3. When changing this, keep in mind that other consumers of teleport/api (Houston, Sales Center) might still need to generate or parse licenses for older versions of Teleport.

type LicenseV3 

type LicenseV3 struct {
	// Kind is a resource kind - always resource.
	Kind string `json:"kind"`

	// SubKind is a resource sub kind
	SubKind string `json:"sub_kind,omitempty"`

	// Version is a resource version.
	Version string `json:"version"`

	// Metadata is metadata about the resource.
	Metadata Metadata `json:"metadata"`

	// Spec is the specification of the resource.
	Spec LicenseSpecV3 `json:"spec"`
}

LicenseV3 represents License resource version V3. When changing this, keep in mind that other consumers of teleport/api (Houston, Sales Center) might still need to generate or parse licenses for older versions of Teleport.

func (*LicenseV3) CheckAndSetDefaults 

func (c *LicenseV3) CheckAndSetDefaults() error

CheckAndSetDefaults verifies the constraints for License.

func (*LicenseV3) Expiry 

func (c *LicenseV3) Expiry() time.Time

Expiry returns object expiry setting

func (*LicenseV3) GetAWSAccountID 

func (c *LicenseV3) GetAWSAccountID() string

GetAWSAccountID limits usage to AWS instance within account ID

func (*LicenseV3) GetAWSProductID 

func (c *LicenseV3) GetAWSProductID() string

GetAWSProductID returns product ID that limits usage to AWS instance with a similar product ID

func (*LicenseV3) GetAccountID 

func (c *LicenseV3) GetAccountID() string

GetAccountID sets AWS product ID

func (*LicenseV3) GetAnonymizationKey 

func (c *LicenseV3) GetAnonymizationKey() string

GetAnonymizationKey returns a key that should be used to anonymize usage data if it's set.

func (*LicenseV3) GetCloud 

func (c *LicenseV3) GetCloud() Bool

GetCloud returns true if teleport cluster is hosted by Gravitational

func (*LicenseV3) GetCustomTheme 

func (c *LicenseV3) GetCustomTheme() string

GetCustomTheme returns the name of the WebUI custom theme

func (*LicenseV3) GetEntitlements 

func (c *LicenseV3) GetEntitlements() map[string]EntitlementInfo

GetEntitlements returns Entitlements

func (*LicenseV3) GetFeatureSource 

func (c *LicenseV3) GetFeatureSource() FeatureSource

GetFeatureSource returns the source Teleport should use to read the features

func (*LicenseV3) GetKind 

func (c *LicenseV3) GetKind() string

GetKind returns resource kind

func (*LicenseV3) GetLabels 

func (c *LicenseV3) GetLabels() map[string]string

GetLabels returns metadata labels

func (*LicenseV3) GetMetadata 

func (c *LicenseV3) GetMetadata() Metadata

GetMetadata returns object metadata

func (*LicenseV3) GetName 

func (c *LicenseV3) GetName() string

GetName returns the name of the resource

func (*LicenseV3) GetReportsUsage 

func (c *LicenseV3) GetReportsUsage() Bool

GetReportsUsage returns true if the Teleport cluster should report usage to the Houston control plane.

func (*LicenseV3) GetRevision 

func (c *LicenseV3) GetRevision() string

GetRevision returns the revision

func (*LicenseV3) GetSalesCenterReporting 

func (c *LicenseV3) GetSalesCenterReporting() Bool

GetSalesCenterReporting returns true if the Teleport cluster should report usage to Sales Center.

func (*LicenseV3) GetSubKind 

func (c *LicenseV3) GetSubKind() string

GetSubKind returns resource sub kind

func (*LicenseV3) GetSupportsApplicationAccess 

func (c *LicenseV3) GetSupportsApplicationAccess() Bool

GetSupportsApplicationAccess returns application access support flag

func (*LicenseV3) GetSupportsDatabaseAccess 

func (c *LicenseV3) GetSupportsDatabaseAccess() Bool

GetSupportsDatabaseAccess returns database access support flag

func (*LicenseV3) GetSupportsDesktopAccess 

func (c *LicenseV3) GetSupportsDesktopAccess() Bool

GetSupportsDesktopAccess returns desktop access support flag

func (*LicenseV3) GetSupportsFeatureHiding 

func (c *LicenseV3) GetSupportsFeatureHiding() Bool

GetSupportsFeatureHiding returns feature hiding requests support flag

func (*LicenseV3) GetSupportsIdentityGovernanceSecurity 

func (c *LicenseV3) GetSupportsIdentityGovernanceSecurity() Bool

GetSupportsIdentityGovernanceSecurity returns IGS feature support flag. IGS includes: access list, access request, access monitoring and device trust.

func (*LicenseV3) GetSupportsKubernetes 

func (c *LicenseV3) GetSupportsKubernetes() Bool

GetSupportsKubernetes returns kubernetes support flag

func (*LicenseV3) GetSupportsMachineID 

func (c *LicenseV3) GetSupportsMachineID() Bool

GetSupportsMachineID returns MachineID support flag

func (*LicenseV3) GetSupportsModeratedSessions 

func (c *LicenseV3) GetSupportsModeratedSessions() Bool

GetSupportsModeratedSessions returns moderated sessions support flag

func (*LicenseV3) GetSupportsPolicy 

func (c *LicenseV3) GetSupportsPolicy() Bool

GetSupportsPolicy returns Teleport Policy support flag

func (*LicenseV3) GetSupportsResourceAccessRequests 

func (c *LicenseV3) GetSupportsResourceAccessRequests() Bool

GetSupportsResourceAccessRequests returns resource access requests support flag

func (*LicenseV3) GetTrial 

func (c *LicenseV3) GetTrial() Bool

GetTrial returns the trial flag

func (*LicenseV3) GetUsageBasedBilling 

func (c *LicenseV3) GetUsageBasedBilling() Bool

GetUsageBasedBilling returns if usage based billing is turned on or off

func (*LicenseV3) GetVersion 

func (c *LicenseV3) GetVersion() string

GetVersion returns resource version

func (*LicenseV3) SetAWSAccountID 

func (c *LicenseV3) SetAWSAccountID(accountID string)

SetAWSAccountID sets AWS account ID that will be limiting usage to AWS instance

func (*LicenseV3) SetAWSProductID 

func (c *LicenseV3) SetAWSProductID(pid string)

SetAWSProductID sets AWS product ID

func (*LicenseV3) SetAnonymizationKey 

func (c *LicenseV3) SetAnonymizationKey(anonKey string)

SetAnonymizationKey sets the anonymization key.

func (*LicenseV3) SetCloud 

func (c *LicenseV3) SetCloud(cloud Bool)

SetCloud sets cloud flag

func (*LicenseV3) SetCustomTheme 

func (c *LicenseV3) SetCustomTheme(themeName string)

SetCustomTheme sets the name of the WebUI custom theme

func (*LicenseV3) SetEntitlements 

func (c *LicenseV3) SetEntitlements(value map[string]EntitlementInfo)

SetEntitlements sets Entitlements

func (*LicenseV3) SetExpiry 

func (c *LicenseV3) SetExpiry(t time.Time)

SetExpiry sets object expiry

func (*LicenseV3) SetLabels 

func (c *LicenseV3) SetLabels(labels map[string]string)

SetLabels sets metadata labels

func (*LicenseV3) SetName 

func (c *LicenseV3) SetName(name string)

SetName sets the name of the resource

func (*LicenseV3) SetReportsUsage 

func (c *LicenseV3) SetReportsUsage(reports Bool)

SetReportsUsage sets the Houston usage reporting flag.

func (*LicenseV3) SetRevision 

func (c *LicenseV3) SetRevision(rev string)

SetRevision sets the revision

func (*LicenseV3) SetSalesCenterReporting 

func (c *LicenseV3) SetSalesCenterReporting(reports Bool)

SetSalesCenterReporting sets the Sales Center usage reporting flag.

func (*LicenseV3) SetSubKind 

func (c *LicenseV3) SetSubKind(s string)

SetSubKind sets resource subkind

func (*LicenseV3) SetSupportsApplicationAccess 

func (c *LicenseV3) SetSupportsApplicationAccess(value Bool)

SetSupportsApplicationAccess sets application access support flag

func (*LicenseV3) SetSupportsDatabaseAccess 

func (c *LicenseV3) SetSupportsDatabaseAccess(value Bool)

SetSupportsDatabaseAccess sets database access support flag

func (*LicenseV3) SetSupportsDesktopAccess 

func (c *LicenseV3) SetSupportsDesktopAccess(value Bool)

SetSupportsDesktopAccess sets desktop access support flag

func (*LicenseV3) SetSupportsFeatureHiding 

func (c *LicenseV3) SetSupportsFeatureHiding(value Bool)

SetSupportsFeatureHiding sets feature hiding requests support flag

func (*LicenseV3) SetSupportsIdentityGovernanceSecurity 

func (c *LicenseV3) SetSupportsIdentityGovernanceSecurity(b Bool)

SetSupportsIdentityGovernanceSecurity sets IGS feature support flag. IGS includes: access list, access request, access monitoring and device trust.

func (*LicenseV3) SetSupportsKubernetes 

func (c *LicenseV3) SetSupportsKubernetes(supportsK8s Bool)

SetSupportsKubernetes sets kubernetes support flag

func (*LicenseV3) SetSupportsMachineID 

func (c *LicenseV3) SetSupportsMachineID(value Bool)

SetSupportsMachineID sets MachineID support flag

func (*LicenseV3) SetSupportsModeratedSessions 

func (c *LicenseV3) SetSupportsModeratedSessions(value Bool)

SetSupportsModeratedSessions sets moderated sessions support flag

func (*LicenseV3) SetSupportsPolicy 

func (c *LicenseV3) SetSupportsPolicy(value Bool)

SetSupportsPolicy sets Teleport Policy support flag

func (*LicenseV3) SetSupportsResourceAccessRequests 

func (c *LicenseV3) SetSupportsResourceAccessRequests(value Bool)

SetSupportsResourceAccessRequests sets resource access requests support flag

func (*LicenseV3) SetTrial 

func (c *LicenseV3) SetTrial(value Bool)

SetTrial sets the trial flag

func (*LicenseV3) SetUsageBasedBilling 

func (c *LicenseV3) SetUsageBasedBilling(b Bool)

SetUsageBasedBilling sets flag for usage based billing.

func (*LicenseV3) String 

func (c *LicenseV3) String() string

String represents a human readable version of license enabled features

type ListDynamicWindowsDesktopsResponse 

type ListDynamicWindowsDesktopsResponse struct {
	Desktops []DynamicWindowsDesktop
	NextKey  string
}

ListDynamicWindowsDesktopsResponse is a response type to ListDynamicWindowsDesktops.

type ListResourcesResponse 

type ListResourcesResponse struct {
	// Resources is a list of resource.
	Resources []ResourceWithLabels
	// NextKey is the next key to use as a starting point.
	NextKey string
	// TotalCount is the total number of resources available as a whole.
	TotalCount int
}

ListResourcesResponse describes a non proto response to ListResources.

type ListWindowsDesktopServicesRequest 

type ListWindowsDesktopServicesRequest struct {
	Limit                         int
	StartKey, PredicateExpression string
	Labels                        map[string]string
	SearchKeywords                []string
}

ListWindowsDesktopServicesRequest is a request type to ListWindowsDesktopServices.

type ListWindowsDesktopServicesResponse 

type ListWindowsDesktopServicesResponse struct {
	DesktopServices []WindowsDesktopService
	NextKey         string
}

ListWindowsDesktopServicesResponse is a response type to ListWindowsDesktopServices.

type ListWindowsDesktopsRequest 

type ListWindowsDesktopsRequest struct {
	WindowsDesktopFilter
	Limit                         int
	StartKey, PredicateExpression string
	Labels                        map[string]string
	SearchKeywords                []string
}

ListWindowsDesktopsRequest is a request type to ListWindowsDesktops.

type ListWindowsDesktopsResponse 

type ListWindowsDesktopsResponse struct {
	Desktops []WindowsDesktop
	NextKey  string
}

ListWindowsDesktopsResponse is a response type to ListWindowsDesktops.

type LocalAuthSecrets 

type LocalAuthSecrets struct {
	// PasswordHash encodes a combined salt & hash for password verification.
	PasswordHash []byte `protobuf:"bytes,1,opt,name=PasswordHash,proto3" json:"password_hash,omitempty"`
	// Deprecated 2nd factor fields, use MFA below instead.
	TOTPKey string       `protobuf:"bytes,2,opt,name=TOTPKey,proto3" json:"totp_key,omitempty"`
	MFA     []*MFADevice `protobuf:"bytes,5,rep,name=MFA,proto3" json:"mfa,omitempty"`
	// Webauthn holds settings necessary for webauthn local auth.
	// May be null for legacy users or users that haven't yet used webauthn as
	// their multi-factor.
	Webauthn             *WebauthnLocalAuth `protobuf:"bytes,6,opt,name=Webauthn,proto3" json:"webauthn,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

LocalAuthSecrets holds sensitive data used to authenticate a local user.

func (*LocalAuthSecrets) Descriptor 

func (*LocalAuthSecrets) Descriptor() ([]byte, []int)

func (*LocalAuthSecrets) Marshal 

func (m *LocalAuthSecrets) Marshal() (dAtA []byte, err error)

func (*LocalAuthSecrets) MarshalTo 

func (m *LocalAuthSecrets) MarshalTo(dAtA []byte) (int, error)

func (*LocalAuthSecrets) MarshalToSizedBuffer 

func (m *LocalAuthSecrets) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*LocalAuthSecrets) ProtoMessage 

func (*LocalAuthSecrets) ProtoMessage()

func (*LocalAuthSecrets) Reset 

func (m *LocalAuthSecrets) Reset()

func (*LocalAuthSecrets) Size 

func (m *LocalAuthSecrets) Size() (n int)

func (*LocalAuthSecrets) String 

func (m *LocalAuthSecrets) String() string

func (*LocalAuthSecrets) Unmarshal 

func (m *LocalAuthSecrets) Unmarshal(dAtA []byte) error

func (*LocalAuthSecrets) XXX_DiscardUnknown 

func (m *LocalAuthSecrets) XXX_DiscardUnknown()

func (*LocalAuthSecrets) XXX_Marshal 

func (m *LocalAuthSecrets) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LocalAuthSecrets) XXX_Merge 

func (m *LocalAuthSecrets) XXX_Merge(src proto.Message)

func (*LocalAuthSecrets) XXX_Size 

func (m *LocalAuthSecrets) XXX_Size() int

func (*LocalAuthSecrets) XXX_Unmarshal 

func (m *LocalAuthSecrets) XXX_Unmarshal(b []byte) error

type Lock 

type Lock interface {
	Resource
	ResourceWithOrigin
	ResourceWithLabels

	// Target returns the lock's target.
	Target() LockTarget
	// SetTarget sets the lock's target.
	SetTarget(LockTarget)

	// Message returns the message displayed to locked-out users.
	Message() string
	// SetMessage sets the lock's user message.
	SetMessage(string)

	// LockExpiry returns when the lock ceases to be in force.
	LockExpiry() *time.Time
	// SetLockExpiry sets the lock's expiry.
	SetLockExpiry(*time.Time)

	// CreatedAt returns the time the lock was created.
	CreatedAt() time.Time
	// SetCreatedAt sets the lock's created time.
	SetCreatedAt(time.Time)
	// CreatedBy returns the user that created the lock.
	CreatedBy() string
	// SetCreatedBy sets the lock's creator.
	SetCreatedBy(string)

	// IsInForce returns whether the lock is in force at a particular time.
	IsInForce(time.Time) bool
	// Clone returns a copy of the lock.
	Clone() Lock
}

Lock configures locking out of a particular access vector.

func NewLock 

func NewLock(name string, spec LockSpecV2) (Lock, error)

NewLock is a convenience method to create a Lock resource.

type LockSpecV2 

type LockSpecV2 struct {
	// Target describes the set of interactions that the lock applies to.
	Target LockTarget `protobuf:"bytes,1,opt,name=Target,proto3" json:"target"`
	// Message is the message displayed to locked-out users.
	Message string `protobuf:"bytes,2,opt,name=Message,proto3" json:"message,omitempty"`
	// Expires if set specifies when the lock ceases to be in force.
	Expires *time.Time `protobuf:"bytes,3,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
	// CreatedAt is the date time that the lock was created.
	CreatedAt time.Time `protobuf:"bytes,4,opt,name=CreatedAt,proto3,stdtime" json:"created_at,omitempty"`
	// CreatedBy is the username of the author of the lock.
	CreatedBy            string   `protobuf:"bytes,5,opt,name=CreatedBy,proto3" json:"created_by,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

LockSpecV2 is a Lock specification.

func (*LockSpecV2) Descriptor 

func (*LockSpecV2) Descriptor() ([]byte, []int)

func (*LockSpecV2) Marshal 

func (m *LockSpecV2) Marshal() (dAtA []byte, err error)

func (*LockSpecV2) MarshalTo 

func (m *LockSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*LockSpecV2) MarshalToSizedBuffer 

func (m *LockSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*LockSpecV2) ProtoMessage 

func (*LockSpecV2) ProtoMessage()

func (*LockSpecV2) Reset 

func (m *LockSpecV2) Reset()

func (*LockSpecV2) Size 

func (m *LockSpecV2) Size() (n int)

func (*LockSpecV2) String 

func (m *LockSpecV2) String() string

func (*LockSpecV2) Unmarshal 

func (m *LockSpecV2) Unmarshal(dAtA []byte) error

func (*LockSpecV2) XXX_DiscardUnknown 

func (m *LockSpecV2) XXX_DiscardUnknown()

func (*LockSpecV2) XXX_Marshal 

func (m *LockSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LockSpecV2) XXX_Merge 

func (m *LockSpecV2) XXX_Merge(src proto.Message)

func (*LockSpecV2) XXX_Size 

func (m *LockSpecV2) XXX_Size() int

func (*LockSpecV2) XXX_Unmarshal 

func (m *LockSpecV2) XXX_Unmarshal(b []byte) error

type LockTarget 

type LockTarget struct {
	// User specifies the name of a Teleport user.
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user,omitempty"`
	// Role specifies the name of an RBAC role known to the root cluster.
	// In remote clusters, this constraint is evaluated before translating to local roles.
	Role string `protobuf:"bytes,2,opt,name=Role,proto3" json:"role,omitempty"`
	// Login specifies the name of a local UNIX user.
	Login string `protobuf:"bytes,3,opt,name=Login,proto3" json:"login,omitempty"`
	// MFADevice specifies the UUID of a user MFA device.
	MFADevice string `protobuf:"bytes,5,opt,name=MFADevice,proto3" json:"mfa_device,omitempty"`
	// WindowsDesktop specifies the name of a Windows desktop.
	WindowsDesktop string `protobuf:"bytes,6,opt,name=WindowsDesktop,proto3" json:"windows_desktop,omitempty"`
	// AccessRequest specifies the UUID of an access request.
	AccessRequest string `protobuf:"bytes,7,opt,name=AccessRequest,proto3" json:"access_request,omitempty"`
	// Device is the device ID of a trusted device.
	// Requires Teleport Enterprise.
	Device string `protobuf:"bytes,8,opt,name=Device,proto3" json:"device,omitempty"`
	// ServerID is the host id of the Teleport instance.
	ServerID             string   `protobuf:"bytes,9,opt,name=ServerID,proto3" json:"server_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

LockTarget lists the attributes of interactions to be disabled.

func (*LockTarget) Descriptor 

func (*LockTarget) Descriptor() ([]byte, []int)

func (LockTarget) Equals 

func (t LockTarget) Equals(t2 LockTarget) bool

Equals returns true when the two lock targets are equal.

func (*LockTarget) FromMap 

func (t *LockTarget) FromMap(m map[string]string) error

FromMap copies values from a map into this LockTarget.

func (LockTarget) IntoMap 

func (t LockTarget) IntoMap() (map[string]string, error)

IntoMap returns the target attributes in the form of a map.

func (LockTarget) IsEmpty 

func (t LockTarget) IsEmpty() bool

IsEmpty returns true if none of the target's fields is set.

func (*LockTarget) Marshal 

func (m *LockTarget) Marshal() (dAtA []byte, err error)

func (*LockTarget) MarshalTo 

func (m *LockTarget) MarshalTo(dAtA []byte) (int, error)

func (*LockTarget) MarshalToSizedBuffer 

func (m *LockTarget) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (LockTarget) Match 

func (t LockTarget) Match(lock Lock) bool

Match returns true if the lock's target is matched by this target.

func (*LockTarget) ProtoMessage 

func (*LockTarget) ProtoMessage()

func (*LockTarget) Reset 

func (m *LockTarget) Reset()

func (*LockTarget) Size 

func (m *LockTarget) Size() (n int)

func (LockTarget) String 

func (t LockTarget) String() string

String returns string representation of the LockTarget.

func (*LockTarget) Unmarshal 

func (m *LockTarget) Unmarshal(dAtA []byte) error

func (*LockTarget) XXX_DiscardUnknown 

func (m *LockTarget) XXX_DiscardUnknown()

func (*LockTarget) XXX_Marshal 

func (m *LockTarget) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LockTarget) XXX_Merge 

func (m *LockTarget) XXX_Merge(src proto.Message)

func (*LockTarget) XXX_Size 

func (m *LockTarget) XXX_Size() int

func (*LockTarget) XXX_Unmarshal 

func (m *LockTarget) XXX_Unmarshal(b []byte) error

type LockV2 

type LockV2 struct {
	// Kind is a resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v2`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata holds resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a Lock specification.
	Spec                 LockSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

LockV2 represents a lock. Locks are used to restrict access to a Teleport environment by disabling interactions involving a user, an RBAC role, a node, etc. See rfd/0009-locking.md for more details.

func (*LockV2) CheckAndSetDefaults 

func (c *LockV2) CheckAndSetDefaults() error

CheckAndSetDefaults verifies the constraints for Lock.

func (*LockV2) Clone 

func (c *LockV2) Clone() Lock

Clone returns a copy of the lock.

func (*LockV2) CreatedAt 

func (c *LockV2) CreatedAt() time.Time

func (*LockV2) CreatedBy 

func (c *LockV2) CreatedBy() string

func (*LockV2) Descriptor 

func (*LockV2) Descriptor() ([]byte, []int)

func (*LockV2) Expiry 

func (c *LockV2) Expiry() time.Time

Expiry returns object expiry setting.

func (*LockV2) GetAllLabels 

func (c *LockV2) GetAllLabels() map[string]string

GetAllLabels fetches all the user labels.

func (*LockV2) GetKind 

func (c *LockV2) GetKind() string

GetKind returns resource kind.

func (*LockV2) GetLabel 

func (c *LockV2) GetLabel(key string) (value string, ok bool)

GetLabel fetches the given user label, with the same semantics as a map read

func (*LockV2) GetMetadata 

func (c *LockV2) GetMetadata() Metadata

GetMetadata returns object metadata.

func (*LockV2) GetName 

func (c *LockV2) GetName() string

GetName returns the name of the resource.

func (*LockV2) GetRevision 

func (c *LockV2) GetRevision() string

GetRevision returns the revision

func (*LockV2) GetStaticLabels 

func (c *LockV2) GetStaticLabels() map[string]string

GetStaticLabels fetches all the user labels.

func (*LockV2) GetSubKind 

func (c *LockV2) GetSubKind() string

GetSubKind returns resource subkind.

func (*LockV2) GetVersion 

func (c *LockV2) GetVersion() string

GetVersion returns resource version.

func (*LockV2) IsInForce 

func (c *LockV2) IsInForce(t time.Time) bool

IsInForce returns whether the lock is in force at a particular time.

func (*LockV2) LockExpiry 

func (c *LockV2) LockExpiry() *time.Time

LockExpiry returns when the lock ceases to be in force.

func (*LockV2) Marshal 

func (m *LockV2) Marshal() (dAtA []byte, err error)

func (*LockV2) MarshalTo 

func (m *LockV2) MarshalTo(dAtA []byte) (int, error)

func (*LockV2) MarshalToSizedBuffer 

func (m *LockV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*LockV2) MatchSearch 

func (c *LockV2) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*LockV2) Message 

func (c *LockV2) Message() string

Message returns the message displayed to locked-out users.

func (*LockV2) Origin 

func (c *LockV2) Origin() string

Origin fetches the lock's origin, if any. Returns the empty string if no origin is set.

func (*LockV2) ProtoMessage 

func (*LockV2) ProtoMessage()

func (*LockV2) Reset 

func (m *LockV2) Reset()

func (*LockV2) SetCreatedAt 

func (c *LockV2) SetCreatedAt(t time.Time)

func (*LockV2) SetCreatedBy 

func (c *LockV2) SetCreatedBy(user string)

func (*LockV2) SetExpiry 

func (c *LockV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object.

func (*LockV2) SetLockExpiry 

func (c *LockV2) SetLockExpiry(expiry *time.Time)

SetLockExpiry sets the lock's expiry.

func (*LockV2) SetMessage 

func (c *LockV2) SetMessage(message string)

SetMessage sets the lock's user message.

func (*LockV2) SetName 

func (c *LockV2) SetName(e string)

SetName sets the name of the resource.

func (*LockV2) SetOrigin 

func (c *LockV2) SetOrigin(origin string)

func (*LockV2) SetRevision 

func (c *LockV2) SetRevision(rev string)

SetRevision sets the revision

func (*LockV2) SetStaticLabels 

func (c *LockV2) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the entire label set for the user.

func (*LockV2) SetSubKind 

func (c *LockV2) SetSubKind(sk string)

SetSubKind sets resource subkind.

func (*LockV2) SetTarget 

func (c *LockV2) SetTarget(target LockTarget)

SetTarget sets the lock's target.

func (*LockV2) Size 

func (m *LockV2) Size() (n int)

func (*LockV2) String 

func (m *LockV2) String() string

func (*LockV2) Target 

func (c *LockV2) Target() LockTarget

Target returns the lock's target.

func (*LockV2) Unmarshal 

func (m *LockV2) Unmarshal(dAtA []byte) error

func (*LockV2) XXX_DiscardUnknown 

func (m *LockV2) XXX_DiscardUnknown()

func (*LockV2) XXX_Marshal 

func (m *LockV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LockV2) XXX_Merge 

func (m *LockV2) XXX_Merge(src proto.Message)

func (*LockV2) XXX_Size 

func (m *LockV2) XXX_Size() int

func (*LockV2) XXX_Unmarshal 

func (m *LockV2) XXX_Unmarshal(b []byte) error

type LoginStatus 

type LoginStatus struct {
	// IsLocked tells us if user is locked
	IsLocked bool `protobuf:"varint,1,opt,name=IsLocked,proto3" json:"is_locked"`
	// LockedMessage contains the message in case if user is locked
	LockedMessage string `protobuf:"bytes,2,opt,name=LockedMessage,proto3" json:"locked_message,omitempty"`
	// LockedTime contains time when user was locked
	LockedTime time.Time `protobuf:"bytes,3,opt,name=LockedTime,proto3,stdtime" json:"locked_time,omitempty"`
	// LockExpires contains time when this lock will expire
	LockExpires          time.Time `protobuf:"bytes,4,opt,name=LockExpires,proto3,stdtime" json:"lock_expires,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

LoginStatus is a login status of the user

func (*LoginStatus) Descriptor 

func (*LoginStatus) Descriptor() ([]byte, []int)

func (*LoginStatus) Marshal 

func (m *LoginStatus) Marshal() (dAtA []byte, err error)

func (*LoginStatus) MarshalTo 

func (m *LoginStatus) MarshalTo(dAtA []byte) (int, error)

func (*LoginStatus) MarshalToSizedBuffer 

func (m *LoginStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*LoginStatus) ProtoMessage 

func (*LoginStatus) ProtoMessage()

func (*LoginStatus) Reset 

func (m *LoginStatus) Reset()

func (*LoginStatus) Size 

func (m *LoginStatus) Size() (n int)

func (*LoginStatus) String 

func (m *LoginStatus) String() string

func (*LoginStatus) Unmarshal 

func (m *LoginStatus) Unmarshal(dAtA []byte) error

func (*LoginStatus) XXX_DiscardUnknown 

func (m *LoginStatus) XXX_DiscardUnknown()

func (*LoginStatus) XXX_Marshal 

func (m *LoginStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LoginStatus) XXX_Merge 

func (m *LoginStatus) XXX_Merge(src proto.Message)

func (*LoginStatus) XXX_Size 

func (m *LoginStatus) XXX_Size() int

func (*LoginStatus) XXX_Unmarshal 

func (m *LoginStatus) XXX_Unmarshal(b []byte) error

type MCP 

type MCP struct {
	// Command to launch stdio-based MCP servers.
	Command string `protobuf:"bytes,1,opt,name=command,proto3" json:"command,omitempty"`
	// Args to execute with the command.
	Args []string `protobuf:"bytes,2,rep,name=args,proto3" json:"args,omitempty"`
	// RunAsHostUser is the host user account under which the command will be
	// executed. Required for stdio-based MCP servers.
	RunAsHostUser        string   `protobuf:"bytes,3,opt,name=run_as_host_user,json=runAsHostUser,proto3" json:"run_as_host_user,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

MCP contains MCP server-related configurations.

func (*MCP) Descriptor 

func (*MCP) Descriptor() ([]byte, []int)

func (*MCP) Marshal 

func (m *MCP) Marshal() (dAtA []byte, err error)

func (*MCP) MarshalTo 

func (m *MCP) MarshalTo(dAtA []byte) (int, error)

func (*MCP) MarshalToSizedBuffer 

func (m *MCP) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MCP) ProtoMessage 

func (*MCP) ProtoMessage()

func (*MCP) Reset 

func (m *MCP) Reset()

func (*MCP) Size 

func (m *MCP) Size() (n int)

func (*MCP) String 

func (m *MCP) String() string

func (*MCP) Unmarshal 

func (m *MCP) Unmarshal(dAtA []byte) error

func (*MCP) XXX_DiscardUnknown 

func (m *MCP) XXX_DiscardUnknown()

func (*MCP) XXX_Marshal 

func (m *MCP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MCP) XXX_Merge 

func (m *MCP) XXX_Merge(src proto.Message)

func (*MCP) XXX_Size 

func (m *MCP) XXX_Size() int

func (*MCP) XXX_Unmarshal 

func (m *MCP) XXX_Unmarshal(b []byte) error

type MCPPermissions 

type MCPPermissions struct {
	// Tools defines the list of tools allowed or denied for this role. Each entry
	// can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular
	// expression (must start with '^' and end with '$'). If the list is empty, no
	// tools are allowed.
	Tools                []string `protobuf:"bytes,1,rep,name=tools,proto3" json:"tools,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

MCPPermissions defines MCP servers related permissions.

func (*MCPPermissions) Descriptor 

func (*MCPPermissions) Descriptor() ([]byte, []int)

func (*MCPPermissions) Marshal 

func (m *MCPPermissions) Marshal() (dAtA []byte, err error)

func (*MCPPermissions) MarshalTo 

func (m *MCPPermissions) MarshalTo(dAtA []byte) (int, error)

func (*MCPPermissions) MarshalToSizedBuffer 

func (m *MCPPermissions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MCPPermissions) ProtoMessage 

func (*MCPPermissions) ProtoMessage()

func (*MCPPermissions) Reset 

func (m *MCPPermissions) Reset()

func (*MCPPermissions) Size 

func (m *MCPPermissions) Size() (n int)

func (*MCPPermissions) String 

func (m *MCPPermissions) String() string

func (*MCPPermissions) Unmarshal 

func (m *MCPPermissions) Unmarshal(dAtA []byte) error

func (*MCPPermissions) XXX_DiscardUnknown 

func (m *MCPPermissions) XXX_DiscardUnknown()

func (*MCPPermissions) XXX_Marshal 

func (m *MCPPermissions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MCPPermissions) XXX_Merge 

func (m *MCPPermissions) XXX_Merge(src proto.Message)

func (*MCPPermissions) XXX_Size 

func (m *MCPPermissions) XXX_Size() int

func (*MCPPermissions) XXX_Unmarshal 

func (m *MCPPermissions) XXX_Unmarshal(b []byte) error

type MFADevice 

type MFADevice struct {
	// Boilerplate for implementing the Resource interface.
	Kind     string   `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
	SubKind  string   `protobuf:"bytes,2,opt,name=sub_kind,json=subKind,proto3" json:"sub_kind,omitempty"`
	Version  string   `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	Metadata Metadata `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata"`
	// ID is a UUID of this device.
	Id       string    `protobuf:"bytes,5,opt,name=id,proto3" json:"id,omitempty"`
	AddedAt  time.Time `protobuf:"bytes,6,opt,name=added_at,json=addedAt,proto3,stdtime" json:"added_at"`
	LastUsed time.Time `protobuf:"bytes,7,opt,name=last_used,json=lastUsed,proto3,stdtime" json:"last_used"`
	// Types that are valid to be assigned to Device:
	//
	//	*MFADevice_Totp
	//	*MFADevice_U2F
	//	*MFADevice_Webauthn
	//	*MFADevice_Sso
	Device               isMFADevice_Device `protobuf_oneof:"device"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

MFADevice is a multi-factor authentication device, such as a security key or an OTP app.

func NewMFADevice 

func NewMFADevice(name, id string, addedAt time.Time, device isMFADevice_Device) (*MFADevice, error)

NewMFADevice creates a new MFADevice with the given name. Caller must set the Device field in the returned MFADevice.

func (*MFADevice) CheckAndSetDefaults 

func (d *MFADevice) CheckAndSetDefaults() error

CheckAndSetDefaults validates MFADevice fields and populates empty fields with default values.

func (*MFADevice) Descriptor 

func (*MFADevice) Descriptor() ([]byte, []int)

func (*MFADevice) Expiry 

func (d *MFADevice) Expiry() time.Time

func (*MFADevice) GetDevice 

func (m *MFADevice) GetDevice() isMFADevice_Device

func (*MFADevice) GetKind 

func (d *MFADevice) GetKind() string

func (*MFADevice) GetMetadata 

func (d *MFADevice) GetMetadata() Metadata

func (*MFADevice) GetName 

func (d *MFADevice) GetName() string

func (*MFADevice) GetRevision 

func (d *MFADevice) GetRevision() string

func (*MFADevice) GetSso 

func (m *MFADevice) GetSso() *SSOMFADevice

func (*MFADevice) GetSubKind 

func (d *MFADevice) GetSubKind() string

func (*MFADevice) GetTotp 

func (m *MFADevice) GetTotp() *TOTPDevice

func (*MFADevice) GetU2F 

func (m *MFADevice) GetU2F() *U2FDevice

func (*MFADevice) GetVersion 

func (d *MFADevice) GetVersion() string

func (*MFADevice) GetWebauthn 

func (m *MFADevice) GetWebauthn() *WebauthnDevice

func (*MFADevice) MFAType 

func (d *MFADevice) MFAType() string

MFAType returns the human-readable name of the MFA protocol of this device.

func (*MFADevice) Marshal 

func (m *MFADevice) Marshal() (dAtA []byte, err error)

func (*MFADevice) MarshalJSON 

func (d *MFADevice) MarshalJSON() ([]byte, error)

func (*MFADevice) MarshalTo 

func (m *MFADevice) MarshalTo(dAtA []byte) (int, error)

func (*MFADevice) MarshalToSizedBuffer 

func (m *MFADevice) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MFADevice) ProtoMessage 

func (*MFADevice) ProtoMessage()

func (*MFADevice) Reset 

func (m *MFADevice) Reset()

func (*MFADevice) SetExpiry 

func (d *MFADevice) SetExpiry(exp time.Time)

func (*MFADevice) SetName 

func (d *MFADevice) SetName(n string)

func (*MFADevice) SetRevision 

func (d *MFADevice) SetRevision(rev string)

func (*MFADevice) SetSubKind 

func (d *MFADevice) SetSubKind(sk string)

func (*MFADevice) Size 

func (m *MFADevice) Size() (n int)

func (*MFADevice) String 

func (m *MFADevice) String() string

func (*MFADevice) Unmarshal 

func (m *MFADevice) Unmarshal(dAtA []byte) error

func (*MFADevice) UnmarshalJSON 

func (d *MFADevice) UnmarshalJSON(buf []byte) error

func (*MFADevice) WithoutSensitiveData 

func (d *MFADevice) WithoutSensitiveData() (*MFADevice, error)

func (*MFADevice) XXX_DiscardUnknown 

func (m *MFADevice) XXX_DiscardUnknown()

func (*MFADevice) XXX_Marshal 

func (m *MFADevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MFADevice) XXX_Merge 

func (m *MFADevice) XXX_Merge(src proto.Message)

func (*MFADevice) XXX_OneofWrappers 

func (*MFADevice) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*MFADevice) XXX_Size 

func (m *MFADevice) XXX_Size() int

func (*MFADevice) XXX_Unmarshal 

func (m *MFADevice) XXX_Unmarshal(b []byte) error

type MFADeviceKind 

type MFADeviceKind int32

MFADeviceKind indicates what is known about existence of user's MFA device. 

const (
	// Unable to tell whether the MFA device has been configured.
	MFADeviceKind_MFA_DEVICE_KIND_UNSPECIFIED MFADeviceKind = 0
	// MFA device is known to be not configured.
	MFADeviceKind_MFA_DEVICE_KIND_UNSET MFADeviceKind = 1
	// MFA device is known to be configured using TOTP as the weakest form of MFA.
	MFADeviceKind_MFA_DEVICE_KIND_TOTP MFADeviceKind = 2
	// MFA device is known to be configured using WebAuthn as the weakest form of MFA.
	MFADeviceKind_MFA_DEVICE_KIND_WEBAUTHN MFADeviceKind = 3
)

func (MFADeviceKind) EnumDescriptor 

func (MFADeviceKind) EnumDescriptor() ([]byte, []int)

func (MFADeviceKind) String 

func (x MFADeviceKind) String() string

type MFADevice_Sso 

type MFADevice_Sso struct {
	Sso *SSOMFADevice `protobuf:"bytes,11,opt,name=sso,proto3,oneof" json:"sso,omitempty"`
}

func (*MFADevice_Sso) MarshalTo 

func (m *MFADevice_Sso) MarshalTo(dAtA []byte) (int, error)

func (*MFADevice_Sso) MarshalToSizedBuffer 

func (m *MFADevice_Sso) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MFADevice_Sso) Size 

func (m *MFADevice_Sso) Size() (n int)

type MFADevice_Totp 

type MFADevice_Totp struct {
	Totp *TOTPDevice `protobuf:"bytes,8,opt,name=totp,proto3,oneof" json:"totp,omitempty"`
}

func (*MFADevice_Totp) MarshalTo 

func (m *MFADevice_Totp) MarshalTo(dAtA []byte) (int, error)

func (*MFADevice_Totp) MarshalToSizedBuffer 

func (m *MFADevice_Totp) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MFADevice_Totp) Size 

func (m *MFADevice_Totp) Size() (n int)

type MFADevice_U2F 

type MFADevice_U2F struct {
	U2F *U2FDevice `protobuf:"bytes,9,opt,name=u2f,proto3,oneof" json:"u2f,omitempty"`
}

func (*MFADevice_U2F) MarshalTo 

func (m *MFADevice_U2F) MarshalTo(dAtA []byte) (int, error)

func (*MFADevice_U2F) MarshalToSizedBuffer 

func (m *MFADevice_U2F) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MFADevice_U2F) Size 

func (m *MFADevice_U2F) Size() (n int)

type MFADevice_Webauthn 

type MFADevice_Webauthn struct {
	Webauthn *WebauthnDevice `protobuf:"bytes,10,opt,name=webauthn,proto3,oneof" json:"webauthn,omitempty"`
}

func (*MFADevice_Webauthn) MarshalTo 

func (m *MFADevice_Webauthn) MarshalTo(dAtA []byte) (int, error)

func (*MFADevice_Webauthn) MarshalToSizedBuffer 

func (m *MFADevice_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MFADevice_Webauthn) Size 

func (m *MFADevice_Webauthn) Size() (n int)

type MailgunSpec 

type MailgunSpec struct {
	// Domain specifies the Mailgun sending domain.
	Domain               string   `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

MailgunSpec holds Mailgun-specific settings.

func (*MailgunSpec) CheckAndSetDefaults 

func (c *MailgunSpec) CheckAndSetDefaults() error

func (*MailgunSpec) Descriptor 

func (*MailgunSpec) Descriptor() ([]byte, []int)

func (*MailgunSpec) Equal 

func (this *MailgunSpec) Equal(that interface{}) bool

func (*MailgunSpec) Marshal 

func (m *MailgunSpec) Marshal() (dAtA []byte, err error)

func (*MailgunSpec) MarshalTo 

func (m *MailgunSpec) MarshalTo(dAtA []byte) (int, error)

func (*MailgunSpec) MarshalToSizedBuffer 

func (m *MailgunSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MailgunSpec) ProtoMessage 

func (*MailgunSpec) ProtoMessage()

func (*MailgunSpec) Reset 

func (m *MailgunSpec) Reset()

func (*MailgunSpec) Size 

func (m *MailgunSpec) Size() (n int)

func (*MailgunSpec) String 

func (m *MailgunSpec) String() string

func (*MailgunSpec) Unmarshal 

func (m *MailgunSpec) Unmarshal(dAtA []byte) error

func (*MailgunSpec) XXX_DiscardUnknown 

func (m *MailgunSpec) XXX_DiscardUnknown()

func (*MailgunSpec) XXX_Marshal 

func (m *MailgunSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MailgunSpec) XXX_Merge 

func (m *MailgunSpec) XXX_Merge(src proto.Message)

func (*MailgunSpec) XXX_Size 

func (m *MailgunSpec) XXX_Size() int

func (*MailgunSpec) XXX_Unmarshal 

func (m *MailgunSpec) XXX_Unmarshal(b []byte) error

type Matcher 

type Matcher interface {
	// GetTypes gets the types that the matcher can match.
	GetTypes() []string
	// CopyWithTypes copies the matcher with new types.
	CopyWithTypes(t []string) Matcher
}

Matcher is an interface for cloud resource matchers.

type MaxAge 

type MaxAge struct {
	Value                Duration `protobuf:"varint,1,opt,name=Value,proto3,casttype=Duration" json:"max_age"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

MaxAge allows the max_age parameter to be nullable to preserve backwards compatibility. The duration is stored as nanoseconds.

func (*MaxAge) Descriptor 

func (*MaxAge) Descriptor() ([]byte, []int)

func (*MaxAge) Marshal 

func (m *MaxAge) Marshal() (dAtA []byte, err error)

func (*MaxAge) MarshalTo 

func (m *MaxAge) MarshalTo(dAtA []byte) (int, error)

func (*MaxAge) MarshalToSizedBuffer 

func (m *MaxAge) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MaxAge) ProtoMessage 

func (*MaxAge) ProtoMessage()

func (*MaxAge) Reset 

func (m *MaxAge) Reset()

func (*MaxAge) Size 

func (m *MaxAge) Size() (n int)

func (*MaxAge) String 

func (m *MaxAge) String() string

func (*MaxAge) Unmarshal 

func (m *MaxAge) Unmarshal(dAtA []byte) error

func (*MaxAge) XXX_DiscardUnknown 

func (m *MaxAge) XXX_DiscardUnknown()

func (*MaxAge) XXX_Marshal 

func (m *MaxAge) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MaxAge) XXX_Merge 

func (m *MaxAge) XXX_Merge(src proto.Message)

func (*MaxAge) XXX_Size 

func (m *MaxAge) XXX_Size() int

func (*MaxAge) XXX_Unmarshal 

func (m *MaxAge) XXX_Unmarshal(b []byte) error

type MemoryDB 

type MemoryDB struct {
	// ClusterName is the name of the MemoryDB cluster.
	ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name,omitempty"`
	// ACLName is the name of the ACL associated with the cluster.
	ACLName string `protobuf:"bytes,2,opt,name=ACLName,proto3" json:"acl_name,omitempty"`
	// TLSEnabled indicates whether in-transit encryption (TLS) is enabled.
	TLSEnabled bool `protobuf:"varint,3,opt,name=TLSEnabled,proto3" json:"tls_enabled,omitempty"`
	// EndpointType is the type of the endpoint.
	EndpointType         string   `protobuf:"bytes,4,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

MemoryDB contains AWS MemoryDB specific metadata.

func (*MemoryDB) Descriptor 

func (*MemoryDB) Descriptor() ([]byte, []int)

func (*MemoryDB) Marshal 

func (m *MemoryDB) Marshal() (dAtA []byte, err error)

func (*MemoryDB) MarshalTo 

func (m *MemoryDB) MarshalTo(dAtA []byte) (int, error)

func (*MemoryDB) MarshalToSizedBuffer 

func (m *MemoryDB) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MemoryDB) ProtoMessage 

func (*MemoryDB) ProtoMessage()

func (*MemoryDB) Reset 

func (m *MemoryDB) Reset()

func (*MemoryDB) Size 

func (m *MemoryDB) Size() (n int)

func (*MemoryDB) String 

func (m *MemoryDB) String() string

func (*MemoryDB) Unmarshal 

func (m *MemoryDB) Unmarshal(dAtA []byte) error

func (*MemoryDB) XXX_DiscardUnknown 

func (m *MemoryDB) XXX_DiscardUnknown()

func (*MemoryDB) XXX_Marshal 

func (m *MemoryDB) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MemoryDB) XXX_Merge 

func (m *MemoryDB) XXX_Merge(src proto.Message)

func (*MemoryDB) XXX_Size 

func (m *MemoryDB) XXX_Size() int

func (*MemoryDB) XXX_Unmarshal 

func (m *MemoryDB) XXX_Unmarshal(b []byte) error

type MessageWithHeader 

type MessageWithHeader struct {
	// Header is the resource header for a resource.
	ResourceHeader       `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

MessageWithHeader is a message with a resource header. This is used primarily for parsing of resource headers and isn't expected to be used directly by any resources.

When using a oneof in a protobuf messages, the existing utils.FastMarshal utility does not work, so using something like protojson or jsonpb is required. However, these do not respect gogoproto's extensions. When using a ResourceHeader, protojson will not recognize that the ResourceHeader is intended to be embedded and the resulting JSON will have the header as a separate field. This means that using utils.FastUnmarshal will not work for extracting a ResourceHeader from the JSON, and we explicitly extract this header to do things like version checking in lib/services.

This can be avoided by explicitly embedding the members of the ResourceHeader in a message. However, if we would like to avoid this, we can use this MessageWitHheader to extract the resource header and its elements, which can later be used for the aforementioned processing in lib/services.

func (*MessageWithHeader) Descriptor 

func (*MessageWithHeader) Descriptor() ([]byte, []int)

func (*MessageWithHeader) Marshal 

func (m *MessageWithHeader) Marshal() (dAtA []byte, err error)

func (*MessageWithHeader) MarshalTo 

func (m *MessageWithHeader) MarshalTo(dAtA []byte) (int, error)

func (*MessageWithHeader) MarshalToSizedBuffer 

func (m *MessageWithHeader) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MessageWithHeader) ProtoMessage 

func (*MessageWithHeader) ProtoMessage()

func (*MessageWithHeader) Reset 

func (m *MessageWithHeader) Reset()

func (*MessageWithHeader) Size 

func (m *MessageWithHeader) Size() (n int)

func (*MessageWithHeader) Unmarshal 

func (m *MessageWithHeader) Unmarshal(dAtA []byte) error

func (*MessageWithHeader) XXX_DiscardUnknown 

func (m *MessageWithHeader) XXX_DiscardUnknown()

func (*MessageWithHeader) XXX_Marshal 

func (m *MessageWithHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MessageWithHeader) XXX_Merge 

func (m *MessageWithHeader) XXX_Merge(src proto.Message)

func (*MessageWithHeader) XXX_Size 

func (m *MessageWithHeader) XXX_Size() int

func (*MessageWithHeader) XXX_Unmarshal 

func (m *MessageWithHeader) XXX_Unmarshal(b []byte) error

type Metadata 

type Metadata struct {
	// Name is an object name
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// Namespace is object namespace. The field should be called "namespace"
	// when it returns in Teleport 2.4.
	Namespace string `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"-"`
	// Description is object description
	Description string `protobuf:"bytes,3,opt,name=Description,proto3" json:"description,omitempty"`
	// Labels is a set of labels
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// Expires is a global expiry time header can be set on any resource in the
	// system.
	Expires *time.Time `protobuf:"bytes,6,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
	// Revision is an opaque identifier which tracks the versions of a resource
	// over time. Clients should ignore and not alter its value but must return
	// the revision in any updates of a resource.
	Revision             string   `protobuf:"bytes,8,opt,name=Revision,proto3" json:"revision,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Metadata is resource metadata

func Metadata153ToLegacy 

func Metadata153ToLegacy(md *headerv1.Metadata) Metadata

Metadata153ToLegacy converts RFD153-style resource metadata to legacy metadata.

func (*Metadata) CheckAndSetDefaults 

func (m *Metadata) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults

func (*Metadata) Descriptor 

func (*Metadata) Descriptor() ([]byte, []int)

func (*Metadata) Expiry 

func (m *Metadata) Expiry() time.Time

Expiry returns object expiry setting.

func (*Metadata) GetMetadata 

func (m *Metadata) GetMetadata() Metadata

GetMetadata returns object metadata

func (*Metadata) GetName 

func (m *Metadata) GetName() string

GetName returns the name of the resource

func (*Metadata) GetRevision 

func (m *Metadata) GetRevision() string

GetRevision returns the revision

func (*Metadata) IsEqual 

func (m *Metadata) IsEqual(other *Metadata) bool

IsEqual determines if two metadata resources are equivalent to one another.

func (*Metadata) Marshal 

func (m *Metadata) Marshal() (dAtA []byte, err error)

func (*Metadata) MarshalTo 

func (m *Metadata) MarshalTo(dAtA []byte) (int, error)

func (*Metadata) MarshalToSizedBuffer 

func (m *Metadata) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Metadata) Origin 

func (m *Metadata) Origin() string

Origin returns the origin value of the resource.

func (*Metadata) ProtoMessage 

func (*Metadata) ProtoMessage()

func (*Metadata) Reset 

func (m *Metadata) Reset()

func (*Metadata) SetExpiry 

func (m *Metadata) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*Metadata) SetName 

func (m *Metadata) SetName(name string)

SetName sets the name of the resource

func (*Metadata) SetOrigin 

func (m *Metadata) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*Metadata) SetRevision 

func (m *Metadata) SetRevision(rev string)

SetRevision sets the revision

func (*Metadata) Size 

func (m *Metadata) Size() (n int)

func (*Metadata) String 

func (m *Metadata) String() string

func (*Metadata) Unmarshal 

func (m *Metadata) Unmarshal(dAtA []byte) error

func (*Metadata) XXX_DiscardUnknown 

func (m *Metadata) XXX_DiscardUnknown()

func (*Metadata) XXX_Marshal 

func (m *Metadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Metadata) XXX_Merge 

func (m *Metadata) XXX_Merge(src proto.Message)

func (*Metadata) XXX_Size 

func (m *Metadata) XXX_Size() int

func (*Metadata) XXX_Unmarshal 

func (m *Metadata) XXX_Unmarshal(b []byte) error

type MongoAtlas 

type MongoAtlas struct {
	// Name is the Atlas database instance name.
	Name                 string   `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

MongoAtlas contains Atlas metadata about the database.

func (*MongoAtlas) Descriptor 

func (*MongoAtlas) Descriptor() ([]byte, []int)

func (*MongoAtlas) Marshal 

func (m *MongoAtlas) Marshal() (dAtA []byte, err error)

func (*MongoAtlas) MarshalTo 

func (m *MongoAtlas) MarshalTo(dAtA []byte) (int, error)

func (*MongoAtlas) MarshalToSizedBuffer 

func (m *MongoAtlas) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MongoAtlas) ProtoMessage 

func (*MongoAtlas) ProtoMessage()

func (*MongoAtlas) Reset 

func (m *MongoAtlas) Reset()

func (*MongoAtlas) Size 

func (m *MongoAtlas) Size() (n int)

func (*MongoAtlas) String 

func (m *MongoAtlas) String() string

func (*MongoAtlas) Unmarshal 

func (m *MongoAtlas) Unmarshal(dAtA []byte) error

func (*MongoAtlas) XXX_DiscardUnknown 

func (m *MongoAtlas) XXX_DiscardUnknown()

func (*MongoAtlas) XXX_Marshal 

func (m *MongoAtlas) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MongoAtlas) XXX_Merge 

func (m *MongoAtlas) XXX_Merge(src proto.Message)

func (*MongoAtlas) XXX_Size 

func (m *MongoAtlas) XXX_Size() int

func (*MongoAtlas) XXX_Unmarshal 

func (m *MongoAtlas) XXX_Unmarshal(b []byte) error

type MySQLOptions 

type MySQLOptions struct {
	// ServerVersion is the server version reported by DB proxy if the runtime information is
	// not available.
	ServerVersion        string   `protobuf:"bytes,1,opt,name=ServerVersion,proto3" json:"server_version,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

MySQLOptions are additional MySQL database options.

func (*MySQLOptions) Descriptor 

func (*MySQLOptions) Descriptor() ([]byte, []int)

func (*MySQLOptions) Marshal 

func (m *MySQLOptions) Marshal() (dAtA []byte, err error)

func (*MySQLOptions) MarshalTo 

func (m *MySQLOptions) MarshalTo(dAtA []byte) (int, error)

func (*MySQLOptions) MarshalToSizedBuffer 

func (m *MySQLOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MySQLOptions) ProtoMessage 

func (*MySQLOptions) ProtoMessage()

func (*MySQLOptions) Reset 

func (m *MySQLOptions) Reset()

func (*MySQLOptions) Size 

func (m *MySQLOptions) Size() (n int)

func (*MySQLOptions) String 

func (m *MySQLOptions) String() string

func (*MySQLOptions) Unmarshal 

func (m *MySQLOptions) Unmarshal(dAtA []byte) error

func (*MySQLOptions) XXX_DiscardUnknown 

func (m *MySQLOptions) XXX_DiscardUnknown()

func (*MySQLOptions) XXX_Marshal 

func (m *MySQLOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MySQLOptions) XXX_Merge 

func (m *MySQLOptions) XXX_Merge(src proto.Message)

func (*MySQLOptions) XXX_Size 

func (m *MySQLOptions) XXX_Size() int

func (*MySQLOptions) XXX_Unmarshal 

func (m *MySQLOptions) XXX_Unmarshal(b []byte) error

type Namespace 

type Namespace struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a namespace spec
	Spec                 NamespaceSpec `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

Namespace represents namespace resource specification

func DefaultNamespace 

func DefaultNamespace() Namespace

DefaultNamespace returns the default namespace.

func NewNamespace 

func NewNamespace(name string) (Namespace, error)

NewNamespace returns new namespace

func (*Namespace) CheckAndSetDefaults 

func (n *Namespace) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults

func (*Namespace) Descriptor 

func (*Namespace) Descriptor() ([]byte, []int)

func (*Namespace) Expiry 

func (n *Namespace) Expiry() time.Time

Expiry returns object expiry setting

func (*Namespace) GetKind 

func (n *Namespace) GetKind() string

GetKind returns resource kind

func (*Namespace) GetMetadata 

func (n *Namespace) GetMetadata() Metadata

GetMetadata returns object metadata

func (*Namespace) GetName 

func (n *Namespace) GetName() string

GetName returns the name of the cluster.

func (*Namespace) GetRevision 

func (n *Namespace) GetRevision() string

GetRevision returns the revision

func (*Namespace) GetSubKind 

func (n *Namespace) GetSubKind() string

GetSubKind returns resource sub kind

func (*Namespace) GetVersion 

func (n *Namespace) GetVersion() string

GetVersion returns resource version

func (*Namespace) Marshal 

func (m *Namespace) Marshal() (dAtA []byte, err error)

func (*Namespace) MarshalTo 

func (m *Namespace) MarshalTo(dAtA []byte) (int, error)

func (*Namespace) MarshalToSizedBuffer 

func (m *Namespace) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Namespace) ProtoMessage 

func (*Namespace) ProtoMessage()

func (*Namespace) Reset 

func (m *Namespace) Reset()

func (*Namespace) SetExpiry 

func (n *Namespace) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*Namespace) SetName 

func (n *Namespace) SetName(e string)

SetName sets the name of the cluster.

func (*Namespace) SetRevision 

func (n *Namespace) SetRevision(rev string)

SetRevision sets the revision

func (*Namespace) SetSubKind 

func (n *Namespace) SetSubKind(sk string)

SetSubKind sets resource subkind

func (*Namespace) Size 

func (m *Namespace) Size() (n int)

func (*Namespace) String 

func (m *Namespace) String() string

func (*Namespace) Unmarshal 

func (m *Namespace) Unmarshal(dAtA []byte) error

func (*Namespace) XXX_DiscardUnknown 

func (m *Namespace) XXX_DiscardUnknown()

func (*Namespace) XXX_Marshal 

func (m *Namespace) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Namespace) XXX_Merge 

func (m *Namespace) XXX_Merge(src proto.Message)

func (*Namespace) XXX_Size 

func (m *Namespace) XXX_Size() int

func (*Namespace) XXX_Unmarshal 

func (m *Namespace) XXX_Unmarshal(b []byte) error

type NamespaceSpec 

type NamespaceSpec struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

NamespaceSpec is a namespace specification

func (*NamespaceSpec) Descriptor 

func (*NamespaceSpec) Descriptor() ([]byte, []int)

func (*NamespaceSpec) Marshal 

func (m *NamespaceSpec) Marshal() (dAtA []byte, err error)

func (*NamespaceSpec) MarshalTo 

func (m *NamespaceSpec) MarshalTo(dAtA []byte) (int, error)

func (*NamespaceSpec) MarshalToSizedBuffer 

func (m *NamespaceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NamespaceSpec) ProtoMessage 

func (*NamespaceSpec) ProtoMessage()

func (*NamespaceSpec) Reset 

func (m *NamespaceSpec) Reset()

func (*NamespaceSpec) Size 

func (m *NamespaceSpec) Size() (n int)

func (*NamespaceSpec) String 

func (m *NamespaceSpec) String() string

func (*NamespaceSpec) Unmarshal 

func (m *NamespaceSpec) Unmarshal(dAtA []byte) error

func (*NamespaceSpec) XXX_DiscardUnknown 

func (m *NamespaceSpec) XXX_DiscardUnknown()

func (*NamespaceSpec) XXX_Marshal 

func (m *NamespaceSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NamespaceSpec) XXX_Merge 

func (m *NamespaceSpec) XXX_Merge(src proto.Message)

func (*NamespaceSpec) XXX_Size 

func (m *NamespaceSpec) XXX_Size() int

func (*NamespaceSpec) XXX_Unmarshal 

func (m *NamespaceSpec) XXX_Unmarshal(b []byte) error

type NetworkRestrictions 

type NetworkRestrictions interface {
	Resource
	// GetAllow returns a list of allowed network addresses
	GetAllow() []AddressCondition
	// SetAllow sets a list of allowed network addresses
	SetAllow(allow []AddressCondition)
	// GetDeny returns a list of denied network addresses (overrides Allow list)
	GetDeny() []AddressCondition
	// SetDeny sets a list of denied network addresses (overrides Allow list)
	SetDeny(deny []AddressCondition)
	// Clone returns a copy of the network restrictions.
	Clone() NetworkRestrictions
}

NetworkRestrictions defines network restrictions applied to SSH session.

func NewNetworkRestrictions 

func NewNetworkRestrictions() NetworkRestrictions

NewNetworkRestrictions creates a new NetworkRestrictions with the given name.

type NetworkRestrictionsSpecV4 

type NetworkRestrictionsSpecV4 struct {
	// Allow lists the addresses that should be allowed.
	Allow []AddressCondition `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow"`
	// Deny lists the addresses that should be denied even if they're allowed by Allow condition.
	Deny                 []AddressCondition `protobuf:"bytes,2,rep,name=Deny,proto3" json:"deny"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

func (*NetworkRestrictionsSpecV4) Descriptor 

func (*NetworkRestrictionsSpecV4) Descriptor() ([]byte, []int)

func (*NetworkRestrictionsSpecV4) Marshal 

func (m *NetworkRestrictionsSpecV4) Marshal() (dAtA []byte, err error)

func (*NetworkRestrictionsSpecV4) MarshalTo 

func (m *NetworkRestrictionsSpecV4) MarshalTo(dAtA []byte) (int, error)

func (*NetworkRestrictionsSpecV4) MarshalToSizedBuffer 

func (m *NetworkRestrictionsSpecV4) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NetworkRestrictionsSpecV4) ProtoMessage 

func (*NetworkRestrictionsSpecV4) ProtoMessage()

func (*NetworkRestrictionsSpecV4) Reset 

func (m *NetworkRestrictionsSpecV4) Reset()

func (*NetworkRestrictionsSpecV4) Size 

func (m *NetworkRestrictionsSpecV4) Size() (n int)

func (*NetworkRestrictionsSpecV4) String 

func (m *NetworkRestrictionsSpecV4) String() string

func (*NetworkRestrictionsSpecV4) Unmarshal 

func (m *NetworkRestrictionsSpecV4) Unmarshal(dAtA []byte) error

func (*NetworkRestrictionsSpecV4) XXX_DiscardUnknown 

func (m *NetworkRestrictionsSpecV4) XXX_DiscardUnknown()

func (*NetworkRestrictionsSpecV4) XXX_Marshal 

func (m *NetworkRestrictionsSpecV4) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NetworkRestrictionsSpecV4) XXX_Merge 

func (m *NetworkRestrictionsSpecV4) XXX_Merge(src proto.Message)

func (*NetworkRestrictionsSpecV4) XXX_Size 

func (m *NetworkRestrictionsSpecV4) XXX_Size() int

func (*NetworkRestrictionsSpecV4) XXX_Unmarshal 

func (m *NetworkRestrictionsSpecV4) XXX_Unmarshal(b []byte) error

type NetworkRestrictionsV4 

type NetworkRestrictionsV4 struct {
	// Kind is the network restrictions resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the network restrictions metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec contains the network restrictions data
	Spec                 NetworkRestrictionsSpecV4 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                  `json:"-"`
	XXX_unrecognized     []byte                    `json:"-"`
	XXX_sizecache        int32                     `json:"-"`
}

NetworkRestrictions specifies a list of addresses to restrict (block). The deny list is checked first and the allow lists overrides it. Thus an empty allow list does not mean that no addresses will be allowed, that will only be the case if the deny list covers the whole address range.

func (*NetworkRestrictionsV4) CheckAndSetDefaults 

func (r *NetworkRestrictionsV4) CheckAndSetDefaults() error

CheckAndSetDefaults validates NetworkRestrictions fields and populates empty fields with default values.

func (*NetworkRestrictionsV4) Clone 

func (r *NetworkRestrictionsV4) Clone() NetworkRestrictions

Clone returns a copy of the network restrictions.

func (*NetworkRestrictionsV4) Descriptor 

func (*NetworkRestrictionsV4) Descriptor() ([]byte, []int)

func (*NetworkRestrictionsV4) Expiry 

func (r *NetworkRestrictionsV4) Expiry() time.Time

func (*NetworkRestrictionsV4) GetAllow 

func (r *NetworkRestrictionsV4) GetAllow() []AddressCondition

func (*NetworkRestrictionsV4) GetDeny 

func (r *NetworkRestrictionsV4) GetDeny() []AddressCondition

func (*NetworkRestrictionsV4) GetKind 

func (r *NetworkRestrictionsV4) GetKind() string

func (*NetworkRestrictionsV4) GetMetadata 

func (r *NetworkRestrictionsV4) GetMetadata() Metadata

func (*NetworkRestrictionsV4) GetName 

func (r *NetworkRestrictionsV4) GetName() string

func (*NetworkRestrictionsV4) GetRevision 

func (r *NetworkRestrictionsV4) GetRevision() string

GetRevision returns the revision

func (*NetworkRestrictionsV4) GetSubKind 

func (r *NetworkRestrictionsV4) GetSubKind() string

func (*NetworkRestrictionsV4) GetVersion 

func (r *NetworkRestrictionsV4) GetVersion() string

func (*NetworkRestrictionsV4) Marshal 

func (m *NetworkRestrictionsV4) Marshal() (dAtA []byte, err error)

func (*NetworkRestrictionsV4) MarshalTo 

func (m *NetworkRestrictionsV4) MarshalTo(dAtA []byte) (int, error)

func (*NetworkRestrictionsV4) MarshalToSizedBuffer 

func (m *NetworkRestrictionsV4) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NetworkRestrictionsV4) ProtoMessage 

func (*NetworkRestrictionsV4) ProtoMessage()

func (*NetworkRestrictionsV4) Reset 

func (m *NetworkRestrictionsV4) Reset()

func (*NetworkRestrictionsV4) SetAllow 

func (r *NetworkRestrictionsV4) SetAllow(allow []AddressCondition)

func (*NetworkRestrictionsV4) SetDeny 

func (r *NetworkRestrictionsV4) SetDeny(deny []AddressCondition)

func (*NetworkRestrictionsV4) SetExpiry 

func (r *NetworkRestrictionsV4) SetExpiry(exp time.Time)

func (*NetworkRestrictionsV4) SetName 

func (r *NetworkRestrictionsV4) SetName(n string)

func (*NetworkRestrictionsV4) SetRevision 

func (r *NetworkRestrictionsV4) SetRevision(rev string)

SetRevision sets the revision

func (*NetworkRestrictionsV4) SetSubKind 

func (r *NetworkRestrictionsV4) SetSubKind(sk string)

func (*NetworkRestrictionsV4) Size 

func (m *NetworkRestrictionsV4) Size() (n int)

func (*NetworkRestrictionsV4) String 

func (m *NetworkRestrictionsV4) String() string

func (*NetworkRestrictionsV4) Unmarshal 

func (m *NetworkRestrictionsV4) Unmarshal(dAtA []byte) error

func (*NetworkRestrictionsV4) XXX_DiscardUnknown 

func (m *NetworkRestrictionsV4) XXX_DiscardUnknown()

func (*NetworkRestrictionsV4) XXX_Marshal 

func (m *NetworkRestrictionsV4) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NetworkRestrictionsV4) XXX_Merge 

func (m *NetworkRestrictionsV4) XXX_Merge(src proto.Message)

func (*NetworkRestrictionsV4) XXX_Size 

func (m *NetworkRestrictionsV4) XXX_Size() int

func (*NetworkRestrictionsV4) XXX_Unmarshal 

func (m *NetworkRestrictionsV4) XXX_Unmarshal(b []byte) error

type NullableSessionState 

type NullableSessionState struct {
	State                SessionState `protobuf:"varint,1,opt,name=State,proto3,enum=types.SessionState" json:"state,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

func (*NullableSessionState) Descriptor 

func (*NullableSessionState) Descriptor() ([]byte, []int)

func (*NullableSessionState) Marshal 

func (m *NullableSessionState) Marshal() (dAtA []byte, err error)

func (*NullableSessionState) MarshalTo 

func (m *NullableSessionState) MarshalTo(dAtA []byte) (int, error)

func (*NullableSessionState) MarshalToSizedBuffer 

func (m *NullableSessionState) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NullableSessionState) ProtoMessage 

func (*NullableSessionState) ProtoMessage()

func (*NullableSessionState) Reset 

func (m *NullableSessionState) Reset()

func (*NullableSessionState) Size 

func (m *NullableSessionState) Size() (n int)

func (*NullableSessionState) String 

func (m *NullableSessionState) String() string

func (*NullableSessionState) Unmarshal 

func (m *NullableSessionState) Unmarshal(dAtA []byte) error

func (*NullableSessionState) XXX_DiscardUnknown 

func (m *NullableSessionState) XXX_DiscardUnknown()

func (*NullableSessionState) XXX_Marshal 

func (m *NullableSessionState) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NullableSessionState) XXX_Merge 

func (m *NullableSessionState) XXX_Merge(src proto.Message)

func (*NullableSessionState) XXX_Size 

func (m *NullableSessionState) XXX_Size() int

func (*NullableSessionState) XXX_Unmarshal 

func (m *NullableSessionState) XXX_Unmarshal(b []byte) error

type OIDCAuthRequest 

type OIDCAuthRequest struct {
	// ConnectorID is ID of OIDC connector this request uses
	ConnectorID string `protobuf:"bytes,1,opt,name=ConnectorID,proto3" json:"connector_id"`
	// Type is opaque string that helps callbacks identify the request type
	Type string `protobuf:"bytes,2,opt,name=Type,proto3" json:"type"`
	// CheckUser tells validator if it should expect and check user
	CheckUser bool `protobuf:"varint,3,opt,name=CheckUser,proto3" json:"check_user"`
	// StateToken is generated by service and is used to validate
	// request coming from
	StateToken string `protobuf:"bytes,4,opt,name=StateToken,proto3" json:"state_token"`
	// CSRFToken is associated with user web session token
	CSRFToken string `protobuf:"bytes,5,opt,name=CSRFToken,proto3" json:"csrf_token"`
	// RedirectURL will be used to route the user back to a
	// Teleport Proxy after the oidc login attempt in the browser.
	RedirectURL string `protobuf:"bytes,6,opt,name=RedirectURL,proto3" json:"redirect_url"`
	// CertTTL is the TTL of the certificate user wants to get
	CertTTL time.Duration `protobuf:"varint,8,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"`
	// CreateWebSession indicates if user wants to generate a web
	// session after successful authentication
	CreateWebSession bool `protobuf:"varint,9,opt,name=CreateWebSession,proto3" json:"create_web_session"`
	// ClientRedirectURL is a URL client wants to be redirected
	// after successful authentication
	ClientRedirectURL string `protobuf:"bytes,10,opt,name=ClientRedirectURL,proto3" json:"client_redirect_url"`
	// Compatibility specifies OpenSSH compatibility flags.
	Compatibility string `protobuf:"bytes,11,opt,name=Compatibility,proto3" json:"compatibility,omitempty"`
	// RouteToCluster is the name of Teleport cluster to issue credentials for.
	RouteToCluster string `protobuf:"bytes,12,opt,name=RouteToCluster,proto3" json:"route_to_cluster,omitempty"`
	// KubernetesCluster is the name of Kubernetes cluster to issue credentials for.
	KubernetesCluster string `protobuf:"bytes,13,opt,name=KubernetesCluster,proto3" json:"kubernetes_cluster,omitempty"`
	// SSOTestFlow indicates if the request is part of the test flow.
	SSOTestFlow bool `protobuf:"varint,14,opt,name=SSOTestFlow,proto3" json:"sso_test_flow"`
	// ConnectorSpec is embedded connector spec for use in test flow.
	ConnectorSpec *OIDCConnectorSpecV3 `protobuf:"bytes,15,opt,name=ConnectorSpec,proto3" json:"connector_spec,omitempty"`
	// ProxyAddress is an optional address which can be used to
	// find a redirect url from the OIDC connector which matches
	// the address. If there is no match, the default redirect
	// url will be used.
	ProxyAddress string `protobuf:"bytes,16,opt,name=ProxyAddress,proto3" json:"proxy_address,omitempty"`
	// ClientLoginIP specifies IP address of the client for login, it will be written to the user's certificates.
	ClientLoginIP string `protobuf:"bytes,18,opt,name=ClientLoginIP,proto3" json:"client_login_ip,omitempty"`
	// ClientUserAgent is the user agent of the Web browser, used for issuing a
	// DeviceWebToken.
	ClientUserAgent string `protobuf:"bytes,19,opt,name=ClientUserAgent,proto3" json:"client_user_agent,omitempty"`
	// SshPublicKey is an optional public key to use as the subject of an issued
	// SSH cert in case of successful auth.
	SshPublicKey []byte `protobuf:"bytes,20,opt,name=ssh_public_key,json=sshPublicKey,proto3" json:"ssh_pub_key,omitempty"`
	// TlsPublicKey is an optional public key to use as the subject of an issued
	// TLS cert in case of successful auth.
	TlsPublicKey []byte `protobuf:"bytes,21,opt,name=tls_public_key,json=tlsPublicKey,proto3" json:"tls_pub_key,omitempty"`
	// SshAttestationStatement is an attestation statement for the given SSH public key.
	SshAttestationStatement *v1.AttestationStatement `` /* 133-byte string literal not displayed */
	// TlsAttestationStatement is an attestation statement for the given TLS public key.
	TlsAttestationStatement *v1.AttestationStatement `` /* 133-byte string literal not displayed */
	// pkce_verifier is used to verified a generated code challenge.
	PkceVerifier         string   `protobuf:"bytes,24,opt,name=pkce_verifier,json=pkceVerifier,proto3" json:"pkce_verifier"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OIDCAuthRequest is a request to authenticate with OIDC provider, the state about request is managed by Auth Service

func (*OIDCAuthRequest) Check 

func (r *OIDCAuthRequest) Check() error

Check returns nil if all parameters are great, err otherwise

func (*OIDCAuthRequest) Descriptor 

func (*OIDCAuthRequest) Descriptor() ([]byte, []int)

func (*OIDCAuthRequest) Marshal 

func (m *OIDCAuthRequest) Marshal() (dAtA []byte, err error)

func (*OIDCAuthRequest) MarshalTo 

func (m *OIDCAuthRequest) MarshalTo(dAtA []byte) (int, error)

func (*OIDCAuthRequest) MarshalToSizedBuffer 

func (m *OIDCAuthRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OIDCAuthRequest) ProtoMessage 

func (*OIDCAuthRequest) ProtoMessage()

func (*OIDCAuthRequest) Reset 

func (m *OIDCAuthRequest) Reset()

func (*OIDCAuthRequest) Size 

func (m *OIDCAuthRequest) Size() (n int)

func (*OIDCAuthRequest) String 

func (m *OIDCAuthRequest) String() string

func (*OIDCAuthRequest) Unmarshal 

func (m *OIDCAuthRequest) Unmarshal(dAtA []byte) error

func (*OIDCAuthRequest) XXX_DiscardUnknown 

func (m *OIDCAuthRequest) XXX_DiscardUnknown()

func (*OIDCAuthRequest) XXX_Marshal 

func (m *OIDCAuthRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OIDCAuthRequest) XXX_Merge 

func (m *OIDCAuthRequest) XXX_Merge(src proto.Message)

func (*OIDCAuthRequest) XXX_Size 

func (m *OIDCAuthRequest) XXX_Size() int

func (*OIDCAuthRequest) XXX_Unmarshal 

func (m *OIDCAuthRequest) XXX_Unmarshal(b []byte) error

type OIDCClaims 

type OIDCClaims map[string]interface{}

OIDCClaims is a redefinition of jose.Claims with additional methods, required for serialization to/from protobuf. With those we can reference it with an option like so: `(gogoproto.customtype) = "OIDCClaims"`

func (*OIDCClaims) MarshalTo 

func (a *OIDCClaims) MarshalTo(bytes []byte) (int, error)

MarshalTo marshals the object to sized buffer

func (*OIDCClaims) Size 

func (a *OIDCClaims) Size() int

Size returns size of the object when marshaled

func (*OIDCClaims) Unmarshal 

func (a *OIDCClaims) Unmarshal(bytes []byte) error

Unmarshal the object from provided buffer.

type OIDCConnector 

type OIDCConnector interface {
	// ResourceWithSecrets provides common methods for objects
	ResourceWithSecrets
	ResourceWithOrigin
	// Validate will preform checks not found in CheckAndSetDefaults
	// that should only be preformed when the OIDC connector resource
	// itself is being created or updated, not when a OIDCConnector
	// object is being created or updated.
	Validate() error
	// Issuer URL is the endpoint of the provider, e.g. https://accounts.google.com
	GetIssuerURL() string
	// ClientID is id for authentication client (in our case it's our Auth server)
	GetClientID() string
	// ClientSecret is used to authenticate our client and should not
	// be visible to end user
	GetClientSecret() string
	// GetRedirectURLs returns list of redirect URLs.
	GetRedirectURLs() []string
	// GetACR returns the Authentication Context Class Reference (ACR) value.
	GetACR() string
	// GetProvider returns the identity provider.
	GetProvider() string
	// Display - Friendly name for this provider.
	GetDisplay() string
	// Scope is additional scopes set by provider
	GetScope() []string
	// ClaimsToRoles specifies dynamic mapping from claims to roles
	GetClaimsToRoles() []ClaimMapping
	// GetClaims returns list of claims expected by mappings
	GetClaims() []string
	// GetTraitMappings converts gets all claim mappings in the
	// generic trait mapping format.
	GetTraitMappings() TraitMappingSet
	// SetClientSecret sets client secret to some value
	SetClientSecret(secret string)
	// SetClientID sets id for authentication client (in our case it's our Auth server)
	SetClientID(string)
	// SetIssuerURL sets the endpoint of the provider
	SetIssuerURL(string)
	// SetRedirectURLs sets the list of redirectURLs
	SetRedirectURLs([]string)
	// SetPrompt sets OIDC prompt value
	SetPrompt(string)
	// GetPrompt returns OIDC prompt value,
	GetPrompt() string
	// SetACR sets the Authentication Context Class Reference (ACR) value.
	SetACR(string)
	// SetProvider sets the identity provider.
	SetProvider(string)
	// SetScope sets additional scopes set by provider
	SetScope([]string)
	// SetClaimsToRoles sets dynamic mapping from claims to roles
	SetClaimsToRoles([]ClaimMapping)
	// GetUsernameClaim gets the name of the claim from the OIDC connector to be used as the user's username.
	GetUsernameClaim() string
	// SetDisplay sets friendly name for this provider.
	SetDisplay(string)
	// GetGoogleServiceAccountURI returns path to google service account URI
	GetGoogleServiceAccountURI() string
	// GetGoogleServiceAccount returns google service account json for Google
	GetGoogleServiceAccount() string
	// SetGoogleServiceAccount sets the google service account json contents
	SetGoogleServiceAccount(string)
	// GetGoogleAdminEmail returns a google admin user email
	// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
	// "Note: Although you can use service accounts in applications that run from a Google Workspace (formerly G Suite) domain, service accounts are not members of your Google Workspace account and aren’t subject to domain policies set by  administrators. For example, a policy set in the Google Workspace admin console to restrict the ability of end users to share documents outside of the domain would not apply to service accounts."
	GetGoogleAdminEmail() string
	// GetAllowUnverifiedEmail returns true if unverified emails should be allowed in received users.
	GetAllowUnverifiedEmail() bool
	// GetMaxAge returns the amount of time that user logins are
	// valid for and true if MaxAge is set. If a user logs in, but then
	// does not login again within this time period, they will be forced
	// to re-authenticate.
	GetMaxAge() (time.Duration, bool)
	// GetClientRedirectSettings returns the client redirect settings.
	GetClientRedirectSettings() *SSOClientRedirectSettings
	// GetMFASettings returns the connector's MFA settings.
	GetMFASettings() *OIDCConnectorMFASettings
	// IsMFAEnabled returns whether the connector has MFA enabled.
	IsMFAEnabled() bool
	// WithMFASettings returns the connector will some settings overwritten set from MFA settings.
	WithMFASettings() error
	// IsPKCEEnabled returns true if the connector should add code_challenge information to auth requests.
	IsPKCEEnabled() bool
	// SetPKCEMode will set the pkce mode
	SetPKCEMode(mode constants.OIDCPKCEMode)
	// GetPKCEMode will return the PKCEMode of the connector.
	GetPKCEMode() constants.OIDCPKCEMode
}

OIDCConnector specifies configuration for Open ID Connect compatible external identity provider, e.g. google in some organization

func NewOIDCConnector 

func NewOIDCConnector(name string, spec OIDCConnectorSpecV3) (OIDCConnector, error)

NewOIDCConnector returns a new OIDCConnector based off a name and OIDCConnectorSpecV3.

type OIDCConnectorMFASettings 

type OIDCConnectorMFASettings struct {
	// Enabled specified whether this OIDC connector supports MFA checks. Defaults to false.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// ClientID is the OIDC OAuth app client ID.
	ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// ClientSecret is the OIDC OAuth app client secret.
	ClientSecret string `protobuf:"bytes,3,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	// AcrValues are Authentication Context Class Reference values. The meaning of the ACR
	// value is context-specific and varies for identity providers. Some identity providers
	// support MFA specific contexts, such Okta with its "phr" (phishing-resistant) ACR.
	AcrValues string `protobuf:"bytes,4,opt,name=acr_values,json=acrValues,proto3" json:"acr_values,omitempty"`
	// Prompt is an optional OIDC prompt. An empty string omits prompt.
	// If not specified, it defaults to select_account for backwards compatibility.
	Prompt string `protobuf:"bytes,5,opt,name=prompt,proto3" json:"prompt,omitempty"`
	// MaxAge is the amount of time in nanoseconds that an IdP session is valid for. Defaults to
	// 0 to always force re-authentication for MFA checks. This should only be set to a non-zero
	// value if the IdP is setup to perform MFA checks on top of active user sessions.
	MaxAge               Duration `protobuf:"varint,6,opt,name=max_age,json=maxAge,proto3,casttype=Duration" json:"max_age,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OIDCConnectorMFASettings contains OIDC MFA settings.

func (*OIDCConnectorMFASettings) Descriptor 

func (*OIDCConnectorMFASettings) Descriptor() ([]byte, []int)

func (*OIDCConnectorMFASettings) Marshal 

func (m *OIDCConnectorMFASettings) Marshal() (dAtA []byte, err error)

func (*OIDCConnectorMFASettings) MarshalTo 

func (m *OIDCConnectorMFASettings) MarshalTo(dAtA []byte) (int, error)

func (*OIDCConnectorMFASettings) MarshalToSizedBuffer 

func (m *OIDCConnectorMFASettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OIDCConnectorMFASettings) ProtoMessage 

func (*OIDCConnectorMFASettings) ProtoMessage()

func (*OIDCConnectorMFASettings) Reset 

func (m *OIDCConnectorMFASettings) Reset()

func (*OIDCConnectorMFASettings) Size 

func (m *OIDCConnectorMFASettings) Size() (n int)

func (*OIDCConnectorMFASettings) String 

func (m *OIDCConnectorMFASettings) String() string

func (*OIDCConnectorMFASettings) Unmarshal 

func (m *OIDCConnectorMFASettings) Unmarshal(dAtA []byte) error

func (*OIDCConnectorMFASettings) XXX_DiscardUnknown 

func (m *OIDCConnectorMFASettings) XXX_DiscardUnknown()

func (*OIDCConnectorMFASettings) XXX_Marshal 

func (m *OIDCConnectorMFASettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OIDCConnectorMFASettings) XXX_Merge 

func (m *OIDCConnectorMFASettings) XXX_Merge(src proto.Message)

func (*OIDCConnectorMFASettings) XXX_Size 

func (m *OIDCConnectorMFASettings) XXX_Size() int

func (*OIDCConnectorMFASettings) XXX_Unmarshal 

func (m *OIDCConnectorMFASettings) XXX_Unmarshal(b []byte) error

type OIDCConnectorSpecV3 

type OIDCConnectorSpecV3 struct {
	// IssuerURL is the endpoint of the provider, e.g. https://accounts.google.com.
	IssuerURL string `protobuf:"bytes,1,opt,name=IssuerURL,proto3" json:"issuer_url"`
	// ClientID is the id of the authentication client (Teleport Auth Service).
	ClientID string `protobuf:"bytes,2,opt,name=ClientID,proto3" json:"client_id"`
	// ClientSecret is used to authenticate the client.
	ClientSecret string `protobuf:"bytes,3,opt,name=ClientSecret,proto3" json:"client_secret"`
	// ACR is an Authentication Context Class Reference value. The meaning of the ACR
	// value is context-specific and varies for identity providers.
	ACR string `protobuf:"bytes,5,opt,name=ACR,proto3" json:"acr_values,omitempty"`
	// Provider is the external identity provider.
	Provider string `protobuf:"bytes,6,opt,name=Provider,proto3" json:"provider,omitempty"`
	// Display is the friendly name for this provider.
	Display string `protobuf:"bytes,7,opt,name=Display,proto3" json:"display,omitempty"`
	// Scope specifies additional scopes set by provider.
	Scope []string `protobuf:"bytes,8,rep,name=Scope,proto3" json:"scope,omitempty"`
	// Prompt is an optional OIDC prompt. An empty string omits prompt.
	// If not specified, it defaults to select_account for backwards compatibility.
	Prompt string `protobuf:"bytes,9,opt,name=Prompt,proto3" json:"prompt,omitempty"`
	// ClaimsToRoles specifies a dynamic mapping from claims to roles.
	ClaimsToRoles []ClaimMapping `protobuf:"bytes,10,rep,name=ClaimsToRoles,proto3" json:"claims_to_roles,omitempty"`
	// GoogleServiceAccountURI is a path to a google service account uri.
	GoogleServiceAccountURI string `protobuf:"bytes,11,opt,name=GoogleServiceAccountURI,proto3" json:"google_service_account_uri,omitempty"`
	// GoogleServiceAccount is a string containing google service account credentials.
	GoogleServiceAccount string `protobuf:"bytes,12,opt,name=GoogleServiceAccount,proto3" json:"google_service_account,omitempty"`
	// GoogleAdminEmail is the email of a google admin to impersonate.
	GoogleAdminEmail string `protobuf:"bytes,13,opt,name=GoogleAdminEmail,proto3" json:"google_admin_email,omitempty"`
	// RedirectURLs is a list of callback URLs which the identity provider can use
	// to redirect the client back to the Teleport Proxy to complete authentication.
	// This list should match the URLs on the provider's side. The URL used for a
	// given auth request will be chosen to match the requesting Proxy's public
	// address. If there is no match, the first url in the list will be used.
	RedirectURLs github_com_gravitational_teleport_api_types_wrappers.Strings `` /* 140-byte string literal not displayed */
	// AllowUnverifiedEmail tells the connector to accept OIDC users with unverified emails.
	AllowUnverifiedEmail bool `protobuf:"varint,15,opt,name=AllowUnverifiedEmail,proto3" json:"allow_unverified_email,omitempty"`
	// UsernameClaim specifies the name of the claim from the OIDC connector to be used as the user's username.
	UsernameClaim string `protobuf:"bytes,16,opt,name=UsernameClaim,proto3" json:"username_claim,omitempty"`
	// MaxAge is the amount of time that user logins are
	// valid for. If a user logs in, but then does not login again
	// within this time period, they will be forced to re-authenticate.
	*MaxAge `protobuf:"bytes,17,opt,name=MaxAge,proto3,embedded=MaxAge" json:""`
	// ClientRedirectSettings defines which client redirect URLs are allowed for
	// non-browser SSO logins other than the standard localhost ones.
	ClientRedirectSettings *SSOClientRedirectSettings `protobuf:"bytes,18,opt,name=ClientRedirectSettings,proto3" json:"client_redirect_settings,omitempty"`
	// MFASettings contains settings to enable SSO MFA checks through this auth connector.
	MFASettings *OIDCConnectorMFASettings `protobuf:"bytes,19,opt,name=MFASettings,proto3" json:"mfa,omitempty"`
	// PKCEMode represents the configuration state for PKCE (Proof Key for Code Exchange). It can be "enabled" or "disabled"
	PKCEMode             string   `protobuf:"bytes,20,opt,name=PKCEMode,proto3" json:"pkce_mode,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OIDCConnectorSpecV3 is an OIDC connector specification.

It specifies configuration for Open ID Connect compatible external identity provider: https://openid.net/specs/openid-connect-core-1_0.html

func (*OIDCConnectorSpecV3) Descriptor 

func (*OIDCConnectorSpecV3) Descriptor() ([]byte, []int)

func (*OIDCConnectorSpecV3) Marshal 

func (m *OIDCConnectorSpecV3) Marshal() (dAtA []byte, err error)

func (*OIDCConnectorSpecV3) MarshalTo 

func (m *OIDCConnectorSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*OIDCConnectorSpecV3) MarshalToSizedBuffer 

func (m *OIDCConnectorSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OIDCConnectorSpecV3) ProtoMessage 

func (*OIDCConnectorSpecV3) ProtoMessage()

func (*OIDCConnectorSpecV3) Reset 

func (m *OIDCConnectorSpecV3) Reset()

func (*OIDCConnectorSpecV3) Size 

func (m *OIDCConnectorSpecV3) Size() (n int)

func (*OIDCConnectorSpecV3) String 

func (m *OIDCConnectorSpecV3) String() string

func (*OIDCConnectorSpecV3) Unmarshal 

func (m *OIDCConnectorSpecV3) Unmarshal(dAtA []byte) error

func (*OIDCConnectorSpecV3) XXX_DiscardUnknown 

func (m *OIDCConnectorSpecV3) XXX_DiscardUnknown()

func (*OIDCConnectorSpecV3) XXX_Marshal 

func (m *OIDCConnectorSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OIDCConnectorSpecV3) XXX_Merge 

func (m *OIDCConnectorSpecV3) XXX_Merge(src proto.Message)

func (*OIDCConnectorSpecV3) XXX_Size 

func (m *OIDCConnectorSpecV3) XXX_Size() int

func (*OIDCConnectorSpecV3) XXX_Unmarshal 

func (m *OIDCConnectorSpecV3) XXX_Unmarshal(b []byte) error

type OIDCConnectorV3 

type OIDCConnectorV3 struct {
	// Kind is a resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v3`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata holds resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is an OIDC connector specification.
	Spec                 OIDCConnectorSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

OIDCConnectorV3 represents an OIDC connector.

func (*OIDCConnectorV3) CheckAndSetDefaults 

func (o *OIDCConnectorV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and set default values for any missing fields.

func (*OIDCConnectorV3) Descriptor 

func (*OIDCConnectorV3) Descriptor() ([]byte, []int)

func (*OIDCConnectorV3) Expiry 

func (o *OIDCConnectorV3) Expiry() time.Time

Expiry returns object expiry setting

func (*OIDCConnectorV3) GetACR 

func (o *OIDCConnectorV3) GetACR() string

GetACR returns the Authentication Context Class Reference (ACR) value.

func (*OIDCConnectorV3) GetAllowUnverifiedEmail 

func (o *OIDCConnectorV3) GetAllowUnverifiedEmail() bool

GetAllowUnverifiedEmail returns true if unverified emails should be allowed in received users.

func (*OIDCConnectorV3) GetClaims 

func (o *OIDCConnectorV3) GetClaims() []string

GetClaims returns list of claims expected by mappings

func (*OIDCConnectorV3) GetClaimsToRoles 

func (o *OIDCConnectorV3) GetClaimsToRoles() []ClaimMapping

GetClaimsToRoles specifies dynamic mapping from claims to roles

func (*OIDCConnectorV3) GetClientID 

func (o *OIDCConnectorV3) GetClientID() string

GetClientID is id for authentication client (in our case it's our Auth server)

func (*OIDCConnectorV3) GetClientRedirectSettings 

func (o *OIDCConnectorV3) GetClientRedirectSettings() *SSOClientRedirectSettings

GetClientRedirectSettings returns the client redirect settings.

func (*OIDCConnectorV3) GetClientSecret 

func (o *OIDCConnectorV3) GetClientSecret() string

GetClientSecret is used to authenticate our client and should not be visible to end user

func (*OIDCConnectorV3) GetDisplay 

func (o *OIDCConnectorV3) GetDisplay() string

GetDisplay - Friendly name for this provider.

func (*OIDCConnectorV3) GetGoogleAdminEmail 

func (o *OIDCConnectorV3) GetGoogleAdminEmail() string

GetGoogleAdminEmail returns a google admin user email

func (*OIDCConnectorV3) GetGoogleServiceAccount 

func (o *OIDCConnectorV3) GetGoogleServiceAccount() string

GetGoogleServiceAccount returns a string representing a Google service account

func (*OIDCConnectorV3) GetGoogleServiceAccountURI 

func (o *OIDCConnectorV3) GetGoogleServiceAccountURI() string

GetGoogleServiceAccountURI returns an optional path to google service account file

func (*OIDCConnectorV3) GetIssuerURL 

func (o *OIDCConnectorV3) GetIssuerURL() string

GetIssuerURL is the endpoint of the provider, e.g. https://accounts.google.com

func (*OIDCConnectorV3) GetKind 

func (o *OIDCConnectorV3) GetKind() string

GetKind returns resource kind

func (*OIDCConnectorV3) GetMFASettings 

func (o *OIDCConnectorV3) GetMFASettings() *OIDCConnectorMFASettings

GetMFASettings returns the connector's MFA settings.

func (*OIDCConnectorV3) GetMaxAge 

func (o *OIDCConnectorV3) GetMaxAge() (time.Duration, bool)

GetMaxAge returns the amount of time that user logins are valid for and true if MaxAge is set. If a user logs in, but then does not login again within this time period, they will be forced to re-authenticate.

func (*OIDCConnectorV3) GetMetadata 

func (o *OIDCConnectorV3) GetMetadata() Metadata

GetMetadata returns object metadata

func (*OIDCConnectorV3) GetName 

func (o *OIDCConnectorV3) GetName() string

GetName returns the name of the connector

func (*OIDCConnectorV3) GetPKCEMode 

func (o *OIDCConnectorV3) GetPKCEMode() constants.OIDCPKCEMode

GetPKCEMode will return the PKCEMode of the connector.

func (*OIDCConnectorV3) GetPrompt 

func (o *OIDCConnectorV3) GetPrompt() string

GetPrompt returns OIDC prompt value, * if not set, default to select_account for backwards compatibility * if set to none, it will be omitted * and any other non empty value, pass it as is

func (*OIDCConnectorV3) GetProvider 

func (o *OIDCConnectorV3) GetProvider() string

GetProvider returns the identity provider.

func (*OIDCConnectorV3) GetRedirectURLs 

func (o *OIDCConnectorV3) GetRedirectURLs() []string

GetRedirectURLs returns a list of the connector's redirect URLs.

func (*OIDCConnectorV3) GetRevision 

func (o *OIDCConnectorV3) GetRevision() string

GetRevision returns the revision

func (*OIDCConnectorV3) GetScope 

func (o *OIDCConnectorV3) GetScope() []string

GetScope is additional scopes set by provider

func (*OIDCConnectorV3) GetSubKind 

func (o *OIDCConnectorV3) GetSubKind() string

GetSubKind returns resource sub kind

func (*OIDCConnectorV3) GetTraitMappings 

func (o *OIDCConnectorV3) GetTraitMappings() TraitMappingSet

GetTraitMappings returns the OIDCConnector's TraitMappingSet

func (*OIDCConnectorV3) GetUsernameClaim 

func (o *OIDCConnectorV3) GetUsernameClaim() string

GetUsernameClaim gets the name of the claim from the OIDC connector to be used as the user's username.

func (*OIDCConnectorV3) GetVersion 

func (o *OIDCConnectorV3) GetVersion() string

GetVersion returns resource version

func (*OIDCConnectorV3) IsMFAEnabled 

func (o *OIDCConnectorV3) IsMFAEnabled() bool

IsMFAEnabled returns whether the connector has MFA enabled.

func (*OIDCConnectorV3) IsPKCEEnabled 

func (o *OIDCConnectorV3) IsPKCEEnabled() bool

IsPKCEEnabled returns true if the connector should add code_challenge information to auth requests.

func (*OIDCConnectorV3) Marshal 

func (m *OIDCConnectorV3) Marshal() (dAtA []byte, err error)

func (*OIDCConnectorV3) MarshalTo 

func (m *OIDCConnectorV3) MarshalTo(dAtA []byte) (int, error)

func (*OIDCConnectorV3) MarshalToSizedBuffer 

func (m *OIDCConnectorV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OIDCConnectorV3) Origin 

func (o *OIDCConnectorV3) Origin() string

Origin returns the origin value of the resource.

func (*OIDCConnectorV3) ProtoMessage 

func (*OIDCConnectorV3) ProtoMessage()

func (*OIDCConnectorV3) Reset 

func (m *OIDCConnectorV3) Reset()

func (*OIDCConnectorV3) SetACR 

func (o *OIDCConnectorV3) SetACR(acrValue string)

SetACR sets the Authentication Context Class Reference (ACR) value.

func (*OIDCConnectorV3) SetClaimsToRoles 

func (o *OIDCConnectorV3) SetClaimsToRoles(claims []ClaimMapping)

SetClaimsToRoles sets dynamic mapping from claims to roles

func (*OIDCConnectorV3) SetClientID 

func (o *OIDCConnectorV3) SetClientID(clintID string)

SetClientID sets id for authentication client (in our case it's our Auth server)

func (*OIDCConnectorV3) SetClientSecret 

func (o *OIDCConnectorV3) SetClientSecret(secret string)

SetClientSecret sets client secret to some value

func (*OIDCConnectorV3) SetDisplay 

func (o *OIDCConnectorV3) SetDisplay(display string)

SetDisplay sets friendly name for this provider.

func (*OIDCConnectorV3) SetExpiry 

func (o *OIDCConnectorV3) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*OIDCConnectorV3) SetGoogleServiceAccount 

func (o *OIDCConnectorV3) SetGoogleServiceAccount(s string)

SetGoogleServiceAccount sets a string representing a Google service account

func (*OIDCConnectorV3) SetIssuerURL 

func (o *OIDCConnectorV3) SetIssuerURL(issuerURL string)

SetIssuerURL sets client secret to some value

func (*OIDCConnectorV3) SetName 

func (o *OIDCConnectorV3) SetName(name string)

SetName sets client secret to some value

func (*OIDCConnectorV3) SetOrigin 

func (o *OIDCConnectorV3) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*OIDCConnectorV3) SetPKCEMode 

func (o *OIDCConnectorV3) SetPKCEMode(mode constants.OIDCPKCEMode)

SetPKCEMode will set the pkce mode

func (*OIDCConnectorV3) SetPrompt 

func (o *OIDCConnectorV3) SetPrompt(p string)

SetPrompt sets OIDC prompt value

func (*OIDCConnectorV3) SetProvider 

func (o *OIDCConnectorV3) SetProvider(identityProvider string)

SetProvider sets the identity provider.

func (*OIDCConnectorV3) SetRedirectURLs 

func (o *OIDCConnectorV3) SetRedirectURLs(redirectURLs []string)

SetRedirectURLs sets the list of redirectURLs

func (*OIDCConnectorV3) SetRevision 

func (o *OIDCConnectorV3) SetRevision(rev string)

SetRevision sets the revision

func (*OIDCConnectorV3) SetScope 

func (o *OIDCConnectorV3) SetScope(scope []string)

SetScope sets additional scopes set by provider

func (*OIDCConnectorV3) SetSubKind 

func (o *OIDCConnectorV3) SetSubKind(s string)

SetSubKind sets resource subkind

func (*OIDCConnectorV3) Size 

func (m *OIDCConnectorV3) Size() (n int)

func (*OIDCConnectorV3) String 

func (m *OIDCConnectorV3) String() string

func (*OIDCConnectorV3) Unmarshal 

func (m *OIDCConnectorV3) Unmarshal(dAtA []byte) error

func (*OIDCConnectorV3) V3 

func (o *OIDCConnectorV3) V3() *OIDCConnectorV3

V3 returns V3 version of the resource

func (*OIDCConnectorV3) Validate 

func (o *OIDCConnectorV3) Validate() error

Validate will preform checks not found in CheckAndSetDefaults that should only be preformed when the OIDC connector resource itself is being created or updated, not when a OIDCConnector object is being created or updated.

func (*OIDCConnectorV3) WithMFASettings 

func (o *OIDCConnectorV3) WithMFASettings() error

WithMFASettings returns the connector will some settings overwritten set from MFA settings.

func (*OIDCConnectorV3) WithoutSecrets 

func (o *OIDCConnectorV3) WithoutSecrets() Resource

WithoutSecrets returns an instance of resource without secrets.

func (*OIDCConnectorV3) XXX_DiscardUnknown 

func (m *OIDCConnectorV3) XXX_DiscardUnknown()

func (*OIDCConnectorV3) XXX_Marshal 

func (m *OIDCConnectorV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OIDCConnectorV3) XXX_Merge 

func (m *OIDCConnectorV3) XXX_Merge(src proto.Message)

func (*OIDCConnectorV3) XXX_Size 

func (m *OIDCConnectorV3) XXX_Size() int

func (*OIDCConnectorV3) XXX_Unmarshal 

func (m *OIDCConnectorV3) XXX_Unmarshal(b []byte) error

type OIDCConnectorV3List 

type OIDCConnectorV3List struct {
	// OIDCConnectors is a list of OIDC connectors.
	OIDCConnectors       []*OIDCConnectorV3 `protobuf:"bytes,1,rep,name=OIDCConnectors,proto3" json:"OIDCConnectors,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

OIDCConnectorV3List is a list of OIDC connectors.

func (*OIDCConnectorV3List) Descriptor 

func (*OIDCConnectorV3List) Descriptor() ([]byte, []int)

func (*OIDCConnectorV3List) Marshal 

func (m *OIDCConnectorV3List) Marshal() (dAtA []byte, err error)

func (*OIDCConnectorV3List) MarshalTo 

func (m *OIDCConnectorV3List) MarshalTo(dAtA []byte) (int, error)

func (*OIDCConnectorV3List) MarshalToSizedBuffer 

func (m *OIDCConnectorV3List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OIDCConnectorV3List) ProtoMessage 

func (*OIDCConnectorV3List) ProtoMessage()

func (*OIDCConnectorV3List) Reset 

func (m *OIDCConnectorV3List) Reset()

func (*OIDCConnectorV3List) Size 

func (m *OIDCConnectorV3List) Size() (n int)

func (*OIDCConnectorV3List) String 

func (m *OIDCConnectorV3List) String() string

func (*OIDCConnectorV3List) Unmarshal 

func (m *OIDCConnectorV3List) Unmarshal(dAtA []byte) error

func (*OIDCConnectorV3List) XXX_DiscardUnknown 

func (m *OIDCConnectorV3List) XXX_DiscardUnknown()

func (*OIDCConnectorV3List) XXX_Marshal 

func (m *OIDCConnectorV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OIDCConnectorV3List) XXX_Merge 

func (m *OIDCConnectorV3List) XXX_Merge(src proto.Message)

func (*OIDCConnectorV3List) XXX_Size 

func (m *OIDCConnectorV3List) XXX_Size() int

func (*OIDCConnectorV3List) XXX_Unmarshal 

func (m *OIDCConnectorV3List) XXX_Unmarshal(b []byte) error

type OIDCIdentity 

type OIDCIdentity struct {
	// ID is populated from "subject" claim.
	ID string
	// Name of user. Empty in current version of library.
	Name string
	// Email is populated from "email" claim.
	Email string
	// ExpiresAt populated from "exp" claim, represents expiry time.
	ExpiresAt time.Time
}

OIDCIdentity is a redefinition of oidc.Identity with additional methods, required for serialization to/from protobuf. With those we can reference it with an option like so: `(gogoproto.customtype) = "OIDCIdentity"`

func (*OIDCIdentity) MarshalTo 

func (a *OIDCIdentity) MarshalTo(bytes []byte) (int, error)

MarshalTo marshals the object to sized buffer

func (*OIDCIdentity) Size 

func (a *OIDCIdentity) Size() int

Size returns size of the object when marshaled

func (*OIDCIdentity) Unmarshal 

func (a *OIDCIdentity) Unmarshal(bytes []byte) error

Unmarshal the object from provided buffer.

type OktaAssignment 

type OktaAssignment interface {
	ResourceWithLabels

	// SetMetadata will set the metadata for the Okta assignment.
	SetMetadata(metadata Metadata)
	// GetUser will return the user that the Okta assignment actions applies to.
	GetUser() string
	// GetTargets will return the list of targets that will be assigned as part of this assignment.
	GetTargets() []OktaAssignmentTarget
	// GetCleanupTime will return the optional time that the assignment should be cleaned up.
	GetCleanupTime() time.Time
	// SetCleanupTime will set the cleanup time.
	SetCleanupTime(time.Time)
	// GetStatus gets the status of the assignment.
	GetStatus() string
	// SetStatus sets the status of the eassignment. Only allows valid transitions.
	SetStatus(status string) error
	// SetLastTransition sets the last transition time.
	SetLastTransition(time.Time)
	// GetLastTransition returns the time that the action last transitioned.
	GetLastTransition() time.Time
	// IsFinalized returns the finalized state.
	IsFinalized() bool
	// SetFinalized sets the finalized state
	SetFinalized(bool)
	// Copy returns a copy of this Okta assignment resource.
	Copy() OktaAssignment
}

OktaAssignment is a representation of an action or set of actions taken by Teleport to assign Okta users to applications or groups. When modifying this object, please make sure to update tool/tctl/common/oktaassignment to reflect any new fields that were added.

func NewOktaAssignment 

func NewOktaAssignment(metadata Metadata, spec OktaAssignmentSpecV1) (OktaAssignment, error)

NewOktaAssignment creates a new Okta assignment object.

type OktaAssignmentSpecV1 

type OktaAssignmentSpecV1 struct {
	// User is the user that these actions will be applied to.
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// Targets is a list of Okta targets to take on a user.
	Targets []*OktaAssignmentTargetV1 `protobuf:"bytes,2,rep,name=Targets,proto3" json:"targets"`
	// CleanupTime is an optional field that notes when the assignment should be cleaned up.
	// If absent, the assignment will never be cleaned up.
	CleanupTime time.Time `protobuf:"bytes,3,opt,name=CleanupTime,proto3,stdtime" json:"cleanup_time"`
	// Status is the status of the assignment.
	Status OktaAssignmentSpecV1_OktaAssignmentStatus `protobuf:"varint,4,opt,name=status,proto3,enum=types.OktaAssignmentSpecV1_OktaAssignmentStatus" json:"status"`
	// LastTransition is an optional field that notes when the last state transition
	// occurred for this action. If absent, this object has never transitioned.
	LastTransition time.Time `protobuf:"bytes,5,opt,name=LastTransition,proto3,stdtime" json:"last_transition"`
	// Finalized is set when the assignment has been properly cleaned up.
	Finalized            bool     `protobuf:"varint,6,opt,name=Finalized,proto3" json:"finalized"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OktaAssignmentSpecV1 is a Okta assignment specification.

func (*OktaAssignmentSpecV1) Descriptor 

func (*OktaAssignmentSpecV1) Descriptor() ([]byte, []int)

func (*OktaAssignmentSpecV1) Marshal 

func (m *OktaAssignmentSpecV1) Marshal() (dAtA []byte, err error)

func (*OktaAssignmentSpecV1) MarshalTo 

func (m *OktaAssignmentSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*OktaAssignmentSpecV1) MarshalToSizedBuffer 

func (m *OktaAssignmentSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OktaAssignmentSpecV1) ProtoMessage 

func (*OktaAssignmentSpecV1) ProtoMessage()

func (*OktaAssignmentSpecV1) Reset 

func (m *OktaAssignmentSpecV1) Reset()

func (*OktaAssignmentSpecV1) Size 

func (m *OktaAssignmentSpecV1) Size() (n int)

func (*OktaAssignmentSpecV1) String 

func (m *OktaAssignmentSpecV1) String() string

func (*OktaAssignmentSpecV1) Unmarshal 

func (m *OktaAssignmentSpecV1) Unmarshal(dAtA []byte) error

func (*OktaAssignmentSpecV1) XXX_DiscardUnknown 

func (m *OktaAssignmentSpecV1) XXX_DiscardUnknown()

func (*OktaAssignmentSpecV1) XXX_Marshal 

func (m *OktaAssignmentSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OktaAssignmentSpecV1) XXX_Merge 

func (m *OktaAssignmentSpecV1) XXX_Merge(src proto.Message)

func (*OktaAssignmentSpecV1) XXX_Size 

func (m *OktaAssignmentSpecV1) XXX_Size() int

func (*OktaAssignmentSpecV1) XXX_Unmarshal 

func (m *OktaAssignmentSpecV1) XXX_Unmarshal(b []byte) error

type OktaAssignmentSpecV1_OktaAssignmentStatus 

type OktaAssignmentSpecV1_OktaAssignmentStatus int32

OktaAssignmentStatus represents the status of an Okta assignment. 

const (
	// UNKNOWN indicates the status is not set.
	OktaAssignmentSpecV1_UNKNOWN OktaAssignmentSpecV1_OktaAssignmentStatus = 0
	// PENDING indicates the action has not yet been applied.
	OktaAssignmentSpecV1_PENDING OktaAssignmentSpecV1_OktaAssignmentStatus = 1
	// PROCESSSING indicates that the assignment is being applied.
	OktaAssignmentSpecV1_PROCESSING OktaAssignmentSpecV1_OktaAssignmentStatus = 2
	// SUCCESSFUL indicates the action was applied successfully.
	OktaAssignmentSpecV1_SUCCESSFUL OktaAssignmentSpecV1_OktaAssignmentStatus = 3
	// FAILED indicates the action was not applied successfully. It will be retried.
	OktaAssignmentSpecV1_FAILED OktaAssignmentSpecV1_OktaAssignmentStatus = 4
)

func OktaAssignmentStatusToProto 

func OktaAssignmentStatusToProto(status string) OktaAssignmentSpecV1_OktaAssignmentStatus

OktaAssignmentStatusToProto will convert the internal notion of an Okta status into the Okta status message understood by protobuf.

func (OktaAssignmentSpecV1_OktaAssignmentStatus) EnumDescriptor 

func (OktaAssignmentSpecV1_OktaAssignmentStatus) EnumDescriptor() ([]byte, []int)

func (OktaAssignmentSpecV1_OktaAssignmentStatus) String 

func (x OktaAssignmentSpecV1_OktaAssignmentStatus) String() string

type OktaAssignmentTarget 

type OktaAssignmentTarget interface {
	// GetTargetType returns the target type.
	GetTargetType() string
	// GetID returns the ID of the target.
	GetID() string
}

OktaAssignmentTarget is an target for an Okta assignment.

type OktaAssignmentTargetV1 

type OktaAssignmentTargetV1 struct {
	// Type is the type of Okta resource this assignment is targeting.
	Type OktaAssignmentTargetV1_OktaAssignmentTargetType `protobuf:"varint,1,opt,name=type,proto3,enum=types.OktaAssignmentTargetV1_OktaAssignmentTargetType" json:"type"`
	// ID is the ID of the Okta resource that's being targeted.
	Id                   string   `protobuf:"bytes,2,opt,name=id,proto3" json:"id"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OktaAssignmentTargetV1 is a target of an Okta assignment.

func (*OktaAssignmentTargetV1) Descriptor 

func (*OktaAssignmentTargetV1) Descriptor() ([]byte, []int)

func (*OktaAssignmentTargetV1) GetID 

func (o *OktaAssignmentTargetV1) GetID() string

GetID returns the ID of the action target.

func (*OktaAssignmentTargetV1) GetTargetType 

func (o *OktaAssignmentTargetV1) GetTargetType() string

GetTargetType returns the target type.

func (*OktaAssignmentTargetV1) Marshal 

func (m *OktaAssignmentTargetV1) Marshal() (dAtA []byte, err error)

func (*OktaAssignmentTargetV1) MarshalTo 

func (m *OktaAssignmentTargetV1) MarshalTo(dAtA []byte) (int, error)

func (*OktaAssignmentTargetV1) MarshalToSizedBuffer 

func (m *OktaAssignmentTargetV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OktaAssignmentTargetV1) ProtoMessage 

func (*OktaAssignmentTargetV1) ProtoMessage()

func (*OktaAssignmentTargetV1) Reset 

func (m *OktaAssignmentTargetV1) Reset()

func (*OktaAssignmentTargetV1) Size 

func (m *OktaAssignmentTargetV1) Size() (n int)

func (*OktaAssignmentTargetV1) String 

func (m *OktaAssignmentTargetV1) String() string

func (*OktaAssignmentTargetV1) Unmarshal 

func (m *OktaAssignmentTargetV1) Unmarshal(dAtA []byte) error

func (*OktaAssignmentTargetV1) XXX_DiscardUnknown 

func (m *OktaAssignmentTargetV1) XXX_DiscardUnknown()

func (*OktaAssignmentTargetV1) XXX_Marshal 

func (m *OktaAssignmentTargetV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OktaAssignmentTargetV1) XXX_Merge 

func (m *OktaAssignmentTargetV1) XXX_Merge(src proto.Message)

func (*OktaAssignmentTargetV1) XXX_Size 

func (m *OktaAssignmentTargetV1) XXX_Size() int

func (*OktaAssignmentTargetV1) XXX_Unmarshal 

func (m *OktaAssignmentTargetV1) XXX_Unmarshal(b []byte) error

type OktaAssignmentTargetV1_OktaAssignmentTargetType 

type OktaAssignmentTargetV1_OktaAssignmentTargetType int32

OktaAssignmentTargetType is the type of Okta object that an assignment is targeting. 

const (
	// UNKNOWN indicates the target is unknown.
	OktaAssignmentTargetV1_UNKNOWN OktaAssignmentTargetV1_OktaAssignmentTargetType = 0
	// APPLICATION indicates the target is an application.
	OktaAssignmentTargetV1_APPLICATION OktaAssignmentTargetV1_OktaAssignmentTargetType = 1
	// GROUP indicates the target is a group.
	OktaAssignmentTargetV1_GROUP OktaAssignmentTargetV1_OktaAssignmentTargetType = 2
)

func (OktaAssignmentTargetV1_OktaAssignmentTargetType) EnumDescriptor 

func (OktaAssignmentTargetV1_OktaAssignmentTargetType) EnumDescriptor() ([]byte, []int)

func (OktaAssignmentTargetV1_OktaAssignmentTargetType) String 

func (x OktaAssignmentTargetV1_OktaAssignmentTargetType) String() string

type OktaAssignmentV1 

type OktaAssignmentV1 struct {
	// Header is the resource header for the Okta assignment.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the specification for the Okta assignment.
	Spec                 OktaAssignmentSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

OktaAssignmentV1 is a representation of an action or set of actions taken by Teleport to assign Okta users to applications or groups.

func (*OktaAssignmentV1) CheckAndSetDefaults 

func (o *OktaAssignmentV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*OktaAssignmentV1) Copy 

func (o *OktaAssignmentV1) Copy() OktaAssignment

Copy returns a copy of this Okta assignment resource.

func (*OktaAssignmentV1) Descriptor 

func (*OktaAssignmentV1) Descriptor() ([]byte, []int)

func (*OktaAssignmentV1) GetCleanupTime 

func (o *OktaAssignmentV1) GetCleanupTime() time.Time

GetCleanupTime will return the optional time that the assignment should be cleaned up.

func (*OktaAssignmentV1) GetLastTransition 

func (o *OktaAssignmentV1) GetLastTransition() time.Time

GetLastTransition returns the optional time that the action last transitioned.

func (*OktaAssignmentV1) GetStatus 

func (o *OktaAssignmentV1) GetStatus() string

GetStatus gets the status of the assignment.

func (*OktaAssignmentV1) GetTargets 

func (o *OktaAssignmentV1) GetTargets() []OktaAssignmentTarget

GetTargets returns the targets associated with the Okta assignment.

func (*OktaAssignmentV1) GetUser 

func (o *OktaAssignmentV1) GetUser() string

GetUser returns the user that the actions will be applied to.

func (*OktaAssignmentV1) IsEqual 

func (o *OktaAssignmentV1) IsEqual(i OktaAssignment) bool

IsEqual determines if two okta assignment resources are equivalent to one another.

func (*OktaAssignmentV1) IsFinalized 

func (o *OktaAssignmentV1) IsFinalized() bool

IsFinalized returns the finalized state.

func (*OktaAssignmentV1) Marshal 

func (m *OktaAssignmentV1) Marshal() (dAtA []byte, err error)

func (*OktaAssignmentV1) MarshalTo 

func (m *OktaAssignmentV1) MarshalTo(dAtA []byte) (int, error)

func (*OktaAssignmentV1) MarshalToSizedBuffer 

func (m *OktaAssignmentV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OktaAssignmentV1) MatchSearch 

func (o *OktaAssignmentV1) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*OktaAssignmentV1) ProtoMessage 

func (*OktaAssignmentV1) ProtoMessage()

func (*OktaAssignmentV1) Reset 

func (m *OktaAssignmentV1) Reset()

func (*OktaAssignmentV1) SetCleanupTime 

func (o *OktaAssignmentV1) SetCleanupTime(cleanupTime time.Time)

SetCleanupTime will set the cleanup time.

func (*OktaAssignmentV1) SetFinalized 

func (o *OktaAssignmentV1) SetFinalized(finalized bool)

SetFinalized sets the finalized state

func (*OktaAssignmentV1) SetLastTransition 

func (o *OktaAssignmentV1) SetLastTransition(time time.Time)

SetLastTransition sets the last transition time.

func (*OktaAssignmentV1) SetMetadata 

func (o *OktaAssignmentV1) SetMetadata(metadata Metadata)

SetMetadata will set the metadata for the Okta assignment.

func (*OktaAssignmentV1) SetStatus 

func (o *OktaAssignmentV1) SetStatus(status string) error

SetStatus sets the status of the eassignment. Only allows valid transitions.

Valid transitions are: * PENDING -> (PROCESSING) * PROCESSING -> (SUCCESSFUL, FAILED, PROCESSING) * SUCCESSFUL -> (PROCESSING) * FAILED -> (PROCESSING)

func (*OktaAssignmentV1) Size 

func (m *OktaAssignmentV1) Size() (n int)

func (*OktaAssignmentV1) String 

func (o *OktaAssignmentV1) String() string

String returns the Okta assignment rule string representation.

func (*OktaAssignmentV1) Unmarshal 

func (m *OktaAssignmentV1) Unmarshal(dAtA []byte) error

func (*OktaAssignmentV1) XXX_DiscardUnknown 

func (m *OktaAssignmentV1) XXX_DiscardUnknown()

func (*OktaAssignmentV1) XXX_Marshal 

func (m *OktaAssignmentV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OktaAssignmentV1) XXX_Merge 

func (m *OktaAssignmentV1) XXX_Merge(src proto.Message)

func (*OktaAssignmentV1) XXX_Size 

func (m *OktaAssignmentV1) XXX_Size() int

func (*OktaAssignmentV1) XXX_Unmarshal 

func (m *OktaAssignmentV1) XXX_Unmarshal(b []byte) error

type OktaAssignments 

type OktaAssignments []OktaAssignment

OktaAssignments is a list of OktaAssignment resources.

func (OktaAssignments) AsResources 

func (o OktaAssignments) AsResources() ResourcesWithLabels

AsResources returns these Okta assignments as resources with labels.

func (OktaAssignments) Len 

func (o OktaAssignments) Len() int

Len returns the slice length.

func (OktaAssignments) Less 

func (o OktaAssignments) Less(i, j int) bool

Less compares Okta assignments by name.

func (OktaAssignments) Swap 

func (o OktaAssignments) Swap(i, j int)

Swap swaps two Okta assignments.

func (OktaAssignments) ToMap 

func (o OktaAssignments) ToMap() map[string]OktaAssignment

ToMap returns these Okta assignments as a map keyed by Okta assignment name.

type OktaImportRule 

type OktaImportRule interface {
	ResourceWithLabels

	// GetPriority will return the priority of the Okta import rule.
	GetPriority() int32

	// GetMappings will return the list of mappings for the Okta import rule.
	GetMappings() []OktaImportRuleMapping
	// Clone returns a copy of the Okta import rule.
	Clone() OktaImportRule
}

OktaImportRule specifies a rule for importing and labeling Okta applications and groups.

func NewOktaImportRule 

func NewOktaImportRule(metadata Metadata, spec OktaImportRuleSpecV1) (OktaImportRule, error)

NewOktaImportRule returns a new OktaImportRule.

type OktaImportRuleMapping 

type OktaImportRuleMapping interface {
	// GetMatches returns all matches for a mapping.
	GetMatches() []OktaImportRuleMatch
	// GetAddLabels returns the labels that will be added for a mapping.
	GetAddLabels() map[string]string
}

OktaImportRuleMapping is a list of matches that map match rules to labels.

type OktaImportRuleMappingV1 

type OktaImportRuleMappingV1 struct {
	// Match is a set of matching rules for this mapping. If any of these match, then the mapping will be applied.
	Match []*OktaImportRuleMatchV1 `protobuf:"bytes,1,rep,name=Match,proto3" json:"match"`
	// AddLabels specifies which labels to add if any of the previous matches match.
	AddLabels            map[string]string `` /* 150-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

OktaImportRuleMappingV1 is a list of matches that map match rules to labels.

func (*OktaImportRuleMappingV1) CheckAndSetDefaults 

func (o *OktaImportRuleMappingV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*OktaImportRuleMappingV1) Descriptor 

func (*OktaImportRuleMappingV1) Descriptor() ([]byte, []int)

func (*OktaImportRuleMappingV1) GetAddLabels 

func (o *OktaImportRuleMappingV1) GetAddLabels() map[string]string

GetAddLabels returns the labels that will be added for a mapping.

func (*OktaImportRuleMappingV1) GetMatches 

func (o *OktaImportRuleMappingV1) GetMatches() []OktaImportRuleMatch

GetMatches returns all matches for a mapping.

func (*OktaImportRuleMappingV1) Marshal 

func (m *OktaImportRuleMappingV1) Marshal() (dAtA []byte, err error)

func (*OktaImportRuleMappingV1) MarshalTo 

func (m *OktaImportRuleMappingV1) MarshalTo(dAtA []byte) (int, error)

func (*OktaImportRuleMappingV1) MarshalToSizedBuffer 

func (m *OktaImportRuleMappingV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OktaImportRuleMappingV1) ProtoMessage 

func (*OktaImportRuleMappingV1) ProtoMessage()

func (*OktaImportRuleMappingV1) Reset 

func (m *OktaImportRuleMappingV1) Reset()

func (*OktaImportRuleMappingV1) Size 

func (m *OktaImportRuleMappingV1) Size() (n int)

func (*OktaImportRuleMappingV1) String 

func (m *OktaImportRuleMappingV1) String() string

func (*OktaImportRuleMappingV1) Unmarshal 

func (m *OktaImportRuleMappingV1) Unmarshal(dAtA []byte) error

func (*OktaImportRuleMappingV1) XXX_DiscardUnknown 

func (m *OktaImportRuleMappingV1) XXX_DiscardUnknown()

func (*OktaImportRuleMappingV1) XXX_Marshal 

func (m *OktaImportRuleMappingV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OktaImportRuleMappingV1) XXX_Merge 

func (m *OktaImportRuleMappingV1) XXX_Merge(src proto.Message)

func (*OktaImportRuleMappingV1) XXX_Size 

func (m *OktaImportRuleMappingV1) XXX_Size() int

func (*OktaImportRuleMappingV1) XXX_Unmarshal 

func (m *OktaImportRuleMappingV1) XXX_Unmarshal(b []byte) error

type OktaImportRuleMatch 

type OktaImportRuleMatch interface {
	// GetAppIDs returns whether or not this match contains an App ID match and, if so, the list of app IDs.
	GetAppIDs() (bool, []string)
	// GetGroupIDs returns whether or not this match contains a Group ID match and, if so, the list of app IDs.
	GetGroupIDs() (bool, []string)
	// GetAppNameRegexes returns whether or not this match contains app name regexes and, if so, the regexes.
	GetAppNameRegexes() (bool, []string)
	// GetGroupNameRegexes returns whether or not this match contains group name regexes and, if so, the regexes.
	GetGroupNameRegexes() (bool, []string)
}

OktaImportRuleMatch creates a new Okta import rule match.

type OktaImportRuleMatchV1 

type OktaImportRuleMatchV1 struct {
	// AppIDs is a list of app IDs to match against.
	AppIDs []string `protobuf:"bytes,1,rep,name=AppIDs,proto3" json:"app_ids,omitempty"`
	// GroupIDs is a list of group IDs to match against.
	GroupIDs []string `protobuf:"bytes,2,rep,name=GroupIDs,proto3" json:"group_ids,omitempty"`
	// AppNameRegexes is a list of regexes to match against app names.
	AppNameRegexes []string `protobuf:"bytes,3,rep,name=AppNameRegexes,proto3" json:"app_name_regexes,omitempty"`
	// GroupNameRegexes is a list of regexes to match against group names.
	GroupNameRegexes     []string `protobuf:"bytes,4,rep,name=GroupNameRegexes,proto3" json:"group_name_regexes,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OktaImportRuleMatchV1 is a match rule for a mapping.

func (*OktaImportRuleMatchV1) CheckAndSetDefaults 

func (o *OktaImportRuleMatchV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*OktaImportRuleMatchV1) Descriptor 

func (*OktaImportRuleMatchV1) Descriptor() ([]byte, []int)

func (*OktaImportRuleMatchV1) GetAppIDs 

func (o *OktaImportRuleMatchV1) GetAppIDs() (bool, []string)

GetAppIDs returns whether or not this match contains an App ID match and, if so, the list of app IDs.

func (*OktaImportRuleMatchV1) GetAppNameRegexes 

func (o *OktaImportRuleMatchV1) GetAppNameRegexes() (bool, []string)

GetAppNameRegexes returns whether or not this match contains app name regexes and, if so, the regexes.

func (*OktaImportRuleMatchV1) GetGroupIDs 

func (o *OktaImportRuleMatchV1) GetGroupIDs() (bool, []string)

GetGroupIDs returns whether or not this match contains a Group ID match and, if so, the list of app IDs.

func (*OktaImportRuleMatchV1) GetGroupNameRegexes 

func (o *OktaImportRuleMatchV1) GetGroupNameRegexes() (bool, []string)

GetGroupNameRegexes returns whether or not this match contains group name regexes and, if so, the regexes.

func (*OktaImportRuleMatchV1) Marshal 

func (m *OktaImportRuleMatchV1) Marshal() (dAtA []byte, err error)

func (*OktaImportRuleMatchV1) MarshalTo 

func (m *OktaImportRuleMatchV1) MarshalTo(dAtA []byte) (int, error)

func (*OktaImportRuleMatchV1) MarshalToSizedBuffer 

func (m *OktaImportRuleMatchV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OktaImportRuleMatchV1) ProtoMessage 

func (*OktaImportRuleMatchV1) ProtoMessage()

func (*OktaImportRuleMatchV1) Reset 

func (m *OktaImportRuleMatchV1) Reset()

func (*OktaImportRuleMatchV1) Size 

func (m *OktaImportRuleMatchV1) Size() (n int)

func (*OktaImportRuleMatchV1) String 

func (m *OktaImportRuleMatchV1) String() string

func (*OktaImportRuleMatchV1) Unmarshal 

func (m *OktaImportRuleMatchV1) Unmarshal(dAtA []byte) error

func (*OktaImportRuleMatchV1) XXX_DiscardUnknown 

func (m *OktaImportRuleMatchV1) XXX_DiscardUnknown()

func (*OktaImportRuleMatchV1) XXX_Marshal 

func (m *OktaImportRuleMatchV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OktaImportRuleMatchV1) XXX_Merge 

func (m *OktaImportRuleMatchV1) XXX_Merge(src proto.Message)

func (*OktaImportRuleMatchV1) XXX_Size 

func (m *OktaImportRuleMatchV1) XXX_Size() int

func (*OktaImportRuleMatchV1) XXX_Unmarshal 

func (m *OktaImportRuleMatchV1) XXX_Unmarshal(b []byte) error

type OktaImportRuleSpecV1 

type OktaImportRuleSpecV1 struct {
	// Priority represents the priority of the rule application. Lower numbered rules will be applied first.
	Priority int32 `protobuf:"varint,1,opt,name=Priority,proto3" json:"priority"`
	// Mappings is a list of matches that will map match conditions to labels.
	Mappings             []*OktaImportRuleMappingV1 `protobuf:"bytes,2,rep,name=Mappings,proto3" json:"mappings"`
	XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
	XXX_unrecognized     []byte                     `json:"-"`
	XXX_sizecache        int32                      `json:"-"`
}

OktaImportRuleSpecV1 is a Okta import rule specification.

func (*OktaImportRuleSpecV1) Descriptor 

func (*OktaImportRuleSpecV1) Descriptor() ([]byte, []int)

func (*OktaImportRuleSpecV1) Marshal 

func (m *OktaImportRuleSpecV1) Marshal() (dAtA []byte, err error)

func (*OktaImportRuleSpecV1) MarshalTo 

func (m *OktaImportRuleSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*OktaImportRuleSpecV1) MarshalToSizedBuffer 

func (m *OktaImportRuleSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OktaImportRuleSpecV1) ProtoMessage 

func (*OktaImportRuleSpecV1) ProtoMessage()

func (*OktaImportRuleSpecV1) Reset 

func (m *OktaImportRuleSpecV1) Reset()

func (*OktaImportRuleSpecV1) Size 

func (m *OktaImportRuleSpecV1) Size() (n int)

func (*OktaImportRuleSpecV1) String 

func (m *OktaImportRuleSpecV1) String() string

func (*OktaImportRuleSpecV1) Unmarshal 

func (m *OktaImportRuleSpecV1) Unmarshal(dAtA []byte) error

func (*OktaImportRuleSpecV1) XXX_DiscardUnknown 

func (m *OktaImportRuleSpecV1) XXX_DiscardUnknown()

func (*OktaImportRuleSpecV1) XXX_Marshal 

func (m *OktaImportRuleSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OktaImportRuleSpecV1) XXX_Merge 

func (m *OktaImportRuleSpecV1) XXX_Merge(src proto.Message)

func (*OktaImportRuleSpecV1) XXX_Size 

func (m *OktaImportRuleSpecV1) XXX_Size() int

func (*OktaImportRuleSpecV1) XXX_Unmarshal 

func (m *OktaImportRuleSpecV1) XXX_Unmarshal(b []byte) error

type OktaImportRuleV1 

type OktaImportRuleV1 struct {
	// Header is the resource header for the SAML IdP service provider.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the specification for the Okta import rule.
	Spec                 OktaImportRuleSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

OktaImportRuleV1 is a representation of labeling rules for importing of Okta objects.

func (*OktaImportRuleV1) CheckAndSetDefaults 

func (o *OktaImportRuleV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*OktaImportRuleV1) Clone 

func (o *OktaImportRuleV1) Clone() OktaImportRule

Clone returns a copy of the Okta import rule.

func (*OktaImportRuleV1) Descriptor 

func (*OktaImportRuleV1) Descriptor() ([]byte, []int)

func (*OktaImportRuleV1) GetMappings 

func (o *OktaImportRuleV1) GetMappings() []OktaImportRuleMapping

GetMappings will return the list of mappings for the Okta import rule.

func (*OktaImportRuleV1) GetPriority 

func (o *OktaImportRuleV1) GetPriority() int32

GetPriority will return the priority of the Okta import rule.

func (*OktaImportRuleV1) Marshal 

func (m *OktaImportRuleV1) Marshal() (dAtA []byte, err error)

func (*OktaImportRuleV1) MarshalTo 

func (m *OktaImportRuleV1) MarshalTo(dAtA []byte) (int, error)

func (*OktaImportRuleV1) MarshalToSizedBuffer 

func (m *OktaImportRuleV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OktaImportRuleV1) MatchSearch 

func (o *OktaImportRuleV1) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*OktaImportRuleV1) ProtoMessage 

func (*OktaImportRuleV1) ProtoMessage()

func (*OktaImportRuleV1) Reset 

func (m *OktaImportRuleV1) Reset()

func (*OktaImportRuleV1) Size 

func (m *OktaImportRuleV1) Size() (n int)

func (*OktaImportRuleV1) String 

func (o *OktaImportRuleV1) String() string

String returns the Okta import rule string representation.

func (*OktaImportRuleV1) Unmarshal 

func (m *OktaImportRuleV1) Unmarshal(dAtA []byte) error

func (*OktaImportRuleV1) XXX_DiscardUnknown 

func (m *OktaImportRuleV1) XXX_DiscardUnknown()

func (*OktaImportRuleV1) XXX_Marshal 

func (m *OktaImportRuleV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OktaImportRuleV1) XXX_Merge 

func (m *OktaImportRuleV1) XXX_Merge(src proto.Message)

func (*OktaImportRuleV1) XXX_Size 

func (m *OktaImportRuleV1) XXX_Size() int

func (*OktaImportRuleV1) XXX_Unmarshal 

func (m *OktaImportRuleV1) XXX_Unmarshal(b []byte) error

type OktaOptions 

type OktaOptions struct {
	// SyncPeriod is the duration between synchronization calls in nanoseconds.
	SyncPeriod           Duration `protobuf:"varint,1,opt,name=SyncPeriod,proto3,casttype=Duration" json:"sync_period,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OktaOptions specify options related to the Okta service.

func (*OktaOptions) Descriptor 

func (*OktaOptions) Descriptor() ([]byte, []int)

func (*OktaOptions) Marshal 

func (m *OktaOptions) Marshal() (dAtA []byte, err error)

func (*OktaOptions) MarshalTo 

func (m *OktaOptions) MarshalTo(dAtA []byte) (int, error)

func (*OktaOptions) MarshalToSizedBuffer 

func (m *OktaOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OktaOptions) ProtoMessage 

func (*OktaOptions) ProtoMessage()

func (*OktaOptions) Reset 

func (m *OktaOptions) Reset()

func (*OktaOptions) Size 

func (m *OktaOptions) Size() (n int)

func (*OktaOptions) String 

func (m *OktaOptions) String() string

func (*OktaOptions) Unmarshal 

func (m *OktaOptions) Unmarshal(dAtA []byte) error

func (*OktaOptions) XXX_DiscardUnknown 

func (m *OktaOptions) XXX_DiscardUnknown()

func (*OktaOptions) XXX_Marshal 

func (m *OktaOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OktaOptions) XXX_Merge 

func (m *OktaOptions) XXX_Merge(src proto.Message)

func (*OktaOptions) XXX_Size 

func (m *OktaOptions) XXX_Size() int

func (*OktaOptions) XXX_Unmarshal 

func (m *OktaOptions) XXX_Unmarshal(b []byte) error

type OktaPluginSyncStatusCode 

type OktaPluginSyncStatusCode int32

OktaPluginSyncStatusCode indicates the possible states of an Okta synchronization service. 

const (
	// OKTA_PLUGIN_SYNC_STATUS_CODE_UNSPECIFIED is the status code zero value,
	// indicating that the service has not yet reported a status code.
	OktaPluginSyncStatusCode_OKTA_PLUGIN_SYNC_STATUS_CODE_UNSPECIFIED OktaPluginSyncStatusCode = 0
	// OKTA_PLUGIN_SYNC_STATUS_CODE_SUCCESS indicates that the service is running
	// without error
	OktaPluginSyncStatusCode_OKTA_PLUGIN_SYNC_STATUS_CODE_SUCCESS OktaPluginSyncStatusCode = 1
	// OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR indicates that the service is currently
	// in an error state.
	OktaPluginSyncStatusCode_OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR OktaPluginSyncStatusCode = 2
)

func (OktaPluginSyncStatusCode) EnumDescriptor 

func (OktaPluginSyncStatusCode) EnumDescriptor() ([]byte, []int)

func (OktaPluginSyncStatusCode) String 

func (x OktaPluginSyncStatusCode) String() string

type OktaUserSyncSource 

type OktaUserSyncSource string
const (
	// OktaUserSyncSourceUnknown indicates the user sync source is not set.
	OktaUserSyncSourceUnknown OktaUserSyncSource = "unknown"

	// OktaUserSyncSourceSamlApp indicates users are synchronized from Okta SAML app for the connector assignments.
	OktaUserSyncSourceSamlApp OktaUserSyncSource = "saml_app"

	// OktaUserSyncSourceSamlOrg indicates users are synchronized  Okta organization (legacy).
	OktaUserSyncSourceOrg OktaUserSyncSource = "org"
)

func (OktaUserSyncSource) IsUnknown 

func (s OktaUserSyncSource) IsUnknown() bool

IsUnknown returns true if user sync source is empty or explicitly set to "unknown".

type OnSessionLeaveAction 

type OnSessionLeaveAction string
const (
	// OnSessionLeaveTerminate is a moderated sessions policy constant that terminates
	// a session once the require policy is no longer fulfilled.
	OnSessionLeaveTerminate OnSessionLeaveAction = "terminate"

	// OnSessionLeaveTerminate is a moderated sessions policy constant that pauses
	// a session once the require policies is no longer fulfilled. It is resumed
	// once the requirements are fulfilled again.
	OnSessionLeavePause OnSessionLeaveAction = "pause"
)

type OpType 

type OpType int

OpType specifies operation type 

const (
	// OpUnreliable is used to indicate the event stream has become unreliable
	// for maintaining an up-to-date view of the data.
	OpUnreliable OpType = iota - 2
	// OpInvalid is returned for invalid operations
	OpInvalid
	// OpInit is returned by the system whenever the system
	// is initialized, init operation is always sent
	// as a first event over the channel, so the client
	// can verify that watch has been established.
	OpInit
	// OpPut is returned for Put events
	OpPut
	// OpDelete is returned for Delete events
	OpDelete
	// OpGet is used for tracking, not present in the event stream
	OpGet
)

func (OpType) String 

func (o OpType) String() string

String returns user-friendly description of the operation

type OpenSearch 

type OpenSearch struct {
	// DomainName is the name of the domain.
	DomainName string `protobuf:"bytes,1,opt,name=DomainName,proto3" json:"domain_name,omitempty"`
	// DomainID is the ID of the domain.
	DomainID string `protobuf:"bytes,2,opt,name=DomainID,proto3" json:"domain_id,omitempty"`
	// EndpointType is the type of the endpoint.
	EndpointType         string   `protobuf:"bytes,3,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OpenSearch contains AWS OpenSearch specific metadata.

func (*OpenSearch) Descriptor 

func (*OpenSearch) Descriptor() ([]byte, []int)

func (*OpenSearch) Marshal 

func (m *OpenSearch) Marshal() (dAtA []byte, err error)

func (*OpenSearch) MarshalTo 

func (m *OpenSearch) MarshalTo(dAtA []byte) (int, error)

func (*OpenSearch) MarshalToSizedBuffer 

func (m *OpenSearch) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OpenSearch) ProtoMessage 

func (*OpenSearch) ProtoMessage()

func (*OpenSearch) Reset 

func (m *OpenSearch) Reset()

func (*OpenSearch) Size 

func (m *OpenSearch) Size() (n int)

func (*OpenSearch) String 

func (m *OpenSearch) String() string

func (*OpenSearch) Unmarshal 

func (m *OpenSearch) Unmarshal(dAtA []byte) error

func (*OpenSearch) XXX_DiscardUnknown 

func (m *OpenSearch) XXX_DiscardUnknown()

func (*OpenSearch) XXX_Marshal 

func (m *OpenSearch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OpenSearch) XXX_Merge 

func (m *OpenSearch) XXX_Merge(src proto.Message)

func (*OpenSearch) XXX_Size 

func (m *OpenSearch) XXX_Size() int

func (*OpenSearch) XXX_Unmarshal 

func (m *OpenSearch) XXX_Unmarshal(b []byte) error

type OracleOptions 

type OracleOptions struct {
	// AuditUser is the Oracle database user privilege to access internal Oracle audit trail.
	AuditUser            string   `protobuf:"bytes,1,opt,name=AuditUser,proto3" json:"audit_user"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

OracleOptions contains information about privileged database user used for database audit.

func (*OracleOptions) Descriptor 

func (*OracleOptions) Descriptor() ([]byte, []int)

func (OracleOptions) IsAuditLogEnabled 

func (o OracleOptions) IsAuditLogEnabled() bool

IsAuditLogEnabled returns if Oracle Audit Log was enabled

func (*OracleOptions) Marshal 

func (m *OracleOptions) Marshal() (dAtA []byte, err error)

func (*OracleOptions) MarshalTo 

func (m *OracleOptions) MarshalTo(dAtA []byte) (int, error)

func (*OracleOptions) MarshalToSizedBuffer 

func (m *OracleOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*OracleOptions) ProtoMessage 

func (*OracleOptions) ProtoMessage()

func (*OracleOptions) Reset 

func (m *OracleOptions) Reset()

func (*OracleOptions) Size 

func (m *OracleOptions) Size() (n int)

func (*OracleOptions) String 

func (m *OracleOptions) String() string

func (*OracleOptions) Unmarshal 

func (m *OracleOptions) Unmarshal(dAtA []byte) error

func (*OracleOptions) XXX_DiscardUnknown 

func (m *OracleOptions) XXX_DiscardUnknown()

func (*OracleOptions) XXX_Marshal 

func (m *OracleOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OracleOptions) XXX_Merge 

func (m *OracleOptions) XXX_Merge(src proto.Message)

func (*OracleOptions) XXX_Size 

func (m *OracleOptions) XXX_Size() int

func (*OracleOptions) XXX_Unmarshal 

func (m *OracleOptions) XXX_Unmarshal(b []byte) error

type Participant 

type Participant struct {
	// ID is a unique UUID of this participant for a given session.
	ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id,omitempty"`
	// User is the canonical name of the Teleport user controlling this participant.
	User string `protobuf:"bytes,2,opt,name=User,proto3" json:"user,omitempty"`
	// Mode is the participant mode.
	Mode string `protobuf:"bytes,3,opt,name=Mode,proto3" json:"mode,omitempty"`
	// LastActive is the last time this party was active in the session.
	LastActive           time.Time `protobuf:"bytes,4,opt,name=LastActive,proto3,stdtime" json:"last_active,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

Participant stores information about a participant in the session.

func (*Participant) Descriptor 

func (*Participant) Descriptor() ([]byte, []int)

func (*Participant) Marshal 

func (m *Participant) Marshal() (dAtA []byte, err error)

func (*Participant) MarshalTo 

func (m *Participant) MarshalTo(dAtA []byte) (int, error)

func (*Participant) MarshalToSizedBuffer 

func (m *Participant) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Participant) ProtoMessage 

func (*Participant) ProtoMessage()

func (*Participant) Reset 

func (m *Participant) Reset()

func (*Participant) Size 

func (m *Participant) Size() (n int)

func (*Participant) String 

func (m *Participant) String() string

func (*Participant) Unmarshal 

func (m *Participant) Unmarshal(dAtA []byte) error

func (*Participant) XXX_DiscardUnknown 

func (m *Participant) XXX_DiscardUnknown()

func (*Participant) XXX_Marshal 

func (m *Participant) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Participant) XXX_Merge 

func (m *Participant) XXX_Merge(src proto.Message)

func (*Participant) XXX_Size 

func (m *Participant) XXX_Size() int

func (*Participant) XXX_Unmarshal 

func (m *Participant) XXX_Unmarshal(b []byte) error

type PasswordState 

type PasswordState int32

PasswordState indicates what is known about existence of user's password. 

const (
	// Unable to tell whether the password has been configured.
	PasswordState_PASSWORD_STATE_UNSPECIFIED PasswordState = 0
	// Password is known to be not configured.
	PasswordState_PASSWORD_STATE_UNSET PasswordState = 1
	// Password is known to be configured.
	PasswordState_PASSWORD_STATE_SET PasswordState = 2
)

func (PasswordState) EnumDescriptor 

func (PasswordState) EnumDescriptor() ([]byte, []int)

func (PasswordState) String 

func (x PasswordState) String() string

type Plugin 

type Plugin interface {
	// ResourceWithSecrets provides common resource methods.
	ResourceWithSecrets
	Clone() Plugin
	GetCredentials() PluginCredentials
	GetStatus() PluginStatus
	GetType() PluginType
	SetCredentials(PluginCredentials) error
	SetStatus(PluginStatus) error
	GetGeneration() string
}

Plugin represents a plugin instance

type PluginAWSICSettings 

type PluginAWSICSettings struct {
	// IntegrationName is the Teleport OIDC integration used to gain access to the
	// AWS account. May be empty if [CredentialsSource] is `SYSTEM`.
	// DEPRECATED: Use [Credentials] instead. DELETE in Teleport 19+
	IntegrationName string `protobuf:"bytes,1,opt,name=integration_name,json=integrationName,proto3" json:"integration_name,omitempty"` // Deprecated: Do not use.
	// Region is the AWS region the target Identity Center instance is configured in
	Region string `protobuf:"bytes,2,opt,name=region,proto3" json:"region,omitempty"`
	// InstanceARN is the arn of the Identity Center instance to manage
	Arn string `protobuf:"bytes,3,opt,name=arn,proto3" json:"arn,omitempty"`
	// Provisioning holds settings for provisioning users and groups into AWS
	ProvisioningSpec *AWSICProvisioningSpec `protobuf:"bytes,4,opt,name=provisioning_spec,json=provisioningSpec,proto3" json:"provisioning_spec,omitempty"`
	// AccessListDefaultOwners is a list of default owners for Access List created for
	// user groups imported from AWS Idenity Center.
	AccessListDefaultOwners []string `` /* 134-byte string literal not displayed */
	// SAMLIdPServiceProviderName is the name of a SAML service provider created
	// for the Identity Center.
	SamlIdpServiceProviderName string `` /* 145-byte string literal not displayed */
	// CredentialsSource indicates how the Identity Center plugin should source
	// its AWS login credentials.
	// DEPRECATED: Use [Credentials] instead. DELETE in Teleport 19+
	CredentialsSource AWSICCredentialsSource `` // Deprecated: Do not use.
	/* 147-byte string literal not displayed */
	// UserSyncLabelsFilter specifies a map of key-value pairs used to filter users
	// based on their metadata labels. These filtered users will be provisioned
	// from Teleport to AWS IC via SCIM provisioning.
	// If multiple user_sync_filters are provided the match is combined with OR operator.
	//
	// Example:
	// If Okta is used as the Identity Source and only users originating from Okta
	// should be synced, set the filter to:
	//
	//	[{
	//	  "okta/org": "https://trial-123456.okta.com",
	//	  "teleport.dev/origin": "okta"
	//	}]
	//
	// If AWS IC uses Teleport as the Identity Provider, the filter should remain empty.
	//
	// NOTE: System users are always filtered out by default and will not be provisioned to AWS IC.
	UserSyncFilters []*AWSICUserSyncFilter `protobuf:"bytes,8,rep,name=user_sync_filters,json=userSyncFilters,proto3" json:"user_sync_filters,omitempty"`
	// AwsAccountFilters is an optional allow-list of AWS accounts to import and
	// manage. An empty list implies that all accounts managed by the Identity Center
	// instance will be imported and managed.
	AwsAccountsFilters []*AWSICResourceFilter `protobuf:"bytes,9,rep,name=aws_accounts_filters,json=awsAccountsFilters,proto3" json:"aws_accounts_filters,omitempty"`
	// GroupSyncLabelsFilter is used to specify filters that determine which AWS groups
	// should be included during synchronization.
	GroupSyncFilters []*AWSICResourceFilter `protobuf:"bytes,10,rep,name=group_sync_filters,json=groupSyncFilters,proto3" json:"group_sync_filters,omitempty"`
	// Credentials represents the AWS credentials used by the Identity Center
	// integration
	Credentials          *AWSICCredentials `protobuf:"bytes,11,opt,name=credentials,proto3" json:"credentials,omitempty"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

PluginAWSICSettings holds the settings for an AWS Identity Center integration.

func (*PluginAWSICSettings) CheckAndSetDefaults 

func (c *PluginAWSICSettings) CheckAndSetDefaults() error

func (*PluginAWSICSettings) Descriptor 

func (*PluginAWSICSettings) Descriptor() ([]byte, []int)

func (*PluginAWSICSettings) Equal 

func (this *PluginAWSICSettings) Equal(that interface{}) bool

func (*PluginAWSICSettings) Marshal 

func (m *PluginAWSICSettings) Marshal() (dAtA []byte, err error)

func (*PluginAWSICSettings) MarshalTo 

func (m *PluginAWSICSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginAWSICSettings) MarshalToSizedBuffer 

func (m *PluginAWSICSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginAWSICSettings) ProtoMessage 

func (*PluginAWSICSettings) ProtoMessage()

func (*PluginAWSICSettings) Reset 

func (m *PluginAWSICSettings) Reset()

func (*PluginAWSICSettings) Size 

func (m *PluginAWSICSettings) Size() (n int)

func (*PluginAWSICSettings) String 

func (m *PluginAWSICSettings) String() string

func (*PluginAWSICSettings) Unmarshal 

func (m *PluginAWSICSettings) Unmarshal(dAtA []byte) error

func (*PluginAWSICSettings) XXX_DiscardUnknown 

func (m *PluginAWSICSettings) XXX_DiscardUnknown()

func (*PluginAWSICSettings) XXX_Marshal 

func (m *PluginAWSICSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginAWSICSettings) XXX_Merge 

func (m *PluginAWSICSettings) XXX_Merge(src proto.Message)

func (*PluginAWSICSettings) XXX_Size 

func (m *PluginAWSICSettings) XXX_Size() int

func (*PluginAWSICSettings) XXX_Unmarshal 

func (m *PluginAWSICSettings) XXX_Unmarshal(b []byte) error

type PluginAWSICStatusV1 

type PluginAWSICStatusV1 struct {
	// GroupImportStatus is a status of Identity Center group and group members import.
	GroupImportStatus    *AWSICGroupImportStatus `protobuf:"bytes,1,opt,name=group_import_status,json=groupImportStatus,proto3" json:"group_import_status,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

PluginAWSICStatusV1 defines AWS Identity Center plugin sub-process status.

func (*PluginAWSICStatusV1) Descriptor 

func (*PluginAWSICStatusV1) Descriptor() ([]byte, []int)

func (*PluginAWSICStatusV1) Marshal 

func (m *PluginAWSICStatusV1) Marshal() (dAtA []byte, err error)

func (*PluginAWSICStatusV1) MarshalTo 

func (m *PluginAWSICStatusV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginAWSICStatusV1) MarshalToSizedBuffer 

func (m *PluginAWSICStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginAWSICStatusV1) ProtoMessage 

func (*PluginAWSICStatusV1) ProtoMessage()

func (*PluginAWSICStatusV1) Reset 

func (m *PluginAWSICStatusV1) Reset()

func (*PluginAWSICStatusV1) Size 

func (m *PluginAWSICStatusV1) Size() (n int)

func (*PluginAWSICStatusV1) String 

func (m *PluginAWSICStatusV1) String() string

func (*PluginAWSICStatusV1) Unmarshal 

func (m *PluginAWSICStatusV1) Unmarshal(dAtA []byte) error

func (*PluginAWSICStatusV1) XXX_DiscardUnknown 

func (m *PluginAWSICStatusV1) XXX_DiscardUnknown()

func (*PluginAWSICStatusV1) XXX_Marshal 

func (m *PluginAWSICStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginAWSICStatusV1) XXX_Merge 

func (m *PluginAWSICStatusV1) XXX_Merge(src proto.Message)

func (*PluginAWSICStatusV1) XXX_Size 

func (m *PluginAWSICStatusV1) XXX_Size() int

func (*PluginAWSICStatusV1) XXX_Unmarshal 

func (m *PluginAWSICStatusV1) XXX_Unmarshal(b []byte) error

type PluginBearerTokenCredentials 

type PluginBearerTokenCredentials struct {
	// Token is the literal bearer token to be submitted to the 3rd-party API provider.
	Token                string   `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PluginBearerTokenCredentials) Descriptor 

func (*PluginBearerTokenCredentials) Descriptor() ([]byte, []int)

func (*PluginBearerTokenCredentials) Marshal 

func (m *PluginBearerTokenCredentials) Marshal() (dAtA []byte, err error)

func (*PluginBearerTokenCredentials) MarshalTo 

func (m *PluginBearerTokenCredentials) MarshalTo(dAtA []byte) (int, error)

func (*PluginBearerTokenCredentials) MarshalToSizedBuffer 

func (m *PluginBearerTokenCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginBearerTokenCredentials) ProtoMessage 

func (*PluginBearerTokenCredentials) ProtoMessage()

func (*PluginBearerTokenCredentials) Reset 

func (m *PluginBearerTokenCredentials) Reset()

func (*PluginBearerTokenCredentials) Size 

func (m *PluginBearerTokenCredentials) Size() (n int)

func (*PluginBearerTokenCredentials) String 

func (m *PluginBearerTokenCredentials) String() string

func (*PluginBearerTokenCredentials) Unmarshal 

func (m *PluginBearerTokenCredentials) Unmarshal(dAtA []byte) error

func (*PluginBearerTokenCredentials) XXX_DiscardUnknown 

func (m *PluginBearerTokenCredentials) XXX_DiscardUnknown()

func (*PluginBearerTokenCredentials) XXX_Marshal 

func (m *PluginBearerTokenCredentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginBearerTokenCredentials) XXX_Merge 

func (m *PluginBearerTokenCredentials) XXX_Merge(src proto.Message)

func (*PluginBearerTokenCredentials) XXX_Size 

func (m *PluginBearerTokenCredentials) XXX_Size() int

func (*PluginBearerTokenCredentials) XXX_Unmarshal 

func (m *PluginBearerTokenCredentials) XXX_Unmarshal(b []byte) error

type PluginBootstrapCredentialsV1 

type PluginBootstrapCredentialsV1 struct {
	// Types that are valid to be assigned to Credentials:
	//
	//	*PluginBootstrapCredentialsV1_Oauth2AuthorizationCode
	//	*PluginBootstrapCredentialsV1_BearerToken
	//	*PluginBootstrapCredentialsV1_IdSecret
	Credentials          isPluginBootstrapCredentialsV1_Credentials `protobuf_oneof:"credentials"`
	XXX_NoUnkeyedLiteral struct{}                                   `json:"-"`
	XXX_unrecognized     []byte                                     `json:"-"`
	XXX_sizecache        int32                                      `json:"-"`
}

func (*PluginBootstrapCredentialsV1) Descriptor 

func (*PluginBootstrapCredentialsV1) Descriptor() ([]byte, []int)

func (*PluginBootstrapCredentialsV1) GetBearerToken 

func (m *PluginBootstrapCredentialsV1) GetBearerToken() *PluginBearerTokenCredentials

func (*PluginBootstrapCredentialsV1) GetCredentials 

func (m *PluginBootstrapCredentialsV1) GetCredentials() isPluginBootstrapCredentialsV1_Credentials

func (*PluginBootstrapCredentialsV1) GetIdSecret 

func (m *PluginBootstrapCredentialsV1) GetIdSecret() *PluginIdSecretCredential

func (*PluginBootstrapCredentialsV1) GetOauth2AuthorizationCode 

func (m *PluginBootstrapCredentialsV1) GetOauth2AuthorizationCode() *PluginOAuth2AuthorizationCodeCredentials

func (*PluginBootstrapCredentialsV1) Marshal 

func (m *PluginBootstrapCredentialsV1) Marshal() (dAtA []byte, err error)

func (*PluginBootstrapCredentialsV1) MarshalTo 

func (m *PluginBootstrapCredentialsV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginBootstrapCredentialsV1) MarshalToSizedBuffer 

func (m *PluginBootstrapCredentialsV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginBootstrapCredentialsV1) ProtoMessage 

func (*PluginBootstrapCredentialsV1) ProtoMessage()

func (*PluginBootstrapCredentialsV1) Reset 

func (m *PluginBootstrapCredentialsV1) Reset()

func (*PluginBootstrapCredentialsV1) Size 

func (m *PluginBootstrapCredentialsV1) Size() (n int)

func (*PluginBootstrapCredentialsV1) String 

func (m *PluginBootstrapCredentialsV1) String() string

func (*PluginBootstrapCredentialsV1) Unmarshal 

func (m *PluginBootstrapCredentialsV1) Unmarshal(dAtA []byte) error

func (*PluginBootstrapCredentialsV1) XXX_DiscardUnknown 

func (m *PluginBootstrapCredentialsV1) XXX_DiscardUnknown()

func (*PluginBootstrapCredentialsV1) XXX_Marshal 

func (m *PluginBootstrapCredentialsV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginBootstrapCredentialsV1) XXX_Merge 

func (m *PluginBootstrapCredentialsV1) XXX_Merge(src proto.Message)

func (*PluginBootstrapCredentialsV1) XXX_OneofWrappers 

func (*PluginBootstrapCredentialsV1) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*PluginBootstrapCredentialsV1) XXX_Size 

func (m *PluginBootstrapCredentialsV1) XXX_Size() int

func (*PluginBootstrapCredentialsV1) XXX_Unmarshal 

func (m *PluginBootstrapCredentialsV1) XXX_Unmarshal(b []byte) error

type PluginBootstrapCredentialsV1_BearerToken 

type PluginBootstrapCredentialsV1_BearerToken struct {
	BearerToken *PluginBearerTokenCredentials `protobuf:"bytes,2,opt,name=bearer_token,json=bearerToken,proto3,oneof" json:"bearer_token,omitempty"`
}

func (*PluginBootstrapCredentialsV1_BearerToken) MarshalTo 

func (m *PluginBootstrapCredentialsV1_BearerToken) MarshalTo(dAtA []byte) (int, error)

func (*PluginBootstrapCredentialsV1_BearerToken) MarshalToSizedBuffer 

func (m *PluginBootstrapCredentialsV1_BearerToken) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginBootstrapCredentialsV1_BearerToken) Size 

func (m *PluginBootstrapCredentialsV1_BearerToken) Size() (n int)

type PluginBootstrapCredentialsV1_IdSecret 

type PluginBootstrapCredentialsV1_IdSecret struct {
	IdSecret *PluginIdSecretCredential `protobuf:"bytes,3,opt,name=id_secret,json=idSecret,proto3,oneof" json:"id_secret,omitempty"`
}

func (*PluginBootstrapCredentialsV1_IdSecret) MarshalTo 

func (m *PluginBootstrapCredentialsV1_IdSecret) MarshalTo(dAtA []byte) (int, error)

func (*PluginBootstrapCredentialsV1_IdSecret) MarshalToSizedBuffer 

func (m *PluginBootstrapCredentialsV1_IdSecret) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginBootstrapCredentialsV1_IdSecret) Size 

func (m *PluginBootstrapCredentialsV1_IdSecret) Size() (n int)

type PluginBootstrapCredentialsV1_Oauth2AuthorizationCode 

type PluginBootstrapCredentialsV1_Oauth2AuthorizationCode struct {
	Oauth2AuthorizationCode *PluginOAuth2AuthorizationCodeCredentials `` /* 138-byte string literal not displayed */
}

func (*PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) MarshalTo 

func (m *PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) MarshalTo(dAtA []byte) (int, error)

func (*PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) MarshalToSizedBuffer 

func (m *PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) Size 

func (m *PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) Size() (n int)

type PluginCredentials 

type PluginCredentials interface {
	GetOauth2AccessToken() *PluginOAuth2AccessTokenCredentials
	GetIdSecret() *PluginIdSecretCredential
	GetStaticCredentialsRef() *PluginStaticCredentialsRef
}

PluginCredentials are the credentials embedded in Plugin

type PluginCredentialsV1 

type PluginCredentialsV1 struct {
	// Types that are valid to be assigned to Credentials:
	//
	//	*PluginCredentialsV1_Oauth2AccessToken
	//	*PluginCredentialsV1_BearerToken
	//	*PluginCredentialsV1_IdSecret
	//	*PluginCredentialsV1_StaticCredentialsRef
	Credentials          isPluginCredentialsV1_Credentials `protobuf_oneof:"credentials"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

PluginCredentialsV1 represents "live" credentials that are used by the plugin to authenticate to the 3rd party API.

func (*PluginCredentialsV1) Descriptor 

func (*PluginCredentialsV1) Descriptor() ([]byte, []int)

func (*PluginCredentialsV1) GetBearerToken 

func (m *PluginCredentialsV1) GetBearerToken() *PluginBearerTokenCredentials

func (*PluginCredentialsV1) GetCredentials 

func (m *PluginCredentialsV1) GetCredentials() isPluginCredentialsV1_Credentials

func (*PluginCredentialsV1) GetIdSecret 

func (m *PluginCredentialsV1) GetIdSecret() *PluginIdSecretCredential

func (*PluginCredentialsV1) GetOauth2AccessToken 

func (m *PluginCredentialsV1) GetOauth2AccessToken() *PluginOAuth2AccessTokenCredentials

func (*PluginCredentialsV1) GetStaticCredentialsRef 

func (m *PluginCredentialsV1) GetStaticCredentialsRef() *PluginStaticCredentialsRef

func (*PluginCredentialsV1) Marshal 

func (m *PluginCredentialsV1) Marshal() (dAtA []byte, err error)

func (*PluginCredentialsV1) MarshalTo 

func (m *PluginCredentialsV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginCredentialsV1) MarshalToSizedBuffer 

func (m *PluginCredentialsV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginCredentialsV1) ProtoMessage 

func (*PluginCredentialsV1) ProtoMessage()

func (*PluginCredentialsV1) Reset 

func (m *PluginCredentialsV1) Reset()

func (*PluginCredentialsV1) Size 

func (m *PluginCredentialsV1) Size() (n int)

func (*PluginCredentialsV1) String 

func (m *PluginCredentialsV1) String() string

func (*PluginCredentialsV1) Unmarshal 

func (m *PluginCredentialsV1) Unmarshal(dAtA []byte) error

func (*PluginCredentialsV1) XXX_DiscardUnknown 

func (m *PluginCredentialsV1) XXX_DiscardUnknown()

func (*PluginCredentialsV1) XXX_Marshal 

func (m *PluginCredentialsV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginCredentialsV1) XXX_Merge 

func (m *PluginCredentialsV1) XXX_Merge(src proto.Message)

func (*PluginCredentialsV1) XXX_OneofWrappers 

func (*PluginCredentialsV1) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*PluginCredentialsV1) XXX_Size 

func (m *PluginCredentialsV1) XXX_Size() int

func (*PluginCredentialsV1) XXX_Unmarshal 

func (m *PluginCredentialsV1) XXX_Unmarshal(b []byte) error

type PluginCredentialsV1_BearerToken 

type PluginCredentialsV1_BearerToken struct {
	BearerToken *PluginBearerTokenCredentials `protobuf:"bytes,2,opt,name=bearer_token,json=bearerToken,proto3,oneof" json:"bearer_token,omitempty"`
}

func (*PluginCredentialsV1_BearerToken) MarshalTo 

func (m *PluginCredentialsV1_BearerToken) MarshalTo(dAtA []byte) (int, error)

func (*PluginCredentialsV1_BearerToken) MarshalToSizedBuffer 

func (m *PluginCredentialsV1_BearerToken) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginCredentialsV1_BearerToken) Size 

func (m *PluginCredentialsV1_BearerToken) Size() (n int)

type PluginCredentialsV1_IdSecret 

type PluginCredentialsV1_IdSecret struct {
	IdSecret *PluginIdSecretCredential `protobuf:"bytes,3,opt,name=id_secret,json=idSecret,proto3,oneof" json:"id_secret,omitempty"`
}

func (*PluginCredentialsV1_IdSecret) MarshalTo 

func (m *PluginCredentialsV1_IdSecret) MarshalTo(dAtA []byte) (int, error)

func (*PluginCredentialsV1_IdSecret) MarshalToSizedBuffer 

func (m *PluginCredentialsV1_IdSecret) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginCredentialsV1_IdSecret) Size 

func (m *PluginCredentialsV1_IdSecret) Size() (n int)

type PluginCredentialsV1_Oauth2AccessToken 

type PluginCredentialsV1_Oauth2AccessToken struct {
	Oauth2AccessToken *PluginOAuth2AccessTokenCredentials `protobuf:"bytes,1,opt,name=oauth2_access_token,json=oauth2AccessToken,proto3,oneof" json:"oauth2_access_token,omitempty"`
}

func (*PluginCredentialsV1_Oauth2AccessToken) MarshalTo 

func (m *PluginCredentialsV1_Oauth2AccessToken) MarshalTo(dAtA []byte) (int, error)

func (*PluginCredentialsV1_Oauth2AccessToken) MarshalToSizedBuffer 

func (m *PluginCredentialsV1_Oauth2AccessToken) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginCredentialsV1_Oauth2AccessToken) Size 

func (m *PluginCredentialsV1_Oauth2AccessToken) Size() (n int)

type PluginCredentialsV1_StaticCredentialsRef 

type PluginCredentialsV1_StaticCredentialsRef struct {
	StaticCredentialsRef *PluginStaticCredentialsRef `` /* 129-byte string literal not displayed */
}

func (*PluginCredentialsV1_StaticCredentialsRef) MarshalTo 

func (m *PluginCredentialsV1_StaticCredentialsRef) MarshalTo(dAtA []byte) (int, error)

func (*PluginCredentialsV1_StaticCredentialsRef) MarshalToSizedBuffer 

func (m *PluginCredentialsV1_StaticCredentialsRef) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginCredentialsV1_StaticCredentialsRef) Size 

func (m *PluginCredentialsV1_StaticCredentialsRef) Size() (n int)

type PluginData 

type PluginData interface {
	Resource
	// Entries gets all entries.
	Entries() map[string]*PluginDataEntry
	// Update attempts to apply an update.
	Update(params PluginDataUpdateParams) error
}

PluginData is used by plugins to store per-resource state. An instance of PluginData corresponds to a resource which may be managed by one or more plugins. Data is stored as a mapping of the form `plugin -> key -> val`, effectively giving each plugin its own key-value store. Importantly, an instance of PluginData can only be created for a resource which currently exist, and automatically expires shortly after the corresponding resource. Currently, only the AccessRequest resource is supported.

func NewPluginData 

func NewPluginData(resourceName string, resourceKind string) (PluginData, error)

NewPluginData configures a new PluginData instance associated with the supplied resource name (currently, this must be the name of an access request).

type PluginDataEntry 

type PluginDataEntry struct {
	// Data is a mapping of arbitrary string values.
	Data                 map[string]string `` /* 149-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

PluginDataEntry wraps a mapping of arbitrary string values used by plugins to store per-resource information.

func (*PluginDataEntry) Descriptor 

func (*PluginDataEntry) Descriptor() ([]byte, []int)

func (*PluginDataEntry) Marshal 

func (m *PluginDataEntry) Marshal() (dAtA []byte, err error)

func (*PluginDataEntry) MarshalTo 

func (m *PluginDataEntry) MarshalTo(dAtA []byte) (int, error)

func (*PluginDataEntry) MarshalToSizedBuffer 

func (m *PluginDataEntry) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginDataEntry) ProtoMessage 

func (*PluginDataEntry) ProtoMessage()

func (*PluginDataEntry) Reset 

func (m *PluginDataEntry) Reset()

func (*PluginDataEntry) Size 

func (m *PluginDataEntry) Size() (n int)

func (*PluginDataEntry) String 

func (m *PluginDataEntry) String() string

func (*PluginDataEntry) Unmarshal 

func (m *PluginDataEntry) Unmarshal(dAtA []byte) error

func (*PluginDataEntry) XXX_DiscardUnknown 

func (m *PluginDataEntry) XXX_DiscardUnknown()

func (*PluginDataEntry) XXX_Marshal 

func (m *PluginDataEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginDataEntry) XXX_Merge 

func (m *PluginDataEntry) XXX_Merge(src proto.Message)

func (*PluginDataEntry) XXX_Size 

func (m *PluginDataEntry) XXX_Size() int

func (*PluginDataEntry) XXX_Unmarshal 

func (m *PluginDataEntry) XXX_Unmarshal(b []byte) error

type PluginDataFilter 

type PluginDataFilter struct {
	// Kind is the kind of resource that the target plugin data
	// is associated with.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind,omitempty"`
	// Resource matches a specific resource name if set.
	Resource string `protobuf:"bytes,2,opt,name=Resource,proto3" json:"resource,omitempty"`
	// Plugin matches a specific plugin name if set.
	Plugin               string   `protobuf:"bytes,3,opt,name=Plugin,proto3" json:"plugin,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginDataFilter encodes filter params for plugin data.

func (*PluginDataFilter) Descriptor 

func (*PluginDataFilter) Descriptor() ([]byte, []int)

func (*PluginDataFilter) Marshal 

func (m *PluginDataFilter) Marshal() (dAtA []byte, err error)

func (*PluginDataFilter) MarshalTo 

func (m *PluginDataFilter) MarshalTo(dAtA []byte) (int, error)

func (*PluginDataFilter) MarshalToSizedBuffer 

func (m *PluginDataFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginDataFilter) Match 

func (f *PluginDataFilter) Match(data PluginData) bool

Match returns true if the PluginData given matches the filter

func (*PluginDataFilter) ProtoMessage 

func (*PluginDataFilter) ProtoMessage()

func (*PluginDataFilter) Reset 

func (m *PluginDataFilter) Reset()

func (*PluginDataFilter) Size 

func (m *PluginDataFilter) Size() (n int)

func (*PluginDataFilter) String 

func (m *PluginDataFilter) String() string

func (*PluginDataFilter) Unmarshal 

func (m *PluginDataFilter) Unmarshal(dAtA []byte) error

func (*PluginDataFilter) XXX_DiscardUnknown 

func (m *PluginDataFilter) XXX_DiscardUnknown()

func (*PluginDataFilter) XXX_Marshal 

func (m *PluginDataFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginDataFilter) XXX_Merge 

func (m *PluginDataFilter) XXX_Merge(src proto.Message)

func (*PluginDataFilter) XXX_Size 

func (m *PluginDataFilter) XXX_Size() int

func (*PluginDataFilter) XXX_Unmarshal 

func (m *PluginDataFilter) XXX_Unmarshal(b []byte) error

type PluginDataSpecV3 

type PluginDataSpecV3 struct {
	// Entries is a collection of PluginData values organized by plugin name.
	Entries              map[string]*PluginDataEntry `` /* 145-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                    `json:"-"`
	XXX_unrecognized     []byte                      `json:"-"`
	XXX_sizecache        int32                       `json:"-"`
}

PluginData stores a collection of values associated with a specific resource.

func (*PluginDataSpecV3) Descriptor 

func (*PluginDataSpecV3) Descriptor() ([]byte, []int)

func (*PluginDataSpecV3) Marshal 

func (m *PluginDataSpecV3) Marshal() (dAtA []byte, err error)

func (*PluginDataSpecV3) MarshalTo 

func (m *PluginDataSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*PluginDataSpecV3) MarshalToSizedBuffer 

func (m *PluginDataSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginDataSpecV3) ProtoMessage 

func (*PluginDataSpecV3) ProtoMessage()

func (*PluginDataSpecV3) Reset 

func (m *PluginDataSpecV3) Reset()

func (*PluginDataSpecV3) Size 

func (m *PluginDataSpecV3) Size() (n int)

func (*PluginDataSpecV3) String 

func (m *PluginDataSpecV3) String() string

func (*PluginDataSpecV3) Unmarshal 

func (m *PluginDataSpecV3) Unmarshal(dAtA []byte) error

func (*PluginDataSpecV3) XXX_DiscardUnknown 

func (m *PluginDataSpecV3) XXX_DiscardUnknown()

func (*PluginDataSpecV3) XXX_Marshal 

func (m *PluginDataSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginDataSpecV3) XXX_Merge 

func (m *PluginDataSpecV3) XXX_Merge(src proto.Message)

func (*PluginDataSpecV3) XXX_Size 

func (m *PluginDataSpecV3) XXX_Size() int

func (*PluginDataSpecV3) XXX_Unmarshal 

func (m *PluginDataSpecV3) XXX_Unmarshal(b []byte) error

type PluginDataUpdateParams 

type PluginDataUpdateParams struct {
	// Kind is the kind of resource that the target plugin data
	// is associated with.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// Resource indicates the name of the target resource.
	Resource string `protobuf:"bytes,2,opt,name=Resource,proto3" json:"resource"`
	// Plugin is the name of the plugin that owns the data.
	Plugin string `protobuf:"bytes,3,opt,name=Plugin,proto3" json:"plugin"`
	// Set indicates the fields which should be set by this operation.
	Set map[string]string `` /* 147-byte string literal not displayed */
	// Expect optionally indicates the expected state of fields prior to this update.
	Expect               map[string]string `` /* 153-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

PluginDataUpdateParams encodes parameters for updating a PluginData field.

func (*PluginDataUpdateParams) Descriptor 

func (*PluginDataUpdateParams) Descriptor() ([]byte, []int)

func (*PluginDataUpdateParams) Marshal 

func (m *PluginDataUpdateParams) Marshal() (dAtA []byte, err error)

func (*PluginDataUpdateParams) MarshalTo 

func (m *PluginDataUpdateParams) MarshalTo(dAtA []byte) (int, error)

func (*PluginDataUpdateParams) MarshalToSizedBuffer 

func (m *PluginDataUpdateParams) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginDataUpdateParams) ProtoMessage 

func (*PluginDataUpdateParams) ProtoMessage()

func (*PluginDataUpdateParams) Reset 

func (m *PluginDataUpdateParams) Reset()

func (*PluginDataUpdateParams) Size 

func (m *PluginDataUpdateParams) Size() (n int)

func (*PluginDataUpdateParams) String 

func (m *PluginDataUpdateParams) String() string

func (*PluginDataUpdateParams) Unmarshal 

func (m *PluginDataUpdateParams) Unmarshal(dAtA []byte) error

func (*PluginDataUpdateParams) XXX_DiscardUnknown 

func (m *PluginDataUpdateParams) XXX_DiscardUnknown()

func (*PluginDataUpdateParams) XXX_Marshal 

func (m *PluginDataUpdateParams) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginDataUpdateParams) XXX_Merge 

func (m *PluginDataUpdateParams) XXX_Merge(src proto.Message)

func (*PluginDataUpdateParams) XXX_Size 

func (m *PluginDataUpdateParams) XXX_Size() int

func (*PluginDataUpdateParams) XXX_Unmarshal 

func (m *PluginDataUpdateParams) XXX_Unmarshal(b []byte) error

type PluginDataV3 

type PluginDataV3 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is PluginData metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a PluginData specification
	Spec                 PluginDataSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

PluginData stores a collection of values associated with a specific resource.

func (*PluginDataV3) CheckAndSetDefaults 

func (r *PluginDataV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for PluginData.

func (*PluginDataV3) Descriptor 

func (*PluginDataV3) Descriptor() ([]byte, []int)

func (*PluginDataV3) Entries 

func (r *PluginDataV3) Entries() map[string]*PluginDataEntry

Entries returns the PluginData entires

func (*PluginDataV3) Expiry 

func (r *PluginDataV3) Expiry() time.Time

Expiry returns object expiry setting

func (*PluginDataV3) GetKind 

func (r *PluginDataV3) GetKind() string

GetKind returns resource kind

func (*PluginDataV3) GetMetadata 

func (r *PluginDataV3) GetMetadata() Metadata

GetMetadata gets the resource metadata

func (*PluginDataV3) GetName 

func (r *PluginDataV3) GetName() string

GetName gets resource name

func (*PluginDataV3) GetRevision 

func (r *PluginDataV3) GetRevision() string

GetRevision returns the revision

func (*PluginDataV3) GetSubKind 

func (r *PluginDataV3) GetSubKind() string

GetSubKind returns resource subkind

func (*PluginDataV3) GetVersion 

func (r *PluginDataV3) GetVersion() string

GetVersion gets resource version

func (*PluginDataV3) Marshal 

func (m *PluginDataV3) Marshal() (dAtA []byte, err error)

func (*PluginDataV3) MarshalTo 

func (m *PluginDataV3) MarshalTo(dAtA []byte) (int, error)

func (*PluginDataV3) MarshalToSizedBuffer 

func (m *PluginDataV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginDataV3) ProtoMessage 

func (*PluginDataV3) ProtoMessage()

func (*PluginDataV3) Reset 

func (m *PluginDataV3) Reset()

func (*PluginDataV3) SetExpiry 

func (r *PluginDataV3) SetExpiry(expiry time.Time)

SetExpiry sets expiry time for the object

func (*PluginDataV3) SetName 

func (r *PluginDataV3) SetName(name string)

SetName sets resource name

func (*PluginDataV3) SetRevision 

func (r *PluginDataV3) SetRevision(rev string)

SetRevision sets the revision

func (*PluginDataV3) SetSubKind 

func (r *PluginDataV3) SetSubKind(subKind string)

SetSubKind sets resource subkind

func (*PluginDataV3) Size 

func (m *PluginDataV3) Size() (n int)

func (*PluginDataV3) String 

func (r *PluginDataV3) String() string

func (*PluginDataV3) Unmarshal 

func (m *PluginDataV3) Unmarshal(dAtA []byte) error

func (*PluginDataV3) Update 

func (r *PluginDataV3) Update(params PluginDataUpdateParams) error

Update updates the PluginData

func (*PluginDataV3) XXX_DiscardUnknown 

func (m *PluginDataV3) XXX_DiscardUnknown()

func (*PluginDataV3) XXX_Marshal 

func (m *PluginDataV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginDataV3) XXX_Merge 

func (m *PluginDataV3) XXX_Merge(src proto.Message)

func (*PluginDataV3) XXX_Size 

func (m *PluginDataV3) XXX_Size() int

func (*PluginDataV3) XXX_Unmarshal 

func (m *PluginDataV3) XXX_Unmarshal(b []byte) error

type PluginDatadogAccessSettings 

type PluginDatadogAccessSettings struct {
	// ApiEndpoint is the Datadog API endpoint.
	ApiEndpoint string `protobuf:"bytes,1,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
	// FallbackRecipient specifies the default recipient.
	FallbackRecipient    string   `protobuf:"bytes,2,opt,name=fallback_recipient,json=fallbackRecipient,proto3" json:"fallback_recipient,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginDatadogAccessSettings defines the settings for a Datadog Incident Management plugin

func (*PluginDatadogAccessSettings) CheckAndSetDefaults 

func (c *PluginDatadogAccessSettings) CheckAndSetDefaults() error

func (*PluginDatadogAccessSettings) Descriptor 

func (*PluginDatadogAccessSettings) Descriptor() ([]byte, []int)

func (*PluginDatadogAccessSettings) Equal 

func (this *PluginDatadogAccessSettings) Equal(that interface{}) bool

func (*PluginDatadogAccessSettings) Marshal 

func (m *PluginDatadogAccessSettings) Marshal() (dAtA []byte, err error)

func (*PluginDatadogAccessSettings) MarshalTo 

func (m *PluginDatadogAccessSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginDatadogAccessSettings) MarshalToSizedBuffer 

func (m *PluginDatadogAccessSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginDatadogAccessSettings) ProtoMessage 

func (*PluginDatadogAccessSettings) ProtoMessage()

func (*PluginDatadogAccessSettings) Reset 

func (m *PluginDatadogAccessSettings) Reset()

func (*PluginDatadogAccessSettings) Size 

func (m *PluginDatadogAccessSettings) Size() (n int)

func (*PluginDatadogAccessSettings) String 

func (m *PluginDatadogAccessSettings) String() string

func (*PluginDatadogAccessSettings) Unmarshal 

func (m *PluginDatadogAccessSettings) Unmarshal(dAtA []byte) error

func (*PluginDatadogAccessSettings) XXX_DiscardUnknown 

func (m *PluginDatadogAccessSettings) XXX_DiscardUnknown()

func (*PluginDatadogAccessSettings) XXX_Marshal 

func (m *PluginDatadogAccessSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginDatadogAccessSettings) XXX_Merge 

func (m *PluginDatadogAccessSettings) XXX_Merge(src proto.Message)

func (*PluginDatadogAccessSettings) XXX_Size 

func (m *PluginDatadogAccessSettings) XXX_Size() int

func (*PluginDatadogAccessSettings) XXX_Unmarshal 

func (m *PluginDatadogAccessSettings) XXX_Unmarshal(b []byte) error

type PluginDiscordSettings 

type PluginDiscordSettings struct {
	// RoleToRecipients maps Teleport roles (by name) to the set of Discord
	// channel IDs that will receive notifications and requests regarding that
	// that Role.
	RoleToRecipients     map[string]*DiscordChannels `` /* 199-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                    `json:"-"`
	XXX_unrecognized     []byte                      `json:"-"`
	XXX_sizecache        int32                       `json:"-"`
}

Defines settings for the discord plugin

func (*PluginDiscordSettings) CheckAndSetDefaults 

func (c *PluginDiscordSettings) CheckAndSetDefaults() error

func (*PluginDiscordSettings) Descriptor 

func (*PluginDiscordSettings) Descriptor() ([]byte, []int)

func (*PluginDiscordSettings) Equal 

func (this *PluginDiscordSettings) Equal(that interface{}) bool

func (*PluginDiscordSettings) Marshal 

func (m *PluginDiscordSettings) Marshal() (dAtA []byte, err error)

func (*PluginDiscordSettings) MarshalTo 

func (m *PluginDiscordSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginDiscordSettings) MarshalToSizedBuffer 

func (m *PluginDiscordSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginDiscordSettings) ProtoMessage 

func (*PluginDiscordSettings) ProtoMessage()

func (*PluginDiscordSettings) Reset 

func (m *PluginDiscordSettings) Reset()

func (*PluginDiscordSettings) Size 

func (m *PluginDiscordSettings) Size() (n int)

func (*PluginDiscordSettings) String 

func (m *PluginDiscordSettings) String() string

func (*PluginDiscordSettings) Unmarshal 

func (m *PluginDiscordSettings) Unmarshal(dAtA []byte) error

func (*PluginDiscordSettings) XXX_DiscardUnknown 

func (m *PluginDiscordSettings) XXX_DiscardUnknown()

func (*PluginDiscordSettings) XXX_Marshal 

func (m *PluginDiscordSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginDiscordSettings) XXX_Merge 

func (m *PluginDiscordSettings) XXX_Merge(src proto.Message)

func (*PluginDiscordSettings) XXX_Size 

func (m *PluginDiscordSettings) XXX_Size() int

func (*PluginDiscordSettings) XXX_Unmarshal 

func (m *PluginDiscordSettings) XXX_Unmarshal(b []byte) error

type PluginEmailSettings 

type PluginEmailSettings struct {
	// Sender specifies the email sender.
	Sender string `protobuf:"bytes,1,opt,name=sender,proto3" json:"sender,omitempty"`
	// FallbackRecipient specifies the default recipient.
	FallbackRecipient string `protobuf:"bytes,2,opt,name=fallback_recipient,json=fallbackRecipient,proto3" json:"fallback_recipient,omitempty"`
	// Spec configures the mail service settings.
	//
	// Types that are valid to be assigned to Spec:
	//
	//	*PluginEmailSettings_MailgunSpec
	//	*PluginEmailSettings_SmtpSpec
	Spec                 isPluginEmailSettings_Spec `protobuf_oneof:"spec"`
	XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
	XXX_unrecognized     []byte                     `json:"-"`
	XXX_sizecache        int32                      `json:"-"`
}

PluginEmailSettings holds the settings for an Email Access Request plugin.

func (*PluginEmailSettings) CheckAndSetDefaults 

func (c *PluginEmailSettings) CheckAndSetDefaults() error

func (*PluginEmailSettings) Descriptor 

func (*PluginEmailSettings) Descriptor() ([]byte, []int)

func (*PluginEmailSettings) Equal 

func (this *PluginEmailSettings) Equal(that interface{}) bool

func (*PluginEmailSettings) GetMailgunSpec 

func (m *PluginEmailSettings) GetMailgunSpec() *MailgunSpec

func (*PluginEmailSettings) GetSmtpSpec 

func (m *PluginEmailSettings) GetSmtpSpec() *SMTPSpec

func (*PluginEmailSettings) GetSpec 

func (m *PluginEmailSettings) GetSpec() isPluginEmailSettings_Spec

func (*PluginEmailSettings) Marshal 

func (m *PluginEmailSettings) Marshal() (dAtA []byte, err error)

func (*PluginEmailSettings) MarshalTo 

func (m *PluginEmailSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginEmailSettings) MarshalToSizedBuffer 

func (m *PluginEmailSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginEmailSettings) ProtoMessage 

func (*PluginEmailSettings) ProtoMessage()

func (*PluginEmailSettings) Reset 

func (m *PluginEmailSettings) Reset()

func (*PluginEmailSettings) Size 

func (m *PluginEmailSettings) Size() (n int)

func (*PluginEmailSettings) String 

func (m *PluginEmailSettings) String() string

func (*PluginEmailSettings) Unmarshal 

func (m *PluginEmailSettings) Unmarshal(dAtA []byte) error

func (*PluginEmailSettings) XXX_DiscardUnknown 

func (m *PluginEmailSettings) XXX_DiscardUnknown()

func (*PluginEmailSettings) XXX_Marshal 

func (m *PluginEmailSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginEmailSettings) XXX_Merge 

func (m *PluginEmailSettings) XXX_Merge(src proto.Message)

func (*PluginEmailSettings) XXX_OneofWrappers 

func (*PluginEmailSettings) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*PluginEmailSettings) XXX_Size 

func (m *PluginEmailSettings) XXX_Size() int

func (*PluginEmailSettings) XXX_Unmarshal 

func (m *PluginEmailSettings) XXX_Unmarshal(b []byte) error

type PluginEmailSettings_MailgunSpec 

type PluginEmailSettings_MailgunSpec struct {
	MailgunSpec *MailgunSpec `protobuf:"bytes,3,opt,name=mailgun_spec,json=mailgunSpec,proto3,oneof" json:"mailgun_spec,omitempty"`
}

func (*PluginEmailSettings_MailgunSpec) Equal 

func (this *PluginEmailSettings_MailgunSpec) Equal(that interface{}) bool

func (*PluginEmailSettings_MailgunSpec) MarshalTo 

func (m *PluginEmailSettings_MailgunSpec) MarshalTo(dAtA []byte) (int, error)

func (*PluginEmailSettings_MailgunSpec) MarshalToSizedBuffer 

func (m *PluginEmailSettings_MailgunSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginEmailSettings_MailgunSpec) Size 

func (m *PluginEmailSettings_MailgunSpec) Size() (n int)

type PluginEmailSettings_SmtpSpec 

type PluginEmailSettings_SmtpSpec struct {
	SmtpSpec *SMTPSpec `protobuf:"bytes,4,opt,name=smtp_spec,json=smtpSpec,proto3,oneof" json:"smtp_spec,omitempty"`
}

func (*PluginEmailSettings_SmtpSpec) Equal 

func (this *PluginEmailSettings_SmtpSpec) Equal(that interface{}) bool

func (*PluginEmailSettings_SmtpSpec) MarshalTo 

func (m *PluginEmailSettings_SmtpSpec) MarshalTo(dAtA []byte) (int, error)

func (*PluginEmailSettings_SmtpSpec) MarshalToSizedBuffer 

func (m *PluginEmailSettings_SmtpSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginEmailSettings_SmtpSpec) Size 

func (m *PluginEmailSettings_SmtpSpec) Size() (n int)

type PluginEntraIDAccessGraphSettings 

type PluginEntraIDAccessGraphSettings struct {
	// AppSsoSettingsCache is an array of single sign-on settings for Entra enterprise applications.
	//
	// This data is stored here because it is not available through traditional methods (MS Graph API).
	// Instead, it is fetched once during the plugin's set up using the user's credentials to connect to Azure's private API.
	AppSsoSettingsCache  []*PluginEntraIDAppSSOSettings `protobuf:"bytes,1,rep,name=app_sso_settings_cache,json=appSsoSettingsCache,proto3" json:"app_sso_settings_cache,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                       `json:"-"`
	XXX_unrecognized     []byte                         `json:"-"`
	XXX_sizecache        int32                          `json:"-"`
}

AccessGraphSettings controls settings for syncing access graph specific data.

func (*PluginEntraIDAccessGraphSettings) Descriptor 

func (*PluginEntraIDAccessGraphSettings) Descriptor() ([]byte, []int)

func (*PluginEntraIDAccessGraphSettings) Equal 

func (this *PluginEntraIDAccessGraphSettings) Equal(that interface{}) bool

func (*PluginEntraIDAccessGraphSettings) Marshal 

func (m *PluginEntraIDAccessGraphSettings) Marshal() (dAtA []byte, err error)

func (*PluginEntraIDAccessGraphSettings) MarshalTo 

func (m *PluginEntraIDAccessGraphSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginEntraIDAccessGraphSettings) MarshalToSizedBuffer 

func (m *PluginEntraIDAccessGraphSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginEntraIDAccessGraphSettings) ProtoMessage 

func (*PluginEntraIDAccessGraphSettings) ProtoMessage()

func (*PluginEntraIDAccessGraphSettings) Reset 

func (m *PluginEntraIDAccessGraphSettings) Reset()

func (*PluginEntraIDAccessGraphSettings) Size 

func (m *PluginEntraIDAccessGraphSettings) Size() (n int)

func (*PluginEntraIDAccessGraphSettings) String 

func (m *PluginEntraIDAccessGraphSettings) String() string

func (*PluginEntraIDAccessGraphSettings) Unmarshal 

func (m *PluginEntraIDAccessGraphSettings) Unmarshal(dAtA []byte) error

func (*PluginEntraIDAccessGraphSettings) XXX_DiscardUnknown 

func (m *PluginEntraIDAccessGraphSettings) XXX_DiscardUnknown()

func (*PluginEntraIDAccessGraphSettings) XXX_Marshal 

func (m *PluginEntraIDAccessGraphSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginEntraIDAccessGraphSettings) XXX_Merge 

func (m *PluginEntraIDAccessGraphSettings) XXX_Merge(src proto.Message)

func (*PluginEntraIDAccessGraphSettings) XXX_Size 

func (m *PluginEntraIDAccessGraphSettings) XXX_Size() int

func (*PluginEntraIDAccessGraphSettings) XXX_Unmarshal 

func (m *PluginEntraIDAccessGraphSettings) XXX_Unmarshal(b []byte) error

type PluginEntraIDAppSSOSettings 

type PluginEntraIDAppSSOSettings struct {
	// AppID is the `AppID` property of Entra application.
	AppId string `protobuf:"bytes,1,opt,name=app_id,json=appId,proto3" json:"app_id,omitempty"`
	// FederatedSSOV2 contains the cached, gzip-compressed payload from the /ApplicationSso/{servicePrincipalId}/FederatedSSOV2 endpoint.
	FederatedSsoV2       []byte   `protobuf:"bytes,2,opt,name=federated_sso_v2,json=federatedSsoV2,proto3" json:"federated_sso_v2,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginEntraIDAppSSOSettings is a container for a single Entra ID enterprise application's cached SSO settings. As this data is only parsed by TAG, each value is stored as an opaque JSON blob.

func (*PluginEntraIDAppSSOSettings) Descriptor 

func (*PluginEntraIDAppSSOSettings) Descriptor() ([]byte, []int)

func (*PluginEntraIDAppSSOSettings) Equal 

func (this *PluginEntraIDAppSSOSettings) Equal(that interface{}) bool

func (*PluginEntraIDAppSSOSettings) Marshal 

func (m *PluginEntraIDAppSSOSettings) Marshal() (dAtA []byte, err error)

func (*PluginEntraIDAppSSOSettings) MarshalTo 

func (m *PluginEntraIDAppSSOSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginEntraIDAppSSOSettings) MarshalToSizedBuffer 

func (m *PluginEntraIDAppSSOSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginEntraIDAppSSOSettings) ProtoMessage 

func (*PluginEntraIDAppSSOSettings) ProtoMessage()

func (*PluginEntraIDAppSSOSettings) Reset 

func (m *PluginEntraIDAppSSOSettings) Reset()

func (*PluginEntraIDAppSSOSettings) Size 

func (m *PluginEntraIDAppSSOSettings) Size() (n int)

func (*PluginEntraIDAppSSOSettings) String 

func (m *PluginEntraIDAppSSOSettings) String() string

func (*PluginEntraIDAppSSOSettings) Unmarshal 

func (m *PluginEntraIDAppSSOSettings) Unmarshal(dAtA []byte) error

func (*PluginEntraIDAppSSOSettings) XXX_DiscardUnknown 

func (m *PluginEntraIDAppSSOSettings) XXX_DiscardUnknown()

func (*PluginEntraIDAppSSOSettings) XXX_Marshal 

func (m *PluginEntraIDAppSSOSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginEntraIDAppSSOSettings) XXX_Merge 

func (m *PluginEntraIDAppSSOSettings) XXX_Merge(src proto.Message)

func (*PluginEntraIDAppSSOSettings) XXX_Size 

func (m *PluginEntraIDAppSSOSettings) XXX_Size() int

func (*PluginEntraIDAppSSOSettings) XXX_Unmarshal 

func (m *PluginEntraIDAppSSOSettings) XXX_Unmarshal(b []byte) error

type PluginEntraIDSettings 

type PluginEntraIDSettings struct {
	// SyncSettings controls the user and access list sync settings for EntraID.
	SyncSettings *PluginEntraIDSyncSettings `protobuf:"bytes,1,opt,name=sync_settings,json=syncSettings,proto3" json:"sync_settings,omitempty"`
	// AccessGraphSettings controls settings for syncing access graph specific data.
	// When this is null, Entra ID integration with Access Graph is disabled.
	AccessGraphSettings  *PluginEntraIDAccessGraphSettings `protobuf:"bytes,2,opt,name=access_graph_settings,json=accessGraphSettings,proto3" json:"access_graph_settings,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

PluginEntraIDSettings defines settings for the Entra ID sync plugin

func (*PluginEntraIDSettings) Descriptor 

func (*PluginEntraIDSettings) Descriptor() ([]byte, []int)

func (*PluginEntraIDSettings) Equal 

func (this *PluginEntraIDSettings) Equal(that interface{}) bool

func (*PluginEntraIDSettings) Marshal 

func (m *PluginEntraIDSettings) Marshal() (dAtA []byte, err error)

func (*PluginEntraIDSettings) MarshalTo 

func (m *PluginEntraIDSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginEntraIDSettings) MarshalToSizedBuffer 

func (m *PluginEntraIDSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginEntraIDSettings) ProtoMessage 

func (*PluginEntraIDSettings) ProtoMessage()

func (*PluginEntraIDSettings) Reset 

func (m *PluginEntraIDSettings) Reset()

func (*PluginEntraIDSettings) Size 

func (m *PluginEntraIDSettings) Size() (n int)

func (*PluginEntraIDSettings) String 

func (m *PluginEntraIDSettings) String() string

func (*PluginEntraIDSettings) Unmarshal 

func (m *PluginEntraIDSettings) Unmarshal(dAtA []byte) error

func (*PluginEntraIDSettings) Validate 

func (c *PluginEntraIDSettings) Validate() error

func (*PluginEntraIDSettings) XXX_DiscardUnknown 

func (m *PluginEntraIDSettings) XXX_DiscardUnknown()

func (*PluginEntraIDSettings) XXX_Marshal 

func (m *PluginEntraIDSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginEntraIDSettings) XXX_Merge 

func (m *PluginEntraIDSettings) XXX_Merge(src proto.Message)

func (*PluginEntraIDSettings) XXX_Size 

func (m *PluginEntraIDSettings) XXX_Size() int

func (*PluginEntraIDSettings) XXX_Unmarshal 

func (m *PluginEntraIDSettings) XXX_Unmarshal(b []byte) error

type PluginEntraIDStatusV1 

type PluginEntraIDStatusV1 struct {
	// imported_users is the number of users imported from Entra ID.
	ImportedUsers uint32 `protobuf:"varint,1,opt,name=imported_users,json=importedUsers,proto3" json:"imported_users,omitempty"`
	// imported_groups is the number of groups imported from Entra ID.
	ImportedGroups       uint32   `protobuf:"varint,2,opt,name=imported_groups,json=importedGroups,proto3" json:"imported_groups,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginEntraIDStatusV1 is the status details for the Entra ID plugin.

func (*PluginEntraIDStatusV1) Descriptor 

func (*PluginEntraIDStatusV1) Descriptor() ([]byte, []int)

func (*PluginEntraIDStatusV1) Marshal 

func (m *PluginEntraIDStatusV1) Marshal() (dAtA []byte, err error)

func (*PluginEntraIDStatusV1) MarshalTo 

func (m *PluginEntraIDStatusV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginEntraIDStatusV1) MarshalToSizedBuffer 

func (m *PluginEntraIDStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginEntraIDStatusV1) ProtoMessage 

func (*PluginEntraIDStatusV1) ProtoMessage()

func (*PluginEntraIDStatusV1) Reset 

func (m *PluginEntraIDStatusV1) Reset()

func (*PluginEntraIDStatusV1) Size 

func (m *PluginEntraIDStatusV1) Size() (n int)

func (*PluginEntraIDStatusV1) String 

func (m *PluginEntraIDStatusV1) String() string

func (*PluginEntraIDStatusV1) Unmarshal 

func (m *PluginEntraIDStatusV1) Unmarshal(dAtA []byte) error

func (*PluginEntraIDStatusV1) XXX_DiscardUnknown 

func (m *PluginEntraIDStatusV1) XXX_DiscardUnknown()

func (*PluginEntraIDStatusV1) XXX_Marshal 

func (m *PluginEntraIDStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginEntraIDStatusV1) XXX_Merge 

func (m *PluginEntraIDStatusV1) XXX_Merge(src proto.Message)

func (*PluginEntraIDStatusV1) XXX_Size 

func (m *PluginEntraIDStatusV1) XXX_Size() int

func (*PluginEntraIDStatusV1) XXX_Unmarshal 

func (m *PluginEntraIDStatusV1) XXX_Unmarshal(b []byte) error

type PluginEntraIDSyncSettings 

type PluginEntraIDSyncSettings struct {
	// DefaultOwners are the default owners for all imported access lists.
	DefaultOwners []string `protobuf:"bytes,1,rep,name=default_owners,json=defaultOwners,proto3" json:"default_owners,omitempty"`
	// SSOConnectorID is the name of the Teleport SSO connector created and used by the Entra ID plugin.
	SsoConnectorId string `protobuf:"bytes,2,opt,name=sso_connector_id,json=ssoConnectorId,proto3" json:"sso_connector_id,omitempty"`
	// credentials_source specifies the source of the credentials used for authentication with Azure.
	CredentialsSource EntraIDCredentialsSource `` /* 149-byte string literal not displayed */
	// tenant_id refers to the Azure Directory that this plugin synchronizes with.
	// This field is populated on a best-effort basis for legacy plugins but mandatory for plugins created after its introduction.
	// For existing plugins, it is filled in using the Entra integration when utilized.
	TenantId string `protobuf:"bytes,4,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"`
	// entra_app_id refers to the Entra Application ID that supports the SSO for "sso_connector_id".
	// This field is populated on a best-effort basis for legacy plugins but mandatory for plugins created after its introduction.
	// For existing plugins, it is filled in using the entity descriptor url when utilized.
	EntraAppId           string   `protobuf:"bytes,5,opt,name=entra_app_id,json=entraAppId,proto3" json:"entra_app_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Defines settings for syncing users and access lists from Entra ID.

func (*PluginEntraIDSyncSettings) Descriptor 

func (*PluginEntraIDSyncSettings) Descriptor() ([]byte, []int)

func (*PluginEntraIDSyncSettings) Equal 

func (this *PluginEntraIDSyncSettings) Equal(that interface{}) bool

func (*PluginEntraIDSyncSettings) Marshal 

func (m *PluginEntraIDSyncSettings) Marshal() (dAtA []byte, err error)

func (*PluginEntraIDSyncSettings) MarshalTo 

func (m *PluginEntraIDSyncSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginEntraIDSyncSettings) MarshalToSizedBuffer 

func (m *PluginEntraIDSyncSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginEntraIDSyncSettings) ProtoMessage 

func (*PluginEntraIDSyncSettings) ProtoMessage()

func (*PluginEntraIDSyncSettings) Reset 

func (m *PluginEntraIDSyncSettings) Reset()

func (*PluginEntraIDSyncSettings) Size 

func (m *PluginEntraIDSyncSettings) Size() (n int)

func (*PluginEntraIDSyncSettings) String 

func (m *PluginEntraIDSyncSettings) String() string

func (*PluginEntraIDSyncSettings) Unmarshal 

func (m *PluginEntraIDSyncSettings) Unmarshal(dAtA []byte) error

func (*PluginEntraIDSyncSettings) XXX_DiscardUnknown 

func (m *PluginEntraIDSyncSettings) XXX_DiscardUnknown()

func (*PluginEntraIDSyncSettings) XXX_Marshal 

func (m *PluginEntraIDSyncSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginEntraIDSyncSettings) XXX_Merge 

func (m *PluginEntraIDSyncSettings) XXX_Merge(src proto.Message)

func (*PluginEntraIDSyncSettings) XXX_Size 

func (m *PluginEntraIDSyncSettings) XXX_Size() int

func (*PluginEntraIDSyncSettings) XXX_Unmarshal 

func (m *PluginEntraIDSyncSettings) XXX_Unmarshal(b []byte) error

type PluginGithubSettings 

type PluginGithubSettings struct {
	// Base URL for the GitHub API endpoint.
	// For GitHub Enterprise, set to your instance URL (ex.: "https://github.mycompany.com/api/v3/").
	// If empty, defaults to the public GitHub API ("https://api.github.com/").
	ApiEndpoint string `protobuf:"bytes,1,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
	// The Client ID of the OAuth application registered with GitHub, used for API authentication.
	// ex.: "Iv1.123abc456def7890".
	ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// The name of the GitHub organization that this plugin configuration targets.
	// ex.: "octo-org".
	OrganizationName string `protobuf:"bytes,3,opt,name=organization_name,json=organizationName,proto3" json:"organization_name,omitempty"`
	// The date from which the plugin should start fetching data (ex.: audit logs, events)
	// from GitHub for the specified organization. This field is effectively required.
	StartDate            time.Time `protobuf:"bytes,4,opt,name=start_date,json=startDate,proto3,stdtime" json:"start_date"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

PluginGithubSettings defines the configuration parameters required for a plugin to connect to and interact with a specific GitHub organization's API.

func (*PluginGithubSettings) Descriptor 

func (*PluginGithubSettings) Descriptor() ([]byte, []int)

func (*PluginGithubSettings) Equal 

func (this *PluginGithubSettings) Equal(that interface{}) bool

func (*PluginGithubSettings) Marshal 

func (m *PluginGithubSettings) Marshal() (dAtA []byte, err error)

func (*PluginGithubSettings) MarshalTo 

func (m *PluginGithubSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginGithubSettings) MarshalToSizedBuffer 

func (m *PluginGithubSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginGithubSettings) ProtoMessage 

func (*PluginGithubSettings) ProtoMessage()

func (*PluginGithubSettings) Reset 

func (m *PluginGithubSettings) Reset()

func (*PluginGithubSettings) Size 

func (m *PluginGithubSettings) Size() (n int)

func (*PluginGithubSettings) String 

func (m *PluginGithubSettings) String() string

func (*PluginGithubSettings) Unmarshal 

func (m *PluginGithubSettings) Unmarshal(dAtA []byte) error

func (*PluginGithubSettings) Validate 

func (c *PluginGithubSettings) Validate() error

CheckAndSetDefaults checks that the required fields for the Github plugin are set.

func (*PluginGithubSettings) XXX_DiscardUnknown 

func (m *PluginGithubSettings) XXX_DiscardUnknown()

func (*PluginGithubSettings) XXX_Marshal 

func (m *PluginGithubSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginGithubSettings) XXX_Merge 

func (m *PluginGithubSettings) XXX_Merge(src proto.Message)

func (*PluginGithubSettings) XXX_Size 

func (m *PluginGithubSettings) XXX_Size() int

func (*PluginGithubSettings) XXX_Unmarshal 

func (m *PluginGithubSettings) XXX_Unmarshal(b []byte) error

type PluginGitlabSettings 

type PluginGitlabSettings struct {
	// APIEndpoint is the address of Gitlab API.
	ApiEndpoint          string   `protobuf:"bytes,1,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PluginGitlabSettings) Descriptor 

func (*PluginGitlabSettings) Descriptor() ([]byte, []int)

func (*PluginGitlabSettings) Equal 

func (this *PluginGitlabSettings) Equal(that interface{}) bool

func (*PluginGitlabSettings) Marshal 

func (m *PluginGitlabSettings) Marshal() (dAtA []byte, err error)

func (*PluginGitlabSettings) MarshalTo 

func (m *PluginGitlabSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginGitlabSettings) MarshalToSizedBuffer 

func (m *PluginGitlabSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginGitlabSettings) ProtoMessage 

func (*PluginGitlabSettings) ProtoMessage()

func (*PluginGitlabSettings) Reset 

func (m *PluginGitlabSettings) Reset()

func (*PluginGitlabSettings) Size 

func (m *PluginGitlabSettings) Size() (n int)

func (*PluginGitlabSettings) String 

func (m *PluginGitlabSettings) String() string

func (*PluginGitlabSettings) Unmarshal 

func (m *PluginGitlabSettings) Unmarshal(dAtA []byte) error

func (*PluginGitlabSettings) Validate 

func (c *PluginGitlabSettings) Validate() error

CheckAndSetDefaults checks that the required fields for the Gitlab plugin are set.

func (*PluginGitlabSettings) XXX_DiscardUnknown 

func (m *PluginGitlabSettings) XXX_DiscardUnknown()

func (*PluginGitlabSettings) XXX_Marshal 

func (m *PluginGitlabSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginGitlabSettings) XXX_Merge 

func (m *PluginGitlabSettings) XXX_Merge(src proto.Message)

func (*PluginGitlabSettings) XXX_Size 

func (m *PluginGitlabSettings) XXX_Size() int

func (*PluginGitlabSettings) XXX_Unmarshal 

func (m *PluginGitlabSettings) XXX_Unmarshal(b []byte) error

type PluginGitlabStatusV1 

type PluginGitlabStatusV1 struct {
	// imported_users is the number of users imported from Gitlab.
	ImportedUsers uint32 `protobuf:"varint,1,opt,name=imported_users,json=importedUsers,proto3" json:"imported_users,omitempty"`
	// imported_groups is the number of groups imported from Gitlab.
	ImportedGroups uint32 `protobuf:"varint,2,opt,name=imported_groups,json=importedGroups,proto3" json:"imported_groups,omitempty"`
	// imported_projects is the number of projects imported from Gitlab.
	ImportedProjects     uint32   `protobuf:"varint,3,opt,name=imported_projects,json=importedProjects,proto3" json:"imported_projects,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginGitlabStatusV1 is the status details for the Gitlab plugin.

func (*PluginGitlabStatusV1) Descriptor 

func (*PluginGitlabStatusV1) Descriptor() ([]byte, []int)

func (*PluginGitlabStatusV1) Marshal 

func (m *PluginGitlabStatusV1) Marshal() (dAtA []byte, err error)

func (*PluginGitlabStatusV1) MarshalTo 

func (m *PluginGitlabStatusV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginGitlabStatusV1) MarshalToSizedBuffer 

func (m *PluginGitlabStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginGitlabStatusV1) ProtoMessage 

func (*PluginGitlabStatusV1) ProtoMessage()

func (*PluginGitlabStatusV1) Reset 

func (m *PluginGitlabStatusV1) Reset()

func (*PluginGitlabStatusV1) Size 

func (m *PluginGitlabStatusV1) Size() (n int)

func (*PluginGitlabStatusV1) String 

func (m *PluginGitlabStatusV1) String() string

func (*PluginGitlabStatusV1) Unmarshal 

func (m *PluginGitlabStatusV1) Unmarshal(dAtA []byte) error

func (*PluginGitlabStatusV1) XXX_DiscardUnknown 

func (m *PluginGitlabStatusV1) XXX_DiscardUnknown()

func (*PluginGitlabStatusV1) XXX_Marshal 

func (m *PluginGitlabStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginGitlabStatusV1) XXX_Merge 

func (m *PluginGitlabStatusV1) XXX_Merge(src proto.Message)

func (*PluginGitlabStatusV1) XXX_Size 

func (m *PluginGitlabStatusV1) XXX_Size() int

func (*PluginGitlabStatusV1) XXX_Unmarshal 

func (m *PluginGitlabStatusV1) XXX_Unmarshal(b []byte) error

type PluginIdSecretCredential 

type PluginIdSecretCredential struct {
	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Secret               string   `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginIdSecretCredential can be OAuth2-like client_id and client_secret or username and password.

func (*PluginIdSecretCredential) Descriptor 

func (*PluginIdSecretCredential) Descriptor() ([]byte, []int)

func (*PluginIdSecretCredential) Marshal 

func (m *PluginIdSecretCredential) Marshal() (dAtA []byte, err error)

func (*PluginIdSecretCredential) MarshalTo 

func (m *PluginIdSecretCredential) MarshalTo(dAtA []byte) (int, error)

func (*PluginIdSecretCredential) MarshalToSizedBuffer 

func (m *PluginIdSecretCredential) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginIdSecretCredential) ProtoMessage 

func (*PluginIdSecretCredential) ProtoMessage()

func (*PluginIdSecretCredential) Reset 

func (m *PluginIdSecretCredential) Reset()

func (*PluginIdSecretCredential) Size 

func (m *PluginIdSecretCredential) Size() (n int)

func (*PluginIdSecretCredential) String 

func (m *PluginIdSecretCredential) String() string

func (*PluginIdSecretCredential) Unmarshal 

func (m *PluginIdSecretCredential) Unmarshal(dAtA []byte) error

func (*PluginIdSecretCredential) XXX_DiscardUnknown 

func (m *PluginIdSecretCredential) XXX_DiscardUnknown()

func (*PluginIdSecretCredential) XXX_Marshal 

func (m *PluginIdSecretCredential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginIdSecretCredential) XXX_Merge 

func (m *PluginIdSecretCredential) XXX_Merge(src proto.Message)

func (*PluginIdSecretCredential) XXX_Size 

func (m *PluginIdSecretCredential) XXX_Size() int

func (*PluginIdSecretCredential) XXX_Unmarshal 

func (m *PluginIdSecretCredential) XXX_Unmarshal(b []byte) error

type PluginJamfSettings 

type PluginJamfSettings struct {
	// Jamf service spec
	JamfSpec             *JamfSpecV1 `protobuf:"bytes,1,opt,name=jamf_spec,json=jamfSpec,proto3" json:"jamf_spec,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

Defines settings for Jamf plugin.

func (*PluginJamfSettings) CheckAndSetDefaults 

func (s *PluginJamfSettings) CheckAndSetDefaults() error

CheckAndSetDefaults validates and set the default values.

func (*PluginJamfSettings) Descriptor 

func (*PluginJamfSettings) Descriptor() ([]byte, []int)

func (*PluginJamfSettings) Equal 

func (this *PluginJamfSettings) Equal(that interface{}) bool

func (*PluginJamfSettings) Marshal 

func (m *PluginJamfSettings) Marshal() (dAtA []byte, err error)

func (*PluginJamfSettings) MarshalTo 

func (m *PluginJamfSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginJamfSettings) MarshalToSizedBuffer 

func (m *PluginJamfSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginJamfSettings) ProtoMessage 

func (*PluginJamfSettings) ProtoMessage()

func (*PluginJamfSettings) Reset 

func (m *PluginJamfSettings) Reset()

func (*PluginJamfSettings) Size 

func (m *PluginJamfSettings) Size() (n int)

func (*PluginJamfSettings) String 

func (m *PluginJamfSettings) String() string

func (*PluginJamfSettings) Unmarshal 

func (m *PluginJamfSettings) Unmarshal(dAtA []byte) error

func (*PluginJamfSettings) XXX_DiscardUnknown 

func (m *PluginJamfSettings) XXX_DiscardUnknown()

func (*PluginJamfSettings) XXX_Marshal 

func (m *PluginJamfSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginJamfSettings) XXX_Merge 

func (m *PluginJamfSettings) XXX_Merge(src proto.Message)

func (*PluginJamfSettings) XXX_Size 

func (m *PluginJamfSettings) XXX_Size() int

func (*PluginJamfSettings) XXX_Unmarshal 

func (m *PluginJamfSettings) XXX_Unmarshal(b []byte) error

type PluginJiraSettings 

type PluginJiraSettings struct {
	// ServerURL is the address of the target JIRA Server instance.
	ServerUrl string `protobuf:"bytes,1,opt,name=server_url,json=serverUrl,proto3" json:"server_url,omitempty"`
	// ProjectKey is the key of the Jira project that will receive
	// notifications and issues from the plugin.
	ProjectKey string `protobuf:"bytes,2,opt,name=project_key,json=projectKey,proto3" json:"project_key,omitempty"`
	// IssueType is the type of Jira Issue that the plugin will create
	IssueType            string   `protobuf:"bytes,3,opt,name=issue_type,json=issueType,proto3" json:"issue_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PluginJiraSettings) CheckAndSetDefaults 

func (s *PluginJiraSettings) CheckAndSetDefaults() error

func (*PluginJiraSettings) Descriptor 

func (*PluginJiraSettings) Descriptor() ([]byte, []int)

func (*PluginJiraSettings) Equal 

func (this *PluginJiraSettings) Equal(that interface{}) bool

func (*PluginJiraSettings) Marshal 

func (m *PluginJiraSettings) Marshal() (dAtA []byte, err error)

func (*PluginJiraSettings) MarshalTo 

func (m *PluginJiraSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginJiraSettings) MarshalToSizedBuffer 

func (m *PluginJiraSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginJiraSettings) ProtoMessage 

func (*PluginJiraSettings) ProtoMessage()

func (*PluginJiraSettings) Reset 

func (m *PluginJiraSettings) Reset()

func (*PluginJiraSettings) Size 

func (m *PluginJiraSettings) Size() (n int)

func (*PluginJiraSettings) String 

func (m *PluginJiraSettings) String() string

func (*PluginJiraSettings) Unmarshal 

func (m *PluginJiraSettings) Unmarshal(dAtA []byte) error

func (*PluginJiraSettings) XXX_DiscardUnknown 

func (m *PluginJiraSettings) XXX_DiscardUnknown()

func (*PluginJiraSettings) XXX_Marshal 

func (m *PluginJiraSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginJiraSettings) XXX_Merge 

func (m *PluginJiraSettings) XXX_Merge(src proto.Message)

func (*PluginJiraSettings) XXX_Size 

func (m *PluginJiraSettings) XXX_Size() int

func (*PluginJiraSettings) XXX_Unmarshal 

func (m *PluginJiraSettings) XXX_Unmarshal(b []byte) error

type PluginListV1 

type PluginListV1 struct {
	// Plugins is a list of plugin resources.
	Plugins              []*PluginV1 `protobuf:"bytes,1,rep,name=plugins,proto3" json:"plugins,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

PluginList represents a list of plugin resources

func (*PluginListV1) Descriptor 

func (*PluginListV1) Descriptor() ([]byte, []int)

func (*PluginListV1) Marshal 

func (m *PluginListV1) Marshal() (dAtA []byte, err error)

func (*PluginListV1) MarshalTo 

func (m *PluginListV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginListV1) MarshalToSizedBuffer 

func (m *PluginListV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginListV1) ProtoMessage 

func (*PluginListV1) ProtoMessage()

func (*PluginListV1) Reset 

func (m *PluginListV1) Reset()

func (*PluginListV1) Size 

func (m *PluginListV1) Size() (n int)

func (*PluginListV1) String 

func (m *PluginListV1) String() string

func (*PluginListV1) Unmarshal 

func (m *PluginListV1) Unmarshal(dAtA []byte) error

func (*PluginListV1) XXX_DiscardUnknown 

func (m *PluginListV1) XXX_DiscardUnknown()

func (*PluginListV1) XXX_Marshal 

func (m *PluginListV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginListV1) XXX_Merge 

func (m *PluginListV1) XXX_Merge(src proto.Message)

func (*PluginListV1) XXX_Size 

func (m *PluginListV1) XXX_Size() int

func (*PluginListV1) XXX_Unmarshal 

func (m *PluginListV1) XXX_Unmarshal(b []byte) error

type PluginMSTeamsSettings 

type PluginMSTeamsSettings struct {
	// AppId is the Microsoft application ID (uuid, for Azure bots must be underlying app id, not bot's id).
	AppId string `protobuf:"bytes,1,opt,name=app_id,json=appId,proto3" json:"app_id,omitempty"`
	// TenantId is the Microsoft tenant ID.
	TenantId string `protobuf:"bytes,2,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"`
	// TeamsAppId is the Microsoft teams application ID.
	TeamsAppId string `protobuf:"bytes,3,opt,name=teams_app_id,json=teamsAppId,proto3" json:"teams_app_id,omitempty"`
	// Region to be used by the Microsoft Graph API client.
	Region string `protobuf:"bytes,4,opt,name=region,proto3" json:"region,omitempty"`
	// DefaultRecipient is the default recipient to use if no access monitoring rules are specified.
	DefaultRecipient     string   `protobuf:"bytes,5,opt,name=default_recipient,json=defaultRecipient,proto3" json:"default_recipient,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginMSTeamsSettings defines the settings for a Microsoft Teams integration plugin

func (*PluginMSTeamsSettings) Descriptor 

func (*PluginMSTeamsSettings) Descriptor() ([]byte, []int)

func (*PluginMSTeamsSettings) Equal 

func (this *PluginMSTeamsSettings) Equal(that interface{}) bool

func (*PluginMSTeamsSettings) Marshal 

func (m *PluginMSTeamsSettings) Marshal() (dAtA []byte, err error)

func (*PluginMSTeamsSettings) MarshalTo 

func (m *PluginMSTeamsSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginMSTeamsSettings) MarshalToSizedBuffer 

func (m *PluginMSTeamsSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginMSTeamsSettings) ProtoMessage 

func (*PluginMSTeamsSettings) ProtoMessage()

func (*PluginMSTeamsSettings) Reset 

func (m *PluginMSTeamsSettings) Reset()

func (*PluginMSTeamsSettings) Size 

func (m *PluginMSTeamsSettings) Size() (n int)

func (*PluginMSTeamsSettings) String 

func (m *PluginMSTeamsSettings) String() string

func (*PluginMSTeamsSettings) Unmarshal 

func (m *PluginMSTeamsSettings) Unmarshal(dAtA []byte) error

func (*PluginMSTeamsSettings) XXX_DiscardUnknown 

func (m *PluginMSTeamsSettings) XXX_DiscardUnknown()

func (*PluginMSTeamsSettings) XXX_Marshal 

func (m *PluginMSTeamsSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginMSTeamsSettings) XXX_Merge 

func (m *PluginMSTeamsSettings) XXX_Merge(src proto.Message)

func (*PluginMSTeamsSettings) XXX_Size 

func (m *PluginMSTeamsSettings) XXX_Size() int

func (*PluginMSTeamsSettings) XXX_Unmarshal 

func (m *PluginMSTeamsSettings) XXX_Unmarshal(b []byte) error

type PluginMattermostSettings 

type PluginMattermostSettings struct {
	// serverURL is the URL to access Mattermost.
	ServerUrl string `protobuf:"bytes,1,opt,name=server_url,json=serverUrl,proto3" json:"server_url,omitempty"`
	// team is the Mattermost workspace.
	Team string `protobuf:"bytes,2,opt,name=team,proto3" json:"team,omitempty"`
	// channel is the Mattermost channel in the workspace
	// (team) to send notifications to.
	Channel string `protobuf:"bytes,3,opt,name=channel,proto3" json:"channel,omitempty"`
	// report_to_email is an optional email address of a Mattermost user
	// to notify via a direct message when the plugin receives an
	// Access Request event.
	ReportToEmail        string   `protobuf:"bytes,4,opt,name=report_to_email,json=reportToEmail,proto3" json:"report_to_email,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Defines settings for the Mattermost plugin.

func (*PluginMattermostSettings) CheckAndSetDefaults 

func (s *PluginMattermostSettings) CheckAndSetDefaults() error

CheckAndSetDefaults validates and set the default values

func (*PluginMattermostSettings) Descriptor 

func (*PluginMattermostSettings) Descriptor() ([]byte, []int)

func (*PluginMattermostSettings) Equal 

func (this *PluginMattermostSettings) Equal(that interface{}) bool

func (*PluginMattermostSettings) Marshal 

func (m *PluginMattermostSettings) Marshal() (dAtA []byte, err error)

func (*PluginMattermostSettings) MarshalTo 

func (m *PluginMattermostSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginMattermostSettings) MarshalToSizedBuffer 

func (m *PluginMattermostSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginMattermostSettings) ProtoMessage 

func (*PluginMattermostSettings) ProtoMessage()

func (*PluginMattermostSettings) Reset 

func (m *PluginMattermostSettings) Reset()

func (*PluginMattermostSettings) Size 

func (m *PluginMattermostSettings) Size() (n int)

func (*PluginMattermostSettings) String 

func (m *PluginMattermostSettings) String() string

func (*PluginMattermostSettings) Unmarshal 

func (m *PluginMattermostSettings) Unmarshal(dAtA []byte) error

func (*PluginMattermostSettings) XXX_DiscardUnknown 

func (m *PluginMattermostSettings) XXX_DiscardUnknown()

func (*PluginMattermostSettings) XXX_Marshal 

func (m *PluginMattermostSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginMattermostSettings) XXX_Merge 

func (m *PluginMattermostSettings) XXX_Merge(src proto.Message)

func (*PluginMattermostSettings) XXX_Size 

func (m *PluginMattermostSettings) XXX_Size() int

func (*PluginMattermostSettings) XXX_Unmarshal 

func (m *PluginMattermostSettings) XXX_Unmarshal(b []byte) error

type PluginNetIQSettings 

type PluginNetIQSettings struct {
	// oauth_issuer_endpoint is the NetIQ Oauth Issuer endpoint.
	// Usually, it's equal to https://osp.domain.ext/a/idm/auth/oauth2
	OauthIssuerEndpoint string `protobuf:"bytes,1,opt,name=oauth_issuer_endpoint,json=oauthIssuerEndpoint,proto3" json:"oauth_issuer_endpoint,omitempty"`
	// api_endpoint is the IDM PROV Rest API location.
	ApiEndpoint string `protobuf:"bytes,2,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
	// insecure_skip_verify controls whether the NetIQ certificate validation should be skipped.
	InsecureSkipVerify   bool     `protobuf:"varint,3,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginNetIQSettings defines the settings for a NetIQ integration plugin

func (*PluginNetIQSettings) Descriptor 

func (*PluginNetIQSettings) Descriptor() ([]byte, []int)

func (*PluginNetIQSettings) Equal 

func (this *PluginNetIQSettings) Equal(that interface{}) bool

func (*PluginNetIQSettings) Marshal 

func (m *PluginNetIQSettings) Marshal() (dAtA []byte, err error)

func (*PluginNetIQSettings) MarshalTo 

func (m *PluginNetIQSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginNetIQSettings) MarshalToSizedBuffer 

func (m *PluginNetIQSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginNetIQSettings) ProtoMessage 

func (*PluginNetIQSettings) ProtoMessage()

func (*PluginNetIQSettings) Reset 

func (m *PluginNetIQSettings) Reset()

func (*PluginNetIQSettings) Size 

func (m *PluginNetIQSettings) Size() (n int)

func (*PluginNetIQSettings) String 

func (m *PluginNetIQSettings) String() string

func (*PluginNetIQSettings) Unmarshal 

func (m *PluginNetIQSettings) Unmarshal(dAtA []byte) error

func (*PluginNetIQSettings) Validate 

func (c *PluginNetIQSettings) Validate() error

func (*PluginNetIQSettings) XXX_DiscardUnknown 

func (m *PluginNetIQSettings) XXX_DiscardUnknown()

func (*PluginNetIQSettings) XXX_Marshal 

func (m *PluginNetIQSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginNetIQSettings) XXX_Merge 

func (m *PluginNetIQSettings) XXX_Merge(src proto.Message)

func (*PluginNetIQSettings) XXX_Size 

func (m *PluginNetIQSettings) XXX_Size() int

func (*PluginNetIQSettings) XXX_Unmarshal 

func (m *PluginNetIQSettings) XXX_Unmarshal(b []byte) error

type PluginNetIQStatusV1 

type PluginNetIQStatusV1 struct {
	// imported_users is the number of users imported from NetIQ eDirectory.
	ImportedUsers uint32 `protobuf:"varint,1,opt,name=imported_users,json=importedUsers,proto3" json:"imported_users,omitempty"`
	// imported_groups is the number of groups imported from NetIQ eDirectory.
	ImportedGroups uint32 `protobuf:"varint,2,opt,name=imported_groups,json=importedGroups,proto3" json:"imported_groups,omitempty"`
	// imported_roles is the number of roles imported from NetIQ eDirectory.
	ImportedRoles uint32 `protobuf:"varint,3,opt,name=imported_roles,json=importedRoles,proto3" json:"imported_roles,omitempty"`
	// imported_resources is the number of resources imported from NetIQ eDirectory.
	ImportedResources    uint32   `protobuf:"varint,4,opt,name=imported_resources,json=importedResources,proto3" json:"imported_resources,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginNetIQStatusV1 is the status details for the NetIQ plugin.

func (*PluginNetIQStatusV1) Descriptor 

func (*PluginNetIQStatusV1) Descriptor() ([]byte, []int)

func (*PluginNetIQStatusV1) Marshal 

func (m *PluginNetIQStatusV1) Marshal() (dAtA []byte, err error)

func (*PluginNetIQStatusV1) MarshalTo 

func (m *PluginNetIQStatusV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginNetIQStatusV1) MarshalToSizedBuffer 

func (m *PluginNetIQStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginNetIQStatusV1) ProtoMessage 

func (*PluginNetIQStatusV1) ProtoMessage()

func (*PluginNetIQStatusV1) Reset 

func (m *PluginNetIQStatusV1) Reset()

func (*PluginNetIQStatusV1) Size 

func (m *PluginNetIQStatusV1) Size() (n int)

func (*PluginNetIQStatusV1) String 

func (m *PluginNetIQStatusV1) String() string

func (*PluginNetIQStatusV1) Unmarshal 

func (m *PluginNetIQStatusV1) Unmarshal(dAtA []byte) error

func (*PluginNetIQStatusV1) XXX_DiscardUnknown 

func (m *PluginNetIQStatusV1) XXX_DiscardUnknown()

func (*PluginNetIQStatusV1) XXX_Marshal 

func (m *PluginNetIQStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginNetIQStatusV1) XXX_Merge 

func (m *PluginNetIQStatusV1) XXX_Merge(src proto.Message)

func (*PluginNetIQStatusV1) XXX_Size 

func (m *PluginNetIQStatusV1) XXX_Size() int

func (*PluginNetIQStatusV1) XXX_Unmarshal 

func (m *PluginNetIQStatusV1) XXX_Unmarshal(b []byte) error

type PluginOAuth2AccessTokenCredentials 

type PluginOAuth2AccessTokenCredentials struct {
	AccessToken          string    `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
	RefreshToken         string    `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
	Expires              time.Time `protobuf:"bytes,3,opt,name=expires,proto3,stdtime" json:"expires"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

func (*PluginOAuth2AccessTokenCredentials) CheckAndSetDefaults 

func (c *PluginOAuth2AccessTokenCredentials) CheckAndSetDefaults() error

CheckAndSetDefaults validates and set the default values

func (*PluginOAuth2AccessTokenCredentials) Descriptor 

func (*PluginOAuth2AccessTokenCredentials) Descriptor() ([]byte, []int)

func (*PluginOAuth2AccessTokenCredentials) Marshal 

func (m *PluginOAuth2AccessTokenCredentials) Marshal() (dAtA []byte, err error)

func (*PluginOAuth2AccessTokenCredentials) MarshalTo 

func (m *PluginOAuth2AccessTokenCredentials) MarshalTo(dAtA []byte) (int, error)

func (*PluginOAuth2AccessTokenCredentials) MarshalToSizedBuffer 

func (m *PluginOAuth2AccessTokenCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOAuth2AccessTokenCredentials) ProtoMessage 

func (*PluginOAuth2AccessTokenCredentials) ProtoMessage()

func (*PluginOAuth2AccessTokenCredentials) Reset 

func (m *PluginOAuth2AccessTokenCredentials) Reset()

func (*PluginOAuth2AccessTokenCredentials) Size 

func (m *PluginOAuth2AccessTokenCredentials) Size() (n int)

func (*PluginOAuth2AccessTokenCredentials) String 

func (m *PluginOAuth2AccessTokenCredentials) String() string

func (*PluginOAuth2AccessTokenCredentials) Unmarshal 

func (m *PluginOAuth2AccessTokenCredentials) Unmarshal(dAtA []byte) error

func (*PluginOAuth2AccessTokenCredentials) XXX_DiscardUnknown 

func (m *PluginOAuth2AccessTokenCredentials) XXX_DiscardUnknown()

func (*PluginOAuth2AccessTokenCredentials) XXX_Marshal 

func (m *PluginOAuth2AccessTokenCredentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOAuth2AccessTokenCredentials) XXX_Merge 

func (m *PluginOAuth2AccessTokenCredentials) XXX_Merge(src proto.Message)

func (*PluginOAuth2AccessTokenCredentials) XXX_Size 

func (m *PluginOAuth2AccessTokenCredentials) XXX_Size() int

func (*PluginOAuth2AccessTokenCredentials) XXX_Unmarshal 

func (m *PluginOAuth2AccessTokenCredentials) XXX_Unmarshal(b []byte) error

type PluginOAuth2AuthorizationCodeCredentials 

type PluginOAuth2AuthorizationCodeCredentials struct {
	AuthorizationCode    string   `protobuf:"bytes,1,opt,name=authorization_code,json=authorizationCode,proto3" json:"authorization_code,omitempty"`
	RedirectUri          string   `protobuf:"bytes,2,opt,name=redirect_uri,json=redirectUri,proto3" json:"redirect_uri,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PluginOAuth2AuthorizationCodeCredentials) CheckAndSetDefaults 

func (c *PluginOAuth2AuthorizationCodeCredentials) CheckAndSetDefaults() error

CheckAndSetDefaults validates and set the default values

func (*PluginOAuth2AuthorizationCodeCredentials) Descriptor 

func (*PluginOAuth2AuthorizationCodeCredentials) Descriptor() ([]byte, []int)

func (*PluginOAuth2AuthorizationCodeCredentials) Marshal 

func (m *PluginOAuth2AuthorizationCodeCredentials) Marshal() (dAtA []byte, err error)

func (*PluginOAuth2AuthorizationCodeCredentials) MarshalTo 

func (m *PluginOAuth2AuthorizationCodeCredentials) MarshalTo(dAtA []byte) (int, error)

func (*PluginOAuth2AuthorizationCodeCredentials) MarshalToSizedBuffer 

func (m *PluginOAuth2AuthorizationCodeCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOAuth2AuthorizationCodeCredentials) ProtoMessage 

func (*PluginOAuth2AuthorizationCodeCredentials) ProtoMessage()

func (*PluginOAuth2AuthorizationCodeCredentials) Reset 

func (m *PluginOAuth2AuthorizationCodeCredentials) Reset()

func (*PluginOAuth2AuthorizationCodeCredentials) Size 

func (m *PluginOAuth2AuthorizationCodeCredentials) Size() (n int)

func (*PluginOAuth2AuthorizationCodeCredentials) String 

func (m *PluginOAuth2AuthorizationCodeCredentials) String() string

func (*PluginOAuth2AuthorizationCodeCredentials) Unmarshal 

func (m *PluginOAuth2AuthorizationCodeCredentials) Unmarshal(dAtA []byte) error

func (*PluginOAuth2AuthorizationCodeCredentials) XXX_DiscardUnknown 

func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_DiscardUnknown()

func (*PluginOAuth2AuthorizationCodeCredentials) XXX_Marshal 

func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOAuth2AuthorizationCodeCredentials) XXX_Merge 

func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_Merge(src proto.Message)

func (*PluginOAuth2AuthorizationCodeCredentials) XXX_Size 

func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_Size() int

func (*PluginOAuth2AuthorizationCodeCredentials) XXX_Unmarshal 

func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_Unmarshal(b []byte) error

type PluginOktaCredentialsInfo 

type PluginOktaCredentialsInfo struct {
	// HasSSMSToken is true if the plugin has configured SSMSToken.
	HasSsmToken bool `protobuf:"varint,1,opt,name=has_ssm_token,json=hasSsmToken,proto3" json:"has_ssm_token,omitempty"`
	// HasOauthCredentials is true if the plugin has configured OauthCredentials.
	HasOauthCredentials bool `protobuf:"varint,2,opt,name=has_oauth_credentials,json=hasOauthCredentials,proto3" json:"has_oauth_credentials,omitempty"`
	// HasSCIMToken is true if the plugin has configured SCIMToken.
	HasScimToken         bool     `protobuf:"varint,3,opt,name=has_scim_token,json=hasScimToken,proto3" json:"has_scim_token,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginOktaCredentialsInfo contains information about the Okta credentials. This is used to determine if the plugin has configured the necessary credentials.

func (*PluginOktaCredentialsInfo) Descriptor 

func (*PluginOktaCredentialsInfo) Descriptor() ([]byte, []int)

func (*PluginOktaCredentialsInfo) Equal 

func (this *PluginOktaCredentialsInfo) Equal(that interface{}) bool

func (*PluginOktaCredentialsInfo) Marshal 

func (m *PluginOktaCredentialsInfo) Marshal() (dAtA []byte, err error)

func (*PluginOktaCredentialsInfo) MarshalTo 

func (m *PluginOktaCredentialsInfo) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaCredentialsInfo) MarshalToSizedBuffer 

func (m *PluginOktaCredentialsInfo) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaCredentialsInfo) ProtoMessage 

func (*PluginOktaCredentialsInfo) ProtoMessage()

func (*PluginOktaCredentialsInfo) Reset 

func (m *PluginOktaCredentialsInfo) Reset()

func (*PluginOktaCredentialsInfo) Size 

func (m *PluginOktaCredentialsInfo) Size() (n int)

func (*PluginOktaCredentialsInfo) String 

func (m *PluginOktaCredentialsInfo) String() string

func (*PluginOktaCredentialsInfo) Unmarshal 

func (m *PluginOktaCredentialsInfo) Unmarshal(dAtA []byte) error

func (*PluginOktaCredentialsInfo) XXX_DiscardUnknown 

func (m *PluginOktaCredentialsInfo) XXX_DiscardUnknown()

func (*PluginOktaCredentialsInfo) XXX_Marshal 

func (m *PluginOktaCredentialsInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaCredentialsInfo) XXX_Merge 

func (m *PluginOktaCredentialsInfo) XXX_Merge(src proto.Message)

func (*PluginOktaCredentialsInfo) XXX_Size 

func (m *PluginOktaCredentialsInfo) XXX_Size() int

func (*PluginOktaCredentialsInfo) XXX_Unmarshal 

func (m *PluginOktaCredentialsInfo) XXX_Unmarshal(b []byte) error

type PluginOktaSettings 

type PluginOktaSettings struct {
	// OrgUrl is the Okta organization URL to use for API communication.
	OrgUrl string `protobuf:"bytes,1,opt,name=org_url,json=orgUrl,proto3" json:"org_url,omitempty"`
	// EnableUserSync controls the user sync in the Okta integration service. Deprecated.
	// TODO(mdwn): Remove once e changes have been made.
	EnableUserSync bool `protobuf:"varint,2,opt,name=enable_user_sync,json=enableUserSync,proto3" json:"enable_user_sync,omitempty"`
	// SSOConnectorID (deprecated)
	// TODO(mdwn): Remove once e changes have been made.
	SsoConnectorId string `protobuf:"bytes,3,opt,name=sso_connector_id,json=ssoConnectorId,proto3" json:"sso_connector_id,omitempty"`
	// Sync settings controls the user and access list sync settings for Okta.
	SyncSettings *PluginOktaSyncSettings `protobuf:"bytes,4,opt,name=sync_settings,json=syncSettings,proto3" json:"sync_settings,omitempty"`
	// CredentialsInfo contains information about the Okta credentials.
	CredentialsInfo      *PluginOktaCredentialsInfo `protobuf:"bytes,5,opt,name=credentials_info,json=credentialsInfo,proto3" json:"credentials_info,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
	XXX_unrecognized     []byte                     `json:"-"`
	XXX_sizecache        int32                      `json:"-"`
}

Defines settings for the Okta plugin.

func (*PluginOktaSettings) CheckAndSetDefaults 

func (s *PluginOktaSettings) CheckAndSetDefaults() error

CheckAndSetDefaults validates and set the default values.

func (*PluginOktaSettings) Descriptor 

func (*PluginOktaSettings) Descriptor() ([]byte, []int)

func (*PluginOktaSettings) Equal 

func (this *PluginOktaSettings) Equal(that interface{}) bool

func (*PluginOktaSettings) GetCredentialsInfo 

func (o *PluginOktaSettings) GetCredentialsInfo() *PluginOktaCredentialsInfo

func (*PluginOktaSettings) GetSyncSettings 

func (o *PluginOktaSettings) GetSyncSettings() *PluginOktaSyncSettings

func (*PluginOktaSettings) Marshal 

func (m *PluginOktaSettings) Marshal() (dAtA []byte, err error)

func (*PluginOktaSettings) MarshalTo 

func (m *PluginOktaSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaSettings) MarshalToSizedBuffer 

func (m *PluginOktaSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaSettings) ProtoMessage 

func (*PluginOktaSettings) ProtoMessage()

func (*PluginOktaSettings) Reset 

func (m *PluginOktaSettings) Reset()

func (*PluginOktaSettings) Size 

func (m *PluginOktaSettings) Size() (n int)

func (*PluginOktaSettings) String 

func (m *PluginOktaSettings) String() string

func (*PluginOktaSettings) Unmarshal 

func (m *PluginOktaSettings) Unmarshal(dAtA []byte) error

func (*PluginOktaSettings) XXX_DiscardUnknown 

func (m *PluginOktaSettings) XXX_DiscardUnknown()

func (*PluginOktaSettings) XXX_Marshal 

func (m *PluginOktaSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaSettings) XXX_Merge 

func (m *PluginOktaSettings) XXX_Merge(src proto.Message)

func (*PluginOktaSettings) XXX_Size 

func (m *PluginOktaSettings) XXX_Size() int

func (*PluginOktaSettings) XXX_Unmarshal 

func (m *PluginOktaSettings) XXX_Unmarshal(b []byte) error

type PluginOktaStatusDetailsAccessListsSync 

type PluginOktaStatusDetailsAccessListsSync struct {
	// Enabled is whether access lists sync is enabled.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// StatusCode indicates the current state of the AccessList sync service
	StatusCode OktaPluginSyncStatusCode `` /* 128-byte string literal not displayed */
	// LastSuccessful is the date of the last successful run.
	LastSuccessful *time.Time `protobuf:"bytes,3,opt,name=last_successful,json=lastSuccessful,proto3,stdtime" json:"last_successful"`
	// LastFailed is the date of the last failed run.
	LastFailed *time.Time `protobuf:"bytes,4,opt,name=last_failed,json=lastFailed,proto3,stdtime" json:"last_failed"`
	// AppFilters are the app filters used for the access list sync.
	AppFilters []string `protobuf:"bytes,5,rep,name=app_filters,json=appFilters,proto3" json:"app_filters,omitempty"`
	// NumAppsSynced are the number of applications synchronized as access lists.
	NumAppsSynced int32 `protobuf:"varint,6,opt,name=num_apps_synced,json=numAppsSynced,proto3" json:"num_apps_synced,omitempty"`
	// GroupFilters are the group filters used for the access list sync.
	GroupFilters []string `protobuf:"bytes,7,rep,name=group_filters,json=groupFilters,proto3" json:"group_filters,omitempty"`
	// NumGroupsSynced are the number of groups synchronized as access lists.
	NumGroupsSynced int32 `protobuf:"varint,8,opt,name=num_groups_synced,json=numGroupsSynced,proto3" json:"num_groups_synced,omitempty"`
	// Error contains a textual description of the reason the last synchronization
	// failed. Only valid when StatusCode is OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR.
	Error                string   `protobuf:"bytes,9,opt,name=error,proto3" json:"error,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginOktaStatusDetailsAccessListsSync are details related to the current status of the Okta integration w/r/t access list sync.

func (*PluginOktaStatusDetailsAccessListsSync) Descriptor 

func (*PluginOktaStatusDetailsAccessListsSync) Descriptor() ([]byte, []int)

func (*PluginOktaStatusDetailsAccessListsSync) Marshal 

func (m *PluginOktaStatusDetailsAccessListsSync) Marshal() (dAtA []byte, err error)

func (*PluginOktaStatusDetailsAccessListsSync) MarshalTo 

func (m *PluginOktaStatusDetailsAccessListsSync) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsAccessListsSync) MarshalToSizedBuffer 

func (m *PluginOktaStatusDetailsAccessListsSync) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsAccessListsSync) ProtoMessage 

func (*PluginOktaStatusDetailsAccessListsSync) ProtoMessage()

func (*PluginOktaStatusDetailsAccessListsSync) Reset 

func (m *PluginOktaStatusDetailsAccessListsSync) Reset()

func (*PluginOktaStatusDetailsAccessListsSync) Size 

func (m *PluginOktaStatusDetailsAccessListsSync) Size() (n int)

func (*PluginOktaStatusDetailsAccessListsSync) String 

func (m *PluginOktaStatusDetailsAccessListsSync) String() string

func (*PluginOktaStatusDetailsAccessListsSync) Unmarshal 

func (m *PluginOktaStatusDetailsAccessListsSync) Unmarshal(dAtA []byte) error

func (*PluginOktaStatusDetailsAccessListsSync) XXX_DiscardUnknown 

func (m *PluginOktaStatusDetailsAccessListsSync) XXX_DiscardUnknown()

func (*PluginOktaStatusDetailsAccessListsSync) XXX_Marshal 

func (m *PluginOktaStatusDetailsAccessListsSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaStatusDetailsAccessListsSync) XXX_Merge 

func (m *PluginOktaStatusDetailsAccessListsSync) XXX_Merge(src proto.Message)

func (*PluginOktaStatusDetailsAccessListsSync) XXX_Size 

func (m *PluginOktaStatusDetailsAccessListsSync) XXX_Size() int

func (*PluginOktaStatusDetailsAccessListsSync) XXX_Unmarshal 

func (m *PluginOktaStatusDetailsAccessListsSync) XXX_Unmarshal(b []byte) error

type PluginOktaStatusDetailsAppGroupSync 

type PluginOktaStatusDetailsAppGroupSync struct {
	// Enabled is whether the users sync is enabled.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// StatusCode indicates the current state of the App & Group sync service
	StatusCode OktaPluginSyncStatusCode `` /* 128-byte string literal not displayed */
	// LastSuccessful is the date of the last successful run.
	LastSuccessful *time.Time `protobuf:"bytes,3,opt,name=last_successful,json=lastSuccessful,proto3,stdtime" json:"last_successful"`
	// LastFailed is the date of the last failed run.
	LastFailed *time.Time `protobuf:"bytes,4,opt,name=last_failed,json=lastFailed,proto3,stdtime" json:"last_failed"`
	// NumAppsSynced is the total number of apps synchronized.
	NumAppsSynced int32 `protobuf:"varint,5,opt,name=num_apps_synced,json=numAppsSynced,proto3" json:"num_apps_synced,omitempty"`
	// NumAppsSynced is the total number of groups synchronized.
	NumGroupsSynced int32 `protobuf:"varint,6,opt,name=num_groups_synced,json=numGroupsSynced,proto3" json:"num_groups_synced,omitempty"`
	// Error contains a textual description of the reason the last synchronization
	// failed. Only valid when StatusCode is OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR.
	Error                string   `protobuf:"bytes,7,opt,name=error,proto3" json:"error,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginOktaStatusDetailsAppGroupSync are details related to the current status of the Okta integration w/r/t application and group sync.

func (*PluginOktaStatusDetailsAppGroupSync) Descriptor 

func (*PluginOktaStatusDetailsAppGroupSync) Descriptor() ([]byte, []int)

func (*PluginOktaStatusDetailsAppGroupSync) Marshal 

func (m *PluginOktaStatusDetailsAppGroupSync) Marshal() (dAtA []byte, err error)

func (*PluginOktaStatusDetailsAppGroupSync) MarshalTo 

func (m *PluginOktaStatusDetailsAppGroupSync) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsAppGroupSync) MarshalToSizedBuffer 

func (m *PluginOktaStatusDetailsAppGroupSync) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsAppGroupSync) ProtoMessage 

func (*PluginOktaStatusDetailsAppGroupSync) ProtoMessage()

func (*PluginOktaStatusDetailsAppGroupSync) Reset 

func (m *PluginOktaStatusDetailsAppGroupSync) Reset()

func (*PluginOktaStatusDetailsAppGroupSync) Size 

func (m *PluginOktaStatusDetailsAppGroupSync) Size() (n int)

func (*PluginOktaStatusDetailsAppGroupSync) String 

func (m *PluginOktaStatusDetailsAppGroupSync) String() string

func (*PluginOktaStatusDetailsAppGroupSync) Unmarshal 

func (m *PluginOktaStatusDetailsAppGroupSync) Unmarshal(dAtA []byte) error

func (*PluginOktaStatusDetailsAppGroupSync) XXX_DiscardUnknown 

func (m *PluginOktaStatusDetailsAppGroupSync) XXX_DiscardUnknown()

func (*PluginOktaStatusDetailsAppGroupSync) XXX_Marshal 

func (m *PluginOktaStatusDetailsAppGroupSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaStatusDetailsAppGroupSync) XXX_Merge 

func (m *PluginOktaStatusDetailsAppGroupSync) XXX_Merge(src proto.Message)

func (*PluginOktaStatusDetailsAppGroupSync) XXX_Size 

func (m *PluginOktaStatusDetailsAppGroupSync) XXX_Size() int

func (*PluginOktaStatusDetailsAppGroupSync) XXX_Unmarshal 

func (m *PluginOktaStatusDetailsAppGroupSync) XXX_Unmarshal(b []byte) error

type PluginOktaStatusDetailsSCIM 

type PluginOktaStatusDetailsSCIM struct {
	// Enabled is whether SCIM is enabled.
	Enabled              bool     `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginOktaStatusDetailsSCIM are details related to the current status of the Okta integration w/r/t SCIM.

func (*PluginOktaStatusDetailsSCIM) Descriptor 

func (*PluginOktaStatusDetailsSCIM) Descriptor() ([]byte, []int)

func (*PluginOktaStatusDetailsSCIM) Marshal 

func (m *PluginOktaStatusDetailsSCIM) Marshal() (dAtA []byte, err error)

func (*PluginOktaStatusDetailsSCIM) MarshalTo 

func (m *PluginOktaStatusDetailsSCIM) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsSCIM) MarshalToSizedBuffer 

func (m *PluginOktaStatusDetailsSCIM) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsSCIM) ProtoMessage 

func (*PluginOktaStatusDetailsSCIM) ProtoMessage()

func (*PluginOktaStatusDetailsSCIM) Reset 

func (m *PluginOktaStatusDetailsSCIM) Reset()

func (*PluginOktaStatusDetailsSCIM) Size 

func (m *PluginOktaStatusDetailsSCIM) Size() (n int)

func (*PluginOktaStatusDetailsSCIM) String 

func (m *PluginOktaStatusDetailsSCIM) String() string

func (*PluginOktaStatusDetailsSCIM) Unmarshal 

func (m *PluginOktaStatusDetailsSCIM) Unmarshal(dAtA []byte) error

func (*PluginOktaStatusDetailsSCIM) XXX_DiscardUnknown 

func (m *PluginOktaStatusDetailsSCIM) XXX_DiscardUnknown()

func (*PluginOktaStatusDetailsSCIM) XXX_Marshal 

func (m *PluginOktaStatusDetailsSCIM) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaStatusDetailsSCIM) XXX_Merge 

func (m *PluginOktaStatusDetailsSCIM) XXX_Merge(src proto.Message)

func (*PluginOktaStatusDetailsSCIM) XXX_Size 

func (m *PluginOktaStatusDetailsSCIM) XXX_Size() int

func (*PluginOktaStatusDetailsSCIM) XXX_Unmarshal 

func (m *PluginOktaStatusDetailsSCIM) XXX_Unmarshal(b []byte) error

type PluginOktaStatusDetailsSSO 

type PluginOktaStatusDetailsSSO struct {
	// Enabled indicates whether SSO login is enabled.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// AppId is the unique Okta application ID of the Okta Applicaion used for
	// SSO login.
	AppId string `protobuf:"bytes,2,opt,name=app_id,json=appId,proto3" json:"app_id,omitempty"`
	// AppName is the Okta-assigned unique name of the Okta App that Teleport uses
	// as a gateway to interact with Okta for SAML login, SCIM provisioning and user
	// sync.
	AppName string `protobuf:"bytes,3,opt,name=app_name,json=appName,proto3" json:"app_name,omitempty"`
	// OktaGroupEveryoneMappedRoles are the role(s) that will be granted to Okta users
	// through SSO or synchronization.
	OktaGroupEveryoneMappedRoles []string `` /* 151-byte string literal not displayed */
	XXX_NoUnkeyedLiteral         struct{} `json:"-"`
	XXX_unrecognized             []byte   `json:"-"`
	XXX_sizecache                int32    `json:"-"`
}

PluginOktaStatusDetailsSSO are details related to the current status of the Okta integration w/r/t SSO.

func (*PluginOktaStatusDetailsSSO) Descriptor 

func (*PluginOktaStatusDetailsSSO) Descriptor() ([]byte, []int)

func (*PluginOktaStatusDetailsSSO) Marshal 

func (m *PluginOktaStatusDetailsSSO) Marshal() (dAtA []byte, err error)

func (*PluginOktaStatusDetailsSSO) MarshalTo 

func (m *PluginOktaStatusDetailsSSO) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsSSO) MarshalToSizedBuffer 

func (m *PluginOktaStatusDetailsSSO) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsSSO) ProtoMessage 

func (*PluginOktaStatusDetailsSSO) ProtoMessage()

func (*PluginOktaStatusDetailsSSO) Reset 

func (m *PluginOktaStatusDetailsSSO) Reset()

func (*PluginOktaStatusDetailsSSO) Size 

func (m *PluginOktaStatusDetailsSSO) Size() (n int)

func (*PluginOktaStatusDetailsSSO) String 

func (m *PluginOktaStatusDetailsSSO) String() string

func (*PluginOktaStatusDetailsSSO) Unmarshal 

func (m *PluginOktaStatusDetailsSSO) Unmarshal(dAtA []byte) error

func (*PluginOktaStatusDetailsSSO) XXX_DiscardUnknown 

func (m *PluginOktaStatusDetailsSSO) XXX_DiscardUnknown()

func (*PluginOktaStatusDetailsSSO) XXX_Marshal 

func (m *PluginOktaStatusDetailsSSO) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaStatusDetailsSSO) XXX_Merge 

func (m *PluginOktaStatusDetailsSSO) XXX_Merge(src proto.Message)

func (*PluginOktaStatusDetailsSSO) XXX_Size 

func (m *PluginOktaStatusDetailsSSO) XXX_Size() int

func (*PluginOktaStatusDetailsSSO) XXX_Unmarshal 

func (m *PluginOktaStatusDetailsSSO) XXX_Unmarshal(b []byte) error

type PluginOktaStatusDetailsUsersSync 

type PluginOktaStatusDetailsUsersSync struct {
	// Enabled is whether the users sync is enabled.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// StatusCode indicates the current state of the User sync service
	StatusCode OktaPluginSyncStatusCode `` /* 128-byte string literal not displayed */
	// LastSuccessful is the date of the last successful run.
	LastSuccessful *time.Time `protobuf:"bytes,3,opt,name=last_successful,json=lastSuccessful,proto3,stdtime" json:"last_successful"`
	// LastFailed is the date of the last failed run.
	LastFailed *time.Time `protobuf:"bytes,4,opt,name=last_failed,json=lastFailed,proto3,stdtime" json:"last_failed"`
	// NumUsersSynced is the total number of users synchronized.
	NumUsersSynced int32 `protobuf:"varint,5,opt,name=num_users_synced,json=numUsersSynced,proto3" json:"num_users_synced,omitempty"`
	// Error contains a textual description of the reason the last synchronization
	// failed. Only valid when StatusCode is OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR.
	Error                string   `protobuf:"bytes,6,opt,name=error,proto3" json:"error,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginOktaStatusDetailsUsersSync are details related to the current status of the Okta integration w/r/t users sync.

func (*PluginOktaStatusDetailsUsersSync) Descriptor 

func (*PluginOktaStatusDetailsUsersSync) Descriptor() ([]byte, []int)

func (*PluginOktaStatusDetailsUsersSync) Marshal 

func (m *PluginOktaStatusDetailsUsersSync) Marshal() (dAtA []byte, err error)

func (*PluginOktaStatusDetailsUsersSync) MarshalTo 

func (m *PluginOktaStatusDetailsUsersSync) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsUsersSync) MarshalToSizedBuffer 

func (m *PluginOktaStatusDetailsUsersSync) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaStatusDetailsUsersSync) ProtoMessage 

func (*PluginOktaStatusDetailsUsersSync) ProtoMessage()

func (*PluginOktaStatusDetailsUsersSync) Reset 

func (m *PluginOktaStatusDetailsUsersSync) Reset()

func (*PluginOktaStatusDetailsUsersSync) Size 

func (m *PluginOktaStatusDetailsUsersSync) Size() (n int)

func (*PluginOktaStatusDetailsUsersSync) String 

func (m *PluginOktaStatusDetailsUsersSync) String() string

func (*PluginOktaStatusDetailsUsersSync) Unmarshal 

func (m *PluginOktaStatusDetailsUsersSync) Unmarshal(dAtA []byte) error

func (*PluginOktaStatusDetailsUsersSync) XXX_DiscardUnknown 

func (m *PluginOktaStatusDetailsUsersSync) XXX_DiscardUnknown()

func (*PluginOktaStatusDetailsUsersSync) XXX_Marshal 

func (m *PluginOktaStatusDetailsUsersSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaStatusDetailsUsersSync) XXX_Merge 

func (m *PluginOktaStatusDetailsUsersSync) XXX_Merge(src proto.Message)

func (*PluginOktaStatusDetailsUsersSync) XXX_Size 

func (m *PluginOktaStatusDetailsUsersSync) XXX_Size() int

func (*PluginOktaStatusDetailsUsersSync) XXX_Unmarshal 

func (m *PluginOktaStatusDetailsUsersSync) XXX_Unmarshal(b []byte) error

type PluginOktaStatusV1 

type PluginOktaStatusV1 struct {
	// SSODetails are status details relating to SSO.
	SsoDetails *PluginOktaStatusDetailsSSO `protobuf:"bytes,1,opt,name=sso_details,json=ssoDetails,proto3" json:"sso_details,omitempty"`
	// AppGroupSyncDetails are status details relating to synchronizing apps and
	// groups from Okta.
	AppGroupSyncDetails *PluginOktaStatusDetailsAppGroupSync `protobuf:"bytes,2,opt,name=app_group_sync_details,json=appGroupSyncDetails,proto3" json:"app_group_sync_details,omitempty"`
	// UsersSyncDetails are status details relating to synchronizing users from
	// Okta.
	UsersSyncDetails *PluginOktaStatusDetailsUsersSync `protobuf:"bytes,3,opt,name=users_sync_details,json=usersSyncDetails,proto3" json:"users_sync_details,omitempty"`
	// ScimDetails are status details relating to SCIM integration with
	// Okta.
	ScimDetails *PluginOktaStatusDetailsSCIM `protobuf:"bytes,4,opt,name=scim_details,json=scimDetails,proto3" json:"scim_details,omitempty"`
	// AccessListSyncDetails are status details relating to synchronizing access
	// lists from Okta.
	AccessListsSyncDetails *PluginOktaStatusDetailsAccessListsSync `` /* 131-byte string literal not displayed */
	XXX_NoUnkeyedLiteral   struct{}                                `json:"-"`
	XXX_unrecognized       []byte                                  `json:"-"`
	XXX_sizecache          int32                                   `json:"-"`
}

PluginOktaStatusV1 contains the details for the running Okta plugin.

func (*PluginOktaStatusV1) Descriptor 

func (*PluginOktaStatusV1) Descriptor() ([]byte, []int)

func (*PluginOktaStatusV1) Marshal 

func (m *PluginOktaStatusV1) Marshal() (dAtA []byte, err error)

func (*PluginOktaStatusV1) MarshalTo 

func (m *PluginOktaStatusV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaStatusV1) MarshalToSizedBuffer 

func (m *PluginOktaStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaStatusV1) ProtoMessage 

func (*PluginOktaStatusV1) ProtoMessage()

func (*PluginOktaStatusV1) Reset 

func (m *PluginOktaStatusV1) Reset()

func (*PluginOktaStatusV1) Size 

func (m *PluginOktaStatusV1) Size() (n int)

func (*PluginOktaStatusV1) String 

func (m *PluginOktaStatusV1) String() string

func (*PluginOktaStatusV1) Unmarshal 

func (m *PluginOktaStatusV1) Unmarshal(dAtA []byte) error

func (*PluginOktaStatusV1) XXX_DiscardUnknown 

func (m *PluginOktaStatusV1) XXX_DiscardUnknown()

func (*PluginOktaStatusV1) XXX_Marshal 

func (m *PluginOktaStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaStatusV1) XXX_Merge 

func (m *PluginOktaStatusV1) XXX_Merge(src proto.Message)

func (*PluginOktaStatusV1) XXX_Size 

func (m *PluginOktaStatusV1) XXX_Size() int

func (*PluginOktaStatusV1) XXX_Unmarshal 

func (m *PluginOktaStatusV1) XXX_Unmarshal(b []byte) error

type PluginOktaSyncSettings 

type PluginOktaSyncSettings struct {
	// SyncUsers controls the user sync in the Okta integration service. The source of truth for the
	// users is defined by UserSyncSource.
	SyncUsers bool `protobuf:"varint,1,opt,name=sync_users,json=syncUsers,proto3" json:"sync_users,omitempty"`
	// SSOConnectorID is the name of the Teleport SSO connector created and used by the Okta plugin
	SsoConnectorId string `protobuf:"bytes,2,opt,name=sso_connector_id,json=ssoConnectorId,proto3" json:"sso_connector_id,omitempty"`
	// SyncAccessLists controls the access list sync in the Okta integration service.
	SyncAccessLists bool `protobuf:"varint,3,opt,name=sync_access_lists,json=syncAccessLists,proto3" json:"sync_access_lists,omitempty"`
	// DefaultOwners are the default owners for all imported access lists.
	DefaultOwners []string `protobuf:"bytes,4,rep,name=default_owners,json=defaultOwners,proto3" json:"default_owners,omitempty"`
	// AppID is the Okta-assigned ID of the Okta App that Teleport uses as a
	// gateway to interact with Okta for SAML login, SCIM provisioning and user
	// sync. When set, user sync will pull users from the assignment list for this
	// app.
	AppId string `protobuf:"bytes,5,opt,name=app_id,json=appId,proto3" json:"app_id,omitempty"`
	// GroupFilters are filters for which Okta groups to synchronize as access lists.
	// Filters can be globs, for example:
	//
	//	group*
	//	*service*
	//
	// Or regexes if they're prefixed and suffixed with ^ and $, for example:
	//
	//	^group.*$
	//	^.*service.*$
	GroupFilters []string `protobuf:"bytes,6,rep,name=group_filters,json=groupFilters,proto3" json:"group_filters,omitempty"`
	// AppFilters are filters for which Okta applications to synchronize as access lists.
	// Filters can be globs, for example:
	//
	//	app*
	//	*service*
	//
	// Or regexes if they're prefixed and suffixed with ^ and $, for example:
	//
	//	^app.*$
	//	^.*service.*$
	AppFilters []string `protobuf:"bytes,7,rep,name=app_filters,json=appFilters,proto3" json:"app_filters,omitempty"`
	// AppName is the Okta-assigned unique name of the Okta App that Teleport uses
	// as a gateway to interact with Okta for SAML login, SCIM provisioning and user
	// sync.
	AppName string `protobuf:"bytes,8,opt,name=app_name,json=appName,proto3" json:"app_name,omitempty"`
	// DisableSyncAppGroups disables syncing of app groups from Okta.
	// This is useful when the app groups are not needed in Teleport.
	// and integration with Okta is only used for user sync.
	DisableSyncAppGroups bool `` /* 126-byte string literal not displayed */
	// DisableBidirectionalSync prevents syncing anything from Teleport to Okta. I.e. prevents
	// creating Okta assignments.
	DisableBidirectionalSync bool `` /* 137-byte string literal not displayed */
	// UserSyncSource defines the source of truth for Okta users. It can be one of "" (empty string),
	// "saml_app" or "org". "saml_app" is set for all newly created plugins and indicates that source
	// of truth for the sync are users assigned to the connector Okta SAML application. "org" is the
	// legacy setting indicating that the source of truth for users are all the users from the Okta
	// organization. If it's an empty string and UserSync is true, that means it's a legacy plugin
	// that has not been yet updated and during the next update the value will be set to "org" if
	// AppID is empty or "saml_app" if not.
	UserSyncSource string `protobuf:"bytes,11,opt,name=user_sync_source,json=userSyncSource,proto3" json:"user_sync_source,omitempty"`
	// EnableSystemLogExport enables the Teleport Identity Security SIEM integration for Okta.
	EnableSystemLogExport bool `` /* 130-byte string literal not displayed */
	// DisableAssignDefaultRoles prevents the builtin okta-requester role from being assigned to all
	// synchronized users. This is allows for a more advanced RBAC setup where not all
	// Okta-originated users are allowed request all Okta-originated resources.
	DisableAssignDefaultRoles bool     `` /* 142-byte string literal not displayed */
	XXX_NoUnkeyedLiteral      struct{} `json:"-"`
	XXX_unrecognized          []byte   `json:"-"`
	XXX_sizecache             int32    `json:"-"`
}

Defines settings for syncing users and access lists from Okta.

func (*PluginOktaSyncSettings) Descriptor 

func (*PluginOktaSyncSettings) Descriptor() ([]byte, []int)

func (*PluginOktaSyncSettings) Equal 

func (this *PluginOktaSyncSettings) Equal(that interface{}) bool

func (*PluginOktaSyncSettings) GetAssignDefaultRoles 

func (o *PluginOktaSyncSettings) GetAssignDefaultRoles() bool

func (*PluginOktaSyncSettings) GetEnableAccessListSync 

func (o *PluginOktaSyncSettings) GetEnableAccessListSync() bool

func (*PluginOktaSyncSettings) GetEnableAppGroupSync 

func (o *PluginOktaSyncSettings) GetEnableAppGroupSync() bool

func (*PluginOktaSyncSettings) GetEnableBidirectionalSync 

func (o *PluginOktaSyncSettings) GetEnableBidirectionalSync() bool

func (*PluginOktaSyncSettings) GetEnableSystemLogExport 

func (o *PluginOktaSyncSettings) GetEnableSystemLogExport() bool

func (*PluginOktaSyncSettings) GetEnableUserSync 

func (o *PluginOktaSyncSettings) GetEnableUserSync() bool

func (*PluginOktaSyncSettings) GetUserSyncSource 

func (o *PluginOktaSyncSettings) GetUserSyncSource() OktaUserSyncSource

func (*PluginOktaSyncSettings) Marshal 

func (m *PluginOktaSyncSettings) Marshal() (dAtA []byte, err error)

func (*PluginOktaSyncSettings) MarshalTo 

func (m *PluginOktaSyncSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginOktaSyncSettings) MarshalToSizedBuffer 

func (m *PluginOktaSyncSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOktaSyncSettings) ProtoMessage 

func (*PluginOktaSyncSettings) ProtoMessage()

func (*PluginOktaSyncSettings) Reset 

func (m *PluginOktaSyncSettings) Reset()

func (*PluginOktaSyncSettings) SetUserSyncSource 

func (o *PluginOktaSyncSettings) SetUserSyncSource(source OktaUserSyncSource)

func (*PluginOktaSyncSettings) Size 

func (m *PluginOktaSyncSettings) Size() (n int)

func (*PluginOktaSyncSettings) String 

func (m *PluginOktaSyncSettings) String() string

func (*PluginOktaSyncSettings) Unmarshal 

func (m *PluginOktaSyncSettings) Unmarshal(dAtA []byte) error

func (*PluginOktaSyncSettings) XXX_DiscardUnknown 

func (m *PluginOktaSyncSettings) XXX_DiscardUnknown()

func (*PluginOktaSyncSettings) XXX_Marshal 

func (m *PluginOktaSyncSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOktaSyncSettings) XXX_Merge 

func (m *PluginOktaSyncSettings) XXX_Merge(src proto.Message)

func (*PluginOktaSyncSettings) XXX_Size 

func (m *PluginOktaSyncSettings) XXX_Size() int

func (*PluginOktaSyncSettings) XXX_Unmarshal 

func (m *PluginOktaSyncSettings) XXX_Unmarshal(b []byte) error

type PluginOpenAISettings 

type PluginOpenAISettings struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Defines settings for the OpenAI plugin. Currently there are no settings.

func (*PluginOpenAISettings) Descriptor 

func (*PluginOpenAISettings) Descriptor() ([]byte, []int)

func (*PluginOpenAISettings) Equal 

func (this *PluginOpenAISettings) Equal(that interface{}) bool

func (*PluginOpenAISettings) Marshal 

func (m *PluginOpenAISettings) Marshal() (dAtA []byte, err error)

func (*PluginOpenAISettings) MarshalTo 

func (m *PluginOpenAISettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginOpenAISettings) MarshalToSizedBuffer 

func (m *PluginOpenAISettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOpenAISettings) ProtoMessage 

func (*PluginOpenAISettings) ProtoMessage()

func (*PluginOpenAISettings) Reset 

func (m *PluginOpenAISettings) Reset()

func (*PluginOpenAISettings) Size 

func (m *PluginOpenAISettings) Size() (n int)

func (*PluginOpenAISettings) String 

func (m *PluginOpenAISettings) String() string

func (*PluginOpenAISettings) Unmarshal 

func (m *PluginOpenAISettings) Unmarshal(dAtA []byte) error

func (*PluginOpenAISettings) XXX_DiscardUnknown 

func (m *PluginOpenAISettings) XXX_DiscardUnknown()

func (*PluginOpenAISettings) XXX_Marshal 

func (m *PluginOpenAISettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOpenAISettings) XXX_Merge 

func (m *PluginOpenAISettings) XXX_Merge(src proto.Message)

func (*PluginOpenAISettings) XXX_Size 

func (m *PluginOpenAISettings) XXX_Size() int

func (*PluginOpenAISettings) XXX_Unmarshal 

func (m *PluginOpenAISettings) XXX_Unmarshal(b []byte) error

type PluginOpsgenieAccessSettings 

type PluginOpsgenieAccessSettings struct {
	// Priority to create Opsgenie alerts with
	Priority string `protobuf:"bytes,2,opt,name=priority,proto3" json:"priority,omitempty"`
	// List of tags to be added to alerts created in Opsgenie
	AlertTags []string `protobuf:"bytes,3,rep,name=alert_tags,json=alertTags,proto3" json:"alert_tags,omitempty"`
	// Default on-call schedules to check if none are provided in the access request annotations
	DefaultSchedules []string `protobuf:"bytes,4,rep,name=default_schedules,json=defaultSchedules,proto3" json:"default_schedules,omitempty"`
	// APIEndpoint is the address of Opsgenie API.
	ApiEndpoint          string   `protobuf:"bytes,5,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PluginOpsgenieAccessSettings) CheckAndSetDefaults 

func (s *PluginOpsgenieAccessSettings) CheckAndSetDefaults() error

CheckAndSetDefaults validates and set the default values

func (*PluginOpsgenieAccessSettings) Descriptor 

func (*PluginOpsgenieAccessSettings) Descriptor() ([]byte, []int)

func (*PluginOpsgenieAccessSettings) Equal 

func (this *PluginOpsgenieAccessSettings) Equal(that interface{}) bool

func (*PluginOpsgenieAccessSettings) Marshal 

func (m *PluginOpsgenieAccessSettings) Marshal() (dAtA []byte, err error)

func (*PluginOpsgenieAccessSettings) MarshalTo 

func (m *PluginOpsgenieAccessSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginOpsgenieAccessSettings) MarshalToSizedBuffer 

func (m *PluginOpsgenieAccessSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginOpsgenieAccessSettings) ProtoMessage 

func (*PluginOpsgenieAccessSettings) ProtoMessage()

func (*PluginOpsgenieAccessSettings) Reset 

func (m *PluginOpsgenieAccessSettings) Reset()

func (*PluginOpsgenieAccessSettings) Size 

func (m *PluginOpsgenieAccessSettings) Size() (n int)

func (*PluginOpsgenieAccessSettings) String 

func (m *PluginOpsgenieAccessSettings) String() string

func (*PluginOpsgenieAccessSettings) Unmarshal 

func (m *PluginOpsgenieAccessSettings) Unmarshal(dAtA []byte) error

func (*PluginOpsgenieAccessSettings) XXX_DiscardUnknown 

func (m *PluginOpsgenieAccessSettings) XXX_DiscardUnknown()

func (*PluginOpsgenieAccessSettings) XXX_Marshal 

func (m *PluginOpsgenieAccessSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginOpsgenieAccessSettings) XXX_Merge 

func (m *PluginOpsgenieAccessSettings) XXX_Merge(src proto.Message)

func (*PluginOpsgenieAccessSettings) XXX_Size 

func (m *PluginOpsgenieAccessSettings) XXX_Size() int

func (*PluginOpsgenieAccessSettings) XXX_Unmarshal 

func (m *PluginOpsgenieAccessSettings) XXX_Unmarshal(b []byte) error

type PluginPagerDutySettings 

type PluginPagerDutySettings struct {
	// UserEmail is the email address of the PagerDuty user that will be
	// listed as the reporter source of incidents, comments, etc
	// within PagerDuty. Should usually be the same user the API key
	// represents.
	UserEmail string `protobuf:"bytes,1,opt,name=user_email,json=userEmail,proto3" json:"user_email,omitempty"`
	// APIEndpoint is the address of PagerDuty API.
	ApiEndpoint          string   `protobuf:"bytes,2,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PluginPagerDutySettings) CheckAndSetDefaults 

func (c *PluginPagerDutySettings) CheckAndSetDefaults() error

CheckAndSetDefaults validates and set the default PagerDuty values

func (*PluginPagerDutySettings) Descriptor 

func (*PluginPagerDutySettings) Descriptor() ([]byte, []int)

func (*PluginPagerDutySettings) Equal 

func (this *PluginPagerDutySettings) Equal(that interface{}) bool

func (*PluginPagerDutySettings) Marshal 

func (m *PluginPagerDutySettings) Marshal() (dAtA []byte, err error)

func (*PluginPagerDutySettings) MarshalTo 

func (m *PluginPagerDutySettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginPagerDutySettings) MarshalToSizedBuffer 

func (m *PluginPagerDutySettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginPagerDutySettings) ProtoMessage 

func (*PluginPagerDutySettings) ProtoMessage()

func (*PluginPagerDutySettings) Reset 

func (m *PluginPagerDutySettings) Reset()

func (*PluginPagerDutySettings) Size 

func (m *PluginPagerDutySettings) Size() (n int)

func (*PluginPagerDutySettings) String 

func (m *PluginPagerDutySettings) String() string

func (*PluginPagerDutySettings) Unmarshal 

func (m *PluginPagerDutySettings) Unmarshal(dAtA []byte) error

func (*PluginPagerDutySettings) XXX_DiscardUnknown 

func (m *PluginPagerDutySettings) XXX_DiscardUnknown()

func (*PluginPagerDutySettings) XXX_Marshal 

func (m *PluginPagerDutySettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginPagerDutySettings) XXX_Merge 

func (m *PluginPagerDutySettings) XXX_Merge(src proto.Message)

func (*PluginPagerDutySettings) XXX_Size 

func (m *PluginPagerDutySettings) XXX_Size() int

func (*PluginPagerDutySettings) XXX_Unmarshal 

func (m *PluginPagerDutySettings) XXX_Unmarshal(b []byte) error

type PluginSCIMSettings 

type PluginSCIMSettings struct {
	// SamlConnectorName is the name of the SAML Connector that users provisioned
	// by this SCIM plugin will use to log in to Teleport.
	SamlConnectorName string `protobuf:"bytes,1,opt,name=saml_connector_name,json=samlConnectorName,proto3" json:"saml_connector_name,omitempty"`
	// DefaultRole is the default role assigned to users provisioned by this
	// plugin.
	DefaultRole          string   `protobuf:"bytes,2,opt,name=default_role,json=defaultRole,proto3" json:"default_role,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginSCIMSettings defines the settings for a SCIM integration plugin

func (*PluginSCIMSettings) CheckAndSetDefaults 

func (c *PluginSCIMSettings) CheckAndSetDefaults() error

func (*PluginSCIMSettings) Descriptor 

func (*PluginSCIMSettings) Descriptor() ([]byte, []int)

func (*PluginSCIMSettings) Equal 

func (this *PluginSCIMSettings) Equal(that interface{}) bool

func (*PluginSCIMSettings) Marshal 

func (m *PluginSCIMSettings) Marshal() (dAtA []byte, err error)

func (*PluginSCIMSettings) MarshalTo 

func (m *PluginSCIMSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginSCIMSettings) MarshalToSizedBuffer 

func (m *PluginSCIMSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSCIMSettings) ProtoMessage 

func (*PluginSCIMSettings) ProtoMessage()

func (*PluginSCIMSettings) Reset 

func (m *PluginSCIMSettings) Reset()

func (*PluginSCIMSettings) Size 

func (m *PluginSCIMSettings) Size() (n int)

func (*PluginSCIMSettings) String 

func (m *PluginSCIMSettings) String() string

func (*PluginSCIMSettings) Unmarshal 

func (m *PluginSCIMSettings) Unmarshal(dAtA []byte) error

func (*PluginSCIMSettings) XXX_DiscardUnknown 

func (m *PluginSCIMSettings) XXX_DiscardUnknown()

func (*PluginSCIMSettings) XXX_Marshal 

func (m *PluginSCIMSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginSCIMSettings) XXX_Merge 

func (m *PluginSCIMSettings) XXX_Merge(src proto.Message)

func (*PluginSCIMSettings) XXX_Size 

func (m *PluginSCIMSettings) XXX_Size() int

func (*PluginSCIMSettings) XXX_Unmarshal 

func (m *PluginSCIMSettings) XXX_Unmarshal(b []byte) error

type PluginServiceNowSettings 

type PluginServiceNowSettings struct {
	// ApiEndpoint is the ServiceNow API endpoint.
	ApiEndpoint string `protobuf:"bytes,1,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
	// Username is the ServiceNow API username.
	Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
	// Password is the ServiceNow API password.
	Password string `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
	// CloseCode is the close code that ServiceNow incidents will use.
	CloseCode            string   `protobuf:"bytes,4,opt,name=close_code,json=closeCode,proto3" json:"close_code,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginServiceNowSettings are the settings for the serviceNow plugin

func (*PluginServiceNowSettings) CheckAndSetDefaults 

func (c *PluginServiceNowSettings) CheckAndSetDefaults() error

CheckAndSetDefaults checks that the required fields for the servicenow plugin are set.

func (*PluginServiceNowSettings) Descriptor 

func (*PluginServiceNowSettings) Descriptor() ([]byte, []int)

func (*PluginServiceNowSettings) Equal 

func (this *PluginServiceNowSettings) Equal(that interface{}) bool

func (*PluginServiceNowSettings) Marshal 

func (m *PluginServiceNowSettings) Marshal() (dAtA []byte, err error)

func (*PluginServiceNowSettings) MarshalTo 

func (m *PluginServiceNowSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginServiceNowSettings) MarshalToSizedBuffer 

func (m *PluginServiceNowSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginServiceNowSettings) ProtoMessage 

func (*PluginServiceNowSettings) ProtoMessage()

func (*PluginServiceNowSettings) Reset 

func (m *PluginServiceNowSettings) Reset()

func (*PluginServiceNowSettings) Size 

func (m *PluginServiceNowSettings) Size() (n int)

func (*PluginServiceNowSettings) String 

func (m *PluginServiceNowSettings) String() string

func (*PluginServiceNowSettings) Unmarshal 

func (m *PluginServiceNowSettings) Unmarshal(dAtA []byte) error

func (*PluginServiceNowSettings) XXX_DiscardUnknown 

func (m *PluginServiceNowSettings) XXX_DiscardUnknown()

func (*PluginServiceNowSettings) XXX_Marshal 

func (m *PluginServiceNowSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginServiceNowSettings) XXX_Merge 

func (m *PluginServiceNowSettings) XXX_Merge(src proto.Message)

func (*PluginServiceNowSettings) XXX_Size 

func (m *PluginServiceNowSettings) XXX_Size() int

func (*PluginServiceNowSettings) XXX_Unmarshal 

func (m *PluginServiceNowSettings) XXX_Unmarshal(b []byte) error

type PluginSlackAccessSettings 

type PluginSlackAccessSettings struct {
	FallbackChannel      string   `protobuf:"bytes,1,opt,name=fallback_channel,json=fallbackChannel,proto3" json:"fallback_channel,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PluginSlackAccessSettings) CheckAndSetDefaults 

func (s *PluginSlackAccessSettings) CheckAndSetDefaults() error

CheckAndSetDefaults validates and set the default values

func (*PluginSlackAccessSettings) Descriptor 

func (*PluginSlackAccessSettings) Descriptor() ([]byte, []int)

func (*PluginSlackAccessSettings) Equal 

func (this *PluginSlackAccessSettings) Equal(that interface{}) bool

func (*PluginSlackAccessSettings) Marshal 

func (m *PluginSlackAccessSettings) Marshal() (dAtA []byte, err error)

func (*PluginSlackAccessSettings) MarshalTo 

func (m *PluginSlackAccessSettings) MarshalTo(dAtA []byte) (int, error)

func (*PluginSlackAccessSettings) MarshalToSizedBuffer 

func (m *PluginSlackAccessSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSlackAccessSettings) ProtoMessage 

func (*PluginSlackAccessSettings) ProtoMessage()

func (*PluginSlackAccessSettings) Reset 

func (m *PluginSlackAccessSettings) Reset()

func (*PluginSlackAccessSettings) Size 

func (m *PluginSlackAccessSettings) Size() (n int)

func (*PluginSlackAccessSettings) String 

func (m *PluginSlackAccessSettings) String() string

func (*PluginSlackAccessSettings) Unmarshal 

func (m *PluginSlackAccessSettings) Unmarshal(dAtA []byte) error

func (*PluginSlackAccessSettings) XXX_DiscardUnknown 

func (m *PluginSlackAccessSettings) XXX_DiscardUnknown()

func (*PluginSlackAccessSettings) XXX_Marshal 

func (m *PluginSlackAccessSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginSlackAccessSettings) XXX_Merge 

func (m *PluginSlackAccessSettings) XXX_Merge(src proto.Message)

func (*PluginSlackAccessSettings) XXX_Size 

func (m *PluginSlackAccessSettings) XXX_Size() int

func (*PluginSlackAccessSettings) XXX_Unmarshal 

func (m *PluginSlackAccessSettings) XXX_Unmarshal(b []byte) error

type PluginSpecV1 

type PluginSpecV1 struct {
	// settings contain provider-specific plugin options.
	//
	// Types that are valid to be assigned to Settings:
	//
	//	*PluginSpecV1_SlackAccessPlugin
	//	*PluginSpecV1_Opsgenie
	//	*PluginSpecV1_Openai
	//	*PluginSpecV1_Okta
	//	*PluginSpecV1_Jamf
	//	*PluginSpecV1_PagerDuty
	//	*PluginSpecV1_Mattermost
	//	*PluginSpecV1_Jira
	//	*PluginSpecV1_Discord
	//	*PluginSpecV1_ServiceNow
	//	*PluginSpecV1_Gitlab
	//	*PluginSpecV1_EntraId
	//	*PluginSpecV1_Scim
	//	*PluginSpecV1_Datadog
	//	*PluginSpecV1_AwsIc
	//	*PluginSpecV1_Email
	//	*PluginSpecV1_Msteams
	//	*PluginSpecV1_NetIq
	//	*PluginSpecV1_Github
	Settings isPluginSpecV1_Settings `protobuf_oneof:"settings"`
	// generation contains a unique ID that should:
	// - Be created by the backend on plugin creation.
	// - Be updated by the backend if the plugin is updated in any way.
	//
	// For older plugins, it's possible for this to be empty.
	Generation           string   `protobuf:"bytes,11,opt,name=generation,proto3" json:"generation,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PluginSpecV1) Descriptor 

func (*PluginSpecV1) Descriptor() ([]byte, []int)

func (*PluginSpecV1) Equal 

func (this *PluginSpecV1) Equal(that interface{}) bool

func (*PluginSpecV1) GetAwsIc 

func (m *PluginSpecV1) GetAwsIc() *PluginAWSICSettings

func (*PluginSpecV1) GetDatadog 

func (m *PluginSpecV1) GetDatadog() *PluginDatadogAccessSettings

func (*PluginSpecV1) GetDiscord 

func (m *PluginSpecV1) GetDiscord() *PluginDiscordSettings

func (*PluginSpecV1) GetEmail 

func (m *PluginSpecV1) GetEmail() *PluginEmailSettings

func (*PluginSpecV1) GetEntraId 

func (m *PluginSpecV1) GetEntraId() *PluginEntraIDSettings

func (*PluginSpecV1) GetGithub 

func (m *PluginSpecV1) GetGithub() *PluginGithubSettings

func (*PluginSpecV1) GetGitlab 

func (m *PluginSpecV1) GetGitlab() *PluginGitlabSettings

func (*PluginSpecV1) GetJamf 

func (m *PluginSpecV1) GetJamf() *PluginJamfSettings

func (*PluginSpecV1) GetJira 

func (m *PluginSpecV1) GetJira() *PluginJiraSettings

func (*PluginSpecV1) GetMattermost 

func (m *PluginSpecV1) GetMattermost() *PluginMattermostSettings

func (*PluginSpecV1) GetMsteams 

func (m *PluginSpecV1) GetMsteams() *PluginMSTeamsSettings

func (*PluginSpecV1) GetNetIq 

func (m *PluginSpecV1) GetNetIq() *PluginNetIQSettings

func (*PluginSpecV1) GetOkta 

func (m *PluginSpecV1) GetOkta() *PluginOktaSettings

func (*PluginSpecV1) GetOpenai 

func (m *PluginSpecV1) GetOpenai() *PluginOpenAISettings

func (*PluginSpecV1) GetOpsgenie 

func (m *PluginSpecV1) GetOpsgenie() *PluginOpsgenieAccessSettings

func (*PluginSpecV1) GetPagerDuty 

func (m *PluginSpecV1) GetPagerDuty() *PluginPagerDutySettings

func (*PluginSpecV1) GetScim 

func (m *PluginSpecV1) GetScim() *PluginSCIMSettings

func (*PluginSpecV1) GetServiceNow 

func (m *PluginSpecV1) GetServiceNow() *PluginServiceNowSettings

func (*PluginSpecV1) GetSettings 

func (m *PluginSpecV1) GetSettings() isPluginSpecV1_Settings

func (*PluginSpecV1) GetSlackAccessPlugin 

func (m *PluginSpecV1) GetSlackAccessPlugin() *PluginSlackAccessSettings

func (*PluginSpecV1) Marshal 

func (m *PluginSpecV1) Marshal() (dAtA []byte, err error)

func (*PluginSpecV1) MarshalTo 

func (m *PluginSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1) MarshalToSizedBuffer 

func (m *PluginSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1) ProtoMessage 

func (*PluginSpecV1) ProtoMessage()

func (*PluginSpecV1) Reset 

func (m *PluginSpecV1) Reset()

func (*PluginSpecV1) Size 

func (m *PluginSpecV1) Size() (n int)

func (*PluginSpecV1) String 

func (m *PluginSpecV1) String() string

func (*PluginSpecV1) Unmarshal 

func (m *PluginSpecV1) Unmarshal(dAtA []byte) error

func (*PluginSpecV1) XXX_DiscardUnknown 

func (m *PluginSpecV1) XXX_DiscardUnknown()

func (*PluginSpecV1) XXX_Marshal 

func (m *PluginSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginSpecV1) XXX_Merge 

func (m *PluginSpecV1) XXX_Merge(src proto.Message)

func (*PluginSpecV1) XXX_OneofWrappers 

func (*PluginSpecV1) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*PluginSpecV1) XXX_Size 

func (m *PluginSpecV1) XXX_Size() int

func (*PluginSpecV1) XXX_Unmarshal 

func (m *PluginSpecV1) XXX_Unmarshal(b []byte) error

type PluginSpecV1_AwsIc 

type PluginSpecV1_AwsIc struct {
	AwsIc *PluginAWSICSettings `protobuf:"bytes,16,opt,name=aws_ic,json=awsIc,proto3,oneof" json:"aws_ic,omitempty"`
}

func (*PluginSpecV1_AwsIc) Equal 

func (this *PluginSpecV1_AwsIc) Equal(that interface{}) bool

func (*PluginSpecV1_AwsIc) MarshalTo 

func (m *PluginSpecV1_AwsIc) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_AwsIc) MarshalToSizedBuffer 

func (m *PluginSpecV1_AwsIc) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_AwsIc) Size 

func (m *PluginSpecV1_AwsIc) Size() (n int)

type PluginSpecV1_Datadog 

type PluginSpecV1_Datadog struct {
	Datadog *PluginDatadogAccessSettings `protobuf:"bytes,15,opt,name=datadog,proto3,oneof" json:"datadog,omitempty"`
}

func (*PluginSpecV1_Datadog) Equal 

func (this *PluginSpecV1_Datadog) Equal(that interface{}) bool

func (*PluginSpecV1_Datadog) MarshalTo 

func (m *PluginSpecV1_Datadog) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Datadog) MarshalToSizedBuffer 

func (m *PluginSpecV1_Datadog) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Datadog) Size 

func (m *PluginSpecV1_Datadog) Size() (n int)

type PluginSpecV1_Discord 

type PluginSpecV1_Discord struct {
	Discord *PluginDiscordSettings `protobuf:"bytes,9,opt,name=discord,proto3,oneof" json:"discord,omitempty"`
}

func (*PluginSpecV1_Discord) Equal 

func (this *PluginSpecV1_Discord) Equal(that interface{}) bool

func (*PluginSpecV1_Discord) MarshalTo 

func (m *PluginSpecV1_Discord) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Discord) MarshalToSizedBuffer 

func (m *PluginSpecV1_Discord) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Discord) Size 

func (m *PluginSpecV1_Discord) Size() (n int)

type PluginSpecV1_Email 

type PluginSpecV1_Email struct {
	Email *PluginEmailSettings `protobuf:"bytes,17,opt,name=email,proto3,oneof" json:"email,omitempty"`
}

func (*PluginSpecV1_Email) Equal 

func (this *PluginSpecV1_Email) Equal(that interface{}) bool

func (*PluginSpecV1_Email) MarshalTo 

func (m *PluginSpecV1_Email) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Email) MarshalToSizedBuffer 

func (m *PluginSpecV1_Email) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Email) Size 

func (m *PluginSpecV1_Email) Size() (n int)

type PluginSpecV1_EntraId 

type PluginSpecV1_EntraId struct {
	EntraId *PluginEntraIDSettings `protobuf:"bytes,13,opt,name=entra_id,json=entraId,proto3,oneof" json:"entra_id,omitempty"`
}

func (*PluginSpecV1_EntraId) Equal 

func (this *PluginSpecV1_EntraId) Equal(that interface{}) bool

func (*PluginSpecV1_EntraId) MarshalTo 

func (m *PluginSpecV1_EntraId) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_EntraId) MarshalToSizedBuffer 

func (m *PluginSpecV1_EntraId) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_EntraId) Size 

func (m *PluginSpecV1_EntraId) Size() (n int)

type PluginSpecV1_Github 

type PluginSpecV1_Github struct {
	Github *PluginGithubSettings `protobuf:"bytes,20,opt,name=github,proto3,oneof" json:"github,omitempty"`
}

func (*PluginSpecV1_Github) Equal 

func (this *PluginSpecV1_Github) Equal(that interface{}) bool

func (*PluginSpecV1_Github) MarshalTo 

func (m *PluginSpecV1_Github) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Github) MarshalToSizedBuffer 

func (m *PluginSpecV1_Github) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Github) Size 

func (m *PluginSpecV1_Github) Size() (n int)

type PluginSpecV1_Gitlab 

type PluginSpecV1_Gitlab struct {
	Gitlab *PluginGitlabSettings `protobuf:"bytes,12,opt,name=gitlab,proto3,oneof" json:"gitlab,omitempty"`
}

func (*PluginSpecV1_Gitlab) Equal 

func (this *PluginSpecV1_Gitlab) Equal(that interface{}) bool

func (*PluginSpecV1_Gitlab) MarshalTo 

func (m *PluginSpecV1_Gitlab) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Gitlab) MarshalToSizedBuffer 

func (m *PluginSpecV1_Gitlab) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Gitlab) Size 

func (m *PluginSpecV1_Gitlab) Size() (n int)

type PluginSpecV1_Jamf 

type PluginSpecV1_Jamf struct {
	Jamf *PluginJamfSettings `protobuf:"bytes,5,opt,name=jamf,proto3,oneof" json:"jamf,omitempty"`
}

func (*PluginSpecV1_Jamf) Equal 

func (this *PluginSpecV1_Jamf) Equal(that interface{}) bool

func (*PluginSpecV1_Jamf) MarshalTo 

func (m *PluginSpecV1_Jamf) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Jamf) MarshalToSizedBuffer 

func (m *PluginSpecV1_Jamf) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Jamf) Size 

func (m *PluginSpecV1_Jamf) Size() (n int)

type PluginSpecV1_Jira 

type PluginSpecV1_Jira struct {
	Jira *PluginJiraSettings `protobuf:"bytes,8,opt,name=jira,proto3,oneof" json:"jira,omitempty"`
}

func (*PluginSpecV1_Jira) Equal 

func (this *PluginSpecV1_Jira) Equal(that interface{}) bool

func (*PluginSpecV1_Jira) MarshalTo 

func (m *PluginSpecV1_Jira) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Jira) MarshalToSizedBuffer 

func (m *PluginSpecV1_Jira) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Jira) Size 

func (m *PluginSpecV1_Jira) Size() (n int)

type PluginSpecV1_Mattermost 

type PluginSpecV1_Mattermost struct {
	Mattermost *PluginMattermostSettings `protobuf:"bytes,7,opt,name=mattermost,proto3,oneof" json:"mattermost,omitempty"`
}

func (*PluginSpecV1_Mattermost) Equal 

func (this *PluginSpecV1_Mattermost) Equal(that interface{}) bool

func (*PluginSpecV1_Mattermost) MarshalTo 

func (m *PluginSpecV1_Mattermost) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Mattermost) MarshalToSizedBuffer 

func (m *PluginSpecV1_Mattermost) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Mattermost) Size 

func (m *PluginSpecV1_Mattermost) Size() (n int)

type PluginSpecV1_Msteams 

type PluginSpecV1_Msteams struct {
	Msteams *PluginMSTeamsSettings `protobuf:"bytes,18,opt,name=msteams,proto3,oneof" json:"msteams,omitempty"`
}

func (*PluginSpecV1_Msteams) Equal 

func (this *PluginSpecV1_Msteams) Equal(that interface{}) bool

func (*PluginSpecV1_Msteams) MarshalTo 

func (m *PluginSpecV1_Msteams) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Msteams) MarshalToSizedBuffer 

func (m *PluginSpecV1_Msteams) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Msteams) Size 

func (m *PluginSpecV1_Msteams) Size() (n int)

type PluginSpecV1_NetIq 

type PluginSpecV1_NetIq struct {
	NetIq *PluginNetIQSettings `protobuf:"bytes,19,opt,name=net_iq,json=netIq,proto3,oneof" json:"net_iq,omitempty"`
}

func (*PluginSpecV1_NetIq) Equal 

func (this *PluginSpecV1_NetIq) Equal(that interface{}) bool

func (*PluginSpecV1_NetIq) MarshalTo 

func (m *PluginSpecV1_NetIq) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_NetIq) MarshalToSizedBuffer 

func (m *PluginSpecV1_NetIq) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_NetIq) Size 

func (m *PluginSpecV1_NetIq) Size() (n int)

type PluginSpecV1_Okta 

type PluginSpecV1_Okta struct {
	Okta *PluginOktaSettings `protobuf:"bytes,4,opt,name=okta,proto3,oneof" json:"okta,omitempty"`
}

func (*PluginSpecV1_Okta) Equal 

func (this *PluginSpecV1_Okta) Equal(that interface{}) bool

func (*PluginSpecV1_Okta) MarshalTo 

func (m *PluginSpecV1_Okta) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Okta) MarshalToSizedBuffer 

func (m *PluginSpecV1_Okta) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Okta) Size 

func (m *PluginSpecV1_Okta) Size() (n int)

type PluginSpecV1_Openai 

type PluginSpecV1_Openai struct {
	Openai *PluginOpenAISettings `protobuf:"bytes,3,opt,name=openai,proto3,oneof" json:"openai,omitempty"`
}

func (*PluginSpecV1_Openai) Equal 

func (this *PluginSpecV1_Openai) Equal(that interface{}) bool

func (*PluginSpecV1_Openai) MarshalTo 

func (m *PluginSpecV1_Openai) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Openai) MarshalToSizedBuffer 

func (m *PluginSpecV1_Openai) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Openai) Size 

func (m *PluginSpecV1_Openai) Size() (n int)

type PluginSpecV1_Opsgenie 

type PluginSpecV1_Opsgenie struct {
	Opsgenie *PluginOpsgenieAccessSettings `protobuf:"bytes,2,opt,name=opsgenie,proto3,oneof" json:"opsgenie,omitempty"`
}

func (*PluginSpecV1_Opsgenie) Equal 

func (this *PluginSpecV1_Opsgenie) Equal(that interface{}) bool

func (*PluginSpecV1_Opsgenie) MarshalTo 

func (m *PluginSpecV1_Opsgenie) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Opsgenie) MarshalToSizedBuffer 

func (m *PluginSpecV1_Opsgenie) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Opsgenie) Size 

func (m *PluginSpecV1_Opsgenie) Size() (n int)

type PluginSpecV1_PagerDuty 

type PluginSpecV1_PagerDuty struct {
	PagerDuty *PluginPagerDutySettings `protobuf:"bytes,6,opt,name=pager_duty,json=pagerDuty,proto3,oneof" json:"pager_duty,omitempty"`
}

func (*PluginSpecV1_PagerDuty) Equal 

func (this *PluginSpecV1_PagerDuty) Equal(that interface{}) bool

func (*PluginSpecV1_PagerDuty) MarshalTo 

func (m *PluginSpecV1_PagerDuty) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_PagerDuty) MarshalToSizedBuffer 

func (m *PluginSpecV1_PagerDuty) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_PagerDuty) Size 

func (m *PluginSpecV1_PagerDuty) Size() (n int)

type PluginSpecV1_Scim 

type PluginSpecV1_Scim struct {
	Scim *PluginSCIMSettings `protobuf:"bytes,14,opt,name=scim,proto3,oneof" json:"scim,omitempty"`
}

func (*PluginSpecV1_Scim) Equal 

func (this *PluginSpecV1_Scim) Equal(that interface{}) bool

func (*PluginSpecV1_Scim) MarshalTo 

func (m *PluginSpecV1_Scim) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_Scim) MarshalToSizedBuffer 

func (m *PluginSpecV1_Scim) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_Scim) Size 

func (m *PluginSpecV1_Scim) Size() (n int)

type PluginSpecV1_ServiceNow 

type PluginSpecV1_ServiceNow struct {
	ServiceNow *PluginServiceNowSettings `protobuf:"bytes,10,opt,name=serviceNow,proto3,oneof" json:"serviceNow,omitempty"`
}

func (*PluginSpecV1_ServiceNow) Equal 

func (this *PluginSpecV1_ServiceNow) Equal(that interface{}) bool

func (*PluginSpecV1_ServiceNow) MarshalTo 

func (m *PluginSpecV1_ServiceNow) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_ServiceNow) MarshalToSizedBuffer 

func (m *PluginSpecV1_ServiceNow) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_ServiceNow) Size 

func (m *PluginSpecV1_ServiceNow) Size() (n int)

type PluginSpecV1_SlackAccessPlugin 

type PluginSpecV1_SlackAccessPlugin struct {
	SlackAccessPlugin *PluginSlackAccessSettings `protobuf:"bytes,1,opt,name=slack_access_plugin,json=slackAccessPlugin,proto3,oneof" json:"slack_access_plugin,omitempty"`
}

func (*PluginSpecV1_SlackAccessPlugin) Equal 

func (this *PluginSpecV1_SlackAccessPlugin) Equal(that interface{}) bool

func (*PluginSpecV1_SlackAccessPlugin) MarshalTo 

func (m *PluginSpecV1_SlackAccessPlugin) MarshalTo(dAtA []byte) (int, error)

func (*PluginSpecV1_SlackAccessPlugin) MarshalToSizedBuffer 

func (m *PluginSpecV1_SlackAccessPlugin) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginSpecV1_SlackAccessPlugin) Size 

func (m *PluginSpecV1_SlackAccessPlugin) Size() (n int)

type PluginStaticCredentials 

type PluginStaticCredentials interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels

	// GetAPIToken will return the attached API token if possible or empty if it is not present.
	GetAPIToken() (apiToken string)

	// GetBasicAuth will return the attached username and password. If they are not present, both
	// the username and password will be mpty.
	GetBasicAuth() (username string, password string)

	// GetOAuthClientID will return the attached client ID. If it is not present, the client ID
	// will be empty.
	GetOAuthClientID() (clientID string)

	// GetOAuthClientSecret will return the attached client ID and client secret. IF they are not
	// present, the client ID and client secret will be empty.
	GetOAuthClientSecret() (clientID string, clientSecret string)

	// GetSSHCertAuthorities will return the attached SSH CA keys.
	GetSSHCertAuthorities() []*SSHKeyPair

	// GetPrivateKey will return the attached private key. If it is not present, the private key will
	// be empty.
	GetPrivateKey() []byte

	// Clone returns a copy of the credentials.
	Clone() PluginStaticCredentials
}

PluginStaticCredentials are static credentials for plugins.

func NewPluginStaticCredentials 

func NewPluginStaticCredentials(metadata Metadata, spec PluginStaticCredentialsSpecV1) (PluginStaticCredentials, error)

NewPluginStaticCredentials creates a new PluginStaticCredentialsV1 resource.

type PluginStaticCredentialsBasicAuth 

type PluginStaticCredentialsBasicAuth struct {
	// Username is the username to use for basic auth.
	Username string `protobuf:"bytes,1,opt,name=Username,proto3" json:"username"`
	// Password is the password to use for basic auth.
	Password             string   `protobuf:"bytes,2,opt,name=Password,proto3" json:"password"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginStaticCredentialsBasicAuth represents username and password credentials for a plugin.

func (*PluginStaticCredentialsBasicAuth) Descriptor 

func (*PluginStaticCredentialsBasicAuth) Descriptor() ([]byte, []int)

func (*PluginStaticCredentialsBasicAuth) Marshal 

func (m *PluginStaticCredentialsBasicAuth) Marshal() (dAtA []byte, err error)

func (*PluginStaticCredentialsBasicAuth) MarshalTo 

func (m *PluginStaticCredentialsBasicAuth) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsBasicAuth) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsBasicAuth) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsBasicAuth) ProtoMessage 

func (*PluginStaticCredentialsBasicAuth) ProtoMessage()

func (*PluginStaticCredentialsBasicAuth) Reset 

func (m *PluginStaticCredentialsBasicAuth) Reset()

func (*PluginStaticCredentialsBasicAuth) Size 

func (m *PluginStaticCredentialsBasicAuth) Size() (n int)

func (*PluginStaticCredentialsBasicAuth) String 

func (m *PluginStaticCredentialsBasicAuth) String() string

func (*PluginStaticCredentialsBasicAuth) Unmarshal 

func (m *PluginStaticCredentialsBasicAuth) Unmarshal(dAtA []byte) error

func (*PluginStaticCredentialsBasicAuth) XXX_DiscardUnknown 

func (m *PluginStaticCredentialsBasicAuth) XXX_DiscardUnknown()

func (*PluginStaticCredentialsBasicAuth) XXX_Marshal 

func (m *PluginStaticCredentialsBasicAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginStaticCredentialsBasicAuth) XXX_Merge 

func (m *PluginStaticCredentialsBasicAuth) XXX_Merge(src proto.Message)

func (*PluginStaticCredentialsBasicAuth) XXX_Size 

func (m *PluginStaticCredentialsBasicAuth) XXX_Size() int

func (*PluginStaticCredentialsBasicAuth) XXX_Unmarshal 

func (m *PluginStaticCredentialsBasicAuth) XXX_Unmarshal(b []byte) error

type PluginStaticCredentialsOAuthClientSecret 

type PluginStaticCredentialsOAuthClientSecret struct {
	// ClientId is the client ID to use for OAuth client secret.
	ClientId string `protobuf:"bytes,1,opt,name=ClientId,proto3" json:"client_id"`
	// ClientSecret is the client secret to use.
	ClientSecret         string   `protobuf:"bytes,2,opt,name=ClientSecret,proto3" json:"client_secret"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginStaticCredentialsOAuthClientSecret represents an oauth client id and secret.

func (*PluginStaticCredentialsOAuthClientSecret) Descriptor 

func (*PluginStaticCredentialsOAuthClientSecret) Descriptor() ([]byte, []int)

func (*PluginStaticCredentialsOAuthClientSecret) Marshal 

func (m *PluginStaticCredentialsOAuthClientSecret) Marshal() (dAtA []byte, err error)

func (*PluginStaticCredentialsOAuthClientSecret) MarshalTo 

func (m *PluginStaticCredentialsOAuthClientSecret) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsOAuthClientSecret) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsOAuthClientSecret) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsOAuthClientSecret) ProtoMessage 

func (*PluginStaticCredentialsOAuthClientSecret) ProtoMessage()

func (*PluginStaticCredentialsOAuthClientSecret) Reset 

func (m *PluginStaticCredentialsOAuthClientSecret) Reset()

func (*PluginStaticCredentialsOAuthClientSecret) Size 

func (m *PluginStaticCredentialsOAuthClientSecret) Size() (n int)

func (*PluginStaticCredentialsOAuthClientSecret) String 

func (m *PluginStaticCredentialsOAuthClientSecret) String() string

func (*PluginStaticCredentialsOAuthClientSecret) Unmarshal 

func (m *PluginStaticCredentialsOAuthClientSecret) Unmarshal(dAtA []byte) error

func (*PluginStaticCredentialsOAuthClientSecret) XXX_DiscardUnknown 

func (m *PluginStaticCredentialsOAuthClientSecret) XXX_DiscardUnknown()

func (*PluginStaticCredentialsOAuthClientSecret) XXX_Marshal 

func (m *PluginStaticCredentialsOAuthClientSecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginStaticCredentialsOAuthClientSecret) XXX_Merge 

func (m *PluginStaticCredentialsOAuthClientSecret) XXX_Merge(src proto.Message)

func (*PluginStaticCredentialsOAuthClientSecret) XXX_Size 

func (m *PluginStaticCredentialsOAuthClientSecret) XXX_Size() int

func (*PluginStaticCredentialsOAuthClientSecret) XXX_Unmarshal 

func (m *PluginStaticCredentialsOAuthClientSecret) XXX_Unmarshal(b []byte) error

type PluginStaticCredentialsRef 

type PluginStaticCredentialsRef struct {
	// Labels is the set of labels to use to match against a set of static credentials.
	Labels               map[string]string `` /* 153-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

PluginStaticCredentialsRef is a reference to plugin static credentials by labels.

func (*PluginStaticCredentialsRef) Descriptor 

func (*PluginStaticCredentialsRef) Descriptor() ([]byte, []int)

func (*PluginStaticCredentialsRef) Equal 

func (this *PluginStaticCredentialsRef) Equal(that interface{}) bool

func (*PluginStaticCredentialsRef) Marshal 

func (m *PluginStaticCredentialsRef) Marshal() (dAtA []byte, err error)

func (*PluginStaticCredentialsRef) MarshalTo 

func (m *PluginStaticCredentialsRef) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsRef) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsRef) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsRef) ProtoMessage 

func (*PluginStaticCredentialsRef) ProtoMessage()

func (*PluginStaticCredentialsRef) Reset 

func (m *PluginStaticCredentialsRef) Reset()

func (*PluginStaticCredentialsRef) Size 

func (m *PluginStaticCredentialsRef) Size() (n int)

func (*PluginStaticCredentialsRef) String 

func (m *PluginStaticCredentialsRef) String() string

func (*PluginStaticCredentialsRef) Unmarshal 

func (m *PluginStaticCredentialsRef) Unmarshal(dAtA []byte) error

func (*PluginStaticCredentialsRef) XXX_DiscardUnknown 

func (m *PluginStaticCredentialsRef) XXX_DiscardUnknown()

func (*PluginStaticCredentialsRef) XXX_Marshal 

func (m *PluginStaticCredentialsRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginStaticCredentialsRef) XXX_Merge 

func (m *PluginStaticCredentialsRef) XXX_Merge(src proto.Message)

func (*PluginStaticCredentialsRef) XXX_Size 

func (m *PluginStaticCredentialsRef) XXX_Size() int

func (*PluginStaticCredentialsRef) XXX_Unmarshal 

func (m *PluginStaticCredentialsRef) XXX_Unmarshal(b []byte) error

type PluginStaticCredentialsSSHCertAuthorities 

type PluginStaticCredentialsSSHCertAuthorities struct {
	// CertAuthorities contains the active SSH CAs used for the integration or
	// plugin.
	CertAuthorities      []*SSHKeyPair `protobuf:"bytes,1,rep,name=cert_authorities,json=certAuthorities,proto3" json:"cert_authorities,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

PluginStaticCredentialsSSHCertAuthorities contains the active SSH CAs used for the integration or plugin.

func (*PluginStaticCredentialsSSHCertAuthorities) Descriptor 

func (*PluginStaticCredentialsSSHCertAuthorities) Descriptor() ([]byte, []int)

func (*PluginStaticCredentialsSSHCertAuthorities) Marshal 

func (m *PluginStaticCredentialsSSHCertAuthorities) Marshal() (dAtA []byte, err error)

func (*PluginStaticCredentialsSSHCertAuthorities) MarshalTo 

func (m *PluginStaticCredentialsSSHCertAuthorities) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSSHCertAuthorities) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsSSHCertAuthorities) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSSHCertAuthorities) ProtoMessage 

func (*PluginStaticCredentialsSSHCertAuthorities) ProtoMessage()

func (*PluginStaticCredentialsSSHCertAuthorities) Reset 

func (m *PluginStaticCredentialsSSHCertAuthorities) Reset()

func (*PluginStaticCredentialsSSHCertAuthorities) Size 

func (m *PluginStaticCredentialsSSHCertAuthorities) Size() (n int)

func (*PluginStaticCredentialsSSHCertAuthorities) String 

func (m *PluginStaticCredentialsSSHCertAuthorities) String() string

func (*PluginStaticCredentialsSSHCertAuthorities) Unmarshal 

func (m *PluginStaticCredentialsSSHCertAuthorities) Unmarshal(dAtA []byte) error

func (*PluginStaticCredentialsSSHCertAuthorities) XXX_DiscardUnknown 

func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_DiscardUnknown()

func (*PluginStaticCredentialsSSHCertAuthorities) XXX_Marshal 

func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginStaticCredentialsSSHCertAuthorities) XXX_Merge 

func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_Merge(src proto.Message)

func (*PluginStaticCredentialsSSHCertAuthorities) XXX_Size 

func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_Size() int

func (*PluginStaticCredentialsSSHCertAuthorities) XXX_Unmarshal 

func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_Unmarshal(b []byte) error

type PluginStaticCredentialsSpecV1 

type PluginStaticCredentialsSpecV1 struct {
	// Types that are valid to be assigned to Credentials:
	//
	//	*PluginStaticCredentialsSpecV1_APIToken
	//	*PluginStaticCredentialsSpecV1_BasicAuth
	//	*PluginStaticCredentialsSpecV1_OAuthClientSecret
	//	*PluginStaticCredentialsSpecV1_SSHCertAuthorities
	//	*PluginStaticCredentialsSpecV1_PrivateKey
	Credentials          isPluginStaticCredentialsSpecV1_Credentials `protobuf_oneof:"credentials"`
	XXX_NoUnkeyedLiteral struct{}                                    `json:"-"`
	XXX_unrecognized     []byte                                      `json:"-"`
	XXX_sizecache        int32                                       `json:"-"`
}

PluginStaticCredentialsSpecV1 is the specification for the static credentials object.

func (*PluginStaticCredentialsSpecV1) Descriptor 

func (*PluginStaticCredentialsSpecV1) Descriptor() ([]byte, []int)

func (*PluginStaticCredentialsSpecV1) GetAPIToken 

func (m *PluginStaticCredentialsSpecV1) GetAPIToken() string

func (*PluginStaticCredentialsSpecV1) GetBasicAuth 

func (m *PluginStaticCredentialsSpecV1) GetBasicAuth() *PluginStaticCredentialsBasicAuth

func (*PluginStaticCredentialsSpecV1) GetCredentials 

func (m *PluginStaticCredentialsSpecV1) GetCredentials() isPluginStaticCredentialsSpecV1_Credentials

func (*PluginStaticCredentialsSpecV1) GetOAuthClientSecret 

func (m *PluginStaticCredentialsSpecV1) GetOAuthClientSecret() *PluginStaticCredentialsOAuthClientSecret

func (*PluginStaticCredentialsSpecV1) GetPrivateKey 

func (m *PluginStaticCredentialsSpecV1) GetPrivateKey() []byte

func (*PluginStaticCredentialsSpecV1) GetSSHCertAuthorities 

func (m *PluginStaticCredentialsSpecV1) GetSSHCertAuthorities() *PluginStaticCredentialsSSHCertAuthorities

func (*PluginStaticCredentialsSpecV1) Marshal 

func (m *PluginStaticCredentialsSpecV1) Marshal() (dAtA []byte, err error)

func (*PluginStaticCredentialsSpecV1) MarshalTo 

func (m *PluginStaticCredentialsSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1) ProtoMessage 

func (*PluginStaticCredentialsSpecV1) ProtoMessage()

func (*PluginStaticCredentialsSpecV1) Reset 

func (m *PluginStaticCredentialsSpecV1) Reset()

func (*PluginStaticCredentialsSpecV1) Size 

func (m *PluginStaticCredentialsSpecV1) Size() (n int)

func (*PluginStaticCredentialsSpecV1) String 

func (m *PluginStaticCredentialsSpecV1) String() string

func (*PluginStaticCredentialsSpecV1) Unmarshal 

func (m *PluginStaticCredentialsSpecV1) Unmarshal(dAtA []byte) error

func (*PluginStaticCredentialsSpecV1) XXX_DiscardUnknown 

func (m *PluginStaticCredentialsSpecV1) XXX_DiscardUnknown()

func (*PluginStaticCredentialsSpecV1) XXX_Marshal 

func (m *PluginStaticCredentialsSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginStaticCredentialsSpecV1) XXX_Merge 

func (m *PluginStaticCredentialsSpecV1) XXX_Merge(src proto.Message)

func (*PluginStaticCredentialsSpecV1) XXX_OneofWrappers 

func (*PluginStaticCredentialsSpecV1) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*PluginStaticCredentialsSpecV1) XXX_Size 

func (m *PluginStaticCredentialsSpecV1) XXX_Size() int

func (*PluginStaticCredentialsSpecV1) XXX_Unmarshal 

func (m *PluginStaticCredentialsSpecV1) XXX_Unmarshal(b []byte) error

type PluginStaticCredentialsSpecV1_APIToken 

type PluginStaticCredentialsSpecV1_APIToken struct {
	APIToken string `protobuf:"bytes,1,opt,name=APIToken,proto3,oneof" json:"APIToken,omitempty"`
}

func (*PluginStaticCredentialsSpecV1_APIToken) MarshalTo 

func (m *PluginStaticCredentialsSpecV1_APIToken) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_APIToken) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsSpecV1_APIToken) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_APIToken) Size 

func (m *PluginStaticCredentialsSpecV1_APIToken) Size() (n int)

type PluginStaticCredentialsSpecV1_BasicAuth 

type PluginStaticCredentialsSpecV1_BasicAuth struct {
	BasicAuth *PluginStaticCredentialsBasicAuth `protobuf:"bytes,2,opt,name=BasicAuth,proto3,oneof" json:"BasicAuth,omitempty"`
}

func (*PluginStaticCredentialsSpecV1_BasicAuth) MarshalTo 

func (m *PluginStaticCredentialsSpecV1_BasicAuth) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_BasicAuth) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsSpecV1_BasicAuth) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_BasicAuth) Size 

func (m *PluginStaticCredentialsSpecV1_BasicAuth) Size() (n int)

type PluginStaticCredentialsSpecV1_OAuthClientSecret 

type PluginStaticCredentialsSpecV1_OAuthClientSecret struct {
	OAuthClientSecret *PluginStaticCredentialsOAuthClientSecret `protobuf:"bytes,3,opt,name=OAuthClientSecret,proto3,oneof" json:"OAuthClientSecret,omitempty"`
}

func (*PluginStaticCredentialsSpecV1_OAuthClientSecret) MarshalTo 

func (m *PluginStaticCredentialsSpecV1_OAuthClientSecret) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_OAuthClientSecret) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsSpecV1_OAuthClientSecret) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_OAuthClientSecret) Size 

func (m *PluginStaticCredentialsSpecV1_OAuthClientSecret) Size() (n int)

type PluginStaticCredentialsSpecV1_PrivateKey 

type PluginStaticCredentialsSpecV1_PrivateKey struct {
	PrivateKey []byte `protobuf:"bytes,5,opt,name=private_key,json=privateKey,proto3,oneof" json:"private_key,omitempty"`
}

func (*PluginStaticCredentialsSpecV1_PrivateKey) MarshalTo 

func (m *PluginStaticCredentialsSpecV1_PrivateKey) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_PrivateKey) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsSpecV1_PrivateKey) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_PrivateKey) Size 

func (m *PluginStaticCredentialsSpecV1_PrivateKey) Size() (n int)

type PluginStaticCredentialsSpecV1_SSHCertAuthorities 

type PluginStaticCredentialsSpecV1_SSHCertAuthorities struct {
	SSHCertAuthorities *PluginStaticCredentialsSSHCertAuthorities `protobuf:"bytes,4,opt,name=SSHCertAuthorities,proto3,oneof" json:"SSHCertAuthorities,omitempty"`
}

func (*PluginStaticCredentialsSpecV1_SSHCertAuthorities) MarshalTo 

func (m *PluginStaticCredentialsSpecV1_SSHCertAuthorities) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_SSHCertAuthorities) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsSpecV1_SSHCertAuthorities) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsSpecV1_SSHCertAuthorities) Size 

func (m *PluginStaticCredentialsSpecV1_SSHCertAuthorities) Size() (n int)

type PluginStaticCredentialsV1 

type PluginStaticCredentialsV1 struct {
	// Header is the resource header for the plugin static credentials object.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:"Header"`
	// Spec contains the actual credentials for the object.
	Spec                 *PluginStaticCredentialsSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"Spec,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                       `json:"-"`
	XXX_unrecognized     []byte                         `json:"-"`
	XXX_sizecache        int32                          `json:"-"`
}

PluginStaticCredentialsV1 is a representation of static credentials for plugins.

func (*PluginStaticCredentialsV1) CheckAndSetDefaults 

func (p *PluginStaticCredentialsV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults.

func (*PluginStaticCredentialsV1) Clone 

func (p *PluginStaticCredentialsV1) Clone() PluginStaticCredentials

Clone returns a copy of the credentials.

func (*PluginStaticCredentialsV1) Descriptor 

func (*PluginStaticCredentialsV1) Descriptor() ([]byte, []int)

func (*PluginStaticCredentialsV1) GetAPIToken 

func (p *PluginStaticCredentialsV1) GetAPIToken() (apiToken string)

GetAPIToken will return the attached API token if possible or empty if it is not present.

func (*PluginStaticCredentialsV1) GetBasicAuth 

func (p *PluginStaticCredentialsV1) GetBasicAuth() (username string, password string)

GetBasicAuth will return the attached username and password. If they are not present, both the username and password will be mpty.

func (*PluginStaticCredentialsV1) GetOAuthClientID 

func (p *PluginStaticCredentialsV1) GetOAuthClientID() (clientID string)

GetOAuthClientID will return the attached client ID. If it is not present, the client ID will be empty.

func (*PluginStaticCredentialsV1) GetOAuthClientSecret 

func (p *PluginStaticCredentialsV1) GetOAuthClientSecret() (clientID string, clientSecret string)

GetOAuthClientSecret will return the attached client ID and client secret. IF they are not present, the client ID and client secret will be empty.

func (*PluginStaticCredentialsV1) GetPrivateKey 

func (p *PluginStaticCredentialsV1) GetPrivateKey() []byte

GetPrivateKey will return the attached private key. If it is not present, the private key will be empty.

func (*PluginStaticCredentialsV1) GetSSHCertAuthorities 

func (p *PluginStaticCredentialsV1) GetSSHCertAuthorities() []*SSHKeyPair

GetSSHCertAuthorities will return the attached SSH CA keys.

func (*PluginStaticCredentialsV1) Marshal 

func (m *PluginStaticCredentialsV1) Marshal() (dAtA []byte, err error)

func (*PluginStaticCredentialsV1) MarshalTo 

func (m *PluginStaticCredentialsV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginStaticCredentialsV1) MarshalToSizedBuffer 

func (m *PluginStaticCredentialsV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStaticCredentialsV1) MatchSearch 

func (p *PluginStaticCredentialsV1) MatchSearch(_ []string) bool

MatchSearch is a dummy value as credentials are not searchable.

func (*PluginStaticCredentialsV1) ProtoMessage 

func (*PluginStaticCredentialsV1) ProtoMessage()

func (*PluginStaticCredentialsV1) Reset 

func (m *PluginStaticCredentialsV1) Reset()

func (*PluginStaticCredentialsV1) Size 

func (m *PluginStaticCredentialsV1) Size() (n int)

func (*PluginStaticCredentialsV1) Unmarshal 

func (m *PluginStaticCredentialsV1) Unmarshal(dAtA []byte) error

func (*PluginStaticCredentialsV1) XXX_DiscardUnknown 

func (m *PluginStaticCredentialsV1) XXX_DiscardUnknown()

func (*PluginStaticCredentialsV1) XXX_Marshal 

func (m *PluginStaticCredentialsV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginStaticCredentialsV1) XXX_Merge 

func (m *PluginStaticCredentialsV1) XXX_Merge(src proto.Message)

func (*PluginStaticCredentialsV1) XXX_Size 

func (m *PluginStaticCredentialsV1) XXX_Size() int

func (*PluginStaticCredentialsV1) XXX_Unmarshal 

func (m *PluginStaticCredentialsV1) XXX_Unmarshal(b []byte) error

type PluginStatus 

type PluginStatus interface {
	GetCode() PluginStatusCode
	GetErrorMessage() string
	GetLastSyncTime() time.Time
	GetGitlab() *PluginGitlabStatusV1
	GetEntraId() *PluginEntraIDStatusV1
	GetOkta() *PluginOktaStatusV1
	GetAwsIc() *PluginAWSICStatusV1
	GetNetIq() *PluginNetIQStatusV1
	SetDetails(isPluginStatusV1_Details)
}

PluginStatus is the plugin status

type PluginStatusCode 

type PluginStatusCode int32
const (
	// UNKNOWN is the default value when the plugin has not reported its status yet.
	PluginStatusCode_UNKNOWN PluginStatusCode = 0
	// RUNNING means the plugin reports running successfully.
	PluginStatusCode_RUNNING PluginStatusCode = 1
	// OTHER_ERROR indicates that an otherwise-unspecified error has been encountered.
	PluginStatusCode_OTHER_ERROR PluginStatusCode = 2
	// UNAUTHORIZED indicates that plugin is not able to authenticate to the 3rd party API.
	// This could be a result of e.g. the user revoking the authorization on the API provider's side.
	PluginStatusCode_UNAUTHORIZED PluginStatusCode = 3
	// SLACK_NOT_IN_CHANNEL is a Slack-specific status code that indicates
	// that the bot has not been invited to a channel that it is configured to post in.
	PluginStatusCode_SLACK_NOT_IN_CHANNEL PluginStatusCode = 10
	// OKTA_CONFIG_ERROR is an Okta-specific code that indicates a configuration error with setup or
	// permissions within Okta.
	PluginStatusCode_OKTA_CONFIG_ERROR PluginStatusCode = 20
)

func (PluginStatusCode) EnumDescriptor 

func (PluginStatusCode) EnumDescriptor() ([]byte, []int)

func (PluginStatusCode) String 

func (x PluginStatusCode) String() string

type PluginStatusV1 

type PluginStatusV1 struct {
	Code PluginStatusCode `protobuf:"varint,1,opt,name=code,proto3,enum=types.PluginStatusCode" json:"code,omitempty"`
	// error_message is a human-readable error message that can be displayed to the user.
	ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
	// last_sync_time is the last time the plugin was run.
	LastSyncTime time.Time `protobuf:"bytes,3,opt,name=last_sync_time,json=lastSyncTime,proto3,stdtime" json:"last_sync_time"`
	// details contains provider-specific plugin status details.
	//
	// Types that are valid to be assigned to Details:
	//
	//	*PluginStatusV1_Gitlab
	//	*PluginStatusV1_EntraId
	//	*PluginStatusV1_Okta
	//	*PluginStatusV1_AwsIc
	//	*PluginStatusV1_NetIq
	Details isPluginStatusV1_Details `protobuf_oneof:"details"`
	// last_raw_error variable stores the most recent raw error message received from an API or service.
	// It is intended to capture the original error message without any modifications or formatting.
	// This can be useful for debugging purposes, providing detailed information about what went wrong
	// in the interaction with the external service.
	LastRawError         string   `protobuf:"bytes,6,opt,name=last_raw_error,json=lastRawError,proto3" json:"last_raw_error,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PluginStatus is the user-facing status for the plugin instance.

func (*PluginStatusV1) Descriptor 

func (*PluginStatusV1) Descriptor() ([]byte, []int)

func (*PluginStatusV1) GetAwsIc 

func (m *PluginStatusV1) GetAwsIc() *PluginAWSICStatusV1

func (PluginStatusV1) GetCode 

func (c PluginStatusV1) GetCode() PluginStatusCode

GetCode returns the status code

func (*PluginStatusV1) GetDetails 

func (m *PluginStatusV1) GetDetails() isPluginStatusV1_Details

func (*PluginStatusV1) GetEntraId 

func (m *PluginStatusV1) GetEntraId() *PluginEntraIDStatusV1

func (PluginStatusV1) GetErrorMessage 

func (c PluginStatusV1) GetErrorMessage() string

GetErrorMessage returns the error message

func (*PluginStatusV1) GetGitlab 

func (m *PluginStatusV1) GetGitlab() *PluginGitlabStatusV1

func (PluginStatusV1) GetLastSyncTime 

func (c PluginStatusV1) GetLastSyncTime() time.Time

GetLastSyncTime returns the last run of the plugin.

func (*PluginStatusV1) GetNetIq 

func (m *PluginStatusV1) GetNetIq() *PluginNetIQStatusV1

func (*PluginStatusV1) GetOkta 

func (m *PluginStatusV1) GetOkta() *PluginOktaStatusV1

func (*PluginStatusV1) Marshal 

func (m *PluginStatusV1) Marshal() (dAtA []byte, err error)

func (*PluginStatusV1) MarshalTo 

func (m *PluginStatusV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginStatusV1) MarshalToSizedBuffer 

func (m *PluginStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStatusV1) ProtoMessage 

func (*PluginStatusV1) ProtoMessage()

func (*PluginStatusV1) Reset 

func (m *PluginStatusV1) Reset()

func (*PluginStatusV1) SetDetails 

func (c *PluginStatusV1) SetDetails(settings isPluginStatusV1_Details)

func (*PluginStatusV1) Size 

func (m *PluginStatusV1) Size() (n int)

func (*PluginStatusV1) String 

func (m *PluginStatusV1) String() string

func (*PluginStatusV1) Unmarshal 

func (m *PluginStatusV1) Unmarshal(dAtA []byte) error

func (*PluginStatusV1) XXX_DiscardUnknown 

func (m *PluginStatusV1) XXX_DiscardUnknown()

func (*PluginStatusV1) XXX_Marshal 

func (m *PluginStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginStatusV1) XXX_Merge 

func (m *PluginStatusV1) XXX_Merge(src proto.Message)

func (*PluginStatusV1) XXX_OneofWrappers 

func (*PluginStatusV1) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*PluginStatusV1) XXX_Size 

func (m *PluginStatusV1) XXX_Size() int

func (*PluginStatusV1) XXX_Unmarshal 

func (m *PluginStatusV1) XXX_Unmarshal(b []byte) error

type PluginStatusV1_AwsIc 

type PluginStatusV1_AwsIc struct {
	AwsIc *PluginAWSICStatusV1 `protobuf:"bytes,8,opt,name=aws_ic,json=awsIc,proto3,oneof" json:"aws_ic,omitempty"`
}

func (*PluginStatusV1_AwsIc) MarshalTo 

func (m *PluginStatusV1_AwsIc) MarshalTo(dAtA []byte) (int, error)

func (*PluginStatusV1_AwsIc) MarshalToSizedBuffer 

func (m *PluginStatusV1_AwsIc) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStatusV1_AwsIc) Size 

func (m *PluginStatusV1_AwsIc) Size() (n int)

type PluginStatusV1_EntraId 

type PluginStatusV1_EntraId struct {
	EntraId *PluginEntraIDStatusV1 `protobuf:"bytes,5,opt,name=entra_id,json=entraId,proto3,oneof" json:"entra_id,omitempty"`
}

func (*PluginStatusV1_EntraId) MarshalTo 

func (m *PluginStatusV1_EntraId) MarshalTo(dAtA []byte) (int, error)

func (*PluginStatusV1_EntraId) MarshalToSizedBuffer 

func (m *PluginStatusV1_EntraId) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStatusV1_EntraId) Size 

func (m *PluginStatusV1_EntraId) Size() (n int)

type PluginStatusV1_Gitlab 

type PluginStatusV1_Gitlab struct {
	Gitlab *PluginGitlabStatusV1 `protobuf:"bytes,4,opt,name=gitlab,proto3,oneof" json:"gitlab,omitempty"`
}

func (*PluginStatusV1_Gitlab) MarshalTo 

func (m *PluginStatusV1_Gitlab) MarshalTo(dAtA []byte) (int, error)

func (*PluginStatusV1_Gitlab) MarshalToSizedBuffer 

func (m *PluginStatusV1_Gitlab) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStatusV1_Gitlab) Size 

func (m *PluginStatusV1_Gitlab) Size() (n int)

type PluginStatusV1_NetIq 

type PluginStatusV1_NetIq struct {
	NetIq *PluginNetIQStatusV1 `protobuf:"bytes,9,opt,name=net_iq,json=netIq,proto3,oneof" json:"net_iq,omitempty"`
}

func (*PluginStatusV1_NetIq) MarshalTo 

func (m *PluginStatusV1_NetIq) MarshalTo(dAtA []byte) (int, error)

func (*PluginStatusV1_NetIq) MarshalToSizedBuffer 

func (m *PluginStatusV1_NetIq) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStatusV1_NetIq) Size 

func (m *PluginStatusV1_NetIq) Size() (n int)

type PluginStatusV1_Okta 

type PluginStatusV1_Okta struct {
	Okta *PluginOktaStatusV1 `protobuf:"bytes,7,opt,name=okta,proto3,oneof" json:"okta,omitempty"`
}

func (*PluginStatusV1_Okta) MarshalTo 

func (m *PluginStatusV1_Okta) MarshalTo(dAtA []byte) (int, error)

func (*PluginStatusV1_Okta) MarshalToSizedBuffer 

func (m *PluginStatusV1_Okta) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginStatusV1_Okta) Size 

func (m *PluginStatusV1_Okta) Size() (n int)

type PluginSubkind 

type PluginSubkind string

PluginSubkind represents the type of the plugin, e.g., access request, MDM etc.

type PluginType 

type PluginType string

PluginType represents the type of the plugin

type PluginV1 

type PluginV1 struct {
	// kind is the plugin resource kind.
	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
	// sub_kind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=sub_kind,json=subKind,proto3" json:"sub_kind,omitempty"`
	// version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	// metadata is the resource metadata.
	Metadata Metadata       `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata"`
	Spec     PluginSpecV1   `protobuf:"bytes,5,opt,name=spec,proto3" json:"spec"`
	Status   PluginStatusV1 `protobuf:"bytes,6,opt,name=status,proto3" json:"status"`
	// credentials are "live" credentials to the 3rd party API.
	// These are considered secrets.
	Credentials          *PluginCredentialsV1 `protobuf:"bytes,7,opt,name=credentials,proto3" json:"credentials,omitempty"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

Plugin describes a single instance of a Teleport Plugin

func NewPluginV1 

func NewPluginV1(metadata Metadata, spec PluginSpecV1, creds *PluginCredentialsV1) *PluginV1

NewPluginV1 creates a new PluginV1 resource.

func (*PluginV1) CheckAndSetDefaults 

func (p *PluginV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults.

func (*PluginV1) Clone 

func (p *PluginV1) Clone() Plugin

Clone returns a copy of the Plugin instance

func (*PluginV1) Descriptor 

func (*PluginV1) Descriptor() ([]byte, []int)

func (*PluginV1) Expiry 

func (p *PluginV1) Expiry() time.Time

Expiry returns expiry time for the object

func (*PluginV1) GetCredentials 

func (p *PluginV1) GetCredentials() PluginCredentials

GetCredentials implements Plugin

func (*PluginV1) GetGeneration 

func (p *PluginV1) GetGeneration() string

GetGeneration returns the plugin generation.

func (*PluginV1) GetKind 

func (p *PluginV1) GetKind() string

GetKind returns resource kind

func (*PluginV1) GetMetadata 

func (p *PluginV1) GetMetadata() Metadata

GetMetadata returns object metadata

func (*PluginV1) GetName 

func (p *PluginV1) GetName() string

GetName returns the name of the User

func (*PluginV1) GetRevision 

func (p *PluginV1) GetRevision() string

GetRevision returns the revision

func (*PluginV1) GetStatus 

func (p *PluginV1) GetStatus() PluginStatus

GetStatus implements Plugin

func (*PluginV1) GetSubKind 

func (p *PluginV1) GetSubKind() string

GetSubKind returns resource sub kind

func (*PluginV1) GetType 

func (p *PluginV1) GetType() PluginType

GetType implements Plugin

func (*PluginV1) GetVersion 

func (p *PluginV1) GetVersion() string

GetVersion returns resource version

func (*PluginV1) Marshal 

func (m *PluginV1) Marshal() (dAtA []byte, err error)

func (*PluginV1) MarshalTo 

func (m *PluginV1) MarshalTo(dAtA []byte) (int, error)

func (*PluginV1) MarshalToSizedBuffer 

func (m *PluginV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PluginV1) ProtoMessage 

func (*PluginV1) ProtoMessage()

func (*PluginV1) Reset 

func (m *PluginV1) Reset()

func (*PluginV1) SetCredentials 

func (p *PluginV1) SetCredentials(creds PluginCredentials) error

SetCredentials implements Plugin

func (*PluginV1) SetExpiry 

func (p *PluginV1) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*PluginV1) SetMetadata 

func (p *PluginV1) SetMetadata(meta Metadata)

SetMetadata sets object metadata

func (*PluginV1) SetName 

func (p *PluginV1) SetName(e string)

SetName sets the name of the User

func (*PluginV1) SetRevision 

func (p *PluginV1) SetRevision(rev string)

SetRevision sets the revision

func (*PluginV1) SetStatus 

func (p *PluginV1) SetStatus(status PluginStatus) error

SetStatus implements Plugin

func (*PluginV1) SetSubKind 

func (p *PluginV1) SetSubKind(s string)

SetSubKind sets resource subkind

func (*PluginV1) Size 

func (m *PluginV1) Size() (n int)

func (*PluginV1) String 

func (m *PluginV1) String() string

func (*PluginV1) Unmarshal 

func (m *PluginV1) Unmarshal(dAtA []byte) error

func (*PluginV1) WithoutSecrets 

func (p *PluginV1) WithoutSecrets() Resource

WithoutSecrets returns an instance of resource without secrets.

func (*PluginV1) XXX_DiscardUnknown 

func (m *PluginV1) XXX_DiscardUnknown()

func (*PluginV1) XXX_Marshal 

func (m *PluginV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginV1) XXX_Merge 

func (m *PluginV1) XXX_Merge(src proto.Message)

func (*PluginV1) XXX_Size 

func (m *PluginV1) XXX_Size() int

func (*PluginV1) XXX_Unmarshal 

func (m *PluginV1) XXX_Unmarshal(b []byte) error

type PortRange 

type PortRange struct {
	// Port describes the start of the range. It must be between 1 and 65535.
	Port uint32 `protobuf:"varint,1,opt,name=Port,proto3" json:"port"`
	// EndPort describes the end of the range, inclusive. If set, it must be between 2 and 65535 and
	// be greater than Port when describing a port range. When omitted or set to zero, it signifies
	// that the port range defines a single port.
	EndPort              uint32   `protobuf:"varint,2,opt,name=EndPort,proto3" json:"end_port,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PortRange describes a port range for TCP apps. The range starts with Port and ends with EndPort. PortRange can be used to describe a single port in which case the Port field is the port and the EndPort field is 0.

func (*PortRange) Descriptor 

func (*PortRange) Descriptor() ([]byte, []int)

func (*PortRange) Marshal 

func (m *PortRange) Marshal() (dAtA []byte, err error)

func (*PortRange) MarshalTo 

func (m *PortRange) MarshalTo(dAtA []byte) (int, error)

func (*PortRange) MarshalToSizedBuffer 

func (m *PortRange) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PortRange) ProtoMessage 

func (*PortRange) ProtoMessage()

func (*PortRange) Reset 

func (m *PortRange) Reset()

func (*PortRange) Size 

func (m *PortRange) Size() (n int)

func (*PortRange) String 

func (p *PortRange) String() string

String returns a string representation of a port range.

func (*PortRange) Unmarshal 

func (m *PortRange) Unmarshal(dAtA []byte) error

func (*PortRange) XXX_DiscardUnknown 

func (m *PortRange) XXX_DiscardUnknown()

func (*PortRange) XXX_Marshal 

func (m *PortRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PortRange) XXX_Merge 

func (m *PortRange) XXX_Merge(src proto.Message)

func (*PortRange) XXX_Size 

func (m *PortRange) XXX_Size() int

func (*PortRange) XXX_Unmarshal 

func (m *PortRange) XXX_Unmarshal(b []byte) error

type PortRanges 

type PortRanges []*PortRange

PortRanges is a list of port ranges.

func (PortRanges) Contains 

func (p PortRanges) Contains(targetPort int) bool

Contains checks if targetPort is within any of the port ranges.

func (PortRanges) String 

func (p PortRanges) String() string

String returns a string representation of port ranges.

type PrivateKeyType 

type PrivateKeyType int32

PrivateKeyType is the storage type of a private key. 

const (
	// RAW is a plaintext private key.
	PrivateKeyType_RAW PrivateKeyType = 0
	// PKCS11 is a private key backed by a PKCS11 device such as HSM.
	PrivateKeyType_PKCS11 PrivateKeyType = 1
	// GCP_KMS is a private key backed by GCP KMS.
	PrivateKeyType_GCP_KMS PrivateKeyType = 2
	// AWS_KMS is a private key backed by AWS KMS.
	PrivateKeyType_AWS_KMS PrivateKeyType = 3
)

func (PrivateKeyType) EnumDescriptor 

func (PrivateKeyType) EnumDescriptor() ([]byte, []int)

func (PrivateKeyType) String 

func (x PrivateKeyType) String() string

type PromotedAccessList 

type PromotedAccessList struct {
	// Name is the name of the access list.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// Title is the title of the access list.
	Title                string   `protobuf:"bytes,2,opt,name=Title,proto3" json:"title"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

PromotedAccessList is a minimal access list representation used for promoting Access Requests to access lists.

func (*PromotedAccessList) Descriptor 

func (*PromotedAccessList) Descriptor() ([]byte, []int)

func (*PromotedAccessList) Marshal 

func (m *PromotedAccessList) Marshal() (dAtA []byte, err error)

func (*PromotedAccessList) MarshalTo 

func (m *PromotedAccessList) MarshalTo(dAtA []byte) (int, error)

func (*PromotedAccessList) MarshalToSizedBuffer 

func (m *PromotedAccessList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PromotedAccessList) ProtoMessage 

func (*PromotedAccessList) ProtoMessage()

func (*PromotedAccessList) Reset 

func (m *PromotedAccessList) Reset()

func (*PromotedAccessList) Size 

func (m *PromotedAccessList) Size() (n int)

func (*PromotedAccessList) String 

func (m *PromotedAccessList) String() string

func (*PromotedAccessList) Unmarshal 

func (m *PromotedAccessList) Unmarshal(dAtA []byte) error

func (*PromotedAccessList) XXX_DiscardUnknown 

func (m *PromotedAccessList) XXX_DiscardUnknown()

func (*PromotedAccessList) XXX_Marshal 

func (m *PromotedAccessList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PromotedAccessList) XXX_Merge 

func (m *PromotedAccessList) XXX_Merge(src proto.Message)

func (*PromotedAccessList) XXX_Size 

func (m *PromotedAccessList) XXX_Size() int

func (*PromotedAccessList) XXX_Unmarshal 

func (m *PromotedAccessList) XXX_Unmarshal(b []byte) error

type ProtoResource153 

type ProtoResource153 interface {
	Resource153
	proto.Message
}

ProtoResource153 is a Resource153 implemented by a protobuf-generated struct.

type ProvisionToken 

type ProvisionToken interface {
	ResourceWithOrigin
	// SetMetadata sets resource metatada
	SetMetadata(meta Metadata)
	// GetRoles returns a list of teleport roles
	// that will be granted to the user of the token
	// in the crendentials
	GetRoles() SystemRoles
	// SetRoles sets teleport roles
	SetRoles(SystemRoles)
	// SetLabels sets the tokens labels
	SetLabels(map[string]string)
	// GetAllowRules returns the list of allow rules
	GetAllowRules() []*TokenRule
	// SetAllowRules sets the allow rules
	SetAllowRules([]*TokenRule)
	// GetGCPRules will return the GCP rules within this token.
	GetGCPRules() *ProvisionTokenSpecV2GCP
	// GetGithubRules will return the GitHub rules within this token.
	GetGithubRules() *ProvisionTokenSpecV2GitHub
	// GetAWSIIDTTL returns the TTL of EC2 IIDs
	GetAWSIIDTTL() Duration
	// GetJoinMethod returns joining method that must be used with this token.
	GetJoinMethod() JoinMethod
	// GetBotName returns the BotName field which must be set for joining bots.
	GetBotName() string
	// IsStatic returns true if the token is statically configured
	IsStatic() bool
	// GetSuggestedLabels returns the set of labels that the resource should add when adding itself to the cluster
	GetSuggestedLabels() Labels

	// GetSuggestedAgentMatcherLabels returns the set of labels that should be watched when an agent/service uses this token.
	// An example of this is the Database Agent.
	// When using the install-database.sh script, the script will add those labels as part of the `teleport.yaml` configuration.
	// They are added to `db_service.resources.0.labels`.
	GetSuggestedAgentMatcherLabels() Labels

	// V1 returns V1 version of the resource
	V1() *ProvisionTokenV1
	// String returns user friendly representation of the resource
	String() string

	// GetSafeName returns the name of the token, sanitized appropriately for
	// join methods where the name is secret. This should be used when logging
	// the token name.
	GetSafeName() string
	// Clone creates a copy of the token.
	Clone() ProvisionToken
}

ProvisionToken is a provisioning token

func MustCreateProvisionToken 

func MustCreateProvisionToken(token string, roles SystemRoles, expires time.Time) ProvisionToken

MustCreateProvisionToken returns a new valid provision token or panics, used in tests

func NewProvisionToken 

func NewProvisionToken(token string, roles SystemRoles, expires time.Time) (ProvisionToken, error)

NewProvisionToken returns a new provision token with the given roles.

func NewProvisionTokenFromSpec 

func NewProvisionTokenFromSpec(token string, expires time.Time, spec ProvisionTokenSpecV2) (ProvisionToken, error)

NewProvisionTokenFromSpec returns a new provision token with the given spec.

func NewProvisionTokenFromSpecAndStatus 

func NewProvisionTokenFromSpecAndStatus(
	token string, expires time.Time,
	spec ProvisionTokenSpecV2,
	status *ProvisionTokenStatusV2,
) (ProvisionToken, error)

NewProvisionTokenFromSpecAndStatus returns a new provision token with the given spec.

func ProvisionTokensFromStatic 

func ProvisionTokensFromStatic(in []ProvisionTokenV1) []ProvisionToken

ProvisionTokensFromStatic converts static tokens to resource list

type ProvisionTokenSpecV2 

type ProvisionTokenSpecV2 struct {
	// Roles is a list of roles associated with the token,
	// that will be converted to metadata in the SSH and X509
	// certificates issued to the user of the token
	Roles []SystemRole `protobuf:"bytes,1,rep,name=Roles,proto3,casttype=SystemRole" json:"roles"`
	// Allow is a list of TokenRules, nodes using this token must match one
	// allow rule to use this token.
	Allow []*TokenRule `protobuf:"bytes,2,rep,name=Allow,proto3" json:"allow,omitempty"`
	// AWSIIDTTL is the TTL to use for AWS EC2 Instance Identity Documents used
	// to join the cluster with this token.
	AWSIIDTTL Duration `protobuf:"varint,3,opt,name=AWSIIDTTL,proto3,casttype=Duration" json:"aws_iid_ttl,omitempty"`
	// JoinMethod is the joining method required in order to use this token.
	// Supported joining methods include: azure, circleci, ec2, gcp, github, gitlab, iam, kubernetes, spacelift, token, tpm
	JoinMethod JoinMethod `protobuf:"bytes,4,opt,name=JoinMethod,proto3,casttype=JoinMethod" json:"join_method"`
	// BotName is the name of the bot this token grants access to, if any
	BotName string `protobuf:"bytes,5,opt,name=BotName,proto3" json:"bot_name,omitempty"`
	// SuggestedLabels is a set of labels that resources should set when using this token to enroll
	// themselves in the cluster.
	// Currently, only node-join scripts create a configuration according to the suggestion.
	SuggestedLabels Labels `protobuf:"bytes,6,opt,name=SuggestedLabels,proto3,customtype=Labels" json:"suggested_labels,omitempty"`
	// GitHub allows the configuration of options specific to the "github" join method.
	GitHub *ProvisionTokenSpecV2GitHub `protobuf:"bytes,7,opt,name=GitHub,proto3" json:"github,omitempty"`
	// CircleCI allows the configuration of options specific to the "circleci" join method.
	CircleCI *ProvisionTokenSpecV2CircleCI `protobuf:"bytes,8,opt,name=CircleCI,proto3" json:"circleci,omitempty"`
	// SuggestedAgentMatcherLabels is a set of labels to be used by agents to match on resources.
	// When an agent uses this token, the agent should monitor resources that match those labels.
	// For databases, this means adding the labels to `db_service.resources.labels`.
	// Currently, only node-join scripts create a configuration according to the suggestion.
	SuggestedAgentMatcherLabels Labels `` /* 128-byte string literal not displayed */
	// Kubernetes allows the configuration of options specific to the "kubernetes" join method.
	Kubernetes *ProvisionTokenSpecV2Kubernetes `protobuf:"bytes,10,opt,name=Kubernetes,proto3" json:"kubernetes,omitempty"`
	// Azure allows the configuration of options specific to the "azure" join method.
	Azure *ProvisionTokenSpecV2Azure `protobuf:"bytes,11,opt,name=Azure,proto3" json:"azure,omitempty"`
	// GitLab allows the configuration of options specific to the "gitlab" join method.
	GitLab *ProvisionTokenSpecV2GitLab `protobuf:"bytes,12,opt,name=GitLab,proto3" json:"gitlab,omitempty"`
	// GCP allows the configuration of options specific to the "gcp" join method.
	GCP *ProvisionTokenSpecV2GCP `protobuf:"bytes,13,opt,name=GCP,proto3" json:"gcp,omitempty"`
	// Spacelift allows the configuration of options specific to the "spacelift" join method.
	Spacelift *ProvisionTokenSpecV2Spacelift `protobuf:"bytes,14,opt,name=Spacelift,proto3" json:"spacelift,omitempty"`
	// TPM allows the configuration of options specific to the "tpm" join method.
	TPM *ProvisionTokenSpecV2TPM `protobuf:"bytes,15,opt,name=TPM,proto3" json:"tpm,omitempty"`
	// TerraformCloud allows the configuration of options specific to the "terraform_cloud" join method.
	TerraformCloud *ProvisionTokenSpecV2TerraformCloud `protobuf:"bytes,16,opt,name=TerraformCloud,proto3" json:"terraform_cloud,omitempty"`
	// Bitbucket allows the configuration of options specific to the "bitbucket" join method.
	Bitbucket *ProvisionTokenSpecV2Bitbucket `protobuf:"bytes,17,opt,name=Bitbucket,proto3" json:"bitbucket,omitempty"`
	// Oracle allows the configuration of options specific to the "oracle" join method.
	Oracle *ProvisionTokenSpecV2Oracle `protobuf:"bytes,18,opt,name=Oracle,proto3" json:"oracle,omitempty"`
	// BoundKeypair allows the configuration of options specific to the "bound_keypair" join method.
	BoundKeypair *ProvisionTokenSpecV2BoundKeypair `protobuf:"bytes,19,opt,name=BoundKeypair,proto3" json:"bound_keypair,omitempty"`
	// AzureDevops allows the configuration of options specific to the "azure_devops" join method.
	AzureDevops          *ProvisionTokenSpecV2AzureDevops `protobuf:"bytes,20,opt,name=AzureDevops,proto3" json:"azure_devops,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                         `json:"-"`
	XXX_unrecognized     []byte                           `json:"-"`
	XXX_sizecache        int32                            `json:"-"`
}

ProvisionTokenSpecV2 is a specification for V2 token

func (*ProvisionTokenSpecV2) Descriptor 

func (*ProvisionTokenSpecV2) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2) Marshal 

func (m *ProvisionTokenSpecV2) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2) MarshalTo 

func (m *ProvisionTokenSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2) ProtoMessage 

func (*ProvisionTokenSpecV2) ProtoMessage()

func (*ProvisionTokenSpecV2) Reset 

func (m *ProvisionTokenSpecV2) Reset()

func (*ProvisionTokenSpecV2) Size 

func (m *ProvisionTokenSpecV2) Size() (n int)

func (*ProvisionTokenSpecV2) String 

func (m *ProvisionTokenSpecV2) String() string

func (*ProvisionTokenSpecV2) Unmarshal 

func (m *ProvisionTokenSpecV2) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2) XXX_Marshal 

func (m *ProvisionTokenSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2) XXX_Merge 

func (m *ProvisionTokenSpecV2) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2) XXX_Size 

func (m *ProvisionTokenSpecV2) XXX_Size() int

func (*ProvisionTokenSpecV2) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Azure 

type ProvisionTokenSpecV2Azure struct {
	// Allow is a list of Rules, nodes using this token must match one
	// allow rule to use this token.
	Allow                []*ProvisionTokenSpecV2Azure_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

ProvisionTokenSpecV2Azure contains the Azure-specific part of the ProvisionTokenSpecV2.

func (*ProvisionTokenSpecV2Azure) Descriptor 

func (*ProvisionTokenSpecV2Azure) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Azure) Marshal 

func (m *ProvisionTokenSpecV2Azure) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Azure) MarshalTo 

func (m *ProvisionTokenSpecV2Azure) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Azure) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Azure) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Azure) ProtoMessage 

func (*ProvisionTokenSpecV2Azure) ProtoMessage()

func (*ProvisionTokenSpecV2Azure) Reset 

func (m *ProvisionTokenSpecV2Azure) Reset()

func (*ProvisionTokenSpecV2Azure) Size 

func (m *ProvisionTokenSpecV2Azure) Size() (n int)

func (*ProvisionTokenSpecV2Azure) String 

func (m *ProvisionTokenSpecV2Azure) String() string

func (*ProvisionTokenSpecV2Azure) Unmarshal 

func (m *ProvisionTokenSpecV2Azure) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Azure) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Azure) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Azure) XXX_Marshal 

func (m *ProvisionTokenSpecV2Azure) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Azure) XXX_Merge 

func (m *ProvisionTokenSpecV2Azure) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Azure) XXX_Size 

func (m *ProvisionTokenSpecV2Azure) XXX_Size() int

func (*ProvisionTokenSpecV2Azure) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Azure) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2AzureDevops 

type ProvisionTokenSpecV2AzureDevops struct {
	// Allow is a list of TokenRules, nodes using this token must match one
	// allow rule to use this token. At least one allow rule must be specified.
	Allow []*ProvisionTokenSpecV2AzureDevops_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	// OrganizationID specifies the UUID of the Azure DevOps organization that
	// this join token will grant access to. This is used to identify the correct
	// issuer verification of the ID token.
	// This is a required field.
	OrganizationID       string   `protobuf:"bytes,2,opt,name=OrganizationID,proto3" json:"organization_id"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ProvisionTokenSpecV2AzureDevops contains the Azure Devops-specific configuration.

func (*ProvisionTokenSpecV2AzureDevops) Descriptor 

func (*ProvisionTokenSpecV2AzureDevops) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2AzureDevops) Marshal 

func (m *ProvisionTokenSpecV2AzureDevops) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2AzureDevops) MarshalTo 

func (m *ProvisionTokenSpecV2AzureDevops) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2AzureDevops) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2AzureDevops) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2AzureDevops) ProtoMessage 

func (*ProvisionTokenSpecV2AzureDevops) ProtoMessage()

func (*ProvisionTokenSpecV2AzureDevops) Reset 

func (m *ProvisionTokenSpecV2AzureDevops) Reset()

func (*ProvisionTokenSpecV2AzureDevops) Size 

func (m *ProvisionTokenSpecV2AzureDevops) Size() (n int)

func (*ProvisionTokenSpecV2AzureDevops) String 

func (m *ProvisionTokenSpecV2AzureDevops) String() string

func (*ProvisionTokenSpecV2AzureDevops) Unmarshal 

func (m *ProvisionTokenSpecV2AzureDevops) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2AzureDevops) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2AzureDevops) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2AzureDevops) XXX_Marshal 

func (m *ProvisionTokenSpecV2AzureDevops) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2AzureDevops) XXX_Merge 

func (m *ProvisionTokenSpecV2AzureDevops) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2AzureDevops) XXX_Size 

func (m *ProvisionTokenSpecV2AzureDevops) XXX_Size() int

func (*ProvisionTokenSpecV2AzureDevops) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2AzureDevops) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2AzureDevops_Rule 

type ProvisionTokenSpecV2AzureDevops_Rule struct {
	// Sub also known as Subject is a string that roughly uniquely identifies
	// the workload. Example:
	// `p://my-organization/my-project/my-pipeline`
	// Mapped from the `sub` claim.
	Sub string `protobuf:"bytes,1,opt,name=Sub,proto3" json:"sub,omitempty"`
	// The name of the AZDO project. Example:
	// `my-project`.
	// Mapped out of the `sub` claim.
	ProjectName string `protobuf:"bytes,2,opt,name=ProjectName,proto3" json:"project_name,omitempty"`
	// The name of the AZDO pipeline. Example:
	// `my-pipeline`.
	// Mapped out of the `sub` claim.
	PipelineName string `protobuf:"bytes,3,opt,name=PipelineName,proto3" json:"pipeline_name,omitempty"`
	// The ID of the AZDO pipeline. Example:
	// `271ef6f7-0000-0000-0000-4b54d9129990`
	// Mapped from the `prj_id` claim.
	ProjectID string `protobuf:"bytes,4,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
	// The ID of the AZDO pipeline definition. Example:
	// `1`
	// Mapped from the `def_id` claim.
	DefinitionID string `protobuf:"bytes,5,opt,name=DefinitionID,proto3" json:"definition_id,omitempty"`
	// The URI of the repository the pipeline is using. Example:
	// `https://github.com/gravitational/teleport.git`.
	// Mapped from the `rpo_uri` claim.
	RepositoryURI string `protobuf:"bytes,6,opt,name=RepositoryURI,proto3" json:"repository_uri,omitempty"`
	// The individual commit of the repository the pipeline is using. Example:
	// `e6b9eb29a288b27a3a82cc19c48b9d94b80aff36`.
	// Mapped from the `rpo_ver` claim.
	RepositoryVersion string `protobuf:"bytes,7,opt,name=RepositoryVersion,proto3" json:"repository_version,omitempty"`
	// The reference of the repository the pipeline is using. Example:
	// `refs/heads/main`.
	// Mapped from the `rpo_ref` claim.
	RepositoryRef        string   `protobuf:"bytes,8,opt,name=RepositoryRef,proto3" json:"repository_ref,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ProvisionTokenSpecV2AzureDevops_Rule) Descriptor 

func (*ProvisionTokenSpecV2AzureDevops_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2AzureDevops_Rule) Marshal 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2AzureDevops_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2AzureDevops_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2AzureDevops_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2AzureDevops_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2AzureDevops_Rule) Reset 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) Reset()

func (*ProvisionTokenSpecV2AzureDevops_Rule) Size 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) Size() (n int)

func (*ProvisionTokenSpecV2AzureDevops_Rule) String 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) String() string

func (*ProvisionTokenSpecV2AzureDevops_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2AzureDevops_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2AzureDevops_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2AzureDevops_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2AzureDevops_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2AzureDevops_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Azure_Rule 

type ProvisionTokenSpecV2Azure_Rule struct {
	// Subscription is the Azure subscription.
	Subscription string `protobuf:"bytes,1,opt,name=Subscription,proto3" json:"subscription,omitempty"`
	// ResourceGroups is a list of Azure resource groups the node is allowed
	// to join from.
	ResourceGroups       []string `protobuf:"bytes,2,rep,name=ResourceGroups,proto3" json:"resource_groups,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rule is a set of properties the Azure-issued token might have to be allowed to use this ProvisionToken.

func (*ProvisionTokenSpecV2Azure_Rule) Descriptor 

func (*ProvisionTokenSpecV2Azure_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Azure_Rule) Marshal 

func (m *ProvisionTokenSpecV2Azure_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Azure_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2Azure_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Azure_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Azure_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Azure_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2Azure_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2Azure_Rule) Reset 

func (m *ProvisionTokenSpecV2Azure_Rule) Reset()

func (*ProvisionTokenSpecV2Azure_Rule) Size 

func (m *ProvisionTokenSpecV2Azure_Rule) Size() (n int)

func (*ProvisionTokenSpecV2Azure_Rule) String 

func (m *ProvisionTokenSpecV2Azure_Rule) String() string

func (*ProvisionTokenSpecV2Azure_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2Azure_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Azure_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Azure_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Azure_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2Azure_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Azure_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2Azure_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Azure_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2Azure_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2Azure_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Azure_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Bitbucket 

type ProvisionTokenSpecV2Bitbucket struct {
	// Allow is a list of Rules, nodes using this token must match one
	// allow rule to use this token.
	Allow []*ProvisionTokenSpecV2Bitbucket_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	// Audience is a Bitbucket-specified audience value for this token. It is
	// unique to each Bitbucket repository, and must be set to the value as
	// written in the Pipelines -> OpenID Connect section of the repository
	// settings.
	Audience string `protobuf:"bytes,2,opt,name=Audience,proto3" json:"audience,omitempty"`
	// IdentityProviderURL is a Bitbucket-specified issuer URL for incoming OIDC
	// tokens. It is unique to each Bitbucket repository, and must be set to the
	// value as written in the Pipelines -> OpenID Connect section of the
	// repository settings.
	IdentityProviderURL  string   `protobuf:"bytes,3,opt,name=IdentityProviderURL,proto3" json:"identity_provider_url,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ProvisionTokenSpecV2Bitbucket) Descriptor 

func (*ProvisionTokenSpecV2Bitbucket) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Bitbucket) Marshal 

func (m *ProvisionTokenSpecV2Bitbucket) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Bitbucket) MarshalTo 

func (m *ProvisionTokenSpecV2Bitbucket) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Bitbucket) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Bitbucket) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Bitbucket) ProtoMessage 

func (*ProvisionTokenSpecV2Bitbucket) ProtoMessage()

func (*ProvisionTokenSpecV2Bitbucket) Reset 

func (m *ProvisionTokenSpecV2Bitbucket) Reset()

func (*ProvisionTokenSpecV2Bitbucket) Size 

func (m *ProvisionTokenSpecV2Bitbucket) Size() (n int)

func (*ProvisionTokenSpecV2Bitbucket) String 

func (m *ProvisionTokenSpecV2Bitbucket) String() string

func (*ProvisionTokenSpecV2Bitbucket) Unmarshal 

func (m *ProvisionTokenSpecV2Bitbucket) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Bitbucket) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Bitbucket) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Bitbucket) XXX_Marshal 

func (m *ProvisionTokenSpecV2Bitbucket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Bitbucket) XXX_Merge 

func (m *ProvisionTokenSpecV2Bitbucket) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Bitbucket) XXX_Size 

func (m *ProvisionTokenSpecV2Bitbucket) XXX_Size() int

func (*ProvisionTokenSpecV2Bitbucket) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Bitbucket) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Bitbucket_Rule 

type ProvisionTokenSpecV2Bitbucket_Rule struct {
	// WorkspaceUUID is the UUID of the workspace for which this token was
	// issued. Bitbucket UUIDs must begin and end with braces, e.g. `{...}`.
	// This value may be found in the Pipelines -> OpenID Connect section of the
	// repository settings.
	WorkspaceUUID string `protobuf:"bytes,1,opt,name=WorkspaceUUID,proto3" json:"workspace_uuid,omitempty"`
	// RepositoryUUID is the UUID of the repository for which this token was
	// issued. Bitbucket UUIDs must begin and end with braces, e.g. `{...}`.
	// This value may be found in the Pipelines -> OpenID Connect section of the
	// repository settings.
	RepositoryUUID string `protobuf:"bytes,2,opt,name=RepositoryUUID,proto3" json:"repository_uuid,omitempty"`
	// DeploymentEnvironmentUUID is the UUID of the deployment environment
	// targeted by this pipelines run, if any. These values may be found in the
	// "Pipelines -> OpenID Connect -> Deployment environments" section of the
	// repository settings.
	DeploymentEnvironmentUUID string `protobuf:"bytes,3,opt,name=DeploymentEnvironmentUUID,proto3" json:"deployment_environment_uuid,omitempty"`
	// BranchName is the name of the branch on which this pipeline executed.
	BranchName           string   `protobuf:"bytes,4,opt,name=BranchName,proto3" json:"branch_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rule is a set of properties the Bitbucket-issued token might have to be allowed to use this ProvisionToken.

func (*ProvisionTokenSpecV2Bitbucket_Rule) Descriptor 

func (*ProvisionTokenSpecV2Bitbucket_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Bitbucket_Rule) Marshal 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Bitbucket_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Bitbucket_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Bitbucket_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2Bitbucket_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2Bitbucket_Rule) Reset 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) Reset()

func (*ProvisionTokenSpecV2Bitbucket_Rule) Size 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) Size() (n int)

func (*ProvisionTokenSpecV2Bitbucket_Rule) String 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) String() string

func (*ProvisionTokenSpecV2Bitbucket_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Bitbucket_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Bitbucket_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Bitbucket_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Bitbucket_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2Bitbucket_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2BoundKeypair 

type ProvisionTokenSpecV2BoundKeypair struct {
	// Onboarding contains parameters related to initial onboarding and keypair
	// registration.
	Onboarding *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec `protobuf:"bytes,1,opt,name=Onboarding,proto3" json:"onboarding"`
	// Recovery contains parameters related to recovery after identity expiration.
	Recovery *ProvisionTokenSpecV2BoundKeypair_RecoverySpec `protobuf:"bytes,2,opt,name=Recovery,proto3" json:"recovery"`
	// RotateAfter is an optional timestamp that forces clients to perform a
	// keypair rotation on the next join or recovery attempt after the given date.
	// If `LastRotatedAt` is unset or before this timestamp, a rotation will be
	// requested. It is recommended to set this value to the current timestamp if
	// a rotation should be triggered on the next join attempt.
	RotateAfter          *time.Time `protobuf:"bytes,3,opt,name=RotateAfter,proto3,stdtime" json:"rotate_after,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

ProvisionTokenSpecV2BoundKeypair contains configuration for bound_keypair type join tokens.

func (*ProvisionTokenSpecV2BoundKeypair) Descriptor 

func (*ProvisionTokenSpecV2BoundKeypair) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2BoundKeypair) Marshal 

func (m *ProvisionTokenSpecV2BoundKeypair) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2BoundKeypair) MarshalTo 

func (m *ProvisionTokenSpecV2BoundKeypair) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2BoundKeypair) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2BoundKeypair) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2BoundKeypair) ProtoMessage 

func (*ProvisionTokenSpecV2BoundKeypair) ProtoMessage()

func (*ProvisionTokenSpecV2BoundKeypair) Reset 

func (m *ProvisionTokenSpecV2BoundKeypair) Reset()

func (*ProvisionTokenSpecV2BoundKeypair) Size 

func (m *ProvisionTokenSpecV2BoundKeypair) Size() (n int)

func (*ProvisionTokenSpecV2BoundKeypair) String 

func (m *ProvisionTokenSpecV2BoundKeypair) String() string

func (*ProvisionTokenSpecV2BoundKeypair) Unmarshal 

func (m *ProvisionTokenSpecV2BoundKeypair) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2BoundKeypair) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2BoundKeypair) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2BoundKeypair) XXX_Marshal 

func (m *ProvisionTokenSpecV2BoundKeypair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2BoundKeypair) XXX_Merge 

func (m *ProvisionTokenSpecV2BoundKeypair) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2BoundKeypair) XXX_Size 

func (m *ProvisionTokenSpecV2BoundKeypair) XXX_Size() int

func (*ProvisionTokenSpecV2BoundKeypair) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2BoundKeypair) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2BoundKeypair_OnboardingSpec 

type ProvisionTokenSpecV2BoundKeypair_OnboardingSpec struct {
	// InitialPublicKey is used to preregister a public key generated by
	// `tbot keypair create`. When set, no initial join secret is generated or
	// made available for use, and clients must have the associated private key
	// available to join. If set, `initial_join_secret` and
	// `must_register_before` are ignored. This value is written in SSH
	// authorized_keys format.
	InitialPublicKey string `protobuf:"bytes,1,opt,name=InitialPublicKey,proto3" json:"initial_public_key,omitempty"`
	// RegistrationSecret is a secret joining clients may use to register their
	// public key on first join, which may be used instead of preregistering a
	// public key with `initial_public_key`. If `initial_public_key` is set,
	// this value is ignored. Otherwise, if set, this value will be used to
	// populate `.status.bound_keypair.intitial_join_secret`. If unset and no
	// `initial_public_key` is provided, a random secure value will be generated
	// server-side to populate the status field.
	RegistrationSecret string `protobuf:"bytes,2,opt,name=RegistrationSecret,proto3" json:"registration_secret,omitempty"`
	// MustRegisterBefore is an optional time before which registeration via
	// initial join secret must be performed. Attempts to register using an
	// initial join secret after this timestamp will not be allowed. This may be
	// modified after creation if necessary to allow the initial registration to
	// take place. This value is ignored if `initial_public_key` is set.
	MustRegisterBefore   *time.Time `protobuf:"bytes,3,opt,name=MustRegisterBefore,proto3,stdtime" json:"must_register_before,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

OnboardingSpec contains parameters for initial joining and keypair registration.

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Descriptor 

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Marshal 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) MarshalTo 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) ProtoMessage 

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) ProtoMessage()

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Reset 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Reset()

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Size 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Size() (n int)

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) String 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) String() string

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Unmarshal 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Marshal 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Merge 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Size 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Size() int

func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2BoundKeypair_RecoverySpec 

type ProvisionTokenSpecV2BoundKeypair_RecoverySpec struct {
	// Limit is the maximum number of allowed recovery attempts. This value may
	// be raised or lowered after creation to allow additional recovery attempts
	// should the initial limit be exhausted. If `mode` is set to `standard`,
	// recovery attempts will only be allowed if
	// `.status.bound_keypair.recovery_count` is less than this limit. This
	// limit is not enforced if `mode` is set to `relaxed` or `insecure`. This
	// value must be at least 1 to allow for the initial join during onboarding,
	// which counts as a recovery.
	Limit uint32 `protobuf:"varint,1,opt,name=Limit,proto3" json:"limit"`
	// Mode sets the recovery rule enforcement mode. It may be one of these
	// values:
	// - standard (or unset): all configured rules enforced. The recovery limit
	//   and client join state are required and verified. This is the most
	//   secure recovery mode.
	// - relaxed: recovery limit is not enforced, but client join state is still
	//   required. This effectively allows unlimited recovery attempts, but
	//   client join state still helps mitigate stolen credentials.
	// - insecure: neither the recovery limit nor client join state are
	//   enforced. This allows any client with the private key to join freely.
	//   This is less secure, but can be useful in certain situations, like in
	//   otherwise unsupported CI/CD providers. This mode should be used with
	//   care, and RBAC rules should be configured to heavily restrict which
	//   resources this identity can access.
	Mode                 string   `protobuf:"bytes,2,opt,name=Mode,proto3" json:"mode"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RecoverySpec contains parameters for recovery after identity expiration.

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Descriptor 

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Marshal 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) MarshalTo 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) ProtoMessage 

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) ProtoMessage()

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Reset 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Reset()

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Size 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Size() (n int)

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) String 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) String() string

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Unmarshal 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Marshal 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Merge 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Size 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Size() int

func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2CircleCI 

type ProvisionTokenSpecV2CircleCI struct {
	// Allow is a list of TokenRules, nodes using this token must match one
	// allow rule to use this token.
	Allow                []*ProvisionTokenSpecV2CircleCI_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	OrganizationID       string                               `protobuf:"bytes,2,opt,name=OrganizationID,proto3" json:"organization_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                             `json:"-"`
	XXX_unrecognized     []byte                               `json:"-"`
	XXX_sizecache        int32                                `json:"-"`
}

ProvisionTokenSpecV2CircleCI contains the CircleCI-specific part of the ProvisionTokenSpecV2

func (*ProvisionTokenSpecV2CircleCI) Descriptor 

func (*ProvisionTokenSpecV2CircleCI) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2CircleCI) Marshal 

func (m *ProvisionTokenSpecV2CircleCI) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2CircleCI) MarshalTo 

func (m *ProvisionTokenSpecV2CircleCI) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2CircleCI) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2CircleCI) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2CircleCI) ProtoMessage 

func (*ProvisionTokenSpecV2CircleCI) ProtoMessage()

func (*ProvisionTokenSpecV2CircleCI) Reset 

func (m *ProvisionTokenSpecV2CircleCI) Reset()

func (*ProvisionTokenSpecV2CircleCI) Size 

func (m *ProvisionTokenSpecV2CircleCI) Size() (n int)

func (*ProvisionTokenSpecV2CircleCI) String 

func (m *ProvisionTokenSpecV2CircleCI) String() string

func (*ProvisionTokenSpecV2CircleCI) Unmarshal 

func (m *ProvisionTokenSpecV2CircleCI) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2CircleCI) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2CircleCI) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2CircleCI) XXX_Marshal 

func (m *ProvisionTokenSpecV2CircleCI) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2CircleCI) XXX_Merge 

func (m *ProvisionTokenSpecV2CircleCI) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2CircleCI) XXX_Size 

func (m *ProvisionTokenSpecV2CircleCI) XXX_Size() int

func (*ProvisionTokenSpecV2CircleCI) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2CircleCI) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2CircleCI_Rule 

type ProvisionTokenSpecV2CircleCI_Rule struct {
	ProjectID            string   `protobuf:"bytes,1,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
	ContextID            string   `protobuf:"bytes,2,opt,name=ContextID,proto3" json:"context_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ProvisionTokenSpecV2CircleCI_Rule) Descriptor 

func (*ProvisionTokenSpecV2CircleCI_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2CircleCI_Rule) Marshal 

func (m *ProvisionTokenSpecV2CircleCI_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2CircleCI_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2CircleCI_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2CircleCI_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2CircleCI_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2CircleCI_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2CircleCI_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2CircleCI_Rule) Reset 

func (m *ProvisionTokenSpecV2CircleCI_Rule) Reset()

func (*ProvisionTokenSpecV2CircleCI_Rule) Size 

func (m *ProvisionTokenSpecV2CircleCI_Rule) Size() (n int)

func (*ProvisionTokenSpecV2CircleCI_Rule) String 

func (m *ProvisionTokenSpecV2CircleCI_Rule) String() string

func (*ProvisionTokenSpecV2CircleCI_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2CircleCI_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2CircleCI_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2CircleCI_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2CircleCI_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2CircleCI_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2CircleCI_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2GCP 

type ProvisionTokenSpecV2GCP struct {
	// Allow is a list of Rules, nodes using this token must match one
	// allow rule to use this token.
	Allow                []*ProvisionTokenSpecV2GCP_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                        `json:"-"`
	XXX_unrecognized     []byte                          `json:"-"`
	XXX_sizecache        int32                           `json:"-"`
}

ProvisionTokenSpecV2GCP contains the GCP-specific part of the ProvisionTokenSpecV2.

func (*ProvisionTokenSpecV2GCP) Descriptor 

func (*ProvisionTokenSpecV2GCP) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2GCP) Marshal 

func (m *ProvisionTokenSpecV2GCP) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2GCP) MarshalTo 

func (m *ProvisionTokenSpecV2GCP) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GCP) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2GCP) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GCP) ProtoMessage 

func (*ProvisionTokenSpecV2GCP) ProtoMessage()

func (*ProvisionTokenSpecV2GCP) Reset 

func (m *ProvisionTokenSpecV2GCP) Reset()

func (*ProvisionTokenSpecV2GCP) Size 

func (m *ProvisionTokenSpecV2GCP) Size() (n int)

func (*ProvisionTokenSpecV2GCP) String 

func (m *ProvisionTokenSpecV2GCP) String() string

func (*ProvisionTokenSpecV2GCP) Unmarshal 

func (m *ProvisionTokenSpecV2GCP) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2GCP) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2GCP) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2GCP) XXX_Marshal 

func (m *ProvisionTokenSpecV2GCP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2GCP) XXX_Merge 

func (m *ProvisionTokenSpecV2GCP) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2GCP) XXX_Size 

func (m *ProvisionTokenSpecV2GCP) XXX_Size() int

func (*ProvisionTokenSpecV2GCP) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2GCP) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2GCP_Rule 

type ProvisionTokenSpecV2GCP_Rule struct {
	// ProjectIDs is a list of project IDs (e.g. `<example-id-123456>`).
	ProjectIDs []string `protobuf:"bytes,1,rep,name=ProjectIDs,proto3" json:"project_ids,omitempty"`
	// Locations is a list of regions (e.g. "us-west1") and/or zones (e.g.
	// "us-west1-b").
	Locations []string `protobuf:"bytes,2,rep,name=Locations,proto3" json:"locations,omitempty"`
	// ServiceAccounts is a list of service account emails (e.g.
	// `<project-number>-compute@developer.gserviceaccount.com`).
	ServiceAccounts      []string `protobuf:"bytes,3,rep,name=ServiceAccounts,proto3" json:"service_accounts,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rule is a set of properties the GCP-ussued token might have to be allowed to use this ProvisionToken.

func (*ProvisionTokenSpecV2GCP_Rule) Descriptor 

func (*ProvisionTokenSpecV2GCP_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2GCP_Rule) Marshal 

func (m *ProvisionTokenSpecV2GCP_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2GCP_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2GCP_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GCP_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2GCP_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GCP_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2GCP_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2GCP_Rule) Reset 

func (m *ProvisionTokenSpecV2GCP_Rule) Reset()

func (*ProvisionTokenSpecV2GCP_Rule) Size 

func (m *ProvisionTokenSpecV2GCP_Rule) Size() (n int)

func (*ProvisionTokenSpecV2GCP_Rule) String 

func (m *ProvisionTokenSpecV2GCP_Rule) String() string

func (*ProvisionTokenSpecV2GCP_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2GCP_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2GCP_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2GCP_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2GCP_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2GCP_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2GCP_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2GCP_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2GCP_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2GCP_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2GCP_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2GCP_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2GitHub 

type ProvisionTokenSpecV2GitHub struct {
	// Allow is a list of TokenRules, nodes using this token must match one
	// allow rule to use this token.
	Allow []*ProvisionTokenSpecV2GitHub_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	// EnterpriseServerHost allows joining from runners associated with a
	// GitHub Enterprise Server instance. When unconfigured, tokens will be
	// validated against github.com, but when configured to the host of a GHES
	// instance, then the tokens will be validated against host.
	//
	// This value should be the hostname of the GHES instance, and should not
	// include the scheme or a path. The instance must be accessible over HTTPS
	// at this hostname and the certificate must be trusted by the Auth Service.
	EnterpriseServerHost string `protobuf:"bytes,2,opt,name=EnterpriseServerHost,proto3" json:"enterprise_server_host,omitempty"`
	// EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be
	// included in the expected issuer of the OIDC tokens. This is for
	// compatibility with the `include_enterprise_slug` option in GHE.
	//
	// This field should be set to the slug of your enterprise if this is enabled. If
	// this is not enabled, then this field must be left empty. This field cannot
	// be specified if `enterprise_server_host` is specified.
	//
	// See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise
	// for more information about customized issuer values.
	EnterpriseSlug string `protobuf:"bytes,3,opt,name=EnterpriseSlug,proto3" json:"enterprise_slug,omitempty"`
	// StaticJWKS disables fetching of the GHES signing keys via the JWKS/OIDC
	// endpoints, and allows them to be directly specified. This allows joining
	// from GitHub Actions in GHES instances that are not reachable by the
	// Teleport Auth Service.
	StaticJWKS           string   `protobuf:"bytes,4,opt,name=StaticJWKS,proto3" json:"static_jwks,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ProvisionTokenSpecV2Github contains the GitHub-specific part of the ProvisionTokenSpecV2

func (*ProvisionTokenSpecV2GitHub) Descriptor 

func (*ProvisionTokenSpecV2GitHub) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2GitHub) Marshal 

func (m *ProvisionTokenSpecV2GitHub) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2GitHub) MarshalTo 

func (m *ProvisionTokenSpecV2GitHub) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GitHub) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2GitHub) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GitHub) ProtoMessage 

func (*ProvisionTokenSpecV2GitHub) ProtoMessage()

func (*ProvisionTokenSpecV2GitHub) Reset 

func (m *ProvisionTokenSpecV2GitHub) Reset()

func (*ProvisionTokenSpecV2GitHub) Size 

func (m *ProvisionTokenSpecV2GitHub) Size() (n int)

func (*ProvisionTokenSpecV2GitHub) String 

func (m *ProvisionTokenSpecV2GitHub) String() string

func (*ProvisionTokenSpecV2GitHub) Unmarshal 

func (m *ProvisionTokenSpecV2GitHub) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2GitHub) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2GitHub) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2GitHub) XXX_Marshal 

func (m *ProvisionTokenSpecV2GitHub) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2GitHub) XXX_Merge 

func (m *ProvisionTokenSpecV2GitHub) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2GitHub) XXX_Size 

func (m *ProvisionTokenSpecV2GitHub) XXX_Size() int

func (*ProvisionTokenSpecV2GitHub) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2GitHub) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2GitHub_Rule 

type ProvisionTokenSpecV2GitHub_Rule struct {
	// Sub also known as Subject is a string that roughly uniquely identifies
	// the workload. The format of this varies depending on the type of
	// github action run.
	Sub string `protobuf:"bytes,1,opt,name=Sub,proto3" json:"sub,omitempty"`
	// The repository from where the workflow is running.
	// This includes the name of the owner e.g `gravitational/teleport`
	Repository string `protobuf:"bytes,2,opt,name=Repository,proto3" json:"repository,omitempty"`
	// The name of the organization in which the repository is stored.
	RepositoryOwner string `protobuf:"bytes,3,opt,name=RepositoryOwner,proto3" json:"repository_owner,omitempty"`
	// The name of the workflow.
	Workflow string `protobuf:"bytes,4,opt,name=Workflow,proto3" json:"workflow,omitempty"`
	// The name of the environment used by the job.
	Environment string `protobuf:"bytes,5,opt,name=Environment,proto3" json:"environment,omitempty"`
	// The personal account that initiated the workflow run.
	Actor string `protobuf:"bytes,6,opt,name=Actor,proto3" json:"actor,omitempty"`
	// The git ref that triggered the workflow run.
	Ref string `protobuf:"bytes,7,opt,name=Ref,proto3" json:"ref,omitempty"`
	// The type of ref, for example: "branch".
	RefType              string   `protobuf:"bytes,8,opt,name=RefType,proto3" json:"ref_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rule includes fields mapped from `lib/githubactions.IDToken` Not all fields should be included, only ones that we expect to be useful when trying to create rules around which workflows should be allowed to authenticate against a cluster.

func (*ProvisionTokenSpecV2GitHub_Rule) Descriptor 

func (*ProvisionTokenSpecV2GitHub_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2GitHub_Rule) Marshal 

func (m *ProvisionTokenSpecV2GitHub_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2GitHub_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2GitHub_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GitHub_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2GitHub_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GitHub_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2GitHub_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2GitHub_Rule) Reset 

func (m *ProvisionTokenSpecV2GitHub_Rule) Reset()

func (*ProvisionTokenSpecV2GitHub_Rule) Size 

func (m *ProvisionTokenSpecV2GitHub_Rule) Size() (n int)

func (*ProvisionTokenSpecV2GitHub_Rule) String 

func (m *ProvisionTokenSpecV2GitHub_Rule) String() string

func (*ProvisionTokenSpecV2GitHub_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2GitHub_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2GitHub_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2GitHub_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2GitHub_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2GitHub_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2GitHub_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2GitLab 

type ProvisionTokenSpecV2GitLab struct {
	// Allow is a list of TokenRules, nodes using this token must match one
	// allow rule to use this token.
	Allow []*ProvisionTokenSpecV2GitLab_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	// Domain is the domain of your GitLab instance. This will default to
	// `gitlab.com` - but can be set to the domain of your self-hosted GitLab
	// e.g `gitlab.example.com`.
	Domain string `protobuf:"bytes,2,opt,name=Domain,proto3" json:"domain,omitempty"`
	// StaticJWKS disables fetching of the GitLab signing keys via the JWKS/OIDC
	// endpoints, and allows them to be directly specified. This allows joining
	// from GitLab CI instances that are not reachable by the Teleport Auth
	// Service.
	StaticJWKS           string   `protobuf:"bytes,3,opt,name=StaticJWKS,proto3" json:"static_jwks,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ProvisionTokenSpecV2GitLab contains the GitLab-specific part of the ProvisionTokenSpecV2

func (*ProvisionTokenSpecV2GitLab) Descriptor 

func (*ProvisionTokenSpecV2GitLab) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2GitLab) Marshal 

func (m *ProvisionTokenSpecV2GitLab) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2GitLab) MarshalTo 

func (m *ProvisionTokenSpecV2GitLab) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GitLab) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2GitLab) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GitLab) ProtoMessage 

func (*ProvisionTokenSpecV2GitLab) ProtoMessage()

func (*ProvisionTokenSpecV2GitLab) Reset 

func (m *ProvisionTokenSpecV2GitLab) Reset()

func (*ProvisionTokenSpecV2GitLab) Size 

func (m *ProvisionTokenSpecV2GitLab) Size() (n int)

func (*ProvisionTokenSpecV2GitLab) String 

func (m *ProvisionTokenSpecV2GitLab) String() string

func (*ProvisionTokenSpecV2GitLab) Unmarshal 

func (m *ProvisionTokenSpecV2GitLab) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2GitLab) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2GitLab) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2GitLab) XXX_Marshal 

func (m *ProvisionTokenSpecV2GitLab) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2GitLab) XXX_Merge 

func (m *ProvisionTokenSpecV2GitLab) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2GitLab) XXX_Size 

func (m *ProvisionTokenSpecV2GitLab) XXX_Size() int

func (*ProvisionTokenSpecV2GitLab) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2GitLab) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2GitLab_Rule 

type ProvisionTokenSpecV2GitLab_Rule struct {
	// Sub roughly uniquely identifies the workload. Example:
	// `project_path:mygroup/my-project:ref_type:branch:ref:main`
	// project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME
	//
	// This field supports "glob-style" matching:
	// - Use '*' to match zero or more characters.
	// - Use '?' to match any single character.
	Sub string `protobuf:"bytes,1,opt,name=Sub,proto3" json:"sub,omitempty"`
	// Ref allows access to be limited to jobs triggered by a specific git ref.
	// Ensure this is used in combination with ref_type.
	//
	// This field supports "glob-style" matching:
	// - Use '*' to match zero or more characters.
	// - Use '?' to match any single character.
	Ref string `protobuf:"bytes,2,opt,name=Ref,proto3" json:"ref,omitempty"`
	// RefType allows access to be limited to jobs triggered by a specific git
	// ref type. Example:
	// `branch` or `tag`
	RefType string `protobuf:"bytes,3,opt,name=RefType,proto3" json:"ref_type,omitempty"`
	// NamespacePath is used to limit access to jobs in a group or user's
	// projects.
	// Example:
	// `mygroup`
	//
	// This field supports "glob-style" matching:
	// - Use '*' to match zero or more characters.
	// - Use '?' to match any single character.
	NamespacePath string `protobuf:"bytes,4,opt,name=NamespacePath,proto3" json:"namespace_path,omitempty"`
	// ProjectPath is used to limit access to jobs belonging to an individual
	// project. Example:
	// `mygroup/myproject`
	//
	// This field supports "glob-style" matching:
	// - Use '*' to match zero or more characters.
	// - Use '?' to match any single character.
	ProjectPath string `protobuf:"bytes,5,opt,name=ProjectPath,proto3" json:"project_path,omitempty"`
	// PipelineSource limits access by the job pipeline source type.
	// https://docs.gitlab.com/ee/ci/jobs/job_control.html#common-if-clauses-for-rules
	// Example: `web`
	PipelineSource string `protobuf:"bytes,6,opt,name=PipelineSource,proto3" json:"pipeline_source,omitempty"`
	// Environment limits access by the environment the job deploys to
	// (if one is associated)
	Environment string `protobuf:"bytes,7,opt,name=Environment,proto3" json:"environment,omitempty"`
	// UserLogin is the username of the user executing the job
	UserLogin string `protobuf:"bytes,8,opt,name=UserLogin,proto3" json:"user_login,omitempty"`
	// UserID is the ID of the user executing the job
	UserID string `protobuf:"bytes,9,opt,name=UserID,proto3" json:"user_id,omitempty"`
	// UserEmail is the email of the user executing the job
	UserEmail string `protobuf:"bytes,10,opt,name=UserEmail,proto3" json:"user_email,omitempty"`
	// RefProtected is true if the Git ref is protected, false otherwise.
	RefProtected *BoolOption `protobuf:"bytes,11,opt,name=RefProtected,proto3,customtype=BoolOption" json:"ref_protected,omitempty"`
	// EnvironmentProtected is true if the Git ref is protected, false otherwise.
	EnvironmentProtected *BoolOption `protobuf:"bytes,12,opt,name=EnvironmentProtected,proto3,customtype=BoolOption" json:"environment_protected,omitempty"`
	// CIConfigSHA is the git commit SHA for the ci_config_ref_uri.
	CIConfigSHA string `protobuf:"bytes,13,opt,name=CIConfigSHA,proto3" json:"ci_config_sha,omitempty"`
	// CIConfigRefURI is the ref path to the top-level pipeline definition, for example,
	// gitlab.example.com/my-group/my-project//.gitlab-ci.yml@refs/heads/main.
	CIConfigRefURI string `protobuf:"bytes,14,opt,name=CIConfigRefURI,proto3" json:"ci_config_ref_uri,omitempty"`
	// DeploymentTier is the deployment tier of the environment the job specifies
	DeploymentTier string `protobuf:"bytes,15,opt,name=DeploymentTier,proto3" json:"deployment_tier,omitempty"`
	// ProjectVisibility is the visibility of the project where the pipeline is running.
	// Can be internal, private, or public.
	ProjectVisibility    string   `protobuf:"bytes,16,opt,name=ProjectVisibility,proto3" json:"project_visibility,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ProvisionTokenSpecV2GitLab_Rule) Descriptor 

func (*ProvisionTokenSpecV2GitLab_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2GitLab_Rule) Marshal 

func (m *ProvisionTokenSpecV2GitLab_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2GitLab_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2GitLab_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GitLab_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2GitLab_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2GitLab_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2GitLab_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2GitLab_Rule) Reset 

func (m *ProvisionTokenSpecV2GitLab_Rule) Reset()

func (*ProvisionTokenSpecV2GitLab_Rule) Size 

func (m *ProvisionTokenSpecV2GitLab_Rule) Size() (n int)

func (*ProvisionTokenSpecV2GitLab_Rule) String 

func (m *ProvisionTokenSpecV2GitLab_Rule) String() string

func (*ProvisionTokenSpecV2GitLab_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2GitLab_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2GitLab_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2GitLab_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2GitLab_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2GitLab_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2GitLab_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Kubernetes 

type ProvisionTokenSpecV2Kubernetes struct {
	// Allow is a list of Rules, nodes using this token must match one
	// allow rule to use this token.
	Allow []*ProvisionTokenSpecV2Kubernetes_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	// Type controls which behavior should be used for validating the Kubernetes
	// Service Account token. Support values:
	// - `in_cluster`
	// - `static_jwks`
	// If unset, this defaults to `in_cluster`.
	Type KubernetesJoinType `protobuf:"bytes,2,opt,name=Type,proto3,casttype=KubernetesJoinType" json:"type,omitempty"`
	// StaticJWKS is the configuration specific to the `static_jwks` type.
	StaticJWKS           *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig `protobuf:"bytes,3,opt,name=StaticJWKS,proto3" json:"static_jwks,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                                         `json:"-"`
	XXX_unrecognized     []byte                                           `json:"-"`
	XXX_sizecache        int32                                            `json:"-"`
}

ProvisionTokenSpecV2Kubernetes contains the Kubernetes-specific part of the ProvisionTokenSpecV2

func (*ProvisionTokenSpecV2Kubernetes) Descriptor 

func (*ProvisionTokenSpecV2Kubernetes) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Kubernetes) Marshal 

func (m *ProvisionTokenSpecV2Kubernetes) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Kubernetes) MarshalTo 

func (m *ProvisionTokenSpecV2Kubernetes) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Kubernetes) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Kubernetes) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Kubernetes) ProtoMessage 

func (*ProvisionTokenSpecV2Kubernetes) ProtoMessage()

func (*ProvisionTokenSpecV2Kubernetes) Reset 

func (m *ProvisionTokenSpecV2Kubernetes) Reset()

func (*ProvisionTokenSpecV2Kubernetes) Size 

func (m *ProvisionTokenSpecV2Kubernetes) Size() (n int)

func (*ProvisionTokenSpecV2Kubernetes) String 

func (m *ProvisionTokenSpecV2Kubernetes) String() string

func (*ProvisionTokenSpecV2Kubernetes) Unmarshal 

func (m *ProvisionTokenSpecV2Kubernetes) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Kubernetes) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Kubernetes) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Kubernetes) XXX_Marshal 

func (m *ProvisionTokenSpecV2Kubernetes) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Kubernetes) XXX_Merge 

func (m *ProvisionTokenSpecV2Kubernetes) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Kubernetes) XXX_Size 

func (m *ProvisionTokenSpecV2Kubernetes) XXX_Size() int

func (*ProvisionTokenSpecV2Kubernetes) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Kubernetes) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Kubernetes_Rule 

type ProvisionTokenSpecV2Kubernetes_Rule struct {
	// ServiceAccount is the namespaced name of the Kubernetes service account.
	// Its format is "namespace:service-account".
	ServiceAccount       string   `protobuf:"bytes,1,opt,name=ServiceAccount,proto3" json:"service_account,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rule is a set of properties the Kubernetes-issued token might have to be allowed to use this ProvisionToken

func (*ProvisionTokenSpecV2Kubernetes_Rule) Descriptor 

func (*ProvisionTokenSpecV2Kubernetes_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Kubernetes_Rule) Marshal 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Kubernetes_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Kubernetes_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Kubernetes_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2Kubernetes_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2Kubernetes_Rule) Reset 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) Reset()

func (*ProvisionTokenSpecV2Kubernetes_Rule) Size 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) Size() (n int)

func (*ProvisionTokenSpecV2Kubernetes_Rule) String 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) String() string

func (*ProvisionTokenSpecV2Kubernetes_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Kubernetes_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Kubernetes_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Kubernetes_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Kubernetes_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2Kubernetes_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig 

type ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig struct {
	// JWKS should be the JSON Web Key Set formatted public keys of that the
	// Kubernetes Cluster uses to sign service account tokens.
	// This can be fetched from /openid/v1/jwks on the Kubernetes API Server.
	JWKS                 string   `protobuf:"bytes,1,opt,name=JWKS,proto3" json:"jwks,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Descriptor 

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Marshal 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) MarshalTo 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) ProtoMessage 

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) ProtoMessage()

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Reset 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Reset()

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Size 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Size() (n int)

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) String 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) String() string

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Unmarshal 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Marshal 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Merge 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Size 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Size() int

func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Oracle 

type ProvisionTokenSpecV2Oracle struct {
	// Allow is a list of Rules, nodes using this token must match one
	// allow rule to use this token.
	Allow                []*ProvisionTokenSpecV2Oracle_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                           `json:"-"`
	XXX_unrecognized     []byte                             `json:"-"`
	XXX_sizecache        int32                              `json:"-"`
}

ProvisionTokenSpecV2Oracle contains Oracle-specific parts of the ProvisionTokenSpecV2.

func (*ProvisionTokenSpecV2Oracle) Descriptor 

func (*ProvisionTokenSpecV2Oracle) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Oracle) Marshal 

func (m *ProvisionTokenSpecV2Oracle) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Oracle) MarshalTo 

func (m *ProvisionTokenSpecV2Oracle) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Oracle) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Oracle) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Oracle) ProtoMessage 

func (*ProvisionTokenSpecV2Oracle) ProtoMessage()

func (*ProvisionTokenSpecV2Oracle) Reset 

func (m *ProvisionTokenSpecV2Oracle) Reset()

func (*ProvisionTokenSpecV2Oracle) Size 

func (m *ProvisionTokenSpecV2Oracle) Size() (n int)

func (*ProvisionTokenSpecV2Oracle) String 

func (m *ProvisionTokenSpecV2Oracle) String() string

func (*ProvisionTokenSpecV2Oracle) Unmarshal 

func (m *ProvisionTokenSpecV2Oracle) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Oracle) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Oracle) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Oracle) XXX_Marshal 

func (m *ProvisionTokenSpecV2Oracle) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Oracle) XXX_Merge 

func (m *ProvisionTokenSpecV2Oracle) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Oracle) XXX_Size 

func (m *ProvisionTokenSpecV2Oracle) XXX_Size() int

func (*ProvisionTokenSpecV2Oracle) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Oracle) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Oracle_Rule 

type ProvisionTokenSpecV2Oracle_Rule struct {
	// Tenancy is the OCID of the instance's tenancy. Required.
	Tenancy string `protobuf:"bytes,1,opt,name=Tenancy,proto3" json:"tenancy"`
	// ParentCompartments is a list of the OCIDs of compartments an instance is
	// allowed to join from. Only direct parents are allowed, i.e. no nested
	// compartments. If empty, any compartment is allowed.
	ParentCompartments []string `protobuf:"bytes,2,rep,name=ParentCompartments,proto3" json:"parent_compartments,omitempty"`
	// Regions is a list of regions an instance is allowed to join from. Both
	// full region names ("us-phoenix-1") and abbreviations ("phx") are allowed.
	// If empty, any region is allowed.
	Regions              []string `protobuf:"bytes,3,rep,name=Regions,proto3" json:"regions,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rule is a set of properties the Oracle instance might have to be allowed to use this ProvisionToken.

func (*ProvisionTokenSpecV2Oracle_Rule) Descriptor 

func (*ProvisionTokenSpecV2Oracle_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Oracle_Rule) Marshal 

func (m *ProvisionTokenSpecV2Oracle_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Oracle_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2Oracle_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Oracle_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Oracle_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Oracle_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2Oracle_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2Oracle_Rule) Reset 

func (m *ProvisionTokenSpecV2Oracle_Rule) Reset()

func (*ProvisionTokenSpecV2Oracle_Rule) Size 

func (m *ProvisionTokenSpecV2Oracle_Rule) Size() (n int)

func (*ProvisionTokenSpecV2Oracle_Rule) String 

func (m *ProvisionTokenSpecV2Oracle_Rule) String() string

func (*ProvisionTokenSpecV2Oracle_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2Oracle_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Oracle_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Oracle_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Oracle_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Oracle_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2Oracle_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Spacelift 

type ProvisionTokenSpecV2Spacelift struct {
	// Allow is a list of Rules, nodes using this token must match one
	// allow rule to use this token.
	Allow []*ProvisionTokenSpecV2Spacelift_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	// Hostname is the hostname of the Spacelift tenant that tokens
	// will originate from. E.g `example.app.spacelift.io`
	Hostname             string   `protobuf:"bytes,2,opt,name=Hostname,proto3" json:"hostname,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ProvisionTokenSpecV2Spacelift contains the Spacelift-specific part of the ProvisionTokenSpecV2

func (*ProvisionTokenSpecV2Spacelift) Descriptor 

func (*ProvisionTokenSpecV2Spacelift) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Spacelift) Marshal 

func (m *ProvisionTokenSpecV2Spacelift) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Spacelift) MarshalTo 

func (m *ProvisionTokenSpecV2Spacelift) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Spacelift) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Spacelift) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Spacelift) ProtoMessage 

func (*ProvisionTokenSpecV2Spacelift) ProtoMessage()

func (*ProvisionTokenSpecV2Spacelift) Reset 

func (m *ProvisionTokenSpecV2Spacelift) Reset()

func (*ProvisionTokenSpecV2Spacelift) Size 

func (m *ProvisionTokenSpecV2Spacelift) Size() (n int)

func (*ProvisionTokenSpecV2Spacelift) String 

func (m *ProvisionTokenSpecV2Spacelift) String() string

func (*ProvisionTokenSpecV2Spacelift) Unmarshal 

func (m *ProvisionTokenSpecV2Spacelift) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Spacelift) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Spacelift) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Spacelift) XXX_Marshal 

func (m *ProvisionTokenSpecV2Spacelift) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Spacelift) XXX_Merge 

func (m *ProvisionTokenSpecV2Spacelift) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Spacelift) XXX_Size 

func (m *ProvisionTokenSpecV2Spacelift) XXX_Size() int

func (*ProvisionTokenSpecV2Spacelift) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Spacelift) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2Spacelift_Rule 

type ProvisionTokenSpecV2Spacelift_Rule struct {
	// SpaceID is the ID of the space in which the run that owns the token was
	// executed.
	SpaceID string `protobuf:"bytes,1,opt,name=SpaceID,proto3" json:"space_id,omitempty"`
	// CallerID is the ID of the caller, ie. the stack or module that generated
	// the run.
	CallerID string `protobuf:"bytes,2,opt,name=CallerID,proto3" json:"caller_id,omitempty"`
	// CallerType is the type of the caller, ie. the entity that owns the run -
	// either `stack` or `module`.
	CallerType string `protobuf:"bytes,3,opt,name=CallerType,proto3" json:"caller_type,omitempty"`
	// Scope is the scope of the token - either `read` or `write`.
	// See https://docs.spacelift.io/integrations/cloud-providers/oidc/#about-scopes
	Scope                string   `protobuf:"bytes,4,opt,name=Scope,proto3" json:"scope,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ProvisionTokenSpecV2Spacelift_Rule) Descriptor 

func (*ProvisionTokenSpecV2Spacelift_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2Spacelift_Rule) Marshal 

func (m *ProvisionTokenSpecV2Spacelift_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2Spacelift_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2Spacelift_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Spacelift_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2Spacelift_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2Spacelift_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2Spacelift_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2Spacelift_Rule) Reset 

func (m *ProvisionTokenSpecV2Spacelift_Rule) Reset()

func (*ProvisionTokenSpecV2Spacelift_Rule) Size 

func (m *ProvisionTokenSpecV2Spacelift_Rule) Size() (n int)

func (*ProvisionTokenSpecV2Spacelift_Rule) String 

func (m *ProvisionTokenSpecV2Spacelift_Rule) String() string

func (*ProvisionTokenSpecV2Spacelift_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2Spacelift_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2Spacelift_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2Spacelift_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2Spacelift_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2Spacelift_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2Spacelift_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2TPM 

type ProvisionTokenSpecV2TPM struct {
	// Allow is a list of Rules, the presented delegated identity must match one
	// allow rule to permit joining.
	Allow []*ProvisionTokenSpecV2TPM_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	// EKCertAllowedCAs is a list of CA certificates that will be used to validate
	// TPM EKCerts.
	// When specified, joining TPMs must present an EKCert signed by one of the
	// specified CAs. TPMs that do not present an EKCert will be not permitted to
	// join.
	// When unspecified, TPMs will be allowed to join with either an EKCert or an
	// EKPubHash.
	EKCertAllowedCAs     []string `protobuf:"bytes,2,rep,name=EKCertAllowedCAs,proto3" json:"ekcert_allowed_cas,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ProvisionTokenSpecV2TPM contains the TPM-specific part of the ProvisionTokenSpecV2

func (*ProvisionTokenSpecV2TPM) Descriptor 

func (*ProvisionTokenSpecV2TPM) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2TPM) Marshal 

func (m *ProvisionTokenSpecV2TPM) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2TPM) MarshalTo 

func (m *ProvisionTokenSpecV2TPM) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2TPM) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2TPM) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2TPM) ProtoMessage 

func (*ProvisionTokenSpecV2TPM) ProtoMessage()

func (*ProvisionTokenSpecV2TPM) Reset 

func (m *ProvisionTokenSpecV2TPM) Reset()

func (*ProvisionTokenSpecV2TPM) Size 

func (m *ProvisionTokenSpecV2TPM) Size() (n int)

func (*ProvisionTokenSpecV2TPM) String 

func (m *ProvisionTokenSpecV2TPM) String() string

func (*ProvisionTokenSpecV2TPM) Unmarshal 

func (m *ProvisionTokenSpecV2TPM) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2TPM) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2TPM) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2TPM) XXX_Marshal 

func (m *ProvisionTokenSpecV2TPM) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2TPM) XXX_Merge 

func (m *ProvisionTokenSpecV2TPM) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2TPM) XXX_Size 

func (m *ProvisionTokenSpecV2TPM) XXX_Size() int

func (*ProvisionTokenSpecV2TPM) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2TPM) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2TPM_Rule 

type ProvisionTokenSpecV2TPM_Rule struct {
	// Description is a human-readable description of the rule. It has no
	// bearing on whether or not a TPM is allowed to join, but can be used
	// to associate a rule with a specific host (e.g the asset tag of the server
	// in which the TPM resides).
	// Example: "build-server-100"
	Description string `protobuf:"bytes,1,opt,name=Description,proto3" json:"description,omitempty"`
	// EKPublicHash is the SHA256 hash of the EKPub marshaled in PKIX format
	// and encoded in hexadecimal. This value will also be checked when a TPM
	// has submitted an EKCert, and the public key in the EKCert will be used
	// for this check.
	// Example: d4b45864d9d6fabfc568d74f26c35ababde2105337d7af9a6605e1c56c891aa6
	EKPublicHash string `protobuf:"bytes,4,opt,name=EKPublicHash,proto3" json:"ek_public_hash,omitempty"`
	// EKCertificateSerial is the serial number of the EKCert in hexadecimal
	// with colon separated nibbles. This value will not be checked when a TPM
	// does not have an EKCert configured.
	// Example: 73:df:dc:bd:af:ef:8a:d8:15:2e:96:71:7a:3e:7f:a4
	EKCertificateSerial  string   `protobuf:"bytes,5,opt,name=EKCertificateSerial,proto3" json:"ek_certificate_serial,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ProvisionTokenSpecV2TPM_Rule) Descriptor 

func (*ProvisionTokenSpecV2TPM_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2TPM_Rule) Marshal 

func (m *ProvisionTokenSpecV2TPM_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2TPM_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2TPM_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2TPM_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2TPM_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2TPM_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2TPM_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2TPM_Rule) Reset 

func (m *ProvisionTokenSpecV2TPM_Rule) Reset()

func (*ProvisionTokenSpecV2TPM_Rule) Size 

func (m *ProvisionTokenSpecV2TPM_Rule) Size() (n int)

func (*ProvisionTokenSpecV2TPM_Rule) String 

func (m *ProvisionTokenSpecV2TPM_Rule) String() string

func (*ProvisionTokenSpecV2TPM_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2TPM_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2TPM_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2TPM_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2TPM_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2TPM_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2TPM_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2TPM_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2TPM_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2TPM_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2TPM_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2TPM_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2TerraformCloud 

type ProvisionTokenSpecV2TerraformCloud struct {
	// Allow is a list of Rules, nodes using this token must match one
	// allow rule to use this token.
	Allow []*ProvisionTokenSpecV2TerraformCloud_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
	// Audience is the JWT audience as configured in the
	// TFC_WORKLOAD_IDENTITY_AUDIENCE(_$TAG) variable in Terraform Cloud. If
	// unset, defaults to the Teleport cluster name.
	// For example, if `TFC_WORKLOAD_IDENTITY_AUDIENCE_TELEPORT=foo` is set in
	// Terraform Cloud, this value should be `foo`. If the variable is set to
	// match the cluster name, it does not need to be set here.
	Audience string `protobuf:"bytes,2,opt,name=Audience,proto3" json:"audience,omitempty"`
	// Hostname is the hostname of the Terraform Enterprise instance expected to
	// issue JWTs allowed by this token. This may be unset for regular Terraform
	// Cloud use, in which case it will be assumed to be `app.terraform.io`.
	// Otherwise, it must both match the `iss` (issuer) field included in JWTs,
	// and provide standard JWKS endpoints.
	Hostname             string   `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ProvisionTokenSpecV2Terraform contains Terraform-specific parts of the ProvisionTokenSpecV2.

func (*ProvisionTokenSpecV2TerraformCloud) Descriptor 

func (*ProvisionTokenSpecV2TerraformCloud) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2TerraformCloud) Marshal 

func (m *ProvisionTokenSpecV2TerraformCloud) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2TerraformCloud) MarshalTo 

func (m *ProvisionTokenSpecV2TerraformCloud) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2TerraformCloud) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2TerraformCloud) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2TerraformCloud) ProtoMessage 

func (*ProvisionTokenSpecV2TerraformCloud) ProtoMessage()

func (*ProvisionTokenSpecV2TerraformCloud) Reset 

func (m *ProvisionTokenSpecV2TerraformCloud) Reset()

func (*ProvisionTokenSpecV2TerraformCloud) Size 

func (m *ProvisionTokenSpecV2TerraformCloud) Size() (n int)

func (*ProvisionTokenSpecV2TerraformCloud) String 

func (m *ProvisionTokenSpecV2TerraformCloud) String() string

func (*ProvisionTokenSpecV2TerraformCloud) Unmarshal 

func (m *ProvisionTokenSpecV2TerraformCloud) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2TerraformCloud) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2TerraformCloud) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2TerraformCloud) XXX_Marshal 

func (m *ProvisionTokenSpecV2TerraformCloud) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2TerraformCloud) XXX_Merge 

func (m *ProvisionTokenSpecV2TerraformCloud) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2TerraformCloud) XXX_Size 

func (m *ProvisionTokenSpecV2TerraformCloud) XXX_Size() int

func (*ProvisionTokenSpecV2TerraformCloud) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2TerraformCloud) XXX_Unmarshal(b []byte) error

type ProvisionTokenSpecV2TerraformCloud_Rule 

type ProvisionTokenSpecV2TerraformCloud_Rule struct {
	// OrganizationID is the ID of the HCP Terraform organization. At least
	// one organization value is required, either ID or name.
	OrganizationID string `protobuf:"bytes,1,opt,name=OrganizationID,proto3" json:"organization_id,omitempty"`
	// OrganizationName is the human-readable name of the HCP Terraform
	// organization. At least one organization value is required, either ID or
	// name.
	OrganizationName string `protobuf:"bytes,2,opt,name=OrganizationName,proto3" json:"organization_name,omitempty"`
	// ProjectID is the ID of the HCP Terraform project. At least one project or
	// workspace value is required, either ID or name.
	ProjectID string `protobuf:"bytes,3,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
	// ProjectName is the human-readable name for the HCP Terraform project. At
	// least one project or workspace value is required, either ID or name.
	ProjectName string `protobuf:"bytes,4,opt,name=ProjectName,proto3" json:"project_name,omitempty"`
	// WorkspaceID is the ID of the HCP Terraform workspace. At least one
	// project or workspace value is required, either ID or name.
	WorkspaceID string `protobuf:"bytes,5,opt,name=WorkspaceID,proto3" json:"workspace_id,omitempty"`
	// WorkspaceName is the human-readable name of the HCP Terraform workspace.
	// At least one project or workspace value is required, either ID or name.
	WorkspaceName string `protobuf:"bytes,6,opt,name=WorkspaceName,proto3" json:"workspace_name,omitempty"`
	// RunPhase is the phase of the run the token was issued for, e.g. `plan` or
	// `apply`
	RunPhase             string   `protobuf:"bytes,7,opt,name=RunPhase,proto3" json:"run_phase,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rule is a set of properties the Terraform-issued token might have to be allowed to use this ProvisionToken.

func (*ProvisionTokenSpecV2TerraformCloud_Rule) Descriptor 

func (*ProvisionTokenSpecV2TerraformCloud_Rule) Descriptor() ([]byte, []int)

func (*ProvisionTokenSpecV2TerraformCloud_Rule) Marshal 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenSpecV2TerraformCloud_Rule) MarshalTo 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2TerraformCloud_Rule) MarshalToSizedBuffer 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenSpecV2TerraformCloud_Rule) ProtoMessage 

func (*ProvisionTokenSpecV2TerraformCloud_Rule) ProtoMessage()

func (*ProvisionTokenSpecV2TerraformCloud_Rule) Reset 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) Reset()

func (*ProvisionTokenSpecV2TerraformCloud_Rule) Size 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) Size() (n int)

func (*ProvisionTokenSpecV2TerraformCloud_Rule) String 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) String() string

func (*ProvisionTokenSpecV2TerraformCloud_Rule) Unmarshal 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) Unmarshal(dAtA []byte) error

func (*ProvisionTokenSpecV2TerraformCloud_Rule) XXX_DiscardUnknown 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_DiscardUnknown()

func (*ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Marshal 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Merge 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Merge(src proto.Message)

func (*ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Size 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Size() int

func (*ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Unmarshal 

func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Unmarshal(b []byte) error

type ProvisionTokenStatusV2 

type ProvisionTokenStatusV2 struct {
	// BoundKeypair contains status information related to bound_keypair type
	// tokens.
	BoundKeypair         *ProvisionTokenStatusV2BoundKeypair `protobuf:"bytes,1,opt,name=BoundKeypair,proto3" json:"bound_keypair,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                            `json:"-"`
	XXX_unrecognized     []byte                              `json:"-"`
	XXX_sizecache        int32                               `json:"-"`
}

ProvisionTokenStatusV2 contains status information about a particular ProvisionTokenV2. These fields should not be modified by end users.

func (*ProvisionTokenStatusV2) Descriptor 

func (*ProvisionTokenStatusV2) Descriptor() ([]byte, []int)

func (*ProvisionTokenStatusV2) Marshal 

func (m *ProvisionTokenStatusV2) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenStatusV2) MarshalTo 

func (m *ProvisionTokenStatusV2) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenStatusV2) MarshalToSizedBuffer 

func (m *ProvisionTokenStatusV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenStatusV2) ProtoMessage 

func (*ProvisionTokenStatusV2) ProtoMessage()

func (*ProvisionTokenStatusV2) Reset 

func (m *ProvisionTokenStatusV2) Reset()

func (*ProvisionTokenStatusV2) Size 

func (m *ProvisionTokenStatusV2) Size() (n int)

func (*ProvisionTokenStatusV2) String 

func (m *ProvisionTokenStatusV2) String() string

func (*ProvisionTokenStatusV2) Unmarshal 

func (m *ProvisionTokenStatusV2) Unmarshal(dAtA []byte) error

func (*ProvisionTokenStatusV2) XXX_DiscardUnknown 

func (m *ProvisionTokenStatusV2) XXX_DiscardUnknown()

func (*ProvisionTokenStatusV2) XXX_Marshal 

func (m *ProvisionTokenStatusV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenStatusV2) XXX_Merge 

func (m *ProvisionTokenStatusV2) XXX_Merge(src proto.Message)

func (*ProvisionTokenStatusV2) XXX_Size 

func (m *ProvisionTokenStatusV2) XXX_Size() int

func (*ProvisionTokenStatusV2) XXX_Unmarshal 

func (m *ProvisionTokenStatusV2) XXX_Unmarshal(b []byte) error

type ProvisionTokenStatusV2BoundKeypair 

type ProvisionTokenStatusV2BoundKeypair struct {
	// RegistrationSecret contains a secret value that may be used for public key
	// registration during the initial join process if no public key is
	// preregistered. If `.spec.bound_keypair.onboarding.initial_public_key`
	// is set, †his field will remain empty. Otherwise, if
	// `.spec.bound_keypair.onboarding.registration_secret` is set, that value
	// will be copied here. If that field is unset, a value will be randomly
	// generated.
	RegistrationSecret string `protobuf:"bytes,1,opt,name=RegistrationSecret,proto3" json:"registration_secret"`
	// BoundPublicKey contains the currently bound public key. If
	// `.spec.bound_keypair.onboarding.initial_public_key` is set, that value will
	// be copied here on creation, otherwise it will be populated as part of
	// public key registration process. This value will be updated over time if
	// keypair rotation takes place, and will always reflect the currently trusted
	// public key. This value is written in SSH authorized_keys format.
	BoundPublicKey string `protobuf:"bytes,2,opt,name=BoundPublicKey,proto3" json:"bound_public_key"`
	// BoundBotInstanceID is the ID of the currently associated bot instance. A
	// new bot instance is issued on each join; the new bot instance will
	// have a `previous_bot_instance` set to this value, if any.
	BoundBotInstanceID string `protobuf:"bytes,3,opt,name=BoundBotInstanceID,proto3" json:"bound_bot_instance_id"`
	// RecoveryCount is a count of the total number of recoveries performed using
	// this token. It is incremented for every successful join or rejoin. Recovery
	// is only allowed if this value is less than
	// `.spec.bound_keypair.recovery.limit`, or if the recovery mode is `relaxed`
	// or `insecure`.
	RecoveryCount uint32 `protobuf:"varint,4,opt,name=RecoveryCount,proto3" json:"recovery_count"`
	// LastRecoveredAt contains a timestamp of the last successful recovery
	// attempt. Note that normal renewals do not count as a recovery attempt,
	// however onboarding does,  either with a preregistered key or registration
	// secret. This corresponds with the last time `bound_bot_instance_id` was
	// updated.
	LastRecoveredAt *time.Time `protobuf:"bytes,5,opt,name=LastRecoveredAt,proto3,stdtime" json:"last_recovered_at,omitempty"`
	// LastRotatedAt contains a timestamp of the last time the keypair was
	// rotated, if any. This is not set at initial join.
	LastRotatedAt        *time.Time `protobuf:"bytes,6,opt,name=LastRotatedAt,proto3,stdtime" json:"last_rotated_at,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

ProvisionTokenStatusV2BoundKeypair contains status information specific to bound_keypair type tokens.

func (*ProvisionTokenStatusV2BoundKeypair) Descriptor 

func (*ProvisionTokenStatusV2BoundKeypair) Descriptor() ([]byte, []int)

func (*ProvisionTokenStatusV2BoundKeypair) Marshal 

func (m *ProvisionTokenStatusV2BoundKeypair) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenStatusV2BoundKeypair) MarshalTo 

func (m *ProvisionTokenStatusV2BoundKeypair) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenStatusV2BoundKeypair) MarshalToSizedBuffer 

func (m *ProvisionTokenStatusV2BoundKeypair) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenStatusV2BoundKeypair) ProtoMessage 

func (*ProvisionTokenStatusV2BoundKeypair) ProtoMessage()

func (*ProvisionTokenStatusV2BoundKeypair) Reset 

func (m *ProvisionTokenStatusV2BoundKeypair) Reset()

func (*ProvisionTokenStatusV2BoundKeypair) Size 

func (m *ProvisionTokenStatusV2BoundKeypair) Size() (n int)

func (*ProvisionTokenStatusV2BoundKeypair) String 

func (m *ProvisionTokenStatusV2BoundKeypair) String() string

func (*ProvisionTokenStatusV2BoundKeypair) Unmarshal 

func (m *ProvisionTokenStatusV2BoundKeypair) Unmarshal(dAtA []byte) error

func (*ProvisionTokenStatusV2BoundKeypair) XXX_DiscardUnknown 

func (m *ProvisionTokenStatusV2BoundKeypair) XXX_DiscardUnknown()

func (*ProvisionTokenStatusV2BoundKeypair) XXX_Marshal 

func (m *ProvisionTokenStatusV2BoundKeypair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenStatusV2BoundKeypair) XXX_Merge 

func (m *ProvisionTokenStatusV2BoundKeypair) XXX_Merge(src proto.Message)

func (*ProvisionTokenStatusV2BoundKeypair) XXX_Size 

func (m *ProvisionTokenStatusV2BoundKeypair) XXX_Size() int

func (*ProvisionTokenStatusV2BoundKeypair) XXX_Unmarshal 

func (m *ProvisionTokenStatusV2BoundKeypair) XXX_Unmarshal(b []byte) error

type ProvisionTokenV1 

type ProvisionTokenV1 struct {
	// Roles is a list of roles associated with the token,
	// that will be converted to metadata in the SSH and X509
	// certificates issued to the user of the token
	Roles []SystemRole `protobuf:"bytes,1,rep,name=Roles,proto3,casttype=SystemRole" json:"roles"`
	// Expires is a global expiry time header can be set on any resource in the
	// system.
	Expires time.Time `protobuf:"bytes,2,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
	// Token is a token name
	Token                string   `protobuf:"bytes,3,opt,name=Token,proto3" json:"token"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ProvisionTokenV1 is a provisioning token V1

func ProvisionTokensToV1 

func ProvisionTokensToV1(in []ProvisionToken) []ProvisionTokenV1

ProvisionTokensToV1 converts provision tokens to V1 list

func (*ProvisionTokenV1) Descriptor 

func (*ProvisionTokenV1) Descriptor() ([]byte, []int)

func (*ProvisionTokenV1) Marshal 

func (m *ProvisionTokenV1) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenV1) MarshalTo 

func (m *ProvisionTokenV1) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenV1) MarshalToSizedBuffer 

func (m *ProvisionTokenV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenV1) ProtoMessage 

func (*ProvisionTokenV1) ProtoMessage()

func (*ProvisionTokenV1) Reset 

func (m *ProvisionTokenV1) Reset()

func (*ProvisionTokenV1) Size 

func (m *ProvisionTokenV1) Size() (n int)

func (ProvisionTokenV1) String 

func (p ProvisionTokenV1) String() string

String returns the human readable representation of a provisioning token.

func (*ProvisionTokenV1) Unmarshal 

func (m *ProvisionTokenV1) Unmarshal(dAtA []byte) error

func (*ProvisionTokenV1) V1 

func (p *ProvisionTokenV1) V1() *ProvisionTokenV1

V1 returns V1 version of the resource

func (*ProvisionTokenV1) V2 

func (p *ProvisionTokenV1) V2() *ProvisionTokenV2

V2 returns V2 version of the resource

func (*ProvisionTokenV1) XXX_DiscardUnknown 

func (m *ProvisionTokenV1) XXX_DiscardUnknown()

func (*ProvisionTokenV1) XXX_Marshal 

func (m *ProvisionTokenV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenV1) XXX_Merge 

func (m *ProvisionTokenV1) XXX_Merge(src proto.Message)

func (*ProvisionTokenV1) XXX_Size 

func (m *ProvisionTokenV1) XXX_Size() int

func (*ProvisionTokenV1) XXX_Unmarshal 

func (m *ProvisionTokenV1) XXX_Unmarshal(b []byte) error

type ProvisionTokenV2 

type ProvisionTokenV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are:`v2`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a provisioning token V2 spec
	Spec ProvisionTokenSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	// Status is extended status information, depending on token type. It is not
	// user writable.
	Status               *ProvisionTokenStatusV2 `protobuf:"bytes,6,opt,name=Status,proto3" json:"status,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

ProvisionTokenV2 specifies provisioning token

func (*ProvisionTokenV2) CheckAndSetDefaults 

func (p *ProvisionTokenV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks and set default values for any missing fields.

func (*ProvisionTokenV2) Clone 

func (p *ProvisionTokenV2) Clone() ProvisionToken

func (*ProvisionTokenV2) Descriptor 

func (*ProvisionTokenV2) Descriptor() ([]byte, []int)

func (*ProvisionTokenV2) Expiry 

func (p *ProvisionTokenV2) Expiry() time.Time

Expiry returns object expiry setting

func (*ProvisionTokenV2) GetAWSIIDTTL 

func (p *ProvisionTokenV2) GetAWSIIDTTL() Duration

GetAWSIIDTTL returns the TTL of EC2 IIDs

func (*ProvisionTokenV2) GetAllowRules 

func (p *ProvisionTokenV2) GetAllowRules() []*TokenRule

GetAllowRules returns the list of allow rules

func (*ProvisionTokenV2) GetBotName 

func (p *ProvisionTokenV2) GetBotName() string

GetBotName returns the BotName field which must be set for joining bots.

func (*ProvisionTokenV2) GetGCPRules 

func (p *ProvisionTokenV2) GetGCPRules() *ProvisionTokenSpecV2GCP

GetGCPRules will return the GCP rules within this token.

func (*ProvisionTokenV2) GetGithubRules 

func (p *ProvisionTokenV2) GetGithubRules() *ProvisionTokenSpecV2GitHub

GetGithubRules will return the GitHub rules within this token.

func (*ProvisionTokenV2) GetJoinMethod 

func (p *ProvisionTokenV2) GetJoinMethod() JoinMethod

GetJoinMethod returns joining method that must be used with this token.

func (*ProvisionTokenV2) GetKind 

func (p *ProvisionTokenV2) GetKind() string

GetKind returns resource kind

func (*ProvisionTokenV2) GetMetadata 

func (p *ProvisionTokenV2) GetMetadata() Metadata

GetMetadata returns metadata

func (*ProvisionTokenV2) GetName 

func (p *ProvisionTokenV2) GetName() string

GetName returns the name of the provision token. This value can be secret! Use GetSafeName where the name may be logged.

func (*ProvisionTokenV2) GetRevision 

func (p *ProvisionTokenV2) GetRevision() string

GetRevision returns the revision

func (*ProvisionTokenV2) GetRoles 

func (p *ProvisionTokenV2) GetRoles() SystemRoles

GetRoles returns a list of teleport roles that will be granted to the user of the token in the crendentials

func (*ProvisionTokenV2) GetSafeName 

func (p *ProvisionTokenV2) GetSafeName() string

GetSafeName returns the name of the token, sanitized appropriately for join methods where the name is secret. This should be used when logging the token name.

func (*ProvisionTokenV2) GetSubKind 

func (p *ProvisionTokenV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*ProvisionTokenV2) GetSuggestedAgentMatcherLabels 

func (p *ProvisionTokenV2) GetSuggestedAgentMatcherLabels() Labels

GetAgentMatcherLabels returns the set of labels that should be watched when an agent/service uses this token. An example of this is the Database Agent. When using the install-database.sh script, the script will add those labels as part of the `teleport.yaml` configuration. They are added to `db_service.resources.0.labels`.

func (*ProvisionTokenV2) GetSuggestedLabels 

func (p *ProvisionTokenV2) GetSuggestedLabels() Labels

GetSuggestedLabels returns the labels the resource should set when using this token

func (*ProvisionTokenV2) GetVersion 

func (p *ProvisionTokenV2) GetVersion() string

GetVersion returns resource version

func (*ProvisionTokenV2) IsStatic 

func (p *ProvisionTokenV2) IsStatic() bool

IsStatic returns true if the token is statically configured

func (*ProvisionTokenV2) Marshal 

func (m *ProvisionTokenV2) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenV2) MarshalTo 

func (m *ProvisionTokenV2) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenV2) MarshalToSizedBuffer 

func (m *ProvisionTokenV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenV2) Origin 

func (p *ProvisionTokenV2) Origin() string

Origin returns the origin value of the resource.

func (*ProvisionTokenV2) ProtoMessage 

func (*ProvisionTokenV2) ProtoMessage()

func (*ProvisionTokenV2) Reset 

func (m *ProvisionTokenV2) Reset()

func (*ProvisionTokenV2) SetAllowRules 

func (p *ProvisionTokenV2) SetAllowRules(rules []*TokenRule)

SetAllowRules sets the allow rules.

func (*ProvisionTokenV2) SetExpiry 

func (p *ProvisionTokenV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*ProvisionTokenV2) SetLabels 

func (p *ProvisionTokenV2) SetLabels(l map[string]string)

func (*ProvisionTokenV2) SetMetadata 

func (p *ProvisionTokenV2) SetMetadata(meta Metadata)

SetMetadata sets resource metatada

func (*ProvisionTokenV2) SetName 

func (p *ProvisionTokenV2) SetName(e string)

SetName sets the name of the provision token.

func (*ProvisionTokenV2) SetOrigin 

func (p *ProvisionTokenV2) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*ProvisionTokenV2) SetRevision 

func (p *ProvisionTokenV2) SetRevision(rev string)

SetRevision sets the revision

func (*ProvisionTokenV2) SetRoles 

func (p *ProvisionTokenV2) SetRoles(r SystemRoles)

SetRoles sets teleport roles

func (*ProvisionTokenV2) SetSubKind 

func (p *ProvisionTokenV2) SetSubKind(s string)

SetSubKind sets resource subkind

func (*ProvisionTokenV2) Size 

func (m *ProvisionTokenV2) Size() (n int)

func (ProvisionTokenV2) String 

func (p ProvisionTokenV2) String() string

String returns the human readable representation of a provisioning token.

func (*ProvisionTokenV2) Unmarshal 

func (m *ProvisionTokenV2) Unmarshal(dAtA []byte) error

func (*ProvisionTokenV2) V1 

func (p *ProvisionTokenV2) V1() *ProvisionTokenV1

V1 returns V1 version of the resource

func (*ProvisionTokenV2) V2 

func (p *ProvisionTokenV2) V2() *ProvisionTokenV2

V2 returns V2 version of the resource

func (*ProvisionTokenV2) XXX_DiscardUnknown 

func (m *ProvisionTokenV2) XXX_DiscardUnknown()

func (*ProvisionTokenV2) XXX_Marshal 

func (m *ProvisionTokenV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenV2) XXX_Merge 

func (m *ProvisionTokenV2) XXX_Merge(src proto.Message)

func (*ProvisionTokenV2) XXX_Size 

func (m *ProvisionTokenV2) XXX_Size() int

func (*ProvisionTokenV2) XXX_Unmarshal 

func (m *ProvisionTokenV2) XXX_Unmarshal(b []byte) error

type ProvisionTokenV2List 

type ProvisionTokenV2List struct {
	// ProvisionTokens is a list of provisioning tokens.
	ProvisionTokens      []*ProvisionTokenV2 `protobuf:"bytes,1,rep,name=ProvisionTokens,proto3" json:"ProvisionTokens,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

ProvisionTokenV2List is a list of provisioning tokens.

func (*ProvisionTokenV2List) Descriptor 

func (*ProvisionTokenV2List) Descriptor() ([]byte, []int)

func (*ProvisionTokenV2List) Marshal 

func (m *ProvisionTokenV2List) Marshal() (dAtA []byte, err error)

func (*ProvisionTokenV2List) MarshalTo 

func (m *ProvisionTokenV2List) MarshalTo(dAtA []byte) (int, error)

func (*ProvisionTokenV2List) MarshalToSizedBuffer 

func (m *ProvisionTokenV2List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProvisionTokenV2List) ProtoMessage 

func (*ProvisionTokenV2List) ProtoMessage()

func (*ProvisionTokenV2List) Reset 

func (m *ProvisionTokenV2List) Reset()

func (*ProvisionTokenV2List) Size 

func (m *ProvisionTokenV2List) Size() (n int)

func (*ProvisionTokenV2List) String 

func (m *ProvisionTokenV2List) String() string

func (*ProvisionTokenV2List) Unmarshal 

func (m *ProvisionTokenV2List) Unmarshal(dAtA []byte) error

func (*ProvisionTokenV2List) XXX_DiscardUnknown 

func (m *ProvisionTokenV2List) XXX_DiscardUnknown()

func (*ProvisionTokenV2List) XXX_Marshal 

func (m *ProvisionTokenV2List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProvisionTokenV2List) XXX_Merge 

func (m *ProvisionTokenV2List) XXX_Merge(src proto.Message)

func (*ProvisionTokenV2List) XXX_Size 

func (m *ProvisionTokenV2List) XXX_Size() int

func (*ProvisionTokenV2List) XXX_Unmarshal 

func (m *ProvisionTokenV2List) XXX_Unmarshal(b []byte) error

type ProxiedService 

type ProxiedService interface {
	// GetProxyIDs returns a list of proxy ids this service is connected to.
	GetProxyIDs() []string
	// SetProxyIDs sets the proxy ids this service is connected to.
	SetProxyIDs([]string)
}

ProxiedService is a service that is connected to a proxy.

type ProxyListenerMode 

type ProxyListenerMode int32

ProxyListenerMode represents the cluster proxy listener mode. 

const (
	// Separate is the proxy listener mode indicating that proxies are running
	// in separate listener mode where Teleport Proxy services use different listeners.
	ProxyListenerMode_Separate ProxyListenerMode = 0
	// Multiplex is the proxy listener mode indicating the proxy should use multiplex mode
	// where all proxy services are multiplexed on a single proxy port.
	ProxyListenerMode_Multiplex ProxyListenerMode = 1
)

func (ProxyListenerMode) EnumDescriptor 

func (ProxyListenerMode) EnumDescriptor() ([]byte, []int)

func (ProxyListenerMode) MarshalYAML 

func (p ProxyListenerMode) MarshalYAML() (interface{}, error)

MarshalYAML defines how a proxy listener mode should be marshaled to a string

func (ProxyListenerMode) String 

func (x ProxyListenerMode) String() string

func (*ProxyListenerMode) UnmarshalYAML 

func (p *ProxyListenerMode) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML unmarshalls proxy listener mode from YAML value.

type ProxyPeeringTunnelStrategy 

type ProxyPeeringTunnelStrategy struct {
	AgentConnectionCount int64    `protobuf:"varint,1,opt,name=AgentConnectionCount,proto3" json:"agent_connection_count,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ProxyPeeringTunnelStrategy requires reverse tunnels to dial a fixed number of proxies.

func DefaultProxyPeeringTunnelStrategy 

func DefaultProxyPeeringTunnelStrategy() *ProxyPeeringTunnelStrategy

DefaultProxyPeeringTunnelStrategy sets default values for a proxy peering tunnel strategy.

func (*ProxyPeeringTunnelStrategy) Descriptor 

func (*ProxyPeeringTunnelStrategy) Descriptor() ([]byte, []int)

func (*ProxyPeeringTunnelStrategy) Marshal 

func (m *ProxyPeeringTunnelStrategy) Marshal() (dAtA []byte, err error)

func (*ProxyPeeringTunnelStrategy) MarshalTo 

func (m *ProxyPeeringTunnelStrategy) MarshalTo(dAtA []byte) (int, error)

func (*ProxyPeeringTunnelStrategy) MarshalToSizedBuffer 

func (m *ProxyPeeringTunnelStrategy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ProxyPeeringTunnelStrategy) ProtoMessage 

func (*ProxyPeeringTunnelStrategy) ProtoMessage()

func (*ProxyPeeringTunnelStrategy) Reset 

func (m *ProxyPeeringTunnelStrategy) Reset()

func (*ProxyPeeringTunnelStrategy) Size 

func (m *ProxyPeeringTunnelStrategy) Size() (n int)

func (*ProxyPeeringTunnelStrategy) String 

func (m *ProxyPeeringTunnelStrategy) String() string

func (*ProxyPeeringTunnelStrategy) Unmarshal 

func (m *ProxyPeeringTunnelStrategy) Unmarshal(dAtA []byte) error

func (*ProxyPeeringTunnelStrategy) XXX_DiscardUnknown 

func (m *ProxyPeeringTunnelStrategy) XXX_DiscardUnknown()

func (*ProxyPeeringTunnelStrategy) XXX_Marshal 

func (m *ProxyPeeringTunnelStrategy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProxyPeeringTunnelStrategy) XXX_Merge 

func (m *ProxyPeeringTunnelStrategy) XXX_Merge(src proto.Message)

func (*ProxyPeeringTunnelStrategy) XXX_Size 

func (m *ProxyPeeringTunnelStrategy) XXX_Size() int

func (*ProxyPeeringTunnelStrategy) XXX_Unmarshal 

func (m *ProxyPeeringTunnelStrategy) XXX_Unmarshal(b []byte) error

type RDPLicenseKey 

type RDPLicenseKey struct {
	Version   uint32 // e.g. 0x000a0002
	Issuer    string // e.g. example.com
	Company   string // e.g. Example Corporation
	ProductID string // e.g. A02
}

RDPLicenseKey is struct for retrieving licenses from backend cache, used only internally

type RDS 

type RDS struct {
	// InstanceID is the RDS instance identifier.
	InstanceID string `protobuf:"bytes,1,opt,name=InstanceID,proto3" json:"instance_id,omitempty"`
	// ClusterID is the RDS cluster (Aurora) identifier.
	ClusterID string `protobuf:"bytes,2,opt,name=ClusterID,proto3" json:"cluster_id,omitempty"`
	// ResourceID is the RDS instance resource identifier (db-xxx).
	ResourceID string `protobuf:"bytes,3,opt,name=ResourceID,proto3" json:"resource_id,omitempty"`
	// IAMAuth indicates whether database IAM authentication is enabled.
	IAMAuth bool `protobuf:"varint,4,opt,name=IAMAuth,proto3" json:"iam_auth"`
	// Subnets is a list of subnets for the RDS instance.
	Subnets []string `protobuf:"bytes,5,rep,name=Subnets,proto3" json:"subnets,omitempty"`
	// VPCID is the VPC where the RDS is running.
	VPCID string `protobuf:"bytes,6,opt,name=VPCID,proto3" json:"vpc_id,omitempty"`
	// SecurityGroups is a list of attached security groups for the RDS instance.
	SecurityGroups       []string `protobuf:"bytes,7,rep,name=SecurityGroups,proto3" json:"security_groups,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RDS contains AWS RDS specific database metadata.

func (*RDS) Descriptor 

func (*RDS) Descriptor() ([]byte, []int)

func (*RDS) Marshal 

func (m *RDS) Marshal() (dAtA []byte, err error)

func (*RDS) MarshalTo 

func (m *RDS) MarshalTo(dAtA []byte) (int, error)

func (*RDS) MarshalToSizedBuffer 

func (m *RDS) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RDS) ProtoMessage 

func (*RDS) ProtoMessage()

func (*RDS) Reset 

func (m *RDS) Reset()

func (*RDS) Size 

func (m *RDS) Size() (n int)

func (*RDS) String 

func (m *RDS) String() string

func (*RDS) Unmarshal 

func (m *RDS) Unmarshal(dAtA []byte) error

func (*RDS) XXX_DiscardUnknown 

func (m *RDS) XXX_DiscardUnknown()

func (*RDS) XXX_Marshal 

func (m *RDS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RDS) XXX_Merge 

func (m *RDS) XXX_Merge(src proto.Message)

func (*RDS) XXX_Size 

func (m *RDS) XXX_Size() int

func (*RDS) XXX_Unmarshal 

func (m *RDS) XXX_Unmarshal(b []byte) error

type RDSProxy 

type RDSProxy struct {
	// Name is the identifier of an RDS Proxy.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
	// CustomEndpointName is the identifier of an RDS Proxy custom endpoint.
	CustomEndpointName string `protobuf:"bytes,2,opt,name=CustomEndpointName,proto3" json:"custom_endpoint_name,omitempty"`
	// ResourceID is the RDS instance resource identifier (prx-xxx).
	ResourceID           string   `protobuf:"bytes,3,opt,name=ResourceID,proto3" json:"resource_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RDSProxy contains AWS RDS Proxy specific database metadata.

func (*RDSProxy) Descriptor 

func (*RDSProxy) Descriptor() ([]byte, []int)

func (*RDSProxy) Marshal 

func (m *RDSProxy) Marshal() (dAtA []byte, err error)

func (*RDSProxy) MarshalTo 

func (m *RDSProxy) MarshalTo(dAtA []byte) (int, error)

func (*RDSProxy) MarshalToSizedBuffer 

func (m *RDSProxy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RDSProxy) ProtoMessage 

func (*RDSProxy) ProtoMessage()

func (*RDSProxy) Reset 

func (m *RDSProxy) Reset()

func (*RDSProxy) Size 

func (m *RDSProxy) Size() (n int)

func (*RDSProxy) String 

func (m *RDSProxy) String() string

func (*RDSProxy) Unmarshal 

func (m *RDSProxy) Unmarshal(dAtA []byte) error

func (*RDSProxy) XXX_DiscardUnknown 

func (m *RDSProxy) XXX_DiscardUnknown()

func (*RDSProxy) XXX_Marshal 

func (m *RDSProxy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RDSProxy) XXX_Merge 

func (m *RDSProxy) XXX_Merge(src proto.Message)

func (*RDSProxy) XXX_Size 

func (m *RDSProxy) XXX_Size() int

func (*RDSProxy) XXX_Unmarshal 

func (m *RDSProxy) XXX_Unmarshal(b []byte) error

type RecordSession 

type RecordSession struct {
	// Desktop indicates whether desktop sessions should be recorded.
	// It defaults to true unless explicitly set to false.
	Desktop *BoolOption `protobuf:"bytes,1,opt,name=Desktop,proto3,customtype=BoolOption" json:"desktop"`
	// Default indicates the default value for the services.
	Default github_com_gravitational_teleport_api_constants.SessionRecordingMode `` /* 145-byte string literal not displayed */
	// SSH indicates the session mode used on SSH sessions.
	SSH                  github_com_gravitational_teleport_api_constants.SessionRecordingMode `` /* 137-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                                                             `json:"-"`
	XXX_unrecognized     []byte                                                               `json:"-"`
	XXX_sizecache        int32                                                                `json:"-"`
}

func (*RecordSession) Descriptor 

func (*RecordSession) Descriptor() ([]byte, []int)

func (*RecordSession) Marshal 

func (m *RecordSession) Marshal() (dAtA []byte, err error)

func (*RecordSession) MarshalTo 

func (m *RecordSession) MarshalTo(dAtA []byte) (int, error)

func (*RecordSession) MarshalToSizedBuffer 

func (m *RecordSession) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RecordSession) ProtoMessage 

func (*RecordSession) ProtoMessage()

func (*RecordSession) Reset 

func (m *RecordSession) Reset()

func (*RecordSession) Size 

func (m *RecordSession) Size() (n int)

func (*RecordSession) String 

func (m *RecordSession) String() string

func (*RecordSession) Unmarshal 

func (m *RecordSession) Unmarshal(dAtA []byte) error

func (*RecordSession) XXX_DiscardUnknown 

func (m *RecordSession) XXX_DiscardUnknown()

func (*RecordSession) XXX_Marshal 

func (m *RecordSession) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RecordSession) XXX_Merge 

func (m *RecordSession) XXX_Merge(src proto.Message)

func (*RecordSession) XXX_Size 

func (m *RecordSession) XXX_Size() int

func (*RecordSession) XXX_Unmarshal 

func (m *RecordSession) XXX_Unmarshal(b []byte) error

type RecoveryAttempt 

type RecoveryAttempt struct {
	// Time is time of the attempt.
	Time time.Time `json:"time"`
	// Expires defines the time when this attempt should expire.
	Expires time.Time `json:"expires"`
}

RecoveryAttempt represents an unsuccessful attempt at recovering a user's account.

func (*RecoveryAttempt) Check 

func (a *RecoveryAttempt) Check() error

type RecoveryCode 

type RecoveryCode struct {
	// HashedCode is a bcrypt hash of this recovery code.
	HashedCode []byte `protobuf:"bytes,1,opt,name=HashedCode,proto3" json:"hashed_code"`
	// IsUsed determines if this recovery code was used.
	IsUsed               bool     `protobuf:"varint,2,opt,name=IsUsed,proto3" json:"is_used"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RecoveryCode describes a recovery code.

func (*RecoveryCode) Descriptor 

func (*RecoveryCode) Descriptor() ([]byte, []int)

func (*RecoveryCode) Marshal 

func (m *RecoveryCode) Marshal() (dAtA []byte, err error)

func (*RecoveryCode) MarshalTo 

func (m *RecoveryCode) MarshalTo(dAtA []byte) (int, error)

func (*RecoveryCode) MarshalToSizedBuffer 

func (m *RecoveryCode) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RecoveryCode) ProtoMessage 

func (*RecoveryCode) ProtoMessage()

func (*RecoveryCode) Reset 

func (m *RecoveryCode) Reset()

func (*RecoveryCode) Size 

func (m *RecoveryCode) Size() (n int)

func (*RecoveryCode) String 

func (m *RecoveryCode) String() string

func (*RecoveryCode) Unmarshal 

func (m *RecoveryCode) Unmarshal(dAtA []byte) error

func (*RecoveryCode) XXX_DiscardUnknown 

func (m *RecoveryCode) XXX_DiscardUnknown()

func (*RecoveryCode) XXX_Marshal 

func (m *RecoveryCode) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RecoveryCode) XXX_Merge 

func (m *RecoveryCode) XXX_Merge(src proto.Message)

func (*RecoveryCode) XXX_Size 

func (m *RecoveryCode) XXX_Size() int

func (*RecoveryCode) XXX_Unmarshal 

func (m *RecoveryCode) XXX_Unmarshal(b []byte) error

type RecoveryCodesSpecV1 

type RecoveryCodesSpecV1 struct {
	// Codes hold a list of numOfRecoveryCodes.
	Codes []RecoveryCode `protobuf:"bytes,1,rep,name=Codes,proto3" json:"codes"`
	// Created is when the set of recovery codes were generated. Updated when a new set of recovery
	// codes are inserted.
	Created              time.Time `protobuf:"bytes,2,opt,name=Created,proto3,stdtime" json:"created"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

RecoveryCodesSpecV1 is the recovery codes spec.

func (*RecoveryCodesSpecV1) Descriptor 

func (*RecoveryCodesSpecV1) Descriptor() ([]byte, []int)

func (*RecoveryCodesSpecV1) Marshal 

func (m *RecoveryCodesSpecV1) Marshal() (dAtA []byte, err error)

func (*RecoveryCodesSpecV1) MarshalTo 

func (m *RecoveryCodesSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*RecoveryCodesSpecV1) MarshalToSizedBuffer 

func (m *RecoveryCodesSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RecoveryCodesSpecV1) ProtoMessage 

func (*RecoveryCodesSpecV1) ProtoMessage()

func (*RecoveryCodesSpecV1) Reset 

func (m *RecoveryCodesSpecV1) Reset()

func (*RecoveryCodesSpecV1) Size 

func (m *RecoveryCodesSpecV1) Size() (n int)

func (*RecoveryCodesSpecV1) String 

func (m *RecoveryCodesSpecV1) String() string

func (*RecoveryCodesSpecV1) Unmarshal 

func (m *RecoveryCodesSpecV1) Unmarshal(dAtA []byte) error

func (*RecoveryCodesSpecV1) XXX_DiscardUnknown 

func (m *RecoveryCodesSpecV1) XXX_DiscardUnknown()

func (*RecoveryCodesSpecV1) XXX_Marshal 

func (m *RecoveryCodesSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RecoveryCodesSpecV1) XXX_Merge 

func (m *RecoveryCodesSpecV1) XXX_Merge(src proto.Message)

func (*RecoveryCodesSpecV1) XXX_Size 

func (m *RecoveryCodesSpecV1) XXX_Size() int

func (*RecoveryCodesSpecV1) XXX_Unmarshal 

func (m *RecoveryCodesSpecV1) XXX_Unmarshal(b []byte) error

type RecoveryCodesV1 

type RecoveryCodesV1 struct {
	// Kind is the resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind. Currently unused for this resource.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the resource spec.
	Spec                 RecoveryCodesSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

RecoveryCodes holds a user's recovery code information. Recovery codes allows users to regain access to their account by restoring their lost password or multi-factor. Once a recovery code is successfully verified, the code is mark used (which invalidates it), and lets the user begin the recovery flow. When a user successfully finishes the recovery flow, users will get a new set of codes that will replace all the previous ones.

func NewRecoveryCodes 

func NewRecoveryCodes(codes []RecoveryCode, created time.Time, username string) (*RecoveryCodesV1, error)

NewRecoveryCodes creates a new RecoveryCodes with the given codes and created time.

func (*RecoveryCodesV1) CheckAndSetDefaults 

func (t *RecoveryCodesV1) CheckAndSetDefaults() error

CheckAndSetDefaults validates fields and populates empty fields with default values.

func (*RecoveryCodesV1) Descriptor 

func (*RecoveryCodesV1) Descriptor() ([]byte, []int)

func (*RecoveryCodesV1) GetCodes 

func (t *RecoveryCodesV1) GetCodes() []RecoveryCode

GetCodes returns recovery codes.

func (*RecoveryCodesV1) Marshal 

func (m *RecoveryCodesV1) Marshal() (dAtA []byte, err error)

func (*RecoveryCodesV1) MarshalTo 

func (m *RecoveryCodesV1) MarshalTo(dAtA []byte) (int, error)

func (*RecoveryCodesV1) MarshalToSizedBuffer 

func (m *RecoveryCodesV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RecoveryCodesV1) ProtoMessage 

func (*RecoveryCodesV1) ProtoMessage()

func (*RecoveryCodesV1) Reset 

func (m *RecoveryCodesV1) Reset()

func (*RecoveryCodesV1) Size 

func (m *RecoveryCodesV1) Size() (n int)

func (*RecoveryCodesV1) String 

func (m *RecoveryCodesV1) String() string

func (*RecoveryCodesV1) Unmarshal 

func (m *RecoveryCodesV1) Unmarshal(dAtA []byte) error

func (*RecoveryCodesV1) XXX_DiscardUnknown 

func (m *RecoveryCodesV1) XXX_DiscardUnknown()

func (*RecoveryCodesV1) XXX_Marshal 

func (m *RecoveryCodesV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RecoveryCodesV1) XXX_Merge 

func (m *RecoveryCodesV1) XXX_Merge(src proto.Message)

func (*RecoveryCodesV1) XXX_Size 

func (m *RecoveryCodesV1) XXX_Size() int

func (*RecoveryCodesV1) XXX_Unmarshal 

func (m *RecoveryCodesV1) XXX_Unmarshal(b []byte) error

type Redshift 

type Redshift struct {
	// ClusterID is the Redshift cluster identifier.
	ClusterID            string   `protobuf:"bytes,1,opt,name=ClusterID,proto3" json:"cluster_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Redshift contains AWS Redshift specific database metadata.

func (*Redshift) Descriptor 

func (*Redshift) Descriptor() ([]byte, []int)

func (*Redshift) Marshal 

func (m *Redshift) Marshal() (dAtA []byte, err error)

func (*Redshift) MarshalTo 

func (m *Redshift) MarshalTo(dAtA []byte) (int, error)

func (*Redshift) MarshalToSizedBuffer 

func (m *Redshift) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Redshift) ProtoMessage 

func (*Redshift) ProtoMessage()

func (*Redshift) Reset 

func (m *Redshift) Reset()

func (*Redshift) Size 

func (m *Redshift) Size() (n int)

func (*Redshift) String 

func (m *Redshift) String() string

func (*Redshift) Unmarshal 

func (m *Redshift) Unmarshal(dAtA []byte) error

func (*Redshift) XXX_DiscardUnknown 

func (m *Redshift) XXX_DiscardUnknown()

func (*Redshift) XXX_Marshal 

func (m *Redshift) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Redshift) XXX_Merge 

func (m *Redshift) XXX_Merge(src proto.Message)

func (*Redshift) XXX_Size 

func (m *Redshift) XXX_Size() int

func (*Redshift) XXX_Unmarshal 

func (m *Redshift) XXX_Unmarshal(b []byte) error

type RedshiftServerless 

type RedshiftServerless struct {
	// WorkgroupName is the workgroup name.
	WorkgroupName string `protobuf:"bytes,1,opt,name=WorkgroupName,proto3" json:"workgroup_name,omitempty"`
	// EndpointName is the VPC endpoint name.
	EndpointName string `protobuf:"bytes,2,opt,name=EndpointName,proto3" json:"endpoint_name,omitempty"`
	// WorkgroupID is the workgroup ID.
	WorkgroupID          string   `protobuf:"bytes,3,opt,name=WorkgroupID,proto3" json:"workgroup_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RedshiftServerless contains AWS Redshift Serverless specific metadata.

func (*RedshiftServerless) Descriptor 

func (*RedshiftServerless) Descriptor() ([]byte, []int)

func (*RedshiftServerless) Marshal 

func (m *RedshiftServerless) Marshal() (dAtA []byte, err error)

func (*RedshiftServerless) MarshalTo 

func (m *RedshiftServerless) MarshalTo(dAtA []byte) (int, error)

func (*RedshiftServerless) MarshalToSizedBuffer 

func (m *RedshiftServerless) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RedshiftServerless) ProtoMessage 

func (*RedshiftServerless) ProtoMessage()

func (*RedshiftServerless) Reset 

func (m *RedshiftServerless) Reset()

func (*RedshiftServerless) Size 

func (m *RedshiftServerless) Size() (n int)

func (*RedshiftServerless) String 

func (m *RedshiftServerless) String() string

func (*RedshiftServerless) Unmarshal 

func (m *RedshiftServerless) Unmarshal(dAtA []byte) error

func (*RedshiftServerless) XXX_DiscardUnknown 

func (m *RedshiftServerless) XXX_DiscardUnknown()

func (*RedshiftServerless) XXX_Marshal 

func (m *RedshiftServerless) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RedshiftServerless) XXX_Merge 

func (m *RedshiftServerless) XXX_Merge(src proto.Message)

func (*RedshiftServerless) XXX_Size 

func (m *RedshiftServerless) XXX_Size() int

func (*RedshiftServerless) XXX_Unmarshal 

func (m *RedshiftServerless) XXX_Unmarshal(b []byte) error

type RegisterUsingTokenRequest 

type RegisterUsingTokenRequest struct {
	// HostID is a unique host ID, usually a UUID
	HostID string `protobuf:"bytes,1,opt,name=HostID,proto3" json:"hostID"`
	// NodeName is a node name
	NodeName string `protobuf:"bytes,2,opt,name=NodeName,proto3" json:"node_name"`
	// Role is a system role, e.g. Proxy
	Role SystemRole `protobuf:"bytes,3,opt,name=Role,proto3,casttype=SystemRole" json:"role"`
	// Token is the name of an authentication token
	Token string `protobuf:"bytes,4,opt,name=Token,proto3" json:"token"`
	// AdditionalPrincipals is a list of additional principals
	AdditionalPrincipals []string `protobuf:"bytes,5,rep,name=AdditionalPrincipals,proto3" json:"additional_principals"`
	// DNSNames is a list of DNS names to include in the x509 client certificate
	DNSNames []string `protobuf:"bytes,6,rep,name=DNSNames,proto3" json:"dns_names"`
	// PublicTLSKey is a PEM encoded public key
	// used for TLS setup
	PublicTLSKey []byte `protobuf:"bytes,7,opt,name=PublicTLSKey,proto3" json:"public_tls_key"`
	// PublicSSHKey is a SSH encoded public key,
	// if present will be signed as a return value
	// otherwise, new public/private key pair will be generated
	PublicSSHKey []byte `protobuf:"bytes,8,opt,name=PublicSSHKey,proto3" json:"public_ssh_key"`
	// RemoteAddr is the remote address of the host requesting a host certificate.
	// It is used to replace 0.0.0.0 in the list of additional principals.
	RemoteAddr string `protobuf:"bytes,9,opt,name=RemoteAddr,proto3" json:"remote_addr"`
	// EC2IdentityDocument is used for the EC2 join method to prove the identity
	// of a joining EC2 instance.
	EC2IdentityDocument []byte `protobuf:"bytes,10,opt,name=EC2IdentityDocument,proto3" json:"ec2_id"`
	// IDToken is a token provided by a workload identity provider as part of
	// OIDC join types such as GitHub.
	IDToken string `protobuf:"bytes,11,opt,name=IDToken,proto3" json:"id_token"`
	// Expires is a desired time of the expiry of user certificates returned by
	// registration. This only applies to bot joining, and will be ignored by
	// node joining.
	Expires *time.Time `protobuf:"bytes,12,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
	// BotInstanceID is a trusted instance identifier for a Machine ID bot,
	// provided when rejoining. This parameter may only be provided by the join
	// service and is ignored otherwise; bots should otherwise rejoin with their
	// existing client certificate to prove their instance identity.
	BotInstanceID string `protobuf:"bytes,13,opt,name=BotInstanceID,proto3" json:"bot_instance_id"`
	// BotGeneration is a trusted generation counter value for Machine ID bots,
	// provided to Auth by the Join Service when bots rejoin via a streamed/gRPC
	// join method. Rejoining bots supply this value via a client certificate
	// extension; it is ignored from other sources.
	BotGeneration int32 `protobuf:"varint,14,opt,name=BotGeneration,proto3" json:"bot_generation"`
	// PreviousBotInstanceID is a trusted previous instance identifier for a
	// Machine ID bot. This parameter may only be set internally during certain
	// join processes and is ignored otherwise.
	PreviousBotInstanceID string   `protobuf:"bytes,15,opt,name=PreviousBotInstanceID,proto3" json:"previous_bot_instance_id"`
	XXX_NoUnkeyedLiteral  struct{} `json:"-"`
	XXX_unrecognized      []byte   `json:"-"`
	XXX_sizecache         int32    `json:"-"`
}

RegisterUsingTokenRequest is a request to register with the Auth Service using an authentication token

func (*RegisterUsingTokenRequest) CheckAndSetDefaults 

func (r *RegisterUsingTokenRequest) CheckAndSetDefaults() error

CheckAndSetDefaults checks for errors and sets defaults

func (*RegisterUsingTokenRequest) Descriptor 

func (*RegisterUsingTokenRequest) Descriptor() ([]byte, []int)

func (*RegisterUsingTokenRequest) Marshal 

func (m *RegisterUsingTokenRequest) Marshal() (dAtA []byte, err error)

func (*RegisterUsingTokenRequest) MarshalTo 

func (m *RegisterUsingTokenRequest) MarshalTo(dAtA []byte) (int, error)

func (*RegisterUsingTokenRequest) MarshalToSizedBuffer 

func (m *RegisterUsingTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RegisterUsingTokenRequest) ProtoMessage 

func (*RegisterUsingTokenRequest) ProtoMessage()

func (*RegisterUsingTokenRequest) Reset 

func (m *RegisterUsingTokenRequest) Reset()

func (*RegisterUsingTokenRequest) Size 

func (m *RegisterUsingTokenRequest) Size() (n int)

func (*RegisterUsingTokenRequest) String 

func (m *RegisterUsingTokenRequest) String() string

func (*RegisterUsingTokenRequest) Unmarshal 

func (m *RegisterUsingTokenRequest) Unmarshal(dAtA []byte) error

func (*RegisterUsingTokenRequest) XXX_DiscardUnknown 

func (m *RegisterUsingTokenRequest) XXX_DiscardUnknown()

func (*RegisterUsingTokenRequest) XXX_Marshal 

func (m *RegisterUsingTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RegisterUsingTokenRequest) XXX_Merge 

func (m *RegisterUsingTokenRequest) XXX_Merge(src proto.Message)

func (*RegisterUsingTokenRequest) XXX_Size 

func (m *RegisterUsingTokenRequest) XXX_Size() int

func (*RegisterUsingTokenRequest) XXX_Unmarshal 

func (m *RegisterUsingTokenRequest) XXX_Unmarshal(b []byte) error

type Release 

type Release struct {
	// NotesMD is the notes of the release in markdown
	NotesMD string `protobuf:"bytes,1,opt,name=NotesMD,proto3" json:"notes_md"`
	// Product is the release product, teleport or teleport-ent
	Product string `protobuf:"bytes,2,opt,name=Product,proto3" json:"product"`
	// ReleaseID is the ID of the product
	ReleaseID string `protobuf:"bytes,3,opt,name=ReleaseID,proto3" json:"release_id"`
	// Status is the status of the release
	Status string `protobuf:"bytes,4,opt,name=Status,proto3" json:"status"`
	// Version is the version of the release
	Version string `protobuf:"bytes,5,opt,name=Version,proto3" json:"version"`
	// Assets is a list of assets related to the release
	Assets               []*Asset `protobuf:"bytes,6,rep,name=Assets,proto3" json:"assets"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Release correspond to a Teleport Enterprise releases

func (*Release) Descriptor 

func (*Release) Descriptor() ([]byte, []int)

func (*Release) Marshal 

func (m *Release) Marshal() (dAtA []byte, err error)

func (*Release) MarshalTo 

func (m *Release) MarshalTo(dAtA []byte) (int, error)

func (*Release) MarshalToSizedBuffer 

func (m *Release) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Release) ProtoMessage 

func (*Release) ProtoMessage()

func (*Release) Reset 

func (m *Release) Reset()

func (*Release) Size 

func (m *Release) Size() (n int)

func (*Release) String 

func (m *Release) String() string

func (*Release) Unmarshal 

func (m *Release) Unmarshal(dAtA []byte) error

func (*Release) XXX_DiscardUnknown 

func (m *Release) XXX_DiscardUnknown()

func (*Release) XXX_Marshal 

func (m *Release) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Release) XXX_Merge 

func (m *Release) XXX_Merge(src proto.Message)

func (*Release) XXX_Size 

func (m *Release) XXX_Size() int

func (*Release) XXX_Unmarshal 

func (m *Release) XXX_Unmarshal(b []byte) error

type RemoteCluster 

type RemoteCluster interface {
	// Resource provides common resource properties
	Resource
	// GetConnectionStatus returns connection status
	GetConnectionStatus() string
	// SetConnectionStatus sets connection  status
	SetConnectionStatus(string)

	// GetLastHeartbeat returns last heartbeat of the cluster
	GetLastHeartbeat() time.Time
	// SetLastHeartbeat sets last heartbeat of the cluster
	SetLastHeartbeat(t time.Time)

	// SetMetadata sets remote cluster metatada
	SetMetadata(Metadata)

	// Clone performs a deep copy.
	Clone() RemoteCluster

	// GetLabel retrieves the label with the provided key. If not found value
	// will be empty and ok will be false.
	GetLabel(key string) (value string, ok bool)

	// GetAllLabels returns all labels for the remote cluster
	GetAllLabels() map[string]string
}

RemoteCluster represents a remote cluster that has connected via reverse tunnel to this cluster

func NewRemoteCluster 

func NewRemoteCluster(name string) (RemoteCluster, error)

NewRemoteCluster is a convenience way to create a RemoteCluster resource.

type RemoteClusterStatusV3 

type RemoteClusterStatusV3 struct {
	// Connection represents connection status, online or offline
	Connection string `protobuf:"bytes,1,opt,name=Connection,proto3" json:"connection"`
	// LastHeartbeat records last heartbeat of the cluster
	LastHeartbeat        time.Time `protobuf:"bytes,2,opt,name=LastHeartbeat,proto3,stdtime" json:"last_heartbeat"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

RemoteClusterStatusV3 represents status of the remote cluster

func (*RemoteClusterStatusV3) Descriptor 

func (*RemoteClusterStatusV3) Descriptor() ([]byte, []int)

func (*RemoteClusterStatusV3) Marshal 

func (m *RemoteClusterStatusV3) Marshal() (dAtA []byte, err error)

func (*RemoteClusterStatusV3) MarshalTo 

func (m *RemoteClusterStatusV3) MarshalTo(dAtA []byte) (int, error)

func (*RemoteClusterStatusV3) MarshalToSizedBuffer 

func (m *RemoteClusterStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RemoteClusterStatusV3) ProtoMessage 

func (*RemoteClusterStatusV3) ProtoMessage()

func (*RemoteClusterStatusV3) Reset 

func (m *RemoteClusterStatusV3) Reset()

func (*RemoteClusterStatusV3) Size 

func (m *RemoteClusterStatusV3) Size() (n int)

func (*RemoteClusterStatusV3) String 

func (m *RemoteClusterStatusV3) String() string

func (*RemoteClusterStatusV3) Unmarshal 

func (m *RemoteClusterStatusV3) Unmarshal(dAtA []byte) error

func (*RemoteClusterStatusV3) XXX_DiscardUnknown 

func (m *RemoteClusterStatusV3) XXX_DiscardUnknown()

func (*RemoteClusterStatusV3) XXX_Marshal 

func (m *RemoteClusterStatusV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RemoteClusterStatusV3) XXX_Merge 

func (m *RemoteClusterStatusV3) XXX_Merge(src proto.Message)

func (*RemoteClusterStatusV3) XXX_Size 

func (m *RemoteClusterStatusV3) XXX_Size() int

func (*RemoteClusterStatusV3) XXX_Unmarshal 

func (m *RemoteClusterStatusV3) XXX_Unmarshal(b []byte) error

type RemoteClusterV3 

type RemoteClusterV3 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is resource API version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Status is a remote cluster status
	Status               RemoteClusterStatusV3 `protobuf:"bytes,5,opt,name=Status,proto3" json:"status"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

RemoteClusterV3 represents remote cluster resource specification

func (*RemoteClusterV3) CheckAndSetDefaults 

func (c *RemoteClusterV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*RemoteClusterV3) Clone 

func (c *RemoteClusterV3) Clone() RemoteCluster

Clone performs a deep copy.

func (*RemoteClusterV3) Descriptor 

func (*RemoteClusterV3) Descriptor() ([]byte, []int)

func (*RemoteClusterV3) Expiry 

func (c *RemoteClusterV3) Expiry() time.Time

Expiry returns object expiry setting

func (*RemoteClusterV3) GetAllLabels 

func (c *RemoteClusterV3) GetAllLabels() map[string]string

GetAllLabels returns all labels for the remote cluster. Remote clusters only have static labels.

func (*RemoteClusterV3) GetConnectionStatus 

func (c *RemoteClusterV3) GetConnectionStatus() string

GetConnectionStatus returns connection status

func (*RemoteClusterV3) GetKind 

func (c *RemoteClusterV3) GetKind() string

GetKind returns resource kind

func (*RemoteClusterV3) GetLabel 

func (c *RemoteClusterV3) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*RemoteClusterV3) GetLastHeartbeat 

func (c *RemoteClusterV3) GetLastHeartbeat() time.Time

GetLastHeartbeat returns last heartbeat of the cluster

func (*RemoteClusterV3) GetMetadata 

func (c *RemoteClusterV3) GetMetadata() Metadata

GetMetadata returns object metadata

func (*RemoteClusterV3) GetName 

func (c *RemoteClusterV3) GetName() string

GetName returns the name of the RemoteCluster.

func (*RemoteClusterV3) GetRevision 

func (c *RemoteClusterV3) GetRevision() string

GetRevision returns the revision

func (*RemoteClusterV3) GetSubKind 

func (c *RemoteClusterV3) GetSubKind() string

GetSubKind returns resource sub kind

func (*RemoteClusterV3) GetVersion 

func (c *RemoteClusterV3) GetVersion() string

GetVersion returns resource version

func (*RemoteClusterV3) Marshal 

func (m *RemoteClusterV3) Marshal() (dAtA []byte, err error)

func (*RemoteClusterV3) MarshalTo 

func (m *RemoteClusterV3) MarshalTo(dAtA []byte) (int, error)

func (*RemoteClusterV3) MarshalToSizedBuffer 

func (m *RemoteClusterV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RemoteClusterV3) ProtoMessage 

func (*RemoteClusterV3) ProtoMessage()

func (*RemoteClusterV3) Reset 

func (m *RemoteClusterV3) Reset()

func (*RemoteClusterV3) SetConnectionStatus 

func (c *RemoteClusterV3) SetConnectionStatus(status string)

SetConnectionStatus sets connection status

func (*RemoteClusterV3) SetExpiry 

func (c *RemoteClusterV3) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*RemoteClusterV3) SetLastHeartbeat 

func (c *RemoteClusterV3) SetLastHeartbeat(t time.Time)

SetLastHeartbeat sets last heartbeat of the cluster

func (*RemoteClusterV3) SetMetadata 

func (c *RemoteClusterV3) SetMetadata(meta Metadata)

SetMetadata sets remote cluster metatada

func (*RemoteClusterV3) SetName 

func (c *RemoteClusterV3) SetName(e string)

SetName sets the name of the RemoteCluster.

func (*RemoteClusterV3) SetRevision 

func (c *RemoteClusterV3) SetRevision(rev string)

SetRevision sets the revision

func (*RemoteClusterV3) SetSubKind 

func (c *RemoteClusterV3) SetSubKind(s string)

SetSubKind sets resource subkind

func (*RemoteClusterV3) Size 

func (m *RemoteClusterV3) Size() (n int)

func (*RemoteClusterV3) String 

func (c *RemoteClusterV3) String() string

String represents a human readable version of remote cluster settings.

func (*RemoteClusterV3) Unmarshal 

func (m *RemoteClusterV3) Unmarshal(dAtA []byte) error

func (*RemoteClusterV3) XXX_DiscardUnknown 

func (m *RemoteClusterV3) XXX_DiscardUnknown()

func (*RemoteClusterV3) XXX_Marshal 

func (m *RemoteClusterV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RemoteClusterV3) XXX_Merge 

func (m *RemoteClusterV3) XXX_Merge(src proto.Message)

func (*RemoteClusterV3) XXX_Size 

func (m *RemoteClusterV3) XXX_Size() int

func (*RemoteClusterV3) XXX_Unmarshal 

func (m *RemoteClusterV3) XXX_Unmarshal(b []byte) error

type RequestKubernetesResource 

type RequestKubernetesResource struct {
	// kind specifies the Kubernetes Resource type.
	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
	// APIGroup specifies the Kubernetes Resource API group.
	APIGroup             string   `protobuf:"bytes,2,opt,name=APIGroup,proto3" json:"api_group,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RequestKubernetesResource is the Kubernetes resource identifier used in access request settings. Modeled after existing message KubernetesResource.

func (*RequestKubernetesResource) Descriptor 

func (*RequestKubernetesResource) Descriptor() ([]byte, []int)

func (*RequestKubernetesResource) Marshal 

func (m *RequestKubernetesResource) Marshal() (dAtA []byte, err error)

func (*RequestKubernetesResource) MarshalTo 

func (m *RequestKubernetesResource) MarshalTo(dAtA []byte) (int, error)

func (*RequestKubernetesResource) MarshalToSizedBuffer 

func (m *RequestKubernetesResource) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RequestKubernetesResource) ProtoMessage 

func (*RequestKubernetesResource) ProtoMessage()

func (*RequestKubernetesResource) Reset 

func (m *RequestKubernetesResource) Reset()

func (*RequestKubernetesResource) Size 

func (m *RequestKubernetesResource) Size() (n int)

func (*RequestKubernetesResource) String 

func (m *RequestKubernetesResource) String() string

func (*RequestKubernetesResource) Unmarshal 

func (m *RequestKubernetesResource) Unmarshal(dAtA []byte) error

func (*RequestKubernetesResource) XXX_DiscardUnknown 

func (m *RequestKubernetesResource) XXX_DiscardUnknown()

func (*RequestKubernetesResource) XXX_Marshal 

func (m *RequestKubernetesResource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RequestKubernetesResource) XXX_Merge 

func (m *RequestKubernetesResource) XXX_Merge(src proto.Message)

func (*RequestKubernetesResource) XXX_Size 

func (m *RequestKubernetesResource) XXX_Size() int

func (*RequestKubernetesResource) XXX_Unmarshal 

func (m *RequestKubernetesResource) XXX_Unmarshal(b []byte) error

type RequestReasonMode 

type RequestReasonMode string

RequestReasonMode can be either "required" or "optional". Empty-string is treated as "optional". If a role has the request reason mode set to "required", then reason is required for all Access Requests requesting roles or resources allowed by this role. It applies only to users who have this role assigned. 

const (
	// RequestReasonModeRequired indicates required mode. See [[RequestReasonMode]] godoc for
	// more details.
	RequestReasonModeRequired RequestReasonMode = "required"
	// RequestReasonModeRequired indicates optional mode. See [[RequestReasonMode]] godoc for
	// more details.
	RequestReasonModeOptional RequestReasonMode = "optional"
)

func (RequestReasonMode) Check 

func (m RequestReasonMode) Check() error

Check validates this mode value. Note that an empty value is considered invalid.

func (RequestReasonMode) Required 

func (m RequestReasonMode) Required() bool

Required checks if this mode is "required". Empty mode is treated as "optional".

type RequestState 

type RequestState int32

RequestState represents the state of a request for escalated privilege. 

const (
	// NONE variant exists to allow RequestState to be explicitly omitted
	// in certain circumstances (e.g. in an AccessRequestFilter).
	RequestState_NONE RequestState = 0
	// PENDING variant is the default for newly created requests.
	RequestState_PENDING RequestState = 1
	// APPROVED variant indicates that a request has been accepted by
	// an administrating party.
	RequestState_APPROVED RequestState = 2
	// DENIED variant indicates that a request has been rejected by
	// an administrating party.
	RequestState_DENIED RequestState = 3
	// PROMOTED variant indicates that a request has been promoted to
	// an access list.
	RequestState_PROMOTED RequestState = 4
)

func (RequestState) EnumDescriptor 

func (RequestState) EnumDescriptor() ([]byte, []int)

func (RequestState) IsApproved 

func (s RequestState) IsApproved() bool

IsApproved request state

func (RequestState) IsDenied 

func (s RequestState) IsDenied() bool

IsDenied request state

func (RequestState) IsNone 

func (s RequestState) IsNone() bool

IsNone request state

func (RequestState) IsPending 

func (s RequestState) IsPending() bool

IsPending request state

func (RequestState) IsPromoted 

func (s RequestState) IsPromoted() bool

IsPromoted returns true is the request in the PROMOTED state.

func (RequestState) IsResolved 

func (s RequestState) IsResolved() bool

IsResolved request state

func (*RequestState) Parse 

func (s *RequestState) Parse(val string) error

Parse attempts to interpret a value as a string representation of a RequestState.

func (RequestState) String 

func (x RequestState) String() string

type RequestStrategy 

type RequestStrategy string

RequestStrategy is an indicator of how access requests should be handled for holders of a given role. 

const (
	// RequestStrategyOptional is the default request strategy,
	// indicating that no special actions/requirements exist.
	RequestStrategyOptional RequestStrategy = "optional"

	// RequestStrategyReason indicates that client implementations
	// should automatically generate wildcard requests on login, and
	// users should be prompted for a reason.
	RequestStrategyReason RequestStrategy = "reason"

	// RequestStrategyAlways indicates that client implementations
	// should automatically generate wildcard requests on login, but
	// that reasons are not required.
	RequestStrategyAlways RequestStrategy = "always"
)

func (RequestStrategy) RequireReason 

func (s RequestStrategy) RequireReason() bool

RequireReason checks if the request strategy is one that requires users to always supply reasons with their requests.

func (RequestStrategy) ShouldAutoRequest 

func (s RequestStrategy) ShouldAutoRequest() bool

ShouldAutoRequest checks if the request strategy indicates that a request should be automatically generated on login.

type RequireMFAType 

type RequireMFAType int32

RequireMFAType is a type of MFA requirement enforced outside of login, such as per-session MFA or per-request PIV touch. 

const (
	// OFF means additional MFA enforcement is not enabled.
	RequireMFAType_OFF RequireMFAType = 0
	// SESSION means MFA is required to begin server sessions.
	RequireMFAType_SESSION RequireMFAType = 1
	// SESSION_AND_HARDWARE_KEY means MFA is required to begin server sessions,
	// and login sessions must use a private key backed by a hardware key.
	RequireMFAType_SESSION_AND_HARDWARE_KEY RequireMFAType = 2
	// HARDWARE_KEY_TOUCH means login sessions must use a hardware private key that
	// requires touch to be used.
	RequireMFAType_HARDWARE_KEY_TOUCH RequireMFAType = 3
	// HARDWARE_KEY_PIN means login sessions must use a hardware private key that
	// requires pin to be used.
	RequireMFAType_HARDWARE_KEY_PIN RequireMFAType = 4
	// HARDWARE_KEY_TOUCH_AND_PIN means login sessions must use a hardware private key that
	// requires touch and pin to be used.
	RequireMFAType_HARDWARE_KEY_TOUCH_AND_PIN RequireMFAType = 5
)

func (RequireMFAType) EnumDescriptor 

func (RequireMFAType) EnumDescriptor() ([]byte, []int)

func (RequireMFAType) IsSessionMFARequired 

func (r RequireMFAType) IsSessionMFARequired() bool

IsSessionMFARequired returns whether this RequireMFAType requires per-session MFA.

func (*RequireMFAType) MarshalJSON 

func (r *RequireMFAType) MarshalJSON() ([]byte, error)

MarshalJSON marshals RequireMFAType to boolean or string.

func (*RequireMFAType) MarshalYAML 

func (r *RequireMFAType) MarshalYAML() (interface{}, error)

MarshalJSON marshals RequireMFAType to boolean or string.

func (RequireMFAType) String 

func (x RequireMFAType) String() string

func (*RequireMFAType) UnmarshalJSON 

func (r *RequireMFAType) UnmarshalJSON(data []byte) error

UnmarshalJSON supports parsing RequireMFAType from boolean or alias.

func (*RequireMFAType) UnmarshalYAML 

func (r *RequireMFAType) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML supports parsing RequireMFAType from boolean or alias.

type Resolution 

type Resolution struct {
	Width                uint32   `protobuf:"varint,1,opt,name=Width,proto3" json:"width,omitempty"`
	Height               uint32   `protobuf:"varint,2,opt,name=Height,proto3" json:"height,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Resolution) Descriptor 

func (*Resolution) Descriptor() ([]byte, []int)

func (*Resolution) Marshal 

func (m *Resolution) Marshal() (dAtA []byte, err error)

func (*Resolution) MarshalTo 

func (m *Resolution) MarshalTo(dAtA []byte) (int, error)

func (*Resolution) MarshalToSizedBuffer 

func (m *Resolution) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Resolution) ProtoMessage 

func (*Resolution) ProtoMessage()

func (*Resolution) Reset 

func (m *Resolution) Reset()

func (*Resolution) Size 

func (m *Resolution) Size() (n int)

func (*Resolution) String 

func (m *Resolution) String() string

func (*Resolution) Unmarshal 

func (m *Resolution) Unmarshal(dAtA []byte) error

func (*Resolution) XXX_DiscardUnknown 

func (m *Resolution) XXX_DiscardUnknown()

func (*Resolution) XXX_Marshal 

func (m *Resolution) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Resolution) XXX_Merge 

func (m *Resolution) XXX_Merge(src proto.Message)

func (*Resolution) XXX_Size 

func (m *Resolution) XXX_Size() int

func (*Resolution) XXX_Unmarshal 

func (m *Resolution) XXX_Unmarshal(b []byte) error

type Resource 

type Resource interface {
	// GetKind returns resource kind
	GetKind() string
	// GetSubKind returns resource subkind
	GetSubKind() string
	// SetSubKind sets resource subkind
	SetSubKind(string)
	// GetVersion returns resource version
	GetVersion() string
	// GetName returns the name of the resource
	GetName() string
	// SetName sets the name of the resource
	SetName(string)
	// Expiry returns object expiry setting
	Expiry() time.Time
	// SetExpiry sets object expiry
	SetExpiry(time.Time)
	// GetMetadata returns object metadata
	GetMetadata() Metadata
	// GetRevision returns the revision
	GetRevision() string
	// SetRevision sets the revision
	SetRevision(string)
}

Resource represents common properties for all resources.

Please avoid adding new uses of Resource in the codebase. Instead, consider using concrete proto types directly or a manually declared subset of the Resource153 interface for new-style resources.

func ProtoResource153ToLegacy 

func ProtoResource153ToLegacy[T ProtoResource153](r T) Resource

ProtoResource153ToLegacy transforms an RFD 153 style resource implemented by a proto-generated struct into a legacy Resource type. Implements ResourceWithLabels and CloneResource (where the wrapped resource supports cloning).

Note that CheckAndSetDefaults is a noop for the returned resource and SetSubKind is not implemented and panics on use.

func Resource153ToLegacy 

func Resource153ToLegacy[T Resource153](r T) Resource

Resource153ToLegacy transforms an RFD 153 style resource into a legacy Resource type. Implements ResourceWithLabels and CloneResource (where the) wrapped resource supports cloning).

Resources153 implemented by proto-generated structs should use ProtoResource153ToLegacy instead as it will ensure the protobuf message is properly marshaled to JSON with protojson.

Note that CheckAndSetDefaults is a noop for the returned resource and SetSubKind is not implemented and panics on use.

type Resource153 

type Resource153 interface {
	// GetKind returns the resource kind.
	//
	// Kind is usually hard-coded for each underlying type.
	GetKind() string

	// GetSubKind returns the resource sub-kind, if any.
	GetSubKind() string

	// GetVersion returns the resource API version.
	//
	// See [headerv1.Metadata.Revision] for an identifier of the resource over
	// time.
	GetVersion() string

	// GetMetadata returns the generic resource metadata.
	GetMetadata() *headerv1.Metadata
}

Resource153 is a resource that follows RFD 153.

It exists as a weak guideline for fields that resource protos must provide and as a way to adapt "new" resources to the legacy Resource interface.

Strongly prefer using actual types, like *myprotov1.Foo, instead of this interface. If you do need to represent resources in a generic manner, consider declaring a smaller interface with only what you need.

Embedding or further extending this interface is highly discouraged.

func LegacyToResource153 

func LegacyToResource153(r Resource) Resource153

LegacyToResource153 converts a legacy Resource into a Resource153.

Useful to handle old and new resources uniformly. If you can, consider further "downgrading" the Resource153 interface into the smallest subset that works for you (for example, ResourceMetadata).

type Resource153UnwrapperT 

type Resource153UnwrapperT[T Resource153] interface{ UnwrapT() T }

Resource153UnwrapperT returns a [T] from a wrapped RFD 153 style resource.

type ResourceDetails 

type ResourceDetails struct {
	Hostname     string
	FriendlyName string
}

ResourceDetails includes details about the resource

type ResourceHeader 

type ResourceHeader struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind,omitempty"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the API version used to create the resource. It must be
	// specified. Based on this version, Teleport will apply different defaults on
	// resource creation or deletion. It must be an integer prefixed by "v".
	// For example: `v1`
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version,omitempty"`
	// Metadata is resource metadata
	Metadata             Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ResourceHeader is a shared resource header used in cases when only type and name is known

func (*ResourceHeader) CheckAndSetDefaults 

func (h *ResourceHeader) CheckAndSetDefaults() error

func (*ResourceHeader) Descriptor 

func (*ResourceHeader) Descriptor() ([]byte, []int)

func (*ResourceHeader) Expiry 

func (h *ResourceHeader) Expiry() time.Time

Expiry returns object expiry setting

func (*ResourceHeader) GetAllLabels 

func (h *ResourceHeader) GetAllLabels() map[string]string

GetAllLabels returns all labels from the resource..

func (*ResourceHeader) GetKind 

func (h *ResourceHeader) GetKind() string

GetKind returns resource kind

func (*ResourceHeader) GetLabel 

func (h *ResourceHeader) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*ResourceHeader) GetMetadata 

func (h *ResourceHeader) GetMetadata() Metadata

GetMetadata returns object metadata

func (*ResourceHeader) GetName 

func (h *ResourceHeader) GetName() string

GetName returns the name of the resource

func (*ResourceHeader) GetRevision 

func (h *ResourceHeader) GetRevision() string

GetRevision returns the revision

func (*ResourceHeader) GetStaticLabels 

func (h *ResourceHeader) GetStaticLabels() map[string]string

GetStaticLabels returns the static labels for the resource.

func (*ResourceHeader) GetSubKind 

func (h *ResourceHeader) GetSubKind() string

GetSubKind returns resource subkind

func (*ResourceHeader) GetVersion 

func (h *ResourceHeader) GetVersion() string

GetVersion returns resource version

func (*ResourceHeader) IsEqual 

func (h *ResourceHeader) IsEqual(other *ResourceHeader) bool

IsEqual determines if two resource header resources are equivalent to one another.

func (*ResourceHeader) Marshal 

func (m *ResourceHeader) Marshal() (dAtA []byte, err error)

func (*ResourceHeader) MarshalTo 

func (m *ResourceHeader) MarshalTo(dAtA []byte) (int, error)

func (*ResourceHeader) MarshalToSizedBuffer 

func (m *ResourceHeader) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourceHeader) Origin 

func (h *ResourceHeader) Origin() string

Origin returns the origin value of the resource.

func (*ResourceHeader) ProtoMessage 

func (*ResourceHeader) ProtoMessage()

func (*ResourceHeader) Reset 

func (m *ResourceHeader) Reset()

func (*ResourceHeader) SetExpiry 

func (h *ResourceHeader) SetExpiry(t time.Time)

SetExpiry sets object expiry

func (*ResourceHeader) SetName 

func (h *ResourceHeader) SetName(v string)

SetName sets the name of the resource

func (*ResourceHeader) SetOrigin 

func (h *ResourceHeader) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*ResourceHeader) SetRevision 

func (h *ResourceHeader) SetRevision(rev string)

SetRevision sets the revision

func (*ResourceHeader) SetStaticLabels 

func (h *ResourceHeader) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the static labels for the resource.

func (*ResourceHeader) SetSubKind 

func (h *ResourceHeader) SetSubKind(s string)

SetSubKind sets resource subkind

func (*ResourceHeader) Size 

func (m *ResourceHeader) Size() (n int)

func (*ResourceHeader) String 

func (m *ResourceHeader) String() string

func (*ResourceHeader) Unmarshal 

func (m *ResourceHeader) Unmarshal(dAtA []byte) error

func (*ResourceHeader) XXX_DiscardUnknown 

func (m *ResourceHeader) XXX_DiscardUnknown()

func (*ResourceHeader) XXX_Marshal 

func (m *ResourceHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourceHeader) XXX_Merge 

func (m *ResourceHeader) XXX_Merge(src proto.Message)

func (*ResourceHeader) XXX_Size 

func (m *ResourceHeader) XXX_Size() int

func (*ResourceHeader) XXX_Unmarshal 

func (m *ResourceHeader) XXX_Unmarshal(b []byte) error

type ResourceID 

type ResourceID struct {
	// ClusterName is the name of the cluster the resource is in.
	ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster"`
	// Kind is the resource kind.
	Kind string `protobuf:"bytes,2,opt,name=Kind,proto3" json:"kind"`
	// Name is the name of the specific resource.
	Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name"`
	// SubResourceName is the resource belonging to resource identified by "Name"
	// that the user is allowed to access to.
	// When granting access to a subresource, access to other resources is limited.
	// Currently it just supports resources of Kind=pod and the format is the following
	// "<kube_namespace>/<kube_pod>".
	SubResourceName      string   `protobuf:"bytes,4,opt,name=SubResourceName,proto3" json:"sub_resource,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ResourceID is a unique identifier for a teleport resource. Must be kept in sync with teleport.decision.v1alpha1.ResourceId.

func ResourceIDFromString 

func ResourceIDFromString(raw string) (ResourceID, error)

ResourceIDFromString parses a ResourceID from a string. The string should have been obtained from ResourceIDToString.

func ResourceIDsFromString 

func ResourceIDsFromString(raw string) ([]ResourceID, error)

ResourceIDsFromString parses a list of resource IDs from a single string. The string should have been obtained from ResourceIDsToString.

func ResourceIDsFromStrings 

func ResourceIDsFromStrings(resourceIDStrs []string) ([]ResourceID, error)

ResourceIDsFromStrings parses a list of ResourceIDs from a list of strings. Each string should have been obtained from ResourceIDToString.

func (*ResourceID) CheckAndSetDefaults 

func (id *ResourceID) CheckAndSetDefaults() error

func (*ResourceID) Descriptor 

func (*ResourceID) Descriptor() ([]byte, []int)

func (*ResourceID) Marshal 

func (m *ResourceID) Marshal() (dAtA []byte, err error)

func (*ResourceID) MarshalTo 

func (m *ResourceID) MarshalTo(dAtA []byte) (int, error)

func (*ResourceID) MarshalToSizedBuffer 

func (m *ResourceID) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourceID) ProtoMessage 

func (*ResourceID) ProtoMessage()

func (*ResourceID) Reset 

func (m *ResourceID) Reset()

func (*ResourceID) Size 

func (m *ResourceID) Size() (n int)

func (*ResourceID) String 

func (m *ResourceID) String() string

func (*ResourceID) Unmarshal 

func (m *ResourceID) Unmarshal(dAtA []byte) error

func (*ResourceID) XXX_DiscardUnknown 

func (m *ResourceID) XXX_DiscardUnknown()

func (*ResourceID) XXX_Marshal 

func (m *ResourceID) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourceID) XXX_Merge 

func (m *ResourceID) XXX_Merge(src proto.Message)

func (*ResourceID) XXX_Size 

func (m *ResourceID) XXX_Size() int

func (*ResourceID) XXX_Unmarshal 

func (m *ResourceID) XXX_Unmarshal(b []byte) error

type ResourceInNamespaceRequest 

type ResourceInNamespaceRequest struct {
	// Name is the name of the resource.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
	// Namespace is the namespace of resources.
	Namespace            string   `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"Namespace,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ResourcesInNamespaceRequest is a request relating to a named resource in the given namespace.

func (*ResourceInNamespaceRequest) Descriptor 

func (*ResourceInNamespaceRequest) Descriptor() ([]byte, []int)

func (*ResourceInNamespaceRequest) Marshal 

func (m *ResourceInNamespaceRequest) Marshal() (dAtA []byte, err error)

func (*ResourceInNamespaceRequest) MarshalTo 

func (m *ResourceInNamespaceRequest) MarshalTo(dAtA []byte) (int, error)

func (*ResourceInNamespaceRequest) MarshalToSizedBuffer 

func (m *ResourceInNamespaceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourceInNamespaceRequest) ProtoMessage 

func (*ResourceInNamespaceRequest) ProtoMessage()

func (*ResourceInNamespaceRequest) Reset 

func (m *ResourceInNamespaceRequest) Reset()

func (*ResourceInNamespaceRequest) Size 

func (m *ResourceInNamespaceRequest) Size() (n int)

func (*ResourceInNamespaceRequest) String 

func (m *ResourceInNamespaceRequest) String() string

func (*ResourceInNamespaceRequest) Unmarshal 

func (m *ResourceInNamespaceRequest) Unmarshal(dAtA []byte) error

func (*ResourceInNamespaceRequest) XXX_DiscardUnknown 

func (m *ResourceInNamespaceRequest) XXX_DiscardUnknown()

func (*ResourceInNamespaceRequest) XXX_Marshal 

func (m *ResourceInNamespaceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourceInNamespaceRequest) XXX_Merge 

func (m *ResourceInNamespaceRequest) XXX_Merge(src proto.Message)

func (*ResourceInNamespaceRequest) XXX_Size 

func (m *ResourceInNamespaceRequest) XXX_Size() int

func (*ResourceInNamespaceRequest) XXX_Unmarshal 

func (m *ResourceInNamespaceRequest) XXX_Unmarshal(b []byte) error

type ResourceMatcherAWS 

type ResourceMatcherAWS struct {
	// AssumeRoleARN is an optional AWS role ARN to assume when accessing a database.
	AssumeRoleARN string `protobuf:"bytes,1,opt,name=AssumeRoleARN,proto3" json:"assume_role_arn,omitempty"`
	// ExternalID is an optional AWS external ID used to enable assuming an AWS role across accounts.
	ExternalID           string   `protobuf:"bytes,2,opt,name=ExternalID,proto3" json:"external_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ResourceMatcherAWS contains AWS specific settings for resource matcher.

func (*ResourceMatcherAWS) Descriptor 

func (*ResourceMatcherAWS) Descriptor() ([]byte, []int)

func (*ResourceMatcherAWS) Marshal 

func (m *ResourceMatcherAWS) Marshal() (dAtA []byte, err error)

func (*ResourceMatcherAWS) MarshalTo 

func (m *ResourceMatcherAWS) MarshalTo(dAtA []byte) (int, error)

func (*ResourceMatcherAWS) MarshalToSizedBuffer 

func (m *ResourceMatcherAWS) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourceMatcherAWS) ProtoMessage 

func (*ResourceMatcherAWS) ProtoMessage()

func (*ResourceMatcherAWS) Reset 

func (m *ResourceMatcherAWS) Reset()

func (*ResourceMatcherAWS) Size 

func (m *ResourceMatcherAWS) Size() (n int)

func (*ResourceMatcherAWS) String 

func (m *ResourceMatcherAWS) String() string

func (*ResourceMatcherAWS) Unmarshal 

func (m *ResourceMatcherAWS) Unmarshal(dAtA []byte) error

func (*ResourceMatcherAWS) XXX_DiscardUnknown 

func (m *ResourceMatcherAWS) XXX_DiscardUnknown()

func (*ResourceMatcherAWS) XXX_Marshal 

func (m *ResourceMatcherAWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourceMatcherAWS) XXX_Merge 

func (m *ResourceMatcherAWS) XXX_Merge(src proto.Message)

func (*ResourceMatcherAWS) XXX_Size 

func (m *ResourceMatcherAWS) XXX_Size() int

func (*ResourceMatcherAWS) XXX_Unmarshal 

func (m *ResourceMatcherAWS) XXX_Unmarshal(b []byte) error

type ResourceMetadata 

type ResourceMetadata interface {
	// GetMetadata returns the generic resource metadata.
	GetMetadata() *headerv1.Metadata
}

ResourceMetadata is the smallest interface that defines a Teleport resource.

type ResourceRequest 

type ResourceRequest struct {
	// Name is the name of the resource.
	Name                 string   `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ResourceRequest is a request relating to a named resource.

func (*ResourceRequest) Descriptor 

func (*ResourceRequest) Descriptor() ([]byte, []int)

func (*ResourceRequest) Marshal 

func (m *ResourceRequest) Marshal() (dAtA []byte, err error)

func (*ResourceRequest) MarshalTo 

func (m *ResourceRequest) MarshalTo(dAtA []byte) (int, error)

func (*ResourceRequest) MarshalToSizedBuffer 

func (m *ResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourceRequest) ProtoMessage 

func (*ResourceRequest) ProtoMessage()

func (*ResourceRequest) Reset 

func (m *ResourceRequest) Reset()

func (*ResourceRequest) Size 

func (m *ResourceRequest) Size() (n int)

func (*ResourceRequest) String 

func (m *ResourceRequest) String() string

func (*ResourceRequest) Unmarshal 

func (m *ResourceRequest) Unmarshal(dAtA []byte) error

func (*ResourceRequest) XXX_DiscardUnknown 

func (m *ResourceRequest) XXX_DiscardUnknown()

func (*ResourceRequest) XXX_Marshal 

func (m *ResourceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourceRequest) XXX_Merge 

func (m *ResourceRequest) XXX_Merge(src proto.Message)

func (*ResourceRequest) XXX_Size 

func (m *ResourceRequest) XXX_Size() int

func (*ResourceRequest) XXX_Unmarshal 

func (m *ResourceRequest) XXX_Unmarshal(b []byte) error

type ResourceWithLabels 

type ResourceWithLabels interface {
	// ResourceWithOrigin is the base resource interface.
	ResourceWithOrigin
	// GetLabel retrieves the label with the provided key.
	GetLabel(key string) (value string, ok bool)
	// GetAllLabels returns all resource's labels.
	GetAllLabels() map[string]string
	// GetStaticLabels returns the resource's static labels.
	GetStaticLabels() map[string]string
	// SetStaticLabels sets the resource's static labels.
	SetStaticLabels(sl map[string]string)
	// MatchSearch goes through select field values of a resource
	// and tries to match against the list of search values.
	MatchSearch(searchValues []string) bool
}

ResourceWithLabels is a common interface for resources that have labels.

func Resource153ToResourceWithLabels 

func Resource153ToResourceWithLabels[T Resource153](r T) ResourceWithLabels

Resource153ToResourceWithLabels wraps a Resource153-style resource in the legacy Resource and ResourceWithLabels interfaces.

The same caveats that apply to Resource153ToLegacy apply.

type ResourceWithOrigin 

type ResourceWithOrigin interface {
	Resource
	// Origin returns the origin value of the resource.
	Origin() string
	// SetOrigin sets the origin value of the resource.
	SetOrigin(string)
}

ResourceWithOrigin provides information on the origin of the resource (defaults, config-file, dynamic).

type ResourceWithSecrets 

type ResourceWithSecrets interface {
	Resource
	// WithoutSecrets returns an instance of the resource which
	// has had all secrets removed.  If the current resource has
	// already had its secrets removed, this may be a no-op.
	WithoutSecrets() Resource
}

ResourceWithSecrets includes additional properties which must be provided by resources which *may* contain secrets.

type ResourceWithSecretsRequest 

type ResourceWithSecretsRequest struct {
	// Name is the name of the resource.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// WithSecrets specifies whether to load associated secrets.
	WithSecrets bool `protobuf:"varint,2,opt,name=WithSecrets,proto3" json:"with_secrets,omitempty"`
	// SAMLValidationNoFollowURLs specifies whether to skip following URLs when
	// validating SAML connector resources.
	// ResourceWithSecretsRequest is not a great place for this field but it's
	// necessary for backward compatibility.
	SAMLValidationNoFollowURLs bool     `protobuf:"varint,3,opt,name=SAMLValidationNoFollowURLs,proto3" json:"saml_validation_no_follow_urls"`
	XXX_NoUnkeyedLiteral       struct{} `json:"-"`
	XXX_unrecognized           []byte   `json:"-"`
	XXX_sizecache              int32    `json:"-"`
}

ResourceWithSecretsRequest is a request relating to a named resource with secrets.

func (*ResourceWithSecretsRequest) Descriptor 

func (*ResourceWithSecretsRequest) Descriptor() ([]byte, []int)

func (*ResourceWithSecretsRequest) Marshal 

func (m *ResourceWithSecretsRequest) Marshal() (dAtA []byte, err error)

func (*ResourceWithSecretsRequest) MarshalTo 

func (m *ResourceWithSecretsRequest) MarshalTo(dAtA []byte) (int, error)

func (*ResourceWithSecretsRequest) MarshalToSizedBuffer 

func (m *ResourceWithSecretsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourceWithSecretsRequest) ProtoMessage 

func (*ResourceWithSecretsRequest) ProtoMessage()

func (*ResourceWithSecretsRequest) Reset 

func (m *ResourceWithSecretsRequest) Reset()

func (*ResourceWithSecretsRequest) Size 

func (m *ResourceWithSecretsRequest) Size() (n int)

func (*ResourceWithSecretsRequest) String 

func (m *ResourceWithSecretsRequest) String() string

func (*ResourceWithSecretsRequest) Unmarshal 

func (m *ResourceWithSecretsRequest) Unmarshal(dAtA []byte) error

func (*ResourceWithSecretsRequest) XXX_DiscardUnknown 

func (m *ResourceWithSecretsRequest) XXX_DiscardUnknown()

func (*ResourceWithSecretsRequest) XXX_Marshal 

func (m *ResourceWithSecretsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourceWithSecretsRequest) XXX_Merge 

func (m *ResourceWithSecretsRequest) XXX_Merge(src proto.Message)

func (*ResourceWithSecretsRequest) XXX_Size 

func (m *ResourceWithSecretsRequest) XXX_Size() int

func (*ResourceWithSecretsRequest) XXX_Unmarshal 

func (m *ResourceWithSecretsRequest) XXX_Unmarshal(b []byte) error

type ResourcesInNamespaceRequest 

type ResourcesInNamespaceRequest struct {
	// Namespace is the namespace of resources.
	Namespace            string   `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"Namespace,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ResourcesInNamespaceRequest is a request relating to resources in the given namespace.

func (*ResourcesInNamespaceRequest) Descriptor 

func (*ResourcesInNamespaceRequest) Descriptor() ([]byte, []int)

func (*ResourcesInNamespaceRequest) Marshal 

func (m *ResourcesInNamespaceRequest) Marshal() (dAtA []byte, err error)

func (*ResourcesInNamespaceRequest) MarshalTo 

func (m *ResourcesInNamespaceRequest) MarshalTo(dAtA []byte) (int, error)

func (*ResourcesInNamespaceRequest) MarshalToSizedBuffer 

func (m *ResourcesInNamespaceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourcesInNamespaceRequest) ProtoMessage 

func (*ResourcesInNamespaceRequest) ProtoMessage()

func (*ResourcesInNamespaceRequest) Reset 

func (m *ResourcesInNamespaceRequest) Reset()

func (*ResourcesInNamespaceRequest) Size 

func (m *ResourcesInNamespaceRequest) Size() (n int)

func (*ResourcesInNamespaceRequest) String 

func (m *ResourcesInNamespaceRequest) String() string

func (*ResourcesInNamespaceRequest) Unmarshal 

func (m *ResourcesInNamespaceRequest) Unmarshal(dAtA []byte) error

func (*ResourcesInNamespaceRequest) XXX_DiscardUnknown 

func (m *ResourcesInNamespaceRequest) XXX_DiscardUnknown()

func (*ResourcesInNamespaceRequest) XXX_Marshal 

func (m *ResourcesInNamespaceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourcesInNamespaceRequest) XXX_Merge 

func (m *ResourcesInNamespaceRequest) XXX_Merge(src proto.Message)

func (*ResourcesInNamespaceRequest) XXX_Size 

func (m *ResourcesInNamespaceRequest) XXX_Size() int

func (*ResourcesInNamespaceRequest) XXX_Unmarshal 

func (m *ResourcesInNamespaceRequest) XXX_Unmarshal(b []byte) error

type ResourcesWithLabels 

type ResourcesWithLabels []ResourceWithLabels

ResourcesWithLabels is a list of labeled resources.

func (ResourcesWithLabels) AsAppServers 

func (r ResourcesWithLabels) AsAppServers() ([]AppServer, error)

AsAppServers converts each resource into type AppServer.

func (ResourcesWithLabels) AsDatabaseServers 

func (r ResourcesWithLabels) AsDatabaseServers() ([]DatabaseServer, error)

AsDatabaseServers converts each resource into type DatabaseServer.

func (ResourcesWithLabels) AsDatabaseServices 

func (r ResourcesWithLabels) AsDatabaseServices() ([]DatabaseService, error)

AsDatabaseServices converts each resource into type DatabaseService.

func (ResourcesWithLabels) AsDatabases 

func (r ResourcesWithLabels) AsDatabases() ([]Database, error)

AsDatabases converts each resource into type Database.

func (ResourcesWithLabels) AsKubeClusters 

func (r ResourcesWithLabels) AsKubeClusters() ([]KubeCluster, error)

AsKubeClusters converts each resource into type KubeCluster.

func (ResourcesWithLabels) AsKubeServers 

func (r ResourcesWithLabels) AsKubeServers() ([]KubeServer, error)

AsKubeServers converts each resource into type KubeServer.

func (ResourcesWithLabels) AsServers 

func (r ResourcesWithLabels) AsServers() ([]Server, error)

AsServers converts each resource into type Server.

func (ResourcesWithLabels) AsUserGroups 

func (r ResourcesWithLabels) AsUserGroups() ([]UserGroup, error)

AsUserGroups converts each resource into type UserGroup.

func (ResourcesWithLabels) AsWindowsDesktopServices 

func (r ResourcesWithLabels) AsWindowsDesktopServices() ([]WindowsDesktopService, error)

AsWindowsDesktopServices converts each resource into type WindowsDesktop.

func (ResourcesWithLabels) AsWindowsDesktops 

func (r ResourcesWithLabels) AsWindowsDesktops() ([]WindowsDesktop, error)

AsWindowsDesktops converts each resource into type WindowsDesktop.

func (ResourcesWithLabels) Len 

func (r ResourcesWithLabels) Len() int

Len returns the slice length.

func (ResourcesWithLabels) Less 

func (r ResourcesWithLabels) Less(i, j int) bool

Less compares resources by name.

func (ResourcesWithLabels) SortByCustom 

func (r ResourcesWithLabels) SortByCustom(by SortBy) error

func (ResourcesWithLabels) Swap 

func (r ResourcesWithLabels) Swap(i, j int)

Swap swaps two resources.

func (ResourcesWithLabels) ToMap 

func (r ResourcesWithLabels) ToMap() ResourcesWithLabelsMap

ToMap returns these databases as a map keyed by database name.

type ResourcesWithLabelsMap 

type ResourcesWithLabelsMap map[string]ResourceWithLabels

ResourcesWithLabelsMap is like ResourcesWithLabels, but a map from resource name to its value.

type ResourcesWithSecretsRequest 

type ResourcesWithSecretsRequest struct {
	// WithSecrets specifies whether to load associated secrets.
	WithSecrets bool `protobuf:"varint,1,opt,name=WithSecrets,proto3" json:"with_secrets,omitempty"`
	// SAMLValidationNoFollowURLs specifies whether to skip following URLs when
	// validating SAML connector resources.
	// ResourceWithSecretsRequest is not a great place for this field but it's
	// necessary for backward compatibility.
	SAMLValidationNoFollowURLs bool     `protobuf:"varint,2,opt,name=SAMLValidationNoFollowURLs,proto3" json:"saml_validation_no_follow_urls"`
	XXX_NoUnkeyedLiteral       struct{} `json:"-"`
	XXX_unrecognized           []byte   `json:"-"`
	XXX_sizecache              int32    `json:"-"`
}

ResourcesWithSecretsRequest is a request relating to resources with secrets.

func (*ResourcesWithSecretsRequest) Descriptor 

func (*ResourcesWithSecretsRequest) Descriptor() ([]byte, []int)

func (*ResourcesWithSecretsRequest) Marshal 

func (m *ResourcesWithSecretsRequest) Marshal() (dAtA []byte, err error)

func (*ResourcesWithSecretsRequest) MarshalTo 

func (m *ResourcesWithSecretsRequest) MarshalTo(dAtA []byte) (int, error)

func (*ResourcesWithSecretsRequest) MarshalToSizedBuffer 

func (m *ResourcesWithSecretsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourcesWithSecretsRequest) ProtoMessage 

func (*ResourcesWithSecretsRequest) ProtoMessage()

func (*ResourcesWithSecretsRequest) Reset 

func (m *ResourcesWithSecretsRequest) Reset()

func (*ResourcesWithSecretsRequest) Size 

func (m *ResourcesWithSecretsRequest) Size() (n int)

func (*ResourcesWithSecretsRequest) String 

func (m *ResourcesWithSecretsRequest) String() string

func (*ResourcesWithSecretsRequest) Unmarshal 

func (m *ResourcesWithSecretsRequest) Unmarshal(dAtA []byte) error

func (*ResourcesWithSecretsRequest) XXX_DiscardUnknown 

func (m *ResourcesWithSecretsRequest) XXX_DiscardUnknown()

func (*ResourcesWithSecretsRequest) XXX_Marshal 

func (m *ResourcesWithSecretsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourcesWithSecretsRequest) XXX_Merge 

func (m *ResourcesWithSecretsRequest) XXX_Merge(src proto.Message)

func (*ResourcesWithSecretsRequest) XXX_Size 

func (m *ResourcesWithSecretsRequest) XXX_Size() int

func (*ResourcesWithSecretsRequest) XXX_Unmarshal 

func (m *ResourcesWithSecretsRequest) XXX_Unmarshal(b []byte) error

type ReverseTunnel 

type ReverseTunnel interface {
	// Resource provides common methods for resource objects
	Resource
	// GetClusterName returns name of the cluster
	GetClusterName() string
	// SetClusterName sets cluster name
	SetClusterName(name string)
	// GetType gets the type of ReverseTunnel.
	GetType() TunnelType
	// SetType sets the type of ReverseTunnel.
	SetType(TunnelType)
	// GetDialAddrs returns list of dial addresses for this cluster
	GetDialAddrs() []string
	// Clone creates a copy of the ReverseTunnel.
	Clone() ReverseTunnel
}

ReverseTunnel is SSH reverse tunnel established between a local Proxy and a remote Proxy. It helps to bypass firewall restrictions, so local clusters don't need to have the cluster involved

func NewReverseTunnel 

func NewReverseTunnel(clusterName string, dialAddrs []string) (ReverseTunnel, error)

NewReverseTunnel returns new version of reverse tunnel

type ReverseTunnelSpecV2 

type ReverseTunnelSpecV2 struct {
	// ClusterName is a domain name of remote cluster we are connecting to
	ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name"`
	// DialAddrs is a list of remote address to establish a connection to
	// it's always SSH over TCP
	DialAddrs []string `protobuf:"bytes,2,rep,name=DialAddrs,proto3" json:"dial_addrs,omitempty"`
	// Type is the type of reverse tunnel, either proxy or node.
	Type                 TunnelType `protobuf:"bytes,3,opt,name=Type,proto3,casttype=TunnelType" json:"type"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

ReverseTunnelSpecV2 is a specification for V2 reverse tunnel

func (*ReverseTunnelSpecV2) Descriptor 

func (*ReverseTunnelSpecV2) Descriptor() ([]byte, []int)

func (*ReverseTunnelSpecV2) Marshal 

func (m *ReverseTunnelSpecV2) Marshal() (dAtA []byte, err error)

func (*ReverseTunnelSpecV2) MarshalTo 

func (m *ReverseTunnelSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*ReverseTunnelSpecV2) MarshalToSizedBuffer 

func (m *ReverseTunnelSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ReverseTunnelSpecV2) ProtoMessage 

func (*ReverseTunnelSpecV2) ProtoMessage()

func (*ReverseTunnelSpecV2) Reset 

func (m *ReverseTunnelSpecV2) Reset()

func (*ReverseTunnelSpecV2) Size 

func (m *ReverseTunnelSpecV2) Size() (n int)

func (*ReverseTunnelSpecV2) String 

func (m *ReverseTunnelSpecV2) String() string

func (*ReverseTunnelSpecV2) Unmarshal 

func (m *ReverseTunnelSpecV2) Unmarshal(dAtA []byte) error

func (*ReverseTunnelSpecV2) XXX_DiscardUnknown 

func (m *ReverseTunnelSpecV2) XXX_DiscardUnknown()

func (*ReverseTunnelSpecV2) XXX_Marshal 

func (m *ReverseTunnelSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ReverseTunnelSpecV2) XXX_Merge 

func (m *ReverseTunnelSpecV2) XXX_Merge(src proto.Message)

func (*ReverseTunnelSpecV2) XXX_Size 

func (m *ReverseTunnelSpecV2) XXX_Size() int

func (*ReverseTunnelSpecV2) XXX_Unmarshal 

func (m *ReverseTunnelSpecV2) XXX_Unmarshal(b []byte) error

type ReverseTunnelV2 

type ReverseTunnelV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is a resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a reverse tunnel specification
	Spec                 ReverseTunnelSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

ReverseTunnelV2 is version 2 of the resource spec of the reverse tunnel

func (*ReverseTunnelV2) CheckAndSetDefaults 

func (r *ReverseTunnelV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets defaults

func (*ReverseTunnelV2) Clone 

func (r *ReverseTunnelV2) Clone() ReverseTunnel

Clone creates a copy of the ReverseTunnel.

func (*ReverseTunnelV2) Descriptor 

func (*ReverseTunnelV2) Descriptor() ([]byte, []int)

func (*ReverseTunnelV2) Expiry 

func (r *ReverseTunnelV2) Expiry() time.Time

Expiry returns object expiry setting

func (*ReverseTunnelV2) GetClusterName 

func (r *ReverseTunnelV2) GetClusterName() string

GetClusterName returns name of the cluster

func (*ReverseTunnelV2) GetDialAddrs 

func (r *ReverseTunnelV2) GetDialAddrs() []string

GetDialAddrs returns list of dial addresses for this cluster

func (*ReverseTunnelV2) GetKind 

func (r *ReverseTunnelV2) GetKind() string

GetKind returns resource kind

func (*ReverseTunnelV2) GetMetadata 

func (r *ReverseTunnelV2) GetMetadata() Metadata

GetMetadata returns object metadata

func (*ReverseTunnelV2) GetName 

func (r *ReverseTunnelV2) GetName() string

GetName returns the name of the User

func (*ReverseTunnelV2) GetRevision 

func (r *ReverseTunnelV2) GetRevision() string

GetRevision returns the revision

func (*ReverseTunnelV2) GetSubKind 

func (r *ReverseTunnelV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*ReverseTunnelV2) GetType 

func (r *ReverseTunnelV2) GetType() TunnelType

GetType gets the type of ReverseTunnel.

func (*ReverseTunnelV2) GetVersion 

func (r *ReverseTunnelV2) GetVersion() string

GetVersion returns resource version

func (*ReverseTunnelV2) Marshal 

func (m *ReverseTunnelV2) Marshal() (dAtA []byte, err error)

func (*ReverseTunnelV2) MarshalTo 

func (m *ReverseTunnelV2) MarshalTo(dAtA []byte) (int, error)

func (*ReverseTunnelV2) MarshalToSizedBuffer 

func (m *ReverseTunnelV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ReverseTunnelV2) ProtoMessage 

func (*ReverseTunnelV2) ProtoMessage()

func (*ReverseTunnelV2) Reset 

func (m *ReverseTunnelV2) Reset()

func (*ReverseTunnelV2) SetClusterName 

func (r *ReverseTunnelV2) SetClusterName(name string)

SetClusterName sets name of a cluster

func (*ReverseTunnelV2) SetExpiry 

func (r *ReverseTunnelV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*ReverseTunnelV2) SetName 

func (r *ReverseTunnelV2) SetName(e string)

SetName sets the name of the User

func (*ReverseTunnelV2) SetRevision 

func (r *ReverseTunnelV2) SetRevision(rev string)

SetRevision sets the revision

func (*ReverseTunnelV2) SetSubKind 

func (r *ReverseTunnelV2) SetSubKind(s string)

SetSubKind sets resource subkind

func (*ReverseTunnelV2) SetType 

func (r *ReverseTunnelV2) SetType(tt TunnelType)

SetType sets the type of ReverseTunnel.

func (*ReverseTunnelV2) Size 

func (m *ReverseTunnelV2) Size() (n int)

func (*ReverseTunnelV2) String 

func (m *ReverseTunnelV2) String() string

func (*ReverseTunnelV2) Unmarshal 

func (m *ReverseTunnelV2) Unmarshal(dAtA []byte) error

func (*ReverseTunnelV2) XXX_DiscardUnknown 

func (m *ReverseTunnelV2) XXX_DiscardUnknown()

func (*ReverseTunnelV2) XXX_Marshal 

func (m *ReverseTunnelV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ReverseTunnelV2) XXX_Merge 

func (m *ReverseTunnelV2) XXX_Merge(src proto.Message)

func (*ReverseTunnelV2) XXX_Size 

func (m *ReverseTunnelV2) XXX_Size() int

func (*ReverseTunnelV2) XXX_Unmarshal 

func (m *ReverseTunnelV2) XXX_Unmarshal(b []byte) error

type Rewrite 

type Rewrite struct {
	// Redirect defines a list of hosts which will be rewritten to the public
	// address of the application if they occur in the "Location" header.
	Redirect []string `protobuf:"bytes,1,rep,name=Redirect,proto3" json:"redirect,omitempty"`
	// Headers is a list of headers to inject when passing the request over
	// to the application.
	Headers []*Header `protobuf:"bytes,2,rep,name=Headers,proto3" json:"headers,omitempty"`
	// JWTClaims configures whether roles/traits are included in the JWT token.
	JWTClaims            string   `protobuf:"bytes,3,opt,name=JWTClaims,proto3" json:"jwt_claims,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rewrite is a list of rewriting rules to apply to requests and responses.

func (*Rewrite) Descriptor 

func (*Rewrite) Descriptor() ([]byte, []int)

func (*Rewrite) Marshal 

func (m *Rewrite) Marshal() (dAtA []byte, err error)

func (*Rewrite) MarshalTo 

func (m *Rewrite) MarshalTo(dAtA []byte) (int, error)

func (*Rewrite) MarshalToSizedBuffer 

func (m *Rewrite) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Rewrite) ProtoMessage 

func (*Rewrite) ProtoMessage()

func (*Rewrite) Reset 

func (m *Rewrite) Reset()

func (*Rewrite) Size 

func (m *Rewrite) Size() (n int)

func (*Rewrite) String 

func (m *Rewrite) String() string

func (*Rewrite) Unmarshal 

func (m *Rewrite) Unmarshal(dAtA []byte) error

func (*Rewrite) XXX_DiscardUnknown 

func (m *Rewrite) XXX_DiscardUnknown()

func (*Rewrite) XXX_Marshal 

func (m *Rewrite) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Rewrite) XXX_Merge 

func (m *Rewrite) XXX_Merge(src proto.Message)

func (*Rewrite) XXX_Size 

func (m *Rewrite) XXX_Size() int

func (*Rewrite) XXX_Unmarshal 

func (m *Rewrite) XXX_Unmarshal(b []byte) error

type Role 

type Role interface {
	// Resource provides common resource methods.
	ResourceWithLabels

	// SetMetadata sets role metadata
	SetMetadata(meta Metadata)

	// GetOptions gets role options.
	GetOptions() RoleOptions
	// SetOptions sets role options
	SetOptions(opt RoleOptions)

	// GetCreateDatabaseUserMode gets the create database user mode option.
	GetCreateDatabaseUserMode() CreateDatabaseUserMode

	// GetLogins gets *nix system logins for allow or deny condition.
	GetLogins(RoleConditionType) []string
	// SetLogins sets *nix system logins for allow or deny condition.
	SetLogins(RoleConditionType, []string)

	// GetNamespaces gets a list of namespaces this role is allowed or denied access to.
	GetNamespaces(RoleConditionType) []string
	// SetNamespaces sets a list of namespaces this role is allowed or denied access to.
	SetNamespaces(RoleConditionType, []string)

	// GetRoleConditions gets the RoleConditions for the RoleConditionType.
	GetRoleConditions(rct RoleConditionType) RoleConditions

	// GetRequestReasonMode gets the RequestReasonMode for the RoleConditionType.
	GetRequestReasonMode(RoleConditionType) RequestReasonMode

	// GetLabelMatchers gets the LabelMatchers that match labels of resources of
	// type [kind] this role is allowed or denied access to.
	GetLabelMatchers(rct RoleConditionType, kind string) (LabelMatchers, error)
	// SetLabelMatchers sets the LabelMatchers that match labels of resources of
	// type [kind] this role is allowed or denied access to.
	SetLabelMatchers(rct RoleConditionType, kind string, labelMatchers LabelMatchers) error

	// GetNodeLabels gets the map of node labels this role is allowed or denied access to.
	GetNodeLabels(RoleConditionType) Labels
	// SetNodeLabels sets the map of node labels this role is allowed or denied access to.
	SetNodeLabels(RoleConditionType, Labels)

	// GetWorkloadIdentityLabels gets the map of node labels this role is
	// allowed or denied access to.
	GetWorkloadIdentityLabels(RoleConditionType) Labels
	// SetWorkloadIdentityLabels sets the map of WorkloadIdentity labels this
	// role is allowed or denied access to.
	SetWorkloadIdentityLabels(RoleConditionType, Labels)

	// GetAppLabels gets the map of app labels this role is allowed or denied access to.
	GetAppLabels(RoleConditionType) Labels
	// SetAppLabels sets the map of app labels this role is allowed or denied access to.
	SetAppLabels(RoleConditionType, Labels)

	// GetClusterLabels gets the map of cluster labels this role is allowed or denied access to.
	GetClusterLabels(RoleConditionType) Labels
	// SetClusterLabels sets the map of cluster labels this role is allowed or denied access to.
	SetClusterLabels(RoleConditionType, Labels)

	// GetKubernetesLabels gets the map of kubernetes labels this role is
	// allowed or denied access to.
	GetKubernetesLabels(RoleConditionType) Labels
	// SetKubernetesLabels sets the map of kubernetes labels this role is
	// allowed or denied access to.
	SetKubernetesLabels(RoleConditionType, Labels)

	// GetRules gets all allow or deny rules.
	GetRules(rct RoleConditionType) []Rule
	// SetRules sets an allow or deny rule.
	SetRules(rct RoleConditionType, rules []Rule)

	// GetKubeGroups returns kubernetes groups
	GetKubeGroups(RoleConditionType) []string
	// SetKubeGroups sets kubernetes groups for allow or deny condition.
	SetKubeGroups(RoleConditionType, []string)

	// GetKubeUsers returns kubernetes users to impersonate
	GetKubeUsers(RoleConditionType) []string
	// SetKubeUsers sets kubernetes users to impersonate for allow or deny condition.
	SetKubeUsers(RoleConditionType, []string)

	// GetKubeResources returns the Kubernetes Resources this role grants
	// access to.
	GetKubeResources(rct RoleConditionType) []KubernetesResource
	// SetKubeResources configures the Kubernetes Resources for the RoleConditionType.
	SetKubeResources(rct RoleConditionType, pods []KubernetesResource)

	// SetRequestKubernetesResources sets the request kubernetes resources.
	SetRequestKubernetesResources(rct RoleConditionType, resources []RequestKubernetesResource)

	// GetAccessRequestConditions gets allow/deny conditions for access requests.
	GetAccessRequestConditions(RoleConditionType) AccessRequestConditions
	// SetAccessRequestConditions sets allow/deny conditions for access requests.
	SetAccessRequestConditions(RoleConditionType, AccessRequestConditions)

	// GetAccessReviewConditions gets allow/deny conditions for access review.
	GetAccessReviewConditions(RoleConditionType) AccessReviewConditions
	// SetAccessReviewConditions sets allow/deny conditions for access review.
	SetAccessReviewConditions(RoleConditionType, AccessReviewConditions)

	// GetDatabaseLabels gets the map of db labels this role is allowed or denied access to.
	GetDatabaseLabels(RoleConditionType) Labels
	// SetDatabaseLabels sets the map of db labels this role is allowed or denied access to.
	SetDatabaseLabels(RoleConditionType, Labels)

	// GetDatabaseNames gets a list of database names this role is allowed or denied access to.
	GetDatabaseNames(RoleConditionType) []string
	// SetDatabaseNames sets a list of database names this role is allowed or denied access to.
	SetDatabaseNames(RoleConditionType, []string)

	// GetDatabaseUsers gets a list of database users this role is allowed or denied access to.
	GetDatabaseUsers(RoleConditionType) []string
	// SetDatabaseUsers sets a list of database users this role is allowed or denied access to.
	SetDatabaseUsers(RoleConditionType, []string)

	// GetDatabaseRoles gets a list of database roles for auto-provisioned users.
	GetDatabaseRoles(RoleConditionType) []string
	// SetDatabaseRoles sets a list of database roles for auto-provisioned users.
	SetDatabaseRoles(RoleConditionType, []string)

	// GetDatabasePermissions gets database permissions for auto-provisioned users.
	GetDatabasePermissions(rct RoleConditionType) DatabasePermissions
	// SetDatabasePermissions sets database permissions for auto-provisioned users.
	SetDatabasePermissions(RoleConditionType, DatabasePermissions)

	// GetImpersonateConditions returns conditions this role is allowed or denied to impersonate.
	GetImpersonateConditions(rct RoleConditionType) ImpersonateConditions
	// SetImpersonateConditions sets conditions this role is allowed or denied to impersonate.
	SetImpersonateConditions(rct RoleConditionType, cond ImpersonateConditions)

	// GetAWSRoleARNs returns a list of AWS role ARNs this role is allowed to assume.
	GetAWSRoleARNs(RoleConditionType) []string
	// SetAWSRoleARNs sets a list of AWS role ARNs this role is allowed to assume.
	SetAWSRoleARNs(RoleConditionType, []string)

	// GetAzureIdentities returns a list of Azure identities this role is allowed to assume.
	GetAzureIdentities(RoleConditionType) []string
	// SetAzureIdentities sets a list of Azure identities this role is allowed to assume.
	SetAzureIdentities(RoleConditionType, []string)

	// GetGCPServiceAccounts returns a list of GCP service accounts this role is allowed to assume.
	GetGCPServiceAccounts(RoleConditionType) []string
	// SetGCPServiceAccounts sets a list of GCP service accounts this role is allowed to assume.
	SetGCPServiceAccounts(RoleConditionType, []string)

	// GetWindowsDesktopLabels gets the Windows desktop labels this role
	// is allowed or denied access to.
	GetWindowsDesktopLabels(RoleConditionType) Labels
	// SetWindowsDesktopLabels sets the Windows desktop labels this role
	// is allowed or denied access to.
	SetWindowsDesktopLabels(RoleConditionType, Labels)
	// GetWindowsLogins gets Windows desktop logins for allow or deny condition.
	GetWindowsLogins(RoleConditionType) []string
	// SetWindowsLogins sets Windows desktop logins for allow or deny condition.
	SetWindowsLogins(RoleConditionType, []string)

	// GetSessionRequirePolicies returns the RBAC required policies for a session.
	GetSessionRequirePolicies() []*SessionRequirePolicy
	// SetSessionRequirePolicies sets the RBAC required policies for a session.
	SetSessionRequirePolicies([]*SessionRequirePolicy)
	// GetSessionJoinPolicies returns the RBAC join policies for a session.
	GetSessionJoinPolicies() []*SessionJoinPolicy
	// SetSessionJoinPolicies sets the RBAC join policies for a session.
	SetSessionJoinPolicies([]*SessionJoinPolicy)
	// GetSessionPolicySet returns the RBAC policy set for a role.
	GetSessionPolicySet() SessionTrackerPolicySet

	// GetSearchAsRoles returns the list of extra roles which should apply to a
	// user while they are searching for resources as part of a Resource Access
	// Request, and defines the underlying roles which will be requested as part
	// of any Resource Access Request.
	GetSearchAsRoles(RoleConditionType) []string
	// SetSearchAsRoles sets the list of extra roles which should apply to a
	// user while they are searching for resources as part of a Resource Access
	// Request, and defines the underlying roles which will be requested as part
	// of any Resource Access Request.
	SetSearchAsRoles(RoleConditionType, []string)

	// GetPreviewAsRoles returns the list of extra roles which should apply to a
	// reviewer while they are viewing a Resource Access Request for the
	// purposes of viewing details such as the hostname and labels of requested
	// resources.
	GetPreviewAsRoles(RoleConditionType) []string
	// SetPreviewAsRoles sets the list of extra roles which should apply to a
	// reviewer while they are viewing a Resource Access Request for the
	// purposes of viewing details such as the hostname and labels of requested
	// resources.
	SetPreviewAsRoles(RoleConditionType, []string)

	// GetHostGroups gets the list of groups this role is put in when users are provisioned
	GetHostGroups(RoleConditionType) []string
	// SetHostGroups sets the list of groups this role is put in when users are provisioned
	SetHostGroups(RoleConditionType, []string)

	// GetDesktopGroups gets the list of groups this role is put in when desktop users are provisioned
	GetDesktopGroups(RoleConditionType) []string
	// SetDesktopGroups sets the list of groups this role is put in when desktop users are provisioned
	SetDesktopGroups(RoleConditionType, []string)

	// GetHostSudoers gets the list of sudoers entries for the role
	GetHostSudoers(RoleConditionType) []string
	// SetHostSudoers sets the list of sudoers entries for the role
	SetHostSudoers(RoleConditionType, []string)

	// GetPrivateKeyPolicy returns the private key policy enforced for this role.
	GetPrivateKeyPolicy() keys.PrivateKeyPolicy

	// GetDatabaseServiceLabels gets the map of db service labels this role is allowed or denied access to.
	GetDatabaseServiceLabels(RoleConditionType) Labels
	// SetDatabaseServiceLabels sets the map of db service labels this role is allowed or denied access to.
	SetDatabaseServiceLabels(RoleConditionType, Labels)

	// GetGroupLabels gets the map of group labels this role is allowed or denied access to.
	GetGroupLabels(RoleConditionType) Labels
	// SetGroupLabels sets the map of group labels this role is allowed or denied access to.
	SetGroupLabels(RoleConditionType, Labels)

	// GetSPIFFEConditions returns the allow or deny SPIFFERoleCondition.
	GetSPIFFEConditions(rct RoleConditionType) []*SPIFFERoleCondition
	// SetSPIFFEConditions sets the allow or deny SPIFFERoleCondition.
	SetSPIFFEConditions(rct RoleConditionType, cond []*SPIFFERoleCondition)

	// GetGitHubPermissions returns the allow or deny GitHub-related permissions.
	GetGitHubPermissions(RoleConditionType) []GitHubPermission
	// SetGitHubPermissions sets the allow or deny GitHub-related permissions.
	SetGitHubPermissions(RoleConditionType, []GitHubPermission)

	// GetIdentityCenterAccountAssignments fetches the allow or deny Account
	// Assignments for the role
	GetIdentityCenterAccountAssignments(RoleConditionType) []IdentityCenterAccountAssignment
	// GetIdentityCenterAccountAssignments sets the allow or deny Account
	// Assignments for the role
	SetIdentityCenterAccountAssignments(RoleConditionType, []IdentityCenterAccountAssignment)

	// GetMCPPermissions returns the allow or deny MCP permissions.
	GetMCPPermissions(RoleConditionType) *MCPPermissions
	// SetMCPPermissions sets the allow or deny MCP permissions.
	SetMCPPermissions(RoleConditionType, *MCPPermissions)

	// Clone creats a copy of the role.
	Clone() Role
}

Role contains a set of permissions or settings

func NewRole 

func NewRole(name string, spec RoleSpecV6) (Role, error)

NewRole constructs new standard V8 role. This creates a V8 role with V4+ RBAC semantics.

func NewRoleWithVersion 

func NewRoleWithVersion(name string, version string, spec RoleSpecV6) (Role, error)

NewRoleWithVersion constructs new standard role with the version specified.

type RoleConditionType 

type RoleConditionType bool

RoleConditionType specifies if it's an allow rule (true) or deny rule (false). 

const (
	// Allow is the set of conditions that allow access.
	Allow RoleConditionType = true
	// Deny is the set of conditions that prevent access.
	Deny RoleConditionType = false
)

type RoleConditions 

type RoleConditions struct {
	// Logins is a list of *nix system logins.
	Logins []string `protobuf:"bytes,1,rep,name=Logins,proto3" json:"logins,omitempty"`
	// Namespaces is a list of namespaces (used to partition a cluster). The
	// field should be called "namespaces" when it returns in Teleport 2.4.
	Namespaces []string `protobuf:"bytes,2,rep,name=Namespaces,proto3" json:"-"`
	// NodeLabels is a map of node labels (used to dynamically grant access to
	// nodes).
	NodeLabels Labels `protobuf:"bytes,3,opt,name=NodeLabels,proto3,customtype=Labels" json:"node_labels,omitempty"`
	// Rules is a list of rules and their access levels. Rules are a high level
	// construct used for access control.
	Rules []Rule `protobuf:"bytes,4,rep,name=Rules,proto3" json:"rules,omitempty"`
	// KubeGroups is a list of kubernetes groups
	KubeGroups []string                 `protobuf:"bytes,5,rep,name=KubeGroups,proto3" json:"kubernetes_groups,omitempty"`
	Request    *AccessRequestConditions `protobuf:"bytes,6,opt,name=Request,proto3" json:"request,omitempty"`
	// KubeUsers is an optional kubernetes users to impersonate
	KubeUsers []string `protobuf:"bytes,7,rep,name=KubeUsers,proto3" json:"kubernetes_users,omitempty"`
	// AppLabels is a map of labels used as part of the RBAC system.
	AppLabels Labels `protobuf:"bytes,8,opt,name=AppLabels,proto3,customtype=Labels" json:"app_labels,omitempty"`
	// ClusterLabels is a map of node labels (used to dynamically grant access to
	// clusters).
	ClusterLabels Labels `protobuf:"bytes,9,opt,name=ClusterLabels,proto3,customtype=Labels" json:"cluster_labels,omitempty"`
	// KubernetesLabels is a map of kubernetes cluster labels used for RBAC.
	KubernetesLabels Labels `protobuf:"bytes,10,opt,name=KubernetesLabels,proto3,customtype=Labels" json:"kubernetes_labels,omitempty"`
	// DatabaseLabels are used in RBAC system to allow/deny access to databases.
	DatabaseLabels Labels `protobuf:"bytes,11,opt,name=DatabaseLabels,proto3,customtype=Labels" json:"db_labels,omitempty"`
	// DatabaseNames is a list of database names this role is allowed to connect to.
	DatabaseNames []string `protobuf:"bytes,12,rep,name=DatabaseNames,proto3" json:"db_names,omitempty"`
	// DatabaseUsers is a list of databases users this role is allowed to connect as.
	DatabaseUsers []string `protobuf:"bytes,13,rep,name=DatabaseUsers,proto3" json:"db_users,omitempty"`
	// Impersonate specifies what users and roles this role is allowed to impersonate
	// by issuing certificates or other possible means.
	Impersonate *ImpersonateConditions `protobuf:"bytes,14,opt,name=Impersonate,proto3" json:"impersonate,omitempty"`
	// ReviewRequests defines conditions for submitting access reviews.
	ReviewRequests *AccessReviewConditions `protobuf:"bytes,15,opt,name=ReviewRequests,proto3" json:"review_requests,omitempty"`
	// AWSRoleARNs is a list of AWS role ARNs this role is allowed to assume.
	AWSRoleARNs []string `protobuf:"bytes,16,rep,name=AWSRoleARNs,proto3" json:"aws_role_arns,omitempty"`
	// WindowsDesktopLogins is a list of desktop login names allowed/denied for Windows desktops.
	WindowsDesktopLogins []string `protobuf:"bytes,17,rep,name=WindowsDesktopLogins,proto3" json:"windows_desktop_logins,omitempty"`
	// WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops.
	WindowsDesktopLabels Labels `protobuf:"bytes,18,opt,name=WindowsDesktopLabels,proto3,customtype=Labels" json:"windows_desktop_labels,omitempty"`
	// RequireSessionJoin specifies policies for required users to start a session.
	RequireSessionJoin []*SessionRequirePolicy `protobuf:"bytes,19,rep,name=RequireSessionJoin,proto3" json:"require_session_join,omitempty"`
	// JoinSessions specifies policies to allow users to join other sessions.
	JoinSessions []*SessionJoinPolicy `protobuf:"bytes,20,rep,name=JoinSessions,proto3" json:"join_sessions,omitempty"`
	// HostGroups is a list of groups for created users to be added to
	HostGroups []string `protobuf:"bytes,21,rep,name=HostGroups,proto3" json:"host_groups,omitempty"`
	// HostSudoers is a list of entries to include in a users sudoer file
	HostSudoers []string `protobuf:"bytes,22,rep,name=HostSudoers,proto3" json:"host_sudoers,omitempty"`
	// AzureIdentities is a list of Azure identities this role is allowed to assume.
	AzureIdentities []string `protobuf:"bytes,23,rep,name=AzureIdentities,proto3" json:"azure_identities,omitempty"`
	// KubernetesResources is the Kubernetes Resources this Role grants access to.
	KubernetesResources []KubernetesResource `protobuf:"bytes,24,rep,name=KubernetesResources,proto3" json:"kubernetes_resources,omitempty"`
	// GCPServiceAccounts is a list of GCP service accounts this role is allowed to assume.
	GCPServiceAccounts []string `protobuf:"bytes,25,rep,name=GCPServiceAccounts,proto3" json:"gcp_service_accounts,omitempty"`
	// DatabaseServiceLabels are used in RBAC system to allow/deny access to Database Services.
	DatabaseServiceLabels Labels `protobuf:"bytes,26,opt,name=DatabaseServiceLabels,proto3,customtype=Labels" json:"db_service_labels,omitempty"`
	// GroupLabels is a map of labels used as part of the RBAC system.
	GroupLabels Labels `protobuf:"bytes,27,opt,name=GroupLabels,proto3,customtype=Labels" json:"group_labels,omitempty"`
	// DesktopGroups is a list of groups for created desktop users to be added to
	DesktopGroups []string `protobuf:"bytes,28,rep,name=DesktopGroups,proto3" json:"desktop_groups,omitempty"`
	// DatabaseRoles is a list of databases roles for automatic user creation.
	DatabaseRoles []string `protobuf:"bytes,29,rep,name=DatabaseRoles,proto3" json:"db_roles,omitempty"`
	// NodeLabelsExpression is a predicate expression used to allow/deny access to
	// SSH nodes.
	NodeLabelsExpression string `protobuf:"bytes,30,opt,name=NodeLabelsExpression,proto3" json:"node_labels_expression,omitempty"`
	// AppLabelsExpression is a predicate expression used to allow/deny access to
	// Apps.
	AppLabelsExpression string `protobuf:"bytes,31,opt,name=AppLabelsExpression,proto3" json:"app_labels_expression,omitempty"`
	// ClusterLabelsExpression is a predicate expression used to allow/deny access
	// to remote Teleport clusters.
	ClusterLabelsExpression string `protobuf:"bytes,32,opt,name=ClusterLabelsExpression,proto3" json:"cluster_labels_expression,omitempty"`
	// KubernetesLabelsExpression is a predicate expression used to allow/deny
	// access to kubernetes clusters.
	KubernetesLabelsExpression string `protobuf:"bytes,33,opt,name=KubernetesLabelsExpression,proto3" json:"kubernetes_labels_expression,omitempty"`
	// DatabaseLabelsExpression is a predicate expression used to allow/deny
	// access to Databases.
	DatabaseLabelsExpression string `protobuf:"bytes,34,opt,name=DatabaseLabelsExpression,proto3" json:"db_labels_expression,omitempty"`
	// DatabaseServiceLabelsExpression is a predicate expression used to
	// allow/deny access to Database Services.
	DatabaseServiceLabelsExpression string `protobuf:"bytes,35,opt,name=DatabaseServiceLabelsExpression,proto3" json:"db_service_labels_expression,omitempty"`
	// WindowsDesktopLabelsExpression is a predicate expression used to allow/deny
	// access to Windows desktops.
	WindowsDesktopLabelsExpression string `protobuf:"bytes,36,opt,name=WindowsDesktopLabelsExpression,proto3" json:"windows_desktop_labels_expression,omitempty"`
	// GroupLabelsExpression is a predicate expression used to allow/deny
	// access to user groups.
	GroupLabelsExpression string `protobuf:"bytes,37,opt,name=GroupLabelsExpression,proto3" json:"group_labels_expression,omitempty"`
	// DatabasePermissions specifies a set of permissions that will be granted
	// to the database user when using automatic database user provisioning.
	DatabasePermissions []DatabasePermission `protobuf:"bytes,38,rep,name=DatabasePermissions,proto3" json:"db_permissions,omitempty"`
	// SPIFFE is used to allow or deny access to a role holder to generating a
	// SPIFFE SVID.
	SPIFFE []*SPIFFERoleCondition `protobuf:"bytes,39,rep,name=SPIFFE,proto3" json:"spiffe,omitempty"`
	// AccountAssignments holds the list of account assignments affected by this
	// condition.
	AccountAssignments []IdentityCenterAccountAssignment `protobuf:"bytes,42,rep,name=AccountAssignments,proto3" json:"account_assignments,omitempty"`
	// GitHubPermissions defines GitHub integration related permissions.
	GitHubPermissions []GitHubPermission `protobuf:"bytes,43,rep,name=git_hub_permissions,json=gitHubPermissions,proto3" json:"github_permissions,omitempty"`
	// WorkloadIdentityLabels controls whether or not specific WorkloadIdentity
	// resources can be invoked. Further authorization controls exist on the
	// WorkloadIdentity resource itself.
	WorkloadIdentityLabels Labels `protobuf:"bytes,44,opt,name=WorkloadIdentityLabels,proto3,customtype=Labels" json:"workload_identity_labels,omitempty"`
	// WorkloadIdentityLabelsExpression is a predicate expression used to
	// allow/deny access to issuing a WorkloadIdentity.
	WorkloadIdentityLabelsExpression string `protobuf:"bytes,45,opt,name=WorkloadIdentityLabelsExpression,proto3" json:"workload_identity_labels_expression,omitempty"`
	// MCPPermissions defines MCP servers related permissions.
	MCP                  *MCPPermissions `protobuf:"bytes,46,opt,name=MCP,proto3" json:"mcp,omitempty"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

RoleConditions is a set of conditions that must all match to be allowed or denied access.

func (*RoleConditions) Descriptor 

func (*RoleConditions) Descriptor() ([]byte, []int)

func (*RoleConditions) Marshal 

func (m *RoleConditions) Marshal() (dAtA []byte, err error)

func (*RoleConditions) MarshalTo 

func (m *RoleConditions) MarshalTo(dAtA []byte) (int, error)

func (*RoleConditions) MarshalToSizedBuffer 

func (m *RoleConditions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RoleConditions) ProtoMessage 

func (*RoleConditions) ProtoMessage()

func (*RoleConditions) Reset 

func (m *RoleConditions) Reset()

func (*RoleConditions) Size 

func (m *RoleConditions) Size() (n int)

func (*RoleConditions) String 

func (m *RoleConditions) String() string

func (*RoleConditions) Unmarshal 

func (m *RoleConditions) Unmarshal(dAtA []byte) error

func (*RoleConditions) XXX_DiscardUnknown 

func (m *RoleConditions) XXX_DiscardUnknown()

func (*RoleConditions) XXX_Marshal 

func (m *RoleConditions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RoleConditions) XXX_Merge 

func (m *RoleConditions) XXX_Merge(src proto.Message)

func (*RoleConditions) XXX_Size 

func (m *RoleConditions) XXX_Size() int

func (*RoleConditions) XXX_Unmarshal 

func (m *RoleConditions) XXX_Unmarshal(b []byte) error

type RoleFilter 

type RoleFilter struct {
	// SearchKeywords is a list of search keywords to match against resource field values.
	SearchKeywords []string `protobuf:"bytes,1,rep,name=SearchKeywords,proto3" json:"search_keywords,omitempty"`
	// SkipSystemRoles filters out teleport system roles from the results.
	SkipSystemRoles      bool     `protobuf:"varint,2,opt,name=SkipSystemRoles,proto3" json:"skip_system_roles,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RoleFilter matches role resources.

func (*RoleFilter) Descriptor 

func (*RoleFilter) Descriptor() ([]byte, []int)

func (*RoleFilter) Marshal 

func (m *RoleFilter) Marshal() (dAtA []byte, err error)

func (*RoleFilter) MarshalTo 

func (m *RoleFilter) MarshalTo(dAtA []byte) (int, error)

func (*RoleFilter) MarshalToSizedBuffer 

func (m *RoleFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RoleFilter) Match 

func (f *RoleFilter) Match(role *RoleV6) bool

Match checks if the given role matches this filter.

func (*RoleFilter) ProtoMessage 

func (*RoleFilter) ProtoMessage()

func (*RoleFilter) Reset 

func (m *RoleFilter) Reset()

func (*RoleFilter) Size 

func (m *RoleFilter) Size() (n int)

func (*RoleFilter) String 

func (m *RoleFilter) String() string

func (*RoleFilter) Unmarshal 

func (m *RoleFilter) Unmarshal(dAtA []byte) error

func (*RoleFilter) XXX_DiscardUnknown 

func (m *RoleFilter) XXX_DiscardUnknown()

func (*RoleFilter) XXX_Marshal 

func (m *RoleFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RoleFilter) XXX_Merge 

func (m *RoleFilter) XXX_Merge(src proto.Message)

func (*RoleFilter) XXX_Size 

func (m *RoleFilter) XXX_Size() int

func (*RoleFilter) XXX_Unmarshal 

func (m *RoleFilter) XXX_Unmarshal(b []byte) error

type RoleMap 

type RoleMap []RoleMapping

RoleMap is a list of mappings

func (RoleMap) IsEqual 

func (r RoleMap) IsEqual(other RoleMap) bool

IsEqual validates that two roles maps are equivalent.

type RoleMapping 

type RoleMapping struct {
	// Remote specifies remote role name to map from
	Remote string `protobuf:"bytes,1,opt,name=Remote,proto3" json:"remote"`
	// Local specifies local roles to map to
	Local                []string `protobuf:"bytes,2,rep,name=Local,proto3" json:"local"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RoleMapping provides mapping of remote roles to local roles for trusted clusters

func (*RoleMapping) Descriptor 

func (*RoleMapping) Descriptor() ([]byte, []int)

func (*RoleMapping) Marshal 

func (m *RoleMapping) Marshal() (dAtA []byte, err error)

func (*RoleMapping) MarshalTo 

func (m *RoleMapping) MarshalTo(dAtA []byte) (int, error)

func (*RoleMapping) MarshalToSizedBuffer 

func (m *RoleMapping) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RoleMapping) ProtoMessage 

func (*RoleMapping) ProtoMessage()

func (*RoleMapping) Reset 

func (m *RoleMapping) Reset()

func (*RoleMapping) Size 

func (m *RoleMapping) Size() (n int)

func (*RoleMapping) String 

func (m *RoleMapping) String() string

func (*RoleMapping) Unmarshal 

func (m *RoleMapping) Unmarshal(dAtA []byte) error

func (*RoleMapping) XXX_DiscardUnknown 

func (m *RoleMapping) XXX_DiscardUnknown()

func (*RoleMapping) XXX_Marshal 

func (m *RoleMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RoleMapping) XXX_Merge 

func (m *RoleMapping) XXX_Merge(src proto.Message)

func (*RoleMapping) XXX_Size 

func (m *RoleMapping) XXX_Size() int

func (*RoleMapping) XXX_Unmarshal 

func (m *RoleMapping) XXX_Unmarshal(b []byte) error

type RoleOptions 

type RoleOptions struct {
	// ForwardAgent is SSH agent forwarding.
	ForwardAgent Bool `protobuf:"varint,1,opt,name=ForwardAgent,proto3,casttype=Bool" json:"forward_agent"`
	// MaxSessionTTL defines how long a SSH session can last for.
	MaxSessionTTL Duration `protobuf:"varint,2,opt,name=MaxSessionTTL,proto3,casttype=Duration" json:"max_session_ttl,omitempty"`
	// Deprecated: Use SSHPortForwarding instead
	PortForwarding *BoolOption `protobuf:"bytes,3,opt,name=PortForwarding,proto3,customtype=BoolOption" json:"port_forwarding,omitempty"` // Deprecated: Do not use.
	// CertificateFormat defines the format of the user certificate to allow
	// compatibility with older versions of OpenSSH.
	CertificateFormat string `protobuf:"bytes,4,opt,name=CertificateFormat,proto3" json:"cert_format"`
	// ClientIdleTimeout sets disconnect clients on idle timeout behavior,
	// if set to 0 means do not disconnect, otherwise is set to the idle
	// duration.
	ClientIdleTimeout Duration `protobuf:"varint,5,opt,name=ClientIdleTimeout,proto3,casttype=Duration" json:"client_idle_timeout,omitempty"`
	// DisconnectExpiredCert sets disconnect clients on expired certificates.
	DisconnectExpiredCert Bool `protobuf:"varint,6,opt,name=DisconnectExpiredCert,proto3,casttype=Bool" json:"disconnect_expired_cert,omitempty"`
	// BPF defines what events to record for the BPF-based session recorder.
	BPF []string `protobuf:"bytes,7,rep,name=BPF,proto3" json:"enhanced_recording,omitempty"`
	// PermitX11Forwarding authorizes use of X11 forwarding.
	PermitX11Forwarding Bool `protobuf:"varint,8,opt,name=PermitX11Forwarding,proto3,casttype=Bool" json:"permit_x11_forwarding,omitempty"`
	// MaxConnections defines the maximum number of
	// concurrent connections a user may hold.
	MaxConnections int64 `protobuf:"varint,9,opt,name=MaxConnections,proto3" json:"max_connections,omitempty"`
	// MaxSessions defines the maximum number of
	// concurrent sessions per connection.
	MaxSessions int64 `protobuf:"varint,10,opt,name=MaxSessions,proto3" json:"max_sessions,omitempty"`
	// RequestAccess defines the request strategy (optional|reason|always)
	// where optional is the default.
	RequestAccess RequestStrategy `protobuf:"bytes,11,opt,name=RequestAccess,proto3,casttype=RequestStrategy" json:"request_access,omitempty"`
	// RequestPrompt is an optional message which tells users what they aught to request.
	RequestPrompt string `protobuf:"bytes,12,opt,name=RequestPrompt,proto3" json:"request_prompt,omitempty"`
	// Lock specifies the locking mode (strict|best_effort) to be applied with
	// the role.
	Lock github_com_gravitational_teleport_api_constants.LockingMode `` /* 131-byte string literal not displayed */
	// RecordDesktopSession indicates whether desktop access sessions should be recorded.
	// It defaults to true unless explicitly set to false.
	RecordSession *RecordSession `protobuf:"bytes,15,opt,name=RecordSession,proto3" json:"record_session"`
	// DesktopClipboard indicates whether clipboard sharing is allowed between the user's
	// workstation and the remote desktop. It defaults to true unless explicitly set to
	// false.
	DesktopClipboard *BoolOption `protobuf:"bytes,16,opt,name=DesktopClipboard,proto3,customtype=BoolOption" json:"desktop_clipboard"`
	// CertExtensions specifies the key/values
	CertExtensions []*CertExtension `protobuf:"bytes,17,rep,name=CertExtensions,proto3" json:"cert_extensions,omitempty"`
	// MaxKubernetesConnections defines the maximum number of concurrent
	// Kubernetes sessions a user may hold.
	MaxKubernetesConnections int64 `protobuf:"varint,18,opt,name=MaxKubernetesConnections,proto3" json:"max_kubernetes_connections,omitempty"`
	// DesktopDirectorySharing indicates whether directory sharing is allowed between the user's
	// workstation and the remote desktop. It defaults to false unless explicitly set to
	// true.
	DesktopDirectorySharing *BoolOption `protobuf:"bytes,19,opt,name=DesktopDirectorySharing,proto3,customtype=BoolOption" json:"desktop_directory_sharing"`
	// Deprecated: use CreateHostUserMode instead.
	CreateHostUser *BoolOption `protobuf:"bytes,20,opt,name=CreateHostUser,proto3,customtype=BoolOption" json:"create_host_user,omitempty"`
	// PinSourceIP forces the same client IP for certificate generation and usage
	PinSourceIP Bool `protobuf:"varint,21,opt,name=PinSourceIP,proto3,casttype=Bool" json:"pin_source_ip"`
	// SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed
	// over an SSH session. It defaults to true unless explicitly set to false.
	SSHFileCopy *BoolOption `protobuf:"bytes,22,opt,name=SSHFileCopy,proto3,customtype=BoolOption" json:"ssh_file_copy"`
	// RequireMFAType is the type of MFA requirement enforced for this user.
	// 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH",
	// 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN".
	RequireMFAType RequireMFAType `protobuf:"varint,23,opt,name=RequireMFAType,proto3,enum=types.RequireMFAType" json:"require_session_mfa,omitempty"`
	// DeviceTrustMode is the device authorization mode used for the resources
	// associated with the role.
	// See DeviceTrust.Mode.
	DeviceTrustMode string `protobuf:"bytes,24,opt,name=DeviceTrustMode,proto3" json:"device_trust_mode,omitempty"`
	// IDP is a set of options related to accessing IdPs within Teleport.
	// Requires Teleport Enterprise.
	IDP *IdPOptions `protobuf:"bytes,25,opt,name=IDP,proto3" json:"idp,omitempty"`
	// CreateDesktopUser allows users to be automatically created on a Windows desktop
	CreateDesktopUser *BoolOption `protobuf:"bytes,26,opt,name=CreateDesktopUser,proto3,customtype=BoolOption" json:"create_desktop_user"`
	// CreateDatabaseUser enabled automatic database user creation.
	CreateDatabaseUser *BoolOption `protobuf:"bytes,27,opt,name=CreateDatabaseUser,proto3,customtype=BoolOption" json:"create_db_user"`
	// CreateHostUserMode allows users to be automatically created on a
	// host when not set to off.
	// 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above),
	// 3 is "keep"; 4 is "insecure-drop".
	CreateHostUserMode CreateHostUserMode `protobuf:"varint,28,opt,name=CreateHostUserMode,proto3,enum=types.CreateHostUserMode" json:"create_host_user_mode,omitempty"`
	// CreateDatabaseUserMode allows users to be automatically created on a
	// database when not set to off.
	// 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop".
	CreateDatabaseUserMode CreateDatabaseUserMode `` /* 130-byte string literal not displayed */
	// MFAVerificationInterval optionally defines the maximum duration that can elapse
	// between successive MFA verifications. This variable is used to ensure
	// that users are periodically prompted to verify their identity, enhancing
	// security by preventing prolonged sessions without re-authentication when using
	// tsh proxy * derivatives.
	// It's only effective if the session requires MFA.
	// If not set, defaults to `max_session_ttl`.
	MFAVerificationInterval time.Duration `protobuf:"bytes,30,opt,name=MFAVerificationInterval,proto3,stdduration" json:"mfa_verification_interval,omitempty"`
	// CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.
	CreateHostUserDefaultShell string `protobuf:"bytes,31,opt,name=CreateHostUserDefaultShell,proto3" json:"create_host_user_default_shell,omitempty"`
	// SSHPortForwarding configures what types of SSH port forwarding are allowed by a role.
	SSHPortForwarding    *SSHPortForwarding `protobuf:"bytes,32,opt,name=SSHPortForwarding,proto3" json:"ssh_port_forwarding,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

RoleOptions is a set of role options

func (*RoleOptions) Descriptor 

func (*RoleOptions) Descriptor() ([]byte, []int)

func (*RoleOptions) Marshal 

func (m *RoleOptions) Marshal() (dAtA []byte, err error)

func (*RoleOptions) MarshalTo 

func (m *RoleOptions) MarshalTo(dAtA []byte) (int, error)

func (*RoleOptions) MarshalToSizedBuffer 

func (m *RoleOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RoleOptions) ProtoMessage 

func (*RoleOptions) ProtoMessage()

func (*RoleOptions) Reset 

func (m *RoleOptions) Reset()

func (*RoleOptions) Size 

func (m *RoleOptions) Size() (n int)

func (*RoleOptions) String 

func (m *RoleOptions) String() string

func (*RoleOptions) Unmarshal 

func (m *RoleOptions) Unmarshal(dAtA []byte) error

func (*RoleOptions) XXX_DiscardUnknown 

func (m *RoleOptions) XXX_DiscardUnknown()

func (*RoleOptions) XXX_Marshal 

func (m *RoleOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RoleOptions) XXX_Merge 

func (m *RoleOptions) XXX_Merge(src proto.Message)

func (*RoleOptions) XXX_Size 

func (m *RoleOptions) XXX_Size() int

func (*RoleOptions) XXX_Unmarshal 

func (m *RoleOptions) XXX_Unmarshal(b []byte) error

type RoleSpecV6 

type RoleSpecV6 struct {
	// Options is for OpenSSH options like agent forwarding.
	Options RoleOptions `protobuf:"bytes,1,opt,name=Options,proto3" json:"options,omitempty"`
	// Allow is the set of conditions evaluated to grant access.
	Allow RoleConditions `protobuf:"bytes,2,opt,name=Allow,proto3" json:"allow,omitempty"`
	// Deny is the set of conditions evaluated to deny access. Deny takes priority
	// over allow.
	Deny                 RoleConditions `protobuf:"bytes,3,opt,name=Deny,proto3" json:"deny,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

RoleSpecV6 is role specification for RoleV6.

func (*RoleSpecV6) Descriptor 

func (*RoleSpecV6) Descriptor() ([]byte, []int)

func (*RoleSpecV6) Marshal 

func (m *RoleSpecV6) Marshal() (dAtA []byte, err error)

func (*RoleSpecV6) MarshalTo 

func (m *RoleSpecV6) MarshalTo(dAtA []byte) (int, error)

func (*RoleSpecV6) MarshalToSizedBuffer 

func (m *RoleSpecV6) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RoleSpecV6) ProtoMessage 

func (*RoleSpecV6) ProtoMessage()

func (*RoleSpecV6) Reset 

func (m *RoleSpecV6) Reset()

func (*RoleSpecV6) Size 

func (m *RoleSpecV6) Size() (n int)

func (*RoleSpecV6) String 

func (m *RoleSpecV6) String() string

func (*RoleSpecV6) Unmarshal 

func (m *RoleSpecV6) Unmarshal(dAtA []byte) error

func (*RoleSpecV6) XXX_DiscardUnknown 

func (m *RoleSpecV6) XXX_DiscardUnknown()

func (*RoleSpecV6) XXX_Marshal 

func (m *RoleSpecV6) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RoleSpecV6) XXX_Merge 

func (m *RoleSpecV6) XXX_Merge(src proto.Message)

func (*RoleSpecV6) XXX_Size 

func (m *RoleSpecV6) XXX_Size() int

func (*RoleSpecV6) XXX_Unmarshal 

func (m *RoleSpecV6) XXX_Unmarshal(b []byte) error

type RoleV6 

type RoleV6 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v3`, `v4`, `v5`, `v6`, `v7`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a role specification
	Spec                 RoleSpecV6 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

RoleV6 represents role resource specification

func (*RoleV6) CheckAndSetDefaults 

func (r *RoleV6) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults. Must be kept in sync with `web/packages/teleport/src/Roles/RoleEditor/withDefaults.ts`.

func (*RoleV6) Clone 

func (r *RoleV6) Clone() Role

func (*RoleV6) Descriptor 

func (*RoleV6) Descriptor() ([]byte, []int)

func (*RoleV6) Expiry 

func (r *RoleV6) Expiry() time.Time

Expiry returns the expiry time for the object.

func (*RoleV6) GetAWSRoleARNs 

func (r *RoleV6) GetAWSRoleARNs(rct RoleConditionType) []string

GetAWSRoleARNs returns a list of AWS role ARNs this role is allowed to impersonate.

func (*RoleV6) GetAccessRequestConditions 

func (r *RoleV6) GetAccessRequestConditions(rct RoleConditionType) AccessRequestConditions

GetAccessRequestConditions gets conditions for access requests.

func (*RoleV6) GetAccessReviewConditions 

func (r *RoleV6) GetAccessReviewConditions(rct RoleConditionType) AccessReviewConditions

GetAccessReviewConditions gets conditions for access reviews.

func (*RoleV6) GetAllLabels 

func (r *RoleV6) GetAllLabels() map[string]string

GetAllLabels returns all resource's labels.

func (*RoleV6) GetAppLabels 

func (r *RoleV6) GetAppLabels(rct RoleConditionType) Labels

GetAppLabels gets the map of app labels this role is allowed or denied access to.

func (*RoleV6) GetAzureIdentities 

func (r *RoleV6) GetAzureIdentities(rct RoleConditionType) []string

GetAzureIdentities returns a list of Azure identities this role is allowed to assume.

func (*RoleV6) GetClusterLabels 

func (r *RoleV6) GetClusterLabels(rct RoleConditionType) Labels

GetClusterLabels gets the map of cluster labels this role is allowed or denied access to.

func (*RoleV6) GetCreateDatabaseUserMode 

func (r *RoleV6) GetCreateDatabaseUserMode() CreateDatabaseUserMode

GetCreateDatabaseUserMode gets the create database user mode option.

func (*RoleV6) GetDatabaseLabels 

func (r *RoleV6) GetDatabaseLabels(rct RoleConditionType) Labels

GetDatabaseLabels gets the map of db labels this role is allowed or denied access to.

func (*RoleV6) GetDatabaseNames 

func (r *RoleV6) GetDatabaseNames(rct RoleConditionType) []string

GetDatabaseNames gets a list of database names this role is allowed or denied access to.

func (*RoleV6) GetDatabasePermissions 

func (r *RoleV6) GetDatabasePermissions(rct RoleConditionType) DatabasePermissions

GetDatabasePermissions gets a list of database permissions for auto-provisioned users.

func (*RoleV6) GetDatabaseRoles 

func (r *RoleV6) GetDatabaseRoles(rct RoleConditionType) []string

GetDatabaseRoles gets a list of database roles for auto-provisioned users.

func (*RoleV6) GetDatabaseServiceLabels 

func (r *RoleV6) GetDatabaseServiceLabels(rct RoleConditionType) Labels

GetDatabaseServiceLabels gets the map of db service labels this role is allowed or denied access to.

func (*RoleV6) GetDatabaseUsers 

func (r *RoleV6) GetDatabaseUsers(rct RoleConditionType) []string

GetDatabaseUsers gets a list of database users this role is allowed or denied access to.

func (*RoleV6) GetDesktopGroups 

func (r *RoleV6) GetDesktopGroups(rct RoleConditionType) []string

GetDesktopGroups gets all groups for provisioned user

func (*RoleV6) GetGCPServiceAccounts 

func (r *RoleV6) GetGCPServiceAccounts(rct RoleConditionType) []string

GetGCPServiceAccounts returns a list of GCP service accounts this role is allowed to assume.

func (*RoleV6) GetGitHubPermissions 

func (r *RoleV6) GetGitHubPermissions(rct RoleConditionType) []GitHubPermission

GetGitHubPermissions returns the allow or deny GitHubPermission.

func (*RoleV6) GetGroupLabels 

func (r *RoleV6) GetGroupLabels(rct RoleConditionType) Labels

GetGroupLabels gets the map of group labels this role is allowed or denied access to.

func (*RoleV6) GetHostGroups 

func (r *RoleV6) GetHostGroups(rct RoleConditionType) []string

GetHostGroups gets all groups for provisioned user

func (*RoleV6) GetHostSudoers 

func (r *RoleV6) GetHostSudoers(rct RoleConditionType) []string

GetHostSudoers gets the list of sudoers entries for the role

func (*RoleV6) GetIdentityCenterAccountAssignments 

func (r *RoleV6) GetIdentityCenterAccountAssignments(rct RoleConditionType) []IdentityCenterAccountAssignment

GetIdentityCenterAccountAssignments fetches the allow or deny Identity Center Account Assignments for the role

func (*RoleV6) GetImpersonateConditions 

func (r *RoleV6) GetImpersonateConditions(rct RoleConditionType) ImpersonateConditions

GetImpersonateConditions returns conditions this role is allowed or denied to impersonate.

func (*RoleV6) GetKind 

func (r *RoleV6) GetKind() string

GetKind returns resource kind

func (*RoleV6) GetKubeGroups 

func (r *RoleV6) GetKubeGroups(rct RoleConditionType) []string

GetKubeGroups returns kubernetes groups

func (*RoleV6) GetKubeResources 

func (r *RoleV6) GetKubeResources(rct RoleConditionType) []KubernetesResource

GetKubeResources returns the Kubernetes Resources this role grants access to.

func (*RoleV6) GetKubeUsers 

func (r *RoleV6) GetKubeUsers(rct RoleConditionType) []string

GetKubeUsers returns kubernetes users

func (*RoleV6) GetKubernetesLabels 

func (r *RoleV6) GetKubernetesLabels(rct RoleConditionType) Labels

GetKubernetesLabels gets the map of app labels this role is allowed or denied access to.

func (*RoleV6) GetLabel 

func (r *RoleV6) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key.

func (*RoleV6) GetLabelMatchers 

func (r *RoleV6) GetLabelMatchers(rct RoleConditionType, kind string) (LabelMatchers, error)

GetLabelMatchers gets the LabelMatchers that match labels of resources of type [kind] this role is allowed or denied access to.

func (*RoleV6) GetLogins 

func (r *RoleV6) GetLogins(rct RoleConditionType) []string

GetLogins gets system logins for allow or deny condition.

func (*RoleV6) GetMCPPermissions 

func (r *RoleV6) GetMCPPermissions(rct RoleConditionType) *MCPPermissions

GetMCPPermissions returns the allow or deny MCP permissions.

func (*RoleV6) GetMetadata 

func (r *RoleV6) GetMetadata() Metadata

GetMetadata returns role metadata.

func (*RoleV6) GetName 

func (r *RoleV6) GetName() string

GetName gets the role name and is a shortcut for GetMetadata().Name.

func (*RoleV6) GetNamespaces 

func (r *RoleV6) GetNamespaces(rct RoleConditionType) []string

GetNamespaces gets a list of namespaces this role is allowed or denied access to.

func (*RoleV6) GetNodeLabels 

func (r *RoleV6) GetNodeLabels(rct RoleConditionType) Labels

GetNodeLabels gets the map of node labels this role is allowed or denied access to.

func (*RoleV6) GetOptions 

func (r *RoleV6) GetOptions() RoleOptions

GetOptions gets role options.

func (*RoleV6) GetPreviewAsRoles 

func (r *RoleV6) GetPreviewAsRoles(rct RoleConditionType) []string

GetPreviewAsRoles returns the list of extra roles which should apply to a reviewer while they are viewing a Resource Access Request for the purposes of viewing details such as the hostname and labels of requested resources.

func (*RoleV6) GetPrivateKeyPolicy 

func (r *RoleV6) GetPrivateKeyPolicy() keys.PrivateKeyPolicy

GetPrivateKeyPolicy returns the private key policy enforced for this role.

func (*RoleV6) GetRequestReasonMode 

func (r *RoleV6) GetRequestReasonMode(rct RoleConditionType) RequestReasonMode

GetRoleConditions returns the role conditions for the role.

func (*RoleV6) GetRevision 

func (r *RoleV6) GetRevision() string

GetRevision returns the revision

func (*RoleV6) GetRoleConditions 

func (r *RoleV6) GetRoleConditions(rct RoleConditionType) RoleConditions

GetRoleConditions returns the role conditions for the role.

func (*RoleV6) GetRules 

func (r *RoleV6) GetRules(rct RoleConditionType) []Rule

GetRules gets all allow or deny rules.

func (*RoleV6) GetSPIFFEConditions 

func (r *RoleV6) GetSPIFFEConditions(rct RoleConditionType) []*SPIFFERoleCondition

GetSPIFFEConditions returns the allow or deny SPIFFERoleCondition.

func (*RoleV6) GetSearchAsRoles 

func (r *RoleV6) GetSearchAsRoles(rct RoleConditionType) []string

GetSearchAsRoles returns the list of extra roles which should apply to a user while they are searching for resources as part of a Resource Access Request, and defines the underlying roles which will be requested as part of any Resource Access Request.

func (*RoleV6) GetSessionJoinPolicies 

func (r *RoleV6) GetSessionJoinPolicies() []*SessionJoinPolicy

SetSessionJoinPolicies returns the RBAC join policies for a role.

func (*RoleV6) GetSessionPolicySet 

func (r *RoleV6) GetSessionPolicySet() SessionTrackerPolicySet

GetSessionPolicySet returns the RBAC policy set for a session.

func (*RoleV6) GetSessionRequirePolicies 

func (r *RoleV6) GetSessionRequirePolicies() []*SessionRequirePolicy

GetSessionRequirePolicies returns the RBAC required policies for a role.

func (*RoleV6) GetStaticLabels 

func (r *RoleV6) GetStaticLabels() map[string]string

GetStaticLabels returns the resource's static labels.

func (*RoleV6) GetSubKind 

func (r *RoleV6) GetSubKind() string

GetSubKind returns resource sub kind

func (*RoleV6) GetVersion 

func (r *RoleV6) GetVersion() string

GetVersion returns resource version

func (*RoleV6) GetWindowsDesktopLabels 

func (r *RoleV6) GetWindowsDesktopLabels(rct RoleConditionType) Labels

GetWindowsDesktopLabels gets the desktop labels this role is allowed or denied access to.

func (*RoleV6) GetWindowsLogins 

func (r *RoleV6) GetWindowsLogins(rct RoleConditionType) []string

GetWindowsLogins gets Windows desktop logins for the role's allow or deny condition.

func (*RoleV6) GetWorkloadIdentityLabels 

func (r *RoleV6) GetWorkloadIdentityLabels(rct RoleConditionType) Labels

GetWorkloadIdentityLabels gets the map of WorkloadIdentity labels for allow or deny.

func (*RoleV6) HasLabelMatchers 

func (r *RoleV6) HasLabelMatchers(rct RoleConditionType, kind string) bool

HasLabelMatchers returns true if the role has label matchers for the specified resource kind and condition (allow/deny). If the kind is not supported, false is returned.

func (*RoleV6) Marshal 

func (m *RoleV6) Marshal() (dAtA []byte, err error)

func (*RoleV6) MarshalTo 

func (m *RoleV6) MarshalTo(dAtA []byte) (int, error)

func (*RoleV6) MarshalToSizedBuffer 

func (m *RoleV6) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RoleV6) MatchSearch 

func (r *RoleV6) MatchSearch(values []string) bool

MatchSearch goes through select field values of a resource and tries to match against the list of search values.

func (*RoleV6) Origin 

func (r *RoleV6) Origin() string

Origin returns the origin value of the resource.

func (*RoleV6) ProtoMessage 

func (*RoleV6) ProtoMessage()

func (*RoleV6) Reset 

func (m *RoleV6) Reset()

func (*RoleV6) SetAWSRoleARNs 

func (r *RoleV6) SetAWSRoleARNs(rct RoleConditionType, arns []string)

SetAWSRoleARNs sets a list of AWS role ARNs this role is allowed to impersonate.

func (*RoleV6) SetAccessRequestConditions 

func (r *RoleV6) SetAccessRequestConditions(rct RoleConditionType, cond AccessRequestConditions)

SetAccessRequestConditions sets allow/deny conditions for access requests.

func (*RoleV6) SetAccessReviewConditions 

func (r *RoleV6) SetAccessReviewConditions(rct RoleConditionType, cond AccessReviewConditions)

SetAccessReviewConditions sets allow/deny conditions for access reviews.

func (*RoleV6) SetAppLabels 

func (r *RoleV6) SetAppLabels(rct RoleConditionType, labels Labels)

SetAppLabels sets the map of node labels this role is allowed or denied access to.

func (*RoleV6) SetAzureIdentities 

func (r *RoleV6) SetAzureIdentities(rct RoleConditionType, identities []string)

SetAzureIdentities sets a list of Azure identities this role is allowed to assume.

func (*RoleV6) SetClusterLabels 

func (r *RoleV6) SetClusterLabels(rct RoleConditionType, labels Labels)

SetClusterLabels sets the map of cluster labels this role is allowed or denied access to.

func (*RoleV6) SetDatabaseLabels 

func (r *RoleV6) SetDatabaseLabels(rct RoleConditionType, labels Labels)

SetDatabaseLabels sets the map of db labels this role is allowed or denied access to.

func (*RoleV6) SetDatabaseNames 

func (r *RoleV6) SetDatabaseNames(rct RoleConditionType, values []string)

SetDatabaseNames sets a list of database names this role is allowed or denied access to.

func (*RoleV6) SetDatabasePermissions 

func (r *RoleV6) SetDatabasePermissions(rct RoleConditionType, values DatabasePermissions)

SetDatabasePermissions sets a list of database permissions for auto-provisioned users.

func (*RoleV6) SetDatabaseRoles 

func (r *RoleV6) SetDatabaseRoles(rct RoleConditionType, values []string)

SetDatabaseRoles sets a list of database roles for auto-provisioned users.

func (*RoleV6) SetDatabaseServiceLabels 

func (r *RoleV6) SetDatabaseServiceLabels(rct RoleConditionType, labels Labels)

SetDatabaseServiceLabels sets the map of db service labels this role is allowed or denied access to.

func (*RoleV6) SetDatabaseUsers 

func (r *RoleV6) SetDatabaseUsers(rct RoleConditionType, values []string)

SetDatabaseUsers sets a list of database users this role is allowed or denied access to.

func (*RoleV6) SetDesktopGroups 

func (r *RoleV6) SetDesktopGroups(rct RoleConditionType, groups []string)

SetDesktopGroups sets all groups for provisioned user

func (*RoleV6) SetExpiry 

func (r *RoleV6) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object.

func (*RoleV6) SetGCPServiceAccounts 

func (r *RoleV6) SetGCPServiceAccounts(rct RoleConditionType, accounts []string)

SetGCPServiceAccounts sets a list of GCP service accounts this role is allowed to assume.

func (*RoleV6) SetGitHubPermissions 

func (r *RoleV6) SetGitHubPermissions(rct RoleConditionType, perms []GitHubPermission)

SetGitHubPermissions sets the allow or deny GitHubPermission.

func (*RoleV6) SetGroupLabels 

func (r *RoleV6) SetGroupLabels(rct RoleConditionType, labels Labels)

SetGroupLabels sets the map of group labels this role is allowed or denied access to.

func (*RoleV6) SetHostGroups 

func (r *RoleV6) SetHostGroups(rct RoleConditionType, groups []string)

SetHostGroups sets all groups for provisioned user

func (*RoleV6) SetHostSudoers 

func (r *RoleV6) SetHostSudoers(rct RoleConditionType, sudoers []string)

GetHostSudoers sets the list of sudoers entries for the role

func (*RoleV6) SetIdentityCenterAccountAssignments 

func (r *RoleV6) SetIdentityCenterAccountAssignments(rct RoleConditionType, assignments []IdentityCenterAccountAssignment)

SetIdentityCenterAccountAssignments sets the allow or deny Identity Center Account Assignments for the role

func (*RoleV6) SetImpersonateConditions 

func (r *RoleV6) SetImpersonateConditions(rct RoleConditionType, cond ImpersonateConditions)

SetImpersonateConditions sets conditions this role is allowed or denied to impersonate.

func (*RoleV6) SetKubeGroups 

func (r *RoleV6) SetKubeGroups(rct RoleConditionType, groups []string)

SetKubeGroups sets kubernetes groups for allow or deny condition.

func (*RoleV6) SetKubeResources 

func (r *RoleV6) SetKubeResources(rct RoleConditionType, pods []KubernetesResource)

SetKubeResources configures the Kubernetes Resources for the RoleConditionType.

func (*RoleV6) SetKubeUsers 

func (r *RoleV6) SetKubeUsers(rct RoleConditionType, users []string)

SetKubeUsers sets kubernetes user for allow or deny condition.

func (*RoleV6) SetKubernetesLabels 

func (r *RoleV6) SetKubernetesLabels(rct RoleConditionType, labels Labels)

SetKubernetesLabels sets the map of node labels this role is allowed or denied access to.

func (*RoleV6) SetLabelMatchers 

func (r *RoleV6) SetLabelMatchers(rct RoleConditionType, kind string, labelMatchers LabelMatchers) error

SetLabelMatchers sets the LabelMatchers that match labels of resources of type [kind] this role is allowed or denied access to.

func (*RoleV6) SetLogins 

func (r *RoleV6) SetLogins(rct RoleConditionType, logins []string)

SetLogins sets system logins for allow or deny condition.

func (*RoleV6) SetMCPPermissions 

func (r *RoleV6) SetMCPPermissions(rct RoleConditionType, perms *MCPPermissions)

SetMCPPermissions sets the allow or deny MCP permissions.

func (*RoleV6) SetMetadata 

func (r *RoleV6) SetMetadata(meta Metadata)

SetMetadata sets role metadata

func (*RoleV6) SetName 

func (r *RoleV6) SetName(s string)

SetName sets the role name and is a shortcut for SetMetadata().Name.

func (*RoleV6) SetNamespaces 

func (r *RoleV6) SetNamespaces(rct RoleConditionType, namespaces []string)

SetNamespaces sets a list of namespaces this role is allowed or denied access to.

func (*RoleV6) SetNodeLabels 

func (r *RoleV6) SetNodeLabels(rct RoleConditionType, labels Labels)

SetNodeLabels sets the map of node labels this role is allowed or denied access to.

func (*RoleV6) SetOptions 

func (r *RoleV6) SetOptions(options RoleOptions)

SetOptions sets role options.

func (*RoleV6) SetOrigin 

func (r *RoleV6) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*RoleV6) SetPreviewAsRoles 

func (r *RoleV6) SetPreviewAsRoles(rct RoleConditionType, roles []string)

SetPreviewAsRoles sets the list of extra roles which should apply to a reviewer while they are viewing a Resource Access Request for the purposes of viewing details such as the hostname and labels of requested resources.

func (*RoleV6) SetRequestKubernetesResources 

func (r *RoleV6) SetRequestKubernetesResources(rct RoleConditionType, resources []RequestKubernetesResource)

SetRequestKubernetesResources sets the request kubernetes resources.

func (*RoleV6) SetRevision 

func (r *RoleV6) SetRevision(rev string)

SetRevision sets the revision

func (*RoleV6) SetRules 

func (r *RoleV6) SetRules(rct RoleConditionType, in []Rule)

SetRules sets an allow or deny rule.

func (*RoleV6) SetSPIFFEConditions 

func (r *RoleV6) SetSPIFFEConditions(rct RoleConditionType, cond []*SPIFFERoleCondition)

SetSPIFFEConditions sets the allow or deny SPIFFERoleCondition.

func (*RoleV6) SetSearchAsRoles 

func (r *RoleV6) SetSearchAsRoles(rct RoleConditionType, roles []string)

SetSearchAsRoles sets the list of extra roles which should apply to a user while they are searching for resources as part of a Resource Access Request, and defines the underlying roles which will be requested as part of any Resource Access Request.

func (*RoleV6) SetSessionJoinPolicies 

func (r *RoleV6) SetSessionJoinPolicies(policies []*SessionJoinPolicy)

SetSessionJoinPolicies sets the RBAC join policies for a role.

func (*RoleV6) SetSessionRequirePolicies 

func (r *RoleV6) SetSessionRequirePolicies(policies []*SessionRequirePolicy)

SetSessionRequirePolicies sets the RBAC required policies for a role.

func (*RoleV6) SetStaticLabels 

func (r *RoleV6) SetStaticLabels(labels map[string]string)

SetStaticLabels sets the resource's static labels.

func (*RoleV6) SetSubKind 

func (r *RoleV6) SetSubKind(s string)

SetSubKind sets resource subkind

func (*RoleV6) SetWindowsDesktopLabels 

func (r *RoleV6) SetWindowsDesktopLabels(rct RoleConditionType, labels Labels)

SetWindowsDesktopLabels sets the desktop labels this role is allowed or denied access to.

func (*RoleV6) SetWindowsLogins 

func (r *RoleV6) SetWindowsLogins(rct RoleConditionType, logins []string)

SetWindowsLogins sets Windows desktop logins for the role's allow or deny condition.

func (*RoleV6) SetWorkloadIdentityLabels 

func (r *RoleV6) SetWorkloadIdentityLabels(rct RoleConditionType, labels Labels)

SetWorkloadIdentityLabels sets the map of WorkloadIdentity labels this role is allowed or denied access to.

func (*RoleV6) Size 

func (m *RoleV6) Size() (n int)

func (*RoleV6) String 

func (r *RoleV6) String() string

String returns the human readable representation of a role.

func (*RoleV6) Unmarshal 

func (m *RoleV6) Unmarshal(dAtA []byte) error

func (*RoleV6) XXX_DiscardUnknown 

func (m *RoleV6) XXX_DiscardUnknown()

func (*RoleV6) XXX_Marshal 

func (m *RoleV6) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RoleV6) XXX_Merge 

func (m *RoleV6) XXX_Merge(src proto.Message)

func (*RoleV6) XXX_Size 

func (m *RoleV6) XXX_Size() int

func (*RoleV6) XXX_Unmarshal 

func (m *RoleV6) XXX_Unmarshal(b []byte) error

type RotateRequest 

type RotateRequest struct {
	// Type is a certificate authority type, if omitted, both user and host CA
	// will be rotated.
	Type CertAuthType `json:"type"`
	// GracePeriod is used to generate cert rotation schedule that defines
	// times at which different rotation phases will be applied by the auth server
	// in auto mode. It is not used in manual rotation mode.
	// If omitted, default value is set, if 0 is supplied, it is interpreted as
	// forcing rotation of all certificate authorities with no grace period,
	// all existing users and hosts will have to re-login and re-added
	// into the cluster.
	GracePeriod *time.Duration `json:"grace_period,omitempty"`
	// TargetPhase sets desired rotation phase to move to, if not set
	// will be set automatically, it is a required argument
	// for manual rotation.
	TargetPhase string `json:"target_phase,omitempty"`
	// Mode sets manual or auto rotation mode.
	Mode string `json:"mode"`
	// Schedule is an optional rotation schedule,
	// autogenerated based on GracePeriod parameter if not set.
	Schedule *RotationSchedule `json:"schedule"`
}

func (*RotateRequest) CheckAndSetDefaults 

func (r *RotateRequest) CheckAndSetDefaults(clock clockwork.Clock) error

CheckAndSetDefaults checks and sets default values.

type Rotation 

type Rotation struct {
	// State could be one of "init" or "in_progress".
	State string `protobuf:"bytes,1,opt,name=State,proto3" json:"state,omitempty"`
	// Phase is the current rotation phase.
	Phase string `protobuf:"bytes,2,opt,name=Phase,proto3" json:"phase,omitempty"`
	// Mode sets manual or automatic rotation mode.
	Mode string `protobuf:"bytes,3,opt,name=Mode,proto3" json:"mode,omitempty"`
	// CurrentID is the ID of the rotation operation
	// to differentiate between rotation attempts.
	CurrentID string `protobuf:"bytes,4,opt,name=CurrentID,proto3" json:"current_id"`
	// Started is set to the time when rotation has been started
	// in case if the state of the rotation is "in_progress".
	Started time.Time `protobuf:"bytes,5,opt,name=Started,proto3,stdtime" json:"started,omitempty"`
	// GracePeriod is a period during which old and new CA
	// are valid for checking purposes, but only new CA is issuing certificates.
	GracePeriod Duration `protobuf:"varint,6,opt,name=GracePeriod,proto3,casttype=Duration" json:"grace_period,omitempty"`
	// LastRotated specifies the last time of the completed rotation.
	LastRotated time.Time `protobuf:"bytes,7,opt,name=LastRotated,proto3,stdtime" json:"last_rotated,omitempty"`
	// Schedule is a rotation schedule - used in
	// automatic mode to switch between phases.
	Schedule             RotationSchedule `protobuf:"bytes,8,opt,name=Schedule,proto3" json:"schedule,omitempty"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

Rotation is a status of the rotation of the certificate authority

func (*Rotation) CheckAndSetDefaults 

func (r *Rotation) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default rotation parameters.

func (*Rotation) Descriptor 

func (*Rotation) Descriptor() ([]byte, []int)

func (*Rotation) IsZero 

func (r *Rotation) IsZero() bool

IsZero checks if this is the zero value of Rotation. Works on nil and non-nil rotation values.

func (*Rotation) LastRotatedDescription 

func (r *Rotation) LastRotatedDescription() string

LastRotatedDescription returns human friendly description.

func (*Rotation) Marshal 

func (m *Rotation) Marshal() (dAtA []byte, err error)

func (*Rotation) MarshalTo 

func (m *Rotation) MarshalTo(dAtA []byte) (int, error)

func (*Rotation) MarshalToSizedBuffer 

func (m *Rotation) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Rotation) Matches 

func (r *Rotation) Matches(rotation Rotation) bool

Matches returns true if this state rotation matches external rotation state, phase and rotation ID should match, notice that matches does not behave like Equals because it does not require all fields to be the same.

func (*Rotation) PhaseDescription 

func (r *Rotation) PhaseDescription() string

PhaseDescription returns human friendly description of a current rotation phase.

func (*Rotation) ProtoMessage 

func (*Rotation) ProtoMessage()

func (*Rotation) Reset 

func (m *Rotation) Reset()

func (*Rotation) Size 

func (m *Rotation) Size() (n int)

func (*Rotation) String 

func (r *Rotation) String() string

String returns user friendly information about certificate authority.

func (*Rotation) Unmarshal 

func (m *Rotation) Unmarshal(dAtA []byte) error

func (*Rotation) XXX_DiscardUnknown 

func (m *Rotation) XXX_DiscardUnknown()

func (*Rotation) XXX_Marshal 

func (m *Rotation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Rotation) XXX_Merge 

func (m *Rotation) XXX_Merge(src proto.Message)

func (*Rotation) XXX_Size 

func (m *Rotation) XXX_Size() int

func (*Rotation) XXX_Unmarshal 

func (m *Rotation) XXX_Unmarshal(b []byte) error

type RotationSchedule 

type RotationSchedule struct {
	// UpdateClients specifies time to switch to the "Update clients" phase
	UpdateClients time.Time `protobuf:"bytes,1,opt,name=UpdateClients,proto3,stdtime" json:"update_clients,omitempty"`
	// UpdateServers specifies time to switch to the "Update servers" phase.
	UpdateServers time.Time `protobuf:"bytes,2,opt,name=UpdateServers,proto3,stdtime" json:"update_servers,omitempty"`
	// Standby specifies time to switch to the "Standby" phase.
	Standby              time.Time `protobuf:"bytes,3,opt,name=Standby,proto3,stdtime" json:"standby,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

RotationSchedule is a rotation schedule setting time switches for different phases.

func GenerateSchedule 

func GenerateSchedule(now time.Time, gracePeriod time.Duration) (*RotationSchedule, error)

GenerateSchedule generates schedule based on the time period, using even time periods between rotation phases.

func (*RotationSchedule) CheckAndSetDefaults 

func (s *RotationSchedule) CheckAndSetDefaults(now time.Time) error

CheckAndSetDefaults checks and sets default values of the rotation schedule.

func (*RotationSchedule) Descriptor 

func (*RotationSchedule) Descriptor() ([]byte, []int)

func (*RotationSchedule) Marshal 

func (m *RotationSchedule) Marshal() (dAtA []byte, err error)

func (*RotationSchedule) MarshalTo 

func (m *RotationSchedule) MarshalTo(dAtA []byte) (int, error)

func (*RotationSchedule) MarshalToSizedBuffer 

func (m *RotationSchedule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RotationSchedule) ProtoMessage 

func (*RotationSchedule) ProtoMessage()

func (*RotationSchedule) Reset 

func (m *RotationSchedule) Reset()

func (*RotationSchedule) Size 

func (m *RotationSchedule) Size() (n int)

func (*RotationSchedule) String 

func (m *RotationSchedule) String() string

func (*RotationSchedule) Unmarshal 

func (m *RotationSchedule) Unmarshal(dAtA []byte) error

func (*RotationSchedule) XXX_DiscardUnknown 

func (m *RotationSchedule) XXX_DiscardUnknown()

func (*RotationSchedule) XXX_Marshal 

func (m *RotationSchedule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RotationSchedule) XXX_Merge 

func (m *RotationSchedule) XXX_Merge(src proto.Message)

func (*RotationSchedule) XXX_Size 

func (m *RotationSchedule) XXX_Size() int

func (*RotationSchedule) XXX_Unmarshal 

func (m *RotationSchedule) XXX_Unmarshal(b []byte) error

type RoutingStrategy 

type RoutingStrategy int32

RoutingStrategy determines the strategy used to route to nodes. 

const (
	// UnambiguousMatch only routes to distinct nodes.
	RoutingStrategy_UNAMBIGUOUS_MATCH RoutingStrategy = 0
	// MostRecent routes to the most recently heartbeated node if duplicates are present.
	RoutingStrategy_MOST_RECENT RoutingStrategy = 1
)

func (RoutingStrategy) EnumDescriptor 

func (RoutingStrategy) EnumDescriptor() ([]byte, []int)

func (RoutingStrategy) MarshalYAML 

func (s RoutingStrategy) MarshalYAML() (interface{}, error)

MarshalYAML defines how a routing strategy should be marshaled to a string

func (RoutingStrategy) String 

func (x RoutingStrategy) String() string

func (*RoutingStrategy) UnmarshalYAML 

func (s *RoutingStrategy) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML unmarshalls routing strategy from YAML value.

type Rule 

type Rule struct {
	// Resources is a list of resources
	Resources []string `protobuf:"bytes,1,rep,name=Resources,proto3" json:"resources,omitempty"`
	// Verbs is a list of verbs
	Verbs []string `protobuf:"bytes,2,rep,name=Verbs,proto3" json:"verbs,omitempty"`
	// Where specifies optional advanced matcher
	Where string `protobuf:"bytes,3,opt,name=Where,proto3" json:"where,omitempty"`
	// Actions specifies optional actions taken when this rule matches
	Actions              []string `protobuf:"bytes,4,rep,name=Actions,proto3" json:"actions,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Rule represents allow or deny rule that is executed to check if user or service have access to resource

func CopyRulesSlice 

func CopyRulesSlice(in []Rule) []Rule

CopyRulesSlice copies input slice of Rules and returns the copy

func NewRule 

func NewRule(resource string, verbs []string) Rule

NewRule creates a rule based on a resource name and a list of verbs

func (*Rule) CheckAndSetDefaults 

func (r *Rule) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets defaults for this rule

func (*Rule) Descriptor 

func (*Rule) Descriptor() ([]byte, []int)

func (*Rule) HasResource 

func (r *Rule) HasResource(resource string) bool

HasResource returns true if the rule has the specified resource.

func (*Rule) HasVerb 

func (r *Rule) HasVerb(verb string) bool

HasVerb returns true if the rule has the specified verb.

func (*Rule) Marshal 

func (m *Rule) Marshal() (dAtA []byte, err error)

func (*Rule) MarshalTo 

func (m *Rule) MarshalTo(dAtA []byte) (int, error)

func (*Rule) MarshalToSizedBuffer 

func (m *Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Rule) ProtoMessage 

func (*Rule) ProtoMessage()

func (*Rule) Reset 

func (m *Rule) Reset()

func (*Rule) Size 

func (m *Rule) Size() (n int)

func (*Rule) String 

func (m *Rule) String() string

func (*Rule) Unmarshal 

func (m *Rule) Unmarshal(dAtA []byte) error

func (*Rule) XXX_DiscardUnknown 

func (m *Rule) XXX_DiscardUnknown()

func (*Rule) XXX_Marshal 

func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Rule) XXX_Merge 

func (m *Rule) XXX_Merge(src proto.Message)

func (*Rule) XXX_Size 

func (m *Rule) XXX_Size() int

func (*Rule) XXX_Unmarshal 

func (m *Rule) XXX_Unmarshal(b []byte) error

type SAMLAttribute 

type SAMLAttribute struct {
	// FriendlyName is a user readable name for the attribute.
	FriendlyName string `protobuf:"bytes,1,opt,name=FriendlyName,proto3" json:"friendly_name"`
	// Name is a full name for the attribute, typically an OID value.
	Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"name"`
	// NameFormat is the format of the name.
	NameFormat string `protobuf:"bytes,3,opt,name=NameFormat,proto3" json:"name_format"`
	// Values is a list of attribute values.
	Values               []*SAMLAttributeValue `protobuf:"bytes,4,rep,name=Values,proto3" json:"values"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

SAMLAttribute contains an attribute name and associated values. Defined in http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.

func (*SAMLAttribute) Descriptor 

func (*SAMLAttribute) Descriptor() ([]byte, []int)

func (*SAMLAttribute) Marshal 

func (m *SAMLAttribute) Marshal() (dAtA []byte, err error)

func (*SAMLAttribute) MarshalTo 

func (m *SAMLAttribute) MarshalTo(dAtA []byte) (int, error)

func (*SAMLAttribute) MarshalToSizedBuffer 

func (m *SAMLAttribute) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLAttribute) ProtoMessage 

func (*SAMLAttribute) ProtoMessage()

func (*SAMLAttribute) Reset 

func (m *SAMLAttribute) Reset()

func (*SAMLAttribute) Size 

func (m *SAMLAttribute) Size() (n int)

func (*SAMLAttribute) String 

func (m *SAMLAttribute) String() string

func (*SAMLAttribute) Unmarshal 

func (m *SAMLAttribute) Unmarshal(dAtA []byte) error

func (*SAMLAttribute) XXX_DiscardUnknown 

func (m *SAMLAttribute) XXX_DiscardUnknown()

func (*SAMLAttribute) XXX_Marshal 

func (m *SAMLAttribute) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLAttribute) XXX_Merge 

func (m *SAMLAttribute) XXX_Merge(src proto.Message)

func (*SAMLAttribute) XXX_Size 

func (m *SAMLAttribute) XXX_Size() int

func (*SAMLAttribute) XXX_Unmarshal 

func (m *SAMLAttribute) XXX_Unmarshal(b []byte) error

type SAMLAttributeMapping 

type SAMLAttributeMapping struct {
	// name is an attribute name.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name"`
	// name_format is an attribute name format.
	NameFormat string `protobuf:"bytes,2,opt,name=name_format,json=nameFormat,proto3" json:"name_format"`
	// value is an attribute value definable with predicate expression.
	Value                string   `protobuf:"bytes,3,opt,name=value,proto3" json:"value"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SAMLAttributeMapping represents SAML service provider requested attribute name, format and its values.

func (*SAMLAttributeMapping) CheckAndSetDefaults 

func (am *SAMLAttributeMapping) CheckAndSetDefaults() error

CheckAndSetDefaults check and sets SAMLAttributeMapping default values

func (*SAMLAttributeMapping) Descriptor 

func (*SAMLAttributeMapping) Descriptor() ([]byte, []int)

func (*SAMLAttributeMapping) Marshal 

func (m *SAMLAttributeMapping) Marshal() (dAtA []byte, err error)

func (*SAMLAttributeMapping) MarshalTo 

func (m *SAMLAttributeMapping) MarshalTo(dAtA []byte) (int, error)

func (*SAMLAttributeMapping) MarshalToSizedBuffer 

func (m *SAMLAttributeMapping) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLAttributeMapping) ProtoMessage 

func (*SAMLAttributeMapping) ProtoMessage()

func (*SAMLAttributeMapping) Reset 

func (m *SAMLAttributeMapping) Reset()

func (*SAMLAttributeMapping) Size 

func (m *SAMLAttributeMapping) Size() (n int)

func (*SAMLAttributeMapping) String 

func (m *SAMLAttributeMapping) String() string

func (*SAMLAttributeMapping) Unmarshal 

func (m *SAMLAttributeMapping) Unmarshal(dAtA []byte) error

func (*SAMLAttributeMapping) XXX_DiscardUnknown 

func (m *SAMLAttributeMapping) XXX_DiscardUnknown()

func (*SAMLAttributeMapping) XXX_Marshal 

func (m *SAMLAttributeMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLAttributeMapping) XXX_Merge 

func (m *SAMLAttributeMapping) XXX_Merge(src proto.Message)

func (*SAMLAttributeMapping) XXX_Size 

func (m *SAMLAttributeMapping) XXX_Size() int

func (*SAMLAttributeMapping) XXX_Unmarshal 

func (m *SAMLAttributeMapping) XXX_Unmarshal(b []byte) error

type SAMLAttributeValue 

type SAMLAttributeValue struct {
	// Type is the type of value this attribute represents.
	Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type"`
	// Value is the value of the attribute.
	Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
	// NameID is a more restrictive identifier for the attribute value.
	NameID               *SAMLNameID `protobuf:"bytes,3,opt,name=NameID,proto3" json:"name_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

SAMLAttributeValues contains a type, value, and an associated name ID block. Defined in http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.

func (*SAMLAttributeValue) Descriptor 

func (*SAMLAttributeValue) Descriptor() ([]byte, []int)

func (*SAMLAttributeValue) Marshal 

func (m *SAMLAttributeValue) Marshal() (dAtA []byte, err error)

func (*SAMLAttributeValue) MarshalTo 

func (m *SAMLAttributeValue) MarshalTo(dAtA []byte) (int, error)

func (*SAMLAttributeValue) MarshalToSizedBuffer 

func (m *SAMLAttributeValue) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLAttributeValue) ProtoMessage 

func (*SAMLAttributeValue) ProtoMessage()

func (*SAMLAttributeValue) Reset 

func (m *SAMLAttributeValue) Reset()

func (*SAMLAttributeValue) Size 

func (m *SAMLAttributeValue) Size() (n int)

func (*SAMLAttributeValue) String 

func (m *SAMLAttributeValue) String() string

func (*SAMLAttributeValue) Unmarshal 

func (m *SAMLAttributeValue) Unmarshal(dAtA []byte) error

func (*SAMLAttributeValue) XXX_DiscardUnknown 

func (m *SAMLAttributeValue) XXX_DiscardUnknown()

func (*SAMLAttributeValue) XXX_Marshal 

func (m *SAMLAttributeValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLAttributeValue) XXX_Merge 

func (m *SAMLAttributeValue) XXX_Merge(src proto.Message)

func (*SAMLAttributeValue) XXX_Size 

func (m *SAMLAttributeValue) XXX_Size() int

func (*SAMLAttributeValue) XXX_Unmarshal 

func (m *SAMLAttributeValue) XXX_Unmarshal(b []byte) error

type SAMLAuthRequest 

type SAMLAuthRequest struct {
	// ID is a unique request ID.
	ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id"`
	// ConnectorID is ID of OIDC connector this request uses.
	ConnectorID string `protobuf:"bytes,2,opt,name=ConnectorID,proto3" json:"connector_id"`
	// Type is opaque string that helps callbacks identify the request type.
	Type string `protobuf:"bytes,3,opt,name=Type,proto3" json:"type"`
	// CheckUser tells validator if it should expect and check user.
	CheckUser bool `protobuf:"varint,4,opt,name=CheckUser,proto3" json:"check_user"`
	// RedirectURL will be used by browser.
	// Value only set if the PreferredRequestBinding "http-redirect".
	RedirectURL string `protobuf:"bytes,5,opt,name=RedirectURL,proto3" json:"redirect_url"`
	// CertTTL is the TTL of the certificate user wants to get.
	CertTTL time.Duration `protobuf:"varint,7,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"`
	// CSRFToken is associated with user web session token.
	CSRFToken string `protobuf:"bytes,8,opt,name=CSRFToken,proto3" json:"csrf_token"`
	// CreateWebSession indicates if user wants to generate a web
	// session after successful authentication.
	CreateWebSession bool `protobuf:"varint,9,opt,name=CreateWebSession,proto3" json:"create_web_session"`
	// ClientRedirectURL is a URL client wants to be redirected
	// after successful authentication.
	ClientRedirectURL string `protobuf:"bytes,10,opt,name=ClientRedirectURL,proto3" json:"client_redirect_url"`
	// Compatibility specifies OpenSSH compatibility flags.
	Compatibility string `protobuf:"bytes,11,opt,name=Compatibility,proto3" json:"compatibility,omitempty"`
	// RouteToCluster is the name of Teleport cluster to issue credentials for.
	RouteToCluster string `protobuf:"bytes,12,opt,name=RouteToCluster,proto3" json:"route_to_cluster,omitempty"`
	// KubernetesCluster is the name of Kubernetes cluster to issue credentials for.
	KubernetesCluster string `protobuf:"bytes,13,opt,name=KubernetesCluster,proto3" json:"kubernetes_cluster,omitempty"`
	// SSOTestFlow indicates if the request is part of the test flow.
	SSOTestFlow bool `protobuf:"varint,14,opt,name=SSOTestFlow,proto3" json:"sso_test_flow"`
	// ConnectorSpec is embedded connector spec for use in test flow.
	ConnectorSpec *SAMLConnectorSpecV2 `protobuf:"bytes,15,opt,name=ConnectorSpec,proto3" json:"connector_spec,omitempty"`
	// ClientLoginIP specifies IP address of the client for login, it will be written to the user's certificates.
	ClientLoginIP string `protobuf:"bytes,17,opt,name=ClientLoginIP,proto3" json:"client_login_ip,omitempty"`
	// ClientUserAgent is the user agent of the Web browser, used for issuing a
	// DeviceWebToken.
	ClientUserAgent string `protobuf:"bytes,18,opt,name=ClientUserAgent,proto3" json:"client_user_agent,omitempty"`
	// SshPublicKey is an optional public key to use as the subject of an issued
	// SSH cert in case of successful auth.
	SshPublicKey []byte `protobuf:"bytes,19,opt,name=ssh_public_key,json=sshPublicKey,proto3" json:"ssh_pub_key,omitempty"`
	// TlsPublicKey is an optional public key to use as the subject of an issued
	// TLS cert in case of successful auth.
	TlsPublicKey []byte `protobuf:"bytes,20,opt,name=tls_public_key,json=tlsPublicKey,proto3" json:"tls_pub_key,omitempty"`
	// SshAttestationStatement is an attestation statement for the given SSH public key.
	SshAttestationStatement *v1.AttestationStatement `` /* 133-byte string literal not displayed */
	// TlsAttestationStatement is an attestation statement for the given TLS public key.
	TlsAttestationStatement *v1.AttestationStatement `` /* 133-byte string literal not displayed */
	// PostForm is the HTML form value that contains the SAML authentication request data.
	// Value is only set if the PreferredRequestBinding in the SAMLConnectorSpecV2
	// is "http-post". In any other case, RedirectURL field will be populated.
	PostForm []byte `protobuf:"bytes,23,opt,name=PostForm,proto3" json:"post_form,omitempty"`
	// ClientVersion is the version of tsh or Proxy that is sending the SAMLAuthRequest request.
	ClientVersion        string   `protobuf:"bytes,24,opt,name=ClientVersion,proto3" json:"client_version,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SAMLAuthRequest is a request to authenticate with SAML provider, the state about request is managed by the Auth Service

func (*SAMLAuthRequest) Check 

func (r *SAMLAuthRequest) Check() error

Check returns nil if all parameters are great, err otherwise

func (*SAMLAuthRequest) Descriptor 

func (*SAMLAuthRequest) Descriptor() ([]byte, []int)

func (*SAMLAuthRequest) Marshal 

func (m *SAMLAuthRequest) Marshal() (dAtA []byte, err error)

func (*SAMLAuthRequest) MarshalTo 

func (m *SAMLAuthRequest) MarshalTo(dAtA []byte) (int, error)

func (*SAMLAuthRequest) MarshalToSizedBuffer 

func (m *SAMLAuthRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLAuthRequest) ProtoMessage 

func (*SAMLAuthRequest) ProtoMessage()

func (*SAMLAuthRequest) Reset 

func (m *SAMLAuthRequest) Reset()

func (*SAMLAuthRequest) Size 

func (m *SAMLAuthRequest) Size() (n int)

func (*SAMLAuthRequest) String 

func (m *SAMLAuthRequest) String() string

func (*SAMLAuthRequest) Unmarshal 

func (m *SAMLAuthRequest) Unmarshal(dAtA []byte) error

func (*SAMLAuthRequest) XXX_DiscardUnknown 

func (m *SAMLAuthRequest) XXX_DiscardUnknown()

func (*SAMLAuthRequest) XXX_Marshal 

func (m *SAMLAuthRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLAuthRequest) XXX_Merge 

func (m *SAMLAuthRequest) XXX_Merge(src proto.Message)

func (*SAMLAuthRequest) XXX_Size 

func (m *SAMLAuthRequest) XXX_Size() int

func (*SAMLAuthRequest) XXX_Unmarshal 

func (m *SAMLAuthRequest) XXX_Unmarshal(b []byte) error

type SAMLConnector 

type SAMLConnector interface {
	// ResourceWithSecrets provides common methods for objects
	ResourceWithSecrets
	ResourceWithOrigin

	// SetMetadata sets the connector metadata
	SetMetadata(Metadata)
	// GetDisplay returns display - friendly name for this provider.
	GetDisplay() string
	// SetDisplay sets friendly name for this provider.
	SetDisplay(string)
	// GetAttributesToRoles returns attributes to roles mapping
	GetAttributesToRoles() []AttributeMapping
	// SetAttributesToRoles sets attributes to roles mapping
	SetAttributesToRoles(mapping []AttributeMapping)
	// GetAttributes returns list of attributes expected by mappings
	GetAttributes() []string
	// GetTraitMappings converts gets all attribute mappings in the
	// generic trait mapping format.
	GetTraitMappings() TraitMappingSet
	// SetIssuer sets issuer
	SetIssuer(issuer string)
	// GetIssuer returns issuer
	GetIssuer() string
	// GetSigningKeyPair returns signing key pair
	GetSigningKeyPair() *AsymmetricKeyPair
	// GetSigningKeyPair sets signing key pair
	SetSigningKeyPair(k *AsymmetricKeyPair)
	// GetSSO returns SSO service
	GetSSO() string
	// SetSSO sets SSO service
	SetSSO(string)
	// GetEntityDescriptor returns XML entity descriptor of the service
	GetEntityDescriptor() string
	// SetEntityDescriptor sets entity descriptor of the service
	SetEntityDescriptor(v string)
	// GetEntityDescriptorURL returns the URL to obtain the entity descriptor.
	GetEntityDescriptorURL() string
	// SetEntityDescriptorURL sets the entity descriptor url.
	SetEntityDescriptorURL(string)
	// GetCert returns identity provider checking x509 certificate
	GetCert() string
	// SetCert sets identity provider checking certificate
	SetCert(string)
	// GetServiceProviderIssuer returns service provider issuer
	GetServiceProviderIssuer() string
	// SetServiceProviderIssuer sets service provider issuer
	SetServiceProviderIssuer(v string)
	// GetAudience returns audience
	GetAudience() string
	// SetAudience sets audience
	SetAudience(v string)
	// GetAssertionConsumerService returns assertion consumer service URL
	GetAssertionConsumerService() string
	// SetAssertionConsumerService sets assertion consumer service URL
	SetAssertionConsumerService(v string)
	// GetProvider returns the identity provider.
	GetProvider() string
	// SetProvider sets the identity provider.
	SetProvider(string)
	// GetEncryptionKeyPair returns the key pair for SAML assertions.
	GetEncryptionKeyPair() *AsymmetricKeyPair
	// SetEncryptionKeyPair sets the key pair for SAML assertions.
	SetEncryptionKeyPair(k *AsymmetricKeyPair)
	// GetAllowIDPInitiated returns whether the identity provider can initiate a login or not.
	GetAllowIDPInitiated() bool
	// SetAllowIDPInitiated sets whether the identity provider can initiate a login or not.
	SetAllowIDPInitiated(bool)
	// GetClientRedirectSettings returns the client redirect settings.
	GetClientRedirectSettings() *SSOClientRedirectSettings
	// GetSingleLogoutURL returns the SAML SLO (single logout) URL for the identity provider.
	GetSingleLogoutURL() string
	// SetSingleLogoutURL sets the SAML SLO (single logout) URL for the identity provider.
	SetSingleLogoutURL(string)
	// GetMFASettings returns the connector's MFA settings.
	GetMFASettings() *SAMLConnectorMFASettings
	// SetMFASettings sets the connector's MFA settings.
	SetMFASettings(s *SAMLConnectorMFASettings)
	// IsMFAEnabled returns whether the connector has MFA enabled.
	IsMFAEnabled() bool
	// WithMFASettings returns the connector will some settings overwritten set from MFA settings.
	WithMFASettings() error
	// GetForceAuthn returns ForceAuthn
	GetForceAuthn() bool
	// GetPreferredRequestBinding returns PreferredRequestBinding.
	GetPreferredRequestBinding() string
}

SAMLConnector specifies configuration for SAML 2.0 identity providers

func NewSAMLConnector 

func NewSAMLConnector(name string, spec SAMLConnectorSpecV2) (SAMLConnector, error)

NewSAMLConnector returns a new SAMLConnector based off a name and SAMLConnectorSpecV2.

type SAMLConnectorMFASettings 

type SAMLConnectorMFASettings struct {
	// Enabled specified whether this SAML connector supports MFA checks. Defaults to false.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// EntityDescriptor is XML with descriptor. It can be used to supply configuration
	// parameters in one XML file rather than supplying them in the individual elements.
	// Usually set from EntityDescriptorUrl.
	EntityDescriptor string `protobuf:"bytes,2,opt,name=entity_descriptor,json=entityDescriptor,proto3" json:"entity_descriptor,omitempty"`
	// EntityDescriptorUrl is a URL that supplies a configuration XML.
	EntityDescriptorUrl string `protobuf:"bytes,3,opt,name=entity_descriptor_url,json=entityDescriptorUrl,proto3" json:"entity_descriptor_url,omitempty"`
	// ForceAuthn specified whether re-authentication should be forced for MFA checks. UNSPECIFIED is
	// treated as YES to always re-authentication for MFA checks. This should only be set to NO if the
	// IdP is setup to perform MFA checks on top of active user sessions.
	ForceAuthn SAMLForceAuthn `protobuf:"varint,4,opt,name=force_authn,json=forceAuthn,proto3,enum=types.SAMLForceAuthn" json:"force_authn,omitempty"`
	// Issuer is the identity provider issuer. Usually set from EntityDescriptor.
	Issuer string `protobuf:"bytes,5,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// SSO is the URL of the identity provider's SSO service. Usually set from EntityDescriptor.
	Sso string `protobuf:"bytes,6,opt,name=sso,proto3" json:"sso,omitempty"`
	// Cert is the identity provider certificate PEM.
	// IDP signs `<Response>` responses using this certificate.
	Cert                 string   `protobuf:"bytes,7,opt,name=cert,proto3" json:"cert,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SAMLConnectorMFASettings contains SAML MFA settings.

func (*SAMLConnectorMFASettings) Descriptor 

func (*SAMLConnectorMFASettings) Descriptor() ([]byte, []int)

func (*SAMLConnectorMFASettings) Marshal 

func (m *SAMLConnectorMFASettings) Marshal() (dAtA []byte, err error)

func (*SAMLConnectorMFASettings) MarshalTo 

func (m *SAMLConnectorMFASettings) MarshalTo(dAtA []byte) (int, error)

func (*SAMLConnectorMFASettings) MarshalToSizedBuffer 

func (m *SAMLConnectorMFASettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLConnectorMFASettings) ProtoMessage 

func (*SAMLConnectorMFASettings) ProtoMessage()

func (*SAMLConnectorMFASettings) Reset 

func (m *SAMLConnectorMFASettings) Reset()

func (*SAMLConnectorMFASettings) Size 

func (m *SAMLConnectorMFASettings) Size() (n int)

func (*SAMLConnectorMFASettings) String 

func (m *SAMLConnectorMFASettings) String() string

func (*SAMLConnectorMFASettings) Unmarshal 

func (m *SAMLConnectorMFASettings) Unmarshal(dAtA []byte) error

func (*SAMLConnectorMFASettings) XXX_DiscardUnknown 

func (m *SAMLConnectorMFASettings) XXX_DiscardUnknown()

func (*SAMLConnectorMFASettings) XXX_Marshal 

func (m *SAMLConnectorMFASettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLConnectorMFASettings) XXX_Merge 

func (m *SAMLConnectorMFASettings) XXX_Merge(src proto.Message)

func (*SAMLConnectorMFASettings) XXX_Size 

func (m *SAMLConnectorMFASettings) XXX_Size() int

func (*SAMLConnectorMFASettings) XXX_Unmarshal 

func (m *SAMLConnectorMFASettings) XXX_Unmarshal(b []byte) error

type SAMLConnectorSpecV2 

type SAMLConnectorSpecV2 struct {
	// Issuer is the identity provider issuer.
	Issuer string `protobuf:"bytes,1,opt,name=Issuer,proto3" json:"issuer"`
	// SSO is the URL of the identity provider's SSO service.
	SSO string `protobuf:"bytes,2,opt,name=SSO,proto3" json:"sso"`
	// Cert is the identity provider certificate PEM.
	// IDP signs `<Response>` responses using this certificate.
	Cert string `protobuf:"bytes,3,opt,name=Cert,proto3" json:"cert"`
	// Display controls how this connector is displayed.
	Display string `protobuf:"bytes,4,opt,name=Display,proto3" json:"display"`
	// AssertionConsumerService is a URL for assertion consumer service
	// on the service provider (Teleport's side).
	AssertionConsumerService string `protobuf:"bytes,5,opt,name=AssertionConsumerService,proto3" json:"acs"`
	// Audience uniquely identifies our service provider.
	Audience string `protobuf:"bytes,6,opt,name=Audience,proto3" json:"audience"`
	// ServiceProviderIssuer is the issuer of the service provider (Teleport).
	ServiceProviderIssuer string `protobuf:"bytes,7,opt,name=ServiceProviderIssuer,proto3" json:"service_provider_issuer"`
	// EntityDescriptor is XML with descriptor. It can be used to supply configuration
	// parameters in one XML file rather than supplying them in the individual elements.
	EntityDescriptor string `protobuf:"bytes,8,opt,name=EntityDescriptor,proto3" json:"entity_descriptor"`
	// EntityDescriptorURL is a URL that supplies a configuration XML.
	EntityDescriptorURL string `protobuf:"bytes,9,opt,name=EntityDescriptorURL,proto3" json:"entity_descriptor_url"`
	// AttributesToRoles is a list of mappings of attribute statements to roles.
	AttributesToRoles []AttributeMapping `protobuf:"bytes,10,rep,name=AttributesToRoles,proto3" json:"attributes_to_roles"`
	// SigningKeyPair is an x509 key pair used to sign AuthnRequest.
	SigningKeyPair *AsymmetricKeyPair `protobuf:"bytes,11,opt,name=SigningKeyPair,proto3" json:"signing_key_pair,omitempty"`
	// Provider is the external identity provider.
	Provider string `protobuf:"bytes,12,opt,name=Provider,proto3" json:"provider,omitempty"`
	// EncryptionKeyPair is a key pair used for decrypting SAML assertions.
	EncryptionKeyPair *AsymmetricKeyPair `protobuf:"bytes,13,opt,name=EncryptionKeyPair,proto3" json:"assertion_key_pair,omitempty"`
	// AllowIDPInitiated is a flag that indicates if the connector can be used for IdP-initiated
	// logins.
	AllowIDPInitiated bool `protobuf:"varint,14,opt,name=AllowIDPInitiated,proto3" json:"allow_idp_initiated,omitempty"`
	// ClientRedirectSettings defines which client redirect URLs are allowed for
	// non-browser SSO logins other than the standard localhost ones.
	ClientRedirectSettings *SSOClientRedirectSettings `protobuf:"bytes,15,opt,name=ClientRedirectSettings,proto3" json:"client_redirect_settings,omitempty"`
	// SingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out). If this is not provided, SLO is disabled.
	SingleLogoutURL string `protobuf:"bytes,16,opt,name=SingleLogoutURL,proto3" json:"single_logout_url,omitempty"`
	// MFASettings contains settings to enable SSO MFA checks through this auth connector.
	MFASettings *SAMLConnectorMFASettings `protobuf:"bytes,17,opt,name=MFASettings,proto3" json:"mfa,omitempty"`
	// ForceAuthn specified whether re-authentication should be forced on login. UNSPECIFIED
	// is treated as NO.
	ForceAuthn SAMLForceAuthn `protobuf:"varint,18,opt,name=ForceAuthn,proto3,enum=types.SAMLForceAuthn" json:"force_authn,omitempty"`
	// PreferredRequestBinding is a preferred SAML request binding method.
	// Value must be either "http-post" or "http-redirect".
	// In general, the SAML identity provider lists request binding methods it supports.
	// And the SAML service provider uses one of the IdP supported request binding method that it prefers.
	// But we never honored request binding value provided by the IdP and always used http-redirect
	// binding as a default. Setting up PreferredRequestBinding value lets us preserve existing
	// auth connector behavior and only use http-post binding if it is explicitly configured.
	PreferredRequestBinding string   `protobuf:"bytes,19,opt,name=PreferredRequestBinding,proto3" json:"preferred_request_binding,omitempty"`
	XXX_NoUnkeyedLiteral    struct{} `json:"-"`
	XXX_unrecognized        []byte   `json:"-"`
	XXX_sizecache           int32    `json:"-"`
}

SAMLConnectorSpecV2 is a SAML connector specification.

func (*SAMLConnectorSpecV2) Descriptor 

func (*SAMLConnectorSpecV2) Descriptor() ([]byte, []int)

func (*SAMLConnectorSpecV2) Marshal 

func (m *SAMLConnectorSpecV2) Marshal() (dAtA []byte, err error)

func (*SAMLConnectorSpecV2) MarshalTo 

func (m *SAMLConnectorSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*SAMLConnectorSpecV2) MarshalToSizedBuffer 

func (m *SAMLConnectorSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLConnectorSpecV2) ProtoMessage 

func (*SAMLConnectorSpecV2) ProtoMessage()

func (*SAMLConnectorSpecV2) Reset 

func (m *SAMLConnectorSpecV2) Reset()

func (*SAMLConnectorSpecV2) Size 

func (m *SAMLConnectorSpecV2) Size() (n int)

func (*SAMLConnectorSpecV2) String 

func (m *SAMLConnectorSpecV2) String() string

func (*SAMLConnectorSpecV2) Unmarshal 

func (m *SAMLConnectorSpecV2) Unmarshal(dAtA []byte) error

func (*SAMLConnectorSpecV2) XXX_DiscardUnknown 

func (m *SAMLConnectorSpecV2) XXX_DiscardUnknown()

func (*SAMLConnectorSpecV2) XXX_Marshal 

func (m *SAMLConnectorSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLConnectorSpecV2) XXX_Merge 

func (m *SAMLConnectorSpecV2) XXX_Merge(src proto.Message)

func (*SAMLConnectorSpecV2) XXX_Size 

func (m *SAMLConnectorSpecV2) XXX_Size() int

func (*SAMLConnectorSpecV2) XXX_Unmarshal 

func (m *SAMLConnectorSpecV2) XXX_Unmarshal(b []byte) error

type SAMLConnectorV2 

type SAMLConnectorV2 struct {
	// Kind is a resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v2`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata holds resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is an SAML connector specification.
	Spec                 SAMLConnectorSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

SAMLConnectorV2 represents a SAML connector.

func (*SAMLConnectorV2) CheckAndSetDefaults 

func (o *SAMLConnectorV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*SAMLConnectorV2) Descriptor 

func (*SAMLConnectorV2) Descriptor() ([]byte, []int)

func (*SAMLConnectorV2) Expiry 

func (o *SAMLConnectorV2) Expiry() time.Time

Expiry returns object expiry setting

func (*SAMLConnectorV2) GetAllowIDPInitiated 

func (o *SAMLConnectorV2) GetAllowIDPInitiated() bool

GetAllowIDPInitiated returns whether the identity provider can initiate a login or not.

func (*SAMLConnectorV2) GetAssertionConsumerService 

func (o *SAMLConnectorV2) GetAssertionConsumerService() string

GetAssertionConsumerService returns assertion consumer service URL

func (*SAMLConnectorV2) GetAttributes 

func (o *SAMLConnectorV2) GetAttributes() []string

GetAttributes returns list of attributes expected by mappings

func (*SAMLConnectorV2) GetAttributesToRoles 

func (o *SAMLConnectorV2) GetAttributesToRoles() []AttributeMapping

GetAttributesToRoles returns attributes to roles mapping

func (*SAMLConnectorV2) GetAudience 

func (o *SAMLConnectorV2) GetAudience() string

GetAudience returns audience

func (*SAMLConnectorV2) GetCert 

func (o *SAMLConnectorV2) GetCert() string

GetCert returns identity provider checking x509 certificate

func (*SAMLConnectorV2) GetClientRedirectSettings 

func (o *SAMLConnectorV2) GetClientRedirectSettings() *SSOClientRedirectSettings

GetClientRedirectSettings returns the client redirect settings.

func (*SAMLConnectorV2) GetDisplay 

func (o *SAMLConnectorV2) GetDisplay() string

GetDisplay returns the friendly name for this provider.

func (*SAMLConnectorV2) GetEncryptionKeyPair 

func (o *SAMLConnectorV2) GetEncryptionKeyPair() *AsymmetricKeyPair

GetEncryptionKeyPair returns the key pair for SAML assertions.

func (*SAMLConnectorV2) GetEntityDescriptor 

func (o *SAMLConnectorV2) GetEntityDescriptor() string

GetEntityDescriptor returns XML entity descriptor of the service

func (*SAMLConnectorV2) GetEntityDescriptorURL 

func (o *SAMLConnectorV2) GetEntityDescriptorURL() string

GetEntityDescriptorURL returns the URL to obtain the entity descriptor.

func (*SAMLConnectorV2) GetForceAuthn 

func (o *SAMLConnectorV2) GetForceAuthn() bool

GetForceAuthn returns ForceAuthn

func (*SAMLConnectorV2) GetIssuer 

func (o *SAMLConnectorV2) GetIssuer() string

GetIssuer returns issuer

func (*SAMLConnectorV2) GetKind 

func (o *SAMLConnectorV2) GetKind() string

GetKind returns resource kind

func (*SAMLConnectorV2) GetMFASettings 

func (o *SAMLConnectorV2) GetMFASettings() *SAMLConnectorMFASettings

GetMFASettings returns the connector's MFA settings.

func (*SAMLConnectorV2) GetMetadata 

func (o *SAMLConnectorV2) GetMetadata() Metadata

GetMetadata returns object metadata

func (*SAMLConnectorV2) GetName 

func (o *SAMLConnectorV2) GetName() string

GetName returns the name of the connector

func (*SAMLConnectorV2) GetPreferredRequestBinding 

func (o *SAMLConnectorV2) GetPreferredRequestBinding() string

GetPreferredRequestBinding returns PreferredRequestBinding.

func (*SAMLConnectorV2) GetProvider 

func (o *SAMLConnectorV2) GetProvider() string

GetProvider returns the identity provider.

func (*SAMLConnectorV2) GetRevision 

func (o *SAMLConnectorV2) GetRevision() string

GetRevision returns the revision

func (*SAMLConnectorV2) GetSSO 

func (o *SAMLConnectorV2) GetSSO() string

GetSSO returns SSO service

func (*SAMLConnectorV2) GetServiceProviderIssuer 

func (o *SAMLConnectorV2) GetServiceProviderIssuer() string

GetServiceProviderIssuer returns service provider issuer

func (*SAMLConnectorV2) GetSigningKeyPair 

func (o *SAMLConnectorV2) GetSigningKeyPair() *AsymmetricKeyPair

GetSigningKeyPair returns signing key pair

func (*SAMLConnectorV2) GetSingleLogoutURL 

func (o *SAMLConnectorV2) GetSingleLogoutURL() string

GetSingleLogoutURL returns the SAML SLO (single logout) URL for the identity provider.

func (*SAMLConnectorV2) GetSubKind 

func (o *SAMLConnectorV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*SAMLConnectorV2) GetTraitMappings 

func (o *SAMLConnectorV2) GetTraitMappings() TraitMappingSet

GetTraitMappings returns the SAMLConnector's TraitMappingSet

func (*SAMLConnectorV2) GetVersion 

func (o *SAMLConnectorV2) GetVersion() string

GetVersion returns resource version

func (*SAMLConnectorV2) IsMFAEnabled 

func (o *SAMLConnectorV2) IsMFAEnabled() bool

IsMFAEnabled returns whether the connector has MFA enabled.

func (*SAMLConnectorV2) Marshal 

func (m *SAMLConnectorV2) Marshal() (dAtA []byte, err error)

func (*SAMLConnectorV2) MarshalTo 

func (m *SAMLConnectorV2) MarshalTo(dAtA []byte) (int, error)

func (*SAMLConnectorV2) MarshalToSizedBuffer 

func (m *SAMLConnectorV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLConnectorV2) Origin 

func (o *SAMLConnectorV2) Origin() string

Origin returns the origin value of the resource.

func (*SAMLConnectorV2) ProtoMessage 

func (*SAMLConnectorV2) ProtoMessage()

func (*SAMLConnectorV2) Reset 

func (m *SAMLConnectorV2) Reset()

func (*SAMLConnectorV2) SetAllowIDPInitiated 

func (o *SAMLConnectorV2) SetAllowIDPInitiated(allow bool)

SetAllowIDPInitiated sets whether the identity provider can initiate a login or not.

func (*SAMLConnectorV2) SetAssertionConsumerService 

func (o *SAMLConnectorV2) SetAssertionConsumerService(v string)

SetAssertionConsumerService sets assertion consumer service URL

func (*SAMLConnectorV2) SetAttributesToRoles 

func (o *SAMLConnectorV2) SetAttributesToRoles(mapping []AttributeMapping)

SetAttributesToRoles sets attributes to roles mapping

func (*SAMLConnectorV2) SetAudience 

func (o *SAMLConnectorV2) SetAudience(v string)

SetAudience sets audience

func (*SAMLConnectorV2) SetCert 

func (o *SAMLConnectorV2) SetCert(cert string)

SetCert sets identity provider checking certificate

func (*SAMLConnectorV2) SetDisplay 

func (o *SAMLConnectorV2) SetDisplay(display string)

SetDisplay sets friendly name for this provider.

func (*SAMLConnectorV2) SetEncryptionKeyPair 

func (o *SAMLConnectorV2) SetEncryptionKeyPair(k *AsymmetricKeyPair)

SetEncryptionKeyPair sets the key pair for SAML assertions.

func (*SAMLConnectorV2) SetEntityDescriptor 

func (o *SAMLConnectorV2) SetEntityDescriptor(v string)

SetEntityDescriptor sets entity descriptor of the service

func (*SAMLConnectorV2) SetEntityDescriptorURL 

func (o *SAMLConnectorV2) SetEntityDescriptorURL(v string)

SetEntityDescriptorURL sets the entity descriptor url.

func (*SAMLConnectorV2) SetExpiry 

func (o *SAMLConnectorV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*SAMLConnectorV2) SetIssuer 

func (o *SAMLConnectorV2) SetIssuer(issuer string)

SetIssuer sets issuer

func (*SAMLConnectorV2) SetMFASettings 

func (o *SAMLConnectorV2) SetMFASettings(s *SAMLConnectorMFASettings)

SetMFASettings sets the connector's MFA settings.

func (*SAMLConnectorV2) SetMetadata 

func (o *SAMLConnectorV2) SetMetadata(m Metadata)

SetMetadata sets object metadata

func (*SAMLConnectorV2) SetName 

func (o *SAMLConnectorV2) SetName(name string)

SetName sets client secret to some value

func (*SAMLConnectorV2) SetOrigin 

func (o *SAMLConnectorV2) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*SAMLConnectorV2) SetProvider 

func (o *SAMLConnectorV2) SetProvider(identityProvider string)

SetProvider sets the identity provider.

func (*SAMLConnectorV2) SetRevision 

func (o *SAMLConnectorV2) SetRevision(rev string)

SetRevision sets the revision

func (*SAMLConnectorV2) SetSSO 

func (o *SAMLConnectorV2) SetSSO(sso string)

SetSSO sets SSO service

func (*SAMLConnectorV2) SetServiceProviderIssuer 

func (o *SAMLConnectorV2) SetServiceProviderIssuer(v string)

SetServiceProviderIssuer sets service provider issuer

func (*SAMLConnectorV2) SetSigningKeyPair 

func (o *SAMLConnectorV2) SetSigningKeyPair(k *AsymmetricKeyPair)

SetSigningKeyPair sets signing key pair

func (*SAMLConnectorV2) SetSingleLogoutURL 

func (o *SAMLConnectorV2) SetSingleLogoutURL(url string)

SetSingleLogoutURL sets the SAML SLO (single logout) URL for the identity provider.

func (*SAMLConnectorV2) SetSubKind 

func (o *SAMLConnectorV2) SetSubKind(sk string)

SetSubKind sets resource subkind

func (*SAMLConnectorV2) Size 

func (m *SAMLConnectorV2) Size() (n int)

func (*SAMLConnectorV2) String 

func (m *SAMLConnectorV2) String() string

func (*SAMLConnectorV2) Unmarshal 

func (m *SAMLConnectorV2) Unmarshal(dAtA []byte) error

func (*SAMLConnectorV2) WithMFASettings 

func (o *SAMLConnectorV2) WithMFASettings() error

WithMFASettings returns the connector will some settings overwritten set from MFA settings.

func (*SAMLConnectorV2) WithoutSecrets 

func (o *SAMLConnectorV2) WithoutSecrets() Resource

WithoutSecrets returns an instance of resource without secrets.

func (*SAMLConnectorV2) XXX_DiscardUnknown 

func (m *SAMLConnectorV2) XXX_DiscardUnknown()

func (*SAMLConnectorV2) XXX_Marshal 

func (m *SAMLConnectorV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLConnectorV2) XXX_Merge 

func (m *SAMLConnectorV2) XXX_Merge(src proto.Message)

func (*SAMLConnectorV2) XXX_Size 

func (m *SAMLConnectorV2) XXX_Size() int

func (*SAMLConnectorV2) XXX_Unmarshal 

func (m *SAMLConnectorV2) XXX_Unmarshal(b []byte) error

type SAMLConnectorV2List 

type SAMLConnectorV2List struct {
	// SAMLConnectors is a list of SAML connectors.
	SAMLConnectors       []*SAMLConnectorV2 `protobuf:"bytes,1,rep,name=SAMLConnectors,proto3" json:"SAMLConnectors,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

SAMLConnectorV2List is a list of SAML connectors.

func (*SAMLConnectorV2List) Descriptor 

func (*SAMLConnectorV2List) Descriptor() ([]byte, []int)

func (*SAMLConnectorV2List) Marshal 

func (m *SAMLConnectorV2List) Marshal() (dAtA []byte, err error)

func (*SAMLConnectorV2List) MarshalTo 

func (m *SAMLConnectorV2List) MarshalTo(dAtA []byte) (int, error)

func (*SAMLConnectorV2List) MarshalToSizedBuffer 

func (m *SAMLConnectorV2List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLConnectorV2List) ProtoMessage 

func (*SAMLConnectorV2List) ProtoMessage()

func (*SAMLConnectorV2List) Reset 

func (m *SAMLConnectorV2List) Reset()

func (*SAMLConnectorV2List) Size 

func (m *SAMLConnectorV2List) Size() (n int)

func (*SAMLConnectorV2List) String 

func (m *SAMLConnectorV2List) String() string

func (*SAMLConnectorV2List) Unmarshal 

func (m *SAMLConnectorV2List) Unmarshal(dAtA []byte) error

func (*SAMLConnectorV2List) XXX_DiscardUnknown 

func (m *SAMLConnectorV2List) XXX_DiscardUnknown()

func (*SAMLConnectorV2List) XXX_Marshal 

func (m *SAMLConnectorV2List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLConnectorV2List) XXX_Merge 

func (m *SAMLConnectorV2List) XXX_Merge(src proto.Message)

func (*SAMLConnectorV2List) XXX_Size 

func (m *SAMLConnectorV2List) XXX_Size() int

func (*SAMLConnectorV2List) XXX_Unmarshal 

func (m *SAMLConnectorV2List) XXX_Unmarshal(b []byte) error

type SAMLConnectorValidationOption 

type SAMLConnectorValidationOption func(*SAMLConnectorValidationOptions)

SAMLConnectorValidationOption is an option for validation of SAML connectors.

func SAMLConnectorValidationFollowURLs 

func SAMLConnectorValidationFollowURLs(follow bool) SAMLConnectorValidationOption

SAMLConnectorValidationFollowURLs returns a SAMLConnectorValidationOptions that sets whether URLs should be followed while validating the connector.

type SAMLConnectorValidationOptions 

type SAMLConnectorValidationOptions struct {
	// NoFollowURLs disables following of URLs to populate SAML connector
	// metadata. Useful when full metadata is not necessary, especially for
	// endpoints like /webapi/ping which must not hang or fail.
	NoFollowURLs bool
}

SAMLConnectorValidationOptions are options for SAML connector validation.

type SAMLForceAuthn 

type SAMLForceAuthn int32

SAMLForceAuthn specified whether existing SAML sessions should be accepted or re-authentication should be forced. 

const (
	// UNSPECIFIED is treated as the default value for the context; NO for login, YES for MFA checks.
	SAMLForceAuthn_FORCE_AUTHN_UNSPECIFIED SAMLForceAuthn = 0
	// YES re-authentication should be forced for existing SAML sessions..
	SAMLForceAuthn_FORCE_AUTHN_YES SAMLForceAuthn = 1
	// NO re-authentication should not be forced for existing SAML sessions.
	SAMLForceAuthn_FORCE_AUTHN_NO SAMLForceAuthn = 2
)

func (SAMLForceAuthn) EnumDescriptor 

func (SAMLForceAuthn) EnumDescriptor() ([]byte, []int)

func (SAMLForceAuthn) MarshalJSON 

func (s SAMLForceAuthn) MarshalJSON() ([]byte, error)

MarshalJSON marshals SAMLForceAuthn to string.

func (SAMLForceAuthn) MarshalYAML 

func (s SAMLForceAuthn) MarshalYAML() (interface{}, error)

MarshalJSON marshals SAMLForceAuthn to string.

func (SAMLForceAuthn) String 

func (x SAMLForceAuthn) String() string

func (*SAMLForceAuthn) UnmarshalJSON 

func (s *SAMLForceAuthn) UnmarshalJSON(data []byte) error

UnmarshalJSON supports parsing SAMLForceAuthn from string.

func (*SAMLForceAuthn) UnmarshalYAML 

func (s *SAMLForceAuthn) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML supports parsing SAMLForceAuthn from string.

type SAMLIdPServiceProvider 

type SAMLIdPServiceProvider interface {
	ResourceWithLabels
	// GetEntityDescriptor returns the entity descriptor of the service provider.
	GetEntityDescriptor() string
	// SetEntityDescriptor sets the entity descriptor of the service provider.
	SetEntityDescriptor(string)
	// GetEntityID returns the entity ID.
	GetEntityID() string
	// SetEntityID sets the entity ID.
	SetEntityID(string)
	// GetACSURL returns the ACS URL.
	GetACSURL() string
	// SetACSURL sets the ACS URL.
	SetACSURL(string)
	// GetPreset returns the Preset.
	GetPreset() string
	// GetAttributeMapping returns Attribute Mapping.
	GetAttributeMapping() []*SAMLAttributeMapping
	// SetAttributeMapping sets Attribute Mapping.
	SetAttributeMapping([]*SAMLAttributeMapping)
	// GetRelayState returns Relay State.
	GetRelayState() string
	// SetRelayState sets Relay State.
	SetRelayState(string)
	// GetLaunchURLs returns launch URLs
	GetLaunchURLs() []string
	// SetLaunchURLs sets launch URLs
	SetLaunchURLs([]string)
	// Copy returns a copy of this saml idp service provider object.
	Copy() SAMLIdPServiceProvider
	// CloneResource returns a copy of the SAMLIdPServiceProvider as a ResourceWithLabels
	// This is helpful when interfacing with multiple types at the same time in unified resources
	CloneResource() ResourceWithLabels
}

SAMLIdPServiceProvider specifies configuration for service providers for Teleport's built in SAML IdP.

Note: The EntityID is the entity ID for the entity descriptor. This ID is checked that it matches the entity ID in the entity descriptor at upsert time to avoid having to parse the XML blob in the entity descriptor every time we need to use this resource.

func NewSAMLIdPServiceProvider 

func NewSAMLIdPServiceProvider(metadata Metadata, spec SAMLIdPServiceProviderSpecV1) (SAMLIdPServiceProvider, error)

NewSAMLIdPServiceProvider returns a new SAMLIdPServiceProvider based off a metadata object and SAMLIdPServiceProviderSpecV1.

type SAMLIdPServiceProviderSpecV1 

type SAMLIdPServiceProviderSpecV1 struct {
	// EntityDescriptor is the entity descriptor for the service provider
	EntityDescriptor string `protobuf:"bytes,1,opt,name=EntityDescriptor,proto3" json:"entity_descriptor"`
	// EntityID is the entity ID for the entity descriptor. If entity descriptor is provided,
	// this value is checked that it matches the entity ID in the entity descriptor
	// at upsert time to avoid having to parse the XML blob in the entity descriptor
	// every time we need to use this resource.
	EntityID string `protobuf:"bytes,2,opt,name=EntityID,proto3" json:"entity_id"`
	// ACSURL is the endpoint where SAML authentication response will be redirected.
	ACSURL string `protobuf:"bytes,3,opt,name=ACSURL,proto3" json:"acs_url"`
	// AttributeMapping is used to map service provider requested attributes to
	// username, role and traits in Teleport.
	AttributeMapping []*SAMLAttributeMapping `protobuf:"bytes,4,rep,name=AttributeMapping,proto3" json:"attribute_mapping"`
	// Preset is used to define service provider profile that will have a custom behavior
	// processed by Teleport.
	Preset string `protobuf:"bytes,5,opt,name=Preset,proto3" json:"preset"`
	// RelayState is used to add custom value in the SAML response as a relay_state HTTP parameter.
	// The value can contain service provider specific redirect URL, static state token etc.
	// The value is only applied in the IdP initiated SSO flow.
	RelayState string `protobuf:"bytes,6,opt,name=RelayState,proto3" json:"relay_state"`
	// LaunchURLs is used to configure custom landing URLs for service provider. It is useful in
	// the following scenarios:
	//  1. If a service provider does not support IdP initiated authentication, launch url can be
	//     configured to launch users directly into the service provider authentication endpoint.
	//  2. If a service provider does support IdP initiated authentication, it can be useful if
	//     that service provider acts as a master authentication service provider for internal services.
	//     In such case, Teleport administrator can configure launch URL, that lets user pick a specific
	//     internal service URL from the Log In tile in the UI, which would take them to that particular
	//     service for authentication instead of directly launching to the master service provider.
	//
	// Each launch URL value must be an HTTPs endpoint.
	LaunchURLs           []string `protobuf:"bytes,7,rep,name=LaunchURLs,proto3" json:"launch_urls"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SAMLIdPServiceProviderSpecV1 is the SAMLIdPServiceProviderV1 resource spec.

func (*SAMLIdPServiceProviderSpecV1) Descriptor 

func (*SAMLIdPServiceProviderSpecV1) Descriptor() ([]byte, []int)

func (*SAMLIdPServiceProviderSpecV1) Marshal 

func (m *SAMLIdPServiceProviderSpecV1) Marshal() (dAtA []byte, err error)

func (*SAMLIdPServiceProviderSpecV1) MarshalTo 

func (m *SAMLIdPServiceProviderSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*SAMLIdPServiceProviderSpecV1) MarshalToSizedBuffer 

func (m *SAMLIdPServiceProviderSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLIdPServiceProviderSpecV1) ProtoMessage 

func (*SAMLIdPServiceProviderSpecV1) ProtoMessage()

func (*SAMLIdPServiceProviderSpecV1) Reset 

func (m *SAMLIdPServiceProviderSpecV1) Reset()

func (*SAMLIdPServiceProviderSpecV1) Size 

func (m *SAMLIdPServiceProviderSpecV1) Size() (n int)

func (*SAMLIdPServiceProviderSpecV1) String 

func (m *SAMLIdPServiceProviderSpecV1) String() string

func (*SAMLIdPServiceProviderSpecV1) Unmarshal 

func (m *SAMLIdPServiceProviderSpecV1) Unmarshal(dAtA []byte) error

func (*SAMLIdPServiceProviderSpecV1) XXX_DiscardUnknown 

func (m *SAMLIdPServiceProviderSpecV1) XXX_DiscardUnknown()

func (*SAMLIdPServiceProviderSpecV1) XXX_Marshal 

func (m *SAMLIdPServiceProviderSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLIdPServiceProviderSpecV1) XXX_Merge 

func (m *SAMLIdPServiceProviderSpecV1) XXX_Merge(src proto.Message)

func (*SAMLIdPServiceProviderSpecV1) XXX_Size 

func (m *SAMLIdPServiceProviderSpecV1) XXX_Size() int

func (*SAMLIdPServiceProviderSpecV1) XXX_Unmarshal 

func (m *SAMLIdPServiceProviderSpecV1) XXX_Unmarshal(b []byte) error

type SAMLIdPServiceProviderV1 

type SAMLIdPServiceProviderV1 struct {
	// Header is the resource header for the SAML IdP service provider.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the SAML IdP service provider spec.
	Spec                 SAMLIdPServiceProviderSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                     `json:"-"`
	XXX_unrecognized     []byte                       `json:"-"`
	XXX_sizecache        int32                        `json:"-"`
}

SAMLIdPServiceProviderV1 is the representation of a SAML IdP service provider.

func (*SAMLIdPServiceProviderV1) CheckAndSetDefaults 

func (s *SAMLIdPServiceProviderV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*SAMLIdPServiceProviderV1) CloneResource 

func (s *SAMLIdPServiceProviderV1) CloneResource() ResourceWithLabels

func (*SAMLIdPServiceProviderV1) Copy 

func (s *SAMLIdPServiceProviderV1) Copy() SAMLIdPServiceProvider

func (*SAMLIdPServiceProviderV1) Descriptor 

func (*SAMLIdPServiceProviderV1) Descriptor() ([]byte, []int)

func (*SAMLIdPServiceProviderV1) GetACSURL 

func (s *SAMLIdPServiceProviderV1) GetACSURL() string

GetACSURL returns the ACS URL.

func (*SAMLIdPServiceProviderV1) GetAttributeMapping 

func (s *SAMLIdPServiceProviderV1) GetAttributeMapping() []*SAMLAttributeMapping

GetAttributeMapping returns the Attribute Mapping.

func (*SAMLIdPServiceProviderV1) GetEntityDescriptor 

func (s *SAMLIdPServiceProviderV1) GetEntityDescriptor() string

GetEntityDescriptor returns the entity descriptor.

func (*SAMLIdPServiceProviderV1) GetEntityID 

func (s *SAMLIdPServiceProviderV1) GetEntityID() string

GetEntityID returns the entity ID.

func (*SAMLIdPServiceProviderV1) GetLaunchURLs 

func (s *SAMLIdPServiceProviderV1) GetLaunchURLs() []string

GetLaunchURLs returns Launch URLs.

func (*SAMLIdPServiceProviderV1) GetPreset 

func (s *SAMLIdPServiceProviderV1) GetPreset() string

GetPreset returns the Preset.

func (*SAMLIdPServiceProviderV1) GetRelayState 

func (s *SAMLIdPServiceProviderV1) GetRelayState() string

GetRelayState returns Relay State.

func (*SAMLIdPServiceProviderV1) Marshal 

func (m *SAMLIdPServiceProviderV1) Marshal() (dAtA []byte, err error)

func (*SAMLIdPServiceProviderV1) MarshalTo 

func (m *SAMLIdPServiceProviderV1) MarshalTo(dAtA []byte) (int, error)

func (*SAMLIdPServiceProviderV1) MarshalToSizedBuffer 

func (m *SAMLIdPServiceProviderV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLIdPServiceProviderV1) MatchSearch 

func (s *SAMLIdPServiceProviderV1) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*SAMLIdPServiceProviderV1) ProtoMessage 

func (*SAMLIdPServiceProviderV1) ProtoMessage()

func (*SAMLIdPServiceProviderV1) Reset 

func (m *SAMLIdPServiceProviderV1) Reset()

func (*SAMLIdPServiceProviderV1) SetACSURL 

func (s *SAMLIdPServiceProviderV1) SetACSURL(acsURL string)

SetACSURL sets the ACS URL.

func (*SAMLIdPServiceProviderV1) SetAttributeMapping 

func (s *SAMLIdPServiceProviderV1) SetAttributeMapping(attrMaps []*SAMLAttributeMapping)

SetAttributeMapping sets Attribute Mapping.

func (*SAMLIdPServiceProviderV1) SetEntityDescriptor 

func (s *SAMLIdPServiceProviderV1) SetEntityDescriptor(entityDescriptor string)

SetEntityDescriptor sets the entity descriptor.

func (*SAMLIdPServiceProviderV1) SetEntityID 

func (s *SAMLIdPServiceProviderV1) SetEntityID(entityID string)

SetEntityID sets the entity ID.

func (*SAMLIdPServiceProviderV1) SetLaunchURLs 

func (s *SAMLIdPServiceProviderV1) SetLaunchURLs(launchURLs []string)

SetLaunchURLs sets Launch URLs.

func (*SAMLIdPServiceProviderV1) SetRelayState 

func (s *SAMLIdPServiceProviderV1) SetRelayState(relayState string)

SetRelayState sets Relay State.

func (*SAMLIdPServiceProviderV1) Size 

func (m *SAMLIdPServiceProviderV1) Size() (n int)

func (*SAMLIdPServiceProviderV1) String 

func (s *SAMLIdPServiceProviderV1) String() string

String returns the SAML IdP service provider string representation.

func (*SAMLIdPServiceProviderV1) Unmarshal 

func (m *SAMLIdPServiceProviderV1) Unmarshal(dAtA []byte) error

func (*SAMLIdPServiceProviderV1) XXX_DiscardUnknown 

func (m *SAMLIdPServiceProviderV1) XXX_DiscardUnknown()

func (*SAMLIdPServiceProviderV1) XXX_Marshal 

func (m *SAMLIdPServiceProviderV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLIdPServiceProviderV1) XXX_Merge 

func (m *SAMLIdPServiceProviderV1) XXX_Merge(src proto.Message)

func (*SAMLIdPServiceProviderV1) XXX_Size 

func (m *SAMLIdPServiceProviderV1) XXX_Size() int

func (*SAMLIdPServiceProviderV1) XXX_Unmarshal 

func (m *SAMLIdPServiceProviderV1) XXX_Unmarshal(b []byte) error

type SAMLIdPServiceProviders 

type SAMLIdPServiceProviders []SAMLIdPServiceProvider

SAMLIdPServiceProviders is a list of SAML IdP service provider resources.

func (SAMLIdPServiceProviders) AsResources 

func (s SAMLIdPServiceProviders) AsResources() ResourcesWithLabels

AsResources returns these service providers as resources with labels.

func (SAMLIdPServiceProviders) Len 

func (s SAMLIdPServiceProviders) Len() int

Len returns the slice length.

func (SAMLIdPServiceProviders) Less 

func (s SAMLIdPServiceProviders) Less(i, j int) bool

Less compares service providers by name.

func (SAMLIdPServiceProviders) SortByCustom 

func (s SAMLIdPServiceProviders) SortByCustom(sortBy SortBy) error

SortByCustom sorts SAMLIdPServiceProviders as per the sortBy value. Only ResourceMetadataName field is supported.

func (SAMLIdPServiceProviders) Swap 

func (s SAMLIdPServiceProviders) Swap(i, j int)

Swap swaps two service providers.

type SAMLNameID 

type SAMLNameID struct {
	// NameQualifier is the domain that qualifies the identifier.
	NameQualifier string `protobuf:"bytes,1,opt,name=NameQualifier,proto3" json:"name_qualifier"`
	// SPNameQualifier qualifies the identifier with the name of the service provider.
	SPNameQualifier string `protobuf:"bytes,2,opt,name=SPNameQualifier,proto3" json:"sp_name_qualifier"`
	// Format is the format of the identifier.
	Format string `protobuf:"bytes,3,opt,name=Format,proto3" json:"format"`
	// SPProvidedID is an identifier established by the service provider.
	SPProvidedID string `protobuf:"bytes,4,opt,name=SPProvidedID,proto3" json:"sp_provider_id"`
	// Value is the value of the name ID.
	Value                string   `protobuf:"bytes,5,opt,name=Value,proto3" json:"value"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SAMLNameID is a more restrictive identifier for an object in SAML. Defined in http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.

func (*SAMLNameID) Descriptor 

func (*SAMLNameID) Descriptor() ([]byte, []int)

func (*SAMLNameID) Marshal 

func (m *SAMLNameID) Marshal() (dAtA []byte, err error)

func (*SAMLNameID) MarshalTo 

func (m *SAMLNameID) MarshalTo(dAtA []byte) (int, error)

func (*SAMLNameID) MarshalToSizedBuffer 

func (m *SAMLNameID) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLNameID) ProtoMessage 

func (*SAMLNameID) ProtoMessage()

func (*SAMLNameID) Reset 

func (m *SAMLNameID) Reset()

func (*SAMLNameID) Size 

func (m *SAMLNameID) Size() (n int)

func (*SAMLNameID) String 

func (m *SAMLNameID) String() string

func (*SAMLNameID) Unmarshal 

func (m *SAMLNameID) Unmarshal(dAtA []byte) error

func (*SAMLNameID) XXX_DiscardUnknown 

func (m *SAMLNameID) XXX_DiscardUnknown()

func (*SAMLNameID) XXX_Marshal 

func (m *SAMLNameID) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLNameID) XXX_Merge 

func (m *SAMLNameID) XXX_Merge(src proto.Message)

func (*SAMLNameID) XXX_Size 

func (m *SAMLNameID) XXX_Size() int

func (*SAMLNameID) XXX_Unmarshal 

func (m *SAMLNameID) XXX_Unmarshal(b []byte) error

type SAMLSessionData 

type SAMLSessionData struct {
	// ID is the identifier for the SAML session.
	ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id"`
	// CreateTime is the time that the session was created.
	CreateTime time.Time `protobuf:"bytes,2,opt,name=CreateTime,proto3,stdtime" json:"create_time"`
	// ExpireTime is the time that the session will expire.
	ExpireTime time.Time `protobuf:"bytes,3,opt,name=ExpireTime,proto3,stdtime" json:"expire_time"`
	// Index is the session index that allows the IdP to uniquely identify a session.
	Index string `protobuf:"bytes,4,opt,name=Index,proto3" json:"index"`
	// NameID an identifier for the session.
	NameID string `protobuf:"bytes,5,opt,name=NameID,proto3" json:"name_id"`
	// NameIDFormat is the format of the Name ID.
	NameIDFormat string `protobuf:"bytes,6,opt,name=NameIDFormat,proto3" json:"name_id_format"`
	// SubjectID is the identifier for the subject of the session.
	SubjectID string `protobuf:"bytes,7,opt,name=SubjectID,proto3" json:"subject_id"`
	// Groups is a list of groups that the user has access to.
	Groups []string `protobuf:"bytes,8,rep,name=Groups,proto3" json:"groups"`
	// UserName is the user's name.
	UserName string `protobuf:"bytes,9,opt,name=UserName,proto3" json:"user_name"`
	// UserEmail is the user's e-mail.
	UserEmail string `protobuf:"bytes,10,opt,name=UserEmail,proto3" json:"user_email"`
	// UserCommonName is the user's common name.
	UserCommonName string `protobuf:"bytes,11,opt,name=UserCommonName,proto3" json:"user_common_name"`
	// UserSurname is the user's surname.
	UserSurname string `protobuf:"bytes,12,opt,name=UserSurname,proto3" json:"user_surname"`
	// UserGivenName is the user's given name.
	UserGivenName string `protobuf:"bytes,13,opt,name=UserGivenName,proto3" json:"user_given_name"`
	// UserScopedAffiliation is the user's scoped affiliation.
	UserScopedAffiliation string `protobuf:"bytes,14,opt,name=UserScopedAffiliation,proto3" json:"user_scoped_affiliation"`
	// CustomAttributes are any custom attributes associated with the request.
	CustomAttributes     []*SAMLAttribute `protobuf:"bytes,15,rep,name=CustomAttributes,proto3" json:"custom_attributes"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

SAMLSessionData contains data for a SAML session. Based on crewjam/saml's session object: https://github.com/crewjam/saml/blob/main/identity_provider.go

func (*SAMLSessionData) Descriptor 

func (*SAMLSessionData) Descriptor() ([]byte, []int)

func (*SAMLSessionData) Marshal 

func (m *SAMLSessionData) Marshal() (dAtA []byte, err error)

func (*SAMLSessionData) MarshalTo 

func (m *SAMLSessionData) MarshalTo(dAtA []byte) (int, error)

func (*SAMLSessionData) MarshalToSizedBuffer 

func (m *SAMLSessionData) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SAMLSessionData) ProtoMessage 

func (*SAMLSessionData) ProtoMessage()

func (*SAMLSessionData) Reset 

func (m *SAMLSessionData) Reset()

func (*SAMLSessionData) Size 

func (m *SAMLSessionData) Size() (n int)

func (*SAMLSessionData) String 

func (m *SAMLSessionData) String() string

func (*SAMLSessionData) Unmarshal 

func (m *SAMLSessionData) Unmarshal(dAtA []byte) error

func (*SAMLSessionData) XXX_DiscardUnknown 

func (m *SAMLSessionData) XXX_DiscardUnknown()

func (*SAMLSessionData) XXX_Marshal 

func (m *SAMLSessionData) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SAMLSessionData) XXX_Merge 

func (m *SAMLSessionData) XXX_Merge(src proto.Message)

func (*SAMLSessionData) XXX_Size 

func (m *SAMLSessionData) XXX_Size() int

func (*SAMLSessionData) XXX_Unmarshal 

func (m *SAMLSessionData) XXX_Unmarshal(b []byte) error

type SMTPSpec 

type SMTPSpec struct {
	// Host specifies the SMTP service host name.
	Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
	// Port specifies the SMTP service port number.
	Port int32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
	// StartTLSPolicy specifies the SMTP start TLS policy used to send emails over
	// SMTP.
	StartTlsPolicy       string   `protobuf:"bytes,3,opt,name=start_tls_policy,json=startTlsPolicy,proto3" json:"start_tls_policy,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SMTPSpec holds a generic SMTP service specific settings.

func (*SMTPSpec) CheckAndSetDefaults 

func (c *SMTPSpec) CheckAndSetDefaults() error

func (*SMTPSpec) Descriptor 

func (*SMTPSpec) Descriptor() ([]byte, []int)

func (*SMTPSpec) Equal 

func (this *SMTPSpec) Equal(that interface{}) bool

func (*SMTPSpec) Marshal 

func (m *SMTPSpec) Marshal() (dAtA []byte, err error)

func (*SMTPSpec) MarshalTo 

func (m *SMTPSpec) MarshalTo(dAtA []byte) (int, error)

func (*SMTPSpec) MarshalToSizedBuffer 

func (m *SMTPSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SMTPSpec) ProtoMessage 

func (*SMTPSpec) ProtoMessage()

func (*SMTPSpec) Reset 

func (m *SMTPSpec) Reset()

func (*SMTPSpec) Size 

func (m *SMTPSpec) Size() (n int)

func (*SMTPSpec) String 

func (m *SMTPSpec) String() string

func (*SMTPSpec) Unmarshal 

func (m *SMTPSpec) Unmarshal(dAtA []byte) error

func (*SMTPSpec) XXX_DiscardUnknown 

func (m *SMTPSpec) XXX_DiscardUnknown()

func (*SMTPSpec) XXX_Marshal 

func (m *SMTPSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SMTPSpec) XXX_Merge 

func (m *SMTPSpec) XXX_Merge(src proto.Message)

func (*SMTPSpec) XXX_Size 

func (m *SMTPSpec) XXX_Size() int

func (*SMTPSpec) XXX_Unmarshal 

func (m *SMTPSpec) XXX_Unmarshal(b []byte) error

type SPIFFERoleCondition 

type SPIFFERoleCondition struct {
	// Path specifies a matcher for the SPIFFE ID path. It should not include the
	// trust domain and should start with a leading slash.
	//
	// The matcher by default allows '*' to be used to indicate zero or more of
	// any character. Prepend '^' and append '$' to instead switch to matching
	// using the Go regex syntax.
	//
	// Example:
	// - /svc/foo/*/bar would match /svc/foo/baz/bar
	// - ^\/svc\/foo\/.*\/bar$ would match /svc/foo/baz/bar
	Path string `protobuf:"bytes,1,opt,name=Path,proto3" json:"path,omitempty"`
	// DNSSANs specifies matchers for the SPIFFE ID DNS SANs.
	//
	// Each requested DNS SAN is compared against all matchers configured and if
	// any match, the condition is considered to be met.
	//
	// The matcher by default allows '*' to be used to indicate zero or more of
	// any character. Prepend '^' and append '$' to instead switch to matching
	// using the Go regex syntax.
	//
	// Example: *.example.com would match foo.example.com
	DNSSANs []string `protobuf:"bytes,2,rep,name=DNSSANs,proto3" json:"dns_sans,omitempty"`
	// IPSANs specifies matchers for the SPIFFE ID IP SANs.
	//
	// Each requested IP SAN is compared against all matchers configured and if
	// any match, the condition is considered to be met.
	//
	// The matchers should be specified using CIDR notation, it supports IPv4 and
	// IPv6.
	//
	// Examples:
	// - 10.0.0.0/24 would match 10.0.0.0 to 10.255.255.255
	// - 10.0.0.42/32 would match only 10.0.0.42
	IPSANs               []string `protobuf:"bytes,3,rep,name=IPSANs,proto3" json:"ip_sans,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SPIFFERoleCondition sets out which SPIFFE identities this role is allowed or denied to generate. The Path matcher is required, and is evaluated first. If, the Path does not match then the other matcher fields are not evaluated.

func (*SPIFFERoleCondition) CheckAndSetDefaults 

func (c *SPIFFERoleCondition) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all fields and sets defaults

func (*SPIFFERoleCondition) Descriptor 

func (*SPIFFERoleCondition) Descriptor() ([]byte, []int)

func (*SPIFFERoleCondition) Marshal 

func (m *SPIFFERoleCondition) Marshal() (dAtA []byte, err error)

func (*SPIFFERoleCondition) MarshalTo 

func (m *SPIFFERoleCondition) MarshalTo(dAtA []byte) (int, error)

func (*SPIFFERoleCondition) MarshalToSizedBuffer 

func (m *SPIFFERoleCondition) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SPIFFERoleCondition) ProtoMessage 

func (*SPIFFERoleCondition) ProtoMessage()

func (*SPIFFERoleCondition) Reset 

func (m *SPIFFERoleCondition) Reset()

func (*SPIFFERoleCondition) Size 

func (m *SPIFFERoleCondition) Size() (n int)

func (*SPIFFERoleCondition) String 

func (m *SPIFFERoleCondition) String() string

func (*SPIFFERoleCondition) Unmarshal 

func (m *SPIFFERoleCondition) Unmarshal(dAtA []byte) error

func (*SPIFFERoleCondition) XXX_DiscardUnknown 

func (m *SPIFFERoleCondition) XXX_DiscardUnknown()

func (*SPIFFERoleCondition) XXX_Marshal 

func (m *SPIFFERoleCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SPIFFERoleCondition) XXX_Merge 

func (m *SPIFFERoleCondition) XXX_Merge(src proto.Message)

func (*SPIFFERoleCondition) XXX_Size 

func (m *SPIFFERoleCondition) XXX_Size() int

func (*SPIFFERoleCondition) XXX_Unmarshal 

func (m *SPIFFERoleCondition) XXX_Unmarshal(b []byte) error

type SSHKeyPair 

type SSHKeyPair struct {
	// PublicKey is the SSH public key.
	PublicKey []byte `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"public_key,omitempty"`
	// PrivateKey is the SSH private key.
	PrivateKey []byte `protobuf:"bytes,2,opt,name=PrivateKey,proto3" json:"private_key,omitempty"`
	// PrivateKeyType is the type of the PrivateKey.
	PrivateKeyType       PrivateKeyType `protobuf:"varint,3,opt,name=PrivateKeyType,proto3,enum=types.PrivateKeyType" json:"private_key_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

SSHKeyPair is an SSH CA key pair.

func (*SSHKeyPair) CheckAndSetDefaults 

func (k *SSHKeyPair) CheckAndSetDefaults() error

CheckAndSetDefaults validates SSHKeyPair and sets defaults on any empty fields as needed.

func (*SSHKeyPair) Clone 

func (k *SSHKeyPair) Clone() *SSHKeyPair

Clone returns a deep copy of SSHKeyPair that can be mutated without modifying the original.

func (*SSHKeyPair) Descriptor 

func (*SSHKeyPair) Descriptor() ([]byte, []int)

func (*SSHKeyPair) Marshal 

func (m *SSHKeyPair) Marshal() (dAtA []byte, err error)

func (*SSHKeyPair) MarshalTo 

func (m *SSHKeyPair) MarshalTo(dAtA []byte) (int, error)

func (*SSHKeyPair) MarshalToSizedBuffer 

func (m *SSHKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SSHKeyPair) ProtoMessage 

func (*SSHKeyPair) ProtoMessage()

func (*SSHKeyPair) Reset 

func (m *SSHKeyPair) Reset()

func (*SSHKeyPair) Size 

func (m *SSHKeyPair) Size() (n int)

func (*SSHKeyPair) String 

func (m *SSHKeyPair) String() string

func (*SSHKeyPair) Unmarshal 

func (m *SSHKeyPair) Unmarshal(dAtA []byte) error

func (*SSHKeyPair) XXX_DiscardUnknown 

func (m *SSHKeyPair) XXX_DiscardUnknown()

func (*SSHKeyPair) XXX_Marshal 

func (m *SSHKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SSHKeyPair) XXX_Merge 

func (m *SSHKeyPair) XXX_Merge(src proto.Message)

func (*SSHKeyPair) XXX_Size 

func (m *SSHKeyPair) XXX_Size() int

func (*SSHKeyPair) XXX_Unmarshal 

func (m *SSHKeyPair) XXX_Unmarshal(b []byte) error

type SSHLocalPortForwarding 

type SSHLocalPortForwarding struct {
	Enabled              *BoolOption `protobuf:"bytes,1,opt,name=Enabled,proto3,customtype=BoolOption" json:"enabled,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

SSHLocalPortForwarding configures access controls for local SSH port forwarding.

func (*SSHLocalPortForwarding) Descriptor 

func (*SSHLocalPortForwarding) Descriptor() ([]byte, []int)

func (*SSHLocalPortForwarding) Marshal 

func (m *SSHLocalPortForwarding) Marshal() (dAtA []byte, err error)

func (*SSHLocalPortForwarding) MarshalTo 

func (m *SSHLocalPortForwarding) MarshalTo(dAtA []byte) (int, error)

func (*SSHLocalPortForwarding) MarshalToSizedBuffer 

func (m *SSHLocalPortForwarding) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SSHLocalPortForwarding) ProtoMessage 

func (*SSHLocalPortForwarding) ProtoMessage()

func (*SSHLocalPortForwarding) Reset 

func (m *SSHLocalPortForwarding) Reset()

func (*SSHLocalPortForwarding) Size 

func (m *SSHLocalPortForwarding) Size() (n int)

func (*SSHLocalPortForwarding) String 

func (m *SSHLocalPortForwarding) String() string

func (*SSHLocalPortForwarding) Unmarshal 

func (m *SSHLocalPortForwarding) Unmarshal(dAtA []byte) error

func (*SSHLocalPortForwarding) XXX_DiscardUnknown 

func (m *SSHLocalPortForwarding) XXX_DiscardUnknown()

func (*SSHLocalPortForwarding) XXX_Marshal 

func (m *SSHLocalPortForwarding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SSHLocalPortForwarding) XXX_Merge 

func (m *SSHLocalPortForwarding) XXX_Merge(src proto.Message)

func (*SSHLocalPortForwarding) XXX_Size 

func (m *SSHLocalPortForwarding) XXX_Size() int

func (*SSHLocalPortForwarding) XXX_Unmarshal 

func (m *SSHLocalPortForwarding) XXX_Unmarshal(b []byte) error

type SSHPortForwarding 

type SSHPortForwarding struct {
	// Allow local port forwarding.
	Local *SSHLocalPortForwarding `protobuf:"bytes,1,opt,name=Local,proto3" json:"local,omitempty"`
	// Allow remote port forwarding.
	Remote               *SSHRemotePortForwarding `protobuf:"bytes,2,opt,name=Remote,proto3" json:"remote,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
	XXX_unrecognized     []byte                   `json:"-"`
	XXX_sizecache        int32                    `json:"-"`
}

SSHPortForwarding configures what types of SSH port forwarding are allowed by a role.

func (*SSHPortForwarding) Descriptor 

func (*SSHPortForwarding) Descriptor() ([]byte, []int)

func (*SSHPortForwarding) Marshal 

func (m *SSHPortForwarding) Marshal() (dAtA []byte, err error)

func (*SSHPortForwarding) MarshalTo 

func (m *SSHPortForwarding) MarshalTo(dAtA []byte) (int, error)

func (*SSHPortForwarding) MarshalToSizedBuffer 

func (m *SSHPortForwarding) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SSHPortForwarding) ProtoMessage 

func (*SSHPortForwarding) ProtoMessage()

func (*SSHPortForwarding) Reset 

func (m *SSHPortForwarding) Reset()

func (*SSHPortForwarding) Size 

func (m *SSHPortForwarding) Size() (n int)

func (*SSHPortForwarding) String 

func (m *SSHPortForwarding) String() string

func (*SSHPortForwarding) Unmarshal 

func (m *SSHPortForwarding) Unmarshal(dAtA []byte) error

func (*SSHPortForwarding) XXX_DiscardUnknown 

func (m *SSHPortForwarding) XXX_DiscardUnknown()

func (*SSHPortForwarding) XXX_Marshal 

func (m *SSHPortForwarding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SSHPortForwarding) XXX_Merge 

func (m *SSHPortForwarding) XXX_Merge(src proto.Message)

func (*SSHPortForwarding) XXX_Size 

func (m *SSHPortForwarding) XXX_Size() int

func (*SSHPortForwarding) XXX_Unmarshal 

func (m *SSHPortForwarding) XXX_Unmarshal(b []byte) error

type SSHRemotePortForwarding 

type SSHRemotePortForwarding struct {
	Enabled              *BoolOption `protobuf:"bytes,1,opt,name=Enabled,proto3,customtype=BoolOption" json:"enabled,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

SSHRemotePortForwarding configures access controls for remote SSH port forwarding.

func (*SSHRemotePortForwarding) Descriptor 

func (*SSHRemotePortForwarding) Descriptor() ([]byte, []int)

func (*SSHRemotePortForwarding) Marshal 

func (m *SSHRemotePortForwarding) Marshal() (dAtA []byte, err error)

func (*SSHRemotePortForwarding) MarshalTo 

func (m *SSHRemotePortForwarding) MarshalTo(dAtA []byte) (int, error)

func (*SSHRemotePortForwarding) MarshalToSizedBuffer 

func (m *SSHRemotePortForwarding) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SSHRemotePortForwarding) ProtoMessage 

func (*SSHRemotePortForwarding) ProtoMessage()

func (*SSHRemotePortForwarding) Reset 

func (m *SSHRemotePortForwarding) Reset()

func (*SSHRemotePortForwarding) Size 

func (m *SSHRemotePortForwarding) Size() (n int)

func (*SSHRemotePortForwarding) String 

func (m *SSHRemotePortForwarding) String() string

func (*SSHRemotePortForwarding) Unmarshal 

func (m *SSHRemotePortForwarding) Unmarshal(dAtA []byte) error

func (*SSHRemotePortForwarding) XXX_DiscardUnknown 

func (m *SSHRemotePortForwarding) XXX_DiscardUnknown()

func (*SSHRemotePortForwarding) XXX_Marshal 

func (m *SSHRemotePortForwarding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SSHRemotePortForwarding) XXX_Merge 

func (m *SSHRemotePortForwarding) XXX_Merge(src proto.Message)

func (*SSHRemotePortForwarding) XXX_Size 

func (m *SSHRemotePortForwarding) XXX_Size() int

func (*SSHRemotePortForwarding) XXX_Unmarshal 

func (m *SSHRemotePortForwarding) XXX_Unmarshal(b []byte) error

type SSOClientRedirectSettings 

type SSOClientRedirectSettings struct {
	// a list of hostnames allowed for https client redirect URLs
	AllowedHttpsHostnames []string `` /* 126-byte string literal not displayed */
	// a list of CIDRs allowed for HTTP or HTTPS client redirect URLs
	InsecureAllowedCidrRanges []string `` /* 140-byte string literal not displayed */
	XXX_NoUnkeyedLiteral      struct{} `json:"-"`
	XXX_unrecognized          []byte   `json:"-"`
	XXX_sizecache             int32    `json:"-"`
}

SSOClientRedirectSettings contains settings to define which additional client redirect URLs should be allowed for non-browser SSO logins.

func (*SSOClientRedirectSettings) Descriptor 

func (*SSOClientRedirectSettings) Descriptor() ([]byte, []int)

func (*SSOClientRedirectSettings) Marshal 

func (m *SSOClientRedirectSettings) Marshal() (dAtA []byte, err error)

func (*SSOClientRedirectSettings) MarshalTo 

func (m *SSOClientRedirectSettings) MarshalTo(dAtA []byte) (int, error)

func (*SSOClientRedirectSettings) MarshalToSizedBuffer 

func (m *SSOClientRedirectSettings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SSOClientRedirectSettings) ProtoMessage 

func (*SSOClientRedirectSettings) ProtoMessage()

func (*SSOClientRedirectSettings) Reset 

func (m *SSOClientRedirectSettings) Reset()

func (*SSOClientRedirectSettings) Size 

func (m *SSOClientRedirectSettings) Size() (n int)

func (*SSOClientRedirectSettings) String 

func (m *SSOClientRedirectSettings) String() string

func (*SSOClientRedirectSettings) Unmarshal 

func (m *SSOClientRedirectSettings) Unmarshal(dAtA []byte) error

func (*SSOClientRedirectSettings) XXX_DiscardUnknown 

func (m *SSOClientRedirectSettings) XXX_DiscardUnknown()

func (*SSOClientRedirectSettings) XXX_Marshal 

func (m *SSOClientRedirectSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SSOClientRedirectSettings) XXX_Merge 

func (m *SSOClientRedirectSettings) XXX_Merge(src proto.Message)

func (*SSOClientRedirectSettings) XXX_Size 

func (m *SSOClientRedirectSettings) XXX_Size() int

func (*SSOClientRedirectSettings) XXX_Unmarshal 

func (m *SSOClientRedirectSettings) XXX_Unmarshal(b []byte) error

type SSODiagnosticInfo 

type SSODiagnosticInfo struct {
	// TestFlow indicates the SSO flow was a test one.
	TestFlow bool `protobuf:"varint,1,opt,name=TestFlow,proto3" json:"test_flow"`
	// Error stores user-friendly error message.
	Error string `protobuf:"bytes,2,opt,name=Error,proto3" json:"error"`
	// Success if present, marks the flow as finished with success.
	Success bool `protobuf:"varint,3,opt,name=Success,proto3" json:"success"`
	// CreateUserParams represents the user creation parameters as called during SSO login flow.
	CreateUserParams *CreateUserParams `protobuf:"bytes,4,opt,name=CreateUserParams,proto3" json:"create_user_params,omitempty"`
	// SAMLAttributesToRoles represents mapping from attributes to roles, as used during SAML SSO
	// login flow.
	SAMLAttributesToRoles []AttributeMapping `protobuf:"bytes,10,rep,name=SAMLAttributesToRoles,proto3" json:"saml_attributes_to_roles,omitempty"`
	// SAMLAttributesToRolesWarnings contains warnings produced during the process of mapping the
	// SAML attributes to roles.
	SAMLAttributesToRolesWarnings *SSOWarnings `protobuf:"bytes,11,opt,name=SAMLAttributesToRolesWarnings,proto3" json:"saml_attributes_to_roles_warnings,omitempty"`
	// SAMLAttributeStatements represents SAML attribute statements.
	SAMLAttributeStatements github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 173-byte string literal not displayed */
	// SAMLAssertionInfo represents raw SAML assertion info as returned by IdP during SAML flow.
	SAMLAssertionInfo *AssertionInfo `protobuf:"bytes,13,opt,name=SAMLAssertionInfo,proto3,customtype=AssertionInfo" json:"saml_assertion_info,omitempty"`
	// SAMLTraitsFromAssertions represents traits translated from SAML assertions.
	SAMLTraitsFromAssertions github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 176-byte string literal not displayed */
	// SAMLConnectorTraitMapping represents connector-specific trait mapping.
	SAMLConnectorTraitMapping []TraitMapping `protobuf:"bytes,15,rep,name=SAMLConnectorTraitMapping,proto3" json:"saml_connector_trait_mapping,omitempty"`
	// OIDCClaimsToRoles specifies a mapping from claims (traits) to teleport roles.
	OIDCClaimsToRoles []ClaimMapping `protobuf:"bytes,20,rep,name=OIDCClaimsToRoles,proto3" json:"oidc_claims_to_roles,omitempty"`
	// OIDCClaimsToRolesWarnings contains warnings produced during the process of mapping the
	// OIDC claims to roles.
	OIDCClaimsToRolesWarnings *SSOWarnings `protobuf:"bytes,21,opt,name=OIDCClaimsToRolesWarnings,proto3" json:"oidc_claims_to_roles_warnings,omitempty"`
	// OIDCClaims represents OIDC claims.
	OIDCClaims OIDCClaims `protobuf:"bytes,22,opt,name=OIDCClaims,proto3,customtype=OIDCClaims" json:"oidc_claims,omitempty"`
	// OIDCIdentity represents mapped OIDC Identity.
	OIDCIdentity *OIDCIdentity `protobuf:"bytes,23,opt,name=OIDCIdentity,proto3,customtype=OIDCIdentity" json:"oidc_identity,omitempty"`
	// OIDCTraitsFromClaims represents traits translated from OIDC claims.
	OIDCTraitsFromClaims github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 168-byte string literal not displayed */
	// OIDCConnectorTraitMapping represents connector-specific trait mapping.
	OIDCConnectorTraitMapping []TraitMapping `protobuf:"bytes,25,rep,name=OIDCConnectorTraitMapping,proto3" json:"oidc_connector_trait_mapping,omitempty"`
	// GithubClaims represents Github user information obtained during OAuth2 flow.
	GithubClaims *GithubClaims `protobuf:"bytes,30,opt,name=GithubClaims,proto3" json:"github_claims,omitempty"`
	// GithubTeamsToLogins is TeamsToLogins mapping from Github connector used in the SSO flow.
	GithubTeamsToLogins []TeamMapping `protobuf:"bytes,31,rep,name=GithubTeamsToLogins,proto3" json:"github_teams_to_logins,omitempty"`
	// GithubTeamsToRoles is TeamRolesMapping mapping from Github connector used in the SSO flow.
	GithubTeamsToRoles []TeamRolesMapping `protobuf:"bytes,32,rep,name=GithubTeamsToRoles,proto3" json:"github_teams_to_roles,omitempty"`
	// GithubTokenInfo stores diagnostic info about Github OAuth2 token obtained during SSO flow.
	GithubTokenInfo *GithubTokenInfo `protobuf:"bytes,33,opt,name=GithubTokenInfo,proto3" json:"github_token_info,omitempty"`
	// AppliedLoginRules stores the name of each login rule that was applied.
	AppliedLoginRules    []string `protobuf:"bytes,34,rep,name=AppliedLoginRules,proto3" json:"applied_login_rules,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SSODiagnosticInfo is a single SSO diagnostic info entry.

func (*SSODiagnosticInfo) Descriptor 

func (*SSODiagnosticInfo) Descriptor() ([]byte, []int)

func (*SSODiagnosticInfo) Marshal 

func (m *SSODiagnosticInfo) Marshal() (dAtA []byte, err error)

func (*SSODiagnosticInfo) MarshalTo 

func (m *SSODiagnosticInfo) MarshalTo(dAtA []byte) (int, error)

func (*SSODiagnosticInfo) MarshalToSizedBuffer 

func (m *SSODiagnosticInfo) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SSODiagnosticInfo) ProtoMessage 

func (*SSODiagnosticInfo) ProtoMessage()

func (*SSODiagnosticInfo) Reset 

func (m *SSODiagnosticInfo) Reset()

func (*SSODiagnosticInfo) Size 

func (m *SSODiagnosticInfo) Size() (n int)

func (*SSODiagnosticInfo) String 

func (m *SSODiagnosticInfo) String() string

func (*SSODiagnosticInfo) Unmarshal 

func (m *SSODiagnosticInfo) Unmarshal(dAtA []byte) error

func (*SSODiagnosticInfo) XXX_DiscardUnknown 

func (m *SSODiagnosticInfo) XXX_DiscardUnknown()

func (*SSODiagnosticInfo) XXX_Marshal 

func (m *SSODiagnosticInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SSODiagnosticInfo) XXX_Merge 

func (m *SSODiagnosticInfo) XXX_Merge(src proto.Message)

func (*SSODiagnosticInfo) XXX_Size 

func (m *SSODiagnosticInfo) XXX_Size() int

func (*SSODiagnosticInfo) XXX_Unmarshal 

func (m *SSODiagnosticInfo) XXX_Unmarshal(b []byte) error

type SSOMFADevice 

type SSOMFADevice struct {
	// connector_id is the ID of the SSO connector.
	ConnectorId string `protobuf:"bytes,1,opt,name=connector_id,json=connectorId,proto3" json:"connector_id,omitempty"`
	// connector_type is the type of the SSO connector.
	ConnectorType string `protobuf:"bytes,2,opt,name=connector_type,json=connectorType,proto3" json:"connector_type,omitempty"`
	// display_name is the display name of the SSO connector
	DisplayName          string   `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SSOMFADevice contains details of an SSO MFA method.

func (*SSOMFADevice) Descriptor 

func (*SSOMFADevice) Descriptor() ([]byte, []int)

func (*SSOMFADevice) Marshal 

func (m *SSOMFADevice) Marshal() (dAtA []byte, err error)

func (*SSOMFADevice) MarshalTo 

func (m *SSOMFADevice) MarshalTo(dAtA []byte) (int, error)

func (*SSOMFADevice) MarshalToSizedBuffer 

func (m *SSOMFADevice) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SSOMFADevice) ProtoMessage 

func (*SSOMFADevice) ProtoMessage()

func (*SSOMFADevice) Reset 

func (m *SSOMFADevice) Reset()

func (*SSOMFADevice) Size 

func (m *SSOMFADevice) Size() (n int)

func (*SSOMFADevice) String 

func (m *SSOMFADevice) String() string

func (*SSOMFADevice) Unmarshal 

func (m *SSOMFADevice) Unmarshal(dAtA []byte) error

func (*SSOMFADevice) XXX_DiscardUnknown 

func (m *SSOMFADevice) XXX_DiscardUnknown()

func (*SSOMFADevice) XXX_Marshal 

func (m *SSOMFADevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SSOMFADevice) XXX_Merge 

func (m *SSOMFADevice) XXX_Merge(src proto.Message)

func (*SSOMFADevice) XXX_Size 

func (m *SSOMFADevice) XXX_Size() int

func (*SSOMFADevice) XXX_Unmarshal 

func (m *SSOMFADevice) XXX_Unmarshal(b []byte) error

type SSOWarnings 

type SSOWarnings struct {
	// Message is main user-facing message to be shown.
	Message string `protobuf:"bytes,1,opt,name=Message,proto3" json:"message,omitempty"`
	// Warnings is a set of distinct warnings to be reported.
	Warnings             []string `protobuf:"bytes,2,rep,name=Warnings,proto3" json:"warnings,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SSOWarnings conveys a user-facing main message along with auxiliary warnings.

func (*SSOWarnings) Descriptor 

func (*SSOWarnings) Descriptor() ([]byte, []int)

func (*SSOWarnings) Marshal 

func (m *SSOWarnings) Marshal() (dAtA []byte, err error)

func (*SSOWarnings) MarshalTo 

func (m *SSOWarnings) MarshalTo(dAtA []byte) (int, error)

func (*SSOWarnings) MarshalToSizedBuffer 

func (m *SSOWarnings) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SSOWarnings) ProtoMessage 

func (*SSOWarnings) ProtoMessage()

func (*SSOWarnings) Reset 

func (m *SSOWarnings) Reset()

func (*SSOWarnings) Size 

func (m *SSOWarnings) Size() (n int)

func (*SSOWarnings) String 

func (m *SSOWarnings) String() string

func (*SSOWarnings) Unmarshal 

func (m *SSOWarnings) Unmarshal(dAtA []byte) error

func (*SSOWarnings) XXX_DiscardUnknown 

func (m *SSOWarnings) XXX_DiscardUnknown()

func (*SSOWarnings) XXX_Marshal 

func (m *SSOWarnings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SSOWarnings) XXX_Merge 

func (m *SSOWarnings) XXX_Merge(src proto.Message)

func (*SSOWarnings) XXX_Size 

func (m *SSOWarnings) XXX_Size() int

func (*SSOWarnings) XXX_Unmarshal 

func (m *SSOWarnings) XXX_Unmarshal(b []byte) error

type ScheduledAgentUpgradeWindow 

type ScheduledAgentUpgradeWindow struct {
	// Start is the start time of the upgrade window.
	Start time.Time `protobuf:"bytes,1,opt,name=Start,proto3,stdtime" json:"start"`
	// Stop is the stop time of the upgrade window.
	Stop                 time.Time `protobuf:"bytes,2,opt,name=Stop,proto3,stdtime" json:"stop"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

ScheduledAgentUpgradeWindow is a derived value representing a single upgrade window. Upgraders deal with discrete start/end times, so we use the agent upgrade window configuration object to generate a sequence of specific scheduled windows.

func (*ScheduledAgentUpgradeWindow) Descriptor 

func (*ScheduledAgentUpgradeWindow) Descriptor() ([]byte, []int)

func (*ScheduledAgentUpgradeWindow) Marshal 

func (m *ScheduledAgentUpgradeWindow) Marshal() (dAtA []byte, err error)

func (*ScheduledAgentUpgradeWindow) MarshalTo 

func (m *ScheduledAgentUpgradeWindow) MarshalTo(dAtA []byte) (int, error)

func (*ScheduledAgentUpgradeWindow) MarshalToSizedBuffer 

func (m *ScheduledAgentUpgradeWindow) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ScheduledAgentUpgradeWindow) ProtoMessage 

func (*ScheduledAgentUpgradeWindow) ProtoMessage()

func (*ScheduledAgentUpgradeWindow) Reset 

func (m *ScheduledAgentUpgradeWindow) Reset()

func (*ScheduledAgentUpgradeWindow) Size 

func (m *ScheduledAgentUpgradeWindow) Size() (n int)

func (*ScheduledAgentUpgradeWindow) String 

func (m *ScheduledAgentUpgradeWindow) String() string

func (*ScheduledAgentUpgradeWindow) Unmarshal 

func (m *ScheduledAgentUpgradeWindow) Unmarshal(dAtA []byte) error

func (*ScheduledAgentUpgradeWindow) XXX_DiscardUnknown 

func (m *ScheduledAgentUpgradeWindow) XXX_DiscardUnknown()

func (*ScheduledAgentUpgradeWindow) XXX_Marshal 

func (m *ScheduledAgentUpgradeWindow) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ScheduledAgentUpgradeWindow) XXX_Merge 

func (m *ScheduledAgentUpgradeWindow) XXX_Merge(src proto.Message)

func (*ScheduledAgentUpgradeWindow) XXX_Size 

func (m *ScheduledAgentUpgradeWindow) XXX_Size() int

func (*ScheduledAgentUpgradeWindow) XXX_Unmarshal 

func (m *ScheduledAgentUpgradeWindow) XXX_Unmarshal(b []byte) error

type SecondFactorType 

type SecondFactorType int32

SecondFactorType is a type of second factor. 

const (
	SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED SecondFactorType = 0
	// SECOND_FACTOR_TYPE_OTP is OTP second factor.
	SecondFactorType_SECOND_FACTOR_TYPE_OTP SecondFactorType = 1
	// SECOND_FACTOR_TYPE_WEBAUTHN is WebAuthn second factor.
	SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN SecondFactorType = 2
	// SECOND_FACTOR_TYPE_SSO is SSO second factor.
	SecondFactorType_SECOND_FACTOR_TYPE_SSO SecondFactorType = 3
)

func (*SecondFactorType) Encode 

func (s *SecondFactorType) Encode() (string, error)

Encode encodes the SecondFactorType in string form.

func (SecondFactorType) EnumDescriptor 

func (SecondFactorType) EnumDescriptor() ([]byte, []int)

func (*SecondFactorType) MarshalJSON 

func (s *SecondFactorType) MarshalJSON() ([]byte, error)

MarshalJSON marshals SecondFactorType to string.

func (*SecondFactorType) MarshalYAML 

func (s *SecondFactorType) MarshalYAML() (interface{}, error)

MarshalJSON marshals SecondFactorType to string.

func (SecondFactorType) String 

func (x SecondFactorType) String() string

func (*SecondFactorType) UnmarshalJSON 

func (s *SecondFactorType) UnmarshalJSON(data []byte) error

UnmarshalJSON supports parsing SecondFactorType from string.

func (*SecondFactorType) UnmarshalYAML 

func (s *SecondFactorType) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML supports parsing SecondFactorType from string.

type SecretStore 

type SecretStore struct {
	// KeyPrefix specifies the secret key prefix.
	KeyPrefix string `protobuf:"bytes,1,opt,name=KeyPrefix,proto3" json:"key_prefix,omitempty"`
	// KMSKeyID specifies the AWS KMS key for encryption.
	KMSKeyID             string   `protobuf:"bytes,2,opt,name=KMSKeyID,proto3" json:"kms_key_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SecretStore contains secret store configurations.

func (*SecretStore) Descriptor 

func (*SecretStore) Descriptor() ([]byte, []int)

func (*SecretStore) Marshal 

func (m *SecretStore) Marshal() (dAtA []byte, err error)

func (*SecretStore) MarshalTo 

func (m *SecretStore) MarshalTo(dAtA []byte) (int, error)

func (*SecretStore) MarshalToSizedBuffer 

func (m *SecretStore) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SecretStore) ProtoMessage 

func (*SecretStore) ProtoMessage()

func (*SecretStore) Reset 

func (m *SecretStore) Reset()

func (*SecretStore) Size 

func (m *SecretStore) Size() (n int)

func (*SecretStore) String 

func (m *SecretStore) String() string

func (*SecretStore) Unmarshal 

func (m *SecretStore) Unmarshal(dAtA []byte) error

func (*SecretStore) XXX_DiscardUnknown 

func (m *SecretStore) XXX_DiscardUnknown()

func (*SecretStore) XXX_Marshal 

func (m *SecretStore) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecretStore) XXX_Merge 

func (m *SecretStore) XXX_Merge(src proto.Message)

func (*SecretStore) XXX_Size 

func (m *SecretStore) XXX_Size() int

func (*SecretStore) XXX_Unmarshal 

func (m *SecretStore) XXX_Unmarshal(b []byte) error

type Semaphore 

type Semaphore interface {
	// Resource contains common resource values
	Resource
	// Contains checks if lease is member of this semaphore.
	Contains(lease SemaphoreLease) bool
	// Acquire attempts to acquire a lease with this semaphore.
	Acquire(leaseID string, params AcquireSemaphoreRequest) (*SemaphoreLease, error)
	// KeepAlive attempts to update the expiry of an existent lease.
	KeepAlive(lease SemaphoreLease) error
	// Cancel attempts to cancel an existent lease.
	Cancel(lease SemaphoreLease) error
	// LeaseRefs grants access to the underlying list
	// of lease references.
	LeaseRefs() []SemaphoreLeaseRef
	// RemoveExpiredLeases removes expired leases
	RemoveExpiredLeases(now time.Time)
}

Semaphore represents distributed semaphore concept

type SemaphoreFilter 

type SemaphoreFilter struct {
	// SemaphoreKind is the kind of the semaphore.
	SemaphoreKind string `protobuf:"bytes,1,opt,name=SemaphoreKind,proto3" json:"kind"`
	// SemaphoreName is the name of the semaphore.
	SemaphoreName        string   `protobuf:"bytes,2,opt,name=SemaphoreName,proto3" json:"name"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SemaphoreFilter encodes semaphore filtering params. A semaphore filter matches a semaphore if all nonzero fields match the corresponding semaphore fields (e.g. a filter which specifies only `kind=foo` would match all semaphores of kind `foo`).

func (*SemaphoreFilter) Descriptor 

func (*SemaphoreFilter) Descriptor() ([]byte, []int)

func (*SemaphoreFilter) Marshal 

func (m *SemaphoreFilter) Marshal() (dAtA []byte, err error)

func (*SemaphoreFilter) MarshalTo 

func (m *SemaphoreFilter) MarshalTo(dAtA []byte) (int, error)

func (*SemaphoreFilter) MarshalToSizedBuffer 

func (m *SemaphoreFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SemaphoreFilter) Match 

func (f *SemaphoreFilter) Match(sem Semaphore) bool

Match checks if the supplied semaphore matches this filter.

func (*SemaphoreFilter) ProtoMessage 

func (*SemaphoreFilter) ProtoMessage()

func (*SemaphoreFilter) Reset 

func (m *SemaphoreFilter) Reset()

func (*SemaphoreFilter) Size 

func (m *SemaphoreFilter) Size() (n int)

func (*SemaphoreFilter) String 

func (m *SemaphoreFilter) String() string

func (*SemaphoreFilter) Unmarshal 

func (m *SemaphoreFilter) Unmarshal(dAtA []byte) error

func (*SemaphoreFilter) XXX_DiscardUnknown 

func (m *SemaphoreFilter) XXX_DiscardUnknown()

func (*SemaphoreFilter) XXX_Marshal 

func (m *SemaphoreFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SemaphoreFilter) XXX_Merge 

func (m *SemaphoreFilter) XXX_Merge(src proto.Message)

func (*SemaphoreFilter) XXX_Size 

func (m *SemaphoreFilter) XXX_Size() int

func (*SemaphoreFilter) XXX_Unmarshal 

func (m *SemaphoreFilter) XXX_Unmarshal(b []byte) error

type SemaphoreLease 

type SemaphoreLease struct {
	// SemaphoreKind is the kind of the semaphore.
	SemaphoreKind string `protobuf:"bytes,1,opt,name=SemaphoreKind,proto3" json:"kind"`
	// SemaphoreName is the name of the semaphore.
	SemaphoreName string `protobuf:"bytes,2,opt,name=SemaphoreName,proto3" json:"name"`
	// LeaseID uniquely identifies this lease.
	LeaseID string `protobuf:"bytes,3,opt,name=LeaseID,proto3" json:"lease_id"`
	// Expires is the time at which this lease expires.
	Expires              time.Time `protobuf:"bytes,5,opt,name=Expires,proto3,stdtime" json:"expires"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

SemaphoreLease represents lease acquired for semaphore

func (*SemaphoreLease) CheckAndSetDefaults 

func (l *SemaphoreLease) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*SemaphoreLease) Descriptor 

func (*SemaphoreLease) Descriptor() ([]byte, []int)

func (*SemaphoreLease) Marshal 

func (m *SemaphoreLease) Marshal() (dAtA []byte, err error)

func (*SemaphoreLease) MarshalTo 

func (m *SemaphoreLease) MarshalTo(dAtA []byte) (int, error)

func (*SemaphoreLease) MarshalToSizedBuffer 

func (m *SemaphoreLease) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SemaphoreLease) ProtoMessage 

func (*SemaphoreLease) ProtoMessage()

func (*SemaphoreLease) Reset 

func (m *SemaphoreLease) Reset()

func (*SemaphoreLease) Size 

func (m *SemaphoreLease) Size() (n int)

func (*SemaphoreLease) String 

func (m *SemaphoreLease) String() string

func (*SemaphoreLease) Unmarshal 

func (m *SemaphoreLease) Unmarshal(dAtA []byte) error

func (*SemaphoreLease) XXX_DiscardUnknown 

func (m *SemaphoreLease) XXX_DiscardUnknown()

func (*SemaphoreLease) XXX_Marshal 

func (m *SemaphoreLease) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SemaphoreLease) XXX_Merge 

func (m *SemaphoreLease) XXX_Merge(src proto.Message)

func (*SemaphoreLease) XXX_Size 

func (m *SemaphoreLease) XXX_Size() int

func (*SemaphoreLease) XXX_Unmarshal 

func (m *SemaphoreLease) XXX_Unmarshal(b []byte) error

type SemaphoreLeaseRef 

type SemaphoreLeaseRef struct {
	// LeaseID is the unique ID of the lease.
	LeaseID string `protobuf:"bytes,1,opt,name=LeaseID,proto3" json:"lease_id"`
	// Expires is the time at which the lease expires.
	Expires time.Time `protobuf:"bytes,2,opt,name=Expires,proto3,stdtime" json:"expires"`
	// Holder identifies the lease holder.
	Holder               string   `protobuf:"bytes,3,opt,name=Holder,proto3" json:"holder"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SemaphoreLeaseRef identifies an existent lease.

func (*SemaphoreLeaseRef) Descriptor 

func (*SemaphoreLeaseRef) Descriptor() ([]byte, []int)

func (*SemaphoreLeaseRef) Marshal 

func (m *SemaphoreLeaseRef) Marshal() (dAtA []byte, err error)

func (*SemaphoreLeaseRef) MarshalTo 

func (m *SemaphoreLeaseRef) MarshalTo(dAtA []byte) (int, error)

func (*SemaphoreLeaseRef) MarshalToSizedBuffer 

func (m *SemaphoreLeaseRef) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SemaphoreLeaseRef) ProtoMessage 

func (*SemaphoreLeaseRef) ProtoMessage()

func (*SemaphoreLeaseRef) Reset 

func (m *SemaphoreLeaseRef) Reset()

func (*SemaphoreLeaseRef) Size 

func (m *SemaphoreLeaseRef) Size() (n int)

func (*SemaphoreLeaseRef) String 

func (m *SemaphoreLeaseRef) String() string

func (*SemaphoreLeaseRef) Unmarshal 

func (m *SemaphoreLeaseRef) Unmarshal(dAtA []byte) error

func (*SemaphoreLeaseRef) XXX_DiscardUnknown 

func (m *SemaphoreLeaseRef) XXX_DiscardUnknown()

func (*SemaphoreLeaseRef) XXX_Marshal 

func (m *SemaphoreLeaseRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SemaphoreLeaseRef) XXX_Merge 

func (m *SemaphoreLeaseRef) XXX_Merge(src proto.Message)

func (*SemaphoreLeaseRef) XXX_Size 

func (m *SemaphoreLeaseRef) XXX_Size() int

func (*SemaphoreLeaseRef) XXX_Unmarshal 

func (m *SemaphoreLeaseRef) XXX_Unmarshal(b []byte) error

type SemaphoreSpecV3 

type SemaphoreSpecV3 struct {
	// Leases is a list of all currently acquired leases.
	Leases               []SemaphoreLeaseRef `protobuf:"bytes,1,rep,name=Leases,proto3" json:"leases"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

SemaphoreSpecV3 contains the data about lease

func (*SemaphoreSpecV3) Descriptor 

func (*SemaphoreSpecV3) Descriptor() ([]byte, []int)

func (*SemaphoreSpecV3) Marshal 

func (m *SemaphoreSpecV3) Marshal() (dAtA []byte, err error)

func (*SemaphoreSpecV3) MarshalTo 

func (m *SemaphoreSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*SemaphoreSpecV3) MarshalToSizedBuffer 

func (m *SemaphoreSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SemaphoreSpecV3) ProtoMessage 

func (*SemaphoreSpecV3) ProtoMessage()

func (*SemaphoreSpecV3) Reset 

func (m *SemaphoreSpecV3) Reset()

func (*SemaphoreSpecV3) Size 

func (m *SemaphoreSpecV3) Size() (n int)

func (*SemaphoreSpecV3) String 

func (m *SemaphoreSpecV3) String() string

func (*SemaphoreSpecV3) Unmarshal 

func (m *SemaphoreSpecV3) Unmarshal(dAtA []byte) error

func (*SemaphoreSpecV3) XXX_DiscardUnknown 

func (m *SemaphoreSpecV3) XXX_DiscardUnknown()

func (*SemaphoreSpecV3) XXX_Marshal 

func (m *SemaphoreSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SemaphoreSpecV3) XXX_Merge 

func (m *SemaphoreSpecV3) XXX_Merge(src proto.Message)

func (*SemaphoreSpecV3) XXX_Size 

func (m *SemaphoreSpecV3) XXX_Size() int

func (*SemaphoreSpecV3) XXX_Unmarshal 

func (m *SemaphoreSpecV3) XXX_Unmarshal(b []byte) error

type SemaphoreV3 

type SemaphoreV3 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is Semaphore metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a lease V3 spec
	Spec                 SemaphoreSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

SemaphoreV3 implements Semaphore interface

func (*SemaphoreV3) Acquire 

func (c *SemaphoreV3) Acquire(leaseID string, params AcquireSemaphoreRequest) (*SemaphoreLease, error)

Acquire attempts to acquire a lease with this semaphore.

func (*SemaphoreV3) Cancel 

func (c *SemaphoreV3) Cancel(lease SemaphoreLease) error

Cancel attempts to cancel an existent lease.

func (*SemaphoreV3) CheckAndSetDefaults 

func (c *SemaphoreV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults.

func (*SemaphoreV3) Contains 

func (c *SemaphoreV3) Contains(lease SemaphoreLease) bool

Contains checks if lease is member of this semaphore.

func (*SemaphoreV3) Descriptor 

func (*SemaphoreV3) Descriptor() ([]byte, []int)

func (*SemaphoreV3) Expiry 

func (c *SemaphoreV3) Expiry() time.Time

Expiry returns object expiry setting

func (*SemaphoreV3) GetKind 

func (c *SemaphoreV3) GetKind() string

GetKind returns resource kind

func (*SemaphoreV3) GetMetadata 

func (c *SemaphoreV3) GetMetadata() Metadata

GetMetadata returns object metadata

func (*SemaphoreV3) GetName 

func (c *SemaphoreV3) GetName() string

GetName returns the name of the cluster.

func (*SemaphoreV3) GetRevision 

func (c *SemaphoreV3) GetRevision() string

GetRevision returns the revision

func (*SemaphoreV3) GetSubKind 

func (c *SemaphoreV3) GetSubKind() string

GetSubKind returns resource subkind

func (*SemaphoreV3) GetVersion 

func (c *SemaphoreV3) GetVersion() string

GetVersion returns resource version

func (*SemaphoreV3) KeepAlive 

func (c *SemaphoreV3) KeepAlive(lease SemaphoreLease) error

KeepAlive attempts to update the expiry of an existent lease.

func (*SemaphoreV3) LeaseRefs 

func (c *SemaphoreV3) LeaseRefs() []SemaphoreLeaseRef

LeaseRefs grants access to the underlying list of lease references

func (*SemaphoreV3) Marshal 

func (m *SemaphoreV3) Marshal() (dAtA []byte, err error)

func (*SemaphoreV3) MarshalTo 

func (m *SemaphoreV3) MarshalTo(dAtA []byte) (int, error)

func (*SemaphoreV3) MarshalToSizedBuffer 

func (m *SemaphoreV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SemaphoreV3) ProtoMessage 

func (*SemaphoreV3) ProtoMessage()

func (*SemaphoreV3) RemoveExpiredLeases 

func (c *SemaphoreV3) RemoveExpiredLeases(now time.Time)

RemoveExpiredLeases removes expired leases

func (*SemaphoreV3) Reset 

func (m *SemaphoreV3) Reset()

func (*SemaphoreV3) SetExpiry 

func (c *SemaphoreV3) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*SemaphoreV3) SetName 

func (c *SemaphoreV3) SetName(e string)

SetName sets the name of the cluster.

func (*SemaphoreV3) SetRevision 

func (c *SemaphoreV3) SetRevision(rev string)

SetRevision sets the revision

func (*SemaphoreV3) SetSubKind 

func (c *SemaphoreV3) SetSubKind(sk string)

SetSubKind sets resource subkind

func (*SemaphoreV3) Size 

func (m *SemaphoreV3) Size() (n int)

func (*SemaphoreV3) String 

func (c *SemaphoreV3) String() string

String represents a human readable version of the semaphore.

func (*SemaphoreV3) Unmarshal 

func (m *SemaphoreV3) Unmarshal(dAtA []byte) error

func (*SemaphoreV3) XXX_DiscardUnknown 

func (m *SemaphoreV3) XXX_DiscardUnknown()

func (*SemaphoreV3) XXX_Marshal 

func (m *SemaphoreV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SemaphoreV3) XXX_Merge 

func (m *SemaphoreV3) XXX_Merge(src proto.Message)

func (*SemaphoreV3) XXX_Size 

func (m *SemaphoreV3) XXX_Size() int

func (*SemaphoreV3) XXX_Unmarshal 

func (m *SemaphoreV3) XXX_Unmarshal(b []byte) error

type Semaphores 

type Semaphores interface {
	// AcquireSemaphore acquires lease with requested resources from semaphore
	AcquireSemaphore(ctx context.Context, params AcquireSemaphoreRequest) (*SemaphoreLease, error)
	// KeepAliveSemaphoreLease updates semaphore lease
	KeepAliveSemaphoreLease(ctx context.Context, lease SemaphoreLease) error
	// CancelSemaphoreLease cancels semaphore lease early
	CancelSemaphoreLease(ctx context.Context, lease SemaphoreLease) error
	// GetSemaphores returns a list of semaphores matching supplied filter.
	GetSemaphores(ctx context.Context, filter SemaphoreFilter) ([]Semaphore, error)
	// DeleteSemaphore deletes a semaphore matching supplied filter.
	DeleteSemaphore(ctx context.Context, filter SemaphoreFilter) error
}

Semaphores provides ability to control how many shared resources of some kind are acquired at the same time, used to implement concurrent sessions control in a distributed environment

type Server 

type Server interface {
	// ResourceWithLabels provides common resource headers
	ResourceWithLabels
	// GetTeleportVersion returns the teleport version the server is running on
	GetTeleportVersion() string
	// GetAddr return server address
	GetAddr() string
	// GetHostname returns server hostname
	GetHostname() string
	// GetNamespace returns server namespace
	GetNamespace() string
	// GetLabels returns server's static label key pairs
	GetLabels() map[string]string
	// GetCmdLabels gets command labels
	GetCmdLabels() map[string]CommandLabel
	// SetCmdLabels sets command labels.
	SetCmdLabels(cmdLabels map[string]CommandLabel)
	// GetPublicAddr returns a public address where this server can be reached.
	GetPublicAddr() string
	// GetPublicAddrs returns a list of public addresses where this server can be reached.
	GetPublicAddrs() []string
	// GetRotation gets the state of certificate authority rotation.
	GetRotation() Rotation
	// SetRotation sets the state of certificate authority rotation.
	SetRotation(Rotation)
	// GetUseTunnel gets if a reverse tunnel should be used to connect to this node.
	GetUseTunnel() bool
	// SetUseTunnel sets if a reverse tunnel should be used to connect to this node.
	SetUseTunnel(bool)
	// String returns string representation of the server
	String() string
	// SetAddr sets server address
	SetAddr(addr string)
	// SetPublicAddrs sets the public addresses where this server can be reached.
	SetPublicAddrs([]string)
	// SetNamespace sets server namespace
	SetNamespace(namespace string)
	// GetPeerAddr returns the peer address of the server.
	GetPeerAddr() string
	// SetPeerAddr sets the peer address of the server.
	SetPeerAddr(string)
	// ProxiedService provides common methods for a proxied service.
	ProxiedService

	// DeepCopy creates a clone of this server value
	DeepCopy() Server

	// CloneResource is used to return a clone of the Server and match the CloneAny interface
	// This is helpful when interfacing with multiple types at the same time in unified resources
	CloneResource() ResourceWithLabels

	// GetCloudMetadata gets the cloud metadata for the server.
	GetCloudMetadata() *CloudMetadata
	// GetAWSInfo returns the AWSInfo for the server.
	GetAWSInfo() *AWSInfo
	// SetCloudMetadata sets the server's cloud metadata.
	SetCloudMetadata(meta *CloudMetadata)

	// IsOpenSSHNode returns whether the connection to this Server must use OpenSSH.
	// This returns true for SubKindOpenSSHNode and SubKindOpenSSHEICENode.
	IsOpenSSHNode() bool

	// IsEICE returns whether the Node is an EICE instance.
	// Must be `openssh-ec2-ice` subkind and have the AccountID and InstanceID information (AWS Metadata or Labels).
	IsEICE() bool

	// GetAWSInstanceID returns the AWS Instance ID if this node comes from an EC2 instance.
	GetAWSInstanceID() string
	// GetAWSAccountID returns the AWS Account ID if this node comes from an EC2 instance.
	GetAWSAccountID() string

	// GetGitHub returns the GitHub server spec.
	GetGitHub() *GitHubServerMetadata
}

Server represents a Node, Proxy or Auth server in a Teleport cluster

func NewEICENode 

func NewEICENode(spec ServerSpecV2, labels map[string]string) (Server, error)

NewNode is a convenience method to create an EICE Node.

func NewGitHubServer 

func NewGitHubServer(githubSpec GitHubServerMetadata) (Server, error)

NewGitHubServer creates a new Git server for GitHub.

func NewGitHubServerWithName 

func NewGitHubServerWithName(name string, githubSpec GitHubServerMetadata) (Server, error)

NewGitHubServerWithName creates a new Git server for GitHub with provided name.

func NewNode 

func NewNode(name, subKind string, spec ServerSpecV2, labels map[string]string) (Server, error)

NewNode is a convenience method to create a Server of Kind Node.

func NewServer 

func NewServer(name, kind string, spec ServerSpecV2) (Server, error)

NewServer creates an instance of Server.

func NewServerWithLabels 

func NewServerWithLabels(name, kind string, spec ServerSpecV2, labels map[string]string) (Server, error)

NewServerWithLabels is a convenience method to create ServerV2 with a specific map of labels.

type ServerInfo 

type ServerInfo interface {
	// ResourceWithLabels provides common resource headers
	ResourceWithLabels
	// GetNewLabels gets the labels to apply to matched Nodes.
	GetNewLabels() map[string]string
	// SetNewLabels sets the labels to apply to matched Nodes.
	SetNewLabels(map[string]string)
}

ServerInfo represents info that should be applied to joining Nodes.

func NewServerInfo 

func NewServerInfo(meta Metadata, spec ServerInfoSpecV1) (ServerInfo, error)

NewServerInfo creates an instance of ServerInfo.

func ServerInfoForServer 

func ServerInfoForServer(server Server) (ServerInfo, error)

ServerInfoForServer returns a ServerInfo from a Server

type ServerInfoSpecV1 

type ServerInfoSpecV1 struct {
	// NewLabels is the set of labels to add to nodes matching this ServerInfo.
	NewLabels            map[string]string `` /* 160-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

ServerInfoSpecV1 contains fields used to match Nodes to this ServerInfo.

func (*ServerInfoSpecV1) Descriptor 

func (*ServerInfoSpecV1) Descriptor() ([]byte, []int)

func (*ServerInfoSpecV1) Marshal 

func (m *ServerInfoSpecV1) Marshal() (dAtA []byte, err error)

func (*ServerInfoSpecV1) MarshalTo 

func (m *ServerInfoSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*ServerInfoSpecV1) MarshalToSizedBuffer 

func (m *ServerInfoSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ServerInfoSpecV1) ProtoMessage 

func (*ServerInfoSpecV1) ProtoMessage()

func (*ServerInfoSpecV1) Reset 

func (m *ServerInfoSpecV1) Reset()

func (*ServerInfoSpecV1) Size 

func (m *ServerInfoSpecV1) Size() (n int)

func (*ServerInfoSpecV1) String 

func (m *ServerInfoSpecV1) String() string

func (*ServerInfoSpecV1) Unmarshal 

func (m *ServerInfoSpecV1) Unmarshal(dAtA []byte) error

func (*ServerInfoSpecV1) XXX_DiscardUnknown 

func (m *ServerInfoSpecV1) XXX_DiscardUnknown()

func (*ServerInfoSpecV1) XXX_Marshal 

func (m *ServerInfoSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServerInfoSpecV1) XXX_Merge 

func (m *ServerInfoSpecV1) XXX_Merge(src proto.Message)

func (*ServerInfoSpecV1) XXX_Size 

func (m *ServerInfoSpecV1) XXX_Size() int

func (*ServerInfoSpecV1) XXX_Unmarshal 

func (m *ServerInfoSpecV1) XXX_Unmarshal(b []byte) error

type ServerInfoV1 

type ServerInfoV1 struct {
	// Kind is the resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the resource spec.
	Spec                 ServerInfoSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

ServerInfoV1 contains info that should be applied to joining Nodes.

func (*ServerInfoV1) CheckAndSetDefaults 

func (s *ServerInfoV1) CheckAndSetDefaults() error

CheckAndSetDefaults validates the Resource and sets any empty fields to default values.

func (*ServerInfoV1) Descriptor 

func (*ServerInfoV1) Descriptor() ([]byte, []int)

func (*ServerInfoV1) Expiry 

func (s *ServerInfoV1) Expiry() time.Time

Expiry returns object expiry setting

func (*ServerInfoV1) GetAllLabels 

func (s *ServerInfoV1) GetAllLabels() map[string]string

GetAllLabels returns all resource's labels.

func (*ServerInfoV1) GetKind 

func (s *ServerInfoV1) GetKind() string

GetKind returns resource kind

func (*ServerInfoV1) GetLabel 

func (s *ServerInfoV1) GetLabel(key string) (string, bool)

GetLabel retrieves the label with the provided key.

func (*ServerInfoV1) GetMetadata 

func (s *ServerInfoV1) GetMetadata() Metadata

GetMetadata returns object metadata

func (*ServerInfoV1) GetName 

func (s *ServerInfoV1) GetName() string

GetName returns the name of the resource

func (*ServerInfoV1) GetNewLabels 

func (s *ServerInfoV1) GetNewLabels() map[string]string

GetNewLabels gets the labels to apply to matched Nodes.

func (*ServerInfoV1) GetRevision 

func (s *ServerInfoV1) GetRevision() string

GetRevision returns the revision

func (*ServerInfoV1) GetStaticLabels 

func (s *ServerInfoV1) GetStaticLabels() map[string]string

GetStaticLabels returns the resource's static labels.

func (*ServerInfoV1) GetSubKind 

func (s *ServerInfoV1) GetSubKind() string

GetSubKind returns resource subkind

func (*ServerInfoV1) GetVersion 

func (s *ServerInfoV1) GetVersion() string

GetVersion returns resource version

func (*ServerInfoV1) Marshal 

func (m *ServerInfoV1) Marshal() (dAtA []byte, err error)

func (*ServerInfoV1) MarshalTo 

func (m *ServerInfoV1) MarshalTo(dAtA []byte) (int, error)

func (*ServerInfoV1) MarshalToSizedBuffer 

func (m *ServerInfoV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ServerInfoV1) MatchSearch 

func (s *ServerInfoV1) MatchSearch(searchValues []string) bool

MatchSearch goes through select field values of a resource and tries to match against the list of search values.

func (*ServerInfoV1) Origin 

func (s *ServerInfoV1) Origin() string

Origin returns the origin value of the resource.

func (*ServerInfoV1) ProtoMessage 

func (*ServerInfoV1) ProtoMessage()

func (*ServerInfoV1) Reset 

func (m *ServerInfoV1) Reset()

func (*ServerInfoV1) SetExpiry 

func (s *ServerInfoV1) SetExpiry(expiry time.Time)

SetExpiry sets object expiry

func (*ServerInfoV1) SetName 

func (s *ServerInfoV1) SetName(name string)

SetName sets the name of the resource

func (*ServerInfoV1) SetNewLabels 

func (s *ServerInfoV1) SetNewLabels(labels map[string]string)

SetNewLabels sets the labels to apply to matched Nodes.

func (*ServerInfoV1) SetOrigin 

func (s *ServerInfoV1) SetOrigin(o string)

SetOrigin sets the origin value of the resource.

func (*ServerInfoV1) SetRevision 

func (s *ServerInfoV1) SetRevision(rev string)

SetRevision sets the revision

func (*ServerInfoV1) SetStaticLabels 

func (s *ServerInfoV1) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the resource's static labels.

func (*ServerInfoV1) SetSubKind 

func (s *ServerInfoV1) SetSubKind(subkind string)

SetSubKind sets resource subkind

func (*ServerInfoV1) Size 

func (m *ServerInfoV1) Size() (n int)

func (*ServerInfoV1) String 

func (m *ServerInfoV1) String() string

func (*ServerInfoV1) Unmarshal 

func (m *ServerInfoV1) Unmarshal(dAtA []byte) error

func (*ServerInfoV1) XXX_DiscardUnknown 

func (m *ServerInfoV1) XXX_DiscardUnknown()

func (*ServerInfoV1) XXX_Marshal 

func (m *ServerInfoV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServerInfoV1) XXX_Merge 

func (m *ServerInfoV1) XXX_Merge(src proto.Message)

func (*ServerInfoV1) XXX_Size 

func (m *ServerInfoV1) XXX_Size() int

func (*ServerInfoV1) XXX_Unmarshal 

func (m *ServerInfoV1) XXX_Unmarshal(b []byte) error

type ServerSpecV2 

type ServerSpecV2 struct {
	// Addr is a host:port address where this server can be reached.
	Addr string `protobuf:"bytes,1,opt,name=Addr,proto3" json:"addr"`
	// Hostname is server hostname
	Hostname string `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname"`
	// CmdLabels is server dynamic labels
	CmdLabels map[string]CommandLabelV2 `` /* 160-byte string literal not displayed */
	// Rotation specifies server rotation
	Rotation Rotation `protobuf:"bytes,5,opt,name=Rotation,proto3" json:"rotation,omitempty"`
	// UseTunnel indicates that connections to this server should occur over a
	// reverse tunnel.
	UseTunnel bool `protobuf:"varint,6,opt,name=UseTunnel,proto3" json:"use_tunnel,omitempty"`
	// TeleportVersion is the teleport version that the server is running on
	Version string `protobuf:"bytes,7,opt,name=Version,proto3" json:"version"`
	// PeerAddr is the address a proxy server is reachable at by its peer proxies.
	PeerAddr string `protobuf:"bytes,11,opt,name=PeerAddr,proto3" json:"peer_addr,omitempty"`
	// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
	ProxyIDs []string `protobuf:"bytes,12,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
	// PublicAddrs is a list of public addresses where this server can be reached.
	PublicAddrs []string `protobuf:"bytes,13,rep,name=public_addrs,json=publicAddrs,proto3" json:"public_addrs,omitempty"`
	// CloudMetadata contains info about the cloud instance the server is running
	// on, if any.
	CloudMetadata *CloudMetadata `protobuf:"bytes,14,opt,name=CloudMetadata,proto3" json:"cloud_metadata,omitempty"`
	// GitHub contains info about GitHub proxies where each server represents a
	// GitHub organization.
	GitHub               *GitHubServerMetadata `protobuf:"bytes,15,opt,name=git_hub,json=gitHub,proto3" json:"github,omitempty"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

ServerSpecV2 is a specification for V2 Server

func (*ServerSpecV2) Descriptor 

func (*ServerSpecV2) Descriptor() ([]byte, []int)

func (*ServerSpecV2) Marshal 

func (m *ServerSpecV2) Marshal() (dAtA []byte, err error)

func (*ServerSpecV2) MarshalTo 

func (m *ServerSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*ServerSpecV2) MarshalToSizedBuffer 

func (m *ServerSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ServerSpecV2) ProtoMessage 

func (*ServerSpecV2) ProtoMessage()

func (*ServerSpecV2) Reset 

func (m *ServerSpecV2) Reset()

func (*ServerSpecV2) Size 

func (m *ServerSpecV2) Size() (n int)

func (*ServerSpecV2) String 

func (m *ServerSpecV2) String() string

func (*ServerSpecV2) Unmarshal 

func (m *ServerSpecV2) Unmarshal(dAtA []byte) error

func (*ServerSpecV2) XXX_DiscardUnknown 

func (m *ServerSpecV2) XXX_DiscardUnknown()

func (*ServerSpecV2) XXX_Marshal 

func (m *ServerSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServerSpecV2) XXX_Merge 

func (m *ServerSpecV2) XXX_Merge(src proto.Message)

func (*ServerSpecV2) XXX_Size 

func (m *ServerSpecV2) XXX_Size() int

func (*ServerSpecV2) XXX_Unmarshal 

func (m *ServerSpecV2) XXX_Unmarshal(b []byte) error

type ServerV2 

type ServerV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a server spec
	Spec                 ServerSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

ServerV2 represents a Node, App, Database, Proxy or Auth Service instance in a Teleport cluster.

func (*ServerV2) CheckAndSetDefaults 

func (s *ServerV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks and set default values for any missing fields.

func (*ServerV2) CloneResource 

func (s *ServerV2) CloneResource() ResourceWithLabels

CloneResource creates a clone of this server value

func (*ServerV2) DeepCopy 

func (s *ServerV2) DeepCopy() Server

DeepCopy creates a clone of this server value

func (*ServerV2) Descriptor 

func (*ServerV2) Descriptor() ([]byte, []int)

func (*ServerV2) Expiry 

func (s *ServerV2) Expiry() time.Time

Expiry returns object expiry setting

func (*ServerV2) GetAWSAccountID 

func (s *ServerV2) GetAWSAccountID() string

GetAWSAccountID returns the AWS Account ID if this node comes from an EC2 instance.

func (*ServerV2) GetAWSInfo 

func (s *ServerV2) GetAWSInfo() *AWSInfo

GetAWSInfo gets the AWS Cloud metadata for the server.

func (*ServerV2) GetAWSInstanceID 

func (s *ServerV2) GetAWSInstanceID() string

GetAWSInstanceID returns the AWS Instance ID if this node comes from an EC2 instance.

func (*ServerV2) GetAddr 

func (s *ServerV2) GetAddr() string

GetAddr return server address

func (*ServerV2) GetAllLabels 

func (s *ServerV2) GetAllLabels() map[string]string

GetAllLabels returns the full key:value map of both static labels and "command labels"

func (*ServerV2) GetCloudMetadata 

func (s *ServerV2) GetCloudMetadata() *CloudMetadata

GetCloudMetadata gets the cloud metadata for the server.

func (*ServerV2) GetCmdLabels 

func (s *ServerV2) GetCmdLabels() map[string]CommandLabel

GetCmdLabels returns command labels

func (*ServerV2) GetGitHub 

func (s *ServerV2) GetGitHub() *GitHubServerMetadata

GetGitHub returns the GitHub server spec.

func (*ServerV2) GetHostname 

func (s *ServerV2) GetHostname() string

GetHostname returns server hostname

func (*ServerV2) GetKind 

func (s *ServerV2) GetKind() string

GetKind returns resource kind

func (*ServerV2) GetLabel 

func (s *ServerV2) GetLabel(key string) (value string, ok bool)

GetLabel retrieves the label with the provided key. If not found value will be empty and ok will be false.

func (*ServerV2) GetLabels 

func (s *ServerV2) GetLabels() map[string]string

GetLabels returns server's static label key pairs. GetLabels and GetStaticLabels are the same, and that is intentional. GetLabels exists to preserve backwards compatibility, while GetStaticLabels exists to implement ResourcesWithLabels.

func (*ServerV2) GetMetadata 

func (s *ServerV2) GetMetadata() Metadata

GetMetadata returns metadata

func (*ServerV2) GetName 

func (s *ServerV2) GetName() string

GetName returns server name

func (*ServerV2) GetNamespace 

func (s *ServerV2) GetNamespace() string

GetNamespace returns server namespace

func (*ServerV2) GetPeerAddr 

func (s *ServerV2) GetPeerAddr() string

GetPeerAddr returns the peer address of the server.

func (*ServerV2) GetProxyIDs 

func (s *ServerV2) GetProxyIDs() []string

GetProxyID returns the proxy id this server is connected to.

func (*ServerV2) GetPublicAddr 

func (s *ServerV2) GetPublicAddr() string

GetPublicAddr returns a public address where this server can be reached.

func (*ServerV2) GetPublicAddrs 

func (s *ServerV2) GetPublicAddrs() []string

GetPublicAddrs returns a list of public addresses where this server can be reached.

func (*ServerV2) GetRevision 

func (s *ServerV2) GetRevision() string

GetRevision returns the revision

func (*ServerV2) GetRotation 

func (s *ServerV2) GetRotation() Rotation

GetRotation gets the state of certificate authority rotation.

func (*ServerV2) GetStaticLabels 

func (s *ServerV2) GetStaticLabels() map[string]string

GetStaticLabels returns the server static labels. GetLabels and GetStaticLabels are the same, and that is intentional. GetLabels exists to preserve backwards compatibility, while GetStaticLabels exists to implement ResourcesWithLabels.

func (*ServerV2) GetSubKind 

func (s *ServerV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*ServerV2) GetTeleportVersion 

func (s *ServerV2) GetTeleportVersion() string

GetTeleportVersion returns the teleport version the server is running on

func (*ServerV2) GetUseTunnel 

func (s *ServerV2) GetUseTunnel() bool

GetUseTunnel gets if a reverse tunnel should be used to connect to this node.

func (*ServerV2) GetVersion 

func (s *ServerV2) GetVersion() string

GetVersion returns resource version

func (*ServerV2) IsEICE 

func (s *ServerV2) IsEICE() bool

IsEICE returns whether the Node is an EICE instance. Must be `openssh-ec2-ice` subkind and have the AccountID and InstanceID information (AWS Metadata or Labels).

func (*ServerV2) IsOpenSSHNode 

func (s *ServerV2) IsOpenSSHNode() bool

IsOpenSSHNode returns whether the connection to this Server must use OpenSSH. This returns true for SubKindOpenSSHNode and SubKindOpenSSHEICENode.

func (*ServerV2) Marshal 

func (m *ServerV2) Marshal() (dAtA []byte, err error)

func (*ServerV2) MarshalTo 

func (m *ServerV2) MarshalTo(dAtA []byte) (int, error)

func (*ServerV2) MarshalToSizedBuffer 

func (m *ServerV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ServerV2) MatchSearch 

func (s *ServerV2) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*ServerV2) Origin 

func (s *ServerV2) Origin() string

Origin returns the origin value of the resource.

func (*ServerV2) ProtoMessage 

func (*ServerV2) ProtoMessage()

func (*ServerV2) Reset 

func (m *ServerV2) Reset()

func (*ServerV2) SetAddr 

func (s *ServerV2) SetAddr(addr string)

SetAddr sets server address

func (*ServerV2) SetCloudMetadata 

func (s *ServerV2) SetCloudMetadata(meta *CloudMetadata)

SetCloudMetadata sets the server's cloud metadata.

func (*ServerV2) SetCmdLabels 

func (s *ServerV2) SetCmdLabels(cmdLabels map[string]CommandLabel)

SetCmdLabels sets dynamic labels.

func (*ServerV2) SetExpiry 

func (s *ServerV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*ServerV2) SetName 

func (s *ServerV2) SetName(e string)

SetName sets the name of the TrustedCluster.

func (*ServerV2) SetNamespace 

func (s *ServerV2) SetNamespace(namespace string)

SetNamespace sets server namespace

func (*ServerV2) SetOrigin 

func (s *ServerV2) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*ServerV2) SetPeerAddr 

func (s *ServerV2) SetPeerAddr(addr string)

SetPeerAddr sets the peer address of the server.

func (*ServerV2) SetProxyIDs 

func (s *ServerV2) SetProxyIDs(proxyIDs []string)

SetProxyID sets the proxy ids this server is connected to.

func (*ServerV2) SetPublicAddrs 

func (s *ServerV2) SetPublicAddrs(addrs []string)

SetPublicAddrs sets the public proxy addresses where this server can be reached.

func (*ServerV2) SetRevision 

func (s *ServerV2) SetRevision(rev string)

SetRevision sets the revision

func (*ServerV2) SetRotation 

func (s *ServerV2) SetRotation(r Rotation)

SetRotation sets the state of certificate authority rotation.

func (*ServerV2) SetStaticLabels 

func (s *ServerV2) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the server static labels.

func (*ServerV2) SetSubKind 

func (s *ServerV2) SetSubKind(sk string)

SetSubKind sets resource subkind

func (*ServerV2) SetUseTunnel 

func (s *ServerV2) SetUseTunnel(useTunnel bool)

SetUseTunnel sets if a reverse tunnel should be used to connect to this node.

func (*ServerV2) Size 

func (m *ServerV2) Size() (n int)

func (*ServerV2) String 

func (s *ServerV2) String() string

func (*ServerV2) Unmarshal 

func (m *ServerV2) Unmarshal(dAtA []byte) error

func (*ServerV2) XXX_DiscardUnknown 

func (m *ServerV2) XXX_DiscardUnknown()

func (*ServerV2) XXX_Marshal 

func (m *ServerV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServerV2) XXX_Merge 

func (m *ServerV2) XXX_Merge(src proto.Message)

func (*ServerV2) XXX_Size 

func (m *ServerV2) XXX_Size() int

func (*ServerV2) XXX_Unmarshal 

func (m *ServerV2) XXX_Unmarshal(b []byte) error

type Servers 

type Servers []Server

Servers represents a list of servers.

func (Servers) AsResources 

func (s Servers) AsResources() []ResourceWithLabels

AsResources returns as type resources with labels.

func (Servers) GetFieldVals 

func (s Servers) GetFieldVals(field string) ([]string, error)

GetFieldVals returns list of select field values.

func (Servers) Len 

func (s Servers) Len() int

Len returns the slice length.

func (Servers) Less 

func (s Servers) Less(i, j int) bool

Less compares servers by name.

func (Servers) SortByCustom 

func (s Servers) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (Servers) Swap 

func (s Servers) Swap(i, j int)

Swap swaps two servers.

type SessionJoinPolicy 

type SessionJoinPolicy struct {
	// Name is the name of the policy.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// Roles is a list of roles that you can join the session of.
	Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles"`
	// Kinds are the session kinds this policy applies to.
	Kinds []string `protobuf:"bytes,3,rep,name=Kinds,proto3" json:"kinds"`
	// Modes is a list of permitted participant modes for this policy.
	Modes                []string `protobuf:"bytes,4,rep,name=Modes,proto3" json:"modes"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SessionJoinPolicy defines a policy that allows a user to join sessions.

func (*SessionJoinPolicy) Descriptor 

func (*SessionJoinPolicy) Descriptor() ([]byte, []int)

func (*SessionJoinPolicy) Marshal 

func (m *SessionJoinPolicy) Marshal() (dAtA []byte, err error)

func (*SessionJoinPolicy) MarshalTo 

func (m *SessionJoinPolicy) MarshalTo(dAtA []byte) (int, error)

func (*SessionJoinPolicy) MarshalToSizedBuffer 

func (m *SessionJoinPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionJoinPolicy) ProtoMessage 

func (*SessionJoinPolicy) ProtoMessage()

func (*SessionJoinPolicy) Reset 

func (m *SessionJoinPolicy) Reset()

func (*SessionJoinPolicy) Size 

func (m *SessionJoinPolicy) Size() (n int)

func (*SessionJoinPolicy) String 

func (m *SessionJoinPolicy) String() string

func (*SessionJoinPolicy) Unmarshal 

func (m *SessionJoinPolicy) Unmarshal(dAtA []byte) error

func (*SessionJoinPolicy) XXX_DiscardUnknown 

func (m *SessionJoinPolicy) XXX_DiscardUnknown()

func (*SessionJoinPolicy) XXX_Marshal 

func (m *SessionJoinPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionJoinPolicy) XXX_Merge 

func (m *SessionJoinPolicy) XXX_Merge(src proto.Message)

func (*SessionJoinPolicy) XXX_Size 

func (m *SessionJoinPolicy) XXX_Size() int

func (*SessionJoinPolicy) XXX_Unmarshal 

func (m *SessionJoinPolicy) XXX_Unmarshal(b []byte) error

type SessionKind 

type SessionKind string

SessionKind is a type of session. 

const (
	// SSHSessionKind is the kind used for session tracking with the
	// session_tracker resource used in Teleport 9+. Note that it is
	// different from the legacy [types.KindSSHSession] value that was
	// used prior to the introduction of moderated sessions.
	SSHSessionKind            SessionKind = "ssh"
	KubernetesSessionKind     SessionKind = "k8s"
	DatabaseSessionKind       SessionKind = "db"
	AppSessionKind            SessionKind = "app"
	WindowsDesktopSessionKind SessionKind = "desktop"
	GitSessionKind            SessionKind = "git"
	UnknownSessionKind        SessionKind = ""
)

These represent the possible values for the kind field in session trackers.

type SessionParticipantMode 

type SessionParticipantMode string

SessionParticipantMode is the mode that determines what you can do when you join a session. 

const (
	SessionObserverMode  SessionParticipantMode = "observer"
	SessionModeratorMode SessionParticipantMode = "moderator"
	SessionPeerMode      SessionParticipantMode = "peer"
)

type SessionRecordingConfig 

type SessionRecordingConfig interface {
	ResourceWithOrigin

	// GetMode gets the session recording mode.
	GetMode() string

	// SetMode sets the session recording mode.
	SetMode(string)

	// GetProxyChecksHostKeys gets if the proxy will check host keys.
	GetProxyChecksHostKeys() bool

	// SetProxyChecksHostKeys sets if the proxy will check host keys.
	SetProxyChecksHostKeys(bool)

	// Clone returns a copy of the resource.
	Clone() SessionRecordingConfig
}

SessionRecordingConfig defines session recording configuration. This is a configuration resource, never create more than one instance of it.

func DefaultSessionRecordingConfig 

func DefaultSessionRecordingConfig() SessionRecordingConfig

DefaultSessionRecordingConfig returns the default session recording configuration.

func NewSessionRecordingConfigFromConfigFile 

func NewSessionRecordingConfigFromConfigFile(spec SessionRecordingConfigSpecV2) (SessionRecordingConfig, error)

NewSessionRecordingConfigFromConfigFile is a convenience method to create SessionRecordingConfigV2 labeled as originating from config file.

type SessionRecordingConfigSpecV2 

type SessionRecordingConfigSpecV2 struct {
	// Mode controls where (or if) the session is recorded.
	Mode string `protobuf:"bytes,1,opt,name=Mode,proto3" json:"mode"`
	// ProxyChecksHostKeys is used to control if the proxy will check host keys
	// when in recording mode.
	ProxyChecksHostKeys *BoolOption `protobuf:"bytes,2,opt,name=ProxyChecksHostKeys,proto3,customtype=BoolOption" json:"proxy_checks_host_keys"`
	// Encryption configures if and how session recordings should be encrypted.
	Encryption           *SessionRecordingEncryptionConfig `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

SessionRecordingConfigSpecV2 is the actual data we care about for SessionRecordingConfig.

func (*SessionRecordingConfigSpecV2) Descriptor 

func (*SessionRecordingConfigSpecV2) Descriptor() ([]byte, []int)

func (*SessionRecordingConfigSpecV2) Marshal 

func (m *SessionRecordingConfigSpecV2) Marshal() (dAtA []byte, err error)

func (*SessionRecordingConfigSpecV2) MarshalTo 

func (m *SessionRecordingConfigSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*SessionRecordingConfigSpecV2) MarshalToSizedBuffer 

func (m *SessionRecordingConfigSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionRecordingConfigSpecV2) ProtoMessage 

func (*SessionRecordingConfigSpecV2) ProtoMessage()

func (*SessionRecordingConfigSpecV2) Reset 

func (m *SessionRecordingConfigSpecV2) Reset()

func (*SessionRecordingConfigSpecV2) Size 

func (m *SessionRecordingConfigSpecV2) Size() (n int)

func (*SessionRecordingConfigSpecV2) String 

func (m *SessionRecordingConfigSpecV2) String() string

func (*SessionRecordingConfigSpecV2) Unmarshal 

func (m *SessionRecordingConfigSpecV2) Unmarshal(dAtA []byte) error

func (*SessionRecordingConfigSpecV2) XXX_DiscardUnknown 

func (m *SessionRecordingConfigSpecV2) XXX_DiscardUnknown()

func (*SessionRecordingConfigSpecV2) XXX_Marshal 

func (m *SessionRecordingConfigSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionRecordingConfigSpecV2) XXX_Merge 

func (m *SessionRecordingConfigSpecV2) XXX_Merge(src proto.Message)

func (*SessionRecordingConfigSpecV2) XXX_Size 

func (m *SessionRecordingConfigSpecV2) XXX_Size() int

func (*SessionRecordingConfigSpecV2) XXX_Unmarshal 

func (m *SessionRecordingConfigSpecV2) XXX_Unmarshal(b []byte) error

type SessionRecordingConfigStatus 

type SessionRecordingConfigStatus struct {
	// EncryptionKeys contain the currently active age encryption keys used for
	// encrypted session recording.
	EncryptionKeys       []*AgeEncryptionKey `protobuf:"bytes,1,rep,name=encryption_keys,json=encryptionKeys,proto3" json:"encryption_keys"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

SessionRecordingConfigStatus contains the currently active age encryption keys used for encrypted session recording.

func (*SessionRecordingConfigStatus) Descriptor 

func (*SessionRecordingConfigStatus) Descriptor() ([]byte, []int)

func (*SessionRecordingConfigStatus) Marshal 

func (m *SessionRecordingConfigStatus) Marshal() (dAtA []byte, err error)

func (*SessionRecordingConfigStatus) MarshalTo 

func (m *SessionRecordingConfigStatus) MarshalTo(dAtA []byte) (int, error)

func (*SessionRecordingConfigStatus) MarshalToSizedBuffer 

func (m *SessionRecordingConfigStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionRecordingConfigStatus) ProtoMessage 

func (*SessionRecordingConfigStatus) ProtoMessage()

func (*SessionRecordingConfigStatus) Reset 

func (m *SessionRecordingConfigStatus) Reset()

func (*SessionRecordingConfigStatus) Size 

func (m *SessionRecordingConfigStatus) Size() (n int)

func (*SessionRecordingConfigStatus) String 

func (m *SessionRecordingConfigStatus) String() string

func (*SessionRecordingConfigStatus) Unmarshal 

func (m *SessionRecordingConfigStatus) Unmarshal(dAtA []byte) error

func (*SessionRecordingConfigStatus) XXX_DiscardUnknown 

func (m *SessionRecordingConfigStatus) XXX_DiscardUnknown()

func (*SessionRecordingConfigStatus) XXX_Marshal 

func (m *SessionRecordingConfigStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionRecordingConfigStatus) XXX_Merge 

func (m *SessionRecordingConfigStatus) XXX_Merge(src proto.Message)

func (*SessionRecordingConfigStatus) XXX_Size 

func (m *SessionRecordingConfigStatus) XXX_Size() int

func (*SessionRecordingConfigStatus) XXX_Unmarshal 

func (m *SessionRecordingConfigStatus) XXX_Unmarshal(b []byte) error

type SessionRecordingConfigV2 

type SessionRecordingConfigV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are:`v2`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a SessionRecordingConfig specification
	Spec SessionRecordingConfigSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	// Status is the SessionRecordingConfig status containing active encryption keys
	Status               *SessionRecordingConfigStatus `protobuf:"bytes,6,opt,name=Status,proto3" json:"status"`
	XXX_NoUnkeyedLiteral struct{}                      `json:"-"`
	XXX_unrecognized     []byte                        `json:"-"`
	XXX_sizecache        int32                         `json:"-"`
}

SessionRecordingConfigV2 contains session recording configuration.

func (*SessionRecordingConfigV2) CheckAndSetDefaults 

func (c *SessionRecordingConfigV2) CheckAndSetDefaults() error

CheckAndSetDefaults verifies the constraints for SessionRecordingConfig.

func (*SessionRecordingConfigV2) Clone 

func (c *SessionRecordingConfigV2) Clone() SessionRecordingConfig

Clone returns a copy of the resource.

func (*SessionRecordingConfigV2) Descriptor 

func (*SessionRecordingConfigV2) Descriptor() ([]byte, []int)

func (*SessionRecordingConfigV2) Expiry 

func (c *SessionRecordingConfigV2) Expiry() time.Time

Expiry returns object expiry setting.

func (*SessionRecordingConfigV2) GetKind 

func (c *SessionRecordingConfigV2) GetKind() string

GetKind returns resource kind.

func (*SessionRecordingConfigV2) GetMetadata 

func (c *SessionRecordingConfigV2) GetMetadata() Metadata

GetMetadata returns object metadata.

func (*SessionRecordingConfigV2) GetMode 

func (c *SessionRecordingConfigV2) GetMode() string

GetMode gets the cluster's session recording mode.

func (*SessionRecordingConfigV2) GetName 

func (c *SessionRecordingConfigV2) GetName() string

GetName returns the name of the resource.

func (*SessionRecordingConfigV2) GetProxyChecksHostKeys 

func (c *SessionRecordingConfigV2) GetProxyChecksHostKeys() bool

GetProxyChecksHostKeys gets if the proxy will check host keys.

func (*SessionRecordingConfigV2) GetRevision 

func (c *SessionRecordingConfigV2) GetRevision() string

GetRevision returns the revision

func (*SessionRecordingConfigV2) GetSubKind 

func (c *SessionRecordingConfigV2) GetSubKind() string

GetSubKind returns resource subkind.

func (*SessionRecordingConfigV2) GetVersion 

func (c *SessionRecordingConfigV2) GetVersion() string

GetVersion returns resource version.

func (*SessionRecordingConfigV2) Marshal 

func (m *SessionRecordingConfigV2) Marshal() (dAtA []byte, err error)

func (*SessionRecordingConfigV2) MarshalTo 

func (m *SessionRecordingConfigV2) MarshalTo(dAtA []byte) (int, error)

func (*SessionRecordingConfigV2) MarshalToSizedBuffer 

func (m *SessionRecordingConfigV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionRecordingConfigV2) Origin 

func (c *SessionRecordingConfigV2) Origin() string

Origin returns the origin value of the resource.

func (*SessionRecordingConfigV2) ProtoMessage 

func (*SessionRecordingConfigV2) ProtoMessage()

func (*SessionRecordingConfigV2) Reset 

func (m *SessionRecordingConfigV2) Reset()

func (*SessionRecordingConfigV2) SetExpiry 

func (c *SessionRecordingConfigV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object.

func (*SessionRecordingConfigV2) SetMode 

func (c *SessionRecordingConfigV2) SetMode(m string)

SetMode sets the cluster's session recording mode.

func (*SessionRecordingConfigV2) SetName 

func (c *SessionRecordingConfigV2) SetName(e string)

SetName sets the name of the resource.

func (*SessionRecordingConfigV2) SetOrigin 

func (c *SessionRecordingConfigV2) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*SessionRecordingConfigV2) SetProxyChecksHostKeys 

func (c *SessionRecordingConfigV2) SetProxyChecksHostKeys(t bool)

SetProxyChecksHostKeys sets if the proxy will check host keys.

func (*SessionRecordingConfigV2) SetRevision 

func (c *SessionRecordingConfigV2) SetRevision(rev string)

SetRevision sets the revision

func (*SessionRecordingConfigV2) SetSubKind 

func (c *SessionRecordingConfigV2) SetSubKind(sk string)

SetSubKind sets resource subkind.

func (*SessionRecordingConfigV2) Size 

func (m *SessionRecordingConfigV2) Size() (n int)

func (*SessionRecordingConfigV2) String 

func (m *SessionRecordingConfigV2) String() string

func (*SessionRecordingConfigV2) Unmarshal 

func (m *SessionRecordingConfigV2) Unmarshal(dAtA []byte) error

func (*SessionRecordingConfigV2) XXX_DiscardUnknown 

func (m *SessionRecordingConfigV2) XXX_DiscardUnknown()

func (*SessionRecordingConfigV2) XXX_Marshal 

func (m *SessionRecordingConfigV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionRecordingConfigV2) XXX_Merge 

func (m *SessionRecordingConfigV2) XXX_Merge(src proto.Message)

func (*SessionRecordingConfigV2) XXX_Size 

func (m *SessionRecordingConfigV2) XXX_Size() int

func (*SessionRecordingConfigV2) XXX_Unmarshal 

func (m *SessionRecordingConfigV2) XXX_Unmarshal(b []byte) error

type SessionRecordingEncryptionConfig 

type SessionRecordingEncryptionConfig struct {
	// Enabled controls whether or not session recordings should be encrypted.
	Enabled              bool     `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SessionRecordingEncryptionConfig configures if and how session recordings should be encrypted.

func (*SessionRecordingEncryptionConfig) Descriptor 

func (*SessionRecordingEncryptionConfig) Descriptor() ([]byte, []int)

func (*SessionRecordingEncryptionConfig) Marshal 

func (m *SessionRecordingEncryptionConfig) Marshal() (dAtA []byte, err error)

func (*SessionRecordingEncryptionConfig) MarshalTo 

func (m *SessionRecordingEncryptionConfig) MarshalTo(dAtA []byte) (int, error)

func (*SessionRecordingEncryptionConfig) MarshalToSizedBuffer 

func (m *SessionRecordingEncryptionConfig) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionRecordingEncryptionConfig) ProtoMessage 

func (*SessionRecordingEncryptionConfig) ProtoMessage()

func (*SessionRecordingEncryptionConfig) Reset 

func (m *SessionRecordingEncryptionConfig) Reset()

func (*SessionRecordingEncryptionConfig) Size 

func (m *SessionRecordingEncryptionConfig) Size() (n int)

func (*SessionRecordingEncryptionConfig) String 

func (m *SessionRecordingEncryptionConfig) String() string

func (*SessionRecordingEncryptionConfig) Unmarshal 

func (m *SessionRecordingEncryptionConfig) Unmarshal(dAtA []byte) error

func (*SessionRecordingEncryptionConfig) XXX_DiscardUnknown 

func (m *SessionRecordingEncryptionConfig) XXX_DiscardUnknown()

func (*SessionRecordingEncryptionConfig) XXX_Marshal 

func (m *SessionRecordingEncryptionConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionRecordingEncryptionConfig) XXX_Merge 

func (m *SessionRecordingEncryptionConfig) XXX_Merge(src proto.Message)

func (*SessionRecordingEncryptionConfig) XXX_Size 

func (m *SessionRecordingEncryptionConfig) XXX_Size() int

func (*SessionRecordingEncryptionConfig) XXX_Unmarshal 

func (m *SessionRecordingEncryptionConfig) XXX_Unmarshal(b []byte) error

type SessionRequirePolicy 

type SessionRequirePolicy struct {
	// Name is the name of the policy.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	// Filter is a predicate that determines what users count towards this policy.
	Filter string `protobuf:"bytes,2,opt,name=Filter,proto3" json:"filter"`
	// Kinds are the session kinds this policy applies to.
	Kinds []string `protobuf:"bytes,3,rep,name=Kinds,proto3" json:"kinds"`
	// Count is the amount of people that need to be matched for this policy to be fulfilled.
	Count int32 `protobuf:"varint,4,opt,name=Count,proto3" json:"count"`
	// Modes is the list of modes that may be used to fulfill this policy.
	Modes []string `protobuf:"bytes,5,rep,name=Modes,proto3" json:"modes"`
	// OnLeave is the behaviour that's used when the policy is no longer fulfilled
	// for a live session.
	OnLeave              string   `protobuf:"bytes,6,opt,name=OnLeave,proto3" json:"on_leave"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SessionRequirePolicy a requirement policy that needs to be fulfilled to grant access.

func (*SessionRequirePolicy) Descriptor 

func (*SessionRequirePolicy) Descriptor() ([]byte, []int)

func (*SessionRequirePolicy) Marshal 

func (m *SessionRequirePolicy) Marshal() (dAtA []byte, err error)

func (*SessionRequirePolicy) MarshalTo 

func (m *SessionRequirePolicy) MarshalTo(dAtA []byte) (int, error)

func (*SessionRequirePolicy) MarshalToSizedBuffer 

func (m *SessionRequirePolicy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionRequirePolicy) ProtoMessage 

func (*SessionRequirePolicy) ProtoMessage()

func (*SessionRequirePolicy) Reset 

func (m *SessionRequirePolicy) Reset()

func (*SessionRequirePolicy) Size 

func (m *SessionRequirePolicy) Size() (n int)

func (*SessionRequirePolicy) String 

func (m *SessionRequirePolicy) String() string

func (*SessionRequirePolicy) Unmarshal 

func (m *SessionRequirePolicy) Unmarshal(dAtA []byte) error

func (*SessionRequirePolicy) XXX_DiscardUnknown 

func (m *SessionRequirePolicy) XXX_DiscardUnknown()

func (*SessionRequirePolicy) XXX_Marshal 

func (m *SessionRequirePolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionRequirePolicy) XXX_Merge 

func (m *SessionRequirePolicy) XXX_Merge(src proto.Message)

func (*SessionRequirePolicy) XXX_Size 

func (m *SessionRequirePolicy) XXX_Size() int

func (*SessionRequirePolicy) XXX_Unmarshal 

func (m *SessionRequirePolicy) XXX_Unmarshal(b []byte) error

type SessionState 

type SessionState int32

SessionState represents the state of a session. 

const (
	// Pending variant represents a session that is waiting on participants to fulfill the criteria
	// to start the session.
	SessionState_SessionStatePending SessionState = 0
	// Running variant represents a session that has had it's criteria for starting
	// fulfilled at least once and has transitioned to a RUNNING state.
	SessionState_SessionStateRunning SessionState = 1
	// Terminated variant represents a session that is no longer running and due for removal.
	SessionState_SessionStateTerminated SessionState = 2
)

func (SessionState) EnumDescriptor 

func (SessionState) EnumDescriptor() ([]byte, []int)

func (SessionState) String 

func (x SessionState) String() string

type SessionTracker 

type SessionTracker interface {
	Resource

	// GetSessionID returns the ID of the session.
	GetSessionID() string

	// GetSessionKind returns the kind of the session.
	GetSessionKind() SessionKind

	// GetState returns the state of the session.
	GetState() SessionState

	// SetState sets the state of the session.
	SetState(SessionState) error

	// SetCreated sets the time at which the session was created.
	SetCreated(time.Time)

	// GetCreated returns the time at which the session was created.
	GetCreated() time.Time

	// GetExpires return the time at which the session expires.
	GetExpires() time.Time

	// GetReason returns the reason for the session.
	GetReason() string

	// GetInvited returns a list of people invited to the session.
	GetInvited() []string

	// GetHostname returns the hostname of the session target.
	GetHostname() string

	// GetAddress returns the address of the session target.
	GetAddress() string

	// GetClusterName returns the name of the Teleport cluster.
	GetClusterName() string

	// GetLogin returns the target machine username used for this session.
	GetLogin() string

	// GetParticipants returns the list of participants in the session.
	GetParticipants() []Participant

	// AddParticipant adds a participant to the session tracker.
	AddParticipant(Participant)

	// RemoveParticipant removes a participant from the session tracker.
	RemoveParticipant(string) error

	// UpdatePresence updates presence timestamp of a participant.
	UpdatePresence(string, time.Time) error

	// GetKubeCluster returns the name of the kubernetes cluster the session is running in.
	GetKubeCluster() string

	// GetDesktopName returns the name of the Windows desktop the session is running in.
	GetDesktopName() string

	// GetAppName returns the name of the app being accessed.
	GetAppName() string

	// GetDatabaseName returns the name of the database being accessed.
	GetDatabaseName() string

	// GetHostUser fetches the user marked as the "host" of the session.
	// Things like RBAC policies are determined from this user.
	GetHostUser() string

	// GetHostPolicySets returns a list of policy sets held by the host user at the time of session creation.
	// This a subset of a role that contains some versioning and naming information in addition to the require policies
	GetHostPolicySets() []*SessionTrackerPolicySet

	// GetLastActive returns the time at which the session was last active (i.e used by any participant).
	GetLastActive() time.Time

	// HostID is the target host id that created the session tracker.
	GetHostID() string

	// GetTargetSubKind returns the sub kind of the target server.
	GetTargetSubKind() string

	// GetCommand returns the command that initiated the session.
	GetCommand() []string
}

SessionTracker is a resource which tracks an active session.

func NewSessionTracker 

func NewSessionTracker(spec SessionTrackerSpecV1) (SessionTracker, error)

type SessionTrackerFilter 

type SessionTrackerFilter struct {
	// Kind describes what kind of session this is.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind,omitempty"`
	// State is the current state of this session.
	State *NullableSessionState `protobuf:"bytes,2,opt,name=State,proto3" json:"state,omitempty"`
	// DesktopName is the windows desktop server this session belongs to.
	DesktopName          string   `protobuf:"bytes,3,opt,name=DesktopName,proto3" json:"desktop_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SessionTrackerFilter are filters to apply when searching for session trackers.

func (*SessionTrackerFilter) Descriptor 

func (*SessionTrackerFilter) Descriptor() ([]byte, []int)

func (*SessionTrackerFilter) Marshal 

func (m *SessionTrackerFilter) Marshal() (dAtA []byte, err error)

func (*SessionTrackerFilter) MarshalTo 

func (m *SessionTrackerFilter) MarshalTo(dAtA []byte) (int, error)

func (*SessionTrackerFilter) MarshalToSizedBuffer 

func (m *SessionTrackerFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionTrackerFilter) Match 

func (f *SessionTrackerFilter) Match(s SessionTracker) bool

Match checks if a given session tracker matches this filter.

func (*SessionTrackerFilter) ProtoMessage 

func (*SessionTrackerFilter) ProtoMessage()

func (*SessionTrackerFilter) Reset 

func (m *SessionTrackerFilter) Reset()

func (*SessionTrackerFilter) Size 

func (m *SessionTrackerFilter) Size() (n int)

func (*SessionTrackerFilter) String 

func (m *SessionTrackerFilter) String() string

func (*SessionTrackerFilter) Unmarshal 

func (m *SessionTrackerFilter) Unmarshal(dAtA []byte) error

func (*SessionTrackerFilter) XXX_DiscardUnknown 

func (m *SessionTrackerFilter) XXX_DiscardUnknown()

func (*SessionTrackerFilter) XXX_Marshal 

func (m *SessionTrackerFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionTrackerFilter) XXX_Merge 

func (m *SessionTrackerFilter) XXX_Merge(src proto.Message)

func (*SessionTrackerFilter) XXX_Size 

func (m *SessionTrackerFilter) XXX_Size() int

func (*SessionTrackerFilter) XXX_Unmarshal 

func (m *SessionTrackerFilter) XXX_Unmarshal(b []byte) error

type SessionTrackerPolicySet 

type SessionTrackerPolicySet struct {
	// Name is name of the role this policy set originates from.
	Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
	// Version is version of the role this policy set originates from.
	Version string `protobuf:"bytes,2,opt,name=Version,proto3" json:"version,omitempty"`
	// RequireSessionJoin specifies policies for required users to start a session.
	RequireSessionJoin   []*SessionRequirePolicy `protobuf:"bytes,3,rep,name=RequireSessionJoin,proto3" json:"require_session_join,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

SessionTrackerPolicySet is a set of RBAC policies held by the session tracker that contain additional metadata from the originating role.

func (*SessionTrackerPolicySet) Descriptor 

func (*SessionTrackerPolicySet) Descriptor() ([]byte, []int)

func (*SessionTrackerPolicySet) Marshal 

func (m *SessionTrackerPolicySet) Marshal() (dAtA []byte, err error)

func (*SessionTrackerPolicySet) MarshalTo 

func (m *SessionTrackerPolicySet) MarshalTo(dAtA []byte) (int, error)

func (*SessionTrackerPolicySet) MarshalToSizedBuffer 

func (m *SessionTrackerPolicySet) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionTrackerPolicySet) ProtoMessage 

func (*SessionTrackerPolicySet) ProtoMessage()

func (*SessionTrackerPolicySet) Reset 

func (m *SessionTrackerPolicySet) Reset()

func (*SessionTrackerPolicySet) Size 

func (m *SessionTrackerPolicySet) Size() (n int)

func (*SessionTrackerPolicySet) String 

func (m *SessionTrackerPolicySet) String() string

func (*SessionTrackerPolicySet) Unmarshal 

func (m *SessionTrackerPolicySet) Unmarshal(dAtA []byte) error

func (*SessionTrackerPolicySet) XXX_DiscardUnknown 

func (m *SessionTrackerPolicySet) XXX_DiscardUnknown()

func (*SessionTrackerPolicySet) XXX_Marshal 

func (m *SessionTrackerPolicySet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionTrackerPolicySet) XXX_Merge 

func (m *SessionTrackerPolicySet) XXX_Merge(src proto.Message)

func (*SessionTrackerPolicySet) XXX_Size 

func (m *SessionTrackerPolicySet) XXX_Size() int

func (*SessionTrackerPolicySet) XXX_Unmarshal 

func (m *SessionTrackerPolicySet) XXX_Unmarshal(b []byte) error

type SessionTrackerSpecV1 

type SessionTrackerSpecV1 struct {
	// SessionID is unique identifier of this session.
	SessionID string `protobuf:"bytes,1,opt,name=SessionID,proto3" json:"session_id,omitempty"`
	// Kind describes what kind of session this is.
	Kind string `protobuf:"bytes,2,opt,name=Kind,proto3" json:"kind,omitempty"`
	// State is the current state of this session.
	State SessionState `protobuf:"varint,3,opt,name=State,proto3,enum=types.SessionState" json:"state,omitempty"`
	// Created encodes the time at which the session was registered with the auth
	// server.
	//
	// This should match the timestamp in the corresponding `session.create` event.
	// It's thus up to the tracker creator to set the correct timestamp.
	Created time.Time `protobuf:"bytes,4,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
	// Expires encodes the time at which this session expires and becomes invalid.
	Expires time.Time `protobuf:"bytes,5,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
	// AttachedData is arbitrary attached JSON serialized metadata.
	AttachedData string `protobuf:"bytes,6,opt,name=AttachedData,proto3" json:"attached,omitempty"`
	// Reason is an arbitrary string that may be used to describe the session and/or it's
	// purpose.
	Reason string `protobuf:"bytes,7,opt,name=Reason,proto3" json:"reason,omitempty"`
	// Invited is a list of invited users, this field can be used by
	// clients to deliver notifications to invited users.
	Invited []string `protobuf:"bytes,8,rep,name=Invited,proto3" json:"invited,omitempty"`
	// Hostname identifies the target this session is connected to.
	Hostname string `protobuf:"bytes,9,opt,name=Hostname,proto3" json:"target_hostname,omitempty"`
	// Address is the address of the target this session is connected to.
	Address string `protobuf:"bytes,10,opt,name=Address,proto3" json:"target_address,omitempty"`
	// ClusterName is the name of the Teleport cluster that this session belongs to.
	ClusterName string `protobuf:"bytes,11,opt,name=ClusterName,proto3" json:"cluster_name,omitempty"`
	// Login is the local login/user on the target used by the session.
	Login string `protobuf:"bytes,12,opt,name=Login,proto3" json:"login,omitempty"`
	// Participants is a list of session participants.
	Participants []Participant `protobuf:"bytes,13,rep,name=Participants,proto3" json:"participants,omitempty"`
	// The Kubernetes cluster this session belongs to.
	KubernetesCluster string `protobuf:"bytes,14,opt,name=KubernetesCluster,proto3" json:"kubernetes_cluster,omitempty"`
	// HostUser is the user regarded as the owner of this session, RBAC checks are performed
	// against the require policies of this user.
	//
	// This refers to the Teleport user but may not be the same as the sessions initiator.
	HostUser string `protobuf:"bytes,15,opt,name=HostUser,proto3" json:"host_user,omitempty"`
	// HostPolicies is a list of RBAC policy sets held by the host user at the time of session
	// creation.
	HostPolicies []*SessionTrackerPolicySet `protobuf:"bytes,16,rep,name=HostPolicies,proto3" json:"host_roles,omitempty"`
	// DatabaseName is the database server this session belongs to.
	DatabaseName string `protobuf:"bytes,17,opt,name=DatabaseName,proto3" json:"database_name,omitempty"`
	// AppName is the app server this session belongs to.
	AppName string `protobuf:"bytes,18,opt,name=AppName,proto3" json:"app_name,omitempty"`
	// AppSessionID is the unique ID of the app access certificate used to start this app session.
	AppSessionID string `protobuf:"bytes,19,opt,name=AppSessionID,proto3" json:"app_session_id,omitempty"`
	// DesktopName is the windows desktop server this session belongs to.
	DesktopName string `protobuf:"bytes,20,opt,name=DesktopName,proto3" json:"desktop_name,omitempty"`
	// HostID is the target host id that created the session tracker.
	// It's useful for Kubernetes moderated sessions when running in high availabilty
	// otherwise kube proxy is not able to know which agent runs the session.
	HostID string `protobuf:"bytes,21,opt,name=HostID,proto3" json:"host_id,omitempty"`
	// TargetSubKind is the sub kind of the target server.
	TargetSubKind string `protobuf:"bytes,22,opt,name=TargetSubKind,proto3" json:"target_sub_kind,omitempty"`
	// InitialCommand is the command that was executed to start this session.
	InitialCommand       []string `protobuf:"bytes,23,rep,name=InitialCommand,proto3" json:"initial_command,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SessionTrackerSpecV1 is the specification for a live session.

func (*SessionTrackerSpecV1) Descriptor 

func (*SessionTrackerSpecV1) Descriptor() ([]byte, []int)

func (*SessionTrackerSpecV1) Marshal 

func (m *SessionTrackerSpecV1) Marshal() (dAtA []byte, err error)

func (*SessionTrackerSpecV1) MarshalTo 

func (m *SessionTrackerSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*SessionTrackerSpecV1) MarshalToSizedBuffer 

func (m *SessionTrackerSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionTrackerSpecV1) ProtoMessage 

func (*SessionTrackerSpecV1) ProtoMessage()

func (*SessionTrackerSpecV1) Reset 

func (m *SessionTrackerSpecV1) Reset()

func (*SessionTrackerSpecV1) Size 

func (m *SessionTrackerSpecV1) Size() (n int)

func (*SessionTrackerSpecV1) String 

func (m *SessionTrackerSpecV1) String() string

func (*SessionTrackerSpecV1) Unmarshal 

func (m *SessionTrackerSpecV1) Unmarshal(dAtA []byte) error

func (*SessionTrackerSpecV1) XXX_DiscardUnknown 

func (m *SessionTrackerSpecV1) XXX_DiscardUnknown()

func (*SessionTrackerSpecV1) XXX_Marshal 

func (m *SessionTrackerSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionTrackerSpecV1) XXX_Merge 

func (m *SessionTrackerSpecV1) XXX_Merge(src proto.Message)

func (*SessionTrackerSpecV1) XXX_Size 

func (m *SessionTrackerSpecV1) XXX_Size() int

func (*SessionTrackerSpecV1) XXX_Unmarshal 

func (m *SessionTrackerSpecV1) XXX_Unmarshal(b []byte) error

type SessionTrackerV1 

type SessionTrackerV1 struct {
	// Header is the common resource header.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is a session specification.
	Spec                 SessionTrackerSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

SessionTrackerV1 represents a live session resource.

func (*SessionTrackerV1) AddParticipant 

func (s *SessionTrackerV1) AddParticipant(participant Participant)

AddParticipant adds a participant to the session tracker.

func (*SessionTrackerV1) CheckAndSetDefaults 

func (s *SessionTrackerV1) CheckAndSetDefaults() error

CheckAndSetDefaults sets defaults for the session resource.

func (*SessionTrackerV1) Descriptor 

func (*SessionTrackerV1) Descriptor() ([]byte, []int)

func (*SessionTrackerV1) GetAddress 

func (s *SessionTrackerV1) GetAddress() string

GetAddress returns the address of the session target.

func (*SessionTrackerV1) GetAppName 

func (s *SessionTrackerV1) GetAppName() string

GetAppName returns the name of the app being accessed in the session.

This is only valid for app sessions.

func (*SessionTrackerV1) GetClusterName 

func (s *SessionTrackerV1) GetClusterName() string

GetClustername returns the name of the cluster the session is running in.

func (*SessionTrackerV1) GetCommand 

func (s *SessionTrackerV1) GetCommand() []string

GetCommand returns command that intiated the session.

func (*SessionTrackerV1) GetCreated 

func (s *SessionTrackerV1) GetCreated() time.Time

GetCreated returns the time at which the session was created.

func (*SessionTrackerV1) GetDatabaseName 

func (s *SessionTrackerV1) GetDatabaseName() string

GetDatabaseName returns the name of the database being accessed in the session.

This is only valid for database sessions.

func (*SessionTrackerV1) GetDesktopName 

func (s *SessionTrackerV1) GetDesktopName() string

GetDesktopName returns the name of the Windows desktop the session is running in.

This is only valid for Windows desktop sessions.

func (*SessionTrackerV1) GetExpires 

func (s *SessionTrackerV1) GetExpires() time.Time

GetExpires return the time at which the session expires.

func (*SessionTrackerV1) GetHostID 

func (s *SessionTrackerV1) GetHostID() string

HostID is the target host id that created the session tracker.

func (*SessionTrackerV1) GetHostPolicySets 

func (s *SessionTrackerV1) GetHostPolicySets() []*SessionTrackerPolicySet

GetHostPolicySets returns a list of policy sets held by the host user at the time of session creation. This a subset of a role that contains some versioning and naming information in addition to the require policies

func (*SessionTrackerV1) GetHostUser 

func (s *SessionTrackerV1) GetHostUser() string

GetHostUser fetches the user marked as the "host" of the session. Things like RBAC policies are determined from this user.

func (*SessionTrackerV1) GetHostname 

func (s *SessionTrackerV1) GetHostname() string

GetHostname returns the hostname of the session target.

func (*SessionTrackerV1) GetInvited 

func (s *SessionTrackerV1) GetInvited() []string

GetInvited returns a list of people invited to the session.

func (*SessionTrackerV1) GetKubeCluster 

func (s *SessionTrackerV1) GetKubeCluster() string

GetKubeCluster returns the name of the kubernetes cluster the session is running in.

This is only valid for kubernetes sessions.

func (*SessionTrackerV1) GetLastActive 

func (s *SessionTrackerV1) GetLastActive() time.Time

GetLastActive returns the time at which the session was last active (i.e used by any participant).

func (*SessionTrackerV1) GetLogin 

func (s *SessionTrackerV1) GetLogin() string

GetLogin returns the target machine username used for this session.

func (*SessionTrackerV1) GetParticipants 

func (s *SessionTrackerV1) GetParticipants() []Participant

GetParticipants returns a list of participants in the session.

func (*SessionTrackerV1) GetReason 

func (s *SessionTrackerV1) GetReason() string

GetReason returns the reason for the session.

func (*SessionTrackerV1) GetSessionID 

func (s *SessionTrackerV1) GetSessionID() string

GetSessionID returns the ID of the session.

func (*SessionTrackerV1) GetSessionKind 

func (s *SessionTrackerV1) GetSessionKind() SessionKind

GetSessionKind returns the kind of the session.

func (*SessionTrackerV1) GetState 

func (s *SessionTrackerV1) GetState() SessionState

GetState returns the state of the session.

func (*SessionTrackerV1) GetTargetSubKind 

func (s *SessionTrackerV1) GetTargetSubKind() string

GetTargetSubKind returns the sub kind of the target server.

func (*SessionTrackerV1) Marshal 

func (m *SessionTrackerV1) Marshal() (dAtA []byte, err error)

func (*SessionTrackerV1) MarshalTo 

func (m *SessionTrackerV1) MarshalTo(dAtA []byte) (int, error)

func (*SessionTrackerV1) MarshalToSizedBuffer 

func (m *SessionTrackerV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SessionTrackerV1) ProtoMessage 

func (*SessionTrackerV1) ProtoMessage()

func (*SessionTrackerV1) RemoveParticipant 

func (s *SessionTrackerV1) RemoveParticipant(id string) error

RemoveParticipant removes a participant from the session tracker.

func (*SessionTrackerV1) Reset 

func (m *SessionTrackerV1) Reset()

func (*SessionTrackerV1) SetCreated 

func (s *SessionTrackerV1) SetCreated(created time.Time)

SetCreated returns the time at which the session was created.

func (*SessionTrackerV1) SetState 

func (s *SessionTrackerV1) SetState(state SessionState) error

SetState sets the state of the session.

func (*SessionTrackerV1) Size 

func (m *SessionTrackerV1) Size() (n int)

func (*SessionTrackerV1) String 

func (m *SessionTrackerV1) String() string

func (*SessionTrackerV1) Unmarshal 

func (m *SessionTrackerV1) Unmarshal(dAtA []byte) error

func (*SessionTrackerV1) UpdatePresence 

func (s *SessionTrackerV1) UpdatePresence(user string, t time.Time) error

UpdatePresence updates presence timestamp of a participant.

func (*SessionTrackerV1) XXX_DiscardUnknown 

func (m *SessionTrackerV1) XXX_DiscardUnknown()

func (*SessionTrackerV1) XXX_Marshal 

func (m *SessionTrackerV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SessionTrackerV1) XXX_Merge 

func (m *SessionTrackerV1) XXX_Merge(src proto.Message)

func (*SessionTrackerV1) XXX_Size 

func (m *SessionTrackerV1) XXX_Size() int

func (*SessionTrackerV1) XXX_Unmarshal 

func (m *SessionTrackerV1) XXX_Unmarshal(b []byte) error

type SignatureAlgorithmSuite 

type SignatureAlgorithmSuite int32

SignatureAlgorithmSuite represents the suite of cryptographic signature algorithms used in the cluster. 

const (
	// SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED represents an unspecified signature algorithm suite.
	SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED SignatureAlgorithmSuite = 0
	// SIGNATURE_ALGORITHM_SUITE_LEGACY is the original algorithm suite used in
	// Teleport, it almost exclusively uses 2048-bit RSA.
	SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_LEGACY SignatureAlgorithmSuite = 1
	// SIGNATURE_ALGORITHM_SUITE_BALANCED_V1 aims to strikes a balance between
	// security, compatibility, and performance. It uses Ed25519 for most SSH
	// keys, ECDSA on the NIST P256 curve for most TLS keys, and 2048-bit RSA
	// where necessary for compatibility with third-party software.
	SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1 SignatureAlgorithmSuite = 2
	// SIGNATURE_ALGORITHM_SUITE_FIPS_V1 is tailored for FIPS compliance. It is
	// based on the BALANCED_V1 suite but replaces all instances of Ed25519 with
	// ECDSA on the NIST P256 curve.
	SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_FIPS_V1 SignatureAlgorithmSuite = 3
	// SIGNATURE_ALGORITHM_SUITE_HSM_V1 is tailored for clusters using an HSM or
	// KMS service to back CA private material. It is based on the BALANCED suite
	// but replaces Ed25519 with ECDSA on the NIST P256 curve for CA keys only,
	// not for server or client keys. It is also valid to use the LEGACY for FIPS
	// suites if your cluster uses an HSM or KMS.
	SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_HSM_V1 SignatureAlgorithmSuite = 4
)

func (SignatureAlgorithmSuite) EnumDescriptor 

func (SignatureAlgorithmSuite) EnumDescriptor() ([]byte, []int)

func (SignatureAlgorithmSuite) MarshalText 

func (s SignatureAlgorithmSuite) MarshalText() ([]byte, error)

MarshalText marshals a SignatureAlgorithmSuite value to text. This gets used by json.Marshal.

func (SignatureAlgorithmSuite) String 

func (x SignatureAlgorithmSuite) String() string

func (*SignatureAlgorithmSuite) UnmarshalJSON 

func (s *SignatureAlgorithmSuite) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals a SignatureAlgorithmSuite and supports the custom string format or numeric types matching an enum value.

func (*SignatureAlgorithmSuite) UnmarshalText 

func (s *SignatureAlgorithmSuite) UnmarshalText(text []byte) error

UnmarshalText unmarshals a SignatureAlgorithmSuite from text and supports the custom string format or the proto enum values. This is used by JSON and YAML unmarshallers.

type SignatureAlgorithmSuiteParams 

type SignatureAlgorithmSuiteParams struct {
	// FIPS should be true if running in FIPS mode.
	FIPS bool
	// UsingHSMOrKMS should be true if the auth server is configured to
	// use an HSM or KMS.
	UsingHSMOrKMS bool
	// Cloud should be true when running in Teleport Cloud.
	Cloud bool
}

SignatureAlgorithmSuiteParams is a set of parameters used to determine if a configured signature algorithm suite is valid, or to set a default signature algorithm suite.

type Site 

type Site struct {
	Name          string    `json:"name"`
	LastConnected time.Time `json:"lastconnected"`
	Status        string    `json:"status"`
}

Site represents a cluster of teleport nodes who collectively trust the same certificate authority (CA) and have a common name.

The CA is represented by an auth server (or multiple auth servers, if running in HA mode)

type SortBy 

type SortBy struct {
	// IsDesc is a sort direction flag where if true the direction is descending, else ascending.
	IsDesc bool `protobuf:"varint,1,opt,name=IsDesc,proto3" json:"is_desc"`
	// Field is the name of an objects field to sort by.
	Field                string   `protobuf:"bytes,2,opt,name=Field,proto3" json:"field"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SortBy defines a sort criteria.

func GetSortByFromString 

func GetSortByFromString(sortStr string) SortBy

GetSortByFromString expects a string in format `<fieldName>:<asc|desc>` where index 0 is fieldName and index 1 is direction. If a direction is not set, or is not recognized, it defaults to ASC.

func (*SortBy) Descriptor 

func (*SortBy) Descriptor() ([]byte, []int)

func (*SortBy) Marshal 

func (m *SortBy) Marshal() (dAtA []byte, err error)

func (*SortBy) MarshalTo 

func (m *SortBy) MarshalTo(dAtA []byte) (int, error)

func (*SortBy) MarshalToSizedBuffer 

func (m *SortBy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SortBy) ProtoMessage 

func (*SortBy) ProtoMessage()

func (*SortBy) Reset 

func (m *SortBy) Reset()

func (*SortBy) Size 

func (m *SortBy) Size() (n int)

func (*SortBy) String 

func (m *SortBy) String() string

func (*SortBy) Unmarshal 

func (m *SortBy) Unmarshal(dAtA []byte) error

func (*SortBy) XXX_DiscardUnknown 

func (m *SortBy) XXX_DiscardUnknown()

func (*SortBy) XXX_Marshal 

func (m *SortBy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SortBy) XXX_Merge 

func (m *SortBy) XXX_Merge(src proto.Message)

func (*SortBy) XXX_Size 

func (m *SortBy) XXX_Size() int

func (*SortBy) XXX_Unmarshal 

func (m *SortBy) XXX_Unmarshal(b []byte) error

type SortedNamespaces 

type SortedNamespaces []Namespace

SortedNamespaces sorts namespaces

func (SortedNamespaces) Len 

func (s SortedNamespaces) Len() int

Len returns length of a role list

func (SortedNamespaces) Less 

func (s SortedNamespaces) Less(i, j int) bool

Less compares roles by name

func (SortedNamespaces) Swap 

func (s SortedNamespaces) Swap(i, j int)

Swap swaps two roles in a list

type SortedTrustedCluster 

type SortedTrustedCluster []TrustedCluster

SortedTrustedCluster sorts clusters by name

func (SortedTrustedCluster) Len 

func (s SortedTrustedCluster) Len() int

Len returns the length of a list.

func (SortedTrustedCluster) Less 

func (s SortedTrustedCluster) Less(i, j int) bool

Less compares items by name.

func (SortedTrustedCluster) Swap 

func (s SortedTrustedCluster) Swap(i, j int)

Swap swaps two items in a list.

type StableUNIXUserConfig 

type StableUNIXUserConfig struct {
	// Enabled signifies that (UNIX) Teleport SSH hosts should obtain a UID from
	// the control plane if they're about to provision a host user with no other
	// configured UID.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// FirstUid is the start of the range of UIDs for autoprovisioned host users.
	// The range is inclusive on both ends, so the specified UID can be assigned.
	FirstUid int32 `protobuf:"varint,2,opt,name=first_uid,json=firstUid,proto3" json:"first_uid,omitempty"`
	// LastUid is the end of the range of UIDs for autoprovisioned host users. The
	// range is inclusive on both ends, so the specified UID can be assigned.
	LastUid              int32    `protobuf:"varint,3,opt,name=last_uid,json=lastUid,proto3" json:"last_uid,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

StableUNIXUserConfig contains the cluster-wide configuration for stable UNIX users.

func (*StableUNIXUserConfig) Descriptor 

func (*StableUNIXUserConfig) Descriptor() ([]byte, []int)

func (*StableUNIXUserConfig) Marshal 

func (m *StableUNIXUserConfig) Marshal() (dAtA []byte, err error)

func (*StableUNIXUserConfig) MarshalTo 

func (m *StableUNIXUserConfig) MarshalTo(dAtA []byte) (int, error)

func (*StableUNIXUserConfig) MarshalToSizedBuffer 

func (m *StableUNIXUserConfig) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*StableUNIXUserConfig) ProtoMessage 

func (*StableUNIXUserConfig) ProtoMessage()

func (*StableUNIXUserConfig) Reset 

func (m *StableUNIXUserConfig) Reset()

func (*StableUNIXUserConfig) Size 

func (m *StableUNIXUserConfig) Size() (n int)

func (*StableUNIXUserConfig) String 

func (m *StableUNIXUserConfig) String() string

func (*StableUNIXUserConfig) Unmarshal 

func (m *StableUNIXUserConfig) Unmarshal(dAtA []byte) error

func (*StableUNIXUserConfig) XXX_DiscardUnknown 

func (m *StableUNIXUserConfig) XXX_DiscardUnknown()

func (*StableUNIXUserConfig) XXX_Marshal 

func (m *StableUNIXUserConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*StableUNIXUserConfig) XXX_Merge 

func (m *StableUNIXUserConfig) XXX_Merge(src proto.Message)

func (*StableUNIXUserConfig) XXX_Size 

func (m *StableUNIXUserConfig) XXX_Size() int

func (*StableUNIXUserConfig) XXX_Unmarshal 

func (m *StableUNIXUserConfig) XXX_Unmarshal(b []byte) error

type StaticTokens 

type StaticTokens interface {
	// Resource provides common resource properties.
	Resource
	// SetStaticTokens sets the list of static tokens used to provision nodes.
	SetStaticTokens([]ProvisionToken)
	// GetStaticTokens gets the list of static tokens used to provision nodes.
	GetStaticTokens() []ProvisionToken
	// Clone creats a copy of the tokens.
	Clone() StaticTokens
}

StaticTokens define a list of static []ProvisionToken used to provision a node. StaticTokens is a configuration resource, never create more than one instance of it.

func DefaultStaticTokens 

func DefaultStaticTokens() StaticTokens

DefaultStaticTokens is used to get the default static tokens (empty list) when nothing is specified in file configuration.

func NewStaticTokens 

func NewStaticTokens(spec StaticTokensSpecV2) (StaticTokens, error)

NewStaticTokens is a convenience wrapper to create a StaticTokens resource.

type StaticTokensSpecV2 

type StaticTokensSpecV2 struct {
	// StaticTokens is a list of tokens that can be used to add nodes to the
	// cluster.
	StaticTokens         []ProvisionTokenV1 `protobuf:"bytes,1,rep,name=StaticTokens,proto3" json:"static_tokens"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

StaticTokensSpecV2 is the actual data we care about for StaticTokensSpecV2.

func (*StaticTokensSpecV2) Descriptor 

func (*StaticTokensSpecV2) Descriptor() ([]byte, []int)

func (*StaticTokensSpecV2) Marshal 

func (m *StaticTokensSpecV2) Marshal() (dAtA []byte, err error)

func (*StaticTokensSpecV2) MarshalTo 

func (m *StaticTokensSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*StaticTokensSpecV2) MarshalToSizedBuffer 

func (m *StaticTokensSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*StaticTokensSpecV2) ProtoMessage 

func (*StaticTokensSpecV2) ProtoMessage()

func (*StaticTokensSpecV2) Reset 

func (m *StaticTokensSpecV2) Reset()

func (*StaticTokensSpecV2) Size 

func (m *StaticTokensSpecV2) Size() (n int)

func (*StaticTokensSpecV2) String 

func (m *StaticTokensSpecV2) String() string

func (*StaticTokensSpecV2) Unmarshal 

func (m *StaticTokensSpecV2) Unmarshal(dAtA []byte) error

func (*StaticTokensSpecV2) XXX_DiscardUnknown 

func (m *StaticTokensSpecV2) XXX_DiscardUnknown()

func (*StaticTokensSpecV2) XXX_Marshal 

func (m *StaticTokensSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*StaticTokensSpecV2) XXX_Merge 

func (m *StaticTokensSpecV2) XXX_Merge(src proto.Message)

func (*StaticTokensSpecV2) XXX_Size 

func (m *StaticTokensSpecV2) XXX_Size() int

func (*StaticTokensSpecV2) XXX_Unmarshal 

func (m *StaticTokensSpecV2) XXX_Unmarshal(b []byte) error

type StaticTokensV2 

type StaticTokensV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some csd presources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a provisioning token V2 spec
	Spec                 StaticTokensSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

StaticTokensV2 implements the StaticTokens interface.

func (*StaticTokensV2) CheckAndSetDefaults 

func (c *StaticTokensV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults.

func (*StaticTokensV2) Clone 

func (c *StaticTokensV2) Clone() StaticTokens

func (*StaticTokensV2) Descriptor 

func (*StaticTokensV2) Descriptor() ([]byte, []int)

func (*StaticTokensV2) Expiry 

func (c *StaticTokensV2) Expiry() time.Time

Expiry returns object expiry setting

func (*StaticTokensV2) GetKind 

func (c *StaticTokensV2) GetKind() string

GetKind returns resource kind

func (*StaticTokensV2) GetMetadata 

func (c *StaticTokensV2) GetMetadata() Metadata

GetMetadata returns object metadata

func (*StaticTokensV2) GetName 

func (c *StaticTokensV2) GetName() string

GetName returns the name of the StaticTokens resource.

func (*StaticTokensV2) GetRevision 

func (c *StaticTokensV2) GetRevision() string

GetRevision returns the revision

func (*StaticTokensV2) GetStaticTokens 

func (c *StaticTokensV2) GetStaticTokens() []ProvisionToken

GetStaticTokens gets the list of static tokens used to provision nodes.

func (*StaticTokensV2) GetSubKind 

func (c *StaticTokensV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*StaticTokensV2) GetVersion 

func (c *StaticTokensV2) GetVersion() string

GetVersion returns resource version

func (*StaticTokensV2) Marshal 

func (m *StaticTokensV2) Marshal() (dAtA []byte, err error)

func (*StaticTokensV2) MarshalTo 

func (m *StaticTokensV2) MarshalTo(dAtA []byte) (int, error)

func (*StaticTokensV2) MarshalToSizedBuffer 

func (m *StaticTokensV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*StaticTokensV2) ProtoMessage 

func (*StaticTokensV2) ProtoMessage()

func (*StaticTokensV2) Reset 

func (m *StaticTokensV2) Reset()

func (*StaticTokensV2) SetExpiry 

func (c *StaticTokensV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*StaticTokensV2) SetName 

func (c *StaticTokensV2) SetName(e string)

SetName sets the name of the StaticTokens resource.

func (*StaticTokensV2) SetRevision 

func (c *StaticTokensV2) SetRevision(rev string)

SetRevision sets the revision

func (*StaticTokensV2) SetStaticTokens 

func (c *StaticTokensV2) SetStaticTokens(s []ProvisionToken)

SetStaticTokens sets the list of static tokens used to provision nodes.

func (*StaticTokensV2) SetSubKind 

func (c *StaticTokensV2) SetSubKind(sk string)

SetSubKind sets resource subkind

func (*StaticTokensV2) Size 

func (m *StaticTokensV2) Size() (n int)

func (*StaticTokensV2) String 

func (c *StaticTokensV2) String() string

String represents a human readable version of static provisioning tokens.

func (*StaticTokensV2) Unmarshal 

func (m *StaticTokensV2) Unmarshal(dAtA []byte) error

func (*StaticTokensV2) XXX_DiscardUnknown 

func (m *StaticTokensV2) XXX_DiscardUnknown()

func (*StaticTokensV2) XXX_Marshal 

func (m *StaticTokensV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*StaticTokensV2) XXX_Merge 

func (m *StaticTokensV2) XXX_Merge(src proto.Message)

func (*StaticTokensV2) XXX_Size 

func (m *StaticTokensV2) XXX_Size() int

func (*StaticTokensV2) XXX_Unmarshal 

func (m *StaticTokensV2) XXX_Unmarshal(b []byte) error

type SystemClockMeasurement 

type SystemClockMeasurement struct {
	// ControllerSystemClock is the system clock of the inventory controller.
	ControllerSystemClock time.Time `protobuf:"bytes,1,opt,name=ControllerSystemClock,proto3,stdtime" json:"controller_system_clock,omitempty"`
	// SystemClock is the system clock of the upstream.
	SystemClock time.Time `protobuf:"bytes,2,opt,name=SystemClock,proto3,stdtime" json:"system_clock,omitempty"`
	// RequestDuration stores information about the request duration between auth and remote service.
	RequestDuration      time.Duration `protobuf:"bytes,3,opt,name=RequestDuration,proto3,stdduration" json:"request_duration"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

SystemClockMeasurement represents the measurement state of the systems clock difference.

func (*SystemClockMeasurement) Descriptor 

func (*SystemClockMeasurement) Descriptor() ([]byte, []int)

func (*SystemClockMeasurement) Marshal 

func (m *SystemClockMeasurement) Marshal() (dAtA []byte, err error)

func (*SystemClockMeasurement) MarshalTo 

func (m *SystemClockMeasurement) MarshalTo(dAtA []byte) (int, error)

func (*SystemClockMeasurement) MarshalToSizedBuffer 

func (m *SystemClockMeasurement) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SystemClockMeasurement) ProtoMessage 

func (*SystemClockMeasurement) ProtoMessage()

func (*SystemClockMeasurement) Reset 

func (m *SystemClockMeasurement) Reset()

func (*SystemClockMeasurement) Size 

func (m *SystemClockMeasurement) Size() (n int)

func (*SystemClockMeasurement) String 

func (m *SystemClockMeasurement) String() string

func (*SystemClockMeasurement) Unmarshal 

func (m *SystemClockMeasurement) Unmarshal(dAtA []byte) error

func (*SystemClockMeasurement) XXX_DiscardUnknown 

func (m *SystemClockMeasurement) XXX_DiscardUnknown()

func (*SystemClockMeasurement) XXX_Marshal 

func (m *SystemClockMeasurement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SystemClockMeasurement) XXX_Merge 

func (m *SystemClockMeasurement) XXX_Merge(src proto.Message)

func (*SystemClockMeasurement) XXX_Size 

func (m *SystemClockMeasurement) XXX_Size() int

func (*SystemClockMeasurement) XXX_Unmarshal 

func (m *SystemClockMeasurement) XXX_Unmarshal(b []byte) error

type SystemRole 

type SystemRole string

SystemRole identifies the role of an SSH connection. Unlike "user roles" introduced as part of RBAC in Teleport 1.4+ these are built-in roles used for different Teleport components when connecting to each other. 

const (
	// RoleAuth is for teleport auth server (authority, authentication and authorization)
	RoleAuth SystemRole = "Auth"
	// RoleNode is a role for SSH node in the cluster
	RoleNode SystemRole = "Node"
	// RoleProxy is a role for SSH proxy in the cluster
	RoleProxy SystemRole = "Proxy"
	// RoleAdmin is admin role
	RoleAdmin SystemRole = "Admin"
	// RoleProvisionToken is a role for nodes authenticated using provisioning tokens
	RoleProvisionToken SystemRole = "ProvisionToken"
	// RoleTrustedCluster is a role needed for tokens used to add trusted clusters.
	RoleTrustedCluster SystemRole = "Trusted_cluster"
	// RoleSignup is for first time signing up users
	RoleSignup SystemRole = "Signup"
	// RoleNop is used for actions that are already using external authz mechanisms
	// e.g. tokens or passwords
	RoleNop SystemRole = "Nop"
	// RoleRemoteProxy is a role for remote SSH proxy in the cluster
	RoleRemoteProxy SystemRole = "RemoteProxy"
	// RoleKube is a role for a kubernetes service.
	RoleKube SystemRole = "Kube"
	// RoleApp is a role for a app proxy in the cluster.
	RoleApp SystemRole = "App"
	// RoleDatabase is a role for a database proxy in the cluster.
	RoleDatabase SystemRole = "Db"
	// RoleWindowsDesktop is a role for a Windows desktop service.
	RoleWindowsDesktop SystemRole = "WindowsDesktop"
	// RoleBot is a role for a bot.
	RoleBot SystemRole = "Bot"
	// RoleInstance is a role implicitly held by teleport servers (i.e. any teleport
	// auth token which grants a server role such as proxy/node/etc also implicitly
	// grants the instance role, and any valid cert that proves that the caller holds
	// a server role also implies that the caller holds the instance role). This role
	// doesn't grant meaningful privileges on its own, but is a useful placeholder in
	// contexts such as multi-role certs where there is no particular system role that
	// is "primary".
	RoleInstance SystemRole = "Instance"
	// RoleDiscovery is a role for discovery nodes in the cluster
	RoleDiscovery SystemRole = "Discovery"
	// RoleOkta is a role for Okta nodes in the cluster
	RoleOkta SystemRole = "Okta"
	// RoleMDM is the role for MDM services in the cluster.
	// An MDM service, like Jamf Service, has the powers to manage the cluster's
	// device inventory.
	// Device Trust requires Teleport Enteprise.
	RoleMDM SystemRole = "MDM"

	// RoleAccessGraphPlugin is a role for Access Graph plugins to access
	// Teleport's internal API and access graph.
	RoleAccessGraphPlugin SystemRole = "AccessGraphPlugin"
)

func (SystemRole) Check 

func (r SystemRole) Check() error

Check checks if this a a valid teleport role value, returns nil if it's ok, false otherwise Check checks if this a a valid teleport role value, returns nil if it's ok, false otherwise

func (SystemRole) IsControlPlane 

func (r SystemRole) IsControlPlane() bool

IsControlPlane checks if the given system role is a control plane element (i.e. auth/proxy).

func (SystemRole) IsLocalService 

func (r SystemRole) IsLocalService() bool

IsLocalService checks if the given system role is a teleport service (e.g. auth), as opposed to some non-service role (e.g. admin). Excludes remote services such as remoteproxy.

func (*SystemRole) Set 

func (r *SystemRole) Set(v string) error

Set sets the value of the teleport role from string, used to integrate with CLI tools

func (SystemRole) String 

func (r SystemRole) String() string

String returns the system role string representation. Returned values must match (case-insensitive) the role mappings; otherwise, the validation check will fail.

type SystemRoles 

type SystemRoles []SystemRole

SystemRoles is a TeleportRole list

func LocalServiceMappings 

func LocalServiceMappings() SystemRoles

LocalServiceMappings returns the subset of role mappings which happen to be true Teleport services (e.g. db, kube, proxy, etc), excluding those which represent remote service (i.e. remoteproxy).

func NewTeleportRoles 

func NewTeleportRoles(in []string) (SystemRoles, error)

NewTeleportRoles return a list of teleport roles from slice of strings

func ParseTeleportRoles 

func ParseTeleportRoles(str string) (SystemRoles, error)

ParseTeleportRoles takes a comma-separated list of roles and returns a slice of teleport roles, or an error if parsing failed

func (SystemRoles) Check 

func (roles SystemRoles) Check() error

Check returns an error if the teleport role set is incorrect (contains unknown roles)

func (SystemRoles) Equals 

func (roles SystemRoles) Equals(other SystemRoles) bool

Equals compares two sets of teleport roles

func (SystemRoles) Include 

func (roles SystemRoles) Include(role SystemRole) bool

Include returns 'true' if a given list of teleport roles includes a given role

func (SystemRoles) IncludeAny 

func (roles SystemRoles) IncludeAny(candidates ...SystemRole) bool

IncludeAny returns 'true' if a given list of teleport roles includes any of the given candidate roles.

func (SystemRoles) String 

func (roles SystemRoles) String() string

String returns comma separated string with teleport roles

func (SystemRoles) StringSlice 

func (roles SystemRoles) StringSlice() []string

StringSlice returns teleport roles as string slice

type TLSKeyPair 

type TLSKeyPair struct {
	// Cert is a PEM encoded TLS cert
	Cert []byte `protobuf:"bytes,1,opt,name=Cert,proto3" json:"cert,omitempty"`
	// Key is a PEM encoded TLS key
	Key []byte `protobuf:"bytes,2,opt,name=Key,proto3" json:"key,omitempty"`
	// KeyType is the type of the Key.
	KeyType              PrivateKeyType `protobuf:"varint,3,opt,name=KeyType,proto3,enum=types.PrivateKeyType" json:"key_type,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

TLSKeyPair is a TLS key pair

func (*TLSKeyPair) CheckAndSetDefaults 

func (k *TLSKeyPair) CheckAndSetDefaults() error

CheckAndSetDefaults validates TLSKeyPair and sets defaults on any empty fields as needed.

func (*TLSKeyPair) Clone 

func (k *TLSKeyPair) Clone() *TLSKeyPair

Clone returns a deep copy of TLSKeyPair that can be mutated without modifying the original.

func (*TLSKeyPair) Descriptor 

func (*TLSKeyPair) Descriptor() ([]byte, []int)

func (*TLSKeyPair) Marshal 

func (m *TLSKeyPair) Marshal() (dAtA []byte, err error)

func (*TLSKeyPair) MarshalTo 

func (m *TLSKeyPair) MarshalTo(dAtA []byte) (int, error)

func (*TLSKeyPair) MarshalToSizedBuffer 

func (m *TLSKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TLSKeyPair) ProtoMessage 

func (*TLSKeyPair) ProtoMessage()

func (*TLSKeyPair) Reset 

func (m *TLSKeyPair) Reset()

func (*TLSKeyPair) Size 

func (m *TLSKeyPair) Size() (n int)

func (*TLSKeyPair) String 

func (m *TLSKeyPair) String() string

func (*TLSKeyPair) Unmarshal 

func (m *TLSKeyPair) Unmarshal(dAtA []byte) error

func (*TLSKeyPair) XXX_DiscardUnknown 

func (m *TLSKeyPair) XXX_DiscardUnknown()

func (*TLSKeyPair) XXX_Marshal 

func (m *TLSKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TLSKeyPair) XXX_Merge 

func (m *TLSKeyPair) XXX_Merge(src proto.Message)

func (*TLSKeyPair) XXX_Size 

func (m *TLSKeyPair) XXX_Size() int

func (*TLSKeyPair) XXX_Unmarshal 

func (m *TLSKeyPair) XXX_Unmarshal(b []byte) error

type TOTPDevice 

type TOTPDevice struct {
	Key                  string   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TOTPDevice holds the TOTP-specific fields of MFADevice.

func (*TOTPDevice) Descriptor 

func (*TOTPDevice) Descriptor() ([]byte, []int)

func (*TOTPDevice) Marshal 

func (m *TOTPDevice) Marshal() (dAtA []byte, err error)

func (*TOTPDevice) MarshalTo 

func (m *TOTPDevice) MarshalTo(dAtA []byte) (int, error)

func (*TOTPDevice) MarshalToSizedBuffer 

func (m *TOTPDevice) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TOTPDevice) ProtoMessage 

func (*TOTPDevice) ProtoMessage()

func (*TOTPDevice) Reset 

func (m *TOTPDevice) Reset()

func (*TOTPDevice) Size 

func (m *TOTPDevice) Size() (n int)

func (*TOTPDevice) String 

func (m *TOTPDevice) String() string

func (*TOTPDevice) Unmarshal 

func (m *TOTPDevice) Unmarshal(dAtA []byte) error

func (*TOTPDevice) XXX_DiscardUnknown 

func (m *TOTPDevice) XXX_DiscardUnknown()

func (*TOTPDevice) XXX_Marshal 

func (m *TOTPDevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TOTPDevice) XXX_Merge 

func (m *TOTPDevice) XXX_Merge(src proto.Message)

func (*TOTPDevice) XXX_Size 

func (m *TOTPDevice) XXX_Size() int

func (*TOTPDevice) XXX_Unmarshal 

func (m *TOTPDevice) XXX_Unmarshal(b []byte) error

type TPMPCR 

type TPMPCR struct {
	Index                int32    `protobuf:"varint,1,opt,name=index,proto3" json:"index"`
	Digest               []byte   `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest"`
	DigestAlg            uint64   `protobuf:"varint,3,opt,name=digest_alg,json=digestAlg,proto3" json:"digest_alg"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TPMPCR is the resource representation of teleport.devicetrust.v1.TPMPCR.

func (*TPMPCR) Descriptor 

func (*TPMPCR) Descriptor() ([]byte, []int)

func (*TPMPCR) Marshal 

func (m *TPMPCR) Marshal() (dAtA []byte, err error)

func (*TPMPCR) MarshalTo 

func (m *TPMPCR) MarshalTo(dAtA []byte) (int, error)

func (*TPMPCR) MarshalToSizedBuffer 

func (m *TPMPCR) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TPMPCR) ProtoMessage 

func (*TPMPCR) ProtoMessage()

func (*TPMPCR) Reset 

func (m *TPMPCR) Reset()

func (*TPMPCR) Size 

func (m *TPMPCR) Size() (n int)

func (*TPMPCR) String 

func (m *TPMPCR) String() string

func (*TPMPCR) Unmarshal 

func (m *TPMPCR) Unmarshal(dAtA []byte) error

func (*TPMPCR) XXX_DiscardUnknown 

func (m *TPMPCR) XXX_DiscardUnknown()

func (*TPMPCR) XXX_Marshal 

func (m *TPMPCR) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TPMPCR) XXX_Merge 

func (m *TPMPCR) XXX_Merge(src proto.Message)

func (*TPMPCR) XXX_Size 

func (m *TPMPCR) XXX_Size() int

func (*TPMPCR) XXX_Unmarshal 

func (m *TPMPCR) XXX_Unmarshal(b []byte) error

type TPMPlatformAttestation 

type TPMPlatformAttestation struct {
	Nonce                []byte                 `protobuf:"bytes,1,opt,name=nonce,proto3" json:"nonce,omitempty"`
	PlatformParameters   *TPMPlatformParameters `protobuf:"bytes,2,opt,name=platform_parameters,json=platformParameters,proto3" json:"platform_parameters,omitempty"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

TPMPlatformAttestation is the resource representation of teleport.devicetrust.v1.TPMPlatformAttestation.

func (*TPMPlatformAttestation) Descriptor 

func (*TPMPlatformAttestation) Descriptor() ([]byte, []int)

func (*TPMPlatformAttestation) Marshal 

func (m *TPMPlatformAttestation) Marshal() (dAtA []byte, err error)

func (*TPMPlatformAttestation) MarshalTo 

func (m *TPMPlatformAttestation) MarshalTo(dAtA []byte) (int, error)

func (*TPMPlatformAttestation) MarshalToSizedBuffer 

func (m *TPMPlatformAttestation) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TPMPlatformAttestation) ProtoMessage 

func (*TPMPlatformAttestation) ProtoMessage()

func (*TPMPlatformAttestation) Reset 

func (m *TPMPlatformAttestation) Reset()

func (*TPMPlatformAttestation) Size 

func (m *TPMPlatformAttestation) Size() (n int)

func (*TPMPlatformAttestation) String 

func (m *TPMPlatformAttestation) String() string

func (*TPMPlatformAttestation) Unmarshal 

func (m *TPMPlatformAttestation) Unmarshal(dAtA []byte) error

func (*TPMPlatformAttestation) XXX_DiscardUnknown 

func (m *TPMPlatformAttestation) XXX_DiscardUnknown()

func (*TPMPlatformAttestation) XXX_Marshal 

func (m *TPMPlatformAttestation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TPMPlatformAttestation) XXX_Merge 

func (m *TPMPlatformAttestation) XXX_Merge(src proto.Message)

func (*TPMPlatformAttestation) XXX_Size 

func (m *TPMPlatformAttestation) XXX_Size() int

func (*TPMPlatformAttestation) XXX_Unmarshal 

func (m *TPMPlatformAttestation) XXX_Unmarshal(b []byte) error

type TPMPlatformParameters 

type TPMPlatformParameters struct {
	Quotes               []*TPMQuote `protobuf:"bytes,1,rep,name=quotes,proto3" json:"quotes"`
	Pcrs                 []*TPMPCR   `protobuf:"bytes,2,rep,name=pcrs,proto3" json:"pcrs"`
	EventLog             []byte      `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

TPMPlatformParameters is the resource representation of teleport.devicetrust.v1.TPMPlatformParameters.

func (*TPMPlatformParameters) Descriptor 

func (*TPMPlatformParameters) Descriptor() ([]byte, []int)

func (*TPMPlatformParameters) Marshal 

func (m *TPMPlatformParameters) Marshal() (dAtA []byte, err error)

func (*TPMPlatformParameters) MarshalTo 

func (m *TPMPlatformParameters) MarshalTo(dAtA []byte) (int, error)

func (*TPMPlatformParameters) MarshalToSizedBuffer 

func (m *TPMPlatformParameters) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TPMPlatformParameters) ProtoMessage 

func (*TPMPlatformParameters) ProtoMessage()

func (*TPMPlatformParameters) Reset 

func (m *TPMPlatformParameters) Reset()

func (*TPMPlatformParameters) Size 

func (m *TPMPlatformParameters) Size() (n int)

func (*TPMPlatformParameters) String 

func (m *TPMPlatformParameters) String() string

func (*TPMPlatformParameters) Unmarshal 

func (m *TPMPlatformParameters) Unmarshal(dAtA []byte) error

func (*TPMPlatformParameters) XXX_DiscardUnknown 

func (m *TPMPlatformParameters) XXX_DiscardUnknown()

func (*TPMPlatformParameters) XXX_Marshal 

func (m *TPMPlatformParameters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TPMPlatformParameters) XXX_Merge 

func (m *TPMPlatformParameters) XXX_Merge(src proto.Message)

func (*TPMPlatformParameters) XXX_Size 

func (m *TPMPlatformParameters) XXX_Size() int

func (*TPMPlatformParameters) XXX_Unmarshal 

func (m *TPMPlatformParameters) XXX_Unmarshal(b []byte) error

type TPMQuote 

type TPMQuote struct {
	Quote                []byte   `protobuf:"bytes,1,opt,name=quote,proto3" json:"quote"`
	Signature            []byte   `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TPMQuote is the resource representation of teleport.devicetrust.v1.TPMQuote.

func (*TPMQuote) Descriptor 

func (*TPMQuote) Descriptor() ([]byte, []int)

func (*TPMQuote) Marshal 

func (m *TPMQuote) Marshal() (dAtA []byte, err error)

func (*TPMQuote) MarshalTo 

func (m *TPMQuote) MarshalTo(dAtA []byte) (int, error)

func (*TPMQuote) MarshalToSizedBuffer 

func (m *TPMQuote) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TPMQuote) ProtoMessage 

func (*TPMQuote) ProtoMessage()

func (*TPMQuote) Reset 

func (m *TPMQuote) Reset()

func (*TPMQuote) Size 

func (m *TPMQuote) Size() (n int)

func (*TPMQuote) String 

func (m *TPMQuote) String() string

func (*TPMQuote) Unmarshal 

func (m *TPMQuote) Unmarshal(dAtA []byte) error

func (*TPMQuote) XXX_DiscardUnknown 

func (m *TPMQuote) XXX_DiscardUnknown()

func (*TPMQuote) XXX_Marshal 

func (m *TPMQuote) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TPMQuote) XXX_Merge 

func (m *TPMQuote) XXX_Merge(src proto.Message)

func (*TPMQuote) XXX_Size 

func (m *TPMQuote) XXX_Size() int

func (*TPMQuote) XXX_Unmarshal 

func (m *TPMQuote) XXX_Unmarshal(b []byte) error

type TargetHealth 

type TargetHealth struct {
	// Address is the resource address.
	Address string `protobuf:"bytes,1,opt,name=Address,proto3" json:"address,omitempty"`
	// Protocol is the health check protocol such as "tcp".
	Protocol string `protobuf:"bytes,2,opt,name=Protocol,proto3" json:"protocol,omitempty"`
	// Status is the health status, one of "", "unknown", "healthy", "unhealthy".
	Status string `protobuf:"bytes,3,opt,name=Status,proto3" json:"status,omitempty"`
	// TransitionTimestamp is the time that the last status transition occurred.
	TransitionTimestamp *time.Time `protobuf:"bytes,4,opt,name=TransitionTimestamp,proto3,stdtime" json:"transition_timestamp,omitempty"`
	// TransitionReason is a unique single word reason why the last transition occurred.
	TransitionReason string `protobuf:"bytes,5,opt,name=TransitionReason,proto3" json:"transition_reason,omitempty"`
	// TransitionError shows the health check error observed when the transition
	// happened. Empty when transitioning to "healthy".
	TransitionError string `protobuf:"bytes,6,opt,name=TransitionError,proto3" json:"transition_error,omitempty"`
	// Message is additional information meant for a user.
	Message              string   `protobuf:"bytes,7,opt,name=Message,proto3" json:"message,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TargetHealth describes the health status of network connectivity between an agent and a resource.

func (*TargetHealth) Descriptor 

func (*TargetHealth) Descriptor() ([]byte, []int)

func (*TargetHealth) GetTransitionTimestamp 

func (t *TargetHealth) GetTransitionTimestamp() time.Time

GetTransitionTimestamp returns transition timestamp

func (*TargetHealth) Marshal 

func (m *TargetHealth) Marshal() (dAtA []byte, err error)

func (*TargetHealth) MarshalTo 

func (m *TargetHealth) MarshalTo(dAtA []byte) (int, error)

func (*TargetHealth) MarshalToSizedBuffer 

func (m *TargetHealth) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TargetHealth) ProtoMessage 

func (*TargetHealth) ProtoMessage()

func (*TargetHealth) Reset 

func (m *TargetHealth) Reset()

func (*TargetHealth) Size 

func (m *TargetHealth) Size() (n int)

func (*TargetHealth) String 

func (m *TargetHealth) String() string

func (*TargetHealth) Unmarshal 

func (m *TargetHealth) Unmarshal(dAtA []byte) error

func (*TargetHealth) XXX_DiscardUnknown 

func (m *TargetHealth) XXX_DiscardUnknown()

func (*TargetHealth) XXX_Marshal 

func (m *TargetHealth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TargetHealth) XXX_Merge 

func (m *TargetHealth) XXX_Merge(src proto.Message)

func (*TargetHealth) XXX_Size 

func (m *TargetHealth) XXX_Size() int

func (*TargetHealth) XXX_Unmarshal 

func (m *TargetHealth) XXX_Unmarshal(b []byte) error

type TargetHealthGroups 

type TargetHealthGroups[T TargetHealthStatusGetter] struct {
	// Healthy is the resources with [TargetHealthStatusHealthy].
	Healthy []T
	// Unhealthy is the resources with [TargetHealthStatusUnhealthy].
	Unhealthy []T
	// Unknown is the resources with any status that isn't healthy or unhealthy.
	// Namely [TargetHealthStatusUnknown], [TargetHealthStatusMixed], and the
	// empty string are grouped together.
	// Agents running with a version prior to health checks will always report
	// an empty health status.
	// A mixed status should only be set if health status for multiple servers
	// are aggregated. An aggregated mixed status is equivalent to "unknown"
	// because the underlying statuses that compose the mix are not known,
	// although it really doesn't make sense to aggregate the health status
	// before grouping it (please don't do that).
	Unknown []T
}

TargetHealthGroups holds resources grouped by target health status.

func GroupByTargetHealthStatus 

func GroupByTargetHealthStatus[T TargetHealthStatusGetter](resources []T) TargetHealthGroups[T]

GroupByTargetHealthStatus groups resources by target health and returns TargetHealthGroups.

type TargetHealthProtocol 

type TargetHealthProtocol string

TargetHealthProtocol is the network protocol for a health checker. 

const (
	// TargetHealthProtocolTCP is a target health check protocol.
	TargetHealthProtocolTCP TargetHealthProtocol = "TCP"
)

type TargetHealthStatus 

type TargetHealthStatus string

TargetHealthStatus is a target resource's health status. 

const (
	// TargetHealthStatusHealthy indicates that a health check target is healthy.
	TargetHealthStatusHealthy TargetHealthStatus = "healthy"
	// TargetHealthStatusUnhealthy indicates that a health check target is unhealthy.
	TargetHealthStatusUnhealthy TargetHealthStatus = "unhealthy"
	// TargetHealthStatusUnknown indicates that an unknown health check target health status.
	TargetHealthStatusUnknown TargetHealthStatus = "unknown"
	// TargetHealthStatusMixed indicates the resource has a mix of health
	// statuses. This can happen when multiple agents proxy the same resource.
	TargetHealthStatusMixed TargetHealthStatus = "mixed"
)

func AggregateHealthStatus 

func AggregateHealthStatus(statuses iter.Seq[TargetHealthStatus]) TargetHealthStatus

AggregateHealthStatus health statuses into a single status. If there are a mix of different statuses then the aggregate status is "mixed".

func (TargetHealthStatus) Canonical 

func (s TargetHealthStatus) Canonical() TargetHealthStatus

Canonical converts a status into its canonical form. An empty or unknown status is converted to TargetHealthStatusUnknown.

type TargetHealthStatusGetter 

type TargetHealthStatusGetter interface {
	// GetTargetHealthStatus returns the target health status.
	GetTargetHealthStatus() TargetHealthStatus
}

TargetHealthStatusGetter is a type that can return TargetHealthStatus.

type TargetHealthTransitionReason 

type TargetHealthTransitionReason string

TargetHealthTransitionReason is the reason for the target health status transition. 

const (
	// TargetHealthTransitionReasonInit means that initial health checks are in
	// progress.
	TargetHealthTransitionReasonInit TargetHealthTransitionReason = "initialized"
	// TargetHealthStatusDisabled indicates that health checks are disabled.
	TargetHealthTransitionReasonDisabled TargetHealthTransitionReason = "disabled"
	// TargetHealthTransitionReasonThreshold means that the health status
	// changed because the healthy or unhealthy threshold was reached.
	TargetHealthTransitionReasonThreshold TargetHealthTransitionReason = "threshold_reached"
	// TargetHealthTransitionReasonInternalError indicates that health checks
	// encountered an internal error (this is a bug).
	TargetHealthTransitionReasonInternalError TargetHealthTransitionReason = "internal_error"
)

type TeamMapping 

type TeamMapping struct {
	// Organization is a Github organization a user belongs to.
	Organization string `protobuf:"bytes,1,opt,name=Organization,proto3" json:"organization"`
	// Team is a team within the organization a user belongs to.
	Team string `protobuf:"bytes,2,opt,name=Team,proto3" json:"team"`
	// Logins is a list of allowed logins for this org/team.
	Logins []string `protobuf:"bytes,3,rep,name=Logins,proto3" json:"logins,omitempty"`
	// KubeGroups is a list of allowed kubernetes groups for this org/team.
	KubeGroups []string `protobuf:"bytes,4,rep,name=KubeGroups,proto3" json:"kubernetes_groups,omitempty"`
	// KubeUsers is a list of allowed kubernetes users to impersonate for this org/team.
	KubeUsers            []string `protobuf:"bytes,5,rep,name=KubeUsers,proto3" json:"kubernetes_users,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TeamMapping represents a single team membership mapping.

DELETE IN 11.0.0

func (*TeamMapping) Descriptor 

func (*TeamMapping) Descriptor() ([]byte, []int)

func (*TeamMapping) Marshal 

func (m *TeamMapping) Marshal() (dAtA []byte, err error)

func (*TeamMapping) MarshalTo 

func (m *TeamMapping) MarshalTo(dAtA []byte) (int, error)

func (*TeamMapping) MarshalToSizedBuffer 

func (m *TeamMapping) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TeamMapping) ProtoMessage 

func (*TeamMapping) ProtoMessage()

func (*TeamMapping) Reset 

func (m *TeamMapping) Reset()

func (*TeamMapping) Size 

func (m *TeamMapping) Size() (n int)

func (*TeamMapping) String 

func (m *TeamMapping) String() string

func (*TeamMapping) Unmarshal 

func (m *TeamMapping) Unmarshal(dAtA []byte) error

func (*TeamMapping) XXX_DiscardUnknown 

func (m *TeamMapping) XXX_DiscardUnknown()

func (*TeamMapping) XXX_Marshal 

func (m *TeamMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TeamMapping) XXX_Merge 

func (m *TeamMapping) XXX_Merge(src proto.Message)

func (*TeamMapping) XXX_Size 

func (m *TeamMapping) XXX_Size() int

func (*TeamMapping) XXX_Unmarshal 

func (m *TeamMapping) XXX_Unmarshal(b []byte) error

type TeamRolesMapping 

type TeamRolesMapping struct {
	// Organization is a Github organization a user belongs to.
	Organization string `protobuf:"bytes,1,opt,name=Organization,proto3" json:"organization"`
	// Team is a team within the organization a user belongs to.
	Team string `protobuf:"bytes,2,opt,name=Team,proto3" json:"team"`
	// Roles is a list of allowed logins for this org/team.
	Roles                []string `protobuf:"bytes,3,rep,name=Roles,proto3" json:"roles,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TeamRolesMapping represents a single team membership mapping.

func (*TeamRolesMapping) Descriptor 

func (*TeamRolesMapping) Descriptor() ([]byte, []int)

func (*TeamRolesMapping) Marshal 

func (m *TeamRolesMapping) Marshal() (dAtA []byte, err error)

func (*TeamRolesMapping) MarshalTo 

func (m *TeamRolesMapping) MarshalTo(dAtA []byte) (int, error)

func (*TeamRolesMapping) MarshalToSizedBuffer 

func (m *TeamRolesMapping) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TeamRolesMapping) ProtoMessage 

func (*TeamRolesMapping) ProtoMessage()

func (*TeamRolesMapping) Reset 

func (m *TeamRolesMapping) Reset()

func (*TeamRolesMapping) Size 

func (m *TeamRolesMapping) Size() (n int)

func (*TeamRolesMapping) String 

func (m *TeamRolesMapping) String() string

func (*TeamRolesMapping) Unmarshal 

func (m *TeamRolesMapping) Unmarshal(dAtA []byte) error

func (*TeamRolesMapping) XXX_DiscardUnknown 

func (m *TeamRolesMapping) XXX_DiscardUnknown()

func (*TeamRolesMapping) XXX_Marshal 

func (m *TeamRolesMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TeamRolesMapping) XXX_Merge 

func (m *TeamRolesMapping) XXX_Merge(src proto.Message)

func (*TeamRolesMapping) XXX_Size 

func (m *TeamRolesMapping) XXX_Size() int

func (*TeamRolesMapping) XXX_Unmarshal 

func (m *TeamRolesMapping) XXX_Unmarshal(b []byte) error

type ThresholdIndexSet 

type ThresholdIndexSet struct {
	// Indexes are the indexes of thresholds which relate to the role.
	Indexes              []uint32 `protobuf:"varint,1,rep,packed,name=Indexes,proto3" json:"i,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ThresholdIndexSet encodes a list of threshold indexes. One of the listed thresholds must pass for the set to be considered to have passed (i.e. this is an `or` operator).

func (*ThresholdIndexSet) Descriptor 

func (*ThresholdIndexSet) Descriptor() ([]byte, []int)

func (*ThresholdIndexSet) Marshal 

func (m *ThresholdIndexSet) Marshal() (dAtA []byte, err error)

func (*ThresholdIndexSet) MarshalTo 

func (m *ThresholdIndexSet) MarshalTo(dAtA []byte) (int, error)

func (*ThresholdIndexSet) MarshalToSizedBuffer 

func (m *ThresholdIndexSet) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ThresholdIndexSet) ProtoMessage 

func (*ThresholdIndexSet) ProtoMessage()

func (*ThresholdIndexSet) Reset 

func (m *ThresholdIndexSet) Reset()

func (*ThresholdIndexSet) Size 

func (m *ThresholdIndexSet) Size() (n int)

func (*ThresholdIndexSet) String 

func (m *ThresholdIndexSet) String() string

func (*ThresholdIndexSet) Unmarshal 

func (m *ThresholdIndexSet) Unmarshal(dAtA []byte) error

func (*ThresholdIndexSet) XXX_DiscardUnknown 

func (m *ThresholdIndexSet) XXX_DiscardUnknown()

func (*ThresholdIndexSet) XXX_Marshal 

func (m *ThresholdIndexSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ThresholdIndexSet) XXX_Merge 

func (m *ThresholdIndexSet) XXX_Merge(src proto.Message)

func (*ThresholdIndexSet) XXX_Size 

func (m *ThresholdIndexSet) XXX_Size() int

func (*ThresholdIndexSet) XXX_Unmarshal 

func (m *ThresholdIndexSet) XXX_Unmarshal(b []byte) error

type ThresholdIndexSets 

type ThresholdIndexSets struct {
	// Sets are the sets that make up this group.
	Sets                 []ThresholdIndexSet `protobuf:"bytes,1,rep,name=Sets,proto3" json:"s,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

ThresholdIndexSets is a list of threshold index sets. Each of the individual sets must pass (i.e. this is an `and` operator).

func (*ThresholdIndexSets) Descriptor 

func (*ThresholdIndexSets) Descriptor() ([]byte, []int)

func (*ThresholdIndexSets) Marshal 

func (m *ThresholdIndexSets) Marshal() (dAtA []byte, err error)

func (*ThresholdIndexSets) MarshalTo 

func (m *ThresholdIndexSets) MarshalTo(dAtA []byte) (int, error)

func (*ThresholdIndexSets) MarshalToSizedBuffer 

func (m *ThresholdIndexSets) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ThresholdIndexSets) ProtoMessage 

func (*ThresholdIndexSets) ProtoMessage()

func (*ThresholdIndexSets) Reset 

func (m *ThresholdIndexSets) Reset()

func (*ThresholdIndexSets) Size 

func (m *ThresholdIndexSets) Size() (n int)

func (*ThresholdIndexSets) String 

func (m *ThresholdIndexSets) String() string

func (*ThresholdIndexSets) Unmarshal 

func (m *ThresholdIndexSets) Unmarshal(dAtA []byte) error

func (*ThresholdIndexSets) XXX_DiscardUnknown 

func (m *ThresholdIndexSets) XXX_DiscardUnknown()

func (*ThresholdIndexSets) XXX_Marshal 

func (m *ThresholdIndexSets) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ThresholdIndexSets) XXX_Merge 

func (m *ThresholdIndexSets) XXX_Merge(src proto.Message)

func (*ThresholdIndexSets) XXX_Size 

func (m *ThresholdIndexSets) XXX_Size() int

func (*ThresholdIndexSets) XXX_Unmarshal 

func (m *ThresholdIndexSets) XXX_Unmarshal(b []byte) error

type TokenRule 

type TokenRule struct {
	// AWSAccount is the AWS account ID.
	AWSAccount string `protobuf:"bytes,1,opt,name=AWSAccount,proto3" json:"aws_account,omitempty"`
	// AWSRegions is used for the EC2 join method and is a list of AWS regions a
	// node is allowed to join from.
	AWSRegions []string `protobuf:"bytes,2,rep,name=AWSRegions,proto3" json:"aws_regions,omitempty"`
	// AWSRole is used for the EC2 join method and is the ARN of the AWS
	// role that the Auth Service will assume in order to call the ec2 API.
	AWSRole string `protobuf:"bytes,3,opt,name=AWSRole,proto3" json:"aws_role,omitempty"`
	// AWSARN is used for the IAM join method, the AWS identity of joining nodes
	// must match this ARN. Supports wildcards "*" and "?".
	AWSARN               string   `protobuf:"bytes,4,opt,name=AWSARN,proto3" json:"aws_arn,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TokenRule is a rule that a joining node must match in order to use the associated token.

func (*TokenRule) Descriptor 

func (*TokenRule) Descriptor() ([]byte, []int)

func (*TokenRule) Marshal 

func (m *TokenRule) Marshal() (dAtA []byte, err error)

func (*TokenRule) MarshalTo 

func (m *TokenRule) MarshalTo(dAtA []byte) (int, error)

func (*TokenRule) MarshalToSizedBuffer 

func (m *TokenRule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TokenRule) ProtoMessage 

func (*TokenRule) ProtoMessage()

func (*TokenRule) Reset 

func (m *TokenRule) Reset()

func (*TokenRule) Size 

func (m *TokenRule) Size() (n int)

func (*TokenRule) String 

func (m *TokenRule) String() string

func (*TokenRule) Unmarshal 

func (m *TokenRule) Unmarshal(dAtA []byte) error

func (*TokenRule) XXX_DiscardUnknown 

func (m *TokenRule) XXX_DiscardUnknown()

func (*TokenRule) XXX_Marshal 

func (m *TokenRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TokenRule) XXX_Merge 

func (m *TokenRule) XXX_Merge(src proto.Message)

func (*TokenRule) XXX_Size 

func (m *TokenRule) XXX_Size() int

func (*TokenRule) XXX_Unmarshal 

func (m *TokenRule) XXX_Unmarshal(b []byte) error

type TraitMapping 

type TraitMapping struct {
	// Trait is a trait name.
	Trait string `protobuf:"bytes,1,opt,name=Trait,proto3" json:"trait"`
	// Value is a trait value to match.
	Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
	// Roles is a list of static teleport roles to match.
	Roles                []string `protobuf:"bytes,3,rep,name=Roles,proto3" json:"roles,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TraitMapping maps a trait to teleport roles.

func (*TraitMapping) Descriptor 

func (*TraitMapping) Descriptor() ([]byte, []int)

func (*TraitMapping) Marshal 

func (m *TraitMapping) Marshal() (dAtA []byte, err error)

func (*TraitMapping) MarshalTo 

func (m *TraitMapping) MarshalTo(dAtA []byte) (int, error)

func (*TraitMapping) MarshalToSizedBuffer 

func (m *TraitMapping) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TraitMapping) ProtoMessage 

func (*TraitMapping) ProtoMessage()

func (*TraitMapping) Reset 

func (m *TraitMapping) Reset()

func (*TraitMapping) Size 

func (m *TraitMapping) Size() (n int)

func (*TraitMapping) String 

func (m *TraitMapping) String() string

func (*TraitMapping) Unmarshal 

func (m *TraitMapping) Unmarshal(dAtA []byte) error

func (*TraitMapping) XXX_DiscardUnknown 

func (m *TraitMapping) XXX_DiscardUnknown()

func (*TraitMapping) XXX_Marshal 

func (m *TraitMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TraitMapping) XXX_Merge 

func (m *TraitMapping) XXX_Merge(src proto.Message)

func (*TraitMapping) XXX_Size 

func (m *TraitMapping) XXX_Size() int

func (*TraitMapping) XXX_Unmarshal 

func (m *TraitMapping) XXX_Unmarshal(b []byte) error

type TraitMappingSet 

type TraitMappingSet []TraitMapping

TraitMappingSet is a set of trait mappings

type TrustedCluster 

type TrustedCluster interface {
	// ResourceWithOrigin provides common resource properties
	ResourceWithOrigin
	// SetMetadata sets object metadata
	SetMetadata(meta Metadata)
	// GetEnabled returns the state of the TrustedCluster.
	GetEnabled() bool
	// SetEnabled enables (handshake and add ca+reverse tunnel) or disables TrustedCluster.
	SetEnabled(bool)
	// CombinedMapping is used to specify combined mapping from legacy property Roles
	// and new property RoleMap
	CombinedMapping() RoleMap
	// GetRoleMap returns role map property
	GetRoleMap() RoleMap
	// SetRoleMap sets role map
	SetRoleMap(m RoleMap)
	// GetRoles returns the roles for the certificate authority.
	GetRoles() []string
	// SetRoles sets the roles for the certificate authority.
	SetRoles([]string)
	// GetToken returns the authorization and authentication token.
	GetToken() string
	// SetToken sets the authorization and authentication.
	SetToken(string)
	// GetProxyAddress returns the address of the proxy server.
	GetProxyAddress() string
	// SetProxyAddress sets the address of the proxy server.
	SetProxyAddress(string)
	// GetReverseTunnelAddress returns the address of the reverse tunnel.
	GetReverseTunnelAddress() string
	// SetReverseTunnelAddress sets the address of the reverse tunnel.
	SetReverseTunnelAddress(string)
	// CanChangeStateTo checks the TrustedCluster can transform into another.
	CanChangeStateTo(TrustedCluster) error
	// Clone returns a deep copy of the TrustedCluster.
	Clone() TrustedCluster
}

TrustedCluster holds information needed for a cluster that can not be directly accessed (maybe be behind firewall without any open ports) to join a parent cluster.

func NewTrustedCluster 

func NewTrustedCluster(name string, spec TrustedClusterSpecV2) (TrustedCluster, error)

NewTrustedCluster is a convenience way to create a TrustedCluster resource.

type TrustedClusterSpecV2 

type TrustedClusterSpecV2 struct {
	// Enabled is a bool that indicates if the TrustedCluster is enabled or disabled.
	// Setting Enabled to false has a side effect of deleting the user and host certificate
	// authority (CA).
	Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"enabled"`
	// Roles is a list of roles that users will be assuming when connecting to this cluster.
	Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles,omitempty"`
	// Token is the authorization token provided by another cluster needed by this cluster to join.
	Token string `protobuf:"bytes,3,opt,name=Token,proto3" json:"token"`
	// ProxyAddress is the address of the web proxy server of the cluster to join. If not set,
	// it is derived from `<metadata.name>:<default web proxy server port>`.
	ProxyAddress string `protobuf:"bytes,4,opt,name=ProxyAddress,proto3" json:"web_proxy_addr"`
	// ReverseTunnelAddress is the address of the SSH proxy server of the cluster to join. If
	// not set, it is derived from `<metadata.name>:<default reverse tunnel port>`.
	ReverseTunnelAddress string `protobuf:"bytes,5,opt,name=ReverseTunnelAddress,proto3" json:"tunnel_addr"`
	// RoleMap specifies role mappings to remote roles.
	RoleMap              []RoleMapping `protobuf:"bytes,6,rep,name=RoleMap,proto3" json:"role_map,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

TrustedClusterSpecV2 is a Trusted Cluster specification.

func (*TrustedClusterSpecV2) Descriptor 

func (*TrustedClusterSpecV2) Descriptor() ([]byte, []int)

func (*TrustedClusterSpecV2) Marshal 

func (m *TrustedClusterSpecV2) Marshal() (dAtA []byte, err error)

func (*TrustedClusterSpecV2) MarshalTo 

func (m *TrustedClusterSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*TrustedClusterSpecV2) MarshalToSizedBuffer 

func (m *TrustedClusterSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TrustedClusterSpecV2) ProtoMessage 

func (*TrustedClusterSpecV2) ProtoMessage()

func (*TrustedClusterSpecV2) Reset 

func (m *TrustedClusterSpecV2) Reset()

func (*TrustedClusterSpecV2) Size 

func (m *TrustedClusterSpecV2) Size() (n int)

func (*TrustedClusterSpecV2) String 

func (m *TrustedClusterSpecV2) String() string

func (*TrustedClusterSpecV2) Unmarshal 

func (m *TrustedClusterSpecV2) Unmarshal(dAtA []byte) error

func (*TrustedClusterSpecV2) XXX_DiscardUnknown 

func (m *TrustedClusterSpecV2) XXX_DiscardUnknown()

func (*TrustedClusterSpecV2) XXX_Marshal 

func (m *TrustedClusterSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TrustedClusterSpecV2) XXX_Merge 

func (m *TrustedClusterSpecV2) XXX_Merge(src proto.Message)

func (*TrustedClusterSpecV2) XXX_Size 

func (m *TrustedClusterSpecV2) XXX_Size() int

func (*TrustedClusterSpecV2) XXX_Unmarshal 

func (m *TrustedClusterSpecV2) XXX_Unmarshal(b []byte) error

type TrustedClusterV2 

type TrustedClusterV2 struct {
	// Kind is a resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v2`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata holds resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a Trusted Cluster specification.
	Spec                 TrustedClusterSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

TrustedClusterV2 represents a Trusted Cluster.

func (*TrustedClusterV2) CanChangeStateTo 

func (c *TrustedClusterV2) CanChangeStateTo(t TrustedCluster) error

CanChangeStateTo checks if the state change is allowed or not. If not, returns an error explaining the reason.

func (*TrustedClusterV2) CheckAndSetDefaults 

func (c *TrustedClusterV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks validity of all parameters and sets defaults

func (*TrustedClusterV2) Clone 

func (c *TrustedClusterV2) Clone() TrustedCluster

func (*TrustedClusterV2) CombinedMapping 

func (c *TrustedClusterV2) CombinedMapping() RoleMap

CombinedMapping is used to specify combined mapping from legacy property Roles and new property RoleMap

func (*TrustedClusterV2) Descriptor 

func (*TrustedClusterV2) Descriptor() ([]byte, []int)

func (*TrustedClusterV2) Expiry 

func (c *TrustedClusterV2) Expiry() time.Time

Expiry returns object expiry setting

func (*TrustedClusterV2) GetEnabled 

func (c *TrustedClusterV2) GetEnabled() bool

GetEnabled returns the state of the TrustedCluster.

func (*TrustedClusterV2) GetKind 

func (c *TrustedClusterV2) GetKind() string

GetKind returns resource kind

func (*TrustedClusterV2) GetMetadata 

func (c *TrustedClusterV2) GetMetadata() Metadata

GetMetadata returns object metadata

func (*TrustedClusterV2) GetName 

func (c *TrustedClusterV2) GetName() string

GetName returns the name of the TrustedCluster.

func (*TrustedClusterV2) GetProxyAddress 

func (c *TrustedClusterV2) GetProxyAddress() string

GetProxyAddress returns the address of the proxy server.

func (*TrustedClusterV2) GetReverseTunnelAddress 

func (c *TrustedClusterV2) GetReverseTunnelAddress() string

GetReverseTunnelAddress returns the address of the reverse tunnel.

func (*TrustedClusterV2) GetRevision 

func (c *TrustedClusterV2) GetRevision() string

GetRevision returns the revision

func (*TrustedClusterV2) GetRoleMap 

func (c *TrustedClusterV2) GetRoleMap() RoleMap

GetRoleMap returns role map property

func (*TrustedClusterV2) GetRoles 

func (c *TrustedClusterV2) GetRoles() []string

GetRoles returns the roles for the certificate authority.

func (*TrustedClusterV2) GetSubKind 

func (c *TrustedClusterV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*TrustedClusterV2) GetToken 

func (c *TrustedClusterV2) GetToken() string

GetToken returns the authorization and authentication token.

func (*TrustedClusterV2) GetVersion 

func (c *TrustedClusterV2) GetVersion() string

GetVersion returns resource version

func (*TrustedClusterV2) Marshal 

func (m *TrustedClusterV2) Marshal() (dAtA []byte, err error)

func (*TrustedClusterV2) MarshalTo 

func (m *TrustedClusterV2) MarshalTo(dAtA []byte) (int, error)

func (*TrustedClusterV2) MarshalToSizedBuffer 

func (m *TrustedClusterV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TrustedClusterV2) Origin 

func (c *TrustedClusterV2) Origin() string

Origin returns the origin value of the resource.

func (*TrustedClusterV2) ProtoMessage 

func (*TrustedClusterV2) ProtoMessage()

func (*TrustedClusterV2) Reset 

func (m *TrustedClusterV2) Reset()

func (*TrustedClusterV2) SetEnabled 

func (c *TrustedClusterV2) SetEnabled(e bool)

SetEnabled enables (handshake and add ca+reverse tunnel) or disables TrustedCluster.

func (*TrustedClusterV2) SetExpiry 

func (c *TrustedClusterV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*TrustedClusterV2) SetMetadata 

func (c *TrustedClusterV2) SetMetadata(meta Metadata)

SetMetadata sets object metadata

func (*TrustedClusterV2) SetName 

func (c *TrustedClusterV2) SetName(e string)

SetName sets the name of the TrustedCluster.

func (*TrustedClusterV2) SetOrigin 

func (c *TrustedClusterV2) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*TrustedClusterV2) SetProxyAddress 

func (c *TrustedClusterV2) SetProxyAddress(e string)

SetProxyAddress sets the address of the proxy server.

func (*TrustedClusterV2) SetReverseTunnelAddress 

func (c *TrustedClusterV2) SetReverseTunnelAddress(e string)

SetReverseTunnelAddress sets the address of the reverse tunnel.

func (*TrustedClusterV2) SetRevision 

func (c *TrustedClusterV2) SetRevision(rev string)

SetRevision sets the revision

func (*TrustedClusterV2) SetRoleMap 

func (c *TrustedClusterV2) SetRoleMap(m RoleMap)

SetRoleMap sets role map

func (*TrustedClusterV2) SetRoles 

func (c *TrustedClusterV2) SetRoles(e []string)

SetRoles sets the roles for the certificate authority.

func (*TrustedClusterV2) SetSubKind 

func (c *TrustedClusterV2) SetSubKind(s string)

SetSubKind sets resource subkind

func (*TrustedClusterV2) SetToken 

func (c *TrustedClusterV2) SetToken(e string)

SetToken sets the authorization and authentication.

func (*TrustedClusterV2) Size 

func (m *TrustedClusterV2) Size() (n int)

func (*TrustedClusterV2) String 

func (c *TrustedClusterV2) String() string

String represents a human readable version of trusted cluster settings.

func (*TrustedClusterV2) Unmarshal 

func (m *TrustedClusterV2) Unmarshal(dAtA []byte) error

func (*TrustedClusterV2) XXX_DiscardUnknown 

func (m *TrustedClusterV2) XXX_DiscardUnknown()

func (*TrustedClusterV2) XXX_Marshal 

func (m *TrustedClusterV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TrustedClusterV2) XXX_Merge 

func (m *TrustedClusterV2) XXX_Merge(src proto.Message)

func (*TrustedClusterV2) XXX_Size 

func (m *TrustedClusterV2) XXX_Size() int

func (*TrustedClusterV2) XXX_Unmarshal 

func (m *TrustedClusterV2) XXX_Unmarshal(b []byte) error

type TrustedClusterV2List 

type TrustedClusterV2List struct {
	// TrustedClusters is a list of trusted cluster.
	TrustedClusters      []*TrustedClusterV2 `protobuf:"bytes,1,rep,name=TrustedClusters,proto3" json:"TrustedClusters,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

TrustedClusterV2List is a list of trusted cluster.

func (*TrustedClusterV2List) Descriptor 

func (*TrustedClusterV2List) Descriptor() ([]byte, []int)

func (*TrustedClusterV2List) Marshal 

func (m *TrustedClusterV2List) Marshal() (dAtA []byte, err error)

func (*TrustedClusterV2List) MarshalTo 

func (m *TrustedClusterV2List) MarshalTo(dAtA []byte) (int, error)

func (*TrustedClusterV2List) MarshalToSizedBuffer 

func (m *TrustedClusterV2List) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TrustedClusterV2List) ProtoMessage 

func (*TrustedClusterV2List) ProtoMessage()

func (*TrustedClusterV2List) Reset 

func (m *TrustedClusterV2List) Reset()

func (*TrustedClusterV2List) Size 

func (m *TrustedClusterV2List) Size() (n int)

func (*TrustedClusterV2List) String 

func (m *TrustedClusterV2List) String() string

func (*TrustedClusterV2List) Unmarshal 

func (m *TrustedClusterV2List) Unmarshal(dAtA []byte) error

func (*TrustedClusterV2List) XXX_DiscardUnknown 

func (m *TrustedClusterV2List) XXX_DiscardUnknown()

func (*TrustedClusterV2List) XXX_Marshal 

func (m *TrustedClusterV2List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TrustedClusterV2List) XXX_Merge 

func (m *TrustedClusterV2List) XXX_Merge(src proto.Message)

func (*TrustedClusterV2List) XXX_Size 

func (m *TrustedClusterV2List) XXX_Size() int

func (*TrustedClusterV2List) XXX_Unmarshal 

func (m *TrustedClusterV2List) XXX_Unmarshal(b []byte) error

type TrustedDeviceRequirement 

type TrustedDeviceRequirement int32

TrustedDeviceRequirement indicates whether access may be hindered by the lack of a trusted device. 

const (
	// Device requirement not determined.
	// Does not mean that a device is not required, only that the necessary data
	// was not considered.
	TrustedDeviceRequirement_TRUSTED_DEVICE_REQUIREMENT_UNSPECIFIED TrustedDeviceRequirement = 0
	// Trusted device not required.
	TrustedDeviceRequirement_TRUSTED_DEVICE_REQUIREMENT_NOT_REQUIRED TrustedDeviceRequirement = 1
	// Trusted device required by either cluster mode or user roles.
	TrustedDeviceRequirement_TRUSTED_DEVICE_REQUIREMENT_REQUIRED TrustedDeviceRequirement = 2
)

func (TrustedDeviceRequirement) EnumDescriptor 

func (TrustedDeviceRequirement) EnumDescriptor() ([]byte, []int)

func (TrustedDeviceRequirement) String 

func (x TrustedDeviceRequirement) String() string

type TunnelConnection 

type TunnelConnection interface {
	// Resource provides common methods for resource objects
	Resource
	// GetClusterName returns name of the cluster this connection is for.
	GetClusterName() string
	// GetProxyName returns the proxy name this connection is established to
	GetProxyName() string
	// GetLastHeartbeat returns time of the last heartbeat received from
	// the tunnel over the connection
	GetLastHeartbeat() time.Time
	// SetLastHeartbeat sets last heartbeat time
	SetLastHeartbeat(time.Time)
	// GetType gets the type of ReverseTunnel.
	GetType() TunnelType
	// SetType sets the type of ReverseTunnel.
	SetType(TunnelType)
	// String returns user friendly representation of this connection
	String() string
	// Clone returns a copy of this tunnel connection
	Clone() TunnelConnection
}

TunnelConnection is SSH reverse tunnel connection established to reverse tunnel proxy

func NewTunnelConnection 

func NewTunnelConnection(name string, spec TunnelConnectionSpecV2) (TunnelConnection, error)

NewTunnelConnection returns new connection from V2 spec

type TunnelConnectionSpecV2 

type TunnelConnectionSpecV2 struct {
	// ClusterName is a name of the cluster
	ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name"`
	// ProxyName is the name of the proxy server
	ProxyName string `protobuf:"bytes,2,opt,name=ProxyName,proto3" json:"proxy_name"`
	// LastHeartbeat is a time of the last heartbeat
	LastHeartbeat time.Time `protobuf:"bytes,3,opt,name=LastHeartbeat,proto3,stdtime" json:"last_heartbeat,omitempty"`
	// Type is the type of reverse tunnel, either proxy or node.
	Type                 TunnelType `protobuf:"bytes,4,opt,name=Type,proto3,casttype=TunnelType" json:"type"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

TunnelConnectionSpecV2 is a specification for V2 tunnel connection

func (*TunnelConnectionSpecV2) Descriptor 

func (*TunnelConnectionSpecV2) Descriptor() ([]byte, []int)

func (*TunnelConnectionSpecV2) Marshal 

func (m *TunnelConnectionSpecV2) Marshal() (dAtA []byte, err error)

func (*TunnelConnectionSpecV2) MarshalTo 

func (m *TunnelConnectionSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*TunnelConnectionSpecV2) MarshalToSizedBuffer 

func (m *TunnelConnectionSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TunnelConnectionSpecV2) ProtoMessage 

func (*TunnelConnectionSpecV2) ProtoMessage()

func (*TunnelConnectionSpecV2) Reset 

func (m *TunnelConnectionSpecV2) Reset()

func (*TunnelConnectionSpecV2) Size 

func (m *TunnelConnectionSpecV2) Size() (n int)

func (*TunnelConnectionSpecV2) String 

func (m *TunnelConnectionSpecV2) String() string

func (*TunnelConnectionSpecV2) Unmarshal 

func (m *TunnelConnectionSpecV2) Unmarshal(dAtA []byte) error

func (*TunnelConnectionSpecV2) XXX_DiscardUnknown 

func (m *TunnelConnectionSpecV2) XXX_DiscardUnknown()

func (*TunnelConnectionSpecV2) XXX_Marshal 

func (m *TunnelConnectionSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TunnelConnectionSpecV2) XXX_Merge 

func (m *TunnelConnectionSpecV2) XXX_Merge(src proto.Message)

func (*TunnelConnectionSpecV2) XXX_Size 

func (m *TunnelConnectionSpecV2) XXX_Size() int

func (*TunnelConnectionSpecV2) XXX_Unmarshal 

func (m *TunnelConnectionSpecV2) XXX_Unmarshal(b []byte) error

type TunnelConnectionV2 

type TunnelConnectionV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is a resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a tunnel specification
	Spec                 TunnelConnectionSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

TunnelConnectionV2 is version 2 of the resource spec of the tunnel connection

func (*TunnelConnectionV2) CheckAndSetDefaults 

func (r *TunnelConnectionV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*TunnelConnectionV2) Clone 

func (r *TunnelConnectionV2) Clone() TunnelConnection

Clone returns a copy of this tunnel connection

func (*TunnelConnectionV2) Descriptor 

func (*TunnelConnectionV2) Descriptor() ([]byte, []int)

func (*TunnelConnectionV2) Expiry 

func (r *TunnelConnectionV2) Expiry() time.Time

Expiry returns object expiry setting

func (*TunnelConnectionV2) GetClusterName 

func (r *TunnelConnectionV2) GetClusterName() string

GetClusterName returns name of the cluster

func (*TunnelConnectionV2) GetKind 

func (r *TunnelConnectionV2) GetKind() string

GetKind returns resource kind

func (*TunnelConnectionV2) GetLastHeartbeat 

func (r *TunnelConnectionV2) GetLastHeartbeat() time.Time

GetLastHeartbeat returns last heartbeat

func (*TunnelConnectionV2) GetMetadata 

func (r *TunnelConnectionV2) GetMetadata() Metadata

GetMetadata returns object metadata

func (*TunnelConnectionV2) GetName 

func (r *TunnelConnectionV2) GetName() string

GetName returns the name of the User

func (*TunnelConnectionV2) GetProxyName 

func (r *TunnelConnectionV2) GetProxyName() string

GetProxyName returns the name of the proxy

func (*TunnelConnectionV2) GetRevision 

func (r *TunnelConnectionV2) GetRevision() string

GetRevision returns the revision

func (*TunnelConnectionV2) GetSubKind 

func (r *TunnelConnectionV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*TunnelConnectionV2) GetType 

func (r *TunnelConnectionV2) GetType() TunnelType

GetType gets the type of ReverseTunnel.

func (*TunnelConnectionV2) GetVersion 

func (r *TunnelConnectionV2) GetVersion() string

GetVersion returns resource version

func (*TunnelConnectionV2) Marshal 

func (m *TunnelConnectionV2) Marshal() (dAtA []byte, err error)

func (*TunnelConnectionV2) MarshalTo 

func (m *TunnelConnectionV2) MarshalTo(dAtA []byte) (int, error)

func (*TunnelConnectionV2) MarshalToSizedBuffer 

func (m *TunnelConnectionV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TunnelConnectionV2) ProtoMessage 

func (*TunnelConnectionV2) ProtoMessage()

func (*TunnelConnectionV2) Reset 

func (m *TunnelConnectionV2) Reset()

func (*TunnelConnectionV2) SetExpiry 

func (r *TunnelConnectionV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*TunnelConnectionV2) SetLastHeartbeat 

func (r *TunnelConnectionV2) SetLastHeartbeat(tm time.Time)

SetLastHeartbeat sets last heartbeat time

func (*TunnelConnectionV2) SetName 

func (r *TunnelConnectionV2) SetName(e string)

SetName sets the name of the User

func (*TunnelConnectionV2) SetRevision 

func (r *TunnelConnectionV2) SetRevision(rev string)

SetRevision sets the revision

func (*TunnelConnectionV2) SetSubKind 

func (r *TunnelConnectionV2) SetSubKind(s string)

SetSubKind sets resource subkind

func (*TunnelConnectionV2) SetType 

func (r *TunnelConnectionV2) SetType(tt TunnelType)

SetType sets the type of ReverseTunnel.

func (*TunnelConnectionV2) Size 

func (m *TunnelConnectionV2) Size() (n int)

func (*TunnelConnectionV2) String 

func (r *TunnelConnectionV2) String() string

String returns user-friendly description of this connection

func (*TunnelConnectionV2) Unmarshal 

func (m *TunnelConnectionV2) Unmarshal(dAtA []byte) error

func (*TunnelConnectionV2) V2 

func (r *TunnelConnectionV2) V2() *TunnelConnectionV2

V2 returns V2 version of the resource

func (*TunnelConnectionV2) XXX_DiscardUnknown 

func (m *TunnelConnectionV2) XXX_DiscardUnknown()

func (*TunnelConnectionV2) XXX_Marshal 

func (m *TunnelConnectionV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TunnelConnectionV2) XXX_Merge 

func (m *TunnelConnectionV2) XXX_Merge(src proto.Message)

func (*TunnelConnectionV2) XXX_Size 

func (m *TunnelConnectionV2) XXX_Size() int

func (*TunnelConnectionV2) XXX_Unmarshal 

func (m *TunnelConnectionV2) XXX_Unmarshal(b []byte) error

type TunnelStrategy 

type TunnelStrategy interface {
	CheckAndSetDefaults() error
	// contains filtered or unexported methods
}

TunnelStrategy defines methods to be implemented by any TunnelStrategy.

func DefaultTunnelStrategy 

func DefaultTunnelStrategy() TunnelStrategy

DefaultTunnelStrategy is the default tunnel strategy used when one is not specified.

type TunnelStrategyType 

type TunnelStrategyType string
const (
	// AgentMesh requires agents to create a reverse tunnel to
	// every proxy server.
	AgentMesh TunnelStrategyType = "agent_mesh"
	// ProxyPeering requires agents to create a reverse tunnel to a configured
	// number of proxy servers and enables proxy to proxy communication.
	ProxyPeering TunnelStrategyType = "proxy_peering"
)

type TunnelStrategyV1 

type TunnelStrategyV1 struct {
	// Types that are valid to be assigned to Strategy:
	//	*TunnelStrategyV1_AgentMesh
	//	*TunnelStrategyV1_ProxyPeering
	Strategy             isTunnelStrategyV1_Strategy `protobuf_oneof:"Strategy"`
	XXX_NoUnkeyedLiteral struct{}                    `json:"-"`
	XXX_unrecognized     []byte                      `json:"-"`
	XXX_sizecache        int32                       `json:"-"`
}

TunnelStrategyV1 defines possible tunnel strategy types.

func (*TunnelStrategyV1) CheckAndSetDefaults 

func (s *TunnelStrategyV1) CheckAndSetDefaults() error

CheckAndSetDefaults validates and sets default values for a tunnel strategy.

func (*TunnelStrategyV1) Descriptor 

func (*TunnelStrategyV1) Descriptor() ([]byte, []int)

func (*TunnelStrategyV1) GetAgentMesh 

func (m *TunnelStrategyV1) GetAgentMesh() *AgentMeshTunnelStrategy

func (*TunnelStrategyV1) GetProxyPeering 

func (m *TunnelStrategyV1) GetProxyPeering() *ProxyPeeringTunnelStrategy

func (*TunnelStrategyV1) GetStrategy 

func (m *TunnelStrategyV1) GetStrategy() isTunnelStrategyV1_Strategy

func (*TunnelStrategyV1) Marshal 

func (m *TunnelStrategyV1) Marshal() (dAtA []byte, err error)

func (*TunnelStrategyV1) MarshalJSON 

func (s *TunnelStrategyV1) MarshalJSON() ([]byte, error)

MarshalJSON converts a TunnelStrategyV1 to json.

func (*TunnelStrategyV1) MarshalTo 

func (m *TunnelStrategyV1) MarshalTo(dAtA []byte) (int, error)

func (*TunnelStrategyV1) MarshalToSizedBuffer 

func (m *TunnelStrategyV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TunnelStrategyV1) MarshalYAML 

func (s *TunnelStrategyV1) MarshalYAML() (interface{}, error)

MarshalYAML converts a TunnelStrategyV1 to yaml.

func (*TunnelStrategyV1) ProtoMessage 

func (*TunnelStrategyV1) ProtoMessage()

func (*TunnelStrategyV1) Reset 

func (m *TunnelStrategyV1) Reset()

func (*TunnelStrategyV1) Size 

func (m *TunnelStrategyV1) Size() (n int)

func (*TunnelStrategyV1) String 

func (m *TunnelStrategyV1) String() string

func (*TunnelStrategyV1) Unmarshal 

func (m *TunnelStrategyV1) Unmarshal(dAtA []byte) error

func (*TunnelStrategyV1) UnmarshalJSON 

func (s *TunnelStrategyV1) UnmarshalJSON(data []byte) error

UnmarshalJSON converts json to a TunnelStrategyV1. Unknown fields are allowed to prevent rollbacks causing issues decoding this data from the backend.

func (*TunnelStrategyV1) UnmarshalYAML 

func (s *TunnelStrategyV1) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML converts yaml to a TunnelStrategyV1 using a strict policy to disallow unknown fields.

func (*TunnelStrategyV1) XXX_DiscardUnknown 

func (m *TunnelStrategyV1) XXX_DiscardUnknown()

func (*TunnelStrategyV1) XXX_Marshal 

func (m *TunnelStrategyV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TunnelStrategyV1) XXX_Merge 

func (m *TunnelStrategyV1) XXX_Merge(src proto.Message)

func (*TunnelStrategyV1) XXX_OneofWrappers 

func (*TunnelStrategyV1) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*TunnelStrategyV1) XXX_Size 

func (m *TunnelStrategyV1) XXX_Size() int

func (*TunnelStrategyV1) XXX_Unmarshal 

func (m *TunnelStrategyV1) XXX_Unmarshal(b []byte) error

type TunnelStrategyV1_AgentMesh 

type TunnelStrategyV1_AgentMesh struct {
	AgentMesh *AgentMeshTunnelStrategy `protobuf:"bytes,1,opt,name=AgentMesh,proto3,oneof" json:"agent_mesh,omitempty"`
}

func (*TunnelStrategyV1_AgentMesh) CheckAndSetDefaults 

func (s *TunnelStrategyV1_AgentMesh) CheckAndSetDefaults() error

CheckAndSetDefaults validates an agent mesh tunnel strategy.

func (*TunnelStrategyV1_AgentMesh) MarshalTo 

func (m *TunnelStrategyV1_AgentMesh) MarshalTo(dAtA []byte) (int, error)

func (*TunnelStrategyV1_AgentMesh) MarshalToSizedBuffer 

func (m *TunnelStrategyV1_AgentMesh) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TunnelStrategyV1_AgentMesh) Size 

func (m *TunnelStrategyV1_AgentMesh) Size() (n int)

type TunnelStrategyV1_ProxyPeering 

type TunnelStrategyV1_ProxyPeering struct {
	ProxyPeering *ProxyPeeringTunnelStrategy `protobuf:"bytes,2,opt,name=ProxyPeering,proto3,oneof" json:"proxy_peering,omitempty"`
}

func (*TunnelStrategyV1_ProxyPeering) CheckAndSetDefaults 

func (s *TunnelStrategyV1_ProxyPeering) CheckAndSetDefaults() error

CheckAndSetDefaults validates a proxy peering tunnel strategy.

func (*TunnelStrategyV1_ProxyPeering) MarshalTo 

func (m *TunnelStrategyV1_ProxyPeering) MarshalTo(dAtA []byte) (int, error)

func (*TunnelStrategyV1_ProxyPeering) MarshalToSizedBuffer 

func (m *TunnelStrategyV1_ProxyPeering) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TunnelStrategyV1_ProxyPeering) Size 

func (m *TunnelStrategyV1_ProxyPeering) Size() (n int)

type TunnelType 

type TunnelType string

TunnelType is the type of tunnel. 

const (
	// NodeTunnel is a tunnel where the node connects to the proxy (dial back).
	NodeTunnel TunnelType = "node"

	// ProxyTunnel is a tunnel where a proxy connects to the proxy (trusted cluster).
	ProxyTunnel TunnelType = "proxy"

	// AppTunnel is a tunnel where the application proxy dials back to the proxy.
	AppTunnel TunnelType = "app"

	// KubeTunnel is a tunnel where the kubernetes service dials back to the proxy.
	KubeTunnel TunnelType = "kube"

	// DatabaseTunnel is a tunnel where a database proxy dials back to the proxy.
	DatabaseTunnel TunnelType = "db"

	// WindowsDesktopTunnel is a tunnel where the Windows desktop service dials back to the proxy.
	WindowsDesktopTunnel TunnelType = "windows_desktop"

	// OktaTunnel is a tunnel where the Okta service dials back to the proxy.
	OktaTunnel TunnelType = "okta"
)

type U2F 

type U2F struct {
	// AppID returns the application ID for universal mult-factor.
	AppID string `protobuf:"bytes,1,opt,name=AppID,proto3" json:"app_id,omitempty"`
	// Facets returns the facets for universal mult-factor.
	// Deprecated: Kept for backwards compatibility reasons, but Facets have no
	// effect since Teleport v10, when Webauthn replaced the U2F implementation.
	Facets []string `protobuf:"bytes,2,rep,name=Facets,proto3" json:"facets,omitempty"`
	// DeviceAttestationCAs contains the trusted attestation CAs for U2F
	// devices.
	DeviceAttestationCAs []string `protobuf:"bytes,3,rep,name=DeviceAttestationCAs,proto3" json:"device_attestation_cas,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

U2F defines settings for U2F device. Deprecated: U2F is transparently converted to WebAuthn by Teleport. Prefer using WebAuthn instead.

func (*U2F) Check 

func (u *U2F) Check() error

func (*U2F) Descriptor 

func (*U2F) Descriptor() ([]byte, []int)

func (*U2F) Marshal 

func (m *U2F) Marshal() (dAtA []byte, err error)

func (*U2F) MarshalTo 

func (m *U2F) MarshalTo(dAtA []byte) (int, error)

func (*U2F) MarshalToSizedBuffer 

func (m *U2F) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*U2F) ProtoMessage 

func (*U2F) ProtoMessage()

func (*U2F) Reset 

func (m *U2F) Reset()

func (*U2F) Size 

func (m *U2F) Size() (n int)

func (*U2F) String 

func (m *U2F) String() string

func (*U2F) Unmarshal 

func (m *U2F) Unmarshal(dAtA []byte) error

func (*U2F) XXX_DiscardUnknown 

func (m *U2F) XXX_DiscardUnknown()

func (*U2F) XXX_Marshal 

func (m *U2F) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*U2F) XXX_Merge 

func (m *U2F) XXX_Merge(src proto.Message)

func (*U2F) XXX_Size 

func (m *U2F) XXX_Size() int

func (*U2F) XXX_Unmarshal 

func (m *U2F) XXX_Unmarshal(b []byte) error

type U2FDevice 

type U2FDevice struct {
	// KeyHandle uniquely identifies a key on a device
	KeyHandle []byte `protobuf:"bytes,1,opt,name=key_handle,json=keyHandle,proto3" json:"key_handle,omitempty"`
	// PubKey is an DER encoded ecdsa public key
	PubKey []byte `protobuf:"bytes,2,opt,name=pub_key,json=pubKey,proto3" json:"pub_key,omitempty"`
	// Counter is the latest seen value of the U2F usage counter.
	Counter              uint32   `protobuf:"varint,3,opt,name=counter,proto3" json:"counter,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

U2FDevice holds the U2F-specific fields of MFADevice.

func (*U2FDevice) Descriptor 

func (*U2FDevice) Descriptor() ([]byte, []int)

func (*U2FDevice) Marshal 

func (m *U2FDevice) Marshal() (dAtA []byte, err error)

func (*U2FDevice) MarshalTo 

func (m *U2FDevice) MarshalTo(dAtA []byte) (int, error)

func (*U2FDevice) MarshalToSizedBuffer 

func (m *U2FDevice) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*U2FDevice) ProtoMessage 

func (*U2FDevice) ProtoMessage()

func (*U2FDevice) Reset 

func (m *U2FDevice) Reset()

func (*U2FDevice) Size 

func (m *U2FDevice) Size() (n int)

func (*U2FDevice) String 

func (m *U2FDevice) String() string

func (*U2FDevice) Unmarshal 

func (m *U2FDevice) Unmarshal(dAtA []byte) error

func (*U2FDevice) XXX_DiscardUnknown 

func (m *U2FDevice) XXX_DiscardUnknown()

func (*U2FDevice) XXX_Marshal 

func (m *U2FDevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*U2FDevice) XXX_Merge 

func (m *U2FDevice) XXX_Merge(src proto.Message)

func (*U2FDevice) XXX_Size 

func (m *U2FDevice) XXX_Size() int

func (*U2FDevice) XXX_Unmarshal 

func (m *U2FDevice) XXX_Unmarshal(b []byte) error

type UIConfig 

type UIConfig interface {
	Resource
	// GetShowResources will returns which resources should be shown in the unified resources UI
	GetShowResources() constants.ShowResources
	// GetScrollbackLines returns the amount of scrollback lines the terminal remembers
	GetScrollbackLines() int32
	// SetScrollbackLines sets the amount of scrollback lines the terminal remembers
	SetScrollbackLines(int32)

	String() string
	// Clone returns a copy of the config.
	Clone() UIConfig
}

UIConfig defines configuration for the web UI served by the proxy service. This is a configuration resource, never create more than one instance of it.

type UIConfigSpecV1 

type UIConfigSpecV1 struct {
	// ScrollbackLines is the max number of lines the UI terminal can display in its history.
	ScrollbackLines int32 `protobuf:"varint,1,opt,name=ScrollbackLines,proto3" json:"scrollback_lines"`
	// ShowResources determines which resources are shown in the web UI. Default if unset is "requestable"
	// which means resources the user has access to and resources they can request will be shown in the
	// resources UI. If set to `accessible_only`, only resources the user already has access to will be shown.
	ShowResources        github_com_gravitational_teleport_api_constants.ShowResources `` /* 151-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                                                      `json:"-"`
	XXX_unrecognized     []byte                                                        `json:"-"`
	XXX_sizecache        int32                                                         `json:"-"`
}

UIConfigSpecV1 is the specification for a UIConfig

func (*UIConfigSpecV1) Descriptor 

func (*UIConfigSpecV1) Descriptor() ([]byte, []int)

func (*UIConfigSpecV1) Marshal 

func (m *UIConfigSpecV1) Marshal() (dAtA []byte, err error)

func (*UIConfigSpecV1) MarshalTo 

func (m *UIConfigSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*UIConfigSpecV1) MarshalToSizedBuffer 

func (m *UIConfigSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UIConfigSpecV1) ProtoMessage 

func (*UIConfigSpecV1) ProtoMessage()

func (*UIConfigSpecV1) Reset 

func (m *UIConfigSpecV1) Reset()

func (*UIConfigSpecV1) Size 

func (m *UIConfigSpecV1) Size() (n int)

func (*UIConfigSpecV1) String 

func (m *UIConfigSpecV1) String() string

func (*UIConfigSpecV1) Unmarshal 

func (m *UIConfigSpecV1) Unmarshal(dAtA []byte) error

func (*UIConfigSpecV1) XXX_DiscardUnknown 

func (m *UIConfigSpecV1) XXX_DiscardUnknown()

func (*UIConfigSpecV1) XXX_Marshal 

func (m *UIConfigSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UIConfigSpecV1) XXX_Merge 

func (m *UIConfigSpecV1) XXX_Merge(src proto.Message)

func (*UIConfigSpecV1) XXX_Size 

func (m *UIConfigSpecV1) XXX_Size() int

func (*UIConfigSpecV1) XXX_Unmarshal 

func (m *UIConfigSpecV1) XXX_Unmarshal(b []byte) error

type UIConfigV1 

type UIConfigV1 struct {
	// Header is the resource header for the UI configuration.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the resource spec.
	Spec                 UIConfigSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

UIConfigV1 represents the configuration for the web UI served by the proxy service

func NewUIConfigV1 

func NewUIConfigV1() (*UIConfigV1, error)

func (*UIConfigV1) CheckAndSetDefaults 

func (c *UIConfigV1) CheckAndSetDefaults() error

CheckAndSetDefaults verifies the constraints for UIConfig.

func (*UIConfigV1) Clone 

func (c *UIConfigV1) Clone() UIConfig

Clone returns a copy of the config.

func (*UIConfigV1) Descriptor 

func (*UIConfigV1) Descriptor() ([]byte, []int)

func (*UIConfigV1) Expiry 

func (c *UIConfigV1) Expiry() time.Time

Expiry returns object expiry setting.

func (*UIConfigV1) GetKind 

func (c *UIConfigV1) GetKind() string

GetKind returns resource kind.

func (*UIConfigV1) GetMetadata 

func (c *UIConfigV1) GetMetadata() Metadata

GetMetadata returns object metadata.

func (*UIConfigV1) GetName 

func (c *UIConfigV1) GetName() string

GetName returns the name of the resource.

func (*UIConfigV1) GetScrollbackLines 

func (c *UIConfigV1) GetScrollbackLines() int32

func (*UIConfigV1) GetShowResources 

func (c *UIConfigV1) GetShowResources() constants.ShowResources

GetShowResources will returns which resources should be shown in the unified resources UI

func (*UIConfigV1) GetSubKind 

func (c *UIConfigV1) GetSubKind() string

GetSubKind returns resource subkind.

func (*UIConfigV1) GetVersion 

func (c *UIConfigV1) GetVersion() string

GetVersion returns resource version.

func (*UIConfigV1) Marshal 

func (m *UIConfigV1) Marshal() (dAtA []byte, err error)

func (*UIConfigV1) MarshalTo 

func (m *UIConfigV1) MarshalTo(dAtA []byte) (int, error)

func (*UIConfigV1) MarshalToSizedBuffer 

func (m *UIConfigV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UIConfigV1) ProtoMessage 

func (*UIConfigV1) ProtoMessage()

func (*UIConfigV1) Reset 

func (m *UIConfigV1) Reset()

func (*UIConfigV1) SetExpiry 

func (c *UIConfigV1) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object.

func (*UIConfigV1) SetName 

func (c *UIConfigV1) SetName(e string)

SetName sets the name of the resource.

func (*UIConfigV1) SetScrollbackLines 

func (c *UIConfigV1) SetScrollbackLines(lines int32)

func (*UIConfigV1) SetSubKind 

func (c *UIConfigV1) SetSubKind(sk string)

SetSubKind sets resource subkind.

func (*UIConfigV1) Size 

func (m *UIConfigV1) Size() (n int)

func (*UIConfigV1) String 

func (m *UIConfigV1) String() string

func (*UIConfigV1) Unmarshal 

func (m *UIConfigV1) Unmarshal(dAtA []byte) error

func (*UIConfigV1) XXX_DiscardUnknown 

func (m *UIConfigV1) XXX_DiscardUnknown()

func (*UIConfigV1) XXX_Marshal 

func (m *UIConfigV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UIConfigV1) XXX_Merge 

func (m *UIConfigV1) XXX_Merge(src proto.Message)

func (*UIConfigV1) XXX_Size 

func (m *UIConfigV1) XXX_Size() int

func (*UIConfigV1) XXX_Unmarshal 

func (m *UIConfigV1) XXX_Unmarshal(b []byte) error

type UpdaterStatus 

type UpdaterStatus int32
const (
	// UPDATER_STATUS_UNSPECIFIED is the zero value.
	UpdaterStatus_UPDATER_STATUS_UNSPECIFIED UpdaterStatus = 0
	// UPDATER_STATUS_OK means that everything looks OK from the agent pov.
	UpdaterStatus_UPDATER_STATUS_OK UpdaterStatus = 1
	// UPDATER_STATUS_DISABLED means that automatic updates seem disabled or paused.
	UpdaterStatus_UPDATER_STATUS_DISABLED UpdaterStatus = 2
	// UPDATER_STATUS_PINNED means that a specific version is pinned.
	UpdaterStatus_UPDATER_STATUS_PINNED UpdaterStatus = 3
	// UPDATER_STATUS_UNREADABLE means that the agent failed to read its update status.
	UpdaterStatus_UPDATER_STATUS_UNREADABLE UpdaterStatus = 4
)

func (UpdaterStatus) EnumDescriptor 

func (UpdaterStatus) EnumDescriptor() ([]byte, []int)

func (UpdaterStatus) String 

func (x UpdaterStatus) String() string

type UpdaterV2Info 

type UpdaterV2Info struct {
	// UpdateGroup is the update group the agent's updater is part of.
	// The autoupdate_agent_rollout resource controls when different groups update.
	// Reporting the update group in the Hello allows us to track the update progress per group.
	// See RFD 184 for more details.
	UpdateGroup string `protobuf:"bytes,1,opt,name=UpdateGroup,proto3" json:"UpdateGroup,omitempty"`
	// UpdateUUID is the agent's updater UUID.
	// Each updater has a UUID, this can be used in two cases:
	// - To update individual agents when doing canary updates
	// - To track the lowest non-updated agent to avoid a deadlock when doing a progressive rollout
	UpdateUUID []byte `protobuf:"bytes,2,opt,name=UpdateUUID,proto3" json:"UpdateUUID,omitempty"`
	// UpdaterStatus represents any updater-related status information that the Teleport cluster
	// should be aware of. For example, the fact the updater got disabled, the version pinned,
	// or that the updater seems to not be running.
	UpdaterStatus        UpdaterStatus `protobuf:"varint,3,opt,name=UpdaterStatus,proto3,enum=types.UpdaterStatus" json:"UpdaterStatus,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

UpdaterV2Info is used by Teleport to send information about how the Teleport updater is doing.

func (*UpdaterV2Info) Descriptor 

func (*UpdaterV2Info) Descriptor() ([]byte, []int)

func (*UpdaterV2Info) Marshal 

func (m *UpdaterV2Info) Marshal() (dAtA []byte, err error)

func (*UpdaterV2Info) MarshalTo 

func (m *UpdaterV2Info) MarshalTo(dAtA []byte) (int, error)

func (*UpdaterV2Info) MarshalToSizedBuffer 

func (m *UpdaterV2Info) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UpdaterV2Info) ProtoMessage 

func (*UpdaterV2Info) ProtoMessage()

func (*UpdaterV2Info) Reset 

func (m *UpdaterV2Info) Reset()

func (*UpdaterV2Info) Size 

func (m *UpdaterV2Info) Size() (n int)

func (*UpdaterV2Info) String 

func (m *UpdaterV2Info) String() string

func (*UpdaterV2Info) Unmarshal 

func (m *UpdaterV2Info) Unmarshal(dAtA []byte) error

func (*UpdaterV2Info) XXX_DiscardUnknown 

func (m *UpdaterV2Info) XXX_DiscardUnknown()

func (*UpdaterV2Info) XXX_Marshal 

func (m *UpdaterV2Info) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UpdaterV2Info) XXX_Merge 

func (m *UpdaterV2Info) XXX_Merge(src proto.Message)

func (*UpdaterV2Info) XXX_Size 

func (m *UpdaterV2Info) XXX_Size() int

func (*UpdaterV2Info) XXX_Unmarshal 

func (m *UpdaterV2Info) XXX_Unmarshal(b []byte) error

type User 

type User interface {
	// ResourceWithSecrets provides common resource properties
	ResourceWithSecrets
	ResourceWithOrigin
	ResourceWithLabels
	// SetMetadata sets object metadata
	SetMetadata(meta Metadata)
	// GetOIDCIdentities returns a list of connected OIDC identities
	GetOIDCIdentities() []ExternalIdentity
	// GetSAMLIdentities returns a list of connected SAML identities
	GetSAMLIdentities() []ExternalIdentity
	// GetGithubIdentities returns a list of connected Github identities
	GetGithubIdentities() []ExternalIdentity
	// SetGithubIdentities sets the list of connected GitHub identities
	SetGithubIdentities([]ExternalIdentity)
	// Get local authentication secrets (may be nil).
	GetLocalAuth() *LocalAuthSecrets
	// Set local authentication secrets (use nil to delete).
	SetLocalAuth(auth *LocalAuthSecrets)
	// GetRoles returns a list of roles assigned to user
	GetRoles() []string
	// GetLogins gets the list of server logins/principals for the user
	GetLogins() []string
	// GetDatabaseUsers gets the list of Database Users for the user
	GetDatabaseUsers() []string
	// GetDatabaseNames gets the list of Database Names for the user
	GetDatabaseNames() []string
	// GetKubeUsers gets the list of Kubernetes Users for the user
	GetKubeUsers() []string
	// GetKubeGroups gets the list of Kubernetes Groups for the user
	GetKubeGroups() []string
	// GetWindowsLogins gets the list of Windows Logins for the user
	GetWindowsLogins() []string
	// GetAWSRoleARNs gets the list of AWS role ARNs for the user
	GetAWSRoleARNs() []string
	// GetAzureIdentities gets a list of Azure identities for the user
	GetAzureIdentities() []string
	// GetGCPServiceAccounts gets a list of GCP service accounts for the user
	GetGCPServiceAccounts() []string
	// String returns user
	String() string
	// GetStatus return user login status
	GetStatus() LoginStatus
	// SetLocked sets login status to locked
	SetLocked(until time.Time, reason string)
	// ResetLocks resets lock related fields to empty values.
	ResetLocks()
	// SetRoles sets user roles
	SetRoles(roles []string)
	// AddRole adds role to the users' role list
	AddRole(name string)
	// SetLogins sets a list of server logins/principals for user
	SetLogins(logins []string)
	// SetDatabaseUsers sets a list of Database Users for user
	SetDatabaseUsers(databaseUsers []string)
	// SetDatabaseNames sets a list of Database Names for user
	SetDatabaseNames(databaseNames []string)
	// SetDatabaseRoles sets a list of Database roles for user
	SetDatabaseRoles(databaseRoles []string)
	// SetKubeUsers sets a list of Kubernetes Users for user
	SetKubeUsers(kubeUsers []string)
	// SetKubeGroups sets a list of Kubernetes Groups for user
	SetKubeGroups(kubeGroups []string)
	// SetWindowsLogins sets a list of Windows Logins for user
	SetWindowsLogins(logins []string)
	// SetAWSRoleARNs sets a list of AWS role ARNs for user
	SetAWSRoleARNs(awsRoleARNs []string)
	// SetAzureIdentities sets a list of Azure identities for the user
	SetAzureIdentities(azureIdentities []string)
	// SetGCPServiceAccounts sets a list of GCP service accounts for the user
	SetGCPServiceAccounts(accounts []string)
	// SetHostUserUID sets the UID for host users
	SetHostUserUID(uid string)
	// SetHostUserGID sets the GID for host users
	SetHostUserGID(gid string)
	// GetCreatedBy returns information about user
	GetCreatedBy() CreatedBy
	// SetCreatedBy sets created by information
	SetCreatedBy(CreatedBy)
	// GetUserType indicates if the User was created by an SSO Provider or locally.
	GetUserType() UserType
	// GetTraits gets the trait map for this user used to populate role variables.
	GetTraits() map[string][]string
	// SetTraits sets the trait map for this user used to populate role variables.
	SetTraits(map[string][]string)
	// GetTrustedDeviceIDs returns the IDs of the user's trusted devices.
	GetTrustedDeviceIDs() []string
	// SetTrustedDeviceIDs assigns the IDs of the user's trusted devices.
	SetTrustedDeviceIDs(ids []string)
	// IsBot returns true if the user is a bot.
	IsBot() bool
	// BotGenerationLabel returns the bot generation label.
	BotGenerationLabel() string
	// GetPasswordState reflects what the system knows about the user's password.
	// Note that this is a "best effort" property, in that it can be UNSPECIFIED
	// for users who were created before this property was introduced and didn't
	// perform any password-related activity since then. See RFD 0159 for details.
	// Do NOT use this value for authentication purposes!
	GetPasswordState() PasswordState
	// SetPasswordState updates the information about user's password. Note that
	// this is a "best effort" property, in that it can be UNSPECIFIED for users
	// who were created before this property was introduced and didn't perform any
	// password-related activity since then. See RFD 0159 for details.
	SetPasswordState(PasswordState)
	// SetWeakestDevice sets the MFA state for the user.
	SetWeakestDevice(MFADeviceKind)
	// GetWeakestDevice gets the MFA state for the user.
	GetWeakestDevice() MFADeviceKind
	// Clone creats a copy of the user.
	Clone() User
}

User represents teleport embedded user or external user.

func NewUser 

func NewUser(name string) (User, error)

NewUser creates new empty user

type UserFilter 

type UserFilter struct {
	// SearchKeywords is a list of search keywords to match against resource field values.
	SearchKeywords       []string `protobuf:"bytes,1,rep,name=SearchKeywords,proto3" json:"search_keywords,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

UserFilter matches user resources.

func (*UserFilter) Descriptor 

func (*UserFilter) Descriptor() ([]byte, []int)

func (*UserFilter) Marshal 

func (m *UserFilter) Marshal() (dAtA []byte, err error)

func (*UserFilter) MarshalTo 

func (m *UserFilter) MarshalTo(dAtA []byte) (int, error)

func (*UserFilter) MarshalToSizedBuffer 

func (m *UserFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserFilter) Match 

func (f *UserFilter) Match(user *UserV2) bool

Match checks if the given user matches this filter.

func (*UserFilter) ProtoMessage 

func (*UserFilter) ProtoMessage()

func (*UserFilter) Reset 

func (m *UserFilter) Reset()

func (*UserFilter) Size 

func (m *UserFilter) Size() (n int)

func (*UserFilter) String 

func (m *UserFilter) String() string

func (*UserFilter) Unmarshal 

func (m *UserFilter) Unmarshal(dAtA []byte) error

func (*UserFilter) XXX_DiscardUnknown 

func (m *UserFilter) XXX_DiscardUnknown()

func (*UserFilter) XXX_Marshal 

func (m *UserFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserFilter) XXX_Merge 

func (m *UserFilter) XXX_Merge(src proto.Message)

func (*UserFilter) XXX_Size 

func (m *UserFilter) XXX_Size() int

func (*UserFilter) XXX_Unmarshal 

func (m *UserFilter) XXX_Unmarshal(b []byte) error

type UserGroup 

type UserGroup interface {
	ResourceWithLabels

	// GetApplications will return a list of application IDs associated with the user group.
	GetApplications() []string
	// SetApplications will set the list of application IDs associated with the user group.
	SetApplications([]string)
	// Clone creates a copy of the group.
	Clone() UserGroup
}

UserGroup specifies an externally sourced group.

func NewUserGroup 

func NewUserGroup(metadata Metadata, spec UserGroupSpecV1) (UserGroup, error)

NewUserGroup returns a new UserGroup.

type UserGroupSpecV1 

type UserGroupSpecV1 struct {
	// Applications are a list of application IDs belonging to this user group.
	Applications         []string `protobuf:"bytes,1,rep,name=Applications,proto3" json:"Applications,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

UserGroupSpecV1 is the specification of a user group.

func (*UserGroupSpecV1) Descriptor 

func (*UserGroupSpecV1) Descriptor() ([]byte, []int)

func (*UserGroupSpecV1) Marshal 

func (m *UserGroupSpecV1) Marshal() (dAtA []byte, err error)

func (*UserGroupSpecV1) MarshalTo 

func (m *UserGroupSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*UserGroupSpecV1) MarshalToSizedBuffer 

func (m *UserGroupSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserGroupSpecV1) ProtoMessage 

func (*UserGroupSpecV1) ProtoMessage()

func (*UserGroupSpecV1) Reset 

func (m *UserGroupSpecV1) Reset()

func (*UserGroupSpecV1) Size 

func (m *UserGroupSpecV1) Size() (n int)

func (*UserGroupSpecV1) String 

func (m *UserGroupSpecV1) String() string

func (*UserGroupSpecV1) Unmarshal 

func (m *UserGroupSpecV1) Unmarshal(dAtA []byte) error

func (*UserGroupSpecV1) XXX_DiscardUnknown 

func (m *UserGroupSpecV1) XXX_DiscardUnknown()

func (*UserGroupSpecV1) XXX_Marshal 

func (m *UserGroupSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserGroupSpecV1) XXX_Merge 

func (m *UserGroupSpecV1) XXX_Merge(src proto.Message)

func (*UserGroupSpecV1) XXX_Size 

func (m *UserGroupSpecV1) XXX_Size() int

func (*UserGroupSpecV1) XXX_Unmarshal 

func (m *UserGroupSpecV1) XXX_Unmarshal(b []byte) error

type UserGroupV1 

type UserGroupV1 struct {
	// Header is the resource header for the user group.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the user group resource spec.
	Spec                 UserGroupSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

UserGroupV1 is a representation of an externally sourced user group.

func (*UserGroupV1) CheckAndSetDefaults 

func (g *UserGroupV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values

func (*UserGroupV1) Clone 

func (g *UserGroupV1) Clone() UserGroup

Clone creates a copy of the group.

func (*UserGroupV1) Descriptor 

func (*UserGroupV1) Descriptor() ([]byte, []int)

func (*UserGroupV1) GetApplications 

func (g *UserGroupV1) GetApplications() []string

GetApplications will return a list of application IDs associated with the user group.

func (*UserGroupV1) IsEqual 

func (g *UserGroupV1) IsEqual(i UserGroup) bool

IsEqual determines if two user group resources are equivalent to one another.

func (*UserGroupV1) Marshal 

func (m *UserGroupV1) Marshal() (dAtA []byte, err error)

func (*UserGroupV1) MarshalTo 

func (m *UserGroupV1) MarshalTo(dAtA []byte) (int, error)

func (*UserGroupV1) MarshalToSizedBuffer 

func (m *UserGroupV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserGroupV1) MatchSearch 

func (g *UserGroupV1) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*UserGroupV1) ProtoMessage 

func (*UserGroupV1) ProtoMessage()

func (*UserGroupV1) Reset 

func (m *UserGroupV1) Reset()

func (*UserGroupV1) SetApplications 

func (g *UserGroupV1) SetApplications(applications []string)

SetApplications will set the list of application IDs associated with the user group.

func (*UserGroupV1) Size 

func (m *UserGroupV1) Size() (n int)

func (*UserGroupV1) String 

func (g *UserGroupV1) String() string

String returns the user group string representation.

func (*UserGroupV1) Unmarshal 

func (m *UserGroupV1) Unmarshal(dAtA []byte) error

func (*UserGroupV1) XXX_DiscardUnknown 

func (m *UserGroupV1) XXX_DiscardUnknown()

func (*UserGroupV1) XXX_Marshal 

func (m *UserGroupV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserGroupV1) XXX_Merge 

func (m *UserGroupV1) XXX_Merge(src proto.Message)

func (*UserGroupV1) XXX_Size 

func (m *UserGroupV1) XXX_Size() int

func (*UserGroupV1) XXX_Unmarshal 

func (m *UserGroupV1) XXX_Unmarshal(b []byte) error

type UserGroups 

type UserGroups []UserGroup

UserGroups is a list of UserGroup resources.

func (UserGroups) AsResources 

func (g UserGroups) AsResources() []ResourceWithLabels

AsResources returns these groups as resources with labels.

func (UserGroups) Len 

func (g UserGroups) Len() int

Len returns the slice length.

func (UserGroups) Less 

func (g UserGroups) Less(i, j int) bool

Less compares user groups by name.

func (UserGroups) SortByCustom 

func (g UserGroups) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (UserGroups) Swap 

func (g UserGroups) Swap(i, j int)

Swap swaps two user groups.

type UserRef 

type UserRef struct {
	// Name is name of the user
	Name                 string   `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

UserRef holds references to user

func (*UserRef) Descriptor 

func (*UserRef) Descriptor() ([]byte, []int)

func (*UserRef) Marshal 

func (m *UserRef) Marshal() (dAtA []byte, err error)

func (*UserRef) MarshalTo 

func (m *UserRef) MarshalTo(dAtA []byte) (int, error)

func (*UserRef) MarshalToSizedBuffer 

func (m *UserRef) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserRef) ProtoMessage 

func (*UserRef) ProtoMessage()

func (*UserRef) Reset 

func (m *UserRef) Reset()

func (*UserRef) Size 

func (m *UserRef) Size() (n int)

func (*UserRef) String 

func (m *UserRef) String() string

func (*UserRef) Unmarshal 

func (m *UserRef) Unmarshal(dAtA []byte) error

func (*UserRef) XXX_DiscardUnknown 

func (m *UserRef) XXX_DiscardUnknown()

func (*UserRef) XXX_Marshal 

func (m *UserRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserRef) XXX_Merge 

func (m *UserRef) XXX_Merge(src proto.Message)

func (*UserRef) XXX_Size 

func (m *UserRef) XXX_Size() int

func (*UserRef) XXX_Unmarshal 

func (m *UserRef) XXX_Unmarshal(b []byte) error

type UserSpecV2 

type UserSpecV2 struct {
	// OIDCIdentities lists associated OpenID Connect identities
	// that let user log in using externally verified identity
	OIDCIdentities []ExternalIdentity `protobuf:"bytes,1,rep,name=OIDCIdentities,proto3" json:"oidc_identities,omitempty"`
	// SAMLIdentities lists associated SAML identities
	// that let user log in using externally verified identity
	SAMLIdentities []ExternalIdentity `protobuf:"bytes,2,rep,name=SAMLIdentities,proto3" json:"saml_identities,omitempty"`
	// GithubIdentities list associated Github OAuth2 identities
	// that let user log in using externally verified identity
	GithubIdentities []ExternalIdentity `protobuf:"bytes,3,rep,name=GithubIdentities,proto3" json:"github_identities,omitempty"`
	// Roles is a list of roles assigned to user
	Roles []string `protobuf:"bytes,4,rep,name=Roles,proto3" json:"roles,omitempty"`
	// Traits are key/value pairs received from an identity provider (through
	// OIDC claims or SAML assertions) or from a system administrator for local
	// accounts. Traits are used to populate role variables.
	Traits github_com_gravitational_teleport_api_types_wrappers.Traits `` /* 136-byte string literal not displayed */
	// Status is a login status of the user
	Status LoginStatus `protobuf:"bytes,6,opt,name=Status,proto3" json:"status,omitempty"`
	// Expires if set sets TTL on the user
	Expires time.Time `protobuf:"bytes,7,opt,name=Expires,proto3,stdtime" json:"expires"`
	// CreatedBy holds information about agent or person created this user
	CreatedBy CreatedBy `protobuf:"bytes,8,opt,name=CreatedBy,proto3" json:"created_by,omitempty"`
	// LocalAuth holds sensitive data necessary for performing local
	// authentication
	LocalAuth *LocalAuthSecrets `protobuf:"bytes,9,opt,name=LocalAuth,proto3" json:"local_auth,omitempty"`
	// TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user.
	//
	// Note that SSO users are transient and thus may contain an empty
	// TrustedDeviceIDs field, even though the user->device association exists
	// under the Device Trust subsystem. Do not rely on this field to determine
	// device associations or ownership, it exists for legacy/informative purposes
	// only.
	//
	// Managed by the Device Trust subsystem, avoid manual edits.
	TrustedDeviceIDs     []string `protobuf:"bytes,10,rep,name=TrustedDeviceIDs,proto3" json:"trusted_device_ids,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

UserSpecV2 is a specification for V2 user

func (*UserSpecV2) Descriptor 

func (*UserSpecV2) Descriptor() ([]byte, []int)

func (*UserSpecV2) Marshal 

func (m *UserSpecV2) Marshal() (dAtA []byte, err error)

func (*UserSpecV2) MarshalTo 

func (m *UserSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*UserSpecV2) MarshalToSizedBuffer 

func (m *UserSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserSpecV2) ProtoMessage 

func (*UserSpecV2) ProtoMessage()

func (*UserSpecV2) Reset 

func (m *UserSpecV2) Reset()

func (*UserSpecV2) Size 

func (m *UserSpecV2) Size() (n int)

func (*UserSpecV2) String 

func (m *UserSpecV2) String() string

func (*UserSpecV2) Unmarshal 

func (m *UserSpecV2) Unmarshal(dAtA []byte) error

func (*UserSpecV2) XXX_DiscardUnknown 

func (m *UserSpecV2) XXX_DiscardUnknown()

func (*UserSpecV2) XXX_Marshal 

func (m *UserSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserSpecV2) XXX_Merge 

func (m *UserSpecV2) XXX_Merge(src proto.Message)

func (*UserSpecV2) XXX_Size 

func (m *UserSpecV2) XXX_Size() int

func (*UserSpecV2) XXX_Unmarshal 

func (m *UserSpecV2) XXX_Unmarshal(b []byte) error

type UserStatusV2 

type UserStatusV2 struct {
	// password_state reflects what the system knows about the user's password.
	// Note that this is a "best effort" property, in that it can be UNSPECIFIED
	// for users who were created before this property was introduced and didn't
	// perform any password-related activity since then. See RFD 0159 for
	// details. Do NOT use this value for authentication purposes!
	PasswordState PasswordState `` /* 126-byte string literal not displayed */
	// mfa_weakest_device reflects what the system knows about the user's weakest MFA device.
	// Note that this is a "best effort" property, in that it can be UNSPECIFIED.
	MfaWeakestDevice     MFADeviceKind `` /* 137-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

UserStatusV2 is a dynamic state of UserV2.

func (*UserStatusV2) Descriptor 

func (*UserStatusV2) Descriptor() ([]byte, []int)

func (*UserStatusV2) Marshal 

func (m *UserStatusV2) Marshal() (dAtA []byte, err error)

func (*UserStatusV2) MarshalTo 

func (m *UserStatusV2) MarshalTo(dAtA []byte) (int, error)

func (*UserStatusV2) MarshalToSizedBuffer 

func (m *UserStatusV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserStatusV2) ProtoMessage 

func (*UserStatusV2) ProtoMessage()

func (*UserStatusV2) Reset 

func (m *UserStatusV2) Reset()

func (*UserStatusV2) Size 

func (m *UserStatusV2) Size() (n int)

func (*UserStatusV2) String 

func (m *UserStatusV2) String() string

func (*UserStatusV2) Unmarshal 

func (m *UserStatusV2) Unmarshal(dAtA []byte) error

func (*UserStatusV2) XXX_DiscardUnknown 

func (m *UserStatusV2) XXX_DiscardUnknown()

func (*UserStatusV2) XXX_Marshal 

func (m *UserStatusV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserStatusV2) XXX_Merge 

func (m *UserStatusV2) XXX_Merge(src proto.Message)

func (*UserStatusV2) XXX_Size 

func (m *UserStatusV2) XXX_Size() int

func (*UserStatusV2) XXX_Unmarshal 

func (m *UserStatusV2) XXX_Unmarshal(b []byte) error

type UserToken 

type UserToken interface {
	// Resource provides common resource properties
	Resource
	// GetUser returns User
	GetUser() string
	// SetUser sets User
	SetUser(string)
	// GetCreated returns Created
	GetCreated() time.Time
	// SetCreated sets Created
	SetCreated(time.Time)
	// GetURL returns URL
	GetURL() string
	// SetURL returns URL
	SetURL(string)
	// GetUsage returns usage type.
	GetUsage() UserTokenUsage
	// SetUsage sets usage type.
	SetUsage(UserTokenUsage)
}

UserToken represents a temporary token used for various user related actions ie: change password.

func NewUserToken 

func NewUserToken(tokenID string) (UserToken, error)

NewUserToken creates an instance of UserToken.

type UserTokenSecrets 

type UserTokenSecrets interface {
	// Resource provides common resource properties
	Resource
	// GetCreated returns Created
	GetCreated() time.Time
	// SetCreated sets Created
	SetCreated(time.Time)
	// GetQRCode returns QRCode
	GetQRCode() []byte
	// SetQRCode sets QRCode
	SetQRCode([]byte)
	// GetOTPKey returns OTP key
	GetOTPKey() string
	// SetOTPKey sets OTP Key
	SetOTPKey(string)
}

UserTokenSecrets contains user token secrets.

func NewUserTokenSecrets 

func NewUserTokenSecrets(tokenID string) (UserTokenSecrets, error)

NewUserTokenSecrets creates an instance of UserTokenSecrets.

type UserTokenSecretsSpecV3 

type UserTokenSecretsSpecV3 struct {
	// OTPKey is is a secret value of one time password secret generator
	OTPKey string `protobuf:"bytes,1,opt,name=OTPKey,proto3" json:"opt_key"`
	// OTPKey is is a secret value of one time password secret generator
	QRCode string `protobuf:"bytes,2,opt,name=QRCode,proto3" json:"qr_code,omitempty"`
	// Created holds information about when the token was created
	Created              time.Time `protobuf:"bytes,3,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

func (*UserTokenSecretsSpecV3) Descriptor 

func (*UserTokenSecretsSpecV3) Descriptor() ([]byte, []int)

func (*UserTokenSecretsSpecV3) Marshal 

func (m *UserTokenSecretsSpecV3) Marshal() (dAtA []byte, err error)

func (*UserTokenSecretsSpecV3) MarshalTo 

func (m *UserTokenSecretsSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*UserTokenSecretsSpecV3) MarshalToSizedBuffer 

func (m *UserTokenSecretsSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserTokenSecretsSpecV3) ProtoMessage 

func (*UserTokenSecretsSpecV3) ProtoMessage()

func (*UserTokenSecretsSpecV3) Reset 

func (m *UserTokenSecretsSpecV3) Reset()

func (*UserTokenSecretsSpecV3) Size 

func (m *UserTokenSecretsSpecV3) Size() (n int)

func (*UserTokenSecretsSpecV3) String 

func (m *UserTokenSecretsSpecV3) String() string

func (*UserTokenSecretsSpecV3) Unmarshal 

func (m *UserTokenSecretsSpecV3) Unmarshal(dAtA []byte) error

func (*UserTokenSecretsSpecV3) XXX_DiscardUnknown 

func (m *UserTokenSecretsSpecV3) XXX_DiscardUnknown()

func (*UserTokenSecretsSpecV3) XXX_Marshal 

func (m *UserTokenSecretsSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserTokenSecretsSpecV3) XXX_Merge 

func (m *UserTokenSecretsSpecV3) XXX_Merge(src proto.Message)

func (*UserTokenSecretsSpecV3) XXX_Size 

func (m *UserTokenSecretsSpecV3) XXX_Size() int

func (*UserTokenSecretsSpecV3) XXX_Unmarshal 

func (m *UserTokenSecretsSpecV3) XXX_Unmarshal(b []byte) error

type UserTokenSecretsV3 

type UserTokenSecretsV3 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is an resource specification
	Spec                 UserTokenSecretsSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

func (*UserTokenSecretsV3) CheckAndSetDefaults 

func (u *UserTokenSecretsV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and set default values for any missing fields.

func (*UserTokenSecretsV3) Descriptor 

func (*UserTokenSecretsV3) Descriptor() ([]byte, []int)

func (*UserTokenSecretsV3) Expiry 

func (u *UserTokenSecretsV3) Expiry() time.Time

Expiry returns object expiry setting

func (*UserTokenSecretsV3) GetCreated 

func (u *UserTokenSecretsV3) GetCreated() time.Time

GetCreated returns Created

func (*UserTokenSecretsV3) GetKind 

func (u *UserTokenSecretsV3) GetKind() string

GetKind returns resource kind

func (*UserTokenSecretsV3) GetMetadata 

func (u *UserTokenSecretsV3) GetMetadata() Metadata

GetMetadata returns object metadata

func (*UserTokenSecretsV3) GetName 

func (u *UserTokenSecretsV3) GetName() string

GetName returns Name

func (*UserTokenSecretsV3) GetOTPKey 

func (u *UserTokenSecretsV3) GetOTPKey() string

GetOTPKey returns OTP Key

func (*UserTokenSecretsV3) GetQRCode 

func (u *UserTokenSecretsV3) GetQRCode() []byte

GetQRCode returns QRCode

func (*UserTokenSecretsV3) GetRevision 

func (u *UserTokenSecretsV3) GetRevision() string

GetRevision returns the revision

func (*UserTokenSecretsV3) GetSubKind 

func (u *UserTokenSecretsV3) GetSubKind() string

GetSubKind returns resource sub kind

func (*UserTokenSecretsV3) GetVersion 

func (u *UserTokenSecretsV3) GetVersion() string

GetVersion returns resource version

func (*UserTokenSecretsV3) Marshal 

func (m *UserTokenSecretsV3) Marshal() (dAtA []byte, err error)

func (*UserTokenSecretsV3) MarshalTo 

func (m *UserTokenSecretsV3) MarshalTo(dAtA []byte) (int, error)

func (*UserTokenSecretsV3) MarshalToSizedBuffer 

func (m *UserTokenSecretsV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserTokenSecretsV3) ProtoMessage 

func (*UserTokenSecretsV3) ProtoMessage()

func (*UserTokenSecretsV3) Reset 

func (m *UserTokenSecretsV3) Reset()

func (*UserTokenSecretsV3) SetCreated 

func (u *UserTokenSecretsV3) SetCreated(t time.Time)

SetCreated sets Created

func (*UserTokenSecretsV3) SetExpiry 

func (u *UserTokenSecretsV3) SetExpiry(t time.Time)

SetExpiry sets object expiry

func (*UserTokenSecretsV3) SetName 

func (u *UserTokenSecretsV3) SetName(name string)

SetName sets the name of the resource

func (*UserTokenSecretsV3) SetOTPKey 

func (u *UserTokenSecretsV3) SetOTPKey(key string)

SetOTPKey sets OTP Key

func (*UserTokenSecretsV3) SetQRCode 

func (u *UserTokenSecretsV3) SetQRCode(code []byte)

SetQRCode sets QRCode

func (*UserTokenSecretsV3) SetRevision 

func (u *UserTokenSecretsV3) SetRevision(rev string)

SetRevision sets the revision

func (*UserTokenSecretsV3) SetSubKind 

func (u *UserTokenSecretsV3) SetSubKind(s string)

SetSubKind sets resource subkind

func (*UserTokenSecretsV3) Size 

func (m *UserTokenSecretsV3) Size() (n int)

func (*UserTokenSecretsV3) String 

func (u *UserTokenSecretsV3) String() string

String represents a human readable version of the token secrets

func (*UserTokenSecretsV3) Unmarshal 

func (m *UserTokenSecretsV3) Unmarshal(dAtA []byte) error

func (*UserTokenSecretsV3) XXX_DiscardUnknown 

func (m *UserTokenSecretsV3) XXX_DiscardUnknown()

func (*UserTokenSecretsV3) XXX_Marshal 

func (m *UserTokenSecretsV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserTokenSecretsV3) XXX_Merge 

func (m *UserTokenSecretsV3) XXX_Merge(src proto.Message)

func (*UserTokenSecretsV3) XXX_Size 

func (m *UserTokenSecretsV3) XXX_Size() int

func (*UserTokenSecretsV3) XXX_Unmarshal 

func (m *UserTokenSecretsV3) XXX_Unmarshal(b []byte) error

type UserTokenSpecV3 

type UserTokenSpecV3 struct {
	// User is user name associated with this token
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// URL is this token URL
	URL string `protobuf:"bytes,2,opt,name=URL,proto3" json:"url"`
	// Usage is an optional field that provides more information about how this token will be used.
	Usage UserTokenUsage `protobuf:"varint,3,opt,name=Usage,proto3,enum=types.UserTokenUsage" json:"usage,omitempty"`
	// Created holds information about when the token was created
	Created              time.Time `protobuf:"bytes,4,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

func (*UserTokenSpecV3) Descriptor 

func (*UserTokenSpecV3) Descriptor() ([]byte, []int)

func (*UserTokenSpecV3) Marshal 

func (m *UserTokenSpecV3) Marshal() (dAtA []byte, err error)

func (*UserTokenSpecV3) MarshalTo 

func (m *UserTokenSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*UserTokenSpecV3) MarshalToSizedBuffer 

func (m *UserTokenSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserTokenSpecV3) ProtoMessage 

func (*UserTokenSpecV3) ProtoMessage()

func (*UserTokenSpecV3) Reset 

func (m *UserTokenSpecV3) Reset()

func (*UserTokenSpecV3) Size 

func (m *UserTokenSpecV3) Size() (n int)

func (*UserTokenSpecV3) String 

func (m *UserTokenSpecV3) String() string

func (*UserTokenSpecV3) Unmarshal 

func (m *UserTokenSpecV3) Unmarshal(dAtA []byte) error

func (*UserTokenSpecV3) XXX_DiscardUnknown 

func (m *UserTokenSpecV3) XXX_DiscardUnknown()

func (*UserTokenSpecV3) XXX_Marshal 

func (m *UserTokenSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserTokenSpecV3) XXX_Merge 

func (m *UserTokenSpecV3) XXX_Merge(src proto.Message)

func (*UserTokenSpecV3) XXX_Size 

func (m *UserTokenSpecV3) XXX_Size() int

func (*UserTokenSpecV3) XXX_Unmarshal 

func (m *UserTokenSpecV3) XXX_Unmarshal(b []byte) error

type UserTokenUsage 

type UserTokenUsage int32

UserTokenUsage contains additional information about the intended usage of a user token. 

const (
	// Default value that implies token usage was not set.
	UserTokenUsage_USER_TOKEN_USAGE_UNSPECIFIED UserTokenUsage = 0
	// USER_TOKEN_RECOVER_PASSWORD is a request to recover password.
	UserTokenUsage_USER_TOKEN_RECOVER_PASSWORD UserTokenUsage = 1
	// USER_TOKEN_RECOVER_MFA is a request to recover a MFA.
	UserTokenUsage_USER_TOKEN_RECOVER_MFA UserTokenUsage = 2
	// USER_TOKEN_RENEWAL_BOT is a request to generate certificates
	// for a bot user.
	UserTokenUsage_USER_TOKEN_RENEWAL_BOT UserTokenUsage = 3
)

func (UserTokenUsage) EnumDescriptor 

func (UserTokenUsage) EnumDescriptor() ([]byte, []int)

func (UserTokenUsage) String 

func (x UserTokenUsage) String() string

type UserTokenV3 

type UserTokenV3 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is a resource sub kind, used to define the type of user token.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is an resource specification
	Spec                 UserTokenSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

func (*UserTokenV3) CheckAndSetDefaults 

func (u *UserTokenV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and set default values for any missing fields.

func (*UserTokenV3) Descriptor 

func (*UserTokenV3) Descriptor() ([]byte, []int)

func (*UserTokenV3) Expiry 

func (u *UserTokenV3) Expiry() time.Time

Expiry returns object expiry setting

func (*UserTokenV3) GetCreated 

func (u *UserTokenV3) GetCreated() time.Time

GetCreated returns Created

func (*UserTokenV3) GetKind 

func (u *UserTokenV3) GetKind() string

GetKind returns resource kind

func (*UserTokenV3) GetMetadata 

func (u *UserTokenV3) GetMetadata() Metadata

GetMetadata returns object metadata

func (*UserTokenV3) GetName 

func (u *UserTokenV3) GetName() string

GetName returns token ID.

func (*UserTokenV3) GetRevision 

func (u *UserTokenV3) GetRevision() string

GetRevision returns the revision

func (*UserTokenV3) GetSubKind 

func (u *UserTokenV3) GetSubKind() string

GetSubKind returns resource sub kind

func (*UserTokenV3) GetURL 

func (u *UserTokenV3) GetURL() string

GetURL returns URL

func (*UserTokenV3) GetUsage 

func (u *UserTokenV3) GetUsage() UserTokenUsage

GetUsage returns a usage type.

func (*UserTokenV3) GetUser 

func (u *UserTokenV3) GetUser() string

GetUser returns User

func (*UserTokenV3) GetVersion 

func (u *UserTokenV3) GetVersion() string

GetVersion returns resource version

func (*UserTokenV3) Marshal 

func (m *UserTokenV3) Marshal() (dAtA []byte, err error)

func (*UserTokenV3) MarshalTo 

func (m *UserTokenV3) MarshalTo(dAtA []byte) (int, error)

func (*UserTokenV3) MarshalToSizedBuffer 

func (m *UserTokenV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserTokenV3) ProtoMessage 

func (*UserTokenV3) ProtoMessage()

func (*UserTokenV3) Reset 

func (m *UserTokenV3) Reset()

func (*UserTokenV3) SetCreated 

func (u *UserTokenV3) SetCreated(t time.Time)

SetCreated sets the name of the resource

func (*UserTokenV3) SetExpiry 

func (u *UserTokenV3) SetExpiry(t time.Time)

SetExpiry sets object expiry

func (*UserTokenV3) SetName 

func (u *UserTokenV3) SetName(name string)

SetName sets the name of the resource

func (*UserTokenV3) SetRevision 

func (u *UserTokenV3) SetRevision(rev string)

SetRevision sets the revision

func (*UserTokenV3) SetSubKind 

func (u *UserTokenV3) SetSubKind(s string)

SetSubKind sets resource subkind

func (*UserTokenV3) SetURL 

func (u *UserTokenV3) SetURL(url string)

SetURL sets URL

func (*UserTokenV3) SetUsage 

func (u *UserTokenV3) SetUsage(r UserTokenUsage)

SetUsage sets a usage type.

func (*UserTokenV3) SetUser 

func (u *UserTokenV3) SetUser(name string)

SetUser sets the name of the resource

func (*UserTokenV3) Size 

func (m *UserTokenV3) Size() (n int)

func (*UserTokenV3) String 

func (u *UserTokenV3) String() string

String represents a human readable version of the token

func (*UserTokenV3) Unmarshal 

func (m *UserTokenV3) Unmarshal(dAtA []byte) error

func (*UserTokenV3) XXX_DiscardUnknown 

func (m *UserTokenV3) XXX_DiscardUnknown()

func (*UserTokenV3) XXX_Marshal 

func (m *UserTokenV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserTokenV3) XXX_Merge 

func (m *UserTokenV3) XXX_Merge(src proto.Message)

func (*UserTokenV3) XXX_Size 

func (m *UserTokenV3) XXX_Size() int

func (*UserTokenV3) XXX_Unmarshal 

func (m *UserTokenV3) XXX_Unmarshal(b []byte) error

type UserType 

type UserType string

UserType is the user's types that indicates where it was created. 

const (
	// UserTypeSSO identifies a user that was created from an SSO provider.
	UserTypeSSO UserType = "sso"
	// UserTypeLocal identifies a user that was created in Teleport itself and has no connection to an external identity.
	UserTypeLocal UserType = "local"
)

type UserV2 

type UserV2 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version. It must be specified.
	// Supported values are: `v2`.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a user specification
	Spec                 UserSpecV2   `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	Status               UserStatusV2 `protobuf:"bytes,6,opt,name=Status,proto3" json:"status,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

UserV2 is version 2 resource spec of the user

func (*UserV2) AddRole 

func (u *UserV2) AddRole(name string)

AddRole adds a role to user's role list

func (UserV2) BotGenerationLabel 

func (u UserV2) BotGenerationLabel() string

BotGenerationLabel returns the bot generation label.

func (*UserV2) CheckAndSetDefaults 

func (u *UserV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks and set default values for any missing fields.

func (*UserV2) Clone 

func (u *UserV2) Clone() User

func (*UserV2) DeepCopy 

func (u *UserV2) DeepCopy() User

DeepCopy creates a clone of this user value.

func (*UserV2) Descriptor 

func (*UserV2) Descriptor() ([]byte, []int)

func (*UserV2) Expiry 

func (u *UserV2) Expiry() time.Time

Expiry returns expiry time for temporary users. Prefer expires from metadata, if it does not exist, fall back to expires in spec.

func (UserV2) GetAWSRoleARNs 

func (u UserV2) GetAWSRoleARNs() []string

GetAWSRoleARNs gets the list of AWS role ARNs for the user

func (*UserV2) GetAllLabels 

func (u *UserV2) GetAllLabels() map[string]string

GetAllLabels fetches all the user labels.

func (UserV2) GetAzureIdentities 

func (u UserV2) GetAzureIdentities() []string

GetAzureIdentities gets a list of Azure identities for the user

func (*UserV2) GetCreatedBy 

func (u *UserV2) GetCreatedBy() CreatedBy

GetCreatedBy returns information about who created user

func (UserV2) GetDatabaseNames 

func (u UserV2) GetDatabaseNames() []string

GetDatabaseNames gets the list of DB Names for the user

func (UserV2) GetDatabaseUsers 

func (u UserV2) GetDatabaseUsers() []string

GetDatabaseUsers gets the list of DB Users for the user

func (UserV2) GetGCPServiceAccounts 

func (u UserV2) GetGCPServiceAccounts() []string

GetGCPServiceAccounts gets a list of GCP service accounts for the user

func (*UserV2) GetGithubIdentities 

func (u *UserV2) GetGithubIdentities() []ExternalIdentity

GetGithubIdentities returns a list of connected Github identities

func (*UserV2) GetKind 

func (u *UserV2) GetKind() string

GetKind returns resource kind

func (UserV2) GetKubeGroups 

func (u UserV2) GetKubeGroups() []string

GetKubeGroups gets the list of Kubernetes Groups for the user

func (UserV2) GetKubeUsers 

func (u UserV2) GetKubeUsers() []string

GetKubeUsers gets the list of Kubernetes Users for the user

func (*UserV2) GetLabel 

func (u *UserV2) GetLabel(key string) (value string, ok bool)

GetLabel fetches the given user label, with the same semantics as a map read

func (*UserV2) GetLocalAuth 

func (u *UserV2) GetLocalAuth() *LocalAuthSecrets

GetLocalAuth gets local authentication secrets (may be nil).

func (UserV2) GetLogins 

func (u UserV2) GetLogins() []string

GetLogins gets the list of server logins/principals for the user

func (*UserV2) GetMetadata 

func (u *UserV2) GetMetadata() Metadata

GetMetadata returns object metadata

func (*UserV2) GetName 

func (u *UserV2) GetName() string

GetName returns the name of the User

func (*UserV2) GetOIDCIdentities 

func (u *UserV2) GetOIDCIdentities() []ExternalIdentity

GetOIDCIdentities returns a list of connected OIDC identities

func (*UserV2) GetPasswordState 

func (u *UserV2) GetPasswordState() PasswordState

func (*UserV2) GetRevision 

func (u *UserV2) GetRevision() string

GetRevision returns the revision

func (*UserV2) GetRoles 

func (u *UserV2) GetRoles() []string

GetRoles returns a list of roles assigned to user

func (*UserV2) GetSAMLIdentities 

func (u *UserV2) GetSAMLIdentities() []ExternalIdentity

GetSAMLIdentities returns a list of connected SAML identities

func (*UserV2) GetStaticLabels 

func (u *UserV2) GetStaticLabels() map[string]string

GetStaticLabels fetches all the user labels.

func (*UserV2) GetStatus 

func (u *UserV2) GetStatus() LoginStatus

GetStatus returns login status of the user

func (*UserV2) GetSubKind 

func (u *UserV2) GetSubKind() string

GetSubKind returns resource sub kind

func (*UserV2) GetTraits 

func (u *UserV2) GetTraits() map[string][]string

GetTraits gets the trait map for this user used to populate role variables.

func (*UserV2) GetTrustedDeviceIDs 

func (u *UserV2) GetTrustedDeviceIDs() []string

GetTrustedDeviceIDs returns the IDs of the user's trusted devices.

func (UserV2) GetUserType 

func (u UserV2) GetUserType() UserType

GetUserType indicates if the User was created by an SSO Provider or locally.

func (*UserV2) GetVersion 

func (u *UserV2) GetVersion() string

GetVersion returns resource version

func (*UserV2) GetWeakestDevice 

func (u *UserV2) GetWeakestDevice() MFADeviceKind

func (UserV2) GetWindowsLogins 

func (u UserV2) GetWindowsLogins() []string

GetWindowsLogins gets the list of Windows Logins for the user

func (UserV2) IsBot 

func (u UserV2) IsBot() bool

IsBot returns true if the user is a bot.

func (*UserV2) Marshal 

func (m *UserV2) Marshal() (dAtA []byte, err error)

func (*UserV2) MarshalTo 

func (m *UserV2) MarshalTo(dAtA []byte) (int, error)

func (*UserV2) MarshalToSizedBuffer 

func (m *UserV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UserV2) MatchSearch 

func (u *UserV2) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*UserV2) Origin 

func (u *UserV2) Origin() string

Origin returns the origin value of the resource.

func (*UserV2) ProtoMessage 

func (*UserV2) ProtoMessage()

func (*UserV2) Reset 

func (m *UserV2) Reset()

func (*UserV2) ResetLocks 

func (u *UserV2) ResetLocks()

ResetLocks resets lock related fields to empty values.

func (*UserV2) SetAWSRoleARNs 

func (u *UserV2) SetAWSRoleARNs(awsRoleARNs []string)

SetAWSRoleARNs sets the AWSRoleARNs trait for the user

func (*UserV2) SetAzureIdentities 

func (u *UserV2) SetAzureIdentities(identities []string)

SetAzureIdentities sets a list of Azure identities for the user

func (*UserV2) SetCreatedBy 

func (u *UserV2) SetCreatedBy(b CreatedBy)

SetCreatedBy sets created by information

func (*UserV2) SetDatabaseNames 

func (u *UserV2) SetDatabaseNames(databaseNames []string)

SetDatabaseNames sets the DatabaseNames trait for the user

func (*UserV2) SetDatabaseRoles 

func (u *UserV2) SetDatabaseRoles(databaseRoles []string)

SetDatabaseRoles sets the DatabaseRoles trait for the user

func (*UserV2) SetDatabaseUsers 

func (u *UserV2) SetDatabaseUsers(databaseUsers []string)

SetDatabaseUsers sets the DatabaseUsers trait for the user

func (*UserV2) SetExpiry 

func (u *UserV2) SetExpiry(expires time.Time)

SetExpiry sets expiry time for the object

func (*UserV2) SetGCPServiceAccounts 

func (u *UserV2) SetGCPServiceAccounts(accounts []string)

SetGCPServiceAccounts sets a list of GCP service accounts for the user

func (*UserV2) SetGithubIdentities 

func (u *UserV2) SetGithubIdentities(identities []ExternalIdentity)

SetGithubIdentities sets the list of connected GitHub identities

func (*UserV2) SetHostUserGID 

func (u *UserV2) SetHostUserGID(uid string)

SetHostUserGID sets the host user GID

func (*UserV2) SetHostUserUID 

func (u *UserV2) SetHostUserUID(uid string)

SetHostUserUID sets the host user UID

func (*UserV2) SetKubeGroups 

func (u *UserV2) SetKubeGroups(kubeGroups []string)

SetKubeGroups sets the KubeGroups trait for the user

func (*UserV2) SetKubeUsers 

func (u *UserV2) SetKubeUsers(kubeUsers []string)

SetKubeUsers sets the KubeUsers trait for the user

func (*UserV2) SetLocalAuth 

func (u *UserV2) SetLocalAuth(auth *LocalAuthSecrets)

SetLocalAuth sets local authentication secrets (use nil to delete).

func (*UserV2) SetLocked 

func (u *UserV2) SetLocked(until time.Time, reason string)

SetLocked marks the user as locked

func (*UserV2) SetLogins 

func (u *UserV2) SetLogins(logins []string)

SetLogins sets the Logins trait for the user

func (*UserV2) SetMetadata 

func (u *UserV2) SetMetadata(meta Metadata)

SetMetadata sets object metadata

func (*UserV2) SetName 

func (u *UserV2) SetName(e string)

SetName sets the name of the User

func (*UserV2) SetOrigin 

func (u *UserV2) SetOrigin(origin string)

SetOrigin sets the origin value of the resource.

func (*UserV2) SetPasswordState 

func (u *UserV2) SetPasswordState(state PasswordState)

func (*UserV2) SetRevision 

func (u *UserV2) SetRevision(rev string)

SetRevision sets the revision

func (*UserV2) SetRoles 

func (u *UserV2) SetRoles(roles []string)

SetRoles sets a list of roles for user

func (*UserV2) SetStaticLabels 

func (u *UserV2) SetStaticLabels(sl map[string]string)

SetStaticLabels sets the entire label set for the user.

func (*UserV2) SetSubKind 

func (u *UserV2) SetSubKind(s string)

SetSubKind sets resource subkind

func (*UserV2) SetTraits 

func (u *UserV2) SetTraits(traits map[string][]string)

SetTraits sets the trait map for this user used to populate role variables.

func (*UserV2) SetTrustedDeviceIDs 

func (u *UserV2) SetTrustedDeviceIDs(ids []string)

SetTrustedDeviceIDs assigns the IDs of the user's trusted devices.

func (*UserV2) SetWeakestDevice 

func (u *UserV2) SetWeakestDevice(state MFADeviceKind)

func (*UserV2) SetWindowsLogins 

func (u *UserV2) SetWindowsLogins(logins []string)

SetWindowsLogins sets the WindowsLogins trait for the user

func (*UserV2) Size 

func (m *UserV2) Size() (n int)

func (*UserV2) String 

func (u *UserV2) String() string

func (*UserV2) Unmarshal 

func (m *UserV2) Unmarshal(dAtA []byte) error

func (*UserV2) WithoutSecrets 

func (u *UserV2) WithoutSecrets() Resource

WithoutSecrets returns an instance of resource without secrets.

func (*UserV2) XXX_DiscardUnknown 

func (m *UserV2) XXX_DiscardUnknown()

func (*UserV2) XXX_Marshal 

func (m *UserV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UserV2) XXX_Merge 

func (m *UserV2) XXX_Merge(src proto.Message)

func (*UserV2) XXX_Size 

func (m *UserV2) XXX_Size() int

func (*UserV2) XXX_Unmarshal 

func (m *UserV2) XXX_Unmarshal(b []byte) error

type Watch 

type Watch struct {
	// Name is used for debugging purposes
	Name string

	// Kinds specifies kinds of objects to watch
	// and whether to load secret data for them
	Kinds []WatchKind

	// QueueSize is an optional queue size
	QueueSize int

	// MetricComponent is used for reporting
	MetricComponent string

	// AllowPartialSuccess enables a mode in which a watch will succeed if some of the requested kinds aren't available.
	// When this is set, the client must inspect the WatchStatus resource attached to the first OpInit event emitted
	// by the watcher for a list of kinds confirmed by the event source. Kinds requested but omitted from the confirmation
	// will not be included in the event stream.
	// If AllowPartialSuccess was set, but OpInit doesn't have a resource attached, it means that the event source
	// doesn't support partial success and all requested resource kinds should be considered confirmed.
	AllowPartialSuccess bool
}

Watch sets up watch on the event

type WatchKind 

type WatchKind struct {
	// Kind is a resource kind to watch
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// LoadSecrets specifies whether to load secrets
	LoadSecrets bool `protobuf:"varint,2,opt,name=LoadSecrets,proto3" json:"load_secrets"`
	// Name is an optional specific resource type to watch,
	// if specified only the events with a specific resource
	// name will be sent
	Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name"`
	// Filter is an optional mapping of custom filter parameters.
	// Valid values vary by resource kind.
	Filter map[string]string `` /* 153-byte string literal not displayed */
	// SubKind is a resource subkind to watch
	SubKind string `protobuf:"bytes,5,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version optionally specifies the resource version to watch.
	// Currently this field is ignored.
	Version              string   `protobuf:"bytes,6,opt,name=Version,proto3" json:"version,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

WatchKind specifies resource kind to watch When adding fields to this struct, make sure to review/update WatchKind.Contains method.

func (WatchKind) Contains 

func (kind WatchKind) Contains(subset WatchKind) bool

Contains determines whether kind (receiver) targets exactly the same or a wider scope of events as the given subset kind. Generally this means that if kind specifies a filter, its subset must have exactly the same or a narrower one. Currently, does not take resource versions into account.

func (*WatchKind) Descriptor 

func (*WatchKind) Descriptor() ([]byte, []int)

func (WatchKind) IsTrivial 

func (kind WatchKind) IsTrivial() bool

IsTrivial returns true iff the WatchKind only specifies a Kind but no other field.

func (*WatchKind) Marshal 

func (m *WatchKind) Marshal() (dAtA []byte, err error)

func (*WatchKind) MarshalTo 

func (m *WatchKind) MarshalTo(dAtA []byte) (int, error)

func (*WatchKind) MarshalToSizedBuffer 

func (m *WatchKind) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (WatchKind) Matches 

func (kind WatchKind) Matches(e Event) (bool, error)

Matches attempts to determine if the supplied event matches this WatchKind. If the WatchKind is misconfigured, or the event appears malformed, an error is returned.

func (*WatchKind) ProtoMessage 

func (*WatchKind) ProtoMessage()

func (*WatchKind) Reset 

func (m *WatchKind) Reset()

func (*WatchKind) Size 

func (m *WatchKind) Size() (n int)

func (*WatchKind) String 

func (m *WatchKind) String() string

func (*WatchKind) Unmarshal 

func (m *WatchKind) Unmarshal(dAtA []byte) error

func (*WatchKind) XXX_DiscardUnknown 

func (m *WatchKind) XXX_DiscardUnknown()

func (*WatchKind) XXX_Marshal 

func (m *WatchKind) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WatchKind) XXX_Merge 

func (m *WatchKind) XXX_Merge(src proto.Message)

func (*WatchKind) XXX_Size 

func (m *WatchKind) XXX_Size() int

func (*WatchKind) XXX_Unmarshal 

func (m *WatchKind) XXX_Unmarshal(b []byte) error

type WatchStatus 

type WatchStatus interface {
	Resource
	// GetKinds returns the list of kinds confirmed by the Watch request.
	GetKinds() []WatchKind
	// SetKinds sets the list of kinds confirmed by the Watch request.
	SetKinds([]WatchKind)
	// Clone performs a deep copy of watch status.
	Clone() WatchStatus
}

WatchStatus contains information about a successful Watch request.

type WatchStatusSpecV1 

type WatchStatusSpecV1 struct {
	Kinds                []WatchKind `protobuf:"bytes,1,rep,name=Kinds,proto3" json:"kinds"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

WatchStatusSpecV1 contains resource kinds confirmed by WatchEvents to be included in the event stream.

func (*WatchStatusSpecV1) Descriptor 

func (*WatchStatusSpecV1) Descriptor() ([]byte, []int)

func (*WatchStatusSpecV1) Marshal 

func (m *WatchStatusSpecV1) Marshal() (dAtA []byte, err error)

func (*WatchStatusSpecV1) MarshalTo 

func (m *WatchStatusSpecV1) MarshalTo(dAtA []byte) (int, error)

func (*WatchStatusSpecV1) MarshalToSizedBuffer 

func (m *WatchStatusSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WatchStatusSpecV1) ProtoMessage 

func (*WatchStatusSpecV1) ProtoMessage()

func (*WatchStatusSpecV1) Reset 

func (m *WatchStatusSpecV1) Reset()

func (*WatchStatusSpecV1) Size 

func (m *WatchStatusSpecV1) Size() (n int)

func (*WatchStatusSpecV1) String 

func (m *WatchStatusSpecV1) String() string

func (*WatchStatusSpecV1) Unmarshal 

func (m *WatchStatusSpecV1) Unmarshal(dAtA []byte) error

func (*WatchStatusSpecV1) XXX_DiscardUnknown 

func (m *WatchStatusSpecV1) XXX_DiscardUnknown()

func (*WatchStatusSpecV1) XXX_Marshal 

func (m *WatchStatusSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WatchStatusSpecV1) XXX_Merge 

func (m *WatchStatusSpecV1) XXX_Merge(src proto.Message)

func (*WatchStatusSpecV1) XXX_Size 

func (m *WatchStatusSpecV1) XXX_Size() int

func (*WatchStatusSpecV1) XXX_Unmarshal 

func (m *WatchStatusSpecV1) XXX_Unmarshal(b []byte) error

type WatchStatusV1 

type WatchStatusV1 struct {
	// Kind is the resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource subkind. Currently unused for this resource.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is the resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is the resource spec.
	Spec                 WatchStatusSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

WatchStatusV1 is intended to be attached to OpInit events and contain information about a successful WatchEvents call.

func NewWatchStatus 

func NewWatchStatus(kinds []WatchKind) *WatchStatusV1

NewWatchStatus returns a new WatchStatus resource.

func (*WatchStatusV1) CheckAndSetDefaults 

func (w *WatchStatusV1) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*WatchStatusV1) Clone 

func (w *WatchStatusV1) Clone() WatchStatus

Clone performs a deep-copy of watch status.

func (*WatchStatusV1) Descriptor 

func (*WatchStatusV1) Descriptor() ([]byte, []int)

func (*WatchStatusV1) Expiry 

func (w *WatchStatusV1) Expiry() time.Time

Expiry returns the watch status resource expiration time.

func (*WatchStatusV1) GetKind 

func (w *WatchStatusV1) GetKind() string

GetKind returns the watch status resource kind.

func (*WatchStatusV1) GetKinds 

func (w *WatchStatusV1) GetKinds() []WatchKind

GetKinds returns the list of kinds confirmed by the Watch request.

func (*WatchStatusV1) GetMetadata 

func (w *WatchStatusV1) GetMetadata() Metadata

GetMetadata returns the watch status resource metadata.

func (*WatchStatusV1) GetName 

func (w *WatchStatusV1) GetName() string

GetName returns the watch status resource name.

func (*WatchStatusV1) GetRevision 

func (w *WatchStatusV1) GetRevision() string

GetRevision returns the revision

func (*WatchStatusV1) GetSubKind 

func (w *WatchStatusV1) GetSubKind() string

GetSubKind returns the watch status resource subkind.

func (*WatchStatusV1) GetVersion 

func (w *WatchStatusV1) GetVersion() string

GetVersion returns the watch status resource version.

func (*WatchStatusV1) Marshal 

func (m *WatchStatusV1) Marshal() (dAtA []byte, err error)

func (*WatchStatusV1) MarshalTo 

func (m *WatchStatusV1) MarshalTo(dAtA []byte) (int, error)

func (*WatchStatusV1) MarshalToSizedBuffer 

func (m *WatchStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WatchStatusV1) ProtoMessage 

func (*WatchStatusV1) ProtoMessage()

func (*WatchStatusV1) Reset 

func (m *WatchStatusV1) Reset()

func (*WatchStatusV1) SetExpiry 

func (w *WatchStatusV1) SetExpiry(time time.Time)

SetExpiry sets the watch status resource expiration time.

func (*WatchStatusV1) SetKinds 

func (w *WatchStatusV1) SetKinds(kinds []WatchKind)

SetKinds sets the list of kinds confirmed by the Watch request.

func (*WatchStatusV1) SetName 

func (w *WatchStatusV1) SetName(name string)

SetName sets the watch status resource name.

func (*WatchStatusV1) SetRevision 

func (w *WatchStatusV1) SetRevision(rev string)

SetRevision sets the revision

func (*WatchStatusV1) SetSubKind 

func (w *WatchStatusV1) SetSubKind(k string)

SetSubKind sets the watch status resource subkind.

func (*WatchStatusV1) Size 

func (m *WatchStatusV1) Size() (n int)

func (*WatchStatusV1) String 

func (m *WatchStatusV1) String() string

func (*WatchStatusV1) Unmarshal 

func (m *WatchStatusV1) Unmarshal(dAtA []byte) error

func (*WatchStatusV1) XXX_DiscardUnknown 

func (m *WatchStatusV1) XXX_DiscardUnknown()

func (*WatchStatusV1) XXX_Marshal 

func (m *WatchStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WatchStatusV1) XXX_Merge 

func (m *WatchStatusV1) XXX_Merge(src proto.Message)

func (*WatchStatusV1) XXX_Size 

func (m *WatchStatusV1) XXX_Size() int

func (*WatchStatusV1) XXX_Unmarshal 

func (m *WatchStatusV1) XXX_Unmarshal(b []byte) error

type Watcher 

type Watcher interface {
	// Events returns channel with events
	Events() <-chan Event

	// Done returns the channel signaling the closure
	Done() <-chan struct{}

	// Close closes the watcher and releases
	// all associated resources
	Close() error

	// Error returns error associated with watcher
	Error() error
}

Watcher returns watcher

type WebSession 

type WebSession interface {
	// Resource represents common properties for all resources.
	Resource
	// GetShortName returns visible short name used in logging
	GetShortName() string
	// GetUser returns the user this session is associated with
	GetUser() string
	// SetUser sets user associated with this session
	SetUser(string)
	// GetPub is returns public certificate signed by auth server
	GetPub() []byte
	// GetSSHPriv returns private SSH key used to auth with SSH nodes.
	GetSSHPriv() []byte
	// SetSSHPriv sets SSH private key.
	SetSSHPriv([]byte)
	// GetTLSPriv returns private TLS key.
	GetTLSPriv() []byte
	// SetTLSPriv sets TLS private key.
	SetTLSPriv([]byte)
	// GetTLSCert returns PEM encoded TLS certificate associated with session
	GetTLSCert() []byte
	// GetBearerToken is a special bearer token used for additional
	// bearer authentication
	GetBearerToken() string
	// SetExpiryTime sets session expiry time
	SetExpiryTime(time.Time)
	// GetBearerTokenExpiryTime - absolute time when token expires
	GetBearerTokenExpiryTime() time.Time
	// GetExpiryTime - absolute time when web session expires
	GetExpiryTime() time.Time
	// GetLoginTime returns the time this user recently logged in.
	GetLoginTime() time.Time
	// SetLoginTime sets when this user logged in.
	SetLoginTime(time.Time)
	// GetIdleTimeout returns the max time a user can be inactive for this session.
	GetIdleTimeout() time.Duration
	// WithoutSecrets returns copy of the web session but without private keys
	WithoutSecrets() WebSession
	// String returns string representation of the session.
	String() string
	// SetConsumedAccessRequestID sets the ID of the access request from which additional roles to assume were obtained.
	SetConsumedAccessRequestID(string)
	// GetConsumedAccessRequestID returns the ID of the access request from which additional roles to assume were obtained.
	GetConsumedAccessRequestID() string
	// SetSAMLSession sets the SAML session data. Is considered secret.
	SetSAMLSession(*SAMLSessionData)
	// GetSAMLSession gets the SAML session data. Is considered secret.
	GetSAMLSession() *SAMLSessionData
	// SetDeviceWebToken sets the session's DeviceWebToken.
	// The token is considered a secret.
	SetDeviceWebToken(*DeviceWebToken)
	// GetDeviceWebToken returns the session's DeviceWebToken, if any.
	// The token is considered a secret.
	GetDeviceWebToken() *DeviceWebToken
	// GetHasDeviceExtensions returns the HasDeviceExtensions value.
	// If true the session's TLS and SSH certificates are augmented with device
	// extensions.
	GetHasDeviceExtensions() bool
	// SetTrustedDeviceRequirement sets the session's trusted device requirement.
	// See [TrustedDeviceRequirement].
	SetTrustedDeviceRequirement(r TrustedDeviceRequirement)
	// GetTrustedDeviceRequirement returns the session's trusted device
	// requirement.
	// See [TrustedDeviceRequirement].
	GetTrustedDeviceRequirement() TrustedDeviceRequirement
	// Copy returns a clone of the session resource.
	Copy() WebSession
}

WebSession stores key and value used to authenticate with SSH notes on behalf of user

func NewWebSession 

func NewWebSession(name string, subkind string, spec WebSessionSpecV2) (WebSession, error)

NewWebSession returns new instance of the web session based on the V2 spec

type WebSessionFilter 

type WebSessionFilter struct {
	// User is the username to filter web sessions for.
	User                 string   `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

WebSessionFilter encodes cache watch parameters for filtering web sessions.

func (*WebSessionFilter) Descriptor 

func (*WebSessionFilter) Descriptor() ([]byte, []int)

func (*WebSessionFilter) FromMap 

func (f *WebSessionFilter) FromMap(m map[string]string) error

FromMap converts provided map into this filter.

This filter is used with the cache watcher to make sure only sessions for a particular user are returned.

func (*WebSessionFilter) IntoMap 

func (f *WebSessionFilter) IntoMap() map[string]string

IntoMap makes this filter into a map.

This filter is used with the cache watcher to make sure only sessions for a particular user are returned.

func (*WebSessionFilter) Marshal 

func (m *WebSessionFilter) Marshal() (dAtA []byte, err error)

func (*WebSessionFilter) MarshalTo 

func (m *WebSessionFilter) MarshalTo(dAtA []byte) (int, error)

func (*WebSessionFilter) MarshalToSizedBuffer 

func (m *WebSessionFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WebSessionFilter) Match 

func (f *WebSessionFilter) Match(session WebSession) bool

Match checks if a given web session matches this filter.

func (*WebSessionFilter) ProtoMessage 

func (*WebSessionFilter) ProtoMessage()

func (*WebSessionFilter) Reset 

func (m *WebSessionFilter) Reset()

func (*WebSessionFilter) Size 

func (m *WebSessionFilter) Size() (n int)

func (*WebSessionFilter) String 

func (m *WebSessionFilter) String() string

func (*WebSessionFilter) Unmarshal 

func (m *WebSessionFilter) Unmarshal(dAtA []byte) error

func (*WebSessionFilter) XXX_DiscardUnknown 

func (m *WebSessionFilter) XXX_DiscardUnknown()

func (*WebSessionFilter) XXX_Marshal 

func (m *WebSessionFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WebSessionFilter) XXX_Merge 

func (m *WebSessionFilter) XXX_Merge(src proto.Message)

func (*WebSessionFilter) XXX_Size 

func (m *WebSessionFilter) XXX_Size() int

func (*WebSessionFilter) XXX_Unmarshal 

func (m *WebSessionFilter) XXX_Unmarshal(b []byte) error

type WebSessionInterface 

type WebSessionInterface interface {
	// Get returns a web session state for the given request.
	Get(ctx context.Context, req GetWebSessionRequest) (WebSession, error)

	// List gets all regular web sessions.
	List(context.Context) ([]WebSession, error)

	// Upsert updates existing or inserts a new web session.
	Upsert(ctx context.Context, session WebSession) error

	// Delete deletes the web session described by req.
	Delete(ctx context.Context, req DeleteWebSessionRequest) error

	// DeleteAll removes all web sessions.
	DeleteAll(context.Context) error
}

WebSessionInterface defines interface to regular web sessions

type WebSessionSpecV2 

type WebSessionSpecV2 struct {
	// User is the identity of the user to which the web session belongs.
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// Pub is the SSH certificate for the user, marshaled in the authorized key
	// format.
	Pub []byte `protobuf:"bytes,2,opt,name=Pub,proto3" json:"pub"`
	// Priv is the SSH private key for the user, in PEM-encoded PKCS#1 or PKCS#8
	// format. If TLSPriv is unset, this is also the TLS private key.
	Priv []byte `protobuf:"bytes,3,opt,name=Priv,proto3" json:"priv,omitempty"`
	// TLSCert is the X.509 certificate for the user (PEM-encoded).
	TLSCert []byte `protobuf:"bytes,4,opt,name=TLSCert,proto3" json:"tls_cert,omitempty"`
	// BearerToken is a token that is paired with the session cookie for
	// authentication. It is periodically rotated so a stolen cookie itself
	// is not enough to steal a session. In addition it is used for CSRF
	// mitigation.
	BearerToken string `protobuf:"bytes,5,opt,name=BearerToken,proto3" json:"bearer_token"`
	// BearerTokenExpires is the absolute time when the token expires.
	BearerTokenExpires time.Time `protobuf:"bytes,6,opt,name=BearerTokenExpires,proto3,stdtime" json:"bearer_token_expires"`
	// Expires is the absolute time when the session expires.
	Expires time.Time `protobuf:"bytes,7,opt,name=Expires,proto3,stdtime" json:"expires"`
	// LoginTime is the time this user recently logged in.
	LoginTime time.Time `protobuf:"bytes,8,opt,name=LoginTime,proto3,stdtime" json:"login_time"`
	// IdleTimeout is the max time a user can be inactive in a session.
	IdleTimeout Duration `protobuf:"varint,9,opt,name=IdleTimeout,proto3,casttype=Duration" json:"idle_timeout"`
	// ConsumedAccessRequestID is the ID of the access request from which additional roles to assume
	// were obtained.
	ConsumedAccessRequestID string `protobuf:"bytes,10,opt,name=ConsumedAccessRequestID,proto3" json:"consumed_access_request_id,omitempty"`
	// SAMLSession is data associated with a SAML IdP session.
	SAMLSession *SAMLSessionData `protobuf:"bytes,11,opt,name=SAMLSession,proto3" json:"saml_session,omitempty"`
	// Device trust web authentication token.
	// May be exchanged for a single on-behalf-of device authentication attempt
	// (typically performed by Connect).
	// Only present if on-behalf-of device authentication is possible.
	DeviceWebToken *DeviceWebToken `protobuf:"bytes,12,opt,name=DeviceWebToken,proto3" json:"device_web_token,omitempty"`
	// HasDeviceExtensions is true if the session's TLS and SSH certificates are
	// augmented with device extensions.
	HasDeviceExtensions bool `protobuf:"varint,13,opt,name=HasDeviceExtensions,proto3" json:"has_device_extensions,omitempty"`
	// TrustedDeviceRequirement indicates whether access may be hindered by the
	// lack of a trusted device.
	//
	// If during login a device is required and DeviceWebToken is nil, then it's
	// likely the user needs to enroll their device to avoid impacting access.
	TrustedDeviceRequirement TrustedDeviceRequirement `` /* 141-byte string literal not displayed */
	// TLSPriv is the TLS private key for the user, in PEM-encoded PKCS#1 or PKCS#8
	// format. If unset, then Priv is used as both the SSH and TLS private key.
	TLSPriv              []byte   `protobuf:"bytes,15,opt,name=TLSPriv,proto3" json:"tls_priv,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

WebSessionSpecV2 is a specification for web session.

func (*WebSessionSpecV2) Descriptor 

func (*WebSessionSpecV2) Descriptor() ([]byte, []int)

func (*WebSessionSpecV2) Marshal 

func (m *WebSessionSpecV2) Marshal() (dAtA []byte, err error)

func (*WebSessionSpecV2) MarshalTo 

func (m *WebSessionSpecV2) MarshalTo(dAtA []byte) (int, error)

func (*WebSessionSpecV2) MarshalToSizedBuffer 

func (m *WebSessionSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WebSessionSpecV2) ProtoMessage 

func (*WebSessionSpecV2) ProtoMessage()

func (*WebSessionSpecV2) Reset 

func (m *WebSessionSpecV2) Reset()

func (*WebSessionSpecV2) Size 

func (m *WebSessionSpecV2) Size() (n int)

func (*WebSessionSpecV2) String 

func (m *WebSessionSpecV2) String() string

func (*WebSessionSpecV2) Unmarshal 

func (m *WebSessionSpecV2) Unmarshal(dAtA []byte) error

func (*WebSessionSpecV2) XXX_DiscardUnknown 

func (m *WebSessionSpecV2) XXX_DiscardUnknown()

func (*WebSessionSpecV2) XXX_Marshal 

func (m *WebSessionSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WebSessionSpecV2) XXX_Merge 

func (m *WebSessionSpecV2) XXX_Merge(src proto.Message)

func (*WebSessionSpecV2) XXX_Size 

func (m *WebSessionSpecV2) XXX_Size() int

func (*WebSessionSpecV2) XXX_Unmarshal 

func (m *WebSessionSpecV2) XXX_Unmarshal(b []byte) error

type WebSessionV2 

type WebSessionV2 struct {
	// Kind is a resource kind.
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind, used in some resources.
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is version.
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is a resource metadata.
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec is a tunnel specification.
	Spec                 WebSessionSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

WebSessionV2 represents an application or UI web session.

func (*WebSessionV2) CheckAndSetDefaults 

func (ws *WebSessionV2) CheckAndSetDefaults() error

CheckAndSetDefaults checks and set default values for any missing fields.

func (*WebSessionV2) Copy 

func (ws *WebSessionV2) Copy() WebSession

Copy returns a clone of the session resource.

func (*WebSessionV2) Descriptor 

func (*WebSessionV2) Descriptor() ([]byte, []int)

func (*WebSessionV2) Expiry 

func (ws *WebSessionV2) Expiry() time.Time

Expiry returns resource Expiry

func (*WebSessionV2) GetBearerToken 

func (ws *WebSessionV2) GetBearerToken() string

GetBearerToken gets a special bearer token used for additional bearer authentication

func (*WebSessionV2) GetBearerTokenExpiryTime 

func (ws *WebSessionV2) GetBearerTokenExpiryTime() time.Time

GetBearerTokenExpiryTime - absolute time when token expires

func (*WebSessionV2) GetConsumedAccessRequestID 

func (ws *WebSessionV2) GetConsumedAccessRequestID() string

GetConsumedAccessRequestID returns the ID of the access request from which additional roles to assume were obtained.

func (*WebSessionV2) GetDeviceWebToken 

func (ws *WebSessionV2) GetDeviceWebToken() *DeviceWebToken

GetDeviceWebToken returns the session's DeviceWebToken, if any. The token is considered a secret.

func (*WebSessionV2) GetExpiryTime 

func (ws *WebSessionV2) GetExpiryTime() time.Time

GetExpiryTime - absolute time when web session expires

func (*WebSessionV2) GetHasDeviceExtensions 

func (ws *WebSessionV2) GetHasDeviceExtensions() bool

GetHasDeviceExtensions returns the HasDeviceExtensions value. If true the session's TLS and SSH certificates are augmented with device extensions.

func (*WebSessionV2) GetIdleTimeout 

func (ws *WebSessionV2) GetIdleTimeout() time.Duration

GetIdleTimeout returns the max idle timeout duration.

func (*WebSessionV2) GetKind 

func (ws *WebSessionV2) GetKind() string

GetKind gets resource Kind

func (*WebSessionV2) GetLoginTime 

func (ws *WebSessionV2) GetLoginTime() time.Time

GetLoginTime returns the time this user recently logged in.

func (*WebSessionV2) GetMetadata 

func (ws *WebSessionV2) GetMetadata() Metadata

GetMetadata gets resource Metadata

func (*WebSessionV2) GetName 

func (ws *WebSessionV2) GetName() string

GetName gets resource Name

func (*WebSessionV2) GetPub 

func (ws *WebSessionV2) GetPub() []byte

GetPub is returns public certificate signed by auth server

func (*WebSessionV2) GetRevision 

func (ws *WebSessionV2) GetRevision() string

GetRevision returns the revision

func (*WebSessionV2) GetSAMLSession 

func (ws *WebSessionV2) GetSAMLSession() *SAMLSessionData

GetSAMLSession gets the SAML session data. Is considered secret.

func (*WebSessionV2) GetSSHPriv 

func (ws *WebSessionV2) GetSSHPriv() []byte

GetSSHPriv returns private SSH key.

func (*WebSessionV2) GetShortName 

func (ws *WebSessionV2) GetShortName() string

GetShortName returns visible short name used in logging

func (*WebSessionV2) GetSubKind 

func (ws *WebSessionV2) GetSubKind() string

GetSubKind gets resource SubKind

func (*WebSessionV2) GetTLSCert 

func (ws *WebSessionV2) GetTLSCert() []byte

GetTLSCert returns PEM encoded TLS certificate associated with session

func (*WebSessionV2) GetTLSPriv 

func (ws *WebSessionV2) GetTLSPriv() []byte

GetTLSPriv returns private TLS key.

func (*WebSessionV2) GetTrustedDeviceRequirement 

func (ws *WebSessionV2) GetTrustedDeviceRequirement() TrustedDeviceRequirement

GetTrustedDeviceRequirement returns the session's trusted device requirement.

func (*WebSessionV2) GetUser 

func (ws *WebSessionV2) GetUser() string

GetUser returns the user this session is associated with

func (*WebSessionV2) GetVersion 

func (ws *WebSessionV2) GetVersion() string

GetVersion gets resource Version

func (*WebSessionV2) Marshal 

func (m *WebSessionV2) Marshal() (dAtA []byte, err error)

func (*WebSessionV2) MarshalTo 

func (m *WebSessionV2) MarshalTo(dAtA []byte) (int, error)

func (*WebSessionV2) MarshalToSizedBuffer 

func (m *WebSessionV2) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WebSessionV2) ProtoMessage 

func (*WebSessionV2) ProtoMessage()

func (*WebSessionV2) Reset 

func (m *WebSessionV2) Reset()

func (*WebSessionV2) SetConsumedAccessRequestID 

func (ws *WebSessionV2) SetConsumedAccessRequestID(requestID string)

SetConsumedAccessRequestID sets the ID of the access request from which additional roles to assume were obtained.

func (*WebSessionV2) SetDeviceWebToken 

func (ws *WebSessionV2) SetDeviceWebToken(webToken *DeviceWebToken)

SetDeviceWebToken sets the session's DeviceWebToken. The token is considered a secret.

func (*WebSessionV2) SetExpiry 

func (ws *WebSessionV2) SetExpiry(expiry time.Time)

SetExpiry Sets resource Expiry

func (*WebSessionV2) SetExpiryTime 

func (ws *WebSessionV2) SetExpiryTime(tm time.Time)

SetExpiryTime sets session expiry time

func (*WebSessionV2) SetLoginTime 

func (ws *WebSessionV2) SetLoginTime(loginTime time.Time)

SetLoginTime sets when this user logged in.

func (*WebSessionV2) SetName 

func (ws *WebSessionV2) SetName(name string)

SetName sets resource Name

func (*WebSessionV2) SetRevision 

func (ws *WebSessionV2) SetRevision(rev string)

SetRevision sets the revision

func (*WebSessionV2) SetSAMLSession 

func (ws *WebSessionV2) SetSAMLSession(samlSession *SAMLSessionData)

SetSAMLSession sets the SAML session data. Is considered secret.

func (*WebSessionV2) SetSSHPriv 

func (ws *WebSessionV2) SetSSHPriv(priv []byte)

SetSSHPriv sets private SSH key.

func (*WebSessionV2) SetSubKind 

func (ws *WebSessionV2) SetSubKind(subKind string)

SetSubKind sets resource SubKind

func (*WebSessionV2) SetTLSPriv 

func (ws *WebSessionV2) SetTLSPriv(priv []byte)

SetTLSPriv sets private TLS key.

func (*WebSessionV2) SetTrustedDeviceRequirement 

func (ws *WebSessionV2) SetTrustedDeviceRequirement(r TrustedDeviceRequirement)

SetTrustedDeviceRequirement sets the session's trusted device requirement.

func (*WebSessionV2) SetUser 

func (ws *WebSessionV2) SetUser(u string)

SetUser sets user associated with this session

func (*WebSessionV2) Size 

func (m *WebSessionV2) Size() (n int)

func (*WebSessionV2) String 

func (ws *WebSessionV2) String() string

String returns string representation of the session.

func (*WebSessionV2) Unmarshal 

func (m *WebSessionV2) Unmarshal(dAtA []byte) error

func (*WebSessionV2) WithoutSecrets 

func (ws *WebSessionV2) WithoutSecrets() WebSession

WithoutSecrets returns a copy of the WebSession without secrets.

func (*WebSessionV2) XXX_DiscardUnknown 

func (m *WebSessionV2) XXX_DiscardUnknown()

func (*WebSessionV2) XXX_Marshal 

func (m *WebSessionV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WebSessionV2) XXX_Merge 

func (m *WebSessionV2) XXX_Merge(src proto.Message)

func (*WebSessionV2) XXX_Size 

func (m *WebSessionV2) XXX_Size() int

func (*WebSessionV2) XXX_Unmarshal 

func (m *WebSessionV2) XXX_Unmarshal(b []byte) error

type WebSessionsGetter 

type WebSessionsGetter interface {
	// WebSessions returns the web session manager
	WebSessions() WebSessionInterface
}

WebSessionsGetter provides access to web sessions

type WebToken 

type WebToken interface {
	// Resource represents common properties for all resources.
	Resource

	// GetToken returns the token value
	GetToken() string
	// SetToken sets the token value
	SetToken(token string)
	// GetUser returns the user the token is bound to
	GetUser() string
	// SetUser sets the user the token is bound to
	SetUser(user string)
	// String returns the text representation of this token
	String() string
	// Clone returns a copy of the token.
	Clone() WebToken
}

WebToken is a time-limited unique token bound to a user's session

func NewWebToken 

func NewWebToken(expires time.Time, spec WebTokenSpecV3) (WebToken, error)

NewWebToken returns a new web token with the given expiration and spec

type WebTokenInterface 

type WebTokenInterface interface {
	// Get returns a token specified by the request.
	Get(ctx context.Context, req GetWebTokenRequest) (WebToken, error)

	// List gets all web tokens.
	List(context.Context) ([]WebToken, error)

	// Upsert updates existing or inserts a new web token.
	Upsert(ctx context.Context, token WebToken) error

	// Delete deletes the web token described by req.
	Delete(ctx context.Context, req DeleteWebTokenRequest) error

	// DeleteAll removes all web tokens.
	DeleteAll(context.Context) error
}

WebTokenInterface defines interface for managing web tokens

type WebTokenSpecV3 

type WebTokenSpecV3 struct {
	// User specifies the user the token is bound to.
	User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
	// Token specifies the token's value.
	Token                string   `protobuf:"bytes,2,opt,name=Token,proto3" json:"token"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

WebTokenSpecV3 is a unique time-limited token bound to a user's web session

func (*WebTokenSpecV3) Descriptor 

func (*WebTokenSpecV3) Descriptor() ([]byte, []int)

func (*WebTokenSpecV3) Marshal 

func (m *WebTokenSpecV3) Marshal() (dAtA []byte, err error)

func (*WebTokenSpecV3) MarshalTo 

func (m *WebTokenSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*WebTokenSpecV3) MarshalToSizedBuffer 

func (m *WebTokenSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WebTokenSpecV3) ProtoMessage 

func (*WebTokenSpecV3) ProtoMessage()

func (*WebTokenSpecV3) Reset 

func (m *WebTokenSpecV3) Reset()

func (*WebTokenSpecV3) Size 

func (m *WebTokenSpecV3) Size() (n int)

func (*WebTokenSpecV3) String 

func (m *WebTokenSpecV3) String() string

func (*WebTokenSpecV3) Unmarshal 

func (m *WebTokenSpecV3) Unmarshal(dAtA []byte) error

func (*WebTokenSpecV3) XXX_DiscardUnknown 

func (m *WebTokenSpecV3) XXX_DiscardUnknown()

func (*WebTokenSpecV3) XXX_Marshal 

func (m *WebTokenSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WebTokenSpecV3) XXX_Merge 

func (m *WebTokenSpecV3) XXX_Merge(src proto.Message)

func (*WebTokenSpecV3) XXX_Size 

func (m *WebTokenSpecV3) XXX_Size() int

func (*WebTokenSpecV3) XXX_Unmarshal 

func (m *WebTokenSpecV3) XXX_Unmarshal(b []byte) error

type WebTokenV3 

type WebTokenV3 struct {
	// Kind is a resource kind
	Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
	// SubKind is an optional resource sub kind
	SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
	// Version is the resource version
	Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
	// Metadata is resource metadata
	Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
	// Spec defines the web token
	Spec                 WebTokenSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

WebTokenV3 describes a web token. Web tokens are used as a transport to relay bearer tokens to the client. Initially bound to a web session, these have been factored out into a separate resource to enable separate lifecycle management.

func (*WebTokenV3) CheckAndSetDefaults 

func (r *WebTokenV3) CheckAndSetDefaults() error

CheckAndSetDefaults validates this token value and sets defaults

func (*WebTokenV3) Clone 

func (r *WebTokenV3) Clone() WebToken

Clone returns a copy of the token. GetMetadata returns the token metadata

func (*WebTokenV3) Descriptor 

func (*WebTokenV3) Descriptor() ([]byte, []int)

func (*WebTokenV3) Expiry 

func (r *WebTokenV3) Expiry() time.Time

Expiry returns the token absolute expiration time

func (*WebTokenV3) GetKind 

func (r *WebTokenV3) GetKind() string

GetKind returns the token resource kind

func (*WebTokenV3) GetMetadata 

func (r *WebTokenV3) GetMetadata() Metadata

GetMetadata returns the token metadata

func (*WebTokenV3) GetName 

func (r *WebTokenV3) GetName() string

GetName returns the token value

func (*WebTokenV3) GetRevision 

func (r *WebTokenV3) GetRevision() string

GetRevision returns the revision

func (*WebTokenV3) GetSubKind 

func (r *WebTokenV3) GetSubKind() string

GetSubKind returns the token resource subkind

func (*WebTokenV3) GetToken 

func (r *WebTokenV3) GetToken() string

GetToken returns the token value

func (*WebTokenV3) GetUser 

func (r *WebTokenV3) GetUser() string

GetUser returns the user this token is bound to

func (*WebTokenV3) GetVersion 

func (r *WebTokenV3) GetVersion() string

GetVersion returns the token resource version

func (*WebTokenV3) Marshal 

func (m *WebTokenV3) Marshal() (dAtA []byte, err error)

func (*WebTokenV3) MarshalTo 

func (m *WebTokenV3) MarshalTo(dAtA []byte) (int, error)

func (*WebTokenV3) MarshalToSizedBuffer 

func (m *WebTokenV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WebTokenV3) ProtoMessage 

func (*WebTokenV3) ProtoMessage()

func (*WebTokenV3) Reset 

func (m *WebTokenV3) Reset()

func (*WebTokenV3) SetExpiry 

func (r *WebTokenV3) SetExpiry(t time.Time)

SetExpiry sets the token absolute expiration time

func (*WebTokenV3) SetName 

func (r *WebTokenV3) SetName(name string)

SetName sets the token value

func (*WebTokenV3) SetRevision 

func (r *WebTokenV3) SetRevision(rev string)

SetRevision sets the revision

func (*WebTokenV3) SetSubKind 

func (r *WebTokenV3) SetSubKind(subKind string)

SetSubKind sets the token resource subkind

func (*WebTokenV3) SetToken 

func (r *WebTokenV3) SetToken(token string)

SetToken sets the token value

func (*WebTokenV3) SetUser 

func (r *WebTokenV3) SetUser(user string)

SetUser sets the user this token is bound to

func (*WebTokenV3) Size 

func (m *WebTokenV3) Size() (n int)

func (*WebTokenV3) String 

func (r *WebTokenV3) String() string

String returns string representation of the token.

func (*WebTokenV3) Unmarshal 

func (m *WebTokenV3) Unmarshal(dAtA []byte) error

func (*WebTokenV3) XXX_DiscardUnknown 

func (m *WebTokenV3) XXX_DiscardUnknown()

func (*WebTokenV3) XXX_Marshal 

func (m *WebTokenV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WebTokenV3) XXX_Merge 

func (m *WebTokenV3) XXX_Merge(src proto.Message)

func (*WebTokenV3) XXX_Size 

func (m *WebTokenV3) XXX_Size() int

func (*WebTokenV3) XXX_Unmarshal 

func (m *WebTokenV3) XXX_Unmarshal(b []byte) error

type WebTokensGetter 

type WebTokensGetter interface {
	// WebTokens returns the tokens manager
	WebTokens() WebTokenInterface
}

WebTokensGetter provides access to web tokens

type Webauthn 

type Webauthn struct {
	// RPID is the ID of the Relying Party.
	// It should be set to the domain name of the Teleport installation.
	//
	// IMPORTANT: RPID must never change in the lifetime of the cluster, because
	// it's recorded in the registration data on the WebAuthn device. If the
	// RPID changes, all existing WebAuthn key registrations will become invalid
	// and all users who use WebAuthn as the multi-factor will need to
	// re-register.
	RPID string `protobuf:"bytes,1,opt,name=RPID,proto3" json:"rp_id,omitempty"`
	// Allow list of device attestation CAs in PEM format.
	// If present, only devices whose attestation certificates match the
	// certificates specified here may be registered (existing registrations are
	// unchanged).
	// If supplied in conjunction with AttestationDeniedCAs, then both
	// conditions need to be true for registration to be allowed (the device
	// MUST match an allowed CA and MUST NOT match a denied CA).
	// By default all devices are allowed.
	AttestationAllowedCAs []string `protobuf:"bytes,2,rep,name=AttestationAllowedCAs,proto3" json:"attestation_allowed_cas,omitempty"`
	// Deny list of device attestation CAs in PEM format.
	// If present, only devices whose attestation certificates don't match the
	// certificates specified here may be registered (existing registrations are
	// unchanged).
	// If supplied in conjunction with AttestationAllowedCAs, then both
	// conditions need to be true for registration to be allowed (the device
	// MUST match an allowed CA and MUST NOT match a denied CA).
	// By default no devices are denied.
	AttestationDeniedCAs []string `protobuf:"bytes,3,rep,name=AttestationDeniedCAs,proto3" json:"attestation_denied_cas,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Webauthn defines user-visible settings for server-side Web Authentication support.

func (*Webauthn) CheckAndSetDefaults 

func (w *Webauthn) CheckAndSetDefaults(u *U2F) error

func (*Webauthn) Descriptor 

func (*Webauthn) Descriptor() ([]byte, []int)

func (*Webauthn) Marshal 

func (m *Webauthn) Marshal() (dAtA []byte, err error)

func (*Webauthn) MarshalTo 

func (m *Webauthn) MarshalTo(dAtA []byte) (int, error)

func (*Webauthn) MarshalToSizedBuffer 

func (m *Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Webauthn) ProtoMessage 

func (*Webauthn) ProtoMessage()

func (*Webauthn) Reset 

func (m *Webauthn) Reset()

func (*Webauthn) Size 

func (m *Webauthn) Size() (n int)

func (*Webauthn) String 

func (m *Webauthn) String() string

func (*Webauthn) Unmarshal 

func (m *Webauthn) Unmarshal(dAtA []byte) error

func (*Webauthn) XXX_DiscardUnknown 

func (m *Webauthn) XXX_DiscardUnknown()

func (*Webauthn) XXX_Marshal 

func (m *Webauthn) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Webauthn) XXX_Merge 

func (m *Webauthn) XXX_Merge(src proto.Message)

func (*Webauthn) XXX_Size 

func (m *Webauthn) XXX_Size() int

func (*Webauthn) XXX_Unmarshal 

func (m *Webauthn) XXX_Unmarshal(b []byte) error

type WebauthnDevice 

type WebauthnDevice struct {
	// Credential ID for the authenticator.
	CredentialId []byte `protobuf:"bytes,1,opt,name=credential_id,json=credentialId,proto3" json:"credential_id,omitempty"`
	// Public key encoded in CBOR format.
	// Webauthn support various key algorithms; CBOR encoding is used to reflect
	// those choices.
	// See https://w3c.github.io/webauthn/#sctn-alg-identifier for a starter
	// reference.
	PublicKeyCbor []byte `protobuf:"bytes,2,opt,name=public_key_cbor,json=publicKeyCbor,proto3" json:"public_key_cbor,omitempty"`
	// Attestation format used by the authenticator, if any.
	AttestationType string `protobuf:"bytes,3,opt,name=attestation_type,json=attestationType,proto3" json:"attestation_type,omitempty"`
	// AAGUID is the globally unique identifier of the authenticator model.
	// Zeroed for U2F devices.
	Aaguid []byte `protobuf:"bytes,4,opt,name=aaguid,proto3" json:"aaguid,omitempty"`
	// Signature counter for login operations.
	// Actual counter values received from the authenticator are expected to be
	// higher than the previously-stored value.
	SignatureCounter uint32 `protobuf:"varint,5,opt,name=signature_counter,json=signatureCounter,proto3" json:"signature_counter,omitempty"`
	// Raw attestation object, as returned by the authentication during
	// registration.
	// Absent for legacy entries (Teleport 8.x).
	AttestationObject []byte `protobuf:"bytes,6,opt,name=attestation_object,json=attestationObject,proto3" json:"attestation_object,omitempty"`
	// True if a resident key was requested during registration.
	// Marks passwordless-capable devices.
	// (Note that resident_key=true represents the server-side / Relying Party
	// view of the registration process; the authenticator alone can determine
	// if a key is truly resident.)
	ResidentKey bool `protobuf:"varint,7,opt,name=resident_key,json=residentKey,proto3" json:"resident_key,omitempty"`
	// Relying Party ID used by the credential.
	// Recorded on registration for new credentials, or on first successful
	// authentication for "old" credentials (created before the field existed).
	// Ideally, this is always the same as the configured RPID.
	// If an RPID change does happen, this helps Teleport detect it and react
	// accordingly.
	CredentialRpId string `protobuf:"bytes,8,opt,name=credential_rp_id,json=credentialRpId,proto3" json:"credential_rp_id,omitempty"`
	// Authenticator Backup Eligibility (BE) bit, recorded during registration or
	// backfill (for older authenticators).
	// https://w3c.github.io/webauthn/#authdata-flags-be
	CredentialBackupEligible *types.BoolValue `` /* 135-byte string literal not displayed */
	// Authenticator Backup State (BS) bit, recorded during registration or
	// backfill (for older authenticators).
	// https://w3c.github.io/webauthn/#authdata-flags-bs
	CredentialBackedUp   *types.BoolValue `protobuf:"bytes,10,opt,name=credential_backed_up,json=credentialBackedUp,proto3" json:"credential_backed_up,omitempty"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

WebauthnDevice holds Webauthn-specific fields of MFADevice.

func (*WebauthnDevice) Descriptor 

func (*WebauthnDevice) Descriptor() ([]byte, []int)

func (*WebauthnDevice) Marshal 

func (m *WebauthnDevice) Marshal() (dAtA []byte, err error)

func (*WebauthnDevice) MarshalTo 

func (m *WebauthnDevice) MarshalTo(dAtA []byte) (int, error)

func (*WebauthnDevice) MarshalToSizedBuffer 

func (m *WebauthnDevice) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WebauthnDevice) ProtoMessage 

func (*WebauthnDevice) ProtoMessage()

func (*WebauthnDevice) Reset 

func (m *WebauthnDevice) Reset()

func (*WebauthnDevice) Size 

func (m *WebauthnDevice) Size() (n int)

func (*WebauthnDevice) String 

func (m *WebauthnDevice) String() string

func (*WebauthnDevice) Unmarshal 

func (m *WebauthnDevice) Unmarshal(dAtA []byte) error

func (*WebauthnDevice) XXX_DiscardUnknown 

func (m *WebauthnDevice) XXX_DiscardUnknown()

func (*WebauthnDevice) XXX_Marshal 

func (m *WebauthnDevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WebauthnDevice) XXX_Merge 

func (m *WebauthnDevice) XXX_Merge(src proto.Message)

func (*WebauthnDevice) XXX_Size 

func (m *WebauthnDevice) XXX_Size() int

func (*WebauthnDevice) XXX_Unmarshal 

func (m *WebauthnDevice) XXX_Unmarshal(b []byte) error

type WebauthnLocalAuth 

type WebauthnLocalAuth struct {
	// UserID is the random user handle generated for the user.
	// See https://www.w3.org/TR/webauthn-2/#sctn-user-handle-privacy.
	UserID               []byte   `protobuf:"bytes,1,opt,name=UserID,proto3" json:"user_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

WebauthnLocalAuth holds settings necessary for local webauthn use.

func (*WebauthnLocalAuth) Check 

func (wal *WebauthnLocalAuth) Check() error

Check validates WebauthnLocalAuth, returning an error if it's not valid.

func (*WebauthnLocalAuth) Descriptor 

func (*WebauthnLocalAuth) Descriptor() ([]byte, []int)

func (*WebauthnLocalAuth) Marshal 

func (m *WebauthnLocalAuth) Marshal() (dAtA []byte, err error)

func (*WebauthnLocalAuth) MarshalTo 

func (m *WebauthnLocalAuth) MarshalTo(dAtA []byte) (int, error)

func (*WebauthnLocalAuth) MarshalToSizedBuffer 

func (m *WebauthnLocalAuth) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WebauthnLocalAuth) ProtoMessage 

func (*WebauthnLocalAuth) ProtoMessage()

func (*WebauthnLocalAuth) Reset 

func (m *WebauthnLocalAuth) Reset()

func (*WebauthnLocalAuth) Size 

func (m *WebauthnLocalAuth) Size() (n int)

func (*WebauthnLocalAuth) String 

func (m *WebauthnLocalAuth) String() string

func (*WebauthnLocalAuth) Unmarshal 

func (m *WebauthnLocalAuth) Unmarshal(dAtA []byte) error

func (*WebauthnLocalAuth) XXX_DiscardUnknown 

func (m *WebauthnLocalAuth) XXX_DiscardUnknown()

func (*WebauthnLocalAuth) XXX_Marshal 

func (m *WebauthnLocalAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WebauthnLocalAuth) XXX_Merge 

func (m *WebauthnLocalAuth) XXX_Merge(src proto.Message)

func (*WebauthnLocalAuth) XXX_Size 

func (m *WebauthnLocalAuth) XXX_Size() int

func (*WebauthnLocalAuth) XXX_Unmarshal 

func (m *WebauthnLocalAuth) XXX_Unmarshal(b []byte) error

type WhereExpr 

type WhereExpr struct {
	Field            string
	Literal          interface{}
	And, Or          WhereExpr2
	Not              *WhereExpr
	Equals, Contains WhereExpr2
}

WhereExpr is a tree like structure representing a `where` (sub-)expression.

func (WhereExpr) String 

func (e WhereExpr) String() string

String returns a human readable representation of WhereExpr.

type WhereExpr2 

type WhereExpr2 struct {
	L, R *WhereExpr
}

WhereExpr2 is a pair of `where` (sub-)expressions.

type WindowsDesktop 

type WindowsDesktop interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetAddr returns the network address of this host.
	GetAddr() string
	// GetDomain returns the ActiveDirectory domain of this host.
	GetDomain() string
	// GetHostID returns the ID of the Windows Desktop Service reporting the desktop.
	GetHostID() string
	// NonAD checks whether this is a standalone host that
	// is not joined to an Active Directory domain.
	NonAD() bool
	// GetScreenSize returns the desired size of the screen to use for sessions
	// to this host. Returns (0, 0) if no screen size is set, which means to
	// use the size passed by the client over TDP.
	GetScreenSize() (width, height uint32)
	// Copy returns a copy of this windows desktop
	Copy() WindowsDesktop
	// CloneResource returns a copy of the WindowDesktop as a ResourceWithLabels
	CloneResource() ResourceWithLabels
}

WindowsDesktop represents a Windows desktop host.

type WindowsDesktopFilter 

type WindowsDesktopFilter struct {
	// HostID is the ID of the host the Windows Desktop Service proxying the desktop.
	HostID string `protobuf:"bytes,1,opt,name=HostID,proto3" json:"host_id"`
	// Name is the name of the desktop.
	Name                 string   `protobuf:"bytes,2,opt,name=Name,proto3" json:"name"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

WindowsDesktopFilter are filters to apply when searching for windows desktops.

func (*WindowsDesktopFilter) Descriptor 

func (*WindowsDesktopFilter) Descriptor() ([]byte, []int)

func (*WindowsDesktopFilter) Marshal 

func (m *WindowsDesktopFilter) Marshal() (dAtA []byte, err error)

func (*WindowsDesktopFilter) MarshalTo 

func (m *WindowsDesktopFilter) MarshalTo(dAtA []byte) (int, error)

func (*WindowsDesktopFilter) MarshalToSizedBuffer 

func (m *WindowsDesktopFilter) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WindowsDesktopFilter) Match 

func (f *WindowsDesktopFilter) Match(req WindowsDesktop) bool

Match checks if a given desktop request matches this filter.

func (*WindowsDesktopFilter) ProtoMessage 

func (*WindowsDesktopFilter) ProtoMessage()

func (*WindowsDesktopFilter) Reset 

func (m *WindowsDesktopFilter) Reset()

func (*WindowsDesktopFilter) Size 

func (m *WindowsDesktopFilter) Size() (n int)

func (*WindowsDesktopFilter) String 

func (m *WindowsDesktopFilter) String() string

func (*WindowsDesktopFilter) Unmarshal 

func (m *WindowsDesktopFilter) Unmarshal(dAtA []byte) error

func (*WindowsDesktopFilter) XXX_DiscardUnknown 

func (m *WindowsDesktopFilter) XXX_DiscardUnknown()

func (*WindowsDesktopFilter) XXX_Marshal 

func (m *WindowsDesktopFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WindowsDesktopFilter) XXX_Merge 

func (m *WindowsDesktopFilter) XXX_Merge(src proto.Message)

func (*WindowsDesktopFilter) XXX_Size 

func (m *WindowsDesktopFilter) XXX_Size() int

func (*WindowsDesktopFilter) XXX_Unmarshal 

func (m *WindowsDesktopFilter) XXX_Unmarshal(b []byte) error

type WindowsDesktopService 

type WindowsDesktopService interface {
	// ResourceWithLabels provides common resource methods.
	ResourceWithLabels
	// GetAddr returns the network address of this service.
	GetAddr() string
	// GetVersion returns the teleport binary version of this service.
	GetTeleportVersion() string
	// GetHostname returns the hostname of this service
	GetHostname() string
	// ProxiedService provides common methods for a proxied service.
	ProxiedService
	// Clone creates a copy of the service.
	Clone() WindowsDesktopService
}

WindowsDesktopService represents a Windows desktop service instance.

type WindowsDesktopServiceSpecV3 

type WindowsDesktopServiceSpecV3 struct {
	// Addr is the address that this service can be reached at.
	Addr string `protobuf:"bytes,1,opt,name=Addr,proto3" json:"addr"`
	// TeleportVersion is teleport binary version running this service.
	TeleportVersion string `protobuf:"bytes,2,opt,name=TeleportVersion,proto3" json:"teleport_version"`
	// Hostname is the desktop service hostname.
	Hostname string `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname"`
	// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
	ProxyIDs             []string `protobuf:"bytes,4,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

WindowsDesktopServiceSpecV3 is the windows desktop service spec.

func (*WindowsDesktopServiceSpecV3) Descriptor 

func (*WindowsDesktopServiceSpecV3) Descriptor() ([]byte, []int)

func (*WindowsDesktopServiceSpecV3) Marshal 

func (m *WindowsDesktopServiceSpecV3) Marshal() (dAtA []byte, err error)

func (*WindowsDesktopServiceSpecV3) MarshalTo 

func (m *WindowsDesktopServiceSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*WindowsDesktopServiceSpecV3) MarshalToSizedBuffer 

func (m *WindowsDesktopServiceSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WindowsDesktopServiceSpecV3) ProtoMessage 

func (*WindowsDesktopServiceSpecV3) ProtoMessage()

func (*WindowsDesktopServiceSpecV3) Reset 

func (m *WindowsDesktopServiceSpecV3) Reset()

func (*WindowsDesktopServiceSpecV3) Size 

func (m *WindowsDesktopServiceSpecV3) Size() (n int)

func (*WindowsDesktopServiceSpecV3) String 

func (m *WindowsDesktopServiceSpecV3) String() string

func (*WindowsDesktopServiceSpecV3) Unmarshal 

func (m *WindowsDesktopServiceSpecV3) Unmarshal(dAtA []byte) error

func (*WindowsDesktopServiceSpecV3) XXX_DiscardUnknown 

func (m *WindowsDesktopServiceSpecV3) XXX_DiscardUnknown()

func (*WindowsDesktopServiceSpecV3) XXX_Marshal 

func (m *WindowsDesktopServiceSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WindowsDesktopServiceSpecV3) XXX_Merge 

func (m *WindowsDesktopServiceSpecV3) XXX_Merge(src proto.Message)

func (*WindowsDesktopServiceSpecV3) XXX_Size 

func (m *WindowsDesktopServiceSpecV3) XXX_Size() int

func (*WindowsDesktopServiceSpecV3) XXX_Unmarshal 

func (m *WindowsDesktopServiceSpecV3) XXX_Unmarshal(b []byte) error

type WindowsDesktopServiceV3 

type WindowsDesktopServiceV3 struct {
	// Header is the common resource header.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the windows desktop service spec.
	Spec                 WindowsDesktopServiceSpecV3 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}                    `json:"-"`
	XXX_unrecognized     []byte                      `json:"-"`
	XXX_sizecache        int32                       `json:"-"`
}

WindowsDesktopServiceV3 represents a windows desktop access service.

func NewWindowsDesktopServiceV3 

func NewWindowsDesktopServiceV3(meta Metadata, spec WindowsDesktopServiceSpecV3) (*WindowsDesktopServiceV3, error)

NewWindowsDesktopServiceV3 creates a new WindowsDesktopServiceV3 resource.

func (*WindowsDesktopServiceV3) CheckAndSetDefaults 

func (s *WindowsDesktopServiceV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*WindowsDesktopServiceV3) Clone 

func (s *WindowsDesktopServiceV3) Clone() WindowsDesktopService

Clone creates a copy of the service.

func (*WindowsDesktopServiceV3) Descriptor 

func (*WindowsDesktopServiceV3) Descriptor() ([]byte, []int)

func (*WindowsDesktopServiceV3) GetAddr 

func (s *WindowsDesktopServiceV3) GetAddr() string

GetAddr returns the network address of this service.

func (*WindowsDesktopServiceV3) GetHostname 

func (s *WindowsDesktopServiceV3) GetHostname() string

GetHostname returns the windows hostname of this service.

func (*WindowsDesktopServiceV3) GetProxyIDs 

func (s *WindowsDesktopServiceV3) GetProxyIDs() []string

GetProxyID returns a list of proxy ids this server is connected to.

func (*WindowsDesktopServiceV3) GetTeleportVersion 

func (s *WindowsDesktopServiceV3) GetTeleportVersion() string

GetTeleportVersion returns the teleport binary version of this service.

func (*WindowsDesktopServiceV3) Marshal 

func (m *WindowsDesktopServiceV3) Marshal() (dAtA []byte, err error)

func (*WindowsDesktopServiceV3) MarshalTo 

func (m *WindowsDesktopServiceV3) MarshalTo(dAtA []byte) (int, error)

func (*WindowsDesktopServiceV3) MarshalToSizedBuffer 

func (m *WindowsDesktopServiceV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WindowsDesktopServiceV3) MatchSearch 

func (s *WindowsDesktopServiceV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*WindowsDesktopServiceV3) ProtoMessage 

func (*WindowsDesktopServiceV3) ProtoMessage()

func (*WindowsDesktopServiceV3) Reset 

func (m *WindowsDesktopServiceV3) Reset()

func (*WindowsDesktopServiceV3) SetProxyIDs 

func (s *WindowsDesktopServiceV3) SetProxyIDs(proxyIDs []string)

SetProxyID sets the proxy ids this server is connected to.

func (*WindowsDesktopServiceV3) Size 

func (m *WindowsDesktopServiceV3) Size() (n int)

func (*WindowsDesktopServiceV3) String 

func (m *WindowsDesktopServiceV3) String() string

func (*WindowsDesktopServiceV3) Unmarshal 

func (m *WindowsDesktopServiceV3) Unmarshal(dAtA []byte) error

func (*WindowsDesktopServiceV3) XXX_DiscardUnknown 

func (m *WindowsDesktopServiceV3) XXX_DiscardUnknown()

func (*WindowsDesktopServiceV3) XXX_Marshal 

func (m *WindowsDesktopServiceV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WindowsDesktopServiceV3) XXX_Merge 

func (m *WindowsDesktopServiceV3) XXX_Merge(src proto.Message)

func (*WindowsDesktopServiceV3) XXX_Size 

func (m *WindowsDesktopServiceV3) XXX_Size() int

func (*WindowsDesktopServiceV3) XXX_Unmarshal 

func (m *WindowsDesktopServiceV3) XXX_Unmarshal(b []byte) error

type WindowsDesktopServices 

type WindowsDesktopServices []WindowsDesktopService

func (WindowsDesktopServices) AsResources 

func (s WindowsDesktopServices) AsResources() []ResourceWithLabels

AsResources returns windows desktops as type resources with labels.

type WindowsDesktopSpecV3 

type WindowsDesktopSpecV3 struct {
	// Addr is the address that this host can be reached at.
	Addr string `protobuf:"bytes,1,opt,name=Addr,proto3" json:"addr"`
	// Domain is the ActiveDirectory domain that this host belongs to.
	Domain string `protobuf:"bytes,2,opt,name=Domain,proto3" json:"domain"`
	// HostID is the ID of the host the Windows Desktop Service proxying the desktop.
	HostID string `protobuf:"bytes,3,opt,name=HostID,proto3" json:"host_id"`
	// NonAD marks this desktop as a standalone host that is
	// not joined to an Active Directory domain.
	NonAD bool `protobuf:"varint,4,opt,name=NonAD,proto3" json:"non_ad"`
	// ScreenSize specifies the size of the screen to use for sessions
	// on this host. In most cases this should be unspecified, in which
	// case Teleport will fill the browser window.
	ScreenSize           *Resolution `protobuf:"bytes,5,opt,name=ScreenSize,proto3" json:"screen_size,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

WindowsDesktopSpecV3 is the Windows host spec.

func (*WindowsDesktopSpecV3) Descriptor 

func (*WindowsDesktopSpecV3) Descriptor() ([]byte, []int)

func (*WindowsDesktopSpecV3) Marshal 

func (m *WindowsDesktopSpecV3) Marshal() (dAtA []byte, err error)

func (*WindowsDesktopSpecV3) MarshalTo 

func (m *WindowsDesktopSpecV3) MarshalTo(dAtA []byte) (int, error)

func (*WindowsDesktopSpecV3) MarshalToSizedBuffer 

func (m *WindowsDesktopSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WindowsDesktopSpecV3) ProtoMessage 

func (*WindowsDesktopSpecV3) ProtoMessage()

func (*WindowsDesktopSpecV3) Reset 

func (m *WindowsDesktopSpecV3) Reset()

func (*WindowsDesktopSpecV3) Size 

func (m *WindowsDesktopSpecV3) Size() (n int)

func (*WindowsDesktopSpecV3) String 

func (m *WindowsDesktopSpecV3) String() string

func (*WindowsDesktopSpecV3) Unmarshal 

func (m *WindowsDesktopSpecV3) Unmarshal(dAtA []byte) error

func (*WindowsDesktopSpecV3) XXX_DiscardUnknown 

func (m *WindowsDesktopSpecV3) XXX_DiscardUnknown()

func (*WindowsDesktopSpecV3) XXX_Marshal 

func (m *WindowsDesktopSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WindowsDesktopSpecV3) XXX_Merge 

func (m *WindowsDesktopSpecV3) XXX_Merge(src proto.Message)

func (*WindowsDesktopSpecV3) XXX_Size 

func (m *WindowsDesktopSpecV3) XXX_Size() int

func (*WindowsDesktopSpecV3) XXX_Unmarshal 

func (m *WindowsDesktopSpecV3) XXX_Unmarshal(b []byte) error

type WindowsDesktopV3 

type WindowsDesktopV3 struct {
	// Header is the common resource header.
	ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
	// Spec is the Windows host spec.
	Spec                 WindowsDesktopSpecV3 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

WindowsDesktopV3 represents a Windows host for desktop access.

func NewWindowsDesktopV3 

func NewWindowsDesktopV3(name string, labels map[string]string, spec WindowsDesktopSpecV3) (*WindowsDesktopV3, error)

NewWindowsDesktopV3 creates a new WindowsDesktopV3 resource.

func (*WindowsDesktopV3) CheckAndSetDefaults 

func (d *WindowsDesktopV3) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default values for any missing fields.

func (*WindowsDesktopV3) CloneResource 

func (d *WindowsDesktopV3) CloneResource() ResourceWithLabels

func (*WindowsDesktopV3) Copy 

func (d *WindowsDesktopV3) Copy() WindowsDesktop

Copy returns a copy of this windows desktop object.

func (*WindowsDesktopV3) Descriptor 

func (*WindowsDesktopV3) Descriptor() ([]byte, []int)

func (*WindowsDesktopV3) GetAddr 

func (d *WindowsDesktopV3) GetAddr() string

GetAddr returns the network address of this host.

func (*WindowsDesktopV3) GetDomain 

func (d *WindowsDesktopV3) GetDomain() string

GetDomain returns the Active Directory domain of this host.

func (*WindowsDesktopV3) GetHostID 

func (d *WindowsDesktopV3) GetHostID() string

GetHostID returns the HostID for the associated desktop service.

func (*WindowsDesktopV3) GetScreenSize 

func (d *WindowsDesktopV3) GetScreenSize() (width, height uint32)

func (*WindowsDesktopV3) IsEqual 

func (d *WindowsDesktopV3) IsEqual(i WindowsDesktop) bool

IsEqual determines if two windows desktop resources are equivalent to one another.

func (*WindowsDesktopV3) Marshal 

func (m *WindowsDesktopV3) Marshal() (dAtA []byte, err error)

func (*WindowsDesktopV3) MarshalTo 

func (m *WindowsDesktopV3) MarshalTo(dAtA []byte) (int, error)

func (*WindowsDesktopV3) MarshalToSizedBuffer 

func (m *WindowsDesktopV3) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*WindowsDesktopV3) MatchSearch 

func (d *WindowsDesktopV3) MatchSearch(values []string) bool

MatchSearch goes through select field values and tries to match against the list of search values.

func (*WindowsDesktopV3) NonAD 

func (d *WindowsDesktopV3) NonAD() bool

NonAD checks whether host is part of Active Directory

func (*WindowsDesktopV3) ProtoMessage 

func (*WindowsDesktopV3) ProtoMessage()

func (*WindowsDesktopV3) Reset 

func (m *WindowsDesktopV3) Reset()

func (*WindowsDesktopV3) Size 

func (m *WindowsDesktopV3) Size() (n int)

func (*WindowsDesktopV3) String 

func (m *WindowsDesktopV3) String() string

func (*WindowsDesktopV3) Unmarshal 

func (m *WindowsDesktopV3) Unmarshal(dAtA []byte) error

func (*WindowsDesktopV3) XXX_DiscardUnknown 

func (m *WindowsDesktopV3) XXX_DiscardUnknown()

func (*WindowsDesktopV3) XXX_Marshal 

func (m *WindowsDesktopV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*WindowsDesktopV3) XXX_Merge 

func (m *WindowsDesktopV3) XXX_Merge(src proto.Message)

func (*WindowsDesktopV3) XXX_Size 

func (m *WindowsDesktopV3) XXX_Size() int

func (*WindowsDesktopV3) XXX_Unmarshal 

func (m *WindowsDesktopV3) XXX_Unmarshal(b []byte) error

type WindowsDesktops 

type WindowsDesktops []WindowsDesktop

WindowsDesktops represents a list of Windows desktops.

func (WindowsDesktops) AsResources 

func (s WindowsDesktops) AsResources() []ResourceWithLabels

AsResources returns windows desktops as type resources with labels.

func (WindowsDesktops) GetFieldVals 

func (s WindowsDesktops) GetFieldVals(field string) ([]string, error)

GetFieldVals returns list of select field values.

func (WindowsDesktops) Len 

func (s WindowsDesktops) Len() int

Len returns the slice length.

func (WindowsDesktops) Less 

func (s WindowsDesktops) Less(i, j int) bool

Less compares desktops by name and host ID.

func (WindowsDesktops) SortByCustom 

func (s WindowsDesktops) SortByCustom(sortBy SortBy) error

SortByCustom custom sorts by given sort criteria.

func (WindowsDesktops) Swap 

func (s WindowsDesktops) Swap(i, j int)

Swap swaps two windows desktops.

Source Files

View all Source files

Directories

Path Synopsis
convert/v1
convert/v1
Package events contains event related types and logic required by the Teleport API.
 Package events contains event related types and logic required by the Teleport API.
convert/v1
convert/legacy
convert/v1
convert/v1
convert/v1
convert/v1
Package wrappers provides protobuf wrappers for common teleport map and list types.
 Package wrappers provides protobuf wrappers for common teleport map and list types.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.