client

package
v0.0.0-...-3aec24a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2022 License: Apache-2.0 Imports: 48 Imported by: 15

README

This package is documented using a combination of pkg.go.dev and Teleport Docs.

Reference

Documentation

Overview

Package client provides a gRPC implementation of the Teleport Auth client. This client can be used to programatically interact with a Teleport Auth server.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConfigureALPN 

func ConfigureALPN(tlsConfig *tls.Config, clusterName string) *tls.Config

ConfigureALPN configures ALPN SNI cluster routing information in TLS settings allowing for allowing to dial auth service through Teleport Proxy directly without using SSH Tunnels.

func DialProxy 

func DialProxy(ctx context.Context, proxyURL *url.URL, addr string) (net.Conn, error)

DialProxy creates a connection to a server via an HTTP or SOCKS5 Proxy.

func DialProxyWithDialer 

func DialProxyWithDialer(
	ctx context.Context,
	proxyURL *url.URL,
	addr string,
	dialer *net.Dialer,
) (net.Conn, error)

DialProxyWithDialer creates a connection to a server via an HTTP or SOCKS5 Proxy using a specified dialer.

func EventFromGRPC 

func EventFromGRPC(in proto.Event) (*types.Event, error)

EventFromGRPC converts proto.Event to types.Event

func EventToGRPC 

func EventToGRPC(in types.Event) (*proto.Event, error)

EventToGRPC converts types.Event to proto.Event.

func EventTypeFromGRPC 

func EventTypeFromGRPC(in proto.Operation) (types.OpType, error)

EventTypeFromGRPC converts proto.Operation to types.OpType

func EventTypeToGRPC 

func EventTypeToGRPC(in types.OpType) (proto.Operation, error)

EventTypeToGRPC converts types.OpType to proto.Operation

func GetResourcesWithFilters 

func GetResourcesWithFilters(ctx context.Context, clt ListResourcesClient, req proto.ListResourcesRequest) ([]types.ResourceWithLabels, error)

GetResourcesWithFilters is a helper for getting a list of resources with optional filtering. In addition to iterating pages, it also correctly handles downsizing pages when LimitExceeded errors are encountered.

func InventoryControlStreamPipe 

func InventoryControlStreamPipe(opts ...ICSPipeOption) (UpstreamInventoryControlStream, DownstreamInventoryControlStream)

InventoryControlStreamPipe creates the two halves of an inventory control stream over an in-memory pipe.

func NewTracingClient 

func NewTracingClient(ctx context.Context, cfg Config) (*tracing.Client, error)

NewTracingClient creates a new tracing.Client that will forward spans to the connected Teleport server. See New for details on how the connection it established.

Types

type Client 

type Client struct {

	// JoinServiceClient is a client for the JoinService, which runs on both the
	// auth and proxy.
	*JoinServiceClient
	// contains filtered or unexported fields
}

Client is a gRPC Client that connects to a Teleport Auth server either locally or over ssh through a Teleport web proxy or tunnel proxy.

This client can be used to cover a variety of Teleport use cases, such as programmatically handling access requests, integrating with external tools, or dynamically configuring Teleport.

Example (RoleCRUD)

Below is an example of creating a new Teleport Auth client with Profile credentials, and using that client to create, get, and delete a Role resource object.

Make sure to look at the Getting Started guide before attempting to run this example. 

package main

import (
	"context"
	"log"
	"time"

	"github.com/gravitational/teleport/api/client"
	"github.com/gravitational/teleport/api/types"
)

func main() {
	ctx := context.Background()

	// Create a new client in your go file.
	clt, err := client.New(ctx, client.Config{
		Credentials: []client.Credentials{
			client.LoadProfile("", ""),
		},
		// set to true if your Teleport web proxy doesn't have HTTP/TLS certificate
		// configured yet (never use this in production).
		InsecureAddressDiscovery: false,
	})
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	defer clt.Close()

	// Resource Spec structs reflect their Resource's yaml definition.
	roleSpec := types.RoleSpecV5{
		Options: types.RoleOptions{
			MaxSessionTTL: types.Duration(time.Hour),
		},
		Allow: types.RoleConditions{
			Logins: []string{"role1"},
			Rules: []types.Rule{
				types.NewRule(types.KindAccessRequest, []string{types.VerbList, types.VerbRead}),
			},
		},
		Deny: types.RoleConditions{
			NodeLabels: types.Labels{"*": []string{"*"}},
		},
	}

	// There are helper functions for creating Teleport resources.
	role, err := types.NewRole("role1", roleSpec)
	if err != nil {
		log.Fatalf("failed to get role: %v", err)
	}

	// Getters and setters can be used to alter specs.
	role.SetLogins(types.Allow, []string{"root"})

	// Upsert overwrites the resource if it exists. Use this to create/update resources.
	// Equivalent to `tctl create -f role1.yaml`.
	err = clt.UpsertRole(ctx, role)
	if err != nil {
		log.Fatalf("failed to create role: %v", err)
	}

	// Equivalent to `tctl get role/role1`.
	role, err = clt.GetRole(ctx, "role1")
	if err != nil {
		log.Fatalf("failed to get role: %v", err)
	}

	// Equivalent to `tctl rm role/role1`.
	err = clt.DeleteRole(ctx, "role1")
	if err != nil {
		log.Fatalf("failed to delete role: %v", err)
	}
}

Output:

func New 

func New(ctx context.Context, cfg Config) (clt *Client, err error)

New creates a new Client with an open connection to a Teleport server.

New will try to open a connection with all combinations of addresses and credentials. The first successful connection to a server will be used, or an aggregated error will be returned if all combinations fail.

cfg.Credentials must be non-empty. One of cfg.Addrs and cfg.Dialer must be non-empty, unless LoadProfile is used to fetch Credentials and load a web proxy dialer.

See the example below for usage.

Example 
package main

import (
	"context"
	"log"
	"os"

	"github.com/gravitational/teleport/api/client"
)

func main() {
	ctx := context.Background()
	clt, err := client.New(ctx, client.Config{
		// Multiple Addresses can be provided to attempt to
		// connect to the auth server. At least one address
		// must be provided, except when using the ProfileCreds.
		Addrs: []string{
			// The Auth server address can be provided to connect locally.
			"auth.example.com:3025",
			// The tunnel proxy address can be provided
			// to connect to the Auth server over SSH.
			"proxy.example.com:3024",
			// The web proxy address can be provided to automatically
			// find the tunnel proxy address and connect using it.
			"proxy.example.com:3080",
		},
		// Multiple Credentials can be provided to attempt to authenticate
		// the client. At least one Credentials object must be provided.
		Credentials: []client.Credentials{
			client.LoadProfile("", ""),
			client.LoadIdentityFile("identity-path"),
			client.LoadKeyPair("cert.crt", "cert.key", "cert.cas"),
			client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY")),
		},
		// set to true if your web proxy doesn't have HTTP/TLS certificate
		// configured yet (never use this in production).
		InsecureAddressDiscovery: false,
	})
	if err != nil {
		log.Fatal(err)
	}
	defer clt.Close()

	clt.Ping(ctx)
}

Output:

func (*Client) AcquireSemaphore 

func (c *Client) AcquireSemaphore(ctx context.Context, params types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error)

AcquireSemaphore acquires lease with requested resources from semaphore.

func (*Client) AddMFADevice 

func (c *Client) AddMFADevice(ctx context.Context) (proto.AuthService_AddMFADeviceClient, error)

func (*Client) AddMFADeviceSync 

func (c *Client) AddMFADeviceSync(ctx context.Context, in *proto.AddMFADeviceSyncRequest) (*proto.AddMFADeviceSyncResponse, error)

AddMFADeviceSync adds a new MFA device (nonstream).

func (*Client) AppendDiagnosticTrace 

func (c *Client) AppendDiagnosticTrace(ctx context.Context, name string, t *types.ConnectionDiagnosticTrace) (types.ConnectionDiagnostic, error)

AppendDiagnosticTrace adds a new trace for the given ConnectionDiagnostic.

func (*Client) CancelSemaphoreLease 

func (c *Client) CancelSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error

CancelSemaphoreLease cancels semaphore lease early.

func (*Client) ChangePassword 

func (c *Client) ChangePassword(ctx context.Context, req *proto.ChangePasswordRequest) error

func (*Client) ChangeUserAuthentication 

func (c *Client) ChangeUserAuthentication(ctx context.Context, req *proto.ChangeUserAuthenticationRequest) (*proto.ChangeUserAuthenticationResponse, error)

ChangeUserAuthentication allows a user with a reset or invite token to change their password and if enabled also adds a new mfa device. Upon success, creates new web session and creates new set of recovery codes (if user meets requirements).

func (*Client) Close 

func (c *Client) Close() error

Close closes the Client connection to the auth server.

func (*Client) CompleteAccountRecovery 

func (c *Client) CompleteAccountRecovery(ctx context.Context, req *proto.CompleteAccountRecoveryRequest) error

CompleteAccountRecovery sets a new password or adds a new mfa device, allowing user to regain access to their account using the new credentials. Represents the last step in the account recovery process after RPC's StartAccountRecovery and VerifyAccountRecovery.

func (*Client) Config 

func (c *Client) Config() *tls.Config

Config returns the tls.Config the client connected with.

func (*Client) CreateAccessRequest 

func (c *Client) CreateAccessRequest(ctx context.Context, req types.AccessRequest) error

CreateAccessRequest registers a new access request with the auth server.

func (*Client) CreateAccountRecoveryCodes 

func (c *Client) CreateAccountRecoveryCodes(ctx context.Context, req *proto.CreateAccountRecoveryCodesRequest) (*proto.RecoveryCodes, error)

CreateAccountRecoveryCodes creates new set of recovery codes for a user, replacing and invalidating any previously owned codes.

func (*Client) CreateApp 

func (c *Client) CreateApp(ctx context.Context, app types.Application) error

CreateApp creates a new application resource.

func (*Client) CreateAppSession 

func (c *Client) CreateAppSession(ctx context.Context, req types.CreateAppSessionRequest) (types.WebSession, error)

CreateAppSession creates an application web session. Application web sessions represent a browser session the client holds.

func (*Client) CreateAuditStream 

func (c *Client) CreateAuditStream(ctx context.Context, sessionID string) (events.Stream, error)

CreateAuditStream creates new audit stream.

func (*Client) CreateAuthenticateChallenge 

func (c *Client) CreateAuthenticateChallenge(ctx context.Context, in *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error)

CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA devices.

func (*Client) CreateBot 

func (c *Client) CreateBot(ctx context.Context, req *proto.CreateBotRequest) (*proto.CreateBotResponse, error)

CreateBot creates a new bot from the specified descriptor.

func (*Client) CreateConnectionDiagnostic 

func (c *Client) CreateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error

CreateConnectionDiagnostic creates a new connection diagnostic.

func (*Client) CreateDatabase 

func (c *Client) CreateDatabase(ctx context.Context, database types.Database) error

CreateDatabase creates a new database resource.

func (*Client) CreateGithubAuthRequest 

func (c *Client) CreateGithubAuthRequest(ctx context.Context, req types.GithubAuthRequest) (*types.GithubAuthRequest, error)

CreateGithubAuthRequest creates GithubAuthRequest.

func (*Client) CreateKubernetesCluster 

func (c *Client) CreateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error

CreateKubernetesCluster creates a new kubernetes cluster resource.

func (*Client) CreateOIDCAuthRequest 

func (c *Client) CreateOIDCAuthRequest(ctx context.Context, req types.OIDCAuthRequest) (*types.OIDCAuthRequest, error)

CreateOIDCAuthRequest creates OIDCAuthRequest.

func (*Client) CreatePrivilegeToken 

func (c *Client) CreatePrivilegeToken(ctx context.Context, req *proto.CreatePrivilegeTokenRequest) (*types.UserTokenV3, error)

CreatePrivilegeToken is implemented by AuthService.CreatePrivilegeToken.

func (*Client) CreateRegisterChallenge 

func (c *Client) CreateRegisterChallenge(ctx context.Context, in *proto.CreateRegisterChallengeRequest) (*proto.MFARegisterChallenge, error)

CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device.

func (*Client) CreateResetPasswordToken 

func (c *Client) CreateResetPasswordToken(ctx context.Context, req *proto.CreateResetPasswordTokenRequest) (types.UserToken, error)

CreateResetPasswordToken creates reset password token.

func (*Client) CreateSAMLAuthRequest 

func (c *Client) CreateSAMLAuthRequest(ctx context.Context, req types.SAMLAuthRequest) (*types.SAMLAuthRequest, error)

CreateSAMLAuthRequest creates SAMLAuthRequest.

func (*Client) CreateSessionTracker 

func (c *Client) CreateSessionTracker(ctx context.Context, st types.SessionTracker) (types.SessionTracker, error)

CreateSessionTracker creates a tracker resource for an active session.

func (*Client) CreateSnowflakeSession 

func (c *Client) CreateSnowflakeSession(ctx context.Context, req types.CreateSnowflakeSessionRequest) (types.WebSession, error)

CreateSnowflakeSession creates a Snowflake web session.

func (*Client) CreateToken 

func (c *Client) CreateToken(ctx context.Context, token types.ProvisionToken) error

CreateToken creates a provision token.

func (*Client) CreateUser 

func (c *Client) CreateUser(ctx context.Context, user types.User) error

CreateUser creates a new user from the specified descriptor.

func (*Client) CreateWindowsDesktop 

func (c *Client) CreateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

CreateWindowsDesktop registers a new windows desktop host.

func (*Client) DeleteAccessRequest 

func (c *Client) DeleteAccessRequest(ctx context.Context, reqID string) error

DeleteAccessRequest deletes an access request.

func (*Client) DeleteAllAppSessions 

func (c *Client) DeleteAllAppSessions(ctx context.Context) error

DeleteAllAppSessions removes all application web sessions.

func (*Client) DeleteAllApplicationServers 

func (c *Client) DeleteAllApplicationServers(ctx context.Context, namespace string) error

DeleteAllApplicationServers removes all registered application servers.

func (*Client) DeleteAllApps 

func (c *Client) DeleteAllApps(ctx context.Context) error

DeleteAllApps deletes all application resources.

func (*Client) DeleteAllDatabaseServers 

func (c *Client) DeleteAllDatabaseServers(ctx context.Context, namespace string) error

DeleteAllDatabaseServers removes all registered database proxy servers.

func (*Client) DeleteAllDatabases 

func (c *Client) DeleteAllDatabases(ctx context.Context) error

DeleteAllDatabases deletes all database resources.

func (*Client) DeleteAllInstallers 

func (c *Client) DeleteAllInstallers(ctx context.Context) error

DeleteAllInstallers deletes all the installer resources.

func (*Client) DeleteAllKubeServices 

func (c *Client) DeleteAllKubeServices(ctx context.Context) error

DeleteAllKubeServices deletes all registered kubernetes services. DELETE IN 13.0.0

func (*Client) DeleteAllKubernetesClusters 

func (c *Client) DeleteAllKubernetesClusters(ctx context.Context) error

DeleteAllKubernetesClusters deletes all kubernetes cluster resources.

func (*Client) DeleteAllKubernetesServers 

func (c *Client) DeleteAllKubernetesServers(ctx context.Context) error

DeleteAllKubernetesServers deletes all registered kubernetes servers.

func (*Client) DeleteAllNodes 

func (c *Client) DeleteAllNodes(ctx context.Context, namespace string) error

DeleteAllNodes deletes all nodes in a given namespace.

func (*Client) DeleteAllSnowflakeSessions 

func (c *Client) DeleteAllSnowflakeSessions(ctx context.Context) error

DeleteAllSnowflakeSessions removes all Snowflake web sessions.

func (*Client) DeleteAllWindowsDesktopServices 

func (c *Client) DeleteAllWindowsDesktopServices(ctx context.Context) error

DeleteAllWindowsDesktopServices removes all registered windows desktop services.

func (*Client) DeleteAllWindowsDesktops 

func (c *Client) DeleteAllWindowsDesktops(ctx context.Context) error

DeleteAllWindowsDesktops removes all registered windows desktop hosts.

func (*Client) DeleteApp 

func (c *Client) DeleteApp(ctx context.Context, name string) error

DeleteApp deletes specified application resource.

func (*Client) DeleteAppSession 

func (c *Client) DeleteAppSession(ctx context.Context, req types.DeleteAppSessionRequest) error

DeleteAppSession removes an application web session.

func (*Client) DeleteApplicationServer 

func (c *Client) DeleteApplicationServer(ctx context.Context, namespace, hostID, name string) error

DeleteApplicationServer removes specified application server.

func (*Client) DeleteBot 

func (c *Client) DeleteBot(ctx context.Context, botName string) error

DeleteBot deletes a bot and associated resources.

func (*Client) DeleteDatabase 

func (c *Client) DeleteDatabase(ctx context.Context, name string) error

DeleteDatabase deletes specified database resource.

func (*Client) DeleteDatabaseServer 

func (c *Client) DeleteDatabaseServer(ctx context.Context, namespace, hostID, name string) error

DeleteDatabaseServer removes the specified database proxy server.

func (*Client) DeleteGithubConnector 

func (c *Client) DeleteGithubConnector(ctx context.Context, name string) error

DeleteGithubConnector deletes a Github connector by name.

func (*Client) DeleteInstaller 

func (c *Client) DeleteInstaller(ctx context.Context, name string) error

DeleteInstaller deletes the cluster installer resource

func (*Client) DeleteKubeService 

func (c *Client) DeleteKubeService(ctx context.Context, name string) error

DeleteKubeService deletes a named kubernetes service. DELETE IN 13.0.0

func (*Client) DeleteKubernetesCluster 

func (c *Client) DeleteKubernetesCluster(ctx context.Context, name string) error

DeleteKubernetesCluster deletes specified kubernetes cluster resource.

func (*Client) DeleteKubernetesServer 

func (c *Client) DeleteKubernetesServer(ctx context.Context, hostID, name string) error

DeleteKubernetesServer deletes a named kubernetes server.

func (*Client) DeleteLock 

func (c *Client) DeleteLock(ctx context.Context, name string) error

DeleteLock deletes a lock.

func (*Client) DeleteMFADevice 

func (c *Client) DeleteMFADevice(ctx context.Context) (proto.AuthService_DeleteMFADeviceClient, error)

func (*Client) DeleteMFADeviceSync 

func (c *Client) DeleteMFADeviceSync(ctx context.Context, in *proto.DeleteMFADeviceSyncRequest) error

DeleteMFADeviceSync deletes a users MFA device (nonstream).

func (*Client) DeleteNetworkRestrictions 

func (c *Client) DeleteNetworkRestrictions(ctx context.Context) error

DeleteNetworkRestrictions deletes the network restrictions

func (*Client) DeleteNode 

func (c *Client) DeleteNode(ctx context.Context, namespace, name string) error

DeleteNode deletes a node by name and namespace.

func (*Client) DeleteOIDCConnector 

func (c *Client) DeleteOIDCConnector(ctx context.Context, name string) error

DeleteOIDCConnector deletes an OIDC connector by name.

func (*Client) DeleteRole 

func (c *Client) DeleteRole(ctx context.Context, name string) error

DeleteRole deletes role by name

func (*Client) DeleteSAMLConnector 

func (c *Client) DeleteSAMLConnector(ctx context.Context, name string) error

DeleteSAMLConnector deletes a SAML connector by name.

func (*Client) DeleteSemaphore 

func (c *Client) DeleteSemaphore(ctx context.Context, filter types.SemaphoreFilter) error

DeleteSemaphore deletes a semaphore matching the supplied filter.

func (*Client) DeleteSnowflakeSession 

func (c *Client) DeleteSnowflakeSession(ctx context.Context, req types.DeleteSnowflakeSessionRequest) error

DeleteSnowflakeSession removes a Snowflake web session.

func (*Client) DeleteToken 

func (c *Client) DeleteToken(ctx context.Context, name string) error

DeleteToken deletes a provision token by name.

func (*Client) DeleteTrustedCluster 

func (c *Client) DeleteTrustedCluster(ctx context.Context, name string) error

DeleteTrustedCluster deletes a Trusted Cluster by name.

func (*Client) DeleteUser 

func (c *Client) DeleteUser(ctx context.Context, user string) error

DeleteUser deletes a user by name.

func (*Client) DeleteUserAppSessions 

func (c *Client) DeleteUserAppSessions(ctx context.Context, req *proto.DeleteUserAppSessionsRequest) error

DeleteUserAppSessions deletes all user’s application sessions.

func (*Client) DeleteWindowsDesktop 

func (c *Client) DeleteWindowsDesktop(ctx context.Context, hostID, name string) error

DeleteWindowsDesktop removes the specified windows desktop host. Note: unlike GetWindowsDesktops, this will delete at-most one desktop. Passing an empty host ID will not trigger "delete all" behavior. To delete all desktops, use DeleteAllWindowsDesktops.

func (*Client) DeleteWindowsDesktopService 

func (c *Client) DeleteWindowsDesktopService(ctx context.Context, name string) error

DeleteWindowsDesktopService removes the specified windows desktop service.

func (*Client) DevicesClient 

func (c *Client) DevicesClient() devicepb.DeviceTrustServiceClient

DevicesClient returns an unadorned Device Trust client, using the underlying Auth gRPC connection. Clients connecting to non-Enterprise clusters, or older Teleport versions, still get a devices client when calling this method, but all RPCs will return "not implemented" errors (as per the default gRPC behavior).

func (*Client) Dialer 

func (c *Client) Dialer() ContextDialer

Dialer returns the ContextDialer the client connected with.

func (*Client) EmitAuditEvent 

func (c *Client) EmitAuditEvent(ctx context.Context, event events.AuditEvent) error

EmitAuditEvent sends an auditable event to the auth server.

func (*Client) GenerateAppToken 

func (c *Client) GenerateAppToken(ctx context.Context, req types.GenerateAppTokenRequest) (string, error)

GenerateAppToken creates a JWT token with application access.

func (*Client) GenerateCertAuthorityCRL 

func (c *Client) GenerateCertAuthorityCRL(ctx context.Context, req *proto.CertAuthorityRequest) (*proto.CRL, error)

GenerateCertAuthorityCRL generates an empty CRL for a CA.

func (*Client) GenerateDatabaseCert 

func (c *Client) GenerateDatabaseCert(ctx context.Context, req *proto.DatabaseCertRequest) (*proto.DatabaseCertResponse, error)

GenerateDatabaseCert generates client certificate used by a database service to authenticate with the database instance.

func (*Client) GenerateHostCerts 

func (c *Client) GenerateHostCerts(ctx context.Context, req *proto.HostCertsRequest) (*proto.Certs, error)

GenerateHostCerts generates host certificates.

func (*Client) GenerateSnowflakeJWT 

func (c *Client) GenerateSnowflakeJWT(ctx context.Context, req types.GenerateSnowflakeJWT) (string, error)

GenerateSnowflakeJWT generates JWT in the Snowflake required format.

func (*Client) GenerateToken 

func (c *Client) GenerateToken(ctx context.Context, req *proto.GenerateTokenRequest) (string, error)

GenerateToken generates a new auth token for the given service roles. This token can be used by corresponding services to authenticate with the Auth server and get a signed certificate and private key.

func (*Client) GenerateUserCerts 

func (c *Client) GenerateUserCerts(ctx context.Context, req proto.UserCertsRequest) (*proto.Certs, error)

GenerateUserCerts takes the public key in the OpenSSH `authorized_keys` plain text format, signs it using User Certificate Authority signing key and returns the resulting certificates.

func (*Client) GenerateUserSingleUseCerts 

func (c *Client) GenerateUserSingleUseCerts(ctx context.Context) (proto.AuthService_GenerateUserSingleUseCertsClient, error)

func (*Client) GenerateWindowsDesktopCert 

func (c *Client) GenerateWindowsDesktopCert(ctx context.Context, req *proto.WindowsDesktopCertRequest) (*proto.WindowsDesktopCertResponse, error)

GenerateWindowsDesktopCert generates client certificate for Windows RDP authentication.

func (*Client) GetAccessCapabilities 

func (c *Client) GetAccessCapabilities(ctx context.Context, req types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error)

GetAccessCapabilities requests the access capabilities of a user.

func (*Client) GetAccessRequests 

func (c *Client) GetAccessRequests(ctx context.Context, filter types.AccessRequestFilter) ([]types.AccessRequest, error)

GetAccessRequests retrieves a list of all access requests matching the provided filter.

func (*Client) GetAccountRecoveryCodes 

func (c *Client) GetAccountRecoveryCodes(ctx context.Context, req *proto.GetAccountRecoveryCodesRequest) (*proto.RecoveryCodes, error)

GetAccountRecoveryCodes returns the user in context their recovery codes resource without any secrets.

func (*Client) GetAccountRecoveryToken 

func (c *Client) GetAccountRecoveryToken(ctx context.Context, req *proto.GetAccountRecoveryTokenRequest) (types.UserToken, error)

GetAccountRecoveryToken returns a user token resource after verifying the token in request is not expired and is of the correct recovery type.

func (*Client) GetActiveSessionTrackers 

func (c *Client) GetActiveSessionTrackers(ctx context.Context) ([]types.SessionTracker, error)

GetActiveSessionTrackers returns a list of active session trackers.

func (*Client) GetActiveSessionTrackersWithFilter 

func (c *Client) GetActiveSessionTrackersWithFilter(ctx context.Context, filter *types.SessionTrackerFilter) ([]types.SessionTracker, error)

GetActiveSessionTrackersWithFilter returns a list of active sessions filtered by a filter.

func (*Client) GetApp 

func (c *Client) GetApp(ctx context.Context, name string) (types.Application, error)

GetApp returns the specified application resource.

func (*Client) GetAppSession 

func (c *Client) GetAppSession(ctx context.Context, req types.GetAppSessionRequest) (types.WebSession, error)

GetAppSession gets an application web session.

func (*Client) GetAppSessions 

func (c *Client) GetAppSessions(ctx context.Context) ([]types.WebSession, error)

GetAppSessions gets all application web sessions.

func (*Client) GetApplicationServers 

func (c *Client) GetApplicationServers(ctx context.Context, namespace string) ([]types.AppServer, error)

GetApplicationServers returns all registered application servers.

func (*Client) GetApps 

func (c *Client) GetApps(ctx context.Context) ([]types.Application, error)

GetApps returns all application resources.

func (*Client) GetAuthPreference 

func (c *Client) GetAuthPreference(ctx context.Context) (types.AuthPreference, error)

GetAuthPreference gets cluster auth preference.

func (*Client) GetBotUsers 

func (c *Client) GetBotUsers(ctx context.Context) ([]types.User, error)

GetBotUsers fetches all bot users.

func (*Client) GetClusterAlerts 

func (c *Client) GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error)

GetClusterAlerts loads matching cluster alerts.

func (*Client) GetClusterAuditConfig 

func (c *Client) GetClusterAuditConfig(ctx context.Context) (types.ClusterAuditConfig, error)

GetClusterAuditConfig gets cluster audit configuration.

func (*Client) GetClusterCACert 

func (c *Client) GetClusterCACert(ctx context.Context) (*proto.GetClusterCACertResponse, error)

GetClusterCACert returns the PEM-encoded TLS certs for the local cluster. If the cluster has multiple TLS certs, they will all be concatenated.

func (*Client) GetClusterNetworkingConfig 

func (c *Client) GetClusterNetworkingConfig(ctx context.Context) (types.ClusterNetworkingConfig, error)

GetClusterNetworkingConfig gets cluster networking configuration.

func (*Client) GetConnection 

func (c *Client) GetConnection() *grpc.ClientConn

GetConnection returns GRPC connection.

func (*Client) GetConnectionDiagnostic 

func (c *Client) GetConnectionDiagnostic(ctx context.Context, name string) (types.ConnectionDiagnostic, error)

GetConnectionDiagnostic reads a connection diagnostic

func (*Client) GetCurrentUser 

func (c *Client) GetCurrentUser(ctx context.Context) (types.User, error)

GetCurrentUser returns current user as seen by the server. Useful especially in the context of remote clusters which perform role and trait mapping.

func (*Client) GetCurrentUserRoles 

func (c *Client) GetCurrentUserRoles(ctx context.Context) ([]types.Role, error)

GetCurrentUserRoles returns current user's roles.

func (*Client) GetDatabase 

func (c *Client) GetDatabase(ctx context.Context, name string) (types.Database, error)

GetDatabase returns the specified database resource.

func (*Client) GetDatabaseServers 

func (c *Client) GetDatabaseServers(ctx context.Context, namespace string) ([]types.DatabaseServer, error)

GetDatabaseServers returns all registered database proxy servers.

func (*Client) GetDatabases 

func (c *Client) GetDatabases(ctx context.Context) ([]types.Database, error)

GetDatabases returns all database resources.

func (*Client) GetDomainName 

func (c *Client) GetDomainName(ctx context.Context) (string, error)

GetDomainName returns local auth domain of the current auth server

func (*Client) GetGithubAuthRequest 

func (c *Client) GetGithubAuthRequest(ctx context.Context, stateToken string) (*types.GithubAuthRequest, error)

GetGithubAuthRequest gets a GithubAuthRequest by state token.

func (*Client) GetGithubConnector 

func (c *Client) GetGithubConnector(ctx context.Context, name string, withSecrets bool) (types.GithubConnector, error)

GetGithubConnector returns a Github connector by name.

func (*Client) GetGithubConnectors 

func (c *Client) GetGithubConnectors(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error)

GetGithubConnectors returns a list of Github connectors.

func (*Client) GetInstaller 

func (c *Client) GetInstaller(ctx context.Context, name string) (types.Installer, error)

GetInstaller gets the cluster installer resource

func (*Client) GetInstallers 

func (c *Client) GetInstallers(ctx context.Context) ([]types.Installer, error)

GetInstaller gets all installer script resources

func (*Client) GetInventoryStatus 

func (c *Client) GetInventoryStatus(ctx context.Context, req proto.InventoryStatusRequest) (proto.InventoryStatusSummary, error)

func (*Client) GetKubeServices 

func (c *Client) GetKubeServices(ctx context.Context) ([]types.Server, error)

GetKubeServices returns the list of kubernetes services registered in the cluster. DELETE IN 13.0.0

func (*Client) GetKubernetesCluster 

func (c *Client) GetKubernetesCluster(ctx context.Context, name string) (types.KubeCluster, error)

GetKubernetesCluster returns the specified kubernetes resource.

func (*Client) GetKubernetesClusters 

func (c *Client) GetKubernetesClusters(ctx context.Context) ([]types.KubeCluster, error)

GetKubernetesClusters returns all kubernetes cluster resources.

func (*Client) GetKubernetesServers 

func (c *Client) GetKubernetesServers(ctx context.Context) ([]types.KubeServer, error)

GetKubernetesServers returns the list of kubernetes servers registered in the cluster.

func (*Client) GetLock 

func (c *Client) GetLock(ctx context.Context, name string) (types.Lock, error)

GetLock gets a lock by name.

func (*Client) GetLocks 

func (c *Client) GetLocks(ctx context.Context, inForceOnly bool, targets ...types.LockTarget) ([]types.Lock, error)

GetLocks gets all/in-force locks that match at least one of the targets when specified.

func (*Client) GetMFADevices 

func (c *Client) GetMFADevices(ctx context.Context, in *proto.GetMFADevicesRequest) (*proto.GetMFADevicesResponse, error)

func (*Client) GetNetworkRestrictions 

func (c *Client) GetNetworkRestrictions(ctx context.Context) (types.NetworkRestrictions, error)

GetNetworkRestrictions retrieves the network restrictions

func (*Client) GetNode 

func (c *Client) GetNode(ctx context.Context, namespace, name string) (types.Server, error)

GetNode returns a node by name and namespace.

func (*Client) GetNodes 

func (c *Client) GetNodes(ctx context.Context, namespace string) ([]types.Server, error)

GetNodes returns a complete list of nodes that the user has access to in the given namespace.

func (*Client) GetOIDCAuthRequest 

func (c *Client) GetOIDCAuthRequest(ctx context.Context, stateToken string) (*types.OIDCAuthRequest, error)

GetOIDCAuthRequest gets an OIDCAuthRequest by state token.

func (*Client) GetOIDCConnector 

func (c *Client) GetOIDCConnector(ctx context.Context, name string, withSecrets bool) (types.OIDCConnector, error)

GetOIDCConnector returns an OIDC connector by name.

func (*Client) GetOIDCConnectors 

func (c *Client) GetOIDCConnectors(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error)

GetOIDCConnectors returns a list of OIDC connectors.

func (*Client) GetPluginData 

func (c *Client) GetPluginData(ctx context.Context, filter types.PluginDataFilter) ([]types.PluginData, error)

GetPluginData loads all plugin data matching the supplied filter.

func (*Client) GetResetPasswordToken 

func (c *Client) GetResetPasswordToken(ctx context.Context, tokenID string) (types.UserToken, error)

GetResetPasswordToken returns a reset password token for the specified tokenID.

func (*Client) GetRole 

func (c *Client) GetRole(ctx context.Context, name string) (types.Role, error)

GetRole returns role by name

func (*Client) GetRoles 

func (c *Client) GetRoles(ctx context.Context) ([]types.Role, error)

GetRoles returns a list of roles

func (*Client) GetSAMLAuthRequest 

func (c *Client) GetSAMLAuthRequest(ctx context.Context, id string) (*types.SAMLAuthRequest, error)

GetSAMLAuthRequest gets a SAMLAuthRequest by id.

func (*Client) GetSAMLConnector 

func (c *Client) GetSAMLConnector(ctx context.Context, name string, withSecrets bool) (types.SAMLConnector, error)

GetSAMLConnector returns a SAML connector by name.

func (*Client) GetSAMLConnectors 

func (c *Client) GetSAMLConnectors(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error)

GetSAMLConnectors returns a list of SAML connectors.

func (*Client) GetSSODiagnosticInfo 

func (c *Client) GetSSODiagnosticInfo(ctx context.Context, authRequestKind string, authRequestID string) (*types.SSODiagnosticInfo, error)

GetSSODiagnosticInfo returns SSO diagnostic info records for a specific SSO Auth request.

func (*Client) GetSemaphores 

func (c *Client) GetSemaphores(ctx context.Context, filter types.SemaphoreFilter) ([]types.Semaphore, error)

GetSemaphores returns a list of all semaphores matching the supplied filter.

func (*Client) GetSessionRecordingConfig 

func (c *Client) GetSessionRecordingConfig(ctx context.Context) (types.SessionRecordingConfig, error)

GetSessionRecordingConfig gets session recording configuration.

func (*Client) GetSessionTracker 

func (c *Client) GetSessionTracker(ctx context.Context, sessionID string) (types.SessionTracker, error)

GetSessionTracker returns the current state of a session tracker for an active session.

func (*Client) GetSnowflakeSession 

func (c *Client) GetSnowflakeSession(ctx context.Context, req types.GetSnowflakeSessionRequest) (types.WebSession, error)

GetSnowflakeSession gets a Snowflake web session.

func (*Client) GetSnowflakeSessions 

func (c *Client) GetSnowflakeSessions(ctx context.Context) ([]types.WebSession, error)

GetSnowflakeSessions gets all Snowflake web sessions.

func (*Client) GetToken 

func (c *Client) GetToken(ctx context.Context, name string) (types.ProvisionToken, error)

GetToken returns a provision token by name.

func (*Client) GetTokens 

func (c *Client) GetTokens(ctx context.Context) ([]types.ProvisionToken, error)

GetTokens returns a list of active provision tokens for nodes and users.

func (*Client) GetTrustedCluster 

func (c *Client) GetTrustedCluster(ctx context.Context, name string) (types.TrustedCluster, error)

GetTrustedCluster returns a Trusted Cluster by name.

func (*Client) GetTrustedClusters 

func (c *Client) GetTrustedClusters(ctx context.Context) ([]types.TrustedCluster, error)

GetTrustedClusters returns a list of Trusted Clusters.

func (*Client) GetUser 

func (c *Client) GetUser(name string, withSecrets bool) (types.User, error)

GetUser returns a list of usernames registered in the system. withSecrets controls whether authentication details are returned.

func (*Client) GetUsers 

func (c *Client) GetUsers(withSecrets bool) ([]types.User, error)

GetUsers returns a list of users. withSecrets controls whether authentication details are returned.

func (*Client) GetWebSession 

func (c *Client) GetWebSession(ctx context.Context, req types.GetWebSessionRequest) (types.WebSession, error)

GetWebSession returns the web session for the specified request. Implements ReadAccessPoint

func (*Client) GetWebToken 

func (c *Client) GetWebToken(ctx context.Context, req types.GetWebTokenRequest) (types.WebToken, error)

GetWebToken returns the web token for the specified request. Implements ReadAccessPoint

func (*Client) GetWindowsDesktopService 

func (c *Client) GetWindowsDesktopService(ctx context.Context, name string) (types.WindowsDesktopService, error)

GetWindowsDesktopService returns a registered windows desktop service by name.

func (*Client) GetWindowsDesktopServices 

func (c *Client) GetWindowsDesktopServices(ctx context.Context) ([]types.WindowsDesktopService, error)

GetWindowsDesktopServices returns all registered windows desktop services.

func (*Client) GetWindowsDesktops 

func (c *Client) GetWindowsDesktops(ctx context.Context, filter types.WindowsDesktopFilter) ([]types.WindowsDesktop, error)

GetWindowsDesktops returns all registered windows desktop hosts.

func (*Client) InventoryControlStream 

func (c *Client) InventoryControlStream(ctx context.Context) (DownstreamInventoryControlStream, error)

InventoryControlStream opens a new control stream. The first message sent must be an UpstreamInventoryHello, and the first message received must be a DownstreamInventoryHello.

func (*Client) IsMFARequired 

func (c *Client) IsMFARequired(ctx context.Context, req *proto.IsMFARequiredRequest) (*proto.IsMFARequiredResponse, error)

func (*Client) KeepAliveSemaphoreLease 

func (c *Client) KeepAliveSemaphoreLease(ctx context.Context, lease types.SemaphoreLease) error

KeepAliveSemaphoreLease updates semaphore lease.

func (*Client) ListAppSessions 

func (c *Client) ListAppSessions(ctx context.Context, pageSize int, pageToken, user string) ([]types.WebSession, string, error)

ListAppSessions gets a paginated list of application web sessions.

func (*Client) ListResources 

func (c *Client) ListResources(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error)

ListResources returns a paginated list of nodes that the user has access to. `nextKey` is used as `startKey` in another call to ListResources to retrieve the next page. If you want to list all resources pages, check the `GetResources` function. It will return a `trace.LimitExceeded` error if the page exceeds gRPC max message size.

func (*Client) MaintainSessionPresence 

func (c *Client) MaintainSessionPresence(ctx context.Context) (proto.AuthService_MaintainSessionPresenceClient, error)

MaintainSessionPresence establishes a channel used to continuously verify the presence for a session.

func (*Client) NewKeepAliver 

func (c *Client) NewKeepAliver(ctx context.Context) (types.KeepAliver, error)

NewKeepAliver returns a new instance of keep aliver. It is the caller's responsibility to invoke Close on the returned value to release the keepAliver resources.

func (*Client) NewWatcher 

func (c *Client) NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error)

NewWatcher returns a new streamWatcher

func (*Client) Ping 

func (c *Client) Ping(ctx context.Context) (proto.PingResponse, error)

Ping gets basic info about the auth server.

func (*Client) PingInventory 

func (c *Client) PingInventory(ctx context.Context, req proto.InventoryPingRequest) (proto.InventoryPingResponse, error)

func (*Client) RemoveSessionTracker 

func (c *Client) RemoveSessionTracker(ctx context.Context, sessionID string) error

RemoveSessionTracker removes a tracker resource for an active session.

func (*Client) ReplaceRemoteLocks 

func (c *Client) ReplaceRemoteLocks(ctx context.Context, clusterName string, locks []types.Lock) error

ReplaceRemoteLocks replaces the set of locks associated with a remote cluster.

func (*Client) ResetAuthPreference 

func (c *Client) ResetAuthPreference(ctx context.Context) error

ResetAuthPreference resets cluster auth preference to defaults.

func (*Client) ResetClusterNetworkingConfig 

func (c *Client) ResetClusterNetworkingConfig(ctx context.Context) error

ResetClusterNetworkingConfig resets cluster networking configuration to defaults.

func (*Client) ResetSessionRecordingConfig 

func (c *Client) ResetSessionRecordingConfig(ctx context.Context) error

ResetSessionRecordingConfig resets session recording configuration to defaults.

func (*Client) ResumeAuditStream 

func (c *Client) ResumeAuditStream(ctx context.Context, sessionID, uploadID string) (events.Stream, error)

ResumeAuditStream resumes existing audit stream.

func (*Client) SearchEvents 

func (c *Client) SearchEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)

SearchEvents allows searching for events with a full pagination support.

func (*Client) SearchSessionEvents 

func (c *Client) SearchSessionEvents(ctx context.Context, fromUTC time.Time, toUTC time.Time, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)

SearchSessionEvents allows searching for session events with a full pagination support.

func (*Client) SetAccessRequestState 

func (c *Client) SetAccessRequestState(ctx context.Context, params types.AccessRequestUpdate) error

SetAccessRequestState updates the state of an existing access request.

func (*Client) SetAuthPreference 

func (c *Client) SetAuthPreference(ctx context.Context, authPref types.AuthPreference) error

SetAuthPreference sets cluster auth preference.

func (*Client) SetClusterNetworkingConfig 

func (c *Client) SetClusterNetworkingConfig(ctx context.Context, netConfig types.ClusterNetworkingConfig) error

SetClusterNetworkingConfig sets cluster networking configuration.

func (*Client) SetInstaller 

func (c *Client) SetInstaller(ctx context.Context, inst types.Installer) error

SetInstaller sets the cluster installer resource

func (*Client) SetNetworkRestrictions 

func (c *Client) SetNetworkRestrictions(ctx context.Context, nr types.NetworkRestrictions) error

SetNetworkRestrictions updates the network restrictions

func (*Client) SetSessionRecordingConfig 

func (c *Client) SetSessionRecordingConfig(ctx context.Context, recConfig types.SessionRecordingConfig) error

SetSessionRecordingConfig sets session recording configuration.

func (*Client) SignDatabaseCSR 

func (c *Client) SignDatabaseCSR(ctx context.Context, req *proto.DatabaseCSRRequest) (*proto.DatabaseCSRResponse, error)

SignDatabaseCSR generates a client certificate used by proxy when talking to a remote database service.

func (*Client) StartAccountRecovery 

func (c *Client) StartAccountRecovery(ctx context.Context, req *proto.StartAccountRecoveryRequest) (types.UserToken, error)

StartAccountRecovery creates a recovery start token for a user who successfully verified their username and their recovery code. This token is used as part of a URL that will be emailed to the user (not done in this request). Represents step 1 of the account recovery process.

func (*Client) StreamSessionEvents 

func (c *Client) StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan events.AuditEvent, chan error)

StreamSessionEvents streams audit events from a given session recording.

func (*Client) SubmitAccessReview 

func (c *Client) SubmitAccessReview(ctx context.Context, params types.AccessReviewSubmission) (types.AccessRequest, error)

SubmitAccessReview applies a review to a request and returns the post-application state.

func (*Client) SubmitUsageEvent 

func (c *Client) SubmitUsageEvent(ctx context.Context, req *proto.SubmitUsageEventRequest) error

SubmitUsageEvent submits an external usage event.

func (*Client) UnstableAssertSystemRole 

func (c *Client) UnstableAssertSystemRole(ctx context.Context, req proto.UnstableSystemRoleAssertion) error

UnstableAssertSystemRole is not a stable part of the public API. Used by older instances to prove that they hold a given system role.

DELETE IN: 11.0 (server side method should continue to exist until 12.0 for back-compat reasons, but v11 clients should no longer need this method)

func (*Client) UpdateApp 

func (c *Client) UpdateApp(ctx context.Context, app types.Application) error

UpdateApp updates existing application resource.

func (*Client) UpdateConnectionDiagnostic 

func (c *Client) UpdateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error

UpdateConnectionDiagnostic updates a connection diagnostic.

func (*Client) UpdateDatabase 

func (c *Client) UpdateDatabase(ctx context.Context, database types.Database) error

UpdateDatabase updates existing database resource.

func (*Client) UpdateKubernetesCluster 

func (c *Client) UpdateKubernetesCluster(ctx context.Context, cluster types.KubeCluster) error

UpdateKubernetesCluster updates existing kubernetes cluster resource.

func (*Client) UpdatePluginData 

func (c *Client) UpdatePluginData(ctx context.Context, params types.PluginDataUpdateParams) error

UpdatePluginData updates a per-resource PluginData entry.

func (*Client) UpdateRemoteCluster 

func (c *Client) UpdateRemoteCluster(ctx context.Context, rc types.RemoteCluster) error

UpdateRemoteCluster updates remote cluster from the specified value.

func (*Client) UpdateSessionTracker 

func (c *Client) UpdateSessionTracker(ctx context.Context, req *proto.UpdateSessionTrackerRequest) error

UpdateSessionTracker updates a tracker resource for an active session.

func (*Client) UpdateUser 

func (c *Client) UpdateUser(ctx context.Context, user types.User) error

UpdateUser updates an existing user in a backend.

func (*Client) UpdateWindowsDesktop 

func (c *Client) UpdateWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

UpdateWindowsDesktop updates an existing windows desktop host.

func (*Client) UpsertApplicationServer 

func (c *Client) UpsertApplicationServer(ctx context.Context, server types.AppServer) (*types.KeepAlive, error)

UpsertApplicationServer registers an application server.

func (*Client) UpsertClusterAlert 

func (c *Client) UpsertClusterAlert(ctx context.Context, alert types.ClusterAlert) error

UpsertClusterAlert creates a cluster alert.

func (*Client) UpsertDatabaseServer 

func (c *Client) UpsertDatabaseServer(ctx context.Context, server types.DatabaseServer) (*types.KeepAlive, error)

UpsertDatabaseServer registers a new database proxy server.

func (*Client) UpsertGithubConnector 

func (c *Client) UpsertGithubConnector(ctx context.Context, connector types.GithubConnector) error

UpsertGithubConnector creates or updates a Github connector.

func (*Client) UpsertKubeService 

func (c *Client) UpsertKubeService(ctx context.Context, s types.Server) error

UpsertKubeService is used by kubernetes services to report their presence to other auth servers in form of hearbeat expiring after ttl period. DELETE IN 13.0.0

func (*Client) UpsertKubeServiceV2 

func (c *Client) UpsertKubeServiceV2(ctx context.Context, s types.Server) (*types.KeepAlive, error)

UpsertKubeServiceV2 is used by kubernetes services to report their presence to other auth servers in form of hearbeat expiring after ttl period. DELETE IN 13.0.0

func (*Client) UpsertKubernetesServer 

func (c *Client) UpsertKubernetesServer(ctx context.Context, s types.KubeServer) (*types.KeepAlive, error)

UpsertKubernetesServer is used by kubernetes services to report their presence to other auth servers in form of hearbeat expiring after ttl period.

func (*Client) UpsertLock 

func (c *Client) UpsertLock(ctx context.Context, lock types.Lock) error

UpsertLock upserts a lock.

func (*Client) UpsertNode 

func (c *Client) UpsertNode(ctx context.Context, node types.Server) (*types.KeepAlive, error)

UpsertNode is used by SSH servers to report their presence to the auth servers in form of heartbeat expiring after ttl period.

func (*Client) UpsertOIDCConnector 

func (c *Client) UpsertOIDCConnector(ctx context.Context, oidcConnector types.OIDCConnector) error

UpsertOIDCConnector creates or updates an OIDC connector.

func (*Client) UpsertRole 

func (c *Client) UpsertRole(ctx context.Context, role types.Role) error

UpsertRole creates or updates role

func (*Client) UpsertSAMLConnector 

func (c *Client) UpsertSAMLConnector(ctx context.Context, connector types.SAMLConnector) error

UpsertSAMLConnector creates or updates a SAML connector.

func (*Client) UpsertToken 

func (c *Client) UpsertToken(ctx context.Context, token types.ProvisionToken) error

UpsertToken creates or updates a provision token.

func (*Client) UpsertTrustedCluster 

func (c *Client) UpsertTrustedCluster(ctx context.Context, trusedCluster types.TrustedCluster) (types.TrustedCluster, error)

UpsertTrustedCluster creates or updates a Trusted Cluster.

func (*Client) UpsertWindowsDesktop 

func (c *Client) UpsertWindowsDesktop(ctx context.Context, desktop types.WindowsDesktop) error

UpsertWindowsDesktop updates a windows desktop resource, creating it if it doesn't exist.

func (*Client) UpsertWindowsDesktopService 

func (c *Client) UpsertWindowsDesktopService(ctx context.Context, service types.WindowsDesktopService) (*types.KeepAlive, error)

UpsertWindowsDesktopService registers a new windows desktop service.

func (*Client) VerifyAccountRecovery 

func (c *Client) VerifyAccountRecovery(ctx context.Context, req *proto.VerifyAccountRecoveryRequest) (types.UserToken, error)

VerifyAccountRecovery creates a recovery approved token after successful verification of users password or second factor (authn depending on what user needed to recover). This token will allow users to perform protected actions while not logged in. Represents step 2 of the account recovery process after RPC StartAccountRecovery.

func (*Client) WebSessions 

func (c *Client) WebSessions() types.WebSessionInterface

WebSessions returns the web sessions controller

func (*Client) WebTokens 

func (c *Client) WebTokens() types.WebTokenInterface

WebTokens returns the web tokens controller

func (*Client) WithCallOptions 

func (c *Client) WithCallOptions(opts ...grpc.CallOption) *Client

WithCallOptions returns a copy of the client with the given call options set. This function should be used for chaining - client.WithCallOptions().Ping()

type Config 

type Config struct {
	// Addrs is a list of teleport auth/proxy server addresses to dial.
	Addrs []string
	// Credentials are a list of credentials to use when attempting
	// to connect to the server.
	Credentials []Credentials
	// Dialer is a custom dialer used to dial a server. The Dialer should
	// have custom logic to provide an address to the dialer. If set, Dialer
	// takes precedence over all other connection options.
	Dialer ContextDialer
	// DialOpts define options for dialing the client connection.
	DialOpts []grpc.DialOption
	// DialInBackground specifies to dial the connection in the background
	// rather than blocking until the connection is up. A predefined Dialer
	// or an auth server address must be provided.
	DialInBackground bool
	// DialTimeout defines how long to attempt dialing before timing out.
	DialTimeout time.Duration
	// KeepAlivePeriod defines period between keep alives.
	KeepAlivePeriod time.Duration
	// KeepAliveCount specifies the amount of missed keep alives
	// to wait for before declaring the connection as broken.
	KeepAliveCount int
	// The web proxy uses a self-signed TLS certificate by default, which
	// requires this field to be set. If the web proxy was provided with
	// signed TLS certificates, this field should not be set.
	InsecureAddressDiscovery bool
	// ALPNSNIAuthDialClusterName if present the client will include ALPN SNI routing information in TLS Hello message
	// allowing to dial auth service through Teleport Proxy directly without using SSH Tunnels.
	ALPNSNIAuthDialClusterName string
	// CircuitBreakerConfig defines how the circuit breaker should behave.
	CircuitBreakerConfig breaker.Config
	// Context is the base context to use for dialing. If not provided context.Background is used
	Context context.Context
}

Config contains configuration of the client

func (*Config) CheckAndSetDefaults 

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets default config values.

type ContextDialer 

type ContextDialer interface {
	// DialContext is a function that dials the specified address
	DialContext(ctx context.Context, network, addr string) (net.Conn, error)
}

ContextDialer represents network dialer interface that uses context

func NewDialer 

func NewDialer(ctx context.Context, keepAlivePeriod, dialTimeout time.Duration) ContextDialer

NewDialer makes a new dialer that connects to an Auth server either directly or via an HTTP proxy, depending on the environment.

func NewProxyDialer 

func NewProxyDialer(ssh ssh.ClientConfig, keepAlivePeriod, dialTimeout time.Duration, discoveryAddr string, insecure bool) ContextDialer

NewProxyDialer makes a dialer to connect to an Auth server through the SSH reverse tunnel on the proxy. The dialer will ping the web client to discover the tunnel proxy address on each dial.

type ContextDialerFunc 

type ContextDialerFunc func(ctx context.Context, network, addr string) (net.Conn, error)

ContextDialerFunc is a function wrapper that implements the ContextDialer interface.

func (ContextDialerFunc) DialContext 

func (f ContextDialerFunc) DialContext(ctx context.Context, network, addr string) (net.Conn, error)

DialContext is a function that dials to the specified address

type Credentials 

type Credentials interface {
	// Dialer is used to create a dialer used to connect to the Auth server.
	Dialer(cfg Config) (ContextDialer, error)
	// TLSConfig returns TLS configuration used to authenticate the client.
	TLSConfig() (*tls.Config, error)
	// SSHClientConfig returns SSH configuration used to connect to the
	// Auth server through a reverse tunnel.
	SSHClientConfig() (*ssh.ClientConfig, error)
}

Credentials are used to authenticate the API auth client. Some Credentials also provide other functionality, such as automatic address discovery and ssh connectivity.

See the examples below for an example of each loader.

Example (LoadIdentity)

Generate identity file with tsh or tctl. 

$ tsh login --user=api-user --out=identity-file-path
$ tctl auth sign --user=api-user --out=identity-file-path

Load credentials from the specified identity file. 

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadIdentityFile("identity-file-path")
}

Output:
Example (LoadIdentityString)

Generate identity file with tsh or tctl. 

$ tsh login --user=api-user --out=identity-file-path
$ tctl auth sign --user=api-user --out=identity-file-path
$ export TELEPORT_IDENTITY=$(cat identity-file-path)

Load credentials from the envrironment variable. 

package main

import (
	"os"

	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY"))
}

Output:
Example (LoadKeyPair)

Generate certificate key pair with tctl. 

$ tctl auth sign --format=tls --user=api-user --out=path/to/certs

Load credentials from the specified certificate files. 

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadKeyPair(
		"path/to/certs.crt",
		"path/to/certs.key",
		"path/to/certs.cas",
	)
}

Output:
Example (LoadProfile)

Generate tsh profile with tsh. 

$ tsh login --user=api-user

Load credentials from the default directory and current profile, or specify the directory and profile. 

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadProfile("", "")
	client.LoadProfile("profile-directory", "api-user")
}

Output:

func LoadIdentityFile 

func LoadIdentityFile(path string) Credentials

LoadIdentityFile is used to load Credentials from an identity file on disk.

Identity Credentials can be used to connect to an auth server directly or through a reverse tunnel.

A new identity file can be generated with tsh or tctl. 

$ tsh login --user=api-user --out=identity-file-path
$ tctl auth sign --user=api-user --out=identity-file-path

The identity file's time to live can be specified with --ttl.

See the example below for usage.

Example

Load credentials from the specified identity file. 

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadIdentityFile("identity-file-path")
}

Output:

func LoadIdentityFileFromString 

func LoadIdentityFileFromString(content string) Credentials

LoadIdentityFileFromString is used to load Credentials from a string containing identity file contents.

Identity Credentials can be used to connect to an auth server directly or through a reverse tunnel.

A new identity file can be generated with tsh or tctl. 

$ tsh login --user=api-user --out=identity-file-path
$ tctl auth sign --user=api-user --out=identity-file-path

The identity file's time to live can be specified with --ttl.

See the example below for usage.

Example

Load credentials from the specified environment variable. 

package main

import (
	"os"

	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadIdentityFileFromString(os.Getenv("TELEPORT_IDENTITY"))
}

Output:

func LoadKeyPair 

func LoadKeyPair(certFile, keyFile, caFile string) Credentials

LoadKeyPair is used to load Credentials from a certicate keypair on disk.

KeyPair Credentials can only be used to connect directly to a Teleport Auth server.

New KeyPair files can be generated with tsh or tctl. 

$ tctl auth sign --format=tls --user=api-user --out=path/to/certs

The certificates' time to live can be specified with --ttl.

See the example below for usage.

Example

Load credentials from the specified certificate files. 

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadKeyPair(
		"path/to/certs.crt",
		"path/to/certs.key",
		"path/to/certs.cas",
	)
}

Output:

func LoadProfile 

func LoadProfile(dir, name string) Credentials

LoadProfile is used to load Credentials from a tsh profile on disk.

dir is the profile directory. It will defaults to "~/.tsh".

name is the profile name. It will default to the currently active tsh profile.

Profile Credentials can be used to connect to an auth server directly or through a reverse tunnel.

Profile Credentials will automatically attempt to find your reverse tunnel address and make a connection through it.

A new profile can be generated with tsh. 

$ tsh login --user=api-user
Example

Load credentials from the default directory and current profile, or specify the directory and profile. 

package main

import (
	"github.com/gravitational/teleport/api/client"
)

func main() {
	client.LoadProfile("", "")
	client.LoadProfile("profile-directory", "api-user")
}

Output:

func LoadTLS 

func LoadTLS(tlsConfig *tls.Config) Credentials

LoadTLS is used to load Credentials directly from a *tls.Config.

TLS creds can only be used to connect directly to a Teleport Auth server.

type DownstreamInventoryControlStream 

type DownstreamInventoryControlStream interface {
	// Send attempts to send an upstream message. An error returned from this
	// method either indicates that the stream itself has failed, or that the
	// supplied context was canceled.
	Send(ctx context.Context, msg proto.UpstreamInventoryMessage) error
	// Recv accesses the incoming/downstream message channel.
	Recv() <-chan proto.DownstreamInventoryMessage
	// Close closes the underlying stream without error.
	Close() error
	// CloseWithError closes the underlying stream with an error that can later
	// be retrieved with Error(). Subsequent calls to CloseWithError have no effect.
	CloseWithError(err error) error
	// Done signals that the stream has been closed.
	Done() <-chan struct{}
	// Error checks for any error associated with stream closure (returns `nil` if
	// the stream is open, or io.EOF if the stream was closed without error).
	Error() error
}

DownstreamInventoryControlStream is the client/agent side of a bidirectional stream established between teleport instances and auth servers.

type ICSPipeOption 

type ICSPipeOption func(*pipeOptions)

func ICSPipePeerAddr 

func ICSPipePeerAddr(peerAddr string) ICSPipeOption

func ICSPipePeerAddrFn 

func ICSPipePeerAddrFn(fn func() string) ICSPipeOption

type JoinServiceClient 

type JoinServiceClient struct {
	// contains filtered or unexported fields
}

JoinServiceClient is a client for the JoinService, which runs on both the auth and proxy.

func NewJoinServiceClient 

func NewJoinServiceClient(grpcClient proto.JoinServiceClient) *JoinServiceClient

NewJoinServiceClient returns a new JoinServiceClient wrapping the given grpc client.

func (*JoinServiceClient) RegisterUsingIAMMethod 

func (c *JoinServiceClient) RegisterUsingIAMMethod(ctx context.Context, challengeResponse RegisterChallengeResponseFunc) (*proto.Certs, error)

RegisterUsingIAMMethod registers the caller using the IAM join method and returns signed certs to join the cluster.

The caller must provide a ChallengeResponseFunc which returns a *types.RegisterUsingTokenRequest with a signed sts:GetCallerIdentity request including the challenge as a signed header.

type ListResourcesClient 

type ListResourcesClient interface {
	ListResources(ctx context.Context, req proto.ListResourcesRequest) (*types.ListResourcesResponse, error)
}

ListResourcesClient is an interface used by GetResourcesWithFilters to abstract over implementations of the ListResources method.

type RegisterChallengeResponseFunc 

type RegisterChallengeResponseFunc func(challenge string) (*proto.RegisterUsingIAMMethodRequest, error)

RegisterChallengeResponseFunc is a function type meant to be passed to RegisterUsingIAMMethod. It must return a *types.RegisterUsingTokenRequest for a given challenge, or an error.

type UpstreamInventoryControlStream 

type UpstreamInventoryControlStream interface {
	// Send attempts to send a downstream message.  An error returned from this
	// method either indicates that the stream itself has failed, or that the
	// supplied context was canceled.
	Send(ctx context.Context, msg proto.DownstreamInventoryMessage) error
	// Recv access the incoming/upstream message channel.
	Recv() <-chan proto.UpstreamInventoryMessage
	// PeerAddr gets the underlying TCP peer address (may be empty in some cases).
	PeerAddr() string
	// Close closes the underlying stream without error.
	Close() error
	// CloseWithError closes the underlying stream with an error that can later
	// be retrieved with Error(). Subsequent calls to CloseWithError have no effect.
	CloseWithError(err error) error
	// Done signals that the stream has been closed.
	Done() <-chan struct{}
	// Error checks for any error associated with stream closure (returns `nil` if
	// the stream is open, or io.EOF if the stream closed without error).
	Error() error
}

UpstreamInventoryControlStream is the server/controller side of a bidirectional stream established between teleport instances and auth servers.

func NewUpstreamInventoryControlStream 

func NewUpstreamInventoryControlStream(stream proto.AuthService_InventoryControlStreamServer, peerAddr string) UpstreamInventoryControlStream

NewUpstreamInventoryControlStream wraps the server-side control stream handle. For use as part of the internals of the auth server's GRPC API implementation.

Source Files

View all Source files

Directories

Path Synopsis
Package proto provides the protobuf API specification for Teleport.
 Package proto provides the protobuf API specification for Teleport.
Package webclient provides a client for the Teleport Proxy API endpoints.
 Package webclient provides a client for the Teleport Proxy API endpoints.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.