Copyright 2015 Gravitational, Inc.

AuthoritiesToTrustedCerts serializes authorities to TrustedCerts data structure.

ClientCertPool returns trusted x509 cerificate authority pool.

ClientTimeout sets idle and dial timeouts of the HTTP transport used by the client.

CreateUploaderDir creates directory for file uploader service.

CreateUserAndRole creates user and role and assignes role to a user, used in tests.

CreateUserAndRoleWithoutRoles creates user and role, but does not assign user to a role, used in tests.

DecodeClusterName decodes cluster name, returns NotFound if no cluster name is encoded (empty subdomain), so servers can detect cases when no server name passed returns BadParameter if encoding does not match.

EncodeClusterName encodes cluster name in the SNI hostname.

GenerateCertificate generates certificate for identity, returns private public key pair.

GenerateIdentity generates identity for the auth server.

GetCheckerForBuiltinRole returns checkers for embedded builtin role.

GetIdentitySchema returns JSON Schema for cert authorities.

GetPlugin returns auth API server plugin that allows injecting handlers.

GetStateSchema returns JSON Schema for cert authorities.

HostFQDN consits of host UUID and cluster name joined via .

Init instantiates and configures an instance of AuthServer.

LocalRegister is used to generate host keys when a node or proxy is running within the same process as the auth server.

NewAddrDialer returns new dialer from a list of addresses.

NewAdminAuthServer returns auth server authorized as admin, used for auth server cached access.

NewAdminContext returns new admin auth context.

NewAPIServer returns a new instance of APIServer HTTP handler.

NewAuthorizer returns new authorizer using backends.

NewAuthServer creates and configures a new AuthServer instance.

NewAuthClient returns a new instance of the client which talks to an Auth server API (aka "site API") via HTTP-over-SSH.

NewProcessStorage returns a new instance of the process storage.

NewRoleAuthorizer authorizes everyone as predefined role, used in tests.

NewServerIdentity generates new server identity, used in tests.

NewTestAuthServer returns new instances of Auth server.

NewTestTLSServer returns new test TLS server that is started and is listening on 127.0.0.1 loopback on any available port.

NewTLSClient returns new client using TLS mutual authentication.

NewTLSClientWithDialer returns new TLS client that uses mutual TLS authenticate and dials the remote server using dialer.

NewTLSServer returns new unstarted TLS server.

ReadIdentityFromKeyPair reads TLS identity from key pair.

ReadLocalIdentity reads, parses and returns the given pub/pri key + cert from the key storage (dataDir).

ReadSSHIdentityFromKeyPair reads identity from initialized keypair.

ReadTLSIdentityFromKeyPair reads TLS identity from key pair.

Register is used to generate host keys when a node or proxy are running on different hosts than the auth server.

ReRegister renews the certificates and private keys based on the client's existing identity.

SetPlugin sets plugin for the auth API server.

TestAdmin returns TestIdentity for admin user.

TestBuiltin returns TestIdentity for builtin user.

TestNop returns "Nop" - unauthenticated identity.

TestServerID returns a TestIdentity for a node with the passed in serverID.

TestUser returns TestIdentity for local user.

BearerTokenTTL specifies standard bearer token to exist before it has to be renewed by the client.

ContextUser is a user set in the context of the request.

CurrentVersion is a current API version.

GithubAPIURL is the Github base API URL.

GithubAuthURL is the Github authorization endpoint.

GithubTokenURL is the Github token exchange endpoint.

IdentityNameCurrent is a name for the identity credentials that are currently used by the process.

IdentityReplacement is a name for the identity crdentials that are replacing current identity credentials during CA rotation.

IdentitySpecV2Schema is a schema for identity spec.

MaxPages is the maximum number of pagination links that will be followed.

MissingNamespaceError is a _very_ common error this file generatets.

StateSpecV2Schema is a schema for local server state.

TokenLenBytes is len in bytes of the invite token.

GithubScopes is a list of scopes requested during OAuth2 flow.

APIServer implements http API server for AuthServer interface.

AuthzContext is authorization context.

AuthenticateSSHRequest is a request to authenticate SSH client user via CLI.

AuthenticateUserRequest is a request to authenticate interactive user.

AuthMiddleware is authentication middleware checking every request.

AuthServer keeps the cluster together.

BuiltinRole is the role of the Teleport service.

BuiltinRoleSet wraps a services.RoleSet.

Client is HTTP Auth API client.

FakeSSHConnection implements net.Conn interface on top of the ssh.Cnahhel object.

GenerateServerKeysRequest is a request to generate server keys.

GenerateTokenRequest is a request to generate auth token.

GithubAuthResponse represents Github auth callback validation response.

Identity is collection of certificates and signers that represent server identity.

IdentityID is a combination of role, host UUID, and node name.

IdentitySpecV2 specifies credentials used by local process.

IdentityV2 specifies local host identity.

InitConfig is auth server init config.

KubeCSR is a kubernetes CSR request.

KubeCSRResponse is a response to kubernetes CSR request.

LocalCAResponse contains PEM-encoded local CAs.

LocalUsername is a local username.

LocalUserRoleSet wraps a services.RoleSet.

OIDCAuthResponse is returned when auth server validated callback parameters returned from OIDC provider.

OTPCreds is a two factor authencication credentials.

PackedKeys is a collection of private key, SSH host certificate and TLS certificate and certificate authority issued the certificate.

PassCreds is a password credential.

ProcessStorage is a backend for local process state, it helps to manage rotation for certificate authorities and keeps local process credentials - x509 and SSH certs and keys.

RegisterParams specifies parameters for first time register operation with auth server.

RegisterUsingTokenRequest is a request to register with auth server using authentication token.

RemoteBuiltinRole is the role of the remote (service connecting via trusted cluster link) Teleport service.

BuiltinRoleSet wraps a services.RoleSet.

RemoteUser defines encoded remote user.

RemoteUserRoleSet wraps a services.RoleSet.

ReRegisterParams specifies parameters for re-registering in the cluster (rotating certificates for existing members).

RotateRequest is a request to start rotation of the certificate authority.

SAMLAuthResponse is returned when auth server validated callback parameters returned from SAML identity provider.

SessionCreds is a web session credentials.

SSHLoginResponse is a response returned by web proxy, it preserves backwards compatibility on the wire, which is the primary reason for non-matching json tags.

StateSpecV2 is a state spec.

StateV2 is a local process state.

TestAuthServer is auth server using local filesystem backend and test certificate authority key generation that speeds up keygen by using the same private key.

TestAuthServerConfig is auth server test config.

TestIdentity is test identity spec used to generate identities in tests.

TestTLSServer is a test TLS server.

TestTLSServerConfig is a configuration for test TLS server.

TLSServer is TLS auth server.

TLSServerConfig is a configuration for TLS server.

TrustedCerts contains host certificates, it preserves backwards compatibility on the wire, which is the primary reason for non-matching json tags.

U2FSignResponseCreds is a U2F signature sent by U2F device.

AccessPoint is an API interface implemented by a certificate authority (CA).

Authorizer authorizes identity and returns auth context.

ClientI is a client to Auth service.

IdentityGetter returns client identity.

IdentityService manages identities and users.

Plugin is auth API server extension setter.

ProvisioningService is a service in control of adding new nodes, auth servers and proxies to the cluster.

WebService implements features used by Web UI clients.

AuthServerOption allows setting options as functional arguments to AuthServer.

DialContext is a function that dials to the specified address.

GetClusterConfigFunc returns a cached services.ClusterConfig.

HandlerWithAuthFunc is http handler with passed auth context.