Copyright 2015 Gravitational, Inc.

Copyright 2015 Gravitational, Inc.

GetCheckerForBuiltinRole returns checkers for embedded builtin role.

HaveHostKeys checks either the host keys are in place.

Init instantiates and configures an instance of AuthServer.

LocalRegister is used to generate host keys when a node or proxy is running within the same process as the auth server.

NewAPIServer returns a new instance of APIServer HTTP handler.

NewAuthorizer returns new authorizer using backends.

NewAuthServer creates and configures a new AuthServer instance.

NewAuthWithRoles creates new auth server with access control.

NewAuthClient returns a new instance of the client which talks to an Auth server API (aka "site API") via HTTP-over-SSH.

NewRoleAuthorizer authorizes everyone as predefined role.

NewTracer returns request tracer based on the logging level.

NewTunClient returns an instance of new HTTP client to Auth server API exposed over SSH tunnel, so client uses SSH credentials to dial and authenticate - purpose is mostly for debuggin, like "web client" or "reverse tunnel client" - authServers: list of auth servers in this cluster (they are supposed to be in sync) - authMethods: how to authenticate (via cert, web passwowrd, etc) - opts : functional arguments for further extending.

NewTunnel creates a new SSH tunnel server which is not started yet.

NewUserAuthorizer authorizes everyone as predefined local user.

NewWebPasswordU2FSignAuth is for getting a U2F sign challenge.

NewWebU2FSignResponseAuth is for signing in with a U2F sign response.

ReadIdentity reads, parses and returns the given pub/pri key + cert from the key storage (dataDir).

ReadIdentityFromKeyPair reads identity from initialized keypair.

Register is used to generate host keys when a node or proxy are running on different hosts than the auth server.

SetLimiter sets rate and connection limiter for auth tunnel server.

TunClientStorage allows tun client to set local presence service that it will use to sync up the latest information about auth servers.

TunDisableRefresh will disable refreshing the list of auth servers.

WriteIdentity writes identity keypair to disk.

BearerTokenTTL specifies standard bearer token to exist before it has to be renewed by the client.

CurrentVersion is a current API version.

DialerPeriodBetweenAttempts is the period between retry attempts.

DialerRetryAttempts is the amount of attempts for dialer to try and connect to the remote destination.

MissingNamespaceError is a _very_ common error this file generatets.

TokenLenBytes is len in bytes of the invite token.

APIServer implements http API server for AuthServer interface.

AuthzContext is authorization context.

AuthServer keeps the cluster together.

AuthTunnel listens on TCP/IP socket and accepts SSH connections.

Client is HTTP Auth API client.

FakeSSHConnection implements net.Conn interface on top of the ssh.Cnahhel object.

Identity is a collection of certificates and signers that represent identity.

IdentityID is a combination of role, host UUID, and node name.

InitConfig is auth server init config.

OIDCAuthResponse is returned when auth server validated callback parameters returned from OIDC provider.

SAMLAuthResponse is returned when auth server validated callback parameters returned from SAML identity provider.

TunClient is HTTP client that works over SSH tunnel This is done in order to authenticate various teleport roles using existing SSH certificate infrastructure.

AccessPoint is an API interface implemented by a certificate authority (CA).

Authority implements minimal key-management facility for generating OpenSSH compatible public/private key pairs and OpenSSH certificates.

Authorizer authorizes identity and returns auth context.

ClientI is a client to Auth service.

IdentityService manages identities and users.

ProvisioningService is a service in control of adding new nodes, auth servers and proxies to the cluster.

WebService implements features used by Web UI clients.

AccessPointDialer dials to auth access point remote HTTP api.

AuthServerOption allows setting options as functional arguments to AuthServer.

HandlerWithAuthFunc is http handler with passed auth context.

ServerOption is the functional argument passed to the server.

TunClientOption is functional option for tunnel client.