Copyright 2015 Gravitational, Inc.

Copyright 2015 Gravitational, Inc.

Copyright 2015 Gravitational, Inc.

HaveHostKeys checks either the host keys are in place.

Init instantiates and configures an instance of AuthServer.

LocalRegister is used in standalone mode to register roles without connecting to remote clients and provisioning tokens.

NewAPIServer returns a new instance of APIServer HTTP handler.

NewAuthServer creates and configures a new AuthServer instance.

test helper.

NewAuthClient returns a new instance of the client which talks to an Auth server API (aka "site API") via HTTP-over-SSH.

NewStandardPermissions returns permission checker with hardcoded roles that are built in when auth server starts in standard mode.

NewTunClient returns an instance of new HTTP client to Auth server API exposed over SSH tunnel, so client uses SSH credentials to dial and authenticate - purpose is mostly for debuggin, like "web client" or "reverse tunnel client" - authServers: list of auth servers in this cluster (they are supposed to be in sync) - authMethods: how to authenticate (via cert, web passwowrd, etc) - opts : functional arguments for further extending.

NewTunnel creates a new SSH tunnel server which is not started yet.

ReadIdentity reads, parses and returns the given pub/pri key + cert from the key storage (dataDir).

ReadIdentityFromKeyPair reads identity from initialized keypair.

Register is used by auth service clients (other services, like proxy or SSH) when a new node joins the cluster.

SetLimiter sets rate and connection limiter for auth tunnel server.

TunClientStorage allows tun client to set local presence service that it will use to sync up the latest information about auth servers.

WriteIdentity writes identity keypair to disk.

CurrentVersion is a current API version.

DialerPeriodBetweenAttempts is the period between retry attempts.

DialerRetryAttempts is the amount of attempts for dialer to try and connect to the remote destination.

TokenLenBytes is len in bytes of the invite token.

WebSessionTTL specifies standard web session time to live.

APIServer implements http API server for AuthServer interface.

AuthServer keeps the cluster together.

AuthTunnel listens on TCP/IP socket and accepts SSH connections.

Client is HTTP Auth API client.

FakeSSHConnection implements net.Conn interface on top of the ssh.Cnahhel object.

Identity is a collection of certificates and signers that represent identity.

IdentityID is a combination of role and host UUID.

InitConfig is auth server init config.

OIDCAuthResponse is returned when auth server validated callback parameters returned from OIDC provider.

Session is a web session context, stores temporary key-value pair and session id.

TunClient is HTTP client that works over SSH tunnel This is done in order to authenticate various teleport roles using existing SSH certificate infrastructure.

AccessPoint is a interface needed by nodes to control the access to the node, and provide heartbeats.

Authority implements minimal key-management facility for generating OpenSSHcompatible public/private key pairs and OpenSSH certificates.

TOODO(klizhentas) this should be just including appropriate service implementations.

PermissionChecker interface verifies that clients have permissions to execute any action of the auth server.

AccessPointDialer dials to auth access point remote HTTP api.

AuthServerOption allows setting options as functional arguments to AuthServer.

ServerOption is the functional argument passed to the server.

TunClientOption is functional option for tunnel client.