Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd.

ApplyTraits applies the passed in traits to any variables within the role and returns itself.

CertAuthoritiesToV1 converts list of cert authorities to V1 slice.

ConvertV1CertAuthority converts V1 cert authority for new CA and Role.

CopyRulesSlice copies input slice of Rules and returns the copy.

DefaultStaticTokens is used to get the default static tokens (empty list) when nothing is specified in file configuration.

FetchRoles fetches roles by their names, applies the traits to role variables, and returns the RoleSet.

FromSpec returns new RoleSet created from spec.

GetActionsParserFn returns global function that creates where parsers this function is used in external tools to override and extend actions in rules.

GetAttributeNames returns a list of claim names from the claim values.

GetAuthPreferenceSchema returns the schema with optionally injected schema for extensions.

GetCertAuthorityMarshaler returns currently set user marshaler.

GetCertAuthoritySchema returns JSON Schema for cert authorities.

GetClaimNames returns a list of claim names from the claim values.

GetClusterNameMarshaler gets the marshaler.

GetClusterNameSchema returns the schema with optionally injected schema for extensions.

GetNamespaceSchema returns namespace schema.

GetOIDCConnectorMarshaler returns currently set user marshaler.

GetOIDCConnectorSchema returns schema for OIDCConnector.

GetReverseTunnelSchema returns role schema with optionally injected schema for extensions.

GetRoleSchema returns role schema for the version requested with optionally injected schema for extensions.

GetSAMLConnectorMarshaler returns currently set user marshaler.

GetSAMLConnectorSchema returns schema for SAMLConnector.

GetServerSchema returns role schema with optionally injected schema for extensions.

GetStaticTokensMarshaler gets the marshaler.

GetStaticTokensSchema returns the schema with optionally injected schema for extensions.

GetTrustedClusterSchema returns the schema with optionally injected schema for extensions.

GetUserMarshaler returns currently set user marshaler.

GetRoleSchema returns role schema with optionally injected schema for extensions.

GetWebSessionMarshaler returns currently set user marshaler.

GetWebSessionSchema returns JSON Schema for web session.

GetWebSessionSchemaWithExtensions returns JSON Schema for web session with user-supplied extensions.

GetWhereParserFn returns global function that creates where parsers this function is used in external tools to override and extend 'where' in rules.

LabelsToV2 converts labels from interface to V2 spec.

LastFailed calculates last x successive attempts are failed.

MakeRuleSet converts slice of rules to the set of rules.

MarshalCertRoles marshal roles list to OpenSSH.

MatchLabels matches selector against target.

MatchLogin returns true if attempted login matches any of the logins.

MatchNamespace returns true if given list of namespace matches target namespace, wildcard matches everything.

MaxDuration returns maximum duration that is possible.

NewActionsParser returns standard parser for 'actions' section in access rules.

NewAdminRole is the default admin role for all local users if another role is not explicitly assigned (Enterprise only).

NewAuthPreference is a convenience method to to create AuthPreferenceV2.

NewCertAuthority returns new cert authority.

NewClusterName is a convenience wrapper to create a ClusterName resource.

NewDuration returns Duration struct based on time.Duration.

NewImplicitRole is the default implicit role that gets added to all RoleSets.

NewLogActionFn creates logger functions.

NewNamespace returns new namespace.

NewOIDCConnector returns a new OIDCConnector based off a name and OIDCConnectorSpecV2.

NewReverseTunnel returns new version of reverse tunnel.

NewRole constructs new standard role.

NewRoleSet returns new RoleSet based on the roles.

NewRule creates a rule based on a resource name and a list of verbs.

NewSAMLConnector returns a new SAMLConnector based off a name and SAMLConnectorSpecV2.

NewStaticTokens is a convenience wrapper to create a StaticTokens resource.

NewTrustedCluster is a convenience wa to create a TrustedCluster resource.

NewUser creates new empty user.

NewWebSession returns new instance of the web session based on the V2 spec.

NewWhereParser returns standard parser for `where` section in access rules.

ParseRef parses resource reference eg daemonsets/ds1.

ParseShortcut parses resource shortcut.

ProcessNamespace sets default namespace in case if namespace is empty.

ReadNoSecrets is a shortcut that returns read only verbs that do not provide access to secrets.

RO is a shortcut that returns read only verbs that provide access to secrets.

RoleForCertauthority creates role using services.CertAuthority.

RoleForUser creates an admin role for a services.User.

RoleNameForCertAuthority returns role name associated with a certificate authority.

RoleNameForUser returns role name associated with a user.

RuleSlicesEqual returns true if two rule slices are equal.

RW is a shortcut that returns all verbs.

ServersToV1 converts list of servers to slice of V1 style ones.

SetActionsParserFn sets global function that creates actions parsers this function is used in external tools to override and extend actions in rules.

SetCertAuthorityMarshaler sets global user marshaler.

SetClusterNameMarshaler sets the marshaler.

SetOIDCConnectorMarshaler sets global user marshaler.

SetSAMLConnectorMarshaler sets global user marshaler.

SetStaticTokensMarshaler sets the marshaler.

SetUserMarshaler sets global user marshaler.

SetWebSessionMarshaler sets global user marshaler.

SetWhereParserFn sets global function that creates where parsers this function is used in external tools to override and extend 'where' in rules.

UnmarshalCertRoles marshals roles list to OpenSSH.

UnmarshalNamespace unmarshals role from JSON or YAML, sets defaults and checks the schema.

UnmarshalReverseTunnel unmarshals reverse tunnel from JSON or YAML, sets defaults and checks the schema.

UnmarshalRole unmarshals role from JSON, sets defaults, and checks schema.

UnmarshalServerResource unmarshals role from JSON or YAML, sets defaults and checks the schema.

VerifyPassword makes sure password satisfies our requirements (relaxed), mostly to avoid putting garbage in.

WithVersion sets marshal version.

ActionRead grants read access (get, list).

ActionWrite allows to write (create, update, delete).

Allow is the set of conditions that allow access.

CertAuthoritySpecV2Schema is JSON schema for cert authority V2.

CertRolesSchema defines cert roles schema.

ClusterNameSpecSchemaTemplate is a template for ClusterName schema.

DefaultAPIGroup is a default group of permissions API, lets us to add different permission types.

DefaultDefinitions the default list of JSON schema definitions which is none.

Deny is the set of conditions that prevent access.

ForwardAgent is SSH agent forwarding.

HostCA identifies the key as a host certificate authority.

KindAuthConnector allows access to OIDC and SAML connectors.

KindAuthServer is auth server resource.

KindCertAuthority is a certificate authority resource.

KindAuthPreference is the type of authentication for this cluster.

KindClusterName is a type of configuration resource that contains the cluster name.

KindEvent is structured audit logging event.

KindHostCert is a host certificate.

KindKeyPair is a public/private key pair.

KindNamespace is a namespace.

KindNode is node resource.

KindOIDC is OIDC connector resource.

KindOIDCConnector is a OIDC connector resource.

KindOIDCRequest is oidc auth request resource.

KindProxy is proxy resource.

KindReverseTunnel is a reverse tunnel connection.

KindRole is a role resource.

KindSAML is SAML connector resource.

KindSAMLConnector is a SAML connector resource.

KindOIDCReques is saml auth request resource.

KindSession is a recorded SSH session.

KindSSHSession is an active SSH session.

KindStaticTokens is a type of configuration resource that contains static tokens.

KindToken is a provisioning token resource.

KindTrustedCluster is a resource that contains trusted cluster configuration.

KindUser is a user resource.

KindWebSession is a web session resource.

MaxSessionTTL defines how long a SSH session can last for.

MetadataSchema is a schema for resource metadata.

KindAuthPreference is the type of authentication for this cluster.

MetaNameClusterName is the name of a configuration resource for cluster name.

MetaNameStaticTokens is the name of a configuration resource for static tokens.

OIDCConnectorV2SchemaTemplate is a template JSON Schema for user.

ResourceIdentifier represents resource registered identifer in the rules.

ReverseTunnelSpecV2Schema is JSON schema for reverse tunnel spec.

RoleMapSchema is a schema for role mappings of trusted clusters.

SAMLConnectorV2SchemaTemplate is a template JSON Schema for user.

ServerSpecV2Schema is JSON schema for server.

StaticTokensSpecSchemaTemplate is a template for StaticTokens schema.

TrustedClusterSpecSchemaTemplate is a template for trusted cluster schema.

UserCA identifies the key as a user certificate authority.

UserIdentifier represents user registered identifier in the rules.

UserSpecV2SchemaTemplate is JSON schema for V2 user.

V1 is the first version of resources.

V2 is the second version of resources.

V2SchemaTemplate is a template JSON Schema for V2 style objects.

V3 is the third version of resources.

VerbCreate is used to create an object.

VerbDelete is used to remove an object.

VerbList is used to list all objects.

VerbRead is used to read a single object.

VerbReadNoSecrets is used to read a single object without secrets.

VerbUpdate is used to update an object.

WebSessionSpecV2Schema is JSON schema for cert authority V2.

Wildcard is a special wildcard character matching everything.

AdminUserRules provides access to the default set of rules assigned to all users.

AttribueMappingSchema is JSON schema for claim mapping.

ClaimMappingSchema is JSON schema for claim mapping.

DefaultCertAuthorityRules provides access the minimal set of resources needed for a certificate authority to function.

DefaultImplicitRules provides access to the default set of implicit rules assigned to all roles.

OIDCConnectorSpecV2Schema is a JSON Schema for OIDC Connector.

SAMLConnectorSpecV2Schema is a JSON Schema for SAML Connector.

SigningKeyPairSchema.

AttributeMapping is SAML Attribute statement mapping from SAML attribute statements to roles.

AuthPreferenceSpecV2 is the actual data we care about for AuthPreferenceV2.

AuthPreferenceV2 implements AuthPreference.

CertAuthID - id of certificate authority (it's type and domain name).

CertAuthoritySpecV2 is a host or user certificate authority that can check and if it has private key stored as well, sign it too.

CertAuthorityV1 is a host or user certificate authority that can check and if it has private key stored as well, sign it too.

CertAuthorityV2 is version 1 resource spec for Cert Authority.

CertRoles defines certificate roles.

ClaimMapping is OIDC claim mapping that maps claim name to teleport roles.

ClusterNameSpecV2 is the actual data we care about for ClusterName.

ClusterNameV2 implements the ClusterName interface.

CommandLabelV1 is a label that has a value as a result of the output generated by running command, e.g.

CommandLabelV2 is a label that has a value as a result of the output generated by running command, e.g.

ConnectorRef holds information about OIDC connector.

Context is a default rule context used in teleport.

CreatedBy holds information about the person or agent who created the user.

Duration is a wrapper around duration to set up custom marshal/unmarshal.

EmptyResource is used to represent a use case when no resource is specified in the rules matcher.

OIDCIdentity is OpenID Connect identity that is linked to particular user and connector and lets user to log in using external credentials, e.g.

HostCertParams defines all parameters needed to generate a host certificate.

LogAction represents action that will emit log entry when specified in the actions of a matched rule.

LoginAttempt represents successfull or unsuccessful attempt for user to login.

LoginStatus is a login status of the user.

MarshalConfig specify marshalling options.

Metadata is resource metadata.

Namespace represents namespace resource specification.

NamespaceSpec is namespace spec.

OIDCAuthRequest is a request to authenticate with OIDC provider, the state about request is managed by auth server.

OIDCConnectorSpecV2 specifies configuration for Open ID Connect compatible external identity provider, e.g.

OIDCConnectorV1 specifies configuration for Open ID Connect compatible external identity provider, e.g.

OIDCConnectorV2 is version 1 resource spec for OIDC connector.

ProvisionToken stores metadata about some provisioning token.

Ref is a resource refernece.

ResorceHeader is a shared resource header.

ReverseTunnelSpecV2 is a specification for V2 reverse tunnel.

ReverseTunnelV1 is V1 version of reverse tunnel.

ReverseTunnelV2 is version 1 resource spec of the reverse tunnel.

RoleConditions is a set of conditions that must all match to be allowed or denied access.

RoleMappping provides mapping of remote roles to local roles for trusted clusters.

RoleSpecV2 is role specification for RoleV2.

RoleSpecV3 is role specification for RoleV3.

RoleV2 represents role resource specification.

RoleV3 represents role resource specification.

Rule represents allow or deny rule that is executed to check if user or service have access to resource.

SAMLAuthRequest is a request to authenticate with OIDC provider, the state about request is managed by auth server.

SAMLConnectorSpecV2 specifies configuration for Open ID Connect compatible external identity provider, e.g.

SAMLConnectorV2 is version 1 resource spec for SAML connector.

ServerSpecV2 is a specification for V2 Server.

ServerV1 represents V1 spec of the server.

ServerV2 is version1 resource spec of the server.

SigningKeyPair is a key pair used to sign SAML AuthnRequest.

SignupToken stores metadata about user signup token is stored and generated when tctl add user is executed.

Site represents a cluster of teleport nodes who collectively trust the same certificate authority (CA) and have a common name.

StaticTokensSpecV2 is the actual data we care about for StaticTokensSpecV2.

StaticTokensV2 implements the StaticTokens interface.

TeleportClusterNameMarshaler is used to marshal and unmarshal ClusterName.

TeleportStaticTokensMarshaler is used to marshal and unmarshal StaticTokens.

TrustedClusterSpecV2 is the actual data we care about for TrustedClusterSpecV2.

TrustedClusterV2 implements TrustedCluster.

U2F defines settings for U2F device.

UnknownResource is used to detect resources.

UserCertParams defines OpenSSH user certificate parameters.

UserRef holds refernce to user.

UserSpecV2 is a specification for V2 user.

UserV1 is V1 version of the user.

UserV2 is version1 resource spec of the user.

WebSessionSpecV2 is a spec for V2 session.

WebSession stores key and value used to authenticate with SSH nodes on behalf of user.

WebSessionV2 is version 2 spec for session.

Access service manages roles and permissions.

AccessChecker interface implements access checks for given role.

AuthPreference defines the authentication preferences for a specific cluster.

AuthPreferenceMarshaler implements marshal/unmarshal of AuthPreference implementations mostly adds support for extended versions.

CertAuthority is a host or user certificate authority that can check and if it has private key stored as well, sign it too.

CertAuthorityMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

ClusterConfiguration stores the cluster configuration in the backend.

ClusterName defines the name of the cluster.

ClusterNameMarshaler implements marshal/unmarshal of ClusterName implementations mostly adds support for extended versions.

CommandLabelV2 is a label that has a value as a result of the output generated by running command, e.g.

Identity is responsible for managing user entries.

OIDCConnector specifies configuration for Open ID Connect compatible external identity provider, e.g.

OIDCConnectorMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

Presence records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes.

Provisioner governs adding new nodes to the cluster.

Resource represents common properties for resources.

ReverseTunnel is SSH reverse tunnel established between a local Proxy and a remote Proxy.

ReverseTunnelMarshaler implements marshal/unmarshal of reverse tunnel implementations.

Role contains a set of permissions or settings.

RoleGetter is an interface that defines GetRole method.

RoleMarshaler implements marshal/unmarshal of Role implementations mostly adds support for extended versions.

RuleContext specifies context passed to the rule processing matcher, and contains information about current session, e.g.

SAMLConnector specifies configuration for SAML 2.0 dentity providers.

SAMLConnectorMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

Server represents a Node, Proxy or Auth server in a Teleport cluster.

ServerMarshaler implements marshal/unmarshal of Role implementations mostly adds support for extended versions.

StaticTokens define a list of static []ProvisionToken used to provision a node.

StaticTokensMarshaler implements marshal/unmarshal of StaticTokens implementations mostly adds support for extended versions.

Trust is responsible for managing certificate authorities Each authority is managing some domain, e.g.

TrustedCluster holds information needed for a cluster that can not be directly accessed (maybe be behind firewall without any open ports) to join a parent cluster.

TrustedClusterMarshaler implements marshal/unmarshal of TrustedCluster implementations mostly adds support for extended versions.

User represents teleport embedded user or external user.

UserMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

WebSession stores key and value used to authenticate with SSH notes on behalf of user.

WebSessionMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

CertAuthType specifies certificate authority type, user or host.

CommandLabels is a set of command labels.

MarshalOption sets marshalling option.

NewParserFn returns function that creates parser of 'where' section in access rules.

RoleConditionType specifies if it's an allow rule (true) or deny rule (false).

RoleMap is a list of mappings.

RoleOptions are key/value pairs that always exist for a role.

RoleSet is a set of roles that implements access control functionality.

RuleSet maps resource to a set of rules defined for it.

SortedLoginAttempts sorts login attempts by time.

SortedNamespaces sorts namespaces.

SortedReverseTunnels sorts reverse tunnels by cluster name.

SortedRoles sorts roles by name.

SortedServers is a sort wrapper that sorts servers by name.

SortedTrustedCluster sorts clusters by name.

Users represents a slice of users, makes it sort compatible (sorts by username).