Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd.

ApplyTraits applies the passed in traits to any variables within the role and returns itself.

AuditConfigFromObject returns audit config from interface object.

BoolOption converts bool pointer to Bool value returns equivalent of false if not set.

CertAuthoritiesToV1 converts list of cert authorities to V1 slice.

CertPool returns certificate pools from TLS certificates set up in the certificate authority.

CertPoolFromCertAuthorities returns certificate pools from TLS certificates set up in the certificate authorities list.

ConvertV1CertAuthority converts V1 cert authority for new CA and Role.

CopyRulesSlice copies input slice of Rules and returns the copy.

DefaultClusterConfig is used as the default cluster configuration when one is not specified (record at node).

DefaultStaticTokens is used to get the default static tokens (empty list) when nothing is specified in file configuration.

ExtractFromCertificate will extract roles and traits from a *ssh.Certificate or from the backend if they do not exist in the certificate.

ExtractFromIdentity will extract roles and traits from the *x509.Certificate which Teleport passes along as a *tlsca.Identity.

FetchRoles fetches roles by their names, applies the traits to role variables, and returns the RoleSet.

FromSpec returns new RoleSet created from spec.

GenerateSchedule generates schedule based on the time period, using even time periods between rotation phases.

GetActionsParserFn returns global function that creates where parsers this function is used in external tools to override and extend actions in rules.

GetAttributeNames returns a list of claim names from the claim values.

GetAuthPreferenceSchema returns the schema with optionally injected schema for extensions.

GetCertAuthorityMarshaler returns currently set user marshaler.

GetCertAuthoritySchema returns JSON Schema for cert authorities.

GetClaimNames returns a list of claim names from the claim values.

GetClusterConfigMarshaler gets the marshaler.

GetClusterConfigSchema returns the schema with optionally injected schema for extensions.

GetClusterNameMarshaler gets the marshaler.

GetClusterNameSchema returns the schema with optionally injected schema for extensions.

GetGithubConnectorMarshaler returns currently set Github connector marshaler.

GetGithubConnectorSchema returns schema for Github connector.

GetNamespaceSchema returns namespace schema.

GetOIDCConnectorMarshaler returns currently set user marshaler.

GetOIDCConnectorSchema returns schema for OIDCConnector.

GetRemoteClusterSchema returns the schema for remote cluster.

GetReverseTunnelSchema returns role schema with optionally injected schema for extensions.

GetRoleSchema returns role schema for the version requested with optionally injected schema for extensions.

GetSAMLConnectorMarshaler returns currently set user marshaler.

GetSAMLConnectorSchema returns schema for SAMLConnector.

GetServerSchema returns role schema with optionally injected schema for extensions.

GetStaticTokensMarshaler gets the marshaler.

GetStaticTokensSchema returns the schema with optionally injected schema for extensions.

GetTrustedClusterSchema returns the schema with optionally injected schema for extensions.

GetTunnelConnectionSchema returns role schema with optionally injected schema for extensions.

GetUserMarshaler returns currently set user marshaler.

GetRoleSchema returns role schema with optionally injected schema for extensions.

GetWebSessionMarshaler returns currently set user marshaler.

GetWebSessionSchema returns JSON Schema for web session.

GetWebSessionSchemaWithExtensions returns JSON Schema for web session with user-supplied extensions.

GetWhereParserFn returns global function that creates where parsers this function is used in external tools to override and extend 'where' in rules.

LabelsToV2 converts labels from interface to V2 spec.

LastFailed calculates last x successive attempts are failed.

LatestTunnelConnection returns latest tunnel connection from the list of tunnel connections, if no connections found, returns NotFound error.

MakeRuleSet converts slice of rules to the set of rules.

MarshalCertRoles marshal roles list to OpenSSH.

MarshalLicense marshals role to JSON or YAML.

MarshalNamespace marshals namespace to JSON.

MarshalRemoteCluster marshals remote cluster to JSON.

MarshalTunnelConnection marshals tunnel connection.

MatchLabels matches selector against target.

MatchLogin returns true if attempted login matches any of the logins.

MatchNamespace returns true if given list of namespace matches target namespace, wildcard matches everything.

MaxDuration returns maximum duration that is possible.

MustCreateTunnelConnection returns new connection from V2 spec or panics if parameters are incorrect.

NewActionsParser returns standard parser for 'actions' section in access rules.

NewAdminRole is the default admin role for all local users if another role is not explicitly assigned (Enterprise only).

NewAuthPreference is a convenience method to to create AuthPreferenceV2.

NewBool returns Bool struct based on bool value.

NewBoolOption returns Bool struct based on bool value.

NewCertAuthority returns new cert authority.

NewClusterConfig is a convenience wrapper to create a ClusterConfig resource.

NewClusterName is a convenience wrapper to create a ClusterName resource.

NewDuration returns Duration struct based on time.Duration.

NewGithubConnector creates a new Github connector from name and spec.

NewImplicitRole is the default implicit role that gets added to all RoleSets.

NewLicense is a convenience method to to create LicenseV3.

NewLogActionFn creates logger functions.

NewNamespace returns new namespace.

NewOIDCConnector returns a new OIDCConnector based off a name and OIDCConnectorSpecV2.

NewRemoteCluster is a convenience wa to create a RemoteCluster resource.

NewReverseTunnel returns new version of reverse tunnel.

NewRole constructs new standard role.

NewRoleSet returns new RoleSet based on the roles.

NewRule creates a rule based on a resource name and a list of verbs.

NewSAMLConnector returns a new SAMLConnector based off a name and SAMLConnectorSpecV2.

NewStaticTokens is a convenience wrapper to create a StaticTokens resource.

NewTrustedCluster is a convenience wa to create a TrustedCluster resource.

NewTunnelConnection returns new connection from V2 spec.

NewUser creates new empty user.

NewWebSession returns new instance of the web session based on the V2 spec.

NewWhereParser returns standard parser for `where` section in access rules.

ParseRef parses resource reference eg daemonsets/ds1.

ParseShortcut parses resource shortcut.

ProcessNamespace sets default namespace in case if namespace is empty.

ReadNoSecrets is a shortcut that returns read only verbs that do not provide access to secrets.

RO is a shortcut that returns read only verbs that provide access to secrets.

RoleForCertauthority creates role using services.CertAuthority.

RoleForUser creates an admin role for a services.User.

RoleNameForCertAuthority returns role name associated with a certificate authority.

RoleNameForUser returns role name associated with a user.

RuleSlicesEqual returns true if two rule slices are equal.

RW is a shortcut that returns all verbs.

ServersToV1 converts list of servers to slice of V1 style ones.

SetActionsParserFn sets global function that creates actions parsers this function is used in external tools to override and extend actions in rules.

SetCertAuthorityMarshaler sets global user marshaler.

SetClusterConfigMarshaler sets the marshaler.

SetClusterNameMarshaler sets the marshaler.

SetGithubConnectorMarshaler sets Github connector marshaler.

SetOIDCConnectorMarshaler sets global user marshaler.

SetSAMLConnectorMarshaler sets global user marshaler.

SetStaticTokensMarshaler sets the marshaler.

SetUserMarshaler sets global user marshaler.

SetWebSessionMarshaler sets global user marshaler.

SetWhereParserFn sets global function that creates where parsers this function is used in external tools to override and extend 'where' in rules.

SkipValidation is used to disable schema validation.

TLSCerts returns TLS certificates from CA.

IsTunnelConnectionStatus returns tunnel connection status based on the last heartbeat time recorded for a connection.

UnmarshalCertRoles marshals roles list to OpenSSH.

UnmarshalLicense unmarshals License from JSON or YAML and validates schema.

UnmarshalNamespace unmarshals role from JSON or YAML, sets defaults and checks the schema.

UnmarshalRemoteCluster unmarshals remote cluster from JSON or YAML.

UnmarshalReverseTunnel unmarshals reverse tunnel from JSON or YAML, sets defaults and checks the schema.

UnmarshalRole unmarshals role from JSON, sets defaults, and checks schema.

UnmarshalServerResource unmarshals role from JSON or YAML, sets defaults and checks the schema.

UnmarshalTunnelConnection unmarshals reverse tunnel from JSON or YAML, sets defaults and checks the schema.

VerifyPassword makes sure password satisfies our requirements (relaxed), mostly to avoid putting garbage in.

WithVersion sets marshal version.

ActionRead grants read access (get, list).

ActionWrite allows to write (create, update, delete).

Allow is the set of conditions that allow access.

CertAuthoritySpecV2Schema is JSON schema for cert authority V2.

CertRolesSchema defines cert roles schema.

ClusterConfigSpecSchemaTemplate is a template for ClusterConfig schema.

ClusterNameSpecSchemaTemplate is a template for ClusterName schema.

DefaultAPIGroup is a default group of permissions API, lets us to add different permission types.

DefaultDefinitions the default list of JSON schema definitions which is none.

Deny is the set of conditions that prevent access.

GithubConnectorV3SchemaTemplate is the JSON schema for a Github connector.

HostCA identifies the key as a host certificate authority.

HostKeyCheckNo is used to disable host key checking.

HostKeyCheckYes is the default.

KindAuthConnector allows access to OIDC and SAML connectors.

KindAuthServer is auth server resource.

KindCertAuthority is a certificate authority resource.

KindAuthPreference is the type of authentication for this cluster.

KindClusterConfig is the resource that holds cluster level configuration.

KindClusterName is a type of configuration resource that contains the cluster name.

KindConnectors is a shortcut for all authentication connector types.

KindEvent is structured audit logging event.

KindGithub is Github connector resource.

KindGithubConnector is Github OAuth2 connector resource.

KindGithubRequest is Github auth request resource.

KindHostCert is a host certificate.

KindIdenity is local on disk identity resource.

KindKeyPair is a public/private key pair.

KindLicense is a license resource.

KindNamespace is a namespace.

KindNode is node resource.

KindOIDC is OIDC connector resource.

KindOIDCConnector is a OIDC connector resource.

KindOIDCRequest is OIDC auth request resource.

KindProxy is proxy resource.

KindRemoteCluster represents remote cluster connected via reverse tunnel to proxy.

KindReverseTunnel is a reverse tunnel connection.

KindRole is a role resource.

KindSAML is SAML connector resource.

KindSAMLConnector is a SAML connector resource.

KindSAMLRequest is SAML auth request resource.

KindSession is a recorded SSH session.

KindSSHSession is an active SSH session.

KindState is local on disk process state.

KindStaticTokens is a type of configuration resource that contains static tokens.

KindToken is a provisioning token resource.

KindTrustedCluster is a resource that contains trusted cluster configuration.

KindTunnelConection specifies connection of a reverse tunnel to proxy.

KindUser is a user resource.

KindWebSession is a web session resource.

LicenseSpecV3Template is a template for V3 License JSON schema.

MetadataSchema is a schema for resource metadata.

KindAuthPreference is the type of authentication for this cluster.

MetaNameClusterConfig is the exact name of the cluster config singleton resource.

MetaNameClusterName is the name of a configuration resource for cluster name.

MetaNameStaticTokens is the name of a configuration resource for static tokens.

OIDCConnectorV2SchemaTemplate is a template JSON Schema for user.

RecordAtNode is the default.

RecordAtProxy enables the recording proxy which intercepts and records all sessions.

RecordOff is used to disable session recording completely.

RemoteClusterSchemaTemplate is a template JSON Schema for V3 style objects.

RemoteClusterV3StatusSchema is a template for remote.

ResourceIdentifier represents resource registered identifer in the rules.

ReverseTunnelSpecV2Schema is JSON schema for reverse tunnel spec.

RoleMapSchema is a schema for role mappings of trusted clusters.

RotationModeAuto is set to go through all phases by the schedule.

RotationModeManual is a manual rotation mode when all phases are set by the operator.

RotationPhaseInit = is a phase of the rotation when new certificate authoirty is issued, but not used It is necessary for remote trusted clusters to fetch the new certificate authority, otherwise the new clients will reject it.

RotationPhaseRollback means that rotation is rolling back to the old certificate authority.

RotationPhaseStandby is the initial phase of the rotation it means no operations have started.

RotationPhaseUpdateClients is a phase of the rotation when client credentials will have to be updated and reloaded but servers will use and respond with old credentials because clients have no idea about new credentials at first.

RotationPhaseUpdateServers is a phase of the rotation when servers will have to reload and should start serving TLS and SSH certificates signed by new CA.

RotationSchema is a JSON validation schema of the CA rotation state object.

RotationStateInProgress - that rotation is in progress.

RotationStateStandby is initial status of the rotation - nothing is being rotated.

SAMLConnectorV2SchemaTemplate is a template JSON Schema for user.

ServerSpecV2Schema is JSON schema for server.

StaticTokensSpecSchemaTemplate is a template for StaticTokens schema.

TrustedClusterSpecSchemaTemplate is a template for trusted cluster schema.

TunnelConnectionSpecV2Schema is JSON schema for reverse tunnel spec.

UserCA identifies the key as a user certificate authority.

UserIdentifier represents user registered identifier in the rules.

UserSpecV2SchemaTemplate is JSON schema for V2 user.

V1 is the first version of resources.

V2 is the second version of resources.

V2SchemaTemplate is a template JSON Schema for V2 style objects.

V3 is the third version of resources.

VerbCreate is used to create an object.

VerbDelete is used to remove an object.

VerbList is used to list all objects.

VerbRead is used to read a single object.

VerbReadNoSecrets is used to read a single object without secrets.

VerbRotate is used to rotate certificate authorities used only internally.

VerbUpdate is used to update an object.

WebSessionSpecV2Schema is JSON schema for cert authority V2.

Wildcard is a special wildcard character matching everything.

AdminUserRules provides access to the default set of rules assigned to all users.

AttribueMappingSchema is JSON schema for claim mapping.

CertAuthorityTypeExpr is a function call that returns cert authority type.

ClaimMappingSchema is JSON schema for claim mapping.

DefaultCertAuthorityRules provides access the minimal set of resources needed for a certificate authority to function.

DefaultImplicitRules provides access to the default set of implicit rules assigned to all roles.

GithubConnectorSpecV3Schema is the JSON schema for Github connector spec.

OIDCConnectorSpecV2Schema is a JSON Schema for OIDC Connector.

ResourceNameExpr is the identifer that specifies resource name.

RotatePhases lists all supported rotation phases.

SAMLConnectorSpecV2Schema is a JSON Schema for SAML Connector.

SigningKeyPairSchema.

TeamMappingSchema is the JSON schema for team membership mapping.

AttributeMapping is SAML Attribute statement mapping from SAML attribute statements to roles.

AuditConfig represents audit log settings in the cluster.

AuthPreferenceSpecV2 is the actual data we care about for AuthPreferenceV2.

AuthPreferenceV2 implements AuthPreference.

Bool is a wrapper around boolean values.

CertAuthID - id of certificate authority (it's type and domain name).

CertAuthoritySpecV2 is a host or user certificate authority that can check and if it has private key stored as well, sign it too.

CertAuthorityV1 is a host or user certificate authority that can check and if it has private key stored as well, sign it too.

CertAuthorityV2 is version 2 resource spec for Cert Authority.

CertRoles defines certificate roles.

ChangePasswordReq defines a request to change user password.

ClaimMapping is OIDC claim mapping that maps claim name to teleport roles.

ClusterConfigSpecV3 is the actual data we care about for ClusterConfig.

ClusterConfigV3 implements the ClusterConfig interface.

ClusterNameSpecV2 is the actual data we care about for ClusterName.

ClusterNameV2 implements the ClusterName interface.

CommandLabelV1 is a label that has a value as a result of the output generated by running command, e.g.

CommandLabelV2 is a label that has a value as a result of the output generated by running command, e.g.

ConnectorRef holds information about OIDC connector.

Context is a default rule context used in teleport.

CreatedBy holds information about the person or agent who created the user.

Duration is a wrapper around duration to set up custom marshal/unmarshal.

EmptyResource is used to represent a use case when no resource is specified in the rules matcher.

OIDCIdentity is OpenID Connect identity that is linked to particular user and connector and lets user to log in using external credentials, e.g.

GithubAuthRequest is the request to start Github OAuth2 flow.

GithubClaims represents Github user information obtained during OAuth2 flow.

GithubConnectorSpecV3 is the current Github connector spec.

GithubConnectorV3 represents a Github connector.

HostCertParams defines all parameters needed to generate a host certificate.

LicenseSpecV3 is the actual data we care about for LicenseV3.

LicenseV3 represents License resource version V3.

LogAction represents action that will emit log entry when specified in the actions of a matched rule.

LoginAttempt represents successful or unsuccessful attempt for user to login.

LoginStatus is a login status of the user.

MarshalConfig specify marshalling options.

Metadata is resource metadata.

Namespace represents namespace resource specification.

NamespaceSpec is namespace spec.

OIDCAuthRequest is a request to authenticate with OIDC provider, the state about request is managed by auth server.

OIDCConnectorSpecV2 specifies configuration for Open ID Connect compatible external identity provider, e.g.

OIDCConnectorV1 specifies configuration for Open ID Connect compatible external identity provider, e.g.

OIDCConnectorV2 is version 1 resource spec for OIDC connector.

ProvisionToken stores metadata about some provisioning token.

Ref is a resource reference.

RemoteClusterSpecV3 represents status of the remote cluster.

RemoteClusterV3 implements RemoteCluster.

ResorceHeader is a shared resource header.

ReverseTunnelSpecV2 is a specification for V2 reverse tunnel.

ReverseTunnelV1 is V1 version of reverse tunnel.

ReverseTunnelV2 is version 1 resource spec of the reverse tunnel.

RoleConditions is a set of conditions that must all match to be allowed or denied access.

RoleMappping provides mapping of remote roles to local roles for trusted clusters.

RoleOptions is a set of role options.

RoleSpecV2 is role specification for RoleV2.

RoleSpecV3 is role specification for RoleV3.

RoleV2 represents role resource specification.

RoleV3 represents role resource specification.

Rotation is a status of the rotation of the certificate authority.

RotationSchedule is a rotation schedule setting time switches for different phases.

Rule represents allow or deny rule that is executed to check if user or service have access to resource.

SAMLAuthRequest is a request to authenticate with OIDC provider, the state about request is managed by auth server.

SAMLConnectorSpecV2 specifies configuration for Open ID Connect compatible external identity provider, e.g.

SAMLConnectorV2 is version 1 resource spec for SAML connector.

ServerSpecV2 is a specification for V2 Server.

ServerV1 represents V1 spec of the server.

ServerV2 is version1 resource spec of the server.

SigningKeyPair is a key pair used to sign SAML AuthnRequest.

SignupToken stores metadata about user signup token is stored and generated when tctl add user is executed.

Site represents a cluster of teleport nodes who collectively trust the same certificate authority (CA) and have a common name.

StaticTokensSpecV2 is the actual data we care about for StaticTokensSpecV2.

StaticTokensV2 implements the StaticTokens interface.

TeamMapping represents a single team membership mapping.

TeleportClusterConfigMarshaler is used to marshal and unmarshal ClusterConfig.

TeleportClusterNameMarshaler is used to marshal and unmarshal ClusterName.

TeleportGithubConnectorMarshaler is the default Github connector marshaler.

TeleportStaticTokensMarshaler is used to marshal and unmarshal StaticTokens.

TLSKeyPair is a TLS key pair.

TrustedClusterSpecV2 is the actual data we care about for TrustedClusterSpecV2.

TrustedClusterV2 implements TrustedCluster.

TunnelConnectionSpecV2 is a specification for V2 tunnel connection.

TunnelConnectionV2 is version 1 resource spec of the reverse tunnel.

U2F defines settings for U2F device.

UnknownResource is used to detect resources.

UserCertParams defines OpenSSH user certificate parameters.

UserRef holds references to user.

UserSpecV2 is a specification for V2 user.

UserV1 is V1 version of the user.

UserV2 is version1 resource spec of the user.

WebSessionSpecV2 is a spec for V2 session.

WebSession stores key and value used to authenticate with SSH nodes on behalf of user.

WebSessionV2 is version 2 spec for session.

Access service manages roles and permissions.

AccessChecker interface implements access checks for given role or role set.

AuthPreference defines the authentication preferences for a specific cluster.

AuthPreferenceMarshaler implements marshal/unmarshal of AuthPreference implementations mostly adds support for extended versions.

CertAuthority is a host or user certificate authority that can check and if it has private key stored as well, sign it too.

CertAuthorityMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

ClusterConfig defines cluster level configuration.

ClusterConfigMarshaler implements marshal/unmarshal of ClusterConfig implementations mostly adds support for extended versions.

ClusterConfiguration stores the cluster configuration in the backend.

ClusterName defines the name of the cluster.

ClusterNameMarshaler implements marshal/unmarshal of ClusterName implementations mostly adds support for extended versions.

CommandLabelV2 is a label that has a value as a result of the output generated by running command, e.g.

GithubConnector defines an interface for a Github OAuth2 connector.

GithubConnectorMarshaler defines interface for Github connector marshaler.

Identity is responsible for managing user entries and external identities.

License defines teleport License Information.

OIDCConnector specifies configuration for Open ID Connect compatible external identity provider, e.g.

OIDCConnectorMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

Presence records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes.

Provisioner governs adding new nodes to the cluster.

RemoteCluster represents a remote cluster that has connected via reverse tunnel to this lcuster.

Resource represents common properties for resources.

ReverseTunnel is SSH reverse tunnel established between a local Proxy and a remote Proxy.

ReverseTunnelMarshaler implements marshal/unmarshal of reverse tunnel implementations.

Role contains a set of permissions or settings.

RoleGetter is an interface that defines GetRole method.

RoleMarshaler implements marshal/unmarshal of Role implementations mostly adds support for extended versions.

RuleContext specifies context passed to the rule processing matcher, and contains information about current session, e.g.

SAMLConnector specifies configuration for SAML 2.0 dentity providers.

SAMLConnectorMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

Server represents a Node, Proxy or Auth server in a Teleport cluster.

ServerMarshaler implements marshal/unmarshal of Role implementations mostly adds support for extended versions.

StaticTokens define a list of static []ProvisionToken used to provision a node.

StaticTokensMarshaler implements marshal/unmarshal of StaticTokens implementations mostly adds support for extended versions.

Trust is responsible for managing certificate authorities Each authority is managing some domain, e.g.

TrustedCluster holds information needed for a cluster that can not be directly accessed (maybe be behind firewall without any open ports) to join a parent cluster.

TrustedClusterMarshaler implements marshal/unmarshal of TrustedCluster implementations mostly adds support for extended versions.

TunnelConnection is SSH reverse tunnel connection established to reverse tunnel proxy.

User represents teleport embedded user or external user.

UserGetter is responsible for getting users.

UserMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

WebSession stores key and value used to authenticate with SSH notes on behalf of user.

WebSessionMarshaler implements marshal/unmarshal of User implementations mostly adds support for extended versions.

CertAuthType specifies certificate authority type, user or host.

CommandLabels is a set of command labels.

Labels is a wrapper around map that can marshal and unmarshal itself from scalar and list values.

MarshalOption sets marshalling option.

NewParserFn returns function that creates parser of 'where' section in access rules.

RoleConditionType specifies if it's an allow rule (true) or deny rule (false).

RoleMap is a list of mappings.

RoleSet is a set of roles that implements access control functionality.

RuleSet maps resource to a set of rules defined for it.

SortedLoginAttempts sorts login attempts by time.

SortedNamespaces sorts namespaces.

SortedReverseTunnels sorts reverse tunnels by cluster name.

SortedRoles sorts roles by name.

SortedServers is a sort wrapper that sorts servers by name.

SortedTrustedCluster sorts clusters by name.

Users represents a slice of users, makes it sort compatible (sorts by username).