package credssuite contains a storage acceptance test suite that is service implementation independent.

CreateOpsCenterAgent creates a new agent user/API key pair.

CryptoRandomToken generates crypto-strong pseudo random token.

ExtractKubeGroups returns a list of Kubernetes groups extracted from the provided assignKubernetesGroups action string.

FindAllConnectors returns all existing auth connectors.

FindConnector searches for a connector of any supported kind with the provided name.

FindPreferredConnector returns a preferred auth connector to use If cluster authentication preference specifies one, it is returned.

GetAdminKubernetesGroups returns list of K8s groups with admin privileges this function should go away once UI will be able to set this instead of hardcoding it.

GetBuiltinRoles returns some system roles available by default.

GetOpsCenterAgent returns agent user authenticated to the OpsCenter.

GetSiteAgent returns API key for a registered site agent user.

IdentityWithACL returns an instance of the Users interface with the specified security context.

NewAccessPoint returns Teleport's access point (which provides methods specific to certificate authority) from the provided identity service.

NewActionsParser returns standard parser for 'actions' section in access rules.

NewAdminRole returns new admin type role.

NewAssignKubernetesGroupsActionFn creates assgin functions.

NewAuthenticator returns a new authenticator instance.

NewAuthenticatorFromIdentity creates a new authenticator from the provided identity.

NewClusterAgentRole returns new agent role used to run update and install operations on the cluster.

NewGatekeeperRole returns new gatekeeper role.

NewInstallTokenRole is granted after the cluster has been created and it allows modifications to one particular cluster.

NewObjectStorageRole specifies role for the object storage.

NewOneTimeLinkRole returns a one-time install token role.

NewOneTimeLinkRoleForApp returns a role that allows a one-time link user to log into Ops Center to install the specified application.

NewReaderRole returns new role that gives access to published applications.

NewSystemRole creates a role with system label.

NewUpdateAgentRole returns new agent role used for polling updates.

ActionCreate defines the action verb for create permission.

ActionDelete defines the action verb for delete permission.

ActionRead defines the action verb for read permission.

ActionUpdate defines the action verb for update permission.

ResourceIdentifier represents resource registered identifier in the rules.

UserIdentifier represents user registered identifier in the rules.

AssignKubernetesGroupsAction represents action that will assign kubernetes groups when called.

AuthenticateResponse contains request authentication results.

AuthenticatorConfig contains authenticator configuration parameters.

Context is a context used in access rules.

CredsConfig stores configuration for credentials config.

IdentityACL defines a security aware wrapper around Users.

InstallTokenUpdateRequest defines a request to update an install token.

KeyStore stores logins for remote portals on computers.

LoginResult defines the result of logging a user in.

SignupResult represents successful signup result: * Account that was created * User that was created * WebSession initiated for this user.

UserTokenCompleteRequest defines a request to complete an action associated with the user token.

Accounts represents a collection of accounts in the portal.

Authenticator defines the interface for authenticating requests.

Identity service manages users and account entries, permissions and authentication, signups.

Users represents operations on users and permssions, it takes care of authentication and authorization.

Account is a collection of sites and represents some company.

LoginEntry represents local login entry for local agents running on hosts TODO: We don't want users to refer to storage package,idea, may be make it internal go package?.

Password is a helper type that enforces some sanity constraints on the password entered by user.