Copyright 2024 Gravitational, Inc.

Package proto provides the protobuf API specification for Teleport.

Package webclient provides a client for the Teleport Proxy API endpoints.

ClusterCAsFromCertPool returns a GetClusterCAsFunc with provided static cert pool.

ConfigureALPN configures ALPN SNI cluster routing information in TLS settings allowing for allowing to dial auth service through Teleport Proxy directly without using SSH Tunnels.

DialALPN a helper to dial using an ALPNDialer and returns a tls.Conn if successful.

DialProxy creates a connection to a server via an HTTP or SOCKS5 Proxy.

DialProxyWithDialer creates a connection to a server via an HTTP or SOCKS5 Proxy using a specified dialer.

EventFromGRPC converts proto.Event to types.Event.

EventToGRPC converts types.Event to proto.Event.

EventTypeFromGRPC converts proto.Operation to types.OpType.

EventTypeToGRPC converts types.OpType to proto.Operation.

GetAllResources is a helper for getting all existing resources that match the provided request.

GetAllUnifiedResources is a helper for getting all existing resources that match the provided request.

GetEnrichedResourcePage is a helper for getting a single page of enriched resources.

GetKubernetesResourcesWithFilters is a helper for getting a list of kubernetes resources with optional filtering.

GetResourcePage is a helper for getting a single page of resources that match the provide request.

GetResourcesWithFilters is a helper for getting a list of resources with optional filtering.

GetUnifiedResourcePage is a helper for getting a single page of unified resources that match the provided request.

GRPCContextDialer converts a ContextDialer to a function used for grpc.WithContextDialer.

InventoryControlStreamPipe creates the two halves of an inventory control stream over an in-memory pipe.

IsALPNConnUpgradeRequired returns true if a tunnel is required through a HTTP connection upgrade for ALPN connections.

IsALPNPingProtocol checks if the provided protocol is suffixed with Ping.

KeyPair returns a Credential give a TLS key, certificate and CA certificates PEM-encoded.

LoadIdentityFile is used to load Credentials from an identity file on disk.

LoadIdentityFileFromString is used to load Credentials from a string containing identity file contents.

LoadKeyPair is used to load Credentials from a certicate keypair on disk.

LoadProfile is used to load Credentials from a tsh profile on disk.

LoadTLS is used to load Credentials directly from a *tls.Config.

New creates a new Client with an open connection to a Teleport server.

NewALPNDialer creates a new ALPNDialer.

NewDialer makes a new dialer that connects to an Auth server either directly or via an HTTP proxy, depending on the environment.

NewDynamicIdentityFileCreds returns a DynamicIdentityFileCreds which has been initially loaded and is ready for use.

NewJoinServiceClient returns a new JoinServiceClient wrapping the given grpc client.

NewOktaClient creates a new Okta client for managing Okta resources.

NewProxyDialer makes a dialer to connect to an Auth server through the SSH reverse tunnel on the proxy.

NewPROXYHeaderDialer makes a new dialer that can propagate client IP if signed PROXY header getter is present.

NewTracingClient creates a new tracing.Client that will forward spans to the connected Teleport server.

NewUpstreamInventoryControlStream wraps the server-side control stream handle.

OverwriteALPNConnUpgradeRequirementByEnv overwrites ALPN connection upgrade requirement by environment variable.

WithALPNConnUpgrade specifies if ALPN connection upgrade is required.

WithALPNConnUpgradePing specifies if Ping is required during ALPN connection upgrade.

WithInsecureSkipVerify specifies if dialing insecure when using an HTTPS proxy.

WithPROXYHeaderGetter provides PROXY headers signer so client's real IP could be propagated.

WithTLSConfig provides the dialer with the TLS config to use when using an HTTPS proxy.

ErrClientCredentialsHaveExpired means that the credentials expired on the server-side and the user should relogin.

ALPNDialer is a ContextDialer that dials a connection to the Proxy Service with ALPN and SNI configured in the provided TLSConfig.

ALPNDialerConfig is the config for ALPNDialer.

AuthServiceClient keeps the interfaces implemented by the auth service.

Client is a gRPC Client that connects to a Teleport Auth server either locally or over ssh through a Teleport web proxy or tunnel proxy.

Config contains configuration of the client.

DynamicIdentityFileCreds allows a changing identity file to be used as the source of authentication for Client.

JoinServiceClient is a client for the JoinService, which runs on both the auth and proxy.

ResourcePage holds a page of results from [GetResourcePage].

ContextDialer represents network dialer interface that uses context.

Credentials are used to authenticate the API auth client.

CredentialsWithDefaultAddrs additionally provides default addresses sourced from the credential which are used when the client has not been explicitly configured with an address.

DownstreamInventoryControlStream is the client/agent side of a bidirectional stream established between teleport instances and auth servers.

GetResourcesClient is an interface used by GetResources to abstract over implementations of the ListResources method.

ListResourcesClient is an interface used by GetResourcesWithFilters to abstract over implementations of the ListResources method.

ListUnifiedResourcesClient is an interface used by ListUnifiedResources to abstract over implementations of the ListUnifiedResources method.

UpstreamInventoryControlStream is the server/controller side of a bidirectional stream established between teleport instances and auth servers.

ContextDialerFunc is a function wrapper that implements the ContextDialer interface.

DialOption allows setting options as functional arguments to api.NewDialer.

DialProxyOption allows setting options as functional arguments to DialProxy.

GetClusterCAsFunc is a function to fetch cluster CAs.

PROXYHeaderGetter is used if present to get signed PROXY headers to propagate client's IP.

RegisterAzureChallengeResponseFunc is a function type meant to be passed to RegisterUsingAzureMethod.

RegisterIAMChallengeResponseFunc is a function type meant to be passed to RegisterUsingIAMMethod.

RegisterOracleChallengeResponseFunc is a function type meant to be passed to RegisterUsingOracleMethod: It must return a *proto.OracleSignedRequest for a given challenge, or an error.

RegisterTPMChallengeResponseFunc is a function type meant to be passed to RegisterUsingTPMMethod.