PackICAccountAssignment packs an Identity Center Account Assignment in to its wire format.

UnpackICAccountAssignment converts a wire-format IdentityCenterAccountAssignment resource back into an identitycenterv1.AccountAssignment instance.

CREATED sorts access requests by creation time (this is the sort index typically used in user interfaces since most users are looking for recently-created requests).

DEFAULT sorts access requests by their native backend index.

STATE sorts access requests by their state (PENDING, APPROVED, etc).

USER sorts access requests by their creator's teleport username.

NORMAL is used in all cases except Windows.

TCTL is set when request was sent by tctl tool.

UNSPECIFIED is set when the requester in unknown.

WINDOWS adds specific required extensions for SQL Server, similar to Desktop Access.

TOTP is a Time-based One-Time Password device.

Webauthn is a device compatible with the Web Authentication specification, registered via Webauthn APIs.

Device intended for MFA use, but not for passwordless.

Device intended for both MFA and passwordless.

SSHServer is a label update for an SSH server.

SSHServerCloudLabels is a label update for an SSH server coming from a cloud provider.

Completing an MFA ceremony will not grant access to a resource.

Indicates the client/server are either old and don't support checking if MFA is required during the ceremony or that there was a catastrophic error checking RBAC to determine if completing an MFA ceremony will grant access to a resource.

Completing an MFA ceremony will grant access to a resource.

DELETE identifies deleted object.

INIT is sent as a first sentinel event on the watch channel.

PUT identifies created or updated object.

PRODUCT_TYPE_EUB is Teleport Enterprise Usage Based product.

PRODUCT_TYPE_TEAM is Teleport Team product.

SUPPORT_TYPE_FREE is the free tier support.

SUPPORT_TYPE_PREMIUM is the premium tier support.

All means a request for both SSH and TLS certificates for the overall user session.

App means a request for a TLS certificate for access to a specific web app, as specified by RouteToApp.

Generate login certificates, both SSH and TLS, as well as CA certs.

Generate single-user certificates, either SSH or TLS, depending on the specified Usage.

Purpose not specified.

Database means a request for a TLS certificate for access to a specific database, as specified by RouteToDatabase.

Kubernetes means a request for a TLS certificate for access to a specific Kubernetes cluster, as specified by KubernetesCluster.

SSH means a request for an SSH certificate for access to a specific SSH node, as specified by NodeName.

TSH_APP_LOCAL_PROXY is set when the request was sent by a tsh app local proxy.

TSH_DB_LOCAL_PROXY_TUNNEL is set when the request was sent by a tsh db local proxy tunnel.

TSH_KUBE_LOCAL_PROXY is set when the request was sent by a tsh kube local proxy.

TSH_KUBE_LOCAL_PROXY_HEADLESS is set when the request was sent by a tsh kube local proxy in headless mode.

UNSPECIFIED is set when the requester in unknown.

WindowsDesktop means a request for a TLS certificate for access to a specific windows desktop.

Enum value maps for Operation.

Enum value maps for Operation.

AccessListFeature holds the Access List feature settings.

AccessMonitoringFeature holds the Access Monitoring feature settings.

AccessRequestAllowedPromotionRequest is the request to AccessRequestAllowedPromotion RPC call.

AccessRequestAllowedPromotionResponse is the response to AccessRequestAllowedPromotion RPC call.

AccessRequestsFeature holds the AccessRequest feature general and usage-based settings.

Deprecated: Use [AuthService.AddMFADeviceSync] instead.

Deprecated: Use [AuthService.AddMFADeviceSync] instead.

AddMFADeviceSyncRequest is a request to add a MFA device (nonstream).

AddMFADeviceSyncResponse is a response to AddMFADeviceSyncRequest.

AdminAction specifies an admin action.

AppendDiagnosticTraceRequest is a request to append a trace into a DiagnosticConnection.

AuditStreamRequest contains stream request - event or stream control request.

AuditStreamStatus returns audit stream status with corresponding upload ID.

CertAuthorityRequest is a request that identifies a Teleport CA.

Set of certificates corresponding to a single public key.

ChangePasswordRequest specifies the parameters for the ChangePassword method.

ChangeUserAuthenticationRequest defines a request to change a password and if enabled also adds a new MFA device from a user reset or from a new user invite.

ChangeUserAuthenticationResponse is a response for ChangeUserAuthentication.

ClearAlertAcksRequest specifies alerts acknowledgements to clear.

CompleteAccountRecoveryRequest is a request to set either a new password or add a new mfa device, allowing the user to regain access to their account with the new credentials.

CompleteStream completes the stream and uploads it to the session server.

ConnectionEstablished signals to the client a connection to the node has been established.

ContextUser marks requests that rely in the currently authenticated user.

CreateAccountRecoveryCodesRequest is a request to create new set of recovery codes for a user, replacing and invalidating any previously existing codes.

CreateAppSessionRequest contains the parameters to request a application web session.

CreateAppSessionResponse contains the requested application web session.

CreateAuthenticateChallengeRequest is a request for creating MFA authentication challenges for a users mfa devices.

CreateGithubConnectorRequest is a request for CreateGithubConnector.

CreateOIDCConnectorRequest is a request for CreateOIDCConnector.

CreatePrivilegeTokenRequest defines a request to obtain a privilege token.

CreateRegisterChallengeRequest is a request for creating MFA register challenge for a new MFA device.

CreateResetPasswordTokenRequest is a request to create a reset password token.

Request for CreateRole.

CreateSAMLConnectorRequest is a request for CreateSAMLConnector.

CreateSAMLIdPSessionRequest contains data required to create a SAML IdP session.

CreateSAMLIdPSessionResponse contains a SAML IdP session.

CreateSessionTrackerRequest is a request to create a new session.

CreateSnowflakeSessionRequest contains data required to create Snowflake web session.

CreateSnowflakeSessionResponse contains Snowflake WebSession.

CreateStream creates stream for a new session ID.

CreateTokenV2Request is used with CreateTokenV2 to create tokens in the backend.

CRL is the X.509 Certificate Revocation List.

Data contains the raw bytes of a connection.

DatabaseCertRequest is a request to generate a client certificate used by a database service to authenticate with a database instance.

DatabaseCertResponse contains the signed certificate.

DatabaseCSRRequest is a request to generate a client certificate used by the proxy to authenticate with a remote database service.

DatabaseCSRResponse contains the signed database certificate.

DatabaseServiceV1List represents a list of DatabaseService resources.

DeleteAllApplicationServersRequest are the parameters used to remove all applications.

DeleteAllDatabaseServersRequest is a request to delete all database servers.

DeleteAllDatabaseServicesRequest is a request to delete all DatabaseServices.

DeleteAllKubernetesServersRequest are the parameters used to remove all kubernetes servers.

DeleteApplicationServerRequest is a request to delete an app server.

DeleteAppSessionRequest contains the parameters used to remove an application web session.

DeleteDatabaseServerRequest is a request to delete a database server.

DeleteKubernetesServerRequest are the parameters used to remove a kubernetes server.

Deprecated: Use [AuthService.DeleteMFADeviceSync] instead.

Deprecated: Use [AuthService.DeleteMFADeviceSync] instead.

DeleteMFADeviceSyncRequest is a request to delete a MFA device (nonstream).

DeleteRoleRequest is a request to delete a role.

DeleteSAMLIdPServiceProviderRequest is a request for deleting a specific SAML IdP service provider resource.

DeleteSAMLIdPSessionRequest contains the parameters used to remove a SAML IdP session.

DeleteSnowflakeSessionRequest contains the parameters used to remove a Snowflake web session.

DeleteUserAppSessionsRequest contains the parameters used to remove the user's application web sessions.

DeleteUserGroupRequest is a request for deleting a specific user group resource.

DeleteUserRequest is the input value for the DeleteUser method.

DeleteUserAppSessionsRequest contains the parameters used to remove the user's SAML IdP sessions.

DeleteWindowsDesktopRequest is a request to delete a Windows desktop host.

DeleteWindowsDesktopServiceRequest is a request to delete a Windows desktop service.

Response message for GetDesktopBootstrapScript.

DeviceTrustFeature holds the Device Trust feature general and usage-based settings.

DialRequest contains details for connecting to a node.

DownstreamInventoryHello is the hello message sent down the inventory control stream.

SupportedCapabilities indicate which features of the ICS that the connect auth server supports.

DownstreamInventoryOneOf is the downstream message for the inventory control stream, sent from auth servers to teleport instances.

DownstreamInventoryPing is sent down the inventory control stream.

DownstreamInventoryUpdateLabels is the message sent down the inventory control stream to update the instance's labels.

EntitlementInfo is the state and limits of a particular entitlement.

Event returns cluster event.

ExportUpgradeWindowsRequest encodes parameters for loading the upgrader-facing representations of upcoming agent maintenance windows.

ExportUpgradeWindowsResponse encodes an upgrader-facing representation of upcoming agent maintenance windows.

Features are auth server features.

FlushAndCloseStream flushes the stream data and closes the stream.

Frame wraps different message types to be sent over a stream.

GenerateAppTokenRequest are the parameters used to request an application token.

GenerateAppTokenResponse contains a signed application token.

GetAccountRecoveryCodesRequest is a request to return the user in context their recovery codes.

GetAccountRecoveryTokenRequest is a request to return a user token resource after verifying that the token in the request is not expired and is of the recovery kind.

GetAlertAcksRequest returns the currently acknowledged alerts.

GetAlertAcksResponse contains the set of active cluster alert acknowledgements for this cluster.

GetAppSessionRequest are the parameters used to request an application web session.

GetAppSessionResponse contains the requested application web session.

GetClusterAlertsResponse contains the result of a cluster alerts query.

GetClusterCACertResponse is a response from GetClusterCACert.

GetConnectionDiagnosticRequest is a request to return a connection diagnostic.

GetDomainNameResponse is a response from GetDomainName.

GetGithubAuthRequestRequest is a request for GetGithubAuthRequest.

Request for GetHeadlessAuthentication.

GetLicenseEvent is used to submit an external usage event.

GetLicenseResponse is a response from GetLicense.

GetMFADeviceRequest is a request for MFA devices for the calling user.

GetMFADeviceResponse is a response for GetMFADevices RPC.

GetOIDCAuthRequestRequest is a request for GetOIDCAuthRequest.

GetResetPasswordTokenRequest is a request to get a reset password token.

GetRoleRequest is a request to query a role.

GetRolesResponse is a response to querying for all roles.

GetSAMLAuthRequestRequest is a request for GetSAMLAuthRequest.

GetSAMLIdPServiceProviderRequest is a request for a specific SAML IdP service provider resource.

GetSAMLIdPSessionRequest are the parameters used to request a SAML IdP session.

GetSAMLIdPSessionResponse contains the requested SAML IdP session.

GetSessionTrackerRequest is a request to fetch a session resource.

GetSnowflakeSessionRequest are the parameters used to request an Snowflake web session.

GetSnowflakeSessionResponse contains the requested Snowflake web session.

GetSnowflakeSessionsResponse contains all the requested Snowflake web sessions.

GetSSHTargetsRequest gets all servers that might match an equivalent ssh dial request.

GetSSHTargetsResponse holds ssh servers that match an ssh targets request.

GetSSODiagnosticInfoRequest is a request for GetSSODiagnosticInfo.

GetUserGroupRequest is a request for a specific user group resource.

GetUserRequest specifies parameters for the GetUser method.

GetUsersRequest specifies parameters for the GetUsers method.

GetWebSessionResponse contains the requested web session.

GetWebSessionsResponse contains all the requested web sessions.

GetWebTokenResponse contains the requested web token.

GetWebTokensResponse contains all the requested web tokens.

GetWindowsDesktopServiceRequest is a request for a specific Windows Desktop Service.

GetWindowsDesktopServiceResponse contains the requested WindowsDesktopService.

GetWindowsDesktopServicesResponse contains all registered Windows desktop services.

GetWindowsDesktopsResponse contains all registered Windows desktop hosts.

HostCertsRequest specifies certificate-generation parameters for a server.

IdentityCenterAccount holds information about an Identity Center account within an IdentityCenterAccountAssignment.

IdentityCenterAccountAssignment represents a requestable Identity Center Account Assignment.

IdentityCenterPermissionSet holds information about an Identity Center permission set within an IdentityCenterAccountAssignment.

InventoryConnectedServiceCounts is the connected service counts seen in the inventory.

InventoryConnectedServiceCountsRequest requests inventory connected service counts.

InventoryHeartbeat announces information about instance state.

InventoryPingRequest is used to request that the specified server be sent an inventory ping if it has a control stream registered.

InventoryPingResponse returns the result of an inventory ping initiated via an inventory ping request.

InventoryStatusRequest requests inventory status info.

InventoryStatusSummary is the status summary returned by the GetInventoryStatus rpc.

InventoryUpdateLabelsRequest is used to request that a specified instance update its labels.

IsMFARequiredRequest is a request to check whether MFA is required to access the Target.

IsMFARequiredResponse is a response for MFA requirement check.

ListAccessRequestsRequest encodes the parameters for a paginated access request lookup.

ListAccessRequestsResponse is a page of access requests.

ListAppSessionRequest are the parameters used to request an application web session.

ListAppSessionResponse contains the requested application web session.

GetLicenseEvent is used to submit an external usage event.

ListReleasesResponse is a response from ListReleases.

ListResourcesRequest defines a request to retrieve resources paginated.

ListResourceResponse response of ListResources.

ListRolesRequest encodes parameters for paginated role lookup.

ListRolesResponse is a page of roles.

ListSAMLIdPServiceProvidersRequest is a request for a paginated list of SAML IdP service providers.

ListSAMLIdPServiceProvidersResponse a paginated list of SAML IdP service providers.

ListSAMLIdPSessionRequest are the parameters used to request a SAML IdP sessions.

ListSAMLIdPSessionsResponse contains all the requested SAML IdP sessions.

ListUnifiedResourcesRequest is a request to receive a paginated list of unified resources.

ListUnifiedResourceResponse response of ListUnifiedResources.

ListUserGroupsRequest is a request for a paginated list of user groups.

ListUserGroupsResponse a paginated list of user groups.

MFAAuthenticateChallenge is a challenge for all MFA devices registered for a user.

MFAAuthenticateResponse is a response to MFAAuthenticateChallenge using one of the MFA devices registered for a user.

MFARegisterChallenge is a challenge for registering a new MFA device.

MFARegisterResponse is a response to MFARegisterChallenge.

Addr is a network address.

NodeLogin specifies an SSH node and OS login.

OpenSSHCert is a SSH certificate signed by OpenSSH CA.

OpenSSHCertRequest specifies certificate-generation parameters for a certificates used to connect to Agentless nodes.

OracleSignedRequest holds the headers and payload for a signed request to the Oracle API.

PaginatedResource represents one of the supported resources.

Passwordless marks requests for passwordless challenges.

PingRequest is the input value for the Ping method.

PingResponse contains data about the teleport auth server.

PluginDataSeq is a sequence of plugin data.

PolicyFeature holds the Teleport Policy feature set settings.

PresenceMFAChallengeRequest is a request for a presence MFA challenge.

PresenceMFAChallengeSend is a presence challenge request or response.

RecoveryCodes describes account recovery fields.

RegisterUsingAzureMethodRequest is the request for registration via the Azure join method.

RegisterUsingAzureMethodResponse is a stream response and will contain either a Challenge or signed Certs to join the cluster.

RegisterUsingIAMMethodRequest is a request for registration via the IAM join method.

RegisterUsingIAMMethodResponse is a stream response and will contain either a Challenge or signed Certs to join the cluster.

RegisterUsingOracleMethodRequest is the request for registration via the Oracle join method.

RegisterUsingOracleMethodResponse is a stream response and will contain either a Challenge or signed Certs to join the cluster.

The enrollment challenge response containing the solution returned by calling the TPM2.0 `ActivateCredential` command on the client with the parameters provided in `TPMEncryptedCredential`.

The initial payload sent from the client to the server during a TPM join request.

RegisterUsingTPMMethodRequest is the streaming request type for the RegisterUsingTPMMethod RPC.

RegisterUsingTPMMethodResponse is the streaming response type for the RegisterUsingTPMMethod RPC.

RemoveSessionTrackerRequest is a request to remove a session.

RenewableCertsRequest is a request to generate a first set of renewable certificates from a bot join token.

RequestID is the unique identifier of an access request.

RequestStateSetter encodes the parameters necessary to update the state of a privilege escalation request.

ResolveSSHTargetRequest provides details about a server to be resolved in an equivalent manner to a ssh dial request.

GetSSHTargetsResponse holds ssh servers that match an ssh targets request.

ResumeStream resumes stream that was previously created.

RouteToApp contains parameters for application access certificate requests.

RouteToDatabase combines parameters for database service routing information.

RouteToWindowsDesktop combines parameters for windows desktop routing information.

Semaphores is a sequence of Semaphore resources.

SessionTrackerUpdateExpiry is used to update the session tracker expiration time.

SnowflakeJWTRequest contains data required to generate Snowflake JWT used for authorization.

SnowflakeJWTResponse contains signed JWT that can be used for Snowflake authentication.

SSOChallenge contains SSO auth request details to perform an SSO MFA check.

SSOResponse is a response to SSOChallenge.

StartAccountRecoveryRequest defines a request to create a recovery start token for a user who is allowed to recover their account.

StreamSessionEventsRequest is a request containing needed data to fetch a session recording.

SubmitUsageEventRequest is used to submit an external usage event.

SystemRoleAssertion is used by agents to prove that they have a given system role when their credentials originate from multiple separate join tokens so that they can be issued an instance certificate that encompasses all of their capabilities.

SystemRoleAssertionSet is an aggregate generated as a result of one or more successful assertions.

TOTPChallenge is a challenge for all TOTP devices registered for a user.

TOTPRegisterChallenge is a challenge for registering a new TOTP device.

TOTPRegisterResponse is a response to TOTPRegisterChallenge.

TOTPResponse is a response to TOTPChallenge.

The attestation key and the parameters necessary to remotely verify it as related to the endorsement key.

These values are used by the TPM2.0 `ActivateCredential` command to produce the solution which proves possession of the EK and AK.

UnimplementedAuthServiceServer can be embedded to have forward compatible implementations.

UnimplementedJoinServiceServer can be embedded to have forward compatible implementations.

UnimplementedProxyServiceServer can be embedded to have forward compatible implementations.

UpdateGithubConnectorRequest is a request for UpdateGithubConnector.

Request for UpdateHeadlessAuthenticationState.

UpdateOIDCConnectorRequest is a request for UpdateOIDCConnector.

Request for UpdateRole.

UpdateSAMLConnectorRequest is a request for UpdateSAMLConnector.

UpdateSessionTrackerRequest is a request to update some state of a session.

UpsertApplicationServerRequest upserts an app server.

UpsertClusterAlertRequest is used to create a cluster alert.

UpsertDatabaseServerRequest is a request to register database server.

UpsertDatabaseServiceRequest is a request to register DatabaseService.

UpsertGithubConnectorRequest is a request for UpsertGithubConnector.

UpsertKubernetesServerRequest are the parameters used to add or update a kubernetes server.

UpsertOIDCConnectorRequest is a request for UpsertOIDCConnector.

Request for UpsertRole.

UpsertSAMLConnectorRequest is a request for UpsertSAMLConnector.

UpsertTokenV2Request is used with UpsertTokenV2 to upsert tokens in the backend.

UpstreamInventoryAgentMetadata is the message sent up the inventory control stream containing metadata about the instance.

UpstreamInventoryGoodbye informs the upstream service that instance is terminating.

UpstreamInventoryHello is the hello message sent up the inventory control stream.

UpstreamInventoryOneOf is the upstream message for the inventory control stream, sent from teleport instances to the auth server.

UpstreamInventoryPong is sent up the inventory control stream in response to a downstream ping including the system clock of the downstream.

UserCertRequest specifies certificate-generation parameters for a user.

UserCredentials describes fields for a user's username and password.

Deprecated: Use [AuthService.GenerateUserCerts] instead.

Deprecated: Use [AuthService.GenerateUserCerts] instead.

VerifyAccountRecoveryRequest is a request to create a recovery approved token that allows users to perform protected actions while not logged in.

Watch specifies watch parameters.

WindowsDesktopCertRequest is a request to generate a client certificate used for Windows RDP authentication.

WindowsDesktopCertResponse contains the signed Windows RDP certificate.

AuthServiceClient is the client API for AuthService service.

AuthServiceServer is the server API for AuthService service.

DownstreamInventoryMessage is a sealed interface representing the possible downstream messages of the inventory controls stream after initial hello.

JoinServiceClient is the client API for JoinService service.

JoinServiceServer is the server API for JoinService service.

ProxyServiceClient is the client API for ProxyService service.

ProxyServiceServer is the server API for ProxyService service.

UpstreamInventoryMessage is a sealed interface representing the possible upstream messages of the inventory control stream after the initial hello.

AccessRequestSort determines access request sort index.

Extensions are the extensions to add to the certificate.

Requester is a name of service that sent the request.

DeviceType describes supported MFA device types.

Duration is a wrapper around duration.

LabelUpdateKind is the type of service to update labels for.

MFARequired indicates if MFA is required to access a resource.

Operation identifies type of operation.

Order specifies any ordering of some objects as returned in regards to some aspect of said objects which may be trivially ordered such as a timestamp.

ProductType is the type of product.

SupportType if the type of support offered.

CertPurpose complements CertUsage by informing Teleport of the intended use for the certificates.

Requester is the name of the service that sent the request.