ALPNSNIAuthProtocol allows dialing local/remote auth service based on SNI cluster name value.

ALPNSNIProtocolPingSuffix is TLS ALPN suffix used to wrap connections with Ping.

ALPNSNIProtocolReverseTunnel is TLS ALPN protocol value used to indicate Proxy reversetunnel protocol.

ALPNSNIProtocolSSH is the TLS ALPN protocol value used to indicate Proxy SSH protocol.

APIDomain is a default domain name for Auth server API.

AWSAccountIDLabel is the key of the label containing AWS account ID.

AWSCNConsoleURL is the URL of AWS management console for AWS China Partition.

AWSConsoleURL is the URL of AWS management console.

AWSUSGovConsoleURL is the URL of AWS management console for AWS GovCloud (US) Partition.

CertificateFormatStandard is used for normal Teleport operation without any compatibility modes.

ChanTransport is a channel type that can be used to open a net.Conn through the reverse tunnel server.

ChanTransportDialReq is the first (and only) request sent on a chanTransport channel.

DarwinOS is the GOOS constant for Apple macOS/darwin.

DefaultImplicitRole is implicit role that gets added to all service.RoleSet objects.

DeviceTrustModeOff disables both device authentication and authorization.

DeviceTrustModeOptional allows both device authentication and authorization, but doesn't enforce the presence of device extensions for sensitive endpoints.

DeviceTrustModeRequired enforces the presence of device extensions for sensitive endpoints.

DurationNever is human friendly shortcut that is interpreted as a Duration of 0.

EnhancedRecordingCommand is a role option that implies command events are captured.

EnhancedRecordingDisk is a role option that implies disk events are captured.

EnhancedRecordingMinKernel is the minimum kernel version for the enhanced recording feature.

EnhancedRecordingNetwork is a role option that implies network events are captured.

EnvVarTerraformAddress is the environment variable configuring the Teleport address the Terraform provider connects to.

EnvVarTerraformCertificates is the environment variable configuring the path the Terraform provider loads its client certificates from.

EnvVarTerraformCertificatesBase64 is the environment variable configuring the client certificates used by the Terraform provider.

EnvVarTerraformCloudJoinAudienceTag is the environment variable configuring the Terraform provider's native Machine ID joining.

EnvVarTerraformDialTimeoutDuration is the environment variable configuring the Terraform provider dial timeout.

EnvVarTerraformIdentityFile is the environment variable containing the identity file used by the Terraform provider.

EnvVarTerraformIdentityFileBase64 is the environment variable containing the base64-encoded identity file used by the Terraform provider.

EnvVarTerraformIdentityFilePath is the environment variable containing the path to the identity file used by the provider.

EnvVarTerraformJoinMethod is the environment variable configuring the Terraform provider native MachineID join method.

EnvVarTerraformJoinToken is the environment variable configuring the Terraform provider native MachineID join token.

EnvVarTerraformKey is the environment variable configuring the path the Terraform provider loads its client key from.

EnvVarTerraformKeyBase64 is the environment variable configuring the client key used by the Terraform provider.

EnvVarTerraformProfileName is the environment variable containing name of the profile used by the Terraform provider.

EnvVarTerraformProfilePath is the environment variable containing the profile directory used by the Terraform provider.

EnvVarTerraformRetryBaseDuration is the environment variable configuring the base duration between two Terraform provider retries.

EnvVarTerraformRetryCapDuration is the environment variable configuring the maximum duration between two Terraform provider retries.

EnvVarTerraformRetryMaxTries is the environment variable configuring the maximum number of Terraform provider retries.

EnvVarTerraformRootCertificates is the environment variable configuring the path the Terraform provider loads its trusted CA certificates from.

EnvVarTerraformRootCertificatesBase64 is the environment variable configuring the CA certificates trusted by the Terraform provider.

FailedToSendCloseNotify is an error message from Go net package indicating that the connection was closed by the server.

FileTransferDecision is a request that will approve or deny an active file transfer.

Github means authentication will happen remotely using a Github connector.

HeadlessConnector is the authentication connector for headless logins.

HumanDateFormatSeconds is a human readable date formatting with seconds.

InitiateFileTransfer is used when creating a new file transfer request.

KeepAliveApp is the keep alive type for application server.

KeepAliveDatabase is the keep alive type for database server.

KeepAliveDatabaseService is the keep alive type for database service.

KeepAliveKube is the keep alive type for Kubernetes server.

KeepAliveNode is the keep alive type for SSH servers.

KeepAliveWindowsDesktopService is the keep alive type for a Windows desktop service.

KubeTeleportProxyALPNPrefix is a SNI Kubernetes prefix used for distinguishing the Kubernetes HTTP traffic.

LinuxOS is the GOOS constant used for Linux.

Local means authentication will happen locally within the Teleport cluster.

LocalConnector is the authenticator connector for local logins.

LockingModeBestEffort applies the most recently known locks under all circumstances.

LockingModeStrict causes all interactions to be terminated when the available lock view becomes unreliable.

MaxAssumeStartDuration latest duration into the future an access request's assume start time can be.

MaxLeases serves as an identifying error string indicating that the semaphore system is rejecting an acquisition attempt due to max leases having already been reached.

NoLoginPrefix is the prefix used for nologin certificate principals.

OIDC means authentication will happen remotely using an OIDC connector.

OIDCPromptNone instructs the Authorization Server to skip the prompt.

OIDCPromptSelectAccount instructs the Authorization Server to prompt the End-User to select a user account.

OktaAssignmentStatusFailed is represents an Okta assignment which failed to apply.

OktaAssignmentStatusPending is represents a pending status for an Okta assignment.

OktaAssignmentStatusProcessing is represents an Okta assignment which is currently being acted on.

OktaAssignmentStatusSuccessful is represents a successfully applied Okta assignment.

OktaAssignmentStatusPending is represents a unknown status for an Okta assignment.

OktaAssignmentTargetApplication is an application target of an Okta assignment.

OktaAssignmentActionTargetGroup is a group target of an Okta assignment.

OktaAssignmentTargetUnknown is an unknown target of an Okta assignment.

PasswordlessConnector is the authenticator connector for local/passwordless logins.

RemoteAuthServer is a special non-resolvable address that indicates client requests a connection to the remote auth server.

RSAKeySize is the size of the RSA key.

SAML means authentication will happen remotely using a SAML connector.

todo(lxea): DELETE IN 17.

SecondFactorOn means that all 2FA protocols are supported and 2FA is required for all users.

todo(lxea): DELETE IN 17.

SecondFactorOTP means that only OTP is supported for 2FA and 2FA is required for all users.

SecondFactorU2F means that only Webauthn is supported for 2FA and 2FA is required for all users.

SecondFactorWebauthn means that only Webauthn is supported for 2FA and 2FA is required for all users.

SessionRecordingModeBestEffort allows the session to keep going even when session recording fails.

SessionRecordingModeStrict causes any failure session recording to terminate the session or prevent a new session from starting.

SessionRecordingServiceSSH represents the SSH service session.

ShowResourcesaccessibleOnly will only show resources the user currently has access to.

ShowResourcesRequestable will allow resources that the user can request into resources page.

SSHRSAType is the string which specifies an "ssh-rsa" formatted keypair.

TimeoutGetClusterAlerts is the timeout for grabbing cluster alerts from tctl and tsh.

TraitAWSRoleARNs is the name of the role variable used to store allowed AWS role ARNs.

TraitAzureIdentities is the name of the role variable used to store allowed Azure identity names.

TraitDBNames is the name of the role variable used to store allowed database names.

TraitDBRoles is the name of the role variable used to store allowed database roles.

TraitDBUsers is the name of the role variable used to store allowed database users.

TraitGCPServiceAccounts is the name of the role variable used to store allowed GCP service accounts.

TraitGitHubOrgs is the name of the variable to specify the GitHub organizations for GitHub integration.

TraitHostUserGID is the name of the variable used to specify the GID to create host user account with.

TraitHostUserUID is the name of the variable used to specify the UID to create host user account with.

TraitJWT is the name of the trait containing JWT header for app access.

TraitKubeGroups is the name the role variable used to store allowed kubernetes groups.

TraitKubeUsers is the name the role variable used to store allowed kubernetes users.

TraitLogins is the name of the role variable used to store allowed logins.

TraitWindowsLogins is the name of the role variable used to store allowed Windows logins.

UseOfClosedNetworkConnection is a special string some parts of go standard lib are using that is the only way to identify some errors TODO(r0mant): See if we can use net.ErrClosed and errors.Is() instead.

WebAPIConnUpgrade is the HTTP web API to make the connection upgrade call.

WebAPIConnUpgradeConnectionHeader is the standard header that controls whether the network connection stays open after the current transaction finishes.

WebAPIConnUpgradeConnectionType is the value of the "Connection" header used for connection upgrades.

WebAPIConnUpgradeHeader is the header used to indicate the requested connection upgrade types in the connection upgrade API.

WebAPIConnUpgradeTeleportHeader is a Teleport-specific header used to indicate the requested connection upgrade types in the connection upgrade API.

WebAPIConnUpgradeTypeALPN is a connection upgrade type that specifies the upgraded connection should be handled by the ALPN handler.

WebAPIConnUpgradeTypeALPNPing is a connection upgrade type that specifies the upgraded connection should be handled by the ALPN handler wrapped with the Ping protocol.

WebAPIConnUpgradeTypeWebSocket is the standard upgrade type for WebSocket.

WindowsOS is the GOOS constant used for Microsoft Windows.

LocalConnectors are the system connectors that use local auth.

SystemConnectors lists the names of the system-reserved connectors.

DeviceTrustMode is the mode of verification for trusted devices.

LockingMode determines how a (possibly stale) set of locks should be applied to an interaction.

SecondFactorType is the type of 2FA authentication.

SessionRecordingMode determines how session recording will behave in failure scenarios.

SessionRecordingService is used to differentiate session recording services.

ShowResources determines which resources are shown in the web UI.