Copyright 2015 Gravitational, Inc.

Copyright 2015 Gravitational, Inc.

AuthoritiesToTrustedCerts serializes authorities to TrustedCerts data structure.

CheckPublicKeysEqual compares RSA based SSH certificate with the TLS certificate, returns nil if both certificates are using the same public key and refer to the same cluster name, error otherwise.

CreateUserAndRole creates user and role and assignes role to a user, used in tests.

CreateUserAndRoleWithoutRoles creates user and role, but does not assign user to a role, used in tests.

GetCheckerForBuiltinRole returns checkers for embedded builtin role.

GetPlugin returns auth API server plugin that allows injecting handlers.

HaveHostKeys checks that host keys are in place.

HostFQDN consits of host UUID and cluster name joined via .

Init instantiates and configures an instance of AuthServer.

LocalRegister is used to generate host keys when a node or proxy is running within the same process as the auth server.

NewAddrDialer returns new dialer from a list of addresses.

NewAPIServer returns a new instance of APIServer HTTP handler.

NewAuthorizer returns new authorizer using backends.

NewAuthServer creates and configures a new AuthServer instance.

NewAuthWithRoles creates new auth server with access control.

NewAuthClient returns a new instance of the client which talks to an Auth server API (aka "site API") via HTTP-over-SSH.

NewRoleAuthorizer authorizes everyone as predefined role, used in tests.

NewServerIdentity generates new server identity, used in tests.

NewTestAuthServer returns new instances of Auth server.

NewTestTLSServer returns new test TLS server that is started and is listening on 127.0.0.1 loopback on any available port.

NewTLSClient returns new client using TLS mutual authentication.

NewTLSClientWithDialer returns new TLS client that uses mutual TLS authenticate and dials the remote server using dialer.

NewTLSServer returns new unstarted TLS server.

NewTunClient returns an instance of new HTTP client to Auth server API exposed over SSH tunnel, so client uses SSH credentials to dial and authenticate - purpose is mostly for debuggin, like "web client" or "reverse tunnel client" - authServers: list of auth servers in this cluster (they are supposed to be in sync) - authMethods: how to authenticate (via cert, web passwowrd, etc) - opts : functional arguments for further extending.

NewTunnel creates a new SSH tunnel server which is not started yet.

NewUserAuthorizer authorizes everyone as predefined local user.

NewWebPasswordU2FSignAuth is for getting a U2F sign challenge.

NewWebU2FSignResponseAuth is for signing in with a U2F sign response.

ReadIdentity reads, parses and returns the given pub/pri key + cert from the key storage (dataDir).

ReadIdentityFromKeyPair reads TLS identity from key pair.

ReadSSHIdentityFromKeyPair reads identity from initialized keypair.

ReadTLSIdentityFromKeyPair reads TLS identity from key pair.

Register is used to generate host keys when a node or proxy are running on different hosts than the auth server.

ReRegister renews the certificates and private keys based on the existing identity ID.

SetLimiter sets rate and connection limiter for auth tunnel server.

SetPlugin sets plugin for the auth API server.

TestAdmin returns TestIdentity for admin user.

TestBuiltin returns TestIdentity for builtin user.

TestNop returns "Nop" - unauthenticated identity.

TestUser returns TestIdentity for local user.

TunClientStorage allows tun client to set local presence service that it will use to sync up the latest information about auth servers.

TunDisableRefresh will disable refreshing the list of auth servers.

WriteIdentity writes identity keypair to disk.

BearerTokenTTL specifies standard bearer token to exist before it has to be renewed by the client.

ContextUser is a user set in the context of the request.

CurrentVersion is a current API version.

DialerPeriodBetweenAttempts is the period between retry attempts.

DialerRetryAttempts is the amount of attempts for dialer to try and connect to the remote destination.

GithubAPIURL is the Github base API URL.

GithubAuthURL is the Github authorization endpoint.

GithubTokenURL is the Github token exchange endpoint.

MissingNamespaceError is a _very_ common error this file generatets.

TokenLenBytes is len in bytes of the invite token.

GithubScopes is a list of scopes requested during OAuth2 flow.

APIServer implements http API server for AuthServer interface.

AuthzContext is authorization context.

AuthenticateSSHRequest is a request to authenticate SSH client user via CLI.

AuthenticateUserRequest is a request to authenticate interactive user.

AuthMiddleware is authentication middleware checking every request.

AuthServer keeps the cluster together.

DELETE IN: 2.6.0 AuthTunnel is deprecated in 2.5.0 and is replaced by TLS auth server AuthTunnel listens on TCP/IP socket and accepts SSH connections.

BuiltinRole is the role of the Teleport service.

Client is HTTP Auth API client.

DELETE IN: 2.6.0 This method is used only for upgrades from 2.4.0 to 2.5.0 ExchangeCertsRequest is a request to exchange TLS certificates for clusters that already trust each other.

DELETE IN: 2.6.0 ExchangeCertsResponse is a resposne to exchange certificates request.

FakeSSHConnection implements net.Conn interface on top of the ssh.Cnahhel object.

GithubAuthResponse represents Github auth callback validation response.

Identity is collection of certificates and signers that represent server identity.

IdentityID is a combination of role, host UUID, and node name.

InitConfig is auth server init config.

LocalUsername is a local username.

OIDCAuthResponse is returned when auth server validated callback parameters returned from OIDC provider.

OTPCreds is a two factor authencication credentials.

PackedKeys is a collection of private key, SSH host certificate and TLS certificate and certificate authority issued the certificate.

PassCreds is a password credential.

RemoteBuiltinRole is the role of the remote (service connecting via trusted cluster link) Teleport service.

RemoteUser defines encoded remote user.

SAMLAuthResponse is returned when auth server validated callback parameters returned from SAML identity provider.

SessionCreds is a web session credentials.

SSHLoginResponse is a response returned by web proxy, it preserves backwards compatibility on the wire, which is the primary reason for non-matching json tags.

TestAuthServer is auth server using local filesystem backend and test certificate authority key generation that speeds up keygen by using the same private key.

TestAuthServerConfig is auth server test config.

TestIdentity is test identity spec used to generate identities in tests.

TestTLSServer is a test TLS server.

TestTLSServerConfig is a configuration for test TLS server.

TLSServer is TLS auth server.

TLSServerConfig is a configuration for TLS server.

TrustedCerts contains host certificates, it preserves backwards compatibility on the wire, which is the primary reason for non-matching json tags.

DELETE IN: 2.6.0 TunClient is deprecated in 2.5.0 and is replaced by TLS auth server TunClient is HTTP client that works over SSH tunnel This is done in order to authenticate various teleport roles using existing SSH certificate infrastructure.

U2FSignResponseCreds is a U2F signature sent by U2F device.

AccessPoint is an API interface implemented by a certificate authority (CA).

Authorizer authorizes identity and returns auth context.

ClientI is a client to Auth service.

IdentityService manages identities and users.

Plugin is auth API server extension setter.

ProvisioningService is a service in control of adding new nodes, auth servers and proxies to the cluster.

WebService implements features used by Web UI clients.

DELETE IN: 2.6.0 AccessPointDialer is no longer used for communication with auth server GetDialer returns dialer that will connect to auth server API AccessPointDialer dials to auth access point remote HTTP API.

AuthServerOption allows setting options as functional arguments to AuthServer.

DialContext is a function that dials to the specified address.

GetClusterConfigFunc returns a cached services.ClusterConfig.

HandlerWithAuthFunc is http handler with passed auth context.

ServerOption is the functional argument passed to the server.

TunClientOption is functional option for tunnel client.