FromWatchKind converts the watch kind value between internal and the protobuf format.

ToWatchKind converts the watch kind value between the protobuf and the internal format.

TCTL is set when request was sent by tctl tool.

UNSPECIFIED is set when the requester in unknown.

TOTP is a Time-based One-Time Password device.

Webauthn is a device compatible with the Web Authentication specification, registered via Webauthn APIs.

Device intended for MFA use, but not for passwordless.

Device intended for both MFA and passwordless.

DELETE identifies deleted object.

INIT is sent as a first sentinel event on the watch channel.

PUT identifies created or updated object.

All means a request for both SSH and TLS certificates for the overall user session.

App means a request for a TLS certificate for access to a specific web app, as specified by RouteToApp.

Database means a request for a TLS certificate for access to a specific database, as specified by RouteToDatabase.

Kubernetes means a request for a TLS certificate for access to a specific Kubernetes cluster, as specified by KubernetesCluster.

SSH means a request for an SSH certificate for access to a specific SSH node, as specified by NodeName.

WindowsDesktop means a request for a TLS certificate for access to a specific windows desktop.

AccessRequests is a collection of AccessRequest values.

AddMFADeviceRequest is a message sent by the client during AddMFADevice RPC.

AddMFADeviceRequestInit describes the new MFA device.

AddMFADeviceResponse is a message sent by the server during AddMFADevice RPC.

AddMFADeviceResponseAck is a confirmation of successful device registration.

AddMFADeviceSyncRequest is a request to add a MFA device (nonstream).

AddMFADeviceSyncResponse is a response to AddMFADeviceSyncRequest.

AppendDiagnosticTraceRequest is a request to append a trace into a DiagnosticConnection.

AuditStreamRequest contains stream request - event or stream control request.

AuditStreamStatus returns audit stream status with corresponding upload ID.

CertAuthorityRequest is a request that identifies a Teleport CA.

Set of certificates corresponding to a single public key.

ChangeUserAuthenticationRequest defines a request to change a password and if enabled also adds a new MFA device from a user reset or from a new user invite.

ChangeUserAuthenticationResponse is a response for ChangeUserAuthentication.

CompleteAccountRecoveryRequest is a request to set either a new password or add a new mfa device, allowing the user to regain access to their account with the new credentials.

CompleteStream completes the stream and uploads it to the session server.

ConnectionEstablished signals to the client a connection to the node has been established.

ContextUser marks requests that rely in the currently authenticated user.

CreateAccountRecoveryCodesRequest is a request to create new set of recovery codes for a user, replacing and invalidating any previously existing codes.

CreateAppSessionRequest contains the parameters to request a application web session.

CreateAppSessionResponse contains the requested application web session.

CreateAuthenticateChallengeRequest is a request for creating MFA authentication challenges for a users mfa devices.

CreateBotRequest is used to create a bot User and associated resources.

CreateBotResponse returns details for bootstrapping a new bot.

CreatePrivilegeTokenRequest defines a request to obtain a privilege token.

CreateRegisterChallengeRequest is a request for creating MFA register challenge for a new MFA device.

CreateResetPasswordTokenRequest is a request to create a reset password token.

CreateSessionTrackerRequest is a request to create a new session.

CreateSnowflakeSessionRequest contains data required to create Snowflake web session.

CreateSnowflakeSessionResponse contains Snowflake WebSession.

CreateStream creates stream for a new session ID.

CRL is the X.509 Certificate Revocation List.

Data contains the raw bytes of a connection.

DatabaseCertRequest is a request to generate a client certificate used by a database service to authenticate with a database instance.

DatabaseCertResponse contains the signed certificate.

DatabaseCSRRequest is a request to generate a client certificate used by the proxy to authenticate with a remote database service.

DatabaseCSRResponse contains the signed database certificate.

DeleteAllApplicationServersRequest are the parameters used to remove all applications.

DeleteAllDatabaseServersRequest is a request to delete all database servers.

DeleteAllKubernetesServersRequest are the parameters used to remove all kubernetes servers.

DeleteAllKubeServicesRequest are the parameters used to remove all kubernetes services.

DeleteApplicationServerRequest is a request to delete an app server.

DeleteAppSessionRequest contains the parameters used to remove an application web session.

DeleteBotRequest is a request to delete a bot user.

DeleteDatabaseServerRequest is a request to delete a database server.

DeleteKubernetesServerRequest are the parameters used to remove a kubernetes server.

DeleteKubeServiceRequest are the parameters used to remove a kubernetes service.

DeleteMFADeviceRequest is a message sent by the client during DeleteMFADevice RPC.

DeleteMFADeviceRequestInit describes the device to be deleted.

DeleteMFADeviceResponseAck is a confirmation of successful device deletion.

DeleteMFADeviceSyncRequest is a request to delete a MFA device (nonstream).

DeleteRoleRequest is a request to delete a role.

DeleteSnowflakeSessionRequest contains the parameters used to remove a Snowflake web session.

DeleteUserAppSessionsRequest contains the parameters used to remove the user's application web sessions.

DeleteUserRequest is the input value for the DeleteUser method.

DeleteWindowsDesktopRequest is a request to delete a Windows desktop host.

DeleteWindowsDesktopServiceRequest is a request to delete a Windows desktop service.

DialRequest contains details for connecting to a node.

DownstreamInventoryHello is the hello message sent down the inventory control stream.

DownstreamInventoryOneOf is the downstream message for the inventory control stream, sent from auth servers to teleport instances.

DownstreamInventoryPing is sent down the inventory control stream for testing/debug purposes.

Event returns cluster event.

Features are auth server features.

FlushAndCloseStream flushes the stream data and closes the stream.

Frame wraps different message types to be sent over a stream.

GenerateAppTokenRequest are the parameters used to request an application token.

GenerateAppTokenResponse contains a signed application token.

GenerateTokenRequest is a request to generate auth token.

GenerateTokenResponse contains a generated auth token.

GetAccountRecoveryCodesRequest is a request to return the user in context their recovery codes.

GetAccountRecoveryTokenRequest is a request to return a user token resource after verifying that the token in the request is not expired and is of the recovery kind.

GetAppSessionRequest are the parameters used to request an application web session.

GetAppSessionResponse contains the requested application web session.

GetAppSessionsResponse contains all the requested application web sessions.

GetBotUsersRequest specifies parameters for the GetUsers method.

GetClusterAlertsResponse contains the result of a cluster alerts query.

GetClusterCACertResponse is a response from GetClusterCACert.

GetConnectionDiagnosticRequest is a request to return a connection diagnostic.

GetDomainNameResponse is a response from GetDomainName.

GetGithubAuthRequestRequest is a request for GetGithubAuthRequest.

GetMFADeviceRequest is a request for MFA devices for the calling user.

GetMFADeviceResponse is a response for GetMFADevices RPC.

GetOIDCAuthRequestRequest is a request for GetOIDCAuthRequest.

GetResetPasswordTokenRequest is a request to get a reset password token.

GetRoleRequest is a request to query a role.

GetRolesResponse is a response to querying for all roles.

GetSAMLAuthRequestRequest is a request for GetSAMLAuthRequest.

GetSessionTrackerRequest is a request to fetch a session resource.

GetSnowflakeSessionRequest are the parameters used to request an Snowflake web session.

GetSnowflakeSessionResponse contains the requested Snowflake web session.

GetSnowflakeSessionsResponse contains all the requested Snowflake web sessions.

GetSSODiagnosticInfoRequest is a request for GetSSODiagnosticInfo.

GetUserRequest specifies parameters for the GetUser method.

GetUsersRequest specifies parameters for the GetUsers method.

GetWebSessionResponse contains the requested web session.

GetWebSessionsResponse contains all the requested web sessions.

GetWebTokenResponse contains the requested web token.

GetWebTokensResponse contains all the requested web tokens.

GetWindowsDesktopServiceRequest is a request for a specific Windows Desktop Service.

GetWindowsDesktopServiceResponse contains the requested WindowsDesktopService.

GetWindowsDesktopServicesResponse contains all registered Windows desktop services.

GetWindowsDesktopsResponse contains all registered Windows desktop hosts.

HostCertsRequest specifies certificate-generation parameters for a server.

InventoryHeartbeat announces information about instance state.

InventoryPingRequest is used to request that the specified server be sent an inventory ping if it has a control stream registered.

InventoryPingResponse returns the result of an inventory ping initiated via an inventory ping request.

InventoryStatusRequest requests inventory status info.

InventoryStatusSummary is the status summary returned by the GetInventoryStatus rpc.

IsMFARequiredRequest is a request to check whether MFA is required to access the Target.

IsMFARequiredResponse is a response for MFA requirement check.

ListResourcesRequest defines a request to retrieve resources paginated.

ListResourceResponse response of ListResources.

MFAAuthenticateChallenge is a challenge for all MFA devices registered for a user.

MFAAuthenticateResponse is a response to MFAAuthenticateChallenge using one of the MFA devices registered for a user.

MFARegisterChallenge is a challenge for registering a new MFA device.

MFARegisterResponse is a response to MFARegisterChallenge.

Addr is a network address.

NodeLogin specifies an SSH node and OS login.

PaginatedResource represents one of the supported resources.

Passwordless marks requests for passwordless challenges.

PingRequest is the input value for the Ping method.

PingResponse contains data about the teleport auth server.

PluginDataSeq is a sequence of plugin data.

PresenceMFAChallengeRequest is a request for a presence MFA challenge.

PresenceMFAChallengeSend is a presence challenge request or response.

RecoveryCodes describes account recovery fields.

TODO(nklaassen): Document me.

RegisterUsingIAMMethodResponse is a stream response and will contain either a Challenge or signed Certs to join the cluster.

RemoveSessionTrackerRequest is a request to remove a session.

RenewableCertsRequest is a request to generate a first set of renewable certificates from a bot join token.

RequestID is the unique identifier of an access request.

RequestStateSetter encodes the parameters necessary to update the state of a privilege escalation request.

ResumeStream resumes stream that was previously created.

RouteToApp contains parameters for application access certificate requests.

RouteToDatabase combines parameters for database service routing information.

RouteToWindowsDesktop combines parameters for windows desktop routing information.

Semaphores is a sequence of Semaphore resources.

SessionTrackerUpdateExpiry is used to update the session tracker expiration time.

SingleUseUserCert is a single-use user certificate, either SSH or TLS.

SnowflakeJWTRequest contains data required to generate Snowflake JWT used for authorization.

SnowflakeJWTResponse contains signed JWT that can be used for Snowflake authentication.

StartAccountRecoveryRequest defines a request to create a recovery start token for a user who is allowed to recover their account.

StreamSessionEventsRequest is a request containing needed data to fetch a session recording.

SubmitUsageEventRequest is used to submit an external usage event.

TOTPChallenge is a challenge for all TOTP devices registered for a user.

TOTPRegisterChallenge is a challenge for registering a new TOTP device.

TOTPRegisterResponse is a response to TOTPRegisterChallenge.

TOTPResponse is a response to TOTPChallenge.

UnimplementedAuthServiceServer can be embedded to have forward compatible implementations.

UnimplementedJoinServiceServer can be embedded to have forward compatible implementations.

UnimplementedProxyServiceServer can be embedded to have forward compatible implementations.

UnstableSystemRoleAssertion is not a stable part of the public API.

UnstableSystemRoleAssertionSet is not a stable part of the public API.

UpdateSessionTrackerRequest is a request to update some state of a session.

UpsertApplicationServerRequest upserts an app server.

UpsertClusterAlertRequest is used to create a cluster alert.

UpsertDatabaseServerRequest is a request to register database server.

UpsertKubernetesServerRequest are the parameters used to add or update a kubernetes server.

UpsertKubeServiceRequest are the parameters used to add or update a kubernetes service.

UpstreamInventoryHello is the hello message sent up the inventory control stream.

UpstreamInventoryOneOf is the upstream message for the inventory control stream, sent from teleport instances to the auth server.

UpstreamInventoryPong is sent up the inventory control stream in response to a downstream ping (used for testing/debug purposes).

UserCertRequest specifies certificate-generation parameters for a user.

UserCredentials describes fields for a user's username and password.

UserSingleUseCertsRequest is a request for a single-use user certificate.

UserSingleUseCertsResponse is a response with a single-use user certificate.

VerifyAccountRecoveryRequest is a request to create a recovery approved token that allows users to perform protected actions while not logged in.

Watch specifies watch parameters.

WatchKind specifies resource kind to watch.

WindowsDesktopCertRequest is a request to generate a client certificate used for Windows RDP authentication.

WindowsDesktopCertResponse contains the signed Windows RDP certificate.

AuthServiceClient is the client API for AuthService service.

AuthServiceServer is the server API for AuthService service.

DownstreamInventoryMessage is a sealed interface representing the possible downstream messages of the inventory controls sream after initial hello.

JoinServiceClient is the client API for JoinService service.

JoinServiceServer is the server API for JoinService service.

ProxyServiceClient is the client API for ProxyService service.

ProxyServiceServer is the server API for ProxyService service.

UpstreamInventoryMessage is a sealed interface representing the possible upstream messages of the inventory control stream after the initial hello.

Requester is a name of service that sent the request.

DeviceType describes supported MFA device types.

Duration is a wrapper around duration.

Operation identifies type of operation.

Order specifies any ordering of some objects as returned in regards to some aspect of said objects which may be trivially ordered such as a timestamp.