-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
webconfig.go
112 lines (100 loc) · 5.31 KB
/
webconfig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/*
Copyright 2015-2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package webclient
import (
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/utils/keys"
)
const (
// WebConfigAuthProviderOIDCType is OIDC provider type
WebConfigAuthProviderOIDCType = "oidc"
// WebConfigAuthProviderOIDCURL is OIDC webapi endpoint.
// redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation.
WebConfigAuthProviderOIDCURL = "/v1/webapi/oidc/login/web?connector_id=:providerName&redirect_url=:redirect"
// WebConfigAuthProviderSAMLType is SAML provider type
WebConfigAuthProviderSAMLType = "saml"
// WebConfigAuthProviderSAMLURL is SAML webapi endpoint.
// redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation.
WebConfigAuthProviderSAMLURL = "/v1/webapi/saml/sso?connector_id=:providerName&redirect_url=:redirect"
// WebConfigAuthProviderGitHubType is GitHub provider type
WebConfigAuthProviderGitHubType = "github"
// WebConfigAuthProviderGitHubURL is GitHub webapi endpoint
// redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation.
WebConfigAuthProviderGitHubURL = "/v1/webapi/github/login/web?connector_id=:providerName&redirect_url=:redirect"
)
// WebConfig is web application configuration served by the backend to be used in frontend apps.
type WebConfig struct {
// Auth contains Teleport auth. preferences
Auth WebConfigAuthSettings `json:"auth,omitempty"`
// CanJoinSessions disables joining sessions
CanJoinSessions bool `json:"canJoinSessions"`
// ProxyClusterName is the name of the local cluster
ProxyClusterName string `json:"proxyCluster,omitempty"`
// IsCloud is a flag that determines if cloud features are enabled.
IsCloud bool `json:"isCloud,omitempty"`
// TunnelPublicAddress is the public ssh tunnel address
TunnelPublicAddress string `json:"tunnelPublicAddress,omitempty"`
// RecoveryCodesEnabled is a flag that determines if recovery codes are enabled in the cluster.
RecoveryCodesEnabled bool `json:"recoveryCodesEnabled,omitempty"`
// UIConfig is the configuration for the web UI
UI UIConfig `json:"ui,omitempty"`
// IsDashboard is a flag that determines if the cluster is running as a "dashboard".
// The web UI for dashboards provides functionality for downloading self-hosted licenses and
// Teleport Enterprise binaries.
IsDashboard bool `json:"isDashboard,omitempty"`
// IsUsageBasedBilling determines if the cloud user subscription is usage-based (pay-as-you-go).
IsUsageBasedBilling bool `json:"isUsageBasedBilling,omitempty"`
// AutomaticUpgrades describes whether agents should automatically upgrade.
AutomaticUpgrades bool `json:"automaticUpgrades"`
// AssistEnabled is true when Teleport Assist is enabled.
AssistEnabled bool `json:"assistEnabled"`
}
// UIConfig provides config options for the web UI served by the proxy service.
type UIConfig struct {
// ScrollbackLines is the max number of lines the UI terminal can display in its history
ScrollbackLines int `json:"scrollbackLines,omitempty"` //nolint:unused // marshaled in config/configuration.go for WebConfig
}
// WebConfigAuthProvider describes auth. provider
type WebConfigAuthProvider struct {
// Name is this provider ID
Name string `json:"name,omitempty"`
// DisplayName is this provider display name
DisplayName string `json:"displayName,omitempty"`
// Type is this provider type
Type string `json:"type,omitempty"`
// WebAPIURL is this provider webapi URL
WebAPIURL string `json:"url,omitempty"`
}
// WebConfigAuthSettings describes auth configuration
type WebConfigAuthSettings struct {
// SecondFactor is the type of second factor to use in authentication.
SecondFactor constants.SecondFactorType `json:"second_factor,omitempty"`
// Providers contains a list of configured auth providers
Providers []WebConfigAuthProvider `json:"providers,omitempty"`
// LocalAuthEnabled is a flag that enables local authentication
LocalAuthEnabled bool `json:"localAuthEnabled"`
// AllowPasswordless is true if passwordless logins are allowed.
AllowPasswordless bool `json:"allowPasswordless,omitempty"`
// AuthType is the authentication type.
AuthType string `json:"authType"`
// PreferredLocalMFA is a server-side hint for clients to pick an MFA method
// when various options are available.
// It is empty if there is nothing to suggest.
PreferredLocalMFA constants.SecondFactorType `json:"preferredLocalMfa,omitempty"`
// LocalConnectorName is the name of the local connector.
LocalConnectorName string `json:"localConnectorName,omitempty"`
// PrivateKeyPolicy is the configured private key policy for the cluster.
PrivateKeyPolicy keys.PrivateKeyPolicy `json:"privateKeyPolicy,omitempty"`
// MOTD is message of the day. MOTD is displayed to users before login.
MOTD string `json:"motd"`
}