github.com/gravitational/teleport/api@v0.0.0-20240507183017-3110591cbafc/client/webclient/webconfig.go (about) 1 /* 2 Copyright 2015-2022 Gravitational, Inc. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package webclient 18 19 import ( 20 "github.com/gravitational/teleport/api/constants" 21 "github.com/gravitational/teleport/api/utils/keys" 22 ) 23 24 const ( 25 // WebConfigAuthProviderOIDCType is OIDC provider type 26 WebConfigAuthProviderOIDCType = "oidc" 27 // WebConfigAuthProviderOIDCURL is OIDC webapi endpoint. 28 // redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation. 29 WebConfigAuthProviderOIDCURL = "/v1/webapi/oidc/login/web?connector_id=:providerName&redirect_url=:redirect" 30 31 // WebConfigAuthProviderSAMLType is SAML provider type 32 WebConfigAuthProviderSAMLType = "saml" 33 // WebConfigAuthProviderSAMLURL is SAML webapi endpoint. 34 // redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation. 35 WebConfigAuthProviderSAMLURL = "/v1/webapi/saml/sso?connector_id=:providerName&redirect_url=:redirect" 36 37 // WebConfigAuthProviderGitHubType is GitHub provider type 38 WebConfigAuthProviderGitHubType = "github" 39 // WebConfigAuthProviderGitHubURL is GitHub webapi endpoint 40 // redirect_url MUST be the last query param, see the comment in parseSSORequestParams for an explanation. 41 WebConfigAuthProviderGitHubURL = "/v1/webapi/github/login/web?connector_id=:providerName&redirect_url=:redirect" 42 ) 43 44 // WebConfig is web application configuration served by the backend to be used in frontend apps. 45 type WebConfig struct { 46 // Auth contains Teleport auth. preferences 47 Auth WebConfigAuthSettings `json:"auth,omitempty"` 48 // CanJoinSessions disables joining sessions 49 CanJoinSessions bool `json:"canJoinSessions"` 50 // ProxyClusterName is the name of the local cluster 51 ProxyClusterName string `json:"proxyCluster,omitempty"` 52 // IsCloud is a flag that determines if cloud features are enabled. 53 IsCloud bool `json:"isCloud,omitempty"` 54 // TunnelPublicAddress is the public ssh tunnel address 55 TunnelPublicAddress string `json:"tunnelPublicAddress,omitempty"` 56 // RecoveryCodesEnabled is a flag that determines if recovery codes are enabled in the cluster. 57 RecoveryCodesEnabled bool `json:"recoveryCodesEnabled,omitempty"` 58 // UIConfig is the configuration for the web UI 59 UI UIConfig `json:"ui,omitempty"` 60 // IsDashboard is a flag that determines if the cluster is running as a "dashboard". 61 // The web UI for dashboards provides functionality for downloading self-hosted licenses and 62 // Teleport Enterprise binaries. 63 IsDashboard bool `json:"isDashboard,omitempty"` 64 // IsUsageBasedBilling determines if the cloud user subscription is usage-based (pay-as-you-go). 65 IsUsageBasedBilling bool `json:"isUsageBasedBilling,omitempty"` 66 // AutomaticUpgrades describes whether agents should automatically upgrade. 67 AutomaticUpgrades bool `json:"automaticUpgrades"` 68 // AutomaticUpgradesTargetVersion is the agents version (eg kube agent helm chart) that should be installed. 69 // Eg, v13.4.3 70 // Only present when AutomaticUpgrades are enabled. 71 AutomaticUpgradesTargetVersion string `json:"automaticUpgradesTargetVersion,omitempty"` 72 // AssistEnabled is true when Teleport Assist is enabled. 73 AssistEnabled bool `json:"assistEnabled"` 74 // HideInaccessibleFeatures is true when features should be undiscoverable to users without the necessary permissions. 75 // Usually, in order to encourage discoverability of features, we show UI elements even if the user doesn't have permission to access them, 76 // this flag disables that behavior. 77 HideInaccessibleFeatures bool `json:"hideInaccessibleFeatures"` 78 // CustomTheme is a string that represents the name of the custom theme that the WebUI should use. 79 CustomTheme string `json:"customTheme"` 80 // Deprecated: IsTeam is true if [Features.ProductType] = Team 81 // Prefer checking the cluster features over this flag, as this will be removed. 82 IsTeam bool `json:"isTeam"` 83 // IsIGSEnabled is true if [Features.IdentityGovernance] = true 84 IsIGSEnabled bool `json:"isIgsEnabled"` 85 // featureLimits define limits for features. 86 // Typically used with feature teasers if feature is not enabled for the 87 // product type eg: Team product contains teasers to upgrade to Enterprise. 88 FeatureLimits FeatureLimits `json:"featureLimits"` 89 // Questionnaire indicates whether cluster users should get an onboarding questionnaire 90 Questionnaire bool `json:"questionnaire"` 91 // IsStripeManaged indicates if the cluster billing & lifecycle is managed via Stripe 92 IsStripeManaged bool `json:"isStripeManaged"` 93 // ExternalAuditStorage indicates whether the EAS feature is enabled in the cluster. 94 ExternalAuditStorage bool `json:"externalAuditStorage"` 95 // PremiumSupport indicates whether the customer has premium support 96 PremiumSupport bool `json:"premiumSupport"` 97 // JoinActiveSessions indicates whether joining active sessions via web UI is enabled 98 JoinActiveSessions bool `json:"joinActiveSessions"` 99 // AccessRequests indicates whether access requests are enabled 100 AccessRequests bool `json:"accessRequests"` 101 // TrustedDevices indicates whether trusted devices page is enabled 102 TrustedDevices bool `json:"trustedDevices"` 103 // OIDC indicates whether the OIDC integration flow is enabled 104 OIDC bool `json:"oidc"` 105 // SAML indicates whether the SAML integration flow is enabled 106 SAML bool `json:"saml"` 107 // MobileDeviceManagement indicates whether adding Jamf plugin is enabled 108 MobileDeviceManagement bool `json:"mobileDeviceManagement"` 109 } 110 111 // featureLimits define limits for features. 112 // Typically used with feature teasers if feature is not enabled for the 113 // product type eg: Team product contains teasers to upgrade to Enterprise. 114 type FeatureLimits struct { 115 // Limit for the number of access list creatable when feature is 116 // not enabled. 117 AccessListCreateLimit int `json:"accessListCreateLimit"` 118 // Defines the max number of days to include in an access report if 119 // feature is not enabled. 120 AccessMonitoringMaxReportRangeLimit int `json:"accessMonitoringMaxReportRangeLimit"` 121 // AccessRequestMonthlyRequestLimit is the usage-based limit for the number of 122 // access requests created in a calendar month. 123 AccessRequestMonthlyRequestLimit int `json:"AccessRequestMonthlyRequestLimit"` 124 } 125 126 // UIConfig provides config options for the web UI served by the proxy service. 127 type UIConfig struct { 128 // ScrollbackLines is the max number of lines the UI terminal can display in its history 129 ScrollbackLines int `json:"scrollbackLines,omitempty"` 130 // ShowResources determines which resources are shown in the web UI. Default if unset is "requestable" 131 // which means resources the user has access to and resources they can request will be shown in the 132 // resources UI. If set to `accessible_only`, only resources the user already has access to will be shown. 133 ShowResources constants.ShowResources `json:"showResources,omitempty"` 134 } 135 136 // WebConfigAuthProvider describes auth. provider 137 type WebConfigAuthProvider struct { 138 // Name is this provider ID 139 Name string `json:"name,omitempty"` 140 // DisplayName is this provider display name 141 DisplayName string `json:"displayName,omitempty"` 142 // Type is this provider type 143 Type string `json:"type,omitempty"` 144 // WebAPIURL is this provider webapi URL 145 WebAPIURL string `json:"url,omitempty"` 146 } 147 148 // WebConfigAuthSettings describes auth configuration 149 type WebConfigAuthSettings struct { 150 // SecondFactor is the type of second factor to use in authentication. 151 SecondFactor constants.SecondFactorType `json:"second_factor,omitempty"` 152 // Providers contains a list of configured auth providers 153 Providers []WebConfigAuthProvider `json:"providers,omitempty"` 154 // LocalAuthEnabled is a flag that enables local authentication 155 LocalAuthEnabled bool `json:"localAuthEnabled"` 156 // AllowPasswordless is true if passwordless logins are allowed. 157 AllowPasswordless bool `json:"allowPasswordless,omitempty"` 158 // AuthType is the authentication type. 159 AuthType string `json:"authType"` 160 // PreferredLocalMFA is a server-side hint for clients to pick an MFA method 161 // when various options are available. 162 // It is empty if there is nothing to suggest. 163 PreferredLocalMFA constants.SecondFactorType `json:"preferredLocalMfa,omitempty"` 164 // LocalConnectorName is the name of the local connector. 165 LocalConnectorName string `json:"localConnectorName,omitempty"` 166 // PrivateKeyPolicy is the configured private key policy for the cluster. 167 PrivateKeyPolicy keys.PrivateKeyPolicy `json:"privateKeyPolicy,omitempty"` 168 // MOTD is message of the day. MOTD is displayed to users before login. 169 MOTD string `json:"motd"` 170 }