Showing preview only (2,032K chars total). Download the full file or copy to clipboard to get everything.
Repository: warp-tech/warpgate
Branch: main
Commit: 3d077a3726b8
Files: 510
Total size: 1.9 MB
Directory structure:
gitextract_u506bnuo/
├── .all-contributorsrc
├── .bumpversion.cfg
├── .cargo/
│ └── config.toml
├── .dockerignore
├── .flake8
├── .github/
│ ├── FUNDING.yml
│ ├── dependabot.yml
│ └── workflows/
│ ├── build.yml
│ ├── check-schema-compatibility.yml
│ ├── codeql.yml
│ ├── dependency-review.yml
│ ├── docker.yml
│ ├── reprotest.yml
│ ├── scorecard.yml
│ └── test.yml
├── .gitignore
├── .well-known/
│ └── funding-manifest-urls
├── Cargo.toml
├── Cranky.toml
├── Cross.toml
├── LICENSE
├── README.md
├── SECURITY.md
├── clippy.toml
├── config-schema.json
├── deny.toml
├── docker/
│ ├── Dockerfile
│ └── docker-compose.yml
├── helm/
│ └── warpgate/
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── templates/
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── configmap.yaml
│ │ ├── deployment.yaml
│ │ ├── httproute.yaml
│ │ ├── ingress.yaml
│ │ ├── pvc.yaml
│ │ ├── service.yaml
│ │ └── setup-job.yaml
│ └── values.yaml
├── justfile
├── rust-toolchain
├── rustfmt.toml
├── sonar-project.properties
├── tests/
│ ├── .gitignore
│ ├── Makefile
│ ├── __init__.py
│ ├── api_client.py
│ ├── certs/
│ │ ├── tls.certificate.pem
│ │ └── tls.key.pem
│ ├── conftest.py
│ ├── images/
│ │ ├── mysql-server/
│ │ │ ├── Dockerfile
│ │ │ └── init.sql
│ │ ├── postgres-server/
│ │ │ ├── Dockerfile
│ │ │ └── init.sql
│ │ └── ssh-server/
│ │ └── Dockerfile
│ ├── oidc-mock/
│ │ ├── clients-config.json
│ │ └── docker-compose.yml
│ ├── pyproject.toml
│ ├── run.sh
│ ├── ssh-keys/
│ │ ├── id_ed25519
│ │ ├── id_ed25519.pub
│ │ ├── id_rsa
│ │ ├── id_rsa.pub
│ │ └── wg/
│ │ ├── client-ed25519
│ │ ├── client-ed25519.pub
│ │ ├── client-rsa
│ │ ├── client-rsa.pub
│ │ ├── host-ed25519
│ │ ├── host-ed25519.pub
│ │ └── host-rsa
│ ├── test_api_auth.py
│ ├── test_http_basic.py
│ ├── test_http_common.py
│ ├── test_http_proto.py
│ ├── test_http_redirects.py
│ ├── test_http_user_auth_logout.py
│ ├── test_http_user_auth_oidc.py
│ ├── test_http_user_auth_otp.py
│ ├── test_http_user_auth_password.py
│ ├── test_http_user_auth_ticket.py
│ ├── test_http_websocket.py
│ ├── test_json_logs.py
│ ├── test_kubernetes_integration.py
│ ├── test_mysql_user_auth_password.py
│ ├── test_postgres_user_auth_in_browser.py
│ ├── test_postgres_user_auth_password.py
│ ├── test_ssh_client_auth_config.py
│ ├── test_ssh_proto.py
│ ├── test_ssh_target_selection.py
│ ├── test_ssh_user_auth_in_browser.py
│ ├── test_ssh_user_auth_otp.py
│ ├── test_ssh_user_auth_password.py
│ ├── test_ssh_user_auth_pubkey.py
│ ├── test_ssh_user_auth_ticket.py
│ └── util.py
├── warpgate/
│ ├── .gitignore
│ ├── Cargo.toml
│ └── src/
│ ├── commands/
│ │ ├── check.rs
│ │ ├── client_keys.rs
│ │ ├── common.rs
│ │ ├── create_user.rs
│ │ ├── healthcheck.rs
│ │ ├── mod.rs
│ │ ├── recover_access.rs
│ │ ├── run.rs
│ │ └── setup.rs
│ ├── config.rs
│ ├── logging.rs
│ └── main.rs
├── warpgate-admin/
│ ├── Cargo.toml
│ └── src/
│ ├── api/
│ │ ├── admin_roles.rs
│ │ ├── certificate_credentials.rs
│ │ ├── common.rs
│ │ ├── known_hosts_detail.rs
│ │ ├── known_hosts_list.rs
│ │ ├── ldap_servers.rs
│ │ ├── logs.rs
│ │ ├── mod.rs
│ │ ├── otp_credentials.rs
│ │ ├── pagination.rs
│ │ ├── parameters.rs
│ │ ├── password_credentials.rs
│ │ ├── public_key_credentials.rs
│ │ ├── recordings_detail.rs
│ │ ├── roles.rs
│ │ ├── sessions_detail.rs
│ │ ├── sessions_list.rs
│ │ ├── ssh_connection_test.rs
│ │ ├── ssh_keys.rs
│ │ ├── sso_credentials.rs
│ │ ├── target_groups.rs
│ │ ├── targets.rs
│ │ ├── tickets_detail.rs
│ │ ├── tickets_list.rs
│ │ └── users.rs
│ ├── lib.rs
│ └── main.rs
├── warpgate-ca/
│ ├── Cargo.toml
│ └── src/
│ ├── error.rs
│ └── lib.rs
├── warpgate-common/
│ ├── Cargo.toml
│ └── src/
│ ├── api.rs
│ ├── auth/
│ │ ├── cred.rs
│ │ ├── mod.rs
│ │ ├── policy.rs
│ │ ├── selector.rs
│ │ └── state.rs
│ ├── config/
│ │ ├── defaults.rs
│ │ ├── mod.rs
│ │ └── target.rs
│ ├── config_schema.rs
│ ├── consts.rs
│ ├── error.rs
│ ├── eventhub.rs
│ ├── helpers/
│ │ ├── fs.rs
│ │ ├── hash.rs
│ │ ├── locks.rs
│ │ ├── mod.rs
│ │ ├── otp.rs
│ │ ├── rng.rs
│ │ ├── serde_base64.rs
│ │ ├── serde_base64_secret.rs
│ │ └── websocket.rs
│ ├── http_headers.rs
│ ├── lib.rs
│ ├── state.rs
│ ├── try_macro.rs
│ ├── types/
│ │ ├── aliases.rs
│ │ ├── listen_endpoint.rs
│ │ ├── mod.rs
│ │ └── secret.rs
│ └── version.rs
├── warpgate-common-http/
│ ├── Cargo.toml
│ └── src/
│ ├── auth.rs
│ ├── lib.rs
│ └── logging.rs
├── warpgate-core/
│ ├── Cargo.toml
│ └── src/
│ ├── auth_state_store.rs
│ ├── config_providers/
│ │ ├── db.rs
│ │ └── mod.rs
│ ├── consts.rs
│ ├── data.rs
│ ├── db/
│ │ └── mod.rs
│ ├── lib.rs
│ ├── logging/
│ │ ├── database.rs
│ │ ├── json_console.rs
│ │ ├── layer.rs
│ │ ├── mod.rs
│ │ ├── socket.rs
│ │ └── values.rs
│ ├── protocols/
│ │ ├── handle.rs
│ │ └── mod.rs
│ ├── rate_limiting/
│ │ ├── limiter.rs
│ │ ├── mod.rs
│ │ ├── registry.rs
│ │ ├── shared_limiter.rs
│ │ ├── stack.rs
│ │ ├── stream.rs
│ │ └── swappable_cell.rs
│ ├── recordings/
│ │ ├── mod.rs
│ │ ├── terminal.rs
│ │ ├── traffic.rs
│ │ └── writer.rs
│ ├── services.rs
│ └── state.rs
├── warpgate-database-protocols/
│ ├── Cargo.toml
│ ├── README.md
│ └── src/
│ ├── error.rs
│ ├── io/
│ │ ├── buf.rs
│ │ ├── buf_mut.rs
│ │ ├── buf_stream.rs
│ │ ├── decode.rs
│ │ ├── encode.rs
│ │ ├── mod.rs
│ │ └── write_and_flush.rs
│ ├── lib.rs
│ └── mysql/
│ ├── collation.rs
│ ├── io/
│ │ ├── buf.rs
│ │ ├── buf_mut.rs
│ │ └── mod.rs
│ ├── mod.rs
│ └── protocol/
│ ├── auth.rs
│ ├── capabilities.rs
│ ├── connect/
│ │ ├── auth_switch.rs
│ │ ├── handshake.rs
│ │ ├── handshake_response.rs
│ │ ├── mod.rs
│ │ └── ssl_request.rs
│ ├── mod.rs
│ ├── packet.rs
│ ├── response/
│ │ ├── eof.rs
│ │ ├── err.rs
│ │ ├── mod.rs
│ │ ├── ok.rs
│ │ └── status.rs
│ ├── row.rs
│ └── text/
│ ├── column.rs
│ ├── mod.rs
│ ├── ping.rs
│ ├── query.rs
│ └── quit.rs
├── warpgate-db-entities/
│ ├── Cargo.toml
│ └── src/
│ ├── AdminRole.rs
│ ├── ApiToken.rs
│ ├── CertificateCredential.rs
│ ├── CertificateRevocation.rs
│ ├── KnownHost.rs
│ ├── LdapServer.rs
│ ├── LogEntry.rs
│ ├── OtpCredential.rs
│ ├── Parameters.rs
│ ├── PasswordCredential.rs
│ ├── PublicKeyCredential.rs
│ ├── Recording.rs
│ ├── Role.rs
│ ├── Session.rs
│ ├── SsoCredential.rs
│ ├── Target.rs
│ ├── TargetGroup.rs
│ ├── TargetRoleAssignment.rs
│ ├── Ticket.rs
│ ├── User.rs
│ ├── UserAdminRoleAssignment.rs
│ ├── UserRoleAssignment.rs
│ └── lib.rs
├── warpgate-db-migrations/
│ ├── Cargo.toml
│ ├── README.md
│ └── src/
│ ├── lib.rs
│ ├── m00001_create_ticket.rs
│ ├── m00002_create_session.rs
│ ├── m00003_create_recording.rs
│ ├── m00004_create_known_host.rs
│ ├── m00005_create_log_entry.rs
│ ├── m00006_add_session_protocol.rs
│ ├── m00007_targets_and_roles.rs
│ ├── m00008_users.rs
│ ├── m00009_credential_models.rs
│ ├── m00010_parameters.rs
│ ├── m00011_rsa_key_algos.rs
│ ├── m00012_add_openssh_public_key_label.rs
│ ├── m00013_add_openssh_public_key_dates.rs
│ ├── m00014_api_tokens.rs
│ ├── m00015_fix_public_key_dates.rs
│ ├── m00016_fix_public_key_length.rs
│ ├── m00017_descriptions.rs
│ ├── m00018_ticket_description.rs
│ ├── m00019_rate_limits.rs
│ ├── m00020_target_groups.rs
│ ├── m00021_ldap_server.rs
│ ├── m00022_user_ldap_link.rs
│ ├── m00023_ldap_username_attribute.rs
│ ├── m00024_ssh_key_attribute.rs
│ ├── m00025_ldap_uuid_attribute.rs
│ ├── m00026_ssh_client_auth.rs
│ ├── m00027_ca.rs
│ ├── m00028_certificate_credentials.rs
│ ├── m00029_certificate_revocation.rs
│ ├── m00030_add_recording_metadata.rs
│ ├── m00031_minimize_password_login.rs
│ ├── m00032_admin_roles.rs
│ └── main.rs
├── warpgate-ldap/
│ ├── Cargo.toml
│ └── src/
│ ├── connection.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── queries.rs
│ └── types.rs
├── warpgate-protocol-http/
│ ├── Cargo.toml
│ └── src/
│ ├── api/
│ │ ├── api_tokens.rs
│ │ ├── auth.rs
│ │ ├── common.rs
│ │ ├── credentials.rs
│ │ ├── info.rs
│ │ ├── mod.rs
│ │ ├── sso_provider_detail.rs
│ │ ├── sso_provider_list.rs
│ │ └── targets_list.rs
│ ├── catchall.rs
│ ├── common.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── main.rs
│ ├── middleware/
│ │ ├── cookie_host.rs
│ │ ├── mod.rs
│ │ └── ticket.rs
│ ├── proxy.rs
│ ├── session.rs
│ └── session_handle.rs
├── warpgate-protocol-kubernetes/
│ ├── Cargo.toml
│ └── src/
│ ├── correlator.rs
│ ├── lib.rs
│ ├── recording.rs
│ ├── server/
│ │ ├── auth.rs
│ │ ├── client_certs.rs
│ │ ├── handlers.rs
│ │ └── mod.rs
│ └── session_handle.rs
├── warpgate-protocol-mysql/
│ ├── Cargo.toml
│ └── src/
│ ├── client.rs
│ ├── common.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── session.rs
│ ├── session_handle.rs
│ └── stream.rs
├── warpgate-protocol-postgres/
│ ├── Cargo.toml
│ └── src/
│ ├── client.rs
│ ├── common.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── session.rs
│ ├── session_handle.rs
│ └── stream.rs
├── warpgate-protocol-ssh/
│ ├── Cargo.toml
│ └── src/
│ ├── client/
│ │ ├── channel_direct_tcpip.rs
│ │ ├── channel_session.rs
│ │ ├── error.rs
│ │ ├── handler.rs
│ │ └── mod.rs
│ ├── common.rs
│ ├── compat.rs
│ ├── keys.rs
│ ├── known_hosts.rs
│ ├── lib.rs
│ └── server/
│ ├── channel_writer.rs
│ ├── mod.rs
│ ├── russh_handler.rs
│ ├── service_output.rs
│ ├── session.rs
│ └── session_handle.rs
├── warpgate-sso/
│ ├── Cargo.toml
│ └── src/
│ ├── config.rs
│ ├── error.rs
│ ├── google_groups.rs
│ ├── lib.rs
│ ├── request.rs
│ ├── response.rs
│ └── sso.rs
├── warpgate-tls/
│ ├── Cargo.toml
│ └── src/
│ ├── cert.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── maybe_tls_stream.rs
│ ├── mode.rs
│ ├── rustls_helpers.rs
│ └── rustls_root_certs.rs
└── warpgate-web/
├── .editorconfig
├── .gitignore
├── Cargo.toml
├── eslint.config.mjs
├── openapitools.json
├── package.json
├── src/
│ ├── admin/
│ │ ├── App.svelte
│ │ ├── AuthPolicyEditor.svelte
│ │ ├── CertificateCredentialModal.svelte
│ │ ├── CreateOtpModal.svelte
│ │ ├── CreatePasswordModal.svelte
│ │ ├── CredentialEditor.svelte
│ │ ├── Home.svelte
│ │ ├── KubernetesRecording.svelte
│ │ ├── Log.svelte
│ │ ├── LogViewer.svelte
│ │ ├── PublicKeyCredentialModal.svelte
│ │ ├── Recording.svelte
│ │ ├── RelativeDate.svelte
│ │ ├── Session.svelte
│ │ ├── SsoCredentialModal.svelte
│ │ ├── TlsConfiguration.svelte
│ │ ├── config/
│ │ │ ├── AccessRole.svelte
│ │ │ ├── AccessRoles.svelte
│ │ │ ├── AdminRole.svelte
│ │ │ ├── AdminRolePermissionsBadge.svelte
│ │ │ ├── AdminRoles.svelte
│ │ │ ├── Config.svelte
│ │ │ ├── CreateAdminRole.svelte
│ │ │ ├── CreateRole.svelte
│ │ │ ├── CreateTicket.svelte
│ │ │ ├── CreateUser.svelte
│ │ │ ├── Parameters.svelte
│ │ │ ├── SSHKeys.svelte
│ │ │ ├── Tickets.svelte
│ │ │ ├── User.svelte
│ │ │ ├── Users.svelte
│ │ │ ├── ldap/
│ │ │ │ ├── CreateLdapServer.svelte
│ │ │ │ ├── LdapConnectionFields.svelte
│ │ │ │ ├── LdapServer.svelte
│ │ │ │ ├── LdapServers.svelte
│ │ │ │ ├── LdapUserBrowser.svelte
│ │ │ │ └── common.ts
│ │ │ ├── target-groups/
│ │ │ │ ├── CreateTargetGroup.svelte
│ │ │ │ ├── TargetGroup.svelte
│ │ │ │ ├── TargetGroups.svelte
│ │ │ │ └── common.ts
│ │ │ └── targets/
│ │ │ ├── ChooseTargetKind.svelte
│ │ │ ├── CreateTarget.svelte
│ │ │ ├── Target.svelte
│ │ │ ├── Targets.svelte
│ │ │ └── ssh/
│ │ │ ├── KeyChecker.svelte
│ │ │ ├── KeyCheckerResult.svelte
│ │ │ └── Options.svelte
│ │ ├── index.html
│ │ ├── index.ts
│ │ ├── lib/
│ │ │ ├── PermissionGate.svelte
│ │ │ ├── api.ts
│ │ │ ├── openapi-schema.json
│ │ │ ├── store.ts
│ │ │ └── time.ts
│ │ └── player/
│ │ └── TerminalRecordingPlayer.svelte
│ ├── common/
│ │ ├── AsyncButton.svelte
│ │ ├── AuthBar.svelte
│ │ ├── Brand.svelte
│ │ ├── ConnectionInstructions.svelte
│ │ ├── CopyButton.svelte
│ │ ├── CredentialUsedStateBadge.svelte
│ │ ├── DelayedSpinner.svelte
│ │ ├── EmptyState.svelte
│ │ ├── GettingStarted.svelte
│ │ ├── GroupColorCircle.svelte
│ │ ├── InfoBox.svelte
│ │ ├── ItemList.svelte
│ │ ├── Loadable.svelte
│ │ ├── NavListItem.svelte
│ │ ├── Pagination.svelte
│ │ ├── RadioButton.svelte
│ │ ├── RateLimitInput.svelte
│ │ ├── ThemeSwitcher.svelte
│ │ ├── autosave.ts
│ │ ├── errors.ts
│ │ ├── helpers.ts
│ │ ├── protocols.ts
│ │ ├── recordings.ts
│ │ └── sveltestrap-s5-ports/
│ │ ├── Alert.svelte
│ │ ├── Badge.svelte
│ │ ├── ModalHeader.svelte
│ │ ├── Tooltip.svelte
│ │ └── _sveltestrapUtils.ts
│ ├── embed/
│ │ ├── EmbeddedUI.svelte
│ │ └── index.ts
│ ├── gateway/
│ │ ├── ApiTokenManager.svelte
│ │ ├── App.svelte
│ │ ├── CreateApiTokenModal.svelte
│ │ ├── CredentialManager.svelte
│ │ ├── Login.svelte
│ │ ├── OutOfBandAuth.svelte
│ │ ├── Profile.svelte
│ │ ├── ProfileApiTokens.svelte
│ │ ├── ProfileCredentials.svelte
│ │ ├── TargetList.svelte
│ │ ├── index.html
│ │ ├── index.ts
│ │ ├── lib/
│ │ │ ├── api.ts
│ │ │ ├── openapi-schema.json
│ │ │ ├── shellEscape.ts
│ │ │ └── store.ts
│ │ └── login.ts
│ ├── lib.rs
│ ├── theme/
│ │ ├── _theme.scss
│ │ ├── fonts.css
│ │ ├── index.ts
│ │ ├── theme.dark.scss
│ │ ├── theme.light.scss
│ │ ├── vars.common.scss
│ │ ├── vars.dark.scss
│ │ └── vars.light.scss
│ └── vite-env.d.ts
├── svelte.config.js
├── tsconfig.json
├── tsconfig.node.json
└── vite.config.ts
================================================
FILE CONTENTS
================================================
================================================
FILE: .all-contributorsrc
================================================
{
"projectName": "warpgate",
"projectOwner": "warp-tech",
"repoType": "github",
"repoHost": "https://github.com",
"files": [
"README.md"
],
"imageSize": 100,
"commit": true,
"commitConvention": "none",
"contributors": [
{
"login": "Eugeny",
"name": "Eugeny",
"avatar_url": "https://avatars.githubusercontent.com/u/161476?v=4",
"profile": "https://github.com/Eugeny",
"contributions": [
"code"
]
},
{
"login": "heywoodlh",
"name": "Spencer Heywood",
"avatar_url": "https://avatars.githubusercontent.com/u/18178614?v=4",
"profile": "https://the-empire.systems/",
"contributions": [
"code"
]
},
{
"login": "apiening",
"name": "Andreas Piening",
"avatar_url": "https://avatars.githubusercontent.com/u/2064875?v=4",
"profile": "https://github.com/apiening",
"contributions": [
"code"
]
},
{
"login": "Gurkengewuerz",
"name": "Niklas",
"avatar_url": "https://avatars.githubusercontent.com/u/10966337?v=4",
"profile": "https://github.com/Gurkengewuerz",
"contributions": [
"code"
]
},
{
"login": "notnooblord",
"name": "Nooblord",
"avatar_url": "https://avatars.githubusercontent.com/u/11678665?v=4",
"profile": "https://github.com/notnooblord",
"contributions": [
"code"
]
},
{
"login": "SheaSmith",
"name": "Shea Smith",
"avatar_url": "https://avatars.githubusercontent.com/u/51303984?v=4",
"profile": "https://shea.nz/",
"contributions": [
"code"
]
},
{
"login": "samtoxie",
"name": "samtoxie",
"avatar_url": "https://avatars.githubusercontent.com/u/7732658?v=4",
"profile": "https://github.com/samtoxie",
"contributions": [
"code"
]
},
{
"login": "pfoundation",
"name": "P Foundation",
"avatar_url": "https://avatars.githubusercontent.com/u/80860929?v=4",
"profile": "https://p.foundation/",
"contributions": [
"financial"
]
},
{
"login": "alairock",
"name": "Skyler Lewis",
"avatar_url": "https://avatars.githubusercontent.com/u/1480236?v=4",
"profile": "http://sixteenink.com",
"contributions": [
"code"
]
},
{
"login": "MohammedNoureldin",
"name": "Mohammed Noureldin",
"avatar_url": "https://avatars.githubusercontent.com/u/14913147?v=4",
"profile": "http://www.mohammednoureldin.com",
"contributions": [
"code"
]
},
{
"login": "mrmm",
"name": "Mourad Maatoug",
"avatar_url": "https://avatars.githubusercontent.com/u/796467?v=4",
"profile": "https://github.com/mrmm",
"contributions": [
"code"
]
},
{
"login": "justinforlenza",
"name": "Justin",
"avatar_url": "https://avatars.githubusercontent.com/u/11709872?v=4",
"profile": "http://justinforlenza.dev",
"contributions": [
"code"
]
},
{
"login": "liebermantodd",
"name": "liebermantodd",
"avatar_url": "https://avatars.githubusercontent.com/u/12155811?v=4",
"profile": "https://github.com/liebermantodd",
"contributions": [
"code"
]
},
{
"login": "cvhariharan",
"name": "Hariharan",
"avatar_url": "https://avatars.githubusercontent.com/u/14965074?v=4",
"profile": "https://blog.trieoflogs.com",
"contributions": [
"code"
]
},
{
"login": "solidassassin",
"name": "Rokas Krivaitis",
"avatar_url": "https://avatars.githubusercontent.com/u/47082246?v=4",
"profile": "https://github.com/solidassassin",
"contributions": [
"code"
]
}
],
"contributorsPerLine": 7,
"commitType": "docs"
}
================================================
FILE: .bumpversion.cfg
================================================
[bumpversion]
current_version = 0.22.0-beta.2
commit = True
tag = True
[bumpversion:file:warpgate/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-admin/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-ca/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-common/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-common-http/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-core/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-database-protocols/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-db-entities/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-db-migrations/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-protocol-kubernetes/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-ldap/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-protocol-http/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-protocol-mysql/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-protocol-postgres/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-protocol-ssh/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-tls/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-sso/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
[bumpversion:file:warpgate-web/Cargo.toml]
search = version = "{current_version}"
replace = version = "{new_version}"
================================================
FILE: .cargo/config.toml
================================================
# https://github.com/rust-lang/cargo/issues/5376#issuecomment-2163350032
[target.'cfg(all())']
rustflags = [
"--cfg", "tokio_unstable",
"-Zremap-cwd-prefix=/reproducible-cwd",
"--remap-path-prefix=$HOME=/reproducible-home",
"--remap-path-prefix=$PWD=/reproducible-pwd",
]
================================================
FILE: .dockerignore
================================================
data*
cdx
dhap-heap.json
.pytest_cache
# Generated by Cargo
# will have compiled files and executables
target
*/target
# These are backup files generated by rustfmt
**/*.rs.bk
# MSVC Windows builds of rustc generate these, which store debugging information
*.pdb
temp
host_key*
.vscode
# ---
data
config.*.yaml
config.yaml
warpgate-web/dist
warpgate-web/node_modules
warpgate-web/src/admin/lib/api-client/
warpgate-web/src/gateway/lib/api-client/
================================================
FILE: .flake8
================================================
[flake8]
ignore=E501,D103,C901,D203,W504,S607,S603,S404,S606,S322,S410,S320,B010
exclude = .git,__pycache__,help,static,misc,locale,templates,tests,deployment,migrations,elements/ai/scripts
max-complexity = 40
builtins = _
per-file-ignores = scripts/*:T001,E402
select = C,E,F,W,B,B902
================================================
FILE: .github/FUNDING.yml
================================================
github: eugeny
open_collective: tabby
ko_fi: eugeny
================================================
FILE: .github/dependabot.yml
================================================
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "cargo"
directory: "/"
labels: ["type/deps"]
#open-pull-requests-limit: 25
schedule:
interval: "daily"
groups:
version-bumps:
applies-to: version-updates
update-types:
- minor
- patch
- package-ecosystem: "npm"
directory: "/warpgate-web"
labels: ["type/deps"]
#open-pull-requests-limit: 25
groups:
version-bumps:
applies-to: version-updates
update-types:
- minor
- patch
schedule:
interval: "daily"
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
- package-ecosystem: docker
directory: /docker
schedule:
interval: daily
================================================
FILE: .github/workflows/build.yml
================================================
name: Build
permissions:
contents: read
on: [push, pull_request]
jobs:
build:
strategy:
matrix:
include:
- arch: x86_64-linux
target: x86_64-unknown-linux-gnu
os: ubuntu-22.04 # older image for glibc compatibility
cyclonedx-build: cyclonedx-linux-x64
cargo-cross: false
- arch: arm64-linux
target: aarch64-unknown-linux-gnu
os: ubuntu-22.04-arm # older image for glibc compatibility
cyclonedx-build: cyclonedx-linux-arm64
cargo-cross: false
- arch: x86_64-macos
target: x86_64-apple-darwin
os: macos-latest
cyclonedx-build: cyclonedx-osx-x64
cargo-cross: false
- arch: arm64-macos
target: aarch64-apple-darwin
os: macos-latest
cyclonedx-build: cyclonedx-osx-arm64
cargo-cross: true
fail-fast: false
name: Build (${{ matrix.arch }})
runs-on: ${{ matrix.os }}
permissions:
contents: write
id-token: write
attestations: write
artifact-metadata: write
steps:
- if: startsWith(matrix.os, 'ubuntu')
run: |
sudo apt update
sudo apt install -y libssl-dev pkg-config
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
submodules: recursive
- uses: rlespinasse/github-slug-action@9e7def61550737ba68c62d34a32dd31792e3f429
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
with:
target: ${{ matrix.target }}
override: true
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
with:
key: "build"
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
with:
node-version: 24
- name: Install tools
run: |
cargo install --locked just
cargo install --locked cargo-deny@0.18.9
cargo install --locked cargo-cyclonedx@^0.5
rm -rf ~/.cargo/registry
- name: Install CycloneDX
run: |
mkdir cdx
wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.27.2/${{ matrix.cyclonedx-build }} -O cyclonedx
chmod +x cyclonedx
- name: Install CycloneDX-npm
run: |
cd /
npm i -g @cyclonedx/cyclonedx-npm@4.1.2
- name: cargo-deny
run: |
cargo deny --version
cargo deny check
- name: Install admin UI deps
run: |
just npm ci
- name: Build admin UI
run: |
just npm run build
- name: Generate admin UI BOM
run: |
just npm prune
cd warpgate-web && NODE_ENV=dev cyclonedx-npm --output-format xml > ../cdx/admin-ui.cdx.xml
- name: Build
uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
with:
command: build
use-cross: ${{ matrix.cargo-cross }}
args: --all-features --release --target ${{ matrix.target }}
env:
ENV SOURCE_DATE_EPOCH: "0" # for rust-embed determinism
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd"
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd"
CARGO_TARGET_X86_64_APPLE_DARWIN_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd"
CARGO_TARGET_AARCH64_APPLE_DARWIN_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd"
- name: Generate Rust BOM
run: |
cargo cyclonedx --all-features
mv warpgate*/*.cdx.xml cdx/
- name: Merge BOMs
run: ./cyclonedx merge --input-files cdx/* --input-format xml --output-format xml > cdx.xml
- name: Attest build
uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26
if: startsWith(github.ref, 'refs/tags/v')
with:
subject-path: target/${{ matrix.target }}/release/warpgate
- name: Upload artifact
uses: actions/upload-artifact@2848b2cda0e5190984587ec6bb1f36730ca78d50
with:
name: warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}
path: target/${{ matrix.target }}/release/warpgate
- name: Upload SBOM
uses: actions/upload-artifact@2848b2cda0e5190984587ec6bb1f36730ca78d50
with:
name: warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}.cdx.xml
path: cdx.xml
- name: Rename artifacts
run: |
mkdir dist
mv target/${{ matrix.target }}/release/warpgate dist/warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}
mv cdx.xml dist/warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}.cdx.xml
- name: Upload release
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe
if: startsWith(github.ref, 'refs/tags/v')
with:
draft: true
generate_release_notes: true
files: dist/*
token: ${{ secrets.GITHUB_TOKEN }}
config-schema:
name: Config schema check
runs-on: ubuntu-24.04
steps:
- name: Setup
run: |
sudo apt update
sudo apt install --no-install-recommends -y libssl-dev pkg-config
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
submodules: recursive
- name: Install tools
run: |
cargo install --locked just
- name: Ensure there are no changes in config schema
run: |
mkdir warpgate-web/dist
just config-schema
git diff --exit-code config-schema.json
================================================
FILE: .github/workflows/check-schema-compatibility.yml
================================================
name: Check API Schema Compatibility
on: [pull_request]
permissions:
contents: read
jobs:
check-schema-compatibility:
runs-on: ubuntu-latest
steps:
- name: Checkout PR branch
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
fetch-depth: 0
- name: Install just
run: |
cargo install just
- name: Install npm dependencies
run: |
cd warpgate-web && npm ci
- name: Generate API schema files
run: |
mkdir warpgate-web/dist
just openapi-all
- name: Checkout main branch to compare
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
ref: main
path: main-branch
- name: Check admin API
run: |
docker run --rm -t -v $(pwd):/specs:ro tufin/oasdiff breaking -f githubactions --fail-on WARN /specs/main-branch/warpgate-web/src/admin/lib/openapi-schema.json /specs/warpgate-web/src/admin/lib/openapi-schema.json
- name: Check gateway API
run: |
docker run --rm -t -v $(pwd):/specs:ro tufin/oasdiff breaking -f githubactions --fail-on WARN /specs/main-branch/warpgate-web/src/gateway/lib/openapi-schema.json /specs/warpgate-web/src/gateway/lib/openapi-schema.json
================================================
FILE: .github/workflows/codeql.yml
================================================
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL Advanced"
permissions:
contents: read
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '19 11 * * 0'
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
- language: javascript-typescript
build-mode: none
- language: rust
build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
# Add any setup steps before running the `github/codeql-action/init` action.
# This includes steps like installing compilers or runtimes (`actions/setup-node`
# or others). This is typically only required for manual builds.
# - name: Setup runtime (example)
# uses: actions/setup-example@v1
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8
with:
category: "/language:${{matrix.language}}"
================================================
FILE: .github/workflows/dependency-review.yml
================================================
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: 'Dependency Review'
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48
================================================
FILE: .github/workflows/docker.yml
================================================
name: Docker
permissions: read-all
on:
schedule:
- cron: '25 12 * * *'
push:
branches: [ '**' ]
tags: [ 'v*.*.*' ] # Publish semver tags as releases.
pull_request:
branches: [ '**' ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: warp-tech/warpgate
jobs:
build:
runs-on: ${{matrix.os}}
strategy:
matrix:
include:
- os: ubuntu-24.04
docker-platform: linux/amd64
matrix-id: amd64
- os: ubuntu-24.04-arm
docker-platform: linux/arm64
matrix-id: arm64
permissions:
contents: read
packages: write
id-token: write
attestations: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
submodules: recursive
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build Docker image without pushing
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository
id: build-no-push
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
with:
file: docker/Dockerfile
context: .
push: false
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ matrix.docker-platform }}
cache-from: type=gha,scope=build-${{ matrix.docker-platform }}
- name: Build and push Docker image
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
id: build
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
with:
file: docker/Dockerfile
context: .
push: true
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ matrix.docker-platform }}
cache-from: type=gha,scope=build-${{ matrix.docker-platform }}
cache-to: type=gha,scope=build-${{ matrix.docker-platform }}
outputs: type=image,"name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}",push-by-digest=true,name-canonical=true,push=true
# Provenance attestations generates an unknown/unknown platform layer
# that causes issues, see #1255
attests: ''
provenance: false
- name: Export digest
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: digests-${{ matrix.matrix-id }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
merge:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
needs:
- build
permissions:
contents: read
packages: write
id-token: write
attestations: write
steps:
- name: Download digests
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch,prefix=branch-
type=ref,event=pr,prefix=pr-
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=schedule
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
================================================
FILE: .github/workflows/reprotest.yml
================================================
name: Reproducibility test
permissions:
contents: read
on: workflow_dispatch
jobs:
reprotest:
name: Reproducibility test
runs-on: ubuntu-24.04
steps:
- name: Setup
run: |
sudo apt update
sudo apt install --no-install-recommends -y libssl-dev pkg-config disorderfs faketime locales-all reprotest diffoscope
test -c /dev/fuse || mknod -m 666 /dev/fuse c 10 229
test -f /etc/mtab || ln -s ../proc/self/mounts /etc/mtab
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo sh -s -- -y
echo "/root/.cargo/bin" >> $GITHUB_PATH
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
submodules: recursive
- name: Install tools
run: |
sudo env "PATH=$PATH" cargo install --locked just
- name: Reprotest
run: |
sudo ulimit -n 999999
sudo env "PATH=$PATH" reprotest -vv --min-cpus=99999 --vary=environment,build_path,kernel,aslr,num_cpus,-time,-user_group,fileordering,domain_host,home,locales,exec_path,timezone,umask --build-command 'just npm ci; just npm run build; SOURCE_DATE_EPOCH=0 cargo build --all-features --release' . target/release/warpgate
================================================
FILE: .github/workflows/scorecard.yml
================================================
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.
name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '42 9 * * 6'
push:
branches: [ "main" ]
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
# `publish_results: true` only works when run from the default branch. conditional can be removed if disabled.
if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request'
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# (Optional) Uncomment file_mode if you have a .gitattributes with files marked export-ignore
# file_mode: git
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
with:
sarif_file: results.sarif
================================================
FILE: .github/workflows/test.yml
================================================
name: Test
on: [push, pull_request]
permissions:
contents: read
jobs:
Tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
submodules: recursive
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
with:
node-version: 24
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
with:
key: "test"
- name: Install build deps
run: |
sudo apt-get install openssh-client expect
cargo install --locked just
# Pin cargo-llvm-cov to 0.6.15 because versions 0.6.16+ depend on ruzstd 0.8.x which uses
# the unstable `unsigned_is_multiple_of` feature not available in nightly-2025-01-01
cargo install --locked cargo-llvm-cov@0.6.15
cargo clean
rustup component add llvm-tools-preview
- name: Build UI
run: |
just npm ci
just openapi
just npm run openapi:tests-sdk
just npm run build
- name: Build images
working-directory: tests
run: |
make all
- name: Install deps
working-directory: tests
run: |
sudo apt update
sudo apt install -y gnome-keyring kubectl
pip3 install keyring==24 poetry==1.8.3
poetry install
- name: Run
working-directory: tests
run: |
TIMEOUT=120 poetry run ./run.sh
cargo llvm-cov report --lcov > coverage.lcov
- name: Upload coverage
uses: actions/upload-artifact@2848b2cda0e5190984587ec6bb1f36730ca78d50
with:
name: coverage.lcov
path: tests/coverage.lcov
- name: Upload coverage (HTML)
uses: actions/upload-artifact@2848b2cda0e5190984587ec6bb1f36730ca78d50
with:
name: coverage-html
path: target/llvm-cov/html
- name: SonarCloud Scan
uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9
if: ${{ env.SONAR_TOKEN }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
================================================
FILE: .gitignore
================================================
# Generated by Cargo
# will have compiled files and executables
debug/
target/
# These are backup files generated by rustfmt
**/*.rs.bk
# MSVC Windows builds of rustc generate these, which store debugging information
*.pdb
temp
host_key*
.vscode
# ---
data
data-*
config.*.yaml
config.yaml
__pycache__
.pytest_cache
dhat-heap.json
# IntelliJ based IDEs
.idea/
/.data/
cdx.xml
*.cdx.xml
================================================
FILE: .well-known/funding-manifest-urls
================================================
https://null.page/funding.json
================================================
FILE: Cargo.toml
================================================
# cargo-features = ["profile-rustflags"]
[workspace]
members = [
"warpgate",
"warpgate-admin",
"warpgate-common",
"warpgate-common-http",
"warpgate-tls",
"warpgate-core",
"warpgate-db-migrations",
"warpgate-db-entities",
"warpgate-database-protocols",
"warpgate-ldap",
"warpgate-protocol-http",
"warpgate-protocol-kubernetes",
"warpgate-protocol-mysql",
"warpgate-protocol-postgres",
"warpgate-protocol-ssh",
"warpgate-sso",
"warpgate-web",
]
default-members = ["warpgate"]
resolver = "2"
[workspace.dependencies]
anyhow = { version = "1.0", default-features = false, features = ["std"] }
bytes = { version = "1.4", default-features = false }
data-encoding = { version = "2.3", default-features = false, features = ["alloc", "std"] }
serde = { version = "1.0", features = ["derive"], default-features = false }
serde_json = { version = "1.0", default-features = false }
russh = { version = "0.58.0", features = ["des", "rsa", "aws-lc-rs"], default-features = false }
futures = { version = "0.3", default-features = false }
tokio-stream = { version = "0.1.17", features = ["net"], default-features = false }
tokio-rustls = { version = "0.26", default-features = false }
enum_dispatch = { version = "0.3.13", default-features = false }
rustls = { version = "0.23", default-features = false, features = ["tls12"] }
sqlx = { version = "0.8", features = ["tls-rustls-aws-lc-rs"], default-features = false }
sea-orm = { version = "1.0", default-features = false, features = ["runtime-tokio", "macros"] }
sea-orm-migration = { version = "1.0", default-features = false, features = [
"cli",
] }
poem = { version = "3.1", features = [
"cookie",
"session",
"anyhow",
"websocket",
"rustls",
"embed",
"server",
], default-features = false }
hex = { version = "0.4", default-features = false }
poem-openapi = { version = "5.1", features = [
"stoplight-elements",
"chrono",
"uuid",
"static-files",
"cookie",
], default-features = false }
password-hash = { version = "0.5", features = ["std"], default-features = false }
delegate = { version = "0.13", default-features = false }
tracing = { version = "0.1", default-features = false }
schemars = { version = "0.9.0", default-features = false, features = ["derive", "std"] }
ldap3 = { version = "0.12", default-features = false, features = ["tls-rustls-aws-lc-rs"] }
rustls-pki-types = { version = "1.13", default-features = false, features = ["alloc", "std"] }
thiserror = { version = "2", default-features = false }
rand = { version = "0.8", default-features = false }
rand_chacha = { version = "0.3", default-features = false }
rand_core = { version = "0.6", features = ["std"], default-features = false }
dialoguer = { version = "0.11", default-features = false, features = ["editor", "password"] }
tokio = { version = "1.20", features = ["tracing", "signal", "macros", "rt-multi-thread", "io-util"], default-features = false }
governor = { version = "0.10.0", default-features = false, features = ["std", "quanta", "jitter"] }
rcgen = { version = "0.13", features = ["zeroize", "crypto", "aws_lc_rs", "pem", "x509-parser"], default-features = false }
x509-parser = "0.17.0"
uuid = { version = "1.3", features = ["v4", "serde"], default-features = false }
reqwest = { version = "0.13", features = [
"http2", # required for connecting to targets behind AWS ELB
"rustls-no-provider",
"stream",
"gzip",
], default-features = false }
reqwest_12 = { package = "reqwest", version = "0.12", features = [
"http2",
"rustls-tls-native-roots-no-provider",
"stream",
"gzip",
], default-features = false } # separate copy to control features on openidconnect->oauth2->reqwest
regex = { version = "1.6", default-features = false, features = ["std"] }
tokio-tungstenite = { version = "0.27", features = ["rustls-tls-native-roots", "connect"], default-features = false }
reqwest-websocket = "0.6.0"
[profile.release]
lto = true
panic = "abort"
strip = "debuginfo"
[profile.coverage]
inherits = "dev"
# rustflags = ["-Cinstrument-coverage"]
================================================
FILE: Cranky.toml
================================================
deny = [
"unsafe_code",
"clippy::unwrap_used",
"clippy::expect_used",
"clippy::panic",
"clippy::indexing_slicing",
"clippy::dbg_macro",
]
allow = [
"clippy::result_large_err",
]
================================================
FILE: Cross.toml
================================================
[target.x86_64-unknown-linux-gnu]
pre-build = ["apt-get update && apt-get install --assume-yes libz-dev"]
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2022 Warpgate contributors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: README.md
================================================
<p align="center">
<img src="https://github.com/user-attachments/assets/89be835b-ff96-46df-94c7-ae2d176615e3" />
</p>
<br/>
<p align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset=".github/readme/brand-dark.svg">
<source media="(prefers-color-scheme: light)" srcset="warpgate-web/public/assets/brand.svg">
<img alt="Shows a black logo in light color mode and a white one in dark color mode." src=".github/readme/brand-dark.svg">
</picture>
</p>
<br/>
<p align="center">
<a href="https://github.com/warp-tech/warpgate/releases/latest"><img alt="GitHub All Releases" src="https://img.shields.io/github/downloads/warp-tech/warpgate/total.svg?label=DOWNLOADS&logo=github&style=for-the-badge&color=8f8"></a> <a href="https://nightly.link/warp-tech/warpgate/workflows/build/main"><img src="https://shields.io/badge/-Nightly%20Builds-fa5?logo=hackthebox&logoColor=444&style=for-the-badge"/></a> <a href="https://discord.gg/Vn7BjmzhtF"><img alt="Discord" src="https://img.shields.io/discord/1280890060195233934?style=for-the-badge&color=acc&logo=discord&logoColor=white&label=Discord"></a>
</p>
<p align="center">
<a href="https://ko-fi.com/J3J8KWTF">
<img src="https://cdn.ko-fi.com/cdn/kofi3.png?v=2" width="150">
</a>
</p>
---
Warpgate is a smart & fully transparent SSH, HTTPS, Kubernetes, MySQL, PostgreSQL bastion host that doesn't require a client app or an SSH wrapper.
* Set it up in your DMZ, add user accounts and easily assign them to specific hosts and URLs within the network.
* Warpgate will record every session for you to view (live) and replay later through a built-in admin web UI.
* Not a jump host - forwards connection straight to the target in a way that's fully transparent to the client.
* Native 2FA and SSO support (TOTP & OpenID Connect)
* Single binary with no dependencies.
* Written in 100% safe Rust.
<p align="center" style="margin: 30px 0 10px">Supported by: </p>
<p align="center" style="margin: 0 0 30px">
<a href="https://floss.fund"><img src="https://floss.fund/static/badge.svg" alt="FLOSS/fund badge" /></a>
</p>
## Getting started & downloads
* See the [Getting started](https://warpgate.null.page/getting-started/) docs page (or [Getting started on Docker](https://warpgate.null.page/getting-started-on-docker/)).
* [Release / beta binaries](https://github.com/warp-tech/warpgate/releases)
* [Nightly builds](https://nightly.link/warp-tech/warpgate/workflows/build/main)
## How is Warpgate different from a jump host / VPN / Teleport?
| Warpgate | SSH jump host | VPN | Teleport |
|-|-|-|-|
| ✅ **Precise 1:1 assignment between users and services** | (Usually) full access to the network behind the jump host | (Usually) full access to the network | ✅ **Precise 1:1 assignment between users and services** |
| ✅ **No custom client needed** | Jump host config needed | ✅ **No custom client needed** | Custom client required |
| ✅ **2FA out of the box** | 🟡 2FA possible with additional PAM plugins | 🟡 Depends on the provider | ✅ **2FA out of the box** |
| ✅ **SSO out of the box** | 🟡 SSO possible with additional PAM plugins | 🟡 Depends on the provider | Paid |
| ✅ **Command-level audit** | 🟡 Connection-level audit on the jump host, no secure audit on the target if root access is given | No secure audit on the target if root access is given | ✅ **Command-level audit** |
| ✅ **Full session recording** | No secure recording possible on the target if root access is given | No secure recording possible on the target if root access is given | ✅ **Full session recording** |
| ✅ **Non-interactive connections** | 🟡 Non-interactive connections are possible if the clients supports jump hosts natively | ✅ **Non-interactive connections** | Non-interactive connections require using an SSH client wrapper or running a tunnel |
| ✅ **Self-hosted, you own the data** | ✅ **Self-hosted, you own the data** | 🟡 Depends on the provider | SaaS |
<center>
<img width="783" alt="image" src="https://user-images.githubusercontent.com/161476/162640762-a91a2816-48c0-44d9-8b03-5b1e2cb42d51.png">
</center>
<table>
<tr>
<td>
<img src="https://github.com/user-attachments/assets/c9a6a372-198e-4f46-ab86-8c420dc24bca">
</td>
<td>
<img src="https://github.com/user-attachments/assets/a2166426-e865-4aba-9600-520954bcfe7f">
</td>
<td>
<img src="https://github.com/user-attachments/assets/366a5afb-aa86-4902-9080-eb2f40bf162c">
</td>
</tr>
</table>
## Reporting security issues
Please use GitHub's [vulnerability reporting system](https://github.com/warp-tech/warpgate/security/policy).
## Project Status
The project is ready for production.
## How it works
Warpgate is a service that you deploy on the bastion/DMZ host, which will accept SSH, HTTPS, Kubernetes, MySQL and PostgreSQL connections and provide an (optional) web admin UI.
Run `warpgate setup` to interactively generate a config file, including port bindings. See [Getting started](https://warpgate.null.page/getting-started/) for details.
It receives connections with specifically formatted credentials, authenticates the user locally, connects to the target itself, and then connects both parties together while (optionally) recording the session.
When connecting through HTTPS, Warpgate presents a selection of available targets, and will then proxy all traffic in a session to the selected target. You can switch between targets at any time.
You manage the target and user lists and assign them to each other through the admin UI, and the session history is stored in an SQLite database (default: in `/var/lib/warpgate`).
You can also use the admin web interface to view the live session list, review session recordings, logs and more.
## Contributing / building from source
* You'll need Rust, NodeJS and NPM
* Clone the repo
* [Just](https://github.com/casey/just) is used to run tasks - install it: `cargo install just`
* Install the admin UI deps: `just npm install`
* Build the frontend: `just npm run build`
* Build Warpgate: `cargo build` (optionally `--release`)
The binary is in `target/{debug|release}`.
### Tech stack
* Rust 🦀
* HTTP: `poem-web`
* Database: SQLite via `sea-orm` + `sqlx`
* SSH: `russh`
* Typescript
* Svelte
* Bootstrap
### Backend API
* Warpgate admin and user facing APIs use autogenerated OpenAPI schemas and SDKs. To update the SDKs after changing the query/response structures, run `just openapi-all`.
## Contributors ✨
Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
<!-- prettier-ignore-start -->
<!-- markdownlint-disable -->
<table>
<tbody>
<tr>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/Eugeny"><img src="https://avatars.githubusercontent.com/u/161476?v=4?s=100" width="100px;" alt="Eugeny"/><br /><sub><b>Eugeny</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=Eugeny" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://the-empire.systems/"><img src="https://avatars.githubusercontent.com/u/18178614?v=4?s=100" width="100px;" alt="Spencer Heywood"/><br /><sub><b>Spencer Heywood</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=heywoodlh" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/apiening"><img src="https://avatars.githubusercontent.com/u/2064875?v=4?s=100" width="100px;" alt="Andreas Piening"/><br /><sub><b>Andreas Piening</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=apiening" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/Gurkengewuerz"><img src="https://avatars.githubusercontent.com/u/10966337?v=4?s=100" width="100px;" alt="Niklas"/><br /><sub><b>Niklas</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=Gurkengewuerz" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/notnooblord"><img src="https://avatars.githubusercontent.com/u/11678665?v=4?s=100" width="100px;" alt="Nooblord"/><br /><sub><b>Nooblord</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=notnooblord" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://shea.nz/"><img src="https://avatars.githubusercontent.com/u/51303984?v=4?s=100" width="100px;" alt="Shea Smith"/><br /><sub><b>Shea Smith</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=SheaSmith" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/samtoxie"><img src="https://avatars.githubusercontent.com/u/7732658?v=4?s=100" width="100px;" alt="samtoxie"/><br /><sub><b>samtoxie</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=samtoxie" title="Code">💻</a></td>
</tr>
<tr>
<td align="center" valign="top" width="14.28%"><a href="https://p.foundation/"><img src="https://avatars.githubusercontent.com/u/80860929?v=4?s=100" width="100px;" alt="P Foundation"/><br /><sub><b>P Foundation</b></sub></a><br /><a href="#financial-pfoundation" title="Financial">💵</a></td>
<td align="center" valign="top" width="14.28%"><a href="http://sixteenink.com"><img src="https://avatars.githubusercontent.com/u/1480236?v=4?s=100" width="100px;" alt="Skyler Lewis"/><br /><sub><b>Skyler Lewis</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=alairock" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="http://www.mohammednoureldin.com"><img src="https://avatars.githubusercontent.com/u/14913147?v=4?s=100" width="100px;" alt="Mohammed Noureldin"/><br /><sub><b>Mohammed Noureldin</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=MohammedNoureldin" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/mrmm"><img src="https://avatars.githubusercontent.com/u/796467?v=4?s=100" width="100px;" alt="Mourad Maatoug"/><br /><sub><b>Mourad Maatoug</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=mrmm" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="http://justinforlenza.dev"><img src="https://avatars.githubusercontent.com/u/11709872?v=4?s=100" width="100px;" alt="Justin"/><br /><sub><b>Justin</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=justinforlenza" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/liebermantodd"><img src="https://avatars.githubusercontent.com/u/12155811?v=4?s=100" width="100px;" alt="liebermantodd"/><br /><sub><b>liebermantodd</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=liebermantodd" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://blog.trieoflogs.com"><img src="https://avatars.githubusercontent.com/u/14965074?v=4?s=100" width="100px;" alt="Hariharan"/><br /><sub><b>Hariharan</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=cvhariharan" title="Code">💻</a></td>
</tr>
<tr>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/solidassassin"><img src="https://avatars.githubusercontent.com/u/47082246?v=4?s=100" width="100px;" alt="Rokas Krivaitis"/><br /><sub><b>Rokas Krivaitis</b></sub></a><br /><a href="https://github.com/warp-tech/warpgate/commits?author=solidassassin" title="Code">💻</a></td>
</tr>
</tbody>
</table>
<!-- markdownlint-restore -->
<!-- prettier-ignore-end -->
<!-- ALL-CONTRIBUTORS-LIST:END -->
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
================================================
FILE: SECURITY.md
================================================
# Security Policy
## Reporting a Vulnerability
Please report vunerabilities using GitHub's Private Vulnerability Reporting tool.
You can expect a response within a few days.
---
Warpgate considers the following trusted inputs:
* Contents of the connected database
* Contents of the config file, as long as Warpgate does not fail to lock down its permissions.
* HTTP requests made by a session previously authenticated by a user who has the `warpgate:admin` role.
* Network infrastructure and actuality and stability of target IPs/hostnames.
In particular, this does not include the traffic from known Warpgate targets.
---
CNA: [GitHub](https://www.cve.org/PartnerInformation/ListofPartners/partner/GitHub_M)
================================================
FILE: clippy.toml
================================================
avoid-breaking-exported-api = false
allow-unwrap-in-tests = true
================================================
FILE: config-schema.json
================================================
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "WarpgateConfigStore",
"type": "object",
"properties": {
"database_url": {
"type": "string",
"default": "sqlite:data/db"
},
"external_host": {
"type": [
"string",
"null"
],
"default": null
},
"http": {
"$ref": "#/$defs/HttpConfig",
"default": {
"certificate": "",
"cookie_max_age": "1day",
"external_port": null,
"key": "",
"listen": "[::]:8888",
"session_max_age": "30m",
"sni_certificates": [],
"trust_x_forwarded_headers": false
}
},
"kubernetes": {
"$ref": "#/$defs/KubernetesConfig",
"default": {
"certificate": "",
"enable": false,
"external_port": null,
"key": "",
"listen": "[::]:8443",
"session_max_age": "30m"
}
},
"log": {
"$ref": "#/$defs/LogConfig",
"default": {
"format": "text",
"retention": "7days",
"send_to": null
}
},
"mysql": {
"$ref": "#/$defs/MySqlConfig",
"default": {
"certificate": "",
"enable": false,
"external_port": null,
"key": "",
"listen": "[::]:33306"
}
},
"postgres": {
"$ref": "#/$defs/PostgresConfig",
"default": {
"certificate": "",
"enable": false,
"external_port": null,
"key": "",
"listen": "[::]:55432"
}
},
"recordings": {
"$ref": "#/$defs/RecordingsConfig",
"default": {
"enable": false,
"path": "./data/recordings"
}
},
"ssh": {
"$ref": "#/$defs/SshConfig",
"default": {
"enable": false,
"external_port": null,
"host_key_verification": "prompt",
"inactivity_timeout": "5m",
"keepalive_interval": null,
"keys": "./data/keys",
"listen": "[::]:2222"
}
},
"sso_providers": {
"type": "array",
"default": [],
"items": {
"$ref": "#/$defs/SsoProviderConfig"
}
}
},
"$defs": {
"Duration": {
"type": "object",
"properties": {
"nanos": {
"type": "integer",
"format": "uint32",
"minimum": 0
},
"secs": {
"type": "integer",
"format": "uint64",
"minimum": 0
}
},
"required": [
"secs",
"nanos"
]
},
"HttpConfig": {
"type": "object",
"properties": {
"certificate": {
"type": "string",
"default": ""
},
"cookie_max_age": {
"type": "string",
"default": "1day"
},
"external_port": {
"type": [
"integer",
"null"
],
"format": "uint16",
"default": null,
"maximum": 65535,
"minimum": 0
},
"key": {
"type": "string",
"default": ""
},
"listen": {
"$ref": "#/$defs/ListenEndpoint",
"default": "[::]:8888"
},
"session_max_age": {
"type": "string",
"default": "30m"
},
"sni_certificates": {
"type": "array",
"default": [],
"items": {
"$ref": "#/$defs/SniCertificateConfig"
}
},
"trust_x_forwarded_headers": {
"type": "boolean",
"default": false
}
}
},
"KubernetesConfig": {
"type": "object",
"properties": {
"certificate": {
"type": "string",
"default": ""
},
"enable": {
"type": "boolean",
"default": false
},
"external_port": {
"type": [
"integer",
"null"
],
"format": "uint16",
"default": null,
"maximum": 65535,
"minimum": 0
},
"key": {
"type": "string",
"default": ""
},
"listen": {
"$ref": "#/$defs/ListenEndpoint",
"default": "[::]:8443"
},
"session_max_age": {
"type": "string",
"default": "30m"
}
}
},
"ListenEndpoint": {
"type": "string"
},
"LogConfig": {
"type": "object",
"properties": {
"format": {
"$ref": "#/$defs/LogFormat",
"default": "text"
},
"retention": {
"type": "string",
"default": "7days"
},
"send_to": {
"type": [
"string",
"null"
],
"default": null
}
}
},
"LogFormat": {
"type": "string",
"enum": [
"text",
"json"
]
},
"MySqlConfig": {
"type": "object",
"properties": {
"certificate": {
"type": "string",
"default": ""
},
"enable": {
"type": "boolean",
"default": false
},
"external_port": {
"type": [
"integer",
"null"
],
"format": "uint16",
"default": null,
"maximum": 65535,
"minimum": 0
},
"key": {
"type": "string",
"default": ""
},
"listen": {
"$ref": "#/$defs/ListenEndpoint",
"default": "[::]:33306"
}
}
},
"PostgresConfig": {
"type": "object",
"properties": {
"certificate": {
"type": "string",
"default": ""
},
"enable": {
"type": "boolean",
"default": false
},
"external_port": {
"type": [
"integer",
"null"
],
"format": "uint16",
"default": null,
"maximum": 65535,
"minimum": 0
},
"key": {
"type": "string",
"default": ""
},
"listen": {
"$ref": "#/$defs/ListenEndpoint",
"default": "[::]:55432"
}
}
},
"RecordingsConfig": {
"type": "object",
"properties": {
"enable": {
"type": "boolean",
"default": false
},
"path": {
"type": "string",
"default": "./data/recordings"
}
}
},
"RoleMapping": {
"description": "A role mapping value that accepts either a single role or a list of roles.\n In YAML config: `\"group\": \"role\"` or `\"group\": [\"role1\", \"role2\"]`",
"anyOf": [
{
"type": "string"
},
{
"type": "array",
"items": {
"type": "string"
}
}
]
},
"SniCertificateConfig": {
"type": "object",
"properties": {
"certificate": {
"type": "string"
},
"key": {
"type": "string"
}
},
"required": [
"certificate",
"key"
]
},
"SshConfig": {
"type": "object",
"properties": {
"enable": {
"type": "boolean",
"default": false
},
"external_port": {
"type": [
"integer",
"null"
],
"format": "uint16",
"default": null,
"maximum": 65535,
"minimum": 0
},
"host_key_verification": {
"$ref": "#/$defs/SshHostKeyVerificationMode",
"default": "prompt"
},
"inactivity_timeout": {
"type": "string",
"default": "5m"
},
"keepalive_interval": {
"anyOf": [
{
"$ref": "#/$defs/Duration"
},
{
"type": "null"
}
],
"default": null
},
"keys": {
"type": "string",
"default": "./data/keys"
},
"listen": {
"$ref": "#/$defs/ListenEndpoint",
"default": "[::]:2222"
}
}
},
"SshHostKeyVerificationMode": {
"type": "string",
"enum": [
"prompt",
"auto_accept",
"auto_reject"
]
},
"SsoInternalProviderConfig": {
"oneOf": [
{
"type": "object",
"properties": {
"type": {
"type": "string",
"const": "google"
},
"admin_email": {
"description": "A Google Workspace admin email for domain-wide delegation",
"type": [
"string",
"null"
]
},
"admin_role_mappings": {
"type": [
"object",
"null"
],
"additionalProperties": {
"$ref": "#/$defs/RoleMapping"
}
},
"client_id": {
"type": "string"
},
"client_secret": {
"type": "string"
},
"role_mappings": {
"description": "Maps Google group email addresses to Warpgate role names.\n Use \"*\" as a key to set a default role for any group not explicitly mapped.",
"type": [
"object",
"null"
],
"additionalProperties": {
"$ref": "#/$defs/RoleMapping"
}
},
"service_account_email": {
"description": "Service account email for Google Directory API group lookups",
"type": [
"string",
"null"
]
},
"service_account_key": {
"description": "PEM private key from the service account JSON key file",
"type": [
"string",
"null"
]
}
},
"required": [
"type",
"client_id",
"client_secret"
]
},
{
"type": "object",
"properties": {
"type": {
"type": "string",
"const": "apple"
},
"client_id": {
"type": "string"
},
"client_secret": {
"type": "string"
},
"key_id": {
"type": "string"
},
"team_id": {
"type": "string"
}
},
"required": [
"type",
"client_id",
"client_secret",
"key_id",
"team_id"
]
},
{
"type": "object",
"properties": {
"type": {
"type": "string",
"const": "azure"
},
"client_id": {
"type": "string"
},
"client_secret": {
"type": "string"
},
"tenant": {
"type": "string"
}
},
"required": [
"type",
"client_id",
"client_secret",
"tenant"
]
},
{
"type": "object",
"properties": {
"type": {
"type": "string",
"const": "custom"
},
"additional_trusted_audiences": {
"type": [
"array",
"null"
],
"items": {
"type": "string"
}
},
"admin_role_mappings": {
"type": [
"object",
"null"
],
"additionalProperties": {
"$ref": "#/$defs/RoleMapping"
}
},
"client_id": {
"type": "string"
},
"client_secret": {
"type": "string"
},
"issuer_url": {
"type": "string"
},
"role_mappings": {
"type": [
"object",
"null"
],
"additionalProperties": {
"$ref": "#/$defs/RoleMapping"
}
},
"scopes": {
"type": "array",
"items": {
"type": "string"
}
},
"trust_unknown_audiences": {
"type": "boolean",
"default": false
}
},
"required": [
"type",
"client_id",
"client_secret",
"issuer_url",
"scopes"
]
}
]
},
"SsoProviderConfig": {
"type": "object",
"properties": {
"auto_create_users": {
"type": "boolean",
"default": false
},
"default_credential_policy": {
"description": "Default credential policy for auto-created users.\n Keys: \"http\", \"ssh\", \"mysql\", \"postgres\"\n Values: list of credential kinds e.g. [\"sso\"], [\"web\"], []"
},
"label": {
"type": [
"string",
"null"
]
},
"name": {
"type": "string"
},
"provider": {
"$ref": "#/$defs/SsoInternalProviderConfig"
},
"return_domain_whitelist": {
"type": [
"array",
"null"
],
"items": {
"type": "string"
}
},
"return_url_prefix": {
"$ref": "#/$defs/SsoProviderReturnUrlPrefix",
"default": "@"
}
},
"required": [
"name",
"provider"
]
},
"SsoProviderReturnUrlPrefix": {
"type": "string",
"enum": [
"@",
"_"
]
}
}
}
================================================
FILE: deny.toml
================================================
# This template contains all of the possible sections and their default values
# Note that all fields that take a lint level have these possible values:
# * deny - An error will be produced and the check will fail
# * warn - A warning will be produced, but the check will not fail
# * allow - No warning or error will be produced, though in some cases a note
# will be
# The values provided in this template are the default values that will be used
# when any section or field is not specified in your own configuration
# Root options
# The graph table configures how the dependency graph is constructed and thus
# which crates the checks are performed against
[graph]
# If 1 or more target triples (and optionally, target_features) are specified,
# only the specified targets will be checked when running `cargo deny check`.
# This means, if a particular package is only ever used as a target specific
# dependency, such as, for example, the `nix` crate only being used via the
# `target_family = "unix"` configuration, that only having windows targets in
# this list would mean the nix crate, as well as any of its exclusive
# dependencies not shared by any other crates, would be ignored, as the target
# list here is effectively saying which targets you are building for.
targets = [
"x86_64-unknown-linux-gnu",
"aarch64-unknown-linux-gnu",
"x86_64-apple-darwin",
"aarch64-apple-darwin",
]
# When creating the dependency graph used as the source of truth when checks are
# executed, this field can be used to prune crates from the graph, removing them
# from the view of cargo-deny. This is an extremely heavy hammer, as if a crate
# is pruned from the graph, all of its dependencies will also be pruned unless
# they are connected to another crate in the graph that hasn't been pruned,
# so it should be used with care. The identifiers are [Package ID Specifications]
# (https://doc.rust-lang.org/cargo/reference/pkgid-spec.html)
#exclude = []
# If true, metadata will be collected with `--all-features`. Note that this can't
# be toggled off if true, if you want to conditionally enable `--all-features` it
# is recommended to pass `--all-features` on the cmd line instead
all-features = false
# If true, metadata will be collected with `--no-default-features`. The same
# caveat with `all-features` applies
no-default-features = false
# If set, these feature will be enabled when collecting metadata. If `--features`
# is specified on the cmd line they will take precedence over this option.
#features = []
# The output table provides options for how/if diagnostics are outputted
[output]
# When outputting inclusion graphs in diagnostics that include features, this
# option can be used to specify the depth at which feature edges will be added.
# This option is included since the graphs can be quite large and the addition
# of features from the crate(s) to all of the graph roots can be far too verbose.
# This option can be overridden via `--feature-depth` on the cmd line
feature-depth = 1
# This section is considered when running `cargo deny check advisories`
# More documentation for the advisories section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
[advisories]
# The path where the advisory databases are cloned/fetched into
#db-path = "$CARGO_HOME/advisory-dbs"
# The url(s) of the advisory databases to use
#db-urls = ["https://github.com/rustsec/advisory-db"]
# A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered.
ignore = [
"RUSTSEC-2023-0071",
"RUSTSEC-2021-0139", # ansi-term is unmaintained
"RUSTSEC-2025-0134", # rustls-pemfile is deprecated but poem is still using it
]
# If this is true, then cargo deny will use the git executable to fetch advisory database.
# If this is false, then it uses a built-in git library.
# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
# See Git Authentication for more information about setting up git authentication.
#git-fetch-with-cli = true
# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
# multiple-versions = "warn"
# Lint level for when a crate version requirement is `*`
wildcards = "warn"
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"
# The default lint level for `default` features for crates that are members of
# the workspace that is being checked. This can be overridden by allowing/denying
# `default` on a crate-by-crate basis if desired.
workspace-default-features = "warn"
# The default lint level for `default` features for external crates that are not
# members of the workspace. This can be overridden by allowing/denying `default`
# on a crate-by-crate basis if desired.
external-default-features = "allow"
# List of crates that are allowed. Use with care!
allow = [
#"ansi_term@0.11.0",
#{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" },
]
# List of crates to deny
deny = [
"openssl-sys"
#"ansi_term@0.11.0",
#{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" },
# Wrapper crates can optionally be specified to allow the crate when it
# is a direct dependency of the otherwise banned crate
#{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
]
# TODO reenable once poem updates its tokio-rustls dependency
# [[bans.features]]
# crate = "rustls"
# # Features to not allow
# deny = ["ring"]
[[bans.features]]
crate = "reqwest"
# Features to not allow
deny = ["rustls-tls-webpki-roots"]
# Features to allow
#allow = [
# "rustls",
# "__rustls",
# "__tls",
# "hyper-rustls",
# "rustls",
# "rustls-pemfile",
# "rustls-tls-webpki-roots",
# "tokio-rustls",
# "webpki-roots",
#]
# If true, the allowed features must exactly match the enabled feature set. If
# this is set there is no point setting `deny`
#exact = true
# Certain crates/versions that will be skipped when doing duplicate detection.
# skip = [
#"ansi_term@0.11.0",
#{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" },
# ]
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite.
# skip-tree = [
#"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies
#{ crate = "ansi_term@0.11.0", depth = 20 },
# ]
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "warn"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "warn"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = []
[sources.allow-org]
# github.com organizations to allow git sources for
github = []
# gitlab.com organizations to allow git sources for
gitlab = []
# bitbucket.org organizations to allow git sources for
bitbucket = []
[licenses]
confidence-threshold = 0.95
allow = [
"MIT",
"Apache-2.0",
"Unicode-3.0",
"ISC",
"OpenSSL",
"BSD-2-Clause",
"BSD-3-Clause",
"Zlib",
"WTFPL",
"CC0-1.0",
"LGPL-3.0",
"MPL-2.0",
"CDLA-Permissive-2.0",
]
[[licenses.clarify]]
crate = "ring"
expression = "OpenSSL"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 },
]
[[licenses.clarify]]
crate = "webpki"
expression = "ISC"
license-files = [
{ path = "LICENSE", hash = 0x001c7e6c },
]
================================================
FILE: docker/Dockerfile
================================================
# syntax=docker/dockerfile:1.3-labs
# hadolint global ignore=DL3008
FROM rust:1.94.0-bullseye@sha256:16950191527a4cb9e0762d9d48b705a6315158e4035e64f7a93ce8656a1b053c AS build
ENV DEBIAN_FRONTEND=noninteractive
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
&& apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates-java nodejs openjdk-17-jdk \
&& rm -rf /var/lib/apt/lists/* \
&& cargo install just
COPY . /opt/warpgate
# Needed to correctly embed the version number and the dirty state flag
COPY .git/ /opt/warpgate/.git/
# for rust-embed determinism
ENV SOURCE_DATE_EPOCH=0
WORKDIR /opt/warpgate
RUN just npm ci \
&& just openapi \
&& just npm run build \
&& cargo build --features mysql,postgres --release
FROM debian:bullseye-20260316@sha256:943d97fa707482c24e1bc2bdd0b0adc45f75eb345c61dc4272c4157f9a2cc9cc
LABEL maintainer=heywoodlh
ARG USER_ID=1000
ENV DEBIAN_FRONTEND=noninteractive
RUN <<EOF
set -xe
apt-get -y update -qq
apt-get install --no-install-recommends --no-install-suggests -y \
ca-certificates wget
apt-get clean
rm -rf /var/lib/apt/lists/*
EOF
# RUN adduser warpgate --system --home /data
RUN adduser warpgate --disabled-password --gecos "" --uid ${USER_ID} --home /data --shell /usr/sbin/nologin
COPY --from=build /opt/warpgate/target/release/warpgate /usr/local/bin/warpgate
VOLUME /data
ENV WARPGATE_CONFIG=/data/warpgate.yaml
HEALTHCHECK CMD warpgate healthcheck
ENV DOCKER=1
USER warpgate
ENTRYPOINT ["warpgate"]
CMD ["run"]
================================================
FILE: docker/docker-compose.yml
================================================
services:
warpgate:
image: ghcr.io/warp-tech/warpgate
ports:
- 2222:2222
- 8888:8888
- 33306:33306
volumes:
- ./data:/data
stdin_open: true
tty: true
================================================
FILE: helm/warpgate/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: helm/warpgate/Chart.yaml
================================================
apiVersion: v2
name: warpgate
description: A Helm chart for WarpGate inside of Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
# version: 0.1.3
version: 0.0.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.16.0"
================================================
FILE: helm/warpgate/templates/NOTES.txt
================================================
================================================
FILE: helm/warpgate/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "warpgate.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "warpgate.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "warpgate.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "warpgate.labels" -}}
helm.sh/chart: {{ include "warpgate.chart" . }}
{{ include "warpgate.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "warpgate.selectorLabels" -}}
app.kubernetes.io/name: {{ include "warpgate.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "warpgate.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "warpgate.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
================================================
FILE: helm/warpgate/templates/configmap.yaml
================================================
{{- if .Values.overrides_config }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "warpgate.fullname" . }}-config-overrides
labels:
{{- include "warpgate.labels" . | nindent 4 }}
data:
warpgate.yaml: |
{{ .Values.overrides_config | nindent 4 }}
{{- end }}
================================================
FILE: helm/warpgate/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "warpgate.fullname" . }}
labels:
{{- include "warpgate.labels" . | nindent 4 }}
{{- with .Values.deploymentLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "warpgate.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "warpgate.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
initContainers:
- name: {{ .Chart.Name }}-setup
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- if .Values.setup.envFromSecret }}
env:
{{- range $key, $val := .Values.setup.envFromSecret }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ (split "/" $val)._0 }}
key: {{ (split "/" $val)._1 }}
{{- end }}
{{- end }}
command:
- /bin/sh
- -c
- |
set -e
if [ -d /ssh-keys ]; then
mkdir -p /data/ssh-keys
cp /ssh-keys/client-ed25519 /ssh-keys/client-rsa /ssh-keys/host-ed25519 /ssh-keys/host-rsa /data/ssh-keys/
chmod -R 600 /data/ssh-keys/*
fi
if [ -d /tls-cert ]; then
cp /tls-cert/tls.crt /data/tls.certificate.pem
cp /tls-cert/tls.key /data/tls.key.pem
chmod 600 /data/tls.certificate.pem
chmod 600 /data/tls.key.pem
fi
{{- if .Values.setup.enabled }}
{{- if eq .Values.setup.type "podinit" }}
if [ ! -f /data/warpgate.yaml ]; then
warpgate -c /data/warpgate.yaml unattended-setup --data-path /data
{{- if .Values.setup.http }} --http-port {{ .Values.setup.http }} {{- end }}
{{- if .Values.setup.ssh }} --ssh-port {{ .Values.setup.ssh }} {{- end }}
{{- if .Values.setup.mysql }} --mysql-port {{ .Values.setup.mysql }} {{- end }}
{{- if .Values.setup.pgsql }} --postgres-port {{ .Values.setup.pgsql }} {{- end }}
{{- if .Values.setup.kubernetes }} --kubernetes-port {{ .Values.setup.kubernetes }} {{- end }}
{{- if .Values.setup.databaseUrl }} --database-url "{{ .Values.setup.databaseUrl }}" {{- end }}
{{- if .Values.setup.recordSessions }} --record-sessions {{- end }}
{{- if .Values.setup.disableIpV6 }}
sed -i 's/\[::\]:\([0-9]\+\)/0.0.0.0:\1/g' /data/warpgate.yaml
{{- end }}
fi
{{- end }}
{{- end }}
if [ -d /override ]; then
cp /override/warpgate.yaml /data/warpgate.yaml
{{- if .Values.config_env_var_replace }}
VARS="{{ .Values.config_env_var_replace }}"
for VAR in $VARS; do
VAL=$(printenv "$VAR")
ESCAPED=$(printf '%s' "$VAL" | sed -e 's/[\/&]/\\&/g')
FVAR=$(printf '$%s' "$VAR")
sed -i "s/$FVAR/$ESCAPED/g" /data/warpgate.yaml
done
{{- end }}
chmod 600 /data/warpgate.yaml
fi
volumeMounts:
- name: data
mountPath: /data
{{- if .Values.ssh_keys_secret }}
- name: ssh-keys
mountPath: /ssh-keys
{{- end }}
{{- if .Values.tls_cert_secret }}
- name: tls-cert
mountPath: /tls-cert
{{- end }}
{{- if .Values.overrides_config }}
- name: override-config
mountPath: /override
{{- end }}
{{- if .Values.volume_mounts }}
{{- toYaml .Values.volume_mounts | nindent 12 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- warpgate
- -c
- /data/warpgate.yaml
- run
ports:
{{- if .Values.setup.ssh }}
- name: ssh
containerPort: {{ .Values.setup.ssh }}
protocol: TCP
{{- end }}
{{- if .Values.setup.http }}
- name: http
containerPort: {{ .Values.setup.http }}
protocol: TCP
{{- end }}
{{- if .Values.setup.mysql }}
- name: mysql
containerPort: {{ .Values.setup.mysql }}
protocol: TCP
{{- end }}
{{- if .Values.setup.pgsql }}
- name: pgsql
containerPort: {{ .Values.setup.pgsql }}
protocol: TCP
{{- end }}
{{- if .Values.setup.kubernetes }}
- name: kubernetes
containerPort: {{ .Values.setup.kubernetes }}
protocol: TCP
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- with .Values.volume_mounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
- name: data
mountPath: /data
volumes:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ssh_keys_secret }}
- name: ssh-keys
secret:
secretName: {{ . }}
{{- end }}
{{- with .Values.tls_cert_secret }}
- name: tls-cert
secret:
secretName: {{ . }}
{{- end }}
{{- if .Values.overrides_config }}
- name: override-config
configMap:
name: {{ include "warpgate.fullname" . }}-config-overrides
{{- end }}
{{- if .Values.data.pvc.enabled }}
- name: data
persistentVolumeClaim:
{{- if .Values.data.pvc.claimName }}
claimName: {{ .Values.data.pvc.claimName }}
{{- else }}
claimName: {{ include "warpgate.fullname" . }}-data
{{- end }}
{{- else }}
- name: data
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
================================================
FILE: helm/warpgate/templates/httproute.yaml
================================================
{{- if .Values.httpRoute.enabled -}}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ include "warpgate.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "warpgate.labels" . | nindent 4 }}
{{- with .Values.httpRoute.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.httpRoute.parentRefs }}
parentRefs:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.httpRoute.hostnames }}
hostnames:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
- backendRefs:
- name: {{ include "warpgate.fullname" . }}
port: {{ .Values.service.ports.http }}
{{- end }}
================================================
FILE: helm/warpgate/templates/ingress.yaml
================================================
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "warpgate.fullname" . }}
labels:
{{- include "warpgate.labels" . | nindent 4 }}
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.ingress.className }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- with .pathType }}
pathType: {{ . }}
{{- end }}
backend:
service:
name: {{ include "warpgate.fullname" $ }}
port:
number: {{ $.Values.service.ports.http }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: helm/warpgate/templates/pvc.yaml
================================================
{{- if and .Values.data.pvc.enabled (not .Values.data.pvc.claimName) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "warpgate.fullname" . }}-data
labels:
{{- include "warpgate.labels" . | nindent 4 }}
spec:
{{- toYaml .Values.data.pvc.template | nindent 2 }}
{{- end }}
================================================
FILE: helm/warpgate/templates/service.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: {{ include "warpgate.fullname" . }}
labels:
{{- include "warpgate.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end}}
spec:
type: {{ .Values.service.type }}
ports:
{{- with .Values.service.ports.ssh }}
{{- if ne (int .) 0 }}
- port: {{ . }}
targetPort: ssh
protocol: TCP
name: ssh
{{- end }}
{{- end }}
{{- with .Values.service.ports.http }}
{{- if ne (int .) 0 }}
- port: {{ . }}
targetPort: http
protocol: TCP
name: http
{{- end }}
{{- end }}
{{- with .Values.service.ports.mysql }}
{{- if ne (int .) 0 }}
- port: {{ . }}
targetPort: mysql
protocol: TCP
name: mysql
{{- end }}
{{- end }}
{{- with .Values.service.ports.pgsql }}
{{- if ne (int .) 0 }}
- port: {{ . }}
targetPort: pgsql
protocol: TCP
name: pgsql
{{- end }}
{{- end }}
{{- with .Values.service.ports.kubernetes }}
{{- if ne (int .) 0 }}
- port: {{ . }}
targetPort: kubernetes
protocol: TCP
name: kubernetes
{{- end }}
{{- end }}
selector:
{{- include "warpgate.selectorLabels" . | nindent 4 }}
================================================
FILE: helm/warpgate/templates/setup-job.yaml
================================================
{{- if .Values.setup.enabled }}
{{- if eq .Values.setup.type "job" }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "warpgate.fullname" . }}-setup-job
spec:
template:
spec:
restartPolicy: OnFailure
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-setup
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- if .Values.setup.envFromSecret }}
env:
{{- range $key, $val := .Values.setup.envFromSecret }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ (split "/" $val)._0 }}
key: {{ (split "/" $val)._1 }}
{{- end }}
{{- end }}
command:
- /bin/sh
- -c
- |
set -e
if [ -d /ssh-keys ]; then
mkdir -p /data/ssh-keys
cp /ssh-keys/client-ed25519 /ssh-keys/client-rsa /ssh-keys/host-ed25519 /ssh-keys/host-rsa /data/ssh-keys/
chmod -R 600 /data/ssh-keys/*
fi
if [ -d /tls-cert ]; then
cp /tls-cert/tls.crt /data/tls.certificate.pem
cp /tls-cert/tls.key /data/tls.key.pem
fi
if [ -f /data/warpgate.yaml ]; then
# Creates the admin user which is normally only created when the unattended-setup is called. REF: https://github.com/warp-tech/warpgate/issues/1618
warpgate -c /data/warpgate.yaml create-user --password "$WARPGATE_ADMIN_PASSWORD" --role warpgate:admin admin
else
warpgate -c /data/warpgate.yaml unattended-setup --data-path /data \
{{- if .Values.setup.http }} --http-port {{ .Values.setup.http }} {{- end }}
{{- if .Values.setup.ssh }} --ssh-port {{ .Values.setup.ssh }} {{- end }}
{{- if .Values.setup.mysql }} --mysql-port {{ .Values.setup.mysql }} {{- end }}
{{- if .Values.setup.pgsql }} --postgres-port {{ .Values.setup.pgsql }} {{- end }}
{{- if .Values.setup.kubernetes }} --kubernetes-port {{ .Values.setup.kubernetes }} {{- end }}
{{- if .Values.setup.databaseUrl }} --database-url "{{ .Values.setup.databaseUrl }}" {{- end }}
{{- if .Values.setup.recordSessions }} --record-sessions {{- end }}
{{- if .Values.setup.disableIpV6 }}
sed -i 's/\[::\]:\([0-9]\+\)/0.0.0.0:\1/g' /data/warpgate.yaml
{{- end }}
fi
volumeMounts:
- name: data
mountPath: /data
{{- if .Values.ssh_keys_secret }}
- name: ssh-keys
mountPath: /ssh-keys
{{- end }}
{{- if .Values.tls_cert_secret }}
- name: tls-cert
mountPath: /tls-cert
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- with .Values.ssh_keys_secret }}
- name: ssh-keys
secret:
secretName: {{ . }}
{{- end }}
{{- with .Values.tls_cert_secret }}
- name: tls-cert
secret:
secretName: {{ . }}
{{- end }}
{{- if .Values.data.pvc.enabled }}
- name: data
persistentVolumeClaim:
{{- if .Values.data.pvc.claimName }}
claimName: {{ .Values.data.pvc.claimName }}
{{- else }}
claimName: {{ include "warpgate.fullname" . }}-data
{{- end }}
{{- else }}
- name: data
emptyDir: {}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: helm/warpgate/values.yaml
================================================
# Number of replicas for Warpgate deployment
# Do NOT increase above 1 when using SQLite as the database!
replicaCount: 1
image:
repository: ghcr.io/warp-tech/warpgate
pullPolicy: IfNotPresent
tag: "0.16.0"
# References to Kubernetes secrets for pulling images (if using a private registry)
imagePullSecrets: []
# Extra annotations/labels for deployment or pods
deploymentAnnotations: {}
deploymentLabels: {}
podAnnotations: {}
podLabels: {}
# Override chart name if desired
nameOverride: ""
fullnameOverride: ""
# Pod-level security context (applies to all containers)
podSecurityContext: {}
# fsGroup: 2000
# Container-level security context
securityContext: {}
# capabilities:
# drop: [ "ALL" ]
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# Resource requests/limits for the Warpgate container
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Node scheduling options
nodeSelector: {}
tolerations: []
affinity: {}
# Secret with SSH host/client private keys:
# expected keys: client-ed25519, client-rsa, host-ed25519, host-rsa
# If not provided, Warpgate will generate them inside the PVC
ssh_keys_secret: ""
# Secret containing TLS certs (tls.key, tls.crt)
tls_cert_secret: ""
# Provide a full Warpgate config to override the auto-generated one
# ⚠️ If set, ensure ports match the setup/service config below
overrides_config: ""
# Space-separated list of environment variable names to substitute in the config
# Example: "FOO BAR" → replaces $FOO and $BAR from pod environment
config_env_var_replace: ""
# Additional custom volumes & mounts (advanced use-cases)
volumes: []
volume_mounts: []
# Persistence configuration
# If disabled and no external DB is used, all data will be lost on pod restart!
# If you are using config_overrides, ca, ssh keyds form secrets and external databse you can use emptyDir
data:
pvc:
enabled: false # true = use PersistentVolumeClaim, false = use emptyDir
claimName: "" # if set, uses existing PVC instead of template
template: {} # PVC template spec for dynamic provisioning
# Automatic Warpgate setup
# Ref: https://warpgate.null.page/getting-started/#setup
setup:
enabled: true
# Setup mode:
# - job: (recommended) one-time Kubernetes Job runs setup
# - podinit: initContainer mode (use only if you don't persist data via PVC)
type: "job"
# Secret containing initial admin password
# Format: <secret-name>/<key>
envFromSecret:
WARPGATE_ADMIN_PASSWORD: "warpgate-secret/adminPassword"
# Config options (overridden if overrides_config is used)
disableIpV6: false
recordSessions: true
databaseUrl: "" # Optional: PostgreSQL connection string
# Ports to expose. Set to 0 or false to disable protocol.
ssh: 2222
http: 8888
mysql: 33306
pgsql: 55432
kubernetes: 0
# kubernetes: 6443
# Resources for init container (runs setup)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Kubernetes Service definition
service:
annotations: {}
type: ClusterIP
ports:
ssh: 2222
http: 8888
mysql: 33306
pgsql: 55432
kubernetes: 0
# kubernetes: 6443
# Ingress configuration
ingress:
enabled: false
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: default-issuer
kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts: []
tls: []
# HTTPRoute configuration
httpRoute:
enabled: false
annotations: {}
parentRefs: []
# - name: gateway-name
# namespace: gateway-namespace
# sectionName: gateway-section-name
hostnames: []
# - warpgate.example.com
================================================
FILE: justfile
================================================
projects := "warpgate warpgate-admin warpgate-common warpgate-db-entities warpgate-db-migrations warpgate-database-protocols warpgate-protocol-ssh warpgate-protocol-mysql warpgate-protocol-postgres warpgate-protocol-kubernetes warpgate-protocol-http warpgate-core warpgate-sso"
run $RUST_BACKTRACE='1' *ARGS='run':
cargo run --all-features -- --config config.yaml {{ARGS}}
fmt:
for p in {{projects}}; do cargo fmt -p $p -v; done
fix *ARGS:
for p in {{projects}}; do cargo fix --all-features -p $p {{ARGS}}; done
clippy *ARGS:
for p in {{projects}}; do cargo cranky --all-features -p $p {{ARGS}}; done
test:
for p in {{projects}}; do cargo test --all-features -p $p; done
npm *ARGS:
cd warpgate-web && npm {{ARGS}}
npx *ARGS:
cd warpgate-web && npx {{ARGS}}
migrate *ARGS:
cargo run --all-features -p warpgate-db-migrations -- {{ARGS}}
lint *ARGS:
cd warpgate-web && npm run lint {{ARGS}}
svelte-check:
cd warpgate-web && npm run check
openapi-all:
cd warpgate-web && npm run openapi:schema:admin && npm run openapi:schema:gateway && npm run openapi:client:admin && npm run openapi:client:gateway
openapi:
cd warpgate-web && npm run openapi:client:admin && npm run openapi:client:gateway
config-schema:
cargo run -p warpgate-common --bin config-schema > config-schema.json
cleanup: (fix "--allow-dirty") (clippy "--fix" "--allow-dirty") fmt svelte-check lint
udeps:
cargo udeps --all-features --all-targets
================================================
FILE: rust-toolchain
================================================
nightly-2025-10-21
================================================
FILE: rustfmt.toml
================================================
imports_granularity = "Module"
group_imports = "StdExternalCrate"
================================================
FILE: sonar-project.properties
================================================
sonar.projectKey=warp-tech_warpgate
sonar.organization=warp-tech
sonar.sources=.
sonar.inclusions=warpgate-*/**/*
sonar.rust.lcov.reportPaths=coverage.lcov
================================================
FILE: tests/.gitignore
================================================
api_sdk
================================================
FILE: tests/Makefile
================================================
image-ssh-server:
cd images/ssh-server && docker build -t warpgate-e2e-ssh-server .
image-mysql-server:
cd images/mysql-server && docker build -t warpgate-e2e-mysql-server .
image-postgres-server:
cd images/postgres-server && docker build -t warpgate-e2e-postgres-server .
all: image-ssh-server image-mysql-server image-postgres-server
================================================
FILE: tests/__init__.py
================================================
================================================
FILE: tests/api_client.py
================================================
from contextlib import contextmanager
try:
# in-IDE
import api_sdk.openapi_client as sdk
except ImportError:
import openapi_client as sdk
@contextmanager
def admin_client(host, token="token-value"):
config = sdk.Configuration(
host=f"{host}/@warpgate/admin/api",
api_key={
"TokenSecurityScheme": token,
},
)
config.verify_ssl = False
with sdk.ApiClient(config) as api_client:
yield sdk.DefaultApi(api_client)
================================================
FILE: tests/certs/tls.certificate.pem
================================================
-----BEGIN CERTIFICATE-----
MIIBYjCCAQmgAwIBAgIJAKXIp8GepnCzMAoGCCqGSM49BAMCMCExHzAdBgNVBAMM
FnJjZ2VuIHNlbGYgc2lnbmVkIGNlcnQwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAx
MDEwMDAwMDBaMCExHzAdBgNVBAMMFnJjZ2VuIHNlbGYgc2lnbmVkIGNlcnQwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAARAtRfTqyH8+eXf12Vftm6VcMhhYG6Ape3O
tcLfIWJo1krsOP+96r5U20ya7YVVFmYFPoQToAOoio2dxlX3jOL/oygwJjAkBgNV
HREEHTAbgg53YXJwZ2F0ZS5sb2NhbIIJbG9jYWxob3N0MAoGCCqGSM49BAMCA0cA
MEQCICTt3I/PsgF8Rvu6aKwY2LTouZyxReDMiCePzsqdAxXAAiATNw61MBylNaAF
FGkPqR0VZIR6sIFHZnib9JQNhka2Fg==
-----END CERTIFICATE-----
================================================
FILE: tests/certs/tls.key.pem
================================================
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg0tJmr/OSF7neTQOV
gQn+qHCdVsOENdMc86RlWPiWDlKhRANCAARAtRfTqyH8+eXf12Vftm6VcMhhYG6A
pe3OtcLfIWJo1krsOP+96r5U20ya7YVVFmYFPoQToAOoio2dxlX3jOL/
-----END PRIVATE KEY-----
================================================
FILE: tests/conftest.py
================================================
import logging
import os
import time
import psutil
import pytest
import requests
import shutil
import signal
import subprocess
import tempfile
import urllib3
import uuid
import base64
# cryptography is used to generate client certificates/CSRs locally
from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.x509.oid import NameOID
from dataclasses import dataclass
from pathlib import Path
from textwrap import dedent
from typing import List, Optional
from deepmerge import always_merger
from .util import _wait_timeout, alloc_port, wait_port
from .test_http_common import echo_server_port # noqa
cargo_root = Path(os.getcwd()).parent
enable_coverage = os.getenv("ENABLE_COVERAGE", "0") == "1"
binary_path = (
"target/llvm-cov-target/debug/warpgate"
if enable_coverage
else "target/debug/warpgate"
)
@dataclass
class Context:
tmpdir: Path
@dataclass
class K3sInstance:
port: int
token: str
container_name: str
client_cert: str
client_key: str
def kubectl(self, cmd_args, input=None, check=True):
ret = subprocess.run(
["docker", "exec", "-i", self.container_name, "kubectl", *cmd_args],
input=input,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
if check:
try:
ret.check_returncode()
except subprocess.CalledProcessError as e:
logging.error(
f"kubectl command failed: {' '.join(cmd_args)}\nstdout: {e.stdout.decode()}\nstderr: {e.stderr.decode()}"
)
raise
return ret
@dataclass
class Child:
process: subprocess.Popen
stop_signal: signal.Signals
stop_timeout: float
@dataclass
class WarpgateProcess:
config_path: Path
process: subprocess.Popen
http_port: int
ssh_port: int
mysql_port: int
postgres_port: int
kubernetes_port: int
class ProcessManager:
children: List[Child]
def __init__(self, ctx: Context, timeout: int) -> None:
self.children = []
self.ctx = ctx
self.timeout = timeout
def stop(self):
for child in self.children:
try:
p = psutil.Process(child.process.pid)
except psutil.NoSuchProcess:
continue
p.send_signal(child.stop_signal)
for sp in p.children(recursive=True):
try:
sp.terminate()
except psutil.NoSuchProcess:
pass
try:
p.wait(timeout=child.stop_timeout)
except psutil.TimeoutExpired:
for sp in p.children(recursive=True):
try:
sp.kill()
except psutil.NoSuchProcess:
pass
p.kill()
def start_ssh_server(self, trusted_keys=[], extra_config=""):
port = alloc_port()
data_dir = self.ctx.tmpdir / f"sshd-{uuid.uuid4()}"
data_dir.mkdir(parents=True)
authorized_keys_path = data_dir / "authorized_keys"
authorized_keys_path.write_text("\n".join(trusted_keys))
config_path = data_dir / "sshd_config"
config_path.write_text(
dedent(
f"""\
Port 22
AuthorizedKeysFile {authorized_keys_path}
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
UseDNS no
PermitTunnel yes
StrictModes no
PermitRootLogin yes
HostKey /ssh-keys/id_ed25519
Subsystem sftp /usr/lib/ssh/sftp-server
LogLevel DEBUG3
{extra_config}
"""
)
)
data_dir.chmod(0o700)
authorized_keys_path.chmod(0o600)
config_path.chmod(0o600)
self.start(
[
"docker",
"run",
"--rm",
"-p",
f"{port}:22",
"-v",
f"{data_dir}:{data_dir}",
"-v",
f"{os.getcwd()}/ssh-keys:/ssh-keys",
"warpgate-e2e-ssh-server",
"-f",
str(config_path),
]
)
return port
def start_mysql_server(self):
port = alloc_port()
self.start(
["docker", "run", "--rm", "-p", f"{port}:3306", "warpgate-e2e-mysql-server"]
)
return port
def start_postgres_server(self):
port = alloc_port()
container_name = f"warpgate-e2e-postgres-server-{uuid.uuid4()}"
self.start(
[
"docker",
"run",
"--rm",
"--name",
container_name,
"-p",
f"{port}:5432",
"warpgate-e2e-postgres-server",
]
)
def wait_postgres():
while True:
try:
subprocess.check_call(
[
"docker",
"exec",
container_name,
"pg_isready",
"-h",
"localhost",
"-U",
"user",
]
)
break
except subprocess.CalledProcessError:
time.sleep(1)
_wait_timeout(wait_postgres, "Postgres is not ready", timeout=self.timeout)
logging.debug(f"Postgres {container_name} is up")
return port
def start_k3s(self) -> K3sInstance:
"""
Runs a privileged k3s container, waits for the API to be ready,
creates a ServiceAccount and clusterrolebinding, then uses
`kubectl create token` to fetch the bearer token. Assumes a modern
k8s version (no fallback logic needed).
"""
port = alloc_port()
container_name = f"warpgate-e2e-k3s-{uuid.uuid4()}"
image = os.getenv("K3S_IMAGE", "rancher/k3s:v1.35.2-k3s1")
self.start(
[
"docker",
"run",
"--rm",
"--name",
container_name,
"--privileged",
"-p",
f"{port}:6443",
image,
"server",
"--disable",
"traefik",
]
)
def wait_k3s():
# Wait until kube-apiserver is responding
while True:
try:
subprocess.check_call(
[
"docker",
"exec",
container_name,
"kubectl",
"get",
"nodes",
],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
)
break
except subprocess.CalledProcessError:
time.sleep(1)
_wait_timeout(wait_k3s, "k3s API is not ready", timeout=self.timeout * 5)
# k3s sometimes returns OK for `get nodes` before namespace controller
# has created the "default" namespace. make sure it exists before we
# try to create objects inside it.
def wait_default_ns():
while True:
r = subprocess.run(
[
"docker",
"exec",
container_name,
"kubectl",
"get",
"namespace",
"default",
],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
)
if r.returncode:
time.sleep(1)
else:
break
_wait_timeout(
wait_default_ns, "default namespace is not ready", timeout=self.timeout * 5
)
# Create service account inside the container
subprocess.check_call(
[
"docker",
"exec",
container_name,
"kubectl",
"create",
"serviceaccount",
"test-sa",
"-n",
"default",
]
)
# Assign cluster admin role so our SA can do anything
subprocess.check_call(
[
"docker",
"exec",
container_name,
"kubectl",
"create",
"clusterrolebinding",
"test-sa-binding",
"--clusterrole=cluster-admin",
"--serviceaccount=default:test-sa",
]
)
token = (
subprocess.check_output(
[
"docker",
"exec",
container_name,
"kubectl",
"create",
"token",
"test-sa",
"-n",
"default",
],
stderr=subprocess.DEVNULL,
)
.decode()
.strip()
)
# generate a client key and CSR locally, then ask the k3s CA to sign it
key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
csr = (
x509.CertificateSigningRequestBuilder()
.subject_name(
x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "system:masters")])
)
.sign(key, hashes.SHA256())
)
client_key = key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
).decode()
csr_pem = csr.public_bytes(serialization.Encoding.PEM)
# create the CSR resource inside the cluster using kubectl
csr_name = "wg-client"
csr_yaml = dedent(
f"""
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: {csr_name}
spec:
groups:
- system:authenticated
- system:masters
request: {base64.b64encode(csr_pem).decode()}
signerName: kubernetes.io/kube-apiserver-client
usages:
- client auth
"""
)
subprocess.run(
[
"docker",
"exec",
"-i",
container_name,
"sh",
"-c",
"kubectl apply -f -",
],
input=csr_yaml.encode(),
check=True,
)
subprocess.check_call(
[
"docker",
"exec",
container_name,
"kubectl",
"certificate",
"approve",
csr_name,
]
)
# after approving the CSR the certificate may take a moment to
# appear in the resource status
def fetch_cert() -> str:
while True:
cert = subprocess.check_output(
[
"docker",
"exec",
container_name,
"sh",
"-c",
(
f"kubectl get csr {csr_name} -o jsonpath='{{.status.certificate}}' "
"| base64 -d"
),
]
).decode()
if cert:
return cert
time.sleep(0.1)
client_cert = ""
_wait_timeout(
fetch_cert,
"k3s did not sign CSR",
timeout=self.timeout,
)
client_cert = fetch_cert()
logging.debug("retrieved signed client certificate from k3s")
# the cert subject is "system:masters" so bind that user.
subprocess.check_call(
[
"docker",
"exec",
container_name,
"kubectl",
"create",
"clusterrolebinding",
"wg-cert-binding",
"--clusterrole=cluster-admin",
"--user=system:masters",
]
)
logging.debug(f"k3s {container_name} is up on port {port}")
return K3sInstance(
port=port,
token=token,
container_name=container_name,
client_cert=client_cert,
client_key=client_key,
)
def start_oidc_server(
self,
warpgate_http_port,
extra_scopes=None,
users_override=None,
extra_identity_resources=None,
):
port = alloc_port()
container_name = f"warpgate-e2e-oidc-mock-{uuid.uuid4()}"
oidc_data_dir = self.ctx.tmpdir / f"oidc-{uuid.uuid4()}"
oidc_data_dir.mkdir(parents=True)
import json as _json
allowed_scopes = [
"openid",
"profile",
"email",
"preferred_username",
]
if extra_scopes:
allowed_scopes.extend(extra_scopes)
clients_config = [
{
"ClientId": "warpgate-test",
"ClientSecrets": ["warpgate-test-secret"],
"AllowedGrantTypes": ["authorization_code"],
"AllowedScopes": allowed_scopes,
"ClientClaimsPrefix": "",
"RedirectUris": [
f"https://127.0.0.1:{warpgate_http_port}/@warpgate/api/sso/return"
],
}
]
clients_config_path = oidc_data_dir / "clients-config.json"
with open(clients_config_path, "w") as f:
_json.dump(clients_config, f)
server_options = _json.dumps(
{
"AccessTokenJwtType": "JWT",
"Discovery": {"ShowKeySet": True},
"Authentication": {
"CookieSameSiteMode": "Lax",
"CheckSessionCookieSameSiteMode": "Lax",
},
}
)
default_users = [
{
"SubjectId": "1",
"Username": "User1",
"Password": "pwd",
"Claims": [
{
"Type": "name",
"Value": "Sam Tailor",
"ValueType": "string",
},
{
"Type": "email",
"Value": "sam.tailor@gmail.com",
"ValueType": "string",
},
{
"Type": "preferred_username",
"Value": "sam_tailor",
"ValueType": "string",
},
],
}
]
users_config = _json.dumps(
users_override if users_override is not None else default_users
)
identity_resources_list = [
{"Name": "preferred_username", "ClaimTypes": ["preferred_username"]},
]
if extra_identity_resources:
identity_resources_list.extend(extra_identity_resources)
identity_resources = _json.dumps(identity_resources_list)
self.start(
[
"docker",
"run",
"--rm",
"--name",
container_name,
"-p",
f"{port}:8080",
"-e",
"ASPNETCORE_ENVIRONMENT=Development",
"-e",
f"SERVER_OPTIONS_INLINE={server_options}",
"-e",
'LOGIN_OPTIONS_INLINE={"AllowRememberLogin": true}',
"-e",
f"USERS_CONFIGURATION_INLINE={users_config}",
"-e",
f"IDENTITY_RESOURCES_INLINE={identity_resources}",
"-e",
"CLIENTS_CONFIGURATION_PATH=/tmp/config/clients-config.json",
"-v",
f"{oidc_data_dir}:/tmp/config:ro",
"ghcr.io/soluto/oidc-server-mock:0.10.1",
]
)
def wait_oidc():
import urllib3
urllib3.disable_warnings()
while True:
try:
r = requests.get(
f"http://localhost:{port}/.well-known/openid-configuration",
timeout=2,
)
if r.status_code == 200:
break
except Exception:
pass
time.sleep(0.5)
_wait_timeout(wait_oidc, "OIDC mock is not ready", timeout=self.timeout * 3)
logging.debug(f"OIDC mock {container_name} is up on port {port}")
return port
def start_wg(
self,
config_patch=None,
args=None,
share_with: Optional[WarpgateProcess] = None,
stderr=None,
stdout=None,
http_port=None,
) -> WarpgateProcess:
args = args or ["run", "--enable-admin-token"]
if share_with:
config_path = share_with.config_path
ssh_port = share_with.ssh_port
mysql_port = share_with.mysql_port
postgres_port = share_with.postgres_port
http_port = share_with.http_port
kubernetes_port = share_with.kubernetes_port
else:
ssh_port = alloc_port()
http_port = http_port or alloc_port()
mysql_port = alloc_port()
postgres_port = alloc_port()
kubernetes_port = alloc_port()
data_dir = self.ctx.tmpdir / f"wg-data-{uuid.uuid4()}"
data_dir.mkdir(parents=True)
keys_dir = data_dir / "ssh-keys"
keys_dir.mkdir(parents=True)
for k in [
Path("ssh-keys/wg/client-ed25519"),
Path("ssh-keys/wg/client-rsa"),
Path("ssh-keys/wg/host-ed25519"),
Path("ssh-keys/wg/host-rsa"),
]:
shutil.copy(k, keys_dir / k.name)
for k in [
Path("certs/tls.certificate.pem"),
Path("certs/tls.key.pem"),
]:
shutil.copy(k, data_dir / k.name)
config_path = data_dir / "warpgate.yaml"
def run(args, env={}):
return self.start(
[
os.path.join(cargo_root, binary_path),
"--config",
str(config_path),
*args,
],
cwd=cargo_root,
env={
**os.environ,
"LLVM_PROFILE_FILE": f"{cargo_root}/target/llvm-cov-target/warpgate-%m.profraw",
"WARPGATE_ADMIN_TOKEN": "token-value",
"WARPGATE_UNDER_TEST": "1",
**env,
},
stop_signal=signal.SIGINT,
stop_timeout=5,
stderr=stderr,
stdout=stdout,
)
if not share_with:
p = run(
[
"unattended-setup",
"--ssh-port",
str(ssh_port),
"--http-port",
str(http_port),
"--mysql-port",
str(mysql_port),
"--postgres-port",
str(postgres_port),
"--kubernetes-port",
str(kubernetes_port),
"--data-path",
data_dir,
"--external-host",
"external-host",
],
env={"WARPGATE_ADMIN_PASSWORD": "123"},
)
p.communicate()
assert p.returncode == 0
import yaml
config = yaml.safe_load(config_path.open())
config["ssh"]["host_key_verification"] = "auto_accept"
if config_patch:
always_merger.merge(config, config_patch)
with config_path.open("w") as f:
yaml.safe_dump(config, f)
p = run(args)
return WarpgateProcess(
process=p,
config_path=config_path,
ssh_port=ssh_port,
http_port=http_port,
mysql_port=mysql_port,
postgres_port=postgres_port,
kubernetes_port=kubernetes_port,
)
def start_ssh_client(self, *args, password=None, **kwargs):
preargs = []
if password:
preargs = ["sshpass", "-p", password]
p = self.start(
[
*preargs,
"ssh",
# '-v',
"-o",
"IdentitiesOnly=yes",
"-o",
"StrictHostKeychecking=no",
"-o",
"UserKnownHostsFile=/dev/null",
*args,
],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
**kwargs,
)
return p
def start(self, args, stop_timeout=3, stop_signal=signal.SIGTERM, **kwargs):
p = subprocess.Popen(args, **kwargs)
self.children.append(
Child(process=p, stop_signal=stop_signal, stop_timeout=stop_timeout)
)
return p
@pytest.fixture(scope="session")
def timeout():
t = os.getenv("TIMEOUT", "10")
return int(t)
@pytest.fixture(scope="session")
def ctx():
with tempfile.TemporaryDirectory() as tmpdir:
ctx = Context(tmpdir=Path(tmpdir))
yield ctx
@pytest.fixture(scope="session")
def processes(ctx, timeout, report_generation):
mgr = ProcessManager(ctx, timeout)
try:
yield mgr
finally:
mgr.stop()
@pytest.fixture(scope="session", autouse=True)
def report_generation():
if not enable_coverage:
yield None
return
# subprocess.call(['cargo', 'llvm-cov', 'clean', '--workspace'])
subprocess.check_call(
[
"cargo",
"llvm-cov",
"run",
"--no-cfg-coverage-nightly",
"--all-features",
"--no-report",
"--",
"version",
],
cwd=cargo_root,
)
yield
# subprocess.check_call(['cargo', 'llvm-cov', '--no-run', '--hide-instantiations', '--html'], cwd=cargo_root)
@pytest.fixture(scope="session")
def shared_wg(processes: ProcessManager):
wg = processes.start_wg()
wait_port(wg.http_port, for_process=wg.process, recv=False)
wait_port(wg.ssh_port, for_process=wg.process)
wait_port(wg.kubernetes_port, for_process=wg.process, recv=False)
yield wg
# sometimes tests just want a pre‑configured API client for the admin
# endpoint. previously everyone called ``admin_client(url)`` directly;
# a fixture lets us compute the URL from ``shared_wg`` once and removes
# boilerplate from individual tests.
from .api_client import admin_client as _admin_client_context
@pytest.fixture
def admin_client(shared_wg: WarpgateProcess):
"""Yields a ``sdk.DefaultApi`` instance authenticated with the
built-in token and pointing at the running warpgate instance.
Usage::
def test_something(shared_wg, admin_client):
user = admin_client.create_user(...)
"""
url = f"https://localhost:{shared_wg.http_port}"
with _admin_client_context(url) as api:
yield api
# ----
@pytest.fixture(scope="session")
def wg_c_ed25519_pubkey():
return Path(os.getcwd()) / "ssh-keys/wg/client-ed25519.pub"
@pytest.fixture(scope="session")
def wg_c_rsa_pubkey():
return Path(os.getcwd()) / "ssh-keys/wg/client-rsa.pub"
@pytest.fixture(scope="session")
def otp_key_base64():
return "Isj0ekwF1YsKW8VUUQiU4awp/9dMnyMcTPH9rlr1OsE="
@pytest.fixture(scope="session")
def otp_key_base32():
return "ELEPI6SMAXKYWCS3YVKFCCEU4GWCT76XJSPSGHCM6H624WXVHLAQ"
@pytest.fixture(scope="session")
def password_123_hash():
return "$argon2id$v=19$m=4096,t=3,p=1$cxT6YKZS7r3uBT4nPJXEJQ$GhjTXyGi5vD2H/0X8D3VgJCZSXM4I8GiXRzl4k5ytk0"
logging.basicConfig(level=logging.DEBUG)
requests.packages.urllib3.disable_warnings()
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
subprocess.call("chmod 600 ssh-keys/id*", shell=True)
================================================
FILE: tests/images/mysql-server/Dockerfile
================================================
FROM mariadb:10.8@sha256:456709ab146585d6189da05669b84384518baecd83670c9e5221f8c20a47cf1e
ENV MYSQL_DATABASE=db
ENV MYSQL_ROOT_PASSWORD=123
ADD init.sql /docker-entrypoint-initdb.d
================================================
FILE: tests/images/mysql-server/init.sql
================================================
CREATE TABLE `db`.`table` (
`id` int(11) NOT NULL,
`name` varchar(1023) NOT NULL
) ENGINE=InnoDB;
================================================
FILE: tests/images/postgres-server/Dockerfile
================================================
FROM postgres:17.0@sha256:f176fef320ed02c347e9f85352620945547a9a23038f02b57cf7939a198182ae
ENV POSTGRES_DB=db
ENV POSTGRES_USER=user
ENV POSTGRES_PASSWORD=123
ADD init.sql /docker-entrypoint-initdb.d
================================================
FILE: tests/images/postgres-server/init.sql
================================================
CREATE TABLE tbl (
id int NOT NULL,
name text NOT NULL
);
================================================
FILE: tests/images/ssh-server/Dockerfile
================================================
FROM alpine:3.14@sha256:0f2d5c38dd7a4f4f733e688e3a6733cb5ab1ac6e3cb4603a5dd564e5bfb80eed
RUN apk add openssh curl
RUN passwd -u root
ENTRYPOINT ["/usr/sbin/sshd", "-De"]
================================================
FILE: tests/oidc-mock/clients-config.json
================================================
[
{
"ClientId": "implicit-mock-client",
"Description": "Client for implicit flow",
"AllowedGrantTypes": [
"implicit"
],
"AllowAccessTokensViaBrowser": true,
"RedirectUris": [
"https://warpgate.com/@warpgate/api/sso/return",
"https://127.0.0.1:8888/@warpgate/api/sso/return"
],
"AllowedScopes": [
"openid",
"profile",
"email",
"warpgate-scope",
"preferred_username"
],
"IdentityTokenLifetime": 3600,
"AccessTokenLifetime": 3600
},
{
"ClientId": "client-credentials-mock-client",
"ClientSecrets": [
"client-credentials-mock-client-secret"
],
"Description": "Client for client credentials flow",
"AllowedGrantTypes": [
"authorization_code"
],
"AllowedScopes": [
"openid",
"profile",
"email",
"warpgate-scope",
"preferred_username"
],
"ClientClaimsPrefix": "",
"RedirectUris": [
"https://warpgate.com/@warpgate/api/sso/return",
"https://127.0.0.1:8888/@warpgate/api/sso/return"
],
"Claims": [
{
"Type": "string_claim",
"Value": "string_claim_value",
"ValueType": "string"
},
{
"Type": "json_claim",
"Value": "[\"value1\", \"value2\"]",
"ValueType": "json"
}
]
}
]
================================================
FILE: tests/oidc-mock/docker-compose.yml
================================================
version: '3'
services:
oidc-server-mock:
container_name: oidc-server-mock
image: ghcr.io/soluto/oidc-server-mock:0.10.1
platform: linux/amd64
ports:
- '4011:8080'
environment:
ASPNETCORE_ENVIRONMENT: Development
SERVER_OPTIONS_INLINE: |
{
"AccessTokenJwtType": "JWT",
"Discovery": {
"ShowKeySet": true
},
"Authentication": {
"CookieSameSiteMode": "Lax",
"CheckSessionCookieSameSiteMode": "Lax"
}
}
LOGIN_OPTIONS_INLINE: |
{
"AllowRememberLogin": true
}
LOGOUT_OPTIONS_INLINE: |
{
"AutomaticRedirectAfterSignOut": true
}
IDENTITY_RESOURCES_INLINE: |
- Name: preferred_username
ClaimTypes:
- preferred_username
USERS_CONFIGURATION_INLINE: |
[
{
"SubjectId":"1",
"Username":"User1",
"Password":"pwd",
"Claims": [
{
"Type": "name",
"Value": "Sam Tailor",
"ValueType": "string"
},
{
"Type": "email",
"Value": "sam.tailor@gmail.com",
"ValueType": "string"
},
{
"Type": "preferred_username",
"Value": "sam_tailor",
"ValueType": "string"
},
]
}
]
CLIENTS_CONFIGURATION_PATH: /tmp/config/clients-config.json
ASPNET_SERVICES_OPTIONS_INLINE: |
{
"ForwardedHeadersOptions": {
"ForwardedHeaders" : "All"
}
}
volumes:
- .:/tmp/config:ro
================================================
FILE: tests/pyproject.toml
================================================
[tool.poetry]
name = "tests"
version = "0.1.0"
description = ""
authors = ["Your Name <you@example.com>"]
[tool.poetry.dependencies]
python = "^3.10"
pytest = "^8"
psutil = "^5.9.1"
pyotp = "^2.6.0"
paramiko = "^2.11.0"
Flask = "^2.2.1"
requests = "^2.28.1"
flask-sock = "^0.5.2"
websocket-client = "^1.3.3"
PyYAML = "^6.0.2"
deepmerge = "^2"
openapi-client = { path = "./api_sdk", develop = true }
aiohttp = "^3.11.18"
cryptography = "^46"
[tool.poetry.dev-dependencies]
flake8 = "^5.0.2"
black = "^24"
[tool.poetry.group.dev.dependencies]
pytest-asyncio = "^0.26.0"
pytest-timeout = "^2.4.0"
pyright = "^1.1.408"
[tool.pytest.ini_options]
minversion = "6.0"
filterwarnings = ["ignore::urllib3.exceptions.InsecureRequestWarning"]
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"
================================================
FILE: tests/run.sh
================================================
#!/bin/sh
set -e
cd ..
rm target/llvm-cov-target/* || true
cargo llvm-cov clean --workspace
cargo llvm-cov --no-cfg-coverage-nightly --no-report --workspace --all-features -- --skip agent
cd tests
RUST_BACKTRACE=1 ENABLE_COVERAGE=1 poetry run pytest --timeout 300 $@
cargo llvm-cov report --html
================================================
FILE: tests/ssh-keys/id_ed25519
================================================
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACAz/wkEtOQGGLxHmd1+hD0hOJYri7j+8Oqex4CMnTr26gAAAKC8ieiIvIno
iAAAAAtzc2gtZWQyNTUxOQAAACAz/wkEtOQGGLxHmd1+hD0hOJYri7j+8Oqex4CMnTr26g
AAAEBe+1fXsb/WtCsxt6nR5fVqIX9WHQqbpiVxxNTy41IsFDP/CQS05AYYvEeZ3X6EPSE4
liuLuP7w6p7HgIydOvbqAAAAHGV1Z2VuZUBFdWdlbmVzLU1CUC5mcml0ei5ib3gB
-----END OPENSSH PRIVATE KEY-----
================================================
FILE: tests/ssh-keys/id_ed25519.pub
================================================
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP/CQS05AYYvEeZ3X6EPSE4liuLuP7w6p7HgIydOvbq
================================================
FILE: tests/ssh-keys/id_rsa
================================================
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAnd9Mz8FnYZm/pXB1J+3Yx8IDsb8vuggGmE/xJZm/H0vuCD4vA/aD
s3gdqXLjU1/uyD0J/CQPH4GvNqAkJ8AivM2VhnFsG1QJLklkXEHeBFlT81mxO2t0DB4S6Q
QXgbYC7XtyY6gVqRYuMT+WoanzJcYMv3gSGFr/Yn8WnVYl33zsD8YtLl3Ku71+5kykFC/8
/LlxOUY73XzTPVuChETvz7KhKrlBiHhOQwjyx2B1JdGQp5hSrBTSmO3+ImIMsClsQw3fP0
vc7st7L06eOBNTrhPOiQqjyn5MoCfoIRAu6uE7oHyrsLfYiZrJWySz+TdZZNedKfQxWDXB
cK5+0p8cYyS/U+yGHRrSjSHtl+qqS8QYCTdlteR/EDSuPO7yE63tRpORg6L5kquAupreH6
rtgO0Hpz/6ZXj9bsAR+Gs+J6MxzrJWeDiAxUAkvg9anYgj3skDFBsfylVe2eey1fQtx0/i
iKNjFyrpqHPAUIyJXa5QTplpZPicKMpa+X38q6gfAAAFmAwAuXkMALl5AAAAB3NzaC1yc2
EAAAGBAJ3fTM/BZ2GZv6VwdSft2MfCA7G/L7oIBphP8SWZvx9L7gg+LwP2g7N4Haly41Nf
7sg9CfwkDx+BrzagJCfAIrzNlYZxbBtUCS5JZFxB3gRZU/NZsTtrdAweEukEF4G2Au17cm
OoFakWLjE/lqGp8yXGDL94Ehha/2J/Fp1WJd987A/GLS5dyru9fuZMpBQv/Py5cTlGO918
0z1bgoRE78+yoSq5QYh4TkMI8sdgdSXRkKeYUqwU0pjt/iJiDLApbEMN3z9L3O7Ley9Onj
gTU64TzokKo8p+TKAn6CEQLurhO6B8q7C32ImayVsks/k3WWTXnSn0MVg1wXCuftKfHGMk
v1Pshh0a0o0h7ZfqqkvEGAk3ZbXkfxA0rjzu8hOt7UaTkYOi+ZKrgLqa3h+q7YDtB6c/+m
V4/W7AEfhrPiejMc6yVng4gMVAJL4PWp2II97JAxQbH8pVXtnnstX0LcdP4oijYxcq6ahz
wFCMiV2uUE6ZaWT4nCjKWvl9/KuoHwAAAAMBAAEAAAGAV8re70XRVOBoR/sy24KUI/oLje
QRCXX/HOKP6uYF98SE2YajJKQI91vbuuiN7EaUBjyTeekfk9jNdCY4FPbvGmmFNl+Ky+O+
u0PLENb8PRTj75c4TR/jR/3NbFF/NP3fwOr+YNcPPJl+FJsVDE/zTFVHr455GZw5GzArhl
Fq/E5/BAKkC33TCPZHRJDoSeWp3WzOvxgEoJYS7rMd8KpZZfojUBv3ionEk9i9Egzc+KwC
soCtsM5fkvX+dmZqQei2UTE7gAQfTdzo7kLrLqeCS5UrVEDEDp94Wf6ZQuEPjKioKfpoHr
bPiLhcsIH3N7aBpXzXok4dM2U+UgzQW5HfJtgrkUkvlNV3kgtUEw37X9kOhowt/yd6KBT0
Pn5qUtJtBIHKEBpUfyNlJhH9uA/Wift2N7D0TYDVuiAyzT58BK8pS6F55z8ENvvEux/s56
qZj81FUuGwC9L6xTxya88TOGnEZnVnMFTK8MgbcY1cBZqiKLIgBuusMd5lRCbWaBc5AAAA
wQCmKQGwQLaffZg2g9fJMyIA7MGDbqMy1Y5DmiGjATGh+oigMY4+ytgvCy8PrBL9NEZCcN
FMwTUHUgjUP7611DygK+lDHly60bvmhP4JEkI5adxkd13jCXq2dNiazLV7mD2ZghkOkGcl
hMhd7dmYLL1mzlayEvRKLzvexjmcLS4qFkvDl7mCrUBwsAnr6VbZTIyisz1f3H/u+cbWF5
iSaguuuNL5o1hGCeoCdbAu40e1XOTUQU6kD7GnrV7tATZ8cDMAAADBAMwMsotmUXQkS6fR
XEiMjse3pVT1hRIcDNNZOeavY/cByFoOv/flo111YL/+aGOT68daLBeMwAYkUtgAFpNZjt
LpRZKK7/sN2pliWgCU2PWb4is4QBvmWVtIIaCDs7YbwnumZJdyQHoG8W4wQG+RqzBu5VsA
ylinLCbTuZ3I9oOZcLxfJESmTwl3a9oUquN8C4TmcoAS8MRXd7SHndVxS4rvLkHHV5t2bG
EazYY/2VOUVv8Z3FJc35ZGhzb5vVjLnQAAAMEAxhDpQsXyhoP9CZnkd21rOinYvMDY9ZjC
AYLJ1k7SWBnUki6ozssnURvPgXUKFdj4xfevNvXQdf6Ctj7b1ghC07gpJ9M4Hq+JJcMPSw
l9JQpOMCI46nzbLNeAkXhvvpsuMWJO9L4+e+6LZZHHH665e47/dNFgiuIpUQqQaWdqHWGe
/4z5XrNjRprno01TsMAln8q3aEx3naONapHr9t7WoqT14cuo4NHZVb1oejssDa3iyAajEo
pLZK1nKRsDPQvrAAAAHGV1Z2VuZUBFdWdlbmVzLU1CUC5mcml0ei5ib3gBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----
================================================
FILE: tests/ssh-keys/id_rsa.pub
================================================
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCd30zPwWdhmb+lcHUn7djHwgOxvy+6CAaYT/Elmb8fS+4IPi8D9oOzeB2pcuNTX+7IPQn8JA8fga82oCQnwCK8zZWGcWwbVAkuSWRcQd4EWVPzWbE7a3QMHhLpBBeBtgLte3JjqBWpFi4xP5ahqfMlxgy/eBIYWv9ifxadViXffOwPxi0uXcq7vX7mTKQUL/z8uXE5RjvdfNM9W4KERO/PsqEquUGIeE5DCPLHYHUl0ZCnmFKsFNKY7f4iYgywKWxDDd8/S9zuy3svTp44E1OuE86JCqPKfkygJ+ghEC7q4TugfKuwt9iJmslbJLP5N1lk150p9DFYNcFwrn7SnxxjJL9T7IYdGtKNIe2X6qpLxBgJN2W15H8QNK487vITre1Gk5GDovmSq4C6mt4fqu2A7QenP/pleP1uwBH4az4nozHOslZ4OIDFQCS+D1qdiCPeyQMUGx/KVV7Z57LV9C3HT+KIo2MXKumoc8BQjIldrlBOmWlk+Jwoylr5ffyrqB8=
================================================
FILE: tests/ssh-keys/wg/client-ed25519
================================================
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDujCSXcfts0V3KEZ/vc02DZ0cypyiOHQyNQgT3z35XbAAAAKBv+t0+b/rd
PgAAAAtzc2gtZWQyNTUxOQAAACDujCSXcfts0V3KEZ/vc02DZ0cypyiOHQyNQgT3z35XbA
AAAEDDVbCUHpecy/RHT/GFRXSnN+A0uEiI3xYwRuTIpgTXEO6MJJdx+2zRXcoRn+9zTYNn
RzKnKI4dDI1CBPfPfldsAAAAGmV1Z2VuZUBFdWdlbmVzLU1CUC0yLmxvY2FsAQID
-----END OPENSSH PRIVATE KEY-----
================================================
FILE: tests/ssh-keys/wg/client-ed25519.pub
================================================
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6MJJdx+2zRXcoRn+9zTYNnRzKnKI4dDI1CBPfPflds eugene@Eugenes-MBP-2.local
================================================
FILE: tests/ssh-keys/wg/client-rsa
================================================
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCvukhj4nGf2l5neOjlolntx+42
yaOz8wmKzc8hRMg8N7GrI4ntGcK7nkgfAuN9a4N+AIaluAjPFeJAtGSGovtLro4AUnFsrJMVN8T5
eEhSgE48ko+Limi3JYsC0Vf9YHnVh8t7oioeriSLuyAyTWnykmQIZcYgW1r3bg87Y9qCIceXJQwc
jM97czNgckxR4k8a9ja/8kv3spNcNFl7NR7oZ4cyOfbnq5+FJCPohNoviahMtqyVwGVuIXhfTSdo
GRe6mRbbHyK2uAHw2MULUX4E18v72cGDIxuWNqbmdjJozlYKaf+xykVZ6+jv+WrsLziKms9SWcw5
4zNuhR2YZn92/yW+bnBqMjtsZFxgvDBHEM0KIZUuvbV84V/hskwFAo3xyNpy9x6LhlJ17/MkKKmf
GeQ27RjsI8YJFmmakgSHzpg69eqldf4kgsAGr/M9U4ZNE4nrfQnKUY8AN+68pp8oKYFTtrHJ8m0B
Y81SGMxynpjNEJPHBv7gYDDUJY8qAhypIP4pxHRohJu6SiE1OEol4ZtQzEzSKKMxxlkberatEvzc
Cq6l7d1KS21cmeAdtl7jSMVYTij77B2sDnsmk5PD769wAWJU5T8JaL4bJid45+UKeZz8VQx3e5mi
S/yaGj1uaD6ryhXCZwQh0f9hLvopOGNMEm063qz33lvBys+TDwIDAQABAoICAEO2TxCV/9xtw3Sx
hWR+w5I5ONRJrFe5rZKbrVWPcGyrtT1Rq2L+SygKXJX+gfQhCoDx6PBQUqyhLRZrrFSo1pYaA8Oi
AOy0LtS9MZxDOfL4V61FeCR3x9PSlpcWXYZXt3qNId5Y5Uv/JDvndgeMBugeeoc12Ds9mHbBJQNo
fZkpNQRLlTgnFgfmowRl5nyi7IJiH0SlM5qVZ+zeiyBLnsZEpja3WSl52zTtcRy2nHA25e/xb90g
TrU6Fmz6iNW23YrcVI9IlxK7IpxQmtS6qQlqscIw7Tz/uTCPjI4/OzthTowivhEe9MwqeA6IGCg8
JdhawMplqakgn//VMUs5K6HliyJlUwBAHHjGkOMjq7SCS9tvj6jlLrs/2SeoKyv4Q0lWrZb/QJ+L
xchYHs5aAeHGtO9VLKfHHC0qesw8udJ7yp2g4RiTWEPO9cGufKAUHYDvMf1qnvgbyhmZ0a/ft16z
Yb3RO3orcyFcrHNVuutaouafVrIaJS9F7MZNUiUJzMNz4/fCVP+FAJ+Dbyytlz7rq0p86wlBfq0L
k8xK3eoI9cTgb0insgREhwLz3p6KZ4JCnw6rEt2lqEWRkMEAcH1htVtdejp6bq3OMP8PvwViz7Br
DdL3OqG1GaNuHHMNW7Py0RqqokXCGQTAFqyTlXomBHOpWOqRxjkCPPJSMWNhAoIBAQDA4VGvDZEy
h+k8C4ggt128xNZl7rYZMxJcvVg8/mr80RifDaJfr2SY5DDrbFHX18uBaLPioOcjuoWdMaX6+M9F
ZwgEA1LvKQg92rG7UQ/DrjbjPMiALsx3yN/P1dFvjxDkEpCGAcAAXh6C4mCrnqseoDV74TQcLsxt
Z4vmL1QifagQbu3xYnyKgO/bPfCiZ4vRyRUCfKv9eoH9dbw4DWyxGXLGNtu77FPXFFeVEoFx7EYG
sZiA1Om37hCgceQ7fGqKgSiwwLtBc+WN5gQ7toQ4OkqyWDkaTcvcNRKmVlf/TiGejZRqny4QjnYV
nQdkBBrekpoXSCghR410pTyktOYfAoIBAQDpPABQL1LRplhRACpcIA4jHYYVx/C7YhqRkO7rlpG+
8hBH3kuE9SFOrPKxWQF8qVw2Jwvs24n5loE5+1Yq29b46mKLkbpEumBj5oLtIPNgM9cBWHlnJwPI
lCpcxVv4Kvsxb+0eaCuxl2DT5zj5d8V6FrpeuQbmpLdKlfwQX2+6w3SqQjaUleHHWvcoqLFcvcml
zVNQrQVt9HvRWsBmg9sHow+CPmF50Z5DfiNPf/vvEegkT3xtcYC6CohIK2/O9R3yjLKZ0Tx9mBse
I2M7mbok9L/5PlsGyNa/+I/aM/eodJqRInaTcs3qGmfA2bjedHEdVuhcMcvnGoM26jSBHFURAoIB
AQCi8Xa1QOvp2WGTJVbR9LaO02cgY8KYlUms6RSTKoetnuOC8ty6owyEETq2mCKoCpjUcWSOT0oV
J+zauGe1Ft7bjcf6w+gbPPnGb2t4iGmd8R5TaDUl/OMlSqCxDrxI1374fipz2ySd6uUxwxbRxVBg
pg2o4r7IFE0FG9XXFyKnpKoHf/8pzf7Sb0yyVahlOr6m8o36NOKDWCxauEzSuZyaHJqWkx+cqXDG
oVvABwst9+HMo9nm9Heht896C90418mVyrlaYOeQyt0hvDDVVUJr0erqsZdD/nb7SCbCOO1MNHA4
Zvj7/g/HUuK1LZxhxQoB/62Hf6DPRIhfA3yw1FYXAoIBAF2JVarSv8kaiDK7+UEHDgRhM8QKcm4D
0xnr4RWURhEo7QSVjv3cfSYbUB11z5XaKgQBttOf2/6/sEW7mXwIvHcJMMo+gFBN2phV+s30uAYt
5B1DCTUoPWk0mqSn9dFaE3FpLNRT/Kn1RrzU71GFCiqDcOzKEY1wI54C9pruW1WwS1p4wYDndyvH
PHYO6UqDRpp69N3W9eV59ioo1h6G5NF0QKUANYFwYqM4tBqO/k+Lg+kEA6e0rGZwEOW4ndeHECKU
8I+ljTflR4LXuFVPuopVqaPgsQrQgudsXOyqiLkDQnXQN3O8x/4J5vA9oNl+I1sb3oYS5m5hgJwG
Y1YgMbECggEAenUW6Szz2klOimJbLnJO08bM0WhGWJzCo0yUCqSV1AEb074ogaS8ByhZ4hnz45IV
KwCyS/pGogxanTSAcnYzb7ty9N68IIcCkSy7fKcmY6+JIFMtaFTyaxfJuzAfxXZ6UidQfi9eqyWL
QlCGVwZoFG7BQsd/xvJ9BinX095JRmKEFKDMktjXCahVi2gHFgYfvFEvSIlclzrIfwGwV4KWdzbA
H3Wt6GmdRdlhgDUB9Q/mDtQ579AWM9OeOhNvpy1E2dUUlS3Trr12DDbLbtG1lEWNut+lFRpL3mCW
kZb3jgOZ60Y9FeI6G9iGSaMs1YPtoWtSg5lqPWBnTGrPZJBMbQ==
-----END PRIVATE KEY-----
================================================
FILE: tests/ssh-keys/wg/client-rsa.pub
================================================
ssh-rsa AAAADHJzYS1zaGEyLTI1NgAAAAMBAAEAAAIBAK+6SGPicZ/aXmd46OWiWe3H7jbJo7PzCYrNzyFEyDw3sasjie0ZwrueSB8C431rg34AhqW4CM8V4kC0ZIai+0uujgBScWyskxU3xPl4SFKATjySj4uKaLcliwLRV/1gedWHy3uiKh6uJIu7IDJNafKSZAhlxiBbWvduDztj2oIhx5clDByMz3tzM2ByTFHiTxr2Nr/yS/eyk1w0WXs1HuhnhzI59uern4UkI+iE2i+JqEy2rJXAZW4heF9NJ2gZF7qZFtsfIra4AfDYxQtRfgTXy/vZwYMjG5Y2puZ2MmjOVgpp/7HKRVnr6O/5auwvOIqaz1JZzDnjM26FHZhmf3b/Jb5ucGoyO2xkXGC8MEcQzQohlS69tXzhX+GyTAUCjfHI2nL3HouGUnXv8yQoqZ8Z5DbtGOwjxgkWaZqSBIfOmDr16qV1/iSCwAav8z1Thk0Tiet9CcpRjwA37rymnygpgVO2scnybQFjzVIYzHKemM0Qk8cG/uBgMNQljyoCHKkg/inEdGiEm7pKITU4SiXhm1DMTNIoozHGWRt6tq0S/NwKrqXt3UpLbVyZ4B22XuNIxVhOKPvsHawOeyaTk8Pvr3ABYlTlPwlovhsmJ3jn5Qp5nPxVDHd7maJL/JoaPW5oPqvKFcJnBCHR/2Eu+ik4Y0wSbTrerPfeW8HKz5MP
================================================
FILE: tests/ssh-keys/wg/host-ed25519
================================================
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDBXU9RmJEViQhZZYvaIyEnEMb1X1VCchYGTbyHqbyK6AAAAKBBjcVuQY3F
bgAAAAtzc2gtZWQyNTUxOQAAACDBXU9RmJEViQhZZYvaIyEnEMb1X1VCchYGTbyHqbyK6A
AAAEBeZZ1uCofYbG7ypyBBrHGlcggJRbFFFzqGrIxST/B9ksFdT1GYkRWJCFlli9ojIScQ
xvVfVUJyFgZNvIepvIroAAAAGmV1Z2VuZUBFdWdlbmVzLU1CUC0yLmxvY2FsAQID
-----END OPENSSH PRIVATE KEY-----
================================================
FILE: tests/ssh-keys/wg/host-ed25519.pub
================================================
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFdT1GYkRWJCFlli9ojIScQxvVfVUJyFgZNvIepvIro eugene@Eugenes-MBP-2.local
================================================
FILE: tests/ssh-keys/wg/host-rsa
================================================
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxPfQ6f73tfGFRV93Aby+hCQAP
QlkOo/4BhG2VoPq4gjcyl5XnhV/zUQFTvcYX/AGbZBI4Wgq70d3R8zH8Xz11Vpj9K+KKpzS3ortk
SC5ZN7bOK1eSnlaS7AVrDX2802KIZOuIvxNrgLQeFnMapXPgaSaD/4F6+U48DlmMQ0cgV39rqwmy
1yJjVXBOVmNtZ7Fd2E+5ov3mmR4iLzSs6YYjTd0Atp7EhsKfPv99zLDYQIqeQZJt5kxsWd+0p2Ci
G1BfOTUTyD5x4YMN6JAk0GvzH09SF17M+yhascljTlnZuHgIjVIESAEoNFBoGytVhOkFvtc3MSiZ
Fdcb38iAbZkEEjHU1K+KCeAJoGG9rblOKV/xrVMXTLVEKa6gKeetuMJhlqXfbpB6bO6aJuPyLRp7
8Ky0l3kpZrKv2fgMa0sHD14HcPqsEQf8pPhW8oxepyTArTHlU738/9wZ4K8HWt/fKRaXcY81Dz1M
ywSNKbvoqOJNvZDABkgeABJYsLxVYv4ReXy8plrJkuVNrlX1H0KKmFCt0F51SCGAOHp4wqWn/g0c
vz5J3P6E2Bnw1P67VbFnBvRHlDFxtbKMzob56TNutNkpDqQYwBgPz2HVQde3Og2Kem0RCxENsiU7
Z78w8NYfGfUiu5qt8jKICiJ48TCciwoSF5/uFwnzM9glEp6BPQIDAQABAoICABnzeUagx4f11dtE
IzrMIiF7oN+bFlEMyox2/a3n3m3qMEzJtxrUA3grxyb3ZVbDq4nl/Wj002zWo0TcooKngJHP9ncz
LWihvMKaeBeMc1oqzIBOsPQjF4f244AzfyfeR3yy/MLj6eMBUDNg6W+LBCFlI/eLD0Pt1s+iRj2W
6DDLFDlegf1b1Il4zAhxoP3hgy27a0jsnYJdrvTQYUUOrXjj1f+xvXixm94XKkTFa1XudUgLT8uk
Pvz/rRUqtf0Q72lR21H52B1yfcQpO1m4jpBlaDFxLIyUxZQp7dO1eCBnCw7YKkcS3TXWxbhzKfAh
QBZ679Cr85wef4VxnvjMPe1an/g26brf9o9ralNawdJyakuaOa57CaoiEwk+ZxcZAjpmvS8c0sI0
ohsiXxouHbZlv6Hrr/ACnFmRp6y+i9wgkk8850GztILnDs5L3pLSDside3VraefuDJ76Qa8ulXIq
/0c5aoj3JkvJYOSGIDvnQUpE8rcrRs43Az3GRUtYfkCpQlyqORR+aHgMcxZfTLKxhLdbgUE9BJc8
E33xOW0VIsNX2O7RGpDiaFH3dfL9wMORViFR0B/A8q/TKarU7ni+hVgmTyIg7D0NTnnZNaOSloBr
A50iFJxa5YqmpDduaki5WlLzBFauDH5UaeNeAPrT1fYWksrl5IGdOjDxkEE9AoIBAQDUz4jlGW0s
hAmafSrtwbVBPBFZ122AuyplibLlHgADsD6Uu3tUKgVd22nCV8wzlpxL9GPG80S5aJPPI6gpl2XH
vUV2yWuJLsW5324hdKjxH5mJjWZtA0CpIZ+PdNc3LLolFLgew5HMt1sHZeqFRqxbZLGBmNuXyOme
k1SCTVmMuTK8wzWVzDhc2g+u4NL1eRccmS18bGKGA+oNnY/IRdjdPw5gNeBg/6ZVimXj91d0WiFi
6Pr0Bop0g0bpAoWk6s/XskBVQAYcCmNZMI+ll05RgARKYK+Donn/zu/5jGYXQ+9jAv78q796nT2J
dRIPAh/azTxu+yE1byaC01iLGTVDAoIBAQDVNnfBHRF2mWLwfpPponXISupn2WApgjX7P8HS9WjN
bb/X9gbjNJXIgF+XqpwOxaQFolCHw9uyv7+73PHhDiaSqdw5NkvFtfJkacWlJblybUVVGljaGgpp
KFlRqcX8knFwNpDXwnoMttST0eoWZnj5jeWhQkc/8XceN9NPY4fxAwXceMWBAW03p47vMpxC6FGN
Et7KlBB5coQWkVZyxjq3n69FouHAQZWEjBmgBpGf16HtvSGIO91hr3PXX5oktvRejN25WQiwLG0O
/DHnNvQcovb9QpjZ3fnBfkxQmzqLsdCR/FTsYtvMqnR2OzR/zI3UeRPAphzfWBAG2W6+Esd/AoIB
AQC90GqjJd254f+K22/p52hbSk+TmdIjC05SiNKXB/4tTAtVsC/drylgQO+BF7ycmw7HtLE2aA95
bKzCCmTYzCBNWyXVQOz4zE4ybvaVQq/Zej0BcqzUOR14ffQLCcVYgj16C5P6ZKfsN/Mqkx3uSE49
qn+lP4lGRj8SYQj0vDdOjHWT5m4qMaBoOVvZuNCRgLM7n+jxXN8398/Q2yO/F4XKOY8CA6wh+IUN
MUeWYSyRLD8xMOt9s0PVjq418TjxEzvVgTlekJ+ibSWWDPljUqTZjtzE1p5WRBqbL6HeLPt2bvLb
lnWHO02r+QpFS7WSy2tMRtlLiBVjysNH12jXkOFvAoIBAEyGSiETr8rjbrFmnOwEFUYYLV2slWkQ
hRNyZLy0vDLPK0X11a8Clqfp+2VSJMTghuhGw6SW1WmojMZ+nInsLEgDkzktlbCWhzMnC3skuRSq
x3GuDSnqosXvZ296AcePQAvIaeAmuuuJS27qrpvvl4fqN/rS8QOwRNKhssQRsx77uMTSzABrZKnP
B+wuPAt/mpWJqlEHJ4qPYX1AGMkFANobBCt4NJJud52lMyVOdkHqgQH1Ge3tnp2K/YbVl1uKFtdA
s+vsWsPwjgwM1FRqUt9cVk2782Ru2U9rZzSfIjo1Tei3qjtVmBIzM62jvkoIPvd9pWtFs6Mt1kK/
E5JA5z0CggEBAKgsIb3x7mXJXelmyeD3m3KdzIsIqHZ1yo3YUPs6O/2UKwmPMEAcgfBbiIL/Z0Tw
GqytCKR8ghKxj/CLHqZne9P+hd0vJrJfJGuita6JC9HI8EVd024FV+QAjZjQHdSUe3NY4h+J9U0h
f0r/LIyoWGGKKaPLVxJF5EJa46cixhSp71w4fhlIG/FtTNXVGzkJeh4jrLlKU84RxpprUoS9wwKS
gidavaqws6Ks8oVf0oJaqeMk8RrlEeAR1OyXtaxdAdYnHsMKLLoNrEKUAHdBexpJ9fhqlQhZWkT6
xS6VZKFUtFtzffTY0HE+R+ESSmiUSl3mB6gsfiXlu0Q9kxjw3wU=
-----END PRIVATE KEY-----
================================================
FILE: tests/test_api_auth.py
================================================
import contextlib
from dataclasses import dataclass
from typing import Callable, Dict, Optional, Set
from json import load
from datetime import datetime, timedelta, timezone
from pathlib import Path
from uuid import uuid4
import pytest
import requests
from .api_client import sdk, admin_client as new_admin_client
from .conftest import WarpgateProcess
from .test_http_common import * # noqa
@dataclass
class AdminApiTestCase:
id: str
permission: Optional[str]
call: Callable[[sdk.DefaultApi, Dict[str, object]], sdk.ApiResponse]
expected_statuses: Set[int]
@contextlib.contextmanager
def assert_401():
with pytest.raises(sdk.ApiException) as e:
yield
assert e.value.status == 401
def make_limited_admin_role_payload(**overrides):
return {
"name": overrides.get("name", f"limited-{uuid4()}"),
"description": "limited permissions",
"targets_create": False,
"targets_edit": False,
"targets_delete": False,
"users_create": False,
"users_edit": False,
"users_delete": False,
"access_roles_create": False,
"access_roles_edit": False,
"access_roles_delete": False,
"access_roles_assign": False,
"sessions_view": False,
"sessions_terminate": False,
"recordings_view": False,
"tickets_create": False,
"tickets_delete": False,
"config_edit": False,
"admin_roles_manage": False,
**overrides,
}
ADMIN_API_TEST_CASES: list[AdminApiTestCase] = [
AdminApiTestCase(
id="get_sessions",
permission="sessions_view",
call=lambda api, r: api.get_sessions_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="get_session",
permission="sessions_view",
call=lambda api, r: api.get_session_with_http_info(r["session_id"]),
expected_statuses={200, 404},
),
AdminApiTestCase(
id="get_session_recordings",
permission="recordings_view",
call=lambda api, r: api.get_session_recordings_with_http_info(r["session_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="close_session",
permission="sessions_terminate",
call=lambda api, r: api.close_session_with_http_info(r["session_id"]),
expected_statuses={200, 404},
),
AdminApiTestCase(
id="close_all_sessions",
permission="sessions_terminate",
call=lambda api, r: api.close_all_sessions_with_http_info(),
expected_statuses={201},
),
AdminApiTestCase(
id="get_recording",
permission="recordings_view",
call=lambda api, r: api.get_recording_with_http_info(r["recording_id"]),
expected_statuses={200, 404},
),
AdminApiTestCase(
id="get_kubernetes_recording",
permission="recordings_view",
call=lambda api, r: api.get_kubernetes_recording_with_http_info(
r["recording_id"]
),
expected_statuses={200, 404},
),
AdminApiTestCase(
id="get_roles",
permission=None,
call=lambda api, r: api.get_roles_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="create_role",
permission="access_roles_create",
call=lambda api, r: api.create_role_with_http_info(
sdk.RoleDataRequest(name=f"role-{uuid4()}"),
),
expected_statuses={201},
),
AdminApiTestCase(
id="get_role",
permission=None,
call=lambda api, r: api.get_role_with_http_info(r["role_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="update_role",
permission="access_roles_edit",
call=lambda api, r: api.update_role_with_http_info(
r["role_id"],
sdk.RoleDataRequest(name=f"role-{uuid4()}"),
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_role_targets",
permission=None,
call=lambda api, r: api.get_role_targets_with_http_info(r["role_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="get_role_users",
permission=None,
call=lambda api, r: api.get_role_users_with_http_info(r["role_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="get_admin_roles",
permission=None,
call=lambda api, r: api.get_admin_roles_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="create_admin_role",
permission="admin_roles_manage",
call=lambda api, r: api.create_admin_role_with_http_info(
sdk.AdminRoleDataRequest(
**make_limited_admin_role_payload(name=f"admin-role-{uuid4()}")
)
),
expected_statuses={201},
),
AdminApiTestCase(
id="get_admin_role",
permission=None,
call=lambda api, r: api.get_admin_role_with_http_info(r["admin_role_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="update_admin_role",
permission="admin_roles_manage",
call=lambda api, r: api.update_admin_role_with_http_info(
r["admin_role_id"],
sdk.AdminRoleDataRequest(
**make_limited_admin_role_payload(name=f"admin-role-{uuid4()}")
),
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_admin_role_users",
permission=None,
call=lambda api, r: api.get_admin_role_users_with_http_info(r["admin_role_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="get_tickets",
permission=None,
call=lambda api, r: api.get_tickets_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="create_ticket",
permission="tickets_create",
call=lambda api, r: api.create_ticket_with_http_info(
sdk.CreateTicketRequest(
username=r["username"],
target_name=r["target_name"],
),
),
expected_statuses={201},
),
AdminApiTestCase(
id="delete_ticket",
permission="tickets_delete",
call=lambda api, r: api.delete_ticket_with_http_info(r["ticket_id"]),
expected_statuses={204},
),
AdminApiTestCase(
id="add_ssh_known_host",
permission="config_edit",
call=lambda api, r: api.add_ssh_known_host_with_http_info(
sdk.AddSshKnownHostRequest(
host="127.0.0.1",
port=22,
key_type="ecdsa-sha2-nistp256",
key_base64="AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKL5C+OCN2hAbPoR+mwG4M402Z0XVDOuV5k7n6zCRIMsgnYiyz6a61Zcw/RRHoQAb7ndqUyk8eAi9gjPEiGq2d0=",
),
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_ssh_known_hosts",
permission="config_edit",
call=lambda api, r: api.get_ssh_known_hosts_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="delete_ssh_known_host",
permission="config_edit",
call=lambda api, r: api.delete_ssh_known_host_with_http_info(
r["ssh_known_host_id"]
),
expected_statuses={204, 404},
),
AdminApiTestCase(
id="get_ssh_own_keys",
permission=None,
call=lambda api, r: api.get_ssh_own_keys_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="get_logs",
permission=None,
call=lambda api, r: api.get_logs_with_http_info(sdk.GetLogsRequest(search="")),
expected_statuses={200},
),
AdminApiTestCase(
id="get_targets",
permission=None,
call=lambda api, r: api.get_targets_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="create_target",
permission="targets_create",
call=lambda api, r: api.create_target_with_http_info(
sdk.TargetDataRequest(
name=f"target-{uuid4()}",
options=sdk.TargetOptions(
sdk.TargetOptionsTargetSSHOptions(
kind="Ssh",
host="127.0.0.1",
port=22,
username="user",
auth=sdk.SSHTargetAuth(
sdk.SSHTargetAuthSshTargetPublicKeyAuth(kind="PublicKey")
),
)
),
),
),
expected_statuses={201},
),
AdminApiTestCase(
id="get_target",
permission=None,
call=lambda api, r: api.get_target_with_http_info(r["target_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="update_target",
permission="targets_edit",
call=lambda api, r: api.update_target_with_http_info(
r["target_id"],
sdk.TargetDataRequest(
name=f"target-{uuid4()}",
options=sdk.TargetOptions(
sdk.TargetOptionsTargetSSHOptions(
kind="Ssh",
host="127.0.0.1",
port=22,
username="user",
auth=sdk.SSHTargetAuth(
sdk.SSHTargetAuthSshTargetPublicKeyAuth(kind="PublicKey")
),
)
),
),
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_ssh_target_known_ssh_host_keys",
permission="targets_edit",
call=lambda api, r: api.get_ssh_target_known_ssh_host_keys_with_http_info(
r["target_id"]
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_target_roles",
permission=None,
call=lambda api, r: api.get_target_roles_with_http_info(r["target_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="add_target_role",
permission="access_roles_assign",
call=lambda api, r: api.add_target_role_with_http_info(
r["target_id"], r["role_id"]
),
expected_statuses={201, 409},
),
AdminApiTestCase(
id="delete_target_role",
permission="access_roles_assign",
call=lambda api, r: api.delete_target_role_with_http_info(
r["target_id"], r["role_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="list_target_groups",
permission=None,
call=lambda api, r: api.list_target_groups_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="create_target_group",
permission="targets_create",
call=lambda api, r: api.create_target_group_with_http_info(
sdk.TargetGroupDataRequest(name=f"group-{uuid4()}"),
),
expected_statuses={201},
),
AdminApiTestCase(
id="get_target_group",
permission=None,
call=lambda api, r: api.get_target_group_with_http_info(r["target_group_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="update_target_group",
permission="targets_edit",
call=lambda api, r: api.update_target_group_with_http_info(
r["target_group_id"],
sdk.TargetGroupDataRequest(name=f"group-{uuid4()}"),
),
expected_statuses={200},
),
AdminApiTestCase(
id="delete_target_group",
permission="targets_delete",
call=lambda api, r: api.delete_target_group_with_http_info(
r["target_group_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="get_users",
permission=None,
call=lambda api, r: api.get_users_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="create_user",
permission="users_create",
call=lambda api, r: api.create_user_with_http_info(
sdk.CreateUserRequest(username=f"user-{uuid4()}"),
),
expected_statuses={201},
),
AdminApiTestCase(
id="get_user",
permission=None,
call=lambda api, r: api.get_user_with_http_info(r["user_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="update_user",
permission="users_edit",
call=lambda api, r: api.update_user_with_http_info(
r["user_id"],
sdk.UserDataRequest(username=f"user-{uuid4()}"),
),
expected_statuses={200},
),
AdminApiTestCase(
id="unlink_user_from_ldap",
permission="users_edit",
call=lambda api, r: api.unlink_user_from_ldap_with_http_info(r["user_id"]),
expected_statuses={200, 400},
),
AdminApiTestCase(
id="auto_link_user_to_ldap",
permission="users_edit",
call=lambda api, r: api.auto_link_user_to_ldap_with_http_info(r["user_id"]),
expected_statuses={200, 400},
),
AdminApiTestCase(
id="get_user_roles",
permission=None,
call=lambda api, r: api.get_user_roles_with_http_info(r["user_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="add_user_role",
permission="access_roles_assign",
call=lambda api, r: api.add_user_role_with_http_info(
r["user_id"], r["role_id"]
),
expected_statuses={201},
),
AdminApiTestCase(
id="delete_user_role",
permission="access_roles_assign",
call=lambda api, r: api.delete_user_role_with_http_info(
r["user_id"], r["role_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="get_user_admin_roles",
permission=None,
call=lambda api, r: api.get_user_admin_roles_with_http_info(r["user_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="add_user_admin_role",
permission="admin_roles_manage",
call=lambda api, r: api.add_user_admin_role_with_http_info(
r["user_id"], r["admin_role_id"]
),
expected_statuses={201},
),
AdminApiTestCase(
id="delete_user_admin_role",
permission="admin_roles_manage",
call=lambda api, r: api.delete_user_admin_role_with_http_info(
r["user_id"], r["admin_role_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="get_password_credentials",
permission="users_edit",
call=lambda api, r: api.get_password_credentials_with_http_info(r["user_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="create_password_credential",
permission="users_edit",
call=lambda api, r: api.create_password_credential_with_http_info(
r["user_id"],
sdk.NewPasswordCredential(password="123"),
),
expected_statuses={201},
),
AdminApiTestCase(
id="delete_password_credential",
permission="users_edit",
call=lambda api, r: api.delete_password_credential_with_http_info(
r["user_id"], r["password_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="get_sso_credentials",
permission="users_edit",
call=lambda api, r: api.get_sso_credentials_with_http_info(r["user_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="create_sso_credential",
permission="users_edit",
call=lambda api, r: api.create_sso_credential_with_http_info(
r["user_id"],
sdk.NewSsoCredential(email="test@example.com", provider="test"),
),
expected_statuses={201},
),
AdminApiTestCase(
id="update_sso_credential",
permission="users_edit",
call=lambda api, r: api.update_sso_credential_with_http_info(
r["user_id"],
r["sso_id"],
sdk.NewSsoCredential(email="test@example.com", provider="test"),
),
expected_statuses={200},
),
AdminApiTestCase(
id="delete_sso_credential",
permission="users_edit",
call=lambda api, r: api.delete_sso_credential_with_http_info(
r["user_id"], r["sso_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="get_public_key_credentials",
permission="users_edit",
call=lambda api, r: api.get_public_key_credentials_with_http_info(r["user_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="create_public_key_credential",
permission="users_edit",
call=lambda api, r: api.create_public_key_credential_with_http_info(
r["user_id"],
sdk.NewPublicKeyCredential(
label="key",
openssh_public_key="ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKL5C+OCN2hAbPoR+mwG4M402Z0XVDOuV5k7n6zCRIMsgnYiyz6a61Zcw/RRHoQAb7ndqUyk8eAi9gjPEiGq2d0=",
),
),
expected_statuses={201},
),
AdminApiTestCase(
id="update_public_key_credential",
permission="users_edit",
call=lambda api, r: api.update_public_key_credential_with_http_info(
r["user_id"],
r["public_key_id"],
sdk.NewPublicKeyCredential(
label="key",
openssh_public_key="ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKL5C+OCN2hAbPoR+mwG4M402Z0XVDOuV5k7n6zCRIMsgnYiyz6a61Zcw/RRHoQAb7ndqUyk8eAi9gjPEiGq2d0=",
),
),
expected_statuses={200},
),
AdminApiTestCase(
id="delete_public_key_credential",
permission="users_edit",
call=lambda api, r: api.delete_public_key_credential_with_http_info(
r["user_id"], r["public_key_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="get_otp_credentials",
permission="users_edit",
call=lambda api, r: api.get_otp_credentials_with_http_info(r["user_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="create_otp_credential",
permission="users_edit",
call=lambda api, r: api.create_otp_credential_with_http_info(
r["user_id"],
sdk.NewOtpCredential(name="otp-1", secret_key=[1, 2, 3]),
),
expected_statuses={201},
),
AdminApiTestCase(
id="delete_otp_credential",
permission="users_edit",
call=lambda api, r: api.delete_otp_credential_with_http_info(
r["user_id"], r["otp_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="get_ldap_servers",
permission="config_edit",
call=lambda api, r: api.get_ldap_servers_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="create_ldap_server",
permission="config_edit",
call=lambda api, r: api.create_ldap_server_with_http_info(
sdk.CreateLdapServerRequest(
name=f"ldap-{uuid4()}",
host="127.0.0.1",
bind_dn="cn=admin,dc=example,dc=org",
bind_password="pass",
),
),
expected_statuses={201},
),
AdminApiTestCase(
id="test_ldap_server_connection",
permission="config_edit",
call=lambda api, r: api.test_ldap_server_connection_with_http_info(
sdk.TestLdapServerRequest(
host="127.0.0.1",
port=389,
bind_dn="cn=admin,dc=example,dc=org",
bind_password="pass",
tls_mode=sdk.TlsMode.DISABLED,
tls_verify=False,
),
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_ldap_server",
permission="config_edit",
call=lambda api, r: api.get_ldap_server_with_http_info(r["ldap_server_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="update_ldap_server",
permission="config_edit",
call=lambda api, r: api.update_ldap_server_with_http_info(
r["ldap_server_id"],
sdk.UpdateLdapServerRequest(
name=f"ldap-{uuid4()}",
host="127.0.0.1",
bind_dn="cn=admin,dc=example,dc=org",
bind_password="pass",
auto_link_sso_users=False,
description="",
enabled=True,
port=123,
ssh_key_attribute="asd",
tls_mode=sdk.TlsMode.DISABLED,
tls_verify=False,
user_filter="(&(objectClass=person)(uid={0}))",
username_attribute=sdk.LdapUsernameAttribute.UID,
uuid_attribute="uid",
),
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_ldap_users",
permission="users_create",
call=lambda api, r: api.get_ldap_users_with_http_info(r["ldap_server_id"]),
expected_statuses={200},
),
AdminApiTestCase(
id="import_ldap_users",
permission="users_create",
call=lambda api, r: api.import_ldap_users_with_http_info(
r["ldap_server_id"],
import_ldap_users_request=sdk.ImportLdapUsersRequest(dns=[]),
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_parameters",
permission=None,
call=lambda api, r: api.get_parameters_with_http_info(),
expected_statuses={200},
),
AdminApiTestCase(
id="update_parameters",
permission="config_edit",
call=lambda api, r: api.update_parameters_with_http_info(
sdk.ParameterUpdate(
allow_own_credential_management=True,
minimize_password_login=False,
rate_limit_bytes_per_second=None,
ssh_client_auth_keyboard_interactive=True,
ssh_client_auth_password=True,
ssh_client_auth_publickey=True,
),
),
expected_statuses={201},
),
AdminApiTestCase(
id="check_ssh_host_key",
permission="targets_edit",
call=lambda api, r: api.check_ssh_host_key_with_http_info(
sdk.CheckSshHostKeyRequest(host="127.0.0.1", port=22),
),
expected_statuses={200},
),
AdminApiTestCase(
id="get_certificate_credentials",
permission="users_edit",
call=lambda api, r: api.get_certificate_credentials_with_http_info(
r["user_id"]
),
expected_statuses={200},
),
AdminApiTestCase(
id="issue_certificate_credential",
permission="users_edit",
call=lambda api, r: api.issue_certificate_credential_with_http_info(
r["user_id"],
sdk.IssueCertificateCredentialRequest(
label="test",
public_key_pem="-----BEGIN PUBLIC KEY-----\nMFswDQYJKoZIhvcNAQEBBQADSgAwRwJAXWRPQyGlEY+SXz8Uslhe+MLjTgWd8lf/\nnA0hgCm9JFKC1tq1S73cQ9naClNXsMqY7pwPt1bSY8jYRqHHbdoUvwIDAQAB\n-----END PUBLIC KEY-----",
),
),
expected_statuses={201},
),
AdminApiTestCase(
id="update_certificate_credential",
permission="users_edit",
call=lambda api, r: api.update_certificate_credential_with_http_info(
r["user_id"],
r["certificate_id"],
sdk.UpdateCertificateCredential(label="test"),
),
expected_statuses={200},
),
AdminApiTestCase(
id="revoke_certificate_credential",
permission="users_edit",
call=lambda api, r: api.revoke_certificate_credential_with_http_info(
r["user_id"], r["certificate_id"]
),
expected_statuses={204},
),
AdminApiTestCase(
id="delete_role",
permission="access_roles_delete",
call=lambda api, r: api.delete_role_with_http_info(r["role_id"]),
expected_statuses={204},
),
AdminApiTestCase(
id="delete_target",
permission="targets_delete",
call=lambda api, r: api.delete_target_with_http_info(r["target_id"]),
expected_statuses={204},
),
AdminApiTestCase(
id="delete_user",
permission="users_delete",
call=lambda api, r: api.delete_user_with_http_info(r["user_id"]),
expected_statuses={204},
),
AdminApiTestCase(
id="delete_ldap_server",
permission="config_edit",
call=lambda api, r: api.delete_ldap_server_with_http_info(r["ldap_server_id"]),
expected_statuses={204},
),
AdminApiTestCase(
id="delete_admin_role",
permission="admin_roles_manage",
call=lambda api, r: api.delete_admin_role_with_http_info(r["admin_role_id"]),
expected_statuses={204},
),
]
def _verify_all_openapi_ops_are_covered():
schema = load(
open(
Path(__file__).resolve().parents[1]
/ "warpgate-web"
/ "src"
/ "admin"
/ "lib"
/ "openapi-schema.json"
)
)
schema_ops = {
op.get("operationId")
for methods in schema.get("paths", {}).values()
for op in methods.values()
if op.get("operationId")
}
missing = schema_ops - {c.id for c in ADMIN_API_TEST_CASES}
assert not missing, f"Missing test cases for operations: {sorted(missing)}"
def _create_admin_role(admin_api: sdk.DefaultApi, payload: dict) -> sdk.AdminRole:
return admin_api.create_admin_role(sdk.AdminRoleDataRequest(**payload))
def _create_user_with_role(admin_api: sdk.DefaultApi, role_id: str | None):
user = admin_api.create_user(sdk.CreateUserRequest(username=f"user-{uuid4()}"))
admin_api.create_password_credential(
user.id, sdk.NewPasswordCredential(password="123")
)
if role_id:
admin_api.add_user_admin_role(user.id, role_id)
return user
def _create_user_api_token(
base_url: str, username: str, password: str, label: str = "test"
) -> str:
session = requests.Session()
session.verify = False
# Log in to get an authenticated session cookie.
resp = session.post(
f"{base_url}/@warpgate/api/auth/login",
json={"username": username, "password": password},
)
resp.raise_for_status()
expiry = (datetime.now(timezone.utc) + timedelta(hours=1)).isoformat()
token_resp = session.post(
f"{base_url}/@warpgate/api/profile/api-tokens",
json={"label": label, "expiry": expiry},
)
token_resp.raise_for_status()
return token_resp.json()["secret"]
def test_all_openapi_admin_operations_permission_enforcement(
shared_wg: WarpgateProcess, admin_client: sdk.DefaultApi
):
_verify_all_openapi_ops_are_covered()
url = f"https://localhost:{shared_wg.http_port}"
resources: Dict[str, object] = {}
resources["role_id"] = admin_client.create_role(
sdk.RoleDataRequest(name=f"role-{uuid4()}")
).id
resources["admin_role_id"] = _create_admin_role(
admin_client,
make_limited_admin_role_payload(name=f"admin-role-{uuid4()}"),
).id
resources["target_group_id"] = admin_client.create_target_group(
sdk.TargetGroupDataRequest(
name=f"group-{uuid4()}", description="", color=sdk.BootstrapThemeColor.INFO
)
).id
user = admin_client.create_user(sdk.CreateUserRequest(username=f"user-{uuid4()}"))
resources["user_id"] = user.id
resources["username"] = user.username
# fake IDs here
resources["session_id"] = str(uuid4())
resources["recording_id"] = str(uuid4())
resources["ssh_known_host_id"] = str(uuid4())
target = admin_client.create_target(
sdk.TargetDataRequest(
name=f"target-{uuid4()}",
options=sdk.TargetOptions(
sdk.TargetOptionsTargetSSHOptions(
kind="Ssh",
host="127.0.0.1",
port=22,
username="user",
auth=sdk.SSHTargetAuth(
sdk.SSHTargetAuthSshTargetPublicKeyAuth(kind="PublicKey")
),
)
),
)
)
resources["target_id"] = target.id
resources["target_name"] = target.name
ticket = admin_client.create_ticket(
sdk.CreateTicketRequest(username="test", target_name=resources["target_name"])
)
resources["ticket_id"] = ticket.ticket.id
pw = admin_client.create_password_credential(
resources["user_id"], sdk.NewPasswordCredential(password="123")
)
resources["password_id"] = pw.id
sso = admin_client.create_sso_credential(
resources["user_id"],
sdk.NewSsoCredential(email="test@example.com", provider="test"),
)
resources["sso_id"] = sso.id
public_key = admin_client.create_public_key_credential(
resources["user_id"],
sdk.NewPublicKeyCredential(
label="key",
openssh_public_key="ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKL5C+OCN2hAbPoR+mwG4M402Z0XVDOuV5k7n6zCRIMsgnYiyz6a61Zcw/RRHoQAb7ndqUyk8eAi9gjPEiGq2d0=",
),
)
resources["public_key_id"] = public_key.id
otp = admin_client.create_otp_credential(
resources["user_id"], sdk.NewOtpCredential(name="otp-1", secret_key=[1, 2, 3])
)
resources["otp_id"] = otp.id
cert = admin_client.issue_certificate_credential(
resources["user_id"],
sdk.IssueCertificateCredentialRequest(
label="test",
public_key_pem="-----BEGIN PUBLIC KEY-----\nMFswDQYJKoZIhvcNAQEBBQADSgAwRwJAXWRPQyGlEY+SXz8Uslhe+MLjTgWd8lf/\nnA0hgCm9JFKC1tq1S73cQ9naClNXsMqY7pwPt1bSY8jYRqHHbdoUvwIDAQAB\n-----END PUBLIC KEY-----",
),
)
resources["certificate_id"] = cert.credential.id
ldap = admin_client.create_ldap_server(
sdk.CreateLdapServerRequest(
name=f"ldap-{uuid4()}",
host="127.0.0.1",
bind_dn="cn=admin,dc=example,dc=org",
bind_password="pass",
)
)
resources["ldap_server_id"] = ldap.id
for case in ADMIN_API_TEST_CASES:
# Positive case: role has required permission (or any admin if None).
allow_payload = make_limited_admin_role_payload(
**({case.permission: True} if case.permission else {})
)
allowed_role = _create_admin_role(admin_client, allow_payload)
allowed_user = _create_user_with_role(admin_client, allowed_role.id)
token = _create_user_api_token(url, allowed_user.username, "123")
with new_admin_client(url, token) as allowed_api:
try:
response = case.call(allowed_api, resources)
(status, body) = response.status_code, response.data
except sdk.ApiException as e:
(status, body) = e.status, e.body
assert status in case.expected_statuses, (
f"{case.id} expected {case.expected_statuses} but got {status}: {body}"
)
# Negative case: permission missing should be rejected.
if case.permission:
denied_role = _create_admin_role(
admin_client,
{
k: not v if isinstance(v, bool) else v
for k, v in allow_payload.items()
},
)
denied_user = _create_user_with_role(admin_client, denied_role.id)
else:
denied_user = _create_user_with_role(admin_client, None)
denied_token = _create_user_api_token(url, denied_user.username, "123")
with new_admin_client(
f"https://localhost:{shared_wg.http_port}", denied_token
) as denied_api:
try:
response = case.call(denied_api, resources)
(status, body) = response.status_code, response.data
except sdk.ApiException as e:
(status, body) = e.status, e.body
assert status in {401, 403}, (
f"{case.id} should be forbidden without {case.permission}, got {status}: {body}"
)
================================================
FILE: tests/test_http_basic.py
================================================
from urllib.parse import unquote
from uuid import uuid4
import requests
from tests.conftest import WarpgateProcess
from .api_client import admin_client, sdk
from .test_http_common import * # noqa
class Test:
def test_basic(
self,
echo_server_port,
shared_wg: WarpgateProcess,
):
url = f"https://localhost:{shared_wg.http_port}"
with admin_client(url) as api:
role = api.create_role(sdk.RoleDataRequest(name=f"role-{uuid4()}"))
user = api.create_user(sdk.CreateUserRequest(username=f"user-{uuid4()}"))
api.create_password_credential(
user.id, sdk.NewPasswordCredential(password="123")
)
api.add_user_role(user.id, role.id)
target = api.create_target(
sdk.TargetDataRequest(
name=f"echo-{uuid4()}",
options=sdk.TargetOptions(
sdk.TargetOptionsTargetHTTPOptions(
kind="Http",
url=f"http://user:pass@localhost:{echo_server_port}",
tls=sdk.Tls(
mode=sdk.TlsMode.DISABLED,
verify=False,
),
)
),
)
)
api.add_target_role(target.id, role.id)
session = requests.Session()
session.verify = False
response = session.get(
f"{url}/?warpgate-target={target.name}", allow_redirects=False
)
assert response.status_code == 307
redirect = response.headers["location"]
print(unquote(redirect))
assert (
unquote(redirect)
== f"/@warpgate#/login?next=/?warpgate-target={target.name}"
)
response = session.get(f"{url}/@warpgate/api/info").json()
assert response["username"] is None
response = session.post(
f"{url}/@warpgate/api/auth/login",
json={
"username": user.username,
"password": "123",
},
)
assert response.status_code == 201
response = session.get(f"{url}/@warpgate/api/info").json()
assert response["username"] == user.username
response = session.get(
f"{url}/some/path?a=b&warpgate-target={target.name}&c=d",
allow_redirects=False,
)
assert response.status_code == 200
assert response.json()["method"] == "GET"
assert response.json()["path"] == "/some/path"
assert response.json()["args"]["a"] == "b"
assert response.json()["args"]["c"] == "d"
assert ['Authorization', 'Basic dXNlcjpwYXNz'] in response.json()["headers"]
================================================
FILE: tests/test_http_common.py
================================================
import gzip
import pytest
import threading
from .util import alloc_port
@pytest.fixture(scope="session")
def echo_server_port():
from flask import Flask, request, jsonify, redirect, make_response
from flask_sock import Sock
app = Flask(__name__)
sock = Sock(app)
@app.route("/set-cookie")
def set_cookie():
response = jsonify({})
response.set_cookie("cookie", "value")
return response
@app.route("/redirect/<path:url>")
def r(url):
return redirect(url)
@app.route("/", defaults={"path": ""})
@app.route("/<path:path>")
def echo(path):
return jsonify(
{
"method": request.method,
"args": request.args,
"path": request.path,
"headers": request.headers.to_wsgi_list(),
}
)
@app.route("/gzi
gitextract_u506bnuo/
├── .all-contributorsrc
├── .bumpversion.cfg
├── .cargo/
│ └── config.toml
├── .dockerignore
├── .flake8
├── .github/
│ ├── FUNDING.yml
│ ├── dependabot.yml
│ └── workflows/
│ ├── build.yml
│ ├── check-schema-compatibility.yml
│ ├── codeql.yml
│ ├── dependency-review.yml
│ ├── docker.yml
│ ├── reprotest.yml
│ ├── scorecard.yml
│ └── test.yml
├── .gitignore
├── .well-known/
│ └── funding-manifest-urls
├── Cargo.toml
├── Cranky.toml
├── Cross.toml
├── LICENSE
├── README.md
├── SECURITY.md
├── clippy.toml
├── config-schema.json
├── deny.toml
├── docker/
│ ├── Dockerfile
│ └── docker-compose.yml
├── helm/
│ └── warpgate/
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── templates/
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── configmap.yaml
│ │ ├── deployment.yaml
│ │ ├── httproute.yaml
│ │ ├── ingress.yaml
│ │ ├── pvc.yaml
│ │ ├── service.yaml
│ │ └── setup-job.yaml
│ └── values.yaml
├── justfile
├── rust-toolchain
├── rustfmt.toml
├── sonar-project.properties
├── tests/
│ ├── .gitignore
│ ├── Makefile
│ ├── __init__.py
│ ├── api_client.py
│ ├── certs/
│ │ ├── tls.certificate.pem
│ │ └── tls.key.pem
│ ├── conftest.py
│ ├── images/
│ │ ├── mysql-server/
│ │ │ ├── Dockerfile
│ │ │ └── init.sql
│ │ ├── postgres-server/
│ │ │ ├── Dockerfile
│ │ │ └── init.sql
│ │ └── ssh-server/
│ │ └── Dockerfile
│ ├── oidc-mock/
│ │ ├── clients-config.json
│ │ └── docker-compose.yml
│ ├── pyproject.toml
│ ├── run.sh
│ ├── ssh-keys/
│ │ ├── id_ed25519
│ │ ├── id_ed25519.pub
│ │ ├── id_rsa
│ │ ├── id_rsa.pub
│ │ └── wg/
│ │ ├── client-ed25519
│ │ ├── client-ed25519.pub
│ │ ├── client-rsa
│ │ ├── client-rsa.pub
│ │ ├── host-ed25519
│ │ ├── host-ed25519.pub
│ │ └── host-rsa
│ ├── test_api_auth.py
│ ├── test_http_basic.py
│ ├── test_http_common.py
│ ├── test_http_proto.py
│ ├── test_http_redirects.py
│ ├── test_http_user_auth_logout.py
│ ├── test_http_user_auth_oidc.py
│ ├── test_http_user_auth_otp.py
│ ├── test_http_user_auth_password.py
│ ├── test_http_user_auth_ticket.py
│ ├── test_http_websocket.py
│ ├── test_json_logs.py
│ ├── test_kubernetes_integration.py
│ ├── test_mysql_user_auth_password.py
│ ├── test_postgres_user_auth_in_browser.py
│ ├── test_postgres_user_auth_password.py
│ ├── test_ssh_client_auth_config.py
│ ├── test_ssh_proto.py
│ ├── test_ssh_target_selection.py
│ ├── test_ssh_user_auth_in_browser.py
│ ├── test_ssh_user_auth_otp.py
│ ├── test_ssh_user_auth_password.py
│ ├── test_ssh_user_auth_pubkey.py
│ ├── test_ssh_user_auth_ticket.py
│ └── util.py
├── warpgate/
│ ├── .gitignore
│ ├── Cargo.toml
│ └── src/
│ ├── commands/
│ │ ├── check.rs
│ │ ├── client_keys.rs
│ │ ├── common.rs
│ │ ├── create_user.rs
│ │ ├── healthcheck.rs
│ │ ├── mod.rs
│ │ ├── recover_access.rs
│ │ ├── run.rs
│ │ └── setup.rs
│ ├── config.rs
│ ├── logging.rs
│ └── main.rs
├── warpgate-admin/
│ ├── Cargo.toml
│ └── src/
│ ├── api/
│ │ ├── admin_roles.rs
│ │ ├── certificate_credentials.rs
│ │ ├── common.rs
│ │ ├── known_hosts_detail.rs
│ │ ├── known_hosts_list.rs
│ │ ├── ldap_servers.rs
│ │ ├── logs.rs
│ │ ├── mod.rs
│ │ ├── otp_credentials.rs
│ │ ├── pagination.rs
│ │ ├── parameters.rs
│ │ ├── password_credentials.rs
│ │ ├── public_key_credentials.rs
│ │ ├── recordings_detail.rs
│ │ ├── roles.rs
│ │ ├── sessions_detail.rs
│ │ ├── sessions_list.rs
│ │ ├── ssh_connection_test.rs
│ │ ├── ssh_keys.rs
│ │ ├── sso_credentials.rs
│ │ ├── target_groups.rs
│ │ ├── targets.rs
│ │ ├── tickets_detail.rs
│ │ ├── tickets_list.rs
│ │ └── users.rs
│ ├── lib.rs
│ └── main.rs
├── warpgate-ca/
│ ├── Cargo.toml
│ └── src/
│ ├── error.rs
│ └── lib.rs
├── warpgate-common/
│ ├── Cargo.toml
│ └── src/
│ ├── api.rs
│ ├── auth/
│ │ ├── cred.rs
│ │ ├── mod.rs
│ │ ├── policy.rs
│ │ ├── selector.rs
│ │ └── state.rs
│ ├── config/
│ │ ├── defaults.rs
│ │ ├── mod.rs
│ │ └── target.rs
│ ├── config_schema.rs
│ ├── consts.rs
│ ├── error.rs
│ ├── eventhub.rs
│ ├── helpers/
│ │ ├── fs.rs
│ │ ├── hash.rs
│ │ ├── locks.rs
│ │ ├── mod.rs
│ │ ├── otp.rs
│ │ ├── rng.rs
│ │ ├── serde_base64.rs
│ │ ├── serde_base64_secret.rs
│ │ └── websocket.rs
│ ├── http_headers.rs
│ ├── lib.rs
│ ├── state.rs
│ ├── try_macro.rs
│ ├── types/
│ │ ├── aliases.rs
│ │ ├── listen_endpoint.rs
│ │ ├── mod.rs
│ │ └── secret.rs
│ └── version.rs
├── warpgate-common-http/
│ ├── Cargo.toml
│ └── src/
│ ├── auth.rs
│ ├── lib.rs
│ └── logging.rs
├── warpgate-core/
│ ├── Cargo.toml
│ └── src/
│ ├── auth_state_store.rs
│ ├── config_providers/
│ │ ├── db.rs
│ │ └── mod.rs
│ ├── consts.rs
│ ├── data.rs
│ ├── db/
│ │ └── mod.rs
│ ├── lib.rs
│ ├── logging/
│ │ ├── database.rs
│ │ ├── json_console.rs
│ │ ├── layer.rs
│ │ ├── mod.rs
│ │ ├── socket.rs
│ │ └── values.rs
│ ├── protocols/
│ │ ├── handle.rs
│ │ └── mod.rs
│ ├── rate_limiting/
│ │ ├── limiter.rs
│ │ ├── mod.rs
│ │ ├── registry.rs
│ │ ├── shared_limiter.rs
│ │ ├── stack.rs
│ │ ├── stream.rs
│ │ └── swappable_cell.rs
│ ├── recordings/
│ │ ├── mod.rs
│ │ ├── terminal.rs
│ │ ├── traffic.rs
│ │ └── writer.rs
│ ├── services.rs
│ └── state.rs
├── warpgate-database-protocols/
│ ├── Cargo.toml
│ ├── README.md
│ └── src/
│ ├── error.rs
│ ├── io/
│ │ ├── buf.rs
│ │ ├── buf_mut.rs
│ │ ├── buf_stream.rs
│ │ ├── decode.rs
│ │ ├── encode.rs
│ │ ├── mod.rs
│ │ └── write_and_flush.rs
│ ├── lib.rs
│ └── mysql/
│ ├── collation.rs
│ ├── io/
│ │ ├── buf.rs
│ │ ├── buf_mut.rs
│ │ └── mod.rs
│ ├── mod.rs
│ └── protocol/
│ ├── auth.rs
│ ├── capabilities.rs
│ ├── connect/
│ │ ├── auth_switch.rs
│ │ ├── handshake.rs
│ │ ├── handshake_response.rs
│ │ ├── mod.rs
│ │ └── ssl_request.rs
│ ├── mod.rs
│ ├── packet.rs
│ ├── response/
│ │ ├── eof.rs
│ │ ├── err.rs
│ │ ├── mod.rs
│ │ ├── ok.rs
│ │ └── status.rs
│ ├── row.rs
│ └── text/
│ ├── column.rs
│ ├── mod.rs
│ ├── ping.rs
│ ├── query.rs
│ └── quit.rs
├── warpgate-db-entities/
│ ├── Cargo.toml
│ └── src/
│ ├── AdminRole.rs
│ ├── ApiToken.rs
│ ├── CertificateCredential.rs
│ ├── CertificateRevocation.rs
│ ├── KnownHost.rs
│ ├── LdapServer.rs
│ ├── LogEntry.rs
│ ├── OtpCredential.rs
│ ├── Parameters.rs
│ ├── PasswordCredential.rs
│ ├── PublicKeyCredential.rs
│ ├── Recording.rs
│ ├── Role.rs
│ ├── Session.rs
│ ├── SsoCredential.rs
│ ├── Target.rs
│ ├── TargetGroup.rs
│ ├── TargetRoleAssignment.rs
│ ├── Ticket.rs
│ ├── User.rs
│ ├── UserAdminRoleAssignment.rs
│ ├── UserRoleAssignment.rs
│ └── lib.rs
├── warpgate-db-migrations/
│ ├── Cargo.toml
│ ├── README.md
│ └── src/
│ ├── lib.rs
│ ├── m00001_create_ticket.rs
│ ├── m00002_create_session.rs
│ ├── m00003_create_recording.rs
│ ├── m00004_create_known_host.rs
│ ├── m00005_create_log_entry.rs
│ ├── m00006_add_session_protocol.rs
│ ├── m00007_targets_and_roles.rs
│ ├── m00008_users.rs
│ ├── m00009_credential_models.rs
│ ├── m00010_parameters.rs
│ ├── m00011_rsa_key_algos.rs
│ ├── m00012_add_openssh_public_key_label.rs
│ ├── m00013_add_openssh_public_key_dates.rs
│ ├── m00014_api_tokens.rs
│ ├── m00015_fix_public_key_dates.rs
│ ├── m00016_fix_public_key_length.rs
│ ├── m00017_descriptions.rs
│ ├── m00018_ticket_description.rs
│ ├── m00019_rate_limits.rs
│ ├── m00020_target_groups.rs
│ ├── m00021_ldap_server.rs
│ ├── m00022_user_ldap_link.rs
│ ├── m00023_ldap_username_attribute.rs
│ ├── m00024_ssh_key_attribute.rs
│ ├── m00025_ldap_uuid_attribute.rs
│ ├── m00026_ssh_client_auth.rs
│ ├── m00027_ca.rs
│ ├── m00028_certificate_credentials.rs
│ ├── m00029_certificate_revocation.rs
│ ├── m00030_add_recording_metadata.rs
│ ├── m00031_minimize_password_login.rs
│ ├── m00032_admin_roles.rs
│ └── main.rs
├── warpgate-ldap/
│ ├── Cargo.toml
│ └── src/
│ ├── connection.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── queries.rs
│ └── types.rs
├── warpgate-protocol-http/
│ ├── Cargo.toml
│ └── src/
│ ├── api/
│ │ ├── api_tokens.rs
│ │ ├── auth.rs
│ │ ├── common.rs
│ │ ├── credentials.rs
│ │ ├── info.rs
│ │ ├── mod.rs
│ │ ├── sso_provider_detail.rs
│ │ ├── sso_provider_list.rs
│ │ └── targets_list.rs
│ ├── catchall.rs
│ ├── common.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── main.rs
│ ├── middleware/
│ │ ├── cookie_host.rs
│ │ ├── mod.rs
│ │ └── ticket.rs
│ ├── proxy.rs
│ ├── session.rs
│ └── session_handle.rs
├── warpgate-protocol-kubernetes/
│ ├── Cargo.toml
│ └── src/
│ ├── correlator.rs
│ ├── lib.rs
│ ├── recording.rs
│ ├── server/
│ │ ├── auth.rs
│ │ ├── client_certs.rs
│ │ ├── handlers.rs
│ │ └── mod.rs
│ └── session_handle.rs
├── warpgate-protocol-mysql/
│ ├── Cargo.toml
│ └── src/
│ ├── client.rs
│ ├── common.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── session.rs
│ ├── session_handle.rs
│ └── stream.rs
├── warpgate-protocol-postgres/
│ ├── Cargo.toml
│ └── src/
│ ├── client.rs
│ ├── common.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── session.rs
│ ├── session_handle.rs
│ └── stream.rs
├── warpgate-protocol-ssh/
│ ├── Cargo.toml
│ └── src/
│ ├── client/
│ │ ├── channel_direct_tcpip.rs
│ │ ├── channel_session.rs
│ │ ├── error.rs
│ │ ├── handler.rs
│ │ └── mod.rs
│ ├── common.rs
│ ├── compat.rs
│ ├── keys.rs
│ ├── known_hosts.rs
│ ├── lib.rs
│ └── server/
│ ├── channel_writer.rs
│ ├── mod.rs
│ ├── russh_handler.rs
│ ├── service_output.rs
│ ├── session.rs
│ └── session_handle.rs
├── warpgate-sso/
│ ├── Cargo.toml
│ └── src/
│ ├── config.rs
│ ├── error.rs
│ ├── google_groups.rs
│ ├── lib.rs
│ ├── request.rs
│ ├── response.rs
│ └── sso.rs
├── warpgate-tls/
│ ├── Cargo.toml
│ └── src/
│ ├── cert.rs
│ ├── error.rs
│ ├── lib.rs
│ ├── maybe_tls_stream.rs
│ ├── mode.rs
│ ├── rustls_helpers.rs
│ └── rustls_root_certs.rs
└── warpgate-web/
├── .editorconfig
├── .gitignore
├── Cargo.toml
├── eslint.config.mjs
├── openapitools.json
├── package.json
├── src/
│ ├── admin/
│ │ ├── App.svelte
│ │ ├── AuthPolicyEditor.svelte
│ │ ├── CertificateCredentialModal.svelte
│ │ ├── CreateOtpModal.svelte
│ │ ├── CreatePasswordModal.svelte
│ │ ├── CredentialEditor.svelte
│ │ ├── Home.svelte
│ │ ├── KubernetesRecording.svelte
│ │ ├── Log.svelte
│ │ ├── LogViewer.svelte
│ │ ├── PublicKeyCredentialModal.svelte
│ │ ├── Recording.svelte
│ │ ├── RelativeDate.svelte
│ │ ├── Session.svelte
│ │ ├── SsoCredentialModal.svelte
│ │ ├── TlsConfiguration.svelte
│ │ ├── config/
│ │ │ ├── AccessRole.svelte
│ │ │ ├── AccessRoles.svelte
│ │ │ ├── AdminRole.svelte
│ │ │ ├── AdminRolePermissionsBadge.svelte
│ │ │ ├── AdminRoles.svelte
│ │ │ ├── Config.svelte
│ │ │ ├── CreateAdminRole.svelte
│ │ │ ├── CreateRole.svelte
│ │ │ ├── CreateTicket.svelte
│ │ │ ├── CreateUser.svelte
│ │ │ ├── Parameters.svelte
│ │ │ ├── SSHKeys.svelte
│ │ │ ├── Tickets.svelte
│ │ │ ├── User.svelte
│ │ │ ├── Users.svelte
│ │ │ ├── ldap/
│ │ │ │ ├── CreateLdapServer.svelte
│ │ │ │ ├── LdapConnectionFields.svelte
│ │ │ │ ├── LdapServer.svelte
│ │ │ │ ├── LdapServers.svelte
│ │ │ │ ├── LdapUserBrowser.svelte
│ │ │ │ └── common.ts
│ │ │ ├── target-groups/
│ │ │ │ ├── CreateTargetGroup.svelte
│ │ │ │ ├── TargetGroup.svelte
│ │ │ │ ├── TargetGroups.svelte
│ │ │ │ └── common.ts
│ │ │ └── targets/
│ │ │ ├── ChooseTargetKind.svelte
│ │ │ ├── CreateTarget.svelte
│ │ │ ├── Target.svelte
│ │ │ ├── Targets.svelte
│ │ │ └── ssh/
│ │ │ ├── KeyChecker.svelte
│ │ │ ├── KeyCheckerResult.svelte
│ │ │ └── Options.svelte
│ │ ├── index.html
│ │ ├── index.ts
│ │ ├── lib/
│ │ │ ├── PermissionGate.svelte
│ │ │ ├── api.ts
│ │ │ ├── openapi-schema.json
│ │ │ ├── store.ts
│ │ │ └── time.ts
│ │ └── player/
│ │ └── TerminalRecordingPlayer.svelte
│ ├── common/
│ │ ├── AsyncButton.svelte
│ │ ├── AuthBar.svelte
│ │ ├── Brand.svelte
│ │ ├── ConnectionInstructions.svelte
│ │ ├── CopyButton.svelte
│ │ ├── CredentialUsedStateBadge.svelte
│ │ ├── DelayedSpinner.svelte
│ │ ├── EmptyState.svelte
│ │ ├── GettingStarted.svelte
│ │ ├── GroupColorCircle.svelte
│ │ ├── InfoBox.svelte
│ │ ├── ItemList.svelte
│ │ ├── Loadable.svelte
│ │ ├── NavListItem.svelte
│ │ ├── Pagination.svelte
│ │ ├── RadioButton.svelte
│ │ ├── RateLimitInput.svelte
│ │ ├── ThemeSwitcher.svelte
│ │ ├── autosave.ts
│ │ ├── errors.ts
│ │ ├── helpers.ts
│ │ ├── protocols.ts
│ │ ├── recordings.ts
│ │ └── sveltestrap-s5-ports/
│ │ ├── Alert.svelte
│ │ ├── Badge.svelte
│ │ ├── ModalHeader.svelte
│ │ ├── Tooltip.svelte
│ │ └── _sveltestrapUtils.ts
│ ├── embed/
│ │ ├── EmbeddedUI.svelte
│ │ └── index.ts
│ ├── gateway/
│ │ ├── ApiTokenManager.svelte
│ │ ├── App.svelte
│ │ ├── CreateApiTokenModal.svelte
│ │ ├── CredentialManager.svelte
│ │ ├── Login.svelte
│ │ ├── OutOfBandAuth.svelte
│ │ ├── Profile.svelte
│ │ ├── ProfileApiTokens.svelte
│ │ ├── ProfileCredentials.svelte
│ │ ├── TargetList.svelte
│ │ ├── index.html
│ │ ├── index.ts
│ │ ├── lib/
│ │ │ ├── api.ts
│ │ │ ├── openapi-schema.json
│ │ │ ├── shellEscape.ts
│ │ │ └── store.ts
│ │ └── login.ts
│ ├── lib.rs
│ ├── theme/
│ │ ├── _theme.scss
│ │ ├── fonts.css
│ │ ├── index.ts
│ │ ├── theme.dark.scss
│ │ ├── theme.light.scss
│ │ ├── vars.common.scss
│ │ ├── vars.dark.scss
│ │ └── vars.light.scss
│ └── vite-env.d.ts
├── svelte.config.js
├── tsconfig.json
├── tsconfig.node.json
└── vite.config.ts
SYMBOL INDEX (2066 symbols across 290 files)
FILE: tests/api_client.py
function admin_client (line 11) | def admin_client(host, token="token-value"):
FILE: tests/conftest.py
class Context (line 42) | class Context:
class K3sInstance (line 47) | class K3sInstance:
method kubectl (line 54) | def kubectl(self, cmd_args, input=None, check=True):
class Child (line 73) | class Child:
class WarpgateProcess (line 80) | class WarpgateProcess:
class ProcessManager (line 90) | class ProcessManager:
method __init__ (line 93) | def __init__(self, ctx: Context, timeout: int) -> None:
method stop (line 98) | def stop(self):
method start_ssh_server (line 123) | def start_ssh_server(self, trusted_keys=[], extra_config=""):
method start_mysql_server (line 172) | def start_mysql_server(self):
method start_postgres_server (line 179) | def start_postgres_server(self):
method start_k3s (line 218) | def start_k3s(self) -> K3sInstance:
method start_oidc_server (line 459) | def start_oidc_server(
method start_wg (line 591) | def start_wg(
method start_ssh_client (line 704) | def start_ssh_client(self, *args, password=None, **kwargs):
method start (line 727) | def start(self, args, stop_timeout=3, stop_signal=signal.SIGTERM, **kw...
function timeout (line 736) | def timeout():
function ctx (line 742) | def ctx():
function processes (line 749) | def processes(ctx, timeout, report_generation):
function report_generation (line 758) | def report_generation():
function shared_wg (line 781) | def shared_wg(processes: ProcessManager):
function admin_client (line 797) | def admin_client(shared_wg: WarpgateProcess):
function wg_c_ed25519_pubkey (line 815) | def wg_c_ed25519_pubkey():
function wg_c_rsa_pubkey (line 820) | def wg_c_rsa_pubkey():
function otp_key_base64 (line 825) | def otp_key_base64():
function otp_key_base32 (line 830) | def otp_key_base32():
function password_123_hash (line 835) | def password_123_hash():
FILE: tests/images/mysql-server/init.sql
type `db` (line 1) | CREATE TABLE `db`.`table` (
FILE: tests/images/postgres-server/init.sql
type tbl (line 1) | CREATE TABLE tbl (
FILE: tests/test_api_auth.py
class AdminApiTestCase (line 18) | class AdminApiTestCase:
function assert_401 (line 26) | def assert_401():
function make_limited_admin_role_payload (line 32) | def make_limited_admin_role_payload(**overrides):
function _verify_all_openapi_ops_are_covered (line 748) | def _verify_all_openapi_ops_are_covered():
function _create_admin_role (line 769) | def _create_admin_role(admin_api: sdk.DefaultApi, payload: dict) -> sdk....
function _create_user_with_role (line 773) | def _create_user_with_role(admin_api: sdk.DefaultApi, role_id: str | None):
function _create_user_api_token (line 783) | def _create_user_api_token(
function test_all_openapi_admin_operations_permission_enforcement (line 806) | def test_all_openapi_admin_operations_permission_enforcement(
FILE: tests/test_http_basic.py
class Test (line 11) | class Test:
method test_basic (line 12) | def test_basic(
FILE: tests/test_http_common.py
function echo_server_port (line 9) | def echo_server_port():
FILE: tests/test_http_proto.py
class TestHTTPProto (line 9) | class TestHTTPProto:
method setup (line 11) | def setup(self, echo_server_port, shared_wg):
method test_cookies (line 40) | def test_cookies(
method test_gzip (line 67) | def test_gzip(
FILE: tests/test_http_redirects.py
class TestHTTPRedirects (line 9) | class TestHTTPRedirects:
method test (line 10) | def test(
FILE: tests/test_http_user_auth_logout.py
class Test (line 9) | class Test:
method test (line 10) | def test(
FILE: tests/test_http_user_auth_oidc.py
function _make_sso_provider_config (line 15) | def _make_sso_provider_config(
function _start_wg_with_oidc (line 46) | def _start_wg_with_oidc(processes, wg_http_port, oidc_port, **sso_kwargs):
function _create_echo_target (line 60) | def _create_echo_target(api, echo_server_port, role_id):
function _do_oidc_login (line 81) | def _do_oidc_login(wg_url, oidc_port, *, username="User1", password="pwd"):
class TestHTTPUserAuthOIDC (line 186) | class TestHTTPUserAuthOIDC:
method test_oidc_auth_flow (line 189) | def test_oidc_auth_flow(
method test_oidc_auth_wrong_credentials (line 232) | def test_oidc_auth_wrong_credentials(
method test_oidc_auto_create_user (line 271) | def test_oidc_auto_create_user(
method test_oidc_auto_create_user_disabled (line 311) | def test_oidc_auto_create_user_disabled(
method test_oidc_group_sync_with_role_mappings (line 333) | def test_oidc_group_sync_with_role_mappings(
method test_oidc_group_sync_without_mappings (line 426) | def test_oidc_group_sync_without_mappings(
method test_oidc_group_sync_removes_stale_roles (line 505) | def test_oidc_group_sync_removes_stale_roles(
FILE: tests/test_http_user_auth_otp.py
class TestHTTPUserAuthOTP (line 11) | class TestHTTPUserAuthOTP:
method test_auth_otp_success (line 12) | def test_auth_otp_success(
method test_auth_otp_fail (line 92) | def test_auth_otp_fail(
FILE: tests/test_http_user_auth_password.py
class TestHTTPUserAuthPassword (line 9) | class TestHTTPUserAuthPassword:
method test_auth_password_success (line 10) | def test_auth_password_success(
method test_auth_password_fail (line 64) | def test_auth_password_fail(
FILE: tests/test_http_user_auth_ticket.py
class TestHTTPUserAuthTicket (line 9) | class TestHTTPUserAuthTicket:
method test_auth_password_success (line 10) | def test_auth_password_success(
FILE: tests/test_http_websocket.py
class TestHTTPWebsocket (line 11) | class TestHTTPWebsocket:
method test_basic (line 12) | def test_basic(
FILE: tests/test_json_logs.py
class Test (line 19) | class Test:
method test_json_logs_via_config (line 22) | def test_json_logs_via_config(
method test_json_logs_via_cli (line 114) | def test_json_logs_via_cli(
FILE: tests/test_kubernetes_integration.py
function run_kubectl (line 16) | def run_kubectl(args, **kwargs):
class TestKubernetesIntegration (line 22) | class TestKubernetesIntegration:
method test_kubectl_through_warpgate (line 24) | async def test_kubectl_through_warpgate(
method test_kubectl_run (line 187) | async def test_kubectl_run(self, processes, shared_wg: WarpgateProcess):
method test_mtls_upstream_and_token_user (line 281) | async def test_mtls_upstream_and_token_user(
method test_kubectl_exec_io (line 376) | async def test_kubectl_exec_io(self, processes, shared_wg: WarpgatePro...
method test_kubectl_attach_io (line 502) | async def test_kubectl_attach_io(self, processes, shared_wg: WarpgateP...
FILE: tests/test_postgres_user_auth_in_browser.py
class Test (line 12) | class Test:
method test (line 14) | async def test(
FILE: tests/test_postgres_user_auth_password.py
class Test (line 10) | class Test:
method test (line 11) | def test(
FILE: tests/test_ssh_client_auth_config.py
class TestSSHClientAuthConfigAPI (line 16) | class TestSSHClientAuthConfigAPI:
method test_get_ssh_auth_parameters (line 19) | def test_get_ssh_auth_parameters(
method test_update_ssh_auth_parameters (line 36) | def test_update_ssh_auth_parameters(
class TestSSHClientAuthConfigE2E (line 70) | class TestSSHClientAuthConfigE2E:
method _start_ssh_server (line 73) | def _start_ssh_server(self, processes, wg_c_ed25519_pubkey):
method _setup_user_and_target (line 83) | def _setup_user_and_target(self, api, ssh_port, wg_c_ed25519_pubkey: P...
method _update_ssh_auth_params (line 123) | def _update_ssh_auth_params(self, api, pubkey=True, password=True, key...
method test_password_auth_disabled (line 134) | def test_password_auth_disabled(
method test_pubkey_auth_disabled (line 173) | def test_pubkey_auth_disabled(
method test_pubkey_auth_enabled_works (line 210) | def test_pubkey_auth_enabled_works(
method test_password_auth_enabled_works (line 248) | def test_password_auth_enabled_works(
method test_both_auth_methods_work (line 287) | def test_both_auth_methods_work(
FILE: tests/test_ssh_proto.py
function ssh_port (line 15) | def ssh_port(processes, wg_c_ed25519_pubkey):
function setup_user_and_target (line 27) | def setup_user_and_target(
class Test (line 76) | class Test:
method test_stdout_stderr (line 77) | def test_stdout_stderr(
method test_pty (line 103) | def test_pty(
method test_signals (line 129) | def test_signals(
method test_direct_tcpip (line 152) | def test_direct_tcpip(
method test_tcpip_forward (line 186) | def test_tcpip_forward(
method test_shell (line 227) | def test_shell(
method test_connection_error (line 268) | def test_connection_error(
method test_sftp (line 292) | def test_sftp(
method test_insecure_protos (line 327) | def test_insecure_protos(
FILE: tests/test_ssh_target_selection.py
class Test (line 10) | class Test:
method test_bad_target (line 11) | def test_bad_target(
FILE: tests/test_ssh_user_auth_in_browser.py
class Test (line 11) | class Test:
method test (line 18) | async def test(
FILE: tests/test_ssh_user_auth_otp.py
class Test (line 14) | class Test:
method test_otp (line 15) | def test_otp(
FILE: tests/test_ssh_user_auth_password.py
class Test (line 9) | class Test:
method test (line 10) | def test(
FILE: tests/test_ssh_user_auth_pubkey.py
class Test (line 9) | class Test:
method test_ed25519 (line 10) | def test_ed25519(
method test_rsa (line 86) | def test_rsa(
FILE: tests/test_ssh_user_auth_ticket.py
class Test (line 9) | class Test:
method test (line 10) | def test(
FILE: tests/util.py
function alloc_port (line 20) | def alloc_port():
function _wait_timeout (line 26) | def _wait_timeout(fn, msg, timeout=60):
function wait_port (line 34) | def wait_port(port, recv=True, timeout=60, for_process: subprocess.Popen...
function wait_mysql_port (line 61) | def wait_mysql_port(port):
function create_ticket (line 84) | def create_ticket(url, username, target_name):
FILE: warpgate-admin/src/api/admin_roles.rs
type AdminRoleDataRequest (line 18) | struct AdminRoleDataRequest {
type GetAdminRolesResponse (line 49) | enum GetAdminRolesResponse {
type CreateAdminRoleResponse (line 55) | enum CreateAdminRoleResponse {
type GetAdminRoleResponse (line 61) | enum GetAdminRoleResponse {
type UpdateAdminRoleResponse (line 69) | enum UpdateAdminRoleResponse {
type DeleteAdminRoleResponse (line 77) | enum DeleteAdminRoleResponse {
type GetAdminRoleUsersResponse (line 87) | enum GetAdminRoleUsersResponse {
type ListApi (line 94) | pub struct ListApi;
method api_get_all_admin_roles (line 103) | async fn api_get_all_admin_roles(
method api_create_admin_role (line 130) | async fn api_create_admin_role(
type DetailApi (line 168) | pub struct DetailApi;
method api_get_admin_role (line 177) | async fn api_get_admin_role(
method api_update_admin_role (line 198) | async fn api_update_admin_role(
method api_delete_admin_role (line 241) | async fn api_delete_admin_role(
method api_get_admin_role_users (line 268) | async fn api_get_admin_role_users(
FILE: warpgate-admin/src/api/certificate_credentials.rs
function certificate_fingerprint (line 18) | fn certificate_fingerprint(certificate_pem: &str) -> Result<String, Warp...
type ExistingCertificateCredential (line 25) | struct ExistingCertificateCredential {
method from (line 51) | fn from(credential: CertificateCredential::Model) -> Self {
type IssuedCertificateCredential (line 34) | struct IssuedCertificateCredential {
type IssueCertificateCredentialRequest (line 40) | struct IssueCertificateCredentialRequest {
type UpdateCertificateCredential (line 46) | struct UpdateCertificateCredential {
type GetCertificateCredentialsResponse (line 64) | enum GetCertificateCredentialsResponse {
type IssueCertificateCredentialResponse (line 70) | enum IssueCertificateCredentialResponse {
type UpdateCertificateCredentialResponse (line 76) | enum UpdateCertificateCredentialResponse {
type ListApi (line 83) | pub struct ListApi;
method api_get_all (line 92) | async fn api_get_all(
method api_issue (line 117) | async fn api_issue(
type RevokeCertificateCredentialResponse (line 163) | enum RevokeCertificateCredentialResponse {
type DetailApi (line 170) | pub struct DetailApi;
method api_update (line 179) | async fn api_update(
method api_delete (line 213) | async fn api_delete(
FILE: warpgate-admin/src/api/common.rs
function has_admin_permission (line 8) | pub async fn has_admin_permission(
function require_admin_permission (line 77) | pub async fn require_admin_permission(
FILE: warpgate-admin/src/api/known_hosts_detail.rs
type Api (line 12) | pub struct Api;
method api_ssh_delete_known_host (line 30) | async fn api_ssh_delete_known_host(
type DeleteSSHKnownHostResponse (line 15) | enum DeleteSSHKnownHostResponse {
FILE: warpgate-admin/src/api/known_hosts_list.rs
type Api (line 17) | pub struct Api;
method add_ssh_known_host (line 46) | async fn add_ssh_known_host(
method get_ssh_known_hosts (line 77) | async fn get_ssh_known_hosts(
type GetSSHKnownHostsResponse (line 20) | enum GetSSHKnownHostsResponse {
type AddSshKnownHostResponse (line 26) | enum AddSshKnownHostResponse {
type AddSshKnownHostRequest (line 32) | struct AddSshKnownHostRequest {
FILE: warpgate-admin/src/api/ldap_servers.rs
type ImportLdapUsersRequest (line 19) | struct ImportLdapUsersRequest {
type ImportLdapUsersResponse (line 24) | enum ImportLdapUsersResponse {
type ImportApi (line 31) | pub struct ImportApi;
method api_import_ldap_users (line 40) | async fn api_import_ldap_users(
type LdapServerResponse (line 91) | struct LdapServerResponse {
method from (line 110) | fn from(model: LdapServer::Model) -> Self {
type CreateLdapServerRequest (line 137) | struct CreateLdapServerRequest {
function default_port (line 163) | fn default_port() -> i32 {
function default_user_filter (line 167) | fn default_user_filter() -> String {
function default_tls_mode (line 171) | fn default_tls_mode() -> TlsMode {
function default_tls_verify (line 175) | fn default_tls_verify() -> bool {
function default_enabled (line 179) | fn default_enabled() -> bool {
function default_auto_link_sso_users (line 183) | fn default_auto_link_sso_users() -> bool {
function default_username_attribute (line 187) | fn default_username_attribute() -> LdapUsernameAttribute {
function default_ssh_key_attribute (line 191) | fn default_ssh_key_attribute() -> String {
function default_uuid_attribute (line 195) | fn default_uuid_attribute() -> String {
type UpdateLdapServerRequest (line 200) | struct UpdateLdapServerRequest {
type TestLdapServerRequest (line 218) | struct TestLdapServerRequest {
type TestLdapServerResponse (line 228) | struct TestLdapServerResponse {
type LdapUserResponse (line 235) | struct LdapUserResponse {
method from (line 243) | fn from(user: warpgate_ldap::LdapUser) -> Self {
type GetLdapServersResponse (line 254) | enum GetLdapServersResponse {
type CreateLdapServerResponse (line 260) | enum CreateLdapServerResponse {
type TestLdapServerConnectionResponse (line 273) | enum TestLdapServerConnectionResponse {
type ListApi (line 281) | pub struct ListApi;
method api_get_all_ldap_servers (line 290) | async fn api_get_all_ldap_servers(
method api_create_ldap_server (line 319) | async fn api_create_ldap_server(
method api_test_ldap_server (line 407) | async fn api_test_ldap_server(
type GetLdapServerResponse (line 468) | enum GetLdapServerResponse {
type UpdateLdapServerResponse (line 478) | enum UpdateLdapServerResponse {
type DeleteLdapServerResponse (line 490) | enum DeleteLdapServerResponse {
type DetailApi (line 498) | pub struct DetailApi;
method api_get_ldap_server (line 507) | async fn api_get_ldap_server(
method api_update_ldap_server (line 529) | async fn api_update_ldap_server(
method api_delete_ldap_server (line 597) | async fn api_delete_ldap_server(
type GetLdapUsersResponse (line 618) | enum GetLdapUsersResponse {
type QueryApi (line 629) | pub struct QueryApi;
method api_get_ldap_users (line 638) | async fn api_get_ldap_users(
FILE: warpgate-admin/src/api/logs.rs
type Api (line 14) | pub struct Api;
method api_get_all_logs (line 35) | async fn api_get_all_logs(
type GetLogsResponse (line 17) | enum GetLogsResponse {
type GetLogsRequest (line 23) | struct GetLogsRequest {
FILE: warpgate-admin/src/api/mod.rs
function get (line 30) | pub fn get() -> impl OpenApi {
FILE: warpgate-admin/src/api/otp_credentials.rs
type ExistingOtpCredential (line 15) | struct ExistingOtpCredential {
method from (line 25) | fn from(credential: OtpCredential::Model) -> Self {
type NewOtpCredential (line 20) | struct NewOtpCredential {
method from (line 31) | fn from(credential: &NewOtpCredential) -> Self {
type GetOtpCredentialsResponse (line 39) | enum GetOtpCredentialsResponse {
type CreateOtpCredentialResponse (line 45) | enum CreateOtpCredentialResponse {
type ListApi (line 50) | pub struct ListApi;
method api_get_all (line 59) | async fn api_get_all(
method api_create (line 84) | async fn api_create(
type DeleteCredentialResponse (line 109) | enum DeleteCredentialResponse {
type DetailApi (line 116) | pub struct DetailApi;
method api_delete (line 125) | async fn api_delete(
FILE: warpgate-admin/src/api/pagination.rs
type PaginatedResponse (line 7) | pub struct PaginatedResponse<T: ParseFromJSON + ToJSON + Send + Sync> {
type PaginationParams (line 13) | pub struct PaginationParams {
function new (line 19) | pub async fn new<E, M, C, P>(
FILE: warpgate-admin/src/api/parameters.rs
type Api (line 14) | pub struct Api;
method api_get (line 51) | async fn api_get(
method api_update_parameters (line 76) | async fn api_update_parameters(
type ParameterValues (line 17) | struct ParameterValues {
type ParameterUpdate (line 27) | struct ParameterUpdate {
type GetParametersResponse (line 37) | enum GetParametersResponse {
type UpdateParametersResponse (line 43) | enum UpdateParametersResponse {
FILE: warpgate-admin/src/api/password_credentials.rs
type ExistingPasswordCredential (line 15) | struct ExistingPasswordCredential {
method from (line 25) | fn from(credential: PasswordCredential::Model) -> Self {
type NewPasswordCredential (line 20) | struct NewPasswordCredential {
type GetPasswordCredentialsResponse (line 31) | enum GetPasswordCredentialsResponse {
type CreatePasswordCredentialResponse (line 37) | enum CreatePasswordCredentialResponse {
type ListApi (line 42) | pub struct ListApi;
method api_get_all (line 51) | async fn api_get_all(
method api_create (line 76) | async fn api_create(
type DeleteCredentialResponse (line 105) | enum DeleteCredentialResponse {
type DetailApi (line 112) | pub struct DetailApi;
method api_delete (line 121) | async fn api_delete(
FILE: warpgate-admin/src/api/public_key_credentials.rs
function check_user_ldap_linked (line 18) | async fn check_user_ldap_linked(
function verify_user_not_ldap_linked (line 34) | async fn verify_user_not_ldap_linked(db: &DatabaseConnection, user_id: U...
type ExistingPublicKeyCredential (line 43) | struct ExistingPublicKeyCredential {
method from (line 58) | fn from(credential: PublicKeyCredential::Model) -> Self {
type NewPublicKeyCredential (line 52) | struct NewPublicKeyCredential {
type Error (line 70) | type Error = WarpgateError;
method try_from (line 72) | fn try_from(credential: &NewPublicKeyCredential) -> Result<Self, Warpgat...
type GetPublicKeyCredentialsResponse (line 85) | enum GetPublicKeyCredentialsResponse {
type CreatePublicKeyCredentialResponse (line 91) | enum CreatePublicKeyCredentialResponse {
type UpdatePublicKeyCredentialResponse (line 99) | enum UpdatePublicKeyCredentialResponse {
type ListApi (line 108) | pub struct ListApi;
method api_get_all (line 117) | async fn api_get_all(
method api_create (line 142) | async fn api_create(
type DeleteCredentialResponse (line 177) | enum DeleteCredentialResponse {
type DetailApi (line 186) | pub struct DetailApi;
method api_update (line 195) | async fn api_update(
method api_delete (line 236) | async fn api_delete(
FILE: warpgate-admin/src/api/recordings_detail.rs
type Api (line 31) | pub struct Api;
method api_get_recording (line 53) | async fn api_get_recording(
method api_get_recording_kubernetes (line 79) | async fn api_get_recording_kubernetes(
type GetRecordingResponse (line 34) | enum GetRecordingResponse {
type GetKubernetesRecordingResponse (line 42) | enum GetKubernetesRecordingResponse {
function api_get_recording_cast (line 118) | pub async fn api_get_recording_cast(
function api_get_recording_tcpdump (line 176) | pub async fn api_get_recording_tcpdump(
function api_get_recording_stream (line 208) | pub async fn api_get_recording_stream(
FILE: warpgate-admin/src/api/roles.rs
type RoleDataRequest (line 20) | struct RoleDataRequest {
type GetRolesResponse (line 26) | enum GetRolesResponse {
type CreateRoleResponse (line 31) | enum CreateRoleResponse {
type ListApi (line 39) | pub struct ListApi;
method api_get_all_roles (line 44) | async fn api_get_all_roles(
method api_create_role (line 70) | async fn api_create_role(
type GetRoleResponse (line 99) | enum GetRoleResponse {
type UpdateRoleResponse (line 107) | enum UpdateRoleResponse {
type DeleteRoleResponse (line 117) | enum DeleteRoleResponse {
type GetRoleTargetsResponse (line 127) | enum GetRoleTargetsResponse {
type GetRoleUsersResponse (line 135) | enum GetRoleUsersResponse {
type DetailApi (line 142) | pub struct DetailApi;
method api_get_role (line 147) | async fn api_get_role(
method api_update_role (line 166) | async fn api_update_role(
method api_delete_role (line 194) | async fn api_delete_role(
method api_get_role_targets (line 221) | async fn api_get_role_targets(
method api_get_role_users (line 250) | async fn api_get_role_users(
FILE: warpgate-admin/src/api/sessions_detail.rs
type Api (line 15) | pub struct Api;
method api_get_session (line 43) | async fn api_get_session(
method api_get_session_recordings (line 66) | async fn api_get_session_recordings(
method api_close_session (line 88) | async fn api_close_session(
type GetSessionResponse (line 19) | enum GetSessionResponse {
type GetSessionRecordingsResponse (line 27) | enum GetSessionRecordingsResponse {
type CloseSessionResponse (line 33) | enum CloseSessionResponse {
FILE: warpgate-admin/src/api/sessions_list.rs
type Api (line 18) | pub struct Api;
method api_get_all_sessions (line 35) | async fn api_get_all_sessions(
method api_close_all_sessions (line 77) | async fn api_close_all_sessions(
type GetSessionsResponse (line 21) | enum GetSessionsResponse {
type CloseAllSessionsResponse (line 27) | enum CloseAllSessionsResponse {
function api_get_sessions_changes_stream (line 99) | pub async fn api_get_sessions_changes_stream(
FILE: warpgate-admin/src/api/ssh_connection_test.rs
type Api (line 15) | pub struct Api;
method api_ssh_check_host_key (line 44) | async fn api_ssh_check_host_key(
type CheckSshHostKeyRequest (line 18) | struct CheckSshHostKeyRequest {
type CheckSshHostKeyResponseBody (line 24) | struct CheckSshHostKeyResponseBody {
type CheckSshHostKeyResponse (line 30) | enum CheckSshHostKeyResponse {
FILE: warpgate-admin/src/api/ssh_keys.rs
type Api (line 12) | pub struct Api;
method api_ssh_get_own_keys (line 33) | async fn api_ssh_get_own_keys(
type SSHKey (line 15) | struct SSHKey {
type GetSSHOwnKeysResponse (line 21) | enum GetSSHOwnKeysResponse {
FILE: warpgate-admin/src/api/sso_credentials.rs
type ExistingSsoCredential (line 15) | struct ExistingSsoCredential {
method from (line 28) | fn from(credential: SsoCredential::Model) -> Self {
type NewSsoCredential (line 22) | struct NewSsoCredential {
method from (line 38) | fn from(credential: &NewSsoCredential) -> Self {
type GetSsoCredentialsResponse (line 47) | enum GetSsoCredentialsResponse {
type CreateSsoCredentialResponse (line 53) | enum CreateSsoCredentialResponse {
type UpdateSsoCredentialResponse (line 59) | enum UpdateSsoCredentialResponse {
type ListApi (line 66) | pub struct ListApi;
method api_get_all (line 75) | async fn api_get_all(
method api_create (line 100) | async fn api_create(
type DeleteCredentialResponse (line 125) | enum DeleteCredentialResponse {
type DetailApi (line 132) | pub struct DetailApi;
method api_update (line 141) | async fn api_update(
method api_delete (line 173) | async fn api_delete(
FILE: warpgate-admin/src/api/target_groups.rs
type TargetGroupDataRequest (line 19) | struct TargetGroupDataRequest {
type GetTargetGroupsResponse (line 26) | enum GetTargetGroupsResponse {
type CreateTargetGroupResponse (line 32) | enum CreateTargetGroupResponse {
type ListApi (line 43) | pub struct ListApi;
method api_list_target_groups (line 52) | async fn api_list_target_groups(
method api_create_target_group (line 73) | async fn api_create_target_group(
type GetTargetGroupResponse (line 110) | enum GetTargetGroupResponse {
type UpdateTargetGroupResponse (line 118) | enum UpdateTargetGroupResponse {
type DeleteTargetGroupResponse (line 128) | enum DeleteTargetGroupResponse {
type DetailApi (line 136) | pub struct DetailApi;
method api_get_target_group (line 145) | async fn api_get_target_group(
method api_update_target_group (line 167) | async fn api_update_target_group(
method api_delete_target_group (line 211) | async fn api_delete_target_group(
FILE: warpgate-admin/src/api/targets.rs
type TargetDataRequest (line 23) | struct TargetDataRequest {
type GetTargetsResponse (line 32) | enum GetTargetsResponse {
type CreateTargetResponse (line 39) | enum CreateTargetResponse {
type ListApi (line 50) | pub struct ListApi;
method api_get_all_targets (line 55) | async fn api_get_all_targets(
method api_create_target (line 104) | async fn api_create_target(
type GetTargetResponse (line 147) | enum GetTargetResponse {
type UpdateTargetResponse (line 156) | enum UpdateTargetResponse {
type DeleteTargetResponse (line 166) | enum DeleteTargetResponse {
type TargetKnownSshHostKeysResponse (line 175) | enum TargetKnownSshHostKeysResponse {
type DetailApi (line 186) | pub struct DetailApi;
method api_get_target (line 191) | async fn api_get_target(
method api_update_target (line 209) | async fn api_update_target(
method api_delete_target (line 257) | async fn api_delete_target(
method get_ssh_target_known_ssh_host_keys (line 297) | async fn get_ssh_target_known_ssh_host_keys(
type GetTargetRolesResponse (line 332) | enum GetTargetRolesResponse {
type AddTargetRoleResponse (line 340) | enum AddTargetRoleResponse {
type DeleteTargetRoleResponse (line 348) | enum DeleteTargetRoleResponse {
type RolesApi (line 355) | pub struct RolesApi;
method api_get_target_roles (line 364) | async fn api_get_target_roles(
method api_add_target_role (line 394) | async fn api_add_target_role(
method api_delete_target_role (line 432) | async fn api_delete_target_role(
FILE: warpgate-admin/src/api/tickets_detail.rs
type Api (line 12) | pub struct Api;
method api_delete_ticket (line 30) | async fn api_delete_ticket(
type DeleteTicketResponse (line 15) | enum DeleteTicketResponse {
FILE: warpgate-admin/src/api/tickets_list.rs
type Api (line 17) | pub struct Api;
method api_get_all_tickets (line 52) | async fn api_get_all_tickets(
method api_create_ticket (line 67) | async fn api_create_ticket(
type GetTicketsResponse (line 20) | enum GetTicketsResponse {
type CreateTicketRequest (line 26) | struct CreateTicketRequest {
type TicketAndSecret (line 35) | struct TicketAndSecret {
type CreateTicketResponse (line 41) | enum CreateTicketResponse {
FILE: warpgate-admin/src/api/users.rs
type CreateUserRequest (line 21) | struct CreateUserRequest {
type UserDataRequest (line 27) | struct UserDataRequest {
type GetUsersResponse (line 35) | enum GetUsersResponse {
type CreateUserResponse (line 40) | enum CreateUserResponse {
type ListApi (line 48) | pub struct ListApi;
method api_get_all_users (line 53) | async fn api_get_all_users(
method api_create_user (line 81) | async fn api_create_user(
type GetUserResponse (line 116) | enum GetUserResponse {
type UpdateUserResponse (line 125) | enum UpdateUserResponse {
type DeleteUserResponse (line 133) | enum DeleteUserResponse {
type UnlinkUserFromLdapResponse (line 142) | enum UnlinkUserFromLdapResponse {
type AutoLinkUserToLdapResponse (line 154) | enum AutoLinkUserToLdapResponse {
type DetailApi (line 165) | pub struct DetailApi;
method api_get_user (line 170) | async fn api_get_user(
method api_update_user (line 188) | async fn api_update_user(
method api_delete_user (line 225) | async fn api_delete_user(
method api_unlink_user_from_ldap (line 253) | async fn api_unlink_user_from_ldap(
method api_auto_link_user_to_ldap (line 286) | async fn api_auto_link_user_to_ldap(
type GetUserRolesResponse (line 358) | enum GetUserRolesResponse {
type AddUserRoleResponse (line 366) | enum AddUserRoleResponse {
type DeleteUserRoleResponse (line 374) | enum DeleteUserRoleResponse {
type GetUserAdminRolesResponse (line 382) | enum GetUserAdminRolesResponse {
type AddUserAdminRoleResponse (line 390) | enum AddUserAdminRoleResponse {
type DeleteUserAdminRoleResponse (line 398) | enum DeleteUserAdminRoleResponse {
type RolesApi (line 405) | pub struct RolesApi;
method api_get_user_roles (line 414) | async fn api_get_user_roles(
method api_add_user_role (line 444) | async fn api_add_user_role(
method api_delete_user_role (line 482) | async fn api_delete_user_role(
method api_get_user_admin_roles (line 521) | async fn api_get_user_admin_roles(
method api_add_user_admin_role (line 551) | async fn api_add_user_admin_role(
method api_delete_user_admin_role (line 590) | async fn api_delete_user_admin_role(
FILE: warpgate-admin/src/lib.rs
function admin_api_app (line 6) | pub fn admin_api_app() -> impl IntoEndpoint {
FILE: warpgate-admin/src/main.rs
function main (line 7) | pub fn main() {
FILE: warpgate-ca/src/error.rs
type CaError (line 6) | pub enum CaError {
FILE: warpgate-ca/src/lib.rs
method from (line 19) | fn from(err: KeyRejected) -> Self {
type CertifiedKey (line 29) | pub struct CertifiedKey {
method certificate_pem (line 38) | pub fn certificate_pem(&self) -> Result<String, CaError> {
method private_key_pem (line 45) | pub fn private_key_pem(&self) -> String {
function generate_root_certificate_rcgen (line 51) | pub fn generate_root_certificate_rcgen() -> Result<(String, String), CaE...
function deserialize_certificate (line 75) | pub fn deserialize_certificate(pem: &str) -> Result<Certificate, CaError> {
function serialize_certificate_serial (line 81) | pub fn serialize_certificate_serial(cert: &Certificate) -> String {
function certificate_sha256_hex_fingerprint (line 85) | pub fn certificate_sha256_hex_fingerprint(cert: &Certificate) -> Result<...
function deserialize_ca (line 92) | pub fn deserialize_ca(
function issue_client_certificate (line 120) | pub fn issue_client_certificate(
function certificate_to_pem (line 237) | pub fn certificate_to_pem(certificate: &Certificate) -> Result<String, C...
FILE: warpgate-common-http/src/auth.rs
type AuthStateId (line 5) | pub struct AuthStateId(pub Uuid);
type SessionAuthorization (line 9) | pub enum SessionAuthorization {
method username (line 18) | pub fn username(&self) -> &String {
type RequestAuthorization (line 28) | pub enum RequestAuthorization {
method username (line 58) | pub fn username(&self) -> Option<&String> {
type UnauthenticatedRequestContext (line 35) | pub struct UnauthenticatedRequestContext {
method to_authenticated (line 41) | pub fn to_authenticated(&self, auth: RequestAuthorization) -> Authenti...
type AuthenticatedRequestContext (line 51) | pub struct AuthenticatedRequestContext {
function is_localhost_host (line 68) | pub fn is_localhost_host(host: &str) -> bool {
FILE: warpgate-common-http/src/logging.rs
function get_client_ip (line 10) | pub async fn get_client_ip(req: &Request, services: &Services) -> Option...
function span_for_request (line 40) | pub async fn span_for_request(
function log_request_result (line 63) | pub fn log_request_result(
function log_request_error (line 77) | pub fn log_request_error<E: Debug>(method: &Method, url: &Uri, client_ip...
FILE: warpgate-common/src/api.rs
type TokenSecurityScheme (line 7) | pub struct TokenSecurityScheme(ApiKey);
type CookieSecurityScheme (line 12) | pub struct CookieSecurityScheme(ApiKey);
type AnySecurityScheme (line 16) | pub enum AnySecurityScheme {
FILE: warpgate-common/src/auth/cred.rs
type CredentialKind (line 9) | pub enum CredentialKind {
type AuthCredential (line 25) | pub enum AuthCredential {
method kind (line 43) | pub fn kind(&self) -> CredentialKind {
method safe_description (line 54) | pub fn safe_description(&self) -> String {
method from (line 67) | fn from(cred: UserCertificateCredential) -> Self {
function from (line 75) | fn from(cred: AuthCredential) -> Self {
FILE: warpgate-common/src/auth/policy.rs
type CredentialPolicyResponse (line 5) | pub enum CredentialPolicyResponse {
type CredentialPolicy (line 10) | pub trait CredentialPolicy {
method is_sufficient (line 11) | fn is_sufficient(
method is_sufficient (line 33) | fn is_sufficient(
method is_sufficient (line 52) | fn is_sufficient(
method is_sufficient (line 76) | fn is_sufficient(
type AnySingleCredentialPolicy (line 18) | pub struct AnySingleCredentialPolicy {
type AllCredentialsPolicy (line 22) | pub struct AllCredentialsPolicy {
type PerProtocolCredentialPolicy (line 27) | pub struct PerProtocolCredentialPolicy {
FILE: warpgate-common/src/auth/selector.rs
type AuthSelector (line 6) | pub enum AuthSelector {
method from (line 17) | fn from(selector: T) -> Self {
method fmt (line 40) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-common/src/auth/state.rs
type AuthResult (line 13) | pub enum AuthResult {
type AuthStateUserInfo (line 20) | pub struct AuthStateUserInfo {
method from (line 26) | fn from(user: &User) -> Self {
type AuthState (line 34) | pub struct AuthState {
method new (line 58) | pub fn new(
method id (line 83) | pub fn id(&self) -> &Uuid {
method session_id (line 87) | pub fn session_id(&self) -> &Option<SessionId> {
method user_info (line 91) | pub fn user_info(&self) -> &AuthStateUserInfo {
method protocol (line 95) | pub fn protocol(&self) -> &str {
method started (line 99) | pub fn started(&self) -> &DateTime<Utc> {
method identification_string (line 103) | pub fn identification_string(&self) -> &str {
method add_valid_credential (line 107) | pub fn add_valid_credential(&mut self, credential: AuthCredential) {
method reject (line 112) | pub fn reject(&mut self) {
method verify (line 116) | pub fn verify(&self) -> AuthResult {
method current_verification_state (line 120) | fn current_verification_state(&self) -> AuthResult {
method maybe_update_verification_state (line 146) | fn maybe_update_verification_state(&mut self) -> AuthResult {
method construct_web_approval_url (line 160) | pub fn construct_web_approval_url(
function generate_identification_string (line 48) | fn generate_identification_string() -> String {
FILE: warpgate-common/src/config/defaults.rs
function _default_true (line 6) | pub(crate) const fn _default_true() -> bool {
function _default_false (line 10) | pub(crate) const fn _default_false() -> bool {
function _default_ssh_port (line 14) | pub(crate) const fn _default_ssh_port() -> u16 {
function _default_mysql_port (line 18) | pub(crate) const fn _default_mysql_port() -> u16 {
function _default_username (line 23) | pub(crate) fn _default_username() -> String {
function _default_empty_string (line 28) | pub(crate) fn _default_empty_string() -> String {
function _default_recordings_path (line 33) | pub(crate) fn _default_recordings_path() -> String {
function _default_database_url (line 38) | pub(crate) fn _default_database_url() -> Secret<String> {
function _default_http_listen (line 43) | pub(crate) fn _default_http_listen() -> ListenEndpoint {
function _default_mysql_listen (line 48) | pub(crate) fn _default_mysql_listen() -> ListenEndpoint {
function _default_postgres_listen (line 53) | pub(crate) fn _default_postgres_listen() -> ListenEndpoint {
function _default_kubernetes_listen (line 58) | pub(crate) fn _default_kubernetes_listen() -> ListenEndpoint {
function _default_retention (line 63) | pub(crate) fn _default_retention() -> Duration {
function _default_session_max_age (line 68) | pub(crate) fn _default_session_max_age() -> Duration {
function _default_cookie_max_age (line 73) | pub(crate) fn _default_cookie_max_age() -> Duration {
function _default_empty_vec (line 78) | pub(crate) fn _default_empty_vec<T>() -> Vec<T> {
function _default_ssh_listen (line 82) | pub(crate) fn _default_ssh_listen() -> ListenEndpoint {
function _default_ssh_keys_path (line 86) | pub(crate) fn _default_ssh_keys_path() -> String {
function _default_ssh_inactivity_timeout (line 90) | pub(crate) fn _default_ssh_inactivity_timeout() -> Duration {
function _default_postgres_idle_timeout_str (line 94) | pub(crate) fn _default_postgres_idle_timeout_str() -> Option<String> {
FILE: warpgate-common/src/config/mod.rs
type UserAuthCredential (line 29) | pub enum UserAuthCredential {
method kind (line 77) | pub fn kind(&self) -> CredentialKind {
type UserPasswordCredential (line 43) | pub struct UserPasswordCredential {
method from_password (line 48) | pub fn from_password(password: &Secret<String>) -> Self {
type UserPublicKeyCredential (line 56) | pub struct UserPublicKeyCredential {
type UserCertificateCredential (line 61) | pub struct UserCertificateCredential {
type UserTotpCredential (line 66) | pub struct UserTotpCredential {
type UserSsoCredential (line 71) | pub struct UserSsoCredential {
type UserRequireCredentialsPolicy (line 89) | pub struct UserRequireCredentialsPolicy {
method upgrade_to_otp (line 104) | pub fn upgrade_to_otp(&self, with_existing_credentials: &[UserAuthCred...
type User (line 144) | pub struct User {
type UserDetails (line 157) | pub struct UserDetails {
type Target (line 164) | type Target = User;
method deref (line 166) | fn deref(&self) -> &Self::Target {
type Role (line 172) | pub struct Role {
type AdminRole (line 180) | pub struct AdminRole {
method has_permission (line 235) | pub fn has_permission(&self, perm: AdminPermission) -> bool {
type AdminPermission (line 214) | pub enum AdminPermission {
type SshHostKeyVerificationMode (line 259) | pub enum SshHostKeyVerificationMode {
type LogFormat (line 273) | pub enum LogFormat {
type SshConfig (line 280) | pub struct SshConfig {
method external_port (line 319) | pub fn external_port(&self) -> u16 {
method default (line 305) | fn default() -> Self {
type SniCertificateConfig (line 325) | pub struct SniCertificateConfig {
type HttpConfig (line 331) | pub struct HttpConfig {
method external_port (line 375) | pub fn external_port(&self) -> u16 {
method default (line 360) | fn default() -> Self {
method certificate_path (line 381) | fn certificate_path(&self) -> PathBuf {
method key_path (line 385) | fn key_path(&self) -> PathBuf {
method certificate_path (line 391) | fn certificate_path(&self) -> PathBuf {
method key_path (line 395) | fn key_path(&self) -> PathBuf {
type MySqlConfig (line 401) | pub struct MySqlConfig {
method external_port (line 431) | pub fn external_port(&self) -> u16 {
method default (line 419) | fn default() -> Self {
type KubernetesConfig (line 437) | pub struct KubernetesConfig {
method external_port (line 472) | pub fn external_port(&self) -> u16 {
method default (line 459) | fn default() -> Self {
type PostgresConfig (line 478) | pub struct PostgresConfig {
method external_port (line 508) | pub fn external_port(&self) -> u16 {
method default (line 496) | fn default() -> Self {
type RecordingsConfig (line 514) | pub struct RecordingsConfig {
method default (line 523) | fn default() -> Self {
type LogConfig (line 532) | pub struct LogConfig {
method default (line 545) | fn default() -> Self {
type WarpgateConfigStore (line 555) | pub struct WarpgateConfigStore {
method default (line 589) | fn default() -> Self {
type WarpgateConfig (line 606) | pub struct WarpgateConfig {
method external_host_from_config (line 611) | pub fn external_host_from_config(&self) -> Option<(Scheme, String, Opt...
method external_host_from_request (line 630) | pub fn external_host_from_request(
method construct_external_url (line 669) | pub fn construct_external_url(
method validate (line 700) | pub fn validate(&self) {
FILE: warpgate-common/src/config/target.rs
type KubernetesTargetCertificateAuth (line 12) | pub struct KubernetesTargetCertificateAuth {
method default (line 18) | fn default() -> Self {
type TargetSSHOptions (line 27) | pub struct TargetSSHOptions {
type SSHTargetAuth (line 42) | pub enum SSHTargetAuth {
type SshTargetPasswordAuth (line 50) | pub struct SshTargetPasswordAuth {
type SshTargetPublicKeyAuth (line 55) | pub struct SshTargetPublicKeyAuth {}
method default (line 58) | fn default() -> Self {
type TargetHTTPOptions (line 64) | pub struct TargetHTTPOptions {
type Tls (line 79) | pub struct Tls {
method default (line 89) | fn default() -> Self {
type TargetMySqlOptions (line 98) | pub struct TargetMySqlOptions {
type TargetPostgresOptions (line 119) | pub struct TargetPostgresOptions {
type TargetKubernetesOptions (line 143) | pub struct TargetKubernetesOptions {
type KubernetesTargetAuth (line 157) | pub enum KubernetesTargetAuth {
type KubernetesTargetTokenAuth (line 165) | pub struct KubernetesTargetTokenAuth {
method default (line 170) | fn default() -> Self {
type Target (line 176) | pub struct Target {
type TargetOptions (line 191) | pub enum TargetOptions {
FILE: warpgate-common/src/config_schema.rs
function main (line 4) | fn main() {
FILE: warpgate-common/src/consts.rs
constant TICKET_SELECTOR_PREFIX (line 1) | pub const TICKET_SELECTOR_PREFIX: &str = "ticket-";
FILE: warpgate-common/src/error.rs
type WarpgateError (line 13) | pub enum WarpgateError {
method other (line 83) | pub fn other<E: Error + Send + Sync + 'static>(err: E) -> Self {
method status (line 69) | fn status(&self) -> poem::http::StatusCode {
method meta (line 89) | fn meta() -> poem_openapi::registry::MetaResponses {
method register (line 93) | fn register(registry: &mut poem_openapi::registry::Registry) {
FILE: warpgate-common/src/eventhub.rs
type EventSender (line 8) | pub struct EventSender<E> {
method clone (line 13) | fn clone(&self) -> Self {
function cleanup_subscriptions (line 21) | async fn cleanup_subscriptions(&self) -> MutexGuard<'_, SubscriptionStor...
function send_all (line 29) | pub async fn send_all(&'h self, event: E) -> Result<(), SendError<E>> {
function send_once (line 46) | pub async fn send_once(&'h self, event: E) -> Result<(), SendError<E>> {
type EventSubscription (line 59) | pub struct EventSubscription<E>(UnboundedReceiver<E>);
function recv (line 62) | pub async fn recv(&mut self) -> Option<E> {
type SubscriptionStoreInner (line 67) | type SubscriptionStoreInner<E> = Vec<(Box<dyn Fn(&E) -> bool + Send>, Un...
type SubscriptionStore (line 68) | type SubscriptionStore<E> = Arc<Mutex<SubscriptionStoreInner<E>>>;
type EventHub (line 70) | pub struct EventHub<E: Send> {
function setup (line 75) | pub fn setup() -> (Self, EventSender<E>) {
function subscribe (line 85) | pub async fn subscribe<F: Fn(&E) -> bool + Send + 'static>(
FILE: warpgate-common/src/helpers/fs.rs
function maybe_apply_permissions (line 6) | fn maybe_apply_permissions<P: AsRef<Path>>(
function warn_failure (line 17) | fn warn_failure(e: &std::io::Error) {
function secure_directory (line 22) | pub fn secure_directory<P: AsRef<Path>>(path: P) -> std::io::Result<()> {
function secure_file (line 27) | pub fn secure_file<P: AsRef<Path>>(path: P) -> std::io::Result<()> {
FILE: warpgate-common/src/helpers/hash.rs
function hash_password (line 10) | pub fn hash_password(password: &str) -> String {
function parse_hash (line 21) | pub fn parse_hash(hash: &str) -> Result<PasswordHash<'_>, Error> {
function verify_password_hash (line 25) | pub fn verify_password_hash(password: &str, hash: &str) -> Result<bool> {
function generate_ticket_secret (line 34) | pub fn generate_ticket_secret() -> Secret<String> {
FILE: warpgate-common/src/helpers/locks.rs
function log_state (line 14) | fn log_state() {
type MutexGuard (line 24) | pub struct MutexGuard<'a, T> {
function new (line 30) | pub fn new(inner: tokio::sync::MutexGuard<'a, T>, poisoned: &'a AtomicBo...
function identity (line 41) | fn identity(&self) -> String {
type Target (line 51) | type Target = T;
method deref (line 53) | fn deref(&self) -> &Self::Target {
method deref_mut (line 59) | fn deref_mut(&mut self) -> &mut Self::Target {
method drop (line 65) | fn drop(&mut self) {
type Mutex (line 84) | pub struct Mutex<T> {
function new (line 90) | pub fn new(data: T) -> Self {
function lock (line 97) | pub async fn lock(&self) -> MutexGuard<'_, T> {
function _lock (line 102) | async fn _lock(&self) -> MutexGuard<'_, T> {
FILE: warpgate-common/src/helpers/otp.rs
type OtpExposedSecretKey (line 9) | pub type OtpExposedSecretKey = Vec<u8>;
type OtpSecretKey (line 10) | pub type OtpSecretKey = Secret<OtpExposedSecretKey>;
function generate_key (line 12) | pub fn generate_key() -> OtpSecretKey {
function generate_setup_url (line 16) | pub fn generate_setup_url(key: &OtpSecretKey, label: &str) -> Secret<Str...
function get_totp (line 21) | fn get_totp(key: &OtpSecretKey, label: Option<&str>) -> TOTP {
function verify_totp (line 33) | pub fn verify_totp(code: &str, key: &OtpSecretKey) -> bool {
FILE: warpgate-common/src/helpers/rng.rs
function get_crypto_rng (line 4) | pub fn get_crypto_rng() -> ChaCha20Rng {
FILE: warpgate-common/src/helpers/serde_base64.rs
function serialize (line 4) | pub fn serialize<S: Serializer, B: AsRef<[u8]>>(
function deserialize (line 11) | pub fn deserialize<'de, D: serde::Deserializer<'de>, B: From<Vec<u8>>>(
FILE: warpgate-common/src/helpers/serde_base64_secret.rs
function serialize (line 6) | pub fn serialize<S: Serializer>(
function deserialize (line 13) | pub fn deserialize<'de, D: serde::Deserializer<'de>>(
FILE: warpgate-common/src/helpers/websocket.rs
type TungsteniteCompatibleWebsocketMessage (line 7) | pub trait TungsteniteCompatibleWebsocketMessage {
method to_tungstenite_message (line 8) | fn to_tungstenite_message(self) -> tungstenite::Message;
method from_tungstenite_message (line 9) | fn from_tungstenite_message(m: tungstenite::Message) -> Self;
method to_tungstenite_message (line 13) | fn to_tungstenite_message(self) -> tungstenite::Message {
method from_tungstenite_message (line 28) | fn from_tungstenite_message(msg: tungstenite::Message) -> Self {
method to_tungstenite_message (line 43) | fn to_tungstenite_message(self) -> tungstenite::Message {
method from_tungstenite_message (line 60) | fn from_tungstenite_message(msg: tungstenite::Message) -> Self {
method to_tungstenite_message (line 79) | fn to_tungstenite_message(self) -> tungstenite::Message {
method from_tungstenite_message (line 83) | fn from_tungstenite_message(msg: tungstenite::Message) -> Self {
function pump_websocket (line 88) | pub async fn pump_websocket<
FILE: warpgate-common/src/state.rs
type GlobalParams (line 6) | pub struct GlobalParams {
method new (line 13) | pub fn new(config_path: PathBuf, should_secure_files: bool) -> anyhow:...
method config_path (line 24) | pub fn config_path(&self) -> &PathBuf {
method paths_relative_to (line 28) | pub fn paths_relative_to(&self) -> &PathBuf {
method should_secure_files (line 32) | pub fn should_secure_files(&self) -> bool {
FILE: warpgate-common/src/try_macro.rs
function test_catch (line 31) | fn test_catch() {
function test_success (line 45) | fn test_success() {
FILE: warpgate-common/src/types/aliases.rs
type SessionId (line 3) | pub type SessionId = Uuid;
type ProtocolName (line 4) | pub type ProtocolName = &'static str;
FILE: warpgate-common/src/types/listen_endpoint.rs
type ListenEndpoint (line 16) | pub struct ListenEndpoint(SocketAddr);
method address (line 19) | pub fn address(&self) -> SocketAddr {
method addresses_to_listen_on (line 23) | pub fn addresses_to_listen_on(&self) -> Result<Vec<SocketAddr>, Warpga...
method tcp_listeners (line 43) | pub async fn tcp_listeners(&self) -> Result<Vec<TcpListener>, Warpgate...
method poem_listener (line 53) | pub async fn poem_listener(&self) -> Result<poem::listener::BoxListene...
method tcp_accept_stream (line 68) | pub async fn tcp_accept_stream(
method port (line 80) | pub fn port(&self) -> u16 {
method from (line 86) | fn from(addr: SocketAddr) -> Self {
method deserialize (line 92) | fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
method serialize (line 113) | fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
method fmt (line 122) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-common/src/types/secret.rs
type Secret (line 15) | pub struct Secret<T>(T);
function random (line 18) | pub fn random() -> Self {
function new (line 24) | pub const fn new(v: T) -> Self {
function expose_secret (line 28) | pub fn expose_secret(&self) -> &T {
function from (line 34) | fn from(v: T) -> Self {
function deserialize (line 43) | fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
method serialize (line 56) | fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
method fmt (line 65) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
constant IS_REQUIRED (line 71) | const IS_REQUIRED: bool = T::IS_REQUIRED;
type RawValueType (line 72) | type RawValueType = T::RawValueType;
type RawElementValueType (line 73) | type RawElementValueType = T::RawElementValueType;
function name (line 75) | fn name() -> Cow<'static, str> {
function schema_ref (line 78) | fn schema_ref() -> MetaSchemaRef {
function register (line 81) | fn register(registry: &mut Registry) {
method parse_from_json (line 98) | fn parse_from_json(value: Option<serde_json::Value>) -> poem_openapi::ty...
method to_json (line 106) | fn to_json(&self) -> Option<serde_json::Value> {
FILE: warpgate-common/src/version.rs
function warpgate_version (line 3) | pub fn warpgate_version() -> &'static str {
FILE: warpgate-core/src/auth_state_store.rs
type AuthCompletionSignal (line 16) | struct AuthCompletionSignal {
method is_expired (line 22) | pub fn is_expired(&self) -> bool {
type AuthStateStore (line 27) | pub struct AuthStateStore {
method new (line 35) | pub fn new(config_provider: Arc<Mutex<ConfigProviderEnum>>) -> Self {
method contains_key (line 44) | pub fn contains_key(&self, id: &Uuid) -> bool {
method all_pending_web_auths_for_user (line 48) | pub async fn all_pending_web_auths_for_user(
method get (line 71) | pub fn get(&self, id: &Uuid) -> Option<Arc<Mutex<AuthState>>> {
method subscribe_web_auth_request (line 75) | pub fn subscribe_web_auth_request(&self) -> broadcast::Receiver<Uuid> {
method create (line 79) | pub async fn create(
method subscribe (line 136) | pub fn subscribe(&mut self, id: Uuid) -> broadcast::Receiver<AuthResul...
method complete (line 148) | pub async fn complete(&mut self, id: &Uuid) {
method vacuum (line 157) | pub async fn vacuum(&mut self) {
FILE: warpgate-core/src/config_providers/db.rs
type DatabaseConfigProvider (line 28) | pub struct DatabaseConfigProvider {
method new (line 33) | pub async fn new(db: &Arc<Mutex<DatabaseConnection>>) -> Self {
method sync_ldap_ssh_keys (line 37) | async fn sync_ldap_ssh_keys(
method maybe_autocreate_sso_user (line 118) | async fn maybe_autocreate_sso_user(
method list_users (line 209) | async fn list_users(&mut self) -> Result<Vec<User>, WarpgateError> {
method list_targets (line 222) | async fn list_targets(&mut self) -> Result<Vec<Target>, WarpgateError> {
method get_credential_policy (line 235) | async fn get_credential_policy(
method username_for_sso_credential (line 334) | async fn username_for_sso_credential(
method validate_credential (line 390) | async fn validate_credential(
method authorize_target (line 503) | async fn authorize_target(
method apply_sso_role_mappings (line 553) | async fn apply_sso_role_mappings(
method apply_sso_admin_role_mappings (line 615) | async fn apply_sso_admin_role_mappings(
method update_public_key_last_used (line 674) | async fn update_public_key_last_used(
method validate_api_token (line 728) | async fn validate_api_token(&mut self, token: &str) -> Result<Option<Use...
FILE: warpgate-core/src/config_providers/mod.rs
type ConfigProviderEnum (line 17) | pub enum ConfigProviderEnum {
type ConfigProvider (line 23) | pub trait ConfigProvider {
method list_users (line 24) | async fn list_users(&mut self) -> Result<Vec<User>, WarpgateError>;
method list_targets (line 26) | async fn list_targets(&mut self) -> Result<Vec<Target>, WarpgateError>;
method validate_credential (line 28) | async fn validate_credential(
method username_for_sso_credential (line 34) | async fn username_for_sso_credential(
method apply_sso_role_mappings (line 41) | async fn apply_sso_role_mappings(
method apply_sso_admin_role_mappings (line 49) | async fn apply_sso_admin_role_mappings(
method get_credential_policy (line 56) | async fn get_credential_policy(
method authorize_target (line 62) | async fn authorize_target(
method update_public_key_last_used (line 68) | async fn update_public_key_last_used(
method validate_api_token (line 73) | async fn validate_api_token(&mut self, token: &str) -> Result<Option<U...
function authorize_ticket (line 77) | pub async fn authorize_ticket(
function consume_ticket (line 121) | pub async fn consume_ticket(
FILE: warpgate-core/src/data.rs
type SessionSnapshot (line 9) | pub struct SessionSnapshot {
method from (line 20) | fn from(model: Session::Model) -> Self {
FILE: warpgate-core/src/db/mod.rs
function connect_to_db (line 17) | pub async fn connect_to_db(
function populate_db (line 62) | pub async fn populate_db(
function cleanup_db (line 92) | pub async fn cleanup_db(
FILE: warpgate-core/src/logging/database.rs
function make_database_logger_layer (line 19) | pub fn make_database_logger_layer<S>() -> impl Layer<S>
function install_database_logger (line 33) | pub fn install_database_logger(database: Arc<Mutex<DatabaseConnection>>) {
function values_to_log_entry_data (line 54) | fn values_to_log_entry_data(mut values: SerializedRecordValues) -> Optio...
FILE: warpgate-core/src/logging/json_console.rs
type JsonLogEntry (line 14) | struct JsonLogEntry {
type JsonConsoleLayer (line 23) | pub struct JsonConsoleLayer;
method on_event (line 29) | fn on_event(&self, event: &Event<'_>, ctx: Context<'_, S>) {
method on_new_span (line 80) | fn on_new_span(
function make_json_console_logger_layer (line 98) | pub fn make_json_console_logger_layer<S>() -> impl Layer<S>
function level_to_str (line 105) | fn level_to_str(level: &Level) -> &'static str {
FILE: warpgate-core/src/logging/layer.rs
type ValuesLogLayer (line 7) | pub struct ValuesLogLayer<C>
function new (line 18) | pub fn new(callback: C) -> Self {
function on_new_span (line 29) | fn on_new_span(
function on_event (line 45) | fn on_event(&self, event: &Event<'_>, ctx: Context<'_, S>) {
FILE: warpgate-core/src/logging/socket.rs
function make_socket_logger_layer (line 14) | pub async fn make_socket_logger_layer<S>(config: &WarpgateConfig) -> imp...
FILE: warpgate-core/src/logging/values.rs
type SerializedRecordValuesInner (line 9) | pub type SerializedRecordValuesInner = HashMap<&'static str, String>;
type SerializedRecordValues (line 12) | pub struct SerializedRecordValues(SerializedRecordValuesInner);
method new (line 15) | pub fn new() -> Self {
method into_values (line 19) | pub fn into_values(self) -> SerializedRecordValuesInner {
type Target (line 25) | type Target = SerializedRecordValuesInner;
method deref (line 27) | fn deref(&self) -> &Self::Target {
method deref_mut (line 33) | fn deref_mut(&mut self) -> &mut Self::Target {
type RecordVisitor (line 38) | pub struct RecordVisitor<'a> {
function new (line 43) | pub fn new(values: &'a mut SerializedRecordValues) -> Self {
method record_str (line 49) | fn record_str(&mut self, field: &Field, value: &str) {
method record_debug (line 53) | fn record_debug(&mut self, field: &Field, value: &dyn Debug) {
FILE: warpgate-core/src/protocols/handle.rs
type SessionHandle (line 13) | pub trait SessionHandle {
method close (line 14) | fn close(&mut self);
type WarpgateServerHandle (line 18) | pub struct WarpgateServerHandle {
method new (line 27) | pub fn new(
method id (line 43) | pub fn id(&self) -> SessionId {
method session_state (line 47) | pub fn session_state(&self) -> &Arc<Mutex<SessionState>> {
method set_user_info (line 51) | pub async fn set_user_info(&self, user_info: AuthStateUserInfo) -> Res...
method set_target (line 78) | pub async fn set_target(&self, target: &Target) -> Result<(), Warpgate...
method wrap_stream (line 106) | pub async fn wrap_stream(
method update_rate_limiters (line 121) | async fn update_rate_limiters(&self) -> Result<(), WarpgateError> {
method drop (line 130) | fn drop(&mut self) {
FILE: warpgate-core/src/protocols/mod.rs
type TargetTestError (line 12) | pub enum TargetTestError {
type ProtocolServer (line 27) | pub trait ProtocolServer {
method name (line 28) | fn name(&self) -> &'static str;
method run (line 29) | fn run(self, address: ListenEndpoint) -> impl Future<Output = Result<(...
FILE: warpgate-core/src/rate_limiting/limiter.rs
function new_rate_limiter (line 11) | pub fn new_rate_limiter(bytes_per_second: NonZeroU32) -> InnerRateLimiter {
function assert_valid_quota (line 30) | pub fn assert_valid_quota(v: u32) -> Result<NonZeroU32, WarpgateError> {
type WarpgateRateLimiter (line 41) | pub struct WarpgateRateLimiter {
method now (line 54) | pub fn now() -> QuantaInstant {
method unlimited (line 58) | pub fn unlimited() -> SharedWarpgateRateLimiter {
method limited (line 62) | pub fn limited(bytes_per_second: NonZeroU32) -> SharedWarpgateRateLimi...
method new (line 71) | pub fn new(bytes_per_second: Option<u32>) -> Result<SharedWarpgateRate...
method replace (line 78) | pub fn replace(&mut self, bytes_per_second: Option<u32>) -> Result<(),...
method bytes_ready_at (line 92) | pub fn bytes_ready_at(
method share (line 110) | fn share(self) -> SharedWarpgateRateLimiter {
method fmt (line 46) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-core/src/rate_limiting/mod.rs
type RateLimiterDirection (line 43) | pub enum RateLimiterDirection {
type InnerRateLimiter (line 48) | pub type InnerRateLimiter = DefaultKeyedRateLimiter<RateLimiterDirection>;
FILE: warpgate-core/src/rate_limiting/registry.rs
type RateLimiterRegistry (line 15) | pub struct RateLimiterRegistry {
method new (line 23) | pub fn new(db: Arc<Mutex<DatabaseConnection>>) -> Self {
method refresh (line 33) | pub async fn refresh(&mut self) -> Result<(), WarpgateError> {
method global (line 48) | pub fn global(&self) -> SharedWarpgateRateLimiter {
method global_quota (line 52) | async fn global_quota(&mut self) -> Result<Option<u32>, WarpgateError> {
method user (line 58) | pub async fn user(
method quota_for_user (line 71) | async fn quota_for_user(&self, user_id: &Uuid) -> Result<Option<u32>, ...
method target (line 79) | pub async fn target(
method quota_for_target (line 92) | async fn quota_for_target(&self, target_id: &Uuid) -> Result<Option<u3...
method update_all_rate_limiters (line 100) | pub async fn update_all_rate_limiters(
method update_rate_limiters (line 122) | pub async fn update_rate_limiters(
method apply_new_rate_limits (line 151) | pub async fn apply_new_rate_limits(&mut self, state: &mut State) -> Re...
FILE: warpgate-core/src/rate_limiting/shared_limiter.rs
type SharedWarpgateRateLimiter (line 8) | pub struct SharedWarpgateRateLimiter {
method new (line 13) | pub(crate) fn new(limiter: WarpgateRateLimiter) -> Self {
method lock (line 19) | pub fn lock(&self) -> SharedWarpgateRateLimiterGuard<'_> {
type SharedWarpgateRateLimiterGuard (line 27) | pub struct SharedWarpgateRateLimiterGuard<'a> {
function new (line 34) | pub fn new(inner: std::sync::MutexGuard<'a, WarpgateRateLimiter>) -> Self {
type Target (line 43) | type Target = WarpgateRateLimiter;
method deref (line 45) | fn deref(&self) -> &Self::Target {
method deref_mut (line 51) | fn deref_mut(&mut self) -> &mut Self::Target {
FILE: warpgate-core/src/rate_limiting/stack.rs
type RateLimiterStackHandle (line 10) | pub struct RateLimiterStackHandle {
function stack_rate_limiters (line 16) | pub fn stack_rate_limiters<S: AsyncRead + AsyncWrite + Unpin + Send>(
FILE: warpgate-core/src/rate_limiting/stream.rs
type WaitFuture (line 16) | type WaitFuture = Pin<Box<dyn Future<Output = ()> + Send>>;
type PendingWaitState (line 18) | enum PendingWaitState {
type PendingWait (line 32) | struct PendingWait {
method new (line 38) | pub fn new(direction: RateLimiterDirection) -> Self {
method poll_rate_limit (line 45) | fn poll_rate_limit(
method reset (line 98) | pub fn reset(&mut self, last_chunk_size: usize) {
type RateLimitedStream (line 107) | pub struct RateLimitedStream<T> {
function new (line 115) | pub fn new(inner: T, limiter: SwappableLimiterCell) -> Self {
function new_unlimited (line 124) | pub fn new_unlimited(inner: T) -> (Self, SwappableLimiterCellHandle) {
function poll_read_nowait (line 140) | fn poll_read_nowait(
function poll_write_nowait (line 157) | fn poll_write_nowait(
method poll_read (line 175) | fn poll_read(
method poll_write (line 195) | fn poll_write(
method poll_flush (line 214) | fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Result...
method poll_shutdown (line 218) | fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Res...
FILE: warpgate-core/src/rate_limiting/swappable_cell.rs
type SwappableLimiterCellHandle (line 8) | pub struct SwappableLimiterCellHandle {
method replace (line 13) | pub fn replace(&self, limiter: Option<SharedWarpgateRateLimiter>) {
type SwappableLimiterCell (line 21) | pub struct SwappableLimiterCell {
method empty (line 28) | pub fn empty() -> Self {
method handle (line 37) | pub fn handle(&self) -> SwappableLimiterCellHandle {
method _maybe_update (line 43) | fn _maybe_update(&mut self) {
method bytes_ready_at (line 51) | pub fn bytes_ready_at(
FILE: warpgate-core/src/recordings/mod.rs
type Error (line 23) | pub enum Error {
type Result (line 43) | pub type Result<T> = std::result::Result<T, Error>;
type Recorder (line 45) | pub trait Recorder {
method kind (line 46) | fn kind() -> RecordingKind;
method new (line 47) | fn new(writer: RecordingWriter) -> Self;
type SessionRecordings (line 50) | pub struct SessionRecordings {
method new (line 59) | pub fn new(
method start (line 82) | pub async fn start<T, M>(
method subscribe_live (line 142) | pub async fn subscribe_live(&self, id: &Uuid) -> Option<broadcast::Rec...
method remove (line 147) | pub async fn remove(&self, session_id: &SessionId, name: &str) -> Resu...
method path_for (line 163) | pub fn path_for<P: AsRef<Path>>(&self, session_id: &SessionId, name: P...
FILE: warpgate-core/src/recordings/terminal.rs
type AsciiCast (line 11) | pub enum AsciiCast {
method from (line 59) | fn from(item: TerminalRecordingItem) -> Self {
type TerminalRecordingStreamId (line 23) | pub enum TerminalRecordingStreamId {
method from_usual_fd_number (line 31) | pub fn from_usual_fd_number(fd: u8) -> Option<Self> {
type TerminalRecordingItem (line 43) | pub enum TerminalRecordingItem {
type TerminalRecorder (line 81) | pub struct TerminalRecorder {
method get_time (line 87) | fn get_time(&self) -> f32 {
method write_item (line 91) | async fn write_item(&mut self, item: &TerminalRecordingItem) -> Result...
method write (line 98) | pub async fn write(&mut self, stream: TerminalRecordingStreamId, data:...
method write_pty_resize (line 107) | pub async fn write_pty_resize(&mut self, cols: u32, rows: u32) -> Resu...
method kind (line 118) | fn kind() -> RecordingKind {
method new (line 122) | fn new(writer: RecordingWriter) -> Self {
FILE: warpgate-core/src/recordings/traffic.rs
type TrafficRecorder (line 14) | pub struct TrafficRecorder {
method connection (line 33) | pub fn connection(&mut self, params: TrafficConnectionParams) -> Conne...
type TrafficConnectionParams (line 20) | pub enum TrafficConnectionParams {
method kind (line 39) | fn kind() -> RecordingKind {
method new (line 43) | fn new(writer: RecordingWriter) -> Self {
type ConnectionRecorder (line 51) | pub struct ConnectionRecorder {
method new (line 60) | fn new(params: TrafficConnectionParams, writer: RecordingWriter, start...
method write_connection_setup (line 70) | pub async fn write_connection_setup(&mut self) -> Result<()> {
method write_packet (line 84) | async fn write_packet(&mut self, data: Bytes) -> Result<()> {
method write_rx (line 102) | pub async fn write_rx(&mut self, data: &[u8]) -> Result<()> {
method write_tx (line 121) | pub async fn write_tx(&mut self, data: &[u8]) -> Result<()> {
method ip_packet_tx (line 140) | fn ip_packet_tx<F>(&self, f: F) -> Result<Bytes>
method ip_packet_rx (line 158) | fn ip_packet_rx<F>(&self, f: F) -> Result<Bytes>
method tcp_packet_tx (line 176) | fn tcp_packet_tx<F>(&self, f: F) -> Result<Bytes>
method tcp_packet_rx (line 188) | fn tcp_packet_rx<F>(&self, f: F) -> Result<Bytes>
method tcp_init (line 200) | fn tcp_init(&mut self) -> Result<(Bytes, Bytes, Bytes)> {
FILE: warpgate-core/src/recordings/writer.rs
type RecordingWriter (line 20) | pub struct RecordingWriter {
method new (line 27) | pub(crate) async fn new(
method write (line 111) | pub async fn write(&mut self, data: &[u8]) -> Result<()> {
method drop (line 123) | fn drop(&mut self) {
FILE: warpgate-core/src/services.rs
type Services (line 15) | pub struct Services {
method new (line 28) | pub async fn new(
FILE: warpgate-core/src/state.rs
type State (line 17) | pub struct State {
method new (line 25) | pub fn new(
method register_session (line 38) | pub async fn register_session(
method subscribe (line 89) | pub fn subscribe(&mut self) -> broadcast::Receiver<()> {
method remove_session (line 93) | pub async fn remove_session(&mut self, id: SessionId) {
method mark_session_complete (line 103) | async fn mark_session_complete(&mut self, id: Uuid) -> Result<()> {
type SessionState (line 117) | pub struct SessionState {
method new (line 132) | fn new(init: SessionStateInit, change_sender: broadcast::Sender<()>) -...
method emit_change (line 143) | pub fn emit_change(&self) {
type SessionStateInit (line 126) | pub struct SessionStateInit {
FILE: warpgate-database-protocols/src/error.rs
type Result (line 10) | pub type Result<T> = StdResult<T, Error>;
type BoxDynError (line 14) | pub type BoxDynError = Box<dyn StdError + 'static + Send + Sync>;
type UnexpectedNullError (line 22) | pub struct UnexpectedNullError;
type Error (line 27) | pub enum Error {
method protocol (line 104) | pub(crate) fn protocol(err: impl Display) -> Self {
method config (line 110) | pub(crate) fn config(err: impl StdError + Send + Sync + 'static) -> Se...
method from (line 174) | fn from(error: E) -> Self {
type DatabaseError (line 116) | pub trait DatabaseError: 'static + Send + Sync + StdError {
method message (line 118) | fn message(&self) -> &str;
method code (line 121) | fn code(&self) -> Option<Cow<'_, str>> {
method as_error (line 126) | fn as_error(&self) -> &(dyn StdError + Send + Sync + 'static);
method as_error_mut (line 129) | fn as_error_mut(&mut self) -> &mut (dyn StdError + Send + Sync + 'stat...
method into_error (line 132) | fn into_error(self: Box<Self>) -> Box<dyn StdError + Send + Sync + 'st...
method is_transient_in_connect_phase (line 135) | fn is_transient_in_connect_phase(&self) -> bool {
method constraint (line 144) | fn constraint(&self) -> Option<&str> {
function try_downcast_ref (line 153) | pub fn try_downcast_ref<E: DatabaseError>(&self) -> Option<&E> {
function try_downcast (line 159) | pub fn try_downcast<E: DatabaseError>(self: Box<Self>) -> StdResult<Box<...
FILE: warpgate-database-protocols/src/io/buf.rs
type BufExt (line 9) | pub trait BufExt: Buf {
method get_bytes_nul (line 11) | fn get_bytes_nul(&mut self) -> Result<Bytes, Error>;
method get_bytes (line 14) | fn get_bytes(&mut self, len: usize) -> Bytes;
method get_str_nul (line 17) | fn get_str_nul(&mut self) -> Result<String, Error>;
method get_str (line 20) | fn get_str(&mut self, len: usize) -> Result<String, Error>;
method get_bytes_nul (line 24) | fn get_bytes_nul(&mut self) -> Result<Bytes, Error> {
method get_bytes (line 35) | fn get_bytes(&mut self, len: usize) -> Bytes {
method get_str_nul (line 42) | fn get_str_nul(&mut self) -> Result<String, Error> {
method get_str (line 50) | fn get_str(&mut self, len: usize) -> Result<String, Error> {
FILE: warpgate-database-protocols/src/io/buf_mut.rs
type BufMutExt (line 3) | pub trait BufMutExt: BufMut {
method put_str_nul (line 4) | fn put_str_nul(&mut self, s: &str);
method put_str_nul (line 8) | fn put_str_nul(&mut self, s: &str) {
FILE: warpgate-database-protocols/src/io/buf_stream.rs
type BufStream (line 15) | pub struct BufStream<S>
function new (line 33) | pub fn new(stream: S) -> Self {
function write (line 41) | pub fn write<'en, T>(&mut self, value: T)
function write_with (line 48) | pub fn write_with<'en, T, C>(&mut self, value: T, context: C)
function flush (line 55) | pub fn flush(&mut self) -> WriteAndFlush<'_, S> {
function read (line 62) | pub async fn read<'de, T>(&mut self, cnt: usize) -> Result<T, Error>
function read_with (line 69) | pub async fn read_with<'de, T, C>(&mut self, cnt: usize, context: C) -> ...
function read_raw (line 76) | pub async fn read_raw(&mut self, cnt: usize) -> Result<BytesMut, Error> {
function read_raw_into (line 83) | pub async fn read_raw_into(&mut self, buf: &mut BytesMut, cnt: usize) ->...
function take (line 87) | pub fn take(self) -> S {
type Target (line 96) | type Target = S;
method deref (line 98) | fn deref(&self) -> &Self::Target {
method deref_mut (line 107) | fn deref_mut(&mut self) -> &mut Self::Target {
type BufTruncator (line 115) | struct BufTruncator<'a> {
function new (line 121) | fn new(buf: &'a mut BytesMut) -> Self {
function reserve (line 125) | fn reserve(&mut self, space: usize) {
function read (line 128) | async fn read<S: AsyncRead + Unpin>(&mut self, stream: &mut S) -> Result...
function is_full (line 133) | fn is_full(&self) -> bool {
method drop (line 139) | fn drop(&mut self) {
function read_raw_into (line 144) | async fn read_raw_into<S: AsyncRead + Unpin>(
FILE: warpgate-database-protocols/src/io/decode.rs
type Decode (line 5) | pub trait Decode<'de, Context = ()>
method decode (line 9) | fn decode(buf: Bytes) -> Result<Self, Error>
method decode_with (line 16) | fn decode_with(buf: Bytes, context: Context) -> Result<Self, Error>;
method decode_with (line 20) | fn decode_with(buf: Bytes, _: ()) -> Result<Self, Error> {
function decode_with (line 26) | fn decode_with(_: Bytes, _: ()) -> Result<(), Error> {
FILE: warpgate-database-protocols/src/io/encode.rs
type Encode (line 1) | pub trait Encode<'en, Context = ()> {
method encode (line 2) | fn encode(&self, buf: &mut Vec<u8>)
method encode_with (line 9) | fn encode_with(&self, buf: &mut Vec<u8>, context: Context);
function encode_with (line 13) | fn encode_with(&self, buf: &mut Vec<u8>, _: C) {
FILE: warpgate-database-protocols/src/io/write_and_flush.rs
type WriteAndFlush (line 13) | pub struct WriteAndFlush<'a, S> {
type Output (line 19) | type Output = Result<(), Error>;
method poll (line 21) | fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Ou...
method drop (line 43) | fn drop(&mut self) {
FILE: warpgate-database-protocols/src/mysql/collation.rs
type CharSet (line 7) | pub(crate) enum CharSet {
method as_str (line 52) | pub(crate) fn as_str(&self) -> &'static str {
method default_collation (line 98) | pub(crate) fn default_collation(&self) -> Collation {
type Err (line 146) | type Err = Error;
method from_str (line 148) | fn from_str(char_set: &str) -> Result<Self, Self::Err> {
type Collation (line 204) | pub(crate) enum Collation {
method as_str (line 432) | pub(crate) fn as_str(&self) -> &'static str {
type Err (line 665) | type Err = Error;
method from_str (line 667) | fn from_str(collation: &str) -> Result<Self, Self::Err> {
FILE: warpgate-database-protocols/src/mysql/io/buf.rs
type MySqlBufExt (line 6) | pub trait MySqlBufExt: Buf {
method get_uint_lenenc (line 11) | fn get_uint_lenenc(&mut self) -> u64;
method get_str_lenenc (line 14) | fn get_str_lenenc(&mut self) -> Result<String, Error>;
method get_bytes_lenenc (line 17) | fn get_bytes_lenenc(&mut self) -> Bytes;
method get_uint_lenenc (line 21) | fn get_uint_lenenc(&mut self) -> u64 {
method get_str_lenenc (line 31) | fn get_str_lenenc(&mut self) -> Result<String, Error> {
method get_bytes_lenenc (line 36) | fn get_bytes_lenenc(&mut self) -> Bytes {
FILE: warpgate-database-protocols/src/mysql/io/buf_mut.rs
type MySqlBufMutExt (line 3) | pub trait MySqlBufMutExt: BufMut {
method put_uint_lenenc (line 4) | fn put_uint_lenenc(&mut self, v: u64);
method put_str_lenenc (line 6) | fn put_str_lenenc(&mut self, v: &str);
method put_bytes_lenenc (line 8) | fn put_bytes_lenenc(&mut self, v: &[u8]);
method put_uint_lenenc (line 12) | fn put_uint_lenenc(&mut self, v: u64) {
method put_str_lenenc (line 30) | fn put_str_lenenc(&mut self, v: &str) {
method put_bytes_lenenc (line 34) | fn put_bytes_lenenc(&mut self, v: &[u8]) {
function test_encodes_int_lenenc_u8 (line 41) | fn test_encodes_int_lenenc_u8() {
function test_encodes_int_lenenc_u16 (line 49) | fn test_encodes_int_lenenc_u16() {
function test_encodes_int_lenenc_u24 (line 57) | fn test_encodes_int_lenenc_u24() {
function test_encodes_int_lenenc_u64 (line 65) | fn test_encodes_int_lenenc_u64() {
function test_encodes_int_lenenc_fb (line 73) | fn test_encodes_int_lenenc_fb() {
function test_encodes_int_lenenc_fc (line 81) | fn test_encodes_int_lenenc_fc() {
function test_encodes_int_lenenc_fd (line 89) | fn test_encodes_int_lenenc_fd() {
function test_encodes_int_lenenc_fe (line 97) | fn test_encodes_int_lenenc_fe() {
function test_encodes_int_lenenc_ff (line 105) | fn test_encodes_int_lenenc_ff() {
function test_encodes_string_lenenc (line 113) | fn test_encodes_string_lenenc() {
function test_encodes_byte_lenenc (line 121) | fn test_encodes_byte_lenenc() {
FILE: warpgate-database-protocols/src/mysql/protocol/auth.rs
type AuthPlugin (line 8) | pub enum AuthPlugin {
method name (line 16) | pub(crate) fn name(self) -> &'static str {
type Err (line 27) | type Err = Error;
method from_str (line 29) | fn from_str(s: &str) -> Result<Self, Self::Err> {
FILE: warpgate-database-protocols/src/mysql/protocol/connect/auth_switch.rs
type AuthSwitchRequest (line 12) | pub struct AuthSwitchRequest {
method decode_with (line 18) | fn decode_with(mut buf: Bytes, _: ()) -> Result<Self, Error> {
method encode_with (line 44) | fn encode_with(&self, buf: &mut Vec<u8>, _: ()) {
type AuthSwitchResponse (line 52) | pub struct AuthSwitchResponse(pub Vec<u8>);
method encode_with (line 55) | fn encode_with(&self, buf: &mut Vec<u8>, _: Capabilities) {
FILE: warpgate-database-protocols/src/mysql/protocol/connect/handshake.rs
type Handshake (line 14) | pub struct Handshake {
method decode_with (line 30) | fn decode_with(mut buf: Bytes, _: ()) -> Result<Self, Error> {
method encode_with (line 93) | fn encode_with(&self, buf: &mut Vec<u8>, _: ()) {
function test_decode_handshake_mysql_8_0_18 (line 130) | fn test_decode_handshake_mysql_8_0_18() {
function test_decode_handshake_mariadb_10_4_7 (line 185) | fn test_decode_handshake_mariadb_10_4_7() {
FILE: warpgate-database-protocols/src/mysql/protocol/connect/handshake_response.rs
type HandshakeResponse (line 16) | pub struct HandshakeResponse {
method encode_with (line 36) | fn encode_with(&self, buf: &mut Vec<u8>, mut capabilities: Capabilitie...
method decode_with (line 87) | fn decode_with(mut buf: Bytes, server_capabilities: &mut Capabilities)...
FILE: warpgate-database-protocols/src/mysql/protocol/connect/ssl_request.rs
type SslRequest (line 8) | pub struct SslRequest {
method encode_with (line 14) | fn encode_with(&self, buf: &mut Vec<u8>, capabilities: Capabilities) {
FILE: warpgate-database-protocols/src/mysql/protocol/packet.rs
type Packet (line 11) | pub struct Packet<T>(pub T);
function encode_with (line 17) | fn encode_with(
function decode (line 45) | pub(crate) fn decode<'de, T>(self) -> Result<T, Error>
function decode_with (line 52) | pub(crate) fn decode_with<'de, T, C>(self, context: C) -> Result<T, Error>
function ok (line 59) | pub(crate) fn ok(self) -> Result<OkPacket, Error> {
function eof (line 63) | pub(crate) fn eof(self, capabilities: Capabilities) -> Result<EofPacket,...
type Target (line 78) | type Target = Bytes;
method deref (line 80) | fn deref(&self) -> &Bytes {
method deref_mut (line 86) | fn deref_mut(&mut self) -> &mut Bytes {
FILE: warpgate-database-protocols/src/mysql/protocol/response/eof.rs
type EofPacket (line 16) | pub struct EofPacket {
method decode_with (line 22) | fn decode_with(mut buf: Bytes, _: Capabilities) -> Result<Self, Error> {
FILE: warpgate-database-protocols/src/mysql/protocol/response/err.rs
type ErrPacket (line 13) | pub struct ErrPacket {
method decode_with (line 20) | fn decode_with(mut buf: Bytes, capabilities: Capabilities) -> Result<S...
method encode_with (line 51) | fn encode_with(&self, buf: &mut Vec<u8>, _: ()) {
function test_decode_err_packet_out_of_order (line 61) | fn test_decode_err_packet_out_of_order() {
function test_decode_err_packet_unknown_database (line 74) | fn test_decode_err_packet_unknown_database() {
FILE: warpgate-database-protocols/src/mysql/protocol/response/ok.rs
type OkPacket (line 11) | pub struct OkPacket {
method decode_with (line 19) | fn decode_with(mut buf: Bytes, _: ()) -> Result<Self, Error> {
method encode_with (line 43) | fn encode_with(&self, buf: &mut Vec<u8>, _: ()) {
function test_decode_ok_packet (line 54) | fn test_decode_ok_packet() {
FILE: warpgate-database-protocols/src/mysql/protocol/row.rs
type Row (line 6) | pub struct Row {
method get (line 12) | pub(crate) fn get(&self, index: usize) -> Option<&[u8]> {
FILE: warpgate-database-protocols/src/mysql/protocol/text/column.rs
type ColumnType (line 68) | pub enum ColumnType {
method name (line 167) | pub(crate) fn name(
method try_from_u16 (line 225) | pub(crate) fn try_from_u16(id: u8) -> Result<Self, Error> {
type ColumnDefinition (line 103) | pub struct ColumnDefinition {
method name (line 126) | pub(crate) fn name(&self) -> Result<&str, Error> {
method alias (line 130) | pub(crate) fn alias(&self) -> Result<&str, Error> {
method decode_with (line 136) | fn decode_with(mut buf: Bytes, _: Capabilities) -> Result<Self, Error> {
FILE: warpgate-database-protocols/src/mysql/protocol/text/ping.rs
type Ping (line 7) | pub struct Ping;
method encode_with (line 10) | fn encode_with(&self, buf: &mut Vec<u8>, _: Capabilities) {
FILE: warpgate-database-protocols/src/mysql/protocol/text/query.rs
type Query (line 10) | pub struct Query(pub String);
method encode_with (line 13) | fn encode_with(&self, buf: &mut Vec<u8>, _: ()) {
method encode_with (line 20) | fn encode_with(&self, buf: &mut Vec<u8>, _: Capabilities) {
method decode_with (line 27) | fn decode_with(mut buf: Bytes, _: ()) -> Result<Self, Error> {
FILE: warpgate-database-protocols/src/mysql/protocol/text/quit.rs
type Quit (line 7) | pub struct Quit;
method encode_with (line 10) | fn encode_with(&self, buf: &mut Vec<u8>, _: Capabilities) {
FILE: warpgate-db-entities/src/AdminRole.rs
type Model (line 11) | pub struct Model {
type Relation (line 46) | pub enum Relation {
method to (line 52) | fn to() -> RelationDef {
method via (line 56) | fn via() -> Option<RelationDef> {
function from (line 68) | fn from(model: Model) -> Self {
FILE: warpgate-db-entities/src/ApiToken.rs
type Model (line 9) | pub struct Model {
type Relation (line 20) | pub enum Relation {
method def (line 25) | fn def(&self) -> RelationDef {
method to (line 37) | fn to() -> RelationDef {
FILE: warpgate-db-entities/src/CertificateCredential.rs
type Model (line 11) | pub struct Model {
type Relation (line 23) | pub enum Relation {
method def (line 28) | fn def(&self) -> RelationDef {
method to (line 40) | fn to() -> RelationDef {
method from (line 48) | fn from(credential: Model) -> Self {
method from (line 56) | fn from(model: Model) -> Self {
method from (line 62) | fn from(credential: UserCertificateCredential) -> Self {
FILE: warpgate-db-entities/src/CertificateRevocation.rs
type Model (line 8) | pub struct Model {
type Relation (line 16) | pub enum Relation {}
FILE: warpgate-db-entities/src/KnownHost.rs
type Model (line 9) | pub struct Model {
method key_openssh (line 24) | pub fn key_openssh(&self) -> String {
type Relation (line 19) | pub enum Relation {}
FILE: warpgate-db-entities/src/LdapServer.rs
type Model (line 10) | pub struct Model {
type Relation (line 34) | pub enum Relation {}
type Error (line 39) | type Error = serde_json::Error;
function try_from (line 41) | fn try_from(server: &Model) -> Result<Self, Self::Error> {
type Error (line 69) | type Error = serde_json::Error;
function try_from (line 71) | fn try_from(server: Model) -> Result<Self, Self::Error> {
FILE: warpgate-db-entities/src/LogEntry.rs
type Model (line 11) | pub struct Model {
type Relation (line 22) | pub enum Relation {}
FILE: warpgate-db-entities/src/OtpCredential.rs
type Model (line 10) | pub struct Model {
type Relation (line 18) | pub enum Relation {
method def (line 23) | fn def(&self) -> RelationDef {
method to (line 35) | fn to() -> RelationDef {
method from (line 43) | fn from(credential: Model) -> Self {
method from (line 51) | fn from(model: Model) -> Self {
method from (line 57) | fn from(credential: UserTotpCredential) -> Self {
FILE: warpgate-db-entities/src/Parameters.rs
type Model (line 7) | pub struct Model {
type Relation (line 25) | pub enum Relation {}
method get (line 28) | pub async fn get(db: &DatabaseConnection) -> Result<Model, DbErr> {
FILE: warpgate-db-entities/src/PasswordCredential.rs
type Model (line 10) | pub struct Model {
type Relation (line 18) | pub enum Relation {
method def (line 23) | fn def(&self) -> RelationDef {
method to (line 35) | fn to() -> RelationDef {
type StrictModel (line 42) | pub struct StrictModel {
method from (line 48) | fn from(model: Model) -> Self {
method from (line 57) | fn from(credential: Model) -> Self {
method from (line 65) | fn from(model: Model) -> Self {
method from (line 71) | fn from(credential: UserPasswordCredential) -> Self {
FILE: warpgate-db-entities/src/PublicKeyCredential.rs
type Model (line 11) | pub struct Model {
type Relation (line 23) | pub enum Relation {
method def (line 28) | fn def(&self) -> RelationDef {
method to (line 40) | fn to() -> RelationDef {
method from (line 48) | fn from(credential: Model) -> Self {
method from (line 56) | fn from(model: Model) -> Self {
method from (line 62) | fn from(credential: UserPublicKeyCredential) -> Self {
FILE: warpgate-db-entities/src/Recording.rs
type RecordingKind (line 10) | pub enum RecordingKind {
type Model (line 22) | pub struct Model {
type Relation (line 35) | pub enum Relation {
method def (line 40) | fn def(&self) -> RelationDef {
method to (line 52) | fn to() -> RelationDef {
FILE: warpgate-db-entities/src/Role.rs
type Model (line 10) | pub struct Model {
type Relation (line 19) | pub enum Relation {}
method to (line 22) | fn to() -> RelationDef {
method via (line 26) | fn via() -> Option<RelationDef> {
method to (line 32) | fn to() -> RelationDef {
method via (line 36) | fn via() -> Option<RelationDef> {
method from (line 44) | fn from(model: Model) -> Self {
FILE: warpgate-db-entities/src/Session.rs
type Model (line 7) | pub struct Model {
type Relation (line 20) | pub enum Relation {
method def (line 26) | fn def(&self) -> RelationDef {
method to (line 42) | fn to() -> RelationDef {
FILE: warpgate-db-entities/src/SsoCredential.rs
type Model (line 10) | pub struct Model {
type Relation (line 19) | pub enum Relation {
method def (line 24) | fn def(&self) -> RelationDef {
method to (line 36) | fn to() -> RelationDef {
method from (line 44) | fn from(credential: Model) -> Self {
method from (line 53) | fn from(model: Model) -> Self {
method from (line 59) | fn from(credential: UserSsoCredential) -> Self {
FILE: warpgate-db-entities/src/Target.rs
type TargetKind (line 9) | pub enum TargetKind {
method from (line 23) | fn from(options: &TargetOptions) -> Self {
type SshAuthKind (line 36) | pub enum SshAuthKind {
type Model (line 46) | pub struct Model {
method to (line 59) | fn to() -> RelationDef {
method via (line 63) | fn via() -> Option<RelationDef> {
type Relation (line 69) | pub enum Relation {
method to (line 79) | fn to() -> RelationDef {
type Error (line 87) | type Error = serde_json::Error;
method try_from (line 89) | fn try_from(model: Model) -> Result<Self, Self::Error> {
FILE: warpgate-db-entities/src/TargetGroup.rs
type BootstrapThemeColor (line 8) | pub enum BootstrapThemeColor {
type Model (line 30) | pub struct Model {
type Relation (line 40) | pub enum Relation {
FILE: warpgate-db-entities/src/TargetRoleAssignment.rs
type Model (line 9) | pub struct Model {
type Relation (line 17) | pub enum Relation {
method def (line 23) | fn def(&self) -> RelationDef {
FILE: warpgate-db-entities/src/Ticket.rs
type Model (line 10) | pub struct Model {
type Relation (line 25) | pub enum Relation {
FILE: warpgate-db-entities/src/User.rs
type Model (line 16) | pub struct Model {
method load_details (line 150) | pub async fn load_details(self, db: &DatabaseConnection) -> Result<Use...
method to (line 30) | fn to() -> RelationDef {
method via (line 34) | fn via() -> Option<RelationDef> {
method to (line 40) | fn to() -> RelationDef {
method via (line 44) | fn via() -> Option<RelationDef> {
method to (line 50) | fn to() -> RelationDef {
method to (line 56) | fn to() -> RelationDef {
method to (line 62) | fn to() -> RelationDef {
method to (line 68) | fn to() -> RelationDef {
method to (line 74) | fn to() -> RelationDef {
method to (line 80) | fn to() -> RelationDef {
type Relation (line 87) | pub enum Relation {
method def (line 98) | fn def(&self) -> RelationDef {
type Error (line 135) | type Error = WarpgateError;
method try_from (line 137) | fn try_from(model: Model) -> Result<Self, WarpgateError> {
type Error (line 206) | type Error = WarpgateError;
method try_from (line 208) | fn try_from(user: User) -> Result<Self, Self::Error> {
FILE: warpgate-db-entities/src/UserAdminRoleAssignment.rs
type Model (line 9) | pub struct Model {
type Relation (line 17) | pub enum Relation {
method def (line 23) | fn def(&self) -> RelationDef {
method to (line 40) | fn to() -> RelationDef {
method to (line 46) | fn to() -> RelationDef {
FILE: warpgate-db-entities/src/UserRoleAssignment.rs
type Model (line 9) | pub struct Model {
type Relation (line 17) | pub enum Relation {
method def (line 23) | fn def(&self) -> RelationDef {
FILE: warpgate-db-migrations/src/lib.rs
type Migrator (line 38) | pub struct Migrator;
method migrations (line 42) | fn migrations() -> Vec<Box<dyn MigrationTrait>> {
function migrate_database (line 80) | pub async fn migrate_database(connection: &DatabaseConnection) -> Result...
FILE: warpgate-db-migrations/src/m00001_create_ticket.rs
type Model (line 10) | pub struct Model {
type Relation (line 22) | pub enum Relation {}
type Migration (line 27) | pub struct Migration;
method name (line 30) | fn name(&self) -> &str {
method up (line 37) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 58) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00002_create_session.rs
type Model (line 12) | pub struct Model {
type Relation (line 24) | pub enum Relation {
method def (line 29) | fn def(&self) -> RelationDef {
method to (line 41) | fn to() -> RelationDef {
type Migration (line 49) | pub struct Migration;
method name (line 52) | fn name(&self) -> &str {
method up (line 59) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 67) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00003_create_recording.rs
type RecordingKind (line 12) | pub enum RecordingKind {
type Model (line 23) | pub struct Model {
type Relation (line 34) | pub enum Relation {
method def (line 39) | fn def(&self) -> RelationDef {
method to (line 51) | fn to() -> RelationDef {
type Migration (line 59) | pub struct Migration;
method name (line 62) | fn name(&self) -> &str {
method up (line 69) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 88) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00004_create_known_host.rs
type Model (line 10) | pub struct Model {
type Relation (line 20) | pub enum Relation {}
type Migration (line 25) | pub struct Migration;
method name (line 28) | fn name(&self) -> &str {
method up (line 35) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 43) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00005_create_log_entry.rs
type Model (line 12) | pub struct Model {
type Relation (line 23) | pub enum Relation {}
type Migration (line 28) | pub struct Migration;
method name (line 31) | fn name(&self) -> &str {
method up (line 38) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 74) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00006_add_session_protocol.rs
type Migration (line 3) | pub struct Migration;
method name (line 6) | fn name(&self) -> &str {
method up (line 15) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 31) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00007_targets_and_roles.rs
type Model (line 10) | pub struct Model {
type Relation (line 17) | pub enum Relation {}
type TargetKind (line 28) | pub enum TargetKind {
type Model (line 41) | pub struct Model {
method to (line 50) | fn to() -> RelationDef {
method via (line 54) | fn via() -> Option<RelationDef> {
type Relation (line 60) | pub enum Relation {}
type Model (line 71) | pub struct Model {
type Relation (line 79) | pub enum Relation {
method def (line 85) | fn def(&self) -> RelationDef {
type Migration (line 102) | pub struct Migration;
method name (line 105) | fn name(&self) -> &str {
method up (line 112) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 127) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00008_users.rs
type Model (line 10) | pub struct Model {
method to (line 19) | fn to() -> RelationDef {
method via (line 23) | fn via() -> Option<RelationDef> {
type Relation (line 29) | pub enum Relation {}
type Model (line 40) | pub struct Model {
type Relation (line 48) | pub enum Relation {
method def (line 54) | fn def(&self) -> RelationDef {
type Migration (line 71) | pub struct Migration;
method name (line 74) | fn name(&self) -> &str {
method up (line 81) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 93) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00009_credential_models.rs
type Model (line 18) | pub struct Model {
type Relation (line 26) | pub enum Relation {
method def (line 31) | fn def(&self) -> RelationDef {
type Model (line 54) | pub struct Model {
type Relation (line 62) | pub enum Relation {
method def (line 67) | fn def(&self) -> RelationDef {
type Model (line 90) | pub struct Model {
type Relation (line 99) | pub enum Relation {
method def (line 104) | fn def(&self) -> RelationDef {
type Model (line 127) | pub struct Model {
type Relation (line 136) | pub enum Relation {
method def (line 141) | fn def(&self) -> RelationDef {
function serialize (line 165) | pub fn serialize<S: Serializer, B: AsRef<[u8]>>(
function deserialize (line 172) | pub fn deserialize<'de, D: serde::Deserializer<'de>, B: From<Vec<u8>>>(
function serialize (line 183) | pub fn serialize<S: Serializer>(
function deserialize (line 190) | pub fn deserialize<'de, D: serde::Deserializer<'de>>(
type UserAuthCredential (line 200) | pub enum UserAuthCredential {
type UserPasswordCredential (line 212) | pub struct UserPasswordCredential {
type UserPublicKeyCredential (line 216) | pub struct UserPublicKeyCredential {
type UserTotpCredential (line 220) | pub struct UserTotpCredential {
type UserSsoCredential (line 225) | pub struct UserSsoCredential {
type Migration (line 231) | pub struct Migration;
method name (line 234) | fn name(&self) -> &str {
method up (line 241) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 322) | async fn down(&self, _manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00010_parameters.rs
type Model (line 10) | pub struct Model {
type Relation (line 19) | pub enum Relation {}
type Migration (line 22) | pub struct Migration;
method name (line 25) | fn name(&self) -> &str {
method up (line 32) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 41) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00011_rsa_key_algos.rs
type Migration (line 7) | pub struct Migration;
method name (line 10) | fn name(&self) -> &str {
method up (line 19) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 42) | async fn down(&self, _manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00012_add_openssh_public_key_label.rs
type Migration (line 3) | pub struct Migration;
method name (line 6) | fn name(&self) -> &str {
method up (line 15) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 31) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00013_add_openssh_public_key_dates.rs
type Migration (line 3) | pub struct Migration;
method name (line 6) | fn name(&self) -> &str {
method up (line 15) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 39) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00014_api_tokens.rs
type Model (line 15) | pub struct Model {
type Relation (line 26) | pub enum Relation {
method def (line 31) | fn def(&self) -> RelationDef {
method to (line 43) | fn to() -> RelationDef {
type Migration (line 51) | pub struct Migration;
method name (line 54) | fn name(&self) -> &str {
method up (line 61) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 70) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00015_fix_public_key_dates.rs
type Migration (line 5) | pub struct Migration;
method name (line 8) | fn name(&self) -> &str {
method up (line 17) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 52) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00016_fix_public_key_length.rs
type Migration (line 5) | pub struct Migration;
method name (line 8) | fn name(&self) -> &str {
method up (line 17) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 32) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00017_descriptions.rs
type Migration (line 4) | pub struct Migration;
method name (line 7) | fn name(&self) -> &str {
type Model (line 22) | pub struct Model {
type Relation (line 31) | pub enum Relation {}
method up (line 38) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 96) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00018_ticket_description.rs
type Migration (line 5) | pub struct Migration;
method name (line 8) | fn name(&self) -> &str {
method up (line 15) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 32) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00019_rate_limits.rs
type Migration (line 3) | pub struct Migration;
method name (line 6) | fn name(&self) -> &str {
method up (line 17) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 58) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00020_target_groups.rs
type BootstrapThemeColor (line 12) | pub enum BootstrapThemeColor {
type Model (line 33) | pub struct Model {
type Relation (line 43) | pub enum Relation {}
type Migration (line 48) | pub struct Migration;
method name (line 51) | fn name(&self) -> &str {
method up (line 58) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 82) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00021_ldap_server.rs
type Model (line 10) | pub struct Model {
type Relation (line 30) | pub enum Relation {}
type Migration (line 35) | pub struct Migration;
method name (line 38) | fn name(&self) -> &str {
method up (line 45) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 54) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00022_user_ldap_link.rs
type Migration (line 3) | pub struct Migration;
type Model (line 11) | pub struct Model {
type Relation (line 25) | pub enum Relation {}
method name (line 31) | fn name(&self) -> &str {
method up (line 38) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 84) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00023_ldap_username_attribute.rs
type Migration (line 5) | pub struct Migration;
method name (line 8) | fn name(&self) -> &str {
method up (line 15) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 32) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00024_ssh_key_attribute.rs
type Migration (line 6) | pub struct Migration;
method up (line 10) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 26) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00025_ldap_uuid_attribute.rs
type Migration (line 6) | pub struct Migration;
method up (line 10) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 26) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00026_ssh_client_auth.rs
type Migration (line 3) | pub struct Migration;
method name (line 6) | fn name(&self) -> &str {
method up (line 15) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 59) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00027_ca.rs
type Model (line 13) | pub struct Model {
type Relation (line 28) | pub enum Relation {}
type Migration (line 32) | pub struct Migration;
method up (line 36) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 93) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00028_certificate_credentials.rs
type Model (line 16) | pub struct Model {
type Relation (line 28) | pub enum Relation {
method def (line 33) | fn def(&self) -> RelationDef {
method to (line 45) | fn to() -> RelationDef {
type Migration (line 54) | pub struct Migration;
method up (line 58) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 68) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00029_certificate_revocation.rs
type Model (line 15) | pub struct Model {
type Relation (line 23) | pub enum Relation {}
type Migration (line 29) | pub struct Migration;
method up (line 33) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 52) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00030_add_recording_metadata.rs
type Migration (line 3) | pub struct Migration;
method name (line 7) | fn name(&self) -> &str {
method up (line 14) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 29) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00031_minimize_password_login.rs
type Migration (line 5) | pub struct Migration;
method name (line 8) | fn name(&self) -> &str {
method up (line 15) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 33) | async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/m00032_admin_roles.rs
type Model (line 15) | pub struct Model {
type Relation (line 41) | pub enum Relation {}
type Model (line 51) | pub struct Model {
type Relation (line 59) | pub enum Relation {
method def (line 65) | fn def(&self) -> RelationDef {
type Migration (line 82) | pub struct Migration;
method name (line 85) | fn name(&self) -> &str {
method up (line 92) | async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
method down (line 199) | async fn down(&self, _manager: &SchemaManager) -> Result<(), DbErr> {
FILE: warpgate-db-migrations/src/main.rs
function main (line 5) | async fn main() {
FILE: warpgate-ldap/src/connection.rs
function connect (line 11) | pub async fn connect(config: &LdapConfig) -> Result<Ldap> {
function test_connection (line 46) | pub async fn test_connection(config: &LdapConfig) -> Result<bool> {
function discover_base_dns (line 60) | pub async fn discover_base_dns(config: &LdapConfig) -> Result<Vec<String...
function build_ldap_url (line 97) | fn build_ldap_url(config: &LdapConfig) -> String {
FILE: warpgate-ldap/src/error.rs
type Result (line 4) | pub type Result<T> = std::result::Result<T, LdapError>;
type LdapError (line 7) | pub enum LdapError {
method from (line 43) | fn from(s: String) -> Self {
FILE: warpgate-ldap/src/queries.rs
function ldap_user_attributes (line 12) | fn ldap_user_attributes(config: &LdapConfig) -> Vec<String> {
function extract_ldap_user (line 42) | fn extract_ldap_user(search_entry: SearchEntry, config: &LdapConfig) -> ...
function list_users (line 119) | pub async fn list_users(config: &LdapConfig) -> Result<Vec<LdapUser>> {
function find_user_by_username (line 166) | pub async fn find_user_by_username(
function find_user_by_filter (line 187) | async fn find_user_by_filter(
function find_user_by_uuid (line 225) | pub async fn find_user_by_uuid(
FILE: warpgate-ldap/src/types.rs
type LdapUsernameAttribute (line 7) | pub enum LdapUsernameAttribute {
method attribute_name (line 16) | pub fn attribute_name(&self) -> &'static str {
type Error (line 28) | type Error = ();
method try_from (line 30) | fn try_from(value: &str) -> Result<Self, Self::Error> {
type LdapConfig (line 43) | pub struct LdapConfig {
type LdapUser (line 58) | pub struct LdapUser {
FILE: warpgate-protocol-http/src/api/api_tokens.rs
type Api (line 16) | pub struct Api;
method api_get_api_tokens (line 83) | async fn api_get_api_tokens(
method api_create_api_token (line 107) | async fn api_create_api_token(
method api_delete_api_token (line 144) | async fn api_delete_api_token(
type GetApiTokensResponse (line 19) | enum GetApiTokensResponse {
type NewApiToken (line 27) | struct NewApiToken {
type ExistingApiToken (line 33) | struct ExistingApiToken {
method from (line 41) | fn from(token: ApiToken::Model) -> Self {
type TokenAndSecret (line 52) | struct TokenAndSecret {
type CreateApiTokenResponse (line 58) | enum CreateApiTokenResponse {
type DeleteApiTokenResponse (line 66) | enum DeleteApiTokenResponse {
FILE: warpgate-protocol-http/src/api/auth.rs
type Api (line 27) | pub struct Api;
method api_auth_login (line 137) | async fn api_auth_login(
method api_auth_otp_login (line 188) | async fn api_auth_otp_login(
method api_auth_logout (line 233) | async fn api_auth_logout(
method api_default_auth_state (line 247) | async fn api_default_auth_state(
method api_cancel_default_auth (line 271) | async fn api_cancel_default_auth(
method get_web_auth_requests (line 300) | async fn get_web_auth_requests(
method api_auth_state (line 330) | async fn api_auth_state(
method api_approve_auth (line 352) | async fn api_approve_auth(
method api_reject_auth (line 385) | async fn api_reject_auth(
type LoginRequest (line 30) | struct LoginRequest {
type OtpLoginRequest (line 36) | struct OtpLoginRequest {
type ApiAuthState (line 41) | enum ApiAuthState {
method from (line 107) | fn from(state: AuthResult) -> Self {
type LoginFailureResponse (line 53) | struct LoginFailureResponse {
type LoginResponse (line 58) | enum LoginResponse {
type LogoutResponse (line 67) | enum LogoutResponse {
type AuthStateResponseInternal (line 73) | struct AuthStateResponseInternal {
type AuthStateListResponse (line 83) | enum AuthStateListResponse {
type AuthStateResponse (line 91) | enum AuthStateResponse {
constant PREFERRED_NEED_CRED_ORDER (line 98) | const PREFERRED_NEED_CRED_ORDER: &[CredentialKind] = &[
function get_auth_state (line 404) | async fn get_auth_state(
function serialize_auth_state_inner (line 426) | async fn serialize_auth_state_inner(
function api_get_web_auth_requests_stream (line 453) | pub async fn api_get_web_auth_requests_stream(
FILE: warpgate-protocol-http/src/api/common.rs
function logout (line 10) | pub fn logout(session: &Session, session_middleware: &mut SessionStore) {
function get_user (line 16) | pub async fn get_user(
FILE: warpgate-protocol-http/src/api/credentials.rs
type Api (line 20) | pub struct Api;
method api_get_credentials_state (line 243) | async fn api_get_credentials_state(
method api_change_password (line 301) | async fn api_change_password(
method api_create_pk (line 349) | async fn api_create_pk(
method api_delete_pk (line 385) | async fn api_delete_pk(
method api_create_otp (line 417) | async fn api_create_otp(
method api_delete_otp (line 461) | async fn api_delete_otp(
method api_issue_certificate (line 493) | async fn api_issue_certificate(
method api_revoke_certificate (line 544) | async fn api_revoke_certificate(
type PasswordState (line 23) | enum PasswordState {
type ExistingSsoCredential (line 30) | struct ExistingSsoCredential {
method from (line 37) | fn from(credential: entities::SsoCredential::Model) -> Self {
type ChangePasswordRequest (line 47) | struct ChangePasswordRequest {
type ChangePasswordResponse (line 52) | enum ChangePasswordResponse {
type CredentialsState (line 60) | pub struct CredentialsState {
type CredentialsStateResponse (line 72) | enum CredentialsStateResponse {
type NewPublicKeyCredential (line 80) | struct NewPublicKeyCredential {
type ExistingPublicKeyCredential (line 86) | struct ExistingPublicKeyCredential {
method from (line 108) | fn from(credential: entities::PublicKeyCredential::Model) -> Self {
function abbreviate_public_key (line 94) | fn abbreviate_public_key(k: &str) -> String {
type CreatePublicKeyCredentialResponse (line 119) | enum CreatePublicKeyCredentialResponse {
type DeleteCredentialResponse (line 127) | enum DeleteCredentialResponse {
type NewOtpCredential (line 137) | struct NewOtpCredential {
type ExistingOtpCredential (line 142) | struct ExistingOtpCredential {
method from (line 147) | fn from(credential: entities::OtpCredential::Model) -> Self {
type CreateOtpCredentialResponse (line 153) | enum CreateOtpCredentialResponse {
type ExistingCertificateCredential (line 161) | struct ExistingCertificateCredential {
method from (line 176) | fn from(credential: entities::CertificateCredential::Model) -> Self {
function certificate_fingerprint (line 169) | fn certificate_fingerprint(certificate_pem: &str) -> Result<String, Warp...
type IssuedCertificateCredential (line 189) | struct IssuedCertificateCredential {
type IssueCertificateCredentialRequest (line 195) | struct IssueCertificateCredentialRequest {
type IssueCertificateCredentialResponse (line 201) | enum IssueCertificateCredentialResponse {
type DeleteCertificateCredentialResponse (line 209) | enum DeleteCertificateCredentialResponse {
function parameters_based_auth (line 218) | pub fn parameters_based_auth<E: Endpoint + 'static>(e: E) -> impl Endpoi...
FILE: warpgate-protocol-http/src/api/info.rs
type Api (line 17) | pub struct Api;
method api_get_info (line 92) | async fn api_get_info(
type PortsInfo (line 20) | pub struct PortsInfo {
type SetupState (line 29) | pub struct SetupState {
method completed (line 35) | pub fn completed(&self) -> bool {
type AdminPermissions (line 41) | pub struct AdminPermissions {
type Info (line 68) | pub struct Info {
type InstanceInfoResponse (line 84) | enum InstanceInfoResponse {
FILE: warpgate-protocol-http/src/api/mod.rs
function get (line 14) | pub fn get() -> impl OpenApi {
FILE: warpgate-protocol-http/src/api/sso_provider_detail.rs
type Api (line 13) | pub struct Api;
method api_start_sso (line 47) | async fn api_start_sso(
type StartSsoResponseParams (line 16) | struct StartSsoResponseParams {
type StartSsoResponse (line 22) | enum StartSsoResponse {
type SsoContext (line 32) | pub struct SsoContext {
FILE: warpgate-protocol-http/src/api/sso_provider_list.rs
type Api (line 25) | pub struct Api;
method api_get_all_sso_providers (line 95) | async fn api_get_all_sso_providers(
method api_return_to_sso_get (line 119) | async fn api_return_to_sso_get(
method api_return_to_sso_post (line 139) | async fn api_return_to_sso_post(
method api_return_to_sso_get_common (line 167) | async fn api_return_to_sso_get_common(
method api_start_slo (line 340) | async fn api_start_slo(
type SsoProviderKind (line 28) | pub enum SsoProviderKind {
type SsoProviderDescription (line 36) | pub struct SsoProviderDescription {
type GetSsoProvidersResponse (line 43) | enum GetSsoProvidersResponse {
type ReturnToSsoResponse (line 50) | enum ReturnToSsoResponse {
type ReturnToSsoPostResponse (line 57) | enum ReturnToSsoPostResponse {
type ReturnToSsoFormData (line 63) | pub struct ReturnToSsoFormData {
type StartSloResponseParams (line 68) | struct StartSloResponseParams {
type StartSloResponse (line 74) | enum StartSloResponse {
function make_redirect_url (line 83) | fn make_redirect_url(err: &str) -> String {
FILE: warpgate-protocol-http/src/api/targets_list.rs
type Api (line 21) | pub struct Api;
method api_get_all_targets (line 54) | async fn api_get_all_targets(
type GroupInfo (line 24) | pub struct GroupInfo {
type TargetSnapshot (line 31) | pub struct TargetSnapshot {
type GetTargetsResponse (line 41) | enum GetTargetsResponse {
FILE: warpgate-protocol-http/src/catchall.rs
type QueryParams (line 21) | struct QueryParams {
function target_select_redirect (line 26) | pub fn target_select_redirect() -> Response {
function catchall_endpoint (line 31) | pub async fn catchall_endpoint(
function get_target_for_request (line 64) | async fn get_target_for_request(
FILE: warpgate-protocol-http/src/common.rs
constant PROTOCOL_NAME (line 28) | pub const PROTOCOL_NAME: ProtocolName = "HTTP";
function is_localhost_host (line 37) | pub fn is_localhost_host(host: &str) -> bool {
type SsoLoginState (line 42) | pub struct SsoLoginState {
type SessionExt (line 48) | pub trait SessionExt {
method get_target_name (line 49) | fn get_target_name(&self) -> Option<String>;
method set_target_name (line 50) | fn set_target_name(&self, target_name: String);
method get_username (line 51) | fn get_username(&self) -> Option<String>;
method get_auth (line 52) | fn get_auth(&self) -> Option<SessionAuthorization>;
method set_auth (line 53) | fn set_auth(&self, auth: SessionAuthorization);
method get_auth_state_id (line 54) | fn get_auth_state_id(&self) -> Option<AuthStateId>;
method clear_auth_state (line 55) | fn clear_auth_state(&self);
method get_sso_login_state (line 57) | fn get_sso_login_state(&self) -> Option<SsoLoginState>;
method set_sso_login_state (line 58) | fn set_sso_login_state(&self, token: SsoLoginState);
method get_target_name (line 62) | fn get_target_name(&self) -> Option<String> {
method set_target_name (line 66) | fn set_target_name(&self, target_name: String) {
method get_username (line 70) | fn get_username(&self) -> Option<String> {
method get_auth (line 74) | fn get_auth(&self) -> Option<SessionAuthorization> {
method set_auth (line 78) | fn set_auth(&self, auth: SessionAuthorization) {
method get_auth_state_id (line 82) | fn get_auth_state_id(&self) -> Option<AuthStateId> {
method clear_auth_state (line 86) | fn clear_auth_state(&self) {
method get_sso_login_state (line 90) | fn get_sso_login_state(&self) -> Option<SsoLoginState> {
method set_sso_login_state (line 95) | fn set_sso_login_state(&self, state: SsoLoginState) {
type AuthStateId (line 103) | pub struct AuthStateId(pub Uuid);
function is_user_admin (line 105) | pub async fn is_user_admin(ctx: &AuthenticatedRequestContext) -> poem::R...
function _inner_auth (line 141) | pub async fn _inner_auth<E: Endpoint + 'static>(
function endpoint_auth (line 153) | pub fn endpoint_auth<E: Endpoint + 'static>(e: E) -> impl Endpoint<Outpu...
function page_auth (line 161) | pub fn page_auth<E: Endpoint + 'static>(e: E) -> impl Endpoint {
function gateway_redirect (line 171) | pub fn gateway_redirect(req: &Request) -> Response {
function get_auth_state_for_request (line 186) | pub async fn get_auth_state_for_request(
function authorize_session (line 222) | pub async fn authorize_session(
function inject_request_authorization (line 250) | pub async fn inject_request_authorization<E: Endpoint + 'static>(
FILE: warpgate-protocol-http/src/error.rs
function error_page (line 5) | pub fn error_page(e: poem::Error) -> impl IntoResponse {
FILE: warpgate-protocol-http/src/lib.rs
type HTTPProtocolServer (line 47) | pub struct HTTPProtocolServer {
method new (line 52) | pub async fn new(services: &Services) -> Result<Self> {
function make_session_storage (line 59) | fn make_session_storage() -> SharedSessionStorage {
function load_certificate_and_key (line 63) | async fn load_certificate_and_key<R: IntoTlsCertificateRelativePaths>(
function make_rustls_config (line 77) | async fn make_rustls_config(
method run (line 105) | async fn run(self, address: ListenEndpoint) -> Result<()> {
method name (line 303) | fn name(&self) -> &'static str {
method fmt (line 309) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-protocol-http/src/main.rs
function main (line 7) | pub fn main() {
FILE: warpgate-protocol-http/src/middleware/cookie_host.rs
type CookieHostMiddleware (line 8) | pub struct CookieHostMiddleware {
method new (line 16) | pub fn new(base_domain: Option<String>) -> Self {
type Output (line 27) | type Output = CookieHostMiddlewareEndpoint<E>;
method transform (line 29) | fn transform(&self, inner: E) -> Self::Output {
type CookieHostMiddlewareEndpoint (line 21) | pub struct CookieHostMiddlewareEndpoint<E: Endpoint> {
type Output (line 38) | type Output = Response;
method call (line 40) | async fn call(&self, req: Request) -> poem::Result<Self::Output> {
FILE: warpgate-protocol-http/src/middleware/ticket.rs
type TicketMiddleware (line 12) | pub struct TicketMiddleware {}
method new (line 15) | pub fn new() -> Self {
type Output (line 25) | type Output = TicketMiddlewareEndpoint<E>;
method transform (line 27) | fn transform(&self, inner: E) -> Self::Output {
type TicketMiddlewareEndpoint (line 20) | pub struct TicketMiddlewareEndpoint<E: Endpoint> {
type QueryParams (line 33) | struct QueryParams {
type Output (line 39) | type Output = E::Output;
method call (line 41) | async fn call(&self, req: Request) -> poem::Result<Self::Output> {
FILE: warpgate-protocol-http/src/proxy.rs
type SomeResponse (line 34) | trait SomeResponse {
method status (line 35) | fn status(&self) -> http::StatusCode;
method headers (line 36) | fn headers(&self) -> &http::HeaderMap;
type SomeRequestBuilder (line 57) | trait SomeRequestBuilder {
method header (line 58) | fn header<K: Into<HeaderName>, V>(self, k: K, v: V) -> Self
method header (line 65) | fn header<K: Into<HeaderName>, V>(self, k: K, v: V) -> Self
method header (line 75) | fn header<K: Into<HeaderName>, V>(self, k: K, v: V) -> Self
function construct_uri (line 84) | fn construct_uri(req: &Request, options: &TargetHTTPOptions, websocket: ...
function copy_client_response (line 125) | fn copy_client_response<R: SomeResponse>(
function rewrite_request (line 142) | fn rewrite_request<B: SomeRequestBuilder>(mut req: B, options: &TargetHT...
function rewrite_response (line 151) | fn rewrite_response(
function copy_server_request (line 194) | fn copy_server_request<B: SomeRequestBuilder>(req: &Request, mut target:...
function inject_forwarding_headers (line 213) | fn inject_forwarding_headers<B: SomeRequestBuilder>(req: &Request, mut t...
function inject_own_headers (line 228) | async fn inject_own_headers<B: SomeRequestBuilder>(req: &Request, mut ta...
function proxy_normal_request (line 242) | pub async fn proxy_normal_request(
function copy_client_body (line 320) | async fn copy_client_body(
function copy_client_body_and_embed (line 339) | async fn copy_client_body_and_embed(
function proxy_websocket_request (line 374) | pub async fn proxy_websocket_request(
function extract_basic_auth (line 389) | fn extract_basic_auth(uri: Uri) -> anyhow::Result<(Option<HeaderValue>, ...
function proxy_ws_inner (line 418) | async fn proxy_ws_inner(
FILE: warpgate-protocol-http/src/session.rs
type SharedSessionStorage (line 19) | pub struct SharedSessionStorage(pub Arc<Mutex<Box<MemoryStorage>>>);
method load_session (line 24) | async fn load_session<'a>(
method update_session (line 40) | async fn update_session<'a>(
method remove_session (line 54) | async fn remove_session<'a>(&'a self, session_id: &'a str) -> poem::Resu...
type SessionStore (line 59) | pub struct SessionStore {
method new (line 69) | pub fn new() -> Arc<Mutex<Self>> {
method process_request (line 79) | pub async fn process_request(&mut self, req: Request) -> poem::Result<...
method create_handle_for (line 95) | pub async fn create_handle_for(
method handle_for (line 155) | pub fn handle_for(&self, session: &Session) -> Option<Arc<Mutex<Warpga...
method remove_session (line 161) | pub fn remove_session(&mut self, session: &Session) {
method vacuum (line 168) | pub async fn vacuum(&mut self, session_max_age: Duration) {
FILE: warpgate-protocol-http/src/session_handle.rs
type SessionHandleCommand (line 14) | pub enum SessionHandleCommand {
type HttpSessionHandle (line 18) | pub struct HttpSessionHandle {
method new (line 23) | pub fn new() -> (Self, mpsc::UnboundedReceiver<SessionHandleCommand>) {
method close (line 30) | fn close(&mut self) {
function warpgate_server_handle_for_request (line 35) | pub async fn warpgate_server_handle_for_request(
FILE: warpgate-protocol-kubernetes/src/correlator.rs
type CorrelationKey (line 14) | type CorrelationKey = (String, String, Option<String>);
type RequestCorrelator (line 16) | pub struct RequestCorrelator {
method new (line 22) | pub fn new(services: &Services) -> Arc<Mutex<Self>> {
method session_for_request (line 31) | pub async fn session_for_request(
method correlation_key_for_request (line 61) | async fn correlation_key_for_request(
method vacuum (line 72) | pub async fn vacuum(&mut self) {
method spawn_vacuum_task (line 87) | fn spawn_vacuum_task(this: Arc<Mutex<Self>>) {
FILE: warpgate-protocol-kubernetes/src/lib.rs
type KubernetesProtocolServer (line 16) | pub struct KubernetesProtocolServer {
method new (line 21) | pub async fn new(services: &Services) -> Result<Self> {
method run (line 29) | async fn run(self, address: ListenEndpoint) -> Result<()> {
method name (line 33) | fn name(&self) -> &'static str {
method fmt (line 39) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-protocol-kubernetes/src/recording.rs
type KubernetesRecordingItemApiObject (line 18) | pub struct KubernetesRecordingItemApiObject {
method from (line 40) | fn from(item: KubernetesRecordingItem) -> Self {
type KubernetesRecordingItem (line 28) | pub struct KubernetesRecordingItem {
type KubernetesRecorder (line 56) | pub struct KubernetesRecorder {
method write_item (line 61) | async fn write_item(
method record_response (line 72) | pub async fn record_response(
method kind (line 95) | fn kind() -> RecordingKind {
method new (line 99) | fn new(writer: RecordingWriter) -> Self {
type SessionRecordingMetadata (line 108) | pub enum SessionRecordingMetadata {
function start_recording_api (line 126) | pub async fn start_recording_api(
function start_recording_exec (line 141) | pub async fn start_recording_exec(
function deduce_exec_recording_metadata (line 153) | pub fn deduce_exec_recording_metadata(target_url: &Url) -> Option<Sessio...
FILE: warpgate-protocol-kubernetes/src/server/auth.rs
function authenticate_and_get_target (line 13) | pub async fn authenticate_and_get_target(
function create_authenticated_client (line 116) | pub fn create_authenticated_client(
function validate_client_certificate (line 173) | pub async fn validate_client_certificate(
function der_to_pem (line 229) | fn der_to_pem(der_bytes: &[u8]) -> Result<String, anyhow::Error> {
function normalize_certificate_pem (line 246) | fn normalize_certificate_pem(pem: &str) -> String {
FILE: warpgate-protocol-kubernetes/src/server/client_certs.rs
type AcceptAnyClientCert (line 15) | pub struct AcceptAnyClientCert;
method offer_client_auth (line 18) | fn offer_client_auth(&self) -> bool {
method client_auth_mandatory (line 22) | fn client_auth_mandatory(&self) -> bool {
method verify_client_cert (line 26) | fn verify_client_cert(
method verify_tls12_signature (line 37) | fn verify_tls12_signature(
method verify_tls13_signature (line 46) | fn verify_tls13_signature(
method supported_verify_schemes (line 55) | fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
method root_hint_subjects (line 72) | fn root_hint_subjects(&self) -> &[rustls::DistinguishedName] {
type CertificateCapturingAcceptor (line 78) | pub struct CertificateCapturingAcceptor<T> {
function new (line 84) | pub fn new(inner: T, server_config: ServerConfig) -> Self {
type Io (line 96) | type Io = TlsStream<T::Io>;
method local_addr (line 98) | fn local_addr(&self) -> Vec<LocalAddr> {
method accept (line 102) | async fn accept(
function extract_peer_certificates (line 137) | fn extract_peer_certificates<T>(tls_stream: &TlsStream<T>) -> Option<Vec...
type ClientCertificate (line 155) | pub struct ClientCertificate {
type CertificateExtractorMiddleware (line 160) | pub struct CertificateExtractorMiddleware;
type Output (line 166) | type Output = CertificateExtractorEndpoint<E>;
method transform (line 168) | fn transform(&self, ep: E) -> Self::Output {
type CertificateExtractorEndpoint (line 174) | pub struct CertificateExtractorEndpoint<E> {
type Output (line 182) | type Output = E::Output;
function call (line 183) | async fn call(&self, mut req: poem::Request) -> poem::Result<Self::Outpu...
type RequestCertificateExt (line 220) | pub trait RequestCertificateExt {
method client_certificate (line 222) | fn client_certificate(&self) -> Option<&ClientCertificate>;
method client_certificate (line 226) | fn client_certificate(&self) -> Option<&ClientCertificate> {
FILE: warpgate-protocol-kubernetes/src/server/handlers.rs
function construct_target_url (line 30) | fn construct_target_url(
function handle_api_request (line 48) | pub async fn handle_api_request(
function _handle_normal_request_inner (line 136) | async fn _handle_normal_request_inner(
function run_websocket_recording (line 330) | async fn run_websocket_recording(mut recorder: TerminalRecorder, mut rx:...
function _handle_websocket_request_inner (line 373) | async fn _handle_websocket_request_inner(
FILE: warpgate-protocol-kubernetes/src/server/mod.rs
function run_server (line 25) | pub async fn run_server(services: Services, address: ListenEndpoint) -> ...
FILE: warpgate-protocol-kubernetes/src/session_handle.rs
type KubernetesSessionHandle (line 3) | pub struct KubernetesSessionHandle;
method close (line 6) | fn close(&mut self) {
FILE: warpgate-protocol-mysql/src/client.rs
type MySqlClient (line 20) | pub struct MySqlClient {
method connect (line 57) | pub async fn connect(
type ConnectionOptions (line 25) | pub struct ConnectionOptions {
method default (line 33) | fn default() -> Self {
FILE: warpgate-protocol-mysql/src/common.rs
constant PROTOCOL_NAME (line 4) | pub const PROTOCOL_NAME: ProtocolName = "MySQL";
function compute_auth_challenge_response (line 6) | pub fn compute_auth_challenge_response(
FILE: warpgate-protocol-mysql/src/error.rs
type MySqlError (line 10) | pub enum MySqlError {
method other (line 40) | pub fn other<E: Error + Send + Sync + 'static>(err: E) -> Self {
method decode (line 44) | pub fn decode(err: SqlxError) -> Self {
FILE: warpgate-protocol-mysql/src/lib.rs
type MySQLProtocolServer (line 24) | pub struct MySQLProtocolServer {
method new (line 29) | pub async fn new(services: &Services) -> Result<Self> {
method run (line 37) | async fn run(self, address: ListenEndpoint) -> Result<()> {
method name (line 120) | fn name(&self) -> &'static str {
method fmt (line 126) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-protocol-mysql/src/session.rs
type MySqlSession (line 33) | pub struct MySqlSession<S: AsyncRead + AsyncWrite + Send + Unpin> {
function new (line 47) | pub async fn new(
function make_logging_span (line 82) | pub fn make_logging_span(&self) -> tracing::Span {
function run (line 92) | pub async fn run(mut self) -> Result<(), MySqlError> {
function send_error (line 155) | async fn send_error(&mut self, code: u16, message: &str) -> Result<(), M...
function run_authorization (line 168) | pub async fn run_authorization(
function run_authorized (line 270) | async fn run_authorized(
function run_authorized_inner (line 326) | async fn run_authorized_inner(
function passthrough_until_result (line 427) | async fn passthrough_until_result(
FILE: warpgate-protocol-mysql/src/session_handle.rs
type MySqlSessionHandle (line 4) | pub struct MySqlSessionHandle {
method new (line 9) | pub fn new() -> (Self, mpsc::UnboundedReceiver<()>) {
method close (line 16) | fn close(&mut self) {
FILE: warpgate-protocol-mysql/src/stream.rs
type MySqlStreamError (line 10) | pub enum MySqlStreamError {
type MySqlStream (line 17) | pub struct MySqlStream<S, TS>
function new (line 35) | pub fn new(stream: S) -> Self {
function push (line 44) | pub fn push<'a, C, P: Encode<'a, C>>(
function flush (line 55) | pub async fn flush(&mut self) -> std::io::Result<()> {
function recv (line 63) | pub async fn recv(&mut self) -> Result<Option<Bytes>, MySqlStreamError> {
function reset_sequence_id (line 81) | pub fn reset_sequence_id(&mut self) {
function upgrade (line 85) | pub async fn upgrade(
function is_tls (line 93) | pub fn is_tls(&self) -> bool {
FILE: warpgate-protocol-postgres/src/client.rs
type PostgresClient (line 18) | pub struct PostgresClient {
method connect (line 56) | pub async fn connect(
method run_sasl_auth (line 190) | async fn run_sasl_auth(
method recv (line 266) | pub async fn recv(&mut self) -> Result<Option<PgWireGenericBackendMess...
method send (line 273) | pub async fn send<M: PostgresEncode + Debug>(
type ConnectionOptions (line 22) | pub struct ConnectionOptions {
method default (line 29) | fn default() -> Self {
type SaslBufferWriter (line 38) | struct SaslBufferWriter<'a>(&'a mut Option<Vec<u8>>);
method write (line 41) | fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
method flush (line 50) | fn flush(&mut self) -> std::io::Result<()> {
FILE: warpgate-protocol-postgres/src/common.rs
constant PROTOCOL_NAME (line 3) | pub const PROTOCOL_NAME: ProtocolName = "PostgreSQL";
FILE: warpgate-protocol-postgres/src/error.rs
type PostgresError (line 13) | pub enum PostgresError {
method other (line 49) | pub fn other<E: Error + Send + Sync + 'static>(err: E) -> Self {
method from (line 55) | fn from(e: ErrorResponse) -> Self {
FILE: warpgate-protocol-postgres/src/lib.rs
type PostgresProtocolServer (line 26) | pub struct PostgresProtocolServer {
method new (line 31) | pub async fn new(services: &Services) -> Result<Self> {
method run (line 39) | async fn run(self, address: ListenEndpoint) -> Result<()> {
method name (line 135) | fn name(&self) -> &'static str {
method fmt (line 141) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-protocol-postgres/src/session.rs
type PostgresSession (line 26) | pub struct PostgresSession<S: AsyncRead + AsyncWrite + Send + Unpin> {
function new (line 38) | pub async fn new(
function make_logging_span (line 59) | pub fn make_logging_span(&self) -> tracing::Span {
function run (line 69) | pub async fn run(mut self) -> Result<(), PostgresError> {
function run_authorization (line 102) | pub async fn run_authorization(
function run_authorized (line 296) | async fn run_authorized(
function send_error_response (line 339) | async fn send_error_response(
function run_authorized_inner (line 351) | async fn run_authorized_inner(
function maybe_log_client_msg (line 477) | fn maybe_log_client_msg(&self, msg: &PgWireFrontendMessage) {
function maybe_log_server_msg (line 493) | fn maybe_log_server_msg(&self, msg: &PgWireBackendMessage) {
FILE: warpgate-protocol-postgres/src/session_handle.rs
type PostgresSessionHandle (line 4) | pub struct PostgresSessionHandle {
method new (line 9) | pub fn new() -> (Self, mpsc::UnboundedReceiver<()>) {
method close (line 16) | fn close(&mut self) {
FILE: warpgate-protocol-postgres/src/stream.rs
type PostgresStreamError (line 11) | pub enum PostgresStreamError {
type PostgresEncode (line 18) | pub(crate) trait PostgresEncode {
method encode (line 19) | fn encode(&self, buf: &mut BytesMut) -> PgWireResult<()>
method encode (line 70) | fn encode(&self, buf: &mut BytesMut) -> PgWireResult<()> {
method encode (line 76) | fn encode(&self, buf: &mut BytesMut) -> PgWireResult<()> {
method encode (line 82) | fn encode(&self, buf: &mut BytesMut) -> PgWireResult<()> {
type PostgresDecode (line 24) | pub(crate) trait PostgresDecode {
method decode (line 25) | fn decode(buf: &mut BytesMut) -> PgWireResult<Option<Self>>
method decode (line 37) | fn decode(buf: &mut BytesMut) -> PgWireResult<Option<Self>> {
method decode (line 52) | fn decode(buf: &mut BytesMut) -> PgWireResult<Option<Self>> {
method decode (line 58) | fn decode(buf: &mut BytesMut) -> PgWireResult<Option<Self>> {
method decode (line 64) | fn decode(buf: &mut BytesMut) -> PgWireResult<Option<Self>> {
type PgWireStartupOrSslRequest (line 31) | pub(crate) enum PgWireStartupOrSslRequest {
type PgWireGenericFrontendMessage (line 46) | pub(crate) struct PgWireGenericFrontendMessage(pub PgWireFrontendMessage);
type PgWireGenericBackendMessage (line 49) | pub(crate) struct PgWireGenericBackendMessage(pub PgWireBackendMessage);
type PostgresStream (line 87) | pub(crate) struct PostgresStream<S, TS>
function new (line 104) | pub fn new(stream: S) -> Self {
function push (line 112) | pub fn push<M: PostgresEncode + Debug>(
function flush (line 121) | pub async fn flush(&mut self) -> std::io::Result<()> {
function recv (line 128) | pub(crate) async fn recv<T: PostgresDecode + Debug>(
function upgrade (line 144) | pub(crate) async fn upgrade(
FILE: warpgate-protocol-ssh/src/client/channel_direct_tcpip.rs
type DirectTCPIPChannel (line 13) | pub struct DirectTCPIPChannel {
method new (line 22) | pub fn new(
method run (line 38) | pub async fn run(mut self) -> Result<(), SshClientError> {
method drop (line 90) | fn drop(&mut self) {
FILE: warpgate-protocol-ssh/src/client/channel_session.rs
type SessionChannel (line 13) | pub struct SessionChannel {
method new (line 23) | pub fn new(
method run (line 40) | pub async fn run(mut self) -> Result<(), SshClientError> {
method close (line 167) | fn close(&mut self) -> Result<(), SshClientError> {
method drop (line 180) | fn drop(&mut self) {
FILE: warpgate-protocol-ssh/src/client/error.rs
type SshClientError (line 6) | pub enum SshClientError {
method other (line 18) | pub fn other<E: Error + Send + Sync + 'static>(err: E) -> Self {
FILE: warpgate-protocol-ssh/src/client/handler.rs
type ClientHandlerEvent (line 14) | pub enum ClientHandlerEvent {
type ClientHandler (line 24) | pub struct ClientHandler {
type Error (line 44) | type Error = ClientHandlerError;
method check_server_key (line 46) | async fn check_server_key(
method server_channel_open_forwarded_tcpip (line 113) | async fn server_channel_open_forwarded_tcpip(
method server_channel_open_x11 (line 136) | async fn server_channel_open_x11(
method server_channel_open_forwarded_streamlocal (line 152) | async fn server_channel_open_forwarded_streamlocal(
method server_channel_open_agent_forward (line 166) | async fn server_channel_open_agent_forward(
type ClientHandlerError (line 32) | pub enum ClientHandlerError {
method drop (line 179) | fn drop(&mut self) {
FILE: warpgate-protocol-ssh/src/client/mod.rs
type ConnectionError (line 35) | pub enum ConnectionError {
type RCEvent (line 67) | pub enum RCEvent {
type RCCommandReply (line 99) | pub type RCCommandReply = oneshot::Sender<Result<(), SshClientError>>;
type RCCommand (line 102) | pub enum RCCommand {
type RCState (line 113) | pub enum RCState {
type InnerEvent (line 121) | enum InnerEvent {
type RemoteClient (line 126) | pub struct RemoteClient {
method create (line 149) | pub fn create(id: SessionId, services: Services) -> io::Result<RemoteC...
method set_disconnected (line 193) | fn set_disconnected(&mut self) {
method set_state (line 207) | fn set_state(&mut self, state: RCState) -> Result<(), SshClientError> {
method apply_channel_op (line 229) | async fn apply_channel_op(
method start (line 264) | pub fn start(mut self) -> io::Result<JoinHandle<anyhow::Result<()>>> {
method handle_event (line 300) | async fn handle_event(&mut self, event: InnerEvent) -> Result<bool> {
method setup_server_initiated_channel (line 347) | async fn setup_server_initiated_channel(
method handle_command (line 367) | async fn handle_command(&mut self, cmd: RCCommand) -> Result<bool, Ssh...
method connect (line 426) | async fn connect(&mut self, ssh_options: TargetSSHOptions) -> Result<(...
method _handle_auth_result (line 670) | async fn _handle_auth_result(
method open_shell (line 738) | async fn open_shell(&mut self, channel_id: Uuid) -> Result<(), SshClie...
method open_direct_tcpip (line 757) | async fn open_direct_tcpip(
method open_direct_streamlocal (line 788) | async fn open_direct_streamlocal(
method tcpip_forward (line 812) | async fn tcpip_forward(&mut self, address: String, port: u32) -> Resul...
method cancel_tcpip_forward (line 822) | async fn cancel_tcpip_forward(
method streamlocal_forward (line 837) | async fn streamlocal_forward(&mut self, socket_path: String) -> Result...
method cancel_streamlocal_forward (line 847) | async fn cancel_streamlocal_forward(
method disconnect (line 861) | async fn disconnect(&mut self) {
method _on_disconnect (line 872) | async fn _on_disconnect(&mut self) -> Result<()> {
type RemoteClientHandles (line 142) | pub struct RemoteClientHandles {
method drop (line 879) | fn drop(&mut self) {
FILE: warpgate-protocol-ssh/src/common.rs
type PtyRequest (line 8) | pub struct PtyRequest {
type ServerChannelId (line 18) | pub struct ServerChannelId(pub ChannelId);
method fmt (line 21) | fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
type DirectTCPIPParams (line 27) | pub struct DirectTCPIPParams {
type ForwardedTcpIpParams (line 35) | pub struct ForwardedTcpIpParams {
type ForwardedStreamlocalParams (line 43) | pub struct ForwardedStreamlocalParams {
type X11Request (line 48) | pub struct X11Request {
type ChannelOperation (line 56) | pub enum ChannelOperation {
type SshRecordingMetadata (line 78) | pub enum SshRecordingMetadata {
FILE: warpgate-protocol-ssh/src/compat.rs
type ContextExt (line 3) | pub trait ContextExt<T, C> {
method context (line 4) | fn context(self, context: C) -> anyhow::Result<T>;
function context (line 11) | fn context(self, context: C) -> anyhow::Result<T> {
FILE: warpgate-protocol-ssh/src/keys.rs
function get_keys_path (line 11) | fn get_keys_path(config: &WarpgateConfig, params: &GlobalParams) -> Path...
function generate_keys (line 17) | pub fn generate_keys(config: &WarpgateConfig, params: &GlobalParams, pre...
function load_keys (line 49) | pub fn load_keys(
FILE: warpgate-protocol-ssh/src/known_hosts.rs
type KnownHosts (line 9) | pub struct KnownHosts {
method new (line 23) | pub fn new(db: &Arc<Mutex<DatabaseConnection>>) -> Self {
method validate (line 27) | pub async fn validate(
method trust (line 54) | pub async fn trust(
type KnownHostValidationResult (line 13) | pub enum KnownHostValidationResult {
FILE: warpgate-protocol-ssh/src/lib.rs
type SSHProtocolServer (line 20) | pub struct SSHProtocolServer {
method new (line 25) | pub async fn new(services: &Services) -> Result<Self> {
method run (line 36) | async fn run(self, address: ListenEndpoint) -> Result<()> {
method name (line 40) | fn name(&self) -> &'static str {
method fmt (line 46) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-protocol-ssh/src/server/channel_writer.rs
type ChannelWriteOperation (line 6) | enum ChannelWriteOperation {
type ChannelWriter (line 13) | pub struct ChannelWriter {
method new (line 18) | pub fn new() -> Self {
method write (line 38) | pub fn write<D: Into<Vec<u8>>>(&self, handle: Handle, channel: Channel...
method write_extended (line 44) | pub fn write_extended<D: Into<Vec<u8>>>(
method flush (line 60) | pub async fn flush(&self) -> Result<(), Box<dyn std::error::Error + Se...
FILE: warpgate-protocol-ssh/src/server/mod.rs
type RusshConfigInit (line 28) | struct RusshConfigInit {
function run_server (line 32) | pub async fn run_server(services: Services, address: ListenEndpoint) -> ...
function _handle_connection (line 57) | async fn _handle_connection(
function _run_stream (line 144) | async fn _run_stream<R>(
function get_allowed_auth_methods (line 166) | pub(crate) async fn get_allowed_auth_methods(services: &Services) -> Res...
FILE: warpgate-protocol-ssh/src/server/russh_handler.rs
type HandleWrapper (line 15) | pub struct HandleWrapper(pub Handle);
method fmt (line 18) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
type ServerHandlerEvent (line 24) | pub enum ServerHandlerEvent {
type ServerHandler (line 57) | pub struct ServerHandler {
method send_event (line 68) | fn send_event(&self, event: ServerHandlerEvent) -> Result<(), ServerHa...
type Error (line 76) | type Error = anyhow::Error;
method auth_succeeded (line 78) | async fn auth_succeeded(&mut self, session: &mut Session) -> Result<()...
method channel_open_session (line 84) | async fn channel_open_session(
method subsystem_request (line 100) | async fn subsystem_request(
method pty_request (line 124) | async fn pty_request(
method shell_request (line 162) | async fn shell_request(
method auth_publickey_offered (line 183) | async fn auth_publickey_offered(
method auth_publickey (line 200) | async fn auth_publickey(
method auth_password (line 214) | async fn auth_password(&mut self, user: &str, password: &str) -> Resul...
method auth_keyboard_interactive (line 226) | async fn auth_keyboard_interactive<'a>(
method data (line 248) | async fn data(
method extended_data (line 265) | async fn extended_data(
method channel_close (line 281) | async fn channel_close(
method window_change_request (line 293) | async fn window_change_request(
method channel_eof (line 319) | async fn channel_eof(
method signal (line 335) | async fn signal(
method exec_request (line 351) | async fn exec_request(
method env_request (line 374) | async fn env_request(
method channel_open_direct_tcpip (line 394) | async fn channel_open_direct_tcpip(
method channel_open_direct_streamlocal (line 420) | async fn channel_open_direct_streamlocal(
method x11_request (line 437) | async fn x11_request(
method tcpip_forward (line 463) | async fn tcpip_forward(
method cancel_tcpip_forward (line 482) | async fn cancel_tcpip_forward(
method streamlocal_forward (line 500) | async fn streamlocal_forward(
method cancel_streamlocal_forward (line 517) | async fn cancel_streamlocal_forward(
method agent_request (line 537) | async fn agent_request(
type ServerHandlerError (line 62) | pub enum ServerHandlerError {
method drop (line 558) | fn drop(&mut self) {
method fmt (line 565) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
FILE: warpgate-protocol-ssh/src/server/service_output.rs
constant ERASE_PROGRESS_SPINNER (line 8) | pub const ERASE_PROGRESS_SPINNER: &str = "\r \r";
constant ERASE_PROGRESS_SPINNER_BUF (line 9) | pub const ERASE_PROGRESS_SPINNER_BUF: &[u8] = ERASE_PROGRESS_SPINNER.as_...
constant LINEBREAK (line 10) | pub const LINEBREAK: &[u8] = "\n".as_bytes();
type ServiceOutput (line 13) | pub struct ServiceOutput {
method new (line 20) | pub fn new() -> Self {
method show_progress (line 57) | pub fn show_progress(&mut self) {
method hide_progress (line 62) | pub async fn hide_progress(&mut self) {
method subscribe (line 69) | pub fn subscribe(&self) -> broadcast::Receiver<Bytes> {
method emit_output (line 73) | pub fn emit_output(&mut self, output: Bytes) {
method drop (line 79) | fn drop(&mut self) {
FILE: warpgate-protocol-ssh/src/server/session.rs
type TargetSelection (line 52) | enum TargetSelection {
type Event (line 59) | enum Event {
type KeyboardInteractiveState (line 67) | enum KeyboardInteractiveState {
type CachedSuccessfulTicketAuth (line 73) | struct CachedSuccessfulTicketAuth {
type TrafficRecorderKey (line 79) | pub enum TrafficRecorderKey {
type ServerSession (line 84) | pub struct ServerSession {
method fmt (line 118) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
method start (line 124) | pub async fn start(
method get_next_event (line 237) | async fn get_next_event(&mut self) -> Option<Event> {
method get_auth_state (line 241) | async fn get_auth_state(&mut self, username: &str) -> Result<Arc<Mutex...
method make_logging_span (line 278) | pub fn make_logging_span(&self) -> tracing::Span {
method map_channel (line 288) | fn map_channel(&self, ch: &ServerChannelId) -> Result<Uuid, WarpgateEr...
method map_channel_reverse (line 295) | fn map_channel_reverse(&self, ch: &Uuid) -> Result<ServerChannelId> {
method emit_service_message (line 302) | pub async fn emit_service_message(&mut self, msg: &str) -> Result<()> {
method emit_pty_output (line 315) | pub async fn emit_pty_output(&mut self, data: &[u8]) -> Result<()> {
method maybe_connect_remote (line 336) | pub async fn maybe_connect_remote(&mut self) -> Result<()> {
method connect_remote (line 356) | async fn connect_remote(
method handle_event (line 371) | fn handle_event<'a>(
method handle_server_handler_event (line 413) | async fn handle_server_handler_event(&mut self, event: ServerHandlerEv...
method handle_session_control (line 616) | pub async fn handle_session_control(&mut self, command: SessionHandleC...
method handle_remote_event (line 628) | pub async fn handle_remote_event(&mut self, event: RCEvent) -> Result<...
method handle_unknown_host_key (line 936) | async fn handle_unknown_host_key(
method maybe_with_session (line 1008) | async fn maybe_with_session<'a, FN, FT, R>(&'a mut self, f: FN) -> Res...
method _channel_open_direct_tcpip (line 1019) | async fn _channel_open_direct_tcpip(
method _channel_open_direct_streamlocal (line 1074) | async fn _channel_open_direct_streamlocal(
method _window_change_request (line 1119) | async fn _window_change_request(
method _channel_exec_request (line 1144) | async fn _channel_exec_request(
method start_terminal_recording (line 1176) | async fn start_terminal_recording(&mut self, channel_id: Uuid, metadat...
method _channel_x11_request (line 1204) | async fn _channel_x11_request(
method _channel_env_request (line 1220) | async fn _channel_env_request(
method traffic_recorder_for (line 1236) | async fn traffic_recorder_for(
method _channel_subsystem_request (line 1261) | pub async fn _channel_subsystem_request(
method _data (line 1277) | async fn _data(&mut self, server_channel_id: ServerChannelId, data: By...
method _extended_data (line 1314) | async fn _extended_data(
method _tcpip_forward (line 1329) | async fn _tcpip_forward(&mut self, address: String, port: u32) -> Resu...
method _cancel_tcpip_forward (line 1337) | pub async fn _cancel_tcpip_forward(&mut self, address: String, port: u...
method _streamlocal_forward (line 1344) | async fn _streamlocal_forward(&mut self, socket_path: String) -> Resul...
method _cancel_streamlocal_forward (line 1352) | pub async fn _cancel_streamlocal_forward(&mut self, socket_path: Strin...
method _agent_forward (line 1359) | async fn _agent_forward(&mut self, server_channel_id: ServerChannelId)...
method _auth_publickey_offer (line 1370) | async fn _auth_publickey_offer(
method _auth_publickey (line 1410) | async fn _auth_publickey(
method _auth_password (line 1467) | async fn _auth_password(
method _auth_keyboard_interactive (line 1500) | async fn _auth_keyboard_interactive(
method get_remaining_auth_methods (line 1614) | fn get_remaining_auth_methods(&self, kinds: HashSet<CredentialKind>) -...
method try_validate_public_key_offer (line 1643) | async fn try_validate_public_key_offer(
method try_auth_lazy (line 1668) | async fn try_auth_lazy(
method try_auth_eager (line 1697) | async fn try_auth_eager(
method _auth_accept (line 1769) | async fn _auth_accept(
method _channel_close (line 1814) | async fn _channel_close(&mut self, server_channel_id: ServerChannelId)...
method _channel_eof (line 1822) | async fn _channel_eof(&mut self, server_channel_id: ServerChannelId) -...
method _channel_signal (line 1829) | pub async fn _channel_signal(
method send_command (line 1844) | fn send_command(&mut self, command: RCCommand) -> Result<(), RCCommand> {
method send_command_and_wait (line 1848) | async fn send_command_and_wait(&mut self, command: RCCommand) -> Resul...
method _disconnect (line 1872) | pub async fn _disconnect(&mut self) {
method request_disconnect (line 1877) | async fn request_disconnect(&mut self) {
method disconnect_server (line 1885) | async fn disconnect_server(&mut self) {
function session_debug_tag (line 113) | fn session_debug_tag(id: &SessionId, remote_address: &SocketAddr) -> Str...
method drop (line 1907) | fn drop(&mut self) {
type PendingCommand (line 1914) | pub enum PendingCommand {
type Output (line 1920) | type Output = Result<(), SshClientError>;
method poll (line 1922) | fn poll(self: Pin<&mut Self>, cx: &mut std::task::Context<'_>) -> Poll<S...
FILE: warpgate-protocol-ssh/src/server/session_handle.rs
type SessionHandleCommand (line 5) | pub enum SessionHandleCommand {
type SSHSessionHandle (line 9) | pub struct SSHSessionHandle {
method new (line 14) | pub fn new() -> (Self, mpsc::UnboundedReceiver<SessionHandleCommand>) {
method close (line 21) | fn close(&mut self) {
FILE: warpgate-sso/src/config.rs
type RoleMapping (line 17) | pub enum RoleMapping {
method roles (line 23) | pub fn roles(&self) -> Vec<String> {
type SsoProviderReturnUrlPrefix (line 40) | pub enum SsoProviderReturnUrlPrefix {
method fmt (line 49) | fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
type SsoProviderConfig (line 58) | pub struct SsoProviderConfig {
method label (line 74) | pub fn label(&self) -> &str {
type SsoInternalProviderConfig (line 83) | pub enum SsoInternalProviderConfig {
method label (line 146) | pub fn label(&self) -> &'static str {
method client_id (line 156) | pub fn client_id(&self) -> &ClientId {
method client_secret (line 166) | pub fn client_secret(&self) -> Result<ClientSecret, SsoError> {
method issuer_url (line 217) | pub fn issuer_url(&self) -> Result<IssuerUrl, SsoError> {
method scopes (line 239) | pub fn scopes(&self) -> Vec<String> {
method extra_parameters (line 250) | pub fn extra_parameters(&self) -> HashMap<String, String> {
method auth_type (line 262) | pub fn auth_type(&self) -> AuthType {
method needs_pkce_verifier (line 271) | pub fn needs_pkce_verifier(&self) -> bool {
method role_mappings (line 280) | pub fn role_mappings(&self) -> Option<HashMap<String, RoleMapping>> {
method admin_role_mappings (line 290) | pub fn admin_role_mappings(&self) -> Option<HashMap<String, RoleMappin...
method additional_trusted_audiences (line 306) | pub fn additional_trusted_audiences(&self) -> Option<&Vec<String>> {
method trust_unknown_audiences (line 318) | pub fn trust_unknown_audiences(&self) -> bool {
type AppleIDClaims (line 136) | struct AppleIDClaims<'a> {
FILE: warpgate-sso/src/error.rs
type SsoError (line 8) | pub enum SsoError {
FILE: warpgate-sso/src/google_groups.rs
type DirectoryGroupsResponse (line 10) | struct DirectoryGroupsResponse {
type DirectoryGroup (line 18) | struct DirectoryGroup {
constant DIRECTORY_SCOPE (line 22) | const DIRECTORY_SCOPE: &str = "https://www.googleapis.com/auth/admin.dir...
constant GOOGLE_TOKEN_URL (line 23) | const GOOGLE_TOKEN_URL: &str = "https://oauth2.googleapis.com/token";
constant DIRECTORY_GROUPS_URL (line 24) | const DIRECTORY_GROUPS_URL: &str = "https://admin.googleapis.com/admin/d...
function fetch_groups_if_configured (line 33) | pub async fn fetch_groups_if_configured(
function parse_json_response (line 62) | async fn parse_json_response<T: serde::de::DeserializeOwned>(
function get_access_token (line 74) | async fn get_access_token(
function fetch_user_groups (line 111) | async fn fetch_user_groups(
FILE: warpgate-sso/src/request.rs
type SsoLoginRequest (line 9) | pub struct SsoLoginRequest {
method auth_url (line 19) | pub fn auth_url(&self) -> &Url {
method csrf_token (line 23) | pub fn csrf_token(&self) -> &CsrfToken {
method redirect_url (line 27) | pub fn redirect_url(&self) -> &RedirectUrl {
method verify_code (line 31) | pub async fn verify_code(self, code: String) -> Result<SsoLoginRespons...
FILE: warpgate-sso/src/response.rs
type SsoLoginResponse (line 4) | pub struct SsoLoginResponse {
FILE: warpgate-sso/src/sso.rs
function string_or_vec (line 27) | fn string_or_vec<'de, D>(deserializer: D) -> Result<Option<Vec<String>>,...
type WarpgateClaims (line 47) | pub struct WarpgateClaims {
type SsoResult (line 56) | pub struct SsoResult {
type SsoClient (line 62) | pub struct SsoClient {
method new (line 108) | pub fn new(config: SsoInternalProviderConfig) -> Result<Self, SsoError> {
method supports_single_logout (line 115) | pub async fn supports_single_logout(&self) -> Result<bool, SsoError> {
method start_login (line 123) | pub async fn start_login(&self, redirect_url: String) -> Result<SsoLog...
method finish_login (line 162) | pub async fn finish_login(
method logout (line 244) | pub async fn logout(&self, token: CoreIdToken, redirect_url: Url) -> R...
function discover_metadata (line 67) | pub async fn discover_metadata(
function make_client (line 81) | async fn make_client(
FILE: warpgate-tls/src/cert.rs
type TlsCertificateBundle (line 17) | pub struct TlsCertificateBundle {
method bytes (line 41) | pub fn bytes(&self) -> &[u8] {
method certificates (line 45) | pub fn certificates(&self) -> &[CertificateDer<'static>] {
method from_file (line 49) | pub async fn from_file<P: AsRef<Path>>(path: P) -> Result<Self, Rustls...
method from_bytes (line 56) | pub fn from_bytes(bytes: Vec<u8>) -> Result<Self, RustlsSetupError> {
method sni_names (line 70) | pub fn sni_names(&self) -> Result<Vec<String>, RustlsSetupError> {
type TlsPrivateKey (line 23) | pub struct TlsPrivateKey {
method key (line 29) | pub fn key(&self) -> &Arc<dyn SigningKey> {
method from_file (line 133) | pub async fn from_file<P: AsRef<Path>>(path: P) -> Result<Self, Rustls...
method from_bytes (line 140) | pub fn from_bytes(bytes: Vec<u8>) -> Result<Self, RustlsSetupError> {
type TlsCertificateAndPrivateKey (line 35) | pub struct TlsCertificateAndPrivateKey {
function from (line 149) | fn from(val: TlsCertificateBundle) -> Self {
function from (line 155) | fn from(val: TlsPrivateKey) -> Self {
method from (line 161) | fn from(val: TlsCertificateAndPrivateKey) -> Self {
method from (line 169) | fn from(val: TlsCertificateAndPrivateKey) -> Self {
type SingleCertResolver (line 181) | pub struct SingleCertResolver(Arc<CertifiedKey>);
method new (line 184) | pub fn new(inner: TlsCertificateAndPrivateKey) -> Self {
method resolve (line 190) | fn resolve(
type IntoTlsCertificateRelativePaths (line 198) | pub trait IntoTlsCertificateRelativePaths {
method certificate_path (line 199) | fn certificate_path(&self) -> PathBuf;
method key_path (line 200) | fn key_path(&self) -> PathBuf;
FILE: warpgate-tls/src/error.rs
type RustlsSetupError (line 5) | pub enum RustlsSetupError {
FILE: warpgate-tls/src/maybe_tls_stream.rs
type MaybeTlsStreamError (line 11) | pub enum MaybeTlsStreamError {
type UpgradableStream (line 18) | pub trait UpgradableStream<T>
method upgrade (line 24) | fn upgrade(
type MaybeTlsStream (line 30) | pub enum MaybeTlsStream<S, TS>
function new (line 45) | pub fn new(stream: S) -> Self {
function upgrade (line 55) | pub async fn upgrade(
method poll_read (line 73) | fn poll_read(
method poll_write (line 91) | fn poll_write(
method poll_flush (line 103) | fn poll_flush(
method poll_shutdown (line 114) | fn poll_shutdown(
type UpgradeConfig (line 130) | type UpgradeConfig = (ServerName<'static>, Arc<ClientConfig>);
method upgrade (line 132) | async fn upgrade(
type UpgradeConfig (line 146) | type UpgradeConfig = Arc<ServerConfig>;
method upgrade (line 148) | async fn upgrade(
FILE: warpgate-tls/src/mode.rs
type TlsMode (line 5) | pub enum TlsMode {
method from (line 16) | fn from(s: &str) -> Self {
method from (line 27) | fn from(mode: TlsMode) -> Self {
FILE: warpgate-tls/src/rustls_helpers.rs
type ResolveServerCert (line 15) | pub struct ResolveServerCert(pub Arc<CertifiedKey>);
method resolve (line 18) | fn resolve(&self, _: ClientHello) -> Option<Arc<CertifiedKey>> {
function configure_tls_connector (line 23) | pub async fn configure_tls_connector(
type DummyTlsVerifier (line 67) | pub struct DummyTlsVerifier;
method verify_server_cert (line 70) | fn verify_server_cert(
method verify_tls12_signature (line 81) | fn verify_tls12_signature(
method verify_tls13_signature (line 90) | fn verify_tls13_signature(
method supported_verify_schemes (line 99) | fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
type NoHostnameTlsVerifier (line 119) | pub struct NoHostnameTlsVerifier {
method verify_server_cert (line 124) | fn verify_server_cert(
method verify_tls12_signature (line 146) | fn verify_tls12_signature(
method verify_tls13_signature (line 155) | fn verify_tls13_signature(
method supported_verify_schemes (line 164) | fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
FILE: warpgate-web/src/admin/config/ldap/common.ts
function testLdapConnection (line 3) | async function testLdapConnection(options: TestLdapServerRequest): Promi...
function defaultLdapPortForTlsMode (line 15) | function defaultLdapPortForTlsMode(tlsMode: TlsMode): number {
FILE: warpgate-web/src/admin/config/target-groups/common.ts
constant VALID_COLORS (line 3) | const VALID_COLORS: BootstrapThemeColor[] = ['Primary', 'Secondary', 'Su...
constant VALID_CHOICES (line 4) | const VALID_CHOICES = ['' as (BootstrapThemeColor | ''), ...VALID_COLORS]
FILE: warpgate-web/src/admin/lib/api.ts
function stringifyError (line 10) | async function stringifyError (err: ResponseError): Promise<string> {
FILE: warpgate-web/src/admin/lib/store.ts
type AdminPermissionDef (line 5) | interface AdminPermissionDef {
constant ADMIN_PERMISSIONS (line 13) | const ADMIN_PERMISSIONS = [
type AdminPermission (line 104) | type AdminPermission = typeof ADMIN_PERMISSIONS[number]
type AdminPermissionKey (line 106) | type AdminPermissionKey = AdminPermission['key']
type AdminPermissionCategory (line 108) | type AdminPermissionCategory = AdminPermission['category']
function emptyPermissions (line 110) | function emptyPermissions(): AdminPermissions {
FILE: warpgate-web/src/admin/lib/time.ts
function timeAgo (line 3) | function timeAgo(t: Date): string {
FILE: warpgate-web/src/common/autosave.ts
function autosave (line 4) | function autosave<T> (key: string, initial: T): ([Writable<T>, BehaviorS...
FILE: warpgate-web/src/common/errors.ts
function stringifyError (line 5) | async function stringifyError (err: any): Promise<string> {
FILE: warpgate-web/src/common/helpers.ts
function getCSSColorFromThemeColor (line 3) | function getCSSColorFromThemeColor(color?: BootstrapThemeColor): string {
FILE: warpgate-web/src/common/protocols.ts
type ConnectionOptions (line 5) | interface ConnectionOptions {
function makeSSHUsername (line 14) | function makeSSHUsername (opt: ConnectionOptions): string {
function makeExampleSSHCommand (line 21) | function makeExampleSSHCommand (opt: ConnectionOptions): string {
function makeExampleSCPCommand (line 30) | function makeExampleSCPCommand (opt: ConnectionOptions): string {
function makeMySQLUsername (line 42) | function makeMySQLUsername (opt: ConnectionOptions): string {
function makeExampleMySQLCommand (line 49) | function makeExampleMySQLCommand (opt: ConnectionOptions): string {
function makeExampleMySQLURI (line 58) | function makeExampleMySQLURI (opt: ConnectionOptions): string {
function makeExamplePostgreSQLCommand (line 66) | function makeExamplePostgreSQLCommand (opt: ConnectionOptions): string {
function makeExamplePostgreSQLURI (line 76) | function makeExamplePostgreSQLURI (opt: ConnectionOptions): string {
function makeTargetURL (line 82) | function makeTargetURL (opt: ConnectionOptions): string {
function abbreviatePublicKey (line 98) | function abbreviatePublicKey (key: string): string {
function makeKubernetesContext (line 102) | function makeKubernetesContext (opt: ConnectionOptions): string {
function makeKubernetesNamespace (line 109) | function makeKubernetesNamespace (_opt: ConnectionOptions): string {
function makeKubernetesClusterUrl (line 113) | function makeKubernetesClusterUrl (opt: ConnectionOptions): string {
function makeKubeconfig (line 118) | function makeKubeconfig (opt: ConnectionOptions): string {
function makeExampleKubectlCommand (line 169) | function makeExampleKubectlCommand (_opt: ConnectionOptions): string {
type ProtocolProperties (line 174) | interface ProtocolProperties {
constant PROTOCOL_PROPERTIES (line 178) | const PROTOCOL_PROPERTIES: Record<string, ProtocolProperties> = {
FILE: warpgate-web/src/common/recordings.ts
type RecordingMetadata (line 3) | type RecordingMetadata ={
function recordingMetadataToFieldSet (line 39) | function recordingMetadataToFieldSet(metadata: RecordingMetadata): [stri...
function recordingTypeLabel (line 74) | function recordingTypeLabel(recording: Recording): string {
FILE: warpgate-web/src/common/sveltestrap-s5-ports/_sveltestrapUtils.ts
function toClassName (line 2) | function toClassName(value: any) {
function uuid (line 28) | function uuid(): string {
FILE: warpgate-web/src/gateway/lib/api.ts
function stringifyError (line 10) | async function stringifyError (err: ResponseError): Promise<string> {
FILE: warpgate-web/src/gateway/lib/shellEscape.ts
function escapeUnix (line 3) | function escapeUnix (arg: string): string {
function escapeWin (line 10) | function escapeWin (arg: string): string {
function shellEscape (line 19) | function shellEscape (stringOrArray: string[]|string): string {
FILE: warpgate-web/src/gateway/lib/store.ts
function reloadServerInfo (line 6) | async function reloadServerInfo (): Promise<void> {
FILE: warpgate-web/src/lib.rs
type Assets (line 8) | pub struct Assets;
type LookupError (line 11) | pub enum LookupError {
type ManifestEntry (line 26) | pub struct ManifestEntry {
function lookup_built_file (line 31) | pub fn lookup_built_file(source: &str) -> Result<ManifestEntry, LookupEr...
FILE: warpgate-web/src/theme/index.ts
type ThemeFileName (line 6) | type ThemeFileName = 'dark'|'light'
type ThemeName (line 7) | type ThemeName = ThemeFileName|'auto'
function loadThemeFile (line 16) | function loadThemeFile (name: ThemeFileName) {
function loadTheme (line 24) | async function loadTheme (name: ThemeFileName) {
function setCurrentTheme (line 37) | function setCurrentTheme (theme: ThemeName): void {
FILE: warpgate-web/src/vite-env.d.ts
type GlobalFetch (line 5) | type GlobalFetch = WindowOrWorkerGlobalScope
FILE: warpgate/src/commands/check.rs
function command (line 8) | pub(crate) async fn command(params: &GlobalParams) -> Result<()> {
FILE: warpgate/src/commands/client_keys.rs
function command (line 6) | pub(crate) async fn command(params: &GlobalParams) -> Result<()> {
FILE: warpgate/src/commands/common.rs
function assert_interactive_terminal (line 5) | pub(crate) fn assert_interactive_terminal() {
function is_docker (line 15) | pub(crate) fn is_docker() -> bool {
FILE: warpgate/src/commands/create_user.rs
function command (line 13) | pub(crate) async fn command(
FILE: warpgate/src/commands/healthcheck.rs
function command (line 7) | pub(crate) async fn command(params: &GlobalParams) -> Result<()> {
FILE: warpgate/src/commands/recover_access.rs
function command (line 14) | pub(crate) async fn command(params: &GlobalParams, username: &Option<Str...
FILE: warpgate/src/commands/run.rs
function run_protocol_server (line 20) | async fn run_protocol_server<T: ProtocolServer + Send + 'static>(
function command (line 32) | pub(crate) async fn command(params: &GlobalParams, enable_admin_token: b...
function watch_config_and_reload (line 186) | pub async fn watch_config_and_reload(services: Services) -> Result<()> {
FILE: warpgate/src/commands/setup.rs
function prompt_endpoint (line 24) | fn prompt_endpoint(prompt: &str, default: ListenEndpoint) -> ListenEndpo...
function command (line 46) | pub(crate) async fn command(cli: &Cli, params: &GlobalParams) -> Result<...
FILE: warpgate/src/config.rs
function load_config (line 11) | pub fn load_config(params: &GlobalParams, secure: bool) -> Result<Warpga...
function check_and_migrate_config (line 42) | fn check_and_migrate_config(store: &mut serde_yaml::Value) {
function watch_config (line 78) | pub fn watch_config(
FILE: warpgate/src/logging.rs
function init_logging (line 18) | pub async fn init_logging(config: Option<&WarpgateConfig>, cli: &Cli) ->...
FILE: warpgate/src/main.rs
type Cli (line 18) | pub struct Cli {
method into_global_params (line 39) | pub fn into_global_params(&self) -> anyhow::Result<GlobalParams> {
type Commands (line 45) | pub(crate) enum Commands {
function _main (line 125) | async fn _main() -> Result<()> {
function main (line 183) | async fn main() {
Condensed preview — 510 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (2,066K chars).
[
{
"path": ".all-contributorsrc",
"chars": 3943,
"preview": "{\n \"projectName\": \"warpgate\",\n \"projectOwner\": \"warp-tech\",\n \"repoType\": \"github\",\n \"repoHost\": \"https://github.com\""
},
{
"path": ".bumpversion.cfg",
"chars": 2316,
"preview": "[bumpversion]\ncurrent_version = 0.22.0-beta.2\ncommit = True\ntag = True\n\n[bumpversion:file:warpgate/Cargo.toml]\nsearch = "
},
{
"path": ".cargo/config.toml",
"chars": 288,
"preview": "# https://github.com/rust-lang/cargo/issues/5376#issuecomment-2163350032\n[target.'cfg(all())']\nrustflags = [\n \"--cfg\""
},
{
"path": ".dockerignore",
"chars": 454,
"preview": "data*\ncdx\ndhap-heap.json\n.pytest_cache\n\n# Generated by Cargo\n# will have compiled files and executables\ntarget\n*/target\n"
},
{
"path": ".flake8",
"chars": 286,
"preview": "[flake8]\nignore=E501,D103,C901,D203,W504,S607,S603,S404,S606,S322,S410,S320,B010\nexclude = .git,__pycache__,help,static,"
},
{
"path": ".github/FUNDING.yml",
"chars": 52,
"preview": "github: eugeny\nopen_collective: tabby\nko_fi: eugeny\n"
},
{
"path": ".github/dependabot.yml",
"chars": 930,
"preview": "# Please see the documentation for all configuration options:\n# https://help.github.com/github/administering-a-repositor"
},
{
"path": ".github/workflows/build.yml",
"chars": 6033,
"preview": "name: Build\npermissions:\n contents: read\n\non: [push, pull_request]\n\njobs:\n build:\n strategy:\n matrix:\n "
},
{
"path": ".github/workflows/check-schema-compatibility.yml",
"chars": 1313,
"preview": "name: Check API Schema Compatibility\n\non: [pull_request]\npermissions:\n contents: read\n\njobs:\n check-schema-compatibili"
},
{
"path": ".github/workflows/codeql.yml",
"chars": 3096,
"preview": "# For most projects, this workflow file will not need changing; you simply need\n# to commit it to your repository.\n#\n# Y"
},
{
"path": ".github/workflows/dependency-review.yml",
"chars": 960,
"preview": "# Dependency Review Action\n#\n# This Action will scan dependency manifest files that change as part of a Pull Reqest, sur"
},
{
"path": ".github/workflows/docker.yml",
"chars": 5638,
"preview": "name: Docker\npermissions: read-all\non:\n schedule:\n - cron: '25 12 * * *'\n push:\n branches: [ '**' ]\n tags: [ "
},
{
"path": ".github/workflows/reprotest.yml",
"chars": 1250,
"preview": "name: Reproducibility test\npermissions:\n contents: read\n\non: workflow_dispatch\n\njobs:\n reprotest:\n name: Reproducib"
},
{
"path": ".github/workflows/scorecard.yml",
"chars": 3475,
"preview": "# This workflow uses actions that are not certified by GitHub. They are provided\n# by a third-party and are governed by "
},
{
"path": ".github/workflows/test.yml",
"chars": 2269,
"preview": "name: Test\n\non: [push, pull_request]\n\npermissions:\n contents: read\n\njobs:\n Tests:\n runs-on: ubuntu-latest\n steps"
},
{
"path": ".gitignore",
"chars": 394,
"preview": "# Generated by Cargo\n# will have compiled files and executables\ndebug/\ntarget/\n\n# These are backup files generated by ru"
},
{
"path": ".well-known/funding-manifest-urls",
"chars": 31,
"preview": "https://null.page/funding.json\n"
},
{
"path": "Cargo.toml",
"chars": 4148,
"preview": "# cargo-features = [\"profile-rustflags\"]\n\n[workspace]\nmembers = [\n \"warpgate\",\n \"warpgate-admin\",\n \"warpgate-co"
},
{
"path": "Cranky.toml",
"chars": 193,
"preview": "deny = [\n \"unsafe_code\",\n \"clippy::unwrap_used\",\n \"clippy::expect_used\",\n \"clippy::panic\",\n \"clippy::indexing_slici"
},
{
"path": "Cross.toml",
"chars": 106,
"preview": "[target.x86_64-unknown-linux-gnu]\npre-build = [\"apt-get update && apt-get install --assume-yes libz-dev\"]\n"
},
{
"path": "LICENSE",
"chars": 11351,
"preview": " Apache License\n Version 2.0, January 2004\n "
},
{
"path": "README.md",
"chars": 12075,
"preview": "<p align=\"center\">\n<img src=\"https://github.com/user-attachments/assets/89be835b-ff96-46df-94c7-ae2d176615e3\" />\n</p>\n\n<"
},
{
"path": "SECURITY.md",
"chars": 718,
"preview": "# Security Policy\n\n## Reporting a Vulnerability\n\nPlease report vunerabilities using GitHub's Private Vulnerability Repor"
},
{
"path": "clippy.toml",
"chars": 65,
"preview": "avoid-breaking-exported-api = false\nallow-unwrap-in-tests = true\n"
},
{
"path": "config-schema.json",
"chars": 14096,
"preview": "{\n \"$schema\": \"https://json-schema.org/draft/2020-12/schema\",\n \"title\": \"WarpgateConfigStore\",\n \"type\": \"object\",\n \""
},
{
"path": "deny.toml",
"chars": 8632,
"preview": "# This template contains all of the possible sections and their default values\n\n# Note that all fields that take a lint "
},
{
"path": "docker/Dockerfile",
"chars": 1592,
"preview": "# syntax=docker/dockerfile:1.3-labs\n# hadolint global ignore=DL3008\nFROM rust:1.94.0-bullseye@sha256:16950191527a4cb9e07"
},
{
"path": "docker/docker-compose.yml",
"chars": 196,
"preview": "services:\n warpgate:\n image: ghcr.io/warp-tech/warpgate\n ports:\n - 2222:2222\n - 8888:8888\n - 33306"
},
{
"path": "helm/warpgate/.helmignore",
"chars": 349,
"preview": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation"
},
{
"path": "helm/warpgate/Chart.yaml",
"chars": 1180,
"preview": "apiVersion: v2\nname: warpgate\ndescription: A Helm chart for WarpGate inside of Kubernetes\n\n# A chart can be either an 'a"
},
{
"path": "helm/warpgate/templates/NOTES.txt",
"chars": 0,
"preview": ""
},
{
"path": "helm/warpgate/templates/_helpers.tpl",
"chars": 1792,
"preview": "{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"warpgate.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | tr"
},
{
"path": "helm/warpgate/templates/configmap.yaml",
"chars": 279,
"preview": "{{- if .Values.overrides_config }}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ include \"warpgate.fullname\" . }}-"
},
{
"path": "helm/warpgate/templates/deployment.yaml",
"chars": 7646,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ include \"warpgate.fullname\" . }}\n labels:\n {{- include \"wa"
},
{
"path": "helm/warpgate/templates/httproute.yaml",
"chars": 699,
"preview": "{{- if .Values.httpRoute.enabled -}}\napiVersion: gateway.networking.k8s.io/v1\nkind: HTTPRoute\nmetadata:\n name: {{ inclu"
},
{
"path": "helm/warpgate/templates/ingress.yaml",
"chars": 1212,
"preview": "{{- if .Values.ingress.enabled }}\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: {{ include \"warpgate."
},
{
"path": "helm/warpgate/templates/pvc.yaml",
"chars": 306,
"preview": "{{- if and .Values.data.pvc.enabled (not .Values.data.pvc.claimName) }}\napiVersion: v1\nkind: PersistentVolumeClaim\nmetad"
},
{
"path": "helm/warpgate/templates/service.yaml",
"chars": 1287,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: {{ include \"warpgate.fullname\" . }}\n labels:\n {{- include \"warpgate.l"
},
{
"path": "helm/warpgate/templates/setup-job.yaml",
"chars": 4028,
"preview": "{{- if .Values.setup.enabled }}\n{{- if eq .Values.setup.type \"job\" }}\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: {"
},
{
"path": "helm/warpgate/values.yaml",
"chars": 3767,
"preview": "# Number of replicas for Warpgate deployment\n# Do NOT increase above 1 when using SQLite as the database!\nreplicaCount: "
},
{
"path": "justfile",
"chars": 1478,
"preview": "projects := \"warpgate warpgate-admin warpgate-common warpgate-db-entities warpgate-db-migrations warpgate-database-proto"
},
{
"path": "rust-toolchain",
"chars": 19,
"preview": "nightly-2025-10-21\n"
},
{
"path": "rustfmt.toml",
"chars": 66,
"preview": "imports_granularity = \"Module\"\ngroup_imports = \"StdExternalCrate\"\n"
},
{
"path": "sonar-project.properties",
"chars": 158,
"preview": "sonar.projectKey=warp-tech_warpgate\nsonar.organization=warp-tech\n\nsonar.sources=.\nsonar.inclusions=warpgate-*/**/*\n\nsona"
},
{
"path": "tests/.gitignore",
"chars": 8,
"preview": "api_sdk\n"
},
{
"path": "tests/Makefile",
"chars": 342,
"preview": "image-ssh-server:\n\tcd images/ssh-server && docker build -t warpgate-e2e-ssh-server .\n\nimage-mysql-server:\n\tcd images/mys"
},
{
"path": "tests/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "tests/api_client.py",
"chars": 484,
"preview": "from contextlib import contextmanager\n\ntry:\n # in-IDE\n import api_sdk.openapi_client as sdk\nexcept ImportError:\n "
},
{
"path": "tests/certs/tls.certificate.pem",
"chars": 552,
"preview": "-----BEGIN CERTIFICATE-----\r\nMIIBYjCCAQmgAwIBAgIJAKXIp8GepnCzMAoGCCqGSM49BAMCMCExHzAdBgNVBAMM\r\nFnJjZ2VuIHNlbGYgc2lnbmVkI"
},
{
"path": "tests/certs/tls.key.pem",
"chars": 246,
"preview": "-----BEGIN PRIVATE KEY-----\r\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg0tJmr/OSF7neTQOV\r\ngQn+qHCdVsOENdMc86RlWPiWD"
},
{
"path": "tests/conftest.py",
"chars": 25233,
"preview": "import logging\nimport os\nimport time\nimport psutil\nimport pytest\nimport requests\nimport shutil\nimport signal\nimport subp"
},
{
"path": "tests/images/mysql-server/Dockerfile",
"chars": 183,
"preview": "FROM mariadb:10.8@sha256:456709ab146585d6189da05669b84384518baecd83670c9e5221f8c20a47cf1e\n\nENV MYSQL_DATABASE=db\nENV MYS"
},
{
"path": "tests/images/mysql-server/init.sql",
"chars": 102,
"preview": "CREATE TABLE `db`.`table` (\n `id` int(11) NOT NULL,\n `name` varchar(1023) NOT NULL\n) ENGINE=InnoDB;\n"
},
{
"path": "tests/images/postgres-server/Dockerfile",
"chars": 202,
"preview": "FROM postgres:17.0@sha256:f176fef320ed02c347e9f85352620945547a9a23038f02b57cf7939a198182ae\n\nENV POSTGRES_DB=db\nENV POSTG"
},
{
"path": "tests/images/postgres-server/init.sql",
"chars": 62,
"preview": "CREATE TABLE tbl (\n id int NOT NULL,\n name text NOT NULL\n);\n"
},
{
"path": "tests/images/ssh-server/Dockerfile",
"chars": 170,
"preview": "FROM alpine:3.14@sha256:0f2d5c38dd7a4f4f733e688e3a6733cb5ab1ac6e3cb4603a5dd564e5bfb80eed\nRUN apk add openssh curl\nRUN pa"
},
{
"path": "tests/oidc-mock/clients-config.json",
"chars": 1338,
"preview": "[\n {\n \"ClientId\": \"implicit-mock-client\",\n \"Description\": \"Client for implicit flow\",\n \"AllowedGrantTypes\": [\n"
},
{
"path": "tests/oidc-mock/docker-compose.yml",
"chars": 1763,
"preview": "version: '3'\nservices:\n oidc-server-mock:\n container_name: oidc-server-mock\n image: ghcr.io/soluto/oidc-server-mo"
},
{
"path": "tests/pyproject.toml",
"chars": 827,
"preview": "[tool.poetry]\nname = \"tests\"\nversion = \"0.1.0\"\ndescription = \"\"\nauthors = [\"Your Name <you@example.com>\"]\n\n[tool.poetry."
},
{
"path": "tests/run.sh",
"chars": 296,
"preview": "#!/bin/sh\nset -e\ncd ..\nrm target/llvm-cov-target/* || true\ncargo llvm-cov clean --workspace\ncargo llvm-cov --no-cfg-cove"
},
{
"path": "tests/ssh-keys/id_ed25519",
"chars": 419,
"preview": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACA"
},
{
"path": "tests/ssh-keys/id_ed25519.pub",
"chars": 81,
"preview": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP/CQS05AYYvEeZ3X6EPSE4liuLuP7w6p7HgIydOvbq\n"
},
{
"path": "tests/ssh-keys/id_rsa",
"chars": 2622,
"preview": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQA"
},
{
"path": "tests/ssh-keys/id_rsa.pub",
"chars": 553,
"preview": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCd30zPwWdhmb+lcHUn7djHwgOxvy+6CAaYT/Elmb8fS+4IPi8D9oOzeB2pcuNTX+7IPQn8JA8fga82oCQn"
},
{
"path": "tests/ssh-keys/wg/client-ed25519",
"chars": 419,
"preview": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACD"
},
{
"path": "tests/ssh-keys/wg/client-ed25519.pub",
"chars": 108,
"preview": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6MJJdx+2zRXcoRn+9zTYNnRzKnKI4dDI1CBPfPflds eugene@Eugenes-MBP-2.local\n"
},
{
"path": "tests/ssh-keys/wg/client-rsa",
"chars": 3307,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCvukhj4nGf2l5neOjlolntx+42\r\nyaOz8wmKzc8hRM"
},
{
"path": "tests/ssh-keys/wg/client-rsa.pub",
"chars": 729,
"preview": "ssh-rsa AAAADHJzYS1zaGEyLTI1NgAAAAMBAAEAAAIBAK+6SGPicZ/aXmd46OWiWe3H7jbJo7PzCYrNzyFEyDw3sasjie0ZwrueSB8C431rg34AhqW4CM8V"
},
{
"path": "tests/ssh-keys/wg/host-ed25519",
"chars": 419,
"preview": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACD"
},
{
"path": "tests/ssh-keys/wg/host-ed25519.pub",
"chars": 108,
"preview": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFdT1GYkRWJCFlli9ojIScQxvVfVUJyFgZNvIepvIro eugene@Eugenes-MBP-2.local\n"
},
{
"path": "tests/ssh-keys/wg/host-rsa",
"chars": 3307,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxPfQ6f73tfGFRV93Aby+hCQAP\r\nQlkOo/4BhG2VoP"
},
{
"path": "tests/test_api_auth.py",
"chars": 32524,
"preview": "import contextlib\nfrom dataclasses import dataclass\nfrom typing import Callable, Dict, Optional, Set\nfrom json import lo"
},
{
"path": "tests/test_http_basic.py",
"chars": 2818,
"preview": "from urllib.parse import unquote\nfrom uuid import uuid4\nimport requests\n\nfrom tests.conftest import WarpgateProcess\n\nfro"
},
{
"path": "tests/test_http_common.py",
"chars": 1454,
"preview": "import gzip\nimport pytest\nimport threading\n\nfrom .util import alloc_port\n\n\n@pytest.fixture(scope=\"session\")\ndef echo_ser"
},
{
"path": "tests/test_http_proto.py",
"chars": 2773,
"preview": "import requests\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import WarpgateProcess\n"
},
{
"path": "tests/test_http_redirects.py",
"chars": 1861,
"preview": "import requests\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import WarpgateProcess\n"
},
{
"path": "tests/test_http_user_auth_logout.py",
"chars": 2041,
"preview": "import requests\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import WarpgateProcess\n"
},
{
"path": "tests/test_http_user_auth_oidc.py",
"chars": 23637,
"preview": "import html\nimport re\nimport requests\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest i"
},
{
"path": "tests/test_http_user_auth_otp.py",
"chars": 5424,
"preview": "import requests\nimport pyotp\nfrom base64 import b64decode\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, "
},
{
"path": "tests/test_http_user_auth_password.py",
"chars": 3897,
"preview": "import requests\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import WarpgateProcess\n"
},
{
"path": "tests/test_http_user_auth_ticket.py",
"chars": 4021,
"preview": "import requests\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import WarpgateProcess\n"
},
{
"path": "tests/test_http_websocket.py",
"chars": 2049,
"preview": "import ssl\nimport requests\nfrom websocket import create_connection\nfrom uuid import uuid4\n\nfrom .api_client import admin"
},
{
"path": "tests/test_json_logs.py",
"chars": 6808,
"preview": "\"\"\"\nIntegration tests for JSON log output format.\nTests that log.format: json configuration produces valid JSON logs.\n\"\""
},
{
"path": "tests/test_kubernetes_integration.py",
"chars": 23540,
"preview": "from datetime import datetime, timezone, timedelta\nimport time\nimport uuid\nimport subprocess\n\nfrom cryptography.hazmat.p"
},
{
"path": "tests/test_mysql_user_auth_password.py",
"chars": 3425,
"preview": "# import subprocess\n# import time\n# from uuid import uuid4\n\n# from .api_client import (\n# api_admin_session,\n# a"
},
{
"path": "tests/test_postgres_user_auth_in_browser.py",
"chars": 3823,
"preview": "import os\nimport aiohttp\nimport pytest\nimport subprocess\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, s"
},
{
"path": "tests/test_postgres_user_auth_password.py",
"chars": 2600,
"preview": "import os\nimport subprocess\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import Warp"
},
{
"path": "tests/test_ssh_client_auth_config.py",
"chars": 13244,
"preview": "\"\"\"\nTests for SSH client authentication method configuration via Parameters API.\n\nThese tests verify that SSH auth metho"
},
{
"path": "tests/test_ssh_proto.py",
"chars": 10977,
"preview": "from uuid import uuid4\nimport requests\nimport subprocess\nimport tempfile\nimport time\nimport pytest\nfrom textwrap import "
},
{
"path": "tests/test_ssh_target_selection.py",
"chars": 2079,
"preview": "from pathlib import Path\nimport subprocess\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conft"
},
{
"path": "tests/test_ssh_user_auth_in_browser.py",
"chars": 4275,
"preview": "import aiohttp\nimport pytest\nfrom pathlib import Path\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\n"
},
{
"path": "tests/test_ssh_user_auth_otp.py",
"chars": 4461,
"preview": "from asyncio import subprocess\nfrom base64 import b64decode\nfrom uuid import uuid4\nimport pyotp\nimport pytest\nfrom pathl"
},
{
"path": "tests/test_ssh_user_auth_password.py",
"chars": 2675,
"preview": "from pathlib import Path\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import Process"
},
{
"path": "tests/test_ssh_user_auth_pubkey.py",
"chars": 5490,
"preview": "from pathlib import Path\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import Process"
},
{
"path": "tests/test_ssh_user_auth_ticket.py",
"chars": 2465,
"preview": "from pathlib import Path\nfrom uuid import uuid4\n\nfrom .api_client import admin_client, sdk\nfrom .conftest import Process"
},
{
"path": "tests/util.py",
"chars": 2911,
"preview": "import logging\nimport os\nimport requests\nimport socket\nimport subprocess\nimport threading\nimport time\n\n\nlast_port = 1234"
},
{
"path": "warpgate/.gitignore",
"chars": 12,
"preview": "!Cargo.lock\n"
},
{
"path": "warpgate/Cargo.toml",
"chars": 2396,
"preview": "[package]\nedition = \"2021\"\nlicense = \"Apache-2.0\"\nname = \"warpgate\"\nversion = \"0.22.0\"\n\n[dependencies]\nansi_term = { ver"
},
{
"path": "warpgate/src/commands/check.rs",
"chars": 1655,
"preview": "use anyhow::{Context, Result};\nuse tracing::*;\nuse warpgate_common::GlobalParams;\nuse warpgate_tls::{TlsCertificateBundl"
},
{
"path": "warpgate/src/commands/client_keys.rs",
"chars": 501,
"preview": "use anyhow::Result;\nuse warpgate_common::GlobalParams;\n\nuse crate::config::load_config;\n\npub(crate) async fn command(par"
},
{
"path": "warpgate/src/commands/common.rs",
"chars": 402,
"preview": "use std::io::IsTerminal;\n\nuse tracing::*;\n\npub(crate) fn assert_interactive_terminal() {\n if !std::io::stdin().is_ter"
},
{
"path": "warpgate/src/commands/create_user.rs",
"chars": 3370,
"preview": "use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, QueryFilter, Set};\nuse uuid::Uuid;\nuse warpgate_common::{\n "
},
{
"path": "warpgate/src/commands/healthcheck.rs",
"chars": 712,
"preview": "use anyhow::{Context, Result};\nuse tokio::time::timeout;\nuse warpgate_common::GlobalParams;\n\nuse crate::config::load_con"
},
{
"path": "warpgate/src/commands/mod.rs",
"chars": 142,
"preview": "pub mod check;\npub mod client_keys;\nmod common;\npub mod create_user;\npub mod healthcheck;\npub mod recover_access;\npub mo"
},
{
"path": "warpgate/src/commands/recover_access.rs",
"chars": 2851,
"preview": "use anyhow::Result;\nuse dialoguer::theme::ColorfulTheme;\nuse sea_orm::{ActiveModelTrait, EntityTrait, QueryOrder, Set};\n"
},
{
"path": "warpgate/src/commands/run.rs",
"chars": 6682,
"preview": "use anyhow::{Context, Result};\nuse futures::{FutureExt, StreamExt};\n#[cfg(target_os = \"linux\")]\nuse sd_notify::NotifySta"
},
{
"path": "warpgate/src/commands/setup.rs",
"chars": 12562,
"preview": "#![allow(clippy::collapsible_else_if)]\n\nuse std::fs::{create_dir_all, File};\nuse std::io::Write;\nuse std::net::{Ipv6Addr"
},
{
"path": "warpgate/src/config.rs",
"chars": 4321,
"preview": "use std::sync::Arc;\n\nuse anyhow::{Context, Result};\nuse config::{Config, Environment, File, FileFormat};\nuse notify::{re"
},
{
"path": "warpgate/src/logging.rs",
"chars": 3919,
"preview": "use std::sync::Arc;\n\nuse anyhow::{Context, Result};\nuse time::{format_description, UtcOffset};\nuse tracing_log::LogTrace"
},
{
"path": "warpgate/src/main.rs",
"chars": 5557,
"preview": "mod commands;\nmod config;\nmod logging;\n\nuse std::path::PathBuf;\n\nuse anyhow::Result;\nuse clap::{ArgAction, Parser};\nuse "
},
{
"path": "warpgate-admin/Cargo.toml",
"chars": 1369,
"preview": "[package]\nedition = \"2021\"\nlicense = \"Apache-2.0\"\nname = \"warpgate-admin\"\nversion = \"0.22.0\"\n\n[dependencies]\nanyhow.work"
},
{
"path": "warpgate-admin/src/api/admin_roles.rs",
"chars": 9320,
"preview": "use poem::web::Data;\nuse poem_openapi::param::{Path, Query};\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResp"
},
{
"path": "warpgate-admin/src/api/certificate_credentials.rs",
"chars": 7545,
"preview": "use chrono::{DateTime, Utc};\nuse poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::payload::Json;\nuse po"
},
{
"path": "warpgate-admin/src/api/common.rs",
"chars": 3671,
"preview": "use sea_orm::{\n ColumnTrait, EntityTrait, JoinType, PaginatorTrait, QueryFilter, QuerySelect, RelationTrait,\n};\nuse w"
},
{
"path": "warpgate-admin/src/api/known_hosts_detail.rs",
"chars": 1385,
"preview": "use poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::{ApiResponse, OpenApi};\nuse sea_orm::{EntityTrait,"
},
{
"path": "warpgate-admin/src/api/known_hosts_list.rs",
"chars": 2544,
"preview": "use std::str::FromStr;\n\nuse anyhow::Context;\nuse poem::web::Data;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{Ap"
},
{
"path": "warpgate-admin/src/api/ldap_servers.rs",
"chars": 20742,
"preview": "use poem::web::Data;\nuse poem_openapi::param::{Path, Query};\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResp"
},
{
"path": "warpgate-admin/src/api/logs.rs",
"chars": 2392,
"preview": "use chrono::{DateTime, Utc};\nuse poem::web::Data;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResponse, Objec"
},
{
"path": "warpgate-admin/src/api/mod.rs",
"chars": 2124,
"preview": "use poem_openapi::OpenApi;\n\nmod admin_roles;\nmod certificate_credentials;\nmod common;\nmod known_hosts_detail;\nmod known_"
},
{
"path": "warpgate-admin/src/api/otp_credentials.rs",
"chars": 4008,
"preview": "use poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResponse, Obj"
},
{
"path": "warpgate-admin/src/api/pagination.rs",
"chars": 1371,
"preview": "use poem_openapi::types::{ParseFromJSON, ToJSON};\nuse poem_openapi::Object;\nuse sea_orm::{ConnectionTrait, EntityTrait, "
},
{
"path": "warpgate-admin/src/api/parameters.rs",
"chars": 3961,
"preview": "use poem::web::Data;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResponse, Object, OpenApi};\nuse sea_orm::Act"
},
{
"path": "warpgate-admin/src/api/password_credentials.rs",
"chars": 4044,
"preview": "use poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResponse, Obj"
},
{
"path": "warpgate-admin/src/api/public_key_credentials.rs",
"chars": 8041,
"preview": "use chrono::{DateTime, Utc};\nuse poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::payload::Json;\nuse po"
},
{
"path": "warpgate-admin/src/api/recordings_detail.rs",
"chars": 7769,
"preview": "use std::sync::Arc;\n\nuse anyhow::Context;\nuse bytes::Bytes;\nuse futures::{SinkExt, StreamExt};\nuse poem::error::{Interna"
},
{
"path": "warpgate-admin/src/api/roles.rs",
"chars": 7837,
"preview": "use poem::web::Data;\nuse poem_openapi::param::{Path, Query};\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResp"
},
{
"path": "warpgate-admin/src/api/sessions_detail.rs",
"chars": 3168,
"preview": "use poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResponse, Ope"
},
{
"path": "warpgate-admin/src/api/sessions_list.rs",
"chars": 3451,
"preview": "use futures::{SinkExt, StreamExt};\nuse poem::session::Session;\nuse poem::web::websocket::{Message, WebSocket};\nuse poem:"
},
{
"path": "warpgate-admin/src/api/ssh_connection_test.rs",
"chars": 2992,
"preview": "use poem::web::Data;\nuse poem_openapi::payload::{Json, PlainText};\nuse poem_openapi::{ApiResponse, Object, OpenApi};\nuse"
},
{
"path": "warpgate-admin/src/api/ssh_keys.rs",
"chars": 1402,
"preview": "use poem::web::Data;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResponse, Object, OpenApi};\nuse russh::keys:"
},
{
"path": "warpgate-admin/src/api/sso_credentials.rs",
"chars": 5418,
"preview": "use poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResponse, Obj"
},
{
"path": "warpgate-admin/src/api/target_groups.rs",
"chars": 7012,
"preview": "use poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResponse, Obj"
},
{
"path": "warpgate-admin/src/api/targets.rs",
"chars": 13985,
"preview": "use poem::web::Data;\nuse poem_openapi::param::{Path, Query};\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResp"
},
{
"path": "warpgate-admin/src/api/tickets_detail.rs",
"chars": 1327,
"preview": "use poem::web::Data;\nuse poem_openapi::param::Path;\nuse poem_openapi::{ApiResponse, OpenApi};\nuse sea_orm::{EntityTrait,"
},
{
"path": "warpgate-admin/src/api/tickets_list.rs",
"chars": 3173,
"preview": "use anyhow::Context;\nuse chrono::{DateTime, Utc};\nuse poem::web::Data;\nuse poem_openapi::payload::Json;\nuse poem_openapi"
},
{
"path": "warpgate-admin/src/api/users.rs",
"chars": 18907,
"preview": "use poem::web::Data;\nuse poem_openapi::param::{Path, Query};\nuse poem_openapi::payload::Json;\nuse poem_openapi::{ApiResp"
},
{
"path": "warpgate-admin/src/lib.rs",
"chars": 1060,
"preview": "pub mod api;\nuse poem::{IntoEndpoint, Route};\nuse poem_openapi::OpenApiService;\nuse warpgate_common::version::warpgate_v"
},
{
"path": "warpgate-admin/src/main.rs",
"chars": 483,
"preview": "mod api;\nuse poem_openapi::OpenApiService;\nuse regex::Regex;\nuse warpgate_common::version::warpgate_version;\n\n#[allow(cl"
},
{
"path": "warpgate-ca/Cargo.toml",
"chars": 471,
"preview": "[package]\nedition = \"2021\"\nlicense = \"Apache-2.0\"\nname = \"warpgate-ca\"\nversion = \"0.22.0\"\n\n[dependencies]\nbytes.workspac"
},
{
"path": "warpgate-ca/src/error.rs",
"chars": 839,
"preview": "use std::error::Error;\n\nuse x509_parser::error::{PEMError, X509Error};\n\n#[derive(thiserror::Error, Debug)]\npub enum CaEr"
},
{
"path": "warpgate-ca/src/lib.rs",
"chars": 7832,
"preview": "use std::time::{Duration, SystemTime};\n\nuse aws_lc_rs::digest;\nuse aws_lc_rs::error::KeyRejected;\nuse aws_lc_rs::signatu"
},
{
"path": "warpgate-common/Cargo.toml",
"chars": 2060,
"preview": "[package]\nedition = \"2021\"\nlicense = \"Apache-2.0\"\nname = \"warpgate-common\"\nversion = \"0.22.0\"\n\n[[bin]]\nname = \"config-sc"
},
{
"path": "warpgate-common/src/api.rs",
"chars": 536,
"preview": "use poem_openapi::auth::ApiKey;\nuse poem_openapi::SecurityScheme;\n\n#[derive(SecurityScheme)]\n#[oai(ty = \"api_key\", key_n"
},
{
"path": "warpgate-common/src/auth/cred.rs",
"chars": 2410,
"preview": "use bytes::Bytes;\nuse poem_openapi::Enum;\nuse russh::keys::Algorithm;\nuse serde::{Deserialize, Serialize};\n\nuse crate::{"
},
{
"path": "warpgate-common/src/auth/mod.rs",
"chars": 122,
"preview": "mod cred;\nmod policy;\nmod selector;\nmod state;\npub use cred::*;\npub use policy::*;\npub use selector::*;\npub use state::*"
},
{
"path": "warpgate-common/src/auth/policy.rs",
"chars": 2495,
"preview": "use std::collections::{HashMap, HashSet};\n\nuse super::{AuthCredential, CredentialKind};\n\npub enum CredentialPolicyRespon"
},
{
"path": "warpgate-common/src/auth/selector.rs",
"chars": 1290,
"preview": "use std::fmt::Debug;\n\nuse crate::consts::TICKET_SELECTOR_PREFIX;\nuse crate::Secret;\n\npub enum AuthSelector {\n User {\n"
},
{
"path": "warpgate-common/src/auth/state.rs",
"chars": 4686,
"preview": "use std::collections::HashSet;\n\nuse chrono::{DateTime, Utc};\nuse rand::Rng;\nuse tokio::sync::broadcast;\nuse tracing::{de"
},
{
"path": "warpgate-common/src/config/defaults.rs",
"chars": 2128,
"preview": "use std::net::{Ipv6Addr, SocketAddr};\nuse std::time::Duration;\n\nuse crate::{ListenEndpoint, Secret};\n\npub(crate) const f"
},
{
"path": "warpgate-common/src/config/mod.rs",
"chars": 19916,
"preview": "mod defaults;\nmod target;\n\nuse std::ops::Deref;\nuse std::path::PathBuf;\nuse std::time::Duration;\n\nuse defaults::*;\nuse p"
},
{
"path": "warpgate-common/src/config/target.rs",
"chars": 5144,
"preview": "use std::collections::HashMap;\n\nuse poem_openapi::{Object, Union};\nuse serde::{Deserialize, Serialize};\nuse uuid::Uuid;\n"
},
{
"path": "warpgate-common/src/config_schema.rs",
"chars": 207,
"preview": "use schemars::schema_for;\n\n#[allow(clippy::unwrap_used)]\nfn main() {\n let schema = schema_for!(warpgate_common::Warpg"
},
{
"path": "warpgate-common/src/consts.rs",
"chars": 52,
"preview": "pub const TICKET_SELECTOR_PREFIX: &str = \"ticket-\";\n"
},
{
"path": "warpgate-common/src/error.rs",
"chars": 3052,
"preview": "use std::error::Error;\n\nuse poem::error::ResponseError;\nuse poem_openapi::ApiResponse;\nuse uuid::Uuid;\nuse warpgate_ca::"
},
{
"path": "warpgate-common/src/eventhub.rs",
"chars": 2597,
"preview": "use std::sync::Arc;\n\nuse tokio::sync::mpsc::error::SendError;\nuse tokio::sync::mpsc::{unbounded_channel, UnboundedReceiv"
},
{
"path": "warpgate-common/src/helpers/fs.rs",
"chars": 1024,
"preview": "use std::os::unix::prelude::PermissionsExt;\nuse std::path::Path;\n\nuse tracing::*;\n\nfn maybe_apply_permissions<P: AsRef<P"
},
{
"path": "warpgate-common/src/helpers/hash.rs",
"chars": 1183,
"preview": "use anyhow::Result;\nuse argon2::password_hash::rand_core::OsRng;\nuse argon2::password_hash::{Error, PasswordHash, Passwo"
},
{
"path": "warpgate-common/src/helpers/locks.rs",
"chars": 3789,
"preview": "#[cfg(debug_assertions)]\nmod deadlock_detecting_mutex {\n use std::any::type_name;\n use std::collections::HashMap;\n"
},
{
"path": "warpgate-common/src/helpers/mod.rs",
"chars": 137,
"preview": "pub mod fs;\npub mod hash;\npub mod locks;\npub mod otp;\npub mod rng;\npub mod serde_base64;\npub mod serde_base64_secret;\npu"
},
{
"path": "warpgate-common/src/helpers/otp.rs",
"chars": 1065,
"preview": "use std::time::SystemTime;\n\nuse rand::Rng;\nuse totp_rs::{Algorithm, TOTP};\n\nuse super::rng::get_crypto_rng;\nuse crate::t"
},
{
"path": "warpgate-common/src/helpers/rng.rs",
"chars": 129,
"preview": "use rand::SeedableRng;\nuse rand_chacha::ChaCha20Rng;\n\npub fn get_crypto_rng() -> ChaCha20Rng {\n ChaCha20Rng::from_ent"
},
{
"path": "warpgate-common/src/helpers/serde_base64.rs",
"chars": 518,
"preview": "use data_encoding::BASE64;\nuse serde::{Deserialize, Serializer};\n\npub fn serialize<S: Serializer, B: AsRef<[u8]>>(\n b"
},
{
"path": "warpgate-common/src/helpers/serde_base64_secret.rs",
"chars": 452,
"preview": "use serde::Serializer;\n\nuse super::serde_base64;\nuse crate::Secret;\n\npub fn serialize<S: Serializer>(\n secret: &Secre"
},
{
"path": "warpgate-common/src/helpers/websocket.rs",
"chars": 4548,
"preview": "use std::future::Future;\n\nuse futures::{Sink, SinkExt, Stream, StreamExt};\nuse poem::web::websocket::Message;\nuse tokio_"
},
{
"path": "warpgate-common/src/http_headers.rs",
"chars": 1064,
"preview": "use std::collections::HashSet;\n\nuse once_cell::sync::Lazy;\nuse poem::http::{self, HeaderName};\n\n/// Headers that should "
},
{
"path": "warpgate-common/src/lib.rs",
"chars": 274,
"preview": "pub mod api;\npub mod auth;\nmod config;\npub mod consts;\nmod error;\npub mod eventhub;\npub mod helpers;\npub mod http_header"
},
{
"path": "warpgate-common/src/state.rs",
"chars": 815,
"preview": "use std::path::PathBuf;\n\nuse anyhow::Context;\n\n#[derive(Clone)]\npub struct GlobalParams {\n config_path: PathBuf,\n "
},
{
"path": "warpgate-common/src/try_macro.rs",
"chars": 1308,
"preview": "#[macro_export]\nmacro_rules! try_block {\n ($try:block catch ($err:ident : $errtype:ty) $catch:block) => {{\n #["
},
{
"path": "warpgate-common/src/types/aliases.rs",
"chars": 82,
"preview": "use uuid::Uuid;\n\npub type SessionId = Uuid;\npub type ProtocolName = &'static str;\n"
},
{
"path": "warpgate-common/src/types/listen_endpoint.rs",
"chars": 3878,
"preview": "use std::fmt::Debug;\nuse std::io::ErrorKind;\nuse std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, ToSocketAddrs};\n\nuse futures"
},
{
"path": "warpgate-common/src/types/mod.rs",
"chars": 114,
"preview": "mod aliases;\nmod listen_endpoint;\nmod secret;\n\npub use aliases::*;\npub use listen_endpoint::*;\npub use secret::*;\n"
},
{
"path": "warpgate-common/src/types/secret.rs",
"chars": 2607,
"preview": "use std::borrow::Cow;\nuse std::fmt::Debug;\n\nuse bytes::Bytes;\nuse data_encoding::HEXLOWER;\nuse delegate::delegate;\nuse p"
},
{
"path": "warpgate-common/src/version.rs",
"chars": 190,
"preview": "use git_version::git_version;\n\npub fn warpgate_version() -> &'static str {\n git_version!(\n args = [\"--tags\", \""
},
{
"path": "warpgate-common-http/Cargo.toml",
"chars": 356,
"preview": "[package]\nedition = \"2021\"\nlicense = \"Apache-2.0\"\nname = \"warpgate-common-http\"\nversion = \"0.22.0\"\n\n[dependencies]\nwarpg"
},
{
"path": "warpgate-common-http/src/auth.rs",
"chars": 1954,
"preview": "use serde::{Deserialize, Serialize};\nuse uuid::Uuid;\n\n#[derive(Clone, Serialize, Deserialize)]\npub struct AuthStateId(pu"
},
{
"path": "warpgate-common-http/src/lib.rs",
"chars": 237,
"preview": "pub mod auth;\npub mod logging;\n\npub use auth::{AuthenticatedRequestContext, RequestAuthorization, SessionAuthorization};"
},
{
"path": "warpgate-common-http/src/logging.rs",
"chars": 2495,
"preview": "use std::fmt::Debug;\nuse std::net::ToSocketAddrs;\n\nuse poem::http::{Method, StatusCode, Uri};\nuse poem::web::RemoteAddr;"
},
{
"path": "warpgate-core/Cargo.toml",
"chars": 1664,
"preview": "[package]\nedition = \"2021\"\nlicense = \"Apache-2.0\"\nname = \"warpgate-core\"\nversion = \"0.22.0\"\n\n[dependencies]\nwarpgate-com"
},
{
"path": "warpgate-core/src/auth_state_store.rs",
"chars": 4926,
"preview": "use std::collections::HashMap;\nuse std::sync::Arc;\nuse std::time::{Duration, Instant};\n\nuse once_cell::sync::Lazy;\nuse t"
},
{
"path": "warpgate-core/src/config_providers/db.rs",
"chars": 26355,
"preview": "use std::collections::{HashMap, HashSet};\nuse std::sync::Arc;\n\nuse chrono::Utc;\nuse data_encoding::BASE64;\nuse sea_orm::"
},
{
"path": "warpgate-core/src/config_providers/mod.rs",
"chars": 4399,
"preview": "mod db;\nuse std::sync::Arc;\n\npub use db::DatabaseConfigProvider;\nuse enum_dispatch::enum_dispatch;\nuse sea_orm::ActiveVa"
},
{
"path": "warpgate-core/src/consts.rs",
"chars": 112,
"preview": "pub static BUILTIN_ADMIN_ROLE_NAME: &str = \"warpgate:admin\";\npub static BUILTIN_ADMIN_USERNAME: &str = \"admin\";\n"
},
{
"path": "warpgate-core/src/data.rs",
"chars": 935,
"preview": "use chrono::{DateTime, Utc};\nuse poem_openapi::Object;\nuse serde::{Deserialize, Serialize};\nuse uuid::Uuid;\nuse warpgate"
},
{
"path": "warpgate-core/src/db/mod.rs",
"chars": 3818,
"preview": "use std::time::Duration;\n\nuse anyhow::Result;\nuse sea_orm::sea_query::Expr;\nuse sea_orm::{\n ConnectOptions, Database,"
},
{
"path": "warpgate-core/src/lib.rs",
"chars": 356,
"preview": "mod auth_state_store;\nmod config_providers;\npub mod consts;\nmod data;\npub mod db;\npub mod logging;\nmod protocols;\npub mo"
},
{
"path": "warpgate-core/src/logging/database.rs",
"chars": 2331,
"preview": "use std::sync::Arc;\n\nuse once_cell::sync::OnceCell;\nuse sea_orm::query::JsonValue;\nuse sea_orm::{ActiveModelTrait, Datab"
},
{
"path": "warpgate-core/src/logging/json_console.rs",
"chars": 3411,
"preview": "use std::io::{self, Write};\n\nuse chrono::Utc;\nuse serde::Serialize;\nuse serde_json::json;\nuse tracing::{Event, Level, Su"
},
{
"path": "warpgate-core/src/logging/layer.rs",
"chars": 1975,
"preview": "use tracing::{Event, Level, Subscriber};\nuse tracing_subscriber::layer::Context;\nuse tracing_subscriber::registry::Looku"
},
{
"path": "warpgate-core/src/logging/mod.rs",
"chars": 237,
"preview": "mod database;\nmod json_console;\nmod layer;\nmod socket;\nmod values;\n\npub use database::{install_database_logger, make_dat"
},
{
"path": "warpgate-core/src/logging/socket.rs",
"chars": 1955,
"preview": "use bytes::BytesMut;\nuse chrono::format::SecondsFormat;\nuse chrono::Local;\nuse tokio::net::UnixDatagram;\nuse tracing::*;"
},
{
"path": "warpgate-core/src/logging/values.rs",
"chars": 1286,
"preview": "use std::collections::HashMap;\nuse std::fmt::Debug;\nuse std::ops::DerefMut;\n\nuse serde::Serialize;\nuse tracing::field::V"
},
{
"path": "warpgate-core/src/protocols/handle.rs",
"chars": 3882,
"preview": "use std::sync::Arc;\n\nuse sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter};\nuse tokio::io::{AsyncRead"
},
{
"path": "warpgate-core/src/protocols/mod.rs",
"chars": 756,
"preview": "use std::fmt::Debug;\nuse std::future::Future;\n\nuse anyhow::Result;\nuse warpgate_common::ListenEndpoint;\n\nmod handle;\n\npu"
},
{
"path": "warpgate-core/src/rate_limiting/limiter.rs",
"chars": 3683,
"preview": "use std::fmt::Debug;\nuse std::num::{NonZero, NonZeroU32};\n\nuse governor::clock::{Clock, QuantaClock, QuantaInstant};\nuse"
},
{
"path": "warpgate-core/src/rate_limiting/mod.rs",
"chars": 2206,
"preview": "//! ## Hierarchy\n//!\n//! * [WarpgateRateLimiter] - wraps a [governor::DefaultKeyedRateLimiter], allows mutating the quot"
},
{
"path": "warpgate-core/src/rate_limiting/registry.rs",
"chars": 5834,
"preview": "use std::collections::HashMap;\nuse std::sync::Arc;\n\nuse sea_orm::{DatabaseConnection, EntityTrait};\nuse tokio::sync::Mut"
},
{
"path": "warpgate-core/src/rate_limiting/shared_limiter.rs",
"chars": 1485,
"preview": "use std::fmt::Debug;\nuse std::ops::{Deref, DerefMut};\nuse std::sync::Arc;\n\nuse super::WarpgateRateLimiter;\n\n#[derive(Clo"
},
{
"path": "warpgate-core/src/rate_limiting/stack.rs",
"chars": 1136,
"preview": "use tokio::io::{AsyncRead, AsyncWrite};\n\nuse super::swappable_cell::SwappableLimiterCellHandle;\nuse super::RateLimitedSt"
},
{
"path": "warpgate-core/src/rate_limiting/stream.rs",
"chars": 7311,
"preview": "use std::future::Future;\nuse std::io;\nuse std::pin::Pin;\nuse std::task::{Context, Poll};\nuse std::time::{Duration, Insta"
},
{
"path": "warpgate-core/src/rate_limiting/swappable_cell.rs",
"chars": 1796,
"preview": "use governor::clock::QuantaInstant;\nuse tokio::sync::watch;\nuse warpgate_common::WarpgateError;\n\nuse super::shared_limit"
}
]
// ... and 310 more files (download for full content)
About this extraction
This page contains the full source code of the warp-tech/warpgate GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 510 files (1.9 MB), approximately 458.7k tokens, and a symbol index with 2066 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.