Documentation ¶
Index ¶
- Constants
- func RegisterTypes()
- func TestNewRPCClient(t *testing.T)
- type CaptureType
- type CounterReportPayload
- type DNSReportPayload
- type DebugPacketPayload
- type EnableDatapathPacketTracingPayLoad
- type EnableIPTablesPacketTracingPayLoad
- type EnforcePayload
- type InitRequestPayload
- type MockRPCHdl
- type RPCClient
- type RPCHdl
- type RPCServer
- type RPCWrapper
- func (r *RPCWrapper) CheckValidity(req *Request, secret string) bool
- func (r *RPCWrapper) ContextList() []string
- func (r *RPCWrapper) DestroyRPCClient(contextID string)
- func (r *RPCWrapper) GetRPCClient(contextID string) (*RPCHdl, error)
- func (r *RPCWrapper) NewRPCClient(contextID string, channel string, sharedsecret string) error
- func (r *RPCWrapper) ProcessMessage(req *Request, secret string) bool
- func (r *RPCWrapper) RemoteCall(contextID string, methodName string, req *Request, resp *Response) error
- func (r *RPCWrapper) StartServer(ctx context.Context, protocol string, path string, handler interface{}) error
- type Request
- type Response
- type SetLogLevelPayload
- type SetTargetNetworksPayload
- type StatsPayload
- type TestRPCClient
- type TestRPCServer
- type TokenRequestPayload
- type TokenResponsePayload
- type UnEnforcePayload
- type UpdateSecretsPayload
Constants ¶
const (
SUCCESS = 0
)
exported consts from the package
Variables ¶
This section is empty.
Functions ¶
func RegisterTypes ¶
func RegisterTypes()
RegisterTypes registers types that are exchanged between the controller and remoteenforcer
func TestNewRPCClient ¶
TestNewRPCClient mocks an RPC client test
Types ¶
type CaptureType ¶
type CaptureType int
CaptureType identifies the type of iptables implementation that should be used
const ( // IPTables forces an IPTables implementation IPTables CaptureType = iota // IPSets forces an IPSet implementation IPSets )
type CounterReportPayload ¶
type CounterReportPayload struct {
CounterReports []*collector.CounterReport
}
CounterReportPayload is the counter report from remote enforcer
type DNSReportPayload ¶
type DNSReportPayload struct {
Report *collector.DNSRequestReport
}
DNSReportPayload represents the payload for dns reporting.
type DebugPacketPayload ¶
type DebugPacketPayload struct {
PacketRecords []*collector.PacketReport
}
DebugPacketPayload is the enforcer packet report from remote enforcers
type EnableDatapathPacketTracingPayLoad ¶
type EnableDatapathPacketTracingPayLoad struct { Direction packettracing.TracingDirection `json:",omitempty"` Interval time.Duration `json:",omitempty"` ContextID string `json:",omitempty"` }
EnableDatapathPacketTracingPayLoad is the payload to enable nfq packet tracing in the remote container
type EnableIPTablesPacketTracingPayLoad ¶
type EnableIPTablesPacketTracingPayLoad struct { IPTablesPacketTracing bool `json:",omitempty"` Interval time.Duration `json:",omitempty"` ContextID string `json:",omitempty"` }
EnableIPTablesPacketTracingPayLoad is the payload message to enable iptable trace in remote containers
type EnforcePayload ¶
type EnforcePayload struct { ContextID string `json:",omitempty"` Policy *policy.PUPolicyPublic `json:",omitempty"` Secrets secrets.PublicSecrets `json:",omitempty"` }
EnforcePayload Payload for enforce request
type InitRequestPayload ¶
type InitRequestPayload struct { FqConfig *fqconfig.FilterQueue `json:",omitempty"` MutualAuth bool `json:",omitempty"` PacketLogs bool `json:",omitempty"` Validity time.Duration `json:",omitempty"` ServerID string `json:",omitempty"` ExternalIPCacheTimeout time.Duration `json:",omitempty"` Secrets secrets.PublicSecrets `json:",omitempty"` Configuration *runtime.Configuration `json:",omitempty"` BinaryTokens bool `json:",omitempty"` }
InitRequestPayload Payload for enforcer init request
type MockRPCHdl ¶
MockRPCHdl is mock of rpchdl
type RPCClient ¶
type RPCClient interface { NewRPCClient(contextID string, channel string, rpcSecret string) error GetRPCClient(contextID string) (*RPCHdl, error) RemoteCall(contextID string, methodName string, req *Request, resp *Response) error DestroyRPCClient(contextID string) ContextList() []string CheckValidity(req *Request, secret string) bool }
RPCClient is the client interface
type RPCServer ¶
type RPCServer interface { StartServer(ctx context.Context, protocol string, path string, handler interface{}) error ProcessMessage(req *Request, secret string) bool CheckValidity(req *Request, secret string) bool }
RPCServer is the server interface
type RPCWrapper ¶
RPCWrapper is a struct which holds stats for all rpc sesions
func (*RPCWrapper) CheckValidity ¶
func (r *RPCWrapper) CheckValidity(req *Request, secret string) bool
CheckValidity checks if the received message is valid
func (*RPCWrapper) ContextList ¶
func (r *RPCWrapper) ContextList() []string
ContextList returns the list of active context managed by the rpcwrapper
func (*RPCWrapper) DestroyRPCClient ¶
func (r *RPCWrapper) DestroyRPCClient(contextID string)
DestroyRPCClient calls close on the rpc and cleans up the connection
func (*RPCWrapper) GetRPCClient ¶
func (r *RPCWrapper) GetRPCClient(contextID string) (*RPCHdl, error)
GetRPCClient gets a handle to the rpc client for the contextID( enforcer in the container)
func (*RPCWrapper) NewRPCClient ¶
func (r *RPCWrapper) NewRPCClient(contextID string, channel string, sharedsecret string) error
NewRPCClient exported
func (*RPCWrapper) ProcessMessage ¶
func (r *RPCWrapper) ProcessMessage(req *Request, secret string) bool
ProcessMessage checks if the given request is valid
func (*RPCWrapper) RemoteCall ¶
func (r *RPCWrapper) RemoteCall(contextID string, methodName string, req *Request, resp *Response) error
RemoteCall is a wrapper around rpc.Call and also ensure message integrity by adding a hmac
func (*RPCWrapper) StartServer ¶
func (r *RPCWrapper) StartServer(ctx context.Context, protocol string, path string, handler interface{}) error
StartServer Starts a server and waits for new connections this function never returns
type Response ¶
type Response struct { Status string Payload interface{} `json:",omitempty"` }
Response is the response for every RPC call. This is used to carry the status of the actual function call made on the remote end
type SetLogLevelPayload ¶
SetLogLevelPayload payload for set log level request
type SetTargetNetworksPayload ¶
type SetTargetNetworksPayload struct {
Configuration *runtime.Configuration `json:",omitempty"`
}
SetTargetNetworksPayload carries the payload for target networks
type StatsPayload ¶
type StatsPayload struct { Flows map[string]*collector.FlowRecord `json:",omitempty"` Users map[string]*collector.UserRecord `json:",omitempty"` }
StatsPayload is the payload carries by the stats reporting form the remote enforcer
type TestRPCClient ¶
type TestRPCClient interface { RPCClient MockNewRPCClient(t *testing.T, impl func(contextID string, channel string, secret string) error) MockGetRPCClient(t *testing.T, impl func(contextID string) (*RPCHdl, error)) MockRemoteCall(t *testing.T, impl func(contextID string, methodName string, req *Request, resp *Response) error) MockDestroyRPCClient(t *testing.T, impl func(contextID string)) MockContextList(t *testing.T, impl func() []string) MockCheckValidity(t *testing.T, impl func(req *Request, secret string) bool) }
TestRPCClient is a RPC Client used for test
type TestRPCServer ¶
type TestRPCServer interface { RPCServer MockStartServer(t *testing.T, impl func(ctx context.Context, protocol string, path string, handler interface{}) error) MockProcessMessage(t *testing.T, impl func(req *Request, secret string) bool) MockCheckValidity(t *testing.T, impl func(req *Request, secret string) bool) }
TestRPCServer is a RPC Server used for test
type TokenRequestPayload ¶
type TokenRequestPayload struct { ContextID string `json:",omitempty"` Audience string `json:",omitempty"` Validity time.Duration `json:",omitempty"` ServiceTokenType common.ServiceTokenType `json:",omitempty"` }
TokenRequestPayload carries the payload for issuing tokens.
type TokenResponsePayload ¶
type TokenResponsePayload struct {
Token string `json:",omitempty"`
}
TokenResponsePayload returns the issued token.
type UnEnforcePayload ¶
type UnEnforcePayload struct {
ContextID string `json:",omitempty"`
}
UnEnforcePayload payload for unenforce request
type UpdateSecretsPayload ¶
type UpdateSecretsPayload struct {
Secrets secrets.PublicSecrets `json:",omitempty"`
}
UpdateSecretsPayload payload for the update secrets to remote enforcers