envoyauthorizer

package
v10.302.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Enforcer

type Enforcer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Enforcer implements the Enforcer interface as an envoy authorizer and starts envoy external authz filter gRPC servers for enforcement.

func NewEnvoyAuthorizerEnforcer

func NewEnvoyAuthorizerEnforcer(mode constants.ModeType, eventCollector collector.EventCollector, externalIPCacheTimeout time.Duration, secrets secrets.Secrets, tokenIssuer common.ServiceTokenIssuer) (*Enforcer, error)

NewEnvoyAuthorizerEnforcer creates a new envoy authorizer

func (*Enforcer) CleanUp

func (e *Enforcer) CleanUp() error

CleanUp is unimplemented in the envoy authorizer

func (*Enforcer) DebugCollect

func (e *Enforcer) DebugCollect(ctx context.Context, contextID string, debugConfig *policy.DebugConfig) error

DebugCollect is unimplemented in the envoy authorizer

func (*Enforcer) EnableDatapathPacketTracing

func (e *Enforcer) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing is unimplemented in the envoy authorizer

func (*Enforcer) EnableIPTablesPacketTracing

func (e *Enforcer) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing is unimplemented in the envoy authorizer

func (*Enforcer) Enforce

func (e *Enforcer) Enforce(ctx context.Context, contextID string, puInfo *policy.PUInfo) error

Enforce starts enforcing policies for the given policy.PUInfo. here we do the following: 1. create a new PU always and instantiate a new apiAuth, as we want to be as stateless as possible. 2. create a PUcontext as this will be used in auth code. 3. If envoy servers are not present then create all 3 envoy servers. 4. If the servers are already present under policy update then update the service certs.

func (*Enforcer) GetBPFObject

func (e *Enforcer) GetBPFObject() ebpf.BPFModule

GetBPFObject is unimplemented in the envoy authorizer

func (*Enforcer) GetFilterQueue

func (e *Enforcer) GetFilterQueue() fqconfig.FilterQueue

GetFilterQueue is unimplemented in the envoy authorizer

func (*Enforcer) GetServiceMeshType

func (e *Enforcer) GetServiceMeshType() policy.ServiceMesh

GetServiceMeshType is unimplemented in the envoy authorizer

func (*Enforcer) Ping

func (e *Enforcer) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping is unimplemented in the envoy authorizer

func (*Enforcer) Run

func (e *Enforcer) Run(ctx context.Context) error

Run is unimplemented in the envoy authorizer

func (*Enforcer) Secrets

func (e *Enforcer) Secrets() (secrets.Secrets, func())

Secrets implements the LockedSecrets

func (*Enforcer) SetLogLevel

func (e *Enforcer) SetLogLevel(level constants.LogLevel) error

SetLogLevel is unimplemented in the envoy authorizer

func (*Enforcer) SetTargetNetworks

func (e *Enforcer) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks is unimplemented in the envoy authorizer

func (*Enforcer) Unenforce

func (e *Enforcer) Unenforce(ctx context.Context, contextID string) error

Unenforce stops enforcing policy for the given IP.

func (*Enforcer) UpdateSecrets

func (e *Enforcer) UpdateSecrets(secrets secrets.Secrets) error

UpdateSecrets -- updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL