Documentation ¶
Index ¶
- func ValidateOriginProcess(pid string) (string, error)
- type GenericSecretsDriver
- type SecretsDriver
- type SecretsProxy
- func (s *SecretsProxy) Enforce(ctx context.Context, contextID string, puInfo *policy.PUInfo) error
- func (s *SecretsProxy) GetFilterQueue() *fqconfig.FilterQueue
- func (s *SecretsProxy) GetPortSetInstance() portset.PortSet
- func (s *SecretsProxy) Run(ctx context.Context) error
- func (s *SecretsProxy) Unenforce(contextID string) error
- func (s *SecretsProxy) UpdateSecrets(secret secrets.Secrets) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidateOriginProcess ¶
ValidateOriginProcess implements a strict validation of the origin process. We might add later.
Types ¶
type GenericSecretsDriver ¶
type GenericSecretsDriver struct {
// contains filtered or unexported fields
}
GenericSecretsDriver holds the configuration information for the driver and implements the SecretsDriver interface.
func (*GenericSecretsDriver) Transform ¶
func (k *GenericSecretsDriver) Transform(r *http.Request) error
Transform transforms the request of the SecretsDriver
func (*GenericSecretsDriver) Transport ¶
func (k *GenericSecretsDriver) Transport() http.RoundTripper
Transport implements the transport interface of the SecretsDriver.
type SecretsDriver ¶
type SecretsDriver interface { Transport() http.RoundTripper Transform(r *http.Request) error }
SecretsDriver is a generic interface that the secrets driver must implement.
func NewGenericSecretsDriver ¶
func NewGenericSecretsDriver(ca []byte, token string, network *common.Service) (SecretsDriver, error)
NewGenericSecretsDriver creates a new Kubernetes Secrets Driver. It always uses the incluster config to automatically derive all the necessary values.
type SecretsProxy ¶
SecretsProxy holds all state information for applying policy in the secrets socket API.
func NewSecretsProxy ¶
func NewSecretsProxy() *SecretsProxy
NewSecretsProxy creates a new secrets proxy.
func (*SecretsProxy) GetFilterQueue ¶
func (s *SecretsProxy) GetFilterQueue() *fqconfig.FilterQueue
GetFilterQueue is a stub for TCP proxy
func (*SecretsProxy) GetPortSetInstance ¶
func (s *SecretsProxy) GetPortSetInstance() portset.PortSet
GetPortSetInstance returns nil for the proxy
func (*SecretsProxy) Run ¶
func (s *SecretsProxy) Run(ctx context.Context) error
Run implements the run method of the CtrlInterface. It starts the proxy server and initializes the data structures.
func (*SecretsProxy) Unenforce ¶
func (s *SecretsProxy) Unenforce(contextID string) error
Unenforce implements the corresponding interface of the enforcers.
func (*SecretsProxy) UpdateSecrets ¶
func (s *SecretsProxy) UpdateSecrets(secret secrets.Secrets) error
UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push.