Documentation ¶
Index ¶
- Constants
- func RegisterTypes()
- func TestNewRPCClient(t *testing.T)
- type CaptureType
- type EnforcePayload
- type EnforceResponsePayload
- type ExcludeIPRequestPayload
- type InitRequestPayload
- type InitResponsePayload
- type InitSupervisorPayload
- type MockRPCHdl
- type RPCClient
- type RPCHdl
- type RPCServer
- type RPCWrapper
- func (r *RPCWrapper) CheckValidity(req *Request, secret string) bool
- func (r *RPCWrapper) ContextList() []string
- func (r *RPCWrapper) DestroyRPCClient(contextID string)
- func (r *RPCWrapper) GetRPCClient(contextID string) (*RPCHdl, error)
- func (r *RPCWrapper) NewRPCClient(contextID string, channel string, sharedsecret string) error
- func (r *RPCWrapper) ProcessMessage(req *Request, secret string) bool
- func (r *RPCWrapper) RemoteCall(contextID string, methodName string, req *Request, resp *Response) error
- func (r *RPCWrapper) StartServer(ctx context.Context, protocol string, path string, handler interface{}) error
- type Request
- type Response
- type StatsPayload
- type SuperviseRequestPayload
- type SuperviseResponsePayload
- type TestRPCClient
- type TestRPCServer
- type UnEnforcePayload
- type UnEnforceResponsePayload
- type UnSupervisePayload
- type UpdateSecretsPayload
Constants ¶
const ( SUCCESS = 0 StatsChannel = "/var/run/statschannel.sock" )
exported consts from the package
Variables ¶
This section is empty.
Functions ¶
func RegisterTypes ¶
func RegisterTypes()
RegisterTypes registers types that are exchanged between the controller and remoteenforcer
func TestNewRPCClient ¶
TestNewRPCClient mocks an RPC client test
Types ¶
type CaptureType ¶
type CaptureType int
CaptureType identifies the type of iptables implementation that should be used
const ( // IPTables forces an IPTables implementation IPTables CaptureType = iota // IPSets forces an IPSet implementation IPSets )
type EnforcePayload ¶
type EnforcePayload struct { ContextID string `json:",omitempty"` ManagementID string `json:",omitempty"` TriremeAction policy.PUAction `json:",omitempty"` ApplicationACLs policy.IPRuleList `json:",omitempty"` NetworkACLs policy.IPRuleList `json:",omitempty"` Identity *policy.TagStore `json:",omitempty"` Annotations *policy.TagStore `json:",omitempty"` PolicyIPs policy.ExtendedMap `json:",omitempty"` ReceiverRules policy.TagSelectorList `json:",omitempty"` TransmitterRules policy.TagSelectorList `json:",omitempty"` TriremeNetworks []string `json:",omitempty"` ExcludedNetworks []string `json:",omitempty"` ProxiedServices *policy.ProxiedServicesInfo `json:",omitempty"` SecretType secrets.PrivateSecretsType `json:",omitempty"` CAPEM []byte `json:",omitempty"` TokenKeyPEMs [][]byte `json:",omitempty"` PublicPEM []byte `json:",omitempty"` PrivatePEM []byte `json:",omitempty"` Token []byte `json:",omitempty"` }
EnforcePayload Payload for enforce request
type EnforceResponsePayload ¶
type EnforceResponsePayload struct {
Status int `json:",omitempty"`
}
EnforceResponsePayload exported
type ExcludeIPRequestPayload ¶
type ExcludeIPRequestPayload struct {
IPs []string `json:",omitempty"`
}
ExcludeIPRequestPayload carries the list of excluded ips
type InitRequestPayload ¶
type InitRequestPayload struct { FqConfig *fqconfig.FilterQueue `json:",omitempty"` MutualAuth bool `json:",omitempty"` PacketLogs bool `json:",omitempty"` Validity time.Duration `json:",omitempty"` SecretType secrets.PrivateSecretsType `json:",omitempty"` ServerID string `json:",omitempty"` CAPEM []byte `json:",omitempty"` TokenKeyPEMs [][]byte `json:",omitempty"` PublicPEM []byte `json:",omitempty"` PrivatePEM []byte `json:",omitempty"` Token []byte `json:",omitempty"` ExternalIPCacheTimeout time.Duration `json:",omitempty"` }
InitRequestPayload Payload for enforcer init request
type InitResponsePayload ¶
type InitResponsePayload struct {
Status int `json:",omitempty"`
}
InitResponsePayload Response payload
type InitSupervisorPayload ¶
type InitSupervisorPayload struct { TriremeNetworks []string `json:",omitempty"` CaptureMethod CaptureType `json:",omitempty"` }
InitSupervisorPayload for supervisor init request
type MockRPCHdl ¶
MockRPCHdl is mock of rpchdl
type RPCClient ¶
type RPCClient interface { NewRPCClient(contextID string, channel string, rpcSecret string) error GetRPCClient(contextID string) (*RPCHdl, error) RemoteCall(contextID string, methodName string, req *Request, resp *Response) error DestroyRPCClient(contextID string) ContextList() []string CheckValidity(req *Request, secret string) bool }
RPCClient is the client interface
type RPCServer ¶
type RPCServer interface { StartServer(ctx context.Context, protocol string, path string, handler interface{}) error ProcessMessage(req *Request, secret string) bool CheckValidity(req *Request, secret string) bool }
RPCServer is the server interface
type RPCWrapper ¶
RPCWrapper is a struct which holds stats for all rpc sesions
func (*RPCWrapper) CheckValidity ¶
func (r *RPCWrapper) CheckValidity(req *Request, secret string) bool
CheckValidity checks if the received message is valid
func (*RPCWrapper) ContextList ¶
func (r *RPCWrapper) ContextList() []string
ContextList returns the list of active context managed by the rpcwrapper
func (*RPCWrapper) DestroyRPCClient ¶
func (r *RPCWrapper) DestroyRPCClient(contextID string)
DestroyRPCClient calls close on the rpc and cleans up the connection
func (*RPCWrapper) GetRPCClient ¶
func (r *RPCWrapper) GetRPCClient(contextID string) (*RPCHdl, error)
GetRPCClient gets a handle to the rpc client for the contextID( enforcer in the container)
func (*RPCWrapper) NewRPCClient ¶
func (r *RPCWrapper) NewRPCClient(contextID string, channel string, sharedsecret string) error
NewRPCClient exported
func (*RPCWrapper) ProcessMessage ¶
func (r *RPCWrapper) ProcessMessage(req *Request, secret string) bool
ProcessMessage checks if the given request is valid
func (*RPCWrapper) RemoteCall ¶
func (r *RPCWrapper) RemoteCall(contextID string, methodName string, req *Request, resp *Response) error
RemoteCall is a wrapper around rpc.Call and also ensure message integrity by adding a hmac
func (*RPCWrapper) StartServer ¶
func (r *RPCWrapper) StartServer(ctx context.Context, protocol string, path string, handler interface{}) error
StartServer Starts a server and waits for new connections this function never returns
type Response ¶
type Response struct {
Status string
}
Response is the response for every RPC call. This is used to carry the status of the actual function call made on the remote end
type StatsPayload ¶
type StatsPayload struct {
Flows map[string]*collector.FlowRecord `json:",omitempty"`
}
StatsPayload is the payload carries by the stats reporting form the remote enforcer
type SuperviseRequestPayload ¶
type SuperviseRequestPayload struct { ContextID string `json:",omitempty"` ManagementID string `json:",omitempty"` TriremeAction policy.PUAction `json:",omitempty"` ApplicationACLs policy.IPRuleList `json:",omitempty"` NetworkACLs policy.IPRuleList `json:",omitempty"` PolicyIPs policy.ExtendedMap `json:",omitempty"` Identity *policy.TagStore `json:",omitempty"` Annotations *policy.TagStore `json:",omitempty"` ReceiverRules policy.TagSelectorList `json:",omitempty"` TransmitterRules policy.TagSelectorList `json:",omitempty"` ExcludedNetworks []string `json:",omitempty"` TriremeNetworks []string `json:",omitempty"` ProxiedServices *policy.ProxiedServicesInfo `json:",omitempty"` }
SuperviseRequestPayload for Supervise request
type SuperviseResponsePayload ¶
type SuperviseResponsePayload struct {
Status int `json:",omitempty"`
}
SuperviseResponsePayload exported
type TestRPCClient ¶
type TestRPCClient interface { RPCClient MockNewRPCClient(t *testing.T, impl func(contextID string, channel string, secret string) error) MockGetRPCClient(t *testing.T, impl func(contextID string) (*RPCHdl, error)) MockRemoteCall(t *testing.T, impl func(contextID string, methodName string, req *Request, resp *Response) error) MockDestroyRPCClient(t *testing.T, impl func(contextID string)) MockContextList(t *testing.T, impl func() []string) MockCheckValidity(t *testing.T, impl func(req *Request, secret string) bool) }
TestRPCClient is a RPC Client used for test
type TestRPCServer ¶
type TestRPCServer interface { RPCServer MockStartServer(t *testing.T, impl func(ctx context.Context, protocol string, path string, handler interface{}) error) MockProcessMessage(t *testing.T, impl func(req *Request, secret string) bool) MockCheckValidity(t *testing.T, impl func(req *Request, secret string) bool) }
TestRPCServer is a RPC Server used for test
type UnEnforcePayload ¶
type UnEnforcePayload struct {
ContextID string `json:",omitempty"`
}
UnEnforcePayload payload for unenforce request
type UnEnforceResponsePayload ¶
type UnEnforceResponsePayload struct {
Status int `json:",omitempty"`
}
UnEnforceResponsePayload exported
type UnSupervisePayload ¶
type UnSupervisePayload struct {
ContextID string `json:",omitempty"`
}
UnSupervisePayload payload for unsupervise request
type UpdateSecretsPayload ¶
type UpdateSecretsPayload struct { SecretType secrets.PrivateSecretsType `json:",omitempty"` CAPEM []byte `json:",omitempty"` TokenKeyPEMs [][]byte `json:",omitempty"` PublicPEM []byte `json:",omitempty"` PrivatePEM []byte `json:",omitempty"` Token []byte `json:",omitempty"` }
UpdateSecretsPayload payload for the update secrets to remote enforcers