Documentation ¶
Index ¶
- func CleanOldState()
- func GetLogParameters() (logToConsole bool, logID string, logLevel string, logFormat string)
- func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error
- func SetLogParameters(logToConsole, logWithID bool, logLevel string, logFormat string)
- type Option
- func OptionCollector(c collector.EventCollector) Option
- func OptionDatapathService(s packetprocessor.PacketProcessor) Option
- func OptionDisableMutualAuth() Option
- func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option
- func OptionEnforceLinuxProcess() Option
- func OptionPacketLogs() Option
- func OptionProcMountPoint(p string) Option
- func OptionSecret(s secrets.Secrets) Option
- func OptionTargetNetworks(n []string) Option
- type TriremeController
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetLogParameters ¶
GetLogParameters retrieves log parameters for Remote Enforcer.
func LaunchRemoteEnforcer ¶
func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error
LaunchRemoteEnforcer launches a remote enforcer instance.
func SetLogParameters ¶
SetLogParameters sets up environment to be passed to the remote trireme instances.
Types ¶
type Option ¶
type Option func(*config)
Option is provided using functional arguments.
func OptionCollector ¶
func OptionCollector(c collector.EventCollector) Option
OptionCollector is an option to provide an external collector implementation.
func OptionDatapathService ¶
func OptionDatapathService(s packetprocessor.PacketProcessor) Option
OptionDatapathService is an option to provide an external datapath service implementation.
func OptionDisableMutualAuth ¶
func OptionDisableMutualAuth() Option
OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)
func OptionEnforceFqConfig ¶
func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option
OptionEnforceFqConfig is an option to override filter queues.
func OptionEnforceLinuxProcess ¶
func OptionEnforceLinuxProcess() Option
OptionEnforceLinuxProcess is an option to request support for linux process support.
func OptionPacketLogs ¶
func OptionPacketLogs() Option
OptionPacketLogs is an option to enable packet level logging.
func OptionProcMountPoint ¶
OptionProcMountPoint is an option to provide proc mount point.
func OptionSecret ¶
OptionSecret is an option to provide an external datapath service implementation.
func OptionTargetNetworks ¶
OptionTargetNetworks is an option to provide target network configuration.
type TriremeController ¶
type TriremeController interface { // Run initializes and runs the controller. Run(ctx context.Context) error // CleanUp cleans all the supervisors and ACLs for a clean exit CleanUp() error // Enforce asks the controller to enforce policy on a processing unit Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error) // UnEnforce asks the controller to ub-enforce policy on a processing unit UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error) // UpdatePolicy updates the policy of the isolator for a container. UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push UpdateSecrets(secrets secrets.Secrets) error // UpdateConfiguration updates the configuration of the controller. Only specific configuration // parameters can be updated during run time. UpdateConfiguration(networks []string) error }
TriremeController is the main API of the Trireme controller
func New ¶
func New(serverID string, opts ...Option) TriremeController
New returns a trireme interface implementation based on configuration provided.
Directories ¶
Path | Synopsis |
---|---|
internal
|
|
Package mockcontroller is a generated GoMock package.
|
Package mockcontroller is a generated GoMock package. |
pkg
|
|
packet
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
|
Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure. |
remoteenforcer/mock
Package mockremoteenforcer is a generated GoMock package.
|
Package mockremoteenforcer is a generated GoMock package. |