controlplane

package
v2.29.2-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 28, 2023 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CompilePolicy

func CompilePolicy(policyMessage *policylangv1.Policy, policyName string, registry status.Registry) (*circuitfactory.Circuit, error)

CompilePolicy takes policyMessage and returns a compiled policy. This is a helper method for standalone consumption of policy compiler.

func HashStoredPolicy added in v2.22.0

func HashStoredPolicy(policyJSON []byte) string

HashStoredPolicy returns sha256 of JSON-serialized policy, truncated to 128 bits.

As the JSON repr of policy is not perfectly stable (it depends whether we've applied defaults yet or not, and could change when adding new fields), we should hash policies which are stored somewhere (e.g. in etcd).

func Module

func Module() fx.Option

Module - Controller can be initialized by passing options from Module() to fx app.

func ValidateAndCompileProto added in v2.18.0

func ValidateAndCompileProto(ctx context.Context, name string, policy *policylangv1.Policy) (*circuitfactory.Circuit, *policylangv1.Policy, error)

ValidateAndCompileProto checks the validity of a single Policy and compiles it.

func ValidateAndCompileYAML added in v2.18.0

func ValidateAndCompileYAML(ctx context.Context, name string, yamlSrc []byte) (*circuitfactory.Circuit, *policylangv1.Policy, error)

ValidateAndCompileYAML checks the validity of a single Policy and compiles it.

Types

type FxIn

type FxIn struct {
	fx.In
	Unmarshaller config.Unmarshaller
}

FxIn is the input for the AddAgentInfoAttribute function.

type FxOut

type FxOut struct {
	fx.Out
	Validator policyvalidator.PolicySpecValidator `group:"policy-validators"`
}

FxOut is the output of the controlplane module.

func ProvidePolicyValidator added in v2.18.2

func ProvidePolicyValidator(in FxIn) (FxOut, error)

ProvidePolicyValidator provides classification Policy Custom Resource validator

Note: This validator must be registered to be accessible.

type Policy

type Policy struct {
	iface.PolicyBase
	// contains filtered or unexported fields
}

Policy invokes the Circuit runtime at tick frequency.

func (*Policy) GetEvaluationInterval

func (policy *Policy) GetEvaluationInterval() time.Duration

GetEvaluationInterval returns the ID of the policy.

func (*Policy) GetStatusRegistry

func (policy *Policy) GetStatusRegistry() status.Registry

GetStatusRegistry returns the status registry of the policy.

func (*Policy) TicksInDuration added in v2.15.0

func (policy *Policy) TicksInDuration(duration time.Duration) int

TicksInDuration returns the number of ticks in duration.

func (*Policy) TicksInDurationPb added in v2.15.0

func (policy *Policy) TicksInDurationPb(duration *durationpb.Duration) int

TicksInDurationPb returns the number of ticks in duration pb. If duration pb is nil, it returns 1.

type PolicyFactory

type PolicyFactory struct {
	// contains filtered or unexported fields
}

PolicyFactory factory for policies.

func (*PolicyFactory) GetPolicyWrapper added in v2.17.0

func (factory *PolicyFactory) GetPolicyWrapper(name string) *policysyncv1.PolicyWrapper

GetPolicyWrapper returns policy wrapper matching given name.

func (*PolicyFactory) GetPolicyWrappers

func (factory *PolicyFactory) GetPolicyWrappers() map[string]*policysyncv1.PolicyWrapper

GetPolicyWrappers returns all policy wrappers.

type PolicyService

type PolicyService struct {
	policylangv1.UnimplementedPolicyServiceServer
	// contains filtered or unexported fields
}

PolicyService is the implementation of policylangv1.PolicyService interface.

func RegisterPolicyService

func RegisterPolicyService(in RegisterPolicyServiceIn) *PolicyService

RegisterPolicyService registers a service for policy.

func (*PolicyService) DeleteDynamicConfig added in v2.20.1

DeleteDynamicConfig deletes dynamic config of a policy.

func (*PolicyService) DeletePolicy

func (s *PolicyService) DeletePolicy(ctx context.Context, policy *policylangv1.DeletePolicyRequest) (*emptypb.Empty, error)

DeletePolicy deletes a policy from the system.

func (*PolicyService) GetDecisions added in v2.8.0

GetDecisions returns the decisions.

func (*PolicyService) GetDynamicConfig added in v2.20.1

GetDynamicConfig gets dynamic config of a policy.

func (*PolicyService) GetPolicies

GetPolicies returns all the policies running (or supposed to be running) in the system.

func (*PolicyService) GetPolicy

GetPolicy returns the policy which matches the given name.

Returns error if policy cannot be found in *neither* etcd nor locally.

func (*PolicyService) PostDynamicConfig

PostDynamicConfig updates dynamic config to the system.

func (*PolicyService) UpsertPolicy

UpsertPolicy creates/updates policy to the system.

type PolicySpecValidator

type PolicySpecValidator struct{}

PolicySpecValidator Policy implementation of PolicySpecValidator interface.

func (*PolicySpecValidator) ValidateSpec

func (v *PolicySpecValidator) ValidateSpec(ctx context.Context, name string, yamlSrc []byte) (bool, string, error)

ValidateSpec checks the validity of a Policy spec

returns: * true, "", nil when Policy is valid * false, message, nil when Policy is invalid and * false, "", err on other errors.

ValidateSpec checks the syntax, validity of extractors, and validity of rego modules (by attempting to compile them).

type RegisterPolicyServiceIn added in v2.16.0

type RegisterPolicyServiceIn struct {
	fx.In
	Server        *grpc.Server `name:"default"`
	PolicyFactory *PolicyFactory
	ETCDClient    *etcdclient.Client
	Lifecycle     fx.Lifecycle
}

RegisterPolicyServiceIn bundles and annotates parameters.

Directories

Path Synopsis
resources
tristate
tristate is a helper package for tri-state boolean logic, which is used for logical combinator components.
tristate is a helper package for tri-state boolean logic, which is used for logical combinator components.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL