option

package
v0.0.0-...-0208d45 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AgentHealthPort is the TCP port for agent health status API
	AgentHealthPort = "agent-health-port"

	// RmBpfOnExit if true deletes bpf programs when bpflock daemon exits
	RmBpfOnExit = "remove-bpf-programs"

	// ConfigFile is the Configuration file (default "/usr/lib/bpflock/bpflock.yaml")
	ConfigFile = "config"

	// ConfigDir is the directory that contains a file for each option where
	// the filename represents the option name and the content of that file
	// represents the value of that option.
	ConfigDir = "config-dir"

	// BpfConfigDir is the directory that contains bpf programs conifigurations
	BpfConfigDir = "bpf-config-dir"

	// DebugArg is the argument enables debugging mode
	DebugArg = "debug"

	// DebugVerbose is the argument enables verbose log message for particular subsystems
	DebugVerbose = "debug-verbose"

	// GopsPort is the TCP port for the gops server.
	GopsPort = "gops-port"

	// VarLibDir enables the directory path to store variable runtime environment
	VarLibDir = "lib-dir"

	// LogDriver sets logging endpoints to use for example syslog, fluentd
	LogDriver = "log-driver"

	// LogOpt sets log driver options for bpflock
	LogOpt = "log-opt"

	// SocketPath sets daemon's socket path to listen for connections
	SocketPath = "socket-path"

	// StateDir is the directory path to store runtime state
	StateDir = "state-dir"

	// Version prints the version information
	Version = "version"

	// EnableIPv4Name is the name of the option to enable IPv4 support
	EnableIPv4Name = "enable-ipv4"

	// EnableIPv6Name is the name of the option to enable IPv6 support
	EnableIPv6Name = "enable-ipv6"

	// CMDRef is the path to cmdref output directory
	CMDRef = "cmdref"

	// bpfrestrict
	BpfRestrictProfile = "bpfrestrict-profile"
	BpfRestrictBlock   = "bpfrestrict-block"

	// kmodlock
	KmodLockProfile = "kmodlock-profile"
	KmodLockBlock   = "kmodlock-block"

	// kimglock
	KimgLockProfile = "kimglock-profile"
	KimgLockBlock   = "kimglock-block"

	// filelesslock
	FilelessLockProfile = "filelesslock-profile"

	// execsnoop
	ExecSnoopTarget = "exec-snoop"
)
View Source 
const (
	Debug = "Debug"
)

Variables

View Source 
var (
	// This will be the final Config.BpfMeta
	BpfM = models.BpfMeta{
		Bpfmetaver: "v1",
		Kind:       "bpf",
		Bpfmetadata: &models.BpfMetadata{
			Name: components.BpflockAgentName,
		},
		Bpfspec: &models.BpfSpec{
			Programs: make([]*models.BpfProgram, 0),
		},
	}

	BpflockBpfProgs = map[string]models.BpfProgram{

		components.ExecSnoop: {
			Name: components.ExecSnoop,

			Command:     components.BpflockAgentName,
			Priority:    1,
			Description: components.BpfProgDescriptions[components.ExecSnoop],
		},
		components.FilelessLock: {
			Name:        components.FilelessLock,
			Priority:    30,
			Description: components.BpfProgDescriptions[components.FilelessLock],
		},

		components.KimgLock: {
			Name:        components.KimgLock,
			Priority:    50,
			Description: components.BpfProgDescriptions[components.KimgLock],
		},
		components.KmodLock: {
			Name:        components.KmodLock,
			Priority:    60,
			Description: components.BpfProgDescriptions[components.KmodLock],
		},
		components.BpfRestrict: {
			Name:        components.BpfRestrict,
			Priority:    99,
			Description: components.BpfProgDescriptions[components.BpfRestrict],
		},
	}

	// Config represents the daemon configuration
	Config = &DaemonConfig{
		CreationTime:  time.Now(),
		BPFRoot:       defaults.DefaultMapRoot,
		ProgramLibDir: defaults.ProgramLibPath,
		EnableIPv4:    defaults.EnableIPv4,
		EnableIPv6:    defaults.EnableIPv6,
		LogOpt:        make(map[string]string),
	}
)
View Source 
var (
	// DaemonOptionLibrary is the daemon's option library that should be
	// used for read-only.
	DaemonOptionLibrary = OptionLibrary{}

	DaemonMutableOptionLibrary = OptionLibrary{
		Debug: &specDebug,
	}
)
View Source 
var RegisteredOptions = map[string]struct{}{}

RegisteredOptions maps all options that are bind to viper.

Functions

func BindEnv 

func BindEnv(optName string)

BindEnv binds the option name with an deterministic generated environment variable which s based on the given optName. If the same optName is bind more than 1 time, this function panics.

func BindEnvWithLegacyEnvFallback 

func BindEnvWithLegacyEnvFallback(optName, legacyEnvName string)

BindEnvWithLegacyEnvFallback binds the given option name with either the same environment variable as BindEnv, if it's set, or with the given legacyEnvName.

The function is used to work around the viper.BindEnv limitation that only one environment variable can be bound for an option, and we need multiple environment variables due to backward compatibility reasons.

func InitConfig 

func InitConfig(cmd *cobra.Command, programName, configName string) func()

InitConfig reads in config file and ENV variables if set.

func LogRegisteredOptions 

func LogRegisteredOptions(entry *logrus.Entry)

LogRegisteredOptions logs all options that where bind to viper.

func MergeConfig 

func MergeConfig(m map[string]interface{}) error

MergeConfig merges the given configuration map with viper's configuration.

func ReadBpfDirConfig 

func ReadBpfDirConfig(dirName string, BpfMeta *models.BpfMeta) error

func ReadDirConfig 

func ReadDirConfig(dirName string) (map[string]interface{}, error)

ReadDirConfig reads the given directory and returns a map that maps the filename to the contents of that file.

func StoreViperInFile 

func StoreViperInFile(dir string) error

StoreViperInFile stores viper's configuration in a the given directory under the file name 'viper-config.yaml'. If this file already exists, it is renamed to 'viper-config-1.yaml', if 'viper-config-1.yaml' also exists, 'viper-config-1.yaml' is renamed to 'viper-config-2.yaml'

Types

type BpfByPriority 

type BpfByPriority []*models.BpfProgram

func (BpfByPriority) Len 

func (progs BpfByPriority) Len() int

func (BpfByPriority) Less 

func (progs BpfByPriority) Less(i, j int) bool

func (BpfByPriority) Swap 

func (progs BpfByPriority) Swap(i, j int)

type ChangedFunc 

type ChangedFunc func(key string, value OptionSetting, data interface{})

ChangedFunc is called by `Apply()` for each option changed

type DaemonConfig 

type DaemonConfig struct {
	CreationTime  time.Time
	VarLibDir     string // bpflock variable library and files directory
	RunDir        string // bpflock runtime directory
	ProgramLibDir string // bpflock programs and libraries
	BpfDir        string // BPF program files directory

	// RestoreState enables restoring the state from previous running daemons.
	RestoreState bool

	// Remove Bpf programs on exit
	RmBpfOnExit bool

	// StateDir is the directory where runtime state of endpoints is stored
	StateDir string

	// Options changeable at runtime
	Opts *IntOptions

	// Mutex for serializing configuration updates to the daemon.
	ConfigPatchMutex lock.RWMutex

	// AgentHealthPort is the TCP port for agent health status API
	AgentHealthPort int

	// HTTPRetryTimeout is the time in seconds before an uncompleted request is retried.
	HTTPRetryTimeout int

	// EnableIPv4 is true when IPv4 is enabled
	EnableIPv4 bool

	// EnableIPv6 is true when IPv6 is enabled
	EnableIPv6 bool

	BPFRoot string

	ConfigFile   string
	ConfigDir    string
	BpfConfigDir string
	Debug        bool
	DebugVerbose []string
	LogDriver    []string
	LogOpt       map[string]string
	SocketPath   string

	BpfMeta *models.BpfMeta

	Version string
}

DaemonConfig is the configuration used by Daemon.

func (*DaemonConfig) GetGlobalsDir 

func (c *DaemonConfig) GetGlobalsDir() string

GetGlobalsDir returns the path for the globals directory.

func (*DaemonConfig) IPv4Enabled 

func (c *DaemonConfig) IPv4Enabled() bool

IPv4Enabled returns true if IPv4 is enabled

func (*DaemonConfig) IPv6Enabled 

func (c *DaemonConfig) IPv6Enabled() bool

IPv6Enabled returns true if IPv6 is enabled

func (*DaemonConfig) Populate 

func (c *DaemonConfig) Populate()

Populate sets all options with the values from viper

func (*DaemonConfig) StoreInFile 

func (c *DaemonConfig) StoreInFile(dir string) error

name 'daemon-config.json'. If this file already exists, it is renamed to 'daemon-config-1.json', if 'daemon-config-1.json' also exists, 'daemon-config-1.json' is renamed to 'daemon-config-2.json'

func (*DaemonConfig) Validate 

func (c *DaemonConfig) Validate() error

Validate validates the daemon configuration

type FormatFunc 

type FormatFunc func(value OptionSetting) string

FormatFunc formats the specified value as textual representation option.

type IntOptions 

type IntOptions struct {
	Opts    OptionMap      `json:"map"`
	Library *OptionLibrary `json:"-"`
	// contains filtered or unexported fields
}

IntOptions member functions with external access do not require locking by the caller, while functions with internal access presume the caller to have taken care of any locking needed.

func NewIntOptions 

func NewIntOptions(lib *OptionLibrary) *IntOptions

func (*IntOptions) ApplyValidated 

func (o *IntOptions) ApplyValidated(n OptionMap, changed ChangedFunc, data interface{}) int

ApplyValidated takes a configuration map and applies the changes. For an option which is changed, the `ChangedFunc` function is called with the `data` argument passed in as well. Returns the number of options changed if any.

The caller is expected to have validated the configuration options prior to calling this function.

func (*IntOptions) DeepCopy 

func (o *IntOptions) DeepCopy() *IntOptions

func (*IntOptions) Delete 

func (o *IntOptions) Delete(key string)

func (*IntOptions) Dump 

func (o *IntOptions) Dump()

func (*IntOptions) GetFmtList 

func (o *IntOptions) GetFmtList() string

func (*IntOptions) GetValue 

func (o *IntOptions) GetValue(key string) OptionSetting

func (*IntOptions) InheritDefault 

func (o *IntOptions) InheritDefault(parent *IntOptions, key string)

func (*IntOptions) IsEnabled 

func (o *IntOptions) IsEnabled(key string) bool

func (*IntOptions) SetBool 

func (o *IntOptions) SetBool(key string, value bool)

SetBool sets the specified option to Enabled.

func (*IntOptions) SetIfUnset 

func (o *IntOptions) SetIfUnset(key string, value OptionSetting)

func (*IntOptions) SetValidated 

func (o *IntOptions) SetValidated(key string, value OptionSetting)

SetValidated sets the option `key` to the specified value. The caller is expected to have validated the input to this function.

type MapOptions 

type MapOptions struct {
	// contains filtered or unexported fields
}

MapOptions holds a map of values and a validation function.

func NewMapOpts 

func NewMapOpts(values map[string]string, validator Validator) *MapOptions

NewMapOpts creates a new MapOpts with the specified map of values and an optional validator.

func (*MapOptions) Set 

func (opts *MapOptions) Set(value string) error

Set validates, if needed, the input value and adds it to the internal map, by splitting on '='.

func (*MapOptions) String 

func (opts *MapOptions) String() string

func (*MapOptions) Type 

func (opts *MapOptions) Type() string

Type returns a string name for this Option type

type NamedMapOptions 

type NamedMapOptions struct {
	MapOptions
	// contains filtered or unexported fields
}

NamedMapOptions is a MapOptions struct with a configuration name. This struct is useful to keep reference to the assigned field name in the internal configuration struct.

func NewNamedMapOptions 

func NewNamedMapOptions(name string, values *map[string]string, validator Validator) *NamedMapOptions

NewNamedMapOptions creates a reference to a new NamedMapOpts struct.

type Option 

type Option struct {
	// Define is the name of the #define used for BPF programs
	Define string
	// Description is a short human readable description
	Description string
	// Immutable marks an option which is read-only
	Immutable bool
	// Requires is a list of required options, such options will be
	// automatically enabled as required.
	Requires []string
	// Parse is called to parse the option. If not specified, defaults to
	// NormalizeBool().
	Parse ParseFunc
	// FormatFunc is called to format the value for an option. If not
	// specified, defaults to formatting 0 as "Disabled" and other values
	// as "Enabled".
	Format FormatFunc
	// Verify is called prior to applying the option
	Verify VerifyFunc
}

Option is the structure used to specify the semantics of a configurable boolean option

func (Option) RequiresOption 

func (o Option) RequiresOption(name string) bool

RequiresOption returns true if the option requires the specified option `name`.

type OptionLibrary 

type OptionLibrary map[string]*Option

func (OptionLibrary) Define 

func (l OptionLibrary) Define(name string) string

func (OptionLibrary) Lookup 

func (l OptionLibrary) Lookup(name string) (string, *Option)

func (OptionLibrary) Validate 

func (l OptionLibrary) Validate(name string, value string) error

type OptionMap 

type OptionMap map[string]OptionSetting

func (OptionMap) DeepCopy 

func (om OptionMap) DeepCopy() OptionMap

type OptionSetting 

type OptionSetting int

OptionSetting specifies the different choices each Option has. 

const (
	OptionDisabled OptionSetting = iota
	OptionEnabled
)

func NormalizeBool 

func NormalizeBool(value string) (OptionSetting, error)

func ParseDaemonOption 

func ParseDaemonOption(opt string) (string, OptionSetting, error)

ParseDaemonOption parses a string as daemon option

func ParseKeyValue 

func ParseKeyValue(lib *OptionLibrary, arg, value string) (string, OptionSetting, error)

func ParseOption 

func ParseOption(arg string, lib *OptionLibrary) (string, OptionSetting, error)

type ParseFunc 

type ParseFunc func(value string) (OptionSetting, error)

ParseFunc parses the option value and may return an error if the option cannot be parsed or applied.

type Validator 

type Validator func(val string) (string, error)

Validator returns a validated string along with a possible error.

type VerifyFunc 

type VerifyFunc func(key string, value string) error

VerifyFunc validates option key with value and may return an error if the option should not be applied

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.