The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
View Source
const ( // TriremeCgroupPath is the standard Trireme cgroup path TriremeCgroupPath = "/trireme/" // TriremeUIDCgroupPath is the standard path for UID based activations TriremeUIDCgroupPath = "/trireme_uid/" // TriremeDockerHostNetwork is the path for Docker HostNetwork container based activations TriremeDockerHostNetwork = "/trireme_docker_hostnet/" // TriremeSocket is the standard API server Trireme socket path TriremeSocket = "/var/run/trireme.sock" )
View Source
const ( MetadataHookPolicy = "metadata:policy" MetadataHookHealth = "metadata:health" MetadataHookCertificate = "metadata:certificate" MetadataHookKey = "metadata:key" MetadataHookToken = "metadata:token" AWSHookInfo = "aws:info" AWSHookRole = "aws:role" )
Values for hook methods
View Source
const ( AWSRoleARNPrefix = "@awsrole=arn:aws:iam::" AWSRolePrefix = "@awsrole=" )
AWSRole reserved prefix
View Source
const ( MetadataKey = "X-Aporeto-Metadata" MetadataValue = "secrets" )
Metadata API constants
Variables ¶
Functions ¶
func ConvertServicesToPortList ¶
ConvertServicesToPortList converts an array of services to a port list
func ConvertServicesToProtocolPortList ¶
ConvertServicesToProtocolPortList converts an array of services to tcp/udp port list
Types ¶
type EventHandler ¶
A EventHandler is type of event handler functions.
type EventInfo ¶
type EventInfo struct {
// EventType refers to one of the standard events that Trireme handles.
EventType Event `json:"eventtype,omitempty"`
// PUType is the the type of the PU
PUType PUType `json:"putype,omitempty"`
// The PUID is a unique value for the Processing Unit. Ideally this should be the UUID.
PUID string `json:"puid,omitempty"`
// The Name is a user-friendly name for the Processing Unit.
Name string `json:"name,omitempty"`
// The Executable is the executable name for the Processing Unit.
Executable string `json:"executable,omitempty"`
// Tags represents the set of MetadataTags associated with this PUID.
Tags []string `json:"tags,omitempty"`
// The path for the Network Namespace.
NS string `json:"namespace,omitempty"`
// Cgroup is the path to the cgroup - used for deletes
Cgroup string `json:"cgroup,omitempty"`
// IPs is a map of all the IPs that fully belong to this processing Unit.
IPs map[string]string `json:"ipaddressesutype,omitempty"`
// Services is a list of services of interest - for host control
Services []Service `json:"services,omitempty"`
// The PID is the PID on the system where this Processing Unit is running.
PID int32 `json:"pid,omitempty"`
// HostService indicates that the request is for the root namespace
HostService bool `json:"hostservice,omitempty"`
// AutoPort indicates that the PU will have auto port feature enabled
AutoPort bool `json:"autoport,omitempty"`
// NetworkOnlyTraffic indicates that traffic towards the applications must be controlled.
NetworkOnlyTraffic bool `json:"networktrafficonly,omitempty"`
// Root indicates that this request is coming from a roor user. Its overwritten by the enforcer
Root bool `json:"root,omitempty"`
}
EventInfo is a generic structure that defines all the information related to a PU event. EventInfo should be used as a normalized struct container that
type EventResponse ¶
type EventResponse struct {
Error string
}
EventResponse encapsulate the error response if any.
type PUType ¶
type PUType int
PUType defines the PU type
const ( // ContainerPU indicates that this PU is a container ContainerPU PUType = iota // LinuxProcessPU indicates that this is Linux process LinuxProcessPU // HostPU is a host wrapping PU HostPU // HostNetworkPU is a PU for a network service in a host HostNetworkPU // KubernetesPU indicates that this is KubernetesPod KubernetesPU // UIDLoginPU -- PU representing a user session UIDLoginPU // SSHSessionPU -- PU representing a ssh session SSHSessionPU // TransientPU PU -- placeholder to run processing. This should not // be inserted in any cache. This is valid only for processing a packet TransientPU )
type Service ¶
type Service struct {
// Ports are the corresponding ports
Ports *portspec.PortSpec `json:"ports,omitempty"`
// Port is the service port. This has been deprecated and will be removed in later releases 01/13/2018
Port uint16
// Protocol is the protocol number
Protocol uint8 `json:"protocol,omitempty"`
// Addresses are the IP addresses. An empty list means 0.0.0.0/0
Addresses []*net.IPNet `json:"addresses,omitempty"`
// FQDNs is the list of FQDNs for the service.
FQDNs []string `json:"fqdns,omitempty"`
}
Service is a protocol/port service of interest - used to pass user requests
type ServiceTokenIssuer ¶
type ServiceTokenIssuer interface {
Issue(ctx context.Context, contextID string, stype ServiceTokenType, audience string, validity time.Duration) (string, error)
}
ServiceTokenIssuer is an interface of an implementation that can issue service tokens on behalf of a PU. The user of the library must provide the implementation. ServiceTokens can be OAUTH tokens or cloud provider specific tokens such AWS Role credentials.
type ServiceTokenType ¶
type ServiceTokenType string
ServiceTokenType is the type of the token.
const ( ServiceTokenTypeOAUTH ServiceTokenType = "oauth" ServiceTokenTypeAWS ServiceTokenType = "aws" )
Values of ServiceTokenType
type State ¶
type State int
A State describes the state of the PU.
const ( // StateStarted is the state of a started PU. StateStarted State = iota + 1 // StateStopped is the state of stopped PU. StateStopped // StatePaused is the state of a paused PU. StatePaused // StateDestroyed is the state of destroyed PU. StateDestroyed // StateUnknwown is the state of PU in an unknown state. StateUnknwown )
Source Files
Click to show internal directories.
Click to hide internal directories.