Documentation ¶
Index ¶
- type Enforcer
- func (e *Enforcer) CleanUp() error
- func (e *Enforcer) EnableDatapathPacketTracing(ctx context.Context, contextID string, ...) error
- func (e *Enforcer) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error
- func (e *Enforcer) Enforce(contextID string, puInfo *policy.PUInfo) error
- func (e *Enforcer) GetFilterQueue() *fqconfig.FilterQueue
- func (e *Enforcer) Run(ctx context.Context) error
- func (e *Enforcer) Secrets() (secrets.Secrets, func())
- func (e *Enforcer) SetLogLevel(level constants.LogLevel) error
- func (e *Enforcer) SetTargetNetworks(cfg *runtime.Configuration) error
- func (e *Enforcer) Unenforce(contextID string) error
- func (e *Enforcer) UpdateSecrets(secrets secrets.Secrets) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Enforcer ¶
Enforcer implements the Enforcer interface as an envoy authorizer and starts envoy external authz filter gRPC servers for enforcement.
func NewEnvoyAuthorizerEnforcer ¶
func NewEnvoyAuthorizerEnforcer(mode constants.ModeType, eventCollector collector.EventCollector, externalIPCacheTimeout time.Duration, secrets secrets.Secrets, tokenIssuer common.ServiceTokenIssuer) (*Enforcer, error)
NewEnvoyAuthorizerEnforcer creates a new envoy authorizer
func (*Enforcer) EnableDatapathPacketTracing ¶
func (e *Enforcer) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error
EnableDatapathPacketTracing is unimplemented in the envoy authorizer
func (*Enforcer) EnableIPTablesPacketTracing ¶
func (e *Enforcer) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error
EnableIPTablesPacketTracing is unimplemented in the envoy authorizer
func (*Enforcer) Enforce ¶
Enforce starts enforcing policies for the given policy.PUInfo. here we do the following: 1. create a new PU always and instantiate a new apiAuth, as we want to be as stateless as possible. 2. create a PUcontext as this will be used in auth code. 3. If envoy servers are not present then create all 3 envoy servers. 4. If the servers are already present under policy update then update the service certs.
func (*Enforcer) GetFilterQueue ¶
func (e *Enforcer) GetFilterQueue() *fqconfig.FilterQueue
GetFilterQueue is unimplemented in the envoy authorizer
func (*Enforcer) SetLogLevel ¶
SetLogLevel is unimplemented in the envoy authorizer
func (*Enforcer) SetTargetNetworks ¶
func (e *Enforcer) SetTargetNetworks(cfg *runtime.Configuration) error
SetTargetNetworks is unimplemented in the envoy authorizer