Documentation ¶
Overview ¶
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
Index ¶
- func NewProxyEnforcer(ctx context.Context, mutualAuth bool, filterQueue fqconfig.FilterQueue, ...) enforcer.Enforcer
- type ProxyInfo
- func (s *ProxyInfo) CleanUp() error
- func (s *ProxyInfo) DebugCollect(ctx context.Context, contextID string, debugConfig *policy.DebugConfig) error
- func (s *ProxyInfo) EnableDatapathPacketTracing(ctx context.Context, contextID string, ...) error
- func (s *ProxyInfo) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error
- func (s *ProxyInfo) Enforce(ctx context.Context, contextID string, puInfo *policy.PUInfo) error
- func (s *ProxyInfo) GetBPFObject() ebpf.BPFModule
- func (s *ProxyInfo) GetFilterQueue() fqconfig.FilterQueue
- func (s *ProxyInfo) GetServiceMeshType() policy.ServiceMesh
- func (s *ProxyInfo) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error
- func (s *ProxyInfo) Run(ctx context.Context) error
- func (s *ProxyInfo) SetLogLevel(level constants.LogLevel) error
- func (s *ProxyInfo) SetTargetNetworks(cfg *runtime.Configuration) error
- func (s *ProxyInfo) Unenforce(ctx context.Context, contextID string) error
- func (s *ProxyInfo) UpdateSecrets(token secrets.Secrets) error
- type ProxyRPCServer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewProxyEnforcer ¶
func NewProxyEnforcer( ctx context.Context, mutualAuth bool, filterQueue fqconfig.FilterQueue, collector collector.EventCollector, secrets secrets.Secrets, serverID string, validity time.Duration, cmdArg string, procMountPoint string, ExternalIPCacheTimeout time.Duration, packetLogs bool, cfg *runtime.Configuration, runtimeError chan *policy.RuntimeError, remoteParameters *env.RemoteParameters, tokenIssuer common.ServiceTokenIssuer, isBPFEnabled bool, ipv6Enabled bool, iptablesLockfile string, rpcServer rpcwrapper.RPCServer, ) enforcer.Enforcer
NewProxyEnforcer creates a new proxy to remote enforcers.
Types ¶
type ProxyInfo ¶
type ProxyInfo struct { Secrets secrets.Secrets ExternalIPCacheTimeout time.Duration sync.RWMutex // contains filtered or unexported fields }
ProxyInfo is the struct used to hold state about active enforcers in the system
func (*ProxyInfo) CleanUp ¶
CleanUp sends a cleanup command to all the remotes forcing them to exit and clean their state.
func (*ProxyInfo) DebugCollect ¶
func (s *ProxyInfo) DebugCollect(ctx context.Context, contextID string, debugConfig *policy.DebugConfig) error
DebugCollect tells remote enforcer to start collecting debug info (pcap or misc commands). It does not wait for pcap collection to complete: the pid of tcpdump is returned. If another command is meant to be executed in remote enforcer, it should be quick, and its output is returned.
func (*ProxyInfo) EnableDatapathPacketTracing ¶
func (s *ProxyInfo) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error
EnableDatapathPacketTracing enable nfq packet tracing in remote container
func (*ProxyInfo) EnableIPTablesPacketTracing ¶
func (s *ProxyInfo) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error
EnableIPTablesPacketTracing enable iptables tracing
func (*ProxyInfo) GetBPFObject ¶
GetBPFObject returns the bpf object
func (*ProxyInfo) GetFilterQueue ¶
func (s *ProxyInfo) GetFilterQueue() fqconfig.FilterQueue
GetFilterQueue returns the current FilterQueueConfig.
func (*ProxyInfo) GetServiceMeshType ¶
func (s *ProxyInfo) GetServiceMeshType() policy.ServiceMesh
GetServiceMeshType is unimplemented in the envoy authorizer
func (*ProxyInfo) Ping ¶
func (s *ProxyInfo) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error
Ping runs ping from the given config.
func (*ProxyInfo) SetLogLevel ¶
SetLogLevel sets log level.
func (*ProxyInfo) SetTargetNetworks ¶
func (s *ProxyInfo) SetTargetNetworks(cfg *runtime.Configuration) error
SetTargetNetworks does the RPC call for SetTargetNetworks to the corresponding remote enforcers
type ProxyRPCServer ¶
type ProxyRPCServer struct {
// contains filtered or unexported fields
}
ProxyRPCServer This struct is a receiver for Statsserver and maintains a handle to the RPC ProxyRPCServer.
func (*ProxyRPCServer) PostReportEvent ¶
func (r *ProxyRPCServer) PostReportEvent(req rpcwrapper.Request, resp *rpcwrapper.Response) error
PostReportEvent posts report events to the listener.
func (*ProxyRPCServer) PostStats ¶
func (r *ProxyRPCServer) PostStats(req rpcwrapper.Request, resp *rpcwrapper.Response) error
PostStats is the function called from the remoteenforcer when it has new flow events to publish.
func (*ProxyRPCServer) RetrieveToken ¶
func (r *ProxyRPCServer) RetrieveToken(req rpcwrapper.Request, resp *rpcwrapper.Response) error
RetrieveToken propagates the master request to the token retriever and returns a token.