The highest tagged major version is v11.

enforcerproxy

package

v10.289.12+incompatible Latest Latest Go to latest Published: Oct 11, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aporeto-inc/trireme-lib

Links

Open Source Insights

Documentation ¶

Overview ¶

Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally

Index ¶

func NewProxyEnforcer(ctx context.Context, mutualAuth bool, filterQueue fqconfig.FilterQueue, ...) enforcer.Enforcer
type ProxyInfo
type ProxyRPCServer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewProxyEnforcer ¶

func NewProxyEnforcer(
	ctx context.Context,
	mutualAuth bool,
	filterQueue fqconfig.FilterQueue,
	collector collector.EventCollector,
	secrets secrets.Secrets,
	serverID string,
	validity time.Duration,
	cmdArg string,
	procMountPoint string,
	ExternalIPCacheTimeout time.Duration,
	packetLogs bool,
	cfg *runtime.Configuration,
	runtimeError chan *policy.RuntimeError,
	remoteParameters *env.RemoteParameters,
	tokenIssuer common.ServiceTokenIssuer,
	isBPFEnabled bool,
	ipv6Enabled bool,
	iptablesLockfile string,
	rpcServer rpcwrapper.RPCServer,
) enforcer.Enforcer

NewProxyEnforcer creates a new proxy to remote enforcers.

Types ¶

type ProxyInfo ¶

type ProxyInfo struct {
	Secrets secrets.Secrets

	ExternalIPCacheTimeout time.Duration

	sync.RWMutex
	// contains filtered or unexported fields
}

ProxyInfo is the struct used to hold state about active enforcers in the system

func (*ProxyInfo) CleanUp ¶

func (s *ProxyInfo) CleanUp() error

CleanUp sends a cleanup command to all the remotes forcing them to exit and clean their state.

func (*ProxyInfo) DebugCollect ¶

func (s *ProxyInfo) DebugCollect(ctx context.Context, contextID string, debugConfig *policy.DebugConfig) error

DebugCollect tells remote enforcer to start collecting debug info (pcap or misc commands). It does not wait for pcap collection to complete: the pid of tcpdump is returned. If another command is meant to be executed in remote enforcer, it should be quick, and its output is returned.

func (*ProxyInfo) EnableDatapathPacketTracing ¶

func (s *ProxyInfo) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing enable nfq packet tracing in remote container

func (*ProxyInfo) EnableIPTablesPacketTracing ¶

func (s *ProxyInfo) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enable iptables tracing

func (*ProxyInfo) Enforce ¶

func (s *ProxyInfo) Enforce(ctx context.Context, contextID string, puInfo *policy.PUInfo) error

Enforce method makes a RPC call for the remote enforcer enforce method

func (*ProxyInfo) GetBPFObject ¶

func (s *ProxyInfo) GetBPFObject() ebpf.BPFModule

GetBPFObject returns the bpf object

func (*ProxyInfo) GetFilterQueue ¶

func (s *ProxyInfo) GetFilterQueue() fqconfig.FilterQueue

GetFilterQueue returns the current FilterQueueConfig.

func (*ProxyInfo) GetServiceMeshType ¶

func (s *ProxyInfo) GetServiceMeshType() policy.ServiceMesh

GetServiceMeshType is unimplemented in the envoy authorizer

func (*ProxyInfo) Ping ¶

func (s *ProxyInfo) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping runs ping from the given config.

func (*ProxyInfo) Run ¶

func (s *ProxyInfo) Run(ctx context.Context) error

Run starts the the remote enforcer proxy.

func (*ProxyInfo) SetLogLevel ¶

func (s *ProxyInfo) SetLogLevel(level constants.LogLevel) error

SetLogLevel sets log level.

func (*ProxyInfo) SetTargetNetworks ¶

func (s *ProxyInfo) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks does the RPC call for SetTargetNetworks to the corresponding remote enforcers

func (*ProxyInfo) Unenforce ¶

func (s *ProxyInfo) Unenforce(ctx context.Context, contextID string) error

Unenforce stops enforcing policy for the given contextID.

func (*ProxyInfo) UpdateSecrets ¶

func (s *ProxyInfo) UpdateSecrets(token secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type ProxyRPCServer ¶

type ProxyRPCServer struct {
	// contains filtered or unexported fields
}

ProxyRPCServer This struct is a receiver for Statsserver and maintains a handle to the RPC ProxyRPCServer.

func (*ProxyRPCServer) PostReportEvent ¶

func (r *ProxyRPCServer) PostReportEvent(req rpcwrapper.Request, resp *rpcwrapper.Response) error

PostReportEvent posts report events to the listener.

func (*ProxyRPCServer) PostStats ¶

func (r *ProxyRPCServer) PostStats(req rpcwrapper.Request, resp *rpcwrapper.Response) error

PostStats is the function called from the remoteenforcer when it has new flow events to publish.

func (*ProxyRPCServer) RetrieveToken ¶

func (r *ProxyRPCServer) RetrieveToken(req rpcwrapper.Request, resp *rpcwrapper.Response) error

RetrieveToken propagates the master request to the token retriever and returns a token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL