enforcer

package
v10.295.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 5, 2021 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DebugInfo

type DebugInfo interface {
	//  EnableDatapathPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID
	EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

	// EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.
	EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

	// Ping runs ping based on the given config.
	Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

	// DebugCollect collects debug information, such as packet capture
	DebugCollect(ctx context.Context, contextID string, debugConfig *policy.DebugConfig) error
}

DebugInfo is interface to implement methods to configure datapath packet tracing in the nfqdatapath

type Enforcer

type Enforcer interface {

	// Enforce starts enforcing policies for the given policy.PUInfo.
	Enforce(ctx context.Context, contextID string, puInfo *policy.PUInfo) error

	// Unenforce stops enforcing policy for the given IP.
	Unenforce(ctx context.Context, contextID string) error

	// GetFilterQueue returns the current FilterQueueConfig.
	GetFilterQueue() fqconfig.FilterQueue

	// GetBPFObject returns the bpf pobject
	GetBPFObject() ebpf.BPFModule

	// Run starts the PolicyEnforcer.
	Run(ctx context.Context) error

	// UpdateSecrets -- updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
	UpdateSecrets(secrets secrets.Secrets) error

	// SetTargetNetworks sets the target network configuration of the controllers.
	SetTargetNetworks(cfg *runtime.Configuration) error

	// SetLogLevel sets log level.
	SetLogLevel(level constants.LogLevel) error

	// Cleanup request a clean up of the controllers.
	CleanUp() error

	// GetServiceMeshType returns the serviceMeshType
	GetServiceMeshType() policy.ServiceMesh

	DebugInfo
}

A Enforcer is an implementation of the enforcer datapath. The interface can be implemented by one or multiple datapaths.

func New

func New(
	mutualAuthorization bool,
	fqConfig fqconfig.FilterQueue,
	collector collector.EventCollector,
	secrets secrets.Secrets,
	serverID string,
	validity time.Duration,
	mode constants.ModeType,
	procMountPoint string,
	externalIPCacheTimeout time.Duration,
	packetLogs bool,
	cfg *runtime.Configuration,
	tokenIssuer common.ServiceTokenIssuer,
	isBPFEnabled bool,
	agentVersion semver.Version,
	serviceMeshType policy.ServiceMesh,
) (Enforcer, error)

New returns a new policy enforcer that implements both the data paths.

Directories

Path Synopsis
tcp
mockdnsproxy
Package mockdnsproxy is a generated GoMock package.
Package mockdnsproxy is a generated GoMock package.
Package mockenforcer is a generated GoMock package.
Package mockenforcer is a generated GoMock package.
tokenaccessor/mocktokenaccessor
Package mocktokenaccessor is a generated GoMock package.
Package mocktokenaccessor is a generated GoMock package.
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
utils
ephemeralkeys/mockephemeralkeys
Package mockephemeralkeys is a generated GoMock package.
Package mockephemeralkeys is a generated GoMock package.
packetgen
Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
rpcwrapper/mockrpcwrapper
Package mockrpcwrapper is a generated GoMock package.
Package mockrpcwrapper is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL