The highest tagged major version is v11.

controller

package

v10.302.1+incompatible Latest Latest Go to latest Published: Apr 23, 2021 License: Apache-2.0 Imports: 26 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aporeto-inc/trireme-lib

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func LaunchRemoteEnforcer(ctx context.Context, logLevel string, logFormat string, logID string, ...) error
type DebugInfo
type Option
type TriremeController
- func New(ctx context.Context, serverID string, mode constants.ModeType, opts ...Option) TriremeController

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LaunchRemoteEnforcer ¶

func LaunchRemoteEnforcer(ctx context.Context, logLevel string, logFormat string, logID string, numQueues int, agentVersion semver.Version) error

LaunchRemoteEnforcer launches a remote enforcer instance.

Types ¶

type DebugInfo ¶

type DebugInfo interface {
	// EnableReceivedPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID
	EnableDatapathPacketTracing(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, direction packettracing.TracingDirection, interval time.Duration) error
	// EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.
	EnableIPTablesPacketTracing(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, interval time.Duration) error
	// Ping runs ping based on the given config.
	Ping(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, pingConfig *policy.PingConfig) error
	// DebugCollect collects debug information, such as packet capture
	DebugCollect(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, debugConfig *policy.DebugConfig) error
}

DebugInfo is the interface implemented by controllers to support configuring debug options

type Option ¶

type Option func(*config)

Option is provided using functional arguments.

func OptionAgentVersion ¶

func OptionAgentVersion(v semver.Version) Option

OptionAgentVersion is an option to set agent version.

func OptionBPFEnabled ¶

func OptionBPFEnabled(bpfEnabled bool) Option

OptionBPFEnabled is an option

func OptionCollector ¶

func OptionCollector(c collector.EventCollector) Option

OptionCollector is an option to provide an external collector implementation.

func OptionDatapathService ¶

func OptionDatapathService(s packetprocessor.PacketProcessor) Option

OptionDatapathService is an option to provide an external datapath service implementation.

func OptionDisableMutualAuth ¶

func OptionDisableMutualAuth() Option

OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)

func OptionEnforceFqConfig ¶

func OptionEnforceFqConfig(f fqconfig.FilterQueue) Option

OptionEnforceFqConfig is an option to override filter queues.

func OptionEnforceLinuxProcess ¶

func OptionEnforceLinuxProcess() Option

OptionEnforceLinuxProcess is an option to request support for linux process support.

func OptionIPv6Enable ¶

func OptionIPv6Enable(ipv6Enabled bool) Option

OptionIPv6Enable is an option to enable ipv6

func OptionIptablesLockfile ¶

func OptionIptablesLockfile(iptablesLockfile string) Option

OptionIptablesLockfile is a string option to set the path to the iptables lockfile

func OptionPacketLogs ¶

func OptionPacketLogs() Option

OptionPacketLogs is an option to enable packet level logging.

func OptionProcMountPoint ¶

func OptionProcMountPoint(p string) Option

OptionProcMountPoint is an option to provide proc mount point.

func OptionRemoteParameters ¶

func OptionRemoteParameters(p *env.RemoteParameters) Option

OptionRemoteParameters is an option to set the parameters for the remote

func OptionRuntimeConfiguration ¶

func OptionRuntimeConfiguration(c *runtime.Configuration) Option

OptionRuntimeConfiguration is an option to provide target network configuration.

func OptionRuntimeErrorChannel ¶

func OptionRuntimeErrorChannel(errorChannel chan *policy.RuntimeError) Option

OptionRuntimeErrorChannel configures the error channel for the policy engine.

func OptionSecret ¶

func OptionSecret(s secrets.Secrets) Option

OptionSecret is an option to provide an external datapath service implementation.

func OptionTokenIssuer ¶

func OptionTokenIssuer(t common.ServiceTokenIssuer) Option

OptionTokenIssuer provides the token issuer.

type TriremeController ¶

type TriremeController interface {
	// Run initializes and runs the controller.
	Run(ctx context.Context) error

	// CleanUp cleans all the supervisors and ACLs for a clean exit
	CleanUp() error

	// Enforce asks the controller to enforce policy on a processing unit
	Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

	// UnEnforce asks the controller to ub-enforce policy on a processing unit
	UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

	// UpdatePolicy updates the policy of the isolator for a container.
	UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error

	// UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
	UpdateSecrets(secrets secrets.Secrets) error

	// UpdateConfiguration updates the configuration of the controller. Only specific configuration
	// parameters can be updated during run time.
	UpdateConfiguration(cfg *runtime.Configuration) error
	DebugInfo
}

TriremeController is the main API of the Trireme controller

func New ¶

func New(ctx context.Context, serverID string, mode constants.ModeType, opts ...Option) TriremeController

New returns a trireme interface implementation based on configuration provided.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
constants
internal
enforcer
enforcer/acls
enforcer/apiauth
enforcer/applicationproxy
enforcer/applicationproxy/common
enforcer/applicationproxy/http
enforcer/applicationproxy/markedconn
enforcer/applicationproxy/pingrequest
enforcer/applicationproxy/protomux
enforcer/applicationproxy/servicecache
enforcer/applicationproxy/serviceregistry
enforcer/applicationproxy/tcp
enforcer/applicationproxy/tcp/verifier
enforcer/applicationproxy/tlshelper
enforcer/constants
enforcer/dnsproxy
enforcer/dnsproxy/mockdnsproxy Package mockdnsproxy is a generated GoMock package.	Package mockdnsproxy is a generated GoMock package.
enforcer/envoyauthorizer
enforcer/envoyauthorizer/envoyproxy
enforcer/flowstats
enforcer/lookup
enforcer/metadata
enforcer/mockenforcer Package mockenforcer is a generated GoMock package.	Package mockenforcer is a generated GoMock package.
enforcer/nfqdatapath
enforcer/nfqdatapath/afinetrawsocket
enforcer/nfqdatapath/nflog
enforcer/nfqdatapath/tokenaccessor
enforcer/nfqdatapath/tokenaccessor/mocktokenaccessor Package mocktokenaccessor is a generated GoMock package.	Package mocktokenaccessor is a generated GoMock package.
enforcer/proxy Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally	Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
enforcer/secretsproxy
enforcer/utils/ephemeralkeys
enforcer/utils/ephemeralkeys/mockephemeralkeys Package mockephemeralkeys is a generated GoMock package.	Package mockephemeralkeys is a generated GoMock package.
enforcer/utils/nsenter
enforcer/utils/packetgen Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon	Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
enforcer/utils/rpcwrapper
enforcer/utils/rpcwrapper/mockrpcwrapper Package mockrpcwrapper is a generated GoMock package.	Package mockrpcwrapper is a generated GoMock package.
processmon Package processmon is to manage and monitor remote enforcers.	Package processmon is to manage and monitor remote enforcers.
processmon/mockprocessmon Package mockprocessmon is a generated GoMock package.	Package mockprocessmon is a generated GoMock package.
processmon/testbinary
supervisor
supervisor/iptablesctrl
supervisor/mocksupervisor Package mocksupervisor is a generated GoMock package.	Package mocksupervisor is a generated GoMock package.
supervisor/noop Package supervisornoop implements the supervisor interface with no operations.	Package supervisornoop implements the supervisor interface with no operations.
windows
mockcontroller Package mockcontroller is a generated GoMock package.	Package mockcontroller is a generated GoMock package.
pkg
aclprovider
auth
bufferpool
claimsheader
cleaner
connection
counters
dmesgparser
ebpf
ebpf/bpfbuild
env
flowtracking
flowtracking/mockflowclient Package mockflowclient is a generated GoMock package.	Package mockflowclient is a generated GoMock package.
fqconfig
ipsetmanager
ipsetmanager/mock_ipsetmanager Package mock_ipsetmanager is a generated GoMock package.	Package mock_ipsetmanager is a generated GoMock package.
packet Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.	Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
packetprocessor
packettracing
pingconfig
pkiverifier
pucontext
remoteenforcer
remoteenforcer/internal/client
remoteenforcer/internal/client/mockclient Package mockclient is a generated GoMock package.	Package mockclient is a generated GoMock package.
remoteenforcer/internal/client/reportsclient
remoteenforcer/internal/client/statsclient
remoteenforcer/internal/statscollector
remoteenforcer/internal/statscollector/mockstatscollector Package mockstatscollector is a generated GoMock package.	Package mockstatscollector is a generated GoMock package.
remoteenforcer/internal/tokenissuer
remoteenforcer/internal/tokenissuer/mocktokenclient Package mocktokenclient is a generated GoMock package.	Package mocktokenclient is a generated GoMock package.
remoteenforcer/mockremoteenforcer Package mockremoteenforcer is a generated GoMock package.	Package mockremoteenforcer is a generated GoMock package.
secrets
secrets/compactpki
secrets/mocksecrets Package mocksecrets is a generated GoMock package.	Package mocksecrets is a generated GoMock package.
secrets/rpc
secrets/testhelper
servicetokens
tokens
tokens/mocktokens Package mocktokens is a generated GoMock package.	Package mocktokens is a generated GoMock package.
urisearch
usertokens
usertokens/common
usertokens/mockusertokens Package mockusertokens is a generated GoMock package.	Package mockusertokens is a generated GoMock package.
usertokens/oidc
usertokens/pkitokens
runtime

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL