common

package
v10.324.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 4 Imported by: 23

Documentation

Index

Constants

View Source
const (
	// TriremeCgroupPath is the standard Trireme cgroup path
	TriremeCgroupPath = "/trireme/"

	// TriremeDockerHostNetwork is the path for Docker HostNetwork container based activations
	TriremeDockerHostNetwork = "/trireme_docker_hostnet/"
)
View Source
const (
	MetadataHookPolicy      = "metadata:policy"
	MetadataHookHealth      = "metadata:health"
	MetadataHookCertificate = "metadata:certificate"
	MetadataHookKey         = "metadata:key"
	MetadataHookToken       = "metadata:token"
	AWSHookInfo             = "aws:info"
	AWSHookRole             = "aws:role"
)

Values for hook methods

View Source
const (
	AWSRoleARNPrefix = "@awsrole=arn:aws:iam::"

	AWSRolePrefix = "@awsrole="
)

AWSRole reserved prefix

View Source
const (
	MetadataKey   = "X-Aporeto-Metadata"
	MetadataValue = "secrets"
)

Metadata API constants

Variables

View Source
var (
	// EventMap used for validations
	EventMap = map[Event]*struct{}{
		"start":   nil,
		"stop":    nil,
		"update":  nil,
		"create":  nil,
		"destroy": nil,
		"pause":   nil,
		"unpause": nil,
		"resync":  nil,
	}
)
View Source
var TriremeSocket = "/var/run/trireme.sock"

TriremeSocket is the standard API server Trireme socket path it is set via ConfigureTriremeSocketPath() and canonicalized with utils.GetPathOnHostViaProcRoot() at point of use

Functions

func ConfigureTriremeSocketPath

func ConfigureTriremeSocketPath(path string)

ConfigureTriremeSocketPath updates the TriremeSocket path

func ConvertServicesToPortList

func ConvertServicesToPortList(services []Service) string

ConvertServicesToPortList converts an array of services to a port list

func ConvertServicesToProtocolPortList

func ConvertServicesToProtocolPortList(services []Service) (string, string)

ConvertServicesToProtocolPortList converts an array of services to tcp/udp port list

Types

type Event

type Event string

Event represents the event picked up by the monitor.

const (
	EventStart   Event = "start"
	EventStop    Event = "stop"
	EventUpdate  Event = "update"
	EventCreate  Event = "create"
	EventDestroy Event = "destroy"
	EventPause   Event = "pause"
	EventUnpause Event = "unpause"
	EventResync  Event = "resync"
)

Values of the events

type EventHandler

type EventHandler func(ctx context.Context, event *EventInfo) error

A EventHandler is type of event handler functions.

type EventInfo

type EventInfo struct {

	// EventType refers to one of the standard events that Trireme handles.
	EventType Event `json:"eventtype,omitempty"`

	// PUType is the the type of the PU
	PUType PUType `json:"putype,omitempty"`

	// The PUID is a unique value for the Processing Unit. Ideally this should be the UUID.
	PUID string `json:"puid,omitempty"`

	// The Name is a user-friendly name for the Processing Unit.
	Name string `json:"name,omitempty"`

	// The Executable is the executable name  for the Processing Unit.
	Executable string `json:"executable,omitempty"`

	// Tags represents the set of MetadataTags associated with this PUID.
	Tags []string `json:"tags,omitempty"`

	// The path for the Network Namespace.
	NS string `json:"namespace,omitempty"`

	// Cgroup is the path to the cgroup - used for deletes
	Cgroup string `json:"cgroup,omitempty"`

	// IPs is a map of all the IPs that fully belong to this processing Unit.
	IPs map[string]string `json:"ipaddressesutype,omitempty"`

	// Services is a list of services of interest - for host control
	Services []Service `json:"services,omitempty"`

	// The PID is the PID on the system where this Processing Unit is running.
	PID int32 `json:"pid,omitempty"`

	// HostService indicates that the request is for the root namespace
	HostService bool `json:"hostservice,omitempty"`

	// AutoPort indicates that the PU will have auto port feature enabled
	AutoPort bool `json:"autoport,omitempty"`

	// NetworkOnlyTraffic indicates that traffic towards the applications must be controlled.
	NetworkOnlyTraffic bool `json:"networktrafficonly,omitempty"`

	// Root indicates that this request is coming from a roor user. Its overwritten by the enforcer
	Root bool `json:"root,omitempty"`
}

EventInfo is a generic structure that defines all the information related to a PU event. EventInfo should be used as a normalized struct container that

type EventResponse

type EventResponse struct {
	Error string
}

EventResponse encapsulate the error response if any.

type PUType

type PUType int

PUType defines the PU type

const (
	// ContainerPU indicates that this PU is a container
	ContainerPU PUType = iota
	// LinuxProcessPU indicates that this is Linux process
	LinuxProcessPU
	// WindowsProcessPU indicates that this is Windows process
	WindowsProcessPU
	// HostPU is a host wrapping PU
	HostPU
	// HostNetworkPU is a PU for a network service in a host
	HostNetworkPU
	// KubernetesPU indicates that this is KubernetesPod
	KubernetesPU
	// TransientPU PU -- placeholder to run processing. This should not
	// be inserted in any cache. This is valid only for processing a packet
	TransientPU
)

type Service

type Service struct {
	// Ports are the corresponding ports
	Ports *portspec.PortSpec `json:"ports,omitempty"`

	// Port is the service port. This has been deprecated and will be removed in later releases 01/13/2018
	Port uint16

	// Protocol is the protocol number
	Protocol uint8 `json:"protocol,omitempty"`

	// Addresses are the IP addresses. An empty list means 0.0.0.0/0
	Addresses map[string]struct{} `json:"addresses,omitempty"`

	// FQDNs is the list of FQDNs for the service.
	FQDNs []string `json:"fqdns,omitempty"`
}

Service is a protocol/port service of interest - used to pass user requests

type ServiceTokenIssuer

type ServiceTokenIssuer interface {
	Issue(ctx context.Context, contextID string, stype ServiceTokenType, audience string, validity time.Duration) (string, error)
}

ServiceTokenIssuer is an interface of an implementation that can issue service tokens on behalf of a PU. The user of the library must provide the implementation. ServiceTokens can be OAUTH tokens or cloud provider specific tokens such AWS Role credentials.

type ServiceTokenType

type ServiceTokenType string

ServiceTokenType is the type of the token.

const (
	ServiceTokenTypeOAUTH ServiceTokenType = "oauth"

	ServiceTokenTypeAWS ServiceTokenType = "aws"
)

Values of ServiceTokenType

type State

type State int

A State describes the state of the PU.

const (
	// StateStarted is the state of a started PU.
	StateStarted State = iota + 1

	// StateStopped is the state of stopped PU.
	StateStopped

	// StatePaused is the state of a paused PU.
	StatePaused

	// StateDestroyed is the state of destroyed PU.
	StateDestroyed

	// StateUnknwown is the state of PU in an unknown state.
	StateUnknwown
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL