Documentation
¶
Overview ¶
Package trust provides types and code for representing and evaluating trust levels of facts.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Names = map[Level]string{ Untrusted: "Untrusted", Endpoint: "Endpoint", AllowedIPs: "AllowedIPs", Membership: "Membership", DelegateTrust: "DelegateTrust", }
Names is a handy map to ease stringifying trust levels. NOTE: this is mutable, golang doesn't allow const/immutable maps
var Values = map[string]Level{ "Untrusted": Untrusted, "Endpoint": Endpoint, "AllowedIPs": AllowedIPs, "Membership": Membership, "DelegateTrust": DelegateTrust, }
Values is a handy map to ease parsing strings to trust levels. NOTE: this is mutable, golang doesn't allow const/immutable maps
Functions ¶
Types ¶
type CompositeMode ¶ added in v0.1.0
type CompositeMode int
CompositeMode is an enum for how a composite evaluator combines the results of its member evaluators
const ( // FirstOnly composites return the trust level from the first evaluator that // knows the subject FirstOnly CompositeMode = iota // LeastPermission composites return the lowest trust level from the evaluators // that know the subject LeastPermission // MostPermission composites return the highest trust level from the evaluators // that known the subject MostPermission )
func (CompositeMode) String ¶ added in v0.8.1
func (cm CompositeMode) String() string
type Evaluator ¶
type Evaluator interface {
// TrustLevel evaluates the trust level that should be applied to a fact given its source,
// returning nil if it doesn't have an opinion on the trust level
TrustLevel(fact *fact.Fact, source net.UDPAddr) *Level
// IsKnown checks whether the subject of a fact is already known to the local system,
// or false if the peer is new.
// TODO: IsKnown doesn't really belong here
IsKnown(subject fact.Subject) bool
}
Evaluator is an interface for implementations that can answer whether a fact received from a remote source should be trusted and accepted into the set of locally known facts
func CreateComposite ¶ added in v0.1.0
func CreateComposite(mode CompositeMode, evaluators ...Evaluator) Evaluator
CreateComposite generates an evaluator which combines the results of others using the specified mode
func CreateKnownPeerTrust ¶ added in v0.13.1
CreateKnownPeerTrust creates a trust Evaluator for the given set of peers, where a known peer is allowed to tell us Endpoint facts, but not register new peers.
func CreateRouteBasedTrust ¶
CreateRouteBasedTrust creates a trust Evaluator for the given set of peers, using the "routers are trusted" model, wherein "routers" (peers with an AllowedIP whose CIDR mask is shorter than the IP length) are allowed to provide AllowedIPs for other peers.
type Level ¶
type Level int
Level is how much we should trust a fact received from a remote source
const ( // Untrusted means we should ignore the fact, as if we never received it Untrusted Level = iota // Endpoint means we should trust it enough to try endpoints we may have received Endpoint // AllowedIPs means we should trust it enough to add AllowedIPs to our local // configuration for the peer, if we can make a direct connection to it AllowedIPs // Membership means that we trust it enough to determine which peers are part // of the network, adding peers it tells us should be members, and removing // those that no such trusted peer recognizes Membership // DelegateTrust means a peer is trusted to tell us the trust level of others DelegateTrust )
Source Files