utils

package
v0.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KUBECTL = "kubectl"
	KUBEWEB = "kubeweb"
	GENTCP  = "tcp"
	HTTPUP  = "httpupgrade"
)

Known relay services

View Source 
const (
	RELAY        = "relay"
	CDRELAY      = "cdrelay"
	RELAYAGENT   = "relay-agent"
	CDRELAYAGENT = "cdrelay-agent"
	DIALIN       = "dialin"
	JoinString   = "--"
)

Known server types

View Source 
const (
	KUBECTLCORE      = "paralus-core-relay-agent"
	KUBECTLDEDICATED = "paralus-non-core-relay-agent"
	CDAGENTCORE      = "paralus-core-cd-relay-agent"
)

Relay Network Types

View Source 
const (
	HTTP  = "HTTP"
	HTTPS = "https"
	TCP   = "tcp"
	UNIX  = "unix"
)

Known protocol types.

View Source 
const (
	KUBECTLDILAIN = "kubectldialin"
	KUBEWEBDIALIN = "kubewebdialin"
	PEERKEY       = "04112005676520746869732070617373776f726420746f206120736563726574"
)

Known dialin types

View Source 
const (
	//HeaderError ..
	HeaderError = "X-Error"
	//HeaderAction ...
	HeaderAction = "X-Action"
	//HeaderForwardedHost ..
	HeaderForwardedHost = "X-Forwarded-Host"
	//HeaderForwardedService ..
	HeaderForwardedService = "X-Forwarded-Service"

	//HeaderParalusUserName ..
	HeaderParalusUserName = "X-Paralus-User"
	//HeaderParalusNamespace ..
	HeaderParalusNamespace = "X-Paralus-Namespace"
	//HeaderParalusScope ..
	HeaderParalusScope = "X-Paralus-Scope"
	//HeaderParalusAllow ..
	HeaderParalusAllow = "X-Paralus-Allow"
	//HeaderParalusAuthZSA yaml contains service account
	HeaderParalusAuthZSA = "X-Paralus-AuthzSA"
	//HeaderParalusAuthZRole yaml contains role
	HeaderParalusAuthZRole = "X-Paralus-AuthzRole"
	//HeaderParalusAuthZRoleBinding yaml contains rolebinding
	HeaderParalusAuthZRoleBinding = "X-Paralus-AuthzRoleBinding"
	//HeaderParalusServiceAccountNoExpire don't expire service account
	HeaderParalusServiceAccountNoExpire = "X-Paralus-ServiceAccount-NoExpire"
	//HeaderClearSecret to clear the current secret cache of user
	HeaderClearSecret = "X-Paralus-Clear-Cache"
)
View Source 
const (
	ActionProxy = "proxy"

	// DefaultAuditPolicyPath default audit policy filter path
	// k8s audit need a file path
	DefaultAuditPolicyPath = "./relayaudit.yaml"

	//DefaultAuditPath defailt audit log files path
	DefaultAuditPath = "-" // - means standard out

	//ParalusRelayServiceAccountNameSpace namespace used to create service account for relays
	ParalusRelayServiceAccountNameSpace = "system-sa"
)

Known actions.

Variables

View Source 
var (
	// LogLevel loglevel set from commadline
	LogLevel int
	// Mode relay/relay-agent
	Mode string
	// ClusterID unique id of the cluster
	ClusterID string
	// AgentID unique id for cd agent
	AgentID string
	// ExitChan trigger this channel to exit
	ExitChan = make(chan bool)
	// TerminateChan trigger this channel to exit
	TerminateChan = make(chan bool)
	// IdleTimeout is the maximum amount of time to wait for the
	// next read/write before closing connection.
	IdleTimeout = 5 * time.Minute
	// DefaultTimeout specifies a general purpose timeout.
	DefaultTimeout = 5 * time.Minute
	// DefaultPingTimeout specifies a ping timeout.
	DefaultPingTimeout = 5 * time.Second

	// DefaultKeepAliveIdleTime specifies how long connection can be idle
	// before sending keepalive message.
	DefaultKeepAliveIdleTime = 15 * time.Second

	// DefaultKeepAliveCount specifies maximal number of keepalive messages
	// sent before marking connection as dead.
	DefaultKeepAliveCount = 3

	// DefaultKeepAliveInterval specifies how often retry sending keepalive
	// messages when no response is received.
	DefaultKeepAliveInterval = 5 * time.Second

	//DefaultMuxTimeout specifies vmux timeout
	DefaultMuxTimeout = 10 * time.Second

	//UNIXSOCKET prefix path for unix socket
	UNIXSOCKET = "/tmp/relay-unix-" // need to change this from tmp to appropriate path after integration

	//UNIXAGENTSOCKET prefix path for unix socket
	UNIXAGENTSOCKET = "/tmp/relay-agent-unix-" // need to change this from tmp to appropriate path after integration

	//ProxyProtocolSize Default PROXY PROTO buffer size
	ProxyProtocolSize = 1024

	//RelayUUID runtime Unique ID for relay
	RelayUUID string

	//RelayIPFromConfig IP address of the relay for peering
	RelayIPFromConfig string

	//PeerCache stores peer dialin info
	PeerCache *ristretto.Cache

	//ServiceAccountCache stores service account, role, role binding in relay-agetn in connector
	ServiceAccountCache *ristretto.Cache

	//ServiceAccountCacheDefaultExpiry default expiry
	ServiceAccountCacheDefaultExpiry = 600 * time.Second

	//PeerCacheDefaultExpiry default expiry
	PeerCacheDefaultExpiry = 600 * time.Second
	//PeerHelloInterval heartbeat interval
	PeerHelloInterval = 60 * time.Second
	//PeerServiceURI is the URI to join peering service
	PeerServiceURI string
	//PeerCertificate used for peering service communication
	PeerCertificate []byte
	//PeerPrivateKey used for peering service communication
	PeerPrivateKey []byte
	//PeerCACertificate used for peering service communication
	PeerCACertificate []byte

	//RelayUserCert used for user/peer communication
	RelayUserCert []byte
	//RelayUserKey used for user/peer communication
	RelayUserKey []byte
	//RelayUserCACert used for user/peer communication
	RelayUserCACert []byte

	//RelayUserPort user facing seerver port
	RelayUserPort int32
	// RelayUserHost user facing seerver host (domain)
	RelayUserHost string
	//RelayConnectorCert used for relay-connector termination
	RelayConnectorCert []byte
	//RelayConnectorKey used for relay-connector termination
	RelayConnectorKey []byte
	//RelayConnectorCACert used for relay-connector termination
	RelayConnectorCACert []byte
	// RelayConnectorHost connector facing server host (domain)
	RelayConnectorHost string
	// RelayConnectorPort connector facing server port
	RelayConnectorPort int32

	// CDRelayUserCert used for client/peer communication
	CDRelayUserCert []byte
	// CDRelayUserKey used for client/peer communication
	CDRelayUserKey []byte
	// CDRelayUserCACert used for client/peer communication
	CDRelayUserCACert []byte
	// CDRelayUserHost client facing server host
	CDRelayUserHost string
	// CDRelayUserPort client facing server port
	CDRelayUserPort int
	// CDRelayConnectorCert used for cd-relay-connector termination
	CDRelayConnectorCert []byte
	// CDRelayConnectorKey used for cd-relay-connector termination
	CDRelayConnectorKey []byte
	// CDRelayConnectorCACert used for cd-relay-connector termination
	CDRelayConnectorCACert []byte
	// CDRelayConnectorHost connector facing server host (domain)
	CDRelayConnectorHost string
	// CDRelayConnectorPort connector facing server port
	CDRelayConnectorPort int

	//RelayNetworks list of relaynemtworks from configmap
	RelayNetworks []Relaynetwork
	// RelayAgentConfig map of relay agent configurations
	RelayAgentConfig map[string]RelayNetworkConfig

	// MaxDials max connections dialed
	MaxDials = 10

	// MinDials minimum connections dialed
	MinDials = 8

	//PODNAME name of the pod
	PODNAME string

	// DialoutProxy setting used while connecting to relay IP:PORT or HOST:PORT format
	DialoutProxy = ""

	// DialoutProxyAuth Proxy-Authorization header base64 encoded value of user:password
	DialoutProxyAuth = ""

	// DefaultTCPUpstream default TCP upstream
	DefaultTCPUpstream = "127.0.0.1:16001"

	// ScalingStreamsThreshold concurrent streams count to trigger scaling
	ScalingStreamsThreshold = 400

	// ScalingStreamsRateThreshold new streams rate to trigger scaling
	ScalingStreamsRateThreshold = 200

	// MaxScaleMultiplier multiplier to limit max scaled connections
	MaxScaleMultiplier = 3

	// HealingInterval time to close idle scaled connection
	HealingInterval = 24 // Hour

	// Fingerprint uuid of the agent namespace which acts as relay agent fingerprint
	Fingerprint string
)

Functions

func CheckPeerHeaders 

func CheckPeerHeaders(h http.Header) bool

CheckPeerHeaders validates upstreams request

func CheckRelayLoops 

func CheckRelayLoops(h http.Header) bool

CheckRelayLoops :does XRAY UUDI already present in header?

func CloneHeader 

func CloneHeader(h http.Header) http.Header

CloneHeader clone http headers

func CopyHeader 

func CopyHeader(dst, src http.Header)

CopyHeader copy header

func DeleteCache 

func DeleteCache(cache *ristretto.Cache, key interface{})

DeleteCache delete value from cache

func Fatal 

func Fatal(format string, a ...interface{})

Fatal to exit the program

func GenUUID 

func GenUUID()

GenUUID generates a google UUID

func GetCache 

func GetCache(cache *ristretto.Cache, key interface{}) (interface{}, bool)

GetCache get value from cache

func GetRelayIP 

func GetRelayIP() string

GetRelayIP get relay IP address

func GetRelayIPPort 

func GetRelayIPPort() string

GetRelayIPPort get relay IP:PORT of user facing server

func InitCache 

func InitCache(evict OnEvict) (*ristretto.Cache, error)

InitCache initialize the cache to store dialin cluster-connection information of peers. When a dialin miss happens look into this cache to find the peer IP address to forward the user connection.

func InsertCache 

func InsertCache(cache *ristretto.Cache, expiry time.Duration, key, value interface{}) bool

InsertCache inserts the value to cache

func IsHTTPS 

func IsHTTPS(addr string) bool

IsHTTPS returns true if port is 443

func KeepAlive 

func KeepAlive(conn net.Conn) error

KeepAlive set keepalive

func PeerSetHeaderNonce 

func PeerSetHeaderNonce(h http.Header) error

PeerSetHeaderNonce header

func SanitizeValues added in v0.1.1 

func SanitizeValues(input string) string

func SetXForwardedFor 

func SetXForwardedFor(h http.Header, remoteAddr string)

SetXForwardedFor ...

func SetXForwardedParalus 

func SetXForwardedParalus(h http.Header, msg *ControlMessage)

SetXForwardedParalus set paralus headers

func SetXRAYUUID 

func SetXRAYUUID(h http.Header)

SetXRAYUUID ...

func SplitHostPort 

func SplitHostPort(hostport string) (host, port string)

SplitHostPort separates host and port. If the port is not valid, it returns the entire input as host, and it doesn't check the validity of the host.

func Transfer 

func Transfer(dst io.Writer, src io.Reader, tlog *relaylogger.RelayLog, direction string)

Transfer transfer by io.Copy

func UnSetXForwardedParalus 

func UnSetXForwardedParalus(h http.Header)

UnSetXForwardedParalus set paralus headers

func WriteFile 

func WriteFile(filename, data string) error

WriteFile overwrite if exist

func WriteToHeader 

func WriteToHeader(h http.Header, c *ControlMessage)

WriteToHeader writes ControlMessage to HTTP header.

Types

type ControlMessage 

type ControlMessage struct {
	Action           string
	ForwardedHost    string
	ForwardedService string
	RemoteAddr       string
	ParalusUserName  string
	ParalusNamespace string
	ParalusScope     string
	ParalusAllow     string
	ParalusAuthz     string
}

ControlMessage is sent from server to client before streaming data. It's used to inform client about the data and action to take. Based on that client routes requests to backend services.

func ReadControlMessage 

func ReadControlMessage(r *http.Request) (*ControlMessage, error)

ReadControlMessage reads ControlMessage from HTTP headers.

type CountWriter 

type CountWriter struct {
	W     io.Writer
	Count int64
}

CountWriter to measure bytes

func (*CountWriter) Write 

func (cw *CountWriter) Write(p []byte) (n int, err error)

type FlushWriter 

type FlushWriter struct {
	W io.Writer
}

FlushWriter flush writer

func (FlushWriter) Write 

func (fw FlushWriter) Write(p []byte) (n int, err error)

type OnEvict 

type OnEvict = func(item *ristretto.Item)

OnEvict cache on eviction call back function

type ProxyConfig 

type ProxyConfig struct {
	Protocol           string
	Addr               string
	ServiceSNI         string
	RootCA             string
	ClientCRT          string
	ClientKEY          string
	Upstream           string
	UpstreamClientCRT  string
	UpstreamClientKEY  string
	UpstreamRootCA     string
	UpstreamSkipVerify bool
	UpstreamKubeConfig string
	Version            string
}

ProxyConfig configs for the proxy

type ProxyProtocolMessage 

type ProxyProtocolMessage struct {
	DialinKey string
	UserName  string
	SNI       string
}

ProxyProtocolMessage used across dialin unix socket

type RelayNetworkConfig 

type RelayNetworkConfig struct {
	// Network configmap
	Network Relaynetwork
	// RelayAgentCert used for relay-agent client cert
	RelayAgentCert []byte
	// RelayAgentKey used for relay-agent client cert
	RelayAgentKey []byte
	// RelayAgentCACert used for relay-agent client cert
	RelayAgentCACert []byte
}

RelayNetworkConfig config for relay agent

type Relaynetwork 

type Relaynetwork struct {
	Token         string `json:"token"`         // bootstrap agent token
	Addr          string `json:"addr"`          // bootstrap register host
	Domain        string `json:"endpoint"`      // dialout domain
	Name          string `json:"name"`          // network name
	TemplateToken string `json:"templateToken"` // bootstrap template token
	Upstream      string `json:"upstream"`      // upstream tcp service host:port
}

Relaynetwork configmap data

type SNICertificate 

type SNICertificate struct {
	CertFile []byte
	KeyFile  []byte
}

SNICertificate sni based certs

type ServiceAccountCacheObject 

type ServiceAccountCacheObject struct {
	ParalusAuthzSA       string
	ParalusAuthzRole     string
	ParalusAuthzRoleBind string
	Md5sum               string
	Key                  string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.