trireme-lib: go.aporeto.io/trireme-lib/common Index | Files

package common

import "go.aporeto.io/trireme-lib/common"

Index

Package Files

events.go hooks.go oauthtokens.go service.go

Constants

const (
    // TriremeCgroupPath is the standard Trireme cgroup path
    TriremeCgroupPath = "/trireme/"

    // TriremeUIDCgroupPath is the standard path for UID based activations
    TriremeUIDCgroupPath = "/trireme_uid/"

    // TriremeDockerHostNetwork is the path for Docker HostNetwork container based activations
    TriremeDockerHostNetwork = "/trireme_docker_hostnet/"

    // TriremeSocket is the standard API server Trireme socket path
    TriremeSocket = "/var/run/trireme.sock"
)
const (
    MetadataHookPolicy      = "metadata:policy"
    MetadataHookHealth      = "metadata:health"
    MetadataHookCertificate = "metadata:certificate"
    MetadataHookKey         = "metadata:key"
    MetadataHookToken       = "metadata:token"
    AWSHookInfo             = "aws:info"
    AWSHookRole             = "aws:role"
)

Values for hook methods

const (
    AWSRoleARNPrefix = "@awsrole=arn:aws:iam::"

    AWSRolePrefix = "@awsrole="
)

AWSRole reserved prefix

const (
    MetadataKey   = "X-Aporeto-Metadata"
    MetadataValue = "secrets"
)

Metadata API constants

Variables

var (
    // EventMap used for validations
    EventMap = map[Event]*struct{}{
        "start":   nil,
        "stop":    nil,
        "update":  nil,
        "create":  nil,
        "destroy": nil,
        "pause":   nil,
        "unpause": nil,
        "resync":  nil,
    }
)

func ConvertServicesToPortList Uses

func ConvertServicesToPortList(services []Service) string

ConvertServicesToPortList converts an array of services to a port list

func ConvertServicesToProtocolPortList Uses

func ConvertServicesToProtocolPortList(services []Service) (string, string)

ConvertServicesToProtocolPortList converts an array of services to tcp/udp port list

type Event Uses

type Event string

Event represents the event picked up by the monitor.

const (
    EventStart   Event = "start"
    EventStop    Event = "stop"
    EventUpdate  Event = "update"
    EventCreate  Event = "create"
    EventDestroy Event = "destroy"
    EventPause   Event = "pause"
    EventUnpause Event = "unpause"
    EventResync  Event = "resync"
)

Values of the events

type EventHandler Uses

type EventHandler func(ctx context.Context, event *EventInfo) error

A EventHandler is type of event handler functions.

type EventInfo Uses

type EventInfo struct {

    // EventType refers to one of the standard events that Trireme handles.
    EventType Event `json:"eventtype,omitempty"`

    // PUType is the the type of the PU
    PUType PUType `json:"putype,omitempty"`

    // The PUID is a unique value for the Processing Unit. Ideally this should be the UUID.
    PUID string `json:"puid,omitempty"`

    // The Name is a user-friendly name for the Processing Unit.
    Name string `json:"name,omitempty"`

    // The Executable is the executable name  for the Processing Unit.
    Executable string `json:"executable,omitempty"`

    // Tags represents the set of MetadataTags associated with this PUID.
    Tags []string `json:"tags,omitempty"`

    // The path for the Network Namespace.
    NS  string `json:"namespace,omitempty"`

    // Cgroup is the path to the cgroup - used for deletes
    Cgroup string `json:"cgroup,omitempty"`

    // IPs is a map of all the IPs that fully belong to this processing Unit.
    IPs map[string]string `json:"ipaddressesutype,omitempty"`

    // Services is a list of services of interest - for host control
    Services []Service `json:"services,omitempty"`

    // The PID is the PID on the system where this Processing Unit is running.
    PID int32 `json:"pid,omitempty"`

    // HostService indicates that the request is for the root namespace
    HostService bool `json:"hostservice,omitempty"`

    // AutoPort indicates that the PU will have auto port feature enabled
    AutoPort bool `json:"autoport,omitempty"`

    // NetworkOnlyTraffic indicates that traffic towards the applications must be controlled.
    NetworkOnlyTraffic bool `json:"networktrafficonly,omitempty"`

    // Root indicates that this request is coming from a roor user. Its overwritten by the enforcer
    Root bool `json:"root,omitempty"`
}

EventInfo is a generic structure that defines all the information related to a PU event. EventInfo should be used as a normalized struct container that

type EventResponse Uses

type EventResponse struct {
    Error string
}

EventResponse encapsulate the error response if any.

type PUType Uses

type PUType int

PUType defines the PU type

const (
    // ContainerPU indicates that this PU is a container
    ContainerPU PUType = iota
    // LinuxProcessPU indicates that this is Linux process
    LinuxProcessPU
    // HostPU is a host wrapping PU
    HostPU
    // HostNetworkPU is a PU for a network service in a host
    HostNetworkPU
    // KubernetesPU indicates that this is KubernetesPod
    KubernetesPU
    // UIDLoginPU -- PU representing a user session
    UIDLoginPU
    // SSHSessionPU -- PU representing a ssh session
    SSHSessionPU
    // TransientPU PU -- placeholder to run processing. This should not
    // be inserted in any cache. This is valid only for processing a packet
    TransientPU
)

type Service Uses

type Service struct {
    // Ports are the corresponding ports
    Ports *portspec.PortSpec `json:"ports,omitempty"`

    // Port is the service port. This has been deprecated and will be removed in later releases 01/13/2018
    Port uint16

    // Protocol is the protocol number
    Protocol uint8 `json:"protocol,omitempty"`

    // Addresses are the IP addresses. An empty list means 0.0.0.0/0
    Addresses []*net.IPNet `json:"addresses,omitempty"`

    // FQDNs is the list of FQDNs for the service.
    FQDNs []string `json:"fqdns,omitempty"`
}

Service is a protocol/port service of interest - used to pass user requests

type ServiceTokenIssuer Uses

type ServiceTokenIssuer interface {
    Issue(ctx context.Context, contextID string, stype ServiceTokenType, audience string, validity time.Duration) (string, error)
}

ServiceTokenIssuer is an interface of an implementation that can issue service tokens on behalf of a PU. The user of the library must provide the implementation. ServiceTokens can be OAUTH tokens or cloud provider specific tokens such AWS Role credentials.

type ServiceTokenType Uses

type ServiceTokenType string

ServiceTokenType is the type of the token.

const (
    ServiceTokenTypeOAUTH ServiceTokenType = "oauth"

    ServiceTokenTypeAWS ServiceTokenType = "aws"
)

Values of ServiceTokenType

type State Uses

type State int

A State describes the state of the PU.

const (
    // StateStarted is the state of a started PU.
    StateStarted State = iota + 1

    // StateStopped is the state of stopped PU.
    StateStopped

    // StatePaused is the state of a paused PU.
    StatePaused

    // StateDestroyed is the state of destroyed PU.
    StateDestroyed

    // StateUnknwown is the state of PU in an unknown state.
    StateUnknwown
)

Package common imports 5 packages (graph) and is imported by 62 packages. Updated 2019-09-15. Refresh now. Tools for package owners.