trireme-lib: go.aporeto.io/trireme-lib/controller Index | Files | Directories

package controller

import "go.aporeto.io/trireme-lib/controller"

Index

Package Files

config.go controller.go helpers.go interfaces.go

func LaunchRemoteEnforcer Uses

func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error

LaunchRemoteEnforcer launches a remote enforcer instance.

type DebugInfo Uses

type DebugInfo interface {
    // EnableReceivedPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID
    EnableDatapathPacketTracing(contextID string, direction packettracing.TracingDirection, interval time.Duration, putype common.PUType) error
    // EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.
    EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration, putype common.PUType) error
}

DebugInfo is the interface implemented by controllers to support configuring debug options

type Option Uses

type Option func(*config)

Option is provided using functional arguments.

func OptionCollector Uses

func OptionCollector(c collector.EventCollector) Option

OptionCollector is an option to provide an external collector implementation.

func OptionDatapathService Uses

func OptionDatapathService(s packetprocessor.PacketProcessor) Option

OptionDatapathService is an option to provide an external datapath service implementation.

func OptionDisableMutualAuth Uses

func OptionDisableMutualAuth() Option

OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)

func OptionEnforceFqConfig Uses

func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option

OptionEnforceFqConfig is an option to override filter queues.

func OptionEnforceLinuxProcess Uses

func OptionEnforceLinuxProcess() Option

OptionEnforceLinuxProcess is an option to request support for linux process support.

func OptionPacketLogs Uses

func OptionPacketLogs() Option

OptionPacketLogs is an option to enable packet level logging.

func OptionProcMountPoint Uses

func OptionProcMountPoint(p string) Option

OptionProcMountPoint is an option to provide proc mount point.

func OptionRemoteParameters Uses

func OptionRemoteParameters(p *env.RemoteParameters) Option

OptionRemoteParameters is an option to set the parameters for the remote

func OptionRuntimeConfiguration Uses

func OptionRuntimeConfiguration(c *runtime.Configuration) Option

OptionRuntimeConfiguration is an option to provide target network configuration.

func OptionRuntimeErrorChannel Uses

func OptionRuntimeErrorChannel(errorChannel chan *policy.RuntimeError) Option

OptionRuntimeErrorChannel configures the error channel for the policy engine.

func OptionSecret Uses

func OptionSecret(s secrets.Secrets) Option

OptionSecret is an option to provide an external datapath service implementation.

type TriremeController Uses

type TriremeController interface {
    // Run initializes and runs the controller.
    Run(ctx context.Context) error

    // CleanUp cleans all the supervisors and ACLs for a clean exit
    CleanUp() error

    // Enforce asks the controller to enforce policy on a processing unit
    Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

    // UnEnforce asks the controller to ub-enforce policy on a processing unit
    UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

    // UpdatePolicy updates the policy of the isolator for a container.
    UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error

    // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
    UpdateSecrets(secrets secrets.Secrets) error

    // UpdateConfiguration updates the configuration of the controller. Only specific configuration
    // parameters can be updated during run time.
    UpdateConfiguration(cfg *runtime.Configuration) error
    DebugInfo
}

TriremeController is the main API of the Trireme controller

func New Uses

func New(serverID string, mode constants.ModeType, opts ...Option) TriremeController

New returns a trireme interface implementation based on configuration provided.

Directories

PathSynopsis
constants
internal/enforcer
internal/enforcer/acls
internal/enforcer/applicationproxy
internal/enforcer/applicationproxy/common
internal/enforcer/applicationproxy/http
internal/enforcer/applicationproxy/markedconn
internal/enforcer/applicationproxy/protomux
internal/enforcer/applicationproxy/servicecache
internal/enforcer/applicationproxy/serviceregistry
internal/enforcer/applicationproxy/tcp
internal/enforcer/constants
internal/enforcer/lookup
internal/enforcer/mockenforcerPackage mockenforcer is a generated GoMock package.
internal/enforcer/nfqdatapath
internal/enforcer/nfqdatapath/afinetrawsocket
internal/enforcer/nfqdatapath/nflog
internal/enforcer/nfqdatapath/tokenaccessor
internal/enforcer/proxyPackage enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
internal/enforcer/secretsproxy
internal/enforcer/utils/nsenter
internal/enforcer/utils/packetgenPackage packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
internal/enforcer/utils/rpcwrapper
internal/enforcer/utils/rpcwrapper/mockrpcwrapperPackage mockrpcwrapper is a generated GoMock package.
internal/processmonPackage processmon is to manage and monitor remote enforcers.
internal/processmon/mockprocessmonPackage mockprocessmon is a generated GoMock package.
internal/processmon/testbinary
internal/supervisor
internal/supervisor/iptablesctrl
internal/supervisor/mocksupervisorPackage mocksupervisor is a generated GoMock package.
internal/supervisor/proxyPackage supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
mockcontrollerPackage mockcontroller is a generated GoMock package.
pkg/aclprovider
pkg/auth
pkg/claimsheader
pkg/cleaner
pkg/connection
pkg/dmesgparser
pkg/env
pkg/flowtracking
pkg/fqconfig
pkg/packetPackage packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
pkg/packetprocessor
pkg/packettracing
pkg/pkiverifier
pkg/pucontext
pkg/remoteenforcer
pkg/remoteenforcer/internal/debugclient
pkg/remoteenforcer/internal/debugclient/mockdebugclientPackage mockdebugclient is a generated GoMock package.
pkg/remoteenforcer/internal/statsclient
pkg/remoteenforcer/internal/statsclient/mockstatsclientPackage mockstatsclient is a generated GoMock package.
pkg/remoteenforcer/internal/statscollector
pkg/remoteenforcer/internal/statscollector/mockstatscollectorPackage mockstatscollector is a generated GoMock package.
pkg/remoteenforcer/mockremoteenforcerPackage mockremoteenforcer is a generated GoMock package.
pkg/secrets
pkg/servicetokens
pkg/tokens
pkg/urisearch
pkg/usertokens
pkg/usertokens/common
pkg/usertokens/oidc
pkg/usertokens/pkitokens
runtime

Package controller imports 24 packages (graph) and is imported by 3 packages. Updated 2019-05-20. Refresh now. Tools for package owners.