trireme-lib: go.aporeto.io/trireme-lib/controller Index | Files | Directories

package controller

import "go.aporeto.io/trireme-lib/controller"

Index

Package Files

config.go controller.go helpers.go interfaces.go

func CleanOldState Uses

func CleanOldState()

CleanOldState ensures all state in trireme is cleaned up.

func GetLogParameters Uses

func GetLogParameters() (logToConsole bool, logID string, logLevel string, logFormat string, compressedTagsVersion constants.CompressionType)

GetLogParameters retrieves log parameters for Remote Enforcer.

func LaunchRemoteEnforcer Uses

func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error

LaunchRemoteEnforcer launches a remote enforcer instance.

func SetLogParameters Uses

func SetLogParameters(logToConsole, logWithID bool, logLevel string, logFormat string, compressedTags constants.CompressionType)

SetLogParameters sets up environment to be passed to the remote trireme instances.

type Option Uses

type Option func(*config)

Option is provided using functional arguments.

func OptionApplicationProxyPort Uses

func OptionApplicationProxyPort(proxyPort int) Option

OptionApplicationProxyPort is an option provide starting proxy port for application proxy

func OptionCollector Uses

func OptionCollector(c collector.EventCollector) Option

OptionCollector is an option to provide an external collector implementation.

func OptionDatapathService Uses

func OptionDatapathService(s packetprocessor.PacketProcessor) Option

OptionDatapathService is an option to provide an external datapath service implementation.

func OptionDisableMutualAuth Uses

func OptionDisableMutualAuth() Option

OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)

func OptionEnforceFqConfig Uses

func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option

OptionEnforceFqConfig is an option to override filter queues.

func OptionEnforceLinuxProcess Uses

func OptionEnforceLinuxProcess() Option

OptionEnforceLinuxProcess is an option to request support for linux process support.

func OptionPacketLogs Uses

func OptionPacketLogs() Option

OptionPacketLogs is an option to enable packet level logging.

func OptionProcMountPoint Uses

func OptionProcMountPoint(p string) Option

OptionProcMountPoint is an option to provide proc mount point.

func OptionRuntimeErrorChannel Uses

func OptionRuntimeErrorChannel(errorChannel chan *policy.RuntimeError) Option

OptionRuntimeErrorChannel configures the error channel for the policy engine.

func OptionSecret Uses

func OptionSecret(s secrets.Secrets) Option

OptionSecret is an option to provide an external datapath service implementation.

func OptionTargetNetworks Uses

func OptionTargetNetworks(n []string) Option

OptionTargetNetworks is an option to provide target network configuration.

type TriremeController Uses

type TriremeController interface {
    // Run initializes and runs the controller.
    Run(ctx context.Context) error

    // CleanUp cleans all the supervisors and ACLs for a clean exit
    CleanUp() error

    // Enforce asks the controller to enforce policy on a processing unit
    Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

    // UnEnforce asks the controller to ub-enforce policy on a processing unit
    UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

    // UpdatePolicy updates the policy of the isolator for a container.
    UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error

    // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
    UpdateSecrets(secrets secrets.Secrets) error

    // UpdateConfiguration updates the configuration of the controller. Only specific configuration
    // parameters can be updated during run time.
    UpdateConfiguration(networks []string) error
}

TriremeController is the main API of the Trireme controller

func New Uses

func New(serverID string, mode constants.ModeType, opts ...Option) TriremeController

New returns a trireme interface implementation based on configuration provided.

Directories

PathSynopsis
internal/enforcer
internal/enforcer/applicationproxy
internal/enforcer/applicationproxy/http
internal/enforcer/constants
internal/enforcer/lookup
internal/enforcer/nfqdatapath
internal/enforcer/nfqdatapath/afinetrawsocket
internal/enforcer/nfqdatapath/tokenaccessor
internal/enforcer/proxyPackage enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
internal/enforcer/utils/nsenter
internal/enforcer/utils/packetgenPackage packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
internal/enforcer/utils/rpcwrapper
internal/enforcer/utils/rpcwrapper/mockrpcwrapperPackage mockrpcwrapper is a generated GoMock package.
internal/processmonPackage processmon is to manage and monitor remote enforcers.
internal/processmon/testbinary
internal/supervisor
internal/supervisor/mocksupervisorPackage mocksupervisor is a generated GoMock package.
mockcontrollerPackage mockcontroller is a generated GoMock package.
pkg/aclprovider
pkg/auth
pkg/connection
pkg/fqconfig
pkg/packetPackage packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
pkg/packetprocessor
pkg/pucontext
pkg/remoteenforcer
pkg/remoteenforcer/internal/statsclient/mockstatsclientPackage mockstatsclient is a generated GoMock package.
pkg/remoteenforcer/internal/statscollector/mockstatscollectorPackage mockstatscollector is a generated GoMock package.
pkg/remoteenforcer/mockremoteenforcerPackage mockremoteenforcer is a generated GoMock package.
pkg/secrets
pkg/tokens
pkg/urisearch
pkg/usertokens
pkg/usertokens/common

Package controller imports 23 packages (graph) and is imported by 3 packages. Updated 2018-12-10. Refresh now. Tools for package owners.