trireme-lib: go.aporeto.io/trireme-lib/controller/internal/enforcer Index | Files | Directories

package enforcer

import "go.aporeto.io/trireme-lib/controller/internal/enforcer"

Index

Package Files

enforcer.go

type Enforcer Uses

type Enforcer interface {

    // Enforce starts enforcing policies for the given policy.PUInfo.
    Enforce(contextID string, puInfo *policy.PUInfo) error

    // Unenforce stops enforcing policy for the given IP.
    Unenforce(contextID string) error

    // GetFilterQueue returns the current FilterQueueConfig.
    GetFilterQueue() *fqconfig.FilterQueue

    // Run starts the PolicyEnforcer.
    Run(ctx context.Context) error

    // UpdateSecrets -- updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
    UpdateSecrets(secrets secrets.Secrets) error

    SetTargetNetworks(networks []string) error
}

A Enforcer is an implementation of the enforcer datapath. The interface can be implemented by one or multiple datapaths.

func New Uses

func New(
    mutualAuthorization bool,
    fqConfig *fqconfig.FilterQueue,
    collector collector.EventCollector,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    serverID string,
    validity time.Duration,
    mode constants.ModeType,
    procMountPoint string,
    externalIPCacheTimeout time.Duration,
    packetLogs bool,
    targetNetworks []string,
) (Enforcer, error)

New returns a new policy enforcer that implements both the data paths.

func NewWithDefaults Uses

func NewWithDefaults(
    serverID string,
    collector collector.EventCollector,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    mode constants.ModeType,
    procMountPoint string,
    targetNetworks []string,
) Enforcer

NewWithDefaults create a new data path with most things used by default

Directories

PathSynopsis
applicationproxy
applicationproxy/http
constants
lookup
nfqdatapath
nfqdatapath/afinetrawsocket
nfqdatapath/tokenaccessor
proxyPackage enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
utils/nsenter
utils/packetgenPackage packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
utils/rpcwrapper
utils/rpcwrapper/mockrpcwrapperPackage mockrpcwrapper is a generated GoMock package.

Package enforcer imports 15 packages (graph) and is imported by 9 packages. Updated 2018-11-15. Refresh now. Tools for package owners.