trireme-lib: go.aporeto.io/trireme-lib/controller/internal/enforcer/envoyauthorizer Index | Files | Directories

package envoyauthorizer

import "go.aporeto.io/trireme-lib/controller/internal/enforcer/envoyauthorizer"

Index

Package Files

envoyauthorizerenforcer.go

type Enforcer Uses

type Enforcer struct {
    sync.RWMutex
    // contains filtered or unexported fields
}

Enforcer implements the Enforcer interface as an envoy authorizer and starts envoy external authz filter gRPC servers for enforcement.

func NewEnvoyAuthorizerEnforcer Uses

func NewEnvoyAuthorizerEnforcer(mode constants.ModeType, eventCollector collector.EventCollector, externalIPCacheTimeout time.Duration, secrets secrets.Secrets, tokenIssuer common.ServiceTokenIssuer) (*Enforcer, error)

NewEnvoyAuthorizerEnforcer creates a new envoy authorizer

func (*Enforcer) CleanUp Uses

func (e *Enforcer) CleanUp() error

CleanUp is unimplemented in the envoy authorizer

func (*Enforcer) EnableDatapathPacketTracing Uses

func (e *Enforcer) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing is unimplemented in the envoy authorizer

func (*Enforcer) EnableIPTablesPacketTracing Uses

func (e *Enforcer) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing is unimplemented in the envoy authorizer

func (*Enforcer) Enforce Uses

func (e *Enforcer) Enforce(contextID string, puInfo *policy.PUInfo) error

Enforce starts enforcing policies for the given policy.PUInfo. here we do the following: 1. create a new PU always and instantiate a new apiAuth, as we want to be as stateless as possible. 2. create a PUcontext as this will be used in auth code. 3. If envoy servers are not present then create all 3 envoy servers. 4. If the servers are already present under policy update then update the service certs.

func (*Enforcer) GetFilterQueue Uses

func (e *Enforcer) GetFilterQueue() *fqconfig.FilterQueue

GetFilterQueue is unimplemented in the envoy authorizer

func (*Enforcer) Ping Uses

func (e *Enforcer) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping is unimplemented in the envoy authorizer

func (*Enforcer) Run Uses

func (e *Enforcer) Run(ctx context.Context) error

Run is unimplemented in the envoy authorizer

func (*Enforcer) Secrets Uses

func (e *Enforcer) Secrets() (secrets.Secrets, func())

Secrets implements the LockedSecrets

func (*Enforcer) SetLogLevel Uses

func (e *Enforcer) SetLogLevel(level constants.LogLevel) error

SetLogLevel is unimplemented in the envoy authorizer

func (*Enforcer) SetTargetNetworks Uses

func (e *Enforcer) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks is unimplemented in the envoy authorizer

func (*Enforcer) Unenforce Uses

func (e *Enforcer) Unenforce(contextID string) error

Unenforce stops enforcing policy for the given IP.

func (*Enforcer) UpdateSecrets Uses

func (e *Enforcer) UpdateSecrets(secrets secrets.Secrets) error

UpdateSecrets -- updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push

Directories

PathSynopsis
envoyproxy

Package envoyauthorizer imports 21 packages (graph) and is imported by 2 packages. Updated 2020-01-29. Refresh now. Tools for package owners.