security

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2025 License: GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AlertSeverity 

type AlertSeverity string

AlertSeverity represents the severity of a security alert 

const (
	// AlertSeverityLow represents a low severity alert
	AlertSeverityLow AlertSeverity = "Low"
	// AlertSeverityMedium represents a medium severity alert
	AlertSeverityMedium AlertSeverity = "Medium"
	// AlertSeverityHigh represents a high severity alert
	AlertSeverityHigh AlertSeverity = "High"
	// AlertSeverityCritical represents a critical severity alert
	AlertSeverityCritical AlertSeverity = "Critical"
)

type AuditLogEntry 

type AuditLogEntry struct {
	ID         string            `json:"id"`
	Timestamp  int64             `json:"timestamp"`
	UserID     string            `json:"user_id"`
	Username   string            `json:"username"`
	Action     string            `json:"action"`
	Resource   string            `json:"resource"`
	ResourceID *string           `json:"resource_id,omitempty"`
	Status     AuditStatus       `json:"status"`
	Details    map[string]string `json:"details"`
	ClientIP   *string           `json:"client_ip,omitempty"`
	UserAgent  *string           `json:"user_agent,omitempty"`
}

AuditLogEntry represents an entry in the audit log

type AuditStatus 

type AuditStatus string

AuditStatus represents the status of an audit log entry 

const (
	// AuditStatusSuccess indicates a successful action
	AuditStatusSuccess AuditStatus = "success"
	// AuditStatusFailure indicates a failed action
	AuditStatusFailure AuditStatus = "failure"
	// AuditStatusDenied indicates a denied action
	AuditStatusDenied AuditStatus = "denied"
)

type AuthRequest 

type AuthRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

AuthRequest represents an authentication request

type AuthResponse 

type AuthResponse struct {
	Token     string   `json:"token"`
	UserID    string   `json:"user_id"`
	Username  string   `json:"username"`
	Roles     []string `json:"roles"`
	ExpiresAt int64    `json:"expires_at"`
}

AuthResponse represents an authentication response

type ConnectionInfo 

type ConnectionInfo struct {
	// contains filtered or unexported fields
}

ConnectionInfo represents information about a network connection

type ContainerScanner 

type ContainerScanner struct {
	// contains filtered or unexported fields
}

ContainerScanner manages image scanning and runtime security checks

func NewContainerScanner 

func NewContainerScanner(logger *logrus.Logger) *ContainerScanner

NewContainerScanner creates a new container scanner

func NewContainerScanningManager 

func NewContainerScanningManager(logger *logrus.Logger) *ContainerScanner

NewContainerScanningManager creates a new container scanning manager (alias for NewContainerScanner for backward compatibility)

func (*ContainerScanner) CheckContainerRuntime 

func (c *ContainerScanner) CheckContainerRuntime(ctx context.Context, containerID string) (*RuntimeCheckResult, error)

CheckContainerRuntime performs a runtime security check on a running container

func (*ContainerScanner) CreatePolicy 

func (c *ContainerScanner) CreatePolicy(ctx context.Context, policy SecurityPolicy) error

CreatePolicy creates a new security policy

func (*ContainerScanner) DeletePolicy 

func (c *ContainerScanner) DeletePolicy(ctx context.Context, policyID string) error

DeletePolicy deletes a security policy

func (*ContainerScanner) GetPolicy 

func (c *ContainerScanner) GetPolicy(ctx context.Context, policyID string) (*SecurityPolicy, error)

GetPolicy gets a security policy by ID

func (*ContainerScanner) GetRuntimeCheckResult 

func (c *ContainerScanner) GetRuntimeCheckResult(ctx context.Context, containerID string) (*RuntimeCheckResult, error)

GetRuntimeCheckResult gets a runtime check result for a container

func (*ContainerScanner) GetScanResult 

func (c *ContainerScanner) GetScanResult(ctx context.Context, imageID string) (*ScanResult, error)

GetScanResult gets a scan result for an image

func (*ContainerScanner) GetSecurityEvents 

func (c *ContainerScanner) GetSecurityEvents(ctx context.Context) []SecurityEvent

GetSecurityEvents gets all security events

func (*ContainerScanner) ListPolicies 

func (c *ContainerScanner) ListPolicies(ctx context.Context) []SecurityPolicy

ListPolicies lists all security policies

func (*ContainerScanner) LogSecurityEvent 

func (c *ContainerScanner) LogSecurityEvent(
	ctx context.Context,
	eventType SecurityEventType,
	source string,
	message string,
	severity SecurityEventSeverity,
	details map[string]string,
) error

LogSecurityEvent logs a security event

func (*ContainerScanner) ScanImage 

func (c *ContainerScanner) ScanImage(ctx context.Context, imageName, imageID string) (*ScanResult, error)

ScanImage scans a container image for vulnerabilities

type ContainerScanningManager 

type ContainerScanningManager interface {
	ScanImage(ctx context.Context, imageName, imageID string) (*ScanResult, error)
	CreatePolicy(ctx context.Context, policy SecurityPolicy) error
	GetPolicy(ctx context.Context, policyID string) (*SecurityPolicy, error)
	ListPolicies(ctx context.Context) []SecurityPolicy
	DeletePolicy(ctx context.Context, policyID string) error
	CheckContainerRuntime(ctx context.Context, containerID string) (*RuntimeCheckResult, error)
}

ContainerScanningManager defines the interface for container scanning

type EncryptedVolume 

type EncryptedVolume struct {
	ID              string           `json:"id"`
	VolumeID        string           `json:"volume_id"`
	KeyID           string           `json:"key_id"`
	Status          EncryptionStatus `json:"status"`
	CreatedAt       int64            `json:"created_at"`
	UpdatedAt       int64            `json:"updated_at"`
	EncryptedAt     *int64           `json:"encrypted_at,omitempty"`
	LastVerifiedAt  *int64           `json:"last_verified_at,omitempty"`
	EncryptionError *string          `json:"encryption_error,omitempty"`
}

EncryptedVolume represents an encrypted storage volume

type EncryptionAlgorithm 

type EncryptionAlgorithm string

EncryptionAlgorithm represents the algorithm used for encryption 

const (
	// EncryptionAlgorithmAES256GCM represents AES-256-GCM encryption
	EncryptionAlgorithmAES256GCM EncryptionAlgorithm = "AES256GCM"
	// EncryptionAlgorithmChaCha20Poly1305 represents ChaCha20-Poly1305 encryption
	EncryptionAlgorithmChaCha20Poly1305 EncryptionAlgorithm = "ChaCha20Poly1305"
	// EncryptionAlgorithmRSA2048 represents RSA-2048 encryption
	EncryptionAlgorithmRSA2048 EncryptionAlgorithm = "RSA2048"
	// EncryptionAlgorithmRSA4096 represents RSA-4096 encryption
	EncryptionAlgorithmRSA4096 EncryptionAlgorithm = "RSA4096"
)

type EncryptionAlgorithmType 

type EncryptionAlgorithmType string

EncryptionAlgorithmType represents the type of encryption algorithm 

const (
	// EncryptionAlgorithmAES256 represents AES-256 encryption
	EncryptionAlgorithmAES256 EncryptionAlgorithmType = "aes256"
	// EncryptionAlgorithmAES128 represents AES-128 encryption
	EncryptionAlgorithmAES128 EncryptionAlgorithmType = "aes128"
	// EncryptionAlgorithmChaCha20 represents ChaCha20 encryption
	EncryptionAlgorithmChaCha20 EncryptionAlgorithmType = "chacha20"
)

type EncryptionKey 

type EncryptionKey struct {
	ID        string              `json:"id"`
	Name      string              `json:"name"`
	Algorithm EncryptionAlgorithm `json:"algorithm"`
	KeyData   []byte              `json:"-"` // Skip serializing key data
	CreatedAt int64               `json:"created_at"`
	ExpiresAt *int64              `json:"expires_at,omitempty"`
	IsPrimary bool                `json:"is_primary"`
}

EncryptionKey represents a key used for encrypting secrets

type EncryptionOperation 

type EncryptionOperation struct {
	ID          string           `json:"id"`
	VolumeID    string           `json:"volume_id"`
	KeyID       string           `json:"key_id"`
	Operation   string           `json:"operation"` // "encrypt" or "decrypt"
	Status      EncryptionStatus `json:"status"`
	StartedAt   int64            `json:"started_at"`
	CompletedAt *int64           `json:"completed_at,omitempty"`
	Error       *string          `json:"error,omitempty"`
	Progress    float64          `json:"progress"`
}

EncryptionOperation represents an encryption or decryption operation

type EncryptionStatus 

type EncryptionStatus string

EncryptionStatus represents the encryption status of a storage resource 

const (
	// EncryptionStatusUnencrypted represents an unencrypted resource
	EncryptionStatusUnencrypted EncryptionStatus = "unencrypted"
	// EncryptionStatusEncrypting represents a resource being encrypted
	EncryptionStatusEncrypting EncryptionStatus = "encrypting"
	// EncryptionStatusEncrypted represents an encrypted resource
	EncryptionStatusEncrypted EncryptionStatus = "encrypted"
	// EncryptionStatusDecrypting represents a resource being decrypted
	EncryptionStatusDecrypting EncryptionStatus = "decrypting"
	// EncryptionStatusFailed represents a failed encryption/decryption operation
	EncryptionStatusFailed EncryptionStatus = "failed"
)

type EncryptionType 

type EncryptionType string

EncryptionType represents the type of network traffic encryption 

const (
	// EncryptionTypeTLS represents TLS encryption
	EncryptionTypeTLS EncryptionType = "TLS"
	// EncryptionTypeIPSec represents IPSec encryption
	EncryptionTypeIPSec EncryptionType = "IPSec"
	// EncryptionTypeWireGuard represents WireGuard encryption
	EncryptionTypeWireGuard EncryptionType = "WireGuard"
	// EncryptionTypeCustom represents a custom encryption type
	EncryptionTypeCustom EncryptionType = "Custom"
)

type EnhancedNetworkPolicy 

type EnhancedNetworkPolicy struct {
	BasePolicy          NetworkPolicy       `json:"base_policy"`
	EncryptionRequired  bool                `json:"encryption_required"`
	EncryptionType      *EncryptionType     `json:"encryption_type,omitempty"`
	TrafficLogging      bool                `json:"traffic_logging"`
	TrafficLoggingLevel TrafficLoggingLevel `json:"traffic_logging_level"`
	IntrusionDetection  bool                `json:"intrusion_detection"`
	CreatedAt           int64               `json:"created_at"`
	UpdatedAt           int64               `json:"updated_at"`
	Owner               string              `json:"owner"`
}

EnhancedNetworkPolicy represents a network policy with enhanced security features

type GlobalScope 

type GlobalScope struct{}

GlobalScope represents a global permission scope

func (GlobalScope) String 

func (GlobalScope) String() string

type Group 

type Group struct {
	ID          string   `json:"id"`
	Name        string   `json:"name"`
	Description string   `json:"description"`
	Members     []string `json:"members"` // User IDs
	Roles       []string `json:"roles"`   // Role IDs
	CreatedAt   int64    `json:"created_at"`
	UpdatedAt   int64    `json:"updated_at"`
}

Group represents a collection of users

type IPAMManager 

type IPAMManager struct {
	// contains filtered or unexported fields
}

IPAMManager handles IP address management

func NewIPAMManager 

func NewIPAMManager(logger *logrus.Logger) *IPAMManager

NewIPAMManager creates a new IPAM manager

func (*IPAMManager) AllocateIP 

func (m *IPAMManager) AllocateIP(ctx context.Context, subnetCIDR, containerID string) (*IPAllocation, error)

AllocateIP allocates an IP address for a container

func (*IPAMManager) AllocateNodeSubnet 

func (m *IPAMManager) AllocateNodeSubnet(ctx context.Context, nodeID string) (*Subnet, error)

AllocateNodeSubnet allocates a subnet for a node

func (*IPAMManager) GetAllocations 

func (m *IPAMManager) GetAllocations(ctx context.Context) ([]*IPAllocation, error)

GetAllocations returns all IP allocations

func (*IPAMManager) GetNodeSubnet 

func (m *IPAMManager) GetNodeSubnet(ctx context.Context, nodeID string) (*Subnet, error)

GetNodeSubnet retrieves the subnet allocated to a node

func (*IPAMManager) GetSubnets 

func (m *IPAMManager) GetSubnets(ctx context.Context) ([]*Subnet, error)

GetSubnets returns all allocated subnets

func (*IPAMManager) Initialize 

func (m *IPAMManager) Initialize(ctx context.Context, networkCIDR string, subnetMask int) error

Initialize initializes the IPAM manager with a network CIDR

func (*IPAMManager) ReleaseIP 

func (m *IPAMManager) ReleaseIP(ctx context.Context, ip string) error

ReleaseIP releases an allocated IP address

func (*IPAMManager) ReleaseNodeSubnet 

func (m *IPAMManager) ReleaseNodeSubnet(ctx context.Context, nodeID string) error

ReleaseNodeSubnet releases a subnet allocated to a node

type IPAllocation 

type IPAllocation struct {
	IP          string    `json:"ip"`
	SubnetID    string    `json:"subnet_id"`
	ContainerID string    `json:"container_id"`
	CreatedAt   time.Time `json:"created_at"`
	ExpiresAt   time.Time `json:"expires_at"`
}

IPAllocation represents an IP address allocation

type IPBlock 

type IPBlock struct {
	CIDR string `json:"cidr"`
}

IPBlock represents a CIDR IP block

type NamespaceScope 

type NamespaceScope struct {
	Namespace string
}

NamespaceScope represents a namespace-scoped permission

func (NamespaceScope) String 

func (n NamespaceScope) String() string

type NetworkAction 

type NetworkAction string

NetworkAction represents an action taken on network traffic 

const (
	// NetworkActionAllow indicates the traffic was allowed
	NetworkActionAllow NetworkAction = "Allow"
	// NetworkActionDeny indicates the traffic was denied
	NetworkActionDeny NetworkAction = "Deny"
	// NetworkActionLog indicates the traffic was logged
	NetworkActionLog NetworkAction = "Log"
	// NetworkActionAlert indicates an alert was generated
	NetworkActionAlert NetworkAction = "Alert"
)

type NetworkAlertType 

type NetworkAlertType string

NetworkAlertType represents the type of network security alert 

const (
	// AlertTypeUnauthorizedAccess indicates unauthorized access
	AlertTypeUnauthorizedAccess NetworkAlertType = "UnauthorizedAccess"
	// AlertTypeSuspiciousTraffic indicates suspicious traffic
	AlertTypeSuspiciousTraffic NetworkAlertType = "SuspiciousTraffic"
	// AlertTypeAnomalousTraffic indicates anomalous traffic
	AlertTypeAnomalousTraffic NetworkAlertType = "AnomalousTraffic"
	// AlertTypePolicyViolation indicates a policy violation
	AlertTypePolicyViolation NetworkAlertType = "PolicyViolation"
	// AlertTypeEncryptionFailure indicates an encryption failure
	AlertTypeEncryptionFailure NetworkAlertType = "EncryptionFailure"
)

type NetworkPeer 

type NetworkPeer struct {
	IPBlock  *IPBlock         `json:"ip_block,omitempty"`
	Selector *NetworkSelector `json:"selector,omitempty"`
}

NetworkPeer represents a peer in a network rule

type NetworkPolicy 

type NetworkPolicy struct {
	Name         string            `json:"name"`
	Selector     NetworkSelector   `json:"selector"`
	IngressRules []NetworkRule     `json:"ingress_rules"`
	EgressRules  []NetworkRule     `json:"egress_rules"`
	Priority     int32             `json:"priority"`
	Namespace    string            `json:"namespace,omitempty"`
	TenantID     string            `json:"tenant_id,omitempty"`
	Labels       map[string]string `json:"labels"`
	CreatedAt    int64             `json:"created_at"`
	UpdatedAt    int64             `json:"updated_at"`
}

NetworkPolicy represents a policy for network traffic

type NetworkPolicyController 

type NetworkPolicyController struct {

	// Skip iptables operations in tests
	// This flag was added to allow tests to run without requiring actual iptables operations
	// It's checked in all methods that execute iptables commands
	SkipIptablesOperations bool
	// contains filtered or unexported fields
}

NetworkPolicyController translates network policies to actual network rules

func NewNetworkPolicyController 

func NewNetworkPolicyController(logger *logrus.Logger) *NetworkPolicyController

NewNetworkPolicyController creates a new network policy controller

func (*NetworkPolicyController) AddNotificationEndpoint 

func (c *NetworkPolicyController) AddNotificationEndpoint(endpoint string)

AddNotificationEndpoint adds a notification endpoint for policy violation alerts

func (*NetworkPolicyController) ApplyPolicy 

func (c *NetworkPolicyController) ApplyPolicy(ctx context.Context, policy NetworkPolicy) error

ApplyPolicy applies a network policy

func (*NetworkPolicyController) CheckPolicyViolations 

func (c *NetworkPolicyController) CheckPolicyViolations(ctx context.Context) error

CheckPolicyViolations checks for policy violations in system logs

func (*NetworkPolicyController) CleanupOldViolations 

func (c *NetworkPolicyController) CleanupOldViolations(ctx context.Context, maxAgeDays int) (int, error)

CleanupOldViolations removes old violation logs

func (*NetworkPolicyController) CreateDefaultTenantPolicies 

func (c *NetworkPolicyController) CreateDefaultTenantPolicies(ctx context.Context, tenantID string) error

CreateDefaultTenantPolicies creates default network policies for a tenant

func (*NetworkPolicyController) EvaluateTraffic 

func (c *NetworkPolicyController) EvaluateTraffic(sourceIP, destIP, protocol string, port uint16, direction NetworkPolicyDirection) bool

EvaluateTraffic evaluates if traffic is allowed based on network policies

func (*NetworkPolicyController) GetContainerIP 

func (c *NetworkPolicyController) GetContainerIP(containerID string) (net.IP, bool)

GetContainerIP gets the IP address of a container

func (*NetworkPolicyController) GetContainerLabels 

func (c *NetworkPolicyController) GetContainerLabels(containerID string) (map[string]string, bool)

GetContainerLabels gets the labels of a container

func (*NetworkPolicyController) GetPolicy 

func (c *NetworkPolicyController) GetPolicy(ctx context.Context, policyName string) (*NetworkPolicy, error)

GetPolicy returns a policy by name

func (*NetworkPolicyController) GetSecurityEvents 

func (c *NetworkPolicyController) GetSecurityEvents(ctx context.Context) []SecurityEvent

GetSecurityEvents returns security events

func (*NetworkPolicyController) GetTenantViolationLogs 

func (c *NetworkPolicyController) GetTenantViolationLogs(ctx context.Context, tenantID string) ([]ViolationLog, error)

GetTenantViolationLogs gets violation logs for a specific tenant

func (*NetworkPolicyController) GetViolationLogs 

func (c *NetworkPolicyController) GetViolationLogs(ctx context.Context) []ViolationLog

GetViolationLogs returns the violation logs

func (*NetworkPolicyController) IsTrafficAllowed 

func (c *NetworkPolicyController) IsTrafficAllowed(
	ctx context.Context,
	srcContainerID string,
	dstContainerID string,
	protocol Protocol,
	port uint16,
) (bool, error)

IsTrafficAllowed checks if traffic is allowed between two containers

func (*NetworkPolicyController) RecordViolation 

func (c *NetworkPolicyController) RecordViolation(
	ctx context.Context,
	sourceContainer string,
	sourceIP net.IP,
	destinationContainer *string,
	destinationIP net.IP,
	protocol Protocol,
	port uint16,
	policyName string,
	ruleID *string,
	action PolicyAction,
	tenantID *string,
	severity ViolationSeverity,
) error

RecordViolation records a policy violation

func (*NetworkPolicyController) RegisterContainer 

func (c *NetworkPolicyController) RegisterContainer(ctx context.Context, containerID string, ip net.IP, labels map[string]string) error

RegisterContainer registers a container with its IP and labels for policy matching

func (*NetworkPolicyController) ResolveViolation 

func (c *NetworkPolicyController) ResolveViolation(ctx context.Context, violationID string, resolutionAction string) (bool, error)

ResolveViolation resolves a policy violation

func (*NetworkPolicyController) RunReconciliation 

func (c *NetworkPolicyController) RunReconciliation(ctx context.Context) error

RunReconciliation runs the reconciliation loop to ensure policies are consistently applied

func (*NetworkPolicyController) SendViolationNotification 

func (c *NetworkPolicyController) SendViolationNotification(ctx context.Context, violation *ViolationLog) error

SendViolationNotification sends a notification for a policy violation

func (*NetworkPolicyController) StoreContainerIP 

func (c *NetworkPolicyController) StoreContainerIP(ctx context.Context, containerID string, ip net.IP) error

StoreContainerIP stores a container IP address temporarily

func (*NetworkPolicyController) StoreContainerLabels 

func (c *NetworkPolicyController) StoreContainerLabels(ctx context.Context, containerID string, labels map[string]string) error

StoreContainerLabels stores container labels temporarily

func (*NetworkPolicyController) UnregisterContainer 

func (c *NetworkPolicyController) UnregisterContainer(ctx context.Context, containerID string) error

UnregisterContainer unregisters a container when it's removed

type NetworkPolicyDirection 

type NetworkPolicyDirection string

NetworkPolicyDirection represents the direction of network traffic 

const (
	// NetworkPolicyDirectionIngress represents incoming traffic
	NetworkPolicyDirectionIngress NetworkPolicyDirection = "ingress"
	// NetworkPolicyDirectionEgress represents outgoing traffic
	NetworkPolicyDirectionEgress NetworkPolicyDirection = "egress"
)

type NetworkPolicyEnforcer 

type NetworkPolicyEnforcer struct {
	// contains filtered or unexported fields
}

NetworkPolicyEnforcer manages and enforces network security policies

func NewNetworkPolicyEnforcer 

func NewNetworkPolicyEnforcer(logger *logrus.Logger) *NetworkPolicyEnforcer

NewNetworkPolicyEnforcer creates a new network policy enforcer

func (*NetworkPolicyEnforcer) CreateAlert 

func (e *NetworkPolicyEnforcer) CreateAlert(
	ctx context.Context,
	alertType NetworkAlertType,
	sourceIP string,
	destinationIP string,
	description string,
	severity AlertSeverity,
	details map[string]string,
) error

CreateAlert creates a network security alert

func (*NetworkPolicyEnforcer) CreatePolicy 

func (e *NetworkPolicyEnforcer) CreatePolicy(ctx context.Context, policy EnhancedNetworkPolicy) error

CreatePolicy creates a new enhanced network policy

func (*NetworkPolicyEnforcer) DeletePolicy 

func (e *NetworkPolicyEnforcer) DeletePolicy(ctx context.Context, name string) error

DeletePolicy deletes a policy

func (*NetworkPolicyEnforcer) EnhancePolicy 

func (e *NetworkPolicyEnforcer) EnhancePolicy(basePolicy NetworkPolicy, owner string) EnhancedNetworkPolicy

EnhancePolicy converts a base network policy to an enhanced one

func (*NetworkPolicyEnforcer) GetPolicy 

func (e *NetworkPolicyEnforcer) GetPolicy(ctx context.Context, name string) (*EnhancedNetworkPolicy, error)

GetPolicy gets a policy by name

func (*NetworkPolicyEnforcer) GetSecurityAlerts 

func (e *NetworkPolicyEnforcer) GetSecurityAlerts(ctx context.Context) []NetworkSecurityAlert

GetSecurityAlerts gets network security alerts

func (*NetworkPolicyEnforcer) GetTrafficLogs 

func (e *NetworkPolicyEnforcer) GetTrafficLogs(ctx context.Context) []NetworkTrafficLog

GetTrafficLogs gets network traffic logs

func (*NetworkPolicyEnforcer) IsTrafficAllowed 

func (e *NetworkPolicyEnforcer) IsTrafficAllowed(
	ctx context.Context,
	sourceContainer string,
	destinationContainer string,
	protocol Protocol,
	port uint16,
) (bool, error)

IsTrafficAllowed checks if traffic is allowed between two containers

func (*NetworkPolicyEnforcer) ListPolicies 

func (e *NetworkPolicyEnforcer) ListPolicies(ctx context.Context) []EnhancedNetworkPolicy

ListPolicies lists all policies

func (*NetworkPolicyEnforcer) MonitorNetworkTraffic 

func (e *NetworkPolicyEnforcer) MonitorNetworkTraffic(ctx context.Context) error

MonitorNetworkTraffic monitors network traffic for anomalies and policy violations

func (*NetworkPolicyEnforcer) RegisterContainerLabels 

func (e *NetworkPolicyEnforcer) RegisterContainerLabels(ctx context.Context, containerID string, labels map[string]string) error

RegisterContainerLabels registers container labels for policy matching

func (*NetworkPolicyEnforcer) SetupEncryption 

func (e *NetworkPolicyEnforcer) SetupEncryption(ctx context.Context, containerID string, encryptionType EncryptionType) error

SetupEncryption sets up network encryption for a container

func (*NetworkPolicyEnforcer) UnregisterContainerLabels 

func (e *NetworkPolicyEnforcer) UnregisterContainerLabels(ctx context.Context, containerID string) error

UnregisterContainerLabels unregisters container labels when container is removed

type NetworkPolicyManager 

type NetworkPolicyManager struct {
	// contains filtered or unexported fields
}

NetworkPolicyManager handles network policies using the NetworkPolicyController

func NewNetworkPolicyManager 

func NewNetworkPolicyManager(logger *logrus.Logger) *NetworkPolicyManager

NewNetworkPolicyManager creates a new network policy manager

func (*NetworkPolicyManager) AddNotificationEndpoint 

func (m *NetworkPolicyManager) AddNotificationEndpoint(ctx context.Context, endpoint string) error

AddNotificationEndpoint adds a notification endpoint for policy violation alerts

func (*NetworkPolicyManager) AdjustPolicyForViolations 

func (m *NetworkPolicyManager) AdjustPolicyForViolations(ctx context.Context, policyName string) (bool, error)

AdjustPolicyForViolations dynamically adjusts a network policy based on violation patterns

func (*NetworkPolicyManager) ApplyPolicy 

func (m *NetworkPolicyManager) ApplyPolicy(ctx context.Context, policy NetworkPolicy) error

ApplyPolicy applies a network policy

func (*NetworkPolicyManager) CreateDefaultTenantPolicies 

func (m *NetworkPolicyManager) CreateDefaultTenantPolicies(ctx context.Context, tenantID string) error

CreateDefaultTenantPolicies creates default network policies for a new tenant

func (*NetworkPolicyManager) GetViolationLogs 

func (m *NetworkPolicyManager) GetViolationLogs(ctx context.Context, tenantID string) ([]ViolationLog, error)

GetViolationLogs gets policy violation logs

func (*NetworkPolicyManager) IsTrafficAllowed 

func (m *NetworkPolicyManager) IsTrafficAllowed(ctx context.Context, srcContainerID, dstContainerID string, protocol Protocol, port uint16) (bool, error)

IsTrafficAllowed checks if traffic is allowed between containers

func (*NetworkPolicyManager) RegisterContainerIP 

func (m *NetworkPolicyManager) RegisterContainerIP(ctx context.Context, containerID string, ip net.IP) error

RegisterContainerIP registers a container IP address

func (*NetworkPolicyManager) RegisterContainerLabels 

func (m *NetworkPolicyManager) RegisterContainerLabels(ctx context.Context, containerID string, labels map[string]string) error

RegisterContainerLabels registers container labels for policy matching

func (*NetworkPolicyManager) RunMaintenance 

func (m *NetworkPolicyManager) RunMaintenance(ctx context.Context) error

RunMaintenance runs maintenance tasks for network policies

func (*NetworkPolicyManager) RunReconciliation 

func (m *NetworkPolicyManager) RunReconciliation(ctx context.Context) error

RunReconciliation runs the reconciliation loop to ensure policies are consistently applied

func (*NetworkPolicyManager) SetAdjustmentCooldown 

func (m *NetworkPolicyManager) SetAdjustmentCooldown(cooldown time.Duration)

SetAdjustmentCooldown sets the cooldown period between policy adjustments

func (*NetworkPolicyManager) SetDynamicPolicyAdjustment 

func (m *NetworkPolicyManager) SetDynamicPolicyAdjustment(enabled bool)

SetDynamicPolicyAdjustment enables or disables dynamic policy adjustment

func (*NetworkPolicyManager) SetViolationThreshold 

func (m *NetworkPolicyManager) SetViolationThreshold(threshold uint32)

SetViolationThreshold sets the violation threshold for dynamic policy adjustment

func (*NetworkPolicyManager) UnregisterContainer 

func (m *NetworkPolicyManager) UnregisterContainer(ctx context.Context, containerID string) error

UnregisterContainer unregisters a container when it's removed

func (*NetworkPolicyManager) WithNetworkPolicyController 

func (m *NetworkPolicyManager) WithNetworkPolicyController(controller *NetworkPolicyController)

WithNetworkPolicyController sets the network policy controller for the manager

type NetworkRule 

type NetworkRule struct {
	Ports       []PortRange   `json:"ports"`
	From        []NetworkPeer `json:"from"`
	Action      *PolicyAction `json:"action,omitempty"`
	Log         bool          `json:"log"`
	Description string        `json:"description,omitempty"`
	ID          string        `json:"id,omitempty"`
}

NetworkRule represents a rule for network traffic

type NetworkSecurityAlert 

type NetworkSecurityAlert struct {
	ID            string            `json:"id"`
	Timestamp     int64             `json:"timestamp"`
	AlertType     NetworkAlertType  `json:"alert_type"`
	SourceIP      string            `json:"source_ip"`
	DestinationIP string            `json:"destination_ip"`
	Description   string            `json:"description"`
	Severity      AlertSeverity     `json:"severity"`
	Details       map[string]string `json:"details"`
}

NetworkSecurityAlert represents a security alert for network traffic

type NetworkSelector 

type NetworkSelector struct {
	Labels map[string]string `json:"labels"`
}

NetworkSelector selects resources based on labels

type NetworkTrafficLog 

type NetworkTrafficLog struct {
	ID                   string        `json:"id"`
	Timestamp            int64         `json:"timestamp"`
	SourceIP             string        `json:"source_ip"`
	DestinationIP        string        `json:"destination_ip"`
	SourceContainer      string        `json:"source_container,omitempty"`
	DestinationContainer string        `json:"destination_container,omitempty"`
	Protocol             Protocol      `json:"protocol"`
	SourcePort           uint16        `json:"source_port"`
	DestinationPort      uint16        `json:"destination_port"`
	BytesSent            uint64        `json:"bytes_sent"`
	BytesReceived        uint64        `json:"bytes_received"`
	Action               NetworkAction `json:"action"`
	PolicyID             string        `json:"policy_id,omitempty"`
	RuleID               string        `json:"rule_id,omitempty"`
}

NetworkTrafficLog represents a log entry for network traffic

type Permission 

type Permission struct {
	Resource string          `json:"resource"`
	Action   string          `json:"action"`
	Scope    PermissionScope `json:"scope"`
}

Permission represents an action that can be performed on a resource

type PermissionScope 

type PermissionScope interface {
	String() string
	// contains filtered or unexported methods
}

PermissionScope represents the scope of a permission

type PolicyAction 

type PolicyAction string

PolicyAction represents an action to take on network traffic 

const (
	// PolicyActionAllow allows the traffic
	PolicyActionAllow PolicyAction = "Allow"
	// PolicyActionDeny denies the traffic
	PolicyActionDeny PolicyAction = "Deny"
	// PolicyActionLog logs the traffic but allows it
	PolicyActionLog PolicyAction = "Log"
	// PolicyActionLimit limits the traffic rate
	PolicyActionLimit PolicyAction = "Limit"
)

type PolicyType 

type PolicyType string

PolicyType represents the type of network policy 

const (
	// PolicyTypeIsolation represents an isolation policy
	PolicyTypeIsolation PolicyType = "Isolation"
	// PolicyTypeSecurity represents a security policy
	PolicyTypeSecurity PolicyType = "Security"
	// PolicyTypeQoS represents a quality of service policy
	PolicyTypeQoS PolicyType = "QoS"
	// PolicyTypeCustom represents a custom policy type
	PolicyTypeCustom PolicyType = "Custom"
)

type PortRange 

type PortRange struct {
	Protocol Protocol `json:"protocol"`
	PortMin  uint16   `json:"port_min"`
	PortMax  uint16   `json:"port_max"`
}

PortRange represents a range of ports for a specific protocol

type Protocol 

type Protocol string

Protocol represents a network protocol 

const (
	// ProtocolTCP represents the TCP protocol
	ProtocolTCP Protocol = "TCP"
	// ProtocolUDP represents the UDP protocol
	ProtocolUDP Protocol = "UDP"
)

type QoSAssignment 

type QoSAssignment struct {
	ID           string            `json:"id"`
	PolicyID     string            `json:"policy_id"`
	ResourceID   string            `json:"resource_id"`
	ResourceType string            `json:"resource_type"` // "volume", "pool", etc.
	CreatedAt    int64             `json:"created_at"`
	UpdatedAt    int64             `json:"updated_at"`
	CreatedBy    string            `json:"created_by"`
	IsActive     bool              `json:"is_active"`
	Labels       map[string]string `json:"labels,omitempty"`
}

QoSAssignment represents an assignment of a QoS policy to a storage resource

type QoSLimitType 

type QoSLimitType string

QoSLimitType represents the type of QoS limit 

const (
	// QoSLimitTypeMin represents a minimum guarantee
	QoSLimitTypeMin QoSLimitType = "min"
	// QoSLimitTypeMax represents a maximum limit
	QoSLimitTypeMax QoSLimitType = "max"
	// QoSLimitTypeBurst represents a burst limit
	QoSLimitTypeBurst QoSLimitType = "burst"
)

type QoSMetric 

type QoSMetric struct {
	ResourceID   string `json:"resource_id"`
	ResourceType string `json:"resource_type"`
	MetricType   string `json:"metric_type"` // "iops", "bandwidth", "latency"
	Value        int64  `json:"value"`
	Timestamp    int64  `json:"timestamp"`
}

QoSMetric represents a QoS metric for a storage resource

type QoSPolicy 

type QoSPolicy struct {
	ID          string            `json:"id"`
	Name        string            `json:"name"`
	Description string            `json:"description"`
	Type        QoSPolicyType     `json:"type"`
	LimitType   QoSLimitType      `json:"limit_type"`
	Value       int64             `json:"value"`
	BurstValue  *int64            `json:"burst_value,omitempty"`
	Priority    QoSPriority       `json:"priority"`
	CreatedAt   int64             `json:"created_at"`
	UpdatedAt   int64             `json:"updated_at"`
	CreatedBy   string            `json:"created_by"`
	IsActive    bool              `json:"is_active"`
	Labels      map[string]string `json:"labels,omitempty"`
}

QoSPolicy represents a Quality of Service policy for storage resources

type QoSPolicyType 

type QoSPolicyType string

QoSPolicyType represents the type of QoS policy 

const (
	// QoSPolicyTypeIOPS represents an IOPS-based QoS policy
	QoSPolicyTypeIOPS QoSPolicyType = "iops"
	// QoSPolicyTypeBandwidth represents a bandwidth-based QoS policy
	QoSPolicyTypeBandwidth QoSPolicyType = "bandwidth"
	// QoSPolicyTypeLatency represents a latency-based QoS policy
	QoSPolicyTypeLatency QoSPolicyType = "latency"
	// QoSPolicyTypePriority represents a priority-based QoS policy
	QoSPolicyTypePriority QoSPolicyType = "priority"
)

type QoSPriority 

type QoSPriority int

QoSPriority represents the priority level for QoS 

const (
	// QoSPriorityLow represents low priority
	QoSPriorityLow QoSPriority = 0
	// QoSPriorityNormal represents normal priority
	QoSPriorityNormal QoSPriority = 50
	// QoSPriorityHigh represents high priority
	QoSPriorityHigh QoSPriority = 100
	// QoSPriorityCritical represents critical priority
	QoSPriorityCritical QoSPriority = 200
)

type QoSViolation 

type QoSViolation struct {
	ID           string `json:"id"`
	PolicyID     string `json:"policy_id"`
	AssignmentID string `json:"assignment_id"`
	ResourceID   string `json:"resource_id"`
	ResourceType string `json:"resource_type"`
	Timestamp    int64  `json:"timestamp"`
	Value        int64  `json:"value"`
	Threshold    int64  `json:"threshold"`
	Duration     int64  `json:"duration"` // Duration in seconds
	Resolved     bool   `json:"resolved"`
	ResolvedAt   *int64 `json:"resolved_at,omitempty"`
}

QoSViolation represents a violation of a QoS policy

type RBACManager 

type RBACManager interface {
	CreateUser(ctx context.Context, user User) (*User, error)
	GetUser(ctx context.Context, userID string) (*User, error)
	GetUserByUsername(ctx context.Context, username string) (*User, error)
	UpdateUser(ctx context.Context, userID string, updatedUser User) (*User, error)
	DeleteUser(ctx context.Context, userID string) error
	ListUsers(ctx context.Context) []User
	CreateRole(ctx context.Context, role Role) (*Role, error)
	GetRole(ctx context.Context, roleID string) (*Role, error)
	UpdateRole(ctx context.Context, roleID string, updatedRole Role) (*Role, error)
	DeleteRole(ctx context.Context, roleID string) error
	Authenticate(ctx context.Context, authRequest *AuthRequest) (*AuthResponse, error)
}

RBACManager defines the interface for RBAC management

type RbacManager 

type RbacManager struct {
	// contains filtered or unexported fields
}

RbacManager handles authentication, authorization, and audit logging

func NewRBACManager 

func NewRBACManager(logger *logrus.Logger) *RbacManager

NewRBACManager creates a new RBAC manager (alias for NewRbacManager for backward compatibility)

func NewRbacManager 

func NewRbacManager(logger *logrus.Logger) *RbacManager

NewRbacManager creates a new RBAC manager

func (*RbacManager) AddUserToGroup 

func (r *RbacManager) AddUserToGroup(ctx context.Context, userID, groupID string) error

AddUserToGroup adds a user to a group

func (*RbacManager) Authenticate 

func (r *RbacManager) Authenticate(ctx context.Context, authRequest *AuthRequest) (*AuthResponse, error)

Authenticate authenticates a user

func (*RbacManager) CheckPermission 

func (r *RbacManager) CheckPermission(
	ctx context.Context,
	userID string,
	resource string,
	action string,
	scope PermissionScope,
) (bool, error)

CheckPermission checks if a user has permission to perform an action on a resource

func (*RbacManager) CreateGroup 

func (r *RbacManager) CreateGroup(ctx context.Context, group Group) (*Group, error)

CreateGroup creates a new group

func (*RbacManager) CreateRole 

func (r *RbacManager) CreateRole(ctx context.Context, role Role) (*Role, error)

CreateRole creates a new role

func (*RbacManager) CreateUser 

func (r *RbacManager) CreateUser(ctx context.Context, user User) (*User, error)

CreateUser creates a new user

func (*RbacManager) DeleteGroup 

func (r *RbacManager) DeleteGroup(ctx context.Context, groupID string) error

DeleteGroup deletes a group

func (*RbacManager) DeleteRole 

func (r *RbacManager) DeleteRole(ctx context.Context, roleID string) error

DeleteRole deletes a role

func (*RbacManager) DeleteUser 

func (r *RbacManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes a user

func (*RbacManager) GetAuditLogs 

func (r *RbacManager) GetAuditLogs(ctx context.Context) []AuditLogEntry

GetAuditLogs gets all audit logs

func (*RbacManager) GetGroup 

func (r *RbacManager) GetGroup(ctx context.Context, groupID string) (*Group, error)

GetGroup gets a group by ID

func (*RbacManager) GetRole 

func (r *RbacManager) GetRole(ctx context.Context, roleID string) (*Role, error)

GetRole gets a role by ID

func (*RbacManager) GetUser 

func (r *RbacManager) GetUser(ctx context.Context, userID string) (*User, error)

GetUser gets a user by ID

func (*RbacManager) GetUserAuditLogs 

func (r *RbacManager) GetUserAuditLogs(ctx context.Context, userID string) []AuditLogEntry

GetUserAuditLogs gets audit logs for a specific user

func (*RbacManager) GetUserByUsername 

func (r *RbacManager) GetUserByUsername(ctx context.Context, username string) (*User, error)

GetUserByUsername gets a user by username

func (*RbacManager) InitializeDefaults 

func (r *RbacManager) InitializeDefaults() error

InitializeDefaults initializes default roles and admin user

func (*RbacManager) ListGroups 

func (r *RbacManager) ListGroups(ctx context.Context) []Group

ListGroups lists all groups

func (*RbacManager) ListRoles 

func (r *RbacManager) ListRoles(ctx context.Context) []Role

ListRoles lists all roles

func (*RbacManager) ListUsers 

func (r *RbacManager) ListUsers(ctx context.Context) []User

ListUsers lists all users

func (*RbacManager) LogAudit 

func (r *RbacManager) LogAudit(
	ctx context.Context,
	userID string,
	username string,
	action string,
	resource string,
	resourceID *string,
	status AuditStatus,
	details map[string]string,
	clientIP *string,
	userAgent *string,
) error

LogAudit logs an audit event

func (*RbacManager) Logout 

func (r *RbacManager) Logout(ctx context.Context, token string) error

Logout invalidates a token

func (*RbacManager) RemoveUserFromGroup 

func (r *RbacManager) RemoveUserFromGroup(ctx context.Context, userID, groupID string) error

RemoveUserFromGroup removes a user from a group

func (*RbacManager) UpdateGroup 

func (r *RbacManager) UpdateGroup(ctx context.Context, groupID string, updatedGroup Group) (*Group, error)

UpdateGroup updates a group

func (*RbacManager) UpdateRole 

func (r *RbacManager) UpdateRole(ctx context.Context, roleID string, updatedRole Role) (*Role, error)

UpdateRole updates a role

func (*RbacManager) UpdateUser 

func (r *RbacManager) UpdateUser(ctx context.Context, userID string, updatedUser User) (*User, error)

UpdateUser updates a user

func (*RbacManager) ValidateToken 

func (r *RbacManager) ValidateToken(ctx context.Context, token string) (*User, error)

ValidateToken validates a token and gets the associated user

type ResourceAllocation 

type ResourceAllocation struct {
	CPU     float64 `json:"cpu"`
	Memory  int64   `json:"memory"`
	Storage int64   `json:"storage,omitempty"`
}

ResourceAllocation represents a resource allocation request

type ResourceQuotas 

type ResourceQuotas struct {
	CPU              float64 `json:"cpu"`
	Memory           int64   `json:"memory"`
	Storage          int64   `json:"storage"`
	MaxContainers    int     `json:"max_containers"`
	MaxVolumes       int     `json:"max_volumes"`
	MaxLoadBalancers int     `json:"max_load_balancers"`
}

ResourceQuotas represents resource quotas for a tenant

type ResourceScope 

type ResourceScope struct {
	Resource string
}

ResourceScope represents a resource-scoped permission

func (ResourceScope) String 

func (r ResourceScope) String() string

type ResourceUsage 

type ResourceUsage struct {
	CPU           float64 `json:"cpu"`
	Memory        int64   `json:"memory"`
	Storage       int64   `json:"storage"`
	Containers    int     `json:"containers"`
	Volumes       int     `json:"volumes"`
	LoadBalancers int     `json:"load_balancers"`
}

ResourceUsage represents resource usage for a tenant

type Role 

type Role struct {
	ID          string       `json:"id"`
	Name        string       `json:"name"`
	Description string       `json:"description"`
	Permissions []Permission `json:"permissions"`
	CreatedAt   int64        `json:"created_at"`
	UpdatedAt   int64        `json:"updated_at"`
}

Role represents a set of permissions

type RuntimeCheckResult 

type RuntimeCheckResult struct {
	ContainerID string             `json:"container_id"`
	Timestamp   int64              `json:"timestamp"`
	Violations  []RuntimeViolation `json:"violations"`
	Compliant   bool               `json:"compliant"`
}

RuntimeCheckResult represents a container runtime security check result

type RuntimeViolation 

type RuntimeViolation struct {
	RuleID      string                `json:"rule_id"`
	Description string                `json:"description"`
	Severity    SecurityEventSeverity `json:"severity"`
	Details     map[string]string     `json:"details"`
	Timestamp   int64                 `json:"timestamp"`
}

RuntimeViolation represents a runtime security violation

type ScanResult 

type ScanResult struct {
	ImageID         string          `json:"image_id"`
	ImageName       string          `json:"image_name"`
	ScanTime        int64           `json:"scan_time"`
	Vulnerabilities []Vulnerability `json:"vulnerabilities"`
	Compliant       bool            `json:"compliant"`
	ScanStatus      ScanStatus      `json:"scan_status"`
	ScanErrors      []string        `json:"scan_errors"`
}

ScanResult represents the results of a container image scan

type ScanStatus 

type ScanStatus string

ScanStatus represents the status of a container scan 

const (
	// ScanStatusPending indicates the scan is pending
	ScanStatusPending ScanStatus = "pending"
	// ScanStatusInProgress indicates the scan is in progress
	ScanStatusInProgress ScanStatus = "in_progress"
	// ScanStatusCompleted indicates the scan is completed
	ScanStatusCompleted ScanStatus = "completed"
	// ScanStatusFailed indicates the scan has failed
	ScanStatusFailed ScanStatus = "failed"
)

type Secret 

type Secret struct {
	ID             string            `json:"id"`
	Name           string            `json:"name"`
	Description    string            `json:"description"`
	Data           []byte            `json:"-"` // Skip serializing secret data
	Version        uint32            `json:"version"`
	CreatedAt      int64             `json:"created_at"`
	UpdatedAt      int64             `json:"updated_at"`
	CreatedBy      string            `json:"created_by"`
	LastAccessed   *int64            `json:"last_accessed,omitempty"`
	Labels         map[string]string `json:"labels"`
	Metadata       map[string]string `json:"metadata"`
	Expiration     *int64            `json:"expiration,omitempty"`
	RotationPeriod *int64            `json:"rotation_period,omitempty"`
	LastRotated    *int64            `json:"last_rotated,omitempty"`
}

Secret represents a sensitive piece of information

type SecretAccessLog 

type SecretAccessLog struct {
	ID        string       `json:"id"`
	SecretID  string       `json:"secret_id"`
	UserID    string       `json:"user_id"`
	Timestamp int64        `json:"timestamp"`
	Action    SecretAction `json:"action"`
	ClientIP  *string      `json:"client_ip,omitempty"`
	UserAgent *string      `json:"user_agent,omitempty"`
}

SecretAccessLog represents a log entry for secret access

type SecretAction 

type SecretAction string

SecretAction represents the type of action performed on a secret 

const (
	// SecretActionCreate represents a secret creation action
	SecretActionCreate SecretAction = "create"
	// SecretActionRead represents a secret read action
	SecretActionRead SecretAction = "read"
	// SecretActionUpdate represents a secret update action
	SecretActionUpdate SecretAction = "update"
	// SecretActionDelete represents a secret deletion action
	SecretActionDelete SecretAction = "delete"
	// SecretActionRotate represents a secret rotation action
	SecretActionRotate SecretAction = "rotate"
	// SecretActionMount represents a secret mount action
	SecretActionMount SecretAction = "mount"
	// SecretActionUnmount represents a secret unmount action
	SecretActionUnmount SecretAction = "unmount"
)

type SecretManager 

type SecretManager struct {
	// contains filtered or unexported fields
}

SecretManager handles secure storage and distribution of secrets

func NewSecretManager 

func NewSecretManager(logger *logrus.Logger) *SecretManager

NewSecretManager creates a new secret manager

func (*SecretManager) CheckRotationNeeded 

func (s *SecretManager) CheckRotationNeeded(ctx context.Context) []Secret

CheckRotationNeeded checks for secrets that need rotation

func (*SecretManager) CreateEncryptionKey 

func (s *SecretManager) CreateEncryptionKey(
	ctx context.Context,
	name string,
	algorithm EncryptionAlgorithm,
	expiresAt *int64,
	makePrimary bool,
) (*EncryptionKey, error)

CreateEncryptionKey creates a new encryption key

func (*SecretManager) CreateSecret 

func (s *SecretManager) CreateSecret(
	ctx context.Context,
	name string,
	description string,
	data []byte,
	createdBy string,
	labels map[string]string,
	metadata map[string]string,
	expiration *int64,
	rotationPeriod *int64,
) (*Secret, error)

CreateSecret creates a new secret

func (*SecretManager) DeleteSecret 

func (s *SecretManager) DeleteSecret(ctx context.Context, secretID string, userID string) error

DeleteSecret deletes a secret

func (*SecretManager) GetContainerSecrets 

func (s *SecretManager) GetContainerSecrets(ctx context.Context, containerID string) []SecretReference

GetContainerSecrets gets all secrets mounted to a container

func (*SecretManager) GetSecret 

func (s *SecretManager) GetSecret(ctx context.Context, secretID string, userID string) (*Secret, error)

GetSecret gets a secret by ID This method was modified to decrypt the data before returning it Previously it was returning the encrypted data, which was causing issues

func (*SecretManager) GetSecretAccessLogs 

func (s *SecretManager) GetSecretAccessLogs(ctx context.Context, secretID string) []SecretAccessLog

GetSecretAccessLogs gets access logs for a secret

func (*SecretManager) InitializeEncryptionKeys 

func (s *SecretManager) InitializeEncryptionKeys() error

InitializeEncryptionKeys initializes encryption keys

func (*SecretManager) ListEncryptionKeys 

func (s *SecretManager) ListEncryptionKeys(ctx context.Context) []EncryptionKey

ListEncryptionKeys lists all encryption keys (without sensitive data)

func (*SecretManager) ListSecrets 

func (s *SecretManager) ListSecrets(ctx context.Context) []Secret

ListSecrets lists all secrets (without sensitive data)

func (*SecretManager) MountSecretToContainer 

func (s *SecretManager) MountSecretToContainer(
	ctx context.Context,
	secretID string,
	containerID string,
	mountPath string,
	envVar *string,
	fileName *string,
	fileMode *uint32,
	userID string,
) (*SecretReference, error)

MountSecretToContainer mounts a secret to a container

func (*SecretManager) RotateEncryptionKey 

func (s *SecretManager) RotateEncryptionKey(ctx context.Context, userID string) error

RotateEncryptionKey rotates all secrets using a new encryption key

func (*SecretManager) RotateSecret 

func (s *SecretManager) RotateSecret(ctx context.Context, secretID string, newData []byte, userID string) (*Secret, error)

RotateSecret rotates a secret

func (*SecretManager) UnmountSecretFromContainer 

func (s *SecretManager) UnmountSecretFromContainer(
	ctx context.Context,
	secretID string,
	containerID string,
	userID string,
) error

UnmountSecretFromContainer unmounts a secret from a container

func (*SecretManager) UpdateSecret 

func (s *SecretManager) UpdateSecret(
	ctx context.Context,
	secretID string,
	description *string,
	data []byte,
	labels map[string]string,
	metadata map[string]string,
	expiration *int64,
	rotationPeriod *int64,
	userID string,
) (*Secret, error)

UpdateSecret updates a secret

type SecretReference 

type SecretReference struct {
	SecretID    string  `json:"secret_id"`
	ContainerID string  `json:"container_id"`
	MountPath   string  `json:"mount_path"`
	EnvVar      *string `json:"env_var,omitempty"`
	FileName    *string `json:"file_name,omitempty"`
	FileMode    *uint32 `json:"file_mode,omitempty"`
	CreatedAt   int64   `json:"created_at"`
}

SecretReference represents a reference to a secret for a container

type SecretRotationPolicy 

type SecretRotationPolicy struct {
	Enabled       bool   `json:"enabled"`
	IntervalDays  int    `json:"interval_days"`
	AutoRotate    bool   `json:"auto_rotate"`
	NotifyBefore  int    `json:"notify_before"`
	LastRotatedAt int64  `json:"last_rotated_at"`
	NextRotation  int64  `json:"next_rotation"`
	SecretType    string `json:"secret_type"`
}

SecretRotationPolicy defines the policy for secret rotation

type SecurityEvent 

type SecurityEvent struct {
	ID        string                `json:"id"`
	EventType SecurityEventType     `json:"event_type"`
	Source    string                `json:"source"`
	Timestamp int64                 `json:"timestamp"`
	Message   string                `json:"message"`
	Details   map[string]string     `json:"details"`
	Severity  SecurityEventSeverity `json:"severity"`
}

SecurityEvent represents a security event for logging and alerting

type SecurityEventSeverity 

type SecurityEventSeverity string

SecurityEventSeverity represents the severity of a security event 

const (
	// EventSeverityInfo represents an informational security event
	EventSeverityInfo SecurityEventSeverity = "info"
	// EventSeverityWarning represents a warning security event
	EventSeverityWarning SecurityEventSeverity = "warning"
	// EventSeverityError represents an error security event
	EventSeverityError SecurityEventSeverity = "error"
	// EventSeverityCritical represents a critical security event
	EventSeverityCritical SecurityEventSeverity = "critical"
)

type SecurityEventType 

type SecurityEventType string

SecurityEventType represents the type of a security event 

const (
	// EventTypeVulnerabilityFound indicates a vulnerability was found
	EventTypeVulnerabilityFound SecurityEventType = "vulnerability_found"
	// EventTypePolicyViolation indicates a policy violation
	EventTypePolicyViolation SecurityEventType = "policy_violation"
	// EventTypeScanCompleted indicates a scan was completed
	EventTypeScanCompleted SecurityEventType = "scan_completed"
	// EventTypeScanFailed indicates a scan has failed
	EventTypeScanFailed SecurityEventType = "scan_failed"
	// EventTypeRuntimeViolation indicates a runtime violation
	EventTypeRuntimeViolation SecurityEventType = "runtime_violation"
	// EventTypeUnauthorizedAccess indicates unauthorized access
	EventTypeUnauthorizedAccess SecurityEventType = "unauthorized_access"
)

type SecurityPolicy 

type SecurityPolicy struct {
	ID                string                `json:"id"`
	Name              string                `json:"name"`
	Description       string                `json:"description"`
	MaxSeverity       VulnerabilitySeverity `json:"max_severity"`
	BlockOnSeverity   VulnerabilitySeverity `json:"block_on_severity"`
	WhitelistCVEs     []string              `json:"whitelist_cves"`
	BlacklistCVEs     []string              `json:"blacklist_cves"`
	AllowedRegistries []string              `json:"allowed_registries"`
	RequiredLabels    map[string]string     `json:"required_labels"`
	ScanFrequency     time.Duration         `json:"scan_frequency"`
	CreatedAt         int64                 `json:"created_at"`
	UpdatedAt         int64                 `json:"updated_at"`
}

SecurityPolicy represents a security policy for container images

type StorageACLManager 

type StorageACLManager struct {
	// contains filtered or unexported fields
}

StorageACLManager handles access control for storage resources

func NewStorageACLManager 

func NewStorageACLManager(logger *logrus.Logger) *StorageACLManager

NewStorageACLManager creates a new storage ACL manager

func (*StorageACLManager) ApplyBulkRules 

func (m *StorageACLManager) ApplyBulkRules(
	ctx context.Context,
	rules []StorageACLRule,
	createdBy string,
) ([]StorageACLRule, error)

ApplyBulkRules applies multiple rules at once

func (*StorageACLManager) CheckAccess 

func (m *StorageACLManager) CheckAccess(
	ctx context.Context,
	resourceID string,
	resourceType StorageResourceType,
	subjectType string,
	subjectID string,
	permission StoragePermission,
	clientIP *string,
	userAgent *string,
) (bool, *StorageACLRule, error)

CheckAccess checks if a subject has access to a resource

func (*StorageACLManager) CleanupExpiredRules 

func (m *StorageACLManager) CleanupExpiredRules(ctx context.Context) int

CleanupExpiredRules removes expired rules

func (*StorageACLManager) CreateACLPolicy 

func (m *StorageACLManager) CreateACLPolicy(
	ctx context.Context,
	name string,
	description string,
	rules []StorageACLRule,
	createdBy string,
) (*StorageACLPolicy, error)

CreateACLPolicy creates a new ACL policy

func (*StorageACLManager) CreateACLRule 

func (m *StorageACLManager) CreateACLRule(
	ctx context.Context,
	resourceID string,
	resourceType StorageResourceType,
	subjectType string,
	subjectID string,
	permission StoragePermission,
	effect string,
	condition map[string]string,
	expiresAt *int64,
	createdBy string,
	priority int,
) (*StorageACLRule, error)

CreateACLRule creates a new ACL rule

func (*StorageACLManager) DeleteACLPolicy 

func (m *StorageACLManager) DeleteACLPolicy(ctx context.Context, policyID string) error

DeleteACLPolicy deletes an ACL policy

func (*StorageACLManager) DeleteACLRule 

func (m *StorageACLManager) DeleteACLRule(ctx context.Context, ruleID string) error

DeleteACLRule deletes an ACL rule

func (*StorageACLManager) GetACLPolicy 

func (m *StorageACLManager) GetACLPolicy(ctx context.Context, policyID string) (*StorageACLPolicy, error)

GetACLPolicy gets an ACL policy by ID

func (*StorageACLManager) GetACLRule 

func (m *StorageACLManager) GetACLRule(ctx context.Context, ruleID string) (*StorageACLRule, error)

GetACLRule gets an ACL rule by ID

func (*StorageACLManager) GetAccessLogs 

func (m *StorageACLManager) GetAccessLogs(
	ctx context.Context,
	resourceID string,
	resourceType StorageResourceType,
) []StorageAccessLog

GetAccessLogs gets access logs for a resource

func (*StorageACLManager) GetDefaultRules 

func (m *StorageACLManager) GetDefaultRules(
	ctx context.Context,
	resourceType StorageResourceType,
) []StorageACLRule

GetDefaultRules gets default rules for a resource type

func (*StorageACLManager) GetUserAccessLogs 

func (m *StorageACLManager) GetUserAccessLogs(ctx context.Context, userID string) []StorageAccessLog

GetUserAccessLogs gets access logs for a user

func (*StorageACLManager) ListACLPolicies 

func (m *StorageACLManager) ListACLPolicies(ctx context.Context) []StorageACLPolicy

ListACLPolicies lists all ACL policies

func (*StorageACLManager) ListACLRules 

func (m *StorageACLManager) ListACLRules(ctx context.Context) []StorageACLRule

ListACLRules lists all ACL rules

func (*StorageACLManager) ListACLRulesByResource 

func (m *StorageACLManager) ListACLRulesByResource(
	ctx context.Context,
	resourceID string,
	resourceType StorageResourceType,
) []StorageACLRule

ListACLRulesByResource lists ACL rules for a specific resource

func (*StorageACLManager) ListACLRulesBySubject 

func (m *StorageACLManager) ListACLRulesBySubject(
	ctx context.Context,
	subjectType string,
	subjectID string,
) []StorageACLRule

ListACLRulesBySubject lists ACL rules for a specific subject

func (*StorageACLManager) UpdateACLPolicy 

func (m *StorageACLManager) UpdateACLPolicy(
	ctx context.Context,
	policyID string,
	name *string,
	description *string,
	rules []StorageACLRule,
	isActive *bool,
) (*StorageACLPolicy, error)

UpdateACLPolicy updates an existing ACL policy

func (*StorageACLManager) UpdateACLRule 

func (m *StorageACLManager) UpdateACLRule(
	ctx context.Context,
	ruleID string,
	permission *StoragePermission,
	effect *string,
	condition map[string]string,
	expiresAt *int64,
	priority *int,
) (*StorageACLRule, error)

UpdateACLRule updates an existing ACL rule

type StorageACLPolicy 

type StorageACLPolicy struct {
	ID          string           `json:"id"`
	Name        string           `json:"name"`
	Description string           `json:"description"`
	Rules       []StorageACLRule `json:"rules"`
	CreatedAt   int64            `json:"created_at"`
	UpdatedAt   int64            `json:"updated_at"`
	CreatedBy   string           `json:"created_by"`
	IsActive    bool             `json:"is_active"`
}

StorageACLPolicy represents a collection of ACL rules

type StorageACLRule 

type StorageACLRule struct {
	ID              string              `json:"id"`
	ResourceID      string              `json:"resource_id"`
	ResourceType    StorageResourceType `json:"resource_type"`
	SubjectType     string              `json:"subject_type"` // "user", "group", "role", "service"
	SubjectID       string              `json:"subject_id"`
	Permission      StoragePermission   `json:"permission"`
	Effect          string              `json:"effect"` // "allow" or "deny"
	Condition       map[string]string   `json:"condition,omitempty"`
	CreatedAt       int64               `json:"created_at"`
	ExpiresAt       *int64              `json:"expires_at,omitempty"`
	CreatedBy       string              `json:"created_by"`
	Priority        int                 `json:"priority"`
	IsDefaultPolicy bool                `json:"is_default_policy"`
}

StorageACLRule represents an access control rule for a storage resource

type StorageAccessLog 

type StorageAccessLog struct {
	ID           string              `json:"id"`
	ResourceID   string              `json:"resource_id"`
	ResourceType StorageResourceType `json:"resource_type"`
	UserID       string              `json:"user_id"`
	Action       string              `json:"action"`
	Timestamp    int64               `json:"timestamp"`
	Allowed      bool                `json:"allowed"`
	RuleID       *string             `json:"rule_id,omitempty"`
	ClientIP     *string             `json:"client_ip,omitempty"`
	UserAgent    *string             `json:"user_agent,omitempty"`
}

StorageAccessLog represents a log entry for storage access

type StorageEncryptionKey 

type StorageEncryptionKey struct {
	ID          string                  `json:"id"`
	Name        string                  `json:"name"`
	Algorithm   EncryptionAlgorithmType `json:"algorithm"`
	KeyData     []byte                  `json:"-"` // Skip serializing key data
	CreatedAt   int64                   `json:"created_at"`
	ExpiresAt   *int64                  `json:"expires_at,omitempty"`
	IsPrimary   bool                    `json:"is_primary"`
	KeyHash     string                  `json:"key_hash"`
	Description string                  `json:"description"`
	CreatedBy   string                  `json:"created_by"`
	Version     uint32                  `json:"version"`
	Labels      map[string]string       `json:"labels,omitempty"`
}

StorageEncryptionKey represents an encryption key for storage resources

type StorageEncryptionManager 

type StorageEncryptionManager struct {
	// contains filtered or unexported fields
}

StorageEncryptionManager handles encryption for storage resources

func NewStorageEncryptionManager 

func NewStorageEncryptionManager(logger *logrus.Logger, secretManager *SecretManager) *StorageEncryptionManager

NewStorageEncryptionManager creates a new storage encryption manager

func (*StorageEncryptionManager) BackupKeys 

func (m *StorageEncryptionManager) BackupKeys(ctx context.Context, userID string) error

BackupKeys backs up encryption keys to the secret manager

func (*StorageEncryptionManager) CreateEncryptionKey 

func (m *StorageEncryptionManager) CreateEncryptionKey(
	ctx context.Context,
	name string,
	algorithm EncryptionAlgorithmType,
	description string,
	expiresAt *int64,
	makePrimary bool,
	createdBy string,
	labels map[string]string,
) (*StorageEncryptionKey, error)

CreateEncryptionKey creates a new encryption key

func (*StorageEncryptionManager) DecryptVolume 

func (m *StorageEncryptionManager) DecryptVolume(
	ctx context.Context,
	volumeID string,
) (*EncryptionOperation, error)

DecryptVolume decrypts a storage volume

func (*StorageEncryptionManager) DeleteEncryptionKey 

func (m *StorageEncryptionManager) DeleteEncryptionKey(ctx context.Context, keyID string) error

DeleteEncryptionKey deletes an encryption key

func (*StorageEncryptionManager) EncryptVolume 

func (m *StorageEncryptionManager) EncryptVolume(
	ctx context.Context,
	volumeID string,
	keyID string,
) (*EncryptionOperation, error)

EncryptVolume encrypts a storage volume

func (*StorageEncryptionManager) GetEncryptionKey 

func (m *StorageEncryptionManager) GetEncryptionKey(ctx context.Context, keyID string) (*StorageEncryptionKey, error)

GetEncryptionKey gets an encryption key by ID

func (*StorageEncryptionManager) GetEncryptionStatus 

func (m *StorageEncryptionManager) GetEncryptionStatus(ctx context.Context, volumeID string) (*EncryptedVolume, error)

GetEncryptionStatus gets the encryption status of a volume

func (*StorageEncryptionManager) InitializeEncryptionKeys 

func (m *StorageEncryptionManager) InitializeEncryptionKeys() error

InitializeEncryptionKeys initializes encryption keys

func (*StorageEncryptionManager) ListEncryptionKeys 

func (m *StorageEncryptionManager) ListEncryptionKeys(ctx context.Context) []StorageEncryptionKey

ListEncryptionKeys lists all encryption keys (without sensitive data)

func (*StorageEncryptionManager) RestoreKeys 

func (m *StorageEncryptionManager) RestoreKeys(ctx context.Context, userID string) error

RestoreKeys restores encryption keys from the secret manager

type StoragePermission 

type StoragePermission string

StoragePermission represents a permission for a storage resource 

const (
	// StoragePermissionRead represents read permission
	StoragePermissionRead StoragePermission = "read"
	// StoragePermissionWrite represents write permission
	StoragePermissionWrite StoragePermission = "write"
	// StoragePermissionDelete represents delete permission
	StoragePermissionDelete StoragePermission = "delete"
	// StoragePermissionMount represents mount permission
	StoragePermissionMount StoragePermission = "mount"
	// StoragePermissionSnapshot represents snapshot permission
	StoragePermissionSnapshot StoragePermission = "snapshot"
	// StoragePermissionClone represents clone permission
	StoragePermissionClone StoragePermission = "clone"
	// StoragePermissionResize represents resize permission
	StoragePermissionResize StoragePermission = "resize"
	// StoragePermissionBackup represents backup permission
	StoragePermissionBackup StoragePermission = "backup"
	// StoragePermissionRestore represents restore permission
	StoragePermissionRestore StoragePermission = "restore"
	// StoragePermissionAdmin represents admin permission (all permissions)
	StoragePermissionAdmin StoragePermission = "admin"
)

type StorageQoSManager 

type StorageQoSManager struct {
	// contains filtered or unexported fields
}

StorageQoSManager handles Quality of Service for storage resources

func NewStorageQoSManager 

func NewStorageQoSManager(logger *logrus.Logger) *StorageQoSManager

NewStorageQoSManager creates a new storage QoS manager

func (*StorageQoSManager) AssignQoSPolicy 

func (m *StorageQoSManager) AssignQoSPolicy(
	ctx context.Context,
	policyID string,
	resourceID string,
	resourceType string,
	createdBy string,
	labels map[string]string,
) (*QoSAssignment, error)

AssignQoSPolicy assigns a QoS policy to a storage resource

func (*StorageQoSManager) CleanupOldMetrics 

func (m *StorageQoSManager) CleanupOldMetrics(ctx context.Context, olderThan int64) int

CleanupOldMetrics removes old metrics

func (*StorageQoSManager) CreateQoSPolicy 

func (m *StorageQoSManager) CreateQoSPolicy(
	ctx context.Context,
	name string,
	description string,
	policyType QoSPolicyType,
	limitType QoSLimitType,
	value int64,
	burstValue *int64,
	priority QoSPriority,
	createdBy string,
	labels map[string]string,
) (*QoSPolicy, error)

CreateQoSPolicy creates a new QoS policy

func (*StorageQoSManager) DeleteQoSPolicy 

func (m *StorageQoSManager) DeleteQoSPolicy(ctx context.Context, policyID string) error

DeleteQoSPolicy deletes a QoS policy

func (*StorageQoSManager) EnforceQoSPolicies 

func (m *StorageQoSManager) EnforceQoSPolicies(ctx context.Context) error

EnforceQoSPolicies enforces QoS policies for all resources

func (*StorageQoSManager) GetQoSAssignment 

func (m *StorageQoSManager) GetQoSAssignment(ctx context.Context, assignmentID string) (*QoSAssignment, error)

GetQoSAssignment gets a QoS assignment by ID

func (*StorageQoSManager) GetQoSMetrics 

func (m *StorageQoSManager) GetQoSMetrics(
	ctx context.Context,
	resourceID string,
	metricType string,
	startTime int64,
	endTime int64,
) []QoSMetric

GetQoSMetrics gets QoS metrics for a specific resource

func (*StorageQoSManager) GetQoSPolicy 

func (m *StorageQoSManager) GetQoSPolicy(ctx context.Context, policyID string) (*QoSPolicy, error)

GetQoSPolicy gets a QoS policy by ID

func (*StorageQoSManager) GetQoSViolation 

func (m *StorageQoSManager) GetQoSViolation(ctx context.Context, violationID string) (*QoSViolation, error)

GetQoSViolation gets a QoS violation by ID

func (*StorageQoSManager) ListQoSAssignments 

func (m *StorageQoSManager) ListQoSAssignments(ctx context.Context) []QoSAssignment

ListQoSAssignments lists all QoS assignments

func (*StorageQoSManager) ListQoSAssignmentsByPolicy 

func (m *StorageQoSManager) ListQoSAssignmentsByPolicy(
	ctx context.Context,
	policyID string,
) []QoSAssignment

ListQoSAssignmentsByPolicy lists QoS assignments for a specific policy

func (*StorageQoSManager) ListQoSAssignmentsByResource 

func (m *StorageQoSManager) ListQoSAssignmentsByResource(
	ctx context.Context,
	resourceID string,
) []QoSAssignment

ListQoSAssignmentsByResource lists QoS assignments for a specific resource

func (*StorageQoSManager) ListQoSPolicies 

func (m *StorageQoSManager) ListQoSPolicies(ctx context.Context) []QoSPolicy

ListQoSPolicies lists all QoS policies

func (*StorageQoSManager) ListQoSViolations 

func (m *StorageQoSManager) ListQoSViolations(ctx context.Context, includeResolved bool) []QoSViolation

ListQoSViolations lists all QoS violations

func (*StorageQoSManager) ListQoSViolationsByResource 

func (m *StorageQoSManager) ListQoSViolationsByResource(
	ctx context.Context,
	resourceID string,
	includeResolved bool,
) []QoSViolation

ListQoSViolationsByResource lists QoS violations for a specific resource

func (*StorageQoSManager) RecordQoSMetric 

func (m *StorageQoSManager) RecordQoSMetric(
	ctx context.Context,
	resourceID string,
	resourceType string,
	metricType string,
	value int64,
)

RecordQoSMetric records a QoS metric for a storage resource

func (*StorageQoSManager) ResolveQoSViolation 

func (m *StorageQoSManager) ResolveQoSViolation(ctx context.Context, violationID string) error

ResolveQoSViolation marks a QoS violation as resolved

func (*StorageQoSManager) UnassignQoSPolicy 

func (m *StorageQoSManager) UnassignQoSPolicy(
	ctx context.Context,
	assignmentID string,
) error

UnassignQoSPolicy unassigns a QoS policy from a storage resource

func (*StorageQoSManager) UpdateQoSPolicy 

func (m *StorageQoSManager) UpdateQoSPolicy(
	ctx context.Context,
	policyID string,
	name *string,
	description *string,
	value *int64,
	burstValue *int64,
	priority *QoSPriority,
	isActive *bool,
	labels map[string]string,
) (*QoSPolicy, error)

UpdateQoSPolicy updates an existing QoS policy

type StorageResourceType 

type StorageResourceType string

StorageResourceType represents the type of storage resource 

const (
	// StorageResourceTypeVolume represents a storage volume
	StorageResourceTypeVolume StorageResourceType = "volume"
	// StorageResourceTypeSnapshot represents a volume snapshot
	StorageResourceTypeSnapshot StorageResourceType = "snapshot"
	// StorageResourceTypeBackup represents a backup
	StorageResourceTypeBackup StorageResourceType = "backup"
	// StorageResourceTypePool represents a storage pool
	StorageResourceTypePool StorageResourceType = "pool"
	// StorageResourceTypeFileSystem represents a file system
	StorageResourceTypeFileSystem StorageResourceType = "filesystem"
)

type Subnet 

type Subnet struct {
	CIDR      string    `json:"cidr"`
	Gateway   string    `json:"gateway"`
	NodeID    string    `json:"node_id"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
	IP        net.IP    `json:"ip"`
	MaskBits  int       `json:"mask_bits"`
}

Subnet represents a network subnet

type Tenant 

type Tenant struct {
	ID          string            `json:"id"`
	Name        string            `json:"name"`
	Email       string            `json:"email"`
	CreatedAt   int64             `json:"created_at"`
	UpdatedAt   int64             `json:"updated_at"`
	Status      string            `json:"status"`
	Quota       TenantQuota       `json:"quota"`
	Annotations map[string]string `json:"annotations,omitempty"`
}

Tenant represents a tenant in the system

type TenantManager 

type TenantManager struct {
	// contains filtered or unexported fields
}

TenantManager handles tenant management

func NewTenantManager 

func NewTenantManager(logger *logrus.Logger) *TenantManager

NewTenantManager creates a new tenant manager

func (*TenantManager) CheckResourceAllocation 

func (m *TenantManager) CheckResourceAllocation(ctx context.Context, tenantID string, allocationInterface interface{}) (bool, error)

CheckResourceAllocation checks if a resource allocation is allowed for a tenant

func (*TenantManager) CreateTenant 

func (m *TenantManager) CreateTenant(ctx context.Context, name, description, email string) (*Tenant, error)

CreateTenant creates a new tenant

func (*TenantManager) CreateUser 

func (m *TenantManager) CreateUser(ctx context.Context, tenantID, username, name, email string) (*TenantUser, error)

CreateUser creates a new user

func (*TenantManager) DeleteTenant 

func (m *TenantManager) DeleteTenant(ctx context.Context, id string) error

DeleteTenant deletes a tenant

func (*TenantManager) DeleteUser 

func (m *TenantManager) DeleteUser(ctx context.Context, tenantID, username string) error

DeleteUser deletes a user from a tenant

func (*TenantManager) EnableNetworkIsolation 

func (m *TenantManager) EnableNetworkIsolation(ctx context.Context, tenantID string) error

EnableNetworkIsolation enables network isolation for a tenant

func (*TenantManager) GetResourceQuotas 

func (m *TenantManager) GetResourceQuotas(ctx context.Context, tenantID string) (*ResourceQuotas, error)

GetResourceQuotas gets resource quotas for a tenant

func (*TenantManager) GetResourceUsage 

func (m *TenantManager) GetResourceUsage(ctx context.Context, tenantID string) (*ResourceUsage, error)

GetResourceUsage gets resource usage for a tenant

func (*TenantManager) GetTenant 

func (m *TenantManager) GetTenant(ctx context.Context, id string) (*Tenant, error)

GetTenant gets a tenant by ID

func (*TenantManager) GetUser 

func (m *TenantManager) GetUser(ctx context.Context, tenantID, username string) (*TenantUser, error)

GetUser retrieves a user by tenant ID and username

func (*TenantManager) ListTenants 

func (m *TenantManager) ListTenants(ctx context.Context) ([]*Tenant, error)

ListTenants lists all tenants

func (*TenantManager) ListUsers 

func (m *TenantManager) ListUsers(ctx context.Context, tenantID string) ([]*TenantUser, error)

ListUsers returns a list of users for a tenant

func (*TenantManager) RecordResourceUsage 

func (m *TenantManager) RecordResourceUsage(ctx context.Context, tenantID string, usage ResourceUsage) error

RecordResourceUsage records resource usage for a tenant

func (*TenantManager) RegisterContainer 

func (m *TenantManager) RegisterContainer(ctx context.Context, tenantID string, containerID string) error

RegisterContainer registers a container with a tenant

func (*TenantManager) SetResourceQuotas 

func (m *TenantManager) SetResourceQuotas(ctx context.Context, tenantID string, quotas ResourceQuotas) error

SetResourceQuotas sets resource quotas for a tenant

func (*TenantManager) UpdateResourceUsageForApp 

func (m *TenantManager) UpdateResourceUsageForApp(ctx context.Context, tenantID string, cpu float64, memory int64, add bool) error

UpdateResourceUsageForApp updates resource usage for a tenant based on app resource requirements

func (*TenantManager) UpdateTenant 

func (m *TenantManager) UpdateTenant(ctx context.Context, id, name, status string) (*Tenant, error)

UpdateTenant updates a tenant

func (*TenantManager) UpdateTenantQuota 

func (m *TenantManager) UpdateTenantQuota(ctx context.Context, id string, quota TenantQuota) (*Tenant, error)

UpdateTenantQuota updates a tenant's quota

func (*TenantManager) WithAppManager 

func (m *TenantManager) WithAppManager(appManager interface{}) *TenantManager

WithAppManager connects an app manager to the tenant manager This method was added to fix the TestTenantResourceScheduling nil pointer dereference issue by properly connecting the tenant manager with the app manager

func (*TenantManager) WithNetworkPolicyManager 

func (m *TenantManager) WithNetworkPolicyManager(policyManager *NetworkPolicyManager) *TenantManager

WithNetworkPolicyManager sets the network policy manager for the tenant manager

func (*TenantManager) WithStorageACLManager 

func (m *TenantManager) WithStorageACLManager(aclManager interface{}) *TenantManager

WithStorageACLManager connects a storage ACL manager to the tenant manager

func (*TenantManager) WithStorageManager 

func (m *TenantManager) WithStorageManager(storageManager interface{}) *TenantManager

WithStorageManager connects a storage manager to the tenant manager

type TenantQuota 

type TenantQuota struct {
	CPULimit      float64 `json:"cpu_limit"`
	MemoryLimit   int64   `json:"memory_limit"`
	StorageLimit  int64   `json:"storage_limit"`
	ServicesLimit int     `json:"services_limit"`
	NodesLimit    int     `json:"nodes_limit"`
}

TenantQuota represents resource quotas for a tenant

type TenantUser 

type TenantUser struct {
	ID        string            `json:"id"`
	Username  string            `json:"username"`
	Name      string            `json:"name"`
	Email     string            `json:"email"`
	TenantID  string            `json:"tenant_id"`
	Role      string            `json:"role"`
	CreatedAt int64             `json:"created_at"`
	UpdatedAt int64             `json:"updated_at"`
	Status    string            `json:"status"`
	Metadata  map[string]string `json:"metadata,omitempty"`
}

TenantUser represents a user in the tenant system

type TrafficLoggingLevel 

type TrafficLoggingLevel string

TrafficLoggingLevel represents the level of network traffic logging 

const (
	// LoggingLevelNone represents no logging
	LoggingLevelNone TrafficLoggingLevel = "None"
	// LoggingLevelMetadata represents metadata-only logging
	LoggingLevelMetadata TrafficLoggingLevel = "Metadata"
	// LoggingLevelHeaders represents header-level logging
	LoggingLevelHeaders TrafficLoggingLevel = "Headers"
	// LoggingLevelFull represents full packet logging
	LoggingLevelFull TrafficLoggingLevel = "Full"
)

type User 

type User struct {
	ID           string   `json:"id"`
	Username     string   `json:"username"`
	PasswordHash string   `json:"-"` // Skip serializing password hash
	Email        string   `json:"email"`
	FullName     string   `json:"full_name"`
	Roles        []string `json:"roles"`
	Groups       []string `json:"groups"`
	CreatedAt    int64    `json:"created_at"`
	UpdatedAt    int64    `json:"updated_at"`
	LastLogin    *int64   `json:"last_login,omitempty"`
	Active       bool     `json:"active"`
}

User represents a user in the system

type ViolationLog 

type ViolationLog struct {
	ID                   string            `json:"id"`
	Timestamp            int64             `json:"timestamp"`
	SourceContainer      string            `json:"source_container"`
	SourceIP             net.IP            `json:"source_ip"`
	DestinationContainer *string           `json:"destination_container,omitempty"`
	DestinationIP        net.IP            `json:"destination_ip"`
	Protocol             Protocol          `json:"protocol"`
	Port                 uint16            `json:"port"`
	PolicyName           string            `json:"policy_name"`
	RuleID               *string           `json:"rule_id,omitempty"`
	Action               PolicyAction      `json:"action"`
	TenantID             *string           `json:"tenant_id,omitempty"`
	Severity             ViolationSeverity `json:"severity"`
	Resolved             bool              `json:"resolved"`
	ResolutionTimestamp  *int64            `json:"resolution_timestamp,omitempty"`
	ResolutionAction     *string           `json:"resolution_action,omitempty"`
}

ViolationLog represents a log entry for a policy violation

type ViolationSeverity 

type ViolationSeverity string

ViolationSeverity represents the severity level of a policy violation 

const (
	// ViolationSeverityInfo represents an informational severity level
	ViolationSeverityInfo ViolationSeverity = "Info"
	// ViolationSeverityWarning represents a warning severity level
	ViolationSeverityWarning ViolationSeverity = "Warning"
	// ViolationSeverityCritical represents a critical severity level
	ViolationSeverityCritical ViolationSeverity = "Critical"
)

type Vulnerability 

type Vulnerability struct {
	ID              string                `json:"id"`
	Name            string                `json:"name"`
	Description     string                `json:"description"`
	Severity        VulnerabilitySeverity `json:"severity"`
	AffectedPackage string                `json:"affected_package"`
	AffectedVersion string                `json:"affected_version"`
	FixedVersion    *string               `json:"fixed_version,omitempty"`
	CVEID           *string               `json:"cve_id,omitempty"`
	DiscoveredAt    int64                 `json:"discovered_at"`
}

Vulnerability represents a vulnerability found in a container image

type VulnerabilitySeverity 

type VulnerabilitySeverity int

VulnerabilitySeverity represents the severity level of a vulnerability 

const (
	// SeverityUnknown represents an unknown severity level
	SeverityUnknown VulnerabilitySeverity = iota
	// SeverityLow represents a low severity level
	SeverityLow
	// SeverityMedium represents a medium severity level
	SeverityMedium
	// SeverityHigh represents a high severity level
	SeverityHigh
	// SeverityCritical represents a critical severity level
	SeverityCritical
)

func (VulnerabilitySeverity) MarshalJSON 

func (v VulnerabilitySeverity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface

func (VulnerabilitySeverity) String 

func (v VulnerabilitySeverity) String() string

String returns the string representation of the vulnerability severity

func (*VulnerabilitySeverity) UnmarshalJSON 

func (v *VulnerabilitySeverity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.