enforcerproxy

package
v10.300.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewProxyEnforcer

func NewProxyEnforcer(
	ctx context.Context,
	mutualAuth bool,
	filterQueue fqconfig.FilterQueue,
	collector collector.EventCollector,
	secrets secrets.Secrets,
	serverID string,
	validity time.Duration,
	cmdArg string,
	procMountPoint string,
	ExternalIPCacheTimeout time.Duration,
	packetLogs bool,
	cfg *runtime.Configuration,
	runtimeError chan *policy.RuntimeError,
	remoteParameters *env.RemoteParameters,
	tokenIssuer common.ServiceTokenIssuer,
	isBPFEnabled bool,
	ipv6Enabled bool,
	iptablesLockfile string,
	rpcServer rpcwrapper.RPCServer,
) enforcer.Enforcer

NewProxyEnforcer creates a new proxy to remote enforcers.

Types

type ProxyInfo

type ProxyInfo struct {
	Secrets secrets.Secrets

	ExternalIPCacheTimeout time.Duration

	sync.RWMutex
	// contains filtered or unexported fields
}

ProxyInfo is the struct used to hold state about active enforcers in the system

func (*ProxyInfo) CleanUp

func (s *ProxyInfo) CleanUp() error

CleanUp sends a cleanup command to all the remotes forcing them to exit and clean their state.

func (*ProxyInfo) DebugCollect

func (s *ProxyInfo) DebugCollect(ctx context.Context, contextID string, debugConfig *policy.DebugConfig) error

DebugCollect tells remote enforcer to start collecting debug info (pcap or misc commands). It does not wait for pcap collection to complete: the pid of tcpdump is returned. If another command is meant to be executed in remote enforcer, it should be quick, and its output is returned.

func (*ProxyInfo) EnableDatapathPacketTracing

func (s *ProxyInfo) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing enable nfq packet tracing in remote container

func (*ProxyInfo) EnableIPTablesPacketTracing

func (s *ProxyInfo) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enable iptables tracing

func (*ProxyInfo) Enforce

func (s *ProxyInfo) Enforce(ctx context.Context, contextID string, puInfo *policy.PUInfo) error

Enforce method makes a RPC call for the remote enforcer enforce method

func (*ProxyInfo) GetBPFObject

func (s *ProxyInfo) GetBPFObject() ebpf.BPFModule

GetBPFObject returns the bpf object

func (*ProxyInfo) GetFilterQueue

func (s *ProxyInfo) GetFilterQueue() fqconfig.FilterQueue

GetFilterQueue returns the current FilterQueueConfig.

func (*ProxyInfo) GetServiceMeshType

func (s *ProxyInfo) GetServiceMeshType() policy.ServiceMesh

GetServiceMeshType is unimplemented in the envoy authorizer

func (*ProxyInfo) Ping

func (s *ProxyInfo) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping runs ping from the given config.

func (*ProxyInfo) Run

func (s *ProxyInfo) Run(ctx context.Context) error

Run starts the the remote enforcer proxy.

func (*ProxyInfo) SetLogLevel

func (s *ProxyInfo) SetLogLevel(level constants.LogLevel) error

SetLogLevel sets log level.

func (*ProxyInfo) SetTargetNetworks

func (s *ProxyInfo) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks does the RPC call for SetTargetNetworks to the corresponding remote enforcers

func (*ProxyInfo) Unenforce

func (s *ProxyInfo) Unenforce(ctx context.Context, contextID string) error

Unenforce stops enforcing policy for the given contextID.

func (*ProxyInfo) UpdateSecrets

func (s *ProxyInfo) UpdateSecrets(token secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type ProxyRPCServer

type ProxyRPCServer struct {
	// contains filtered or unexported fields
}

ProxyRPCServer This struct is a receiver for Statsserver and maintains a handle to the RPC ProxyRPCServer.

func (*ProxyRPCServer) PostReportEvent

func (r *ProxyRPCServer) PostReportEvent(req rpcwrapper.Request, resp *rpcwrapper.Response) error

PostReportEvent posts report events to the listener.

func (*ProxyRPCServer) PostStats

func (r *ProxyRPCServer) PostStats(req rpcwrapper.Request, resp *rpcwrapper.Response) error

PostStats is the function called from the remoteenforcer when it has new flow events to publish.

func (*ProxyRPCServer) RetrieveToken

func (r *ProxyRPCServer) RetrieveToken(req rpcwrapper.Request, resp *rpcwrapper.Response) error

RetrieveToken propagates the master request to the token retriever and returns a token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL