controller

package

v8.46.4+incompatible Latest Latest Go to latest Published: Jun 15, 2018 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aporeto-inc/trireme

Links

Open Source Insights

Documentation ¶

Index ¶

func CleanOldState()
func GetLogParameters() (logToConsole bool, logID string, logLevel string, logFormat string)
func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error
func SetLogParameters(logToConsole, logWithID bool, logLevel string, logFormat string)
type Option
type TriremeController
- func New(serverID string, opts ...Option) TriremeController

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CleanOldState ¶

func CleanOldState()

CleanOldState ensures all state in trireme is cleaned up.

func GetLogParameters ¶

func GetLogParameters() (logToConsole bool, logID string, logLevel string, logFormat string)

GetLogParameters retrieves log parameters for Remote Enforcer.

func LaunchRemoteEnforcer ¶

func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error

LaunchRemoteEnforcer launches a remote enforcer instance.

func SetLogParameters ¶

func SetLogParameters(logToConsole, logWithID bool, logLevel string, logFormat string)

SetLogParameters sets up environment to be passed to the remote trireme instances.

Types ¶

type Option ¶

type Option func(*config)

Option is provided using functional arguments.

func OptionApplicationProxyPort ¶

func OptionApplicationProxyPort(proxyPort int) Option

OptionApplicationProxyPort is an option provide starting proxy port for application proxy

func OptionCollector ¶

func OptionCollector(c collector.EventCollector) Option

OptionCollector is an option to provide an external collector implementation.

func OptionDatapathService ¶

func OptionDatapathService(s packetprocessor.PacketProcessor) Option

OptionDatapathService is an option to provide an external datapath service implementation.

func OptionDisableMutualAuth ¶

func OptionDisableMutualAuth() Option

OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)

func OptionEnforceFqConfig ¶

func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option

OptionEnforceFqConfig is an option to override filter queues.

func OptionEnforceLinuxProcess ¶

func OptionEnforceLinuxProcess() Option

OptionEnforceLinuxProcess is an option to request support for linux process support.

func OptionPacketLogs ¶

func OptionPacketLogs() Option

OptionPacketLogs is an option to enable packet level logging.

func OptionProcMountPoint ¶

func OptionProcMountPoint(p string) Option

OptionProcMountPoint is an option to provide proc mount point.

func OptionSecret ¶

func OptionSecret(s secrets.Secrets) Option

OptionSecret is an option to provide an external datapath service implementation.

func OptionTargetNetworks ¶

func OptionTargetNetworks(n []string) Option

OptionTargetNetworks is an option to provide target network configuration.

type TriremeController ¶

type TriremeController interface {
	// Run initializes and runs the controller.
	Run(ctx context.Context) error

	// CleanUp cleans all the supervisors and ACLs for a clean exit
	CleanUp() error

	// Enforce asks the controller to enforce policy on a processing unit
	Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

	// UnEnforce asks the controller to ub-enforce policy on a processing unit
	UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)

	// UpdatePolicy updates the policy of the isolator for a container.
	UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error

	// UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
	UpdateSecrets(secrets secrets.Secrets) error

	// UpdateConfiguration updates the configuration of the controller. Only specific configuration
	// parameters can be updated during run time.
	UpdateConfiguration(networks []string) error
}

TriremeController is the main API of the Trireme controller

func New ¶

func New(serverID string, opts ...Option) TriremeController

New returns a trireme interface implementation based on configuration provided.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
constants
internal
enforcer
enforcer/acls
enforcer/applicationproxy
enforcer/applicationproxy/connproc
enforcer/applicationproxy/http
enforcer/applicationproxy/markedconn
enforcer/applicationproxy/protomux
enforcer/applicationproxy/servicecache
enforcer/applicationproxy/tcp
enforcer/constants
enforcer/lookup
enforcer/mock Package mockenforcer is a generated GoMock package.	Package mockenforcer is a generated GoMock package.
enforcer/nfqdatapath
enforcer/nfqdatapath/nflog
enforcer/nfqdatapath/tokenaccessor
enforcer/proxy Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally	Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
enforcer/utils/nsenter
enforcer/utils/packetgen Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon	Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
enforcer/utils/rpcwrapper
enforcer/utils/rpcwrapper/mock Package mockrpcwrapper is a generated GoMock package.	Package mockrpcwrapper is a generated GoMock package.
portset
processmon Package processmon is to manage and monitor remote enforcers.	Package processmon is to manage and monitor remote enforcers.
processmon/mock Package mockprocessmon is a generated GoMock package.	Package mockprocessmon is a generated GoMock package.
supervisor
supervisor/iptablesctrl
supervisor/mock Package mocksupervisor is a generated GoMock package.	Package mocksupervisor is a generated GoMock package.
supervisor/provider
supervisor/proxy Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.	Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
mock Package mockcontroller is a generated GoMock package.	Package mockcontroller is a generated GoMock package.
pkg
connection
fqconfig
packet Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.	Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
packetprocessor
pkiverifier
pucontext
remoteenforcer
remoteenforcer/internal/statsclient
remoteenforcer/internal/statsclient/mock Package mockstatsclient is a generated GoMock package.	Package mockstatsclient is a generated GoMock package.
remoteenforcer/internal/statscollector
remoteenforcer/internal/statscollector/mock Package mockstatscollector is a generated GoMock package.	Package mockstatscollector is a generated GoMock package.
remoteenforcer/mock Package mockremoteenforcer is a generated GoMock package.	Package mockremoteenforcer is a generated GoMock package.
secrets
tokens
urisearch

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL