Documentation

Index

Constants

View Source
const (
	// TriremeCgroupPath is the standard Trireme cgroup path
	TriremeCgroupPath = "/trireme/"

	// TriremeUIDCgroupPath is the standard path for UID based activations
	TriremeUIDCgroupPath = "/trireme_uid/"

	// TriremeDockerHostNetwork is the path for Docker HostNetwork container based activations
	TriremeDockerHostNetwork = "/trireme_docker_hostnet/"

	// TriremeSocket is the standard API server Trireme socket path
	TriremeSocket = "/var/run/trireme.sock"
)
View Source
const (
	MetadataHookPolicy      = "metadata:policy"
	MetadataHookHealth      = "metadata:health"
	MetadataHookCertificate = "metadata:certificate"
	MetadataHookKey         = "metadata:key"
	MetadataHookToken       = "metadata:token"
	AWSHookInfo             = "aws:info"
	AWSHookRole             = "aws:role"
)

    Values for hook methods

    View Source
    const (
    	AWSRoleARNPrefix = "@awsrole=arn:aws:iam::"
    
    	AWSRolePrefix = "@awsrole="
    )

      AWSRole reserved prefix

      View Source
      const (
      	MetadataKey   = "X-Aporeto-Metadata"
      	MetadataValue = "secrets"
      )

        Metadata API constants

        Variables

        View Source
        var (
        	// EventMap used for validations
        	EventMap = map[Event]*struct{}{
        		"start":   nil,
        		"stop":    nil,
        		"update":  nil,
        		"create":  nil,
        		"destroy": nil,
        		"pause":   nil,
        		"unpause": nil,
        		"resync":  nil,
        	}
        )

        Functions

        func ConvertServicesToPortList

        func ConvertServicesToPortList(services []Service) string

          ConvertServicesToPortList converts an array of services to a port list

          func ConvertServicesToProtocolPortList

          func ConvertServicesToProtocolPortList(services []Service) (string, string)

            ConvertServicesToProtocolPortList converts an array of services to tcp/udp port list

            Types

            type Event

            type Event string

              Event represents the event picked up by the monitor.

              const (
              	EventStart   Event = "start"
              	EventStop    Event = "stop"
              	EventUpdate  Event = "update"
              	EventCreate  Event = "create"
              	EventDestroy Event = "destroy"
              	EventPause   Event = "pause"
              	EventUnpause Event = "unpause"
              	EventResync  Event = "resync"
              )

                Values of the events

                type EventHandler

                type EventHandler func(ctx context.Context, event *EventInfo) error

                  A EventHandler is type of event handler functions.

                  type EventInfo

                  type EventInfo struct {
                  
                  	// EventType refers to one of the standard events that Trireme handles.
                  	EventType Event `json:"eventtype,omitempty"`
                  
                  	// PUType is the the type of the PU
                  	PUType PUType `json:"putype,omitempty"`
                  
                  	// The PUID is a unique value for the Processing Unit. Ideally this should be the UUID.
                  	PUID string `json:"puid,omitempty"`
                  
                  	// The Name is a user-friendly name for the Processing Unit.
                  	Name string `json:"name,omitempty"`
                  
                  	// The Executable is the executable name  for the Processing Unit.
                  	Executable string `json:"executable,omitempty"`
                  
                  	// Tags represents the set of MetadataTags associated with this PUID.
                  	Tags []string `json:"tags,omitempty"`
                  
                  	// The path for the Network Namespace.
                  	NS string `json:"namespace,omitempty"`
                  
                  	// Cgroup is the path to the cgroup - used for deletes
                  	Cgroup string `json:"cgroup,omitempty"`
                  
                  	// IPs is a map of all the IPs that fully belong to this processing Unit.
                  	IPs map[string]string `json:"ipaddressesutype,omitempty"`
                  
                  	// Services is a list of services of interest - for host control
                  	Services []Service `json:"services,omitempty"`
                  
                  	// The PID is the PID on the system where this Processing Unit is running.
                  	PID int32 `json:"pid,omitempty"`
                  
                  	// HostService indicates that the request is for the root namespace
                  	HostService bool `json:"hostservice,omitempty"`
                  
                  	// AutoPort indicates that the PU will have auto port feature enabled
                  	AutoPort bool `json:"autoport,omitempty"`
                  
                  	// NetworkOnlyTraffic indicates that traffic towards the applications must be controlled.
                  	NetworkOnlyTraffic bool `json:"networktrafficonly,omitempty"`
                  
                  	// Root indicates that this request is coming from a roor user. Its overwritten by the enforcer
                  	Root bool `json:"root,omitempty"`
                  }

                    EventInfo is a generic structure that defines all the information related to a PU event. EventInfo should be used as a normalized struct container that

                    type EventResponse

                    type EventResponse struct {
                    	Error string
                    }

                      EventResponse encapsulate the error response if any.

                      type PUType

                      type PUType int

                        PUType defines the PU type

                        const (
                        	// ContainerPU indicates that this PU is a container
                        	ContainerPU PUType = iota
                        	// LinuxProcessPU indicates that this is Linux process
                        	LinuxProcessPU
                        	// HostPU is a host wrapping PU
                        	HostPU
                        	// HostNetworkPU is a PU for a network service in a host
                        	HostNetworkPU
                        	// KubernetesPU indicates that this is KubernetesPod
                        	KubernetesPU
                        	// UIDLoginPU -- PU representing a user session
                        	UIDLoginPU
                        	// SSHSessionPU -- PU representing a ssh session
                        	SSHSessionPU
                        	// TransientPU PU -- placeholder to run processing. This should not
                        	// be inserted in any cache. This is valid only for processing a packet
                        	TransientPU
                        )

                        type Service

                        type Service struct {
                        	// Ports are the corresponding ports
                        	Ports *portspec.PortSpec `json:"ports,omitempty"`
                        
                        	// Port is the service port. This has been deprecated and will be removed in later releases 01/13/2018
                        	Port uint16
                        
                        	// Protocol is the protocol number
                        	Protocol uint8 `json:"protocol,omitempty"`
                        
                        	// Addresses are the IP addresses. An empty list means 0.0.0.0/0
                        	Addresses []*net.IPNet `json:"addresses,omitempty"`
                        
                        	// FQDNs is the list of FQDNs for the service.
                        	FQDNs []string `json:"fqdns,omitempty"`
                        }

                          Service is a protocol/port service of interest - used to pass user requests

                          type ServiceTokenIssuer

                          type ServiceTokenIssuer interface {
                          	Issue(ctx context.Context, contextID string, stype ServiceTokenType, audience string, validity time.Duration) (string, error)
                          }

                            ServiceTokenIssuer is an interface of an implementation that can issue service tokens on behalf of a PU. The user of the library must provide the implementation. ServiceTokens can be OAUTH tokens or cloud provider specific tokens such AWS Role credentials.

                            type ServiceTokenType

                            type ServiceTokenType string

                              ServiceTokenType is the type of the token.

                              const (
                              	ServiceTokenTypeOAUTH ServiceTokenType = "oauth"
                              
                              	ServiceTokenTypeAWS ServiceTokenType = "aws"
                              )

                                Values of ServiceTokenType

                                type State

                                type State int

                                  A State describes the state of the PU.

                                  const (
                                  	// StateStarted is the state of a started PU.
                                  	StateStarted State = iota + 1
                                  
                                  	// StateStopped is the state of stopped PU.
                                  	StateStopped
                                  
                                  	// StatePaused is the state of a paused PU.
                                  	StatePaused
                                  
                                  	// StateDestroyed is the state of destroyed PU.
                                  	StateDestroyed
                                  
                                  	// StateUnknwown is the state of PU in an unknown state.
                                  	StateUnknwown
                                  )