Back to godoc.org

Package envoyauthorizer

v10.286.1+incompatible
Latest Go to latest

The latest major version is .

Published: Jul 8, 2020 | License: Apache-2.0 | Module: go.aporeto.io/trireme-lib

Index

type Enforcer

type Enforcer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Enforcer implements the Enforcer interface as an envoy authorizer and starts envoy external authz filter gRPC servers for enforcement.

func NewEnvoyAuthorizerEnforcer

func NewEnvoyAuthorizerEnforcer(mode constants.ModeType, eventCollector collector.EventCollector, externalIPCacheTimeout time.Duration, secrets secrets.Secrets, tokenIssuer common.ServiceTokenIssuer) (*Enforcer, error)

NewEnvoyAuthorizerEnforcer creates a new envoy authorizer

func (*Enforcer) CleanUp

func (e *Enforcer) CleanUp() error

CleanUp is unimplemented in the envoy authorizer

func (*Enforcer) EnableDatapathPacketTracing

func (e *Enforcer) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing is unimplemented in the envoy authorizer

func (*Enforcer) EnableIPTablesPacketTracing

func (e *Enforcer) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing is unimplemented in the envoy authorizer

func (*Enforcer) Enforce

func (e *Enforcer) Enforce(contextID string, puInfo *policy.PUInfo) error

Enforce starts enforcing policies for the given policy.PUInfo. here we do the following: 1. create a new PU always and instantiate a new apiAuth, as we want to be as stateless as possible. 2. create a PUcontext as this will be used in auth code. 3. If envoy servers are not present then create all 3 envoy servers. 4. If the servers are already present under policy update then update the service certs.

func (*Enforcer) GetBPFObject

func (e *Enforcer) GetBPFObject() ebpf.BPFModule

GetBPFObject is unimplemented in the envoy authorizer

func (*Enforcer) GetFilterQueue

func (e *Enforcer) GetFilterQueue() *fqconfig.FilterQueue

GetFilterQueue is unimplemented in the envoy authorizer

func (*Enforcer) Ping

func (e *Enforcer) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping is unimplemented in the envoy authorizer

func (*Enforcer) Run

func (e *Enforcer) Run(ctx context.Context) error

Run is unimplemented in the envoy authorizer

func (*Enforcer) Secrets

func (e *Enforcer) Secrets() (secrets.Secrets, func())

Secrets implements the LockedSecrets

func (*Enforcer) SetLogLevel

func (e *Enforcer) SetLogLevel(level constants.LogLevel) error

SetLogLevel is unimplemented in the envoy authorizer

func (*Enforcer) SetTargetNetworks

func (e *Enforcer) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks is unimplemented in the envoy authorizer

func (*Enforcer) Unenforce

func (e *Enforcer) Unenforce(contextID string) error

Unenforce stops enforcing policy for the given IP.

func (*Enforcer) UpdateSecrets

func (e *Enforcer) UpdateSecrets(secrets secrets.Secrets) error

UpdateSecrets -- updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier