Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CleanOldState

func CleanOldState()

    CleanOldState ensures all state in trireme is cleaned up.

    func GetLogParameters

    func GetLogParameters() (logToConsole bool, logID string, logLevel string, logFormat string, compressedTagsVersion constants.CompressionType)

      GetLogParameters retrieves log parameters for Remote Enforcer.

      func LaunchRemoteEnforcer

      func LaunchRemoteEnforcer(service packetprocessor.PacketProcessor) error

        LaunchRemoteEnforcer launches a remote enforcer instance.

        func SetLogParameters

        func SetLogParameters(logToConsole, logWithID bool, logLevel string, logFormat string, compressedTags constants.CompressionType)

          SetLogParameters sets up environment to be passed to the remote trireme instances.

          Types

          type Option

          type Option func(*config)

            Option is provided using functional arguments.

            func OptionApplicationProxyPort

            func OptionApplicationProxyPort(proxyPort int) Option

              OptionApplicationProxyPort is an option provide starting proxy port for application proxy

              func OptionCollector

              func OptionCollector(c collector.EventCollector) Option

                OptionCollector is an option to provide an external collector implementation.

                func OptionDatapathService

                func OptionDatapathService(s packetprocessor.PacketProcessor) Option

                  OptionDatapathService is an option to provide an external datapath service implementation.

                  func OptionDisableMutualAuth

                  func OptionDisableMutualAuth() Option

                    OptionDisableMutualAuth is an option to disable MutualAuth (enabled by default)

                    func OptionEnforceFqConfig

                    func OptionEnforceFqConfig(f *fqconfig.FilterQueue) Option

                      OptionEnforceFqConfig is an option to override filter queues.

                      func OptionEnforceLinuxProcess

                      func OptionEnforceLinuxProcess() Option

                        OptionEnforceLinuxProcess is an option to request support for linux process support.

                        func OptionPacketLogs

                        func OptionPacketLogs() Option

                          OptionPacketLogs is an option to enable packet level logging.

                          func OptionProcMountPoint

                          func OptionProcMountPoint(p string) Option

                            OptionProcMountPoint is an option to provide proc mount point.

                            func OptionRuntimeErrorChannel

                            func OptionRuntimeErrorChannel(errorChannel chan *policy.RuntimeError) Option

                              OptionRuntimeErrorChannel configures the error channel for the policy engine.

                              func OptionSecret

                              func OptionSecret(s secrets.Secrets) Option

                                OptionSecret is an option to provide an external datapath service implementation.

                                func OptionTargetNetworks

                                func OptionTargetNetworks(n []string) Option

                                  OptionTargetNetworks is an option to provide target network configuration.

                                  type TriremeController

                                  type TriremeController interface {
                                  	// Run initializes and runs the controller.
                                  	Run(ctx context.Context) error
                                  
                                  	// CleanUp cleans all the supervisors and ACLs for a clean exit
                                  	CleanUp() error
                                  
                                  	// Enforce asks the controller to enforce policy on a processing unit
                                  	Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)
                                  
                                  	// UnEnforce asks the controller to ub-enforce policy on a processing unit
                                  	UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error)
                                  
                                  	// UpdatePolicy updates the policy of the isolator for a container.
                                  	UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error
                                  
                                  	// UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
                                  	UpdateSecrets(secrets secrets.Secrets) error
                                  
                                  	// UpdateConfiguration updates the configuration of the controller. Only specific configuration
                                  	// parameters can be updated during run time.
                                  	UpdateConfiguration(networks []string) error
                                  }

                                    TriremeController is the main API of the Trireme controller

                                    func New

                                    func New(serverID string, mode constants.ModeType, opts ...Option) TriremeController

                                      New returns a trireme interface implementation based on configuration provided.

                                      Directories

                                      Path Synopsis
                                      Package mockcontroller is a generated GoMock package.
                                      Package mockcontroller is a generated GoMock package.
                                      pkg
                                      packet
                                      Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
                                      Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.
                                      remoteenforcer/mockremoteenforcer
                                      Package mockremoteenforcer is a generated GoMock package.
                                      Package mockremoteenforcer is a generated GoMock package.
                                      internal
                                      enforcer/mockenforcer
                                      Package mockenforcer is a generated GoMock package.
                                      Package mockenforcer is a generated GoMock package.
                                      enforcer/proxy
                                      Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
                                      Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
                                      enforcer/utils/packetgen
                                      Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
                                      Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
                                      enforcer/utils/rpcwrapper/mockrpcwrapper
                                      Package mockrpcwrapper is a generated GoMock package.
                                      Package mockrpcwrapper is a generated GoMock package.
                                      processmon
                                      Package processmon is to manage and monitor remote enforcers.
                                      Package processmon is to manage and monitor remote enforcers.
                                      processmon/mockprocessmon
                                      Package mockprocessmon is a generated GoMock package.
                                      Package mockprocessmon is a generated GoMock package.
                                      supervisor/mocksupervisor
                                      Package mocksupervisor is a generated GoMock package.
                                      Package mocksupervisor is a generated GoMock package.
                                      supervisor/proxy
                                      Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
                                      Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.