github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/helpers.go (about) 1 package controller 2 3 import ( 4 "context" 5 6 "github.com/blang/semver" 7 enforcerconstants "go.aporeto.io/enforcerd/trireme-lib/controller/internal/enforcer/constants" 8 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/remoteenforcer" 9 "go.aporeto.io/enforcerd/trireme-lib/policy" 10 "go.uber.org/zap" 11 ) 12 13 // LaunchRemoteEnforcer launches a remote enforcer instance. 14 func LaunchRemoteEnforcer(ctx context.Context, logLevel string, logFormat string, logID string, numQueues int, agentVersion semver.Version) error { 15 16 return remoteenforcer.LaunchRemoteEnforcer(ctx, logLevel, logFormat, logID, numQueues, agentVersion) 17 } 18 19 // addTransmitterLabel adds the enforcerconstants.TransmitterLabel as a fixed label in the policy. 20 // The ManagementID part of the policy is used as the enforcerconstants.TransmitterLabel. 21 // If the Policy didn't set the ManagementID, we use the Local contextID as the 22 // default enforcerconstants.TransmitterLabel. 23 func addTransmitterLabel(contextID string, containerInfo *policy.PUInfo) { 24 25 if containerInfo.Policy.ManagementID() == "" { 26 containerInfo.Policy.AddIdentityTag(enforcerconstants.TransmitterLabel, contextID) 27 } else { 28 containerInfo.Policy.AddIdentityTag(enforcerconstants.TransmitterLabel, containerInfo.Policy.ManagementID()) 29 } 30 } 31 32 // MustEnforce returns true if the Policy should go Through the Enforcer/internal/supervisor. 33 // Return false if: 34 // - PU is in host namespace. 35 // - Policy got the AllowAll tag. 36 func mustEnforce(contextID string, containerInfo *policy.PUInfo) bool { 37 38 if containerInfo.Policy.TriremeAction() == policy.AllowAll { 39 zap.L().Debug("PUPolicy with AllowAll Action. Not policing", zap.String("contextID", contextID)) 40 return false 41 } 42 43 return true 44 }