github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/interfaces.go (about) 1 package controller 2 3 import ( 4 "context" 5 "time" 6 7 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/packettracing" 8 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/secrets" 9 "go.aporeto.io/enforcerd/trireme-lib/controller/runtime" 10 "go.aporeto.io/enforcerd/trireme-lib/policy" 11 ) 12 13 // TriremeController is the main API of the Trireme controller 14 type TriremeController interface { 15 // Run initializes and runs the controller. 16 Run(ctx context.Context) error 17 18 // CleanUp cleans all the supervisors and ACLs for a clean exit 19 CleanUp() error 20 21 // Enforce asks the controller to enforce policy on a processing unit 22 Enforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error) 23 24 // UnEnforce asks the controller to ub-enforce policy on a processing unit 25 UnEnforce(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) (err error) 26 27 // UpdatePolicy updates the policy of the isolator for a container. 28 UpdatePolicy(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime) error 29 30 // UpdateSecrets updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push 31 UpdateSecrets(secrets secrets.Secrets) error 32 33 // UpdateConfiguration updates the configuration of the controller. Only specific configuration 34 // parameters can be updated during run time. 35 UpdateConfiguration(cfg *runtime.Configuration) error 36 DebugInfo 37 } 38 39 // DebugInfo is the interface implemented by controllers to support configuring debug options 40 type DebugInfo interface { 41 // EnableReceivedPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID 42 EnableDatapathPacketTracing(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, direction packettracing.TracingDirection, interval time.Duration) error 43 // EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream. 44 EnableIPTablesPacketTracing(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, interval time.Duration) error 45 // Ping runs ping based on the given config. 46 Ping(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, pingConfig *policy.PingConfig) error 47 // DebugCollect collects debug information, such as packet capture 48 DebugCollect(ctx context.Context, puID string, policy *policy.PUPolicy, runtime *policy.PURuntime, debugConfig *policy.DebugConfig) error 49 }