github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/monitor/internal/windows/processor.go (about) 1 // +build windows 2 3 package windowsmonitor 4 5 import ( 6 "context" 7 "fmt" 8 "regexp" 9 10 "go.aporeto.io/enforcerd/trireme-lib/common" 11 "go.aporeto.io/enforcerd/trireme-lib/monitor/config" 12 "go.aporeto.io/enforcerd/trireme-lib/monitor/extractors" 13 "go.aporeto.io/enforcerd/trireme-lib/policy" 14 "go.uber.org/zap" 15 ) 16 17 type windowsProcessor struct { 18 regStart *regexp.Regexp 19 metadataExtractor extractors.EventMetadataExtractor 20 config *config.ProcessorConfig 21 host bool 22 } 23 24 // Start processes PU start events 25 func (w *windowsProcessor) Start(ctx context.Context, eventInfo *common.EventInfo) error { 26 // Validate the PUID format. Additional validations TODO 27 if !w.regStart.Match([]byte(eventInfo.PUID)) { 28 return fmt.Errorf("invalid pu id: %s", eventInfo.PUID) 29 } 30 31 // Normalize to a nativeID context. This will become key for any recoveries 32 // and it's an one way function. 33 nativeID := w.generateContextID(eventInfo) 34 // Extract the metadata and create the runtime 35 runtime, err := w.metadataExtractor(eventInfo) 36 if err != nil { 37 return err 38 } 39 40 // We need to send a create event to the policy engine. 41 if err = w.config.Policy.HandlePUEvent(ctx, nativeID, common.EventCreate, runtime); err != nil { 42 return fmt.Errorf("Unable to create PU: %s", err) 43 } 44 45 // We can now send a start event to the policy engine 46 if err = w.config.Policy.HandlePUEvent(ctx, nativeID, common.EventStart, runtime); err != nil { 47 return fmt.Errorf("Unable to start PU: %s", err) 48 } 49 return nil 50 } 51 52 // Event processes PU stop events 53 func (w *windowsProcessor) Stop(ctx context.Context, eventInfo *common.EventInfo) error { 54 puID := w.generateContextID(eventInfo) 55 runtime := policy.NewPURuntimeWithDefaults() 56 runtime.SetPUType(eventInfo.PUType) 57 58 return w.config.Policy.HandlePUEvent(ctx, puID, common.EventStop, runtime) 59 } 60 61 // Create process a PU create event 62 func (w *windowsProcessor) Create(ctx context.Context, eventInfo *common.EventInfo) error { 63 return fmt.Errorf("Use start directly for windows processes. Create not supported") 64 } 65 66 // Event process a PU destroy event 67 func (w *windowsProcessor) Destroy(ctx context.Context, eventInfo *common.EventInfo) error { 68 puID := w.generateContextID(eventInfo) 69 runtime := policy.NewPURuntimeWithDefaults() 70 runtime.SetPUType(eventInfo.PUType) 71 72 // Send the event upstream 73 if err := w.config.Policy.HandlePUEvent(ctx, puID, common.EventDestroy, runtime); err != nil { 74 zap.L().Warn("Unable to clean trireme ", 75 zap.String("puID", puID), 76 zap.Error(err), 77 ) 78 } 79 return nil 80 } 81 82 // Event processes a pause event 83 func (w *windowsProcessor) Pause(ctx context.Context, eventInfo *common.EventInfo) error { 84 return fmt.Errorf("Use start directly for windows processes. Pause not supported") 85 } 86 87 // Resync resyncs all PUs handled by this processor 88 func (w *windowsProcessor) Resync(ctx context.Context, eventInfo *common.EventInfo) error { 89 if eventInfo != nil { 90 // If its a host service then use pu from eventInfo 91 if eventInfo.HostService { 92 runtime, err := w.metadataExtractor(eventInfo) 93 if err != nil { 94 return err 95 } 96 nativeID := w.generateContextID(eventInfo) 97 if err = w.config.Policy.HandlePUEvent(ctx, nativeID, common.EventStart, runtime); err != nil { 98 return fmt.Errorf("Unable to start PU: %s", err) 99 } 100 return nil 101 } 102 } 103 104 // TODO(windows): handle resync of windows process PU later? 105 zap.L().Debug("Resync not handled") 106 107 return nil 108 } 109 110 func (w *windowsProcessor) generateContextID(eventInfo *common.EventInfo) string { 111 puID := eventInfo.PUID 112 113 // TODO(windows): regStop may be used here somewhere in the future? 114 115 return puID 116 }