Documentation
¶
Index ¶
- Variables
- func HasCapability(cpb Capability) (bool, error)
- func HasProduct(p string) (bool, error)
- func RegisterCallback(f Callback) error
- func RegisterCapability(cpb Capability) error
- func RegisterProduct(p string) error
- func Reset()
- func Start(config ClientConfig) error
- func Stop()
- func Subscribe(product string, callback ProductCallback, capabilities ...Capability) error
- func UnregisterCallback(f Callback) error
- func UnregisterCapability(cpb Capability) error
- func UnregisterProduct(p string) error
- type Callback
- type Capability
- type Client
- type ClientConfig
- type DatadogSource
- type EmployeeSource
- type Path
- type ProductCallback
- type ProductUpdate
- type Source
Constants ¶
This section is empty.
Variables ¶
var ErrClientNotStarted = errors.New("remote config client not started")
ErrClientNotStarted is returned when the remote config client is not started.
Functions ¶
func HasCapability ¶
func HasCapability(cpb Capability) (bool, error)
HasCapability returns whether a given capability was registered
func HasProduct ¶
HasProduct returns whether a given product was registered
func RegisterCallback ¶
RegisterCallback allows registering a callback that will be invoked when the client receives configuration updates. It is up to that callback to then decide what to do depending on the product related to the configuration update.
func RegisterCapability ¶
func RegisterCapability(cpb Capability) error
RegisterCapability adds a capability to the list of capabilities exposed by the client when requesting configuration updates
func RegisterProduct ¶
RegisterProduct adds a product to the list of products listened by the client
func Reset ¶
func Reset()
Reset destroys the client instance. To be used only in tests to reset the state of the client.
func Start ¶
func Start(config ClientConfig) error
Start starts the client's update poll loop in a fresh goroutine. Noop if the client has already started.
func Stop ¶
func Stop()
Stop stops the client's update poll loop. Noop if the client has already been stopped. The remote config client is supposed to have the same lifecycle as the tracer. It can't be restarted after a call to Stop() unless explicitly calling Reset().
func Subscribe ¶
func Subscribe(product string, callback ProductCallback, capabilities ...Capability) error
Subscribe registers a product and its callback to be invoked when the client receives configuration updates. Subscribe should be preferred over RegisterProduct and RegisterCallback if your callback only handles a single product.
func UnregisterCallback ¶
UnregisterCallback removes a previously registered callback from the active callbacks list This remove operation preserves ordering
func UnregisterCapability ¶
func UnregisterCapability(cpb Capability) error
UnregisterCapability removes a capability from the list of capabilities exposed by the client when requesting configuration updates
func UnregisterProduct ¶
UnregisterProduct removes a product from the list of products listened by the client
Types ¶
type Callback ¶
type Callback func(updates map[string]ProductUpdate) map[string]rc.ApplyStatus
Callback represents a function that can process a remote config update. A Callback function can be registered to a remote config client to automatically react upon receiving updates. This function returns the configuration processing status for each config file received through the update.
type Capability ¶
type Capability uint
Capability represents a bit index to be set in clientData.Capabilites in order to register a client for a specific capability
const ( // ASMActivation represents the capability to activate ASM through remote configuration ASMActivation Capability // ASMIPBlocking represents the capability for ASM to block requests based on user IP ASMIPBlocking // ASMDDRules represents the capability to update the rules used by the ASM WAF for threat detection ASMDDRules // ASMExclusions represents the capability for ASM to exclude traffic from its protections ASMExclusions // ASMRequestBlocking represents the capability for ASM to block requests based on the HTTP request related WAF addresses ASMRequestBlocking // ASMResponseBlocking represents the capability for ASM to block requests based on the HTTP response related WAF addresses ASMResponseBlocking // ASMUserBlocking represents the capability for ASM to block requests based on user ID ASMUserBlocking // ASMCustomRules represents the capability for ASM to receive and use user-defined security rules ASMCustomRules // ASMCustomBlockingResponse represents the capability for ASM to receive and use user-defined blocking responses ASMCustomBlockingResponse // ASMTrustedIPs represents Trusted IPs through the ASM product ASMTrustedIPs // ASMApiSecuritySampleRate represents API Security sampling rate ASMApiSecuritySampleRate // APMTracingSampleRate represents the rate at which to sample traces from APM client libraries APMTracingSampleRate // APMTracingLogsInjection enables APM client libraries to inject trace ids into log records APMTracingLogsInjection // APMTracingHTTPHeaderTags enables APM client libraries to tag http header values to http server or client spans APMTracingHTTPHeaderTags // APMTracingCustomTags enables APM client to set custom tags on all spans APMTracingCustomTags // ASMProcessorOverrides adds support for processor overrides through the ASM RC Product ASMProcessorOverrides // ASMCustomDataScanners adds support for custom data scanners through the ASM RC Product ASMCustomDataScanners // ASMExclusionData adds support configurable exclusion filter data from the ASM_DATA Product ASMExclusionData // APMTracingEnabled enables APM tracing APMTracingEnabled // APMTracingDataStreamsEnabled enables Data Streams Monitoring APMTracingDataStreamsEnabled // ASMRASPSQLI enables ASM support for runtime protection against SQL Injection attacks ASMRASPSQLI // ASMRASPLFI enables ASM support for runtime protection against Local File Inclusion attacks ASMRASPLFI // ASMRASPSSRF enables ASM support for runtime protection against SSRF attacks ASMRASPSSRF // ASMRASPSHI enables ASM support for runtime protection against XSS attacks ASMRASPSHI // ASMRASPXXE enables ASM support for runtime protection against XXE attacks ASMRASPXXE // ASMRASPRCE enables ASM support for runtime protection against Remote Code Execution ASMRASPRCE // ASMRASPNOSQLI enables ASM support for runtime protection against NoSQL Injection attacks ASMRASPNOSQLI // ASMRASPXSS enables ASM support for runtime protection against Cross Site Scripting attacks ASMRASPXSS // APMTracingSampleRules represents the sampling rate using matching rules from APM client libraries APMTracingSampleRules // CSMActivation represents the capability to activate CSM through remote configuration CSMActivation // ASMAutoUserInstrumMode represents the capability to enable the automatic user instrumentation mode ASMAutoUserInstrumMode // ASMEndpointFingerprinting represents the capability to enable endpoint fingerprinting ASMEndpointFingerprinting // ASMSessionFingerprinting represents the capability to enable session fingerprinting ASMSessionFingerprinting // ASMNetworkFingerprinting represents the capability to enable network fingerprinting ASMNetworkFingerprinting // ASMHeaderFingerprinting represents the capability to enable header fingerprinting ASMHeaderFingerprinting // ASMTruncationRules is the support for truncation payload rules ASMTruncationRules // ASMRASPCommandInjection represents the capability for ASM's RASP Command Injection prevention ASMRASPCommandInjection // APMTracingEnableDynamicInstrumentation represents the capability to enable dynamic instrumentation APMTracingEnableDynamicInstrumentation // APMTracingEnableExceptionReplay represents the capability to enable exception replay APMTracingEnableExceptionReplay // APMTracingEnableCodeOrigin represents the capability to enable code origin APMTracingEnableCodeOrigin // APMTracingEnableLiveDebugging represents the capability to enable live debugging APMTracingEnableLiveDebugging // ASMDDMultiConfig represents the capability to handle multiple ASM_DD configuration objects ASMDDMultiConfig // ASMTraceTaggingRules represents the capability to honor trace tagging rules ASMTraceTaggingRules )
type Client ¶
type Client struct {
sync.RWMutex
ClientConfig
// contains filtered or unexported fields
}
A Client interacts with an Agent to update and track the state of remote configuration
type ClientConfig ¶
type ClientConfig struct {
// The address at which the agent is listening for remoteconfig update requests on
AgentURL string
// The semantic version of the user's application
AppVersion string
// The env this tracer is running in
Env string
// The time interval between two client polls to the agent for updates
PollInterval time.Duration
// The tracer's runtime id
RuntimeID string
// The name of the user's application
ServiceName string
// The semantic version of the tracer
TracerVersion string
// The base TUF root metadata file
TUFRoot string
// HTTP is the HTTP client used to receive config updates
HTTP *http.Client
}
ClientConfig contains the required values to configure a remoteconfig client
func DefaultClientConfig ¶
func DefaultClientConfig() ClientConfig
DefaultClientConfig returns the default remote config client configuration
type DatadogSource ¶ added in v2.1.0
type DatadogSource struct {
OrgID string
// contains filtered or unexported fields
}
func (DatadogSource) String ¶ added in v2.1.0
func (s DatadogSource) String() string
type EmployeeSource ¶ added in v2.1.0
type EmployeeSource struct {
// contains filtered or unexported fields
}
func (EmployeeSource) String ¶ added in v2.1.0
func (s EmployeeSource) String() string
type Path ¶ added in v2.1.0
type Path struct {
// The source of the config. Either "datadog/<org_id>", or "employee"
Source Source
// The name of the product that produced this config (e.g, "ASM_DD").
Product string
// The ID of the config (e.g, "blocked_ips")
ConfigID string
// The name of the config object (e.g, "config")
Name string
}
type ProductCallback ¶
type ProductCallback func(update ProductUpdate) map[string]rc.ApplyStatus
ProductCallback is like Callback but for a specific product.
type ProductUpdate ¶
ProductUpdate represents an update for a specific product. It is a map of file path to raw file content
Source Files