Documentation
¶
Overview ¶
Package sandbox provides feed-level sandboxing capabilities
Package sandbox provides feed-level sandboxing capabilities ¶
Package sandbox provides feed-level sandboxing capabilities ¶
Package sandbox provides feed-level sandboxing capabilities
Index ¶
- type AuditLogEntry
- type Config
- type Container
- type ContainerConfig
- type ContainerInfo
- type ContainerStats
- type ContainerSystem
- type FeedResult
- type IsolationLevel
- type IsolationLevelValidator
- type MissingFeedReference
- type PolicyEngine
- type PolicyValidator
- type ResourceQuota
- type ResourceQuotaValidator
- type ResourceUsage
- type Sandbox
- type SandboxFactory
- type SandboxID
- type SandboxInfo
- type SandboxManager
- type SandboxManagerConfig
- type SandboxPolicy
- type SandboxProcessor
- type SandboxStats
- type SandboxStatus
- type SecurityPolicy
- type ValidationError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditLogEntry ¶
type AuditLogEntry struct {
Timestamp time.Time
Action string
SandboxID SandboxID
Status string
User string
Message string
Details map[string]interface{}
}
AuditLogEntry represents an audit log entry for sandbox operations
type Config ¶
type Config struct {
DefaultQuota ResourceQuota
DefaultIsolationLevel IsolationLevel
EnableAudit bool
ContainerImage string
ResourceMonitorInterval time.Duration
CleanupInterval time.Duration
}
Config represents sandbox configuration
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns the default sandbox configuration
func FromConfig ¶
FromConfig converts config package to sandbox Config
type Container ¶
type Container interface {
ID() string
Start() error
Stop() error
Destroy() error
Exec(cmd []string) ([]byte, error)
Stats() (*ContainerStats, error)
}
Container represents an active container
type ContainerConfig ¶
type ContainerConfig struct {
SandboxID SandboxID `json:"sandbox_id" yaml:"sandbox_id"`
FeedID string `json:"feed_id" yaml:"feed_id"`
Image string `json:"image" yaml:"image"`
Command []string `json:"command" yaml:"command"`
Environment map[string]string `json:"environment" yaml:"environment"`
Volumes []string `json:"volumes" yaml:"volumes"`
NetworkMode string `json:"network_mode" yaml:"network_mode"`
Resources ResourceQuota `json:"resources" yaml:"resources"`
SecurityOpts []string `json:"security_opts" yaml:"security_opts"`
}
ContainerConfig configuration for a container
type ContainerInfo ¶
type ContainerInfo struct {
ID string `json:"id" yaml:"id"`
SandboxID string `json:"sandbox_id" yaml:"sandbox_id"`
Status string `json:"status" yaml:"status"`
}
ContainerInfo container information
type ContainerStats ¶
type ContainerStats struct {
CPU float64 `json:"cpu" yaml:"cpu"`
Memory int64 `json:"memory" yaml:"memory"`
Network int64 `json:"network" yaml:"network"`
Disk int64 `json:"disk" yaml:"disk"`
}
ContainerStats container resource statistics
type ContainerSystem ¶
type ContainerSystem interface {
// Create creates a new container
Create(config *ContainerConfig) (Container, error)
// Start starts a container
Start(containerID string) error
// Stop stops a container
Stop(containerID string) error
// Destroy destroys a container
Destroy(containerID string) error
// Pause pauses a container
Pause(containerID string) error
// Resume resumes a container
Resume(containerID string) error
// Exec executes a command in a container
Exec(containerID string, cmd []string) ([]byte, error)
// Stats returns container statistics
Stats(containerID string) (*ContainerStats, error)
// List lists all containers
List() ([]ContainerInfo, error)
}
ContainerSystem represents the container backend
type FeedResult ¶
FeedResult represents the result of feed processing
type IsolationLevel ¶
type IsolationLevel string
IsolationLevel defines the level of isolation for a sandbox
const ( IsolationNone IsolationLevel = "none" IsolationPartial IsolationLevel = "partial" IsolationFull IsolationLevel = "full" )
type IsolationLevelValidator ¶
type IsolationLevelValidator struct{}
IsolationLevelValidator validates isolation levels
func (*IsolationLevelValidator) Name ¶
func (v *IsolationLevelValidator) Name() string
func (*IsolationLevelValidator) Validate ¶
func (v *IsolationLevelValidator) Validate(policy *SandboxPolicy) error
type MissingFeedReference ¶
type MissingFeedReference struct {
FeedID string
}
MissingFeedReference represents an error when feed reference is missing
func (*MissingFeedReference) Error ¶
func (e *MissingFeedReference) Error() string
type PolicyEngine ¶
type PolicyEngine struct {
// contains filtered or unexported fields
}
PolicyEngine evaluates and enforces sandbox policies
func NewPolicyEngine ¶
func NewPolicyEngine() *PolicyEngine
NewPolicyEngine creates a new policy engine
func (*PolicyEngine) Validate ¶
func (e *PolicyEngine) Validate(policy *SandboxPolicy) error
Validate validates a sandbox policy
func (*PolicyEngine) ValidateWithTimeout ¶
func (e *PolicyEngine) ValidateWithTimeout(policy *SandboxPolicy, timeout time.Duration) error
ValidateWithTimeout validates a policy with timeout
type PolicyValidator ¶
type PolicyValidator interface {
Validate(policy *SandboxPolicy) error
Name() string
}
PolicyValidator validates sandbox policies
type ResourceQuota ¶
type ResourceQuota struct {
CPU int64 `json:"cpu" yaml:"cpu"` // MilliCPU units
Memory int64 `json:"memory" yaml:"memory"` // Bytes
Disk int64 `json:"disk" yaml:"disk"` // Bytes
Network int64 `json:"network" yaml:"network"` // Bytes per second
Files int64 `json:"files" yaml:"files"` // Maximum files
Process int64 `json:"process" yaml:"process"` // Maximum processes
Duration *string `json:"duration" yaml:"duration,omitempty"` // Max duration
}
ResourceQuota defines resource limits for a sandbox
type ResourceQuotaValidator ¶
type ResourceQuotaValidator struct{}
ResourceQuotaValidator validates resource quotas
func (*ResourceQuotaValidator) Name ¶
func (v *ResourceQuotaValidator) Name() string
func (*ResourceQuotaValidator) Validate ¶
func (v *ResourceQuotaValidator) Validate(policy *SandboxPolicy) error
type ResourceUsage ¶
type ResourceUsage struct {
CPU int64 `json:"cpu" yaml:"cpu"`
Memory int64 `json:"memory" yaml:"memory"`
Disk int64 `json:"disk" yaml:"disk"`
Network int64 `json:"network" yaml:"network"`
Files int64 `json:"files" yaml:"files"`
Process int64 `json:"process" yaml:"process"`
}
ResourceUsage tracks current resource usage
type Sandbox ¶
type Sandbox struct {
ID SandboxID
Policy SandboxPolicy
Status SandboxStatus
CreatedAt time.Time
StartedAt time.Time
StoppedAt time.Time
ResourceUsage ResourceUsage
}
Sandbox represents an isolated execution environment
type SandboxFactory ¶
type SandboxFactory struct {
// contains filtered or unexported fields
}
SandboxFactory creates sandboxes for feeds
func NewSandboxFactory ¶
func NewSandboxFactory(config *SandboxManagerConfig) *SandboxFactory
NewSandboxFactory creates a new sandbox factory
func (*SandboxFactory) CreateSandbox ¶
func (f *SandboxFactory) CreateSandbox(feedID string) (*Sandbox, error)
CreateSandbox creates a sandbox for a feed
type SandboxInfo ¶
type SandboxInfo struct {
ID SandboxID `json:"id" yaml:"id"`
Status SandboxStatus `json:"status" yaml:"status"`
PID int `json:"pid" yaml:"pid,omitempty"`
StartedAt time.Time `json:"started_at" yaml:"started_at,omitempty"`
Resources ResourceUsage `json:"resources" yaml:"resources"`
Uptime time.Duration `json:"uptime" yaml:"uptime,omitempty"`
}
SandboxInfo contains runtime information about a sandbox
type SandboxManager ¶
type SandboxManager interface {
Create(id SandboxID, policy SandboxPolicy) (*Sandbox, error)
Get(id SandboxID) (*Sandbox, error)
Start(id SandboxID) error
Stop(id SandboxID) error
Destroy(id SandboxID) error
List() ([]Sandbox, error)
Stats() ([]SandboxStats, error)
}
SandboxManager manages sandbox lifecycles
type SandboxManagerConfig ¶
type SandboxManagerConfig struct {
DefaultIsolation IsolationLevel
DefaultQuota ResourceQuota
EnableAudit bool
MaxSandboxes int
}
SandboxManagerConfig holds configuration for the sandbox manager
type SandboxPolicy ¶
type SandboxPolicy struct {
ID SandboxID `json:"id" yaml:"id"`
FeedID string `json:"feed_id" yaml:"feed_id"`
Status SandboxStatus `json:"status" yaml:"status"`
ResourceQuota ResourceQuota `json:"resource_quota" yaml:"resource_quota"`
IsolationLevel IsolationLevel `json:"isolation_level" yaml:"isolation_level"`
SecurityPolicy *SecurityPolicy `json:"security_policy,omitempty" yaml:"security_policy,omitempty"`
AuditLogging bool `json:"audit_logging" yaml:"audit_logging"`
CreatedAt time.Time `json:"created_at" yaml:"created_at"`
UpdatedAt time.Time `json:"updated_at" yaml:"updated_at"`
}
SandboxPolicy defines configuration for a sandbox
type SandboxProcessor ¶
type SandboxProcessor struct {
// contains filtered or unexported fields
}
SandboxProcessor processes feeds in a sandbox
func NewSandboxProcessor ¶
func NewSandboxProcessor(factory *SandboxFactory) *SandboxProcessor
NewSandboxProcessor creates a new sandbox processor
func (*SandboxProcessor) ProcessFeed ¶
func (p *SandboxProcessor) ProcessFeed(feedID string) (*FeedResult, error)
ProcessFeed processes a feed in a sandbox
type SandboxStats ¶
type SandboxStats struct {
SandboxID SandboxID
Status SandboxStatus
ResourceUsage ResourceUsage
Uptime time.Duration
}
SandboxStats provides sandbox statistics
type SandboxStatus ¶
type SandboxStatus string
SandboxStatus represents the current status of a sandbox
const ( SandboxStatusCreated SandboxStatus = "created" SandboxStatusRunning SandboxStatus = "running" SandboxStatusPaused SandboxStatus = "paused" SandboxStatusStopped SandboxStatus = "stopped" SandboxStatusErrored SandboxStatus = "errored" SandboxStatusDestroyed SandboxStatus = "destroyed" )
type SecurityPolicy ¶
type SecurityPolicy struct {
NetworkIsolation bool `json:"network_isolation" yaml:"network_isolation"`
FileAccess []string `json:"file_access" yaml:"file_access"`
NetworkAccess []string `json:"network_access" yaml:"network_access"`
ProcessAccess []string `json:"process_access" yaml:"process_access"`
ResourceLimits bool `json:"resource_limits" yaml:"resource_limits"`
}
SecurityPolicy defines security boundaries for a sandbox
type ValidationError ¶
type ValidationError struct {
Code string
Message string
Field string
Details map[string]interface{}
Timestamp time.Time
FeedID string
DomainID string
}
ValidationError represents a validation error with context
func (*ValidationError) Error ¶
func (e *ValidationError) Error() string
Source Files
Click to show internal directories.
Click to hide internal directories.