Documentation
¶
Overview ¶
Package pluginsdk provides the SDK for building afterdark-darkd plugins.
This package is the public API for plugin authors. It re-exports the types and functions needed to create plugins that integrate with the afterdark-darkd security daemon.
Quick Start ¶
To create a service plugin:
package main
import (
"context"
sdk "github.com/afterdarksys/afterdark-darkd/pkg/pluginsdk"
)
type MyService struct {
sdk.BaseServicePlugin
}
func (s *MyService) Info() sdk.PluginInfo {
return sdk.PluginInfo{
Name: "my-service",
Version: "1.0.0",
Type: sdk.PluginTypeService,
Description: "My custom security service",
Author: "Your Name",
}
}
func (s *MyService) Execute(ctx context.Context, action string, params map[string]interface{}) (map[string]interface{}, error) {
// Implementation
return nil, nil
}
func main() {
sdk.ServeServicePlugin(&MyService{})
}
Index ¶
- Constants
- Variables
- func Logger(name string) hclog.Logger
- func ServeCLIPlugin(impl CLIPlugin)
- func ServeDataSourcePlugin(impl DataSourcePlugin)
- func ServeFirewallPlugin(impl FirewallPlugin)
- func ServeReporterPlugin(impl ReporterPlugin)
- func ServeServicePlugin(impl ServicePlugin)
- func ServeStoragePlugin(impl StoragePlugin)
- type BaseCLIPlugin
- type BaseDataSourcePlugin
- func (b *BaseDataSourcePlugin) Config() map[string]interface{}
- func (b *BaseDataSourcePlugin) Configure(config map[string]interface{}) error
- func (b *BaseDataSourcePlugin) Connect(ctx context.Context) error
- func (b *BaseDataSourcePlugin) Disconnect(ctx context.Context) error
- func (b *BaseDataSourcePlugin) Health() PluginHealth
- func (b *BaseDataSourcePlugin) SetState(state PluginState, message string)
- func (b *BaseDataSourcePlugin) Subscribe(ctx context.Context, topic string, handler func(data map[string]interface{})) error
- type BaseFirewallPlugin
- type BaseReporterPlugin
- type BaseServicePlugin
- func (b *BaseServicePlugin) Config() map[string]interface{}
- func (b *BaseServicePlugin) Configure(config map[string]interface{}) error
- func (b *BaseServicePlugin) Health() PluginHealth
- func (b *BaseServicePlugin) SetState(state PluginState, message string)
- func (b *BaseServicePlugin) Start(ctx context.Context) error
- func (b *BaseServicePlugin) Stop(ctx context.Context) error
- type BaseStoragePlugin
- func (b *BaseStoragePlugin) Config() map[string]interface{}
- func (b *BaseStoragePlugin) Configure(config map[string]interface{}) error
- func (b *BaseStoragePlugin) Connect(ctx context.Context) error
- func (b *BaseStoragePlugin) Disconnect(ctx context.Context) error
- func (b *BaseStoragePlugin) Health() PluginHealth
- func (b *BaseStoragePlugin) SetState(state PluginState, message string)
- type BlockedIP
- type CLICommand
- type CLIFlag
- type CLIPlugin
- type DataSourcePlugin
- type FirewallPlugin
- type FirewallRule
- type FirewallStatus
- type PluginHealth
- type PluginInfo
- type PluginState
- type PluginType
- type ReporterPlugin
- type ServicePlugin
- type StoragePlugin
Constants ¶
View Source
const ProtocolVersion = 1
ProtocolVersion is the plugin protocol version
Variables ¶
View Source
var HandshakeConfig = plugin.HandshakeConfig{ ProtocolVersion: ProtocolVersion, MagicCookieKey: "AFTERDARK_PLUGIN", MagicCookieValue: "darkd-v1", }
HandshakeConfig is used to validate plugin connections
Functions ¶
func ServeCLIPlugin ¶
func ServeCLIPlugin(impl CLIPlugin)
ServeCLIPlugin starts the gRPC server for a CLI plugin
func ServeDataSourcePlugin ¶
func ServeDataSourcePlugin(impl DataSourcePlugin)
ServeDataSourcePlugin starts the gRPC server for a data source plugin
func ServeFirewallPlugin ¶
func ServeFirewallPlugin(impl FirewallPlugin)
ServeFirewallPlugin starts the gRPC server for a firewall plugin
func ServeReporterPlugin ¶
func ServeReporterPlugin(impl ReporterPlugin)
ServeReporterPlugin starts the gRPC server for a reporter plugin
func ServeServicePlugin ¶
func ServeServicePlugin(impl ServicePlugin)
ServeServicePlugin starts the gRPC server for a service plugin
func ServeStoragePlugin ¶
func ServeStoragePlugin(impl StoragePlugin)
ServeStoragePlugin starts the gRPC server for a storage plugin
Types ¶
type BaseCLIPlugin ¶
type BaseCLIPlugin struct {
// contains filtered or unexported fields
}
BaseCLIPlugin provides default implementations for CLIPlugin
func (*BaseCLIPlugin) Config ¶
func (b *BaseCLIPlugin) Config() map[string]interface{}
func (*BaseCLIPlugin) Configure ¶
func (b *BaseCLIPlugin) Configure(config map[string]interface{}) error
func (*BaseCLIPlugin) Health ¶
func (b *BaseCLIPlugin) Health() PluginHealth
func (*BaseCLIPlugin) SetState ¶
func (b *BaseCLIPlugin) SetState(state PluginState, message string)
type BaseDataSourcePlugin ¶
type BaseDataSourcePlugin struct {
// contains filtered or unexported fields
}
BaseDataSourcePlugin provides default implementations for DataSourcePlugin
func (*BaseDataSourcePlugin) Config ¶
func (b *BaseDataSourcePlugin) Config() map[string]interface{}
func (*BaseDataSourcePlugin) Configure ¶
func (b *BaseDataSourcePlugin) Configure(config map[string]interface{}) error
func (*BaseDataSourcePlugin) Connect ¶
func (b *BaseDataSourcePlugin) Connect(ctx context.Context) error
func (*BaseDataSourcePlugin) Disconnect ¶
func (b *BaseDataSourcePlugin) Disconnect(ctx context.Context) error
func (*BaseDataSourcePlugin) Health ¶
func (b *BaseDataSourcePlugin) Health() PluginHealth
func (*BaseDataSourcePlugin) SetState ¶
func (b *BaseDataSourcePlugin) SetState(state PluginState, message string)
type BaseFirewallPlugin ¶
type BaseFirewallPlugin struct {
// contains filtered or unexported fields
}
BaseFirewallPlugin provides default implementations for FirewallPlugin
func (*BaseFirewallPlugin) Config ¶
func (b *BaseFirewallPlugin) Config() map[string]interface{}
func (*BaseFirewallPlugin) Configure ¶
func (b *BaseFirewallPlugin) Configure(config map[string]interface{}) error
func (*BaseFirewallPlugin) Health ¶
func (b *BaseFirewallPlugin) Health() PluginHealth
func (*BaseFirewallPlugin) SetState ¶
func (b *BaseFirewallPlugin) SetState(state PluginState, message string)
type BaseReporterPlugin ¶
type BaseReporterPlugin struct {
// contains filtered or unexported fields
}
BaseReporterPlugin provides default implementations for ReporterPlugin
func (*BaseReporterPlugin) Config ¶
func (b *BaseReporterPlugin) Config() map[string]interface{}
func (*BaseReporterPlugin) Configure ¶
func (b *BaseReporterPlugin) Configure(config map[string]interface{}) error
func (*BaseReporterPlugin) Health ¶
func (b *BaseReporterPlugin) Health() PluginHealth
func (*BaseReporterPlugin) SetState ¶
func (b *BaseReporterPlugin) SetState(state PluginState, message string)
type BaseServicePlugin ¶
type BaseServicePlugin struct {
// contains filtered or unexported fields
}
BaseServicePlugin provides default implementations for ServicePlugin
func (*BaseServicePlugin) Config ¶
func (b *BaseServicePlugin) Config() map[string]interface{}
func (*BaseServicePlugin) Configure ¶
func (b *BaseServicePlugin) Configure(config map[string]interface{}) error
func (*BaseServicePlugin) Health ¶
func (b *BaseServicePlugin) Health() PluginHealth
func (*BaseServicePlugin) SetState ¶
func (b *BaseServicePlugin) SetState(state PluginState, message string)
type BaseStoragePlugin ¶
type BaseStoragePlugin struct {
// contains filtered or unexported fields
}
BaseStoragePlugin provides default implementations for StoragePlugin
func (*BaseStoragePlugin) Config ¶
func (b *BaseStoragePlugin) Config() map[string]interface{}
func (*BaseStoragePlugin) Configure ¶
func (b *BaseStoragePlugin) Configure(config map[string]interface{}) error
func (*BaseStoragePlugin) Disconnect ¶
func (b *BaseStoragePlugin) Disconnect(ctx context.Context) error
func (*BaseStoragePlugin) Health ¶
func (b *BaseStoragePlugin) Health() PluginHealth
func (*BaseStoragePlugin) SetState ¶
func (b *BaseStoragePlugin) SetState(state PluginState, message string)
type BlockedIP ¶
type BlockedIP struct {
IP string `json:"ip"`
Reason string `json:"reason"`
SourceService string `json:"source_service"`
BlockedAt time.Time `json:"blocked_at"`
ExpiresAt time.Time `json:"expires_at,omitempty"`
ThreatScore int `json:"threat_score"`
Categories []string `json:"categories"`
}
BlockedIP represents a blocked IP address
type CLICommand ¶
type CLICommand struct {
Name string `json:"name"`
Description string `json:"description"`
Usage string `json:"usage"`
Flags []CLIFlag `json:"flags,omitempty"`
Subcommands []CLICommand `json:"subcommands,omitempty"`
}
CLICommand represents a CLI command provided by a plugin
type CLIFlag ¶
type CLIFlag struct {
Name string `json:"name"`
Shorthand string `json:"shorthand,omitempty"`
Description string `json:"description"`
Type string `json:"type"` // "string", "int", "bool", "stringSlice"
Default string `json:"default,omitempty"`
Required bool `json:"required"`
}
CLIFlag represents a command-line flag
type CLIPlugin ¶
type CLIPlugin interface {
Info() PluginInfo
Configure(config map[string]interface{}) error
Commands() []CLICommand
Execute(ctx context.Context, command string, args []string, flags map[string]interface{}) (string, error)
Health() PluginHealth
}
CLIPlugin is the interface for CLI command plugins
type DataSourcePlugin ¶
type DataSourcePlugin interface {
Info() PluginInfo
Configure(config map[string]interface{}) error
Connect(ctx context.Context) error
Disconnect(ctx context.Context) error
Query(ctx context.Context, query string, params map[string]interface{}) ([]map[string]interface{}, error)
Subscribe(ctx context.Context, topic string, handler func(data map[string]interface{})) error
Health() PluginHealth
}
DataSourcePlugin is the interface for data source plugins
type FirewallPlugin ¶
type FirewallPlugin interface {
Info() PluginInfo
Configure(config map[string]interface{}) error
Health() PluginHealth
// Firewall control
Enable(ctx context.Context, enable bool, defaultDenyInbound bool, defaultDenyOutbound bool) (*FirewallStatus, error)
Status(ctx context.Context) (*FirewallStatus, error)
// IP blocking
BlockIP(ctx context.Context, ip string, reason string, sourceService string, durationSeconds int64, threatScore int, categories []string) (*BlockedIP, error)
UnblockIP(ctx context.Context, ip string) error
ListBlockedIPs(ctx context.Context, limit int, offset int, sourceService string) ([]BlockedIP, int, error)
IsIPBlocked(ctx context.Context, ip string) (bool, *BlockedIP, error)
// Rule management
AddRule(ctx context.Context, rule *FirewallRule) (*FirewallRule, error)
RemoveRule(ctx context.Context, ruleID string) error
UpdateRule(ctx context.Context, rule *FirewallRule) (*FirewallRule, error)
ListRules(ctx context.Context, limit int, offset int, direction string, enabledOnly bool) ([]FirewallRule, int, error)
GetRule(ctx context.Context, ruleID string) (*FirewallRule, error)
// Bulk operations
SyncBlocklist(ctx context.Context, blockedIPs []BlockedIP, replace bool) (added int, removed int, unchanged int, err error)
FlushRules(ctx context.Context, flushBlocks bool, flushRules bool, keepEssential bool) (rulesFlushed int, blocksFlushed int, err error)
// Port management (convenience)
OpenPort(ctx context.Context, port int, protocol string, direction string, sourceIP string, description string) (*FirewallRule, error)
ClosePort(ctx context.Context, port int, protocol string, direction string) error
}
FirewallPlugin is the interface for firewall plugins These provide OS-specific firewall control (iptables, pf, Windows Firewall)
type FirewallRule ¶
type FirewallRule struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Direction string `json:"direction"` // "inbound", "outbound", "both"
Action string `json:"action"` // "allow", "deny", "drop", "reject"
Protocol string `json:"protocol"` // "tcp", "udp", "icmp", "any"
SourceIP string `json:"source_ip"` // CIDR notation
SourcePort string `json:"source_port"` // Port or range
DestIP string `json:"dest_ip"`
DestPort string `json:"dest_port"`
Interface string `json:"interface"`
Priority int `json:"priority"`
Enabled bool `json:"enabled"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at,omitempty"`
Reason string `json:"reason"`
SourceService string `json:"source_service"`
HitCount int64 `json:"hit_count"`
LastHitAt time.Time `json:"last_hit_at,omitempty"`
}
FirewallRule represents a firewall rule
type FirewallStatus ¶
type FirewallStatus struct {
Enabled bool `json:"enabled"`
Backend string `json:"backend"`
Version string `json:"version"`
TotalRules int `json:"total_rules"`
ActiveRules int `json:"active_rules"`
BlockedIPs int `json:"blocked_ips"`
DefaultDenyInbound bool `json:"default_deny_inbound"`
DefaultDenyOutbound bool `json:"default_deny_outbound"`
LastUpdated time.Time `json:"last_updated"`
Capabilities map[string]string `json:"capabilities"`
}
FirewallStatus represents the current firewall state
type PluginHealth ¶
type PluginHealth struct {
State PluginState `json:"state"`
Message string `json:"message,omitempty"`
LastCheck time.Time `json:"last_check"`
Metrics map[string]interface{} `json:"metrics,omitempty"`
}
PluginHealth represents health status of a plugin
type PluginInfo ¶
type PluginInfo struct {
Name string `json:"name"`
Version string `json:"version"`
Type PluginType `json:"type"`
Description string `json:"description"`
Author string `json:"author"`
License string `json:"license"`
Capabilities []string `json:"capabilities,omitempty"`
}
PluginInfo contains metadata about a plugin
type PluginState ¶
type PluginState int
PluginState represents the current state of a plugin
const ( PluginStateUnknown PluginState = iota PluginStateLoading PluginStateReady PluginStateRunning PluginStateStopping PluginStateStopped PluginStateError )
Plugin states
func (PluginState) String ¶
func (s PluginState) String() string
type PluginType ¶
type PluginType string
PluginType identifies the kind of plugin
const ( PluginTypeService PluginType = "service" PluginTypeDataSource PluginType = "datasource" PluginTypeStorage PluginType = "storage" PluginTypeReporter PluginType = "reporter" PluginTypeCLI PluginType = "cli" PluginTypeFirewall PluginType = "firewall" )
Plugin types
type ReporterPlugin ¶
type ReporterPlugin interface {
Info() PluginInfo
Configure(config map[string]interface{}) error
SupportedFormats() []string
Generate(ctx context.Context, format string, data map[string]interface{}) ([]byte, error)
Health() PluginHealth
}
ReporterPlugin is the interface for report generator plugins
type ServicePlugin ¶
type ServicePlugin interface {
Info() PluginInfo
Configure(config map[string]interface{}) error
Start(ctx context.Context) error
Stop(ctx context.Context) error
Health() PluginHealth
Execute(ctx context.Context, action string, params map[string]interface{}) (map[string]interface{}, error)
}
ServicePlugin is the interface for service-type plugins
type StoragePlugin ¶
type StoragePlugin interface {
Info() PluginInfo
Configure(config map[string]interface{}) error
Connect(ctx context.Context) error
Disconnect(ctx context.Context) error
Get(ctx context.Context, collection, key string) ([]byte, error)
Set(ctx context.Context, collection, key string, value []byte) error
Delete(ctx context.Context, collection, key string) error
List(ctx context.Context, collection, prefix string) ([]string, error)
Query(ctx context.Context, collection string, query map[string]interface{}) ([][]byte, error)
Health() PluginHealth
}
StoragePlugin is the interface for storage backend plugins
Source Files
Click to show internal directories.
Click to hide internal directories.