status

package

v0.9.2 Latest Latest Go to latest Published: Feb 25, 2026 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bytedance/vArmor

Links

Open Source Insights

Documentation ¶

Overview ¶

Package status implements the service of manager

Package status implements token cache for manager

Index ¶

func CheckAgentToken(authnInterface authnclientv1.AuthenticationV1Interface, inContainer bool, ...) gin.HandlerFunc
func CheckClientBearerToken(authnInterface authnclientv1.AuthenticationV1Interface, ...) gin.HandlerFunc
type StatusService
- func NewStatusService(addr string, port int, tlsPair *varmortls.PemPair, debug bool, ...) (*StatusService, error)
- func (s *StatusService) CleanUp()
- func (s *StatusService) Run(stopCh <-chan struct{})
type TokenCache
- func NewTokenCache(ttl time.Duration, log logr.Logger) *TokenCache
type TokenCacheEntry
type TokenCacheMetrics

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckAgentToken ¶ added in v0.5.6

func CheckAgentToken(authnInterface authnclientv1.AuthenticationV1Interface, inContainer bool, tokenCache *TokenCache) gin.HandlerFunc

CheckAgentToken verify the token of the client. Check if the requester is the varmor-agent.

func CheckClientBearerToken ¶ added in v0.7.0

func CheckClientBearerToken(authnInterface authnclientv1.AuthenticationV1Interface, authzInterface authzclientv1.AuthorizationV1Interface, verb string, inContainer bool) gin.HandlerFunc

CheckClientBearerToken verify the Kubernetes bearer token of the client. Check if it has read access to the armorprofilemodels objects.

Types ¶

type StatusService ¶

type StatusService struct {
	StatusManager *statusmanager.StatusManager
	// contains filtered or unexported fields
}

func NewStatusService ¶

func NewStatusService(
	addr string,
	port int,
	tlsPair *varmortls.PemPair,
	debug bool,
	inContainer bool,
	coreInterface corev1.CoreV1Interface,
	appsInterface appsv1.AppsV1Interface,
	varmorInterface varmorinterface.CrdV1beta1Interface,
	authnInterface authnclientv1.AuthenticationV1Interface,
	authzInterface authzclientv1.AuthorizationV1Interface,
	statusUpdateCycle time.Duration,
	metricsModule *metrics.MetricsModule,
	log logr.Logger) (*StatusService, error)

NewStatusService creates and initializes a new StatusService instance. It sets up routes and an HTTP server with TLS configuration, returning the service pointer and an error if any issues occur.

func (*StatusService) CleanUp ¶

func (s *StatusService) CleanUp()

func (*StatusService) Run ¶

func (s *StatusService) Run(stopCh <-chan struct{})

type TokenCache ¶ added in v0.9.2

type TokenCache struct {
	// contains filtered or unexported fields
}

TokenCache provides a thread-safe cache for token validation results with TTL. It uses SHA256 hash of the token as the cache key to avoid storing raw tokens in memory.

func NewTokenCache ¶ added in v0.9.2

func NewTokenCache(ttl time.Duration, log logr.Logger) *TokenCache

NewTokenCache creates a new TokenCache with the specified TTL. The TTL should be shorter than the token rotation interval to ensure revoked tokens are invalidated promptly.

func (*TokenCache) Delete ¶ added in v0.9.2

func (tc *TokenCache) Delete(token string)

Delete removes a token from the cache.

func (*TokenCache) Get ¶ added in v0.9.2

func (tc *TokenCache) Get(token string) (bool, bool)

Get retrieves the cached authentication result for a token. Returns (authenticated, found) where:

authenticated is true if the token was previously validated successfully
found is true if the token exists in cache and has not expired

func (*TokenCache) GetMetrics ¶ added in v0.9.2

func (tc *TokenCache) GetMetrics() TokenCacheMetrics

GetMetrics returns a copy of the current metrics.

func (*TokenCache) RecordEvict ¶ added in v0.9.2

func (tc *TokenCache) RecordEvict()

RecordEvict increments the cache evict counter.

func (*TokenCache) RecordHit ¶ added in v0.9.2

func (tc *TokenCache) RecordHit()

RecordHit increments the cache hit counter.

func (*TokenCache) RecordMiss ¶ added in v0.9.2

func (tc *TokenCache) RecordMiss()

RecordMiss increments the cache miss counter.

func (*TokenCache) Set ¶ added in v0.9.2

func (tc *TokenCache) Set(token string, authenticated bool)

Set stores the authentication result for a token with the configured TTL.

func (*TokenCache) Size ¶ added in v0.9.2

func (tc *TokenCache) Size() int

Size returns the approximate number of entries in the cache.

func (*TokenCache) StartCleanup ¶ added in v0.9.2

func (tc *TokenCache) StartCleanup(stopCh <-chan struct{})

StartCleanup starts a background goroutine that periodically removes expired entries. The cleanup interval is set to half of the TTL to ensure entries are removed promptly without excessive overhead.

type TokenCacheEntry ¶ added in v0.9.2

type TokenCacheEntry struct {
	// contains filtered or unexported fields
}

TokenCacheEntry stores the authentication result and expiration time for a token.

type TokenCacheMetrics ¶ added in v0.9.2

type TokenCacheMetrics struct {
	// contains filtered or unexported fields
}

TokenCacheMetrics tracks cache performance metrics.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
apis
v1 Package statusmanagerv1 implements version v1 of status manager to handle the status from agents.	Package statusmanagerv1 implements version v1 of status manager to handle the status from agents.
v1beta1 Package modelmanagerv1beta1 implements the v1beta1 version of the interface to access the ArmorProfileModel objects	Package modelmanagerv1beta1 implements the v1beta1 version of the interface to access the ArmorProfileModel objects
common Package common provides common functions for the status service	Package common provides common functions for the status service

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL