Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Names map[Level]string = map[Level]string{ Untrusted: "Untrusted", Endpoint: "Endpoint", AllowedIPs: "AllowedIPs", AddPeer: "AddPeer", DelPeer: "DelPeer", SetTrust: "SetTrust", }
Names is a handy map to ease stringifying trust levels. FIXME: this is mutable, golang doesn't allow const/immutable maps
var Values map[string]Level = map[string]Level{ "Untrusted": Untrusted, "Endpoint": Endpoint, "AllowedIPs": AllowedIPs, "AddPeer": AddPeer, "DelPeer": DelPeer, "SetTrust": SetTrust, }
Values is a handy map to ease parsing strings to trust levels. FIXME: this is mutable, golang doesn't allow const/immutable maps
Functions ¶
Types ¶
type CompositeMode ¶ added in v0.1.0
type CompositeMode int
CompositeMode is an enum for how a composite evaluator combines the results of its member evaluators
const ( // FirstOnly composites return the trust level from the first evaluator that // knows the subject FirstOnly CompositeMode = iota // LeastPermission composites return the lowest trust level from the evaluators // that know the subject LeastPermission // MostPermission composites return the highest trust level from the evaluators // that known the subject MostPermission )
type Evaluator ¶
type Evaluator interface {
// TrustLevel evaluates the trust level that should be applied to a fact given its source,
// returning nil if it doesn't have an opinion on the trust level
TrustLevel(fact *fact.Fact, source net.UDPAddr) *Level
// IsKnown checks whether the subject of a fact is already known to the local system,
// or false if the peer is new.
// TODO: IsKnown doesn't really belong here
IsKnown(subject fact.Subject) bool
}
Evaluator is an interface for implementations that can answer whether a fact received from a remote source should be trusted and accepted into the set of locally known facts
func CreateComposite ¶ added in v0.1.0
func CreateComposite(mode CompositeMode, evaluators ...Evaluator) Evaluator
CreateComposite generates an evaluator which combines the results of others using the specified mode
func CreateRouteBasedTrust ¶
CreateRouteBasedTrust factories a TrustEvaluator for the given set of peers, using the "routers are trusted" model, wherein peers are allowed to provide endpoint information, "routers" (peers with an AllowedIP whose CIDR mask is shorter than the IP length) are allowed to provide AllowedIPs for other peers, and nobody is allowed to provide new peers (peer public keys must be added by the administrator)
type Level ¶
type Level int
Level is how much we should trust a fact received from a remote source
const ( // Untrusted means we should ignore the fact, as if we never received it Untrusted Level = iota // Endpoint means we should trust it enough to try endpoints we may have received Endpoint // AllowedIPs means we should trust it enough to add AllowedIPs to our local // configuration for the peer, if we can make a direct connection to it AllowedIPs // AddPeer means we should trust it enough to add it as a new peer in the // local configuration if we don't have it AddPeer // DelPeer means that that we trust it enough to remove any peers it doesn't // tell us exist (assuming it's online, and no other AddPeer contradicts it) DelPeer // SetTrust means a peer is trusted to tell us the trust level of other peers SetTrust )
Source Files