objectcache

package
v0.3.111 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2026 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package objectcache defines interfaces for the node-agent object cache layer.

Index

Constants

View Source 
const (
	// ContainerType represents the type of container in a pod
	Unknown = iota
	Container
	InitContainer
	EphemeralContainer
)

Variables

This section is empty.

Functions

func GetLabels added in v0.2.351 

func GetLabels(cloudMetadata *armotypes.CloudMetadata, watchedContainer *WatchedContainerData, stripContainer bool) map[string]string

func GetTerminationExitCode 

func GetTerminationExitCode(k8sObjectsCache K8sObjectCache, namespace, podName, containerName, containerID string) int32

GetTerminationExitCode returns the termination exit code of the container, otherwise -1

func ListContainersIDs 

func ListContainersIDs(pod *corev1.Pod) []string

list containerIDs from pod status

func ListTerminatedContainers 

func ListTerminatedContainers(pod *corev1.Pod) []string

list terminated containers from pod status

func MetaUniqueName added in v0.2.140 

func MetaUniqueName(obj metav1.Object) string

func UniqueName 

func UniqueName(namespace, name string) string

Types

type ContainerInfo added in v0.2.351 

type ContainerInfo struct {
	Name     string
	ImageTag string
	ImageID  string
}

type ContainerProfileCache added in v0.3.108 

type ContainerProfileCache interface {
	GetProjectedContainerProfile(containerID string) *ProjectedContainerProfile
	GetContainerProfileState(containerID string) *ProfileState
	GetCallStackSearchTree(containerID string) *callstackcache.CallStackSearchTree
	SetProjectionSpec(spec RuleProjectionSpec)
	ContainerCallback(notif containercollection.PubSubEvent)
	Start(ctx context.Context)
}

ContainerProfileCache is the interface satisfied by ContainerProfileCacheImpl and its test mocks. GetProjectedContainerProfile replaces the former GetContainerProfile — callers receive the compact projected form instead of the raw CRD pointer.

type ContainerProfileCacheMock added in v0.3.108 

type ContainerProfileCacheMock struct{}

func (*ContainerProfileCacheMock) ContainerCallback added in v0.3.108 

func (cp *ContainerProfileCacheMock) ContainerCallback(_ containercollection.PubSubEvent)

func (*ContainerProfileCacheMock) GetCallStackSearchTree added in v0.3.108 

func (cp *ContainerProfileCacheMock) GetCallStackSearchTree(_ string) *callstackcache.CallStackSearchTree

func (*ContainerProfileCacheMock) GetContainerProfileState added in v0.3.108 

func (cp *ContainerProfileCacheMock) GetContainerProfileState(_ string) *ProfileState

func (*ContainerProfileCacheMock) GetProjectedContainerProfile added in v0.3.111 

func (cp *ContainerProfileCacheMock) GetProjectedContainerProfile(_ string) *ProjectedContainerProfile

func (*ContainerProfileCacheMock) SetProjectionSpec added in v0.3.111 

func (cp *ContainerProfileCacheMock) SetProjectionSpec(_ RuleProjectionSpec)

func (*ContainerProfileCacheMock) Start added in v0.3.108 

func (cp *ContainerProfileCacheMock) Start(_ context.Context)

type ContainerType added in v0.2.351 

type ContainerType int

func (ContainerType) String added in v0.2.351 

func (c ContainerType) String() string

type DnsCache added in v0.2.128 

type DnsCache interface {
	ResolveIpToDomain(ip string) string
}

type DnsCacheMock added in v0.2.128 

type DnsCacheMock struct {
}

func (*DnsCacheMock) ResolveIpToDomain added in v0.2.128 

func (dc *DnsCacheMock) ResolveIpToDomain(_ string) string

type FieldSpec added in v0.3.111 

type FieldSpec struct {
	InUse    bool
	All      bool
	Exact    map[string]struct{}
	Prefixes []string
	Suffixes []string
	Contains []string

	// PrefixMatcher and SuffixMatcher are compiled by containerprofilecache.CompileSpec.
	// They are exported interfaces so CompileSpec (in a different package) can assign them.
	PrefixMatcher PathMatcher
	SuffixMatcher PathMatcher
}

FieldSpec is the per-data-surface compiled declaration.

type K8sObjectCache 

type K8sObjectCache interface {
	GetPodSpec(namespace, podName string) *corev1.PodSpec
	GetPodStatus(namespace, podName string) *corev1.PodStatus
	GetApiServerIpAddress() string
	GetPods() []*corev1.Pod
	GetPod(namespace, podName string) *corev1.Pod
	SetSharedContainerData(containerID string, data *WatchedContainerData)
	GetSharedContainerData(containerID string) *WatchedContainerData
	DeleteSharedContainerData(containerID string)
}

type K8sObjectCacheMock 

type K8sObjectCacheMock struct {
	ApiServerIpAddress string
	PodSpec            corev1.PodSpec
	PodStatus          corev1.PodStatus
	// contains filtered or unexported fields
}

func (*K8sObjectCacheMock) DeleteSharedContainerData added in v0.2.231 

func (k *K8sObjectCacheMock) DeleteSharedContainerData(containerID string)

func (*K8sObjectCacheMock) GetApiServerIpAddress 

func (k *K8sObjectCacheMock) GetApiServerIpAddress() string

func (*K8sObjectCacheMock) GetPod added in v0.2.231 

func (k *K8sObjectCacheMock) GetPod(_, _ string) *corev1.Pod

func (*K8sObjectCacheMock) GetPodSpec 

func (k *K8sObjectCacheMock) GetPodSpec(_, _ string) *corev1.PodSpec

func (*K8sObjectCacheMock) GetPodStatus 

func (k *K8sObjectCacheMock) GetPodStatus(_, _ string) *corev1.PodStatus

func (*K8sObjectCacheMock) GetPods 

func (k *K8sObjectCacheMock) GetPods() []*corev1.Pod

func (*K8sObjectCacheMock) GetSharedContainerData added in v0.2.231 

func (k *K8sObjectCacheMock) GetSharedContainerData(containerID string) *WatchedContainerData

func (*K8sObjectCacheMock) SetSharedContainerData added in v0.2.231 

func (k *K8sObjectCacheMock) SetSharedContainerData(containerID string, data *WatchedContainerData)

type ObjectCache 

type ObjectCache interface {
	K8sObjectCache() K8sObjectCache
	ContainerProfileCache() ContainerProfileCache
	DnsCache() DnsCache
}

type ObjectCacheMock 

type ObjectCacheMock struct {
}

func NewObjectCacheMock 

func NewObjectCacheMock() *ObjectCacheMock

func (*ObjectCacheMock) ContainerProfileCache added in v0.3.108 

func (om *ObjectCacheMock) ContainerProfileCache() ContainerProfileCache

func (*ObjectCacheMock) DnsCache added in v0.2.128 

func (om *ObjectCacheMock) DnsCache() DnsCache

func (*ObjectCacheMock) K8sObjectCache 

func (om *ObjectCacheMock) K8sObjectCache() K8sObjectCache

type PathMatcher added in v0.3.111 

type PathMatcher interface {
	HasMatch(s string) bool
}

PathMatcher is implemented by the trie-based matchers in containerprofilecache.

type ProfileState added in v0.2.332 

type ProfileState struct {
	Completion string
	Status     string
	Name       string
	Error      error
}

type ProjectedContainerProfile added in v0.3.111 

type ProjectedContainerProfile struct {
	Opens            ProjectedField
	Execs            ProjectedField
	Endpoints        ProjectedField
	Capabilities     ProjectedField
	Syscalls         ProjectedField
	EgressDomains    ProjectedField
	EgressAddresses  ProjectedField
	IngressDomains   ProjectedField
	IngressAddresses ProjectedField

	SpecHash       string
	SyncChecksum   string
	PolicyByRuleId map[string]v1beta1.RulePolicy
	CallStackTree  *callstackcache.CallStackSearchTree
}

ProjectedContainerProfile is the cache-resident compact form. Pure node-agent internal type; never serialized. Replaces *v1beta1.ContainerProfile in the cache.

type ProjectedField added in v0.3.111 

type ProjectedField struct {
	All        bool
	Values     map[string]struct{}
	Patterns   []string
	PrefixHits map[string]bool
	SuffixHits map[string]bool
}

ProjectedField is the per-surface compact form read by CEL helpers. Composite-key carriers (flags, args, methods, ports) are out of scope for v1.

type RuleProjectionSpec added in v0.3.111 

type RuleProjectionSpec struct {
	Opens            FieldSpec
	Execs            FieldSpec
	Capabilities     FieldSpec
	Syscalls         FieldSpec
	Endpoints        FieldSpec
	EgressDomains    FieldSpec
	EgressAddresses  FieldSpec
	IngressDomains   FieldSpec
	IngressAddresses FieldSpec

	Hash string // canonical FNV-64a content hash; populated by CompileSpec
}

RuleProjectionSpec is the compiled, immutable, hash-tagged union of all loaded rules' ProfileDataRequired declarations.

type WatchedContainerCompletionStatus added in v0.2.351 

type WatchedContainerCompletionStatus string
const (
	// WatchedContainerCompletionStatus represents the completion status of a watched container
	WatchedContainerCompletionStatusPartial WatchedContainerCompletionStatus = helpersv1.Partial
	WatchedContainerCompletionStatusFull    WatchedContainerCompletionStatus = helpersv1.Full
)

type WatchedContainerData added in v0.2.351 

type WatchedContainerData struct {
	InstanceID            instanceidhandler.IInstanceID
	UpdateDataTicker      *time.Ticker
	SyncChannel           chan error
	AckChan               chan struct{}
	ParentResourceVersion string
	ContainerID           string
	PodName               string
	Namespace             string
	ImageTag              string
	ImageID               string
	Wlid                  string
	WorkloadUID           string // UID of the top-level workload (from WLID)
	ContainerType         ContainerType
	ContainerIndex        int
	ContainerInfos        map[ContainerType][]ContainerInfo
	NsMntId               uint64
	InitialDelayExpired   bool

	ParentWorkloadSelector  *metav1.LabelSelector
	SeccompProfilePath      *string
	PreRunningContainer     bool
	SeriesID                string
	PreviousReportTimestamp time.Time
	CurrentReportTimestamp  time.Time
	UserDefinedProfile      string
	LabelOverrides          map[string]string // optional label overrides applied after GetLabels()
	LearningPeriod          time.Duration
	// contains filtered or unexported fields
}

func (*WatchedContainerData) GetCompletionStatus added in v0.2.351 

func (watchedContainer *WatchedContainerData) GetCompletionStatus() WatchedContainerCompletionStatus

func (*WatchedContainerData) GetStatus added in v0.2.351 

func (watchedContainer *WatchedContainerData) GetStatus() WatchedContainerStatus

func (*WatchedContainerData) SetCompletionStatus added in v0.2.351 

func (watchedContainer *WatchedContainerData) SetCompletionStatus(newStatus WatchedContainerCompletionStatus)

func (*WatchedContainerData) SetContainerInfo added in v0.2.351 

func (watchedContainer *WatchedContainerData) SetContainerInfo(wl workloadinterface.IWorkload, containerName string) error

func (*WatchedContainerData) SetStatus added in v0.2.351 

func (watchedContainer *WatchedContainerData) SetStatus(newStatus WatchedContainerStatus)

type WatchedContainerStatus added in v0.2.351 

type WatchedContainerStatus string
const (
	// WatchedContainerStatus represents the status of a watched container
	WatchedContainerStatusInitializing WatchedContainerStatus = helpersv1.Initializing
	WatchedContainerStatusReady        WatchedContainerStatus = helpersv1.Learning
	WatchedContainerStatusCompleted    WatchedContainerStatus = helpersv1.Completed
	WatchedContainerStatusFailed       WatchedContainerStatus = helpersv1.Failed

	WatchedContainerStatusMissingRuntime WatchedContainerStatus = helpersv1.MissingRuntime
	WatchedContainerStatusTooLarge       WatchedContainerStatus = helpersv1.TooLarge
)

Source Files

View all Source files

Directories

Path Synopsis
Package containerprofilecache provides a unified, container-keyed cache for ContainerProfile objects.
 Package containerprofilecache provides a unified, container-keyed cache for ContainerProfile objects.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.