client

package
v1.6.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package client provides a Go HTTP client library for the Neuwerk API. It follows Go best practices with the functional options pattern for configuration.

Package client provides a Go HTTP client library for the Neuwerk API.

Basic Usage

Create a client with a bearer token: 

import "github.com/moolen/neuwerk/pkg/client"

c, err := client.New("https://neuwerk.example.com:8443",
	client.WithBearerToken("nw_sa_abc123..."),
)
if err != nil {
	log.Fatal(err)
}

Network Operations 

// List all networks
networks, err := c.Networks.List(ctx)

// Create a network
network, err := c.Networks.Create(ctx, &client.CreateNetworkRequest{
	Name: "production",
	CIDR: "10.0.0.0/16",
})

// Get a specific network
network, err := c.Networks.Get(ctx, "production")

// Delete a network
err = c.Networks.Delete(ctx, "production")

Policy Operations 

// List policies for a network
policies, err := c.Policies.List(ctx, "production")

// Create a policy
policy, err := c.Policies.Create(ctx, "production", &client.CreatePolicyRequest{
	Hostname: "*.amazonaws.com",
	Ports:    []uint16{443},
})

// Delete a policy by index
err = c.Policies.Delete(ctx, "production", 0)

Firewall Mode 

// Get current mode
mode, err := c.Mode.Get(ctx)

// Set mode to enforce
err = c.Mode.Set(ctx, client.ModeEnforce)

Service Accounts 

// List service accounts
resp, err := c.ServiceAccounts.List(ctx)

// Create a service account
sa, err := c.ServiceAccounts.Create(ctx, &client.CreateServiceAccountRequest{
	Name:       "ci-pipeline",
	Role:       "readonly",
	Expiration: "30d",
})
// Note: sa.Token is only returned once at creation time

// Revoke a service account
err = c.ServiceAccounts.Revoke(ctx, "sa-id")

Kubernetes Integrations 

// List integrations
integrations, err := c.Integrations.List(ctx)

// Test connection before creating
resp, err := c.Integrations.Test(ctx, &client.TestConnectionRequest{
	Endpoint:    "https://k8s.example.com:6443",
	CACert:      caCertPEM,
	BearerToken: token,
})

// Create an integration
integration, err := c.Integrations.Create(ctx, &client.CreateIntegrationRequest{
	Name:        "prod-cluster",
	Endpoint:    "https://k8s.example.com:6443",
	CACert:      caCertPEM,
	BearerToken: token,
})

// Preview pods matching a selector
pods, err := c.Integrations.PreviewPods(ctx, integrationID, "default", "app=web")

Wiretap Streaming

Stream real-time packet events: 

events, errs, err := c.Wiretap.Stream(ctx)
if err != nil {
	log.Fatal(err)
}

for {
	select {
	case event := <-events:
		log.Printf("[%s] %s:%d -> %s:%d (%s)",
			event.Action,
			event.SourceIP, event.SourcePort,
			event.DestIP, event.DestPort,
			event.Hostname)
	case err := <-errs:
		log.Printf("Stream error: %v", err)
		return
	case <-ctx.Done():
		return
	}
}

Error Handling

The client returns typed errors that can be checked with helper functions: 

network, err := c.Networks.Get(ctx, "nonexistent")
if err != nil {
	if client.IsNotFound(err) {
		log.Println("Network does not exist")
	} else if client.IsUnauthorized(err) {
		log.Println("Invalid or expired token")
	} else if client.IsBadRequest(err) {
		log.Println("Invalid request:", err)
	} else {
		log.Printf("Unexpected error: %v", err)
	}
}

Retry Configuration

Configure automatic retries with exponential backoff: 

c, err := client.New("https://neuwerk.example.com:8443",
	client.WithBearerToken("nw_sa_..."),
	client.WithRetry(5, client.ExponentialBackoff{
		Initial: 100 * time.Millisecond,
		Max:     30 * time.Second,
		Factor:  2.0,
	}),
)

Custom Transport

Wrap the transport for custom behavior like logging: 

type loggingTransport struct {
	base http.RoundTripper
}

func (t *loggingTransport) RoundTrip(req *http.Request) (*http.Response, error) {
	start := time.Now()
	resp, err := t.base.RoundTrip(req)
	log.Printf("%s %s -> %d (%v)", req.Method, req.URL.Path, resp.StatusCode, time.Since(start))
	return resp, err
}

c, err := client.New("https://neuwerk.example.com:8443",
	client.WithTransport(&loggingTransport{base: http.DefaultTransport}),
	client.WithBearerToken("nw_sa_..."),
)

TLS Configuration

For testing with self-signed certificates: 

c, err := client.New("https://neuwerk.example.com:8443",
	client.WithInsecureSkipVerify(), // WARNING: testing only
)

Or with a custom TLS config: 

tlsConfig := &tls.Config{
	RootCAs: certPool,
}
c, err := client.New("https://neuwerk.example.com:8443",
	client.WithTLSConfig(tlsConfig),
)

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotFound     = errors.New("neuwerk: resource not found")
	ErrUnauthorized = errors.New("neuwerk: unauthorized")
	ErrForbidden    = errors.New("neuwerk: forbidden")
	ErrConflict     = errors.New("neuwerk: resource already exists")
	ErrRateLimited  = errors.New("neuwerk: rate limited")
	ErrBadRequest   = errors.New("neuwerk: bad request")
)

Sentinel errors for common API error cases.

Functions

func DefaultRetryOn 

func DefaultRetryOn(resp *http.Response, err error) bool

DefaultRetryOn returns true for status codes that should be retried.

func IsBadRequest 

func IsBadRequest(err error) bool

IsBadRequest returns true if the error indicates a bad request.

func IsConflict 

func IsConflict(err error) bool

IsConflict returns true if the error indicates a resource conflict.

func IsForbidden 

func IsForbidden(err error) bool

IsForbidden returns true if the error indicates forbidden access.

func IsNotFound 

func IsNotFound(err error) bool

IsNotFound returns true if the error indicates a resource was not found.

func IsRateLimited 

func IsRateLimited(err error) bool

IsRateLimited returns true if the error indicates rate limiting.

func IsUnauthorized 

func IsUnauthorized(err error) bool

IsUnauthorized returns true if the error indicates unauthorized access.

Types

type APIError 

type APIError struct {
	StatusCode int
	Code       string // Error code from the API (e.g., "network_not_found")
	Message    string // Human-readable error message
	Raw        []byte // Original response body
}

APIError represents an error response from the Neuwerk API.

func (*APIError) Error 

func (e *APIError) Error() string

Error implements the error interface.

func (*APIError) Unwrap 

func (e *APIError) Unwrap() error

Unwrap returns the underlying sentinel error based on status code.

type AuthService 

type AuthService struct {
	// contains filtered or unexported fields
}

AuthService handles authentication operations.

func (*AuthService) Whoami 

func (s *AuthService) Whoami(ctx context.Context) (*WhoamiResponse, error)

Whoami returns information about the current authenticated user.

type Authenticator 

type Authenticator interface {
	Authenticate(req *http.Request) error
}

Authenticator adds authentication to HTTP requests.

type BackoffStrategy 

type BackoffStrategy interface {
	Wait(attempt int) time.Duration
}

BackoffStrategy defines wait time between retries.

type BearerTokenAuth 

type BearerTokenAuth struct {
	Token string
}

BearerTokenAuth uses a static bearer token for authentication.

func (*BearerTokenAuth) Authenticate 

func (a *BearerTokenAuth) Authenticate(req *http.Request) error

Authenticate adds the bearer token to the request's Authorization header.

type CertificatesService 

type CertificatesService struct {
	// contains filtered or unexported fields
}

CertificatesService handles certificate rotation operations.

func (*CertificatesService) Rotate 

func (s *CertificatesService) Rotate(ctx context.Context, certTypes []string) (*RotateCertificatesResponse, error)

Rotate triggers certificate rotation for the specified certificate types. If certTypes is nil or empty, all certificate types are rotated.

type Client 

type Client struct {

	// Sub-services
	Networks        *NetworksService
	Policies        *PoliciesService
	ServiceAccounts *ServiceAccountsService
	Integrations    *IntegrationsService
	Diagnostics     *DiagnosticsService
	Mode            *ModeService
	Wiretap         *WiretapService
	Auth            *AuthService
	Certificates    *CertificatesService
	// contains filtered or unexported fields
}

Client is the main Neuwerk API client.

func New 

func New(baseURL string, opts ...Option) (*Client, error)

New creates a new Neuwerk API client with the specified options. The baseURL should be the root URL of the Neuwerk API server (e.g., "https://neuwerk.example.com:8443").

type ConstantBackoff 

type ConstantBackoff struct {
	Duration time.Duration
}

ConstantBackoff implements constant wait time between retries.

func (ConstantBackoff) Wait 

func (b ConstantBackoff) Wait(_ int) time.Duration

Wait returns the constant wait duration.

type CreateIntegrationRequest 

type CreateIntegrationRequest struct {
	Name        string `json:"name"`
	Endpoint    string `json:"endpoint"`
	CACert      string `json:"ca_cert"`
	BearerToken string `json:"bearer_token"`
}

CreateIntegrationRequest represents an integration creation request.

type CreateNetworkRequest 

type CreateNetworkRequest struct {
	Name          string `json:"name"`
	CIDR          string `json:"cidr"`
	IntegrationID string `json:"integration_id,omitempty"`
	Namespace     string `json:"namespace,omitempty"`
	LabelSelector string `json:"label_selector,omitempty"`
}

CreateNetworkRequest represents a network creation request.

type CreatePolicyRequest 

type CreatePolicyRequest struct {
	Hostname string   `json:"hostname,omitempty"`
	IP       string   `json:"ip,omitempty"`
	Ports    []uint16 `json:"ports"`
}

CreatePolicyRequest represents a policy creation request.

type CreateServiceAccountRequest 

type CreateServiceAccountRequest struct {
	Name       string `json:"name"`
	Role       string `json:"role"`
	Expiration string `json:"expiration"` // "30d", "90d", "1y"
}

CreateServiceAccountRequest represents a service account creation request.

type CreateServiceAccountResponse 

type CreateServiceAccountResponse struct {
	ID        string    `json:"id"`
	Token     string    `json:"token"`
	Name      string    `json:"name"`
	Role      string    `json:"role"`
	CreatedAt time.Time `json:"created_at"`
	ExpiresAt time.Time `json:"expires_at"`
}

CreateServiceAccountResponse represents the response from creating a service account.

type DNSCacheEntry 

type DNSCacheEntry struct {
	Hostname  string `json:"hostname"`
	IP        string `json:"ip"`
	Timestamp int64  `json:"timestamp"`
}

DNSCacheEntry represents a DNS cache entry.

type DNSCacheResponse 

type DNSCacheResponse struct {
	Entries []DNSCacheEntry `json:"entries"`
}

DNSCacheResponse represents the DNS cache query response.

type DiagnosticsProgress 

type DiagnosticsProgress struct {
	Phase  string `json:"phase"`
	Node   string `json:"node,omitempty"`
	Status string `json:"status,omitempty"`
}

DiagnosticsProgress represents the progress of diagnostics collection.

type DiagnosticsService 

type DiagnosticsService struct {
	// contains filtered or unexported fields
}

DiagnosticsService handles diagnostics operations.

func (*DiagnosticsService) DNSCache 

func (s *DiagnosticsService) DNSCache(ctx context.Context) (*DNSCacheResponse, error)

DNSCache returns DNS cache entries.

func (*DiagnosticsService) Download 

func (s *DiagnosticsService) Download(ctx context.Context, w io.Writer) error

Download downloads a diagnostics bundle to the provided writer.

func (*DiagnosticsService) Health 

func (s *DiagnosticsService) Health(ctx context.Context) (*HealthStatus, error)

Health checks if the service is healthy.

func (*DiagnosticsService) Readiness 

func (s *DiagnosticsService) Readiness(ctx context.Context) (*ReadinessStatus, error)

Readiness checks if the service is ready.

func (*DiagnosticsService) Reconcile 

func (s *DiagnosticsService) Reconcile(ctx context.Context) error

Reconcile triggers an immediate BPF map synchronization.

func (*DiagnosticsService) Stats 

func (s *DiagnosticsService) Stats(ctx context.Context) (*SystemStatus, error)

Stats returns system statistics.

func (*DiagnosticsService) TestPattern 

func (s *DiagnosticsService) TestPattern(ctx context.Context, pattern, hostname string) (*TestPatternResponse, error)

TestPattern tests a hostname pattern against a hostname. This is a convenience method that delegates to the Policies service.

type ExponentialBackoff 

type ExponentialBackoff struct {
	Initial time.Duration // Default: 100ms
	Max     time.Duration // Default: 30s
	Factor  float64       // Default: 2.0
}

ExponentialBackoff implements exponential backoff with jitter.

func (ExponentialBackoff) Wait 

func (b ExponentialBackoff) Wait(attempt int) time.Duration

Wait returns the wait duration for the given attempt number.

type FirewallMode 

type FirewallMode string

FirewallMode represents the firewall mode. 

const (
	// ModeAudit logs traffic without blocking.
	ModeAudit FirewallMode = "audit"
	// ModeEnforce blocks traffic that doesn't match policies.
	ModeEnforce FirewallMode = "enforce"
)

type HealthStatus 

type HealthStatus struct {
	Status string `json:"status"`
}

HealthStatus represents the health check response.

type Integration 

type Integration struct {
	ID             string            `json:"id"`
	Name           string            `json:"name"`
	Endpoint       string            `json:"endpoint"`
	CACert         string            `json:"ca_cert"`
	Status         IntegrationStatus `json:"status"`
	LastError      string            `json:"last_error,omitempty"`
	LastErrorPhase string            `json:"last_error_phase,omitempty"`
	LastSync       time.Time         `json:"last_sync,omitempty"`
	CreatedAt      time.Time         `json:"created_at"`
	UpdatedAt      time.Time         `json:"updated_at"`
}

Integration represents a Kubernetes integration.

type IntegrationStatus 

type IntegrationStatus string

IntegrationStatus represents the connection status of an integration. 

const (
	// StatusPending indicates the integration is created but not yet verified.
	StatusPending IntegrationStatus = "Pending"
	// StatusConnected indicates the integration is reachable and healthy.
	StatusConnected IntegrationStatus = "Connected"
	// StatusDegraded indicates the integration has intermittent connectivity issues.
	StatusDegraded IntegrationStatus = "Degraded"
	// StatusDisconnected indicates the integration is unreachable.
	StatusDisconnected IntegrationStatus = "Disconnected"
)

type IntegrationsService 

type IntegrationsService struct {
	// contains filtered or unexported fields
}

IntegrationsService handles Kubernetes integration operations.

func (*IntegrationsService) Create 

func (s *IntegrationsService) Create(ctx context.Context, req *CreateIntegrationRequest) (*Integration, error)

Create creates a new integration.

func (*IntegrationsService) Delete 

func (s *IntegrationsService) Delete(ctx context.Context, id string) error

Delete removes an integration.

func (*IntegrationsService) Get 

func (s *IntegrationsService) Get(ctx context.Context, id string) (*Integration, error)

Get returns a single integration by ID.

func (*IntegrationsService) List 

func (s *IntegrationsService) List(ctx context.Context) ([]Integration, error)

List returns all integrations.

func (*IntegrationsService) PreviewPods 

func (s *IntegrationsService) PreviewPods(ctx context.Context, id, namespace, labelSelector string) (*PodPreviewResponse, error)

PreviewPods returns pods matching a label selector in a namespace.

func (*IntegrationsService) Test 

func (s *IntegrationsService) Test(ctx context.Context, req *TestConnectionRequest) (*TestConnectionResponse, error)

Test tests a Kubernetes connection before saving an integration.

func (*IntegrationsService) Update 

func (s *IntegrationsService) Update(ctx context.Context, id string, req *UpdateIntegrationRequest) (*Integration, error)

Update updates an existing integration.

type ListServiceAccountsResponse 

type ListServiceAccountsResponse struct {
	ServiceAccounts []ServiceAccount `json:"service_accounts"`
	Total           int              `json:"total"`
}

ListServiceAccountsResponse represents the response from listing service accounts.

type ModeService 

type ModeService struct {
	// contains filtered or unexported fields
}

ModeService handles firewall mode operations.

func (*ModeService) Get 

func (s *ModeService) Get(ctx context.Context) (FirewallMode, error)

Get returns the current firewall mode.

func (*ModeService) Set 

func (s *ModeService) Set(ctx context.Context, mode FirewallMode) error

Set sets the firewall mode ("audit" or "enforce").

type Network 

type Network struct {
	Name              string             `json:"name"`
	CIDR              string             `json:"cidr"`
	Policies          []Policy           `json:"policies"`
	IntegrationID     string             `json:"integration_id,omitempty"`
	Namespace         string             `json:"namespace,omitempty"`
	LabelSelector     string             `json:"label_selector,omitempty"`
	PodCount          *int               `json:"pod_count,omitempty"`
	LastSync          *string            `json:"last_sync,omitempty"`
	IntegrationStatus *IntegrationStatus `json:"integration_status,omitempty"`
}

Network represents a network in Neuwerk.

type NetworksService 

type NetworksService struct {
	// contains filtered or unexported fields
}

NetworksService handles network operations.

func (*NetworksService) Create 

func (s *NetworksService) Create(ctx context.Context, req *CreateNetworkRequest) (*Network, error)

Create creates a new network.

func (*NetworksService) Delete 

func (s *NetworksService) Delete(ctx context.Context, name string) error

Delete removes a network.

func (*NetworksService) Get 

func (s *NetworksService) Get(ctx context.Context, name string) (*Network, error)

Get returns a single network by name.

func (*NetworksService) List 

func (s *NetworksService) List(ctx context.Context) ([]Network, error)

List returns all networks.

func (*NetworksService) Update 

func (s *NetworksService) Update(ctx context.Context, name string, req *UpdateNetworkRequest) (*Network, error)

Update updates an existing network.

type Option 

type Option func(*Client)

Option configures the client.

func WithAuthenticator 

func WithAuthenticator(auth Authenticator) Option

WithAuthenticator sets a custom authenticator.

func WithBearerToken 

func WithBearerToken(token string) Option

WithBearerToken sets static bearer token authentication.

func WithHTTPClient 

func WithHTTPClient(hc *http.Client) Option

WithHTTPClient sets a custom http.Client (full replacement).

func WithInsecureSkipVerify 

func WithInsecureSkipVerify() Option

WithInsecureSkipVerify disables TLS certificate verification. WARNING: This should only be used for testing purposes.

func WithRetry 

func WithRetry(maxAttempts int, backoff BackoffStrategy) Option

WithRetry configures retry behavior with exponential backoff.

func WithRetryConfig 

func WithRetryConfig(config *RetryConfig) Option

WithRetryConfig configures retry behavior with a custom configuration.

func WithTLSConfig 

func WithTLSConfig(cfg *tls.Config) Option

WithTLSConfig sets custom TLS configuration.

func WithTimeout 

func WithTimeout(d time.Duration) Option

WithTimeout sets the request timeout.

func WithTransport 

func WithTransport(rt http.RoundTripper) Option

WithTransport sets a custom RoundTripper (pluggable transport).

func WithUserAgent 

func WithUserAgent(ua string) Option

WithUserAgent sets a custom User-Agent header.

type PodPreview 

type PodPreview struct {
	Name string `json:"name"`
	IP   string `json:"ip"`
}

PodPreview represents basic information about a pod.

type PodPreviewResponse 

type PodPreviewResponse struct {
	Pods       []PodPreview `json:"pods"`
	TotalCount int          `json:"total_count"`
	Truncated  bool         `json:"truncated"`
}

PodPreviewResponse represents the response from previewing pods.

type PoliciesService 

type PoliciesService struct {
	// contains filtered or unexported fields
}

PoliciesService handles policy operations within a network.

func (*PoliciesService) Create 

func (s *PoliciesService) Create(ctx context.Context, networkName string, req *CreatePolicyRequest) (*Policy, error)

Create creates a new policy in a network.

func (*PoliciesService) Delete 

func (s *PoliciesService) Delete(ctx context.Context, networkName string, index int) error

Delete removes a policy by index.

func (*PoliciesService) List 

func (s *PoliciesService) List(ctx context.Context, networkName string) ([]Policy, error)

List returns all policies for a network.

func (*PoliciesService) TestPattern 

func (s *PoliciesService) TestPattern(ctx context.Context, pattern, hostname string) (*TestPatternResponse, error)

TestPattern tests a hostname pattern against a hostname.

func (*PoliciesService) Update 

func (s *PoliciesService) Update(ctx context.Context, networkName string, index int, req *UpdatePolicyRequest) (*Policy, error)

Update updates a policy by index.

type Policy 

type Policy struct {
	Hostname string   `json:"hostname,omitempty"`
	IP       string   `json:"ip,omitempty"`
	Ports    []uint16 `json:"ports"`
	CIDR     string   `json:"cidr,omitempty"`
}

Policy represents a network policy in Neuwerk.

type ReadinessStatus 

type ReadinessStatus struct {
	Ready         bool   `json:"ready"`
	ClusterStatus string `json:"cluster_status,omitempty"`
}

ReadinessStatus represents the readiness check response.

type RetryConfig 

type RetryConfig struct {
	MaxAttempts int
	Backoff     BackoffStrategy
	RetryOn     func(resp *http.Response, err error) bool
}

RetryConfig configures retry behavior.

type RotateCertificateResult 

type RotateCertificateResult struct {
	CertType  string    `json:"certType"`
	Success   bool      `json:"success"`
	Error     string    `json:"error,omitempty"`
	Timestamp time.Time `json:"timestamp"`
}

RotateCertificateResult represents the result of rotating a single certificate.

type RotateCertificatesRequest 

type RotateCertificatesRequest struct {
	CertTypes []string `json:"certTypes,omitempty"`
}

RotateCertificatesRequest represents a certificate rotation request.

type RotateCertificatesResponse 

type RotateCertificatesResponse struct {
	Results []RotateCertificateResult `json:"results"`
	Message string                    `json:"message"`
}

RotateCertificatesResponse represents the response from a rotation request.

type ServiceAccount 

type ServiceAccount struct {
	ID            string     `json:"id"`
	Name          string     `json:"name"`
	Role          string     `json:"role"`
	CreatedAt     time.Time  `json:"created_at"`
	CreatedBy     string     `json:"created_by"`
	ExpiresAt     time.Time  `json:"expires_at"`
	ExpiryStatus  string     `json:"expiry_status"`
	LastUsed      *time.Time `json:"last_used,omitempty"`
	LastIP        string     `json:"last_ip,omitempty"`
	LastEndpoints []string   `json:"last_endpoints,omitempty"`
}

ServiceAccount represents a service account in the list view.

type ServiceAccountsService 

type ServiceAccountsService struct {
	// contains filtered or unexported fields
}

ServiceAccountsService handles service account operations.

func (*ServiceAccountsService) Create 

func (s *ServiceAccountsService) Create(ctx context.Context, req *CreateServiceAccountRequest) (*CreateServiceAccountResponse, error)

Create creates a new service account (returns token once).

func (*ServiceAccountsService) List 

func (s *ServiceAccountsService) List(ctx context.Context) (*ListServiceAccountsResponse, error)

List returns all service accounts.

func (*ServiceAccountsService) Revoke 

func (s *ServiceAccountsService) Revoke(ctx context.Context, id string) error

Revoke revokes a service account by ID.

type SystemStatus 

type SystemStatus struct {
	Mode           string `json:"mode"`
	NetworkCount   int    `json:"network_count"`
	PolicyCount    int    `json:"policy_count"`
	PacketCounters struct {
		Allowed    uint64 `json:"allowed"`
		Blocked    uint64 `json:"blocked"`
		Redirected uint64 `json:"redirected"`
	} `json:"packet_counters"`
}

SystemStatus represents system statistics.

type TestConnectionRequest 

type TestConnectionRequest struct {
	Endpoint    string `json:"endpoint"`
	CACert      string `json:"ca_cert"`
	BearerToken string `json:"bearer_token"`
}

TestConnectionRequest represents a Kubernetes connection test request.

type TestConnectionResponse 

type TestConnectionResponse struct {
	Status        string `json:"status"`
	ServerVersion string `json:"server_version,omitempty"`
	Phase         string `json:"phase,omitempty"`
	Message       string `json:"message,omitempty"`
}

TestConnectionResponse represents the response from testing a Kubernetes connection.

type TestPatternRequest 

type TestPatternRequest struct {
	Pattern  string `json:"pattern"`
	Hostname string `json:"hostname"`
}

TestPatternRequest represents a pattern test request.

type TestPatternResponse 

type TestPatternResponse struct {
	Pattern  string `json:"pattern"`
	Hostname string `json:"hostname"`
	Matches  bool   `json:"matches"`
}

TestPatternResponse represents a pattern test response.

type UpdateIntegrationRequest 

type UpdateIntegrationRequest struct {
	Name        string  `json:"name,omitempty"`
	Endpoint    string  `json:"endpoint,omitempty"`
	CACert      string  `json:"ca_cert,omitempty"`
	BearerToken *string `json:"bearer_token,omitempty"`
}

UpdateIntegrationRequest represents an integration update request.

type UpdateNetworkRequest 

type UpdateNetworkRequest struct {
	Name          string  `json:"name"`
	CIDR          string  `json:"cidr"`
	IntegrationID *string `json:"integration_id,omitempty"`
	Namespace     *string `json:"namespace,omitempty"`
	LabelSelector *string `json:"label_selector,omitempty"`
}

UpdateNetworkRequest represents a network update request.

type UpdatePolicyRequest 

type UpdatePolicyRequest struct {
	Hostname string   `json:"hostname,omitempty"`
	IP       string   `json:"ip,omitempty"`
	Ports    []uint16 `json:"ports"`
}

UpdatePolicyRequest represents a policy update request.

type WhoamiResponse 

type WhoamiResponse struct {
	ID    string `json:"id"`
	Email string `json:"email"`
	Role  string `json:"role"`
}

WhoamiResponse represents the current user information.

type WiretapEvent 

type WiretapEvent struct {
	Timestamp  int64  `json:"timestamp"`
	SourceIP   string `json:"source_ip"`
	DestIP     string `json:"dest_ip"`
	SourcePort uint16 `json:"source_port"`
	DestPort   uint16 `json:"dest_port"`
	Protocol   string `json:"protocol"`
	Hostname   string `json:"hostname,omitempty"`
	Action     string `json:"action"` // "blocked" or "audited"
}

WiretapEvent represents a packet inspection event.

type WiretapService 

type WiretapService struct {
	// contains filtered or unexported fields
}

WiretapService handles real-time event streaming.

func (*WiretapService) Stream 

func (s *WiretapService) Stream(ctx context.Context) (<-chan WiretapEvent, <-chan error, error)

Stream opens an SSE connection and returns events on a channel. The returned channels are: - events: WiretapEvent objects for each packet event - errors: errors that occur during streaming (channel closes when stream ends)

The caller should cancel the context to close the stream.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.