cache

package
v0.0.0-test Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 58 Imported by: 8

Documentation

Index

Constants

View Source 
const (
	DP_POLICY_ACTION_OPEN      = C.DP_POLICY_ACTION_OPEN
	DP_POLICY_ACTION_LEARN     = C.DP_POLICY_ACTION_LEARN
	DP_POLICY_ACTION_ALLOW     = C.DP_POLICY_ACTION_ALLOW
	DP_POLICY_ACTION_CHECK_VH  = C.DP_POLICY_ACTION_CHECK_VH
	DP_POLICY_ACTION_CHECK_APP = C.DP_POLICY_ACTION_CHECK_APP
	DP_POLICY_ACTION_VIOLATE   = C.DP_POLICY_ACTION_VIOLATE
	DP_POLICY_ACTION_DENY      = C.DP_POLICY_ACTION_DENY
)

Workaround test package doesn't support cgo

View Source 
const (
	SESS_CUR_VIOLATION = "IngressActiveSessionViolation"
	SESS_IN_VIOLATION  = "IngressSessionRateViolation"
	BAND_IN_VIOLATION  = "IngressBandwidthViolation"
)
View Source 
const (
	EV_WORKLOAD_ADD = iota
	EV_WORKLOAD_START
	EV_WORKLOAD_STOP
	EV_WORKLOAD_DELETE
	EV_WORKLOAD_QUARANTINE
	EV_HOST_ADD
	EV_HOST_DELETE
	EV_AGENT_ADD
	EV_AGENT_ONLINE
	EV_AGENT_OFFLINE
	EV_AGENT_DELETE
	EV_CONTROLLER_ADD
	EV_CONTROLLER_DELETE
	EV_GROUP_ADD
	EV_GROUP_DELETE
	EV_LICENSE_UPDATE
	EV_WORKLOAD_AGENT_CHANGE
)
View Source 
const (
	AppArmorDefault   = "runtime/default"
	AppArmorLocalhost = "localhost/"
)
View Source 
const CalWlMetMax int = 32
View Source 
const DefaultScannerConfigUpdateTimeout = time.Minute * 5
View Source 
const GraphNodeCountLarge uint32 = 3000
View Source 
const GraphNodeCountMedium uint32 = 1500
View Source 
const GraphNodeCountSmall uint32 = 500
View Source 
const GraphNodeCountSuper uint32 = 5000
View Source 
const MaxSvcPortNum int = 20
View Source 
const MetSlotInterval uint32 = 5
View Source 
const PolicyLearnedIDMax uint32 = api.PolicyFedRuleIDBase

Variables

This section is empty.

Functions

func AddFileRuleReport 

func AddFileRuleReport(rules []*share.CLUSFileAccessRuleReq) bool

func AddProcessReport 

func AddProcessReport(gproc map[string][]*share.CLUSProcessProfileEntry) bool

func AdmCriteria2CLUS 

func AdmCriteria2CLUS(criteria []*api.RESTAdmRuleCriterion) ([]*share.CLUSAdmRuleCriterion, error)

func AdmissionRule2REST 

func AdmissionRule2REST(rule *share.CLUSAdmissionRule) *api.RESTAdmissionRule

func AgentAdmissionRequest 

func AgentAdmissionRequest(req *share.CLUSAdmissionRequest) *share.CLUSAdmissionResponse

func CacheEvent 

func CacheEvent(ev share.TLogEvent, msg string) error

func CalculateGroupMetric 

func CalculateGroupMetric(conn *share.CLUSConnection)

EP's stats are piggybacked in connection to detect whether there are bandwidth/session-rate violation based on pre-configured threshold

func CheckGroupMetric 

func CheckGroupMetric()

func CheckPolicySyncStatus 

func CheckPolicySyncStatus() *share.CLUSPolicySyncStatus

func Close 

func Close()

func ClusterMemberStateUpdateHandler 

func ClusterMemberStateUpdateHandler(nType cluster.ClusterNotifyType, member string, agentId string)

func ConfigCspUsages 

func ConfigCspUsages(addOnly, forceConfig bool, fedRole, masterClusterID string) error

func ConfigEndpoint 

func ConfigEndpoint(name string, alias string)

func CtrlFailRecovery 

func CtrlFailRecovery()

All controller can get here

func DeleteAllConvers 

func DeleteAllConvers()

func DeleteConver 

func DeleteConver(src, dst string)

func DeleteEndpoint 

func DeleteEndpoint(name string)

func ExtractVulAttributes 

func ExtractVulAttributes(vulsb []byte, indsStr string) []string

func FileReportBkgSvc 

func FileReportBkgSvc()

func FillControllerCounter 

func FillControllerCounter(c *share.CLUSControllerCounter)

func FillVulPackages 

func FillVulPackages(mu *sync.Mutex, cvePackages map[string]map[string]utils.Set, vulsb []byte, idnsStr string, cveList *[]string, cveStat map[string]*int) error

func GetCVERecord 

func GetCVERecord(name, dbKey, baseOS string) *db.DbVulAsset

func GetDlpGrpSensorAction 

func GetDlpGrpSensorAction(cg, sn string) string

func GetDlpOutsideGrpSensorAction 

func GetDlpOutsideGrpSensorAction(cg, sn string, out2ingrp map[string]map[string]string) string

func GetPredefinedRiskyRoles 

func GetPredefinedRiskyRoles() []string

func GetSyncTxData 

func GetSyncTxData(catgName string) []byte

func GetWafGrpSensorAction 

func GetWafGrpSensorAction(cg, sn string) string

func GetWafOutsideGrpSensorAction 

func GetWafOutsideGrpSensorAction(cg, sn string, out2ingrp map[string]map[string]string) string

func IsAllPatternEmpty 

func IsAllPatternEmpty(dre *share.CLUSDlpRule) bool

func LeadChangeNotify 

func LeadChangeNotify(isLeader bool, leadAddr string)

func MergeAdmRuleCriteriaREST 

func MergeAdmRuleCriteriaREST(criteria []*api.RESTAdmRuleCriterion) []*api.RESTAdmRuleCriterion

simplified handling to consolidate rule criteria that have the same name/operator(containsAny/notContainsAny) ex: criteria: imageVerifiers notContainsAny {AKDB/cosign}, imageVerifiers notContainsAny {OZG/cosign} is merged to criteria: imageVerifiers notContainsAny {AKDB/cosign, OZG/cosign}

func MockCacheInit 

func MockCacheInit()

func MockSystemConfigUpdate 

func MockSystemConfigUpdate(nType cluster.ClusterNotifyType, key string, value []byte)

func MockUserRoleConfigUpdate 

func MockUserRoleConfigUpdate(nType cluster.ClusterNotifyType, key string, value []byte)

func ObjectUpdateHandler 

func ObjectUpdateHandler(nType cluster.ClusterNotifyType, key string, value []byte, modifyIdx uint64)

func PauseResumeStoreWatcher 

func PauseResumeStoreWatcher(fromCtrlerID, key string, action share.StoreWatcherAction)

func PopulateRulesToOpa 

func PopulateRulesToOpa()

func ProcReportBkgSvc 

func ProcReportBkgSvc()

func PutInternalIPNetToCluseterUpgrade 

func PutInternalIPNetToCluseterUpgrade()

for rolling upgrade case, especially with mixed version controller, old still use 16bit loose factor for mask while new use 8bit loose factor, here we push internal subnet to enforcer after lead change

func QueryK8sVersion 

func QueryK8sVersion()

func ScanUpdateHandler 

func ScanUpdateHandler(nType cluster.ClusterNotifyType, key string, value []byte, modifyIdx uint64)

func ScannerChangeNotify 

func ScannerChangeNotify(isScanner bool)

func ScannerUpdateHandler 

func ScannerUpdateHandler(nType cluster.ClusterNotifyType, key string, value []byte, modifyIdx uint64)

func SchedulePruneGroups 

func SchedulePruneGroups()

func SyncFromLeader 

func SyncFromLeader()

func SyncInit 

func SyncInit(isNewCluster bool)

func SyncLearnedPolicyFromCluster 

func SyncLearnedPolicyFromCluster()

func UpdateConnections 

func UpdateConnections(conns []*share.CLUSConnection)

Types

type ByResponseRuleOrder 

type ByResponseRuleOrder []*api.RESTResponseRule

func (ByResponseRuleOrder) Len 

func (p ByResponseRuleOrder) Len() int

func (ByResponseRuleOrder) Less 

func (p ByResponseRuleOrder) Less(i, j int) bool

func (ByResponseRuleOrder) Swap 

func (p ByResponseRuleOrder) Swap(i, j int)

type ByRuleOrder 

type ByRuleOrder []*api.RESTPolicyRule

func (ByRuleOrder) Len 

func (p ByRuleOrder) Len() int

func (ByRuleOrder) Less 

func (p ByRuleOrder) Less(i, j int) bool

func (ByRuleOrder) Swap 

func (p ByRuleOrder) Swap(i, j int)

type CacheInterface 

type CacheInterface interface {
	GetRiskScoreMetrics(acc, accCaller *access.AccessControl) *api.RESTScoreMetricsData

	GetAllHosts(acc *access.AccessControl) []*api.RESTHost
	GetAllHostsRisk(acc *access.AccessControl) []*common.WorkloadRisk
	GetHostCount(acc *access.AccessControl) int
	GetHost(id string, acc *access.AccessControl) (*api.RESTHost, error)
	CanAccessHost(id string, acc *access.AccessControl) error

	GetAllControllers(acc *access.AccessControl) []*api.RESTController
	GetControllerCount(acc *access.AccessControl) int
	GetController(id string, acc *access.AccessControl) *api.RESTController
	GetControllerConfig(id string, acc *access.AccessControl) (*api.RESTControllerConfig, error)
	GetAllControllerRPCEndpoints(acc *access.AccessControl) []*common.RPCEndpoint
	GetControllerRPCEndpoint(id string, acc *access.AccessControl) (*common.RPCEndpoint, error)

	GetPlatform() (string, string, string)
	GetComponentVersions(acc *access.AccessControl) []string

	GetDomainCount(acc *access.AccessControl) int // does not include special entries, like _images, _nodes, _containers
	GetAllDomains(acc *access.AccessControl) ([]*api.RESTDomain, bool)
	GetDomainEffectiveTags(name string, acc *access.AccessControl) ([]string, error)

	GetAllAgents(acc *access.AccessControl) []*api.RESTAgent
	GetAgentCount(acc *access.AccessControl, state string) int
	GetAgent(id string, acc *access.AccessControl) *api.RESTAgent
	GetAgentConfig(id string, acc *access.AccessControl) (*api.RESTAgentConfig, error)
	GetAgentbyWorkload(wlID string, acc *access.AccessControl) (string, error)
	GetAgentsbyHost(hostID string, acc *access.AccessControl) ([]string, error)

	GetAllWorkloads(view string, acc *access.AccessControl, idlist utils.Set) []*api.RESTWorkload
	GetAllWorkloadsBrief(view string, acc *access.AccessControl) []*api.RESTWorkloadBrief
	GetAllWorkloadsDetail(view string, acc *access.AccessControl) []*api.RESTWorkloadDetail
	GetWorkloadCount(acc *access.AccessControl) (int, int, int)
	GetWorkloadCountOnHost(hostID string, view string, acc *access.AccessControl) int
	GetWorkload(id string, view string, acc *access.AccessControl) (*api.RESTWorkload, error)
	GetWorkloadBrief(id string, view string, acc *access.AccessControl) (*api.RESTWorkloadBrief, error)
	GetWorkloadDetail(id string, view string, acc *access.AccessControl) (*api.RESTWorkloadDetail, error)
	GetWorkloadConfig(id string, acc *access.AccessControl) (*api.RESTWorkloadConfig, error)
	GetAllWorkloadsRisk(acc *access.AccessControl) []*common.WorkloadRisk
	GetWorkloadRisk(id string, acc *access.AccessControl) (*common.WorkloadRisk, error)
	CanAccessWorkload(id string, acc *access.AccessControl) error
	GetAllWorkloadsID(acc *access.AccessControl) []string
	GetAllHostsID(acc *access.AccessControl) []string
	GetPlatformID(acc *access.AccessControl) string

	GetAllGroups(scope, view string, withCap bool, acc *access.AccessControl) [][]*api.RESTGroup
	GetAllGroupsBrief(scope string, withCap bool, acc *access.AccessControl) [][]*api.RESTGroupBrief
	GetGroup(name string, view string, withCap bool, acc *access.AccessControl) (*api.RESTGroup, error)
	GetGroupBrief(name string, withCap bool, acc *access.AccessControl) (*api.RESTGroupBrief, error)
	GetGroupDetail(name string, view string, withCap bool, acc *access.AccessControl) (*api.RESTGroupDetail, error)
	DoesGroupExist(name string, acc *access.AccessControl) (bool, error)
	GetGroupCount(scope string, acc *access.AccessControl) int
	GetFedGroupsCache() []*share.CLUSGroup
	GetGroupCache(name string, acc *access.AccessControl) (*share.CLUSGroup, error)
	DeleteGroupCache(name string, acc *access.AccessControl) error
	GetFedGroupNames(acc *access.AccessControl) utils.Set
	GetServiceCount(acc *access.AccessControl) int
	IsGroupPolicyModeChangeable(name string) bool
	CreateService(svc *api.RESTServiceConfig, acc *access.AccessControl) error
	GetAllServiceCount(acc *access.AccessControl) int
	GetAllServices(view string, withCap bool, acc *access.AccessControl) []*api.RESTService
	GetService(name string, view string, withCap bool, acc *access.AccessControl) (*api.RESTService, error)
	DlpSensorInGroups(sensor string) bool
	IsGroupMember(name, id string) bool
	GetConfigKvData(key string) ([]byte, bool)

	GetAllPolicyRules(scope string, acc *access.AccessControl) []*api.RESTPolicyRule
	GetAllPolicyRulesCache(acc *access.AccessControl) []*share.CLUSPolicyRule
	GetPolicyRuleCount(acc *access.AccessControl) int
	GetPolicyRule(id uint32, acc *access.AccessControl) (*api.RESTPolicyRule, error)
	GetPolicyRuleCache(id uint32, acc *access.AccessControl) (*share.CLUSPolicyRule, error)
	PolicyRule2REST(rule *share.CLUSPolicyRule) *api.RESTPolicyRule
	GetFedNetworkRulesCache() ([]*share.CLUSPolicyRule, []*share.CLUSRuleHead)
	CheckPolicyRuleAccess(id uint32, accRead *access.AccessControl, accWrite *access.AccessControl) (bool, bool, bool)

	GetAllResponseRules(scope string, acc *access.AccessControl) []*api.RESTResponseRule
	GetResponseRuleCount(scope string, acc *access.AccessControl) int
	GetResponseRule(policyName string, id uint32, acc *access.AccessControl) (*api.RESTResponseRule, error)
	GetWorkloadResponseRules(policyName, id string, acc *access.AccessControl) ([]*api.RESTResponseRule, error)
	GetFedResponseRulesCache() (map[uint32]*share.CLUSResponseRule, []*share.CLUSRuleHead)
	ResponseRule2REST(rule *share.CLUSResponseRule) *api.RESTResponseRule

	GetConverEndpoint(name string, acc *access.AccessControl) (*api.RESTConversationEndpoint, error)
	GetAllConverEndpoints(view string, acc *access.AccessControl) []*api.RESTConversationEndpoint
	GetAllApplicationConvers(groupFilter, domainFilter string, acc *access.AccessControl) ([]*api.RESTConversationCompact, []*api.RESTConversationEndpoint)
	GetApplicationConver(src, dst string, srcList, dstList []string, acc *access.AccessControl) (*api.RESTConversationDetail, error)

	GetIP2WorkloadMap(hostID string) []*api.RESTDebugIP2Workload

	GetSystemConfig(acc *access.AccessControl) *api.RESTSystemConfig
	GetSystemConfigClusterName(acc *access.AccessControl) string
	GetIBMSAConfig(acc *access.AccessControl) (*api.RESTIBMSAConfig, error)
	GetIBMSAConfigNV(acc *access.AccessControl) (share.CLUSIBMSAConfigNV, error)
	GetFedSystemConfig(acc *access.AccessControl) *share.CLUSSystemConfig

	GetInternalSubnets() *api.RESTInternalSubnets

	GetViolations(acc *access.AccessControl) []*api.Violation
	GetViolationCount(acc *access.AccessControl) int
	GetActivities(acc *access.AccessControl) []*api.Event
	GetActivityCount(acc *access.AccessControl) int
	GetEvents(caller string, acc *access.AccessControl) []*api.Event
	GetEventCount(caller string, acc *access.AccessControl) int
	GetThreats(acc *access.AccessControl) []*api.Threat
	GetThreat(uuid string, acc *access.AccessControl) (*api.Threat, error)
	GetThreatCount(acc *access.AccessControl) int
	GetIncidents(acc *access.AccessControl) []*api.Incident
	GetIncidentCount(acc *access.AccessControl) int
	GetAudits(acc *access.AccessControl) []*api.Audit
	GetAuditCount(acc *access.AccessControl) int

	// License
	GetCurrentLicense(acc *access.AccessControl) api.RESTLicenseInfo

	// Process profile
	GetProcessProfile(group string, acc *access.AccessControl) (*api.RESTProcessProfile, error)
	GetAllProcessProfile(scope string, acc *access.AccessControl) [][]*api.RESTProcessProfile
	GetFedProcessProfileCache() []*share.CLUSProcessProfile
	CreateProcessProfile(group, mode, baseline string, cfgType share.TCfgType) bool
	CreateProcessProfileTxn(txn *cluster.ClusterTransact, group, mode, baseline string, cfgType share.TCfgType) bool

	// File monitor profile
	GetFileMonitorProfile(name string, acc *access.AccessControl, customer bool) (*api.RESTFileMonitorProfile, error)
	GetAllFileMonitorProfile(scope string, acc *access.AccessControl, customer bool) []*api.RESTFileMonitorProfile
	GetFedFileMonitorProfileCache() ([]*share.CLUSFileMonitorProfile, []*share.CLUSFileAccessRule)
	CreateGroupFileMonitor(name, mode string, cfgType share.TCfgType) bool
	CreateGroupFileMonitorTxn(txn *cluster.ClusterTransact, name, mode string, cfgType share.TCfgType) bool
	IsPrdefineFileGroup(filter string, recursive bool) (*share.CLUSFileMonitorFilter, bool)

	// Scan
	ScanWorkload(id string, acc *access.AccessControl) error
	ScanHost(id string, acc *access.AccessControl) error
	ScanPlatform(acc *access.AccessControl) error

	GetAllScanners(acc *access.AccessControl) []*api.RESTScanner
	GetScannerCount(acc *access.AccessControl) (int, string, string)
	GetScanConfig(acc *access.AccessControl) (*api.RESTScanConfig, error)
	GetScanStatus(acc *access.AccessControl) (*api.RESTScanStatus, error)
	GetScanPlatformSummary(acc *access.AccessControl) (*api.RESTScanPlatformSummary, error)
	GetVulnerabilityReport(id string, showTag string) ([]*api.RESTVulnerability, []*api.RESTScanModule, error)

	// Compliance
	GetComplianceProfile(name string, acc *access.AccessControl) (*api.RESTComplianceProfile, map[string][]string, error)
	GetAllComplianceProfiles(acc *access.AccessControl) []*api.RESTComplianceProfile

	// Vulnerability
	GetVulnerabilityProfile(name string, acc *access.AccessControl) (*api.RESTVulnerabilityProfile, error)
	GetVulnerabilityProfileInterface(name string) scanUtils.VPFInterface
	GetAllVulnerabilityProfiles(acc *access.AccessControl) []*api.RESTVulnerabilityProfile

	// Admission control - non-UI
	SyncAdmCtrlStateToK8s(svcName, nvAdmName string, updateDetected bool) (bool, error)
	WaitUntilApiPathReady() bool
	IsImageScanned(c *nvsysadmission.AdmContainerInfo) (bool, int, int)
	MatchK8sAdmissionRules(admResObject *nvsysadmission.AdmResObject, c *nvsysadmission.AdmContainerInfo,
		evalContext *nvsysadmission.AdmCtrlEvalContext, stamps *api.AdmCtlTimeStamps, ar *admissionv1beta1.AdmissionReview,
		containerType string) (*nvsysadmission.AdmCtrlAssessResult, bool)
	MatchK8sAdmissionRulesForPVC(ns, name, scName string, evalContext *nvsysadmission.AdmCtrlEvalContext) (*nvsysadmission.AdmCtrlAssessResult, bool)
	IsAdmControlEnabled(uri *string) (bool, string, int, string, string)
	UpdateLocalAdmCtrlStats(category string, stats int)
	IncrementAdmCtrlProcessing()
	FlushAdmCtrlStats() error
	SetNvDeployStatusInCluster(resName string, value bool)
	// Admission control - UI
	GetAdmissionRuleCount(admType, ruleType string, acc *access.AccessControl) int
	GetAdmissionRule(admType, ruleType string, id uint32, acc *access.AccessControl) (*api.RESTAdmissionRule, error)
	GetAdmissionRules(admType, ruleType string, acc *access.AccessControl) []*api.RESTAdmissionRule
	GetFedAdmissionRulesCache(admType, ruleType string) (*share.CLUSAdmissionRules, error)
	GetAdmissionState(acc *access.AccessControl) (*api.RESTAdmissionState, error)
	GetAdmissionStats(acc *access.AccessControl) (*api.RESTAdmissionStats, error)
	GetAdmissionPssDesc() map[string][]string

	// Multi-Clusters (Federation) - UI
	GetFedMembershipRole(acc *access.AccessControl) (string, error)
	GetFedMember(statusMap map[int]string, acc *access.AccessControl) (*api.RESTFedMembereshipData, error)
	GetFedLocalRestInfo(acc *access.AccessControl) (share.CLUSRestServerInfo, int8)
	GetFedMasterCluster(acc *access.AccessControl) api.RESTFedMasterClusterInfo
	GetFedLocalJointCluster(acc *access.AccessControl) api.RESTFedJointClusterInfo
	GetFedJoinedClusterToken(id, mainSessionID string, acc *access.AccessControl) (string, error)
	GetFedJoinedClusterCount() int
	GetFedJoinedClusterIdMap(acc *access.AccessControl) map[string]bool // key: cluster id, value: cluster is disabled or not
	GetFedJoinedClusterNameList(acc *access.AccessControl) []string
	GetFedJoinedCluster(id string, acc *access.AccessControl) share.CLUSFedJointClusterInfo
	GetFedJoinedClusterStatus(id string, acc *access.AccessControl) share.CLUSFedClusterStatus
	// non-UI
	GetFedMembershipRoleNoAuth() string
	SetFedJoinedClusterToken(id, mainSessionID, token string)
	GetFedRules(reqRevs map[string]uint64, acc *access.AccessControl) ([]byte, map[string]uint64, error)
	GetAllFedRulesRevisions() map[string]uint64
	GetFedSettings() share.CLUSFedSettings
	GetFedScanResult(reqRegConfigRev uint64, reqScanResultMD5 map[string]map[string]string, reqIgnoreRegs, reqUpToDateRegs []string, fedRegs utils.Set) (api.RESTPollFedScanDataResp, bool)
	GetFedScanDataRevisions(getRegScanData, getRepoScanData bool) (api.RESTFedScanDataRevs, bool)
	GetFedScanResultMD5(cachedScanDataRevs, masterScanDataRevs api.RESTFedScanDataRevs) map[string]map[string]string

	// Dlp rule
	GetDlpSensor(sensor string, acc *access.AccessControl) (*api.RESTDlpSensor, error)
	GetAllDlpSensors(acc *access.AccessControl) []*api.RESTDlpSensor
	IsDlpRuleUsedBySensor(rule string, acc *access.AccessControl) bool
	GetDlpGroup(group string, acc *access.AccessControl) (*api.RESTDlpGroup, error)
	GetAllDlpGroup(acc *access.AccessControl) []*api.RESTDlpGroup
	GetDlpRule(rulename string, acc *access.AccessControl) (*api.RESTDlpRuleDetail, error)
	GetDlpRules(acc *access.AccessControl) ([]*api.RESTDlpRule, error)
	DoesDlpSensorExist(name string, acc *access.AccessControl) (bool, error)
	GetDlpRuleNames() *[]string
	GetDlpRuleSensorGroupById(id uint32) (string, string, *[]string)
	GetNewServicePolicyMode() (string, string)
	GetNewServiceProfileBaseline() string
	GetUnusedGroupAging() uint8
	GetNetServiceStatus() bool
	GetNetServicePolicyMode() string
	GetDisableNetPolicyStatus() bool

	// Waf rule
	GetAllWafSensors(acc *access.AccessControl) []*api.RESTWafSensor
	GetWafSensor(sensor string, acc *access.AccessControl) (*api.RESTWafSensor, error)
	IsWafRuleUsedBySensor(rule string, acc *access.AccessControl) (bool, share.TCfgType)
	DoesWafSensorExist(name string, acc *access.AccessControl) (bool, error)
	WafSensorInGroups(sensor string) bool
	GetAllWafGroup(acc *access.AccessControl) []*api.RESTWafGroup
	GetWafGroup(group string, acc *access.AccessControl) (*api.RESTWafGroup, error)
	GetWafRules(acc *access.AccessControl) ([]*api.RESTWafRule, error)
	GetWafRule(rulename string, acc *access.AccessControl) (*api.RESTWafRuleDetail, error)
	GetWafRuleSensorGroupById(id uint32) (string, string, *[]string)
	GetWafRuleNames() *[]string

	// Custom role
	AuthorizeCustomCheck(name string, acc *access.AccessControl) bool
	AuthorizeFileMonitorProfile(name string, acc *access.AccessControl) bool
	PutCustomRoles(roles map[string]*share.CLUSUserRole)

	// password profile
	GetPwdProfile(name string) (share.CLUSPwdProfile, error)
	GetAllPwdProfiles() (string, map[string]share.CLUSPwdProfile)

	// csp billing integration
	GetNvUsage(fedRole string) api.RESTNvUsage
}

func Init 

func Init(ctx *Context, leader bool, leadAddr, restoredFedRole string) CacheInterface

type CacheMethod 

type CacheMethod struct {
	// contains filtered or unexported fields
}

func (CacheMethod) AuthorizeCustomCheck 

func (m CacheMethod) AuthorizeCustomCheck(name string, acc *access.AccessControl) bool

func (CacheMethod) AuthorizeFileMonitorProfile 

func (m CacheMethod) AuthorizeFileMonitorProfile(name string, acc *access.AccessControl) bool

func (CacheMethod) CanAccessHost 

func (m CacheMethod) CanAccessHost(id string, acc *access.AccessControl) error

func (CacheMethod) CanAccessWorkload 

func (m CacheMethod) CanAccessWorkload(id string, acc *access.AccessControl) error

func (CacheMethod) CheckPolicyRuleAccess 

func (m CacheMethod) CheckPolicyRuleAccess(id uint32, accRead *access.AccessControl, accWrite *access.AccessControl) (bool, bool, bool)

For replacePolicyRule(), return (rule found in cache, rule is readable, rule is writable)

func (CacheMethod) CreateGroupFileMonitor 

func (m CacheMethod) CreateGroupFileMonitor(name, mode string, cfgType share.TCfgType) bool

func (CacheMethod) CreateGroupFileMonitorTxn 

func (m CacheMethod) CreateGroupFileMonitorTxn(txn *cluster.ClusterTransact, name, mode string, cfgType share.TCfgType) bool

func (CacheMethod) CreateProcessProfile 

func (m CacheMethod) CreateProcessProfile(group, mode, baseline string, cfgType share.TCfgType) bool

func (CacheMethod) CreateProcessProfileTxn 

func (m CacheMethod) CreateProcessProfileTxn(txn *cluster.ClusterTransact, group, mode, baseline string, cfgType share.TCfgType) bool

func (CacheMethod) CreateService 

func (m CacheMethod) CreateService(svc *api.RESTServiceConfig, acc *access.AccessControl) error

This is the path to allow user to create a service and its process/file/network profile before starting the containers in protect mode.

func (CacheMethod) DeleteGroupCache 

func (m CacheMethod) DeleteGroupCache(name string, acc *access.AccessControl) error

func (CacheMethod) DlpSensorInGroups 

func (m CacheMethod) DlpSensorInGroups(sensor string) bool

func (CacheMethod) DoesDlpSensorExist 

func (m CacheMethod) DoesDlpSensorExist(name string, acc *access.AccessControl) (bool, error)

func (CacheMethod) DoesGroupExist 

func (m CacheMethod) DoesGroupExist(name string, acc *access.AccessControl) (bool, error)

func (CacheMethod) DoesWafSensorExist 

func (m CacheMethod) DoesWafSensorExist(name string, acc *access.AccessControl) (bool, error)

func (CacheMethod) FlushAdmCtrlStats 

func (m CacheMethod) FlushAdmCtrlStats() error

func (CacheMethod) GetActivities 

func (m CacheMethod) GetActivities(acc *access.AccessControl) []*api.Event

func (CacheMethod) GetActivityCount 

func (m CacheMethod) GetActivityCount(acc *access.AccessControl) int

func (CacheMethod) GetAdmissionPssDesc 

func (m CacheMethod) GetAdmissionPssDesc() map[string][]string

func (CacheMethod) GetAdmissionRule 

func (m CacheMethod) GetAdmissionRule(admType, ruleType string, id uint32, acc *access.AccessControl) (*api.RESTAdmissionRule, error)

func (CacheMethod) GetAdmissionRuleCount 

func (m CacheMethod) GetAdmissionRuleCount(admType, ruleType string, acc *access.AccessControl) int

Admission control - UI

func (CacheMethod) GetAdmissionRules 

func (m CacheMethod) GetAdmissionRules(admType, ruleType string, acc *access.AccessControl) []*api.RESTAdmissionRule

func (CacheMethod) GetAdmissionState 

func (m CacheMethod) GetAdmissionState(acc *access.AccessControl) (*api.RESTAdmissionState, error)

func (CacheMethod) GetAdmissionStats 

func (m CacheMethod) GetAdmissionStats(acc *access.AccessControl) (*api.RESTAdmissionStats, error)

func (CacheMethod) GetAgent 

func (m CacheMethod) GetAgent(id string, acc *access.AccessControl) *api.RESTAgent

func (CacheMethod) GetAgentConfig 

func (m CacheMethod) GetAgentConfig(id string, acc *access.AccessControl) (*api.RESTAgentConfig, error)

func (CacheMethod) GetAgentCount 

func (m CacheMethod) GetAgentCount(acc *access.AccessControl, state string) int

func (CacheMethod) GetAgentbyWorkload 

func (m CacheMethod) GetAgentbyWorkload(wlID string, acc *access.AccessControl) (string, error)

func (CacheMethod) GetAgentsbyHost 

func (m CacheMethod) GetAgentsbyHost(id string, acc *access.AccessControl) ([]string, error)

func (CacheMethod) GetAllAgents 

func (m CacheMethod) GetAllAgents(acc *access.AccessControl) []*api.RESTAgent

func (CacheMethod) GetAllApplicationConvers 

func (m CacheMethod) GetAllApplicationConvers(
	groupFilter, domainFilter string, acc *access.AccessControl,
) ([]*api.RESTConversationCompact, []*api.RESTConversationEndpoint)

If domainFileter is "", return endpoints of all domains - there is no 'global domain'.

func (CacheMethod) GetAllComplianceProfiles 

func (m CacheMethod) GetAllComplianceProfiles(acc *access.AccessControl) []*api.RESTComplianceProfile

func (CacheMethod) GetAllControllerRPCEndpoints 

func (m CacheMethod) GetAllControllerRPCEndpoints(acc *access.AccessControl) []*common.RPCEndpoint

func (CacheMethod) GetAllControllers 

func (m CacheMethod) GetAllControllers(acc *access.AccessControl) []*api.RESTController

func (CacheMethod) GetAllConverEndpoints 

func (m CacheMethod) GetAllConverEndpoints(view string, acc *access.AccessControl) []*api.RESTConversationEndpoint

func (*CacheMethod) GetAllDlpGroup 

func (m *CacheMethod) GetAllDlpGroup(acc *access.AccessControl) []*api.RESTDlpGroup

func (*CacheMethod) GetAllDlpSensors 

func (m *CacheMethod) GetAllDlpSensors(acc *access.AccessControl) []*api.RESTDlpSensor

func (CacheMethod) GetAllDomains 

func (m CacheMethod) GetAllDomains(acc *access.AccessControl) ([]*api.RESTDomain, bool)

func (CacheMethod) GetAllFedRulesRevisions 

func (m CacheMethod) GetAllFedRulesRevisions() map[string]uint64

func (CacheMethod) GetAllFileMonitorProfile 

func (m CacheMethod) GetAllFileMonitorProfile(scope string, acc *access.AccessControl, predefined bool) []*api.RESTFileMonitorProfile

func (CacheMethod) GetAllGroups 

func (m CacheMethod) GetAllGroups(scope, view string, withCap bool, acc *access.AccessControl) [][]*api.RESTGroup

notice: external, nodes are also included in return when scope=fed

func (CacheMethod) GetAllGroupsBrief 

func (m CacheMethod) GetAllGroupsBrief(scope string, withCap bool, acc *access.AccessControl) [][]*api.RESTGroupBrief

notice: external, nodes are also included in return when scope=fed

func (CacheMethod) GetAllHosts 

func (m CacheMethod) GetAllHosts(acc *access.AccessControl) []*api.RESTHost

func (CacheMethod) GetAllHostsID 

func (m CacheMethod) GetAllHostsID(acc *access.AccessControl) []string

func (CacheMethod) GetAllHostsRisk 

func (m CacheMethod) GetAllHostsRisk(acc *access.AccessControl) []*common.WorkloadRisk

func (CacheMethod) GetAllPolicyRules 

func (m CacheMethod) GetAllPolicyRules(scope string, acc *access.AccessControl) []*api.RESTPolicyRule

func (CacheMethod) GetAllPolicyRulesCache 

func (m CacheMethod) GetAllPolicyRulesCache(acc *access.AccessControl) []*share.CLUSPolicyRule

func (*CacheMethod) GetAllProcessProfile 

func (m *CacheMethod) GetAllProcessProfile(scope string, acc *access.AccessControl) [][]*api.RESTProcessProfile

func (CacheMethod) GetAllPwdProfiles 

func (m CacheMethod) GetAllPwdProfiles() (string, map[string]share.CLUSPwdProfile)

func (CacheMethod) GetAllResponseRules 

func (m CacheMethod) GetAllResponseRules(scope string, acc *access.AccessControl) []*api.RESTResponseRule

func (CacheMethod) GetAllScanners 

func (m CacheMethod) GetAllScanners(acc *access.AccessControl) []*api.RESTScanner

func (CacheMethod) GetAllServiceCount 

func (m CacheMethod) GetAllServiceCount(acc *access.AccessControl) int

func (CacheMethod) GetAllServices 

func (m CacheMethod) GetAllServices(view string, withCap bool, acc *access.AccessControl) []*api.RESTService

func (CacheMethod) GetAllVulnerabilityProfiles 

func (m CacheMethod) GetAllVulnerabilityProfiles(acc *access.AccessControl) []*api.RESTVulnerabilityProfile

func (*CacheMethod) GetAllWafGroup 

func (m *CacheMethod) GetAllWafGroup(acc *access.AccessControl) []*api.RESTWafGroup

func (*CacheMethod) GetAllWafSensors 

func (m *CacheMethod) GetAllWafSensors(acc *access.AccessControl) []*api.RESTWafSensor

func (CacheMethod) GetAllWorkloads 

func (m CacheMethod) GetAllWorkloads(view string, acc *access.AccessControl, idlist utils.Set) []*api.RESTWorkload

func (CacheMethod) GetAllWorkloadsBrief 

func (m CacheMethod) GetAllWorkloadsBrief(view string, acc *access.AccessControl) []*api.RESTWorkloadBrief

func (CacheMethod) GetAllWorkloadsDetail 

func (m CacheMethod) GetAllWorkloadsDetail(view string, acc *access.AccessControl) []*api.RESTWorkloadDetail

func (CacheMethod) GetAllWorkloadsID 

func (m CacheMethod) GetAllWorkloadsID(acc *access.AccessControl) []string

func (CacheMethod) GetAllWorkloadsRisk 

func (m CacheMethod) GetAllWorkloadsRisk(acc *access.AccessControl) []*common.WorkloadRisk

func (CacheMethod) GetApplicationConver 

func (m CacheMethod) GetApplicationConver(src, dst string, srcList, dstList []string, acc *access.AccessControl) (*api.RESTConversationDetail, error)

func (CacheMethod) GetAuditCount 

func (m CacheMethod) GetAuditCount(acc *access.AccessControl) int

func (CacheMethod) GetAudits 

func (m CacheMethod) GetAudits(acc *access.AccessControl) []*api.Audit

func (CacheMethod) GetComplianceProfile 

func (m CacheMethod) GetComplianceProfile(name string, acc *access.AccessControl) (*api.RESTComplianceProfile, map[string][]string, error)

func (CacheMethod) GetComponentVersions 

func (m CacheMethod) GetComponentVersions(acc *access.AccessControl) []string

func (CacheMethod) GetConfigKvData 

func (m CacheMethod) GetConfigKvData(key string) ([]byte, bool)

func (CacheMethod) GetController 

func (m CacheMethod) GetController(id string, acc *access.AccessControl) *api.RESTController

func (CacheMethod) GetControllerConfig 

func (m CacheMethod) GetControllerConfig(id string, acc *access.AccessControl) (*api.RESTControllerConfig, error)

func (CacheMethod) GetControllerCount 

func (m CacheMethod) GetControllerCount(acc *access.AccessControl) int

func (CacheMethod) GetControllerRPCEndpoint 

func (m CacheMethod) GetControllerRPCEndpoint(id string, acc *access.AccessControl) (*common.RPCEndpoint, error)

func (CacheMethod) GetConverEndpoint 

func (m CacheMethod) GetConverEndpoint(name string, acc *access.AccessControl) (*api.RESTConversationEndpoint, error)

func (CacheMethod) GetCurrentLicense 

func (m CacheMethod) GetCurrentLicense(acc *access.AccessControl) api.RESTLicenseInfo

func (CacheMethod) GetDisableNetPolicyStatus 

func (m CacheMethod) GetDisableNetPolicyStatus() bool

func (*CacheMethod) GetDlpGroup 

func (m *CacheMethod) GetDlpGroup(group string, acc *access.AccessControl) (*api.RESTDlpGroup, error)

func (*CacheMethod) GetDlpRule 

func (m *CacheMethod) GetDlpRule(rulename string, acc *access.AccessControl) (*api.RESTDlpRuleDetail, error)

func (CacheMethod) GetDlpRuleNames 

func (m CacheMethod) GetDlpRuleNames() *[]string

func (CacheMethod) GetDlpRuleSensorGroupById 

func (m CacheMethod) GetDlpRuleSensorGroupById(id uint32) (string, string, *[]string)

func (*CacheMethod) GetDlpRules 

func (m *CacheMethod) GetDlpRules(acc *access.AccessControl) ([]*api.RESTDlpRule, error)

default sensor contains all dlpruleentries, REST API for GUI

func (*CacheMethod) GetDlpSensor 

func (m *CacheMethod) GetDlpSensor(sensor string, acc *access.AccessControl) (*api.RESTDlpSensor, error)

func (CacheMethod) GetDomainCount 

func (m CacheMethod) GetDomainCount(acc *access.AccessControl) int

func (CacheMethod) GetDomainEffectiveTags 

func (m CacheMethod) GetDomainEffectiveTags(name string, acc *access.AccessControl) ([]string, error)

func (CacheMethod) GetEventCount 

func (m CacheMethod) GetEventCount(caller string, acc *access.AccessControl) int

func (CacheMethod) GetEvents 

func (m CacheMethod) GetEvents(caller string, acc *access.AccessControl) []*api.Event

func (CacheMethod) GetFedAdmissionRulesCache 

func (m CacheMethod) GetFedAdmissionRulesCache(admType, ruleType string) (*share.CLUSAdmissionRules, error)

caller owns cacheMutexRLock & has readAll right

func (CacheMethod) GetFedFileMonitorProfileCache 

func (m CacheMethod) GetFedFileMonitorProfileCache() ([]*share.CLUSFileMonitorProfile, []*share.CLUSFileAccessRule)

caller owns cacheMutexRLock & has readAll right, no CRD section

func (CacheMethod) GetFedGroupNames 

func (m CacheMethod) GetFedGroupNames(acc *access.AccessControl) utils.Set

func (CacheMethod) GetFedGroupsCache 

func (m CacheMethod) GetFedGroupsCache() []*share.CLUSGroup

caller owns cacheMutexRLock & has readAll right

func (CacheMethod) GetFedJoinedCluster 

func (m CacheMethod) GetFedJoinedCluster(id string, acc *access.AccessControl) share.CLUSFedJointClusterInfo

func (CacheMethod) GetFedJoinedClusterCount 

func (m CacheMethod) GetFedJoinedClusterCount() int

func (CacheMethod) GetFedJoinedClusterIdMap 

func (m CacheMethod) GetFedJoinedClusterIdMap(acc *access.AccessControl) map[string]bool

func (CacheMethod) GetFedJoinedClusterNameList 

func (m CacheMethod) GetFedJoinedClusterNameList(acc *access.AccessControl) []string

func (CacheMethod) GetFedJoinedClusterStatus 

func (m CacheMethod) GetFedJoinedClusterStatus(id string, acc *access.AccessControl) share.CLUSFedClusterStatus

func (CacheMethod) GetFedJoinedClusterToken 

func (m CacheMethod) GetFedJoinedClusterToken(id, mainSessionID string, acc *access.AccessControl) (string, error)

func (CacheMethod) GetFedLocalJointCluster 

func (m CacheMethod) GetFedLocalJointCluster(acc *access.AccessControl) api.RESTFedJointClusterInfo

func (CacheMethod) GetFedLocalRestInfo 

func (m CacheMethod) GetFedLocalRestInfo(acc *access.AccessControl) (share.CLUSRestServerInfo, int8)

return rest info, use system https/http proxy or not

func (CacheMethod) GetFedMasterCluster 

func (m CacheMethod) GetFedMasterCluster(acc *access.AccessControl) api.RESTFedMasterClusterInfo

func (CacheMethod) GetFedMember 

func (m CacheMethod) GetFedMember(statusMap map[int]string, acc *access.AccessControl) (*api.RESTFedMembereshipData, error)

func (CacheMethod) GetFedMembershipRole 

func (m CacheMethod) GetFedMembershipRole(acc *access.AccessControl) (string, error)

func (CacheMethod) GetFedMembershipRoleNoAuth 

func (m CacheMethod) GetFedMembershipRoleNoAuth() string

Be careful when calling the following functions because access control is not applied

func (CacheMethod) GetFedNetworkRulesCache 

func (m CacheMethod) GetFedNetworkRulesCache() ([]*share.CLUSPolicyRule, []*share.CLUSRuleHead)

caller owns cacheMutexRLock & has allRead right

func (*CacheMethod) GetFedProcessProfileCache 

func (m *CacheMethod) GetFedProcessProfileCache() []*share.CLUSProcessProfile

caller owns cacheMutexRLock & has readAll right

func (CacheMethod) GetFedResponseRulesCache 

func (m CacheMethod) GetFedResponseRulesCache() (map[uint32]*share.CLUSResponseRule, []*share.CLUSRuleHead)

caller owns cacheMutexRLock & has readAll right

func (CacheMethod) GetFedRules 

func (m CacheMethod) GetFedRules(reqRevs map[string]uint64, acc *access.AccessControl) ([]byte, map[string]uint64, error)

only called by master cluster. caller doesn't own cache lock

func (CacheMethod) GetFedScanDataRevisions 

func (m CacheMethod) GetFedScanDataRevisions(getRegScanData, getRepoScanData bool) (api.RESTFedScanDataRevs, bool)

called by master/managed clusters it returns a copy of the cached fed registry/repo scan data revisions

func (CacheMethod) GetFedScanResult 

func (m CacheMethod) GetFedScanResult(reqRegConfigRev uint64, reqScanResultMD5 map[string]map[string]string,
	reqIgnoreRegs, reqUpToDateRegs []string, fedRegs utils.Set) (api.RESTPollFedScanDataResp, bool)

only called by master cluster. caller doesn't own cache lock reqRegConfigRev/reqScanResultMD5: what the requesting managed cluster remembers from the last polling. reqScanResultMD5: the images md5 for fed registry/repo that are remembered by managed clusters & have different scan data revision from what master cluster has.

func (CacheMethod) GetFedScanResultMD5 

func (m CacheMethod) GetFedScanResultMD5(cachedScanDataRevs, masterScanDataRevs api.RESTFedScanDataRevs) map[string]map[string]string

only called by managed cluster once in each polling session it's for retrieving scan result md5 of the images in fed registry/repo that have different scan data revision(per fed registry/repo) from what master cluster has for the following requests in the same polling session, entries of synced fed registry/repo are removed from the scan result md5 map one by one cachedScanDataRevs: revisions of fed registry/repo scan data that managed cluster remembers masterScanDataRevs: revisions of the current fed registry/repo scan data from master cluster

func (CacheMethod) GetFedSettings 

func (m CacheMethod) GetFedSettings() share.CLUSFedSettings

func (CacheMethod) GetFedSystemConfig 

func (m CacheMethod) GetFedSystemConfig(acc *access.AccessControl) *share.CLUSSystemConfig

func (CacheMethod) GetFileMonitorProfile 

func (m CacheMethod) GetFileMonitorProfile(name string, acc *access.AccessControl, predefined bool) (*api.RESTFileMonitorProfile, error)

func (CacheMethod) GetGroup 

func (m CacheMethod) GetGroup(name string, view string, withCap bool, acc *access.AccessControl) (*api.RESTGroup, error)

func (CacheMethod) GetGroupBrief 

func (m CacheMethod) GetGroupBrief(name string, withCap bool, acc *access.AccessControl) (*api.RESTGroupBrief, error)

func (CacheMethod) GetGroupCache 

func (m CacheMethod) GetGroupCache(name string, acc *access.AccessControl) (*share.CLUSGroup, error)

func (CacheMethod) GetGroupCount 

func (m CacheMethod) GetGroupCount(scope string, acc *access.AccessControl) int

func (CacheMethod) GetGroupDetail 

func (m CacheMethod) GetGroupDetail(name string, view string, withCap bool, acc *access.AccessControl) (*api.RESTGroupDetail, error)

func (CacheMethod) GetHost 

func (m CacheMethod) GetHost(id string, acc *access.AccessControl) (*api.RESTHost, error)

func (CacheMethod) GetHostCount 

func (m CacheMethod) GetHostCount(acc *access.AccessControl) int

func (CacheMethod) GetIBMSAConfig 

func (m CacheMethod) GetIBMSAConfig(acc *access.AccessControl) (*api.RESTIBMSAConfig, error)

func (CacheMethod) GetIBMSAConfigNV 

func (m CacheMethod) GetIBMSAConfigNV(acc *access.AccessControl) (share.CLUSIBMSAConfigNV, error)

func (CacheMethod) GetIP2WorkloadMap 

func (m CacheMethod) GetIP2WorkloadMap(hostID string) []*api.RESTDebugIP2Workload

func (CacheMethod) GetIncidentCount 

func (m CacheMethod) GetIncidentCount(acc *access.AccessControl) int

func (CacheMethod) GetIncidents 

func (m CacheMethod) GetIncidents(acc *access.AccessControl) []*api.Incident

func (CacheMethod) GetInternalSubnets 

func (m CacheMethod) GetInternalSubnets() *api.RESTInternalSubnets

func (CacheMethod) GetModeAutoD2M 

func (m CacheMethod) GetModeAutoD2M() (bool, int64)

func (CacheMethod) GetModeAutoM2P 

func (m CacheMethod) GetModeAutoM2P() (bool, int64)

func (CacheMethod) GetNetServicePolicyMode 

func (m CacheMethod) GetNetServicePolicyMode() string

func (CacheMethod) GetNetServiceStatus 

func (m CacheMethod) GetNetServiceStatus() bool

func (CacheMethod) GetNewServicePolicyMode 

func (m CacheMethod) GetNewServicePolicyMode() (string, string)

func (CacheMethod) GetNewServiceProfileBaseline 

func (m CacheMethod) GetNewServiceProfileBaseline() string

func (CacheMethod) GetNvUsage 

func (m CacheMethod) GetNvUsage(fedRole string) api.RESTNvUsage

1. when called on master cluster, return (total reachable clusters' nodes count in this fed, nv usage data in this fed) 2. when called on joint/standalone cluster, return (nodes count in this cluster, nv usage data in this cluster)

func (CacheMethod) GetPlatform 

func (m CacheMethod) GetPlatform() (string, string, string)

func (CacheMethod) GetPlatformID 

func (m CacheMethod) GetPlatformID(acc *access.AccessControl) string

func (CacheMethod) GetPolicyRule 

func (m CacheMethod) GetPolicyRule(id uint32, acc *access.AccessControl) (*api.RESTPolicyRule, error)

func (CacheMethod) GetPolicyRuleCache 

func (m CacheMethod) GetPolicyRuleCache(id uint32, acc *access.AccessControl) (*share.CLUSPolicyRule, error)

func (CacheMethod) GetPolicyRuleCount 

func (m CacheMethod) GetPolicyRuleCount(acc *access.AccessControl) int

func (*CacheMethod) GetProcessProfile 

func (m *CacheMethod) GetProcessProfile(group string, acc *access.AccessControl) (*api.RESTProcessProfile, error)

func (CacheMethod) GetPwdProfile 

func (m CacheMethod) GetPwdProfile(name string) (share.CLUSPwdProfile, error)

func (CacheMethod) GetResponseRule 

func (m CacheMethod) GetResponseRule(policyName string, id uint32, acc *access.AccessControl) (*api.RESTResponseRule, error)

func (CacheMethod) GetResponseRuleCount 

func (m CacheMethod) GetResponseRuleCount(scope string, acc *access.AccessControl) int

func (CacheMethod) GetRiskScoreMetrics 

func (m CacheMethod) GetRiskScoreMetrics(acc, accCaller *access.AccessControl) *api.RESTScoreMetricsData

func (CacheMethod) GetScanConfig 

func (m CacheMethod) GetScanConfig(acc *access.AccessControl) (*api.RESTScanConfig, error)

---------------------------------------------------------------------- ----------------------------------------------------------------------

func (CacheMethod) GetScanPlatformSummary 

func (m CacheMethod) GetScanPlatformSummary(acc *access.AccessControl) (*api.RESTScanPlatformSummary, error)

func (CacheMethod) GetScanStatus 

func (m CacheMethod) GetScanStatus(acc *access.AccessControl) (*api.RESTScanStatus, error)

func (CacheMethod) GetScannerCount 

func (m CacheMethod) GetScannerCount(acc *access.AccessControl) (int, string, string)

func (CacheMethod) GetService 

func (m CacheMethod) GetService(name string, view string, withCap bool, acc *access.AccessControl) (*api.RESTService, error)

func (CacheMethod) GetServiceCount 

func (m CacheMethod) GetServiceCount(acc *access.AccessControl) int

func (CacheMethod) GetSystemConfig 

func (m CacheMethod) GetSystemConfig(acc *access.AccessControl) *api.RESTSystemConfig

func (CacheMethod) GetSystemConfigClusterName 

func (m CacheMethod) GetSystemConfigClusterName(acc *access.AccessControl) string

func (CacheMethod) GetThreat 

func (m CacheMethod) GetThreat(id string, acc *access.AccessControl) (*api.Threat, error)

func (CacheMethod) GetThreatCount 

func (m CacheMethod) GetThreatCount(acc *access.AccessControl) int

func (CacheMethod) GetThreats 

func (m CacheMethod) GetThreats(acc *access.AccessControl) []*api.Threat

func (CacheMethod) GetUnusedGroupAging 

func (m CacheMethod) GetUnusedGroupAging() uint8

func (CacheMethod) GetViolationCount 

func (m CacheMethod) GetViolationCount(acc *access.AccessControl) int

func (CacheMethod) GetViolations 

func (m CacheMethod) GetViolations(acc *access.AccessControl) []*api.Violation

This is currently used to record policy voilation logs. It's not really a traffic log, but an aggregated record.

func (CacheMethod) GetVulnerabilityProfile 

func (m CacheMethod) GetVulnerabilityProfile(name string, acc *access.AccessControl) (*api.RESTVulnerabilityProfile, error)

func (CacheMethod) GetVulnerabilityProfileInterface 

func (m CacheMethod) GetVulnerabilityProfileInterface(name string) scanUtils.VPFInterface

func (CacheMethod) GetVulnerabilityReport 

func (m CacheMethod) GetVulnerabilityReport(id, showTag string) ([]*api.RESTVulnerability, []*api.RESTScanModule, error)

func (*CacheMethod) GetWafGroup 

func (m *CacheMethod) GetWafGroup(group string, acc *access.AccessControl) (*api.RESTWafGroup, error)

func (*CacheMethod) GetWafRule 

func (m *CacheMethod) GetWafRule(rulename string, acc *access.AccessControl) (*api.RESTWafRuleDetail, error)

func (CacheMethod) GetWafRuleNames 

func (m CacheMethod) GetWafRuleNames() *[]string

func (CacheMethod) GetWafRuleSensorGroupById 

func (m CacheMethod) GetWafRuleSensorGroupById(id uint32) (string, string, *[]string)

func (*CacheMethod) GetWafRules 

func (m *CacheMethod) GetWafRules(acc *access.AccessControl) ([]*api.RESTWafRule, error)

default sensor contains all waf rule entries, REST API for GUI

func (*CacheMethod) GetWafSensor 

func (m *CacheMethod) GetWafSensor(sensor string, acc *access.AccessControl) (*api.RESTWafSensor, error)

func (CacheMethod) GetWorkload 

func (m CacheMethod) GetWorkload(id string, view string, acc *access.AccessControl) (*api.RESTWorkload, error)

func (CacheMethod) GetWorkloadBrief 

func (m CacheMethod) GetWorkloadBrief(id string, view string, acc *access.AccessControl) (*api.RESTWorkloadBrief, error)

func (CacheMethod) GetWorkloadConfig 

func (m CacheMethod) GetWorkloadConfig(id string, acc *access.AccessControl) (*api.RESTWorkloadConfig, error)

func (CacheMethod) GetWorkloadCount 

func (m CacheMethod) GetWorkloadCount(acc *access.AccessControl) (int, int, int)

func (CacheMethod) GetWorkloadCountOnHost 

func (m CacheMethod) GetWorkloadCountOnHost(hostID string, view string, acc *access.AccessControl) int

func (CacheMethod) GetWorkloadDetail 

func (m CacheMethod) GetWorkloadDetail(id string, view string, acc *access.AccessControl) (*api.RESTWorkloadDetail, error)

func (CacheMethod) GetWorkloadResponseRules 

func (m CacheMethod) GetWorkloadResponseRules(policyName, id string, acc *access.AccessControl) ([]*api.RESTResponseRule, error)

func (CacheMethod) GetWorkloadRisk 

func (m CacheMethod) GetWorkloadRisk(id string, acc *access.AccessControl) (*common.WorkloadRisk, error)

func (CacheMethod) IncrementAdmCtrlProcessing 

func (m CacheMethod) IncrementAdmCtrlProcessing()

func (CacheMethod) IsAdmControlEnabled 

func (m CacheMethod) IsAdmControlEnabled(uri *string) (bool, string, int, string, string)

func (*CacheMethod) IsDlpRuleUsedBySensor 

func (m *CacheMethod) IsDlpRuleUsedBySensor(rule string, acc *access.AccessControl) bool

func (CacheMethod) IsGroupMember 

func (m CacheMethod) IsGroupMember(name, id string) bool

func (CacheMethod) IsGroupPolicyModeChangeable 

func (m CacheMethod) IsGroupPolicyModeChangeable(name string) bool

func (CacheMethod) IsImageScanned 

func (m CacheMethod) IsImageScanned(c *nvsysadmission.AdmContainerInfo) (bool, int, int)

func (CacheMethod) IsPrdefineFileGroup 

func (m CacheMethod) IsPrdefineFileGroup(filter string, recursive bool) (*share.CLUSFileMonitorFilter, bool)

func (*CacheMethod) IsWafRuleUsedBySensor 

func (m *CacheMethod) IsWafRuleUsedBySensor(rule string, acc *access.AccessControl) (bool, share.TCfgType)

func (CacheMethod) MatchK8sAdmissionRules 

func (m CacheMethod) MatchK8sAdmissionRules(admResObject *nvsysadmission.AdmResObject, c *nvsysadmission.AdmContainerInfo,
	evalContext *nvsysadmission.AdmCtrlEvalContext, stamps *api.AdmCtlTimeStamps, ar *admissionv1beta1.AdmissionReview,
	containerType string) (*nvsysadmission.AdmCtrlAssessResult, bool)

it's for a container/image's evaluation only

func (CacheMethod) MatchK8sAdmissionRulesForPVC 

func (m CacheMethod) MatchK8sAdmissionRulesForPVC(ns, name, scName string, evalContext *nvsysadmission.AdmCtrlEvalContext) (
	*nvsysadmission.AdmCtrlAssessResult, bool)

func (CacheMethod) PolicyRule2REST 

func (m CacheMethod) PolicyRule2REST(rule *share.CLUSPolicyRule) *api.RESTPolicyRule

func (CacheMethod) PutCustomRoles 

func (m CacheMethod) PutCustomRoles(roles map[string]*share.CLUSUserRole)

func (CacheMethod) ResponseRule2REST 

func (m CacheMethod) ResponseRule2REST(rule *share.CLUSResponseRule) *api.RESTResponseRule

func (CacheMethod) ScanHost 

func (m CacheMethod) ScanHost(id string, acc *access.AccessControl) error

func (CacheMethod) ScanPlatform 

func (m CacheMethod) ScanPlatform(acc *access.AccessControl) error

func (CacheMethod) ScanWorkload 

func (m CacheMethod) ScanWorkload(id string, acc *access.AccessControl) error

func (CacheMethod) SetFedJoinedClusterToken 

func (m CacheMethod) SetFedJoinedClusterToken(id, mainSessionID, token string)

func (CacheMethod) SetNvDeployStatusInCluster 

func (m CacheMethod) SetNvDeployStatusInCluster(resName string, value bool)

func (CacheMethod) SyncAdmCtrlStateToK8s 

func (m CacheMethod) SyncAdmCtrlStateToK8s(svcName, nvAdmName string, updateDetected bool) (bool, error)

Admission control - non-UI

func (CacheMethod) UpdateLocalAdmCtrlStats 

func (m CacheMethod) UpdateLocalAdmCtrlStats(category string, stats int)

func (CacheMethod) WafSensorInGroups 

func (m CacheMethod) WafSensorInGroups(sensor string) bool

func (CacheMethod) WaitUntilApiPathReady 

func (m CacheMethod) WaitUntilApiPathReady() bool

type Context 

type Context struct {
	RancherEP                string // from yaml/helm chart
	RancherSSO               bool   // from yaml/helm chart
	TelemetryFreq            uint   // from yaml
	CheckDefAdminFreq        uint   // from yaml, in minutes
	CspPauseInterval         uint   // from yaml, in minutes
	LocalDev                 *common.LocalDevice
	EvQueue                  cluster.ObjectQueueInterface
	AuditQueue               cluster.ObjectQueueInterface
	Messenger                cluster.MessengerInterface
	OrchChan                 chan *resource.Event
	TimerWheel               *utils.TimerWheel
	DebugCPath               bool
	Debug                    []string
	DefaultLogLevel          log.Level
	EnableRmNsGroups         bool
	EnableIcmpPolicy         bool
	ConnLog                  *log.Logger
	MutexLog                 *log.Logger
	ScanLog                  *log.Logger
	K8sResLog                *log.Logger
	CspType                  share.TCspType
	CtrlerVersion            string
	NvSemanticVersion        string
	StartStopFedPingPollFunc func(cmd, interval uint32, param1 interface{}) error
	RestConfigFunc           func(cmd, interval uint32, param1 interface{}, param2 interface{}) error
	CreateQuerySessionFunc   func(qsr *api.QuerySessionRequest) error
	DeleteQuerySessionFunc   func(queryToken string) error
	NotifyCertChange         func(cn string) error
	// contains filtered or unexported fields
}

type GraphSyncEntry 

type GraphSyncEntry struct {
	Ipproto      uint8
	Port         uint16
	Application  uint32
	CIP          uint32
	SIP          uint32
	MappedPort   uint16
	ThreatID     uint32
	DlpID        uint32
	WafID        uint32
	Severity     uint8
	DlpSeverity  uint8
	WafSeverity  uint8
	PolicyAction uint8
	PolicyID     uint32
	Bytes        uint64
	Sessions     uint32
	Server       uint32
	Last         uint32
	Xff          uint8
	ToSidecar    uint8
	FQDN         string
	Nbe          uint8
}

type PolicyCondition 

type PolicyCondition struct {
	InViolation     func(*nvsysadmission.AdmContainerInfo) bool
	ViolationReason string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.