kv

package
v0.0.0-test Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 47 Imported by: 24

Documentation

Index

Constants

View Source 
const (
	AdmCAKeyPath  = "/etc/neuvector/certs/internal/adm_ca.key"
	AdmCACertPath = "/etc/neuvector/certs/internal/adm_ca.cert"

	CertTypeAdmCtrl   = "adm_ctrl"
	CertTypeFed       = "federation"
	DefaultRSAKeySize = 2048
)
View Source 
const (
	DefaultRetryNumber   = 10
	DefaultSleepTime     = time.Millisecond * 10
	DefaultMaxSleepTime  = time.Second * 3
	DefaultBackoffFactor = 2.0
)

Due to consul's design, synchronization between clients using CAS() would easily make some clients starving. It's important to avoid this in the first place, but if you couldn't, change these variables when the scenario is too extreme.

View Source 
const (
	InstallationCacheTTL = time.Minute * 30
)
View Source 
const NODEMAX int = 600

to test policy calculation oversize issue adjust number of nodes(NODEMAX) and number of workloads per node(WLPERNODEMAX)

View Source 
const NeuvectorDir = "/var/neuvector/"
View Source 
const WLPERNODEMAX int = 250

Variables

View Source 
var CreditCardSensorDlpRule = &share.CLUSDlpSensor{
	Name:        share.CLUSDlpCcSensor,
	Groups:      make(map[string]string),
	RuleList:    make(map[string]*share.CLUSDlpRule),
	PreRuleList: make(map[string][]*share.CLUSDlpRule),
	RuleListNames: map[string]string{
		share.DlpRuleNameCcAxp:      share.DlpRuleNameCcAxp,
		share.DlpRuleNameCcDiscover: share.DlpRuleNameCcDiscover,
		share.DlpRuleNameCcMaster:   share.DlpRuleNameCcMaster,
		share.DlpRuleNameCcVisa:     share.DlpRuleNameCcVisa,
		share.DlpRuleNameCcDinerV1:  share.DlpRuleNameCcDinerV1,
		share.DlpRuleNameCcDinerV2:  share.DlpRuleNameCcDinerV2,
		share.DlpRuleNameCcJcb:      share.DlpRuleNameCcJcb,
	},
	Comment:   commentCcSensor,
	Predefine: true,
	CfgType:   share.SystemDefined,
}
View Source 
var ErrCluster = errors.New("Failed to access cluster")
View Source 
var ErrIORead = errors.New("Failed on IO read")
View Source 
var ErrIOWrite = errors.New("Failed on IO write")
View Source 
var ErrIncompatibleFedRole = errors.New("File is from an incompatible federal-role cluster")
View Source 
var ErrIncompatibleFedRoleEx = errors.New(`It's not allowed to import from federal-managed cluster to standalone cluster. To override it, select "Import configuration as standalone cluster" and try again`)
View Source 
var ErrInvalidFileFormat = errors.New("Invalid file format")
View Source 
var FAKEWLID string = "9321f8a6951c550e2d1634b32b859ed6ed167752b8a8552f95dad7eb33de8e2a"
View Source 
var Log4shWafSensor = &share.CLUSWafSensor{
	Name:        share.CLUSWafLog4shSensor,
	Groups:      make(map[string]string),
	RuleList:    make(map[string]*share.CLUSWafRule),
	PreRuleList: make(map[string][]*share.CLUSWafRule),
	RuleListNames: map[string]string{
		preWafRuleLog4sh.Name: preWafRuleLog4sh.Name,
	},
	Comment:   commentLog4shSensor,
	Predefine: false,
	CfgType:   share.UserCreated,
}
View Source 
var PreDlpSensors = []*share.CLUSDlpSensor{
	SsnSensorDlpRule,
	CreditCardSensorDlpRule,
}
View Source 
var PreWafSensors = []*share.CLUSWafSensor{
	Log4shWafSensor,
	Spring4shWafSensor,
}
View Source 
var (
	RSAKeySize int
)
View Source 
var Spring4shWafSensor = &share.CLUSWafSensor{
	Name:        share.CLUSWafSpr4shSensor,
	Groups:      make(map[string]string),
	RuleList:    make(map[string]*share.CLUSWafRule),
	PreRuleList: make(map[string][]*share.CLUSWafRule),
	RuleListNames: map[string]string{
		preWafRuleSpring4sh.Name: preWafRuleSpring4sh.Name,
	},
	Comment:   commentSpr4shSensor,
	Predefine: false,
	CfgType:   share.UserCreated,
}
View Source 
var SsnSensorDlpRule = &share.CLUSDlpSensor{
	Name:        share.CLUSDlpSsnSensor,
	Groups:      make(map[string]string),
	RuleList:    make(map[string]*share.CLUSDlpRule),
	PreRuleList: make(map[string][]*share.CLUSDlpRule),
	RuleListNames: map[string]string{
		share.DlpRuleNameSsn: share.DlpRuleNameSsn,
	},
	Comment:   commentSsnSensor,
	Predefine: true,
	CfgType:   share.SystemDefined,
}

Functions

func CalculateIPPolicyFromCacheFake 

func CalculateIPPolicyFromCacheFake() []share.CLUSGroupIPPolicy

func CheckFedKvVersion 

func CheckFedKvVersion(verifier, reqFedKvVer string) (bool, int, error)

check if the request handling cluster can handle request from the requesting cluster for "fed kv version":

  1. the request handling cluster & requesting cluster have the same "fed kv version", it means they can handle requests from each other in the same federation
  2. if not, it means they shouldn't handle requests from each other 2-1: if the requesting cluster's "fed kv version" is in the handler cluster's phases, it means the requesting cluster needs upgrade 2-2: if the requesting cluster's "fed kv version" is not in the handler cluster's phases, it means the handler cluster needs upgrade

func CompressPolicyRuleList 

func CompressPolicyRuleList()

compress for existing rulelist pre-3.2.1 and 3.2.1

func ConvertRoleGroupsToGroupRoleDomains 

func ConvertRoleGroupsToGroupRoleDomains(roleGroups map[string][]string) ([]*share.GroupRoleMapping, error)

func CreateAdmCtrlStateByName 

func CreateAdmCtrlStateByName(svcName string, enable bool)

func CreateCAFilesAndStoreInKv 

func CreateCAFilesAndStoreInKv(certpath, keypath string) error

Create CA files using default template and store in specified path. If cert file already exists, it should be loaded and stored in kv instead if creating a new one.

func CreateDefDlpRules 

func CreateDefDlpRules(withlock bool)

func CreateDefWafRules 

func CreateDefWafRules(withlock bool)

func CreateDefaultFedGroups 

func CreateDefaultFedGroups()

func CreatePreDlpSensor 

func CreatePreDlpSensor(withlock bool)

func CreatePreWafSensor 

func CreatePreWafSensor(withlock bool)

func DeletePolicyByCfgTypeTxn 

func DeletePolicyByCfgTypeTxn(txn *cluster.ClusterTransact, cfgType share.TCfgType)

func DeletePolicyByGroup 

func DeletePolicyByGroup(name string) int

func DeletePolicyByGroupTxn 

func DeletePolicyByGroupTxn(txn *cluster.ClusterTransact, name string) error

func DeletePolicyByGroups 

func DeletePolicyByGroups(names []string) int

func DeleteResponseRuleByGroup 

func DeleteResponseRuleByGroup(name string) int

func DeleteResponseRuleByGroupTxn 

func DeleteResponseRuleByGroupTxn(txn *cluster.ClusterTransact, name string, cfgType share.TCfgType) error

func DeleteResponseRuleByGroups 

func DeleteResponseRuleByGroups(names []string) int

func EnforceNetSysConfig 

func EnforceNetSysConfig()

func GenTlsCertWithCaAndStoreInFiles 

func GenTlsCertWithCaAndStoreInFiles(cn string, certPath string, privKeyPath string, caCertPath string, caKeyPath string, validityPeriod ValidityPeriod, usage x509.ExtKeyUsage) error

Generate TLS key/cert pair using ca specified and store them in specified files. Return true if it succeeds to create key pair or the file already exists. If caCertPath and caKeyPath are both empty, this will create a self-signed certificate.

func GenTlsCertWithCaAndStoreInKv 

func GenTlsCertWithCaAndStoreInKv(cn string, certPath string, keyPath string, caCertPath string, caKeyPath string, validityPeriod ValidityPeriod) error

Generate a TLS cert and store it in kv.

func GenTlsKeyCert 

func GenTlsKeyCert(cn string, caCertPath string, caKeyPath string, validityPeriod ValidityPeriod, usage x509.ExtKeyUsage) ([]byte, []byte, error)

Generate TLS key/cert pair using ca specified. If caCertPath and caKeyPath are both empty, this will create a self-signed certificate.

func GenerateCAWithRSAKey 

func GenerateCAWithRSAKey(template *x509.Certificate, keysize int) ([]byte, []byte, error)

Generate CA cert/key When succeeds, it returns cert (der) and key.

func GenerateTLSCertWithRSAKey 

func GenerateTLSCertWithRSAKey(template *x509.Certificate, keysize int, parent *x509.Certificate, parentPrivateKey interface{}) ([]byte, []byte, error)

Generate TLS cert/key When parent == nil, it will be self-signed. When succeeds, it returns cert (der) and key.

func GetControlVersion 

func GetControlVersion() share.CLUSCtrlVersion

func GetDefaultCACertTemplate 

func GetDefaultCACertTemplate() *x509.Certificate

Create a default certificate template for CA cert. Note: If you're modifying this too much, the certificate might get unrecognized by verifyWebServerCert().

func GetDefaultTLSCertTemplate 

func GetDefaultTLSCertTemplate() *x509.Certificate

Create a default certificate template for TLS server and JWT signing. Note: If you're modifying this too much, the certificate might get unrecognized by verifyWebServerCert().

func GetFedCaCertPath 

func GetFedCaCertPath(masterID string) (string, error)

func GetFedKvVer 

func GetFedKvVer() string

func GetFedTlsKeyCertPath 

func GetFedTlsKeyCertPath(masterID, jointID string) (string, string, string)

func GetRestVer 

func GetRestVer() string

func Init 

func Init(id, version, platform, flavor string, persist bool, isGroupMember FuncIsGroupMember, getConfigData FuncGetConfigKVData,
	evQueue cluster.ObjectQueueInterface)

func IsImporting 

func IsImporting() bool

func RetryOnCASError 

func RetryOnCASError(retry int, fn func() error) error

Utility function. Retry consul API until it succeeds or retry number is reached.

func SetImporting 

func SetImporting(value uint32)

func StoreKeyCertFilesInKV 

func StoreKeyCertFilesInKV(kvkey string, certPath string, keyPath string) error

Store key cert in kv. If data is not consistent, the data in kv will be used and files in keyPath and certPath will be modified.

func StoreKeyCertMemoryInKV 

func StoreKeyCertMemoryInKV(kvkey string, certData string, keyData string) (*share.CLUSX509Cert, error)

Store key cert in kv. If data is not consistent, the data in kv will be used and files in keyPath and certPath will be modified.

func StringWithCharset 

func StringWithCharset(length int, charset string) string

func UpgradeAndConvert 

func UpgradeAndConvert(key string, value []byte) ([]byte, error, bool)

This is called whenever we read from kv store or get notified by kv changes.

func ValidateWebhookCert 

func ValidateWebhookCert()

Types

type CertManager 

type CertManager struct {
	// contains filtered or unexported fields
}

func NewCertManager 

func NewCertManager(config CertManagerConfig) *CertManager

func (*CertManager) CheckAndRenewCerts 

func (c *CertManager) CheckAndRenewCerts() error

Check and renew certificates. This is supposed to be called by one go routine.

func (*CertManager) NotifyChanges 

func (c *CertManager) NotifyChanges(cn string) error

Notify cert manager that a change is detected.

func (*CertManager) Register 

func (c *CertManager) Register(cn string, callback *CertManagerCallback) error

func (*CertManager) Run 

func (c *CertManager) Run(ctx context.Context) error

Main go routine of cert manager.

func (*CertManager) Unregister 

func (c *CertManager) Unregister(cn string) error

func (*CertManager) UpdateCerts 

func (c *CertManager) UpdateCerts(cn string) error

Update certificate based on data in consul

type CertManagerCallback 

type CertManagerCallback struct {
	NewCert       func(*share.CLUSX509Cert) (*share.CLUSX509Cert, error)
	NotifyNewCert func(*share.CLUSX509Cert, *share.CLUSX509Cert)
	IsCertValid   func(*share.CLUSX509Cert) bool // optional
	// contains filtered or unexported fields
}

type CertManagerConfig 

type CertManagerConfig struct {
	// How often the certificate will be checked.
	ExpiryCheckPeriod time.Duration

	// When NotAfter - now < RenewThreshold, renew will be triggered.
	RenewThreshold time.Duration
}

type ClusterHelper 

type ClusterHelper interface {
	AcquireLock(key string, wait time.Duration) (cluster.LockInterface, error)
	ReleaseLock(cluster.LockInterface)

	UpgradeClusterKV(version string) (verUpdated bool)
	UpgradeClusterImport(ver *share.CLUSCtrlVersion)
	FixMissingClusterKV()

	GetInstallationID() (string, error)

	GetAllControllers() ([]*share.CLUSController, error)
	GetAllEnforcers() []*share.CLUSAgent

	SetCtrlState(key string) error
	UnsetCtrlState(key string)
	GetCtrlState(key string) bool

	GetSystemConfigRev(acc *access.AccessControl) (*share.CLUSSystemConfig, uint64)
	PutSystemConfigRev(conf *share.CLUSSystemConfig, rev uint64) error
	GetScanConfigRev(acc *access.AccessControl) (*share.CLUSScanConfig, uint64)
	GetFedSystemConfigRev(acc *access.AccessControl) (*share.CLUSSystemConfig, uint64)
	PutFedSystemConfigRev(conf *share.CLUSSystemConfig, rev uint64) error

	GetDomain(name string, acc *access.AccessControl) (*share.CLUSDomain, uint64, error)
	PutDomain(cd *share.CLUSDomain, rev *uint64) error
	PutDomainIfNotExist(cd *share.CLUSDomain) error
	DeleteDomain(name string) error

	GetAllLearnedGroups(acc *access.AccessControl) map[string]*share.CLUSGroup
	GetAllGroups(scope string, acc *access.AccessControl) map[string]*share.CLUSGroup
	GetAllGroupNames(scope string) utils.Set
	GetGroup(name string, acc *access.AccessControl) (*share.CLUSGroup, uint64, error)
	PutGroup(group *share.CLUSGroup, create bool) error
	PutGroupRev(group *share.CLUSGroup, rev uint64) error
	PutGroupTxn(txn *cluster.ClusterTransact, group *share.CLUSGroup) error
	DeleteGroup(name string) error
	DeleteGroupTxn(txn *cluster.ClusterTransact, name string)

	GetPolicyRuleList() []*share.CLUSRuleHead
	PutPolicyRuleList(crhs []*share.CLUSRuleHead) error
	PutPolicyRuleListTxn(txn *cluster.ClusterTransact, crhs []*share.CLUSRuleHead) error
	PutPolicyRuleListZip(key string, array []byte) error
	GetPolicyRule(id uint32) (*share.CLUSPolicyRule, uint64)
	PutPolicyRule(rule *share.CLUSPolicyRule) error
	PutPolicyRuleTxn(txn *cluster.ClusterTransact, rule *share.CLUSPolicyRule) error
	PutPolicyRuleRev(rule *share.CLUSPolicyRule, rev uint64) error
	DeletePolicyRule(id uint32) error

	// This function cannot return an error, as there is no possibility for one to occur.
	// However, we retain the error return type to accommodate the mock dependency.
	DeletePolicyRuleTxn(txn *cluster.ClusterTransact, id uint32) error
	PutPolicyVer(s *share.CLUSGroupIPPolicyVer) error
	PutPolicyVerNode(s *share.CLUSGroupIPPolicyVer) error
	PutDlpVer(s *share.CLUSDlpRuleVer) error

	GetResponseRuleList(policyName string) []*share.CLUSRuleHead
	PutResponseRuleList(policyName string, crhs []*share.CLUSRuleHead) error
	PutResponseRuleListTxn(policyName string, txn *cluster.ClusterTransact, crhs []*share.CLUSRuleHead) error
	GetResponseRule(policyName string, id uint32) (*share.CLUSResponseRule, uint64)
	PutResponseRule(policyName string, rule *share.CLUSResponseRule) error
	PutResponseRuleTxn(policyName string, txn *cluster.ClusterTransact, rule *share.CLUSResponseRule) error
	PutResponseRuleRev(policyName string, rule *share.CLUSResponseRule, rev uint64) error
	DeleteResponseRule(policyName string, id uint32) error
	DeleteResponseRuleTxn(policyName string, txn *cluster.ClusterTransact, id uint32)

	GetAllServers(acc *access.AccessControl) map[string]*share.CLUSServer
	GetServerRev(name string, acc *access.AccessControl) (*share.CLUSServer, uint64, error)
	PutServerRev(server *share.CLUSServer, rev uint64) error
	PutServerIfNotExist(server *share.CLUSServer) error
	DeleteServer(name string) error

	GetAllUsers(acc *access.AccessControl) map[string]*share.CLUSUser
	GetAllUsersNoAuth() map[string]*share.CLUSUser
	GetUserRev(fullname string, acc *access.AccessControl) (*share.CLUSUser, uint64, error)
	PutUserRev(user *share.CLUSUser, rev uint64) error
	PutUser(user *share.CLUSUser) error
	CreateUser(user *share.CLUSUser) error
	DeleteUser(fullname string) error

	GetApikeyRev(name string, acc *access.AccessControl) (*share.CLUSApikey, uint64, error)
	CreateApikey(apikey *share.CLUSApikey) error
	GetAllApikeysNoAuth() map[string]*share.CLUSApikey
	DeleteApikey(name string) error

	GetProcessProfile(group string) *share.CLUSProcessProfile
	PutProcessProfile(group string, pg *share.CLUSProcessProfile) error
	PutProcessProfileTxn(txn *cluster.ClusterTransact, group string, pg *share.CLUSProcessProfile) error
	PutProcessProfileIfNotExist(group string, pg *share.CLUSProcessProfile) error
	DeleteProcessProfileTxn(txn *cluster.ClusterTransact, group string) error
	GetAllProcessProfileSubKeys(scope string) utils.Set

	GetScanner(id string, acc *access.AccessControl) *share.CLUSScanner
	GetAllScanner(acc *access.AccessControl) []*share.CLUSScanner
	PutScannerTxn(txn *cluster.ClusterTransact, s *share.CLUSScanner) error
	DeleteScanner(id string) error
	GetScannerStats(id string) (*share.CLUSScannerStats, error)
	CreateScannerStats(id string) error
	PutScannerStats(id string, objType share.ScanObjectType, result *share.ScanResult) error
	GetScannerDB(store string) []*share.CLUSScannerDB

	GetScanReport(key string) *share.CLUSScanReport
	GetScanState(key string) *share.CLUSScanState

	GetAllComplianceProfiles(acc *access.AccessControl) []*share.CLUSComplianceProfile
	GetComplianceProfile(name string, acc *access.AccessControl) (*share.CLUSComplianceProfile, uint64, error)
	PutComplianceProfile(cp *share.CLUSComplianceProfile, rev *uint64) error
	PutComplianceProfileIfNotExist(cp *share.CLUSComplianceProfile) error

	GetAllVulnerabilityProfiles(acc *access.AccessControl) []*share.CLUSVulnerabilityProfile
	GetVulnerabilityProfile(name string, acc *access.AccessControl) (*share.CLUSVulnerabilityProfile, uint64, error)
	PutVulnerabilityProfile(cp *share.CLUSVulnerabilityProfile, rev *uint64) error
	PutVulnerabilityProfileIfNotExist(cp *share.CLUSVulnerabilityProfile) error

	GetRegistry(name string, acc *access.AccessControl) (*share.CLUSRegistryConfig, uint64, error)
	GetAllRegistry(scope string) []*share.CLUSRegistryConfig
	PutRegistry(config *share.CLUSRegistryConfig, rev uint64) error
	PutRegistryIfNotExist(config *share.CLUSRegistryConfig) error
	DeleteRegistry(txn *cluster.ClusterTransact, name string) error
	DeleteRegistryKeys(name string) error
	PutRegistryState(name string, state *share.CLUSRegistryState) error
	GetRegistryState(name string) *share.CLUSRegistryState
	PutRegistryImageSummary(name, id string, sum *share.CLUSRegistryImageSummary) error
	GetRegistryImageSummary(name, id string) *share.CLUSRegistryImageSummary
	PutRegistryImageSummaryAndReport(name, id, fedRole string, sum *share.CLUSRegistryImageSummary, report *share.CLUSScanReport) error
	DeleteRegistryImageSummaryAndReport(name, id, fedRole string) error
	UpdateFedScanDataRevisions(regOp, scanDataOp, regName, id string) error
	GetFedScanRevisions() (share.CLUSFedScanRevisions, uint64, error)
	PutFedScanRevisions(scanRevs *share.CLUSFedScanRevisions, rev *uint64) error

	GetAllFileMonitorProfile() map[string]*share.CLUSFileMonitorProfile
	GetAllFileMonitorProfileSubKeys(scope string) utils.Set
	GetFileMonitorProfile(name string) (*share.CLUSFileMonitorProfile, uint64)
	PutFileMonitorProfile(name string, conf *share.CLUSFileMonitorProfile, rev uint64) error
	PutFileMonitorProfileIfNotExist(name string, conf *share.CLUSFileMonitorProfile) error
	PutFileMonitorProfileTxn(txn *cluster.ClusterTransact, name string, conf *share.CLUSFileMonitorProfile) error
	DeleteFileMonitorTxn(txn *cluster.ClusterTransact, name string) error

	GetAdmissionCertRev(svcName string) (*share.CLUSAdmissionCertCloaked, uint64) // obsolete
	GetObjectCertRev(cn string) (*share.CLUSX509Cert, uint64, error)
	PutObjectCert(cn, keyPath, certPath string, cert *share.CLUSX509Cert) error
	PutObjectCertMemory(cn string, in *share.CLUSX509Cert, out *share.CLUSX509Cert, index uint64) error
	GetAdmissionStateRev(svcName string) (*share.CLUSAdmissionState, uint64)
	PutAdmissionRule(admType, ruleType string, rule *share.CLUSAdmissionRule) error
	PutAdmissionStateRev(svcName string, state *share.CLUSAdmissionState, rev uint64) error
	GetAdmissionRuleList(admType, ruleType string) ([]*share.CLUSRuleHead, error)
	PutAdmissionRuleList(admType, ruleType string, crhs []*share.CLUSRuleHead) error
	GetAdmissionRule(admType, ruleType string, id uint32) *share.CLUSAdmissionRule
	DeleteAdmissionRule(admType, ruleType string, id uint32) error
	GetAdmissionStatsRev() (*share.CLUSAdmissionStats, uint64)
	PutAdmissionStatsRev(stats *share.CLUSAdmissionStats, rev uint64) error
	// transaction APIs:
	PutAdmissionRuleTxn(txn *cluster.ClusterTransact, admType, ruleType string, rule *share.CLUSAdmissionRule) error
	PutAdmissionRuleListTxn(txn *cluster.ClusterTransact, admType, ruleType string, crhs []*share.CLUSRuleHead) error
	DeleteAdmissionRuleTxn(txn *cluster.ClusterTransact, admType, ruleType string, id uint32)

	GetFileAccessRule(name string) (*share.CLUSFileAccessRule, uint64)
	PutFileAccessRule(name string, conf *share.CLUSFileAccessRule, rev uint64) error
	PutFileAccessRuleIfNotExist(name string, conf *share.CLUSFileAccessRule) error
	PutFileAccessRuleTxn(txn *cluster.ClusterTransact, name string, conf *share.CLUSFileAccessRule) error
	DeleteFileAccessRule(name string) error
	DeleteFileAccessRuleTxn(txn *cluster.ClusterTransact, name string)
	GetAllFileAccessRuleSubKeys(scope string) utils.Set
	GetCrdSecurityRuleRecord(crdKind, crdName string) *share.CLUSCrdSecurityRule
	PutCrdSecurityRuleRecord(crdKind, crdName string, rule *share.CLUSCrdSecurityRule) error
	DeleteCrdSecurityRuleRecord(crdKind, crdName string) error
	GetCrdSecurityRuleRecordList(crdKind string) map[string]*share.CLUSCrdSecurityRule

	GetFedMembership() *share.CLUSFedMembership
	PutFedMembership(s *share.CLUSFedMembership) error
	GetFedJointClusterList() *share.CLUSFedJoinedClusterList
	PutFedJointClusterList(list *share.CLUSFedJoinedClusterList) error
	PutFedJointClusterStatus(id string, status *share.CLUSFedClusterStatus) error
	DeleteFedJointClusterStatus(id string) error
	GetFedJointCluster(id string) *share.CLUSFedJointClusterInfo
	PutFedJointCluster(jointCluster *share.CLUSFedJointClusterInfo) error
	DeleteFedJointCluster(id string) error
	GetFedRulesRevisionRev() (*share.CLUSFedRulesRevision, uint64)
	UpdateFedRulesRevision(ruleTypes []string) bool
	PutFedRulesRevision(txn *cluster.ClusterTransact, settings *share.CLUSFedRulesRevision) error
	FedTriggerInstantPingPoll(cmd, fullPolling uint32)
	EnableDisableJointClusters(ids []string, toDisable bool, fedKeyLocked bool)
	ConfigFedRole(userName, role string, acc *access.AccessControl) error
	GetFedSettings() share.CLUSFedSettings
	PutFedSettings(txn *cluster.ClusterTransact, cfg share.CLUSFedSettings) error

	GetDlpSensor(name string) *share.CLUSDlpSensor
	GetAllDlpSensors() []*share.CLUSDlpSensor
	PutDlpSensor(sensor *share.CLUSDlpSensor, create bool) error
	PutDlpSensorTxn(txn *cluster.ClusterTransact, sensor *share.CLUSDlpSensor) error
	DeleteDlpSensor(name string) error
	DeleteDlpSensorTxn(txn *cluster.ClusterTransact, name string)
	GetDlpGroup(group string) *share.CLUSDlpGroup
	PutDlpGroup(group *share.CLUSDlpGroup, create bool) error
	PutDlpGroupTxn(txn *cluster.ClusterTransact, group *share.CLUSDlpGroup) error
	DeleteDlpGroup(txn *cluster.ClusterTransact, group string) error

	GetWafSensor(name string) *share.CLUSWafSensor
	GetAllWafSensors() []*share.CLUSWafSensor
	PutWafSensor(sensor *share.CLUSWafSensor, create bool) error
	PutWafSensorTxn(txn *cluster.ClusterTransact, sensor *share.CLUSWafSensor) error
	DeleteWafSensor(name string) error
	DeleteWafSensorTxn(txn *cluster.ClusterTransact, name string)
	GetWafGroup(group string) *share.CLUSWafGroup
	PutWafGroup(group *share.CLUSWafGroup, create bool) error
	PutWafGroupTxn(txn *cluster.ClusterTransact, group *share.CLUSWafGroup) error
	DeleteWafGroup(txn *cluster.ClusterTransact, group string) error

	GetCustomCheckConfig(name string) (*share.CLUSCustomCheckGroup, uint64)
	GetAllCustomCheckConfig() map[string]*share.CLUSCustomCheckGroup
	PutCustomCheckConfig(name string, conf *share.CLUSCustomCheckGroup, rev uint64) error
	DeleteCustomCheckConfig(txn *cluster.ClusterTransact, name string) error

	GetCrdRecord(name string) *share.CLUSCrdRecord
	PutCrdRecord(record *share.CLUSCrdRecord, name string) error
	DeleteCrdRecord(string) error
	GetCrdEventQueue() *share.CLUSCrdEventRecord
	PutCrdEventQueue(record *share.CLUSCrdEventRecord) error
	GetCrdEventQueueCount() int

	GetAwsCloudResource(projectName string) (*share.CLUSAwsResource, error)
	PutAwsCloudResource(project *share.CLUSAwsResource) error
	DeleteAwsCloudResource(projectName string) error
	GetAwsLambda(project, region, funcName string) *share.CLUSAwsFuncScanOutputList
	PutAwsLambda(project, region, funcName string, output *share.CLUSAwsFuncScanOutputList) error
	DeleteAwsLambda(project, region, funcName string) error
	DeleteAwsProjectCfg(projectName string) error
	GetAwsProjectCfg(projectName string, acc *access.AccessControl) (*share.CLUSAwsProjectCfg, error)
	PutAwsProjectCfg(projectName string, record *share.CLUSAwsProjectCfg) error
	// custom roles
	GetAllCustomRoles(acc *access.AccessControl) map[string]*share.CLUSUserRole
	GetCustomRoleRev(name string, acc *access.AccessControl) (*share.CLUSUserRole, uint64, error)
	PutCustomRoleRev(user *share.CLUSUserRole, rev uint64, acc *access.AccessControl) error
	CreateCustomRole(user *share.CLUSUserRole, acc *access.AccessControl) error
	DeleteCustomRole(name string) error

	//
	DuplicateNetworkKey(key string, value []byte) error
	DuplicateNetworkKeyTxn(txn *cluster.ClusterTransact, key string, value []byte) error
	RestoreNetworkKeys()
	DuplicateNetworkSystemKeyTxn(txn *cluster.ClusterTransact, key string, value []byte) error

	// password profile
	GetAllPwdProfiles(acc *access.AccessControl) map[string]*share.CLUSPwdProfile
	GetPwdProfileRev(name string, acc *access.AccessControl) (*share.CLUSPwdProfile, uint64, error)
	PutPwdProfileRev(profile *share.CLUSPwdProfile, rev uint64) error
	DeletePwdProfile(name string) error
	GetActivePwdProfileName() string
	PutActivePwdProfileName(name string) error

	// import task
	GetImportTask() (share.CLUSImportTask, error)
	PutImportTask(importTask *share.CLUSImportTask) error

	// sigstore verification
	CreateSigstoreRootOfTrust(rootOfTrust *share.CLUSSigstoreRootOfTrust, txn *cluster.ClusterTransact) error
	UpdateSigstoreRootOfTrust(rootOfTrust *share.CLUSSigstoreRootOfTrust, txn *cluster.ClusterTransact, rev *uint64) error
	GetSigstoreRootOfTrust(rootName string) (*share.CLUSSigstoreRootOfTrust, *uint64, error)
	DeleteSigstoreRootOfTrust(rootName string) error
	GetAllSigstoreRootsOfTrust() (rootOfTrust []*share.CLUSSigstoreRootOfTrust, err error)
	CreateSigstoreVerifier(rootName string, verifier *share.CLUSSigstoreVerifier, txn *cluster.ClusterTransact) error
	UpdateSigstoreVerifier(rootName string, verifier *share.CLUSSigstoreVerifier, txn *cluster.ClusterTransact, rev *uint64) error
	GetSigstoreVerifier(rootName string, verifierName string) (*share.CLUSSigstoreVerifier, *uint64, error)
	DeleteSigstoreVerifier(rootName string, verifierName string) error
	GetAllSigstoreVerifiersForRoot(rootName string) ([]*share.CLUSSigstoreVerifier, error)
	PutSigstoreTimestamp(txn *cluster.ClusterTransact, rev *uint64) error
	GetSigstoreTimestamp() (string, *uint64, error)
	CreateQuerySessionRequest(qsr *api.QuerySessionRequest) error
	DeleteQuerySessionRequest(queryToken string)

	// mock for unittest
	SetCacheMockCallback(keyStore string, mockFunc MockKvConfigUpdateFunc)
}

func GetClusterHelper 

func GetClusterHelper() ClusterHelper

type ConfigHelper 

type ConfigHelper interface {
	NotifyConfigChange(endpoint string)
	BackupAll()
	Restore() (string, bool, bool, string, error)
	Export(w *bufio.Writer, sections utils.Set) error
	Import(eps []*common.RPCEndpoint, localCtrlerID, localCtrlerIP string, loginDomainRoles access.DomainRole, importTask share.CLUSImportTask,
		tempToken string, revertFedRoles RevertFedRolesFunc, postImportOp PostImportFunc, pauseResumeStoreWatcher PauseResumeStoreWatcherFunc,
		ignoreFed bool) error
}

func GetConfigHelper 

func GetConfigHelper() ConfigHelper

type DispatcherHelper 

type DispatcherHelper interface {
	WorkloadJoin(node, group, id string, customGrps utils.Set, bLeader bool)
	WorkloadLeave(node, group, id string, customGrps utils.Set, bLeader bool)
	NodeLeave(node string, bLeader bool)
	CustomGroupUpdate(group string, serviceGrps utils.Set, bLeader bool)
	CustomGroupDelete(group string, bLeader bool)
	PutProfile(group, subkey string, value []byte, txn *cluster.ClusterTransact, bPutIfNotExist bool) error
	IsGroupAdded(group string) bool
}

func GetDispatchHelper 

func GetDispatchHelper() DispatcherHelper

type FuncGetConfigKVData 

type FuncGetConfigKVData func(key string) ([]byte, bool)

type FuncIsGroupMember 

type FuncIsGroupMember func(name, id string) bool

type LogEventFunc 

type LogEventFunc func(share.TLogEvent, time.Time, int, string)

type MockCluster 

type MockCluster struct {
	ClusterHelper

	ScanSums map[string]*share.CLUSRegistryImageSummary
	ScanRpts map[string]*share.CLUSScanReport

	DeletePolicyRuleCount uint

	FedMembership share.CLUSFedMembership
	// contains filtered or unexported fields
}

func (*MockCluster) AcquireLock 

func (m *MockCluster) AcquireLock(key string, wait time.Duration) (cluster.LockInterface, error)

func (*MockCluster) CreateApikey 

func (m *MockCluster) CreateApikey(apikey *share.CLUSApikey) error

func (*MockCluster) CreateCustomRole 

func (m *MockCluster) CreateCustomRole(role *share.CLUSUserRole, acc *access.AccessControl) error

func (*MockCluster) CreateUser 

func (m *MockCluster) CreateUser(user *share.CLUSUser) error

func (*MockCluster) DeleteApikey 

func (m *MockCluster) DeleteApikey(name string) error

func (*MockCluster) DeleteCustomRole 

func (m *MockCluster) DeleteCustomRole(name string) error

func (*MockCluster) DeleteGroup 

func (m *MockCluster) DeleteGroup(name string) error

func (*MockCluster) DeletePolicyRule 

func (m *MockCluster) DeletePolicyRule(id uint32) error

func (*MockCluster) DeletePolicyRuleTxn 

func (m *MockCluster) DeletePolicyRuleTxn(txn *cluster.ClusterTransact, id uint32) error

func (*MockCluster) DeleteProcessProfileTxn 

func (m *MockCluster) DeleteProcessProfileTxn(txn *cluster.ClusterTransact, group string) error

func (*MockCluster) DeletePwdProfile 

func (m *MockCluster) DeletePwdProfile(name string) error

func (*MockCluster) DeleteRegistry 

func (m *MockCluster) DeleteRegistry(txn *cluster.ClusterTransact, name string) error

func (*MockCluster) DeleteRegistryImageSummaryAndReport 

func (m *MockCluster) DeleteRegistryImageSummaryAndReport(name, id, fedRole string) error

func (*MockCluster) DeleteServer 

func (m *MockCluster) DeleteServer(name string) error

func (*MockCluster) DeleteUser 

func (m *MockCluster) DeleteUser(fullname string) error

func (*MockCluster) DoesGroupExist 

func (m *MockCluster) DoesGroupExist(name string, acc *access.AccessControl) bool

func (*MockCluster) GetActivePwdProfileName 

func (m *MockCluster) GetActivePwdProfileName() string

func (*MockCluster) GetAllApikeysNoAuth 

func (m *MockCluster) GetAllApikeysNoAuth() map[string]*share.CLUSApikey

func (*MockCluster) GetAllComplianceProfiles 

func (m *MockCluster) GetAllComplianceProfiles(acc *access.AccessControl) []*share.CLUSComplianceProfile

func (*MockCluster) GetAllCustomCheckConfig 

func (m *MockCluster) GetAllCustomCheckConfig() map[string]*share.CLUSCustomCheckGroup

func (*MockCluster) GetAllCustomRoles 

func (m *MockCluster) GetAllCustomRoles(acc *access.AccessControl) map[string]*share.CLUSUserRole

func (*MockCluster) GetAllGroups 

func (m *MockCluster) GetAllGroups(scope string, acc *access.AccessControl) map[string]*share.CLUSGroup

func (*MockCluster) GetAllPwdProfiles 

func (m *MockCluster) GetAllPwdProfiles(acc *access.AccessControl) map[string]*share.CLUSPwdProfile

func (*MockCluster) GetAllRegistry 

func (m *MockCluster) GetAllRegistry(scope string) []*share.CLUSRegistryConfig

func (*MockCluster) GetAllServers 

func (m *MockCluster) GetAllServers(acc *access.AccessControl) map[string]*share.CLUSServer

func (*MockCluster) GetAllUsers 

func (m *MockCluster) GetAllUsers(acc *access.AccessControl) map[string]*share.CLUSUser

func (*MockCluster) GetAllUsersNoAuth 

func (m *MockCluster) GetAllUsersNoAuth() map[string]*share.CLUSUser

func (*MockCluster) GetApikeyRev 

func (m *MockCluster) GetApikeyRev(fullname string, acc *access.AccessControl) (*share.CLUSApikey, uint64, error)

func (*MockCluster) GetAwsCloudResource 

func (m *MockCluster) GetAwsCloudResource(projectName string) (*share.CLUSAwsResource, error)

func (*MockCluster) GetAwsProjectCfg 

func (m *MockCluster) GetAwsProjectCfg(projectName string, acc *access.AccessControl) (*share.CLUSAwsProjectCfg, error)

func (*MockCluster) GetComplianceProfile 

func (m *MockCluster) GetComplianceProfile(name string, acc *access.AccessControl) (*share.CLUSComplianceProfile, uint64, error)

func (*MockCluster) GetCustomRoleRev 

func (m *MockCluster) GetCustomRoleRev(name string, acc *access.AccessControl) (*share.CLUSUserRole, uint64, error)

func (*MockCluster) GetFedMembership 

func (m *MockCluster) GetFedMembership() *share.CLUSFedMembership

func (*MockCluster) GetGroup 

func (m *MockCluster) GetGroup(name string, acc *access.AccessControl) (*share.CLUSGroup, uint64, error)

func (*MockCluster) GetInstallationID 

func (m *MockCluster) GetInstallationID() (string, error)

func (MockCluster) GetObjectCertRev 

func (m MockCluster) GetObjectCertRev(cn string) (*share.CLUSX509Cert, uint64, error)

func (*MockCluster) GetPolicyRule 

func (m *MockCluster) GetPolicyRule(id uint32) (*share.CLUSPolicyRule, uint64)

func (*MockCluster) GetPolicyRuleList 

func (m *MockCluster) GetPolicyRuleList() []*share.CLUSRuleHead

func (*MockCluster) GetProcessProfile 

func (m *MockCluster) GetProcessProfile(group string) *share.CLUSProcessProfile

func (*MockCluster) GetPwdProfileRev 

func (m *MockCluster) GetPwdProfileRev(name string, acc *access.AccessControl) (*share.CLUSPwdProfile, uint64, error)

func (*MockCluster) GetRegistry 

func (m *MockCluster) GetRegistry(name string, acc *access.AccessControl) (*share.CLUSRegistryConfig, uint64, error)

func (*MockCluster) GetResponseRuleList 

func (m *MockCluster) GetResponseRuleList(policyName string) []*share.CLUSRuleHead

func (*MockCluster) GetScanReport 

func (m *MockCluster) GetScanReport(key string) *share.CLUSScanReport

func (*MockCluster) GetServerRev 

func (m *MockCluster) GetServerRev(name string, acc *access.AccessControl) (*share.CLUSServer, uint64, error)

func (*MockCluster) GetSystemConfigRev 

func (m *MockCluster) GetSystemConfigRev(acc *access.AccessControl) (*share.CLUSSystemConfig, uint64)

func (*MockCluster) GetUserRev 

func (m *MockCluster) GetUserRev(fullname string, acc *access.AccessControl) (*share.CLUSUser, uint64, error)

func (*MockCluster) Init 

func (m *MockCluster) Init(rules []*share.CLUSPolicyRule, groups []*share.CLUSGroup)

func (*MockCluster) PutActivePwdProfileName 

func (m *MockCluster) PutActivePwdProfileName(name string) error

func (*MockCluster) PutComplianceProfile 

func (m *MockCluster) PutComplianceProfile(cp *share.CLUSComplianceProfile, rev *uint64) error

func (*MockCluster) PutComplianceProfileIfNotExist 

func (m *MockCluster) PutComplianceProfileIfNotExist(cp *share.CLUSComplianceProfile) error

func (*MockCluster) PutCustomRoleRev 

func (m *MockCluster) PutCustomRoleRev(role *share.CLUSUserRole, rev uint64, acc *access.AccessControl) error

func (*MockCluster) PutGroup 

func (m *MockCluster) PutGroup(group *share.CLUSGroup, create bool) error

func (MockCluster) PutObjectCert 

func (m MockCluster) PutObjectCert(cn, keyPath, certPath string, cert *share.CLUSX509Cert) error

func (MockCluster) PutObjectCertMemory 

func (m MockCluster) PutObjectCertMemory(cn string, in *share.CLUSX509Cert, out *share.CLUSX509Cert, index uint64) error

func (*MockCluster) PutPolicyRule 

func (m *MockCluster) PutPolicyRule(rule *share.CLUSPolicyRule) error

func (*MockCluster) PutPolicyRuleList 

func (m *MockCluster) PutPolicyRuleList(crhs []*share.CLUSRuleHead) error

func (*MockCluster) PutPolicyRuleListTxn 

func (m *MockCluster) PutPolicyRuleListTxn(txn *cluster.ClusterTransact, crhs []*share.CLUSRuleHead) error

func (*MockCluster) PutPolicyRuleRev 

func (m *MockCluster) PutPolicyRuleRev(rule *share.CLUSPolicyRule, rev uint64) error

func (*MockCluster) PutPolicyRuleTxn 

func (m *MockCluster) PutPolicyRuleTxn(txn *cluster.ClusterTransact, rule *share.CLUSPolicyRule) error

func (*MockCluster) PutProcessProfile 

func (m *MockCluster) PutProcessProfile(group string, pg *share.CLUSProcessProfile) error

func (*MockCluster) PutPwdProfileRev 

func (m *MockCluster) PutPwdProfileRev(profile *share.CLUSPwdProfile, rev uint64) error

func (*MockCluster) PutRegistry 

func (m *MockCluster) PutRegistry(config *share.CLUSRegistryConfig, rev uint64) error

func (*MockCluster) PutRegistryIfNotExist 

func (m *MockCluster) PutRegistryIfNotExist(config *share.CLUSRegistryConfig) error

func (*MockCluster) PutRegistryImageSummary 

func (m *MockCluster) PutRegistryImageSummary(name, id string, sum *share.CLUSRegistryImageSummary) error

func (*MockCluster) PutRegistryImageSummaryAndReport 

func (m *MockCluster) PutRegistryImageSummaryAndReport(name, id, fedRole string, sum *share.CLUSRegistryImageSummary, report *share.CLUSScanReport) error

func (*MockCluster) PutServerIfNotExist 

func (m *MockCluster) PutServerIfNotExist(server *share.CLUSServer) error

func (*MockCluster) PutServerRev 

func (m *MockCluster) PutServerRev(server *share.CLUSServer, rev uint64) error

func (*MockCluster) PutSystemConfigRev 

func (m *MockCluster) PutSystemConfigRev(conf *share.CLUSSystemConfig, rev uint64) error

func (*MockCluster) PutUserRev 

func (m *MockCluster) PutUserRev(user *share.CLUSUser, rev uint64) error

func (*MockCluster) ReleaseLock 

func (m *MockCluster) ReleaseLock(lock cluster.LockInterface)

func (*MockCluster) SetCacheMockCallback 

func (m *MockCluster) SetCacheMockCallback(keyStore string, mockFunc MockKvConfigUpdateFunc)

func (*MockCluster) UpdateFedRulesRevision 

func (m *MockCluster) UpdateFedRulesRevision(ruleTypes []string) bool

type MockKvConfigUpdateFunc 

type MockKvConfigUpdateFunc func(nType cluster.ClusterNotifyType, key string, value []byte)

type PauseResumeStoreWatcherFunc 

type PauseResumeStoreWatcherFunc func(ip string, port uint16, req share.CLUSStoreWatcherInfo) error

type PostImportFunc 

type PostImportFunc func(err error, importTask share.CLUSImportTask, loginDomainRoles access.DomainRole, tempToken, importType string)

type RevertFedRolesFunc 

type RevertFedRolesFunc func(acc *access.AccessControl)

type ValidityPeriod 

type ValidityPeriod struct {
	Year  int
	Month int
	Day   int
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.