-
Notifications
You must be signed in to change notification settings - Fork 51
/
rpcserver.go
117 lines (92 loc) · 3.37 KB
/
rpcserver.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package enforcerproxy
import (
"context"
"errors"
"fmt"
"time"
"go.aporeto.io/trireme-lib/collector"
"go.aporeto.io/trireme-lib/common"
"go.aporeto.io/trireme-lib/controller/internal/enforcer/utils/rpcwrapper"
"go.uber.org/zap"
)
// ProxyRPCServer This struct is a receiver for Statsserver and maintains a handle to the RPC ProxyRPCServer.
type ProxyRPCServer struct {
collector collector.EventCollector
rpchdl rpcwrapper.RPCServer
secret string
tokenIssuer common.ServiceTokenIssuer
}
// PostStats is the function called from the remoteenforcer when it has new flow events to publish.
func (r *ProxyRPCServer) PostStats(req rpcwrapper.Request, resp *rpcwrapper.Response) error {
if !r.rpchdl.ProcessMessage(&req, r.secret) {
return errors.New("message sender cannot be verified")
}
payload := req.Payload.(rpcwrapper.StatsPayload)
for _, record := range payload.Flows {
r.collector.CollectFlowEvent(record)
}
payload.Flows = nil
for _, record := range payload.Users {
r.collector.CollectUserEvent(record)
}
payload.Users = nil
return nil
}
// PostPacketEvent is called from the remote to post multiple records from the remoteenforcer
func (r *ProxyRPCServer) PostPacketEvent(req rpcwrapper.Request, resp *rpcwrapper.Response) error {
if !r.rpchdl.ProcessMessage(&req, r.secret) {
return errors.New("message sender cannot be verified")
}
payload := req.Payload.(rpcwrapper.DebugPacketPayload)
for _, record := range payload.PacketRecords {
r.collector.CollectPacketEvent(record)
}
payload.PacketRecords = nil
return nil
}
// PostCounterEvent is called from the remote to post multiple counter records from the remoteenforcer
func (r *ProxyRPCServer) PostCounterEvent(req rpcwrapper.Request, resp *rpcwrapper.Response) error {
if !r.rpchdl.ProcessMessage(&req, r.secret) {
return errors.New("message sender cannot be verified")
}
payload := req.Payload.(rpcwrapper.CounterReportPayload)
for _, record := range payload.CounterReports {
zap.L().Debug("Posting Remote counters")
r.collector.CollectCounterEvent(record)
}
payload.CounterReports = nil
return nil
}
// DNSReports is called from the remote to post dns requests
func (r *ProxyRPCServer) DNSReports(req rpcwrapper.Request, resp *rpcwrapper.Response) error {
if !r.rpchdl.ProcessMessage(&req, r.secret) {
return errors.New("message sender cannot be verified")
}
payload := req.Payload.(rpcwrapper.DNSReportPayload)
zap.L().Debug("Posting DNS requests")
r.collector.CollectDNSRequests(payload.Report)
payload.Report = nil
return nil
}
// RetrieveToken propagates the master request to the token retriever and returns a token.
func (r *ProxyRPCServer) RetrieveToken(req rpcwrapper.Request, resp *rpcwrapper.Response) error {
if !r.rpchdl.ProcessMessage(&req, r.secret) {
return errors.New("message sender cannot be verified")
}
payload, ok := req.Payload.(rpcwrapper.TokenRequestPayload)
if !ok {
return errors.New("invalid request payload for token request")
}
ctx, cancel := context.WithTimeout(context.Background(), time.Second*60)
defer cancel()
token, err := r.tokenIssuer.Issue(ctx, payload.ContextID, payload.ServiceTokenType, payload.Audience, payload.Validity)
if err != nil {
resp.Status = "error"
return fmt.Errorf("control plane failed to issue token: %s", err)
}
resp.Status = "ok"
resp.Payload = &rpcwrapper.TokenResponsePayload{
Token: token,
}
return nil
}