-
Notifications
You must be signed in to change notification settings - Fork 154
/
Copy pathmain.go
87 lines (72 loc) · 2.85 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package main
import (
"flag"
"fmt"
"os"
"runtime"
"time"
"github.com/open-policy-agent/contrib/opa-iptables/pkg/controller"
"github.com/open-policy-agent/contrib/opa-iptables/pkg/logging"
"github.com/open-policy-agent/contrib/opa-iptables/pkg/version"
"github.com/sirupsen/logrus"
)
func main() {
opaEndpoint := flag.String("opa-endpoint", "http://127.0.0.1:8181", "endpoint of opa in form of http://ip:port i.e. http://192.33.0.1:8181")
opaAuthorization := flag.String("opa-authorization", "", "Bearer token for OPA authorization")
opaTrustedCAFile := flag.String("opa-trusted-cafile", "", "File path to the OPA trusted CA certificate")
controllerAddr := flag.String("controller-host", "0.0.0.0", "controller host")
// setting default port value to some high port to prevent accidentally block this port in IPTable rules
controllerPort := flag.String("controller-port", "33455", "controller port on which it listen on")
logFormat := flag.String("log-format", "text", "set log format. i.e. text | json | json-pretty")
logLevel := flag.String("log-level", "info", "set log level. i.e. info | debug | error")
watcherInterval := flag.Duration("watch-interval", 1*time.Minute, "time interval for watcher to check for any update in watcherState")
v := flag.Bool("v", false, "show version")
workerCount := flag.Int("worker", 3, "number of workers needed for watcher")
watcherFlag := flag.Bool("watcher", false, "use experimental watcher")
flag.Parse()
if *v {
fmt.Printf("Version= %v\nCommit= %v\n", version.Version, version.Commit)
os.Exit(0)
}
logConfig := logging.Config{
Format: *logFormat,
Level: *logLevel,
}
logging.SetupLogging(logConfig)
logger := logging.GetLogger()
if runtime.GOOS != "linux" {
logger.Errorln("\"iptables\" utility is only supported on Linux kernel. It's seems like that you are not running Linux kernel.")
os.Exit(1)
}
if !iptablesExists() {
logger.Error("command \"iptables\" not found at path \"/sbin/iptables\".")
fmt.Println(installationHelp)
os.Exit(1)
}
if *workerCount < 1 || *workerCount > 10 {
logger.Fatalf(`Provided worker count "%v" is not valid. It must be between 1 and 10.`, *workerCount)
}
controllerConfig := controller.Config{
OpaEndpoint: *opaEndpoint,
ControllerAddr: *controllerAddr,
ControllerPort: *controllerPort,
WatcherInterval: *watcherInterval,
WatcherFlag: *watcherFlag,
WorkerCount: *workerCount,
OpaAuthorization: *opaAuthorization,
OpaTrustedCAFile: *opaTrustedCAFile,
}
logger.WithFields(logrus.Fields{
"OPA Endpoint": controllerConfig.OpaEndpoint,
"Log Format": logConfig.Format,
"Log Level": logConfig.Level,
}).Info("Started Controller with following configuration:")
c := controller.New(controllerConfig)
c.Run()
}
func iptablesExists() bool {
if _, err := os.Stat("/sbin/iptables"); os.IsNotExist(err) {
return false
}
return true
}