de.fhg.aisec.ids.api.cm

Interface ContainerManager

public interface ContainerManager

Controls Application Containers of the underlying platform.

The container management layer can be Docker or trust-X.

Method Summary

Modifier and Type	Method and Description
java.lang.Object	getMetadata(java.lang.String containerID) Returns metadata associated with the service running in the container.
java.lang.String	getVersion() Returns the container management layer which is currently in use.
java.lang.String	inspectContainer(java.lang.String containerID) Retrieves configuration data about a container.
java.util.List<ApplicationContainer>	list(boolean onlyRunning) List currently installed containers.
java.util.Optional<java.lang.String>	pullImage(ApplicationContainer app) Pulls an image from the online registry.
void	restartContainer(java.lang.String containerID) Restarts a container without stopping it first.
void	setIpRule(java.lang.String containerID, Direction direction, int srcPort, int dstPort, java.lang.String srcDstRange, Protocol protocol, Decision decision) Configures an IP rule for a container.
void	startContainer(java.lang.String containerID, java.lang.String key) Starts a container.
void	stopContainer(java.lang.String containerID) Stops a container.
void	wipe(java.lang.String containerID) Wipes are container from disk, i.e. removes it irreversibly.

Method Detail

getVersion

java.lang.String getVersion()

Returns the container management layer which is currently in use.

One of docker, trust-X, none.

Returns:

list

java.util.List<ApplicationContainer> list(boolean onlyRunning)

List currently installed containers.

The respective docker command is: docker ps -a.

Parameters:

onlyRunning - If set to true, only currently running containers are displayed.

Returns:

wipe

void wipe(java.lang.String containerID)
   throws NoContainerExistsException

Wipes are container from disk, i.e. removes it irreversibly.

Parameters:

containerID - Hash of the container.

Throws:

NoContainerExistsException

startContainer

void startContainer(java.lang.String containerID,
                    java.lang.String key)
             throws NoContainerExistsException

Starts a container.

If the container is already running, this method will do nothing.

The container must already exist, otherwise an exception will be thrown.

Parameters:

containerID -

key -

Throws:

NoContainerExistsException

stopContainer

void stopContainer(java.lang.String containerID)
            throws NoContainerExistsException

Stops a container.

A stopped container does not execute any processes, but its persisted data is still present. It can be started by startContainer again, i.e. the sequence stopContainer(x); startContainer(X); has no effect. *

If the container is already stopped, this method will do nothing.

The container must already exist, otherwise an exception will be thrown.

Parameters:

containerID -

Throws:

NoContainerExistsException

restartContainer

void restartContainer(java.lang.String containerID)
               throws NoContainerExistsException

Restarts a container without stopping it first.

The container must already exist, otherwise an exception will be thrown.

Parameters:

containerID -

Throws:

NoContainerExistsException

inspectContainer

java.lang.String inspectContainer(java.lang.String containerID)
                           throws NoContainerExistsException

Retrieves configuration data about a container.

The data format returned will depend on the underlying CML implementation. As for docker, this command will return the output of the command docker inspect.

If meta data is stored in container labels, the result of getMetaData will also be contained in the result of this method.

Parameters:

containerID - ID of the container. If does not exist, a NoContainerExistsException will be thrown.

Returns:

Throws:

NoContainerExistsException

getMetadata

java.lang.Object getMetadata(java.lang.String containerID)
                      throws NoContainerExistsException

Returns metadata associated with the service running in the container.

The data format returned depends on the meta data implementation, but will usually be RDF.

Parameters:

containerID -

Returns:

Throws:

NoContainerExistsException

pullImage

java.util.Optional<java.lang.String> pullImage(ApplicationContainer app)
                                        throws NoContainerExistsException

Pulls an image from the online registry.

The online registry can be given as a URL. If it is not given, the standard Docker registry is used in case of a Docker CML implementation.

This method blocks until the image has been pulled or an exception has occurred. As this is a long running operation, it should always be called in a separate thread.

Parameters:

image -

Returns:

Throws:

NoContainerExistsException

setIpRule

void setIpRule(java.lang.String containerID,
               Direction direction,
               int srcPort,
               int dstPort,
               java.lang.String srcDstRange,
               Protocol protocol,
               Decision decision)

Configures an IP rule for a container.

By default, containers do not have IP connectivity, i.e. all inbound and outbound traffic is blocked.

This method can be used to allow specific communication channels from/to a container.

Parameters:

containerID - ID of the container. It must exist, otherwise a NoContainerExistsException will be thrown.

direction - INBOUND for traffic going into the container or OUTBOUND for traffic leaving the container. Replies within established TCP sessions will always be allowed, there is no need to configure them.

srcPort - IP source port.

dstPort - IP destination port.

srcDestRange - Remote IP, i.e. for OUTBOUND traffic, IP range of the destination. For INBOUND traffic, IP range of the source.

protocol - TPC or UDP.

decision - ALLOW, DENY, or DROP