policy

package
v1.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 22, 2017 License: GPL-2.0 Imports: 3 Imported by: 19

Documentation

Overview

Package policy describes a generic interface for retrieving policies. Different implementations are possible for environments such as Kubernetes, Mesos or other custom environments. An implementation has to provide a method for retrieving policy based on the metadata associated with the container and deleting the policy when the container dies. It is up to the implementation to decide how to generate the policy. The package also defines the basic data structure for communicating policy information. The implementations are responsible for providing all the necessary data.

Index

Constants

View Source
const (
	// Equal is the equal operator
	Equal = "="
	// NotEqual is the not equal operator
	NotEqual = "=!"
	// KeyExists is the key=* operator
	KeyExists = "*"
	// KeyNotExists means that the key doesnt exist in the incoming tags
	KeyNotExists = "!*"
)
View Source
const (
	// AllowAll allows everything for the specific PU.
	AllowAll = 0x1
	// Police filters on the PU based on the PolicyRules.
	Police = 0x2
)
View Source
const (
	// DefaultNamespace is the default namespace for applying policy
	DefaultNamespace = "bridge"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type FlowAction

type FlowAction int

FlowAction is the action that can be applied to a flow.

const (
	// Accept is the accept action
	Accept FlowAction = 0x1
	// Reject is the reject  action
	Reject FlowAction = 0x2
	// Log intstructs the data to log informat
	Log FlowAction = 0x4
	// Encrypt instructs data to be encrypted
	Encrypt FlowAction = 0x8
)

type IPMap

type IPMap struct {
	IPs map[string]string
}

An IPMap is a map of Key:Values used for IP Addresses.

func NewIPMap

func NewIPMap(ips map[string]string) *IPMap

NewIPMap returns a new instance of IPMap

func (*IPMap) Add

func (i *IPMap) Add(k, v string)

Add adds a key value pair

func (*IPMap) Clone

func (i *IPMap) Clone() *IPMap

Clone returns a copy of the map

func (*IPMap) Get

func (i *IPMap) Get(k string) (string, bool)

Get returns the value of a given key

type IPRule

type IPRule struct {
	Address  string
	Port     string
	Protocol string
	Action   FlowAction
}

IPRule holds IP rules to external services

type IPRuleList

type IPRuleList struct {
	Rules []IPRule
}

IPRuleList is a list of IP rules

func NewIPRuleList

func NewIPRuleList(rules []IPRule) *IPRuleList

NewIPRuleList returns a new IP rule list

func (*IPRuleList) Clone

func (l *IPRuleList) Clone() *IPRuleList

Clone creates a clone of the IP rule list

type InfoInteractor

type InfoInteractor interface {

	// Clone returns a copy of the policy
	Clone() *PUPolicy

	// ApplicationACLs returns a copy of IPRuleList
	ApplicationACLs() *IPRuleList

	// NetworkACLs returns a copy of IPRuleList
	NetworkACLs() *IPRuleList

	// ReceiverRules returns a copy of TagSelectorList
	ReceiverRules() *TagSelectorList

	// TransmitterRules returns a copy of TagSelectorList
	TransmitterRules() *TagSelectorList

	// Identity  returns a copy of the identity
	Indentity() *TagsMap

	// Annotations returns a copy of the Annotations
	Annotations() *TagsMap

	// DefaultIPAddress returns the default IP address for the processing unit
	DefaultIPAddress() (string, bool)
}

InfoInteractor is the interface for setting up policy before providing to trireme

type KeyValueOperator

type KeyValueOperator struct {
	Key      string
	Value    []string
	Operator Operator
}

KeyValueOperator describes an individual matching rule

func NewKeyValueOperator

func NewKeyValueOperator(k string, o Operator, kvos []string) *KeyValueOperator

NewKeyValueOperator returns an empty KeyValueOperator

func (*KeyValueOperator) Clone

func (k *KeyValueOperator) Clone() *KeyValueOperator

Clone returns a copy of the KeyValueOperator

type Operator

type Operator string

Operator defines the operation between your key and value.

type PUAction

type PUAction int

PUAction defines the action types that applies for a specific PU as a whole.

type PUInfo

type PUInfo struct {
	// ContextID is the ID of the container that the policy applies to
	ContextID string
	// Policy is an instantiation of the container policy
	Policy *PUPolicy
	// RunTime captures all data that are captured from the container
	Runtime *PURuntime
}

PUInfo captures all policy information related to a connection

func NewPUInfo

func NewPUInfo(contextID string, puType constants.PUType) *PUInfo

NewPUInfo instantiates a new ContainerPolicy

func PUInfoFromPolicyAndRuntime

func PUInfoFromPolicyAndRuntime(contextID string, policyInfo *PUPolicy, runtimeInfo *PURuntime) *PUInfo

PUInfoFromPolicyAndRuntime generates a ContainerInfo Struct from an existing RuntimeInfo and PolicyInfo

type PUPolicy

type PUPolicy struct {

	// ManagementID is provided for the policy implementations as a means of
	// holding a policy identifier related to the implementation
	ManagementID string
	//TriremeAction defines what level of policy should be applied to that container.
	TriremeAction PUAction

	// Extensions is an interface to a data structure that allows the policy supervisor
	// to pass additional instructions to a plugin. Plugin and policy must be
	// coordinated to implement the interface
	Extensions interface{}
	// contains filtered or unexported fields
}

PUPolicy captures all policy information related ot the container

func NewPUPolicy

func NewPUPolicy(
	id string,
	action PUAction,
	appACLs,
	netACLs *IPRuleList,
	txtags, rxtags *TagSelectorList,
	identity, annotations *TagsMap,
	ips *IPMap,
	triremeNetworks []string,
	excludedNetworks []string,
	e interface{}) *PUPolicy

NewPUPolicy generates a new ContainerPolicyInfo appACLs are the ACLs for packet coming from the Application/PU to the Network. netACLs are the ACLs for packet coming from the Network to the Application/PU.

func NewPUPolicyWithDefaults

func NewPUPolicyWithDefaults() *PUPolicy

NewPUPolicyWithDefaults sets up a PU policy with defaults

func (*PUPolicy) AddIdentityTag

func (p *PUPolicy) AddIdentityTag(k, v string)

AddIdentityTag adds a policy tag

func (*PUPolicy) AddReceiverRules

func (p *PUPolicy) AddReceiverRules(t *TagSelector)

AddReceiverRules adds a receiver rule

func (*PUPolicy) AddTransmitterRules

func (p *PUPolicy) AddTransmitterRules(t *TagSelector)

AddTransmitterRules adds a transmitter rule

func (*PUPolicy) Annotations

func (p *PUPolicy) Annotations() *TagsMap

Annotations returns a copy of the annotations

func (*PUPolicy) ApplicationACLs

func (p *PUPolicy) ApplicationACLs() *IPRuleList

ApplicationACLs returns a copy of IPRuleList

func (*PUPolicy) Clone

func (p *PUPolicy) Clone() *PUPolicy

Clone returns a copy of the policy

func (*PUPolicy) DefaultIPAddress

func (p *PUPolicy) DefaultIPAddress() (string, bool)

DefaultIPAddress returns the default IP address for the processing unit

func (*PUPolicy) ExcludedNetworks

func (p *PUPolicy) ExcludedNetworks() []string

ExcludedNetworks returns the list of excluded networks.

func (*PUPolicy) IPAddresses

func (p *PUPolicy) IPAddresses() *IPMap

IPAddresses returns all the IP addresses for the processing unit

func (*PUPolicy) Identity

func (p *PUPolicy) Identity() *TagsMap

Identity returns a copy of the Identity

func (*PUPolicy) NetworkACLs

func (p *PUPolicy) NetworkACLs() *IPRuleList

NetworkACLs returns a copy of IPRuleList

func (*PUPolicy) ReceiverRules

func (p *PUPolicy) ReceiverRules() *TagSelectorList

ReceiverRules returns a copy of TagSelectorList

func (*PUPolicy) SetIPAddresses

func (p *PUPolicy) SetIPAddresses(l *IPMap)

SetIPAddresses sets the IP addresses for the processing unit

func (*PUPolicy) TransmitterRules

func (p *PUPolicy) TransmitterRules() *TagSelectorList

TransmitterRules returns a copy of TagSelectorList

func (*PUPolicy) TriremeNetworks

func (p *PUPolicy) TriremeNetworks() []string

TriremeNetworks returns the list of networks that Trireme must be applied

func (*PUPolicy) UpdateExcludedNetworks

func (p *PUPolicy) UpdateExcludedNetworks(networks []string)

UpdateExcludedNetworks updates the list of excluded networks.

func (*PUPolicy) UpdateTriremeNetworks

func (p *PUPolicy) UpdateTriremeNetworks(networks []string)

UpdateTriremeNetworks updates the set of networks for trireme

type PURuntime

type PURuntime struct {
	// contains filtered or unexported fields
}

PURuntime holds all data related to the status of the container run time

func NewPURuntime

func NewPURuntime(name string, pid int, tags *TagsMap, ips *IPMap, puType constants.PUType, options *TagsMap) *PURuntime

NewPURuntime Generate a new RuntimeInfo

func NewPURuntimeWithDefaults

func NewPURuntimeWithDefaults() *PURuntime

NewPURuntimeWithDefaults sets up PURuntime with defaults

func (*PURuntime) Clone

func (r *PURuntime) Clone() *PURuntime

Clone returns a copy of the policy

func (*PURuntime) DefaultIPAddress

func (r *PURuntime) DefaultIPAddress() (string, bool)

DefaultIPAddress returns the default IP address for the processing unit

func (*PURuntime) IPAddresses

func (r *PURuntime) IPAddresses() *IPMap

IPAddresses returns all the IP addresses for the processing unit

func (*PURuntime) MarshalJSON

func (r *PURuntime) MarshalJSON() ([]byte, error)

MarshalJSON Marshals this struct.

func (*PURuntime) Name

func (r *PURuntime) Name() string

Name returns the PID

func (*PURuntime) Options

func (r *PURuntime) Options() *TagsMap

Options returns tags for the processing unit

func (*PURuntime) PUType

func (r *PURuntime) PUType() constants.PUType

PUType returns the PU type

func (*PURuntime) Pid

func (r *PURuntime) Pid() int

Pid returns the PID

func (*PURuntime) SetIPAddresses

func (r *PURuntime) SetIPAddresses(ipa *IPMap)

SetIPAddresses sets up all the IP addresses for the processing unit

func (*PURuntime) SetOptions

func (r *PURuntime) SetOptions(options *TagsMap)

SetOptions sets the Options

func (*PURuntime) SetPUType added in v1.0.3

func (r *PURuntime) SetPUType(puType constants.PUType)

SetPUType sets the PU Type

func (*PURuntime) SetPid

func (r *PURuntime) SetPid(pid int)

SetPid sets the PID

func (*PURuntime) Tag

func (r *PURuntime) Tag(key string) (string, bool)

Tag returns a specific tag for the processing unit

func (*PURuntime) Tags

func (r *PURuntime) Tags() *TagsMap

Tags returns tags for the processing unit

func (*PURuntime) UnmarshalJSON

func (r *PURuntime) UnmarshalJSON(param []byte) error

UnmarshalJSON Unmarshals this struct.

type PURuntimeJSON

type PURuntimeJSON struct {
	// PUType is the type of the PU
	PUType constants.PUType
	// Pid holds the value of the first process of the container
	Pid int
	// Name is the name of the container
	Name string
	// IPAddress is the IP Address of the container
	IPAddresses *IPMap
	// Tags is a map of the metadata of the container
	Tags *TagsMap
	// Options is a map of the options of the container
	Options *TagsMap
}

PURuntimeJSON is a Json representation of PURuntime

type RuntimeReader

type RuntimeReader interface {

	// Pid returns the Pid of the Runtime.
	Pid() int

	// Name returns the process name of the Runtime.
	Name() string

	// Tag returns  the value of the given tag.
	Tag(string) (string, bool)

	// Tags returns a copy of the list of the tags.
	Tags() *TagsMap

	// Options returns a copy of the list of options.
	Options() *TagsMap

	// DefaultIPAddress retutns the default IP address.
	DefaultIPAddress() (string, bool)

	// IPAddresses returns a copy of all the IP addresses.
	IPAddresses() *IPMap
	//Returns the PUType for the PU
	PUType() constants.PUType
}

A RuntimeReader allows to get the specific parameters stored in the Runtime

type TagSelector

type TagSelector struct {
	Clause []KeyValueOperator
	Action FlowAction
}

TagSelector info describes a tag selector key Operator value

func NewTagSelector

func NewTagSelector(clauses []KeyValueOperator, a FlowAction) *TagSelector

NewTagSelector return a new TagSelector

func (*TagSelector) Clone

func (t *TagSelector) Clone() *TagSelector

Clone returns a copy of the TagSelector

type TagSelectorList

type TagSelectorList struct {
	TagSelectors []TagSelector
}

TagSelectorList defines a list of TagSelector

func NewTagSelectorList

func NewTagSelectorList(tss []TagSelector) *TagSelectorList

NewTagSelectorList return a new TagSelectorList

func (*TagSelectorList) Clone

func (t *TagSelectorList) Clone() *TagSelectorList

Clone returns a copy of the TagSelectorList

type TagsMap

type TagsMap struct {
	Tags map[string]string
}

A TagsMap is a map of Key:Values used as tags.

func NewTagsMap

func NewTagsMap(tags map[string]string) *TagsMap

NewTagsMap returns a new instance of TagsMap

func (*TagsMap) Add

func (t *TagsMap) Add(k, v string)

Add adds a key value pair

func (*TagsMap) Clone

func (t *TagsMap) Clone() *TagsMap

Clone returns a copy of the map

func (*TagsMap) Get

func (t *TagsMap) Get(k string) (string, bool)

Get returns the value of a given key

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL