rules

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	LookupTypeResource = iota
	LookupTypeSubject
)

Variables

This section is empty.

Functions

func CompileJMESPathExpression 

func CompileJMESPathExpression(expr string) (*jmespath.JMESPath, error)

CompileJMESPathExpression checks to see if its argument is an expression of the form `{{ ... }}` where ... is a JMESPath expression. If the argument doesn't appear to be an expression, it is returned as a literal expression.

Types

type LookupType 

type LookupType uint8

LookupType defines whether an LR or LS request is made for a filter

type MapMatcher 

type MapMatcher map[RequestMeta][]*RunnableRule

MapMatcher stores rules in a map keyed on GVR and Verb

func NewMapMatcher 

func NewMapMatcher(configRules []proxyrule.Config) (MapMatcher, error)

NewMapMatcher creates a MapMatcher for a set of rules

func (MapMatcher) Match 

func (m MapMatcher) Match(match *request.RequestInfo) []*RunnableRule

type Matcher 

type Matcher interface {
	Match(match *request.RequestInfo) []*RunnableRule
}

A Matcher holds a set of matching rules in memory for fast matching against incoming requests. Currently there is only a hash map implementation; you could imagine more interesting ways of matching requests.

type MatcherFunc 

type MatcherFunc func(match *request.RequestInfo) []*RunnableRule

MatcherFunc is a function type that implements Matcher

func (MatcherFunc) Match 

func (f MatcherFunc) Match(match *request.RequestInfo) []*RunnableRule

type PreFilter 

type PreFilter struct {
	LookupType
	Name, Namespace *jmespath.JMESPath
	Rel             *RelExpr
}

PreFilter defines a filter that returns values that will be used to filter the name/namespace of the kube objects.

type RelExpr 

type RelExpr struct {
	ResourceType     *jmespath.JMESPath
	ResourceID       *jmespath.JMESPath
	ResourceRelation *jmespath.JMESPath
	SubjectType      *jmespath.JMESPath
	SubjectID        *jmespath.JMESPath
	SubjectRelation  *jmespath.JMESPath
}

RelExpr represents a relationship with optional JMESExpr expressions for field values.

type RequestMeta 

type RequestMeta struct {
	Verb       string
	APIGroup   string
	APIVersion string
	Resource   string
}

RequestMeta uniquely identifies the type of request, and is used to find matching rules.

type ResolveInput 

type ResolveInput struct {
	Name           string                        `json:"name"`
	Namespace      string                        `json:"namespace"`
	NamespacedName string                        `json:"namespacedName"`
	Request        *request.RequestInfo          `json:"request"`
	User           *user.DefaultInfo             `json:"user"`
	Object         *metav1.PartialObjectMetadata `json:"object"`
	Body           []byte                        `json:"body"`
	Headers        http.Header                   `json:"headers"`
}

ResolveInput is the data fed into RelExpr to be evaluated.

func NewResolveInput 

func NewResolveInput(req *request.RequestInfo, user *user.DefaultInfo, object *metav1.PartialObjectMetadata, body []byte, headers http.Header) *ResolveInput

NewResolveInput creates a ResolveInput with normalized fields.

func NewResolveInputFromHttp 

func NewResolveInputFromHttp(req *http.Request) (*ResolveInput, error)

type ResolveInputExtractor 

type ResolveInputExtractor interface {
	ExtractFromHttp(req *http.Request) (*ResolveInput, error)
}

ResolveInputExtractor defines how ResolveInput are extracted from requests. This interface exists so that tests can easily fake the request data.

type ResolveInputExtractorFunc 

type ResolveInputExtractorFunc func(req *http.Request) (*ResolveInput, error)

ResolveInputExtractorFunc is a function type that implements ResolveInputExtractor

func (ResolveInputExtractorFunc) ExtractFromHttp 

func (f ResolveInputExtractorFunc) ExtractFromHttp(req *http.Request) (*ResolveInput, error)

type ResolvedPreFilter 

type ResolvedPreFilter struct {
	LookupType
	Name, Namespace *jmespath.JMESPath
	Rel             *ResolvedRel
}

ResolvedPreFilter contains a resolved Rel that determines how to make the LR / LS request. Name and Namespace are still jmespath expressions because the operate over the LR / LS response.

type ResolvedRel 

type ResolvedRel UncompiledRelExpr

ResolvedRel holds values after all expressions have been evaluated. It has the same structure as string templates in UncompiledRelExpr, but with resolved values.

func ResolveRel 

func ResolveRel(expr *RelExpr, input *ResolveInput) (*ResolvedRel, error)

type RunnableRule 

type RunnableRule struct {
	LockMode  proxyrule.LockMode
	Checks    []*RelExpr
	Must      []*RelExpr
	MustNot   []*RelExpr
	Writes    []*RelExpr
	PreFilter []*PreFilter
}

RunnableRule is a set of checks, writes, and filters with fully compiled expressions for building and matching relationships.

func Compile 

func Compile(config proxyrule.Config) (*RunnableRule, error)

Compile creates a RunnableRule from a passed in config object. String templates are parsed into relationship template expressions and any jmespath expressions are pre-compiled and stored.

type UncompiledRelExpr 

type UncompiledRelExpr struct {
	ResourceType     string
	ResourceID       string
	ResourceRelation string
	SubjectType      string
	SubjectID        string
	SubjectRelation  string
}

UncompiledRelExpr represents a relationship template expression that hasn't been converted to RelExpr yet.

func ParseRelSring 

func ParseRelSring(tpl string) (*UncompiledRelExpr, error)

ParseRelSring parses a string representation of a relationship template expression.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.