netpoleval

package

v0.0.0-...-ed96a3d Latest Latest Go to latest Published: Jan 15, 2022 License: GPL-3.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cheriot/netpoltool

Links

Open Source Insights

Documentation ¶

Index ¶

func EvalResultString(er EvalResult) string
func MatchIPBlock(ipBlock nwv1.IPBlock, ip net.IP, ipStr string) (bool, error)
func MatchLabelSelector(podSelector metav1.LabelSelector, podLabels map[string]string) bool
func PortContains(rulePort nwv1.NetworkPolicyPort, toPort DestinationPort) bool
type ConnectionSide
- func NewExternalConnection(ip string, port string, protocol string) (ConnectionSide, error)
type DestinationPort
type EvalResult
type ExternalConnection
type NetpolResult
type PodConnection
- func NewPodConnection(pod *corev1.Pod, ns *corev1.Namespace, policies []nwv1.NetworkPolicy, ...) (*PodConnection, error)
type PortResult
- func Eval(source *PodConnection, dest ConnectionSide) []PortResult

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EvalResultString ¶

func EvalResultString(er EvalResult) string

func MatchIPBlock ¶

func MatchIPBlock(ipBlock nwv1.IPBlock, ip net.IP, ipStr string) (bool, error)

func MatchLabelSelector ¶

func MatchLabelSelector(podSelector metav1.LabelSelector, podLabels map[string]string) bool

func PortContains ¶

func PortContains(rulePort nwv1.NetworkPolicyPort, toPort DestinationPort) bool

Types ¶

type ConnectionSide ¶

type ConnectionSide interface {
	GetName() string
	MatchNamespaceSelector(metav1.LabelSelector) bool
	MatchPodSelector(metav1.LabelSelector) bool
	MatchIPBlock(nwv1.IPBlock) (bool, error)
	IsInNamespace(string) bool
	IsOnNode(string) bool
	IsInCluster() bool
	GetPolicies() []nwv1.NetworkPolicy
	GetPorts() []DestinationPort
}

func NewExternalConnection ¶

func NewExternalConnection(ip string, port string, protocol string) (ConnectionSide, error)

type DestinationPort ¶

type DestinationPort struct {
	IsInCluster bool // Does this port represent something in the *current* k8s cluster?
	Name        string
	Num         int32
	Protocol    corev1.Protocol
}

type EvalResult ¶

type EvalResult uint8

const (
	NoMatch EvalResult = iota
	Deny
	Allow
)

type ExternalConnection ¶

type ExternalConnection struct {
	IP   net.IP
	Port DestinationPort
	// contains filtered or unexported fields
}

func (*ExternalConnection) GetName ¶

func (c *ExternalConnection) GetName() string

func (*ExternalConnection) GetPolicies ¶

func (c *ExternalConnection) GetPolicies() []nwv1.NetworkPolicy

func (*ExternalConnection) GetPorts ¶

func (c *ExternalConnection) GetPorts() []DestinationPort

func (*ExternalConnection) IsInCluster ¶

func (c *ExternalConnection) IsInCluster() bool

func (*ExternalConnection) IsInNamespace ¶

func (c *ExternalConnection) IsInNamespace(string) bool

func (*ExternalConnection) IsOnNode ¶

func (c *ExternalConnection) IsOnNode(name string) bool

func (*ExternalConnection) MatchIPBlock ¶

func (c *ExternalConnection) MatchIPBlock(ipBlock nwv1.IPBlock) (bool, error)

func (*ExternalConnection) MatchNamespaceSelector ¶

func (c *ExternalConnection) MatchNamespaceSelector(metav1.LabelSelector) bool

func (*ExternalConnection) MatchPodSelector ¶

func (c *ExternalConnection) MatchPodSelector(metav1.LabelSelector) bool

type NetpolResult ¶

type NetpolResult struct {
	Netpol nwv1.NetworkPolicy
	EvalResult
}

type PodConnection ¶

type PodConnection struct {
	Pod       *corev1.Pod
	Namespace *corev1.Namespace
	Policies  []nwv1.NetworkPolicy
	// contains filtered or unexported fields
}

func NewPodConnection ¶

func NewPodConnection(pod *corev1.Pod, ns *corev1.Namespace, policies []nwv1.NetworkPolicy, portNameOrNum string) (*PodConnection, error)

func (*PodConnection) GetName ¶

func (c *PodConnection) GetName() string

func (*PodConnection) GetPolicies ¶

func (c *PodConnection) GetPolicies() []nwv1.NetworkPolicy

func (*PodConnection) GetPorts ¶

func (c *PodConnection) GetPorts() []DestinationPort

func (*PodConnection) IsInCluster ¶

func (c *PodConnection) IsInCluster() bool

func (*PodConnection) IsInNamespace ¶

func (c *PodConnection) IsInNamespace(n string) bool

func (*PodConnection) IsOnNode ¶

func (c *PodConnection) IsOnNode(name string) bool

func (*PodConnection) MatchIPBlock ¶

func (c *PodConnection) MatchIPBlock(ipBlock nwv1.IPBlock) (bool, error)

func (*PodConnection) MatchNamespaceSelector ¶

func (c *PodConnection) MatchNamespaceSelector(labelSelector metav1.LabelSelector) bool

func (*PodConnection) MatchPodSelector ¶

func (c *PodConnection) MatchPodSelector(labelSelector metav1.LabelSelector) bool

type PortResult ¶

type PortResult struct {
	ToPort         DestinationPort
	Egress         []NetpolResult
	Ingress        []NetpolResult
	IngressAllowed bool
	EgressAllowed  bool
	Allowed        bool
}

func Eval ¶

func Eval(source *PodConnection, dest ConnectionSide) []PortResult

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL