security

package

v0.6.0 Latest Latest Go to latest Published: Oct 4, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation ¶

Index ¶

Constants
type Client
- func NewClient(securityPolicies *compute.SecurityPoliciesClient, ...) *Client
- func (c *Client) ApplyPolicy(ctx context.Context, cluster *capg.GCPCluster, policy Policy) error
- func (c *Client) DeletePolicy(ctx context.Context, cluster *capg.GCPCluster, name string) error
type ClusterNATIPResolver
type Policy
type PolicyReconciler
- func NewPolicyReconciler(defaultAPIAllowList []string, managementCluster types.NamespacedName, ...) *PolicyReconciler
- func (r *PolicyReconciler) Reconcile(ctx context.Context, cluster *capg.GCPCluster) error
- func (r *PolicyReconciler) ReconcileDelete(ctx context.Context, cluster *capg.GCPCluster) error
type PolicyRule
type SecurityPolicyClient

Constants ¶

const (
	ActionAllow   = "allow"
	ActionDeny403 = "deny(403)"

	SecurityPolicyVersionedExpr = "SRC_IPS_V1"

	DefaultRuleDescription = "Default rule, higher priority overrides it"
	DefaultRuleIPRanges    = "*"
	DefaultRulePriority    = int32(math.MaxInt32)
)

View Source

const AnnotationAPIAllowListSubnets = "api.gcp.giantswarm.io/allowlist"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func NewClient ¶

func NewClient(securityPolicies *compute.SecurityPoliciesClient, backendServices *compute.BackendServicesClient) *Client

func (*Client) ApplyPolicy ¶

func (c *Client) ApplyPolicy(ctx context.Context, cluster *capg.GCPCluster, policy Policy) error

func (*Client) DeletePolicy ¶

func (c *Client) DeletePolicy(ctx context.Context, cluster *capg.GCPCluster, name string) error

type ClusterNATIPResolver ¶

type ClusterNATIPResolver interface {
	GetIPs(context.Context, types.NamespacedName) ([]string, error)
}

type Policy ¶

type Policy struct {
	Name          string
	Description   string
	DefaultAction string
	Rules         []PolicyRule
}

type PolicyReconciler ¶

type PolicyReconciler struct {
	// contains filtered or unexported fields
}

func NewPolicyReconciler ¶

func NewPolicyReconciler(
	defaultAPIAllowList []string,
	managementCluster types.NamespacedName,
	securityPolicyClient SecurityPolicyClient,
	ipResolver ClusterNATIPResolver,
) *PolicyReconciler

func (*PolicyReconciler) Reconcile ¶

func (r *PolicyReconciler) Reconcile(ctx context.Context, cluster *capg.GCPCluster) error

func (*PolicyReconciler) ReconcileDelete ¶

func (r *PolicyReconciler) ReconcileDelete(ctx context.Context, cluster *capg.GCPCluster) error

type PolicyRule ¶

type PolicyRule struct {
	Action         string
	Description    string
	SourceIPRanges []string
	Priority       int32
}

type SecurityPolicyClient ¶

type SecurityPolicyClient interface {
	ApplyPolicy(context.Context, *capg.GCPCluster, Policy) error
	DeletePolicy(context.Context, *capg.GCPCluster, string) error
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
securityfakes Code generated by counterfeiter.	Code generated by counterfeiter.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL