policystore

package
v3.8.9-app-policy+inco... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 2, 2020 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source
const BitmapSize = 4

Variables

This section is empty.

Functions

This section is empty.

Types

type IPSet

type IPSet interface {
	// Idempotent add IP address to set.
	// ip depends on the IPSet type:
	// IP          - Each member is an IP address in dotted-decimal or IPv6 format.
	// IP_AND_PORT - Each member is "<IP>,(tcp|udp):<port-number>"
	// NET         - Each member is a CIDR (note individual IPs can be full-length prefixes)
	AddString(ip string)

	// Idempotent remove IP address from set.
	// ip depends on the IPSet type:
	// IP          - Each member is an IP address in dotted-decimal or IPv6 format.
	// IP_AND_PORT - Each member is "<IP>,(tcp|udp):<port-number>"
	// NET         - Each member is a CIDR. Only removes exact matches.
	RemoveString(ip string)

	// Test if the address is contained in the set.
	ContainsAddress(addr *envoyapi.Address) bool
}

IPSet is a data structure that contains IP addresses, or IP address/port pairs. It allows fast membership tests of Address objects from the authorization API.

func NewIPSet

NewIPSet creates an IPSet of the appropriate type given by t.

type PolicyStore

type PolicyStore struct {
	// The RWMutex protects the entire contents of the PolicyStore. No one should read from or write to the PolicyStore
	// without acquiring the corresponding lock.
	// Helper methods Write() and Read() encapsulate the correct locking logic.
	RWMutex sync.RWMutex

	PolicyByID         map[proto.PolicyID]*proto.Policy
	ProfileByID        map[proto.ProfileID]*proto.Profile
	IPSetByID          map[string]IPSet
	Endpoint           *proto.WorkloadEndpoint
	ServiceAccountByID map[proto.ServiceAccountID]*proto.ServiceAccountUpdate
	NamespaceByID      map[proto.NamespaceID]*proto.NamespaceUpdate
}

PolicyStore is a data store that holds Calico policy information.

func NewPolicyStore

func NewPolicyStore() *PolicyStore

func (*PolicyStore) Read

func (s *PolicyStore) Read(readFn func(store *PolicyStore))

Read the PolicyStore, handling locking logic. readFn is the logic that actually does the reading.

func (*PolicyStore) Write

func (s *PolicyStore) Write(writeFn func(store *PolicyStore))

Write to/update the PolicyStore, handling locking logic. writeFn is the logic that actually does the update.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL