firewaller

package
v0.0.0-...-84dfa8d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2025 License: AGPL-3.0 Imports: 30 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewModelFirewallRulesWatcher 

func NewModelFirewallRulesWatcher(modelConfigService ModelConfigService) (*modelFirewallRulesWatcher, error)

NewModelFirewallRulesWatcher returns a worker that notifies when a change to something determining the model firewall rules takes place

NOTE: At this time, ssh-allow model config item is the only thing that needs to be watched

func Register 

func Register(registry facade.FacadeRegistry)

Register is called to expose a package of facades onto a given registry.

func StateShim 

func StateShim(st *state.State, m *state.Model) stateShim

TODO(wallyworld) - for tests, remove when remaining firewaller tests become unit tests.

Types

type ApplicationService 

type ApplicationService interface {
	GetUnitLife(context.Context, unit.Name) (life.Value, error)
}

ApplicationService provides access to the application service.

type ControllerConfigAPI 

type ControllerConfigAPI interface {
	// ControllerConfig returns the controller's configuration.
	ControllerConfig(context.Context) (params.ControllerConfigResult, error)

	// ControllerAPIInfoForModels returns the controller api connection details for the specified models.
	ControllerAPIInfoForModels(ctx context.Context, args params.Entities) (params.ControllerAPIInfoResults, error)
}

ControllerConfigAPI provides the subset of common.ControllerConfigAPI required by the remote firewaller facade

type ControllerConfigService 

type ControllerConfigService interface {
	ControllerConfig(context.Context) (controller.Config, error)
}

ControllerConfigService is an interface that provides access to the controller configuration.

type FirewallerAPI 

type FirewallerAPI struct {
	*common.LifeGetter
	*commonmodel.ModelConfigWatcher
	*common.AgentEntityWatcher
	*common.UnitsWatcher
	*commonmodel.ModelMachinesWatcher
	*common.InstanceIdGetter
	ControllerConfigAPI
	cloudspec.CloudSpecer
	// contains filtered or unexported fields
}

FirewallerAPI provides access to the Firewaller API facade.

func NewStateFirewallerAPI 

func NewStateFirewallerAPI(
	st State,
	networkService NetworkService,
	resources facade.Resources,
	watcherRegistry facade.WatcherRegistry,
	authorizer facade.Authorizer,
	cloudSpecAPI cloudspec.CloudSpecer,
	controllerConfigAPI ControllerConfigAPI,
	controllerConfigService ControllerConfigService,
	modelConfigService ModelConfigService,
	applicationService ApplicationService,
	machineService MachineService,
	logger corelogger.Logger,
) (*FirewallerAPI, error)

NewStateFirewallerAPI creates a new server-side FirewallerAPIV7 facade.

func (*FirewallerAPI) AreManuallyProvisioned 

func (f *FirewallerAPI) AreManuallyProvisioned(ctx context.Context, args params.Entities) (params.BoolResults, error)

AreManuallyProvisioned returns whether each given entity is manually provisioned or not. Only machine tags are accepted.

func (*FirewallerAPI) GetAssignedMachine 

func (f *FirewallerAPI) GetAssignedMachine(ctx context.Context, args params.Entities) (params.StringResults, error)

GetAssignedMachine returns the assigned machine tag (if any) for each given unit.

func (*FirewallerAPI) GetExposeInfo 

func (f *FirewallerAPI) GetExposeInfo(ctx context.Context, args params.Entities) (params.ExposeInfoResults, error)

GetExposeInfo returns the expose flag and per-endpoint expose settings for the specified applications.

func (*FirewallerAPI) Life 

func (f *FirewallerAPI) Life(ctx context.Context, args params.Entities) (params.LifeResults, error)

Life returns the life status of the specified entities.

func (*FirewallerAPI) MacaroonForRelations 

func (f *FirewallerAPI) MacaroonForRelations(ctx context.Context, args params.Entities) (params.MacaroonResults, error)

MacaroonForRelations returns the macaroon for the specified relations.

func (*FirewallerAPI) ModelFirewallRules 

func (f *FirewallerAPI) ModelFirewallRules(ctx context.Context) (params.IngressRulesResult, error)

ModelFirewallRules returns the firewall rules that this model is configured to open

func (*FirewallerAPI) SetRelationsStatus 

func (f *FirewallerAPI) SetRelationsStatus(ctx context.Context, args params.SetStatus) (params.ErrorResults, error)

SetRelationsStatus sets the status for the specified relations.

func (*FirewallerAPI) SpaceInfos 

func (f *FirewallerAPI) SpaceInfos(ctx context.Context, args params.SpaceInfosParams) (params.SpaceInfos, error)

SpaceInfos returns a comprehensive representation of either all spaces or a filtered subset of the known spaces and their associated subnet details.

func (*FirewallerAPI) WatchEgressAddressesForRelations 

func (f *FirewallerAPI) WatchEgressAddressesForRelations(ctx context.Context, relations params.Entities) (params.StringsWatchResults, error)

WatchEgressAddressesForRelations creates a watcher that notifies when addresses, from which connections will originate for the relation, change. Each event contains the entire set of addresses which are required for ingress for the relation.

func (*FirewallerAPI) WatchIngressAddressesForRelations 

func (f *FirewallerAPI) WatchIngressAddressesForRelations(ctx context.Context, relations params.Entities) (params.StringsWatchResults, error)

WatchIngressAddressesForRelations creates a watcher that returns the ingress networks that have been recorded against the specified relations.

func (*FirewallerAPI) WatchModelFirewallRules 

func (f *FirewallerAPI) WatchModelFirewallRules(ctx context.Context) (params.NotifyWatchResult, error)

WatchModelFirewallRules returns a NotifyWatcher that notifies of potential changes to a model's configured firewall rules

func (*FirewallerAPI) WatchSubnets 

func (f *FirewallerAPI) WatchSubnets(ctx context.Context, args params.Entities) (params.StringsWatchResult, error)

WatchSubnets returns a new StringsWatcher that watches the specified subnet tags or all tags if no entities are specified.

type MachineService 

type MachineService interface {
	// EnsureDeadMachine sets the provided machine's life status to Dead.
	// No error is returned if the provided machine doesn't exist, just nothing
	// gets updated.
	EnsureDeadMachine(ctx context.Context, machineName machine.Name) error
	// GetMachineUUID returns the UUID of a machine identified by its name.
	GetMachineUUID(ctx context.Context, name machine.Name) (string, error)
	// InstanceID returns the cloud specific instance id for this machine.
	InstanceID(ctx context.Context, mUUID string) (instance.Id, error)
	// InstanceIDAndName returns the cloud specific instance ID and display name for
	// this machine.
	InstanceIDAndName(ctx context.Context, machineUUID string) (instance.Id, string, error)
	// HardwareCharacteristics returns the hardware characteristics of the
	// specified machine.
	HardwareCharacteristics(ctx context.Context, machineUUID string) (*instance.HardwareCharacteristics, error)
}

MachineService defines the methods that the facade assumes from the Machine service.

type ModelConfigService 

type ModelConfigService interface {
	ModelConfig(ctx context.Context) (*config.Config, error)
	Watch() (watcher.StringsWatcher, error)
}

ModelConfigService is an interface that provides access to the model configuration.

type NetworkService 

type NetworkService interface {
	// GetAllSpaces returns all spaces for the model.
	GetAllSpaces(ctx context.Context) (network.SpaceInfos, error)
	// Watch returns a watcher that observes changes to subnets and their
	// association (fan underlays), filtered based on the provided list of subnets
	// to watch.
	WatchSubnets(ctx context.Context, subnetUUIDsToWatch set.Strings) (watcher.StringsWatcher, error)
}

NetworkService is the interface that is used to interact with the network spaces/subnets.

type State 

type State interface {
	firewall.State

	IsController() bool
	ModelUUID() string
	GetMacaroon(entity names.Tag) (*macaroon.Macaroon, error)
	FindEntity(tag names.Tag) (state.Entity, error)
}

State provides the subset of global state required by the remote firewaller facade.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.