generator

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2021 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ExplicitAllowAll = &NetpolPeers{
		Rules: []*Rule{
			{},
		},
	}
	DenyAll = &NetpolPeers{
		Rules: nil,
	}
	// DenyAll2 should be identical to DenyAll -- but just in case :)
	DenyAll2 = &NetpolPeers{
		Rules: []*Rule{},
	}

	AllowAllPodsRule = &Rule{
		Peers: []networkingv1.NetworkPolicyPeer{
			{
				NamespaceSelector: &metav1.LabelSelector{},
			},
		},
	}

	AllowAllByPod = &NetpolPeers{
		Rules: []*Rule{AllowAllPodsRule},
	}

	AllowAllByIPRule = &Rule{
		Peers: []networkingv1.NetworkPolicyPeer{
			{
				IPBlock: &networkingv1.IPBlock{
					CIDR: "0.0.0.0/0",
				},
			},
		},
	}

	AllowAllByIP = &NetpolPeers{
		Rules: []*Rule{AllowAllByIPRule},
	}

	DenyAllByIPRule = &Rule{
		Peers: []networkingv1.NetworkPolicyPeer{
			{
				IPBlock: &networkingv1.IPBlock{
					CIDR: "0.0.0.0/31",
				},
			},
		},
	}

	DenyAllByIP = &NetpolPeers{
		Rules: []*Rule{DenyAllByIPRule},
	}

	DenyAllByPodRule = &Rule{
		Peers: []networkingv1.NetworkPolicyPeer{
			{
				PodSelector: nil,
				NamespaceSelector: &metav1.LabelSelector{
					MatchLabels: map[string]string{"this-will-never-happen": "qrs123"},
				},
			},
		},
	}

	DenyAllByPod = &NetpolPeers{
		Rules: []*Rule{DenyAllByPodRule},
	}
)
View Source 
var (
	AllowDNSRule = &Rule{
		Ports: []NetworkPolicyPort{
			{
				Protocol: &udp,
				Port:     &port53,
			},
		},
	}

	AllowDNSPeers = &NetpolPeers{
		Rules: []*Rule{AllowDNSRule},
	}
)
View Source 
var (
	TypicalNamespace = "x"
	TypicalTarget    = metav1.LabelSelector{
		MatchLabels:      map[string]string{"pod": "a"},
		MatchExpressions: nil,
	}
	TypicalPorts = []NetworkPolicyPort{{Protocol: &tcp, Port: &port80}}
	TypicalPeers = []NetworkPolicyPeer{
		{
			PodSelector: &metav1.LabelSelector{
				MatchLabels: map[string]string{"pod": "b"},
			},
			NamespaceSelector: &metav1.LabelSelector{
				MatchLabels: map[string]string{"ns": "y"},
			},
		},
	}
)

Functions

func DefaultIPBlockPeers 

func DefaultIPBlockPeers(podIP string) []NetworkPolicyPeer

func DefaultNamespaces 

func DefaultNamespaces() []string

func DefaultPodPeers 

func DefaultPodPeers(podIP string) []NetworkPolicyPeer

func DefaultPorts 

func DefaultPorts() []NetworkPolicyPort

func DefaultTargets 

func DefaultTargets() []metav1.LabelSelector

Types

type Action added in v0.1.0 

type Action struct {
	CreatePolicy        *CreatePolicyAction
	UpdatePolicy        *UpdatePolicyAction
	DeletePolicy        *DeletePolicyAction
	SetNamespaceLabels  *SetNamespaceLabelsAction
	SetPodLabels        *SetPodLabelsAction
	ReadNetworkPolicies *ReadNetworkPoliciesAction
}

Action: exactly one field must be non-null. This models a discriminated union (sum type).

func CreatePolicy added in v0.1.0 

func CreatePolicy(policy *networkingv1.NetworkPolicy) *Action

func DeletePolicy added in v0.1.0 

func DeletePolicy(ns string, name string) *Action

func ReadNetworkPolicies added in v0.1.0 

func ReadNetworkPolicies(namespaces []string) *Action

func SetNamespaceLabels added in v0.1.0 

func SetNamespaceLabels(ns string, labels map[string]string) *Action

func SetPodLabels added in v0.1.0 

func SetPodLabels(namespace string, pod string, labels map[string]string) *Action

func UpdatePolicy added in v0.1.0 

func UpdatePolicy(policy *networkingv1.NetworkPolicy) *Action

type ConflictGenerator added in v0.0.10 

type ConflictGenerator struct {
	AllowDNS    bool
	Source      *NetpolTarget
	Destination *NetpolTarget
}

func (*ConflictGenerator) GenerateTestCases added in v0.1.0 

func (c *ConflictGenerator) GenerateTestCases() []*TestCase

func (*ConflictGenerator) NetworkPolicies added in v0.0.10 

func (c *ConflictGenerator) NetworkPolicies(source *NetpolTarget, dest *NetpolTarget) []*TestCase

type CreatePolicyAction added in v0.1.0 

type CreatePolicyAction struct {
	Policy *networkingv1.NetworkPolicy
}

type DeletePolicyAction added in v0.1.0 

type DeletePolicyAction struct {
	Namespace string
	Name      string
}

type FragmentGenerator 

type FragmentGenerator struct {
	AllowDNS bool
	// multidimensional generation
	Ports      []NetworkPolicyPort
	PodPeers   []NetworkPolicyPeer
	Targets    []metav1.LabelSelector
	Namespaces []string
	// unidimensional typicals
	TypicalPorts     []NetworkPolicyPort
	TypicalPeers     []NetworkPolicyPeer
	TypicalTarget    metav1.LabelSelector
	TypicalNamespace string
}

func NewDefaultFragmentGenerator added in v0.0.9 

func NewDefaultFragmentGenerator(allowDNS bool, namespaces []string, podIP string) *FragmentGenerator

func (*FragmentGenerator) EgressPolicies 

func (g *FragmentGenerator) EgressPolicies() []*NetworkPolicy

func (*FragmentGenerator) FragmentEgressPolicies added in v0.0.9 

func (g *FragmentGenerator) FragmentEgressPolicies() []*NetworkPolicy

func (*FragmentGenerator) FragmentIngressPolicies added in v0.0.9 

func (g *FragmentGenerator) FragmentIngressPolicies() []*NetworkPolicy

func (*FragmentGenerator) FragmentPolicies added in v0.0.9 

func (g *FragmentGenerator) FragmentPolicies() []*NetworkPolicy

func (*FragmentGenerator) GenerateTestCases added in v0.1.0 

func (g *FragmentGenerator) GenerateTestCases() []*TestCase

func (*FragmentGenerator) IngressEgressPolicies 

func (g *FragmentGenerator) IngressEgressPolicies(allowDNS bool) []*NetworkPolicy

func (*FragmentGenerator) IngressPolicies 

func (g *FragmentGenerator) IngressPolicies() []*NetworkPolicy

func (*FragmentGenerator) PeerSlices 

func (g *FragmentGenerator) PeerSlices() [][]NetworkPolicyPeer

func (*FragmentGenerator) PortSlices 

func (g *FragmentGenerator) PortSlices() [][]NetworkPolicyPort

func (*FragmentGenerator) RuleSlices 

func (g *FragmentGenerator) RuleSlices() [][]*Rule

func (*FragmentGenerator) Rules 

func (g *FragmentGenerator) Rules() []*Rule

type Netpol 

type Netpol struct {
	Name    string
	Target  *NetpolTarget
	Ingress *NetpolPeers
	Egress  *NetpolPeers
}

Netpol helps us to avoid the To/From Ingress/Egress dance. By splitting a NetworkPolicy into Target and Peers, it makes them easier to manipulate.

func AllowAllEgressDenyAllIngress added in v0.0.10 

func AllowAllEgressDenyAllIngress(source *NetpolTarget, dest *NetpolTarget) []*Netpol

func AllowAllIngressDenyAllEgress added in v0.0.10 

func AllowAllIngressDenyAllEgress(source *NetpolTarget, dest *NetpolTarget) []*Netpol

func AllowDNSPolicy added in v0.1.0 

func AllowDNSPolicy(source *NetpolTarget) *Netpol

func DenyAllEgressAllowAllEgress added in v0.0.10 

func DenyAllEgressAllowAllEgress(source *NetpolTarget) []*Netpol

func DenyAllEgressAllowAllEgressByIP added in v0.0.10 

func DenyAllEgressAllowAllEgressByIP(source *NetpolTarget) []*Netpol

func DenyAllEgressAllowAllEgressByPod added in v0.0.10 

func DenyAllEgressAllowAllEgressByPod(source *NetpolTarget) []*Netpol

func DenyAllEgressByIP added in v0.0.10 

func DenyAllEgressByIP(source *NetpolTarget) []*Netpol

func DenyAllEgressByIPAllowAllEgressByPod added in v0.0.10 

func DenyAllEgressByIPAllowAllEgressByPod(source *NetpolTarget) []*Netpol

func DenyAllEgressByPod added in v0.0.10 

func DenyAllEgressByPod(source *NetpolTarget) []*Netpol

func DenyAllEgressByPodAllowAllEgressByIP added in v0.0.10 

func DenyAllEgressByPodAllowAllEgressByIP(source *NetpolTarget) []*Netpol

func DenyAllIngressAllowAllIngress added in v0.0.10 

func DenyAllIngressAllowAllIngress(dest *NetpolTarget) []*Netpol

func DenyAllIngressAllowAllIngressByIP added in v0.0.10 

func DenyAllIngressAllowAllIngressByIP(source *NetpolTarget) []*Netpol

func DenyAllIngressAllowAllIngressByPod added in v0.0.10 

func DenyAllIngressAllowAllIngressByPod(source *NetpolTarget) []*Netpol

func DenyAllIngressByIP added in v0.0.10 

func DenyAllIngressByIP(source *NetpolTarget) []*Netpol

func DenyAllIngressByIPAllowAllIngressByPod added in v0.0.10 

func DenyAllIngressByIPAllowAllIngressByPod(source *NetpolTarget) []*Netpol

func DenyAllIngressByPod added in v0.0.10 

func DenyAllIngressByPod(source *NetpolTarget) []*Netpol

func DenyAllIngressByPodAllowAllIngressByIP added in v0.0.10 

func DenyAllIngressByPodAllowAllIngressByIP(source *NetpolTarget) []*Netpol

func (*Netpol) NetworkPolicy 

func (n *Netpol) NetworkPolicy() *NetworkPolicy

func (*Netpol) NetworkPolicySpec added in v0.0.10 

func (n *Netpol) NetworkPolicySpec() *NetworkPolicySpec

type NetpolPeers added in v0.0.10 

type NetpolPeers struct {
	Rules []*Rule
}

type NetpolTarget added in v0.0.10 

type NetpolTarget struct {
	Namespace   string
	PodSelector metav1.LabelSelector
}

func NewNetpolTarget added in v0.1.0 

func NewNetpolTarget(namespace string, matchLabels map[string]string, matchExpressions []metav1.LabelSelectorRequirement) *NetpolTarget

type ReadNetworkPoliciesAction added in v0.1.0 

type ReadNetworkPoliciesAction struct {
	Namespaces []string
}

type Rule 

type Rule struct {
	Ports []NetworkPolicyPort
	Peers []NetworkPolicyPeer
}

func (*Rule) Egress 

func (r *Rule) Egress() NetworkPolicyEgressRule

func (*Rule) Ingress 

func (r *Rule) Ingress() NetworkPolicyIngressRule

type SetNamespaceLabelsAction added in v0.1.0 

type SetNamespaceLabelsAction struct {
	Namespace string
	Labels    map[string]string
}

type SetPodLabelsAction added in v0.1.0 

type SetPodLabelsAction struct {
	Namespace string
	Pod       string
	Labels    map[string]string
}

type TestCase added in v0.1.0 

type TestCase struct {
	Description string
	Steps       []*TestStep
}

func NewSingleStepTestCase added in v0.1.0 

func NewSingleStepTestCase(description string, port int, protocol v1.Protocol, actions ...*Action) *TestCase

func NewTestCase added in v0.1.0 

func NewTestCase(description string, steps ...*TestStep) *TestCase

type TestCaseGenerator added in v0.1.0 

type TestCaseGenerator interface {
	GenerateTestCases() []*TestCase
}

type TestStep added in v0.1.0 

type TestStep struct {
	Port     int
	Protocol v1.Protocol
	Actions  []*Action
}

func NewTestStep added in v0.1.0 

func NewTestStep(port int, protocol v1.Protocol, actions ...*Action) *TestStep

type UpdatePolicyAction added in v0.1.0 

type UpdatePolicyAction struct {
	Policy *networkingv1.NetworkPolicy
}

type UpstreamE2EGenerator added in v0.1.0 

type UpstreamE2EGenerator struct{}

func (*UpstreamE2EGenerator) GenerateTestCases added in v0.1.0 

func (u *UpstreamE2EGenerator) GenerateTestCases() []*TestCase

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.