policystore

package

v3.6.3+incompatible Latest Latest Go to latest Published: Apr 26, 2019 License: Apache-2.0 Imports: 8 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/projectcalico/app-policy

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type IPSet
- func NewIPSet(t syncapi.IPSetUpdate_IPSetType) IPSet
type PolicyStore
- func NewPolicyStore() *PolicyStore
- func (s *PolicyStore) Read(readFn func(store *PolicyStore))
- func (s *PolicyStore) Write(writeFn func(store *PolicyStore))

Constants ¶

View Source

const BitmapSize = 4

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IPSet ¶

type IPSet interface {
	// Idempotent add IP address to set.
	// ip depends on the IPSet type:
	// IP          - Each member is an IP address in dotted-decimal or IPv6 format.
	// IP_AND_PORT - Each member is "<IP>,(tcp|udp):<port-number>"
	// NET         - Each member is a CIDR (note individual IPs can be full-length prefixes)
	AddString(ip string)

	// Idempotent remove IP address from set.
	// ip depends on the IPSet type:
	// IP          - Each member is an IP address in dotted-decimal or IPv6 format.
	// IP_AND_PORT - Each member is "<IP>,(tcp|udp):<port-number>"
	// NET         - Each member is a CIDR. Only removes exact matches.
	RemoveString(ip string)

	// Test if the address is contained in the set.
	ContainsAddress(addr *envoyapi.Address) bool
}

IPSet is a data structure that contains IP addresses, or IP address/port pairs. It allows fast membership tests of Address objects from the authorization API.

func NewIPSet ¶

func NewIPSet(t syncapi.IPSetUpdate_IPSetType) IPSet

NewIPSet creates an IPSet of the appropriate type given by t.

type PolicyStore ¶

type PolicyStore struct {
	// The RWMutex protects the entire contents of the PolicyStore. No one should read from or write to the PolicyStore
	// without acquiring the corresponding lock.
	// Helper methods Write() and Read() encapsulate the correct locking logic.
	RWMutex sync.RWMutex

	PolicyByID         map[proto.PolicyID]*proto.Policy
	ProfileByID        map[proto.ProfileID]*proto.Profile
	IPSetByID          map[string]IPSet
	Endpoint           *proto.WorkloadEndpoint
	ServiceAccountByID map[proto.ServiceAccountID]*proto.ServiceAccountUpdate
	NamespaceByID      map[proto.NamespaceID]*proto.NamespaceUpdate
}

PolicyStore is a data store that holds Calico policy information.

func NewPolicyStore ¶

func NewPolicyStore() *PolicyStore

func (*PolicyStore) Read ¶

func (s *PolicyStore) Read(readFn func(store *PolicyStore))

Read the PolicyStore, handling locking logic. readFn is the logic that actually does the reading.

func (*PolicyStore) Write ¶

func (s *PolicyStore) Write(writeFn func(store *PolicyStore))

Write to/update the PolicyStore, handling locking logic. writeFn is the logic that actually does the update.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL