Documentation
¶
Overview ¶
Package provider contains the cloud providers related interfaces and models.
Package provider contains the cloud providers related interfaces and models.
Package provider contains the cloud providers related interfaces and models.
Package provider contains the cloud providers related interfaces and models.
Index ¶
- func IsErrBadRequest(err error) bool
- func IsErrConflict(err error) bool
- func IsErrForbidden(err error) bool
- func IsErrInternal(err error) bool
- func IsErrNotFound(err error) bool
- func ReconcilePermissions(ctx context.Context, firewallRuleID string, addFunc, delFunc PermFunc, ...) error
- type Address
- type AssociateAddressRequest
- type AssociateFirewallRuleRequest
- type Client
- type CreateFirewallRuleGroupRequest
- type CreateFirewallRuleRequest
- type Direction
- type DisassociateAddressRequest
- type Error
- type ErrorCode
- type FirewallRule
- type FirewallRuleGroup
- type FirewallRuleSpec
- type IPPermission
- type IPRange
- type Instance
- type NetworkInterface
- type PermFunc
- type Provider
- type UpdateFirewallRuleGroupRequest
- type UpdateFirewallRuleRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsErrBadRequest ¶
IsErrBadRequest returns if error is kind BadRequestError
func IsErrConflict ¶
IsErrConflict returns if error is kind ConflictError
func IsErrForbidden ¶
IsErrForbidden returns if error is kind ForbiddenError
func IsErrInternal ¶
IsErrInternal returns if error is kind InternalError
func IsErrNotFound ¶
IsErrNotFound returns if error is kind NotFoundError
func ReconcilePermissions ¶
func ReconcilePermissions( ctx context.Context, firewallRuleID string, addFunc, delFunc PermFunc, want, get []*IPPermission, ) error
ReconcilePermissions perform create / delete on given permissions to to reach the desired state of firewall rules.
Types ¶
type Address ¶
type Address struct {
// The ID of the address.
AddressID string
// The ID representing the association of the address with a network interface
AssociationID *string
// The address public IP.
PublicIP string
}
Describes an external IP address.
type AssociateAddressRequest ¶
type AssociateAddressRequest struct {
// The ID of the address.
AddressID string
// The ID of the network interface that the address is associated with.
NetworkInterfaceID string
}
AssociateAddressRequest wraps parameters required to associate an Address to a Network interface.
type AssociateFirewallRuleRequest ¶
type AssociateFirewallRuleRequest struct {
// The ID of the firewall rule.
FirewallRuleID string
// The ID of the network interface that the firewall rule is associated with.
NetworkInterfaceID string
}
AssociateFirewallRuleRequest wraps parameters required to associate a firewall rule to a Network interface.
type Client ¶
type Client interface {
GetInstance(ctx context.Context, instanceID string) (*Instance, error)
GetAddress(ctx context.Context, addressID string) (*Address, error)
CreateAddress(ctx context.Context) (*Address, error)
DeleteAddress(ctx context.Context, addressID string) error
AssociateAddress(ctx context.Context, req AssociateAddressRequest) error
DisassociateAddress(ctx context.Context, req DisassociateAddressRequest) error
FetchFirewallRule(ctx context.Context, firewallRuleGroupID string) error
CreateFirewallRule(ctx context.Context, req CreateFirewallRuleRequest) (string, error)
CreateFirewallRuleGroup(ctx context.Context, req CreateFirewallRuleGroupRequest) (string, error)
UpdateFirewallRule(ctx context.Context, req UpdateFirewallRuleRequest) (*FirewallRule, error)
UpdateFirewallRuleGroup(ctx context.Context, req UpdateFirewallRuleGroupRequest) (string, error)
DeleteFirewallRule(ctx context.Context, firewallRuleID string) error
AssociateFirewallRule(ctx context.Context, req AssociateFirewallRuleRequest) error
DisassociateFirewallRule(ctx context.Context, req AssociateFirewallRuleRequest) error
}
The necessary methods for a provider client are described here. According of the Provider.HasGroupedFirewallRules implementation, one of the CreateFirewallRule / CreateFirewallRuleGroup and UpdateFirewallRule / UpdateFirewallRuleGroup methods must be implemented.
type CreateFirewallRuleGroupRequest ¶
type CreateFirewallRuleGroupRequest struct {
// The name of the firewall rule group.
Name string
// A description for the firewall rule group. This is informational only.
Description string
// The FirewallRules list.
FirewallRules []FirewallRuleSpec
}
CreateFirewallRuleGroupRequest wraps parameters required to create a firewall rule group.
type CreateFirewallRuleRequest ¶
type CreateFirewallRuleRequest struct {
FirewallRuleSpec
}
CreateFirewallRuleRequest wraps parameters required to create a firewall rule.
type Direction ¶
type Direction string
Direction describes the traffic direction. Ingress applies to incoming traffic. Egress applies to outbound traffic.
type DisassociateAddressRequest ¶
type DisassociateAddressRequest struct {
// The association identifier.
AssociationID string
}
DisassociateAddressRequest wraps parameters required to disassociate an Address to a Network interface.
type ErrorCode ¶
type ErrorCode string
ErrorCode is an error code type
const ( // BadRequestError is when the user apparently made an error in the request BadRequestError ErrorCode = "BadRequestError" // ForbiddenError is when the operation is denied by the permissions ForbiddenError ErrorCode = "ForbiddenError" // NotFoundError is when the requested resource does not exist NotFoundError ErrorCode = "NotFoundError" // ConflictError indicates that the request could not be processed because of conflict in the current state of the resource ConflictError ErrorCode = "ConflictError" // InternalError is when there was an unexpected error in the server InternalError ErrorCode = "InternalError" )
type FirewallRule ¶
type FirewallRule struct {
// The ID of the firewall rule.
FirewallRuleID string
// The ID of the VPC.
VpcID string
FirewallRuleSpec
}
FirewallRule describes a set of permissions for a firewall.
type FirewallRuleGroup ¶
type FirewallRuleGroup struct {
// The name of the firewall rule group.
Name string
// A description for the firewall rule group. This is informational only.
Description string
// The FirewallRules list.
FirewallRules []FirewallRuleSpec
}
FirewallRuleGroup describes a group of firewall rules.
type FirewallRuleSpec ¶
type FirewallRuleSpec struct {
// The name of the firewall rule.
Name string
// A description for the firewall rule. This is informational only.
Description string
// The traffic direction. Ingress applies to incoming traffic. Egress applies to outbound traffic.
Direction Direction
// The permission associated with the firewall rule.
IPPermission *IPPermission
}
FirewallRuleSpec describes the firewall rule configuration.
type IPPermission ¶
type IPPermission struct {
// The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6
// type number.
FromPort int64
// The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers
// (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)).
// Use -1 to specify all protocols.
Protocol string
// The IPv4 ranges.
IPRanges []*IPRange
// The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
ToPort *int64
}
IPPermission describes a set of permissions for a firewall rule.
func GetEgressIPPermissions ¶
func GetEgressIPPermissions(slice []FirewallRuleSpec) []*IPPermission
GetEgressIPPermission get egress permissions from rule slice.
func GetIngressIPPermissions ¶
func GetIngressIPPermissions(slice []FirewallRuleSpec) []*IPPermission
GetIngressIPPermissions get ingress permissions from rule slice.
type IPRange ¶
type IPRange struct {
// The IPv4 CIDR range. You can either specify a CIDR range or a source security
// group, not both. To specify a single IPv4 address, use the /32 prefix length.
CIDR string `json:"cidr"`
// A description for the security group rule that references this IPv4 address
// range.
//
// AWS Constraints: Up to 255 characters in length. Allowed characters are a-z,
// A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
Description string `json:"description"`
}
IPRange Describes an IPv4 range.
type Instance ¶
type Instance struct {
// The ID of the instance.
InstanceID string
// The ID of the VPC in which the instance is running.
VpcID string
// The network interfaces for the instance.
NetworkInterfaces []*NetworkInterface
}
Instance is a cloud provider compute instance.
type NetworkInterface ¶
type NetworkInterface struct {
// The ID of the network interface.
NetworkInterfaceID string
// The public IP address bound to the network interface.
PublicIP *string
// DeviceID of the network interface.
DeviceID *int64
}
NetworkInterface describes a network interface.
type PermFunc ¶
type PermFunc func(ctx context.Context, firewallRuleID string, req IPPermission) error
PermFunc describes a permission function authorize / revoke ingress / egress
type Provider ¶
type Provider interface {
Client
GetInstanceID(corev1.Node) string
// HasGroupedFirewallRules describes wether firewall rule groups are
// supported by the provider or not (e.g. AWS SecurityGroups).
HasGroupedFirewallRules() bool
}
Provider describes a cloud provider
type UpdateFirewallRuleGroupRequest ¶
type UpdateFirewallRuleGroupRequest struct {
// The ID of the firewall rule group.
FirewallRuleGroupID string
// The FirewallRules list.
FirewallRules []FirewallRuleSpec
}
UpdateFirewallRuleRequest wraps parameters required to update a firewall rule group.
type UpdateFirewallRuleRequest ¶
type UpdateFirewallRuleRequest struct {
FirewallRuleSpec
// The ID of the firewall rule.
FirewallRuleID string
}
UpdateFirewallRuleRequest wraps parameters required to update a firewall rule.
Source Files
Directories