Documentation ¶
Index ¶
- Constants
- type Endpoint
- type ExposedIPSpec
- type GroupOrHost
- type Host
- type HostList
- type IPAMAddressRequest
- type IPAMAddressResponse
- type IPAMBlockResponse
- type IPAMBlocksResponse
- type IPAMNetworkResponse
- type IPNet
- type NetworkDefinition
- type Policy
- type PortRange
- type RomanaIngress
- type RomanaVIP
- type Rule
- type Rules
- type Segment
- type Tag
- type Tenant
- type TopologyDefinition
- type TopologyUpdateRequest
Constants ¶
const ( // Max port number for TCP/UDP. MaxPortNumber = 65535 MaxIcmpType = 255 // Wildcard Wildcard = "any" )
const ( PolicyDirectionIngress = "ingress" PolicyDirectionEgress = "egress" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Endpoint ¶
type Endpoint struct { Peer string `json:"peer,omitempty"` Cidr string `json:"cidr,omitempty"` Dest string `json:"dest,omitempty"` TenantID string `json:"tenant_id,omitempty"` SegmentID string `json:"segment_id,omitempty"` }
Endpoint represents an endpoint - that is, something that has an IP address and routes to/from. It can be a container, a Kubernetes POD, a VM, etc.
type ExposedIPSpec ¶
type GroupOrHost ¶
type GroupOrHost struct { // Assignment is a map of key-value pairs that specify what attributes (key=value) // of a new host to use to assign it into a group. Assignment map[string]string `json:"assignment,omitempty"` Routing string `json:"routing,omitempty"` Groups []GroupOrHost `json:"groups,omitempty"` // If the below are specified, this GroupSpec really represents a host, // therefore the above elements MUST NOT be specified. Name string `json:"name"` IP net.IP `json:"ip,omitempty"` // This is ignored on import. CIDR string `json:"cidr,omitempty"` // A dummy group is one used for padding to power of 2; it is not to // be assigned hosts to Dummy bool `json:"dummy,omitempty"` }
type Host ¶
type IPAMAddressRequest ¶
type IPAMAddressResponse ¶
type IPAMBlockResponse ¶
type IPAMBlocksResponse ¶
type IPAMBlocksResponse struct { Revision int `json:"revision"` Blocks []IPAMBlockResponse `json:"blocks"` }
type IPAMNetworkResponse ¶
type NetworkDefinition ¶
type Policy ¶
type Policy struct { ID string `json:"id"` // Direction is one of common.PolicyDirectionIngress or common.PolicyDirectionIngress, // otherwise common.Validate will return an error. Direction string `json:"direction,omitempty" romana:"desc:Direction is one of 'ingress' or egress'."` // Description is human-redable description of the policy. Description string `json:"description,omitempty"` // Datacenter describes a Romana deployment. AppliedTo []Endpoint `json:"applied_to,omitempty"` Ingress []RomanaIngress `json:"ingress,omitempty"` }
Policy describes Romana network security policy. For examples, see: 1. https://github.com/romana/core/blob/master/policy/policy.sample.json 2. https://github.com/romana/core/blob/master/policy/policy.example.agent.json
type RomanaIngress ¶
type Rule ¶
type Rule struct { Protocol string `json:"protocol,omitempty"` Ports []uint `json:"ports,omitempty"` PortRanges []PortRange `json:"port_ranges,omitempty"` // IcmpType only applies if Protocol value is ICMP and // is mutually exclusive with Ports or PortRanges IcmpType uint `json:"icmp_type,omitempty"` IcmpCode uint `json:"icmp_code,omitempty"` IsStateful bool `json:"is_stateful,omitempty"` }
Rule describes a rule of the policy. The following requirements apply (the policy would not be validated otherwise): 1. Protocol must be specified. 2. Protocol must be one of those validated by isValidProto(). 3. Ports cannot be negative or greater than 65535. 4. If Protocol specified is "icmp", Ports and PortRanges fields should be blank. 5. If Protocol specified is not "icmp", Icmptype and IcmpCode should be unspecified.
type Tag ¶
Metadata attached to entities for various external environments like Open Stack / Kubernetes
type TopologyDefinition ¶
type TopologyDefinition struct { Networks []string `json:"networks"` Map []GroupOrHost `json:"map"` }
type TopologyUpdateRequest ¶
type TopologyUpdateRequest struct { Networks []NetworkDefinition `json:"networks"` Topologies []TopologyDefinition `json:"topologies"` }