securitygroup

package

v0.4.0 Latest Latest Go to latest Published: Mar 20, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/antrea-io/nephe

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func FindResourcesBasedOnKind(cloudResources []*CloudResource) (map[string]struct{}, map[string]struct{})
func GenerateCloudDescription(namespacedName string, appliedToGroup string) (string, error)
func GetControllerAddressGroupPrefix() string
func GetControllerAppliedToPrefix() string
func IsNepheControllerCreatedSG(cloudSgName string) (string, bool, bool)
func SetCloudResourcePrefix(CloudResourcePrefix string)
type CloudResource
- func (c *CloudResource) String() string
type CloudResourceID
- func (c *CloudResourceID) GetCloudName(membershipOnly bool) string
- func (c *CloudResourceID) String() string
type CloudResourceType
type CloudRule
- func (c *CloudRule) GetHash() string
type CloudRuleDescription
- func ExtractCloudDescription(description *string) (*CloudRuleDescription, bool)
- func (r *CloudRuleDescription) String() string
type CloudSecurityGroupAPI
type EgressRule
type IngressRule
type Rule
type SynchronizationContent

Constants ¶

View Source

const (
	// Used to create a rule description.
	Name           = "Name"
	Namespace      = "Namespace"
	AppliedToGroup = "AppliedToGroup"
)

Variables ¶

View Source

var (
	ControllerPrefix             string
	ControllerAddressGroupPrefix string
	ControllerAppliedToPrefix    string
)

View Source

var (
	CloudResourceTypeVM  = CloudResourceType(reflect.TypeOf(crdv1alpha1.VirtualMachine{}).Name())
	CloudResourceTypeNIC = CloudResourceType(reflect.TypeOf(crdv1alpha1.NetworkInterface{}).Name())
)

View Source

var ProtocolNameNumMap = map[string]int{
	"icmp":   1,
	"igmp":   2,
	"tcp":    6,
	"udp":    17,
	"icmpv6": 58,
}

Functions ¶

func FindResourcesBasedOnKind ¶

func FindResourcesBasedOnKind(cloudResources []*CloudResource) (map[string]struct{}, map[string]struct{})

func GenerateCloudDescription ¶ added in v0.4.0

func GenerateCloudDescription(namespacedName string, appliedToGroup string) (string, error)

GenerateCloudDescription generates a CloudRuleDescription object and converts to string.

func GetControllerAddressGroupPrefix ¶ added in v0.4.0

func GetControllerAddressGroupPrefix() string

func GetControllerAppliedToPrefix ¶ added in v0.4.0

func GetControllerAppliedToPrefix() string

func IsNepheControllerCreatedSG ¶

func IsNepheControllerCreatedSG(cloudSgName string) (string, bool, bool)

IsNepheControllerCreatedSG checks an SG is created by nephe and returns if it's an AppliedToGroup/AddressGroup sg and the sg name.

func SetCloudResourcePrefix ¶ added in v0.4.0

func SetCloudResourcePrefix(CloudResourcePrefix string)

Types ¶

type CloudResource ¶

type CloudResource struct {
	Type CloudResourceType
	CloudResourceID
	AccountID     string
	CloudProvider string
}

CloudResource uniquely identify a cloud resource.

func (*CloudResource) String ¶

func (c *CloudResource) String() string

type CloudResourceID ¶

type CloudResourceID struct {
	Name string
	Vpc  string
}

func (*CloudResourceID) GetCloudName ¶

func (c *CloudResourceID) GetCloudName(membershipOnly bool) string

func (*CloudResourceID) String ¶

func (c *CloudResourceID) String() string

type CloudResourceType ¶

type CloudResourceType string

CloudResourceType specifies the type of cloud resource.

type CloudRule ¶ added in v0.3.0

type CloudRule struct {
	Hash          string `json:"-"`
	Rule          Rule
	NetworkPolicy string `json:"-"`
	AppliedToGrp  string
}

func (*CloudRule) GetHash ¶ added in v0.3.0

func (c *CloudRule) GetHash() string

type CloudRuleDescription ¶ added in v0.4.0

type CloudRuleDescription struct {
	Name           string
	Namespace      string
	AppliedToGroup string
}

func ExtractCloudDescription ¶ added in v0.4.0

func ExtractCloudDescription(description *string) (*CloudRuleDescription, bool)

ExtractCloudDescription converts a string to a CloudRuleDescription object.

func (*CloudRuleDescription) String ¶ added in v0.4.0

func (r *CloudRuleDescription) String() string

type CloudSecurityGroupAPI ¶

type CloudSecurityGroupAPI interface {
	// CreateSecurityGroup request to create SecurityGroup name.
	// membershipOnly is true if the SecurityGroup is used for membership tracking, not
	// applying ingress/egress rules.
	// Caller expects to wait on returned channel for status
	CreateSecurityGroup(name *CloudResource, membershipOnly bool) <-chan error

	// UpdateSecurityGroupRules updates SecurityGroup name's ingress/egress rules in entirety.
	// SecurityGroup name must already been created. SecurityGroups referred to in ingressRules and
	// egressRules must have been already created.
	UpdateSecurityGroupRules(name *CloudResource, addRules, rmRules, allRules []*CloudRule) <-chan error

	// UpdateSecurityGroupMembers updates SecurityGroup name with members.
	// SecurityGroup name must already have been created.
	// For appliedSecurityGroup, UpdateSecurityGroupMembers is called only if SG has
	// rules configured.
	UpdateSecurityGroupMembers(name *CloudResource, members []*CloudResource, membershipOnly bool) <-chan error

	// DeleteSecurityGroup deletes SecurityGroup name.
	// SecurityGroup name must already been created, is empty.
	DeleteSecurityGroup(name *CloudResource, membershipOnly bool) <-chan error

	// GetSecurityGroupSyncChan returns a channel that networkPolicy controller waits on to retrieve complete SGs
	// configured by cloud plug-in.
	// Usage patterns:
	// 1. Controller calls it at initialization to obtains the channel.
	// 2. Controller waits on channel returned in 1, and expects that when channel wakes up it return the entire SGs configured.
	// 3. Plug-in shall wake up the channel initially after sync up with the cloud; and then periodically.
	// 4. Controller, upon receive entire SGs set, proceed to reconcile between K8s configuration and cloud configuration.
	// This API ensures cloud plug-in stays stateless.
	// - Correct SGs accidentally changed by customers via cloud API/console directly.
	GetSecurityGroupSyncChan() <-chan SynchronizationContent
}

CloudSecurityGroupAPI declares interface to program cloud security groups.

var (
	// CloudSecurityGroup is global entry point to configure cloud specific security group.
	CloudSecurityGroup CloudSecurityGroupAPI
)

type EgressRule ¶

type EgressRule struct {
	ToPort           *int
	ToDstIP          []*net.IPNet
	ToSecurityGroups []*CloudResourceID
	Protocol         *int
}

EgressRule specifies one egress rule of cloud SecurityGroup.

type IngressRule ¶

type IngressRule struct {
	FromPort           *int
	FromSrcIP          []*net.IPNet
	FromSecurityGroups []*CloudResourceID
	Protocol           *int
}

IngressRule specifies one ingress rule of cloud SecurityGroup.

type Rule ¶ added in v0.3.0

type Rule interface {
	// contains filtered or unexported methods
}

type SynchronizationContent ¶

type SynchronizationContent struct {
	Resource                   CloudResource
	MembershipOnly             bool
	Members                    []CloudResource
	MembersWithOtherSGAttached []CloudResource
	IngressRules               []IngressRule
	EgressRules                []EgressRule
}

SynchronizationContent returns a SecurityGroup content in cloud.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL