securitygroup

package

v0.1.0 Latest Latest Go to latest Published: Aug 23, 2022 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/antrea-io/nephe

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func FindResourcesBasedOnKind(cloudResources []*CloudResource) (map[string]struct{}, map[string]struct{})
func IsNepheControllerCreatedSG(cloudSgName string) (string, bool, bool)
type CloudResource
- func (c *CloudResource) String() string
type CloudResourceID
- func (c *CloudResourceID) GetCloudName(membershipOnly bool) string
- func (c *CloudResourceID) String() string
type CloudResourceType
type CloudSecurityGroupAPI
type EgressRule
type IngressRule
type SynchronizationContent

Constants ¶

View Source

const (
	NepheControllerPrefix             = "nephe-"
	NepheControllerAddressGroupPrefix = NepheControllerPrefix + "ag-"
	NepheControllerAppliedToPrefix    = NepheControllerPrefix + "at-"
)

Variables ¶

View Source

var (
	CloudResourceTypeVM  = CloudResourceType(reflect.TypeOf(cloud.VirtualMachine{}).Name())
	CloudResourceTypeNIC = CloudResourceType(reflect.TypeOf(cloud.NetworkInterface{}).Name())
)

View Source

var ProtocolNameNumMap = map[string]int{
	"icmp":   1,
	"igmp":   2,
	"tcp":    6,
	"udp":    17,
	"icmpv6": 58,
}

Functions ¶

func FindResourcesBasedOnKind ¶

func FindResourcesBasedOnKind(cloudResources []*CloudResource) (map[string]struct{}, map[string]struct{})

func IsNepheControllerCreatedSG ¶

func IsNepheControllerCreatedSG(cloudSgName string) (string, bool, bool)

Types ¶

type CloudResource ¶

type CloudResource struct {
	Type CloudResourceType
	Name CloudResourceID
}

CloudResource uniquely identify a cloud resource.

func (*CloudResource) String ¶

func (c *CloudResource) String() string

type CloudResourceID ¶

type CloudResourceID struct {
	Name string
	Vpc  string
}

func (*CloudResourceID) GetCloudName ¶

func (c *CloudResourceID) GetCloudName(membershipOnly bool) string

func (*CloudResourceID) String ¶

func (c *CloudResourceID) String() string

type CloudResourceType ¶

type CloudResourceType string

CloudResourceType specifies the type of cloud resource.

type CloudSecurityGroupAPI ¶

type CloudSecurityGroupAPI interface {
	// CreateSecurityGroup request to create SecurityGroup name.
	// membershipOnly is true if the SecurityGroup is used for membership tracking, not
	// applying ingress/egress rules.
	// Caller expects to wait on returned channel for status
	CreateSecurityGroup(name *CloudResourceID, membershipOnly bool) <-chan error

	// UpdateSecurityGroupMembers updates SecurityGroup name with members.
	// SecurityGroup name must already have been created.
	// For appliedSecurityGroup, UpdateSecurityGroupMembers is called only if SG has
	// rules configured.
	UpdateSecurityGroupMembers(name *CloudResourceID, members []*CloudResource, membershipOnly bool) <-chan error

	// DeleteSecurityGroup deletes SecurityGroup name.
	// SecurityGroup name must already been created, is empty.
	DeleteSecurityGroup(name *CloudResourceID, membershipOnly bool) <-chan error

	// UpdateSecurityGroupRules updates SecurityGroup name's ingress/egress rules in entirety.
	// SecurityGroup name must already been created. SecurityGroups referred to in ingressRules and
	// egressRules must have been already created.
	// For appliedSecurityGroup, call with ingressRules=nil and egressRules=nil (clear rules) can be invoked
	// only if SG has no members.
	UpdateSecurityGroupRules(name *CloudResourceID, ingressRules []*IngressRule, egressRules []*EgressRule) <-chan error

	// GetSecurityGroupSyncChan returns a channel that networkPolicy controller waits on to retrieve complete SGs
	// configured by cloud plug-in.
	// Usage patterns:
	// 1. Controller calls it at initialization to obtains the channel.
	// 2. Controller waits on channel returned in 1, and expects that when channel wakes up it return the entire SGs configured.
	// 3. Plug-in shall wake up the channel initially after sync up with the cloud; and then periodically.
	// 4. Controller, upon receive entire SGs set, proceed to reconcile between K8s configuration and cloud configuration.
	// This API ensures cloud plug-in stays stateless.
	// - Correct SGs accidentally changed by customers via cloud API/console directly.
	GetSecurityGroupSyncChan() <-chan SynchronizationContent
}

CloudSecurityGroupAPI declares interface to program cloud security groups.

var (
	// CloudSecurityGroup is global entry point to configure cloud specific security group.
	CloudSecurityGroup CloudSecurityGroupAPI
)

type EgressRule ¶

type EgressRule struct {
	ToPort           *int
	ToDstIP          []*net.IPNet
	ToSecurityGroups []*CloudResourceID
	Protocol         *int
}

EgressRule specifies one egress rule of cloud SecurityGroup.

type IngressRule ¶

type IngressRule struct {
	FromPort           *int
	FromSrcIP          []*net.IPNet
	FromSecurityGroups []*CloudResourceID
	Protocol           *int
}

IngressRule specifies one ingress rule of cloud SecurityGroup.

type SynchronizationContent ¶

type SynchronizationContent struct {
	Resource                   CloudResourceID
	MembershipOnly             bool
	Members                    []CloudResource
	MembersWithOtherSGAttached []CloudResource
	IngressRules               []IngressRule
	EgressRules                []EgressRule
}

SynchronizationContent returns a SecurityGroup content in cloud.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL