Documentation ¶
Overview ¶
Package policy describes a generic interface for retrieving policies. Different implementations are possible for environments such as Kubernetes, Mesos or other custom environments. An implementation has to provide a method for retrieving policy based on the metadata associated with the container and deleting the policy when the container dies. It is up to the implementation to decide how to generate the policy. The package also defines the basic data structure for communicating policy information. The implementations are responsible for providing all the necessary data.
Index ¶
- Constants
- type FlowAction
- type IPRule
- type KeyValueOperator
- type Operator
- type PUAction
- type PUInfo
- type PUPolicy
- type PURuntime
- func (r *PURuntime) DefaultIPAddress() (string, bool)
- func (r *PURuntime) IPAddresses() map[string]string
- func (r *PURuntime) Name() string
- func (r *PURuntime) Pid() int
- func (r *PURuntime) SetIPAddresses(ipa map[string]string)
- func (r *PURuntime) SetName(name string)
- func (r *PURuntime) SetPid(pid int)
- func (r *PURuntime) SetTags(tags TagsMap)
- func (r *PURuntime) Tag(key string) (string, bool)
- func (r *PURuntime) Tags() TagsMap
- type RuntimeReader
- type TagSelector
- type TagsMap
Constants ¶
const ( // Equal is the equal operator Equal = "=" // NotEqual is the not equal operator NotEqual = "=!" // KeyExists is the key=* operator KeyExists = "*" // KeyNotExists means that the key doesnt exist in the incoming tags KeyNotExists = "!*" )
const ( // Accept is the accept action Accept = 0x1 // Log intstructs the data to log informat Log = 0x2 // Encrypt instructs data to be encrypted Encrypt = 0x4 )
const ( // AllowAll allows everything for the specific PU. AllowAll = 0x1 // Police filters on the PU based on the PolicyRules. Police = 0x2 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyValueOperator ¶
KeyValueOperator describes an individual matching rule
type PUAction ¶
type PUAction int
PUAction defines the action types that applies for a specific PU as a whole.
type PUInfo ¶
type PUInfo struct { // ContextID is the ID of the container that the policy applies to ContextID string // Policy is an instantiation of the container policy Policy *PUPolicy // RunTime captures all data that are captured from the container Runtime *PURuntime }
PUInfo captures all policy information related to a connection
type PUPolicy ¶
type PUPolicy struct { // ManagementID is provided for the policy implementations as a means of // holding a policy identifier related to the implementation ManagementID string //TriremeAction defines what level of policy should be applied to that container. TriremeAction PUAction // IngressACLs is the list of ACLs to be applied when the container talks // to IP Addresses outside the data center IngressACLs []IPRule // EgressACLs is the list of ACLs to be applied from IP Addresses outside // the data center EgressACLs []IPRule // PolicyTags are the tags that will be sent on the wire and used for policing. PolicyTags TagsMap // Rules is the set of rules that implement the label matching. Rules []TagSelector // Extensions is an interface to a data structure that allows the policy supervisor // to pass additional instructions to a plugin. Plugin and policy must be // coordinated to implement the interface Extensions interface{} }
PUPolicy captures all policy information related ot the container
type PURuntime ¶
type PURuntime struct {
// contains filtered or unexported fields
}
PURuntime holds all data related to the status of the container run time
func (*PURuntime) DefaultIPAddress ¶
DefaultIPAddress returns the default IP address for the processing unit
func (*PURuntime) IPAddresses ¶
IPAddresses returns all the IP addresses for the processing unit
func (*PURuntime) SetIPAddresses ¶
SetIPAddresses sets up all the IP addresses for the processing unit
type RuntimeReader ¶
type RuntimeReader interface { // Pid returns the Pid of the Runtime. Pid() int // Name returns the process name of the Runtime. Name() string // Tag retuns the value of the given tag. Tag(string) (string, bool) // Tags returns the list of the tags. Tags() TagsMap // DefaultIPAddress retutns the default IP address. DefaultIPAddress() (string, bool) // IPAddresses returns all the IP addresses. IPAddresses() map[string]string }
A RuntimeReader allows to get the specific parameters stored in the Runtime
type TagSelector ¶
type TagSelector struct { Clause []KeyValueOperator Action FlowAction }
TagSelector info describes a tag selector key Operator value