policy

package

v0.0.0-...-36f1a77 Latest Latest Go to latest Published: Nov 1, 2016 License: GPL-2.0 Imports: 0 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bvandewalle/trireme

Links

Open Source Insights

Documentation ¶

Overview ¶

Package policy describes a generic interface for retrieving policies. Different implementations are possible for environments such as Kubernetes, Mesos or other custom environments. An implementation has to provide a method for retrieving policy based on the metadata associated with the container and deleting the policy when the container dies. It is up to the implementation to decide how to generate the policy. The package also defines the basic data structure for communicating policy information. The implementations are responsible for providing all the necessary data.

Index ¶

Constants
type FlowAction
type IPRule
type KeyValueOperator
type Operator
type PUAction
type PUInfo
- func NewPUInfo(contextID string) *PUInfo
- func PUInfoFromPolicyAndRuntime(contextID string, policyInfo *PUPolicy, runtimeInfo *PURuntime) *PUInfo
type PUPolicy
- func NewPUPolicy() *PUPolicy
type PURuntime
- func NewPURuntime() *PURuntime
type RuntimeReader
type TagSelector
type TagsMap

Constants ¶

View Source

const (
	// Equal is the equal operator
	Equal = "="
	// NotEqual is the not equal operator
	NotEqual = "=!"
	// KeyExists is the key=* operator
	KeyExists = "*"
	// KeyNotExists means that the key doesnt exist in the incoming tags
	KeyNotExists = "!*"
)

View Source

const (
	// Accept is the accept action
	Accept = 0x1
	// Log intstructs the data to log informat
	Log = 0x2
	// Encrypt instructs data to be encrypted
	Encrypt = 0x4
)

View Source

const (
	// AllowAll allows everything for the specific PU.
	AllowAll = 0x1
	// Police filters on the PU based on the PolicyRules.
	Police = 0x2
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type FlowAction ¶

type FlowAction int

FlowAction is the action that can be applied to a flow.

type IPRule ¶

type IPRule struct {
	Address  string
	Port     string
	Protocol string
}

IPRule holds ingress IP table rules to external services

type KeyValueOperator ¶

type KeyValueOperator struct {
	Key      string
	Value    []string
	Operator Operator
}

KeyValueOperator describes an individual matching rule

type Operator ¶

type Operator string

Operator defines the operation between your key and value.

type PUAction ¶

type PUAction int

PUAction defines the action types that applies for a specific PU as a whole.

type PUInfo ¶

type PUInfo struct {
	// ContextID is the ID of the container that the policy applies to
	ContextID string
	// Policy is an instantiation of the container policy
	Policy *PUPolicy
	// RunTime captures all data that are captured from the container
	Runtime *PURuntime
}

PUInfo captures all policy information related to a connection

func NewPUInfo ¶

func NewPUInfo(contextID string) *PUInfo

NewPUInfo instantiates a new ContainerPolicy

func PUInfoFromPolicyAndRuntime ¶

func PUInfoFromPolicyAndRuntime(contextID string, policyInfo *PUPolicy, runtimeInfo *PURuntime) *PUInfo

PUInfoFromPolicyAndRuntime generates a ContainerInfo Struct from an existing RuntimeInfo and PolicyInfo

type PUPolicy ¶

type PUPolicy struct {
	// ManagementID is provided for the policy implementations as a means of
	// holding a policy identifier related to the implementation
	ManagementID string
	//TriremeAction defines what level of policy should be applied to that container.
	TriremeAction PUAction
	// IngressACLs is the list of ACLs to be applied when the container talks
	// to IP Addresses outside the data center
	IngressACLs []IPRule
	// EgressACLs is the list of ACLs to be applied from IP Addresses outside
	// the data center
	EgressACLs []IPRule
	// PolicyTags are the tags that will be sent on the wire and used for policing.
	PolicyTags TagsMap
	// Rules is the set of rules that implement the label matching.
	Rules []TagSelector
	// Extensions is an interface to a data structure that allows the policy supervisor
	// to pass additional instructions to a plugin. Plugin and policy must be
	// coordinated to implement the interface
	Extensions interface{}
}

PUPolicy captures all policy information related ot the container

func NewPUPolicy ¶

func NewPUPolicy() *PUPolicy

NewPUPolicy generates a new ContainerPolicyInfo

type PURuntime ¶

type PURuntime struct {
	// contains filtered or unexported fields
}

PURuntime holds all data related to the status of the container run time

func NewPURuntime ¶

func NewPURuntime() *PURuntime

NewPURuntime Generate a new RuntimeInfo

func (*PURuntime) DefaultIPAddress ¶

func (r *PURuntime) DefaultIPAddress() (string, bool)

DefaultIPAddress returns the default IP address for the processing unit

func (*PURuntime) IPAddresses ¶

func (r *PURuntime) IPAddresses() map[string]string

IPAddresses returns all the IP addresses for the processing unit

func (*PURuntime) Name ¶

func (r *PURuntime) Name() string

Name returns the PID

func (*PURuntime) Pid ¶

func (r *PURuntime) Pid() int

Pid returns the PID

func (*PURuntime) SetIPAddresses ¶

func (r *PURuntime) SetIPAddresses(ipa map[string]string)

SetIPAddresses sets up all the IP addresses for the processing unit

func (*PURuntime) SetName ¶

func (r *PURuntime) SetName(name string)

SetName sets the Name

func (*PURuntime) SetPid ¶

func (r *PURuntime) SetPid(pid int)

SetPid sets the PID

func (*PURuntime) SetTags ¶

func (r *PURuntime) SetTags(tags TagsMap)

SetTags sets tags for the processing unit

func (*PURuntime) Tag ¶

func (r *PURuntime) Tag(key string) (string, bool)

Tag returns a specific tag for the processing unit

func (*PURuntime) Tags ¶

func (r *PURuntime) Tags() TagsMap

Tags returns tags for the processing unit

type RuntimeReader ¶

type RuntimeReader interface {

	// Pid returns the Pid of the Runtime.
	Pid() int

	// Name returns the process name of the Runtime.
	Name() string

	// Tag retuns the value of the given tag.
	Tag(string) (string, bool)

	// Tags returns the list of the tags.
	Tags() TagsMap

	// DefaultIPAddress retutns the default IP address.
	DefaultIPAddress() (string, bool)

	// IPAddresses returns all the IP addresses.
	IPAddresses() map[string]string
}

A RuntimeReader allows to get the specific parameters stored in the Runtime

type TagSelector ¶

type TagSelector struct {
	Clause []KeyValueOperator
	Action FlowAction
}

TagSelector info describes a tag selector key Operator value

type TagsMap ¶

type TagsMap map[string]string

A TagsMap is a map of Key:Values used as tags.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL