netpoleval

package

v0.0.0-...-ed96a3d Latest Latest Go to latest Published: Jan 15, 2022 License: GPL-3.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cheriot/netpoltool

Links

Open Source Insights

Documentation ¶

Index ¶

func EvalResultString(er EvalResult) string
func MatchIPBlock(ipBlock nwv1.IPBlock, ip net.IP, ipStr string) (bool, error)
func MatchLabelSelector(podSelector metav1.LabelSelector, podLabels map[string]string) bool
func PortContains(rulePort nwv1.NetworkPolicyPort, toPort DestinationPort) bool
type ConnectionSide
- func NewExternalConnection(ip string, port string, protocol string) (ConnectionSide, error)
type DestinationPort
type EvalResult
type ExternalConnection
type NetpolResult
type PodConnection
- func NewPodConnection(pod *corev1.Pod, ns *corev1.Namespace, policies []nwv1.NetworkPolicy, ...) (*PodConnection, error)
type PortResult
- func Eval(source *PodConnection, dest ConnectionSide) []PortResult

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EvalResultString ¶

func EvalResultString(er EvalResult) string

func MatchIPBlock ¶

func MatchIPBlock(ipBlock nwv1.IPBlock, ip net.IP, ipStr string) (bool, error)

func MatchLabelSelector ¶

func MatchLabelSelector(podSelector metav1.LabelSelector, podLabels map[string]string) bool

func PortContains ¶

func PortContains(rulePort nwv1.NetworkPolicyPort, toPort DestinationPort) bool

Types ¶

type ConnectionSide ¶

type ConnectionSide interface {
	GetName() string
	MatchNamespaceSelector(metav1.LabelSelector) bool
	MatchPodSelector(metav1.LabelSelector) bool
	MatchIPBlock(nwv1.IPBlock) (bool, error)
	IsInNamespace(string) bool
	IsOnNode(string) bool
	IsInCluster() bool
	GetPolicies() []nwv1.NetworkPolicy
	GetPorts() []DestinationPort
}

func NewExternalConnection ¶

func NewExternalConnection(ip string, port string, protocol string) (ConnectionSide, error)

type DestinationPort ¶

type DestinationPort struct {
	IsInCluster bool // Does this port represent something in the *current* k8s cluster?
	Name        string
	Num         int32
	Protocol    corev1.Protocol
}

type EvalResult ¶

type EvalResult uint8

const (
	NoMatch EvalResult = iota
	Deny
	Allow
)

type ExternalConnection ¶

type ExternalConnection struct {
	IP   net.IP
	Port DestinationPort
	// contains filtered or unexported fields
}

func (*ExternalConnection) GetName ¶

func (c *ExternalConnection) GetName() string

func (*ExternalConnection) GetPolicies ¶

func (c *ExternalConnection) GetPolicies() []nwv1.NetworkPolicy

func (*ExternalConnection) GetPorts ¶

func (c *ExternalConnection) GetPorts() []DestinationPort

func (*ExternalConnection) IsInCluster ¶

func (c *ExternalConnection) IsInCluster() bool

func (*ExternalConnection) IsInNamespace ¶

func (c *ExternalConnection) IsInNamespace(string) bool

func (*ExternalConnection) IsOnNode ¶

func (c *ExternalConnection) IsOnNode(name string) bool

func (*ExternalConnection) MatchIPBlock ¶

func (c *ExternalConnection) MatchIPBlock(ipBlock nwv1.IPBlock) (bool, error)

func (*ExternalConnection) MatchNamespaceSelector ¶

func (c *ExternalConnection) MatchNamespaceSelector(metav1.LabelSelector) bool

func (*ExternalConnection) MatchPodSelector ¶

func (c *ExternalConnection) MatchPodSelector(metav1.LabelSelector) bool

type NetpolResult ¶

type NetpolResult struct {
	Netpol nwv1.NetworkPolicy
	EvalResult
}

type PodConnection ¶

type PodConnection struct {
	Pod       *corev1.Pod
	Namespace *corev1.Namespace
	Policies  []nwv1.NetworkPolicy
	// contains filtered or unexported fields
}

func NewPodConnection ¶

func NewPodConnection(pod *corev1.Pod, ns *corev1.Namespace, policies []nwv1.NetworkPolicy, portNameOrNum string) (*PodConnection, error)

func (*PodConnection) GetName ¶

func (c *PodConnection) GetName() string

func (*PodConnection) GetPolicies ¶

func (c *PodConnection) GetPolicies() []nwv1.NetworkPolicy

func (*PodConnection) GetPorts ¶

func (c *PodConnection) GetPorts() []DestinationPort

func (*PodConnection) IsInCluster ¶

func (c *PodConnection) IsInCluster() bool

func (*PodConnection) IsInNamespace ¶

func (c *PodConnection) IsInNamespace(n string) bool

func (*PodConnection) IsOnNode ¶

func (c *PodConnection) IsOnNode(name string) bool

func (*PodConnection) MatchIPBlock ¶

func (c *PodConnection) MatchIPBlock(ipBlock nwv1.IPBlock) (bool, error)

func (*PodConnection) MatchNamespaceSelector ¶

func (c *PodConnection) MatchNamespaceSelector(labelSelector metav1.LabelSelector) bool

func (*PodConnection) MatchPodSelector ¶

func (c *PodConnection) MatchPodSelector(labelSelector metav1.LabelSelector) bool

type PortResult ¶

type PortResult struct {
	ToPort         DestinationPort
	Egress         []NetpolResult
	Ingress        []NetpolResult
	IngressAllowed bool
	EgressAllowed  bool
	Allowed        bool
}

func Eval ¶

func Eval(source *PodConnection, dest ConnectionSide) []PortResult

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL