connectivitypdp

package

v0.0.1 Latest Latest Go to latest Published: Mar 11, 2024 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/clusterlink-net/clusterlink

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const DefaultDenyPolicyName = "<default deny>"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DestinationDecision ¶

type DestinationDecision struct {
	Destination     policytypes.WorkloadAttrs
	Decision        policytypes.PolicyDecision
	MatchedBy       string // The name of the policy that matched the connection and took the decision
	PrivilegedMatch bool   // Whether the policy that took the decision was privileged
}

DestinationDecision describes the PDP decision on a given destination (w.r.t, to a given source), including the deciding policy, if any. Calling PDP.Decide() with a source workload and a slice of destinations workloads, returns a slice of corresponding DestinationDecisions.

type PDP ¶

type PDP struct {
	// contains filtered or unexported fields
}

PDP is the main object to maintain a set of connectivity policies and decide whether a given connection is allowed or denied by these policies.

func NewPDP ¶

func NewPDP() *PDP

NewPDP constructs a new PDP.

func (*PDP) AddOrUpdatePolicy ¶

func (pdp *PDP) AddOrUpdatePolicy(policy *policytypes.ConnectivityPolicy) error

AddOrUpdatePolicy adds a ConnectivityPolicy to the PDP. If a policy with the same name and the same privilege already exists in the PDP, it is updated (including updating the Action field). Invalid policies return an error.

func (*PDP) Decide ¶

func (pdp *PDP) Decide(src policytypes.WorkloadAttrs, dests []policytypes.WorkloadAttrs) ([]DestinationDecision, error)

Decide makes allow/deny decisions for the queried connections between src and each of destinations in dests. The decision, as well as the deciding policy, are recorded in the returned slice of DestinationDecision structs. The order of destinations in dests is preserved in the returned slice.

func (*PDP) DeletePolicy ¶

func (pdp *PDP) DeletePolicy(policyName string, privileged bool) error

DeletePolicy deletes a ConnectivityPolicy with the given name and privilege from the PDP. If no such ConnectivityPolicy exists in the PDP, an error is returned.

func (*PDP) GetPolicies ¶

func (pdp *PDP) GetPolicies() []policytypes.ConnectivityPolicy

Returns a slice of copies of the policies stored in the PDP.

Source Files ¶

View all Source files

connectivity_pdp.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL