Documentation
¶
Overview ¶
Package cache contains cache storage policy controller needed.
Index ¶
- Constants
- func AppendIPBlockPorts(dst []securityv1alpha1.NamedPort, src []securityv1alpha1.NamedPort) []securityv1alpha1.NamedPort
- func DeepCopyMap(theMap interface{}) interface{}
- func GenerateFlowKey(rule PolicyRule) string
- func GetIPCidr(ip types.IPAddress) string
- func HashName(length int, keys ...interface{}) string
- func NewCompleteRuleCache() cache.Indexer
- func NewGlobalRuleCache() cache.Indexer
- func UnmarshalPortRange(portRange string) (uint16, uint16, error)
- type CompleteRule
- type DeepCopyBase
- type GroupCache
- func (cache *GroupCache) AddGroupMembership(members *groupv1alpha1.GroupMembers)
- func (cache *GroupCache) AddPatch(patch *groupv1alpha1.GroupMembersPatch)
- func (cache *GroupCache) ApplyPatch(patch *GroupPatch)
- func (cache *GroupCache) DelGroupMembership(groupName string)
- func (cache *GroupCache) ListGroupIPBlocks(groupName string) (revision int32, ipBlocks map[string]*IPBlockItem, exist bool)
- func (cache *GroupCache) NextPatch(groupName string) *GroupPatch
- func (cache *GroupCache) PatchLen(groupName string) int
- type GroupPatch
- type IPBlockItem
- type PolicyRule
- type PolicyType
- type RuleAction
- type RuleDirection
- type RulePort
- type RuleType
Constants ¶
View Source
const ( RuleTypeGlobalDefaultRule RuleType = "GlobalDefaultRule" RuleTypeDefaultRule RuleType = "DefaultRule" RuleTypeNormalRule RuleType = "NormalRule" RuleActionAllow RuleAction = "Allow" RuleActionDrop RuleAction = "Drop" RuleDirectionIn RuleDirection = "Ingress" RuleDirectionOut RuleDirection = "Egress" NormalPolicy PolicyType = "normal" GlobalPolicy PolicyType = "global" InternalPolicy PolicyType = "internal" )
View Source
const ( GroupIndex = "GroupIndex" PolicyIndex = "PolicyIndex" )
Variables ¶
This section is empty.
Functions ¶
func AppendIPBlockPorts ¶
func AppendIPBlockPorts(dst []securityv1alpha1.NamedPort, src []securityv1alpha1.NamedPort) []securityv1alpha1.NamedPort
func DeepCopyMap ¶
func DeepCopyMap(theMap interface{}) interface{}
func GenerateFlowKey ¶
func GenerateFlowKey(rule PolicyRule) string
func NewCompleteRuleCache ¶
func NewGlobalRuleCache ¶
Types ¶
type CompleteRule ¶
type CompleteRule struct {
// RuleID is a unique identifier of rule, it's always set to policyNamespace/policyName/policyType/ruleName.
RuleID string
Tier string
EnforcementMode string
Action RuleAction
Direction RuleDirection
// SymmetricMode will ignore direction, generate both ingress and egress rule
SymmetricMode bool
// DefaultPolicyRule is true when the it's the default egress or ingress rule in policy.
DefaultPolicyRule bool
// SrcGroups is a map of groupName and revision. Revision is used to determine whether
// a patch has been executed for this group.
SrcGroups map[string]int32
DstGroups map[string]int32
// SrcIPBlocks is a map of source IPBlocks and other ip infos. This schema is used to calculate
// whether the patch leads to the added/deleted of IPBlocks. Virtual machine hot migration or
// configuration conflict may lead to multiple identical IP in the same group at the same time.
// If you want matches all source, you should write like {"": nil}.
SrcIPBlocks map[string]*IPBlockItem
// DstIPBlocks is a map of destination IPBlocks and other ip infos. If you want matches all
// destination, you should write like {"": nil}.
DstIPBlocks map[string]*IPBlockItem
// Ports is a list of srcport and dstport with protocol. This filed must not empty.
Ports []RulePort
// contains filtered or unexported fields
}
func (*CompleteRule) ApplyPatch ¶
func (rule *CompleteRule) ApplyPatch(patch *GroupPatch)
func (*CompleteRule) Clone ¶
func (rule *CompleteRule) Clone() *CompleteRule
func (*CompleteRule) GetPatchPolicyRules ¶
func (rule *CompleteRule) GetPatchPolicyRules(patch *GroupPatch) (newPolicyRuleList, oldPolicyRuleList []PolicyRule)
func (*CompleteRule) ListRules ¶
func (rule *CompleteRule) ListRules() []PolicyRule
ListRules return a list of security.everoute.io/v1alpha1 PolicyRule
type DeepCopyBase ¶
type DeepCopyBase interface {
DeepCopy() interface{}
}
type GroupCache ¶
type GroupCache struct {
// contains filtered or unexported fields
}
GroupCache cache GroupMembers and GroupMembersPatch, it's thread safe.
func (*GroupCache) AddGroupMembership ¶
func (cache *GroupCache) AddGroupMembership(members *groupv1alpha1.GroupMembers)
AddGroupMembership add GroupMembers to cache.
func (*GroupCache) AddPatch ¶
func (cache *GroupCache) AddPatch(patch *groupv1alpha1.GroupMembersPatch)
AddPatch add a GroupMembersPatch to patches.
func (*GroupCache) ApplyPatch ¶
func (cache *GroupCache) ApplyPatch(patch *GroupPatch)
ApplyPatch applied patch to cache GroupMembers. ApplyPatch should be called after the GroupPatch successfully processed.
func (*GroupCache) DelGroupMembership ¶
func (cache *GroupCache) DelGroupMembership(groupName string)
DelGroupMembership removed GroupMembers and it's patches from cache.
func (*GroupCache) ListGroupIPBlocks ¶
func (cache *GroupCache) ListGroupIPBlocks(groupName string) (revision int32, ipBlocks map[string]*IPBlockItem, exist bool)
ListGroupIPBlocks return a list of IPBlocks of the group.
func (*GroupCache) NextPatch ¶
func (cache *GroupCache) NextPatch(groupName string) *GroupPatch
NextPatch return a patch with the same revision of current GroupMembers. Nil patch means not exist next patch.
func (*GroupCache) PatchLen ¶
func (cache *GroupCache) PatchLen(groupName string) int
PatchLen return patches length of the giving group.
type GroupPatch ¶
type GroupPatch struct {
// GroupName is group Name which should applied to.
GroupName string
// Revision is group Revision which should applied to.
Revision int32
// Add is the Add IPBlocks if patch applied.
Add map[string]*IPBlockItem
// Del is the deleted IPBlocks if patch applied.
Del map[string]*IPBlockItem
}
type IPBlockItem ¶
type IPBlockItem struct {
// AgentRef means this ip has appeared in these agents.
// if sets is empty, this ip will apply to all agents.
AgentRef sets.String
// StaticCount is counter for ips which assigned directly in policy
StaticCount int
Ports []securityv1alpha1.NamedPort
}
func NewIPBlockItem ¶
func NewIPBlockItem() *IPBlockItem
func (*IPBlockItem) DeepCopy ¶
func (item *IPBlockItem) DeepCopy() interface{}
type PolicyRule ¶
type PolicyRule struct {
// Name format policyNamespace/policyName/policyType/ruleName-flowKey
Name string `json:"name"`
Action RuleAction `json:"action"`
// match fields
Direction RuleDirection `json:"direction"`
RuleType RuleType `json:"ruleType"`
Tier string `json:"tier,omitempty"`
EnforcementMode string `json:"enforcementMode,omitempty"`
SrcIPAddr string `json:"srcIPAddr,omitempty"`
DstIPAddr string `json:"dstIPAddr,omitempty"`
IPProtocol string `json:"ipProtocol"`
SrcPort uint16 `json:"srcPort,omitempty"`
DstPort uint16 `json:"dstPort,omitempty"`
SrcPortMask uint16 `json:"srcPortMask,omitempty"`
DstPortMask uint16 `json:"dstPortMask,omitempty"`
}
type PolicyType ¶
type PolicyType string
type RuleAction ¶
type RuleAction string
type RuleDirection ¶
type RuleDirection string
type RulePort ¶
type RulePort struct {
// SrcPort is source port, 0 matches all ports.
SrcPort uint16
// DstPort is destination port, 0 matches all ports.
DstPort uint16
// SrcPortMask is source port mask, 0x0000 & 0xffff have no effect.
SrcPortMask uint16
// DstPortMask is destination port mask, 0x0000 & 0xffff have no effect.
DstPortMask uint16
// SrcPortName is a source port name, the mapped port depends on each endpoint.
SrcPortName string
// DstPortName is a destination port name, the mapped port depends on each endpoint.
DstPortName string
// Protocol should set "" if want match all protocol.
Protocol securityv1alpha1.Protocol
}
Source Files
Click to show internal directories.
Click to hide internal directories.