Documentation ¶
Overview ¶
Package cache contains cache storage policy controller needed.
Index ¶
- Constants
- func AppendIPBlockPorts(dst []securityv1alpha1.NamedPort, src []securityv1alpha1.NamedPort) []securityv1alpha1.NamedPort
- func DeepCopyMap(theMap interface{}) interface{}
- func GenerateFlowKey(rule PolicyRule) string
- func GetIPCidr(ip types.IPAddress) string
- func HashName(length int, keys ...interface{}) string
- func NewCompleteRuleCache() cache.Indexer
- func NewGlobalRuleCache() cache.Indexer
- func UnmarshalPortRange(portRange string) (uint16, uint16, error)
- type CompleteRule
- type DeepCopyBase
- type GroupCache
- func (cache *GroupCache) AddGroupMembership(members *groupv1alpha1.GroupMembers)
- func (cache *GroupCache) AddPatch(patch *groupv1alpha1.GroupMembersPatch)
- func (cache *GroupCache) ApplyPatch(patch *GroupPatch)
- func (cache *GroupCache) DelGroupMembership(groupName string)
- func (cache *GroupCache) ListGroupIPBlocks(groupName string) (revision int32, ipBlocks map[string]*IPBlockItem, exist bool)
- func (cache *GroupCache) NextPatch(groupName string) *GroupPatch
- func (cache *GroupCache) PatchLen(groupName string) int
- type GroupPatch
- type IPBlockItem
- type PolicyRule
- type PolicyType
- type RuleAction
- type RuleDirection
- type RulePort
- type RuleType
Constants ¶
const ( RuleTypeGlobalDefaultRule RuleType = "GlobalDefaultRule" RuleTypeDefaultRule RuleType = "DefaultRule" RuleTypeNormalRule RuleType = "NormalRule" RuleActionAllow RuleAction = "Allow" RuleActionDrop RuleAction = "Drop" RuleDirectionIn RuleDirection = "Ingress" RuleDirectionOut RuleDirection = "Egress" NormalPolicy PolicyType = "normal" GlobalPolicy PolicyType = "global" InternalPolicy PolicyType = "internal" )
const ( GroupIndex = "GroupIndex" PolicyIndex = "PolicyIndex" )
Variables ¶
This section is empty.
Functions ¶
func AppendIPBlockPorts ¶
func AppendIPBlockPorts(dst []securityv1alpha1.NamedPort, src []securityv1alpha1.NamedPort) []securityv1alpha1.NamedPort
func DeepCopyMap ¶
func DeepCopyMap(theMap interface{}) interface{}
func GenerateFlowKey ¶
func GenerateFlowKey(rule PolicyRule) string
func NewCompleteRuleCache ¶
func NewGlobalRuleCache ¶
Types ¶
type CompleteRule ¶
type CompleteRule struct { // RuleID is a unique identifier of rule, it's always set to policyNamespace/policyName/policyType/ruleName. RuleID string Tier string EnforcementMode string Action RuleAction Direction RuleDirection // SymmetricMode will ignore direction, generate both ingress and egress rule SymmetricMode bool // DefaultPolicyRule is true when the it's the default egress or ingress rule in policy. DefaultPolicyRule bool // SrcGroups is a map of groupName and revision. Revision is used to determine whether // a patch has been executed for this group. SrcGroups map[string]int32 DstGroups map[string]int32 // SrcIPBlocks is a map of source IPBlocks and other ip infos. This schema is used to calculate // whether the patch leads to the added/deleted of IPBlocks. Virtual machine hot migration or // configuration conflict may lead to multiple identical IP in the same group at the same time. // If you want matches all source, you should write like {"": nil}. SrcIPBlocks map[string]*IPBlockItem // DstIPBlocks is a map of destination IPBlocks and other ip infos. If you want matches all // destination, you should write like {"": nil}. DstIPBlocks map[string]*IPBlockItem // Ports is a list of srcport and dstport with protocol. This filed must not empty. Ports []RulePort // contains filtered or unexported fields }
func (*CompleteRule) ApplyPatch ¶
func (rule *CompleteRule) ApplyPatch(patch *GroupPatch)
func (*CompleteRule) Clone ¶
func (rule *CompleteRule) Clone() *CompleteRule
func (*CompleteRule) GetPatchPolicyRules ¶
func (rule *CompleteRule) GetPatchPolicyRules(patch *GroupPatch) (newPolicyRuleList, oldPolicyRuleList []PolicyRule)
func (*CompleteRule) ListRules ¶
func (rule *CompleteRule) ListRules() []PolicyRule
ListRules return a list of security.everoute.io/v1alpha1 PolicyRule
type DeepCopyBase ¶
type DeepCopyBase interface {
DeepCopy() interface{}
}
type GroupCache ¶
type GroupCache struct {
// contains filtered or unexported fields
}
GroupCache cache GroupMembers and GroupMembersPatch, it's thread safe.
func (*GroupCache) AddGroupMembership ¶
func (cache *GroupCache) AddGroupMembership(members *groupv1alpha1.GroupMembers)
AddGroupMembership add GroupMembers to cache.
func (*GroupCache) AddPatch ¶
func (cache *GroupCache) AddPatch(patch *groupv1alpha1.GroupMembersPatch)
AddPatch add a GroupMembersPatch to patches.
func (*GroupCache) ApplyPatch ¶
func (cache *GroupCache) ApplyPatch(patch *GroupPatch)
ApplyPatch applied patch to cache GroupMembers. ApplyPatch should be called after the GroupPatch successfully processed.
func (*GroupCache) DelGroupMembership ¶
func (cache *GroupCache) DelGroupMembership(groupName string)
DelGroupMembership removed GroupMembers and it's patches from cache.
func (*GroupCache) ListGroupIPBlocks ¶
func (cache *GroupCache) ListGroupIPBlocks(groupName string) (revision int32, ipBlocks map[string]*IPBlockItem, exist bool)
ListGroupIPBlocks return a list of IPBlocks of the group.
func (*GroupCache) NextPatch ¶
func (cache *GroupCache) NextPatch(groupName string) *GroupPatch
NextPatch return a patch with the same revision of current GroupMembers. Nil patch means not exist next patch.
func (*GroupCache) PatchLen ¶
func (cache *GroupCache) PatchLen(groupName string) int
PatchLen return patches length of the giving group.
type GroupPatch ¶
type GroupPatch struct { // GroupName is group Name which should applied to. GroupName string // Revision is group Revision which should applied to. Revision int32 // Add is the Add IPBlocks if patch applied. Add map[string]*IPBlockItem // Del is the deleted IPBlocks if patch applied. Del map[string]*IPBlockItem }
type IPBlockItem ¶
type IPBlockItem struct { // AgentRef means this ip has appeared in these agents. // if sets is empty, this ip will apply to all agents. AgentRef sets.String // StaticCount is counter for ips which assigned directly in policy StaticCount int Ports []securityv1alpha1.NamedPort }
func NewIPBlockItem ¶
func NewIPBlockItem() *IPBlockItem
func (*IPBlockItem) DeepCopy ¶
func (item *IPBlockItem) DeepCopy() interface{}
type PolicyRule ¶
type PolicyRule struct { // Name format policyNamespace/policyName/policyType/ruleName-flowKey Name string `json:"name"` Action RuleAction `json:"action"` // match fields Direction RuleDirection `json:"direction"` RuleType RuleType `json:"ruleType"` Tier string `json:"tier,omitempty"` EnforcementMode string `json:"enforcementMode,omitempty"` SrcIPAddr string `json:"srcIPAddr,omitempty"` DstIPAddr string `json:"dstIPAddr,omitempty"` IPProtocol string `json:"ipProtocol"` SrcPort uint16 `json:"srcPort,omitempty"` DstPort uint16 `json:"dstPort,omitempty"` SrcPortMask uint16 `json:"srcPortMask,omitempty"` DstPortMask uint16 `json:"dstPortMask,omitempty"` }
type PolicyType ¶
type PolicyType string
type RuleAction ¶
type RuleAction string
type RuleDirection ¶
type RuleDirection string
type RulePort ¶
type RulePort struct { // SrcPort is source port, 0 matches all ports. SrcPort uint16 // DstPort is destination port, 0 matches all ports. DstPort uint16 // SrcPortMask is source port mask, 0x0000 & 0xffff have no effect. SrcPortMask uint16 // DstPortMask is destination port mask, 0x0000 & 0xffff have no effect. DstPortMask uint16 // SrcPortName is a source port name, the mapped port depends on each endpoint. SrcPortName string // DstPortName is a destination port name, the mapped port depends on each endpoint. DstPortName string // Protocol should set "" if want match all protocol. Protocol securityv1alpha1.Protocol }