common

package

v1.1.0 Latest Latest Go to latest Published: Mar 5, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/np-guard/netpol-analyzer

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index ¶

Constants
func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[v1.Protocol][]PortRange) string
func InttoIP4(ipInt int64) string
type CanonicalIntervalSet
type Connection
type ConnectionSet
- func MakeConnectionSet(all bool) *ConnectionSet
type IPBlock
type Interval
type NetpolError
type PortRange
type PortSet
- func MakePortSet(all bool) PortSet

Constants ¶

View Source

const (
	//  The actual ingress controller pod is usually unknown and not available in the input resources for the analysis.
	// IngressPodName and IngressPodNamespace are used to represent that pod with those placeholder values for name and namespace.
	IngressPodName      = "ingress-controller"
	IngressPodNamespace = "ingress-controller-ns"
)

Ingress Controller const - the name and namespace of an ingress-controller pod

Variables ¶

This section is empty.

Functions ¶

func ConnStrFromConnProperties ¶

func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[v1.Protocol][]PortRange) string

func InttoIP4 ¶

func InttoIP4(ipInt int64) string

InttoIP4 returns a string of an ip address from an input integer ip value

Types ¶

type CanonicalIntervalSet ¶

type CanonicalIntervalSet struct {
	IntervalSet []Interval // sorted list of non-overlapping intervals
}

CanonicalIntervalSet is a canonical representation of a set of Interval objects

func (*CanonicalIntervalSet) AddHole ¶

func (c *CanonicalIntervalSet) AddHole(hole Interval)

AddHole updates the current CanonicalIntervalSet object by removing the input Interval from the set

func (*CanonicalIntervalSet) AddInterval ¶

func (c *CanonicalIntervalSet) AddInterval(intervalToAdd Interval)

AddInterval updates the current CanonicalIntervalSet with a new Interval to add

func (*CanonicalIntervalSet) ContainedIn ¶

func (c *CanonicalIntervalSet) ContainedIn(other CanonicalIntervalSet) bool

ContainedIn returns true of the current CanonicalIntervalSet is contained in the input CanonicalIntervalSet

func (*CanonicalIntervalSet) Copy ¶

func (c *CanonicalIntervalSet) Copy() CanonicalIntervalSet

Copy returns a new copy of the CanonicalIntervalSet object

func (*CanonicalIntervalSet) Equal ¶

func (c *CanonicalIntervalSet) Equal(other CanonicalIntervalSet) bool

Equal returns true if the CanonicalIntervalSet equals the input CanonicalIntervalSet

func (*CanonicalIntervalSet) Intersection ¶

func (c *CanonicalIntervalSet) Intersection(other CanonicalIntervalSet)

Intersection updates current CanonicalIntervalSet with intersection result of input CanonicalIntervalSet

func (*CanonicalIntervalSet) IsEmpty ¶

func (c *CanonicalIntervalSet) IsEmpty() bool

IsEmpty returns true if the CanonicalIntervalSet is empty

func (*CanonicalIntervalSet) Overlaps ¶

func (c *CanonicalIntervalSet) Overlaps(other *CanonicalIntervalSet) bool

Overlaps returns true if current CanonicalIntervalSet overlaps with input CanonicalIntervalSet

func (*CanonicalIntervalSet) String ¶

func (c *CanonicalIntervalSet) String() string

String returns a string representation of the current CanonicalIntervalSet object

func (*CanonicalIntervalSet) Subtraction ¶

func (c *CanonicalIntervalSet) Subtraction(other CanonicalIntervalSet)

Subtraction updates current CanonicalIntervalSet with subtraction result of input CanonicalIntervalSet

func (*CanonicalIntervalSet) Union ¶

func (c *CanonicalIntervalSet) Union(other CanonicalIntervalSet)

Union updates the CanonicalIntervalSet object with the union result of the input CanonicalIntervalSet

type Connection ¶

type Connection interface {
	// ProtocolsAndPortsMap returns the set of allowed connections
	ProtocolsAndPortsMap() map[v1.Protocol][]PortRange
	// AllConnections returns true if all ports are allowed for all protocols
	AllConnections() bool
	// IsEmpty returns true if no connection is allowed
	IsEmpty() bool
}

Connection represents a set of allowed connections between two peers

type ConnectionSet ¶

type ConnectionSet struct {
	AllowAll         bool
	AllowedProtocols map[v1.Protocol]*PortSet // map from protocol name to set of allowed ports
}

ConnectionSet represents a set of allowed connections between two peers on a k8s env and implements Connection interface

func MakeConnectionSet ¶

func MakeConnectionSet(all bool) *ConnectionSet

MakeConnectionSet returns a pointer to ConnectionSet object with all connections or no connections

func (*ConnectionSet) AddConnection ¶

func (conn *ConnectionSet) AddConnection(protocol v1.Protocol, ports PortSet)

AddConnection updates current ConnectionSet object with new allowed connection

func (*ConnectionSet) AllConnections ¶

func (conn *ConnectionSet) AllConnections() bool

AllConnections returns true if all ports are allowed for all protocols

func (*ConnectionSet) ContainedIn ¶

func (conn *ConnectionSet) ContainedIn(other *ConnectionSet) bool

ContainedIn returns true if current ConnectionSet is conatained in the input ConnectionSet object

func (*ConnectionSet) Contains ¶

func (conn *ConnectionSet) Contains(port, protocol string) bool

Contains returns true if the input port+protocol is an allowed connection

func (*ConnectionSet) Equal ¶

func (conn *ConnectionSet) Equal(other *ConnectionSet) bool

Equal returns true if the current ConnectionSet object is equal to the input object

func (*ConnectionSet) Intersection ¶

func (conn *ConnectionSet) Intersection(other *ConnectionSet)

Intersection updates ConnectionSet object to be the intersection result with other ConnectionSet

func (*ConnectionSet) IsEmpty ¶

func (conn *ConnectionSet) IsEmpty() bool

IsEmpty returns true if the ConnectionSet has no allowed connections

func (*ConnectionSet) ProtocolsAndPortsMap ¶

func (conn *ConnectionSet) ProtocolsAndPortsMap() map[v1.Protocol][]PortRange

ProtocolsAndPortsMap() returns a map from allowed protocol to list of allowed ports ranges.

func (*ConnectionSet) String ¶

func (conn *ConnectionSet) String() string

String returns a string representation of the ConnectionSet object

func (*ConnectionSet) Union ¶

func (conn *ConnectionSet) Union(other *ConnectionSet)

Union updates ConnectionSet object to be the union result with other ConnectionSet

type IPBlock ¶

type IPBlock struct {
	// contains filtered or unexported fields
}

IPBlock captures a set of ip ranges

func DisjointIPBlocks ¶

func DisjointIPBlocks(set1, set2 []*IPBlock) []*IPBlock

DisjointIPBlocks returns an IPBlock of disjoint ip ranges from 2 input IPBlock objects

func MergeIPBlocksList ¶

func MergeIPBlocksList(inputList []*IPBlock) []*IPBlock

func NewIPBlock ¶

func NewIPBlock(cidr string, exceptions []string) (*IPBlock, error)

NewIPBlock returns an IPBlock object from input cidr str an exceptions cidr str

func NewIPBlockFromIPAddress ¶

func NewIPBlockFromIPAddress(ipAddress string) (*IPBlock, error)

NewIPBlockFromIPAddress returns an IPBlock object from input ip address str

func (*IPBlock) ContainedIn ¶

func (b *IPBlock) ContainedIn(other *IPBlock) bool

func (*IPBlock) Copy ¶

func (b *IPBlock) Copy() *IPBlock

Copy returns a new copy of IPBlock object

func (*IPBlock) IsIPAddress ¶

func (b *IPBlock) IsIPAddress(ipAddress string) bool

IsIPAddress returns true if IPBlock object is a range of exactly one ip address from input

func (*IPBlock) Split ¶

func (b *IPBlock) Split() []*IPBlock

Split returns a set of IpBlock objects, each with a single range of ips

func (*IPBlock) ToIPRanges ¶

func (b *IPBlock) ToIPRanges() string

ToIPRanges returns a string of the ip ranges in the current IPBlock object

type Interval ¶

type Interval struct {
	Start int64
	End   int64
}

Interval is an integer interval from Start to End

func (*Interval) Equal ¶

func (i *Interval) Equal(x Interval) bool

Equal returns true if current Interval obj is equal to the input Interval

func (*Interval) Lt ¶

func (i *Interval) Lt(x Interval) bool

Lt returns true if current Interval obj is less than the input Interval

func (*Interval) String ¶

func (i *Interval) String() string

String returns a String representation of Interval object

type NetpolError ¶

type NetpolError interface {
	IsFatal() bool
	IsSevere() bool
	Error() error
	Location() string
}

NetpolError holds information about a single error/warning that occurred during running connectivity analysis command (list or diff)

type PortRange ¶

type PortRange interface {
	// Start is the start port
	Start() int64
	// End is the end port
	End() int64
	// String returns a string representation of the PortRange object
	String() string
}

PortRange describes a port or a range of ports for allowed traffic If start port equals end port, it represents a single port

type PortSet ¶

type PortSet struct {
	Ports              CanonicalIntervalSet
	NamedPorts         map[string]bool
	ExcludedNamedPorts map[string]bool
}

PortSet: represents set of allowed ports in a connection

func MakePortSet ¶

func MakePortSet(all bool) PortSet

MakePortSet: return a new PortSet object, with all ports or no ports allowed

func (*PortSet) AddPort ¶

func (p *PortSet) AddPort(port intstr.IntOrString)

AddPort: update current PortSet object with new added port as allowed

func (*PortSet) AddPortRange ¶

func (p *PortSet) AddPortRange(minPort, maxPort int64)

AddPortRange: update current PortSet object with new added port range as allowed

func (*PortSet) ContainedIn ¶

func (p *PortSet) ContainedIn(other PortSet) bool

ContainedIn: return true if current PortSet object is contained in input PortSet object

func (*PortSet) Contains ¶

func (p *PortSet) Contains(port int64) bool

Contains: return true if current PortSet contains a specific input port

func (*PortSet) Copy ¶

func (p *PortSet) Copy() PortSet

Copy: return a new copy of a PortSet object

func (*PortSet) Equal ¶

func (p *PortSet) Equal(other PortSet) bool

Equal: return true if current object equals another PortSet object

func (*PortSet) Intersection ¶

func (p *PortSet) Intersection(other PortSet)

Intersection: update current PortSet object as intersection with input PortSet object

func (*PortSet) IsAll ¶

func (p *PortSet) IsAll() bool

IsAll: return true if current PortSet object contains all ports

func (*PortSet) IsEmpty ¶

func (p *PortSet) IsEmpty() bool

IsEmpty: return true if current object is empty (no ports allowed)

func (*PortSet) RemovePort ¶

func (p *PortSet) RemovePort(port intstr.IntOrString)

RemovePort: update current PortSet object with removing input port from allowed ports

func (*PortSet) String ¶

func (p *PortSet) String() string

String: return string representation of current PortSet

func (*PortSet) Union ¶

func (p *PortSet) Union(other PortSet)

Union: update current PortSet object with union of input PortSet object

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL