Documentation

Overview

    Package policy describes a generic interface for retrieving policies. Different implementations are possible for environments such as Kubernetes, Mesos or other custom environments. An implementation has to provide a method for retrieving policy based on the metadata associated with the container and deleting the policy when the container dies. It is up to the implementation to decide how to generate the policy. The package also defines the basic data structure for communicating policy information. The implementations are responsible for providing all the necessary data.

    Index

    Constants

    View Source
    const (
    	// AllowAll allows everything for the specific PU.
    	AllowAll = 0x1
    	// Police filters on the PU based on the PolicyRules.
    	Police = 0x2
    )
    View Source
    const (
    	// Equal is the equal operator
    	Equal = "="
    	// NotEqual is the not equal operator
    	NotEqual = "=!"
    	// KeyExists is the key=* operator
    	KeyExists = "*"
    	// KeyNotExists means that the key doesnt exist in the incoming tags
    	KeyNotExists = "!*"
    )
    View Source
    const (
    	// DefaultNamespace is the default namespace for applying policy
    	DefaultNamespace = "bridge"
    )

    Variables

    This section is empty.

    Functions

    func DefaultLogPrefix

    func DefaultLogPrefix(contextID string) string

      DefaultLogPrefix return the prefix used in nf-log action for default rule.

      func EncodedStringToAction

      func EncodedStringToAction(e string) (ActionType, ObserveActionType, error)

        EncodedStringToAction returns action and observed action from encoded string.

        Types

        type ActionType

        type ActionType byte

          ActionType is the action that can be applied to a flow.

          const (
          	// Accept is the accept action
          	Accept ActionType = 0x1
          	// Reject is the reject  action
          	Reject ActionType = 0x2
          	// Encrypt instructs data to be encrypted
          	Encrypt ActionType = 0x4
          	// Log instructs the datapath to log the IP addresses
          	Log ActionType = 0x8
          	// Observe instructs the datapath to observe policy results
          	Observe ActionType = 0x10
          )

          func (ActionType) Accepted

          func (f ActionType) Accepted() bool

            Accepted returns if the action mask contains the Accepted mask.

            func (ActionType) ActionString

            func (f ActionType) ActionString() string

              ActionString returns if the action if accepted of rejected as a long string.

              func (ActionType) Encrypted

              func (f ActionType) Encrypted() bool

                Encrypted returns if the action mask contains the Encrypted mask.

                func (ActionType) Logged

                func (f ActionType) Logged() bool

                  Logged returns if the action mask contains the Logged mask.

                  func (ActionType) Observed

                  func (f ActionType) Observed() bool

                    Observed returns if the action mask contains the Observed mask.

                    func (ActionType) Rejected

                    func (f ActionType) Rejected() bool

                      Rejected returns if the action mask contains the Rejected mask.

                      func (ActionType) String

                      func (f ActionType) String() string

                      type ApplicationService

                      type ApplicationService struct {
                      	// ID is the id of the service
                      	ID string
                      
                      	// NetworkInfo provides the network information (addresses/ports) of the service.
                      	// This is the public facing network information, or how the service can be
                      	// accessed. In the case of Load Balancers for example, this would be the
                      	// IP/port of the load balancer.
                      	NetworkInfo *common.Service
                      
                      	// PrivateNetworkInfo captures the network service definition of an application
                      	// as seen by the application. For example the port that the application is
                      	// listening to. This is needed in the case of port mappings.
                      	PrivateNetworkInfo *common.Service
                      
                      	// Type is the type of the service.
                      	Type ServiceType
                      
                      	// HTTPRules are only valid for HTTP Services and capture the list of APIs
                      	// exposed by the service.
                      	HTTPRules []*HTTPRule
                      
                      	// Tags are the tags of the service.
                      	Tags *TagStore
                      
                      	// JWTCertificate is a certificate for validating JWT bearer tokens in http requests.
                      	// It is only useful for HTTP services where the Bearer Authentication header provides
                      	// a JWT token. It is used to validate the JWT tokens.
                      	JWTCertificate []byte
                      
                      	// External indicates if this is an external service. For external services
                      	// access control is implemented at the ingress.
                      	External bool
                      
                      	// CACert is the certificate of the CA of external services. This allows TLS to
                      	// work with external services that use private CAs.
                      	CACert []byte
                      }

                        ApplicationService is the type of service that this PU exposes.

                        type ApplicationServicesList

                        type ApplicationServicesList []*ApplicationService

                          ApplicationServicesList is a list of ApplicationServices.

                          type ExtendedMap

                          type ExtendedMap map[string]string

                            ExtendedMap is a common map with additional functions

                            func (ExtendedMap) Copy

                            func (s ExtendedMap) Copy() ExtendedMap

                              Copy copies an ExtendedMap

                              func (ExtendedMap) Get

                              func (s ExtendedMap) Get(key string) (string, bool)

                                Get does a lookup in the map

                                type FlowPolicy

                                type FlowPolicy struct {
                                	ObserveAction ObserveActionType
                                	Action        ActionType
                                	ServiceID     string
                                	PolicyID      string
                                }

                                  FlowPolicy captures the policy for a particular flow

                                  func (*FlowPolicy) EncodedActionString

                                  func (f *FlowPolicy) EncodedActionString() string

                                    EncodedActionString is used to encode observed action as well as action

                                    func (*FlowPolicy) LogPrefix

                                    func (f *FlowPolicy) LogPrefix(contextID string) string

                                      LogPrefix is the prefix used in nf-log action. It must be less than

                                      type HTTPRule

                                      type HTTPRule struct {
                                      	// URIs is a list of regular expressions that describe the URIs that
                                      	// a service is exposing.
                                      	URIs []string
                                      
                                      	// Methods is a list of the allowed verbs for the given list of URIs.
                                      	Methods []string
                                      
                                      	// Scopes is a list of scopes associated with this rule. Clients
                                      	// must present one of these scopes in order to get access to this
                                      	// API. The scopes are presented either in the Trireme identity or the
                                      	// JWT of HTTP Authorization header.
                                      	Scopes []string
                                      
                                      	// Public indicates that this is a public API and anyone can access it.
                                      	// No authorization will be performed on public APIs.
                                      	Public bool
                                      }

                                        HTTPRule holds a rule for a particular HTTPService. The rule relates a set of URIs defined as regular expressions with associated verbs. The * VERB indicates all actions.

                                        type IPRule

                                        type IPRule struct {
                                        	Address  string
                                        	Port     string
                                        	Protocol string
                                        	Policy   *FlowPolicy
                                        }

                                          IPRule holds IP rules to external services

                                          type IPRuleList

                                          type IPRuleList []IPRule

                                            IPRuleList is a list of IP rules

                                            func (IPRuleList) Copy

                                            func (l IPRuleList) Copy() IPRuleList

                                              Copy creates a clone of the IP rule list

                                              type KeyValueOperator

                                              type KeyValueOperator struct {
                                              	Key      string
                                              	Value    []string
                                              	Operator Operator
                                              }

                                                KeyValueOperator describes an individual matching rule

                                                type ObserveActionType

                                                type ObserveActionType byte

                                                  ObserveActionType is the action that can be applied to a flow for an observation rule.

                                                  const (
                                                  	// ObserveNone specifies if any observation was made or not.
                                                  	ObserveNone ObserveActionType = 0x0
                                                  	// ObserveContinue is used to not take any action on packet and is deferred to
                                                  	// an actual rule with accept or deny action.
                                                  	ObserveContinue ObserveActionType = 0x1
                                                  	// ObserveApply is used to apply action to packets hitting this rule.
                                                  	ObserveApply ObserveActionType = 0x2
                                                  )

                                                    Observe actions are used in conjunction with action.

                                                    func (ObserveActionType) ObserveApply

                                                    func (f ObserveActionType) ObserveApply() bool

                                                      ObserveApply returns if the action of observation rule is allow.

                                                      func (ObserveActionType) ObserveContinue

                                                      func (f ObserveActionType) ObserveContinue() bool

                                                        ObserveContinue returns if the action of observation rule is continue.

                                                        func (ObserveActionType) Observed

                                                        func (f ObserveActionType) Observed() bool

                                                          Observed returns true if any observed action was found.

                                                          func (ObserveActionType) String

                                                          func (f ObserveActionType) String() string

                                                          type Operator

                                                          type Operator string

                                                            Operator defines the operation between your key and value.

                                                            type OptionsType

                                                            type OptionsType struct {
                                                            	// CgroupName is the name of the cgroup
                                                            	CgroupName string
                                                            
                                                            	// CgroupMark is the tag of the cgroup
                                                            	CgroupMark string
                                                            
                                                            	// UserID is the user ID if it exists
                                                            	UserID string
                                                            
                                                            	// Services is the list of services of interest
                                                            	Services []common.Service
                                                            
                                                            	// ProxyPort is the port on which the proxy listens
                                                            	ProxyPort string
                                                            
                                                            	// PolicyExtensions is policy resolution extensions
                                                            	PolicyExtensions interface{}
                                                            
                                                            	// PortMap maps container port -> host ports.
                                                            	PortMap map[nat.Port][]string
                                                            }

                                                              OptionsType is a set of options that can be passed with a policy request

                                                              type PUAction

                                                              type PUAction int

                                                                PUAction defines the action types that applies for a specific PU as a whole.

                                                                type PUInfo

                                                                type PUInfo struct {
                                                                	// ContextID is the ID of the container that the policy applies to
                                                                	ContextID string
                                                                	// Policy is an instantiation of the container policy
                                                                	Policy *PUPolicy
                                                                	// RunTime captures all data that are captured from the container
                                                                	Runtime *PURuntime
                                                                }

                                                                  PUInfo captures all policy information related to a connection as well as runtime. It makes passing data around simpler.

                                                                  func NewPUInfo

                                                                  func NewPUInfo(contextID string, puType common.PUType) *PUInfo

                                                                    NewPUInfo instantiates a new ContainerPolicy

                                                                    func PUInfoFromPolicyAndRuntime

                                                                    func PUInfoFromPolicyAndRuntime(contextID string, policyInfo *PUPolicy, runtimeInfo *PURuntime) *PUInfo

                                                                      PUInfoFromPolicyAndRuntime generates a ContainerInfo Struct from an existing RuntimeInfo and PolicyInfo

                                                                      type PUPolicy

                                                                      type PUPolicy struct {
                                                                      	sync.Mutex
                                                                      	// contains filtered or unexported fields
                                                                      }

                                                                        PUPolicy captures all policy information related ot the container

                                                                        func NewPUPolicy

                                                                        func NewPUPolicy(
                                                                        	id string,
                                                                        	action PUAction,
                                                                        	appACLs IPRuleList,
                                                                        	netACLs IPRuleList,
                                                                        	txtags TagSelectorList,
                                                                        	rxtags TagSelectorList,
                                                                        	identity *TagStore,
                                                                        	annotations *TagStore,
                                                                        	ips ExtendedMap,
                                                                        	triremeNetworks []string,
                                                                        	excludedNetworks []string,
                                                                        	proxiedServices *ProxiedServicesInfo,
                                                                        	exposedServices ApplicationServicesList,
                                                                        	dependentServices ApplicationServicesList,
                                                                        	scopes []string,
                                                                        ) *PUPolicy

                                                                          NewPUPolicy generates a new ContainerPolicyInfo appACLs are the ACLs for packet coming from the Application/PU to the Network. netACLs are the ACLs for packet coming from the Network to the Application/PU.

                                                                          func NewPUPolicyWithDefaults

                                                                          func NewPUPolicyWithDefaults() *PUPolicy

                                                                            NewPUPolicyWithDefaults sets up a PU policy with defaults

                                                                            func (*PUPolicy) AddIdentityTag

                                                                            func (p *PUPolicy) AddIdentityTag(k, v string)

                                                                              AddIdentityTag adds a policy tag

                                                                              func (*PUPolicy) AddReceiverRules

                                                                              func (p *PUPolicy) AddReceiverRules(t TagSelector)

                                                                                AddReceiverRules adds a receiver rule

                                                                                func (*PUPolicy) AddTransmitterRules

                                                                                func (p *PUPolicy) AddTransmitterRules(t TagSelector)

                                                                                  AddTransmitterRules adds a transmitter rule

                                                                                  func (*PUPolicy) Annotations

                                                                                  func (p *PUPolicy) Annotations() *TagStore

                                                                                    Annotations returns a copy of the annotations

                                                                                    func (*PUPolicy) ApplicationACLs

                                                                                    func (p *PUPolicy) ApplicationACLs() IPRuleList

                                                                                      ApplicationACLs returns a copy of IPRuleList

                                                                                      func (*PUPolicy) Clone

                                                                                      func (p *PUPolicy) Clone() *PUPolicy

                                                                                        Clone returns a copy of the policy

                                                                                        func (*PUPolicy) DependentServices

                                                                                        func (p *PUPolicy) DependentServices() ApplicationServicesList

                                                                                          DependentServices returns the external services.

                                                                                          func (*PUPolicy) ExcludedNetworks

                                                                                          func (p *PUPolicy) ExcludedNetworks() []string

                                                                                            ExcludedNetworks returns the list of excluded networks.

                                                                                            func (*PUPolicy) ExposedServices

                                                                                            func (p *PUPolicy) ExposedServices() ApplicationServicesList

                                                                                              ExposedServices returns the exposed services

                                                                                              func (*PUPolicy) IPAddresses

                                                                                              func (p *PUPolicy) IPAddresses() ExtendedMap

                                                                                                IPAddresses returns all the IP addresses for the processing unit

                                                                                                func (*PUPolicy) Identity

                                                                                                func (p *PUPolicy) Identity() *TagStore

                                                                                                  Identity returns a copy of the Identity

                                                                                                  func (*PUPolicy) ManagementID

                                                                                                  func (p *PUPolicy) ManagementID() string

                                                                                                    ManagementID returns the management ID

                                                                                                    func (*PUPolicy) NetworkACLs

                                                                                                    func (p *PUPolicy) NetworkACLs() IPRuleList

                                                                                                      NetworkACLs returns a copy of IPRuleList

                                                                                                      func (*PUPolicy) ProxiedServices

                                                                                                      func (p *PUPolicy) ProxiedServices() *ProxiedServicesInfo

                                                                                                        ProxiedServices returns the list of networks that Trireme must be applied

                                                                                                        func (*PUPolicy) ReceiverRules

                                                                                                        func (p *PUPolicy) ReceiverRules() TagSelectorList

                                                                                                          ReceiverRules returns a copy of TagSelectorList

                                                                                                          func (*PUPolicy) Scopes

                                                                                                          func (p *PUPolicy) Scopes() []string

                                                                                                            Scopes returns the scopes of the policy.

                                                                                                            func (*PUPolicy) ServiceCertificates

                                                                                                            func (p *PUPolicy) ServiceCertificates() (string, string, string)

                                                                                                              ServiceCertificates returns the service certificate.

                                                                                                              func (*PUPolicy) SetIPAddresses

                                                                                                              func (p *PUPolicy) SetIPAddresses(l ExtendedMap)

                                                                                                                SetIPAddresses sets the IP addresses for the processing unit

                                                                                                                func (*PUPolicy) SetTriremeAction

                                                                                                                func (p *PUPolicy) SetTriremeAction(action PUAction)

                                                                                                                  SetTriremeAction returns the TriremeAction

                                                                                                                  func (*PUPolicy) ToPublicPolicy

                                                                                                                  func (p *PUPolicy) ToPublicPolicy() *PUPolicyPublic

                                                                                                                    ToPublicPolicy converts the object to a marshallable object.

                                                                                                                    func (*PUPolicy) TransmitterRules

                                                                                                                    func (p *PUPolicy) TransmitterRules() TagSelectorList

                                                                                                                      TransmitterRules returns a copy of TagSelectorList

                                                                                                                      func (*PUPolicy) TriremeAction

                                                                                                                      func (p *PUPolicy) TriremeAction() PUAction

                                                                                                                        TriremeAction returns the TriremeAction

                                                                                                                        func (*PUPolicy) TriremeNetworks

                                                                                                                        func (p *PUPolicy) TriremeNetworks() []string

                                                                                                                          TriremeNetworks returns the list of networks that Trireme must be applied

                                                                                                                          func (*PUPolicy) UpdateExcludedNetworks

                                                                                                                          func (p *PUPolicy) UpdateExcludedNetworks(networks []string)

                                                                                                                            UpdateExcludedNetworks updates the list of excluded networks.

                                                                                                                            func (*PUPolicy) UpdateServiceCertificates

                                                                                                                            func (p *PUPolicy) UpdateServiceCertificates(cert, key string)

                                                                                                                              UpdateServiceCertificates updates the certificate and private key of the policy

                                                                                                                              func (*PUPolicy) UpdateTriremeNetworks

                                                                                                                              func (p *PUPolicy) UpdateTriremeNetworks(networks []string)

                                                                                                                                UpdateTriremeNetworks updates the set of networks for trireme

                                                                                                                                type PUPolicyPublic

                                                                                                                                type PUPolicyPublic struct {
                                                                                                                                	ManagementID        string                  `json:"managementID,omitempty"`
                                                                                                                                	TriremeAction       PUAction                `json:"triremeAction,omitempty"`
                                                                                                                                	ApplicationACLs     IPRuleList              `json:"applicationACLs,omitempty"`
                                                                                                                                	NetworkACLs         IPRuleList              `json:"networkACLs,omitempty"`
                                                                                                                                	Identity            *TagStore               `json:"identity,omitempty"`
                                                                                                                                	Annotations         *TagStore               `json:"annotations,omitempty"`
                                                                                                                                	TransmitterRules    TagSelectorList         `json:"transmitterRules,omitempty"`
                                                                                                                                	ReceiverRules       TagSelectorList         `json:"receiverRules,omitempty"`
                                                                                                                                	IPs                 ExtendedMap             `json:"IPs,omitempty"`
                                                                                                                                	TriremeNetworks     []string                `json:"triremeNetworks,omitempty"`
                                                                                                                                	ExcludedNetworks    []string                `json:"excludedNetworks,omitempty"`
                                                                                                                                	ProxiedServices     *ProxiedServicesInfo    `json:"proxiedServices,omitempty"`
                                                                                                                                	ExposedServices     ApplicationServicesList `json:"exposedServices,omitempty"`
                                                                                                                                	DependentServices   ApplicationServicesList `json:"dependentServices,omitempty"`
                                                                                                                                	ServicesCertificate string                  `json:"servicesCertificate,omitempty"`
                                                                                                                                	ServicesPrivateKey  string                  `json:"servicesPrivateKey,omitempty"`
                                                                                                                                	ServicesCA          string                  `json:"servicesCA,omitempty"`
                                                                                                                                	Scopes              []string                `json:"scopes,omitempty"`
                                                                                                                                }

                                                                                                                                  PUPolicyPublic captures all policy information related ot the processing unit in an object that can be marshalled and transmitted over the RPC interface.

                                                                                                                                  func (*PUPolicyPublic) ToPrivatePolicy

                                                                                                                                  func (p *PUPolicyPublic) ToPrivatePolicy() *PUPolicy

                                                                                                                                    ToPrivatePolicy converts the object to a private object.

                                                                                                                                    type PURuntime

                                                                                                                                    type PURuntime struct {
                                                                                                                                    	sync.Mutex
                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                    }

                                                                                                                                      PURuntime holds all data related to the status of the container run time

                                                                                                                                      func NewPURuntime

                                                                                                                                      func NewPURuntime(name string, pid int, nsPath string, tags *TagStore, ips ExtendedMap, puType common.PUType, options *OptionsType) *PURuntime

                                                                                                                                        NewPURuntime Generate a new RuntimeInfo

                                                                                                                                        func NewPURuntimeWithDefaults

                                                                                                                                        func NewPURuntimeWithDefaults() *PURuntime

                                                                                                                                          NewPURuntimeWithDefaults sets up PURuntime with defaults

                                                                                                                                          func (*PURuntime) Clone

                                                                                                                                          func (r *PURuntime) Clone() *PURuntime

                                                                                                                                            Clone returns a copy of the policy

                                                                                                                                            func (*PURuntime) IPAddresses

                                                                                                                                            func (r *PURuntime) IPAddresses() ExtendedMap

                                                                                                                                              IPAddresses returns all the IP addresses for the processing unit

                                                                                                                                              func (*PURuntime) MarshalJSON

                                                                                                                                              func (r *PURuntime) MarshalJSON() ([]byte, error)

                                                                                                                                                MarshalJSON Marshals this struct.

                                                                                                                                                func (*PURuntime) NSPath

                                                                                                                                                func (r *PURuntime) NSPath() string

                                                                                                                                                  NSPath returns the NSPath

                                                                                                                                                  func (*PURuntime) Name

                                                                                                                                                  func (r *PURuntime) Name() string

                                                                                                                                                    Name returns the PID

                                                                                                                                                    func (*PURuntime) Options

                                                                                                                                                    func (r *PURuntime) Options() OptionsType

                                                                                                                                                      Options returns tags for the processing unit

                                                                                                                                                      func (*PURuntime) PUType

                                                                                                                                                      func (r *PURuntime) PUType() common.PUType

                                                                                                                                                        PUType returns the PU type

                                                                                                                                                        func (*PURuntime) Pid

                                                                                                                                                        func (r *PURuntime) Pid() int

                                                                                                                                                          Pid returns the PID

                                                                                                                                                          func (*PURuntime) PortMap

                                                                                                                                                          func (r *PURuntime) PortMap() map[nat.Port][]string

                                                                                                                                                            PortMap returns the mapping from host port->container port

                                                                                                                                                            func (*PURuntime) SetIPAddresses

                                                                                                                                                            func (r *PURuntime) SetIPAddresses(ipa ExtendedMap)

                                                                                                                                                              SetIPAddresses sets up all the IP addresses for the processing unit

                                                                                                                                                              func (*PURuntime) SetNSPath

                                                                                                                                                              func (r *PURuntime) SetNSPath(nsPath string)

                                                                                                                                                                SetNSPath sets the NSPath

                                                                                                                                                                func (*PURuntime) SetOptions

                                                                                                                                                                func (r *PURuntime) SetOptions(options OptionsType)

                                                                                                                                                                  SetOptions sets the Options

                                                                                                                                                                  func (*PURuntime) SetPUType

                                                                                                                                                                  func (r *PURuntime) SetPUType(puType common.PUType)

                                                                                                                                                                    SetPUType sets the PU Type

                                                                                                                                                                    func (*PURuntime) SetPid

                                                                                                                                                                    func (r *PURuntime) SetPid(pid int)

                                                                                                                                                                      SetPid sets the PID

                                                                                                                                                                      func (*PURuntime) SetServices

                                                                                                                                                                      func (r *PURuntime) SetServices(services []common.Service)

                                                                                                                                                                        SetServices updates the services of the runtime.

                                                                                                                                                                        func (*PURuntime) SetTags

                                                                                                                                                                        func (r *PURuntime) SetTags(t *TagStore)

                                                                                                                                                                          SetTags returns tags for the processing unit

                                                                                                                                                                          func (*PURuntime) Tag

                                                                                                                                                                          func (r *PURuntime) Tag(key string) (string, bool)

                                                                                                                                                                            Tag returns a specific tag for the processing unit

                                                                                                                                                                            func (*PURuntime) Tags

                                                                                                                                                                            func (r *PURuntime) Tags() *TagStore

                                                                                                                                                                              Tags returns tags for the processing unit

                                                                                                                                                                              func (*PURuntime) UnmarshalJSON

                                                                                                                                                                              func (r *PURuntime) UnmarshalJSON(param []byte) error

                                                                                                                                                                                UnmarshalJSON Unmarshals this struct.

                                                                                                                                                                                type PURuntimeJSON

                                                                                                                                                                                type PURuntimeJSON struct {
                                                                                                                                                                                	// PUType is the type of the PU
                                                                                                                                                                                	PUType common.PUType
                                                                                                                                                                                	// Pid holds the value of the first process of the container
                                                                                                                                                                                	Pid int
                                                                                                                                                                                	// NSPath is the path to the networking namespace for this PURuntime if applicable.
                                                                                                                                                                                	NSPath string
                                                                                                                                                                                	// Name is the name of the container
                                                                                                                                                                                	Name string
                                                                                                                                                                                	// IPAddress is the IP Address of the container
                                                                                                                                                                                	IPAddresses ExtendedMap
                                                                                                                                                                                	// Tags is a map of the metadata of the container
                                                                                                                                                                                	Tags *TagStore
                                                                                                                                                                                	// Options is a map of the options of the container
                                                                                                                                                                                	Options *OptionsType
                                                                                                                                                                                }

                                                                                                                                                                                  PURuntimeJSON is a Json representation of PURuntime

                                                                                                                                                                                  type ProxiedServicesInfo

                                                                                                                                                                                  type ProxiedServicesInfo struct {
                                                                                                                                                                                  	// PublicIPPortPair  is an array public ip,port  of load balancer or passthrough object per pu
                                                                                                                                                                                  	PublicIPPortPair []string
                                                                                                                                                                                  	// PrivateIPPortPair is an array of private ip,port of load balancer or passthrough object per pu
                                                                                                                                                                                  	PrivateIPPortPair []string
                                                                                                                                                                                  }

                                                                                                                                                                                    ProxiedServicesInfo holds the info for a proxied service.

                                                                                                                                                                                    func (*ProxiedServicesInfo) AddPrivateIPPortPair

                                                                                                                                                                                    func (p *ProxiedServicesInfo) AddPrivateIPPortPair(ipportpair string)

                                                                                                                                                                                      AddPrivateIPPortPair adds a private ip port pair

                                                                                                                                                                                      func (*ProxiedServicesInfo) AddPublicIPPortPair

                                                                                                                                                                                      func (p *ProxiedServicesInfo) AddPublicIPPortPair(ipportpair string)

                                                                                                                                                                                        AddPublicIPPortPair add a ip port pair to proxied services

                                                                                                                                                                                        type Resolver

                                                                                                                                                                                        type Resolver interface {
                                                                                                                                                                                        
                                                                                                                                                                                        	// HandlePUEvent is called by all monitors when a PU event is generated. The implementer
                                                                                                                                                                                        	// is responsible to update all components by explicitly adding a new PU.
                                                                                                                                                                                        	HandlePUEvent(ctx context.Context, puID string, event common.Event, runtime RuntimeReader) error
                                                                                                                                                                                        }

                                                                                                                                                                                          A Resolver must be implemnted by a policy engine that receives monitor events.

                                                                                                                                                                                          type RuntimeReader

                                                                                                                                                                                          type RuntimeReader interface {
                                                                                                                                                                                          
                                                                                                                                                                                          	// Pid returns the Pid of the Runtime.
                                                                                                                                                                                          	Pid() int
                                                                                                                                                                                          
                                                                                                                                                                                          	// Name returns the process name of the Runtime.
                                                                                                                                                                                          	Name() string
                                                                                                                                                                                          
                                                                                                                                                                                          	// NSPath returns the path to the namespace of the PU, if applicable
                                                                                                                                                                                          	NSPath() string
                                                                                                                                                                                          
                                                                                                                                                                                          	// Tag returns  the value of the given tag.
                                                                                                                                                                                          	Tag(string) (string, bool)
                                                                                                                                                                                          
                                                                                                                                                                                          	// Tags returns a copy of the list of the tags.
                                                                                                                                                                                          	Tags() *TagStore
                                                                                                                                                                                          
                                                                                                                                                                                          	// Options returns a copy of the list of options.
                                                                                                                                                                                          	Options() OptionsType
                                                                                                                                                                                          
                                                                                                                                                                                          	// IPAddresses returns a copy of all the IP addresses.
                                                                                                                                                                                          	IPAddresses() ExtendedMap
                                                                                                                                                                                          
                                                                                                                                                                                          	// Returns the PUType for the PU
                                                                                                                                                                                          	PUType() common.PUType
                                                                                                                                                                                          
                                                                                                                                                                                          	// SetServices sets the services of the runtime.
                                                                                                                                                                                          	SetServices(services []common.Service)
                                                                                                                                                                                          
                                                                                                                                                                                          	// PortMap returns portmap (container port -> host port)
                                                                                                                                                                                          	PortMap() map[nat.Port][]string
                                                                                                                                                                                          }

                                                                                                                                                                                            A RuntimeReader allows to get the specific parameters stored in the Runtime

                                                                                                                                                                                            type ServiceType

                                                                                                                                                                                            type ServiceType int

                                                                                                                                                                                              ServiceType are the types of services that can are suported.

                                                                                                                                                                                              const (
                                                                                                                                                                                              	ServiceL3 ServiceType = iota
                                                                                                                                                                                              	ServiceHTTP
                                                                                                                                                                                              	ServiceTCP
                                                                                                                                                                                              )

                                                                                                                                                                                                Values of ServiceType

                                                                                                                                                                                                type TagSelector

                                                                                                                                                                                                type TagSelector struct {
                                                                                                                                                                                                	Clause []KeyValueOperator
                                                                                                                                                                                                	Policy *FlowPolicy
                                                                                                                                                                                                }

                                                                                                                                                                                                  TagSelector info describes a tag selector key Operator value

                                                                                                                                                                                                  type TagSelectorList

                                                                                                                                                                                                  type TagSelectorList []TagSelector

                                                                                                                                                                                                    TagSelectorList defines a list of TagSelectors

                                                                                                                                                                                                    func (TagSelectorList) Copy

                                                                                                                                                                                                      Copy returns a copy of the TagSelectorList

                                                                                                                                                                                                      type TagStore

                                                                                                                                                                                                      type TagStore struct {
                                                                                                                                                                                                      	Tags []string
                                                                                                                                                                                                      }

                                                                                                                                                                                                        TagStore stores the tags - it allows duplicate key values

                                                                                                                                                                                                        func NewTagStore

                                                                                                                                                                                                        func NewTagStore() *TagStore

                                                                                                                                                                                                          NewTagStore creates a new TagStore

                                                                                                                                                                                                          func NewTagStoreFromMap

                                                                                                                                                                                                          func NewTagStoreFromMap(tags map[string]string) *TagStore

                                                                                                                                                                                                            NewTagStoreFromMap creates a tag store from an input map

                                                                                                                                                                                                            func NewTagStoreFromSlice

                                                                                                                                                                                                            func NewTagStoreFromSlice(tags []string) *TagStore

                                                                                                                                                                                                              NewTagStoreFromSlice creates a new tag store from a slice.

                                                                                                                                                                                                              func (*TagStore) AppendKeyValue

                                                                                                                                                                                                              func (t *TagStore) AppendKeyValue(key, value string)

                                                                                                                                                                                                                AppendKeyValue appends a key and value to the tag store

                                                                                                                                                                                                                func (*TagStore) Copy

                                                                                                                                                                                                                func (t *TagStore) Copy() *TagStore

                                                                                                                                                                                                                  Copy copies a TagStore

                                                                                                                                                                                                                  func (*TagStore) Get

                                                                                                                                                                                                                  func (t *TagStore) Get(key string) (string, bool)

                                                                                                                                                                                                                    Get does a lookup in the list of tags

                                                                                                                                                                                                                    func (*TagStore) GetSlice

                                                                                                                                                                                                                    func (t *TagStore) GetSlice() []string

                                                                                                                                                                                                                      GetSlice returns the tagstore as a slice

                                                                                                                                                                                                                      func (*TagStore) IsEmpty

                                                                                                                                                                                                                      func (t *TagStore) IsEmpty() bool

                                                                                                                                                                                                                        IsEmpty if no key value pairs exist.

                                                                                                                                                                                                                        func (*TagStore) Merge

                                                                                                                                                                                                                        func (t *TagStore) Merge(m *TagStore) (merged int)

                                                                                                                                                                                                                          Merge merges tags from m into native tag store. if the key exists, the provided tag from m is ignored.

                                                                                                                                                                                                                          func (*TagStore) String

                                                                                                                                                                                                                          func (t *TagStore) String() string

                                                                                                                                                                                                                            String provides a string representation of tag store.

                                                                                                                                                                                                                            Directories

                                                                                                                                                                                                                            Path Synopsis
                                                                                                                                                                                                                            Package mockpolicy is a generated GoMock package.
                                                                                                                                                                                                                            Package mockpolicy is a generated GoMock package.