forked from neuvector/neuvector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
types.go
107 lines (94 loc) · 3.35 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package orchestration
import (
"errors"
"net"
"os"
"github.com/neuvector/neuvector/share"
"github.com/neuvector/neuvector/share/container"
"github.com/neuvector/neuvector/share/system"
sk "github.com/neuvector/neuvector/share/system/sidekick"
"github.com/neuvector/neuvector/share/utils"
)
var ErrMethodNotSupported = errors.New("Method not supported")
var ErrUnknownResource = errors.New("Unknown resource")
var ErrResourceNotSupported = errors.New("Method on resource not supported")
type Service struct {
Name string
Domain string
}
type Driver interface {
GetVersion() (string, string)
SetIPAddrScope(ports map[string][]share.CLUSIPAddr, meta *container.ContainerMeta, nets map[string]*container.Network)
GetService(meta *container.ContainerMeta) *Service
GetPlatformRole(meta *container.ContainerMeta) (string, bool) // return platform type and if container should be secured
GetDomain(labels map[string]string) string
GetServiceSubnet(envs []string) *net.IPNet
GetHostTunnelIP(links map[string]sk.NetIface) []net.IPNet
IgnoreConnectFromManagedHost() bool
ConsiderHostsAsInternal() bool
ApplyPolicyAtIngress() bool
SupportKubeCISBench() bool
CleanupHostPorts(hostPorts map[string][]share.CLUSIPAddr) error
}
// --
type WatchCallback func(rt string, event string, object interface{}, old interface{})
type StateCallback func(state string, err error)
type UserRBAC struct {
Name string
Domain string
RBAC map[string]string // domain -> nv role
}
type ResourceDriver interface {
GetOEMVersion() (string, error)
Login(username, password string) (string, string, error)
Logout(username, token string) error
GetAuthServerAlias() string
GetUserRoles(username string) (map[string]string, error)
ListUsers() []UserRBAC
RegisterResource(rt string) error
ListResource(rt string) ([]interface{}, error)
StartWatchResource(rt string, wcb WatchCallback, scb StateCallback) error
StopWatchResource(rt string) error
StopWatchAllResources() error
GetResource(rt, namespace, name string) (interface{}, error)
AddResource(rt string, res interface{}) error
UpdateResource(rt string, res interface{}) error
DeleteResource(rt string, res interface{}) error
}
// --
var baseDriver *base
func GetDriver(platform, flavor, network string, ver1, ver2 string,
sys *system.SystemTools, rt container.Runtime,
) Driver {
baseDriver = &base{noop: noop{platform: platform, flavor: flavor, network: network}}
switch platform {
case share.PlatformKubernetes:
driver := &kubernetes{
noop: noop{platform: platform, flavor: flavor, network: network},
sys: sys, k8sVer: ver1, ocVer: ver2,
}
return driver
case share.PlatformRancher:
driver := &rancher{noop: noop{platform: platform, flavor: flavor, network: network}}
return driver
case share.PlatformAliyun:
driver := &aliyun{noop: noop{platform: platform, flavor: flavor, network: network}}
return driver
case share.PlatformAmazonECS:
driver := &ecs{noop: noop{platform: platform, flavor: flavor, network: network}}
return driver
case share.PlatformDocker:
driver := &docker{
noop: noop{platform: platform, flavor: flavor, network: network},
rt: rt,
envParser: utils.NewEnvironParser(os.Environ()),
}
return driver
default:
driver := &unknown{
noop: noop{platform: platform, flavor: flavor, network: network},
envParser: utils.NewEnvironParser(os.Environ()),
}
return driver
}
}