-
Notifications
You must be signed in to change notification settings - Fork 51
/
types.go
167 lines (137 loc) · 3.42 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
package policy
const (
// DefaultNamespace is the default namespace for applying policy
DefaultNamespace = "bridge"
)
// Operator defines the operation between your key and value.
type Operator string
const (
// Equal is the equal operator
Equal = "="
// NotEqual is the not equal operator
NotEqual = "=!"
// KeyExists is the key=* operator
KeyExists = "*"
// KeyNotExists means that the key doesnt exist in the incoming tags
KeyNotExists = "!*"
)
// ActionType is the action that can be applied to a flow.
type ActionType byte
// Accepted returns if the action mask contains the Accepted mask.
func (f ActionType) Accepted() bool {
return f&Accept > 0
}
// Rejected returns if the action mask contains the Rejected mask.
func (f ActionType) Rejected() bool {
return f&Reject > 0
}
// Encrypted returns if the action mask contains the Encrypted mask.
func (f ActionType) Encrypted() bool {
return f&Encrypt > 0
}
// Logged returns if the action mask contains the Logged mask.
func (f ActionType) Logged() bool {
return f&Log > 0
}
// ShortActionString returns if the action if accepted of rejected as a short string.
func (f ActionType) ShortActionString() string {
if f.Accepted() && !f.Rejected() {
return "a"
}
if !f.Accepted() && f.Rejected() {
return "r"
}
return "p"
}
// ActionString returns if the action if accepted of rejected as a long string.
func (f ActionType) ActionString() string {
if f.Accepted() && !f.Rejected() {
return "accept"
}
if !f.Accepted() && f.Rejected() {
return "reject"
}
return "passthrough"
}
func (f ActionType) String() string {
switch f {
case Accept:
return "accept"
case Reject:
return "reject"
case Encrypt:
return "encrypt"
case Log:
return "log"
}
return "unknown"
}
const (
// Accept is the accept action
Accept ActionType = 0x1
// Reject is the reject action
Reject ActionType = 0x2
// Encrypt instructs data to be encrypted
Encrypt ActionType = 0x4
// Log instructs the datapath to log the IP addresses
Log ActionType = 0x8
)
// FlowPolicy captures the policy for a particular flow
type FlowPolicy struct {
Action ActionType
ServiceID string
PolicyID string
}
// IPRule holds IP rules to external services
type IPRule struct {
Address string
Port string
Protocol string
Policy *FlowPolicy
}
// IPRuleList is a list of IP rules
type IPRuleList []IPRule
// Copy creates a clone of the IP rule list
func (l IPRuleList) Copy() IPRuleList {
list := make(IPRuleList, len(l))
for i, v := range l {
list[i] = v
}
return list
}
// KeyValueOperator describes an individual matching rule
type KeyValueOperator struct {
Key string
Value []string
Operator Operator
}
// TagSelector info describes a tag selector key Operator value
type TagSelector struct {
Clause []KeyValueOperator
Policy *FlowPolicy
}
// TagSelectorList defines a list of TagSelectors
type TagSelectorList []TagSelector
// Copy returns a copy of the TagSelectorList
func (t TagSelectorList) Copy() TagSelectorList {
list := make(TagSelectorList, len(t))
for i, v := range t {
list[i] = v
}
return list
}
// ExtendedMap is a common map with additional functions
type ExtendedMap map[string]string
// Copy copies an ExtendedMap
func (s ExtendedMap) Copy() ExtendedMap {
c := ExtendedMap{}
for k, v := range s {
c[k] = v
}
return c
}
// Get does a lookup in the map
func (s ExtendedMap) Get(key string) (string, bool) {
value, ok := s[key]
return value, ok
}