-
Notifications
You must be signed in to change notification settings - Fork 51
/
types.go
236 lines (188 loc) · 5.2 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
package policy
import "strconv"
const (
// DefaultNamespace is the default namespace for applying policy
DefaultNamespace = "bridge"
)
// Operator defines the operation between your key and value.
type Operator string
const (
// Equal is the equal operator
Equal = "="
// NotEqual is the not equal operator
NotEqual = "=!"
// KeyExists is the key=* operator
KeyExists = "*"
// KeyNotExists means that the key doesnt exist in the incoming tags
KeyNotExists = "!*"
)
// ActionType is the action that can be applied to a flow.
type ActionType byte
// Accepted returns if the action mask contains the Accepted mask.
func (f ActionType) Accepted() bool {
return f&Accept > 0
}
// Rejected returns if the action mask contains the Rejected mask.
func (f ActionType) Rejected() bool {
return f&Reject > 0
}
// Encrypted returns if the action mask contains the Encrypted mask.
func (f ActionType) Encrypted() bool {
return f&Encrypt > 0
}
// Logged returns if the action mask contains the Logged mask.
func (f ActionType) Logged() bool {
return f&Log > 0
}
// ShortActionString returns if the action if accepted of rejected as a short string.
func (f ActionType) ShortActionString() string {
if f.Accepted() && !f.Rejected() {
return "a"
}
if !f.Accepted() && f.Rejected() {
return "r"
}
return "p"
}
// ActionString returns if the action if accepted of rejected as a long string.
func (f ActionType) ActionString() string {
if f.Accepted() && !f.Rejected() {
return "accept"
}
if !f.Accepted() && f.Rejected() {
return "reject"
}
return "passthrough"
}
func (f ActionType) String() string {
switch f {
case Accept:
return "accept"
case Reject:
return "reject"
case Encrypt:
return "encrypt"
case Log:
return "log"
}
return "unknown"
}
const (
// Accept is the accept action
Accept ActionType = 0x1
// Reject is the reject action
Reject ActionType = 0x2
// Encrypt instructs data to be encrypted
Encrypt ActionType = 0x4
// Log instructs the datapath to log the IP addresses
Log ActionType = 0x8
)
// FlowPolicy captures the policy for a particular flow
type FlowPolicy struct {
Action ActionType
ServiceID string
PolicyID string
}
// IPRule holds IP rules to external services
type IPRule struct {
Address string
Port string
Protocol string
Policy *FlowPolicy
}
// IPRuleList is a list of IP rules
type IPRuleList []IPRule
// Copy creates a clone of the IP rule list
func (l IPRuleList) Copy() IPRuleList {
list := make(IPRuleList, len(l))
for i, v := range l {
list[i] = v
}
return list
}
// KeyValueOperator describes an individual matching rule
type KeyValueOperator struct {
Key string
Value []string
Operator Operator
}
// TagSelector info describes a tag selector key Operator value
type TagSelector struct {
Clause []KeyValueOperator
Policy *FlowPolicy
}
// TagSelectorList defines a list of TagSelectors
type TagSelectorList []TagSelector
// Copy returns a copy of the TagSelectorList
func (t TagSelectorList) Copy() TagSelectorList {
list := make(TagSelectorList, len(t))
for i, v := range t {
list[i] = v
}
return list
}
// ExtendedMap is a common map with additional functions
type ExtendedMap map[string]string
// Copy copies an ExtendedMap
func (s ExtendedMap) Copy() ExtendedMap {
c := ExtendedMap{}
for k, v := range s {
c[k] = v
}
return c
}
// Get does a lookup in the map
func (s ExtendedMap) Get(key string) (string, bool) {
value, ok := s[key]
return value, ok
}
// Service is a protocol/port service of interest - used to pass user requests
type Service struct {
// Protocol is the protocol number
Protocol uint8
// Port is the target port
Port uint16
}
// ConvertServicesToPortList converts an array of services to a port list
func ConvertServicesToPortList(services []Service) string {
portlist := ""
for _, s := range services {
portlist = portlist + strconv.Itoa(int(s.Port)) + ","
}
if len(portlist) == 0 {
portlist = "0"
} else {
portlist = string(portlist[:len(portlist)-1])
}
return portlist
}
// OptionsType is a set of options that can be passed with a policy request
type OptionsType struct {
// CgroupName is the name of the cgroup
CgroupName string
// CgroupMark is the tag of the cgroup
CgroupMark string
// UserID is the user ID if it exists
UserID string
// Services is the list of services of interest
Services []Service
// ProxyPort is the port on which the proxy listens
ProxyPort string
// PolicyExtensions is policy resolution extensions
PolicyExtensions interface{}
}
//ProxiedServicesInfo holds the info for a proxied service.
type ProxiedServicesInfo struct {
// PublicIPPortPair is an array public ip,port of load balancer or passthrough object per pu
PublicIPPortPair []string
// PrivateIPPortPair is an array of private ip,port of load balancer or passthrough object per pu
PrivateIPPortPair []string
}
// AddPublicIPPortPair add a ip port pair to proxied services
func (p *ProxiedServicesInfo) AddPublicIPPortPair(ipportpair string) {
p.PublicIPPortPair = append(p.PublicIPPortPair, ipportpair)
}
// AddPrivateIPPortPair adds a private ip port pair
func (p *ProxiedServicesInfo) AddPrivateIPPortPair(ipportpair string) {
p.PrivateIPPortPair = append(p.PrivateIPPortPair, ipportpair)
}