forked from cilium/cilium
/
policy.go
101 lines (89 loc) · 2.74 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
// Copyright 2016-2017 Authors of Cilium
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package policy
import (
"fmt"
"strconv"
"strings"
"github.com/cilium/cilium/api/v1/models"
"github.com/cilium/cilium/pkg/labels"
log "github.com/Sirupsen/logrus"
"github.com/op/go-logging"
)
type Tracing int
const (
TRACE_DISABLED Tracing = iota
TRACE_ENABLED
TRACE_VERBOSE
)
// PolicyTrace logs the given message into the SearchContext logger only if
// TRACE_ENABLED or TRACE_VERBOSE is enabled in the receiver's SearchContext.
func (s *SearchContext) PolicyTrace(format string, a ...interface{}) {
switch s.Trace {
case TRACE_ENABLED, TRACE_VERBOSE:
log.Debugf(format, a...)
if s.Logging != nil {
format = "%-" + s.CallDepth() + "s" + format
a = append([]interface{}{""}, a...)
s.Logging.Logger.Printf(format, a...)
}
}
}
// PolicyTraceVerbose logs the given message into the SearchContext logger only
// if TRACE_VERBOSE is enabled in the receiver's SearchContext.
func (s *SearchContext) PolicyTraceVerbose(format string, a ...interface{}) {
switch s.Trace {
case TRACE_VERBOSE:
log.Debugf(format, a...)
if s.Logging != nil {
s.Logging.Logger.Printf(format, a...)
}
}
}
// SearchContext defines the context while evaluating policy
type SearchContext struct {
Trace Tracing
Depth int
Logging *logging.LogBackend
From labels.LabelArray
To labels.LabelArray
DPorts []*models.Port
// IngressL4Only is true if only ingress L4 policy should be evaluated
IngressL4Only bool
// EgressL4Only is true if only egress L4 policy should be evaluated
EgressL4Only bool
}
func (s *SearchContext) String() string {
from := []string{}
to := []string{}
dports := []string{}
for _, fromLabel := range s.From {
from = append(from, fromLabel.String())
}
for _, toLabel := range s.To {
to = append(to, toLabel.String())
}
for _, dport := range s.DPorts {
dports = append(dports, fmt.Sprintf("%d/%s", dport.Port, dport.Protocol))
}
ret := fmt.Sprintf("From: [%s]", strings.Join(from, ", "))
ret += fmt.Sprintf(" => To: [%s]", strings.Join(to, ", "))
if len(dports) != 0 {
ret += fmt.Sprintf(" Ports: [%s]", strings.Join(dports, ", "))
}
return ret
}
func (s *SearchContext) CallDepth() string {
return strconv.Itoa(s.Depth * 2)
}