sgroups

package
v1.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2024 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// NotifyCommit -
	NotifyCommit = "commit"
)
View Source 
const SchemaName = "sgroups"

SchemaName database scheme name

Variables

View Source 
var (
	// ErrNoRegistry -
	ErrNoRegistry = errors.New("no registry available")

	// ErrWriterClosed -
	ErrWriterClosed = errors.New("writer is closed")

	// ErrReaderClosed -
	ErrReaderClosed = errors.New("reader is closed")
)
View Source 
var ErrUnexpectedScope = errors.New("unexpected scope")

ErrUnexpectedScope -

View Source 
var ErrValidate = errors.New("validation failure")

ErrValidate validation failure

View Source 
var NoScope noScope

NoScope no any scope

Functions

This section is empty.

Types

type DBUpdated 

type DBUpdated struct {
	patterns.EventType
}

DBUpdated -

type FQDNRuleIdIndexer 

type FQDNRuleIdIndexer struct{} //nolint:revive

FQDNRuleIdIndexer indexer

func (FQDNRuleIdIndexer) FromArgs 

func (idx FQDNRuleIdIndexer) FromArgs(args ...interface{}) ([]byte, error)

FromArgs impl Indexer

func (FQDNRuleIdIndexer) FromObject 

func (idx FQDNRuleIdIndexer) FromObject(obj interface{}) (bool, []byte, error)

FromObject impl Indexer

type IPNetIndexer 

type IPNetIndexer struct {
	DataAccessor func(obj interface{}) interface{}
}

IPNetIndexer indexer

func (IPNetIndexer) FromArgs 

func (idx IPNetIndexer) FromArgs(args ...interface{}) ([]byte, error)

FromArgs impl Indexer

func (IPNetIndexer) FromObject 

func (idx IPNetIndexer) FromObject(obj interface{}) (bool, []byte, error)

FromObject impl Indexer

type IndexID 

type IndexID = string

IndexID alias to string

type IntegrityChecker 

type IntegrityChecker func(MemDbReader) error

IntegrityChecker mem db data integrity checker

func IntegrityChecker4CidrSgIcmpRules added in v1.13.0 

func IntegrityChecker4CidrSgIcmpRules() IntegrityChecker

IntegrityChecker4CidrSgIcmpRules -

func IntegrityChecker4CidrSgRules 

func IntegrityChecker4CidrSgRules() IntegrityChecker

IntegrityChecker4CidrSgRules -

func IntegrityChecker4FqdnRules 

func IntegrityChecker4FqdnRules() IntegrityChecker

IntegrityChecker4FqdnRules checks SG Rules restrictions

func IntegrityChecker4IESgSgIcmpRules added in v1.11.0 

func IntegrityChecker4IESgSgIcmpRules() IntegrityChecker

IntegrityChecker4IESgSgIcmpRules - checks existence of referred SGs

func IntegrityChecker4Networks 

func IntegrityChecker4Networks() IntegrityChecker

IntegrityChecker4Networks -

func IntegrityChecker4SG 

func IntegrityChecker4SG() IntegrityChecker

IntegrityChecker4SG checks if every network belongs to only one SG

func IntegrityChecker4SGRules 

func IntegrityChecker4SGRules() IntegrityChecker

IntegrityChecker4SGRules checks SG Rules restrictions

func IntegrityChecker4SgIcmpRules 

func IntegrityChecker4SgIcmpRules() IntegrityChecker

IntegrityChecker4SgIcmpRules -

func IntegrityChecker4SgSgIcmpRules 

func IntegrityChecker4SgSgIcmpRules() IntegrityChecker

IntegrityChecker4SgSgIcmpRules -

func IntegrityChecker4SgSgRules added in v1.10.0 

func IntegrityChecker4SgSgRules() IntegrityChecker

IntegrityChecker4SgSgRules - checks existence of referred SGs

type MemDB 

type MemDB interface {
	Reader() MemDbReader
	Writer() MemDbWriter
	Schema() *MemDbSchema
}

MemDB memory db impl

func NewMemDB 

func NewMemDB(opts ...MemDbOption) (MemDB, error)

NewMemDB creates memory db instance

type MemDBTables 

type MemDBTables []TableID

MemDBTables is a MemDbOption

type MemDbIndexSchema 

type MemDbIndexSchema = memdb.IndexSchema

MemDbIndexSchema alias to memdb.IndexSchema

type MemDbIterator 

type MemDbIterator = memdb.ResultIterator

MemDbIterator alias to memdb.ResultIterator

type MemDbOption 

type MemDbOption interface {
	// contains filtered or unexported methods
}

MemDbOption update option

func AllTables 

func AllTables() MemDbOption

AllTables -

type MemDbReader 

type MemDbReader interface {
	First(tabName TableID, index IndexID, args ...interface{}) (interface{}, error)
	Get(tabName TableID, index IndexID, args ...interface{}) (MemDbIterator, error)
}

MemDbReader reader interface

type MemDbSchema 

type MemDbSchema = memdb.DBSchema

MemDbSchema alias to memdb.DBSchema

type MemDbSchemaInit 

type MemDbSchemaInit func(*MemDbSchema)

MemDbSchemaInit init mem db schema Option

type MemDbStringFieldIndex 

type MemDbStringFieldIndex = memdb.StringFieldIndex

MemDbStringFieldIndex alias to MemDbStringFieldIndex

type MemDbTableSchema 

type MemDbTableSchema = memdb.TableSchema

MemDbTableSchema alias to memdb.TableSchema

type MemDbWriter 

type MemDbWriter interface {
	MemDbReader
	Commit() error
	Abort()
	Upsert(tabName TableID, obj interface{}) error
	Delete(tabName TableID, obj interface{}) error
	DeleteAll(tabName TableID, index IndexID, args ...interface{}) (int, error)
}

MemDbWriter writer interface

type Option 

type Option interface {
	// contains filtered or unexported methods
}

Option sync option

type Reader 

type Reader interface {
	Close() error
	// contains filtered or unexported methods
}

Reader db reader abstract

type Registry 

type Registry interface {
	Subject() patterns.Subject
	Writer(ctx context.Context) (Writer, error)
	Reader(ctx context.Context) (Reader, error)
	Close() error
}

Registry abstract db registry

func NewRegistryFromMemDB 

func NewRegistryFromMemDB(m MemDB) Registry

NewRegistryFromMemDB new Registry from MemDB

func NewRegistryFromPG 

func NewRegistryFromPG(ctx context.Context, dbURL url.URL) (r Registry, err error)

NewRegistryFromPG creates registry from Postgres

type SGRuleIdIndexer 

type SGRuleIdIndexer struct{} //nolint:revive

SGRuleIdIndexer indexer

func (SGRuleIdIndexer) FromArgs 

func (idx SGRuleIdIndexer) FromArgs(args ...interface{}) ([]byte, error)

FromArgs impl Indexer

func (SGRuleIdIndexer) FromObject 

func (idx SGRuleIdIndexer) FromObject(obj interface{}) (bool, []byte, error)

FromObject impl Indexer

type Scope 

type Scope interface {
	// contains filtered or unexported methods
}

Scope scope interface

func And 

func And(t1 Scope, t2 Scope) Scope

And logical and cope

func IPs 

func IPs(one net.IP, all bool, other ...net.IP) Scope

IPs makes IP(s) scope

func NetworkNames 

func NetworkNames(names ...model.NetworkName) Scope

NetworkNames makes networks name(s) scope

func Not 

func Not(t Scope) Scope

Not negate scope

func Or 

func Or(t1 Scope, t2 Scope) Scope

Or logical or scope

func PKScopeOfFQDNRules 

func PKScopeOfFQDNRules(others ...model.FQDNRule) Scope

PKScopeOfFQDNRules makes FQDN rule scope

func PKScopeOfSGRules 

func PKScopeOfSGRules(others ...model.SGRule) Scope

PKScopeOfSGRules makes SG rule scope

func PKScopeOfSgIcmpRules 

func PKScopeOfSgIcmpRules(rules ...model.SgIcmpRule) Scope

PKScopeOfSgIcmpRules makes SG:ICMP primary rule scope

func PKScopeOfSgSgIcmpRules 

func PKScopeOfSgSgIcmpRules(rules ...model.SgSgIcmpRule) Scope

PKScopeOfSgSgIcmpRules makes SG-SG:ICMP primary rule scope

func PKScopedCidrSgIcmpRules added in v1.13.0 

func PKScopedCidrSgIcmpRules(rules ...model.IECidrSgIcmpRule) Scope

PKScopedCidrSgIcmpRules make ICMP<4|6>:CIDR:SG:TRAFFIC primary rule scope

func PKScopedCidrSgRules 

func PKScopedCidrSgRules(rules ...model.IECidrSgRule) Scope

PKScopedCidrSgRules makes PROTO:CIDR:SG:TRAFFIC primary rule scope

func PKScopedIESgSgRules added in v1.11.0 

func PKScopedIESgSgRules(rules ...model.IESgSgIcmpRule) Scope

PKScopedIESgSgRules - primary rule scope

func PKScopedSgSgRules added in v1.10.0 

func PKScopedSgSgRules(rules ...model.IESgSgRule) Scope

PKScopedSgSgRules makes PROTO:SG-SG:TRAFFIC primary rule scope

func SG 

func SG(names ...string) Scope

SG maks security group name(s) scope

func SGFrom 

func SGFrom(one string, other ...string) Scope

SGFrom makes sec-group-'From' name scope used in Sg rules

func SGLocal added in v1.10.0 

func SGLocal(one string, other ...string) Scope

SGLocal makes local security group name(s) scope

func SGTo 

func SGTo(one string, other ...string) Scope

SGTo makes sec-group-'To' name scope used in Sg rules

type ScopedNetTransport 

type ScopedNetTransport model.NetworkTransport

ScopedNetTransport network transport scope

type SgIcmpIdIndexer 

type SgIcmpIdIndexer struct{}

SgIcmpIdIndexer -

func (SgIcmpIdIndexer) FromArgs 

func (idx SgIcmpIdIndexer) FromArgs(args ...interface{}) ([]byte, error)

FromArgs impl Indexer

func (SgIcmpIdIndexer) FromObject 

func (idx SgIcmpIdIndexer) FromObject(obj interface{}) (bool, []byte, error)

FromObject impl Indexer

type SgSgIcmpIdIndexer 

type SgSgIcmpIdIndexer struct{}

SgSgIcmpIdIndexer -

func (SgSgIcmpIdIndexer) FromArgs 

func (idx SgSgIcmpIdIndexer) FromArgs(args ...interface{}) ([]byte, error)

FromArgs impl Indexer

func (SgSgIcmpIdIndexer) FromObject 

func (idx SgSgIcmpIdIndexer) FromObject(obj interface{}) (bool, []byte, error)

FromObject impl Indexer

type SingleObjectIndexer 

type SingleObjectIndexer[T any] struct {
	// contains filtered or unexported fields
}

SingleObjectIndexer -

func (SingleObjectIndexer[T]) FromArgs 

func (idx SingleObjectIndexer[T]) FromArgs(args ...any) ([]byte, error)

FromArgs -

func (SingleObjectIndexer[T]) FromObject 

func (idx SingleObjectIndexer[T]) FromObject(obj any) (bool, []byte, error)

FromObject -

type SyncOmitDelete 

type SyncOmitDelete struct{ Option }

SyncOmitDelete omit Delete op at sync

type SyncOmitInsert 

type SyncOmitInsert struct{ Option }

SyncOmitInsert omit Insert op at sync

type SyncOmitUpdate 

type SyncOmitUpdate struct{ Option }

SyncOmitUpdate omit Update op at sync

type TableID 

type TableID int

TableID memory table ID 

const (
	// TblNetworks table 'networks'
	TblNetworks TableID = iota

	// TblSecGroups table 'security groups'
	TblSecGroups

	// TblSecRules table 'security rules'
	TblSecRules

	// TblSecRules table 'sync-status'
	TblSyncStatus

	// TblFqdnRules table 'fqdn rules'
	TblFqdnRules

	// TblSgIcmpRules table SG:ICMP<4|6> rules
	TblSgIcmpRules

	// TblSgIcmpRules table SG-SG:ICMP<4|6> rules
	TblSgSgIcmpRules

	// TblCidrSgRules table l4-proto:[INGRESS|EGRESS]-CIDR-SG rules
	TblCidrSgRules

	// TblSgSgRules table proto:[INGRESS|EGRESS]-SG-SG rules
	TblSgSgRules

	// TblIESgSgIcmpRules table [INGRESS|EGRESS]:SG-SG:ICMP<4|6> rules
	TblIESgSgIcmpRules

	// TblIECidrSgIcmpRules table [INGRESS|EGRESS]:CIDR-SG:ICMP<4|6> rules
	TblIECidrSgIcmpRules
)

func (TableID) IntegrityChecks 

func (tid TableID) IntegrityChecks() []IntegrityChecker

IntegrityChecks -

func (TableID) String 

func (tid TableID) String() string

String stringer interface impl

type Writer 

type Writer interface {
	SyncNetworks(ctx context.Context, networks []model.Network, scope Scope, opts ...Option) error
	SyncSecurityGroups(ctx context.Context, sgs []model.SecurityGroup, scope Scope, opts ...Option) error
	SyncSGRules(ctx context.Context, rules []model.SGRule, scope Scope, opts ...Option) error
	SyncFqdnRules(ctx context.Context, rules []model.FQDNRule, scope Scope, opts ...Option) error
	SyncSgIcmpRules(ctx context.Context, rules []model.SgIcmpRule, scope Scope, opts ...Option) error
	SyncSgSgIcmpRules(ctx context.Context, rules []model.SgSgIcmpRule, scope Scope, opts ...Option) error
	SyncCidrSgRules(ctx context.Context, rules []model.IECidrSgRule, scope Scope, opts ...Option) error
	SyncCidrSgIcmpRules(ctx context.Context, rules []model.IECidrSgIcmpRule, scope Scope, opts ...Option) error
	SyncSgSgRules(ctx context.Context, rules []model.IESgSgRule, scope Scope, opts ...Option) error
	SyncIESgSgIcmpRules(ctx context.Context, rules []model.IESgSgIcmpRule, scope Scope, opts ...Option) error
	Commit() error
	Abort()
}

Writer db writer abstract

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.