security

package

v0.6.0 Latest Latest Go to latest Published: Oct 4, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/giantswarm/capg-firewall-rule-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Client
- func NewClient(securityPolicies *compute.SecurityPoliciesClient, ...) *Client
- func (c *Client) ApplyPolicy(ctx context.Context, cluster *capg.GCPCluster, policy Policy) error
- func (c *Client) DeletePolicy(ctx context.Context, cluster *capg.GCPCluster, name string) error
type ClusterNATIPResolver
type Policy
type PolicyReconciler
- func NewPolicyReconciler(defaultAPIAllowList []string, managementCluster types.NamespacedName, ...) *PolicyReconciler
- func (r *PolicyReconciler) Reconcile(ctx context.Context, cluster *capg.GCPCluster) error
- func (r *PolicyReconciler) ReconcileDelete(ctx context.Context, cluster *capg.GCPCluster) error
type PolicyRule
type SecurityPolicyClient

Constants ¶

View Source

const (
	ActionAllow   = "allow"
	ActionDeny403 = "deny(403)"

	SecurityPolicyVersionedExpr = "SRC_IPS_V1"

	DefaultRuleDescription = "Default rule, higher priority overrides it"
	DefaultRuleIPRanges    = "*"
	DefaultRulePriority    = int32(math.MaxInt32)
)

View Source

const AnnotationAPIAllowListSubnets = "api.gcp.giantswarm.io/allowlist"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func NewClient ¶

func NewClient(securityPolicies *compute.SecurityPoliciesClient, backendServices *compute.BackendServicesClient) *Client

func (*Client) ApplyPolicy ¶

func (c *Client) ApplyPolicy(ctx context.Context, cluster *capg.GCPCluster, policy Policy) error

func (*Client) DeletePolicy ¶

func (c *Client) DeletePolicy(ctx context.Context, cluster *capg.GCPCluster, name string) error

type ClusterNATIPResolver ¶

type ClusterNATIPResolver interface {
	GetIPs(context.Context, types.NamespacedName) ([]string, error)
}

type Policy ¶

type Policy struct {
	Name          string
	Description   string
	DefaultAction string
	Rules         []PolicyRule
}

type PolicyReconciler ¶

type PolicyReconciler struct {
	// contains filtered or unexported fields
}

func NewPolicyReconciler ¶

func NewPolicyReconciler(
	defaultAPIAllowList []string,
	managementCluster types.NamespacedName,
	securityPolicyClient SecurityPolicyClient,
	ipResolver ClusterNATIPResolver,
) *PolicyReconciler

func (*PolicyReconciler) Reconcile ¶

func (r *PolicyReconciler) Reconcile(ctx context.Context, cluster *capg.GCPCluster) error

func (*PolicyReconciler) ReconcileDelete ¶

func (r *PolicyReconciler) ReconcileDelete(ctx context.Context, cluster *capg.GCPCluster) error

type PolicyRule ¶

type PolicyRule struct {
	Action         string
	Description    string
	SourceIPRanges []string
	Priority       int32
}

type SecurityPolicyClient ¶

type SecurityPolicyClient interface {
	ApplyPolicy(context.Context, *capg.GCPCluster, Policy) error
	DeletePolicy(context.Context, *capg.GCPCluster, string) error
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
securityfakes Code generated by counterfeiter.	Code generated by counterfeiter.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL