policy-gen/

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

How to generate a new Kuma policy

Create a new directory for the policy in pkg/plugins/policies. Example:
```
mkdir -p pkg/plugins/policies/donothingpolicy
```

Create a proto file for new policy in pkg/plugins/policies/donothingpolicy/api/v1alpha1. For example donothingpolicy.proto:

syntax = "proto3";

package kuma.plugins.policies.donothingpolicy.v1alpha1;

import "mesh/options.proto";
option go_package = "github.com/kumahq/kuma/pkg/plugins/policies/donothingpolicy/api/v1alpha1";

import "mesh/v1alpha1/selector.proto";
import "config.proto";

option (doc.config) = {
type : Policy,
name : "DoNothingPolicy",
file_name : "donothingpolicy"
};

// DoNothingPolicy defines permission for traffic between dataplanes.
message DoNothingPolicy {

option (kuma.mesh.resource).name = "DoNothingPolicyResource";
option (kuma.mesh.resource).type = "DoNothingPolicy";
option (kuma.mesh.resource).package = "mesh";
option (kuma.mesh.resource).kds.send_to_zone = true;
option (kuma.mesh.resource).ws.name = "donothingpolicy";
option (kuma.mesh.resource).ws.plural = "donothingpolicies";
option (kuma.mesh.resource).allow_to_inspect = true;

// List of selectors to match dataplanes that are sources of traffic.
repeated kuma.mesh.v1alpha1.Selector sources = 1 [ (doc.required) = true ];
// List of selectors to match services that are destinations of traffic.
repeated kuma.mesh.v1alpha1.Selector destinations = 2 [ (doc.required) = true ];

message Conf {
  bool enableDoNothing = 1;
}

Conf conf = 3;

}

Call make generate/policy/<POLICY_NAME>. Example:
```
make generate/policy/donothingpolicy
```
Optional. Add validation. Create file validator.go, file with such name won't be cleaned up by make cleanup/policy/donothingpolicy. Implement method validate() error:
```
package v1alpha1

func (t *DoNothingPolicyResource) validate() error { 
    // validate resource here
    return nil
}
```
You can always not register a policy with skip_registration in the policy definition

How to use

Now you can check swagger-ui for this policy:

docker run -p 80:8080 -e SWAGGER_JSON=/policy/rest.yaml -v $PWD/pkg/plugins/policies/donothingpolicy/api/v1alpha1:/policy swaggerapi/swagger-ui

To actually do something with created policy a ResourceSetHook should be registered:

// plugin.go

type myHook struct {}

func (m *myHook) Modify(resourceSet *core_xds.ResourceSet, ctx xds_context.Context, proxy *core_xds.Proxy) error {
	// modify resourceSet here
	return nil
}

func (p *myPlugin) AfterBootstrap(mctx *core_plugins.MutablePluginContext, _ core_plugins.PluginConfig) error {
	mctx.XDSHooks().AddResourceSetHook(&myHook{})
	return nil
}

where myPlugin is a BootstrapPlugin.

Directories ¶

Path	Synopsis
protoc-gen-kumapolicy

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL