trireme-lib: go.aporeto.io/trireme-lib/policy Index | Files | Directories

package policy

import "go.aporeto.io/trireme-lib/policy"

Package policy describes a generic interface for retrieving policies. Different implementations are possible for environments such as Kubernetes, Mesos or other custom environments. An implementation has to provide a method for retrieving policy based on the metadata associated with the container and deleting the policy when the container dies. It is up to the implementation to decide how to generate the policy. The package also defines the basic data structure for communicating policy information. The implementations are responsible for providing all the necessary data.

Index

Package Files

apiservices.go interfaces.go policy.go puinfo.go runtime.go tagstore.go types.go

Constants

const (
    // AllowAll allows everything for the specific PU.
    AllowAll = 0x1
    // Police filters on the PU based on the PolicyRules.
    Police = 0x2
)
const (
    // Equal is the equal operator
    Equal = "="
    // NotEqual is the not equal operator
    NotEqual = "=!"
    // KeyExists is the key=* operator
    KeyExists = "*"
    // KeyNotExists means that the key doesnt exist in the incoming tags
    KeyNotExists = "!*"
)
const (
    // DefaultNamespace is the default namespace for applying policy
    DefaultNamespace = "bridge"
)

func DefaultLogPrefix Uses

func DefaultLogPrefix(contextID string) string

DefaultLogPrefix return the prefix used in nf-log action for default rule.

func EncodedStringToAction Uses

func EncodedStringToAction(e string) (ActionType, ObserveActionType, error)

EncodedStringToAction returns action and observed action from encoded string.

type ActionType Uses

type ActionType byte

ActionType is the action that can be applied to a flow.

const (
    // Accept is the accept action
    Accept ActionType = 0x1
    // Reject is the reject  action
    Reject ActionType = 0x2
    // Encrypt instructs data to be encrypted
    Encrypt ActionType = 0x4
    // Log instructs the datapath to log the IP addresses
    Log ActionType = 0x8
    // Observe instructs the datapath to observe policy results
    Observe ActionType = 0x10
)

func (ActionType) Accepted Uses

func (f ActionType) Accepted() bool

Accepted returns if the action mask contains the Accepted mask.

func (ActionType) ActionString Uses

func (f ActionType) ActionString() string

ActionString returns if the action if accepted of rejected as a long string.

func (ActionType) Encrypted Uses

func (f ActionType) Encrypted() bool

Encrypted returns if the action mask contains the Encrypted mask.

func (ActionType) Logged Uses

func (f ActionType) Logged() bool

Logged returns if the action mask contains the Logged mask.

func (ActionType) Observed Uses

func (f ActionType) Observed() bool

Observed returns if the action mask contains the Observed mask.

func (ActionType) Rejected Uses

func (f ActionType) Rejected() bool

Rejected returns if the action mask contains the Rejected mask.

func (ActionType) String Uses

func (f ActionType) String() string

type ApplicationService Uses

type ApplicationService struct {
    // ID is the id of the service
    ID  string

    // NetworkInfo provides the network information (addresses/ports) of the service.
    // This is the public facing network information, or how the service can be
    // accessed. In the case of Load Balancers for example, this would be the
    // IP/port of the load balancer.
    NetworkInfo *common.Service

    // PrivateNetworkInfo captures the network service definition of an application
    // as seen by the application. For example the port that the application is
    // listening to. This is needed in the case of port mappings.
    PrivateNetworkInfo *common.Service

    // PublicNetworkInfo provides the network information where the enforcer
    // should listen for incoming connections of the service. This can be
    // different than the PrivateNetworkInfo where the application is listening
    // and it essentially allows users to create Virtual IPs and Virtual Ports
    // for the new exposed TLS services. So, if an application is listening
    // on port 80, users do not need to access the application from external
    // network through TLS on port 80, that looks weird. They can instead create
    // a PublicNetworkInfo and have the trireme listen on port 443, while the
    // application is still listening on port 80.
    PublicNetworkInfo *common.Service

    // Type is the type of the service.
    Type ServiceType

    // HTTPRules are only valid for HTTP Services and capture the list of APIs
    // exposed by the service.
    HTTPRules []*HTTPRule

    // Tags are the tags of the service.
    Tags *TagStore

    // UserAuthorizationType is the type of user authorization that must be used.
    UserAuthorizationType UserAuthorizationTypeValues

    // UserAuthorizationHandler is the token handler for validating user tokens.
    UserAuthorizationHandler usertokens.Verifier

    // UserTokenToHTTPMappings is a map of mappings between JWT claims arriving in
    // a user request and outgoing HTTP headers towards an application. It
    // is used to allow operators to map claims to HTTP headers that downstream
    // applications can understand.
    UserTokenToHTTPMappings map[string]string

    // UserRedirectOnAuthorizationFail is the URL that the user can be redirected
    // if there is an authorization failure. This allows the display of a custom
    // message.
    UserRedirectOnAuthorizationFail string

    // External indicates if this is an external service. For external services
    // access control is implemented at the ingress.
    External bool

    // CACert is the certificate of the CA of external services. This allows TLS to
    // work with external services that use private CAs.
    CACert []byte

    // AuthToken is the authentication token for any external API service calls. It is
    // used for example by the secrets proxy.
    AuthToken string

    // MutualTLSTrustedRoots is the CA that must be used for mutual TLS authentication.
    MutualTLSTrustedRoots []byte

    // PublicServiceCertificate is a publically signed certificate that can be used
    // by the service to expose TLS to users without a Trireme client
    PublicServiceCertificate []byte

    // PublicServiceCertificateKey is the corresponding private key.
    PublicServiceCertificateKey []byte

    // PublicServiceNoTLS indicates that TLS will not be enabled in the public application
    // ports. This is useful for health checks. It should not be used for API access.
    PublicServiceNoTLS bool
}

ApplicationService is the type of service that this PU exposes.

type ApplicationServicesList Uses

type ApplicationServicesList []*ApplicationService

ApplicationServicesList is a list of ApplicationServices.

type DNSRule Uses

type DNSRule struct {
    Name     string
    Port     string
    Protocol string
    Policy   *FlowPolicy
}

DNSRule holds the dns names and the assicated ports

type DNSRuleList Uses

type DNSRuleList []DNSRule

DNSRuleList is a list of DNS rules

func (DNSRuleList) Copy Uses

func (l DNSRuleList) Copy() DNSRuleList

Copy creates a clone of DNS rule list

type ExtendedMap Uses

type ExtendedMap map[string]string

ExtendedMap is a common map with additional functions

func (ExtendedMap) Copy Uses

func (s ExtendedMap) Copy() ExtendedMap

Copy copies an ExtendedMap

func (ExtendedMap) Get Uses

func (s ExtendedMap) Get(key string) (string, bool)

Get does a lookup in the map

type FlowPolicy Uses

type FlowPolicy struct {
    ObserveAction ObserveActionType
    Action        ActionType
    ServiceID     string
    PolicyID      string
    Labels        []string
}

FlowPolicy captures the policy for a particular flow

func (*FlowPolicy) EncodedActionString Uses

func (f *FlowPolicy) EncodedActionString() string

EncodedActionString is used to encode observed action as well as action

func (*FlowPolicy) LogPrefix Uses

func (f *FlowPolicy) LogPrefix(contextID string) string

LogPrefix is the prefix used in nf-log action. It must be less than

type HTTPRule Uses

type HTTPRule struct {
    // URIs is a list of regular expressions that describe the URIs that
    // a service is exposing.
    URIs []string

    // Methods is a list of the allowed verbs for the given list of URIs.
    Methods []string

    // Scopes is a list of scopes associated with this rule. Clients
    // must present one of these scopes in order to get access to this
    // API. The scopes are presented either in the Trireme identity or the
    // JWT of HTTP Authorization header.
    Scopes []string

    // Public indicates that this is a public API and anyone can access it.
    // No authorization will be performed on public APIs.
    Public bool
}

HTTPRule holds a rule for a particular HTTPService. The rule relates a set of URIs defined as regular expressions with associated verbs. The * VERB indicates all actions.

type IPRule Uses

type IPRule struct {
    Address  string
    Port     string
    Protocol string
    Policy   *FlowPolicy
}

IPRule holds IP rules to external services

type IPRuleList Uses

type IPRuleList []IPRule

IPRuleList is a list of IP rules

func (IPRuleList) Copy Uses

func (l IPRuleList) Copy() IPRuleList

Copy creates a clone of the IP rule list

type KeyValueOperator Uses

type KeyValueOperator struct {
    Key      string
    Value    []string
    Operator Operator
    ID       string
}

KeyValueOperator describes an individual matching rule

type ObserveActionType Uses

type ObserveActionType byte

ObserveActionType is the action that can be applied to a flow for an observation rule.

const (
    // ObserveNone specifies if any observation was made or not.
    ObserveNone ObserveActionType = 0x0
    // ObserveContinue is used to not take any action on packet and is deferred to
    // an actual rule with accept or deny action.
    ObserveContinue ObserveActionType = 0x1
    // ObserveApply is used to apply action to packets hitting this rule.
    ObserveApply ObserveActionType = 0x2
)

Observe actions are used in conjunction with action.

func (ObserveActionType) ObserveApply Uses

func (f ObserveActionType) ObserveApply() bool

ObserveApply returns if the action of observation rule is allow.

func (ObserveActionType) ObserveContinue Uses

func (f ObserveActionType) ObserveContinue() bool

ObserveContinue returns if the action of observation rule is continue.

func (ObserveActionType) Observed Uses

func (f ObserveActionType) Observed() bool

Observed returns true if any observed action was found.

func (ObserveActionType) String Uses

func (f ObserveActionType) String() string

type Operator Uses

type Operator string

Operator defines the operation between your key and value.

type OptionsType Uses

type OptionsType struct {
    // CgroupName is the name of the cgroup
    CgroupName string

    // CgroupMark is the tag of the cgroup
    CgroupMark string

    // UserID is the user ID if it exists
    UserID string

    // AutoPort option is set if auto port is enabled
    AutoPort bool

    // Services is the list of services of interest
    Services []common.Service

    // ProxyPort is the port on which the proxy listens
    ProxyPort string

    // PolicyExtensions is policy resolution extensions
    PolicyExtensions interface{}

    // PortMap maps container port -> host ports.
    PortMap map[nat.Port][]string
}

OptionsType is a set of options that can be passed with a policy request

type PUAction Uses

type PUAction int

PUAction defines the action types that applies for a specific PU as a whole.

type PUInfo Uses

type PUInfo struct {
    // ContextID is the ID of the container that the policy applies to
    ContextID string
    // Policy is an instantiation of the container policy
    Policy *PUPolicy
    // RunTime captures all data that are captured from the container
    Runtime *PURuntime
}

PUInfo captures all policy information related to a connection as well as runtime. It makes passing data around simpler.

func NewPUInfo Uses

func NewPUInfo(contextID string, puType common.PUType) *PUInfo

NewPUInfo instantiates a new ContainerPolicy

func PUInfoFromPolicyAndRuntime Uses

func PUInfoFromPolicyAndRuntime(contextID string, policyInfo *PUPolicy, runtimeInfo *PURuntime) *PUInfo

PUInfoFromPolicyAndRuntime generates a ContainerInfo Struct from an existing RuntimeInfo and PolicyInfo

type PUPolicy Uses

type PUPolicy struct {

    // dnsACLs is the list of DNS names and the associated ports that the container is
    // allowed to talk to outside the data center
    DNSACLs DNSRuleList

    sync.Mutex
    // contains filtered or unexported fields
}

PUPolicy captures all policy information related ot the container

func NewPUPolicy Uses

func NewPUPolicy(
    id string,
    action PUAction,
    appACLs IPRuleList,
    netACLs IPRuleList,
    dnsACLs DNSRuleList,
    txtags TagSelectorList,
    rxtags TagSelectorList,
    identity *TagStore,
    annotations *TagStore,
    ips ExtendedMap,
    triremeNetworks []string,
    triremeUDPNetworks []string,
    excludedNetworks []string,
    exposedServices ApplicationServicesList,
    dependentServices ApplicationServicesList,
    scopes []string,
) *PUPolicy

NewPUPolicy generates a new ContainerPolicyInfo appACLs are the ACLs for packet coming from the Application/PU to the Network. netACLs are the ACLs for packet coming from the Network to the Application/PU.

func NewPUPolicyWithDefaults Uses

func NewPUPolicyWithDefaults() *PUPolicy

NewPUPolicyWithDefaults sets up a PU policy with defaults

func (*PUPolicy) AddIdentityTag Uses

func (p *PUPolicy) AddIdentityTag(k, v string)

AddIdentityTag adds a policy tag

func (*PUPolicy) AddReceiverRules Uses

func (p *PUPolicy) AddReceiverRules(t TagSelector)

AddReceiverRules adds a receiver rule

func (*PUPolicy) AddTransmitterRules Uses

func (p *PUPolicy) AddTransmitterRules(t TagSelector)

AddTransmitterRules adds a transmitter rule

func (*PUPolicy) Annotations Uses

func (p *PUPolicy) Annotations() *TagStore

Annotations returns a copy of the annotations

func (*PUPolicy) ApplicationACLs Uses

func (p *PUPolicy) ApplicationACLs() IPRuleList

ApplicationACLs returns a copy of IPRuleList

func (*PUPolicy) Clone Uses

func (p *PUPolicy) Clone() *PUPolicy

Clone returns a copy of the policy

func (*PUPolicy) DNSNameACLs Uses

func (p *PUPolicy) DNSNameACLs() DNSRuleList

DNSNameACLs returns a copy of DNSRuleList

func (*PUPolicy) DependentServices Uses

func (p *PUPolicy) DependentServices() ApplicationServicesList

DependentServices returns the external services.

func (*PUPolicy) ExcludedNetworks Uses

func (p *PUPolicy) ExcludedNetworks() []string

ExcludedNetworks returns the list of excluded networks.

func (*PUPolicy) ExposedServices Uses

func (p *PUPolicy) ExposedServices() ApplicationServicesList

ExposedServices returns the exposed services

func (*PUPolicy) IPAddresses Uses

func (p *PUPolicy) IPAddresses() ExtendedMap

IPAddresses returns all the IP addresses for the processing unit

func (*PUPolicy) Identity Uses

func (p *PUPolicy) Identity() *TagStore

Identity returns a copy of the Identity

func (*PUPolicy) IsServiceCertificateExpired Uses

func (p *PUPolicy) IsServiceCertificateExpired() bool

IsServiceCertificateExpired will return true of the service certificate is expired.

func (*PUPolicy) ManagementID Uses

func (p *PUPolicy) ManagementID() string

ManagementID returns the management ID

func (*PUPolicy) NetworkACLs Uses

func (p *PUPolicy) NetworkACLs() IPRuleList

NetworkACLs returns a copy of IPRuleList

func (*PUPolicy) ReceiverRules Uses

func (p *PUPolicy) ReceiverRules() TagSelectorList

ReceiverRules returns a copy of TagSelectorList

func (*PUPolicy) Scopes Uses

func (p *PUPolicy) Scopes() []string

Scopes returns the scopes of the policy.

func (*PUPolicy) ServiceCertificates Uses

func (p *PUPolicy) ServiceCertificates() (string, string, string)

ServiceCertificates returns the service certificate.

func (*PUPolicy) SetIPAddresses Uses

func (p *PUPolicy) SetIPAddresses(l ExtendedMap)

SetIPAddresses sets the IP addresses for the processing unit

func (*PUPolicy) SetTriremeAction Uses

func (p *PUPolicy) SetTriremeAction(action PUAction)

SetTriremeAction returns the TriremeAction

func (*PUPolicy) ToPublicPolicy Uses

func (p *PUPolicy) ToPublicPolicy() *PUPolicyPublic

ToPublicPolicy converts the object to a marshallable object.

func (*PUPolicy) TransmitterRules Uses

func (p *PUPolicy) TransmitterRules() TagSelectorList

TransmitterRules returns a copy of TagSelectorList

func (*PUPolicy) TriremeAction Uses

func (p *PUPolicy) TriremeAction() PUAction

TriremeAction returns the TriremeAction

func (*PUPolicy) TriremeNetworks Uses

func (p *PUPolicy) TriremeNetworks() []string

TriremeNetworks returns the list of networks that Trireme must be applied

func (*PUPolicy) UDPNetworks Uses

func (p *PUPolicy) UDPNetworks() []string

UDPNetworks returns the UDP networks

func (*PUPolicy) UpdateDNSNetworks Uses

func (p *PUPolicy) UpdateDNSNetworks(networks DNSRuleList)

UpdateDNSNetworks updates the set of FQDN names allowed by the policy

func (*PUPolicy) UpdateExcludedNetworks Uses

func (p *PUPolicy) UpdateExcludedNetworks(networks []string)

UpdateExcludedNetworks updates the list of excluded networks.

func (*PUPolicy) UpdateServiceCertificates Uses

func (p *PUPolicy) UpdateServiceCertificates(cert, key string)

UpdateServiceCertificates updates the certificate and private key of the policy

func (*PUPolicy) UpdateTriremeNetworks Uses

func (p *PUPolicy) UpdateTriremeNetworks(networks []string)

UpdateTriremeNetworks updates the set of networks for trireme

type PUPolicyPublic Uses

type PUPolicyPublic struct {
    ManagementID        string                  `json:"managementID,omitempty"`
    TriremeAction       PUAction                `json:"triremeAction,omitempty"`
    ApplicationACLs     IPRuleList              `json:"applicationACLs,omitempty"`
    NetworkACLs         IPRuleList              `json:"networkACLs,omitempty"`
    DNSACLs             DNSRuleList             `json:"dnsACLs,omitempty"`
    Identity            *TagStore               `json:"identity,omitempty"`
    Annotations         *TagStore               `json:"annotations,omitempty"`
    TransmitterRules    TagSelectorList         `json:"transmitterRules,omitempty"`
    ReceiverRules       TagSelectorList         `json:"receiverRules,omitempty"`
    IPs                 ExtendedMap             `json:"IPs,omitempty"`
    TriremeNetworks     []string                `json:"triremeNetworks,omitempty"`
    TriremeUDPNetworks  []string                `json:"triremeUDPNetworks,omitempty"`
    ExcludedNetworks    []string                `json:"excludedNetworks,omitempty"`
    ExposedServices     ApplicationServicesList `json:"exposedServices,omitempty"`
    DependentServices   ApplicationServicesList `json:"dependentServices,omitempty"`
    ServicesCertificate string                  `json:"servicesCertificate,omitempty"`
    ServicesPrivateKey  string                  `json:"servicesPrivateKey,omitempty"`
    ServicesCA          string                  `json:"servicesCA,omitempty"`
    Scopes              []string                `json:"scopes,omitempty"`
}

PUPolicyPublic captures all policy information related ot the processing unit in an object that can be marshalled and transmitted over the RPC interface.

func (*PUPolicyPublic) ToPrivatePolicy Uses

func (p *PUPolicyPublic) ToPrivatePolicy(convert bool) *PUPolicy

ToPrivatePolicy converts the object to a private object.

type PURuntime Uses

type PURuntime struct {
    sync.Mutex
    // contains filtered or unexported fields
}

PURuntime holds all data related to the status of the container run time

func NewPURuntime Uses

func NewPURuntime(name string, pid int, nsPath string, tags *TagStore, ips ExtendedMap, puType common.PUType, options *OptionsType) *PURuntime

NewPURuntime Generate a new RuntimeInfo

func NewPURuntimeWithDefaults Uses

func NewPURuntimeWithDefaults() *PURuntime

NewPURuntimeWithDefaults sets up PURuntime with defaults

func (*PURuntime) Clone Uses

func (r *PURuntime) Clone() *PURuntime

Clone returns a copy of the policy

func (*PURuntime) IPAddresses Uses

func (r *PURuntime) IPAddresses() ExtendedMap

IPAddresses returns all the IP addresses for the processing unit

func (*PURuntime) MarshalJSON Uses

func (r *PURuntime) MarshalJSON() ([]byte, error)

MarshalJSON Marshals this struct.

func (*PURuntime) NSPath Uses

func (r *PURuntime) NSPath() string

NSPath returns the NSPath

func (*PURuntime) Name Uses

func (r *PURuntime) Name() string

Name returns the PID

func (*PURuntime) Options Uses

func (r *PURuntime) Options() OptionsType

Options returns tags for the processing unit

func (*PURuntime) PUType Uses

func (r *PURuntime) PUType() common.PUType

PUType returns the PU type

func (*PURuntime) Pid Uses

func (r *PURuntime) Pid() int

Pid returns the PID

func (*PURuntime) PortMap Uses

func (r *PURuntime) PortMap() map[nat.Port][]string

PortMap returns the mapping from host port->container port

func (*PURuntime) SetIPAddresses Uses

func (r *PURuntime) SetIPAddresses(ipa ExtendedMap)

SetIPAddresses sets up all the IP addresses for the processing unit

func (*PURuntime) SetNSPath Uses

func (r *PURuntime) SetNSPath(nsPath string)

SetNSPath sets the NSPath

func (*PURuntime) SetOptions Uses

func (r *PURuntime) SetOptions(options OptionsType)

SetOptions sets the Options

func (*PURuntime) SetPUType Uses

func (r *PURuntime) SetPUType(puType common.PUType)

SetPUType sets the PU Type

func (*PURuntime) SetPid Uses

func (r *PURuntime) SetPid(pid int)

SetPid sets the PID

func (*PURuntime) SetServices Uses

func (r *PURuntime) SetServices(services []common.Service)

SetServices updates the services of the runtime.

func (*PURuntime) SetTags Uses

func (r *PURuntime) SetTags(t *TagStore)

SetTags returns tags for the processing unit

func (*PURuntime) Tag Uses

func (r *PURuntime) Tag(key string) (string, bool)

Tag returns a specific tag for the processing unit

func (*PURuntime) Tags Uses

func (r *PURuntime) Tags() *TagStore

Tags returns tags for the processing unit

func (*PURuntime) UnmarshalJSON Uses

func (r *PURuntime) UnmarshalJSON(param []byte) error

UnmarshalJSON Unmarshals this struct.

type PURuntimeJSON Uses

type PURuntimeJSON struct {
    // PUType is the type of the PU
    PUType common.PUType
    // Pid holds the value of the first process of the container
    Pid int
    // NSPath is the path to the networking namespace for this PURuntime if applicable.
    NSPath string
    // Name is the name of the container
    Name string
    // IPAddress is the IP Address of the container
    IPAddresses ExtendedMap
    // Tags is a map of the metadata of the container
    Tags *TagStore
    // Options is a map of the options of the container
    Options *OptionsType
}

PURuntimeJSON is a Json representation of PURuntime

type Resolver Uses

type Resolver interface {

    // HandlePUEvent is called by all monitors when a PU event is generated. The implementer
    // is responsible to update all components by explicitly adding a new PU.
    HandlePUEvent(ctx context.Context, puID string, event common.Event, runtime RuntimeReader) error
}

A Resolver must be implemnted by a policy engine that receives monitor events.

type RuntimeError Uses

type RuntimeError struct {
    ContextID string
    Error     error
}

RuntimeError is an error detected by the TriremeController that has to be returned at a later time to the policy engine to take action.

type RuntimeReader Uses

type RuntimeReader interface {

    // Pid returns the Pid of the Runtime.
    Pid() int

    // Name returns the process name of the Runtime.
    Name() string

    // NSPath returns the path to the namespace of the PU, if applicable
    NSPath() string

    // Tag returns  the value of the given tag.
    Tag(string) (string, bool)

    // Tags returns a copy of the list of the tags.
    Tags() *TagStore

    // Options returns a copy of the list of options.
    Options() OptionsType

    // IPAddresses returns a copy of all the IP addresses.
    IPAddresses() ExtendedMap

    // Returns the PUType for the PU
    PUType() common.PUType

    // SetServices sets the services of the runtime.
    SetServices(services []common.Service)

    // PortMap returns portmap (container port -> host port)
    PortMap() map[nat.Port][]string
}

A RuntimeReader allows to get the specific parameters stored in the Runtime

type ServiceType Uses

type ServiceType int

ServiceType are the types of services that can are suported.

const (
    ServiceL3 ServiceType = iota
    ServiceHTTP
    ServiceTCP
    ServiceSecretsProxy
)

Values of ServiceType

type TagSelector Uses

type TagSelector struct {
    Clause []KeyValueOperator
    Policy *FlowPolicy
}

TagSelector info describes a tag selector key Operator value

type TagSelectorList Uses

type TagSelectorList []TagSelector

TagSelectorList defines a list of TagSelectors

func (TagSelectorList) Copy Uses

func (t TagSelectorList) Copy() TagSelectorList

Copy returns a copy of the TagSelectorList

type TagStore Uses

type TagStore struct {
    Tags []string
}

TagStore stores the tags - it allows duplicate key values

func NewTagStore Uses

func NewTagStore() *TagStore

NewTagStore creates a new TagStore

func NewTagStoreFromMap Uses

func NewTagStoreFromMap(tags map[string]string) *TagStore

NewTagStoreFromMap creates a tag store from an input map

func NewTagStoreFromSlice Uses

func NewTagStoreFromSlice(tags []string) *TagStore

NewTagStoreFromSlice creates a new tag store from a slice.

func (*TagStore) AppendKeyValue Uses

func (t *TagStore) AppendKeyValue(key, value string)

AppendKeyValue appends a key and value to the tag store

func (*TagStore) Copy Uses

func (t *TagStore) Copy() *TagStore

Copy copies a TagStore

func (*TagStore) Get Uses

func (t *TagStore) Get(key string) (string, bool)

Get does a lookup in the list of tags

func (*TagStore) GetSlice Uses

func (t *TagStore) GetSlice() []string

GetSlice returns the tagstore as a slice

func (*TagStore) IsEmpty Uses

func (t *TagStore) IsEmpty() bool

IsEmpty if no key value pairs exist.

func (*TagStore) Merge Uses

func (t *TagStore) Merge(m *TagStore) (merged int)

Merge merges tags from m into native tag store. if the key exists, the provided tag from m is ignored.

func (*TagStore) String Uses

func (t *TagStore) String() string

String provides a string representation of tag store.

type UserAuthorizationTypeValues Uses

type UserAuthorizationTypeValues int

UserAuthorizationTypeValues is the types of user authorization methods that are supported.

const (
    UserAuthorizationNone UserAuthorizationTypeValues = iota
    UserAuthorizationMutualTLS
    UserAuthorizationJWT
    UserAuthorizationOIDC
)

Values of UserAuthorizationTypeValues

Directories

PathSynopsis
mockpolicyPackage mockpolicy is a generated GoMock package.

Package policy imports 11 packages (graph) and is imported by 58 packages. Updated 2018-11-15. Refresh now. Tools for package owners.