classification

package
v0.1.1-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 26, 2022 License: AGPL-3.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var BadExtractor = extractors.BadExtractor

BadExtractor is an error occurring when extractor is invalid.

View Source 
var BadLabelName = badLabelName{}

BadLabelName is an error occurring when label name is invalid.

View Source 
var BadRego = badRego{}

BadRego is an error occurring when rego compilation fails.

View Source 
var BadSelector = badSelector{}

BadSelector is an error occurring when selector is invalid.

View Source 
var Module fx.Option = fx.Options(
	fx.Provide(
		fx.Annotated{
			Target: setupEtcdClassifierWatcher,
			Name:   fxTag,
		},
		fx.Annotated{
			Target: ProvideEmptyClassifier,
			Name:   "empty",
		},
		ProvideClassifier,
	),
)

Module is a default set of components to enable flow classification

Note: this module provides just a Classifier datastructure, with no API endpoint. Example API endpoint to the classifier is pkg/envoy.

Functions

func RegisterCMFileValidator 

func RegisterCMFileValidator(validator *CMFileValidator, configMapValidator *validation.CMValidator)

RegisterCMFileValidator registers classification configmap validator as configmap file validator.

Types

type ActiveRuleset 

type ActiveRuleset struct {
	// contains filtered or unexported fields
}

ActiveRuleset represents one of currently active set of rules.

func (ActiveRuleset) Drop 

func (rs ActiveRuleset) Drop()

Drop retracts all the rules belonging to a ruleset.

type CMFileValidator 

type CMFileValidator struct{}

CMFileValidator Classification implementation of CMFileValidator interface.

func ProvideCMFileValidator 

func ProvideCMFileValidator() *CMFileValidator

ProvideCMFileValidator provides classification config map file validator

Note: This validator must be registered to be accessible.

func (*CMFileValidator) CheckCMName 

func (v *CMFileValidator) CheckCMName(name string) bool

CheckCMName checks configmap name is equals to "classification"

returns: * true when config is classification * false when config is not classification.

func (*CMFileValidator) ValidateFile 

func (v *CMFileValidator) ValidateFile(
	ctx context.Context,
	name string,
	yamlSrc []byte,
) (bool, string, error)

ValidateFile checks the validity of a single Classification Ruleset as yaml file

returns: * true, "", nil when config is valid * false, message, nil when config is invalid and * false, "", err on other errors.

ValidateConfig checks the syntax, validity of extractors, and validity of rego modules (by attempting to compile them).

type Classifier 

type Classifier struct {
	// contains filtered or unexported fields
}

Classifier receives classification policies and provides Classify method.

func New 

func New() *Classifier

New creates a new Flow Classifier.

func ProvideClassifier 

func ProvideClassifier(in ProvideClassifierIn) *Classifier

ProvideClassifier provides a classifier that loads the rules from config file.

func ProvideEmptyClassifier 

func ProvideEmptyClassifier() *Classifier

ProvideEmptyClassifier provides a classifier that is empty

The classifier could be populated by calling UpdateRules.

func (*Classifier) ActiveRules 

func (c *Classifier) ActiveRules() []ReportedRule

ActiveRules returns a slice of uncompiled Rules which are currently active.

func (*Classifier) AddRules 

func (c *Classifier) AddRules(
	ctx context.Context,
	name string,
	classifier *classificationv1.Classifier,
) (ActiveRuleset, error)

AddRules compiles a ruleset and adds it to the active rules

The name will be used for reporting

To retract the rules, call Classifier.Drop.

func (*Classifier) Classify 

func (c *Classifier) Classify(
	ctx context.Context,
	svcs []services.ServiceID,
	labelsForMatching selectors.Labels,
	direction selectors.TrafficDirection,
	input ast.Value,
) (FlowLabels, error)

Classify takes rego input, performs classification, and returns a map of flow labels. LabelsForMatching are additional labels to use for selector matching.

type FlowLabelValue 

type FlowLabelValue struct {
	Value string
	Flags LabelFlags
}

FlowLabelValue is a value of a flow label with additional metadata.

type FlowLabels 

type FlowLabels map[string]FlowLabelValue

FlowLabels is a map from flow labels to their values.

func (FlowLabels) ToPlainMap 

func (fl FlowLabels) ToPlainMap() map[string]string

ToPlainMap returns flow labels as normal map[string]string.

type LabelFlags 

type LabelFlags struct {
	// Should the created label be applied to the whole flow (propagated in baggage)
	Propagate bool
	// Should the created flow label be hidden from telemetry
	Hidden bool
}

LabelFlags are flags for a flow label.

type ProvideClassifierIn 

type ProvideClassifierIn struct {
	fx.In
	Classifier *Classifier       `name:"empty"`
	Watcher    notifiers.Watcher `name:"classifier"`
	Lifecycle  fx.Lifecycle
	Registry   *status.Registry
}

ProvideClassifierIn holds parameters for ProvideClassifier.

type ReportedRule 

type ReportedRule struct {
	Selector    *selectorv1.Selector
	Rule        *classificationv1.Rule
	RulesetName string
	LabelName   string
}

ReportedRule is a rule along with its selector and label name.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.