Documentation
¶
Overview ¶
Package provider contains the cloud providers related interfaces and models.
Package provider contains the cloud providers related interfaces and models.
Package provider contains the cloud providers related interfaces and models.
Package provider contains the cloud providers related interfaces and models.
Index ¶
- func ContainsPermission(slice []*IPPermission, elem *IPPermission) bool
- func IsErrAddressLimitExceeded(err error) bool
- func IsErrBadRequest(err error) bool
- func IsErrConflict(err error) bool
- func IsErrForbidden(err error) bool
- func IsErrInternal(err error) bool
- func IsErrInvalidAssociationIDNotFound(err error) bool
- func IsErrNotFound(err error) bool
- func IsErrRulesPerSecurityGroupLimitExceeded(err error) bool
- func ReconcilePermissions(ctx context.Context, log logr.Logger, firewallRuleID string, addFunc PermFunc, ...) error
- type Client
- type Direction
- type Error
- type ErrorCode
- type FirewallRuleSpec
- type IPPermission
- type IPRange
- type PermFunc
- type Provider
- type UpdateFirewallRuleGroupRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ContainsPermission ¶ added in v0.13.0
func ContainsPermission(slice []*IPPermission, elem *IPPermission) bool
containsPermission returns if given Permission slice contains Permission.
func IsErrAddressLimitExceeded ¶ added in v0.13.0
IsErrAddressLimitExceeded returns if error is kind AddressLimitExceededError
func IsErrBadRequest ¶
IsErrBadRequest returns if error is kind BadRequestError
func IsErrConflict ¶
IsErrConflict returns if error is kind ConflictError
func IsErrForbidden ¶
IsErrForbidden returns if error is kind ForbiddenError
func IsErrInternal ¶
IsErrInternal returns if error is kind InternalError
func IsErrInvalidAssociationIDNotFound ¶ added in v0.13.0
IsErrInvalidAssociationIDNotFound returns if error is kind InvalidAssociationIDNotFound
func IsErrNotFound ¶
IsErrNotFound returns if error is kind NotFoundError
func IsErrRulesPerSecurityGroupLimitExceeded ¶ added in v0.13.0
IsErrRulesPerSecurityGroupLimitExceeded returns if error is kind InternalError
func ReconcilePermissions ¶
func ReconcilePermissions( ctx context.Context, log logr.Logger, firewallRuleID string, addFunc PermFunc, rule *IPPermission, get []*IPPermission, ) error
ReconcilePermissions perform create / delete on given permissions to reach the desired state of firewall rules.
Types ¶
type Client ¶
type Client interface {
ReconcileFirewallRule(ctx context.Context,
log logr.Logger,
nodeName,
instanceID string,
firewallRule *v1alpha1.FirewallRule,
firewallrules []v1alpha1.FirewallRule,
) (v1alpha1.FirewallRuleStatus, error)
ReconcileFirewallRulesDeletion(ctx context.Context, log logr.Logger, nodeName string, instanceID string) error
ReconcileExternalIP(ctx context.Context, log logr.Logger, instanceID string, externalIP *v1alpha1.ExternalIP) (v1alpha1.ExternalIPStatus, error)
ReconcileExternalIPDeletion(ctx context.Context, log logr.Logger, externalIP *v1alpha1.ExternalIP) error
}
The necessary methods for a provider client are described here.
type Direction ¶
type Direction string
Direction describes the traffic direction. Ingress applies to incoming traffic. Egress applies to outbound traffic.
type ErrorCode ¶
type ErrorCode string
ErrorCode is an error code type
const ( // BadRequestError is when the user apparently made an error in the request BadRequestError ErrorCode = "BadRequestError" // ForbiddenError is when the operation is denied by the permissions ForbiddenError ErrorCode = "ForbiddenError" // NotFoundError is when the requested resource does not exist NotFoundError ErrorCode = "NotFoundError" // ConflictError indicates that the request could not be processed because of conflict in the current state of the resource ConflictError ErrorCode = "ConflictError" // RulesPerSecurityGroupLimitExceededError is when the request could not be processed because of a limit exceeded RulesPerSecurityGroupLimitExceededError ErrorCode = "RulesPerSecurityGroupLimitExceeded" // AddressLimitExceededError is when the request could not be processed because of a limit exceeded AddressLimitExceededError ErrorCode = "AddressLimitExceeded" // InternalError is when there was an unexpected error in the server InternalError ErrorCode = "InternalError" // InvalidAssociationIDNotFound is when the association ID does not exist InvalidAssociationIDNotFound ErrorCode = "InvalidAssociationIDNotFound" )
type FirewallRuleSpec ¶
type FirewallRuleSpec struct {
// The name of the firewall rule.
Name string
// A description for the firewall rule. This is informational only.
Description string
// The traffic direction. Ingress applies to incoming traffic. Egress applies to outbound traffic.
Direction Direction
// The permission associated with the firewall rule.
IPPermission *IPPermission
}
FirewallRuleSpec describes the firewall rule configuration.
func EncodeFirewallRuleSpec ¶ added in v0.13.0
func EncodeFirewallRuleSpec(data *v1alpha1.FirewallRule) FirewallRuleSpec
encodeFirewallRuleSpec converts an api FirewallRule to a FirewallRuleSpec.
func EncodeFirewallRuleSpecs ¶ added in v0.13.0
func EncodeFirewallRuleSpecs(data []v1alpha1.FirewallRule) []FirewallRuleSpec
EncodeFirewallRuleSpecs converts an api FirewallRule slice to a FirewallRuleSpec slice.
type IPPermission ¶
type IPPermission struct {
// The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6
// type number.
FromPort int64
// The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers
// (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)).
// Use -1 to specify all protocols.
Protocol string
// The IPv4 ranges.
IPRanges []*IPRange
// The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
ToPort *int64
}
IPPermission describes a set of permissions for a firewall rule.
func GetEgressIPPermissions ¶
func GetEgressIPPermissions(slice []FirewallRuleSpec) []*IPPermission
GetEgressIPPermission get egress permissions from rule slice.
func GetIngressIPPermissions ¶
func GetIngressIPPermissions(slice []FirewallRuleSpec) []*IPPermission
GetIngressIPPermissions get ingress permissions from rule slice.
type IPRange ¶
type IPRange struct {
// The IPv4 CIDR range. You can either specify a CIDR range or a source security
// group, not both. To specify a single IPv4 address, use the /32 prefix length.
CIDR string `json:"cidr"`
// A description for the security group rule that references this IPv4 address
// range.
//
// AWS Constraints: Up to 255 characters in length. Allowed characters are a-z,
// A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
Description string `json:"description"`
}
IPRange Describes an IPv4 range.
type PermFunc ¶
type PermFunc func(ctx context.Context, log logr.Logger, firewallRuleID string, req IPPermission) error
PermFunc describes a permission function authorize / revoke ingress / egress
type UpdateFirewallRuleGroupRequest ¶
type UpdateFirewallRuleGroupRequest struct {
// The ID of the firewall rule group.
FirewallRuleGroupID string
// The FirewallRules list.
FirewallRules []FirewallRuleSpec
}
UpdateFirewallRuleRequest wraps parameters required to update a firewall rule group.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package aws contains the provider implementation for AWS.
|
Package aws contains the provider implementation for AWS. |
|
converter
Package converter provides conversion methods for AWS models.
|
Package converter provides conversion methods for AWS models. |
|
mocks
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |