github.com/cilium/cilium@v1.16.2/pkg/policy/config.go

github.com/cilium/cilium@v1.16.2/pkg/policy/config.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package policy
     5  
     6  import (
     7  	ipcacheTypes "github.com/cilium/cilium/pkg/ipcache/types"
     8  	"github.com/cilium/cilium/pkg/labels"
     9  	"github.com/cilium/cilium/pkg/lock"
    10  	"github.com/cilium/cilium/pkg/logging"
    11  	"github.com/cilium/cilium/pkg/logging/logfields"
    12  	"github.com/cilium/cilium/pkg/source"
    13  	"github.com/cilium/cilium/pkg/time"
    14  )
    15  
    16  var (
    17  	log          = logging.DefaultLogger.WithField(logfields.LogSubsys, "policy")
    18  	mutex        lock.RWMutex // Protects enablePolicy
    19  	enablePolicy string       // Whether policy enforcement is enabled.
    20  )
    21  
    22  // SetPolicyEnabled sets the policy enablement configuration. Valid values are:
    23  // - endpoint.AlwaysEnforce
    24  // - endpoint.NeverEnforce
    25  // - endpoint.DefaultEnforcement
    26  func SetPolicyEnabled(val string) {
    27  	mutex.Lock()
    28  	enablePolicy = val
    29  	mutex.Unlock()
    30  }
    31  
    32  // GetPolicyEnabled returns the policy enablement configuration
    33  func GetPolicyEnabled() string {
    34  	mutex.RLock()
    35  	val := enablePolicy
    36  	mutex.RUnlock()
    37  	return val
    38  }
    39  
    40  // AddOptions are options which can be passed to PolicyAdd
    41  type AddOptions struct {
    42  	// Replace if true indicates that existing rules with identical labels should be replaced
    43  	Replace bool
    44  	// ReplaceWithLabels if present indicates that existing rules with the
    45  	// given LabelArray should be deleted.
    46  	ReplaceWithLabels labels.LabelArray
    47  
    48  	// Generated should be set as true to signalize a the policy being inserted
    49  	// was generated by cilium-agent, e.g. dns poller.
    50  	Generated bool
    51  
    52  	// The source of this policy, one of api, fqdn or k8s
    53  	Source source.Source
    54  
    55  	// The time the policy initially began to be processed in Cilium, such as when the
    56  	// policy was received from the API server.
    57  	ProcessingStartTime time.Time
    58  
    59  	// Resource provides the object ID for the underlying object that backs
    60  	// this information from 'source'.
    61  	Resource ipcacheTypes.ResourceID
    62  
    63  	// ReplaceByResource indicates the policy repository should replace any
    64  	// rules owned by the given Resource with the new set of rules
    65  	ReplaceByResource bool
    66  }
    67  
    68  // DeleteOptions are options which can be passed to PolicyDelete
    69  type DeleteOptions struct {
    70  	// The source of this policy, one of api, fqdn or k8s
    71  	Source source.Source
    72  
    73  	// Resource provides the object ID for the underlying object that backs
    74  	// this information from 'source'.
    75  	Resource ipcacheTypes.ResourceID
    76  
    77  	// DeleteByResource should be true if the resource should be used to identify
    78  	// which rules should be deleted.
    79  	DeleteByResource bool
    80  }