github.com/imran-kn/cilium-fork@v1.6.9/pkg/policy/policy.go (about) 1 // Copyright 2016-2019 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package policy 16 17 import ( 18 "fmt" 19 "io" 20 "strconv" 21 "strings" 22 23 "github.com/cilium/cilium/api/v1/models" 24 "github.com/cilium/cilium/pkg/labels" 25 "github.com/cilium/cilium/pkg/policy/api" 26 27 "github.com/op/go-logging" 28 ) 29 30 type Tracing int 31 32 const ( 33 TRACE_DISABLED Tracing = iota 34 TRACE_ENABLED 35 TRACE_VERBOSE 36 ) 37 38 // TraceEnabled returns true if the SearchContext requests tracing. 39 func (s *SearchContext) TraceEnabled() bool { 40 return s.Trace != TRACE_DISABLED 41 } 42 43 // PolicyTrace logs the given message into the SearchContext logger only if 44 // TRACE_ENABLED or TRACE_VERBOSE is enabled in the receiver's SearchContext. 45 func (s *SearchContext) PolicyTrace(format string, a ...interface{}) { 46 if s.TraceEnabled() { 47 log.Debugf(format, a...) 48 if s.Logging != nil { 49 format = "%-" + s.CallDepth() + "s" + format 50 a = append([]interface{}{""}, a...) 51 s.Logging.Logger.Printf(format, a...) 52 } 53 } 54 } 55 56 // PolicyTraceVerbose logs the given message into the SearchContext logger only 57 // if TRACE_VERBOSE is enabled in the receiver's SearchContext. 58 func (s *SearchContext) PolicyTraceVerbose(format string, a ...interface{}) { 59 switch s.Trace { 60 case TRACE_VERBOSE: 61 log.Debugf(format, a...) 62 if s.Logging != nil { 63 s.Logging.Logger.Printf(format, a...) 64 } 65 } 66 } 67 68 // SearchContext defines the context while evaluating policy 69 type SearchContext struct { 70 Trace Tracing 71 Depth int 72 Logging *logging.LogBackend 73 From labels.LabelArray 74 To labels.LabelArray 75 DPorts []*models.Port 76 // rulesSelect specifies whether or not to check whether a rule which is 77 // being analyzed using this SearchContext matches either From or To. 78 // This is used to avoid using EndpointSelector.Matches() if possible, 79 // since it is costly in terms of performance. 80 rulesSelect bool 81 } 82 83 func (s *SearchContext) String() string { 84 from := []string{} 85 to := []string{} 86 dports := []string{} 87 for _, fromLabel := range s.From { 88 from = append(from, fromLabel.String()) 89 } 90 for _, toLabel := range s.To { 91 to = append(to, toLabel.String()) 92 } 93 for _, dport := range s.DPorts { 94 dports = append(dports, fmt.Sprintf("%d/%s", dport.Port, dport.Protocol)) 95 } 96 ret := fmt.Sprintf("From: [%s]", strings.Join(from, ", ")) 97 ret += fmt.Sprintf(" => To: [%s]", strings.Join(to, ", ")) 98 if len(dports) != 0 { 99 ret += fmt.Sprintf(" Ports: [%s]", strings.Join(dports, ", ")) 100 } 101 return ret 102 } 103 104 func (s *SearchContext) CallDepth() string { 105 return strconv.Itoa(s.Depth * 2) 106 } 107 108 // WithLogger returns a shallow copy of the received SearchContext with the 109 // logging set to write to 'log'. 110 func (s *SearchContext) WithLogger(log io.Writer) *SearchContext { 111 result := *s 112 result.Logging = logging.NewLogBackend(log, "", 0) 113 if result.Trace == TRACE_DISABLED { 114 result.Trace = TRACE_ENABLED 115 } 116 return &result 117 } 118 119 // Translator is an interface for altering policy rules 120 type Translator interface { 121 Translate(*api.Rule, *TranslationResult) error 122 }