github.com/zhyoulun/cilium@v1.6.12/pkg/policy/api/entity.go (about) 1 // Copyright 2016-2019 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package api 16 17 import ( 18 k8sapi "github.com/cilium/cilium/pkg/k8s/apis/cilium.io" 19 "github.com/cilium/cilium/pkg/labels" 20 ) 21 22 // Entity specifies the class of receiver/sender endpoints that do not have 23 // individual identities. Entities are used to describe "outside of cluster", 24 // "host", etc. 25 type Entity string 26 27 const ( 28 // EntityAll is an entity that represents all traffic 29 EntityAll Entity = "all" 30 31 // EntityWorld is an entity that represents traffic external to 32 // endpoint's cluster 33 EntityWorld Entity = "world" 34 35 // EntityCluster is an entity that represents traffic within the 36 // endpoint's cluster, to endpoints not managed by cilium 37 EntityCluster Entity = "cluster" 38 39 // EntityHost is an entity that represents traffic within endpoint host 40 EntityHost Entity = "host" 41 42 // EntityInit is an entity that represents an initializing endpoint 43 EntityInit Entity = "init" 44 45 // EntityNone is an entity that can be selected but never exist 46 EntityNone Entity = "none" 47 ) 48 49 var ( 50 endpointSelectorWorld = NewESFromLabels(labels.NewLabel(labels.IDNameWorld, "", labels.LabelSourceReserved)) 51 52 endpointSelectorHost = NewESFromLabels(labels.NewLabel(labels.IDNameHost, "", labels.LabelSourceReserved)) 53 54 endpointSelectorInit = NewESFromLabels(labels.NewLabel(labels.IDNameInit, "", labels.LabelSourceReserved)) 55 56 EndpointSelectorNone = NewESFromLabels(labels.NewLabel(labels.IDNameNone, "", labels.LabelSourceReserved)) 57 58 endpointSelectorUnmanaged = NewESFromLabels(labels.NewLabel(labels.IDNameUnmanaged, "", labels.LabelSourceReserved)) 59 60 // EntitySelectorMapping maps special entity names that come in 61 // policies to selectors 62 EntitySelectorMapping = map[Entity]EndpointSelectorSlice{ 63 EntityAll: {WildcardEndpointSelector}, 64 EntityWorld: {endpointSelectorWorld}, 65 EntityHost: {endpointSelectorHost}, 66 EntityInit: {endpointSelectorInit}, 67 EntityNone: {EndpointSelectorNone}, 68 69 // EntityCluster is populated with an empty entry to allow the 70 // cilium client importing this package to perform basic rule 71 // validation. The basic rule validation only enforces 72 // awareness of individual entity names and does not require 73 // understanding of the individual endpoint selectors. The 74 // endpoint selector for the cluster entity can only be 75 // initialized at runtime as it depends on user configuration 76 // such as the cluster name. See InitEntities() below. 77 EntityCluster: {}, 78 } 79 ) 80 81 // EntitySlice is a slice of entities 82 type EntitySlice []Entity 83 84 // GetAsEndpointSelectors returns the provided entity slice as a slice of 85 // endpoint selectors 86 func (s EntitySlice) GetAsEndpointSelectors() EndpointSelectorSlice { 87 slice := EndpointSelectorSlice{} 88 for _, e := range s { 89 if selector, ok := EntitySelectorMapping[e]; ok { 90 slice = append(slice, selector...) 91 } 92 } 93 94 return slice 95 } 96 97 // InitEntities is called to initialize the policy API layer 98 func InitEntities(clusterName string) { 99 EntitySelectorMapping[EntityCluster] = EndpointSelectorSlice{ 100 endpointSelectorHost, 101 endpointSelectorInit, 102 endpointSelectorUnmanaged, 103 NewESFromLabels(labels.NewLabel(k8sapi.PolicyLabelCluster, clusterName, labels.LabelSourceK8s)), 104 } 105 }