-
Notifications
You must be signed in to change notification settings - Fork 7
/
types.go
130 lines (110 loc) · 3.58 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
// ingress/egress rule types based on:
// https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/networking/types.go
package main
import (
"encoding/json"
"strconv"
)
// APIObjectSet is a nested custom type
// union of relevant fields for objects of kinds
// Pod and NetworkPolicy
type APIObjectSet struct {
Kind string `json:"kind"`
APIObjects []*APIObject `json:"items"`
}
// APIObject carries the fixed top-level properties
type APIObject struct {
Kind string `json:"kind"`
Metadata *Metadata `json:"metadata"`
Spec *Spec `json:"spec"`
Status *Status `json:"status"`
}
// Metadata wraps the essential metadata fields
type Metadata struct {
Labels map[string]string `json:"labels"`
Annotations map[string]string `json:"annotations"`
Name string `json:"name"`
Namespace string `json:"namespace"`
}
// Status wraps status entries
type Status struct {
ContainerStatuses []*ContainerStatus `json:"containerStatuses"`
}
// ContainerStatus here flags only 'ready' but could pick up warnings, memory pressure, etc.
type ContainerStatus struct {
Ready bool `json:"ready"`
}
// Spec is where the union of various 'kinds' of API object
// is most apparent; Ingress features most prominently
type Spec struct {
PodSelector *Selector `json:"podSelector"`
PolicyTypes []string `json:"policyTypes"`
Ingress []*NetworkPolicyIngressRule `json:"ingress"`
Egress []*NetworkPolicyEgressRule `json:"egress"`
}
// NetworkPolicyIngressRule is a core component of the network policy construct
type NetworkPolicyIngressRule struct {
// TODO: Ports []NetworkPolicyPort
From []*NetworkPolicyPeer `json:"from"`
}
// NetworkPolicyEgressRule is not expected to be used often
type NetworkPolicyEgressRule struct {
// TODO: Ports []NetworkPolicyPort
To []*NetworkPolicyPeer `json:"to"`
}
// NetworkPolicyPeer wraps the pod and namespace selectors
type NetworkPolicyPeer struct {
PodSelector *Selector `json:"podSelector"`
NamespaceSelector *Selector `json:"namespaceSelector"`
// TODO: IPBlock
}
// Selector is used in various selection contexts
type Selector struct {
MatchLabels map[string]string `json:"matchLabels"`
MatchExpressions []*LabelSelectorRequirement `json:"matchExpressions"`
}
// LabelSelectorRequirement wraps a key--operator--values selector
type LabelSelectorRequirement struct {
Key string `json:"key"`
Operator string `json:"operator"`
Values []string `json:"values"`
}
// Port is a leaf node that usually takes 8080/TCP
type Port struct {
Port int `json:"port"`
Protocol string `json:"protocol"`
}
// MinimalObject lacks everything except a Kind property for traversing sets of heterogeneous objects
type MinimalObject struct {
Kind string
}
// Table is here limited to a series of rows
type Table struct {
Row []string
}
// CoerceString takes only a string parameter
type CoerceString struct {
s string
}
func (cs *CoerceString) String() string {
return cs.s
}
//UnmarshalJSON - see also: kubernetes/api/util.go for fuzzy alternative
func (cs *CoerceString) UnmarshalJSON(value []byte) error {
if value[0] == '"' {
return json.Unmarshal(value, &cs.s)
}
var i int
err := json.Unmarshal(value, &i)
if err == nil {
cs.s = strconv.Itoa(i)
return nil
}
return err
}
// Result captures the metrics output of the policy scan
type Result struct {
PercentageIsolated int `json:"percentageIsolated"`
PercentageNamespaceIsolated int `json:"percentageNamespaceIsolated"`
PercentageNamespaceCoverage int `json:"percentageNamespaceCoverage"`
}