ComputeResultantCIDRSet converts a slice of CIDRRules into a slice of individual CIDRs.

InitEntities is called to initialize the policy API layer.

IPsToCIDRRules generates CIDRRules for the IPs passed in./ This function will mark the rule to Generated true by default.

NewESFromK8sLabelSelector returns a new endpoint selector from the label where it the given srcPrefix will be encoded in the label's keys.

NewESFromLabels creates a new endpoint selector from the given labels.

NewESFromMatchRequirements creates a new endpoint selector from the given match specifications: An optional set of labels that must match, and an optional slice of LabelSelectorRequirements.

NewRule builds a new rule with no selector and no policy.

ParseL4Proto parses a string as layer 4 protocol.

RegisterToGroupsProvider it will register a new callback that will be used when a new ToGroups rule is added.

List of Kafka apiKeys which have a topic in their request.

Allowed means that reachability is allowed.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKey which are not associated with any topic.

AWS provider key.

List of Kafka Roles.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

Denied means that reachability is denied.

List of Kafka apiKeys which have a topic in their request.

EntityAll is an entity that represents all traffic.

EntityCluster is an entity that represents traffic within the endpoint's cluster, to endpoints not managed by cilium.

EntityHost is an entity that represents traffic within endpoint host.

EntityInit is an entity that represents an initializing endpoint.

EntityNone is an entity that can be selected but never exist.

EntityWorld is an entity that represents traffic external to endpoint's cluster.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKey which are not associated with any topic.

List of Kafka apiKeys which have a topic in their request.

KafkaMaxTopicLen is the maximum character len of a topic.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKey which are not associated with any topic.

MaxCIDRPrefixLengths is used to prevent compile failures at runtime.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

List of Kafka Roles.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKey which are not associated with any topic.

List of Kafka apiKeys which have a topic in their request.

Undecided means that we have not come to a decision yet.

List of Kafka apiKeys which have a topic in their request.

List of Kafka apiKeys which have a topic in their request.

CIDRMatchAll is a []CIDR that matches everything.

EntitySelectorMapping maps special entity names that come in policies to selectors.

KafkaAPIKeyMap is the map of all allowed kafka API keys with the key values.

KafkaReverseApiKeyMap is the map of all allowed kafka API keys with the key values.

KafkaTopicValidChar is a one-time regex generation of all allowed characters in kafka topic name.

ReservedEndpointSelectors map reserved labels to EndpointSelectors that will match those endpoints.

WildcardEndpointSelector is a wildcard endpoint selector matching all endpoints that can be described with labels.

AWSGroup is an structure that can be used to whitelisting information from AWS integration.

CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.

EgressRule contains all rule types which can be applied at egress, i.e.

EndpointSelector is a wrapper for k8s LabelSelector.

IngressRule contains all rule types which can be applied at ingress, i.e.

K8sServiceNamespace is an abstraction for the k8s service + namespace types.

K8sServiceSelectorNamespace wraps service selector with namespace.

L7Rules is a union of port level rule types.

PortProtocol specifies an L4 port with an optional transport protocol.

PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.

PortRuleHTTP is a list of HTTP protocol constraints.

PortRuleKafka is a list of Kafka protocol constraints.

Rule is a policy rule which must be applied to all endpoints which match the labels contained in the endpointSelector Each rule is split into an ingress section which contains all rules applicable at ingress, and an egress section applicable at egress.

Service wraps around selectors for services.

ToGroups structure to store all kinds of new integrations that needs a new derivative policy.

CIDR specifies a block of IP addresses.

CIDRRuleSlice is a slice of CIDRRules.

CIDRSlice is a slice of CIDRs.

Decision is a reachability policy decision.

EndpointSelectorSlice is a slice of EndpointSelectors that can be sorted.

Entity specifies the class of receiver/sender endpoints that do not have individual identities.

EntitySlice is a slice of entities.

FQDNSelectorSlice is a wrapper type for []FQDNSelector to make is simpler to bind methods.

GroupProviderFunc is a func that need to be register to be able to register a new provider in the platform.

KafkaRole is the list of all low-level apiKeys to be expanded as per the value of Role.

L4Proto is a layer 4 protocol name.

PortRuleDNS is a list of allowed DNS lookups.

PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints.

Rules is a collection of api.Rule.

ServiceSelector is a label selector for k8s services.