From 7442998238395dd1049ae971a7efea470d9c6f5b Mon Sep 17 00:00:00 2001 From: Aryan-sharma11 Date: Thu, 17 Aug 2023 15:31:13 +0530 Subject: [PATCH] feat: Enhance handling of policy addition and deletion for systemd mode BREAKING CHANGE: uses Enum for response status in policy.proto Signed-off-by: Aryan-sharma11 --- KubeArmor/core/kubeUpdate.go | 18 ++- KubeArmor/core/unorchestratedUpdates.go | 17 ++- KubeArmor/kvmAgent/kvmAgent.go | 2 +- KubeArmor/policy/policy.go | 24 ++-- KubeArmor/types/types.go | 3 +- protobuf/policy.pb.go | 176 +++++++++++++++++------- protobuf/policy.proto | 11 +- protobuf/policy_grpc.pb.go | 14 +- 8 files changed, 184 insertions(+), 81 deletions(-) diff --git a/KubeArmor/core/kubeUpdate.go b/KubeArmor/core/kubeUpdate.go index 1fc73f631b..957e50fe8d 100644 --- a/KubeArmor/core/kubeUpdate.go +++ b/KubeArmor/core/kubeUpdate.go @@ -20,6 +20,7 @@ import ( tp "github.com/kubearmor/KubeArmor/KubeArmor/types" ksp "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/api/security.kubearmor.com/v1" kspinformer "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/client/informers/externalversions" + pb "github.com/kubearmor/KubeArmor/protobuf" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -1435,7 +1436,7 @@ func (dm *KubeArmorDaemon) UpdateHostSecurityPolicies() { } // ParseAndUpdateHostSecurityPolicy Function -func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmorHostPolicyEvent) { +func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmorHostPolicyEvent) pb.PolicyStatus { // create a host security policy secPolicy := tp.HostSecurityPolicy{} @@ -1445,7 +1446,7 @@ func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmo if err := kl.Clone(event.Object.Spec, &secPolicy.Spec); err != nil { dm.Logger.Errf("Failed to clone a spec (%s)", err.Error()) - return + return pb.PolicyStatus_Failure } kl.ObjCommaExpandFirstDupOthers(&secPolicy.Spec.Network.MatchProtocols) @@ -1843,12 +1844,19 @@ func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmo } } } else if event.Type == "DELETED" { + // check that a security policy should exist before performing delete operation + policymatch := false for idx, policy := range dm.HostSecurityPolicies { if policy.Metadata["policyName"] == secPolicy.Metadata["policyName"] { dm.HostSecurityPolicies = append(dm.HostSecurityPolicies[:idx], dm.HostSecurityPolicies[idx+1:]...) + policymatch = true break } } + if !policymatch { + dm.Logger.Warnf("Failed to delete security policy. Policy doesn't exist") + return pb.PolicyStatus_NotExist + } } dm.HostSecurityPoliciesLock.Unlock() @@ -1866,6 +1874,12 @@ func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmo dm.removeBackUpPolicy(secPolicy.Metadata["policyName"]) } } + if event.Type == "ADDED" { + return pb.PolicyStatus_Applied + } else if event.Type == "DELETED" { + return pb.PolicyStatus_Deleted + } + return pb.PolicyStatus_Modified } // WatchHostSecurityPolicies Function diff --git a/KubeArmor/core/unorchestratedUpdates.go b/KubeArmor/core/unorchestratedUpdates.go index c22df9e446..0b2fcfe375 100644 --- a/KubeArmor/core/unorchestratedUpdates.go +++ b/KubeArmor/core/unorchestratedUpdates.go @@ -13,6 +13,7 @@ import ( cfg "github.com/kubearmor/KubeArmor/KubeArmor/config" kg "github.com/kubearmor/KubeArmor/KubeArmor/log" tp "github.com/kubearmor/KubeArmor/KubeArmor/types" + pb "github.com/kubearmor/KubeArmor/protobuf" ) // SetContainerVisibility function enables visibility flag arguments for un-orchestrated container and updates the visibility map @@ -80,7 +81,8 @@ func (dm *KubeArmorDaemon) MatchandRemoveContainerFromEndpoint(cid string) { } // ParseAndUpdateContainerSecurityPolicy Function -func (dm *KubeArmorDaemon) ParseAndUpdateContainerSecurityPolicy(event tp.K8sKubeArmorPolicyEvent) { +func (dm *KubeArmorDaemon) ParseAndUpdateContainerSecurityPolicy(event tp.K8sKubeArmorPolicyEvent) pb.PolicyStatus { + // create a container security policy secPolicy := tp.SecurityPolicy{} @@ -90,7 +92,7 @@ func (dm *KubeArmorDaemon) ParseAndUpdateContainerSecurityPolicy(event tp.K8sKub if err := kl.Clone(event.Object.Spec, &secPolicy.Spec); err != nil { dm.Logger.Errf("Failed to clone a spec (%s)", err.Error()) - return + return pb.PolicyStatus_Failure } kl.ObjCommaExpandFirstDupOthers(&secPolicy.Spec.Network.MatchProtocols) @@ -121,7 +123,7 @@ func (dm *KubeArmorDaemon) ParseAndUpdateContainerSecurityPolicy(event tp.K8sKub containername = v } else { dm.Logger.Warnf("Fail to apply policy. The MatchLabels container name key should be `kubearmor.io/container.name` ") - return + return pb.PolicyStatus_Invalid } } @@ -455,7 +457,7 @@ func (dm *KubeArmorDaemon) ParseAndUpdateContainerSecurityPolicy(event tp.K8sKub // policy doesn't exist and the policy is being removed if policymatch == 0 && event.Type == "DELETED" { dm.Logger.Warnf("Failed to delete security policy. Policy doesn't exist") - return + return pb.PolicyStatus_NotExist } for idx, policy := range newPoint.SecurityPolicies { @@ -543,6 +545,13 @@ func (dm *KubeArmorDaemon) ParseAndUpdateContainerSecurityPolicy(event tp.K8sKub dm.removeBackUpPolicy(secPolicy.Metadata["policyName"]) } } + if event.Type == "ADDED" { + return pb.PolicyStatus_Applied + } else if event.Type == "DELETED" { + return pb.PolicyStatus_Deleted + } + return pb.PolicyStatus_Modified + } // ================================= // diff --git a/KubeArmor/kvmAgent/kvmAgent.go b/KubeArmor/kvmAgent/kvmAgent.go index 1e7c200823..a91dcca472 100644 --- a/KubeArmor/kvmAgent/kvmAgent.go +++ b/KubeArmor/kvmAgent/kvmAgent.go @@ -31,7 +31,7 @@ type KVMAgent struct { gRPCServer string gRPCConnection *grpc.ClientConn gRPCClient pb.KVMClient - UpdateHostPolicy func(tp.K8sKubeArmorHostPolicyEvent) + UpdateHostPolicy func(tp.K8sKubeArmorHostPolicyEvent) pb.PolicyStatus } func getgRPCAddress() (string, error) { diff --git a/KubeArmor/policy/policy.go b/KubeArmor/policy/policy.go index 9f654736ff..897609e1f1 100644 --- a/KubeArmor/policy/policy.go +++ b/KubeArmor/policy/policy.go @@ -16,8 +16,8 @@ import ( // ServiceServer provides structure to serve Policy gRPC service type ServiceServer struct { pb.PolicyServiceServer - UpdateContainerPolicy func(tp.K8sKubeArmorPolicyEvent) - UpdateHostPolicy func(tp.K8sKubeArmorHostPolicyEvent) + UpdateContainerPolicy func(tp.K8sKubeArmorPolicyEvent) pb.PolicyStatus + UpdateHostPolicy func(tp.K8sKubeArmorHostPolicyEvent) pb.PolicyStatus } // ContainerPolicy accepts container events on gRPC and update container security policies @@ -31,20 +31,18 @@ func (p *ServiceServer) ContainerPolicy(c context.Context, data *pb.Policy) (*pb if policyEvent.Object.Metadata.Name != "" { - p.UpdateContainerPolicy(policyEvent) - - res.Status = 1 + res.Status = p.UpdateContainerPolicy(policyEvent) } else { - + res.Status = pb.PolicyStatus_Invalid kg.Warn("Empty Container Policy Event") - - res.Status = 0 } } else { + kg.Warn("Invalid Container Policy Event") - res.Status = 0 + + res.Status = pb.PolicyStatus_Invalid } return res, nil @@ -61,21 +59,19 @@ func (p *ServiceServer) HostPolicy(c context.Context, data *pb.Policy) (*pb.Resp if policyEvent.Object.Metadata.Name != "" { - p.UpdateHostPolicy(policyEvent) - - res.Status = 1 + res.Status = p.UpdateHostPolicy(policyEvent) } else { kg.Warn("Empty Host Policy Event") - res.Status = 0 + res.Status = pb.PolicyStatus_Invalid } } else { kg.Warn("Invalid Host Policy Event") - res.Status = 0 + res.Status = pb.PolicyStatus_Invalid } return res, nil diff --git a/KubeArmor/types/types.go b/KubeArmor/types/types.go index 702af4c29b..5537d76fbc 100644 --- a/KubeArmor/types/types.go +++ b/KubeArmor/types/types.go @@ -8,6 +8,7 @@ import ( "regexp" "time" + pb "github.com/kubearmor/KubeArmor/protobuf" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -605,4 +606,4 @@ type PidNode struct { // =============== // // KubeArmorHostPolicyEventCallback Function -type KubeArmorHostPolicyEventCallback func(K8sKubeArmorHostPolicyEvent) +type KubeArmorHostPolicyEventCallback func(K8sKubeArmorHostPolicyEvent) pb.PolicyStatus diff --git a/protobuf/policy.pb.go b/protobuf/policy.pb.go index be08772982..0a9bd92150 100644 --- a/protobuf/policy.pb.go +++ b/protobuf/policy.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v4.23.4 +// protoc-gen-go v1.28.1 +// protoc v3.12.4 // source: policy.proto package protobuf @@ -20,6 +20,64 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +type PolicyStatus int32 + +const ( + PolicyStatus_Failure PolicyStatus = 0 + PolicyStatus_Applied PolicyStatus = 1 + PolicyStatus_Deleted PolicyStatus = 2 + PolicyStatus_Modified PolicyStatus = 3 + PolicyStatus_NotExist PolicyStatus = 4 + PolicyStatus_Invalid PolicyStatus = 5 +) + +// Enum value maps for PolicyStatus. +var ( + PolicyStatus_name = map[int32]string{ + 0: "Failure", + 1: "Applied", + 2: "Deleted", + 3: "Modified", + 4: "NotExist", + 5: "Invalid", + } + PolicyStatus_value = map[string]int32{ + "Failure": 0, + "Applied": 1, + "Deleted": 2, + "Modified": 3, + "NotExist": 4, + "Invalid": 5, + } +) + +func (x PolicyStatus) Enum() *PolicyStatus { + p := new(PolicyStatus) + *p = x + return p +} + +func (x PolicyStatus) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (PolicyStatus) Descriptor() protoreflect.EnumDescriptor { + return file_policy_proto_enumTypes[0].Descriptor() +} + +func (PolicyStatus) Type() protoreflect.EnumType { + return &file_policy_proto_enumTypes[0] +} + +func (x PolicyStatus) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use PolicyStatus.Descriptor instead. +func (PolicyStatus) EnumDescriptor() ([]byte, []int) { + return file_policy_proto_rawDescGZIP(), []int{0} +} + // Health check type HealthCheckReq struct { state protoimpl.MessageState @@ -121,7 +179,7 @@ type Response struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Status int32 `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"` + Status PolicyStatus `protobuf:"varint,1,opt,name=status,proto3,enum=policy.PolicyStatus" json:"status,omitempty"` } func (x *Response) Reset() { @@ -156,11 +214,11 @@ func (*Response) Descriptor() ([]byte, []int) { return file_policy_proto_rawDescGZIP(), []int{2} } -func (x *Response) GetStatus() int32 { +func (x *Response) GetStatus() PolicyStatus { if x != nil { return x.Status } - return 0 + return PolicyStatus_Failure } type Policy struct { @@ -219,34 +277,42 @@ var file_policy_proto_rawDesc = []byte{ 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x22, 0x2a, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x74, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x06, 0x52, 0x65, 0x74, 0x76, 0x61, 0x6c, 0x22, 0x22, 0x0a, 0x08, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x20, - 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x32, 0x74, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x33, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xc3, 0x01, 0x0a, 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3f, - 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x16, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x52, 0x65, 0x71, 0x1a, 0x18, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x48, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, - 0x37, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x12, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x72, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x28, 0x01, 0x30, 0x01, 0x12, 0x32, 0x0a, 0x0a, 0x68, 0x6f, 0x73, 0x74, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x28, 0x01, 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x62, 0x65, 0x61, - 0x72, 0x6d, 0x6f, 0x72, 0x2f, 0x4b, 0x75, 0x62, 0x65, 0x41, 0x72, 0x6d, 0x6f, 0x72, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x28, 0x05, 0x52, 0x06, 0x52, 0x65, 0x74, 0x76, 0x61, 0x6c, 0x22, 0x38, 0x0a, 0x08, 0x72, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x22, 0x20, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x16, + 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2a, 0x5e, 0x0a, 0x0c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, + 0x65, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x65, 0x64, 0x10, 0x01, + 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x10, 0x02, 0x12, 0x0c, 0x0a, + 0x08, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x4e, + 0x6f, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x6e, 0x76, + 0x61, 0x6c, 0x69, 0x64, 0x10, 0x05, 0x32, 0x74, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x33, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x0a, + 0x68, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xc3, 0x01, 0x0a, + 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x12, 0x3f, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x12, 0x16, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x48, 0x65, 0x61, + 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x1a, 0x18, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x37, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, + 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x28, 0x01, 0x30, 0x01, 0x12, 0x32, + 0x0a, 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x10, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x0e, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x28, 0x01, + 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x6b, 0x75, 0x62, 0x65, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x2f, 0x4b, 0x75, 0x62, 0x65, 0x41, + 0x72, 0x6d, 0x6f, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -261,29 +327,32 @@ func file_policy_proto_rawDescGZIP() []byte { return file_policy_proto_rawDescData } +var file_policy_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_policy_proto_msgTypes = make([]protoimpl.MessageInfo, 4) var file_policy_proto_goTypes = []interface{}{ - (*HealthCheckReq)(nil), // 0: policy.HealthCheckReq - (*HealthCheckReply)(nil), // 1: policy.HealthCheckReply - (*Response)(nil), // 2: policy.response - (*Policy)(nil), // 3: policy.policy + (PolicyStatus)(0), // 0: policy.PolicyStatus + (*HealthCheckReq)(nil), // 1: policy.HealthCheckReq + (*HealthCheckReply)(nil), // 2: policy.HealthCheckReply + (*Response)(nil), // 3: policy.response + (*Policy)(nil), // 4: policy.policy } var file_policy_proto_depIdxs = []int32{ - 3, // 0: policy.PolicyService.containerPolicy:input_type -> policy.policy - 3, // 1: policy.PolicyService.hostPolicy:input_type -> policy.policy - 0, // 2: policy.PolicyStreamService.HealthCheck:input_type -> policy.HealthCheckReq - 2, // 3: policy.PolicyStreamService.containerPolicy:input_type -> policy.response - 2, // 4: policy.PolicyStreamService.hostPolicy:input_type -> policy.response - 2, // 5: policy.PolicyService.containerPolicy:output_type -> policy.response - 2, // 6: policy.PolicyService.hostPolicy:output_type -> policy.response - 1, // 7: policy.PolicyStreamService.HealthCheck:output_type -> policy.HealthCheckReply - 3, // 8: policy.PolicyStreamService.containerPolicy:output_type -> policy.policy - 3, // 9: policy.PolicyStreamService.hostPolicy:output_type -> policy.policy - 5, // [5:10] is the sub-list for method output_type - 0, // [0:5] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name + 0, // 0: policy.response.status:type_name -> policy.PolicyStatus + 4, // 1: policy.PolicyService.containerPolicy:input_type -> policy.policy + 4, // 2: policy.PolicyService.hostPolicy:input_type -> policy.policy + 1, // 3: policy.PolicyStreamService.HealthCheck:input_type -> policy.HealthCheckReq + 3, // 4: policy.PolicyStreamService.containerPolicy:input_type -> policy.response + 3, // 5: policy.PolicyStreamService.hostPolicy:input_type -> policy.response + 3, // 6: policy.PolicyService.containerPolicy:output_type -> policy.response + 3, // 7: policy.PolicyService.hostPolicy:output_type -> policy.response + 2, // 8: policy.PolicyStreamService.HealthCheck:output_type -> policy.HealthCheckReply + 4, // 9: policy.PolicyStreamService.containerPolicy:output_type -> policy.policy + 4, // 10: policy.PolicyStreamService.hostPolicy:output_type -> policy.policy + 6, // [6:11] is the sub-list for method output_type + 1, // [1:6] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name } func init() { file_policy_proto_init() } @@ -346,13 +415,14 @@ func file_policy_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_policy_proto_rawDesc, - NumEnums: 0, + NumEnums: 1, NumMessages: 4, NumExtensions: 0, NumServices: 2, }, GoTypes: file_policy_proto_goTypes, DependencyIndexes: file_policy_proto_depIdxs, + EnumInfos: file_policy_proto_enumTypes, MessageInfos: file_policy_proto_msgTypes, }.Build() File_policy_proto = out.File diff --git a/protobuf/policy.proto b/protobuf/policy.proto index 48f183f951..34531a178d 100644 --- a/protobuf/policy.proto +++ b/protobuf/policy.proto @@ -14,8 +14,17 @@ message HealthCheckReply { int32 Retval = 1; } +enum PolicyStatus { + Failure = 0 ; + Applied = 1 ; + Deleted = 2 ; + Modified = 3 ; + NotExist = 4; + Invalid = 5; + +} message response { - int32 status = 1; + PolicyStatus status = 1; } message policy { diff --git a/protobuf/policy_grpc.pb.go b/protobuf/policy_grpc.pb.go index df145d79bd..7a98e94a56 100644 --- a/protobuf/policy_grpc.pb.go +++ b/protobuf/policy_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v4.23.4 +// - protoc v3.12.4 // source: policy.proto package protobuf @@ -53,14 +53,15 @@ func (c *policyServiceClient) HostPolicy(ctx context.Context, in *Policy, opts . } // PolicyServiceServer is the server API for PolicyService service. -// All implementations should embed UnimplementedPolicyServiceServer +// All implementations must embed UnimplementedPolicyServiceServer // for forward compatibility type PolicyServiceServer interface { ContainerPolicy(context.Context, *Policy) (*Response, error) HostPolicy(context.Context, *Policy) (*Response, error) + mustEmbedUnimplementedPolicyServiceServer() } -// UnimplementedPolicyServiceServer should be embedded to have forward compatible implementations. +// UnimplementedPolicyServiceServer must be embedded to have forward compatible implementations. type UnimplementedPolicyServiceServer struct { } @@ -70,6 +71,7 @@ func (UnimplementedPolicyServiceServer) ContainerPolicy(context.Context, *Policy func (UnimplementedPolicyServiceServer) HostPolicy(context.Context, *Policy) (*Response, error) { return nil, status.Errorf(codes.Unimplemented, "method HostPolicy not implemented") } +func (UnimplementedPolicyServiceServer) mustEmbedUnimplementedPolicyServiceServer() {} // UnsafePolicyServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to PolicyServiceServer will @@ -227,15 +229,16 @@ func (x *policyStreamServiceHostPolicyClient) Recv() (*Policy, error) { } // PolicyStreamServiceServer is the server API for PolicyStreamService service. -// All implementations should embed UnimplementedPolicyStreamServiceServer +// All implementations must embed UnimplementedPolicyStreamServiceServer // for forward compatibility type PolicyStreamServiceServer interface { HealthCheck(context.Context, *HealthCheckReq) (*HealthCheckReply, error) ContainerPolicy(PolicyStreamService_ContainerPolicyServer) error HostPolicy(PolicyStreamService_HostPolicyServer) error + mustEmbedUnimplementedPolicyStreamServiceServer() } -// UnimplementedPolicyStreamServiceServer should be embedded to have forward compatible implementations. +// UnimplementedPolicyStreamServiceServer must be embedded to have forward compatible implementations. type UnimplementedPolicyStreamServiceServer struct { } @@ -248,6 +251,7 @@ func (UnimplementedPolicyStreamServiceServer) ContainerPolicy(PolicyStreamServic func (UnimplementedPolicyStreamServiceServer) HostPolicy(PolicyStreamService_HostPolicyServer) error { return status.Errorf(codes.Unimplemented, "method HostPolicy not implemented") } +func (UnimplementedPolicyStreamServiceServer) mustEmbedUnimplementedPolicyStreamServiceServer() {} // UnsafePolicyStreamServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to PolicyStreamServiceServer will