本文整理匯總了Golang中github.com/cilium/cilium/pkg/endpoint.Endpoint.Allows方法的典型用法代碼示例。如果您正苦於以下問題:Golang Endpoint.Allows方法的具體用法?Golang Endpoint.Allows怎麽用?Golang Endpoint.Allows使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類github.com/cilium/cilium/pkg/endpoint.Endpoint的用法示例。
在下文中一共展示了Endpoint.Allows方法的1個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: TestUpdateConsumerMap
func (ds *DaemonSuite) TestUpdateConsumerMap(c *C) {
lblProd := labels.NewLabel("io.cilium.Prod", "", common.CiliumLabelSource)
lblQA := labels.NewLabel("io.cilium.QA", "", common.CiliumLabelSource)
lblFoo := labels.NewLabel("io.cilium.foo", "", common.CiliumLabelSource)
lblBar := labels.NewLabel("io.cilium.bar", "", common.CiliumLabelSource)
lblJoe := labels.NewLabel("io.cilium.user", "joe", common.CiliumLabelSource)
lblPete := labels.NewLabel("io.cilium.user", "pete", common.CiliumLabelSource)
rootNode := policy.Node{
Name: common.GlobalLabelPrefix,
Rules: []policy.PolicyRule{
&policy.PolicyRuleConsumers{
Coverage: []labels.Label{*lblBar},
Allow: []policy.AllowRule{
// always-allow: user=joe
{Action: policy.ALWAYS_ACCEPT, Label: *lblJoe},
// allow: user=pete
{Action: policy.ACCEPT, Label: *lblPete},
},
},
&policy.PolicyRuleRequires{ // coverage qa, requires qa
Coverage: []labels.Label{*lblQA},
Requires: []labels.Label{*lblQA},
},
&policy.PolicyRuleRequires{ // coverage prod, requires: prod
Coverage: []labels.Label{*lblProd},
Requires: []labels.Label{*lblProd},
},
},
Children: map[string]*policy.Node{
"foo": {},
"bar": {
Rules: []policy.PolicyRule{
&policy.PolicyRuleConsumers{
Allow: []policy.AllowRule{
{ // allow: foo
Action: policy.ACCEPT,
Label: *lblFoo,
},
{Action: policy.DENY, Label: *lblJoe},
{Action: policy.DENY, Label: *lblPete},
},
},
},
},
},
}
c.Assert(rootNode.ResolveTree(), Equals, nil)
err := ds.d.PolicyAdd("io.cilium", &rootNode)
c.Assert(err, Equals, nil)
qaBarLbls := labels.Labels{lblBar.Key: lblBar, lblQA.Key: lblQA}
qaBarSecLblsCtx, _, err := ds.d.PutLabels(qaBarLbls, "cc08ff400e355f736dce1c291a6a4007ab9f2d56d42e1f3630ba87b861d45307")
c.Assert(err, Equals, nil)
prodBarLbls := labels.Labels{lblBar.Key: lblBar, lblProd.Key: lblProd}
prodBarSecLblsCtx, _, err := ds.d.PutLabels(prodBarLbls, "cc08ff400e355f736dce1c291a6a4007ab9f2d56d42e1f3630ba87b861d45307")
c.Assert(err, Equals, nil)
qaFooLbls := labels.Labels{lblFoo.Key: lblFoo, lblQA.Key: lblQA}
qaFooSecLblsCtx, _, err := ds.d.PutLabels(qaFooLbls, "cc08ff400e355f736dce1c291a6a4007ab9f2d56d42e1f3630ba87b861d45307")
c.Assert(err, Equals, nil)
prodFooLbls := labels.Labels{lblFoo.Key: lblFoo, lblProd.Key: lblProd}
prodFooSecLblsCtx, _, err := ds.d.PutLabels(prodFooLbls, "cc08ff400e355f736dce1c291a6a4007ab9f2d56d42e1f3630ba87b861d45307")
c.Assert(err, Equals, nil)
prodFooJoeLbls := labels.Labels{lblFoo.Key: lblFoo, lblProd.Key: lblProd, lblJoe.Key: lblJoe}
prodFooJoeSecLblsCtx, _, err := ds.d.PutLabels(prodFooJoeLbls, "cc08ff400e355f736dce1c291a6a4007ab9f2d56d42e1f3630ba87b861d45307")
c.Assert(err, Equals, nil)
e := endpoint.Endpoint{
ID: 1,
IfName: "dummy1",
IPv6: IPv6Addr,
IPv4: IPv4Addr,
LXCMAC: HardAddr,
NodeMAC: HardAddr,
}
e.Opts = option.NewBoolOptions(&DaemonOptionLibrary)
e.Opts.SetIfUnset(endpoint.OptionLearnTraffic, false)
err = os.Mkdir("1", 755)
c.Assert(err, IsNil)
defer func() {
err = os.RemoveAll("1/geneve_opts.cfg")
err = os.RemoveAll("1/lxc_config.h")
time.Sleep(1 * time.Second)
err = os.RemoveAll("1")
err = os.RemoveAll("1_backup")
}()
e.SetSecLabel(qaBarSecLblsCtx)
err = ds.d.regenerateEndpoint(&e)
c.Assert(err, Equals, nil)
c.Assert(e.Allows(qaBarSecLblsCtx.ID), Equals, false)
c.Assert(e.Allows(prodBarSecLblsCtx.ID), Equals, false)
c.Assert(e.Allows(qaFooSecLblsCtx.ID), Equals, true)
c.Assert(e.Allows(prodFooSecLblsCtx.ID), Equals, false)
c.Assert(e.Allows(prodFooJoeSecLblsCtx.ID), Equals, true)
//.........這裏部分代碼省略.........