-
Notifications
You must be signed in to change notification settings - Fork 1
/
service.go
84 lines (72 loc) · 1.6 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
// Copyright © 2022 Roberto Hidalgo <[email protected]>
// SPDX-License-Identifier: Apache-2.0
package catalog
import (
"net"
"strings"
)
// ServiceACL holds an action and corresponding network range.
type ServiceACL struct {
Action string
Networks []*net.IPNet
}
// Service has a target and ACL rules.
type Service struct {
Name string
Target string
ACL []*ServiceACL
Addresses []net.IP
}
func NewService(name, target string) *Service {
svc := &Service{
Name: name,
Target: target,
ACL: []*ServiceACL{},
Addresses: []net.IP{},
}
return svc
}
// RespondsTo returns if a service is allowed to talk to an IP.
func (s Service) RespondsTo(ip net.IP) bool {
Log.Debugf("Evaluating %d rules", len(s.ACL))
for _, acl := range s.ACL {
Log.Debugf("Evaluating %s", acl.Networks)
for _, net := range acl.Networks {
if net.Contains(ip) {
switch acl.Action {
case "allow":
Log.Debugf("Allowed %s from %s", ip, acl.Networks)
return true
case "deny":
Log.Debugf("Denied %s from %s", ip, acl.Networks)
return false
default:
Log.Errorf("unknown acl action: %s", acl.Action)
}
}
}
}
return false
}
type ServiceMap map[string]*Service
func (s ServiceMap) Find(query string) *Service {
if svc, ok := s[query]; ok {
return svc
}
if strings.Contains(query, ".") {
foundDot := false
starName := "*." + strings.TrimLeftFunc(query, func(r rune) bool {
if foundDot {
return false
}
if r == '.' {
foundDot = true
}
return true
})
if svc, ok := s[starName]; ok {
return svc
}
}
return nil
}