forked from unRob/coredns-consul
-
Notifications
You must be signed in to change notification settings - Fork 0
/
service.go
45 lines (40 loc) · 1014 Bytes
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Copyright © 2022 Roberto Hidalgo <[email protected]>
// Modified by Charles Powell, 2023
// SPDX-License-Identifier: Apache-2.0
package catalog
import (
"net"
)
// ServiceACL holds an action and corresponding network range.
type ServiceACL struct {
Action string
Network *net.IPNet
}
// Service has a target and ACL rules.
type Service struct {
Name string
Target string
ACL []*ServiceACL
Addresses []net.IP
ApplyACL bool
}
// RespondsTo returns if a service is allowed to talk to an IP.
func (s Service) RespondsTo(ip net.IP) bool {
Log.Debugf("Evaluating %d rules", len(s.ACL))
for _, acl := range s.ACL {
Log.Debugf("Evaluating %s", acl.Network)
if acl.Network.Contains(ip) {
switch acl.Action {
case "allow":
Log.Debugf("Allowed %s from %s", ip, acl.Network)
return true
case "deny":
Log.Debugf("Denied %s from %s", ip, acl.Network)
return false
default:
Log.Errorf("unknown acl action: %s", acl.Action)
}
}
}
return false
}