github.com/cilium/cilium@v1.16.2/operator/auth/watcher.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package auth 5 6 import ( 7 "context" 8 9 "github.com/cilium/hive/cell" 10 "github.com/cilium/workerpool" 11 "github.com/sirupsen/logrus" 12 13 "github.com/cilium/cilium/operator/auth/identity" 14 ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2" 15 "github.com/cilium/cilium/pkg/k8s/resource" 16 ) 17 18 // params contains all the dependencies for the identity-gc. 19 // They will be provided through dependency injection. 20 type params struct { 21 cell.In 22 23 Logger logrus.FieldLogger 24 Lifecycle cell.Lifecycle 25 IdentityClient identity.Provider 26 Identity resource.Resource[*ciliumv2.CiliumIdentity] 27 28 Cfg Config 29 } 30 31 // IdentityWatcher represents the Cilium identities watcher. 32 // It watches for Cilium identities and upserts or deletes them in Spire. 33 type IdentityWatcher struct { 34 logger logrus.FieldLogger 35 36 identityClient identity.Provider 37 identity resource.Resource[*ciliumv2.CiliumIdentity] 38 wg *workerpool.WorkerPool 39 cfg Config 40 } 41 42 func registerIdentityWatcher(p params) { 43 if !p.Cfg.Enabled { 44 return 45 } 46 iw := &IdentityWatcher{ 47 logger: p.Logger, 48 identityClient: p.IdentityClient, 49 identity: p.Identity, 50 wg: workerpool.New(1), 51 cfg: p.Cfg, 52 } 53 p.Lifecycle.Append(cell.Hook{ 54 OnStart: func(ctx cell.HookContext) error { 55 return iw.wg.Submit("identity-watcher", func(ctx context.Context) error { 56 return iw.run(ctx) 57 }) 58 }, 59 OnStop: func(_ cell.HookContext) error { 60 return iw.wg.Close() 61 }, 62 }) 63 } 64 65 func (iw *IdentityWatcher) run(ctx context.Context) error { 66 for e := range iw.identity.Events(ctx) { 67 var err error 68 switch e.Kind { 69 case resource.Upsert: 70 err = iw.identityClient.Upsert(ctx, e.Object.GetName()) 71 iw.logger.WithError(err).WithField("identity", e.Object.GetName()).Info("Upsert identity") 72 case resource.Delete: 73 err = iw.identityClient.Delete(ctx, e.Object.GetName()) 74 iw.logger.WithError(err).WithField("identity", e.Object.GetName()).Info("Delete identity") 75 } 76 e.Done(err) 77 } 78 return nil 79 }