github.com/cilium/cilium@v1.16.2/pkg/auth/authmap_writer.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package auth
     5  
     6  import (
     7  	"errors"
     8  	"fmt"
     9  
    10  	"github.com/cilium/ebpf"
    11  	"github.com/sirupsen/logrus"
    12  
    13  	"github.com/cilium/cilium/pkg/datapath/linux/utime"
    14  	"github.com/cilium/cilium/pkg/identity"
    15  	"github.com/cilium/cilium/pkg/maps/authmap"
    16  	"github.com/cilium/cilium/pkg/policy"
    17  )
    18  
    19  type authMapWriter struct {
    20  	logger  logrus.FieldLogger
    21  	authMap authmap.Map
    22  }
    23  
    24  func newAuthMapWriter(logger logrus.FieldLogger, authMap authmap.Map) *authMapWriter {
    25  	return &authMapWriter{
    26  		logger:  logger,
    27  		authMap: authMap,
    28  	}
    29  }
    30  
    31  func (r *authMapWriter) All() (map[authKey]authInfo, error) {
    32  	result := map[authKey]authInfo{}
    33  
    34  	if err := r.authMap.IterateWithCallback(func(key *authmap.AuthKey, info *authmap.AuthInfo) {
    35  		result[authKey{
    36  			localIdentity:  identity.NumericIdentity(key.LocalIdentity),
    37  			remoteIdentity: identity.NumericIdentity(key.RemoteIdentity),
    38  			remoteNodeID:   key.RemoteNodeID,
    39  			authType:       policy.AuthType(key.AuthType),
    40  		}] = authInfo{
    41  			expiration: info.Expiration.Time(),
    42  		}
    43  	}); err != nil {
    44  		return nil, fmt.Errorf("failed to get all entries from auth map: %w", err)
    45  	}
    46  
    47  	return result, nil
    48  }
    49  
    50  func (r *authMapWriter) Get(key authKey) (authInfo, error) {
    51  	lookup, err := r.authMap.Lookup(authmap.AuthKey{
    52  		LocalIdentity:  key.localIdentity.Uint32(),
    53  		RemoteIdentity: key.remoteIdentity.Uint32(),
    54  		RemoteNodeID:   key.remoteNodeID,
    55  		AuthType:       key.authType.Uint8(),
    56  	})
    57  	if err != nil {
    58  		return authInfo{}, fmt.Errorf("failed to lookup authkey: %w", err)
    59  	}
    60  	return authInfo{
    61  		expiration: lookup.Expiration.Time(),
    62  	}, nil
    63  }
    64  
    65  func (r *authMapWriter) Update(key authKey, info authInfo) error {
    66  	return r.authMap.Update(authmap.AuthKey{
    67  		LocalIdentity:  key.localIdentity.Uint32(),
    68  		RemoteIdentity: key.remoteIdentity.Uint32(),
    69  		RemoteNodeID:   key.remoteNodeID,
    70  		AuthType:       key.authType.Uint8(),
    71  	}, utime.TimeToUTime(info.expiration))
    72  }
    73  
    74  func (r *authMapWriter) Delete(key authKey) error {
    75  	if err := r.authMap.Delete(authmap.AuthKey{
    76  		LocalIdentity:  key.localIdentity.Uint32(),
    77  		RemoteIdentity: key.remoteIdentity.Uint32(),
    78  		RemoteNodeID:   key.remoteNodeID,
    79  		AuthType:       key.authType.Uint8(),
    80  	}); err != nil {
    81  		return fmt.Errorf("failed to delete entry from auth map: %w", err)
    82  	}
    83  
    84  	return nil
    85  }
    86  
    87  func (r *authMapWriter) DeleteIf(predicate func(key authKey, info authInfo) bool) error {
    88  	all, err := r.All()
    89  	if err != nil {
    90  		return fmt.Errorf("failed to get all entries: %w", err)
    91  	}
    92  	for k, v := range all {
    93  		if predicate(k, v) {
    94  			if err := r.Delete(k); err != nil {
    95  				if errors.Is(err, ebpf.ErrKeyNotExist) {
    96  					r.logger.
    97  						WithField("key", k).
    98  						Debug("Failed to delete already deleted auth entry")
    99  					continue
   100  				}
   101  				return fmt.Errorf("failed to delete auth entry from map: %w", err)
   102  			}
   103  		}
   104  	}
   105  
   106  	return nil
   107  }
   108  
   109  func (r *authMapWriter) MaxEntries() uint32 {
   110  	return r.authMap.MaxEntries()
   111  }