github.com/cilium/cilium@v1.16.2/pkg/datapath/prefilter/api.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package prefilter
     5  
     6  import (
     7  	"fmt"
     8  	"net"
     9  
    10  	"github.com/go-openapi/runtime/middleware"
    11  
    12  	"github.com/cilium/cilium/api/v1/models"
    13  	"github.com/cilium/cilium/api/v1/server/restapi/prefilter"
    14  	"github.com/cilium/cilium/pkg/api"
    15  	datapath "github.com/cilium/cilium/pkg/datapath/types"
    16  )
    17  
    18  type getPrefilterHandler struct {
    19  	preFilter datapath.PreFilter
    20  }
    21  
    22  func (h *getPrefilterHandler) Handle(_ prefilter.GetPrefilterParams) middleware.Responder {
    23  	var list []string
    24  	var revision int64
    25  	if !h.preFilter.Enabled() {
    26  		msg := fmt.Errorf("prefilter is not enabled in daemon")
    27  		return api.Error(prefilter.GetPrefilterFailureCode, msg)
    28  	}
    29  	list, revision = h.preFilter.Dump(list)
    30  	spec := &models.PrefilterSpec{
    31  		Revision: revision,
    32  		Deny:     list,
    33  	}
    34  	status := &models.Prefilter{
    35  		Spec: spec,
    36  		Status: &models.PrefilterStatus{
    37  			Realized: spec,
    38  		},
    39  	}
    40  	return prefilter.NewGetPrefilterOK().WithPayload(status)
    41  }
    42  
    43  type patchPrefilterHandler struct {
    44  	preFilter datapath.PreFilter
    45  }
    46  
    47  func (h *patchPrefilterHandler) Handle(params prefilter.PatchPrefilterParams) middleware.Responder {
    48  	if !h.preFilter.Enabled() {
    49  		msg := fmt.Errorf("prefilter is not enabled in daemon")
    50  		return api.Error(prefilter.PatchPrefilterFailureCode, msg)
    51  	}
    52  
    53  	spec := params.PrefilterSpec
    54  	list := make([]net.IPNet, 0, len(spec.Deny))
    55  	for _, cidrStr := range spec.Deny {
    56  		_, cidr, err := net.ParseCIDR(cidrStr)
    57  		if err != nil {
    58  			msg := fmt.Errorf("invalid CIDR string %s", cidrStr)
    59  			return api.Error(prefilter.PatchPrefilterInvalidCIDRCode, msg)
    60  		}
    61  		list = append(list, *cidr)
    62  	}
    63  	err := h.preFilter.Insert(spec.Revision, list)
    64  	if err != nil {
    65  		return api.Error(prefilter.PatchPrefilterFailureCode, err)
    66  	}
    67  	return prefilter.NewPatchPrefilterOK()
    68  }
    69  
    70  type deletePrefilterHandler struct {
    71  	preFilter datapath.PreFilter
    72  }
    73  
    74  func (h *deletePrefilterHandler) Handle(params prefilter.DeletePrefilterParams) middleware.Responder {
    75  	if !h.preFilter.Enabled() {
    76  		msg := fmt.Errorf("prefilter is not enabled in daemon")
    77  		return api.Error(prefilter.DeletePrefilterFailureCode, msg)
    78  	}
    79  
    80  	spec := params.PrefilterSpec
    81  	list := make([]net.IPNet, 0, len(spec.Deny))
    82  	for _, cidrStr := range spec.Deny {
    83  		_, cidr, err := net.ParseCIDR(cidrStr)
    84  		if err != nil {
    85  			msg := fmt.Errorf("invalid CIDR string %s", cidrStr)
    86  			return api.Error(prefilter.DeletePrefilterInvalidCIDRCode, msg)
    87  		}
    88  		list = append(list, *cidr)
    89  	}
    90  	err := h.preFilter.Delete(spec.Revision, list)
    91  	if err != nil {
    92  		return api.Error(prefilter.DeletePrefilterFailureCode, err)
    93  	}
    94  	return prefilter.NewDeletePrefilterOK()
    95  }