github.com/cilium/cilium@v1.16.2/pkg/hubble/filters/identity.go

github.com/cilium/cilium@v1.16.2/pkg/hubble/filters/identity.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Hubble
     3  
     4  package filters
     5  
     6  import (
     7  	"context"
     8  
     9  	flowpb "github.com/cilium/cilium/api/v1/flow"
    10  	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
    11  )
    12  
    13  func sourceEndpoint(ev *v1.Event) *flowpb.Endpoint {
    14  	return ev.GetFlow().GetSource()
    15  }
    16  
    17  func destinationEndpoint(ev *v1.Event) *flowpb.Endpoint {
    18  	return ev.GetFlow().GetDestination()
    19  }
    20  
    21  func filterByIdentity(identities []uint32, getEndpoint func(*v1.Event) *flowpb.Endpoint) FilterFunc {
    22  	return func(ev *v1.Event) bool {
    23  		if endpoint := getEndpoint(ev); endpoint != nil {
    24  			for _, i := range identities {
    25  				if i == endpoint.Identity {
    26  					return true
    27  				}
    28  			}
    29  		}
    30  		return false
    31  	}
    32  }
    33  
    34  // IdentityFilter implements filtering based on security identity
    35  type IdentityFilter struct{}
    36  
    37  // OnBuildFilter builds a security identity filter
    38  func (i *IdentityFilter) OnBuildFilter(ctx context.Context, ff *flowpb.FlowFilter) ([]FilterFunc, error) {
    39  	var fs []FilterFunc
    40  
    41  	if ff.GetSourceIdentity() != nil {
    42  		fs = append(fs, filterByIdentity(ff.GetSourceIdentity(), sourceEndpoint))
    43  	}
    44  
    45  	if ff.GetDestinationIdentity() != nil {
    46  		fs = append(fs, filterByIdentity(ff.GetDestinationIdentity(), destinationEndpoint))
    47  	}
    48  
    49  	return fs, nil
    50  }