github.com/cilium/cilium@v1.16.2/pkg/maps/authmap/cell.go

github.com/cilium/cilium@v1.16.2/pkg/maps/authmap/cell.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package authmap
     5  
     6  import (
     7  	"github.com/cilium/hive/cell"
     8  
     9  	"github.com/cilium/cilium/pkg/bpf"
    10  	"github.com/cilium/cilium/pkg/option"
    11  )
    12  
    13  // Cell provides the auth.Map which contains the authentication state between Cilium security identities.
    14  // Datapath checks the map for a valid authentication entry whenever authentication is demanded by a policy.
    15  // If no or an expired entry is found the packet gets dropped and an authentication gets requested via
    16  // auth.Manager.
    17  var Cell = cell.Module(
    18  	"auth-map",
    19  	"eBPF map which manages authenticated connections between identities",
    20  
    21  	cell.Provide(newAuthMap),
    22  )
    23  
    24  func newAuthMap(lifecycle cell.Lifecycle) bpf.MapOut[Map] {
    25  	authMap := newMap(option.Config.AuthMapEntries)
    26  
    27  	lifecycle.Append(cell.Hook{
    28  		OnStart: func(context cell.HookContext) error {
    29  			return authMap.init()
    30  		},
    31  		OnStop: func(context cell.HookContext) error {
    32  			return authMap.close()
    33  		},
    34  	})
    35  
    36  	return bpf.NewMapOut(Map(authMap))
    37  }