github.phpd.cn/cilium/cilium@v1.6.12/daemon/prefilter.go (about) 1 // Copyright 2017 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package main 16 17 import ( 18 "fmt" 19 "net" 20 21 "github.com/cilium/cilium/api/v1/models" 22 . "github.com/cilium/cilium/api/v1/server/restapi/prefilter" 23 "github.com/cilium/cilium/pkg/api" 24 "github.com/go-openapi/runtime/middleware" 25 ) 26 27 type getPrefilter struct { 28 d *Daemon 29 } 30 31 // NewGetPrefilterHandler returns new get handler for api 32 func NewGetPrefilterHandler(d *Daemon) GetPrefilterHandler { 33 return &getPrefilter{d: d} 34 } 35 36 func (h *getPrefilter) Handle(params GetPrefilterParams) middleware.Responder { 37 var list []string 38 var revision int64 39 if h.d.preFilter == nil { 40 msg := fmt.Errorf("Prefilter is not enabled in daemon") 41 return api.Error(GetPrefilterFailureCode, msg) 42 } 43 list, revision = h.d.preFilter.Dump(list) 44 spec := &models.PrefilterSpec{ 45 Revision: revision, 46 Deny: list, 47 } 48 status := &models.Prefilter{ 49 Spec: spec, 50 Status: &models.PrefilterStatus{ 51 Realized: spec, 52 }, 53 } 54 return NewGetPrefilterOK().WithPayload(status) 55 } 56 57 type patchPrefilter struct { 58 d *Daemon 59 } 60 61 // NewPatchPrefilterHandler returns new patch handler for api 62 func NewPatchPrefilterHandler(d *Daemon) PatchPrefilterHandler { 63 return &patchPrefilter{d: d} 64 } 65 66 func (h *patchPrefilter) Handle(params PatchPrefilterParams) middleware.Responder { 67 var list []net.IPNet 68 spec := params.PrefilterSpec 69 if h.d.preFilter == nil { 70 msg := fmt.Errorf("Prefilter is not enabled in daemon") 71 return api.Error(PatchPrefilterFailureCode, msg) 72 } 73 for _, cidrStr := range spec.Deny { 74 _, cidr, err := net.ParseCIDR(cidrStr) 75 if err != nil { 76 msg := fmt.Errorf("Invalid CIDR string %s", cidrStr) 77 return api.Error(PatchPrefilterInvalidCIDRCode, msg) 78 } 79 list = append(list, *cidr) 80 } 81 err := h.d.preFilter.Insert(spec.Revision, list) 82 if err != nil { 83 return api.Error(PatchPrefilterFailureCode, err) 84 } 85 return NewPatchPrefilterOK() 86 } 87 88 type deletePrefilter struct { 89 d *Daemon 90 } 91 92 // NewDeletePrefilterHandler returns new patch handler for api 93 func NewDeletePrefilterHandler(d *Daemon) DeletePrefilterHandler { 94 return &deletePrefilter{d: d} 95 } 96 97 func (h *deletePrefilter) Handle(params DeletePrefilterParams) middleware.Responder { 98 var list []net.IPNet 99 spec := params.PrefilterSpec 100 if h.d.preFilter == nil { 101 msg := fmt.Errorf("Prefilter is not enabled in daemon") 102 return api.Error(DeletePrefilterFailureCode, msg) 103 } 104 for _, cidrStr := range spec.Deny { 105 _, cidr, err := net.ParseCIDR(cidrStr) 106 if err != nil { 107 msg := fmt.Errorf("Invalid CIDR string %s", cidrStr) 108 return api.Error(DeletePrefilterInvalidCIDRCode, msg) 109 } 110 list = append(list, *cidr) 111 } 112 err := h.d.preFilter.Delete(spec.Revision, list) 113 if err != nil { 114 return api.Error(DeletePrefilterFailureCode, err) 115 } 116 return NewDeletePrefilterOK() 117 }