Skip to content

Commit

Permalink
remove debug macro and sync.once for handleRemoveAuthzPolicyDuringRes…
Browse files Browse the repository at this point in the history
…tart

Signed-off-by: superCharge-xsy <[email protected]>
  • Loading branch information
supercharge-xsy committed Sep 5, 2024
1 parent ce3903e commit f83283c
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 11 deletions.
2 changes: 0 additions & 2 deletions bpf/kmesh/workload/include/xdp.h
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@
#define PARSER_FAILED 1
#define PARSER_SUCC 0

#define AUTH_BY_XDP 1

struct xdp_info {
struct ethhdr *ethh;
union {
Expand Down
2 changes: 0 additions & 2 deletions bpf/kmesh/workload/xdp.c
Original file line number Diff line number Diff line change
Expand Up @@ -186,15 +186,13 @@ int xdp_shutdown(struct xdp_md *ctx)

// never failed
parser_tuple(&info, &tuple_info);
#ifdef AUTH_BY_XDP
// Before the authentication types supported by eBPF XDP are fully implemented,
// this section only processes AUTH_DENY. If get AUTH_ALLOW,
// it will still depend on the user-space authentication process to match other rule types.
if (xdp_rbac_manage(&info, &tuple_info) == AUTH_DENY) {
return xdp_deny_packet(&info, &tuple_info);
}

#endif
if (should_shutdown(&info, &tuple_info) == AUTH_FORBID)
shutdown_tuple(&info);

Expand Down
10 changes: 3 additions & 7 deletions pkg/controller/workload/workload_processor.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,6 @@ func (p *Processor) processWorkloadResponse(rsp *service_discovery_v3.DeltaDisco
if err != nil {
log.Error(err)
}
kmeshbpf.SetStartType(kmeshbpf.Normal)
}

func (p *Processor) deletePodFrontendData(uid uint32) error {
Expand Down Expand Up @@ -661,7 +660,9 @@ func (p *Processor) handleAuthorizationTypeResponse(rsp *service_discovery_v3.De
log.Debugf("remove authorization policy %s", resourceName)
}

p.handleRemovedAuthzPolicyDuringRestart(rbac)
p.once.Do(func() {
p.handleRemovedAuthzPolicyDuringRestart(rbac)
})

Check warning on line 665 in pkg/controller/workload/workload_processor.go

View check run for this annotation

Codecov / codecov/patch

pkg/controller/workload/workload_processor.go#L663-L665

Added lines #L663 - L665 were not covered by tests
return nil
}

Expand All @@ -673,10 +674,6 @@ func (p *Processor) handleRemovedAuthzPolicyDuringRestart(rbac *auth.Rbac) {
policyValue = security_v2.Authorization{}
)

Check warning on line 675 in pkg/controller/workload/workload_processor.go

View check run for this annotation

Codecov / codecov/patch

pkg/controller/workload/workload_processor.go#L672-L675

Added lines #L672 - L675 were not covered by tests

if kmeshbpf.GetStartType() != kmeshbpf.Restart {
return
}

log.Infof("reload authz config from last epoch")
/* We traverse hashName, if there is a record exists in bpf map
* but not in usercache, that means the data in the bpf map load
Expand All @@ -686,7 +683,6 @@ func (p *Processor) handleRemovedAuthzPolicyDuringRestart(rbac *auth.Rbac) {
policyCache := rbac.GetAllPolicies()
for str, num := range p.hashName.strToNum {
if _, exists := policyCache[str]; !exists {
log.Debugf("policyCache[%v] not exists", str)
if err := maps_v2.AuthorizationLookup(num, &policyValue); err == nil {
log.Debugf("Find policy: [%v:%v] Remove authz policy", str, num)
if err := maps_v2.AuthorizationDelete(num); err != nil {
Expand Down

0 comments on commit f83283c

Please sign in to comment.