From a62c369b67b3463fa2a0e32141091b19e1f3c6c6 Mon Sep 17 00:00:00 2001
From: Sebastian Wicki <sebastian@isovalent.com>
Date: Tue, 25 Feb 2020 16:27:20 +0100
Subject: [PATCH] endpoint: Add GetRealizedPolicyRuleLabelsForKey

This function allows callers to get the list of policies which caused a
certain policy map entry to be added for a given endpoint.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
---
 pkg/endpoint/policy.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/pkg/endpoint/policy.go b/pkg/endpoint/policy.go
index 56425e4c4913..83f28b28c717 100644
--- a/pkg/endpoint/policy.go
+++ b/pkg/endpoint/policy.go
@@ -751,3 +751,23 @@ func (e *Endpoint) UpdateVisibilityPolicy(annoCB AnnotationsResolverCB) {
 	}
 	<-ch
 }
+
+// GetRealizedPolicyRuleLabelsForKey returns the list of policy rule labels
+// which match a given flow key (in host byte-order). The returned
+// LabelArrayList must not be modified. This function is exported to be
+// accessed by code outside of the Cilium code base (e.g. Hubble).
+func (e *Endpoint) GetRealizedPolicyRuleLabelsForKey(key policy.Key) (
+	derivedFrom labels.LabelArrayList,
+	revision uint64,
+	ok bool,
+) {
+	e.mutex.RLock()
+	defer e.mutex.RUnlock()
+
+	entry, ok := e.realizedPolicy.PolicyMapState[key]
+	if !ok {
+		return nil, 0, false
+	}
+
+	return entry.DerivedFromRules, e.policyRevision, true
+}