-
Notifications
You must be signed in to change notification settings - Fork 25
/
check.go
86 lines (76 loc) · 2.46 KB
/
check.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package check
import (
"context"
"time"
"google.golang.org/protobuf/types/known/timestamppb"
flowcontrolv1 "github.com/fluxninja/aperture/api/gen/proto/go/aperture/flowcontrol/check/v1"
otelconsts "github.com/fluxninja/aperture/pkg/otelcollector/consts"
"github.com/fluxninja/aperture/pkg/policies/flowcontrol/iface"
"github.com/fluxninja/aperture/pkg/policies/flowcontrol/servicegetter"
)
// Handler implements the flowcontrol.v1 Service
//
// It also accepts a pointer to an EntityCache for services lookup.
type Handler struct {
flowcontrolv1.UnimplementedFlowControlServiceServer
serviceGetter servicegetter.ServiceGetter
metrics Metrics
engine iface.Engine
}
// NewHandler creates a flowcontrol Handler.
func NewHandler(
serviceGetter servicegetter.ServiceGetter,
metrics Metrics,
engine iface.Engine,
) *Handler {
return &Handler{
serviceGetter: serviceGetter,
metrics: metrics,
engine: engine,
}
}
// HandlerWithValues implements the flowcontrol.v1 service using collected inferred values.
type HandlerWithValues interface {
CheckWithValues(
context.Context,
[]string,
string,
map[string]string,
) *flowcontrolv1.CheckResponse
}
// CheckWithValues makes decision using collected inferred fields from authz or Handler.
func (h *Handler) CheckWithValues(
ctx context.Context,
serviceIDs []string,
controlPoint string,
labels map[string]string,
) *flowcontrolv1.CheckResponse {
checkResponse := h.engine.ProcessRequest(ctx, controlPoint, serviceIDs, labels)
h.metrics.CheckResponse(checkResponse.DecisionType, checkResponse.GetRejectReason())
return checkResponse
}
// Check is the Check method of Flow Control service returns the allow/deny decisions of
// whether to accept the traffic after running the algorithms.
func (h *Handler) Check(ctx context.Context, req *flowcontrolv1.CheckRequest) (*flowcontrolv1.CheckResponse, error) {
// record the start time of the request
start := time.Now()
// handle empty labels
labels := req.Labels
if labels == nil {
labels = make(map[string]string)
}
// CheckWithValues already pushes result to metrics
resp := h.CheckWithValues(
ctx,
h.serviceGetter.ServicesFromContext(ctx),
req.ControlPoint,
labels,
)
end := time.Now()
resp.Start = timestamppb.New(start)
resp.End = timestamppb.New(end)
resp.TelemetryFlowLabels = labels
// add control point type
resp.TelemetryFlowLabels[otelconsts.ApertureControlPointTypeLabel] = otelconsts.FeatureControlPoint
return resp, nil
}