Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

Commit

Permalink
Remove the dependency of 'ipset' package on Kubernetes
Browse files Browse the repository at this point in the history 
We don't want everyone that uses the `net` package to get a transitive
dependency on the Kubernetes APIs, so have it define the `UID` type.

Conceptually this is a simple change because `UID` is a `string`, but
unfortunately it is used in a lot of places.
  • Loading branch information
@bboreham
bboreham committed Jul 29, 2020
1 parent a3c76e1 commit ca4f93d
Show file tree
Hide file tree
Showing 8 changed files with 103 additions and 100 deletions.
5 changes: 2 additions & 3 deletions net/bridge.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/vishvananda/netlink"
"k8s.io/apimachinery/pkg/types"

"github.com/weaveworks/weave/common"
"github.com/weaveworks/weave/common/chains"
Expand Down Expand Up @@ -588,13 +587,13 @@ func ConfigureIPTables(config *BridgeConfig, ips ipset.Interface) error {

type NoMasqLocalTracker struct {
ips ipset.Interface
owner types.UID
owner ipset.UID
}

func NewNoMasqLocalTracker(ips ipset.Interface) *NoMasqLocalTracker {
return &NoMasqLocalTracker{
ips: ips,
owner: types.UID(0), // dummy ipset owner
owner: ipset.UID(0), // dummy ipset owner
}
}

Expand Down
31 changes: 16 additions & 15 deletions net/ipset/ipset.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,14 @@ import (
"strings"

"github.com/pkg/errors"
"k8s.io/apimachinery/pkg/types"
)

type Name string

type Type string

type UID string

const (
ListSet = Type("list:set")
HashIP = Type("hash:ip")
Expand All @@ -24,9 +25,9 @@ const (

type Interface interface {
Create(ipsetName Name, ipsetType Type) error
AddEntry(user types.UID, ipsetName Name, entry string, comment string) error
DelEntry(user types.UID, ipsetName Name, entry string) error
EntryExists(user types.UID, ipsetName Name, entry string) bool
AddEntry(user UID, ipsetName Name, entry string, comment string) error
DelEntry(user UID, ipsetName Name, entry string) error
EntryExists(user UID, ipsetName Name, entry string) bool
Exists(ipsetName Name) (bool, error)
Flush(ipsetName Name) error
Destroy(ipsetName Name) error
Expand All @@ -50,15 +51,15 @@ type ipset struct {
// There might be multiple users for the same ipset & entry pair because
// events from k8s API server might be out of order causing duplicate IPs:
// https://github.com/weaveworks/weave/issues/2792.
users map[entryKey]map[types.UID]struct{}
users map[entryKey]map[UID]struct{}
}

func New(logger *log.Logger, maxListSize int) Interface {
ips := &ipset{
Logger: logger,
enableComments: true,
maxListSize: maxListSize,
users: make(map[entryKey]map[types.UID]struct{}),
users: make(map[entryKey]map[UID]struct{}),
}

// Check for comment support
Expand Down Expand Up @@ -94,7 +95,7 @@ func (i *ipset) Create(ipsetName Name, ipsetType Type) error {
return doExec(args...)
}

func (i *ipset) AddEntry(user types.UID, ipsetName Name, entry string, comment string) error {
func (i *ipset) AddEntry(user UID, ipsetName Name, entry string, comment string) error {
i.Logger.Printf("adding entry %s to %s of %s", entry, ipsetName, user)

if !i.addUser(user, ipsetName, entry) { // already in the set
Expand All @@ -110,7 +111,7 @@ func (i *ipset) AddEntry(user types.UID, ipsetName Name, entry string, comment s
return doExec(args...)
}

func (i *ipset) DelEntry(user types.UID, ipsetName Name, entry string) error {
func (i *ipset) DelEntry(user UID, ipsetName Name, entry string) error {
i.Logger.Printf("deleting entry %s from %s of %s", entry, ipsetName, user)

if !i.delUser(user, ipsetName, entry) { // still needed
Expand All @@ -122,7 +123,7 @@ func (i *ipset) DelEntry(user types.UID, ipsetName Name, entry string) error {
return doExec("del", string(ipsetName), entry)
}

func (i *ipset) EntryExists(user types.UID, ipsetName Name, entry string) bool {
func (i *ipset) EntryExists(user UID, ipsetName Name, entry string) bool {
return i.existUser(user, ipsetName, entry)
}

Expand All @@ -146,7 +147,7 @@ func (i *ipset) Flush(ipsetName Name) error {
}

func (i *ipset) FlushAll() error {
i.users = make(map[entryKey]map[types.UID]struct{})
i.users = make(map[entryKey]map[UID]struct{})
return doExec("flush")
}

Expand All @@ -156,7 +157,7 @@ func (i *ipset) Destroy(ipsetName Name) error {
}

func (i *ipset) DestroyAll() error {
i.users = make(map[entryKey]map[types.UID]struct{})
i.users = make(map[entryKey]map[UID]struct{})
return doExec("destroy")
}

Expand All @@ -179,12 +180,12 @@ func (i *ipset) List(prefix string) ([]Name, error) {
}

// Returns true if entry does not exist in ipset (entry has to be inserted into ipset).
func (i *ipset) addUser(user types.UID, ipsetName Name, entry string) bool {
func (i *ipset) addUser(user UID, ipsetName Name, entry string) bool {
k := entryKey{ipsetName, entry}
add := false

if i.users[k] == nil {
i.users[k] = make(map[types.UID]struct{})
i.users[k] = make(map[UID]struct{})
}
if len(i.users[k]) == 0 {
add = true
Expand All @@ -195,7 +196,7 @@ func (i *ipset) addUser(user types.UID, ipsetName Name, entry string) bool {
}

// Returns true if user is the last owner of entry (entry has to be removed from ipset).
func (i *ipset) delUser(user types.UID, ipsetName Name, entry string) bool {
func (i *ipset) delUser(user UID, ipsetName Name, entry string) bool {
k := entryKey{ipsetName, entry}

oneLeft := len(i.users[k]) == 1
Expand All @@ -208,7 +209,7 @@ func (i *ipset) delUser(user types.UID, ipsetName Name, entry string) bool {
return oneLeft && (len(i.users[k]) == 0)
}

func (i *ipset) existUser(user types.UID, ipsetName Name, entry string) bool {
func (i *ipset) existUser(user UID, ipsetName Name, entry string) bool {
_, ok := i.users[entryKey{ipsetName, entry}][user]
return ok
}
Expand Down
12 changes: 10 additions & 2 deletions npc/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ func (npc *controller) onNewNsSelector(selector *selector) error {
for _, ns := range npc.nss {
if ns.namespace != nil {
if selector.matchesNamespaceSelector(ns.namespace.ObjectMeta.Labels) {
if err := selector.addEntry(ns.namespace.ObjectMeta.UID, string(ns.allPods.ipsetName), namespaceComment(ns)); err != nil {
if err := selector.addEntry(nsuid(ns.namespace), string(ns.allPods.ipsetName), namespaceComment(ns)); err != nil {
return err
}
}
Expand All @@ -78,7 +78,7 @@ func (npc *controller) onNewNamespacePodsSelector(selector *selector) error {
for _, pod := range ns.pods {
if hasIP(pod) {
if selector.matchesNamespacedPodSelector(pod.ObjectMeta.Labels, ns.namespace.ObjectMeta.Labels) {
if err := selector.addEntry(pod.ObjectMeta.UID, pod.Status.PodIP, podComment(pod)); err != nil {
if err := selector.addEntry(uid(pod), pod.Status.PodIP, podComment(pod)); err != nil {
return err
}

Expand Down Expand Up @@ -263,3 +263,11 @@ func isEgressNetworkPolicy(obj interface{}) (bool, error) {
}
return false, errInvalidNetworkPolicyObjType
}

func uid(pod *coreapi.Pod) ipset.UID {
return ipset.UID(pod.UID)
}

func nsuid(ns *coreapi.Namespace) ipset.UID {
return ipset.UID(ns.UID)
}
15 changes: 7 additions & 8 deletions npc/controller_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,14 @@ import (
coreapi "k8s.io/api/core/v1"
networkingv1 "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/client-go/kubernetes/fake"
)

type mockSet struct {
name ipset.Name
setType ipset.Type
subSets map[string]map[types.UID]bool
subSets map[string]map[ipset.UID]bool
}

type mockIPSet struct {
Expand All @@ -36,17 +35,17 @@ func (i *mockIPSet) Create(ipsetName ipset.Name, ipsetType ipset.Type) error {
if _, ok := i.sets[string(ipsetName)]; ok {
return errors.Errorf("ipset %s already exists", ipsetName)
}
i.sets[string(ipsetName)] = mockSet{name: ipsetName, setType: ipsetType, subSets: make(map[string]map[types.UID]bool)}
i.sets[string(ipsetName)] = mockSet{name: ipsetName, setType: ipsetType, subSets: make(map[string]map[ipset.UID]bool)}
return nil
}

func (i *mockIPSet) AddEntry(user types.UID, ipsetName ipset.Name, entry string, comment string) error {
func (i *mockIPSet) AddEntry(user ipset.UID, ipsetName ipset.Name, entry string, comment string) error {
log.Printf("adding entry %s to %s for %s", entry, ipsetName, user)
if _, ok := i.sets[string(ipsetName)]; !ok {
return errors.Errorf("%s does not exist", entry)
}
if i.sets[string(ipsetName)].subSets[entry] == nil {
i.sets[string(ipsetName)].subSets[entry] = make(map[types.UID]bool)
i.sets[string(ipsetName)].subSets[entry] = make(map[ipset.UID]bool)
}
if _, ok := i.sets[string(ipsetName)].subSets[entry][user]; ok {
return errors.Errorf("user %s already owns entry %s", user, entry)
Expand All @@ -56,7 +55,7 @@ func (i *mockIPSet) AddEntry(user types.UID, ipsetName ipset.Name, entry string,
return nil
}

func (i *mockIPSet) DelEntry(user types.UID, ipsetName ipset.Name, entry string) error {
func (i *mockIPSet) DelEntry(user ipset.UID, ipsetName ipset.Name, entry string) error {
log.Printf("deleting entry %s from %s for %s", entry, ipsetName, user)
if _, ok := i.sets[string(ipsetName)]; !ok {
return errors.Errorf("ipset %s does not exist", ipsetName)
Expand All @@ -73,7 +72,7 @@ func (i *mockIPSet) DelEntry(user types.UID, ipsetName ipset.Name, entry string)
return nil
}

func (i *mockIPSet) EntryExists(user types.UID, ipsetName ipset.Name, entry string) bool {
func (i *mockIPSet) EntryExists(user ipset.UID, ipsetName ipset.Name, entry string) bool {
_, ok := i.sets[string(ipsetName)].subSets[entry][user]
return ok
}
Expand Down Expand Up @@ -429,7 +428,7 @@ func TestOutOfOrderPodEvents(t *testing.T) {

// Should be in default-allow as no netpol selects podBar
require.True(t, m.entriesExist(ingressDefaultAllowIPSetName, podIP))
require.True(t, m.EntryExists(podBar.ObjectMeta.UID, ingressDefaultAllowIPSetName, podIP))
require.True(t, m.EntryExists(uid(podBar), ingressDefaultAllowIPSetName, podIP))
// Should be in run=bar ipset
require.True(t, m.entriesExist(runBarIPSetName, podIP))

Expand Down
11 changes: 5 additions & 6 deletions npc/ipblock.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"strings"

networkingv1 "k8s.io/api/networking/v1"
"k8s.io/apimachinery/pkg/types"

"github.com/weaveworks/weave/common"
"github.com/weaveworks/weave/net/ipset"
Expand Down Expand Up @@ -51,17 +50,17 @@ func (spec *ipBlockSpec) getRuleSpec(src bool) ([]string, string) {

type ipBlockSet struct {
ips ipset.Interface
users map[string]map[types.UID]struct{}
users map[string]map[ipset.UID]struct{}
}

func newIPBlockSet(ips ipset.Interface) *ipBlockSet {
return &ipBlockSet{
ips: ips,
users: make(map[string]map[types.UID]struct{}),
users: make(map[string]map[ipset.UID]struct{}),
}
}

func (s *ipBlockSet) deprovision(user types.UID, current, desired map[string]*ipBlockSpec) error {
func (s *ipBlockSet) deprovision(user ipset.UID, current, desired map[string]*ipBlockSpec) error {
for key, spec := range current {
if key == "" {
continue
Expand All @@ -83,7 +82,7 @@ func (s *ipBlockSet) deprovision(user types.UID, current, desired map[string]*ip
return nil
}

func (s *ipBlockSet) provision(user types.UID, current, desired map[string]*ipBlockSpec) (err error) {
func (s *ipBlockSet) provision(user ipset.UID, current, desired map[string]*ipBlockSpec) (err error) {
for key, spec := range desired {
if key == "" {
// No need to provision an ipBlock with empty list of excepted CIDRs
Expand All @@ -106,7 +105,7 @@ func (s *ipBlockSet) provision(user types.UID, current, desired map[string]*ipBl
}
}

s.users[key] = make(map[types.UID]struct{})
s.users[key] = make(map[ipset.UID]struct{})
}
s.users[key][user] = struct{}{}
}
Expand Down
Loading

0 comments on commit ca4f93d

Please sign in to comment.