Browse code
libnetwork/drivers/overlay: DiscoverNew: move logic to setKeys, updateKeys
Make the DiscoverNew switch only responsible for asserting the correct
data type, and push the conversion logic into the setKeys and updateKeys
methods.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2025/11/12 19:39:24Showing 2 changed files
| ... | ... |
@@ -16,6 +16,7 @@ import ( |
| 16 | 16 |
"syscall" |
| 17 | 17 |
|
| 18 | 18 |
"github.com/containerd/log" |
| 19 |
+ "github.com/moby/moby/v2/daemon/libnetwork/discoverapi" |
|
| 19 | 20 |
"github.com/moby/moby/v2/daemon/libnetwork/drivers/overlay/overlayutils" |
| 20 | 21 |
"github.com/moby/moby/v2/daemon/libnetwork/iptables" |
| 21 | 22 |
"github.com/moby/moby/v2/daemon/libnetwork/ns" |
| ... | ... |
@@ -449,7 +450,14 @@ func buildAeadAlgo(k *key, s int) *netlink.XfrmStateAlgo {
|
| 449 | 449 |
} |
| 450 | 450 |
} |
| 451 | 451 |
|
| 452 |
-func (d *driver) setKeys(keys []*key) error {
|
|
| 452 |
+func (d *driver) setKeys(ctx context.Context, encrData discoverapi.DriverEncryptionConfig) error {
|
|
| 453 |
+ keys := make([]*key, 0, len(encrData.Keys)) |
|
| 454 |
+ for i := 0; i < len(encrData.Keys); i++ {
|
|
| 455 |
+ keys = append(keys, &key{
|
|
| 456 |
+ value: encrData.Keys[i], |
|
| 457 |
+ tag: uint32(encrData.Tags[i]), |
|
| 458 |
+ }) |
|
| 459 |
+ } |
|
| 453 | 460 |
d.encrMu.Lock() |
| 454 | 461 |
defer d.encrMu.Unlock() |
| 455 | 462 |
|
| ... | ... |
@@ -459,7 +467,7 @@ func (d *driver) setKeys(keys []*key) error {
|
| 459 | 459 |
d.secMap = encrMap{}
|
| 460 | 460 |
d.keys = keys |
| 461 | 461 |
|
| 462 |
- log.G(context.TODO()).WithFields(log.Fields{
|
|
| 462 |
+ log.G(ctx).WithFields(log.Fields{
|
|
| 463 | 463 |
"driver": "overlay", |
| 464 | 464 |
"keys": d.keys, |
| 465 | 465 |
}).Debug("Set initial encryption keys")
|
| ... | ... |
@@ -468,11 +476,31 @@ func (d *driver) setKeys(keys []*key) error {
|
| 468 | 468 |
|
| 469 | 469 |
// updateKeys allows to add a new key and/or change the primary key and/or prune an existing key |
| 470 | 470 |
// The primary key is the key used in transmission and will go in first position in the list. |
| 471 |
-func (d *driver) updateKeys(newKey, primaryKey, pruneKey *key) error {
|
|
| 471 |
+func (d *driver) updateKeys(ctx context.Context, encrData discoverapi.DriverEncryptionUpdate) error {
|
|
| 472 |
+ var newKey, primaryKey, pruneKey *key |
|
| 473 |
+ if encrData.Key != nil {
|
|
| 474 |
+ newKey = &key{
|
|
| 475 |
+ value: encrData.Key, |
|
| 476 |
+ tag: uint32(encrData.Tag), |
|
| 477 |
+ } |
|
| 478 |
+ } |
|
| 479 |
+ if encrData.Primary != nil {
|
|
| 480 |
+ primaryKey = &key{
|
|
| 481 |
+ value: encrData.Primary, |
|
| 482 |
+ tag: uint32(encrData.PrimaryTag), |
|
| 483 |
+ } |
|
| 484 |
+ } |
|
| 485 |
+ if encrData.Prune != nil {
|
|
| 486 |
+ pruneKey = &key{
|
|
| 487 |
+ value: encrData.Prune, |
|
| 488 |
+ tag: uint32(encrData.PruneTag), |
|
| 489 |
+ } |
|
| 490 |
+ } |
|
| 491 |
+ |
|
| 472 | 492 |
d.encrMu.Lock() |
| 473 | 493 |
defer d.encrMu.Unlock() |
| 474 | 494 |
|
| 475 |
- log.G(context.TODO()).WithFields(log.Fields{
|
|
| 495 |
+ log.G(ctx).WithFields(log.Fields{
|
|
| 476 | 496 |
"driver": "overlay", |
| 477 | 497 |
"current": d.keys, |
| 478 | 498 |
"new": newKey, |
| ... | ... |
@@ -532,7 +560,7 @@ func (d *driver) updateKeys(newKey, primaryKey, pruneKey *key) error {
|
| 532 | 532 |
d.keys = append(d.keys[:delIdx], d.keys[delIdx+1:]...) |
| 533 | 533 |
} |
| 534 | 534 |
|
| 535 |
- log.G(context.TODO()).WithFields(log.Fields{
|
|
| 535 |
+ log.G(ctx).WithFields(log.Fields{
|
|
| 536 | 536 |
"driver": "overlay", |
| 537 | 537 |
"keys": d.keys, |
| 538 | 538 |
}).Debug("Updated encryption keys")
|
| ... | ... |
@@ -11,7 +11,6 @@ import ( |
| 11 | 11 |
"net/netip" |
| 12 | 12 |
"sync" |
| 13 | 13 |
|
| 14 |
- "github.com/containerd/log" |
|
| 15 | 14 |
"github.com/moby/moby/v2/daemon/libnetwork/discoverapi" |
| 16 | 15 |
"github.com/moby/moby/v2/daemon/libnetwork/driverapi" |
| 17 | 16 |
"github.com/moby/moby/v2/daemon/libnetwork/scope" |
| ... | ... |
@@ -121,49 +120,18 @@ func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data any) error {
|
| 121 | 121 |
case discoverapi.EncryptionKeysConfig: |
| 122 | 122 |
encrData, ok := data.(discoverapi.DriverEncryptionConfig) |
| 123 | 123 |
if !ok {
|
| 124 |
- return errors.New("invalid encryption key notification data")
|
|
| 125 |
- } |
|
| 126 |
- keys := make([]*key, 0, len(encrData.Keys)) |
|
| 127 |
- for i := 0; i < len(encrData.Keys); i++ {
|
|
| 128 |
- k := &key{
|
|
| 129 |
- value: encrData.Keys[i], |
|
| 130 |
- tag: uint32(encrData.Tags[i]), |
|
| 131 |
- } |
|
| 132 |
- keys = append(keys, k) |
|
| 133 |
- } |
|
| 134 |
- if err := d.setKeys(keys); err != nil {
|
|
| 135 |
- log.G(context.TODO()).Warn(err) |
|
| 124 |
+ return fmt.Errorf("invalid encryption key notification data type: %T", data)
|
|
| 136 | 125 |
} |
| 126 |
+ return d.setKeys(context.TODO(), encrData) |
|
| 137 | 127 |
case discoverapi.EncryptionKeysUpdate: |
| 138 |
- var newKey, delKey, priKey *key |
|
| 139 | 128 |
encrData, ok := data.(discoverapi.DriverEncryptionUpdate) |
| 140 | 129 |
if !ok {
|
| 141 |
- return errors.New("invalid encryption key notification data")
|
|
| 142 |
- } |
|
| 143 |
- if encrData.Key != nil {
|
|
| 144 |
- newKey = &key{
|
|
| 145 |
- value: encrData.Key, |
|
| 146 |
- tag: uint32(encrData.Tag), |
|
| 147 |
- } |
|
| 148 |
- } |
|
| 149 |
- if encrData.Primary != nil {
|
|
| 150 |
- priKey = &key{
|
|
| 151 |
- value: encrData.Primary, |
|
| 152 |
- tag: uint32(encrData.PrimaryTag), |
|
| 153 |
- } |
|
| 154 |
- } |
|
| 155 |
- if encrData.Prune != nil {
|
|
| 156 |
- delKey = &key{
|
|
| 157 |
- value: encrData.Prune, |
|
| 158 |
- tag: uint32(encrData.PruneTag), |
|
| 159 |
- } |
|
| 160 |
- } |
|
| 161 |
- if err := d.updateKeys(newKey, priKey, delKey); err != nil {
|
|
| 162 |
- return err |
|
| 130 |
+ return fmt.Errorf("invalid encryption key notification data type: %T", data)
|
|
| 163 | 131 |
} |
| 132 |
+ return d.updateKeys(context.TODO(), encrData) |
|
| 164 | 133 |
default: |
| 134 |
+ return nil |
|
| 165 | 135 |
} |
| 166 |
- return nil |
|
| 167 | 136 |
} |
| 168 | 137 |
|
| 169 | 138 |
// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster |