Grcov report - secret

1

#pragma once

2

3

#include <atomic>

4

#include <memory>

5

#include <string>

6

#include <vector>

7

8

#include "envoy/common/callback.h"

9

#include "envoy/config/core/v3/config_source.pb.h"

10

#include "envoy/secret/secret_provider.h"

11

#include "envoy/ssl/context.h"

12

#include "envoy/ssl/context_config.h"

13

#include "envoy/ssl/context_manager.h"

14

#include "envoy/stats/scope.h"

15

16

#include "source/common/common/logger.h"

17

#include "source/common/init/target_impl.h"

18

19

#include "absl/base/thread_annotations.h"

20

#include "absl/status/status.h"

21

#include "absl/synchronization/mutex.h"

22

#include "cilium/api/npds.pb.h"

23

#include "cilium/network_policy.h"

24

25

namespace Envoy {

26

namespace Cilium {

27

28

// Facility for SDS config override for testing

29

using GetSdsConfigFunc = envoy::config::core::v3::ConfigSource (*)(const std::string&);

30

extern GetSdsConfigFunc getSDSConfig;

31

void setSDSConfigFunc(GetSdsConfigFunc);

32

void resetSDSConfigFunc();

33

34

class SecretWatcher : public Logger::Loggable<Logger::Id::config> {

35

public:

36

  SecretWatcher(const NetworkPolicyMapImpl& parent, const std::string& sds_name);

37

  ~SecretWatcher();

38

39

78

  const std::string& name() const { return name_; }

40

18

  const std::string* value() const { return load(); }

41

42

private:

43

  Envoy::Common::CallbackHandlePtr readAndWatchSecret();

44

  absl::Status store();

45

  const std::string* load() const;

46

47

  const NetworkPolicyMapImpl& parent_;

48

  const std::string name_;

49

  std::atomic<std::string*> ptr_{nullptr};

50

  Secret::GenericSecretConfigProviderSharedPtr secret_provider_;

51

  Envoy::Common::CallbackHandlePtr update_secret_;

52

};

53

using SecretWatcherPtr = std::unique_ptr<SecretWatcher>;

54

55

// private base class for the common bits

56

class TLSContext : public Logger::Loggable<Logger::Id::config> {

57

public:

58

  TLSContext() = delete;

59

60

protected:

61

  TLSContext(const NetworkPolicyMapImpl& parent, const std::string& name);

62

63

  Envoy::Ssl::ContextManager& manager_;

64

  Stats::Scope& scope_;

65

  Init::TargetImpl init_target_;

66

  absl::Mutex ssl_context_mutex_;

67

};

68

69

class DownstreamTLSContext : protected TLSContext {

70

public:

71

  DownstreamTLSContext(const NetworkPolicyMapImpl& parent, const cilium::TLSContext config);

72

21

  ~DownstreamTLSContext() { manager_.removeContext(server_context_); }

73

74

14

  const Ssl::ContextConfig& getTlsContextConfig() const { return *server_config_; }

75

76

14

  Ssl::ContextSharedPtr getTlsContext() const {

77

14

    absl::ReaderMutexLock l(&const_cast<DownstreamTLSContext*>(this)->ssl_context_mutex_);

78

14

    return server_context_;

79

14

80

81

private:

82

  Ssl::ServerContextConfigPtr server_config_;

83

  std::vector<std::string> server_names_;

84

  Ssl::ServerContextSharedPtr server_context_ ABSL_GUARDED_BY(ssl_context_mutex_){};

85

};

86

using DownstreamTLSContextPtr = std::unique_ptr<DownstreamTLSContext>;

87

88

class UpstreamTLSContext : protected TLSContext {

89

public:

90

  UpstreamTLSContext(const NetworkPolicyMapImpl& parent, cilium::TLSContext config);

91

21

  ~UpstreamTLSContext() { manager_.removeContext(client_context_); }

92

93

21

  const Ssl::ContextConfig& getTlsContextConfig() const { return *client_config_; }

94

21

  Ssl::ContextSharedPtr getTlsContext() const {

95

21

    absl::ReaderMutexLock l(&const_cast<UpstreamTLSContext*>(this)->ssl_context_mutex_);

96

21

    return client_context_;

97

21

98

99

private:

100

  Ssl::ClientContextConfigPtr client_config_;

101

  Ssl::ClientContextSharedPtr client_context_ ABSL_GUARDED_BY(ssl_context_mutex_){};

102

};

103

using UpstreamTLSContextPtr = std::unique_ptr<UpstreamTLSContext>;

104

105

} // namespace Cilium

106

} // namespace Envoy