Skip to content

Commit

Permalink
debug: Assert policy destruction happens in the main thread
Browse files Browse the repository at this point in the history
Signed-off-by: Jarno Rajahalme <[email protected]>
  • Loading branch information
jrajahalme committed Nov 22, 2024
1 parent 0173712 commit 07d4662
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 4 deletions.
12 changes: 12 additions & 0 deletions cilium/network_policy.cc
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ class HeaderMatch : public Logger::Loggable<Logger::Id::config> {
HeaderMatch(const NetworkPolicyMap& parent, const cilium::HeaderMatch& config)
: name_(config.name()), value_(config.value()), match_action_(config.match_action()),
mismatch_action_(config.mismatch_action()) {
ASSERT_IS_MAIN_OR_TEST_THREAD();
if (config.value_sds_secret().length() > 0)
secret_ = std::make_unique<SecretWatcher>(parent, config.value_sds_secret());
}
Expand Down Expand Up @@ -606,6 +607,17 @@ class PortNetworkPolicyRules : public Logger::Loggable<Logger::Id::config> {
}
}

~PortNetworkPolicyRules() {
if (!Thread::MainThread::isMainOrTestThread()) {
ENVOY_LOG_TO_LOGGER(Envoy::Logger::Registry::getLog(Envoy::Logger::Id::envoy_bug), error,
"envoy bug failure: !Thread::MainThread::isMainOrTestThread()");
Envoy::Assert::EnvoyBugStackTrace st;
st.capture();
st.logStackTrace();
::abort();
}
}

bool allowed(uint32_t remote_id, Envoy::Http::RequestHeaderMap& headers,
Cilium::AccessLog::Entry& log_entry, bool& denied) const {
// Empty set matches any payload from anyone
Expand Down
4 changes: 3 additions & 1 deletion cilium/network_policy.h
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,9 @@ class IPAddressPair {

class PolicyInstance {
public:
virtual ~PolicyInstance() = default;
virtual ~PolicyInstance() {
ASSERT_IS_MAIN_OR_TEST_THREAD();
};

virtual bool allowed(bool ingress, uint32_t remote_id, uint16_t port,
Envoy::Http::RequestHeaderMap& headers,
Expand Down
9 changes: 7 additions & 2 deletions cilium/secret_watcher.cc
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,14 @@ void resetSDSConfigFunc() { getSDSConfig = &getCiliumSDSConfig; }
SecretWatcher::SecretWatcher(const NetworkPolicyMap& parent, const std::string& sds_name)
: parent_(parent), name_(sds_name),
secret_provider_(secretProvider(parent.transportFactoryContext(), sds_name)),
update_secret_(readAndWatchSecret()) {}
update_secret_(readAndWatchSecret()) {
ASSERT_IS_MAIN_OR_TEST_THREAD();
}

SecretWatcher::~SecretWatcher() { delete load(); }
SecretWatcher::~SecretWatcher() {
ASSERT_IS_MAIN_OR_TEST_THREAD();
delete load();
}

Envoy::Common::CallbackHandlePtr SecretWatcher::readAndWatchSecret() {
THROW_IF_NOT_OK(store());
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/cilium/proxy

go 1.23
go 1.23.0

require (
github.com/census-instrumentation/opencensus-proto v0.4.1
Expand Down

0 comments on commit 07d4662

Please sign in to comment.