-
Notifications
You must be signed in to change notification settings - Fork 412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add event enable/disable #3466
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,47 +10,129 @@ import ( | |
// policyManager is a thread-safe struct that manages the enabled policies for each rule | ||
type policyManager struct { | ||
mutex sync.Mutex | ||
rules map[events.ID]uint64 | ||
rules map[events.ID]*eventState | ||
} | ||
|
||
// eventState is a struct that holds the state of a given event | ||
type eventState struct { | ||
policyMask uint64 | ||
enabled bool | ||
} | ||
|
||
func newPolicyManager() *policyManager { | ||
return &policyManager{ | ||
mutex: sync.Mutex{}, | ||
rules: make(map[events.ID]uint64), | ||
rules: make(map[events.ID]*eventState), | ||
} | ||
} | ||
|
||
// IsEnabled tests if a event, or a policy per event is enabled (in the future it will also check if a policy is enabled) | ||
// TODO: add metrics about an event being enabled/disabled, or a policy being enabled/disabled? | ||
func (pm *policyManager) IsEnabled(matchedPolicies uint64, ruleId events.ID) bool { | ||
pm.mutex.Lock() | ||
defer pm.mutex.Unlock() | ||
|
||
if !pm.isEventEnabled(ruleId) { | ||
return false | ||
} | ||
|
||
return pm.isRuleEnabled(matchedPolicies, ruleId) | ||
} | ||
|
||
// IsRuleEnabled returns true if a given event policy is enabled for a given rule | ||
func (pm *policyManager) IsRuleEnabled(matchedPolicies uint64, ruleId events.ID) bool { | ||
pm.mutex.Lock() | ||
defer pm.mutex.Unlock() | ||
|
||
policyMask, ok := pm.rules[ruleId] | ||
return pm.isRuleEnabled(matchedPolicies, ruleId) | ||
} | ||
|
||
// not synchronized, use IsRuleEnabled instead | ||
func (pm *policyManager) isRuleEnabled(matchedPolicies uint64, ruleId events.ID) bool { | ||
geyslan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
state, ok := pm.rules[ruleId] | ||
if !ok { | ||
return false | ||
} | ||
|
||
return state.policyMask&matchedPolicies != 0 | ||
} | ||
|
||
// IsEventEnabled returns true if a given event policy is enabled for a given rule | ||
func (pm *policyManager) IsEventEnabled(evenId events.ID) bool { | ||
pm.mutex.Lock() | ||
defer pm.mutex.Unlock() | ||
|
||
return pm.isEventEnabled(evenId) | ||
} | ||
|
||
// not synchronized, use IsEventEnabled instead | ||
func (pm *policyManager) isEventEnabled(evenId events.ID) bool { | ||
state, ok := pm.rules[evenId] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm using ruleId where in the future it is a rule, although now it is type events.ID and I'm using eventId where it is an event, rule depends on passing policy information, event doesn't |
||
if !ok { | ||
return false | ||
} | ||
|
||
return policyMask&matchedPolicies != 0 | ||
return state.enabled | ||
} | ||
|
||
// EnableRule enables a rule for a given event policy | ||
func (pm *policyManager) EnableRule(policyId int, ruleId events.ID) { | ||
pm.mutex.Lock() | ||
defer pm.mutex.Unlock() | ||
|
||
policyMask := pm.rules[ruleId] | ||
utils.SetBit(&policyMask, uint(policyId)) | ||
state, ok := pm.rules[ruleId] | ||
if !ok { | ||
// if you enabling/disabling a rule for an event that | ||
// was not enabled/disabled yet, we assume the event should be enabled | ||
state = &eventState{enabled: true} | ||
} | ||
|
||
utils.SetBit(&state.policyMask, uint(policyId)) | ||
|
||
pm.rules[ruleId] = policyMask | ||
pm.rules[ruleId] = state | ||
} | ||
|
||
// DisableRule disables a rule for a given event policy | ||
func (pm *policyManager) DisableRule(policyId int, ruleId events.ID) { | ||
pm.mutex.Lock() | ||
defer pm.mutex.Unlock() | ||
|
||
policyMask := pm.rules[ruleId] | ||
utils.ClearBit(&policyMask, uint(policyId)) | ||
state, ok := pm.rules[ruleId] | ||
if !ok { | ||
// if you enabling/disabling a rule for an event that | ||
// was not enabled/disabled yet, we assume the event should be enabled | ||
state = &eventState{enabled: true} | ||
} | ||
|
||
utils.ClearBit(&state.policyMask, uint(policyId)) | ||
|
||
pm.rules[ruleId] = state | ||
} | ||
|
||
// EnableEvent enables a given event | ||
func (pm *policyManager) EnableEvent(eventId events.ID) { | ||
pm.mutex.Lock() | ||
defer pm.mutex.Unlock() | ||
|
||
state, ok := pm.rules[eventId] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So how will this code look like in the future when we will have rule ids different than event id? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Probably, but it is an internal structure we should be able to refactor it without affecting anything that is consuming it. Right? It is encapsulated. |
||
if !ok { | ||
pm.rules[eventId] = &eventState{enabled: true} | ||
return | ||
} | ||
|
||
state.enabled = true | ||
} | ||
|
||
// DisableEvent disables a given event | ||
func (pm *policyManager) DisableEvent(eventId events.ID) { | ||
pm.mutex.Lock() | ||
defer pm.mutex.Unlock() | ||
|
||
state, ok := pm.rules[eventId] | ||
if !ok { | ||
pm.rules[eventId] = &eventState{enabled: false} | ||
return | ||
} | ||
|
||
pm.rules[ruleId] = policyMask | ||
state.enabled = false | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should it be
ruleId
or eventId then?Should it be
isRuleEnabled
orisEventEnabled
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm using
ruleId
where in the future it is a rule, although now it is typeevents.ID
and I'm usingeventId
where it is an event, rule depends on passing policy information, event doesn'tAnd we have both concepts, Rules can be enabled/disabled, and Events can be enabled/disable, so we are exposing synchronized methods to deal with it (specially good to test both concepts), but in the pipeline we want to do a single test, get the mutex only one time, so we use
IsEnabled
which in the future should also cover the case of Policies enabled/disabled