Merge pull request #51496 from thaJeztah/discoverapi_cleanups

libnetwork: some minor refactor / cleanups

daemon/libnetwork/agent.go

@@ -109,7 +109,7 @@ func resolveAddr(addrOrInterface string) (net.IP, error) {
 	return addr.IP, nil
 }
 
-func (c *Controller) handleKeyChange(keys []*types.EncryptionKey) error {
+func (c *Controller) handleKeyChange(encryptionKeys []*types.EncryptionKey) error {
 	drvEnc := discoverapi.DriverEncryptionUpdate{}
 
 	agent := c.getAgent()
@@ -126,7 +126,7 @@ func (c *Controller) handleKeyChange(keys []*types.EncryptionKey) error {
 	j := len(c.keys)
 	for i := 0; i < j; {
 		same := false
-		for _, key := range keys {
+		for _, key := range encryptionKeys {
 			if same = key.LamportTime == c.keys[i].LamportTime; same {
 				break
 			}
@@ -150,7 +150,7 @@ func (c *Controller) handleKeyChange(keys []*types.EncryptionKey) error {
 	c.keys = c.keys[:j]
 
 	// Find the new key and add it to the key ring
-	for _, key := range keys {
+	for _, key := range encryptionKeys {
 		same := false
 		for _, cKey := range c.keys {
 			if same = cKey.LamportTime == key.LamportTime; same {
@@ -198,16 +198,23 @@ func (c *Controller) handleKeyChange(keys []*types.EncryptionKey) error {
 			return false
 		}
 		if err := dr.DiscoverNew(discoverapi.EncryptionKeysUpdate, drvEnc); err != nil {
-			log.G(context.TODO()).Warnf("Failed to update datapath keys in driver %s: %v", name, err)
+			log.G(context.TODO()).WithFields(log.Fields{
+				"error":  err,
+				"driver": name,
+			}).Warn("Failed to update datapath keys; resetting datapath keys")
 			// Attempt to reconfigure keys in case of a update failure
 			// which can arise due to a mismatch of keys
 			// if worker nodes get temporarily disconnected
-			log.G(context.TODO()).Warnf("Reconfiguring datapath keys for  %s", name)
-			drvCfgEnc := discoverapi.DriverEncryptionConfig{}
-			drvCfgEnc.Keys, drvCfgEnc.Tags = c.getKeys(subsysIPSec)
-			err = dr.DiscoverNew(discoverapi.EncryptionKeysConfig, drvCfgEnc)
+			keys, tags := c.getKeys(subsysIPSec)
+			err = dr.DiscoverNew(discoverapi.EncryptionKeysConfig, discoverapi.DriverEncryptionConfig{
+				Keys: keys,
+				Tags: tags,
+			})
 			if err != nil {
-				log.G(context.TODO()).Warnf("Failed to reset datapath keys in driver %s: %v", name, err)
+				log.G(context.TODO()).WithFields(log.Fields{
+					"error":  err,
+					"driver": name,
+				}).Warn("Failed to reset datapath keys")
 			}
 		}
 		return false

daemon/libnetwork/drivers/overlay/encryption.go

@@ -16,6 +16,7 @@ import (
 	"syscall"
 
 	"github.com/containerd/log"
+	"github.com/moby/moby/v2/daemon/libnetwork/discoverapi"
 	"github.com/moby/moby/v2/daemon/libnetwork/drivers/overlay/overlayutils"
 	"github.com/moby/moby/v2/daemon/libnetwork/iptables"
 	"github.com/moby/moby/v2/daemon/libnetwork/ns"
@@ -449,7 +450,14 @@ func buildAeadAlgo(k *key, s int) *netlink.XfrmStateAlgo {
 	}
 }
 
-func (d *driver) setKeys(keys []*key) error {
+func (d *driver) setKeys(ctx context.Context, encrData discoverapi.DriverEncryptionConfig) error {
+	keys := make([]*key, 0, len(encrData.Keys))
+	for i := 0; i < len(encrData.Keys); i++ {
+		keys = append(keys, &key{
+			value: encrData.Keys[i],
+			tag:   uint32(encrData.Tags[i]),
+		})
+	}
 	d.encrMu.Lock()
 	defer d.encrMu.Unlock()
 
@@ -458,19 +466,47 @@ func (d *driver) setKeys(keys []*key) error {
 	// Accept the encryption keys and clear any stale encryption map
 	d.secMap = encrMap{}
 	d.keys = keys
-	log.G(context.TODO()).Debugf("Initial encryption keys: %v", keys)
+
+	log.G(ctx).WithFields(log.Fields{
+		"driver": "overlay",
+		"keys":   d.keys,
+	}).Debug("Set initial encryption keys")
 	return nil
 }
 
 // updateKeys allows to add a new key and/or change the primary key and/or prune an existing key
 // The primary key is the key used in transmission and will go in first position in the list.
-func (d *driver) updateKeys(newKey, primary, pruneKey *key) error {
+func (d *driver) updateKeys(ctx context.Context, encrData discoverapi.DriverEncryptionUpdate) error {
+	var newKey, primaryKey, pruneKey *key
+	if encrData.Key != nil {
+		newKey = &key{
+			value: encrData.Key,
+			tag:   uint32(encrData.Tag),
+		}
+	}
+	if encrData.Primary != nil {
+		primaryKey = &key{
+			value: encrData.Primary,
+			tag:   uint32(encrData.PrimaryTag),
+		}
+	}
+	if encrData.Prune != nil {
+		pruneKey = &key{
+			value: encrData.Prune,
+			tag:   uint32(encrData.PruneTag),
+		}
+	}
+
 	d.encrMu.Lock()
 	defer d.encrMu.Unlock()
 
-	log.G(context.TODO()).Debugf("Updating Keys. New: %v, Primary: %v, Pruned: %v", newKey, primary, pruneKey)
-
-	log.G(context.TODO()).Debugf("Current: %v", d.keys)
+	log.G(ctx).WithFields(log.Fields{
+		"driver":  "overlay",
+		"current": d.keys,
+		"new":     newKey,
+		"primary": primaryKey,
+		"prune":   pruneKey,
+	}).Debug("Updating encryption keys")
 
 	var (
 		newIdx = -1
@@ -486,7 +522,7 @@ func (d *driver) updateKeys(newKey, primary, pruneKey *key) error {
 		newIdx += len(d.keys)
 	}
 	for i, k := range d.keys {
-		if primary != nil && k.tag == primary.tag {
+		if primaryKey != nil && k.tag == primaryKey.tag {
 			priIdx = i
 		}
 		if pruneKey != nil && k.tag == pruneKey.tag {
@@ -495,7 +531,7 @@ func (d *driver) updateKeys(newKey, primary, pruneKey *key) error {
 	}
 
 	if (newKey != nil && newIdx == -1) ||
-		(primary != nil && priIdx == -1) ||
+		(primaryKey != nil && priIdx == -1) ||
 		(pruneKey != nil && delIdx == -1) {
 		return types.InvalidParameterErrorf("cannot find proper key indices while processing key update:"+
 			"(newIdx,priIdx,delIdx):(%d, %d, %d)", newIdx, priIdx, delIdx)
@@ -524,8 +560,10 @@ func (d *driver) updateKeys(newKey, primary, pruneKey *key) error {
 		d.keys = append(d.keys[:delIdx], d.keys[delIdx+1:]...)
 	}
 
-	log.G(context.TODO()).Debugf("Updated: %v", d.keys)
-
+	log.G(ctx).WithFields(log.Fields{
+		"driver": "overlay",
+		"keys":   d.keys,
+	}).Debug("Updated encryption keys")
 	return nil
 }
 

daemon/libnetwork/drivers/overlay/overlay.go

@@ -11,7 +11,6 @@ import (
 	"net/netip"
 	"sync"
 
-	"github.com/containerd/log"
 	"github.com/moby/moby/v2/daemon/libnetwork/discoverapi"
 	"github.com/moby/moby/v2/daemon/libnetwork/driverapi"
 	"github.com/moby/moby/v2/daemon/libnetwork/scope"
@@ -121,49 +120,18 @@ func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data any) error {
 	case discoverapi.EncryptionKeysConfig:
 		encrData, ok := data.(discoverapi.DriverEncryptionConfig)
 		if !ok {
-			return errors.New("invalid encryption key notification data")
-		}
-		keys := make([]*key, 0, len(encrData.Keys))
-		for i := 0; i < len(encrData.Keys); i++ {
-			k := &key{
-				value: encrData.Keys[i],
-				tag:   uint32(encrData.Tags[i]),
-			}
-			keys = append(keys, k)
-		}
-		if err := d.setKeys(keys); err != nil {
-			log.G(context.TODO()).Warn(err)
+			return fmt.Errorf("invalid encryption key notification data type: %T", data)
 		}
+		return d.setKeys(context.TODO(), encrData)
 	case discoverapi.EncryptionKeysUpdate:
-		var newKey, delKey, priKey *key
 		encrData, ok := data.(discoverapi.DriverEncryptionUpdate)
 		if !ok {
-			return errors.New("invalid encryption key notification data")
-		}
-		if encrData.Key != nil {
-			newKey = &key{
-				value: encrData.Key,
-				tag:   uint32(encrData.Tag),
-			}
-		}
-		if encrData.Primary != nil {
-			priKey = &key{
-				value: encrData.Primary,
-				tag:   uint32(encrData.PrimaryTag),
-			}
-		}
-		if encrData.Prune != nil {
-			delKey = &key{
-				value: encrData.Prune,
-				tag:   uint32(encrData.PruneTag),
-			}
-		}
-		if err := d.updateKeys(newKey, priKey, delKey); err != nil {
-			return err
+			return fmt.Errorf("invalid encryption key notification data type: %T", data)
 		}
+		return d.updateKeys(context.TODO(), encrData)
 	default:
+		return nil
 	}
-	return nil
 }
 
 // DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster