chore: hide type from the public API

Policies -> policies
rscampos · Jul 4, 2024 · 58fd97e · 58fd97e
1 parent 39cc264
commit 58fd97e
Show file tree

Hide file tree

Showing 9 changed files with 129 additions and 138 deletions.
diff --git a/pkg/policy/ebpf.go b/pkg/policy/ebpf.go
@@ -112,7 +112,7 @@ func updateOuterMap(m *bpf.Module, mapName string, mapVersion uint16, innerMap *
 }
 
 // createNewFilterMapsVersion creates a new version of the filter maps.
-func (ps *Policies) createNewFilterMapsVersion(bpfModule *bpf.Module) error {
+func (ps *policies) createNewFilterMapsVersion(bpfModule *bpf.Module) error {
 	mapsNames := map[string]string{ // inner map name: outer map name
 		UIDFilterMap:         UIDFilterMapVersion,
 		PIDFilterMap:         PIDFilterMapVersion,
@@ -125,7 +125,7 @@ func (ps *Policies) createNewFilterMapsVersion(bpfModule *bpf.Module) error {
 		BinaryFilterMap:      BinaryFilterMapVersion,
 	}
 
-	polsVersion := ps.Version()
+	polsVersion := ps.version()
 	for innerMapName, outerMapName := range mapsNames {
 		// TODO: This only spawns new inner filter maps. Their termination must
 		// be tackled by the versioning mechanism.
@@ -156,12 +156,12 @@ func (ps *Policies) createNewFilterMapsVersion(bpfModule *bpf.Module) error {
 }
 
 // createNewEventsMapVersion creates a new version of the events map.
-func (ps *Policies) createNewEventsMapVersion(
+func (ps *policies) createNewEventsMapVersion(
 	bpfModule *bpf.Module,
 	eventsState map[events.ID]events.EventState,
 	eventsParams map[events.ID][]bufferdecoder.ArgType,
 ) error {
-	polsVersion := ps.Version()
+	polsVersion := ps.version()
 	innerMapName := "events_map"
 	outerMapName := "events_map_version"
 
@@ -203,7 +203,7 @@ func (ps *Policies) createNewEventsMapVersion(
 }
 
 // updateUIntFilterBPF updates the BPF maps for the given uint equalities.
-func (ps *Policies) updateUIntFilterBPF(uintEqualities map[uint64]equality, innerMapName string) error {
+func (ps *policies) updateUIntFilterBPF(uintEqualities map[uint64]equality, innerMapName string) error {
 	// UInt equalities
 	// 1. uid_filter        u32, eq_t
 	// 2. pid_filter        u32, eq_t
@@ -238,7 +238,7 @@ const (
 )
 
 // updateStringFilterBPF updates the BPF maps for the given string equalities.
-func (ps *Policies) updateStringFilterBPF(strEqualities map[string]equality, innerMapName string) error {
+func (ps *policies) updateStringFilterBPF(strEqualities map[string]equality, innerMapName string) error {
 	// String equalities
 	// 1. uts_ns_filter  string_filter_t, eq_t
 	// 2. comm_filter    string_filter_t, eq_t
@@ -267,7 +267,7 @@ func (ps *Policies) updateStringFilterBPF(strEqualities map[string]equality, inn
 }
 
 // updateProcTreeFilterBPF updates the BPF maps for the given process tree equalities.
-func (ps *Policies) updateProcTreeFilterBPF(procTreeEqualities map[uint32]equality, innerMapName string) error {
+func (ps *policies) updateProcTreeFilterBPF(procTreeEqualities map[uint32]equality, innerMapName string) error {
 	// ProcessTree equality
 	// 1. process_tree_filter  u32, eq_t
 
@@ -361,7 +361,7 @@ const (
 )
 
 // updateBinaryFilterBPF updates the BPF maps for the given binary equalities.
-func (ps *Policies) updateBinaryFilterBPF(binEqualities map[filters.NSBinary]equality, innerMapName string) error {
+func (ps *policies) updateBinaryFilterBPF(binEqualities map[filters.NSBinary]equality, innerMapName string) error {
 	// BinaryNS equality
 	// 1. binary_filter  binary_t, eq_t
 
@@ -444,10 +444,10 @@ func populateProcInfoMap(bpfModule *bpf.Module, binEqualities map[filters.NSBina
 	return nil
 }
 
-// UpdateBPF updates the BPF maps with the policies filters.
+// updateBPF updates the BPF maps with the policies filters.
 // createNewMaps indicates whether new maps should be created or not.
 // updateProcTree indicates whether the process tree map should be updated or not.
-func (ps *Policies) UpdateBPF(
+func (ps *policies) updateBPF(
 	bpfModule *bpf.Module,
 	cts *containers.Containers,
 	eventsState map[events.ID]events.EventState,
@@ -553,8 +553,8 @@ func (ps *Policies) UpdateBPF(
 }
 
 // createNewPoliciesConfigMap creates a new version of the policies config map
-func (ps *Policies) createNewPoliciesConfigMap(bpfModule *bpf.Module) error {
-	version := ps.Version()
+func (ps *policies) createNewPoliciesConfigMap(bpfModule *bpf.Module) error {
+	version := ps.version()
 	newInnerMap, err := createNewInnerMap(bpfModule, PoliciesConfigMap, version)
 	if err != nil {
 		return errfmt.WrapError(err)
@@ -623,7 +623,7 @@ func (pc *PoliciesConfig) UpdateBPF(bpfConfigMap *bpf.BPFMapLow) error {
 }
 
 // computePoliciesConfig computes the policies config from the policies.
-func (ps *Policies) computePoliciesConfig() *PoliciesConfig {
+func (ps *policies) computePoliciesConfig() *PoliciesConfig {
 	cfg := &PoliciesConfig{}
 
 	for _, p := range ps.allFromMap() {

diff --git a/pkg/policy/equality.go b/pkg/policy/equality.go
@@ -88,7 +88,7 @@ func updateEqualities[T comparable](
 
 // computeFilterEqualities computes the equalities for each filter type in the policies
 // updating the provided filtersEqualities struct.
-func (ps *Policies) computeFilterEqualities(
+func (ps *policies) computeFilterEqualities(
 	fEqs *filtersEqualities,
 	cts *containers.Containers,
 ) error {
@@ -161,7 +161,7 @@ func (ps *Policies) computeFilterEqualities(
 
 // computeProcTreeEqualities computes the equalities for the process tree filter
 // in the policies updating the provided eqs map.
-func (ps *Policies) computeProcTreeEqualities(eqs map[uint32]equality) {
+func (ps *policies) computeProcTreeEqualities(eqs map[uint32]equality) {
 	for _, p := range ps.allFromMap() {
 		policyID := uint(p.ID)
 

diff --git a/pkg/policy/policies.go b/pkg/policy/policies.go
@@ -22,10 +22,9 @@ var AlwaysSubmit = events.EventState{
 	Submit: PolicyAll,
 }
 
-type Policies struct {
+type policies struct {
 	rwmu sync.RWMutex
 
-	version           uint16                    // updated on snapshot store
 	bpfInnerMaps      map[string]*bpf.BPFMapLow // BPF inner maps
 	policiesArray     [PolicyMax]*Policy        // underlying policies array for fast access of empty slots
 	policiesMapByID   map[int]*Policy           // all policies map by ID
@@ -45,10 +44,9 @@ type Policies struct {
 	containerFiltersEnabled uint64 // bitmap of policies that have at least one container filter type enabled
 }
 
-func NewPolicies() *Policies {
-	return &Policies{
+func NewPolicies() *policies {
+	return &policies{
 		rwmu:                    sync.RWMutex{},
-		version:                 0,
 		bpfInnerMaps:            map[string]*bpf.BPFMapLow{},
 		policiesArray:           [PolicyMax]*Policy{},
 		policiesMapByID:         map[int]*Policy{},
@@ -67,43 +65,36 @@ func NewPolicies() *Policies {
 }
 
 // Compile-time check to ensure that Policies implements the Cloner interface
-var _ utils.Cloner[*Policies] = &Policies{}
+var _ utils.Cloner[*policies] = &policies{}
 
-func (ps *Policies) count() int {
+func (ps *policies) count() int {
 	return len(ps.policiesMapByID)
 }
 
-func (ps *Policies) Count() int {
-	ps.rwmu.RLock()
-	defer ps.rwmu.RUnlock()
-
-	return ps.count()
-}
-
-// Deprecated: Version returns the version of the Policies.
+// Deprecated: version returns the version of the Policies.
 // Will be removed soon.
-func (ps *Policies) Version() uint16 {
+func (ps *policies) version() uint16 {
 	return 1 // version will be removed soon
 }
 
-// WithContainerFilterEnabled returns a bitmap of policies that have at least one container filter type enabled.
-func (ps *Policies) WithContainerFilterEnabled() uint64 {
+// withContainerFilterEnabled returns a bitmap of policies that have at least one container filter type enabled.
+func (ps *policies) withContainerFilterEnabled() uint64 {
 	return ps.containerFiltersEnabled
 }
 
-// ContainerFilterEnabled returns true if at least one policy has a container filter type enabled.
-func (ps *Policies) ContainerFilterEnabled() bool {
-	return ps.WithContainerFilterEnabled() > 0
+// containerFilterEnabled returns true if at least one policy has a container filter type enabled.
+func (ps *policies) containerFilterEnabled() bool {
+	return ps.withContainerFilterEnabled() > 0
 }
 
-// FilterableInUserland returns a bitmap of policies that must be filtered in userland
+// filterInUserland returns a bitmap of policies that must be filtered in userland
 // (ArgFilter, RetFilter, ScopeFilter, UIDFilter and PIDFilter).
-func (ps *Policies) FilterableInUserland() uint64 {
+func (ps *policies) filterInUserland() uint64 {
 	return atomic.LoadUint64(&ps.filterableInUserland)
 }
 
-// set sets a policy at the given ID (index).
-func (ps *Policies) set(id int, p *Policy) error {
+// set sets a policy in the policies, given an ID.
+func set(ps *policies, id int, p *Policy) error {
 	p.ID = id
 	ps.policiesArray[id] = p
 	ps.policiesMapByID[id] = p
@@ -115,9 +106,9 @@ func (ps *Policies) set(id int, p *Policy) error {
 	return nil
 }
 
-// Add adds a policy.
+// add adds a policy.
 // The policy ID (index) is automatically assigned to the first empty slot.
-func (ps *Policies) Add(p *Policy) error {
+func (ps *policies) add(p *Policy) error {
 	ps.rwmu.Lock()
 	defer ps.rwmu.Unlock()
 
@@ -134,17 +125,17 @@ func (ps *Policies) Add(p *Policy) error {
 	// search for the first empty slot
 	for id, slot := range ps.allFromArray() {
 		if slot == nil {
-			return ps.set(id, p)
+			return set(ps, id, p)
 		}
 	}
 
 	return nil
 }
 
-// Set sets a policy.
+// set sets a policy.
 // A policy overwrite is allowed only if the policy that is going to be overwritten
 // has the same ID and name.
-func (ps *Policies) Set(p *Policy) error {
+func (ps *policies) set(p *Policy) error {
 	ps.rwmu.Lock()
 	defer ps.rwmu.Unlock()
 
@@ -162,11 +153,11 @@ func (ps *Policies) Set(p *Policy) error {
 		return PolicyAlreadyExistsError(existing.Name, existing.ID)
 	}
 
-	return ps.set(id, p)
+	return set(ps, id, p)
 }
 
-// Remove removes a policy by name.
-func (ps *Policies) Remove(name string) error {
+// remove removes a policy by name.
+func (ps *policies) remove(name string) error {
 	ps.rwmu.Lock()
 	defer ps.rwmu.Unlock()
 
@@ -186,8 +177,8 @@ func (ps *Policies) Remove(name string) error {
 	return nil
 }
 
-// LookupById returns a policy by ID.
-func (ps *Policies) LookupById(id int) (*Policy, error) {
+// lookupById returns a policy by ID.
+func (ps *policies) lookupById(id int) (*Policy, error) {
 	if !isIDInRange(id) {
 		return nil, PoliciesOutOfRangeError(id)
 	}
@@ -202,8 +193,8 @@ func (ps *Policies) LookupById(id int) (*Policy, error) {
 	return p, nil
 }
 
-// LookupByName returns a policy by name.
-func (ps *Policies) LookupByName(name string) (*Policy, error) {
+// lookupByName returns a policy by name.
+func (ps *policies) lookupByName(name string) (*Policy, error) {
 	ps.rwmu.RLock()
 	defer ps.rwmu.RUnlock()
 
@@ -214,9 +205,9 @@ func (ps *Policies) LookupByName(name string) (*Policy, error) {
 	return nil, PolicyNotFoundByNameError(name)
 }
 
-// MatchedNames returns a list of matched policies names based on
+// matchedNames returns a list of matched policies names based on
 // the given matched bitmap.
-func (ps *Policies) MatchedNames(matched uint64) []string {
+func (ps *policies) matchedNames(matched uint64) []string {
 	ps.rwmu.RLock()
 	defer ps.rwmu.RUnlock()
 
@@ -231,8 +222,24 @@ func (ps *Policies) MatchedNames(matched uint64) []string {
 	return names
 }
 
+// allFromMap returns a map of allFromMap policies by ID.
+// When iterating, the order is not guaranteed.
+func (ps *policies) allFromMap() map[int]*Policy {
+	return ps.policiesMapByID
+}
+
+// allFromArray returns an slice of the underlying policies array.
+// When iterating, the order is guaranteed.
+func (ps *policies) allFromArray() []*Policy {
+	return ps.policiesArray[:]
+}
+
+func isIDInRange(id int) bool {
+	return id >= 0 && id < PolicyMax
+}
+
 // Clone returns a deep copy of Policies.
-func (ps *Policies) Clone() *Policies {
+func (ps *policies) Clone() *policies {
 	if ps == nil {
 		return nil
 	}
@@ -246,27 +253,11 @@ func (ps *Policies) Clone() *Policies {
 		if p == nil {
 			continue
 		}
-		if err := nPols.Set(p.Clone()); err != nil {
+		if err := nPols.set(p.Clone()); err != nil {
 			logger.Errorw("Cloning policy %s: %v", p.Name, err)
 			return nil
 		}
 	}
 
 	return nPols
 }
-
-// allFromMap returns a map of allFromMap policies by ID.
-// When iterating, the order is not guaranteed.
-func (ps *Policies) allFromMap() map[int]*Policy {
-	return ps.policiesMapByID
-}
-
-// allFromArray returns an slice of the underlying policies array.
-// When iterating, the order is guaranteed.
-func (ps *Policies) allFromArray() []*Policy {
-	return ps.policiesArray[:]
-}
-
-func isIDInRange(id int) bool {
-	return id >= 0 && id < PolicyMax
-}
diff --git a/pkg/policy/policies_compute.go b/pkg/policy/policies_compute.go
@@ -9,7 +9,7 @@ import (
 // and sets the related bitmap that is used to prevent the iteration of the entire map.
 //
 // It must be called at every runtime policies changes.
-func (ps *Policies) compute() {
+func (ps *policies) compute() {
 	ps.calculateGlobalMinMax()
 	ps.updateContainerFilterEnabled()
 	ps.updateUserlandPolicies()
@@ -23,7 +23,7 @@ func (ps *Policies) compute() {
 //
 // The scope filter types relevant for this function are just UIDFilter and
 // PIDFilter.
-func (ps *Policies) calculateGlobalMinMax() {
+func (ps *policies) calculateGlobalMinMax() {
 	var (
 		uidMinFilterCount int
 		uidMaxFilterCount int
@@ -106,7 +106,7 @@ func (ps *Policies) calculateGlobalMinMax() {
 	}
 }
 
-func (ps *Policies) updateContainerFilterEnabled() {
+func (ps *policies) updateContainerFilterEnabled() {
 	ps.containerFiltersEnabled = 0
 
 	for _, p := range ps.allFromMap() {
@@ -117,7 +117,7 @@ func (ps *Policies) updateContainerFilterEnabled() {
 }
 
 // updateUserlandPolicies sets the userlandPolicies list and the filterableInUserland bitmap.
-func (ps *Policies) updateUserlandPolicies() {
+func (ps *policies) updateUserlandPolicies() {
 	userlandList := []*Policy{}
 	ps.filterableInUserland = 0