func()

in npm/pkg/dataplane/ipsets/ipsetmanager_windows.go [55:136]

• 62 lines of code
• 20 McCabe index (conditional complexity)

func (iMgr *IPSetManager) GetIPsFromSelectorIPSets(setList map[string]struct{}) (map[string]string, error) {
	ips := make(map[string]string)
	if len(setList) == 0 {
		return ips, nil
	}
	iMgr.Lock()
	defer iMgr.Unlock()

	if err := iMgr.validateSelectorIPSets(setList); err != nil {
		return nil, err
	}

	// the following is a space/time optimized way to get the intersection of IPs from the selector sets
	// we should always take the hash set branch because a pod selector always includes a namespace ipset,
	// which is a hash set, and we favor hash sets for firstSet
	var firstSet *IPSet
	for setName := range setList {
		firstSet = iMgr.setMap[setName]
		if firstSet.Kind == HashSet {
			// firstSet can be any set, but ideally is a hash set for efficiency (compare the branch for hash sets to the one for lists below)
			break
		}
	}
	if firstSet.Kind == HashSet {
		// include every IP in firstSet that is also affiliated with every other selector set
		for ip, podKey := range firstSet.IPPodKey {
			isAffiliated := true
			for otherSetName := range setList {
				if otherSetName == firstSet.Name {
					continue
				}
				otherSet := iMgr.setMap[otherSetName]
				if !otherSet.isIPAffiliated(ip, podKey) {
					isAffiliated = false
					break
				}
			}

			if isAffiliated {
				ips[ip] = podKey
			}
		}
	} else {
		// should never reach this branch (see note above)
		// include every IP affiliated with firstSet that is also affiliated with every other selector set
		// identical to the hash set case, except we have to make space for all IPs affiliated with firstSet

		// only loop over the unique affiliated IPs
		for _, memberSet := range firstSet.MemberIPSets {
			for ip, podKey := range memberSet.IPPodKey {
				if oldKey, ok := ips[ip]; ok && oldKey != podKey {
					// this could lead to unintentionally considering this Pod (Pod B) to be part of the selector set if:
					// 1. Pod B has the same IP as a previous Pod A
					// 2. Pod B create is somehow processed before Pod A delete
					// 3. This method is called before Pod A delete
					// again, this
					klog.Warningf("[GetIPsFromSelectorIPSets] IP currently associated with two different pod keys. to ensure no issues occur with network policies, restart this ip: %s", ip)
				}
				ips[ip] = podKey
			}
		}
		for ip, podKey := range ips {
			// identical to the hash set case
			isAffiliated := true
			for otherSetName := range setList {
				if otherSetName == firstSet.Name {
					continue
				}
				otherSet := iMgr.setMap[otherSetName]
				if !otherSet.isIPAffiliated(ip, podKey) {
					isAffiliated = false
					break
				}
			}

			if !isAffiliated {
				delete(ips, ip)
			}
		}
	}
	return ips, nil
}