Skip to content

Address feedback for recent ExtraComputedSelector changes#12505

Open
nelljerram wants to merge 3 commits intoprojectcalico:masterfrom
nelljerram:computed-selector-keying
Open

Address feedback for recent ExtraComputedSelector changes#12505
nelljerram wants to merge 3 commits intoprojectcalico:masterfrom
nelljerram:computed-selector-keying

Conversation

@nelljerram
Copy link
Copy Markdown
Member

@nelljerram nelljerram commented Apr 16, 2026
edited
Loading

Address post-merge feedback on #12433 :

  • Revert the use of generics, as they didn't achieve anything clearly useful.
  • Improve the API for different callers using AddExtraComputedSelector, so that they each only see Matched and MatchStopped callbacks for the selectors that they themselves added.

@nelljerram
Revert generic usage for Add/RemoveExtraComputedSelector
c8786ab 
Generics didn't really do much here, except add a bit of complexity, given that `any` is considered
comparable anyway, for back-compatibility.
@nelljerram
Pass caller on to label index so that we get caller-scoped callbacks
e32f0a7
@nelljerram nelljerram requested a review from a team as a code owner April 16, 2026 15:04
Copilot AI review requested due to automatic review settings April 16, 2026 15:04
@marvin-tigera marvin-tigera added this to the Calico v3.33.0 milestone Apr 16, 2026
@marvin-tigera marvin-tigera added release-note-required Change has user-facing impact (no matter how small) docs-pr-required Change is not yet documented labels Apr 16, 2026
@nelljerram nelljerram marked this pull request as draft April 16, 2026 15:04
Copilot AI reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Felix’s ActiveRulesCalculator “extra computed selector” plumbing to carry a caller identifier through computed-selector match callbacks, and updates the main in-tree consumers/tests accordingly.

Changes:

  • Extend PolicyMatchListener computed-selector callbacks to include a caller parameter and update implementations (policy resolver, Istio calculator, live migration).
  • Convert AddExtraComputedSelector / RemoveExtraComputedSelector usage from package-level functions to ActiveRulesCalculator methods.
  • Update ARC unit tests to account for the new callback signature and multi-caller scenarios.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
felix/calc/active_rules_calculator.go Changes computed-selector listener API and reworks extra selector registration/removal logic.
felix/calc/active_rules_calculator_test.go Updates tests to use the new ARC methods and record caller in events.
felix/calc/live_migration_calculator.go Filters computed-selector callbacks by caller and switches to ARC method calls.
felix/calc/istio_calculator.go Switches to ARC method call and updates callback signatures.
felix/calc/policy_resolver.go Updates callback signatures (no-op implementations).

Comment thread felix/calc/active_rules_calculator.go
Comment on lines +311 to 315
arc.labelIndex.UpdateSelector(computedSelectorKey{
selector: cs,
caller: caller,
}, sel)
}
Copy link

Copilot AI Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using computedSelectorKey{selector: cs, caller: caller} as the selector ID means the same selector string will be evaluated separately for every caller (scanAllLabels/scanAllSelectors run per selector ID). If multiple components register the same selector, this will multiply selector evaluation work and increase memory usage. A shared selector ID plus a separate callers set would keep evaluation cost constant while still allowing per-caller callback attribution.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@nelljerram nelljerram Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but this is the same as the existing situation for policy selectors.

Comment thread felix/calc/active_rules_calculator.go
Comment thread felix/calc/active_rules_calculator.go Outdated
Comment on lines +302 to +306
// The underlying selector is added to the label index when the first caller registers it, and it
// is only removed after the last caller removes its registration. Callbacks for matches/stops
// matching continue to be delivered to all registered PolicyMatchListeners while the selector is
// present.
func AddExtraComputedSelector[T comparable](arc *ActiveRulesCalculator, cs string, caller T) {
callers := arc.computedSelectorCallers[cs]
if callers == nil {
callers = set.New[any]()
arc.computedSelectorCallers[cs] = callers
sel, err := selector.Parse(cs)
if err != nil {
log.WithError(err).Panicf("Failed to parse computed selector %#v", cs)
}
arc.labelIndex.UpdateSelector(computedSelector(cs), sel)
func (arc *ActiveRulesCalculator) AddExtraComputedSelector(cs string, caller any) {
Copy link

Copilot AI Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The docstring claims the underlying selector is added once (first caller) and only removed after the last caller unregisters, but the current implementation adds/removes a distinct selector ID per (cs, caller). That changes semantics (e.g. removing one caller will trigger match-stopped for that caller even if other callers still want the selector) and defeats the stated goal of sharing the expensive selector index. Consider restoring per-selector ref-counting (track callers per cs) and only UpdateSelector/DeleteSelector for the shared selector when transitioning 0->1 and 1->0 callers, while still passing caller through the callbacks.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@nelljerram nelljerram Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semantics and commenting here have now changed.

@nelljerram
Send Matched and MatchStopped callbacks only to the relevant listener
0524b8d 
In other words, to the listener that called AddExtraComputedSelector.

Then fix up all the UTs accordingly.
@nelljerram nelljerram added docs-not-required Docs not required for this change release-note-not-required Change has no user-facing impact and removed release-note-required Change has user-facing impact (no matter how small) docs-pr-required Change is not yet documented labels Apr 17, 2026
@nelljerram nelljerram marked this pull request as ready for review April 17, 2026 23:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

docs-not-required Docs not required for this change release-note-not-required Change has no user-facing impact

Projects

None yet

Milestone

Calico v3.33.0

Development

Successfully merging this pull request may close these issues.

3 participants

@nelljerram @marvin-tigera