-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* copying changes from branch diff_new_part1 * copying diff_new_part_2 * copy from diff_new_part_3 * handle disjoint ip-blocks grouping + update documentation (#198) Signed-off-by: adisos <[email protected]> * Diff with added/removed peers info (#202) * diff_test with k8s-ingress : -> new deployment (and its service) -> new ingress backend rule; ingress-controller connection to the new deployment -> new netpols -> to limit conns. between/from/to the "old" pods * diff with acs-security-demos: -> removed deployment payment/mastercard-processor -> blocked ingress conns to frontend/asset-cache -> added new port to backend/catalog (changed some conns to it) -> added new external/unicorn deployment (all UDP5353 conns automatically appeared) -> removed conns between two deployments (frontend/webapp to backend/shipping) * move formats to common * update connlistAnalyzer with diff flags * logger.info on diff/no-diff + keep output empty if no diff * revert changes to StopOnError * Diff code updates (#195) * move formats to common * update connlistAnalyzer with diff flags * logger.info on diff/no-diff + keep output empty if no diff * revert changes to StopOnError * Update pkg/netpol/common/outputFormats.go Co-authored-by: Adi Sosnovich <[email protected]> --------- Co-authored-by: Adi Sosnovich <[email protected]> * diff fatal errors examples - wrong format / fatal errors returned from ca * append connlistAnalyzer.Errors() to diff_errors * tests capturing connlist warnings * one more test * no tests with disjoint/group IP * fix after merge * moving ingress analyzer diffs to the end of the output * adding test descriptions * more diff with ingress objects tests * update output with info for connections with added/removed workloads * fixes * testing with and wo stopOnError * remove ingress-controller from added/removed info * update syntax * changing ConnlistAnalyzer interface, returning list of peersNames fom ConnlistFromDirPath * adding test with a peer exists in both dirs but appears only in dir2 conns * code simplifications * another code simplification * fixes * diff fatal errors examples (#196) * fixes * revert diff_test change * fix * comparing peerStirng with exact * fix * fix2 --------- Co-authored-by: Adi Sosnovich <[email protected]> * merge fix --------- Signed-off-by: adisos <[email protected]> Co-authored-by: shireenf-ibm <[email protected]> Co-authored-by: shireenf-ibm <[email protected]>
- Loading branch information
1 parent
84f9070
commit 23a7dcb
Showing
107 changed files
with
9,770 additions
and
2,515 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
// Copyright 2022 | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
package cmd | ||
|
||
import ( | ||
"errors" | ||
"fmt" | ||
"strings" | ||
|
||
"github.com/spf13/cobra" | ||
|
||
"github.com/np-guard/netpol-analyzer/pkg/netpol/common" | ||
|
||
"github.com/np-guard/netpol-analyzer/pkg/netpol/diff" | ||
) | ||
|
||
var ( | ||
dir1 string | ||
dir2 string | ||
outFormat string | ||
) | ||
|
||
func runDiffCommand() error { | ||
var connsDiff diff.ConnectivityDiff | ||
var err error | ||
|
||
diffAnalyzer := diff.NewDiffAnalyzer(diff.WithOutputFormat(outFormat)) | ||
|
||
connsDiff, err = diffAnalyzer.ConnDiffFromDirPaths(dir1, dir2) | ||
if err != nil { | ||
return err | ||
} | ||
out, err := diffAnalyzer.ConnectivityDiffToString(connsDiff) | ||
if err != nil { | ||
return err | ||
} | ||
fmt.Printf("%s", out) | ||
return nil | ||
} | ||
|
||
func newCommandDiff() *cobra.Command { | ||
c := &cobra.Command{ | ||
Use: "diff", | ||
Short: "Reports semantic-diff of allowed connectivity ", | ||
Long: `Reports all differences in allowed connections between two different directories of YAML manifests.`, | ||
Example: ` # Get list of different allowed connections between two resources dir paths | ||
k8snetpolicy diff --dir1 ./resources_dir/ --dir2 ./other_resources_dir/`, | ||
|
||
PersistentPreRunE: func(cmd *cobra.Command, args []string) error { | ||
if dirPath != "" { | ||
return errors.New("dirpath flag is not used with diff command") | ||
} | ||
if dir1 == "" || dir2 == "" { | ||
return errors.New("both directory paths dir1 and dir2 are required") | ||
} | ||
if err := diff.ValidateDiffOutputFormat(outFormat); err != nil { | ||
return err | ||
} | ||
return nil | ||
}, | ||
|
||
RunE: func(cmd *cobra.Command, args []string) error { | ||
if err := runDiffCommand(); err != nil { | ||
return err | ||
} | ||
return nil | ||
}, | ||
} | ||
|
||
// define any flags and configuration settings. | ||
c.Flags().StringVarP(&dir1, "dir1", "", "", "Original Resources path to be compared") | ||
c.Flags().StringVarP(&dir2, "dir2", "", "", "New Resources path to compare with original resources path") | ||
supportedDiffFormats := strings.Join(diff.ValidDiffFormats, ",") | ||
c.Flags().StringVarP(&outFormat, "output", "o", common.DefaultFormat, "Required output format ("+supportedDiffFormats+")") | ||
|
||
return c | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
pkg/netpol/eval/internal/k8s/ipBlock_test.go → pkg/netpol/common/ipBlock_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
package k8s | ||
package common | ||
|
||
import ( | ||
"fmt" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
package common | ||
|
||
// formats supported for output of various commands | ||
const ( | ||
DefaultFormat = "txt" | ||
TextFormat = "txt" | ||
JSONFormat = "json" | ||
DOTFormat = "dot" | ||
CSVFormat = "csv" | ||
MDFormat = "md" | ||
) |
Oops, something went wrong.