add NetworkNeighborhood as a collection of NetworkNeighbors

Signed-off-by: Matthias Bertschy <[email protected]>

pkg/apis/softwarecomposition/network_types.go

@@ -19,6 +19,7 @@ const (
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // NetworkNeighborsList is a list of NetworkNeighbors.
+// deprecated: use NetworkNeighborhoodList instead.
 type NetworkNeighborsList struct {
 	metav1.TypeMeta
 	metav1.ListMeta
@@ -30,6 +31,7 @@ type NetworkNeighborsList struct {
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // NetworkNeighbors represents a list of network communications for a specific workload.
+// deprecated: use NetworkNeighborhood instead.
 type NetworkNeighbors struct {
 	metav1.TypeMeta
 	metav1.ObjectMeta
@@ -43,6 +45,40 @@ type NetworkNeighborsSpec struct {
 	Egress               []NetworkNeighbor
 }
 
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// NetworkNeighborhoodList is a list of NetworkNeighborhoods.
+type NetworkNeighborhoodList struct {
+	metav1.TypeMeta
+	metav1.ListMeta
+
+	Items []NetworkNeighborhood
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// NetworkNeighborhood represents a list of network communications for a specific workload.
+type NetworkNeighborhood struct {
+	metav1.TypeMeta
+	metav1.ObjectMeta
+
+	Spec NetworkNeighborhoodSpec
+}
+
+type NetworkNeighborhoodSpec struct {
+	metav1.LabelSelector // The labels which are inside spec.selector in the parent workload.
+	Containers           []NetworkNeighborhoodContainer
+	InitContainers       []NetworkNeighborhoodContainer
+	EphemeralContainers  []NetworkNeighborhoodContainer
+}
+
+type NetworkNeighborhoodContainer struct {
+	Name    string
+	Ingress []NetworkNeighbor
+	Egress  []NetworkNeighbor
+}
+
 // NetworkNeighbor represents a single network communication made by this resource.
 type NetworkNeighbor struct {
 	Identifier        string

pkg/apis/softwarecomposition/networkpolicy/networkpolicy.go

@@ -24,6 +24,8 @@ const (
 	storageV1ApiVersion = "spdx.softwarecomposition.kubescape.io"
 )
 
+// FIXME add NetworkNeighborhood
+
 func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors, knownServers []softwarecomposition.KnownServer, timeProvider metav1.Time) (softwarecomposition.GeneratedNetworkPolicy, error) {
 	if !IsAvailable(networkNeighbors) {
 		return softwarecomposition.GeneratedNetworkPolicy{}, fmt.Errorf("networkNeighbors %s/%s status annotation is not ready", networkNeighbors.Namespace, networkNeighbors.Name)

pkg/apis/softwarecomposition/register.go

@@ -69,6 +69,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ApplicationActivityList{},
 		&NetworkNeighbors{},
 		&NetworkNeighborsList{},
+		&NetworkNeighborhood{},
+		&NetworkNeighborhoodList{},
 		&OpenVulnerabilityExchangeContainer{},
 		&OpenVulnerabilityExchangeContainerList{},
 		&GeneratedNetworkPolicyList{},

pkg/apis/softwarecomposition/v1beta1/network_types.go

@@ -19,6 +19,7 @@ const (
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // NetworkNeighborsList is a list of NetworkNeighbors.
+// deprecated: use NetworkNeighborhoodList instead.
 type NetworkNeighborsList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
@@ -30,6 +31,7 @@ type NetworkNeighborsList struct {
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // NetworkNeighbors represents a list of network communications for a specific workload.
+// deprecated: use NetworkNeighborhood instead.
 type NetworkNeighbors struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
@@ -47,6 +49,40 @@ type NetworkNeighborsSpec struct {
 	Egress []NetworkNeighbor `json:"egress" patchStrategy:"merge" patchMergeKey:"identifier"`
 }
 
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// NetworkNeighborhoodList is a list of NetworkNeighborhoods.
+type NetworkNeighborhoodList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
+	Items []NetworkNeighborhood `json:"items"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// NetworkNeighborhood represents a list of network communications for a specific workload.
+type NetworkNeighborhood struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
+	Spec NetworkNeighborhoodSpec `json:"spec"`
+}
+
+type NetworkNeighborhoodSpec struct {
+	metav1.LabelSelector `json:",inline"`
+	Containers           []NetworkNeighborhoodContainer `json:"containers"`
+	InitContainers       []NetworkNeighborhoodContainer `json:"initContainers"`
+	EphemeralContainers  []NetworkNeighborhoodContainer `json:"ephemeralContainers"`
+}
+
+type NetworkNeighborhoodContainer struct {
+	Name    string
+	Ingress []NetworkNeighbor `json:"ingress"`
+	Egress  []NetworkNeighbor `json:"egress"`
+}
+
 // NetworkNeighbor represents a single network communication made by this resource.
 type NetworkNeighbor struct {
 	Identifier string            `json:"identifier"` // A unique identifier for this entry

pkg/apis/softwarecomposition/v1beta1/networkpolicy/networkpolicy.go

@@ -11,6 +11,8 @@ const (
 	storageV1Beta1ApiVersion = "spdx.softwarecomposition.kubescape.io/v1beta1"
 )
 
+// FIXME add NetworkNeighborhood (maybe duplicate?)
+
 func GenerateNetworkPolicy(networkNeighbors v1beta1.NetworkNeighbors, knownServers []v1beta1.KnownServer, timeProvider metav1.Time) (v1beta1.GeneratedNetworkPolicy, error) {
 	networkNeighborsV1, err := convertNetworkNeighbors(&networkNeighbors)
 	if err != nil {

pkg/apis/softwarecomposition/v1beta1/register.go

@@ -71,6 +71,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ApplicationActivityList{},
 		&NetworkNeighbors{},
 		&NetworkNeighborsList{},
+		&NetworkNeighborhood{},
+		&NetworkNeighborhoodList{},
 		&OpenVulnerabilityExchangeContainer{},
 		&OpenVulnerabilityExchangeContainerList{},
 		&GeneratedNetworkPolicyList{},