From 1d251cf0eec6ef85c619bd865e3ca7309b05ac69 Mon Sep 17 00:00:00 2001 From: JAYANT PRANJAL Date: Mon, 24 Feb 2025 15:33:33 +0530 Subject: [PATCH] Removed NetworkNeighbors Signed-off-by: JAYANT PRANJAL --- artifacts/networkneighborses/01-example.yaml | 40 - pkg/apis/softwarecomposition/network_types.go | 29 - .../networkpolicy/{v2 => }/networkpolicy.go | 1 - .../{v2 => }/networkpolicy_test.go | 0 .../networkpolicy/v1/networkpolicy.go | 449 ---- .../networkpolicy/v1/networkpolicy_test.go | 2019 ---------------- pkg/apis/softwarecomposition/register.go | 2 - .../v1beta1/generated.proto | 28 - .../v1beta1/network_types.go | 33 - .../networkpolicy/{v2 => }/networkpolicy.go | 1 - .../{v2 => }/networkpolicy_test.go | 0 .../{v2 => }/testdata/known-servers.json | 0 .../{v2 => }/testdata/nn-operator.json | 0 .../{v2 => }/testdata/np-operator.json | 0 .../{v2 => }/testdata/np.new.json | 0 .../v1beta1/networkpolicy/v1/networkpolicy.go | 55 - .../networkpolicy/v1/networkpolicy_test.go | 2021 ----------------- .../softwarecomposition/v1beta1/register.go | 2 - .../v1beta1/zz_generated.conversion.go | 102 - .../v1beta1/zz_generated.deepcopy.go | 91 - .../zz_generated.deepcopy.go | 91 - pkg/apiserver/apiserver.go | 2 - pkg/cleanup/cleanup.go | 3 - .../testdata/expectedFilesToDelete.json | 20 - .../v1beta1/fake/fake_networkneighbors.go | 129 -- .../fake/fake_softwarecomposition_client.go | 4 - .../v1beta1/generated_expansion.go | 2 - .../v1beta1/networkneighbors.go | 178 -- .../v1beta1/softwarecomposition_client.go | 5 - .../informers/externalversions/generic.go | 2 - .../softwarecomposition/v1beta1/interface.go | 7 - .../v1beta1/networkneighbors.go | 90 - .../v1beta1/networkneighbors.go | 99 - pkg/generated/openapi/zz_generated.openapi.go | 177 -- pkg/registry/file/generatednetworkpolicy.go | 1 - .../networkneighbors/etcd.go | 41 - .../networkneighbors/strategy.go | 126 - .../networkneighbors/strategy_test.go | 90 - 38 files changed, 5940 deletions(-) delete mode 100644 artifacts/networkneighborses/01-example.yaml rename pkg/apis/softwarecomposition/networkpolicy/{v2 => }/networkpolicy.go (99%) rename pkg/apis/softwarecomposition/networkpolicy/{v2 => }/networkpolicy_test.go (100%) delete mode 100644 pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy.go delete mode 100644 pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy_test.go rename pkg/apis/softwarecomposition/v1beta1/networkpolicy/{v2 => }/networkpolicy.go (96%) rename pkg/apis/softwarecomposition/v1beta1/networkpolicy/{v2 => }/networkpolicy_test.go (100%) rename pkg/apis/softwarecomposition/v1beta1/networkpolicy/{v2 => }/testdata/known-servers.json (100%) rename pkg/apis/softwarecomposition/v1beta1/networkpolicy/{v2 => }/testdata/nn-operator.json (100%) rename pkg/apis/softwarecomposition/v1beta1/networkpolicy/{v2 => }/testdata/np-operator.json (100%) rename pkg/apis/softwarecomposition/v1beta1/networkpolicy/{v2 => }/testdata/np.new.json (100%) delete mode 100644 pkg/apis/softwarecomposition/v1beta1/networkpolicy/v1/networkpolicy.go delete mode 100644 pkg/apis/softwarecomposition/v1beta1/networkpolicy/v1/networkpolicy_test.go delete mode 100644 pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/fake/fake_networkneighbors.go delete mode 100644 pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/networkneighbors.go delete mode 100644 pkg/generated/informers/externalversions/softwarecomposition/v1beta1/networkneighbors.go delete mode 100644 pkg/generated/listers/softwarecomposition/v1beta1/networkneighbors.go delete mode 100644 pkg/registry/softwarecomposition/networkneighbors/etcd.go delete mode 100644 pkg/registry/softwarecomposition/networkneighbors/strategy.go delete mode 100644 pkg/registry/softwarecomposition/networkneighbors/strategy_test.go diff --git a/artifacts/networkneighborses/01-example.yaml b/artifacts/networkneighborses/01-example.yaml deleted file mode 100644 index dbc3cff96..000000000 --- a/artifacts/networkneighborses/01-example.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: spdx.softwarecomposition.kubescape.io/v1beta1 -kind: NetworkNeighbors -metadata: - name: deployment-nginx - annotations: - status: incomplete - labels: - "kubescape.io/workload-api-group": "apps" - "kubescape.io/workload-api-version": "v1" - "kubescape.io/workload-name": "nginx" - "kubescape.io/workload-kind": "deployment" - "kubescape.io/workload-namespace": "kubescape" - -spec: - matchLabels: - app: nginx - - ingress: - - type: internal - identifier: bla - namespaceSelector: - matchLabels: - name: kubescape - podSelector: - matchLabels: - app: kubescape-ui - ports: - - name: TCP-6379 - protocol: TCP - port: 6379 - - egress: - - type: external - identifier: bla - ipAddress: 123.5.2.3 - dns: stripe.com - ports: - - name: TCP-5978 - protocol: TCP - port: 5978 diff --git a/pkg/apis/softwarecomposition/network_types.go b/pkg/apis/softwarecomposition/network_types.go index c91fdad70..7fbe937fe 100644 --- a/pkg/apis/softwarecomposition/network_types.go +++ b/pkg/apis/softwarecomposition/network_types.go @@ -20,35 +20,6 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// NetworkNeighborsList is a list of NetworkNeighbors. -// DEPRECATED - use NetworkNeighborhoodList instead. -type NetworkNeighborsList struct { - metav1.TypeMeta - metav1.ListMeta - - Items []NetworkNeighbors -} - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NetworkNeighbors represents a list of network communications for a specific workload. -// DEPRECATED - use NetworkNeighborhood instead. -type NetworkNeighbors struct { - metav1.TypeMeta - metav1.ObjectMeta - - Spec NetworkNeighborsSpec -} - -type NetworkNeighborsSpec struct { - metav1.LabelSelector // The labels which are inside spec.selector in the parent workload. - Ingress []NetworkNeighbor - Egress []NetworkNeighbor -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - // NetworkNeighborhoodList is a list of NetworkNeighborhoods. type NetworkNeighborhoodList struct { metav1.TypeMeta diff --git a/pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy.go b/pkg/apis/softwarecomposition/networkpolicy/networkpolicy.go similarity index 99% rename from pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy.go rename to pkg/apis/softwarecomposition/networkpolicy/networkpolicy.go index 9c0ae883c..cc409c3e2 100644 --- a/pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy.go +++ b/pkg/apis/softwarecomposition/networkpolicy/networkpolicy.go @@ -12,7 +12,6 @@ import ( helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" "github.com/kubescape/storage/pkg/apis/softwarecomposition" - "github.com/kubescape/storage/pkg/apis/softwarecomposition/networkpolicy" "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" diff --git a/pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy_test.go b/pkg/apis/softwarecomposition/networkpolicy/networkpolicy_test.go similarity index 100% rename from pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy_test.go rename to pkg/apis/softwarecomposition/networkpolicy/networkpolicy_test.go diff --git a/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy.go b/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy.go deleted file mode 100644 index 75ca39043..000000000 --- a/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy.go +++ /dev/null @@ -1,449 +0,0 @@ -package networkpolicy - -import ( - "bytes" - "crypto/sha256" - "encoding/gob" - "encoding/hex" - "fmt" - "maps" - "net" - "sort" - "strings" - - helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - - "github.com/kubescape/storage/pkg/apis/softwarecomposition" - "github.com/kubescape/storage/pkg/apis/softwarecomposition/networkpolicy" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors, knownServers softwarecomposition.IKnownServersFinder, timeProvider metav1.Time) (softwarecomposition.GeneratedNetworkPolicy, error) { - if !IsAvailable(networkNeighbors) { - return softwarecomposition.GeneratedNetworkPolicy{}, fmt.Errorf("networkNeighbors %s/%s status annotation is not ready nor completed", networkNeighbors.Namespace, networkNeighbors.Name) - } - - networkPolicy := softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: metav1.ObjectMeta{ - Name: networkNeighbors.Name, - Namespace: networkNeighbors.Namespace, - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - Labels: networkNeighbors.Labels, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - }, - } - - if networkNeighbors.Spec.MatchLabels != nil { - networkPolicy.Spec.PodSelector.MatchLabels = maps.Clone(networkNeighbors.Spec.MatchLabels) - } - - if networkNeighbors.Spec.MatchExpressions != nil { - networkPolicy.Spec.PodSelector.MatchExpressions = networkNeighbors.Spec.MatchExpressions - } - - generatedNetworkPolicy := softwarecomposition.GeneratedNetworkPolicy{ - TypeMeta: metav1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: softwarecomposition.GroupName, - }, - ObjectMeta: metav1.ObjectMeta{ - Name: networkNeighbors.Name, - Namespace: networkNeighbors.Namespace, - Labels: networkNeighbors.Labels, - CreationTimestamp: timeProvider, - }, - PoliciesRef: []softwarecomposition.PolicyRef{}, - } - - ingressHash := make(map[string]bool) - for _, neighbor := range networkNeighbors.Spec.Ingress { - - rule, policyRefs := generateIngressRule(neighbor, knownServers) - - if ruleHash, err := hash(rule); err == nil { - if ok := ingressHash[ruleHash]; !ok { - networkPolicy.Spec.Ingress = append(networkPolicy.Spec.Ingress, rule) - ingressHash[ruleHash] = true - } - } - - if refsHash, err := hash(policyRefs); err == nil { - if ok := ingressHash[refsHash]; !ok { - generatedNetworkPolicy.PoliciesRef = append(generatedNetworkPolicy.PoliciesRef, policyRefs...) - ingressHash[refsHash] = true - } - } - - } - - egressHash := make(map[string]bool) - for _, neighbor := range networkNeighbors.Spec.Egress { - - rule, policyRefs := generateEgressRule(neighbor, knownServers) - - if ruleHash, err := hash(rule); err == nil { - if ok := egressHash[ruleHash]; !ok { - networkPolicy.Spec.Egress = append(networkPolicy.Spec.Egress, rule) - egressHash[ruleHash] = true - } - } - - for i := range policyRefs { - if refsHash, err := hash(policyRefs[i]); err == nil { - if ok := egressHash[refsHash]; !ok { - generatedNetworkPolicy.PoliciesRef = append(generatedNetworkPolicy.PoliciesRef, policyRefs[i]) - egressHash[refsHash] = true - } - } - } - } - - networkPolicy.Spec.Egress = mergeEgressRulesByPorts(networkPolicy.Spec.Egress) - - networkPolicy.Spec.Ingress = mergeIngressRulesByPorts(networkPolicy.Spec.Ingress) - - generatedNetworkPolicy.Spec = networkPolicy - - return generatedNetworkPolicy, nil -} - -func mergeIngressRulesByPorts(rules []softwarecomposition.NetworkPolicyIngressRule) []softwarecomposition.NetworkPolicyIngressRule { - type PortProtocolKey struct { - Port int32 - Protocol v1.Protocol - } - - merged := make(map[PortProtocolKey][]softwarecomposition.NetworkPolicyPeer) - var keys []PortProtocolKey - var nonMergedRules []softwarecomposition.NetworkPolicyIngressRule - - for _, rule := range rules { - hasSelector := false - for _, peer := range rule.From { - if peer.PodSelector != nil || peer.NamespaceSelector != nil { - hasSelector = true - break - } - } - - if hasSelector { - nonMergedRules = append(nonMergedRules, rule) - continue - } - - for _, port := range rule.Ports { - if port.Port == nil || port.Protocol == nil { - continue - } - key := PortProtocolKey{Port: *port.Port, Protocol: *port.Protocol} - if _, exists := merged[key]; !exists { - keys = append(keys, key) - } - for _, peer := range rule.From { - if peer.IPBlock != nil { - merged[key] = append(merged[key], peer) - } - } - } - } - - // Sort the keys - sort.Slice(keys, func(i, j int) bool { - if keys[i].Port != keys[j].Port { - return keys[i].Port < keys[j].Port - } - return keys[i].Protocol < keys[j].Protocol - }) - - // Construct merged rules using sorted keys - mergedRules := []softwarecomposition.NetworkPolicyIngressRule{} - for i := range keys { - peers := merged[keys[i]] - sort.Slice(peers, func(i, j int) bool { - if peers[i].IPBlock != nil && peers[j].IPBlock != nil { - return peers[i].IPBlock.CIDR < peers[j].IPBlock.CIDR - } - return false // Keep the order as is if IPBlock is nil - }) - - mergedRules = append(mergedRules, softwarecomposition.NetworkPolicyIngressRule{ - Ports: []softwarecomposition.NetworkPolicyPort{{Protocol: &keys[i].Protocol, Port: &keys[i].Port}}, - From: peers, - }) - } - - // Combine merged and non-merged rules - mergedRules = append(mergedRules, nonMergedRules...) - - return mergedRules -} - -func mergeEgressRulesByPorts(rules []softwarecomposition.NetworkPolicyEgressRule) []softwarecomposition.NetworkPolicyEgressRule { - type PortProtocolKey struct { - Port int32 - Protocol v1.Protocol - } - - merged := make(map[PortProtocolKey][]softwarecomposition.NetworkPolicyPeer) - var keys []PortProtocolKey - var nonMergedRules []softwarecomposition.NetworkPolicyEgressRule - - for _, rule := range rules { - hasSelector := false - for _, peer := range rule.To { - if peer.PodSelector != nil || peer.NamespaceSelector != nil { - hasSelector = true - break - } - } - - if hasSelector { - nonMergedRules = append(nonMergedRules, rule) - continue - } - - for _, port := range rule.Ports { - key := PortProtocolKey{} - if port.Port != nil { - key.Port = *port.Port - } - if port.Protocol != nil { - key.Protocol = *port.Protocol - } - if _, exists := merged[key]; !exists { - keys = append(keys, key) - } - for _, peer := range rule.To { - if peer.IPBlock != nil { - merged[key] = append(merged[key], peer) - } - } - } - } - - // Sort the keys - sort.Slice(keys, func(i, j int) bool { - if keys[i].Port != keys[j].Port { - return keys[i].Port < keys[j].Port - } - return keys[i].Protocol < keys[j].Protocol - }) - - // Construct merged rules using sorted keys - mergedRules := []softwarecomposition.NetworkPolicyEgressRule{} - for i := range keys { - peers := merged[keys[i]] - sort.Slice(peers, func(i, j int) bool { - if peers[i].IPBlock != nil && peers[j].IPBlock != nil { - return peers[i].IPBlock.CIDR < peers[j].IPBlock.CIDR - } - return false // Keep the order as is if IPBlock is nil - }) - - mergedRules = append(mergedRules, softwarecomposition.NetworkPolicyEgressRule{ - Ports: []softwarecomposition.NetworkPolicyPort{{Protocol: &keys[i].Protocol, Port: &keys[i].Port}}, - To: peers, - }) - } - - // Combine merged and non-merged rules - mergedRules = append(mergedRules, nonMergedRules...) - - return mergedRules -} - -func generateEgressRule(neighbor softwarecomposition.NetworkNeighbor, knownServers softwarecomposition.IKnownServersFinder) (softwarecomposition.NetworkPolicyEgressRule, []softwarecomposition.PolicyRef) { - egressRule := softwarecomposition.NetworkPolicyEgressRule{} - policyRefs := []softwarecomposition.PolicyRef{} - - if neighbor.PodSelector != nil { - removeLabels(neighbor.PodSelector.MatchLabels) - egressRule.To = append(egressRule.To, softwarecomposition.NetworkPolicyPeer{ - PodSelector: neighbor.PodSelector, - }) - } - - if neighbor.NamespaceSelector != nil { - // the ns label goes together with the pod label - if len(egressRule.To) > 0 { - egressRule.To[0].NamespaceSelector = neighbor.NamespaceSelector - } else { - // TOD0(DanielGrunberegerCA): is this a valid case? - egressRule.To = append(egressRule.To, softwarecomposition.NetworkPolicyPeer{ - NamespaceSelector: neighbor.NamespaceSelector, - }) - } - } - - if neighbor.IPAddress != "" { - if entries, contains := knownServers.Contains(net.ParseIP(neighbor.IPAddress)); contains { - // look if this IP is part of any known server - for _, entry := range entries { - - egressRule.To = append(egressRule.To, softwarecomposition.NetworkPolicyPeer{ - IPBlock: &softwarecomposition.IPBlock{ - CIDR: entry.GetIPBlock(), - }, - }) - - policyRef := softwarecomposition.PolicyRef{ - Name: entry.GetName(), - OriginalIP: neighbor.IPAddress, - IPBlock: entry.GetIPBlock(), - Server: entry.GetServer(), - } - - if neighbor.DNS != "" { - policyRef.DNS = neighbor.DNS - } - - policyRefs = append(policyRefs, policyRef) - - } - - } else { - ipBlock := getSingleIP(neighbor.IPAddress) - egressRule.To = append(egressRule.To, softwarecomposition.NetworkPolicyPeer{ - IPBlock: ipBlock, - }) - - if neighbor.DNS != "" { - policyRefs = append(policyRefs, softwarecomposition.PolicyRef{ - DNS: neighbor.DNS, - IPBlock: ipBlock.CIDR, - OriginalIP: neighbor.IPAddress, - }) - } - } - } - - for _, networkPort := range neighbor.Ports { - protocol := v1.Protocol(strings.ToUpper(string(networkPort.Protocol))) - portInt32 := networkPort.Port - - egressRule.Ports = append(egressRule.Ports, softwarecomposition.NetworkPolicyPort{ - Protocol: &protocol, - Port: portInt32, - }) - } - - return egressRule, policyRefs -} - -func hash(s any) (string, error) { - - var b bytes.Buffer - if err := gob.NewEncoder(&b).Encode(s); err != nil { - return "", err - } - vv := sha256.Sum256(b.Bytes()) - return hex.EncodeToString(vv[:]), nil -} - -func generateIngressRule(neighbor softwarecomposition.NetworkNeighbor, knownServers softwarecomposition.IKnownServersFinder) (softwarecomposition.NetworkPolicyIngressRule, []softwarecomposition.PolicyRef) { - ingressRule := softwarecomposition.NetworkPolicyIngressRule{} - policyRefs := []softwarecomposition.PolicyRef{} - - if neighbor.PodSelector != nil { - removeLabels(neighbor.PodSelector.MatchLabels) - ingressRule.From = append(ingressRule.From, softwarecomposition.NetworkPolicyPeer{ - PodSelector: neighbor.PodSelector, - }) - } - if neighbor.NamespaceSelector != nil { - // the ns label goes together with the pod label - if len(ingressRule.From) > 0 { - ingressRule.From[0].NamespaceSelector = neighbor.NamespaceSelector - } else { - // TOD0(DanielGrunberegerCA): is this a valid case? - ingressRule.From = append(ingressRule.From, softwarecomposition.NetworkPolicyPeer{ - NamespaceSelector: neighbor.NamespaceSelector, - }) - } - } - - if neighbor.IPAddress != "" { - // look if this IP is part of any known server - if entries, contains := knownServers.Contains(net.ParseIP(neighbor.IPAddress)); contains { - for _, entry := range entries { - ingressRule.From = append(ingressRule.From, softwarecomposition.NetworkPolicyPeer{ - IPBlock: &softwarecomposition.IPBlock{ - CIDR: entry.GetIPBlock(), - }, - }) - - policyRef := softwarecomposition.PolicyRef{ - Name: entry.GetName(), - OriginalIP: neighbor.IPAddress, - IPBlock: entry.GetIPBlock(), - Server: entry.GetServer(), - } - - if neighbor.DNS != "" { - policyRef.DNS = neighbor.DNS - } - - policyRefs = append(policyRefs, policyRef) - - } - } else { - ipBlock := getSingleIP(neighbor.IPAddress) - ingressRule.From = append(ingressRule.From, softwarecomposition.NetworkPolicyPeer{ - IPBlock: ipBlock, - }) - - if neighbor.DNS != "" { - policyRefs = append(policyRefs, softwarecomposition.PolicyRef{ - DNS: neighbor.DNS, - IPBlock: ipBlock.CIDR, - OriginalIP: neighbor.IPAddress, - }) - } - } - - } - - for _, networkPort := range neighbor.Ports { - protocol := v1.Protocol(strings.ToUpper(string(networkPort.Protocol))) - portInt32 := networkPort.Port - - ingressRule.Ports = append(ingressRule.Ports, softwarecomposition.NetworkPolicyPort{ - Protocol: &protocol, - Port: portInt32, - }) - } - - return ingressRule, policyRefs -} - -func getSingleIP(ipAddress string) *softwarecomposition.IPBlock { - ipBlock := &softwarecomposition.IPBlock{CIDR: ipAddress + "/32"} - return ipBlock -} - -func removeLabels(labels map[string]string) { - for key := range labels { - if networkpolicy.IsIgnoredLabel(key) { - delete(labels, key) - } - } -} - -func IsAvailable(networkNeighbors softwarecomposition.NetworkNeighbors) bool { - switch networkNeighbors.GetAnnotations()[helpersv1.StatusMetadataKey] { - case helpersv1.Ready, helpersv1.Completed: - return true - default: - return false - } -} diff --git a/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy_test.go b/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy_test.go deleted file mode 100644 index c4c881b97..000000000 --- a/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy_test.go +++ /dev/null @@ -1,2019 +0,0 @@ -package networkpolicy - -import ( - "testing" - - helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - - softwarecomposition "github.com/kubescape/storage/pkg/apis/softwarecomposition" - "github.com/stretchr/testify/assert" - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/ptr" -) - -func TestGenerateNetworkPolicy(t *testing.T) { - timeProvider := v1.Now() - protocolTCP := corev1.ProtocolTCP - tests := []struct { - name string - networkNeighbors softwarecomposition.NetworkNeighbors - KnownServer []softwarecomposition.KnownServer - expectedNetworkPolicy softwarecomposition.GeneratedNetworkPolicy - }{ - { - name: "same port on different entries - one entry per workload", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "two": "2", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "two": "2", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "same port on different entries - one entry per workload egress", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "two": "2", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "two": "2", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "multiple ports on same entry - ports aggregated under one entry", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - { - Port: ptr.To(int32(50)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-50", - }, - { - Port: ptr.To(int32(40)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-40", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(50)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(40)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "multiple ports on same entry - ports aggregated under one entry egress", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - { - Port: ptr.To(int32(50)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-50", - }, - { - Port: ptr.To(int32(40)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-40", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(50)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(40)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "entry with namespace and multiple pod selectors - all labels are added together", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - "two": "2", - }, - }, - NamespaceSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "ns": "ns", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - "two": "2", - }, - }, - NamespaceSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "ns": "ns", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "entry with raw IP and empty known servers - IPBlock is IP/32", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "154.53.46.32", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "154.53.46.32/32", - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "matchExpressions as labels - labels are saved correctly", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchExpressions: []v1.LabelSelectorRequirement{ - { - Key: "one", - Operator: v1.LabelSelectorOpIn, - Values: []string{ - "1", - }, - }, - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - { - Port: ptr.To(int32(50)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-50", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(50)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchExpressions: []v1.LabelSelectorRequirement{ - { - Key: "one", - Operator: v1.LabelSelectorOpIn, - Values: []string{ - "1", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "IP in known server - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - IPBlock: "172.17.0.0/16", - Name: "test", - Server: ""}, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "", - Name: "test", - }, - }, - }, - }, - { - name: "multiple IPs in known servers - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "174.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(50)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-50", - }, - }, - }, - { - IPAddress: "156.43.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - IPBlock: "172.17.0.0/16", - Name: "name1", - Server: "", - }, - }}, - { - Spec: softwarecomposition.KnownServerSpec{ - { - IPBlock: "174.17.0.0/16", - Name: "name2", - Server: "", - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(50)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "174.17.0.0/16", - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "156.43.0.2/32", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "", - Name: "name1", - }, - { - IPBlock: "174.17.0.0/16", - OriginalIP: "174.17.0.2", - DNS: "", - Name: "name2", - }, - }, - }, - }, - { - name: "dns in network neighbor - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - DNS: "test.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "198.17.0.2", - DNS: "stripe.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(90)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.2/32", - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(90)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "198.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.2/32", - OriginalIP: "172.17.0.2", - DNS: "test.com", - }, - { - IPBlock: "198.17.0.2/32", - OriginalIP: "198.17.0.2", - DNS: "stripe.com", - }, - }, - }, - }, - { - name: "dns and known servers - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - DNS: "test.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "198.17.0.2", - DNS: "stripe.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(90)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - Name: "test", - Server: "test-server", - IPBlock: "172.17.0.0/16", - }, - }}, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(90)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "198.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "test.com", - Name: "test", - Server: "test-server", - }, - { - IPBlock: "198.17.0.2/32", - OriginalIP: "198.17.0.2", - DNS: "stripe.com", - }, - }, - }, - }, - { - name: "dns and known servers - policy is enriched for egress", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - DNS: "test.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "198.17.0.2", - DNS: "stripe.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - Name: "test", - Server: "test-server", - IPBlock: "172.17.0.0/16", - }, - }}, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "198.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "test.com", - Name: "test", - Server: "test-server", - }, - { - IPBlock: "198.17.0.2/32", - OriginalIP: "198.17.0.2", - DNS: "stripe.com", - }, - }, - }, - }, - { - name: "multiple known servers - policy is enriched for egress", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - DNS: "test.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "198.17.0.2", - DNS: "stripe.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - Name: "test", - Server: "test-server", - IPBlock: "172.17.0.0/16", - }, - { - Name: "stripe", - Server: "stripe-payments", - IPBlock: "198.17.0.0/16", - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "198.17.0.0/16", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "test.com", - Name: "test", - Server: "test-server", - }, - { - IPBlock: "198.17.0.0/16", - OriginalIP: "198.17.0.2", - DNS: "stripe.com", - Name: "stripe", - Server: "stripe-payments", - }, - }, - }, - }, - { - name: "same ports with different addresses - addresses are merged", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "196.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - PoliciesRef: []softwarecomposition.PolicyRef{}, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.2/32", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "196.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "same ports for pod traffic", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Completed, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "redis", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - PoliciesRef: []softwarecomposition.PolicyRef{}, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "redis", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "same ports for multiple IPs - addresses are merged correctly", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Completed, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(443)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "196.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "196.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(443)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - PoliciesRef: []softwarecomposition.PolicyRef{}, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.2/32", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "196.17.0.2/32", - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(443)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.2/32", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "196.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "multiple IPs in known servers - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Completed, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.1", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - IPBlock: "172.17.0.0/16", - Name: "name-172.17.0.0", - Server: "name.server", - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.1", - Name: "name-172.17.0.0", - Server: "name.server", - }, - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - Name: "name-172.17.0.0", - Server: "name.server", - }, - }, - }, - }, - } - - for _, test := range tests { - - got, err := GenerateNetworkPolicy(test.networkNeighbors, softwarecomposition.NewKnownServersFinderImpl(test.KnownServer), timeProvider) - - assert.NoError(t, err) - - assert.Equal(t, test.expectedNetworkPolicy, got, test.name) - } -} diff --git a/pkg/apis/softwarecomposition/register.go b/pkg/apis/softwarecomposition/register.go index 828e81b15..256984716 100644 --- a/pkg/apis/softwarecomposition/register.go +++ b/pkg/apis/softwarecomposition/register.go @@ -69,8 +69,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ApplicationProfileList{}, &ApplicationActivity{}, &ApplicationActivityList{}, - &NetworkNeighbors{}, - &NetworkNeighborsList{}, &NetworkNeighborhood{}, &NetworkNeighborhoodList{}, &OpenVulnerabilityExchangeContainer{}, diff --git a/pkg/apis/softwarecomposition/v1beta1/generated.proto b/pkg/apis/softwarecomposition/v1beta1/generated.proto index e246da6ba..3a0bef64a 100644 --- a/pkg/apis/softwarecomposition/v1beta1/generated.proto +++ b/pkg/apis/softwarecomposition/v1beta1/generated.proto @@ -865,34 +865,6 @@ message NetworkNeighborhoodSpec { repeated NetworkNeighborhoodContainer ephemeralContainers = 6; } -// NetworkNeighbors represents a list of network communications for a specific workload. -// DEPRECATED - use NetworkNeighborhood instead. -message NetworkNeighbors { - optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; - - optional NetworkNeighborsSpec spec = 2; -} - -// NetworkNeighborsList is a list of NetworkNeighbors. -// DEPRECATED - use NetworkNeighborhoodList instead. -message NetworkNeighborsList { - optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; - - repeated NetworkNeighbors items = 2; -} - -message NetworkNeighborsSpec { - optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 3; - - // +patchMergeKey=identifier - // +patchStrategy=merge - repeated NetworkNeighbor ingress = 4; - - // +patchMergeKey=identifier - // +patchStrategy=merge - repeated NetworkNeighbor egress = 5; -} - message NetworkPolicy { optional string kind = 1; diff --git a/pkg/apis/softwarecomposition/v1beta1/network_types.go b/pkg/apis/softwarecomposition/v1beta1/network_types.go index 5e34ad46d..b5557dc29 100644 --- a/pkg/apis/softwarecomposition/v1beta1/network_types.go +++ b/pkg/apis/softwarecomposition/v1beta1/network_types.go @@ -18,39 +18,6 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// NetworkNeighborsList is a list of NetworkNeighbors. -// DEPRECATED - use NetworkNeighborhoodList instead. -type NetworkNeighborsList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - Items []NetworkNeighbors `json:"items" protobuf:"bytes,2,rep,name=items"` -} - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NetworkNeighbors represents a list of network communications for a specific workload. -// DEPRECATED - use NetworkNeighborhood instead. -type NetworkNeighbors struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - Spec NetworkNeighborsSpec `json:"spec" protobuf:"bytes,2,req,name=spec"` -} - -type NetworkNeighborsSpec struct { - metav1.LabelSelector `json:",inline" protobuf:"bytes,3,opt,name=labelSelector"` - // +patchMergeKey=identifier - // +patchStrategy=merge - Ingress []NetworkNeighbor `json:"ingress" patchStrategy:"merge" patchMergeKey:"identifier" protobuf:"bytes,4,rep,name=ingress"` - // +patchMergeKey=identifier - // +patchStrategy=merge - Egress []NetworkNeighbor `json:"egress" patchStrategy:"merge" patchMergeKey:"identifier" protobuf:"bytes,5,rep,name=egress"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - // NetworkNeighborhoodList is a list of NetworkNeighborhoods. type NetworkNeighborhoodList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/networkpolicy.go b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/networkpolicy.go similarity index 96% rename from pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/networkpolicy.go rename to pkg/apis/softwarecomposition/v1beta1/networkpolicy/networkpolicy.go index d82b7fce2..43c6e5a31 100644 --- a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/networkpolicy.go +++ b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/networkpolicy.go @@ -2,7 +2,6 @@ package networkpolicy import ( sc "github.com/kubescape/storage/pkg/apis/softwarecomposition" - np "github.com/kubescape/storage/pkg/apis/softwarecomposition/networkpolicy/v2" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/networkpolicy_test.go b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/networkpolicy_test.go similarity index 100% rename from pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/networkpolicy_test.go rename to pkg/apis/softwarecomposition/v1beta1/networkpolicy/networkpolicy_test.go diff --git a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/testdata/known-servers.json b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/testdata/known-servers.json similarity index 100% rename from pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/testdata/known-servers.json rename to pkg/apis/softwarecomposition/v1beta1/networkpolicy/testdata/known-servers.json diff --git a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/testdata/nn-operator.json b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/testdata/nn-operator.json similarity index 100% rename from pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/testdata/nn-operator.json rename to pkg/apis/softwarecomposition/v1beta1/networkpolicy/testdata/nn-operator.json diff --git a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/testdata/np-operator.json b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/testdata/np-operator.json similarity index 100% rename from pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/testdata/np-operator.json rename to pkg/apis/softwarecomposition/v1beta1/networkpolicy/testdata/np-operator.json diff --git a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/testdata/np.new.json b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/testdata/np.new.json similarity index 100% rename from pkg/apis/softwarecomposition/v1beta1/networkpolicy/v2/testdata/np.new.json rename to pkg/apis/softwarecomposition/v1beta1/networkpolicy/testdata/np.new.json diff --git a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v1/networkpolicy.go b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v1/networkpolicy.go deleted file mode 100644 index 6f2d02eaf..000000000 --- a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v1/networkpolicy.go +++ /dev/null @@ -1,55 +0,0 @@ -package networkpolicy - -import ( - sc "github.com/kubescape/storage/pkg/apis/softwarecomposition" - np "github.com/kubescape/storage/pkg/apis/softwarecomposition/networkpolicy/v1" - "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - storageV1Beta1ApiVersion = "spdx.softwarecomposition.kubescape.io/v1beta1" -) - -func GenerateNetworkPolicy(networkNeighbors v1beta1.NetworkNeighbors, knownServers sc.IKnownServersFinder, timeProvider metav1.Time) (v1beta1.GeneratedNetworkPolicy, error) { - networkNeighborsV1, err := convertNetworkNeighbors(&networkNeighbors) - if err != nil { - return v1beta1.GeneratedNetworkPolicy{}, err - } - - npv1, err := np.GenerateNetworkPolicy(networkNeighborsV1, knownServers, timeProvider) - if err != nil { - return v1beta1.GeneratedNetworkPolicy{}, err - } - - return convertGeneratedNetworkPolicy(&npv1) - -} - -func convertGeneratedNetworkPolicy(old *sc.GeneratedNetworkPolicy) (v1beta1.GeneratedNetworkPolicy, error) { - npv1beta1 := v1beta1.GeneratedNetworkPolicy{} - if err := v1beta1.Convert_softwarecomposition_GeneratedNetworkPolicy_To_v1beta1_GeneratedNetworkPolicy(old, &npv1beta1, nil); err != nil { - return v1beta1.GeneratedNetworkPolicy{}, err - } - npv1beta1.TypeMeta.APIVersion = storageV1Beta1ApiVersion - npv1beta1.TypeMeta.Kind = "GeneratedNetworkPolicy" - return npv1beta1, nil -} - -func convertNetworkNeighbors(old *v1beta1.NetworkNeighbors) (sc.NetworkNeighbors, error) { - neighbors := sc.NetworkNeighbors{} - err := v1beta1.Convert_v1beta1_NetworkNeighbors_To_softwarecomposition_NetworkNeighbors(old, &neighbors, nil) - return neighbors, err -} -func convertKnownServersList(old []v1beta1.KnownServer) ([]sc.KnownServer, error) { - var servers []sc.KnownServer - for i := range old { - k := sc.KnownServer{} - err := v1beta1.Convert_v1beta1_KnownServer_To_softwarecomposition_KnownServer(&old[i], &k, nil) - if err != nil { - return nil, err - } - servers = append(servers, k) - } - return servers, nil -} diff --git a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v1/networkpolicy_test.go b/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v1/networkpolicy_test.go deleted file mode 100644 index dd4d58d42..000000000 --- a/pkg/apis/softwarecomposition/v1beta1/networkpolicy/v1/networkpolicy_test.go +++ /dev/null @@ -1,2021 +0,0 @@ -package networkpolicy - -import ( - "testing" - - helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - - sc "github.com/kubescape/storage/pkg/apis/softwarecomposition" - softwarecomposition "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - "github.com/stretchr/testify/assert" - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/ptr" -) - -func TestGenerateNetworkPolicy(t *testing.T) { - timeProvider := v1.Now() - protocolTCP := corev1.ProtocolTCP - tests := []struct { - name string - networkNeighbors softwarecomposition.NetworkNeighbors - KnownServer []softwarecomposition.KnownServer - expectedNetworkPolicy softwarecomposition.GeneratedNetworkPolicy - }{ - { - name: "same port on different entries - one entry per workload", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "two": "2", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "two": "2", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "same port on different entries - one entry per workload egress", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "two": "2", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "two": "2", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "multiple ports on same entry - ports aggregated under one entry", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - { - Port: ptr.To(int32(50)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-50", - }, - { - Port: ptr.To(int32(40)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-40", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(50)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(40)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "multiple ports on same entry - ports aggregated under one entry egress", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - { - Port: ptr.To(int32(50)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-50", - }, - { - Port: ptr.To(int32(40)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-40", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(50)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(40)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "entry with namespace and multiple pod selectors - all labels are added together", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - "two": "2", - }, - }, - NamespaceSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "ns": "ns", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "one": "1", - "two": "2", - }, - }, - NamespaceSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "ns": "ns", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "entry with raw IP and empty known servers - IPBlock is IP/32", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "154.53.46.32", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "154.53.46.32/32", - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "matchExpressions as labels - labels are saved correctly", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchExpressions: []v1.LabelSelectorRequirement{ - { - Key: "one", - Operator: v1.LabelSelectorOpIn, - Values: []string{ - "1", - }, - }, - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - { - Port: ptr.To(int32(50)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-50", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - PoliciesRef: []softwarecomposition.PolicyRef{}, - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - { - Port: ptr.To(int32(50)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchExpressions: []v1.LabelSelectorRequirement{ - { - Key: "one", - Operator: v1.LabelSelectorOpIn, - Values: []string{ - "1", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "IP in known server - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - IPBlock: "172.17.0.0/16", - Name: "test", - Server: ""}, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "", - Name: "test", - }, - }, - }, - }, - { - name: "multiple IPs in known servers - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "174.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(50)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-50", - }, - }, - }, - { - IPAddress: "156.43.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - IPBlock: "172.17.0.0/16", - Name: "name1", - Server: "", - }, - }}, - { - Spec: softwarecomposition.KnownServerSpec{ - { - IPBlock: "174.17.0.0/16", - Name: "name2", - Server: "", - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(50)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "174.17.0.0/16", - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "156.43.0.2/32", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "", - Name: "name1", - }, - { - IPBlock: "174.17.0.0/16", - OriginalIP: "174.17.0.2", - DNS: "", - Name: "name2", - }, - }, - }, - }, - { - name: "dns in network neighbor - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - DNS: "test.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "198.17.0.2", - DNS: "stripe.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(90)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.2/32", - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(90)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "198.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.2/32", - OriginalIP: "172.17.0.2", - DNS: "test.com", - }, - { - IPBlock: "198.17.0.2/32", - OriginalIP: "198.17.0.2", - DNS: "stripe.com", - }, - }, - }, - }, - { - name: "dns and known servers - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - DNS: "test.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "198.17.0.2", - DNS: "stripe.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(90)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - Name: "test", - Server: "test-server", - IPBlock: "172.17.0.0/16", - }, - }}, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(90)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "198.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "test.com", - Name: "test", - Server: "test-server", - }, - { - IPBlock: "198.17.0.2/32", - OriginalIP: "198.17.0.2", - DNS: "stripe.com", - }, - }, - }, - }, - { - name: "dns and known servers - policy is enriched for egress", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - DNS: "test.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "198.17.0.2", - DNS: "stripe.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - Name: "test", - Server: "test-server", - IPBlock: "172.17.0.0/16", - }, - }}, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "198.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "test.com", - Name: "test", - Server: "test-server", - }, - { - IPBlock: "198.17.0.2/32", - OriginalIP: "198.17.0.2", - DNS: "stripe.com", - }, - }, - }, - }, - { - name: "multiple known servers - policy is enriched for egress", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - DNS: "test.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "198.17.0.2", - DNS: "stripe.com", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - Name: "test", - Server: "test-server", - IPBlock: "172.17.0.0/16", - }, - { - Name: "stripe", - Server: "stripe-payments", - IPBlock: "198.17.0.0/16", - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "198.17.0.0/16", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - DNS: "test.com", - Name: "test", - Server: "test-server", - }, - { - IPBlock: "198.17.0.0/16", - OriginalIP: "198.17.0.2", - DNS: "stripe.com", - Name: "stripe", - Server: "stripe-payments", - }, - }, - }, - }, - { - name: "same ports with different addresses - addresses are merged", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "196.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - PoliciesRef: []softwarecomposition.PolicyRef{}, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.2/32", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "196.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "same ports for pod traffic", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Completed, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "redis", - }, - }, - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - PoliciesRef: []softwarecomposition.PolicyRef{}, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - PodSelector: &v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "redis", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "same ports for multiple IPs - addresses are merged correctly", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Completed, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Egress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(443)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "196.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "196.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(443)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - PoliciesRef: []softwarecomposition.PolicyRef{}, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{}, - Egress: []softwarecomposition.NetworkPolicyEgressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.2/32", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "196.17.0.2/32", - }, - }, - }, - }, - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(443)), - Protocol: &protocolTCP, - }, - }, - To: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.2/32", - }, - }, - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "196.17.0.2/32", - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "multiple IPs in known servers - policy is enriched", - networkNeighbors: softwarecomposition.NetworkNeighbors{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Completed, - }, - }, - Spec: softwarecomposition.NetworkNeighborsSpec{ - LabelSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - Ingress: []softwarecomposition.NetworkNeighbor{ - { - IPAddress: "172.17.0.1", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - { - IPAddress: "172.17.0.2", - Ports: []softwarecomposition.NetworkPort{ - { - Port: ptr.To(int32(80)), - Protocol: softwarecomposition.ProtocolTCP, - Name: "TCP-80", - }, - }, - }, - }, - }, - }, - KnownServer: []softwarecomposition.KnownServer{ - { - Spec: softwarecomposition.KnownServerSpec{ - { - IPBlock: "172.17.0.0/16", - Name: "name-172.17.0.0", - Server: "name.server", - }, - }, - }, - }, - expectedNetworkPolicy: softwarecomposition.GeneratedNetworkPolicy{ - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - CreationTimestamp: timeProvider, - }, - TypeMeta: v1.TypeMeta{ - Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", - }, - Spec: softwarecomposition.NetworkPolicy{ - Kind: "NetworkPolicy", - APIVersion: "networking.k8s.io/v1", - ObjectMeta: v1.ObjectMeta{ - Name: "deployment-nginx", - Namespace: "kubescape", - Annotations: map[string]string{ - "generated-by": "kubescape", - }, - }, - Spec: softwarecomposition.NetworkPolicySpec{ - PodSelector: v1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "nginx", - }, - }, - PolicyTypes: []softwarecomposition.PolicyType{ - softwarecomposition.PolicyTypeIngress, - softwarecomposition.PolicyTypeEgress, - }, - Egress: []softwarecomposition.NetworkPolicyEgressRule{}, - Ingress: []softwarecomposition.NetworkPolicyIngressRule{ - { - Ports: []softwarecomposition.NetworkPolicyPort{ - { - Port: ptr.To(int32(80)), - Protocol: &protocolTCP, - }, - }, - From: []softwarecomposition.NetworkPolicyPeer{ - { - IPBlock: &softwarecomposition.IPBlock{ - CIDR: "172.17.0.0/16", - }, - }, - }, - }, - }, - }, - }, - PoliciesRef: []softwarecomposition.PolicyRef{ - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.1", - Name: "name-172.17.0.0", - Server: "name.server", - }, - { - IPBlock: "172.17.0.0/16", - OriginalIP: "172.17.0.2", - Name: "name-172.17.0.0", - Server: "name.server", - }, - }, - }, - }, - } - - for _, test := range tests { - knownServersV1, err := convertKnownServersList(test.KnownServer) - assert.NoError(t, err) - got, err := GenerateNetworkPolicy(test.networkNeighbors, sc.NewKnownServersFinderImpl(knownServersV1), timeProvider) - - assert.NoError(t, err) - - assert.Equal(t, test.expectedNetworkPolicy, got, test.name) - } -} diff --git a/pkg/apis/softwarecomposition/v1beta1/register.go b/pkg/apis/softwarecomposition/v1beta1/register.go index cc76d6f91..172646fbd 100644 --- a/pkg/apis/softwarecomposition/v1beta1/register.go +++ b/pkg/apis/softwarecomposition/v1beta1/register.go @@ -65,8 +65,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ApplicationProfileList{}, &ApplicationActivity{}, &ApplicationActivityList{}, - &NetworkNeighbors{}, - &NetworkNeighborsList{}, &NetworkNeighborhood{}, &NetworkNeighborhoodList{}, &OpenVulnerabilityExchangeContainer{}, diff --git a/pkg/apis/softwarecomposition/v1beta1/zz_generated.conversion.go b/pkg/apis/softwarecomposition/v1beta1/zz_generated.conversion.go index 76bf67845..7eb3c4bf0 100644 --- a/pkg/apis/softwarecomposition/v1beta1/zz_generated.conversion.go +++ b/pkg/apis/softwarecomposition/v1beta1/zz_generated.conversion.go @@ -821,36 +821,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*NetworkNeighbors)(nil), (*softwarecomposition.NetworkNeighbors)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkNeighbors_To_softwarecomposition_NetworkNeighbors(a.(*NetworkNeighbors), b.(*softwarecomposition.NetworkNeighbors), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*softwarecomposition.NetworkNeighbors)(nil), (*NetworkNeighbors)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_softwarecomposition_NetworkNeighbors_To_v1beta1_NetworkNeighbors(a.(*softwarecomposition.NetworkNeighbors), b.(*NetworkNeighbors), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*NetworkNeighborsList)(nil), (*softwarecomposition.NetworkNeighborsList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkNeighborsList_To_softwarecomposition_NetworkNeighborsList(a.(*NetworkNeighborsList), b.(*softwarecomposition.NetworkNeighborsList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*softwarecomposition.NetworkNeighborsList)(nil), (*NetworkNeighborsList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_softwarecomposition_NetworkNeighborsList_To_v1beta1_NetworkNeighborsList(a.(*softwarecomposition.NetworkNeighborsList), b.(*NetworkNeighborsList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*NetworkNeighborsSpec)(nil), (*softwarecomposition.NetworkNeighborsSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkNeighborsSpec_To_softwarecomposition_NetworkNeighborsSpec(a.(*NetworkNeighborsSpec), b.(*softwarecomposition.NetworkNeighborsSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*softwarecomposition.NetworkNeighborsSpec)(nil), (*NetworkNeighborsSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_softwarecomposition_NetworkNeighborsSpec_To_v1beta1_NetworkNeighborsSpec(a.(*softwarecomposition.NetworkNeighborsSpec), b.(*NetworkNeighborsSpec), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*NetworkPolicy)(nil), (*softwarecomposition.NetworkPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1beta1_NetworkPolicy_To_softwarecomposition_NetworkPolicy(a.(*NetworkPolicy), b.(*softwarecomposition.NetworkPolicy), scope) }); err != nil { @@ -3766,78 +3736,6 @@ func Convert_softwarecomposition_NetworkNeighborhoodSpec_To_v1beta1_NetworkNeigh return autoConvert_softwarecomposition_NetworkNeighborhoodSpec_To_v1beta1_NetworkNeighborhoodSpec(in, out, s) } -func autoConvert_v1beta1_NetworkNeighbors_To_softwarecomposition_NetworkNeighbors(in *NetworkNeighbors, out *softwarecomposition.NetworkNeighbors, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_NetworkNeighborsSpec_To_softwarecomposition_NetworkNeighborsSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_NetworkNeighbors_To_softwarecomposition_NetworkNeighbors is an autogenerated conversion function. -func Convert_v1beta1_NetworkNeighbors_To_softwarecomposition_NetworkNeighbors(in *NetworkNeighbors, out *softwarecomposition.NetworkNeighbors, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkNeighbors_To_softwarecomposition_NetworkNeighbors(in, out, s) -} - -func autoConvert_softwarecomposition_NetworkNeighbors_To_v1beta1_NetworkNeighbors(in *softwarecomposition.NetworkNeighbors, out *NetworkNeighbors, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_softwarecomposition_NetworkNeighborsSpec_To_v1beta1_NetworkNeighborsSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_softwarecomposition_NetworkNeighbors_To_v1beta1_NetworkNeighbors is an autogenerated conversion function. -func Convert_softwarecomposition_NetworkNeighbors_To_v1beta1_NetworkNeighbors(in *softwarecomposition.NetworkNeighbors, out *NetworkNeighbors, s conversion.Scope) error { - return autoConvert_softwarecomposition_NetworkNeighbors_To_v1beta1_NetworkNeighbors(in, out, s) -} - -func autoConvert_v1beta1_NetworkNeighborsList_To_softwarecomposition_NetworkNeighborsList(in *NetworkNeighborsList, out *softwarecomposition.NetworkNeighborsList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]softwarecomposition.NetworkNeighbors)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_NetworkNeighborsList_To_softwarecomposition_NetworkNeighborsList is an autogenerated conversion function. -func Convert_v1beta1_NetworkNeighborsList_To_softwarecomposition_NetworkNeighborsList(in *NetworkNeighborsList, out *softwarecomposition.NetworkNeighborsList, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkNeighborsList_To_softwarecomposition_NetworkNeighborsList(in, out, s) -} - -func autoConvert_softwarecomposition_NetworkNeighborsList_To_v1beta1_NetworkNeighborsList(in *softwarecomposition.NetworkNeighborsList, out *NetworkNeighborsList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]NetworkNeighbors)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_softwarecomposition_NetworkNeighborsList_To_v1beta1_NetworkNeighborsList is an autogenerated conversion function. -func Convert_softwarecomposition_NetworkNeighborsList_To_v1beta1_NetworkNeighborsList(in *softwarecomposition.NetworkNeighborsList, out *NetworkNeighborsList, s conversion.Scope) error { - return autoConvert_softwarecomposition_NetworkNeighborsList_To_v1beta1_NetworkNeighborsList(in, out, s) -} - -func autoConvert_v1beta1_NetworkNeighborsSpec_To_softwarecomposition_NetworkNeighborsSpec(in *NetworkNeighborsSpec, out *softwarecomposition.NetworkNeighborsSpec, s conversion.Scope) error { - out.LabelSelector = in.LabelSelector - out.Ingress = *(*[]softwarecomposition.NetworkNeighbor)(unsafe.Pointer(&in.Ingress)) - out.Egress = *(*[]softwarecomposition.NetworkNeighbor)(unsafe.Pointer(&in.Egress)) - return nil -} - -// Convert_v1beta1_NetworkNeighborsSpec_To_softwarecomposition_NetworkNeighborsSpec is an autogenerated conversion function. -func Convert_v1beta1_NetworkNeighborsSpec_To_softwarecomposition_NetworkNeighborsSpec(in *NetworkNeighborsSpec, out *softwarecomposition.NetworkNeighborsSpec, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkNeighborsSpec_To_softwarecomposition_NetworkNeighborsSpec(in, out, s) -} - -func autoConvert_softwarecomposition_NetworkNeighborsSpec_To_v1beta1_NetworkNeighborsSpec(in *softwarecomposition.NetworkNeighborsSpec, out *NetworkNeighborsSpec, s conversion.Scope) error { - out.LabelSelector = in.LabelSelector - out.Ingress = *(*[]NetworkNeighbor)(unsafe.Pointer(&in.Ingress)) - out.Egress = *(*[]NetworkNeighbor)(unsafe.Pointer(&in.Egress)) - return nil -} - -// Convert_softwarecomposition_NetworkNeighborsSpec_To_v1beta1_NetworkNeighborsSpec is an autogenerated conversion function. -func Convert_softwarecomposition_NetworkNeighborsSpec_To_v1beta1_NetworkNeighborsSpec(in *softwarecomposition.NetworkNeighborsSpec, out *NetworkNeighborsSpec, s conversion.Scope) error { - return autoConvert_softwarecomposition_NetworkNeighborsSpec_To_v1beta1_NetworkNeighborsSpec(in, out, s) -} - func autoConvert_v1beta1_NetworkPolicy_To_softwarecomposition_NetworkPolicy(in *NetworkPolicy, out *softwarecomposition.NetworkPolicy, s conversion.Scope) error { out.Kind = in.Kind out.APIVersion = in.APIVersion diff --git a/pkg/apis/softwarecomposition/v1beta1/zz_generated.deepcopy.go b/pkg/apis/softwarecomposition/v1beta1/zz_generated.deepcopy.go index 30343a397..e7fe8f27b 100644 --- a/pkg/apis/softwarecomposition/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/softwarecomposition/v1beta1/zz_generated.deepcopy.go @@ -2043,97 +2043,6 @@ func (in *NetworkNeighborhoodSpec) DeepCopy() *NetworkNeighborhoodSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkNeighbors) DeepCopyInto(out *NetworkNeighbors) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkNeighbors. -func (in *NetworkNeighbors) DeepCopy() *NetworkNeighbors { - if in == nil { - return nil - } - out := new(NetworkNeighbors) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkNeighbors) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkNeighborsList) DeepCopyInto(out *NetworkNeighborsList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]NetworkNeighbors, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkNeighborsList. -func (in *NetworkNeighborsList) DeepCopy() *NetworkNeighborsList { - if in == nil { - return nil - } - out := new(NetworkNeighborsList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkNeighborsList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkNeighborsSpec) DeepCopyInto(out *NetworkNeighborsSpec) { - *out = *in - in.LabelSelector.DeepCopyInto(&out.LabelSelector) - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]NetworkNeighbor, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Egress != nil { - in, out := &in.Egress, &out.Egress - *out = make([]NetworkNeighbor, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkNeighborsSpec. -func (in *NetworkNeighborsSpec) DeepCopy() *NetworkNeighborsSpec { - if in == nil { - return nil - } - out := new(NetworkNeighborsSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) { *out = *in diff --git a/pkg/apis/softwarecomposition/zz_generated.deepcopy.go b/pkg/apis/softwarecomposition/zz_generated.deepcopy.go index 7eb1fd979..d188ce50b 100644 --- a/pkg/apis/softwarecomposition/zz_generated.deepcopy.go +++ b/pkg/apis/softwarecomposition/zz_generated.deepcopy.go @@ -2043,97 +2043,6 @@ func (in *NetworkNeighborhoodSpec) DeepCopy() *NetworkNeighborhoodSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkNeighbors) DeepCopyInto(out *NetworkNeighbors) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkNeighbors. -func (in *NetworkNeighbors) DeepCopy() *NetworkNeighbors { - if in == nil { - return nil - } - out := new(NetworkNeighbors) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkNeighbors) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkNeighborsList) DeepCopyInto(out *NetworkNeighborsList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]NetworkNeighbors, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkNeighborsList. -func (in *NetworkNeighborsList) DeepCopy() *NetworkNeighborsList { - if in == nil { - return nil - } - out := new(NetworkNeighborsList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkNeighborsList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkNeighborsSpec) DeepCopyInto(out *NetworkNeighborsSpec) { - *out = *in - in.LabelSelector.DeepCopyInto(&out.LabelSelector) - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]NetworkNeighbor, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Egress != nil { - in, out := &in.Egress, &out.Egress - *out = make([]NetworkNeighbor, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkNeighborsSpec. -func (in *NetworkNeighborsSpec) DeepCopy() *NetworkNeighborsSpec { - if in == nil { - return nil - } - out := new(NetworkNeighborsSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) { *out = *in diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 9804adcbd..71dab0406 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -30,7 +30,6 @@ import ( "github.com/kubescape/storage/pkg/registry/softwarecomposition/generatednetworkpolicy" knownserver "github.com/kubescape/storage/pkg/registry/softwarecomposition/knownservers" "github.com/kubescape/storage/pkg/registry/softwarecomposition/networkneighborhood" - "github.com/kubescape/storage/pkg/registry/softwarecomposition/networkneighbors" "github.com/kubescape/storage/pkg/registry/softwarecomposition/openvulnerabilityexchange" "github.com/kubescape/storage/pkg/registry/softwarecomposition/sbomsyftfiltereds" "github.com/kubescape/storage/pkg/registry/softwarecomposition/sbomsyfts" @@ -170,7 +169,6 @@ func (c completedConfig) New() (*WardleServer, error) { "generatednetworkpolicies": ep(generatednetworkpolicy.NewREST, generatedNetworkPolicyStorage), "knownservers": ep(knownserver.NewREST), "networkneighborhoods": ep(networkneighborhood.NewREST, networkNeighborhoodStorageImpl), - "networkneighborses": ep(networkneighbors.NewREST), "openvulnerabilityexchangecontainers": ep(openvulnerabilityexchange.NewREST), "sbomsyftfiltereds": ep(sbomsyftfiltereds.NewREST), "sbomsyfts": ep(sbomsyfts.NewREST), diff --git a/pkg/cleanup/cleanup.go b/pkg/cleanup/cleanup.go index 3a272fc35..862df1898 100644 --- a/pkg/cleanup/cleanup.go +++ b/pkg/cleanup/cleanup.go @@ -46,7 +46,6 @@ func initResourceToKindHandler(relevancyEnabled bool) map[string][]TypeCleanupHa "applicationactivities": []TypeCleanupHandlerFunc{deleteByTemplateHashOrWlid}, "applicationprofiles": []TypeCleanupHandlerFunc{deleteByTemplateHashOrWlid}, "applicationprofilesummaries": []TypeCleanupHandlerFunc{deleteDeprecated}, - "networkneighborses": []TypeCleanupHandlerFunc{deleteDeprecated}, "networkneighborhoods": []TypeCleanupHandlerFunc{deleteByTemplateHashOrWlid}, "openvulnerabilityexchangecontainers": []TypeCleanupHandlerFunc{deleteByImageId}, "sbomspdxv2p3filtereds": []TypeCleanupHandlerFunc{deleteDeprecated}, @@ -123,8 +122,6 @@ func (h *ResourcesCleanupHandler) StartCleanupTask(ctx context.Context) { err = migrateToGob[softwarecomposition.ApplicationActivity](h.appFs, path) case "applicationprofiles": err = migrateToGob[softwarecomposition.ApplicationProfile](h.appFs, path) - case "networkneighborses": - err = migrateToGob[softwarecomposition.NetworkNeighbors](h.appFs, path) case "networkneighborhoods": err = migrateToGob[softwarecomposition.NetworkNeighborhood](h.appFs, path) case "openvulnerabilityexchangecontainers": diff --git a/pkg/cleanup/testdata/expectedFilesToDelete.json b/pkg/cleanup/testdata/expectedFilesToDelete.json index 31f29f7de..3152a98c7 100644 --- a/pkg/cleanup/testdata/expectedFilesToDelete.json +++ b/pkg/cleanup/testdata/expectedFilesToDelete.json @@ -41,26 +41,6 @@ "/data/spdx.softwarecomposition.kubescape.io/applicationprofilesummaries/kubescape/kubescape-statefulset-kollector-c1be-77d8.m", "/data/spdx.softwarecomposition.kubescape.io/applicationprofilesummaries/local-path-storage/local-path-storage-replicaset-local-path-provisioner-75f5b54ffd-763c-36ba.g", "/data/spdx.softwarecomposition.kubescape.io/applicationprofilesummaries/local-path-storage/local-path-storage-replicaset-local-path-provisioner-75f5b54ffd-763c-36ba.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/default/deployment-nginx.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/default/deployment-nginx.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/default/deployment-redis.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/default/deployment-redis.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/gadget/daemonset-gadget.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/gadget/daemonset-gadget.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-gateway.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-gateway.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-kubescape.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-kubescape.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-kubevuln.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-kubevuln.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-operator.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-operator.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-otel-collector.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-otel-collector.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-synchronizer.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/deployment-synchronizer.m", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/statefulset-kollector.g", - "/data/spdx.softwarecomposition.kubescape.io/networkneighborses/kubescape/statefulset-kollector.m", "/data/spdx.softwarecomposition.kubescape.io/openvulnerabilityexchangecontainers/kubescape/docker.io-otel-opentelemetry-collector-0.86.0-6be420.m", "/data/spdx.softwarecomposition.kubescape.io/openvulnerabilityexchangecontainers/kubescape/ghcr.io-inspektor-gadget-inspektor-gadget-v0.21.0-c7fd21.m", "/data/spdx.softwarecomposition.kubescape.io/openvulnerabilityexchangecontainers/kubescape/nginx-4d62ee.m", diff --git a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/fake/fake_networkneighbors.go b/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/fake/fake_networkneighbors.go deleted file mode 100644 index 02b201624..000000000 --- a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/fake/fake_networkneighbors.go +++ /dev/null @@ -1,129 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1beta1 "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeNetworkNeighborses implements NetworkNeighborsInterface -type FakeNetworkNeighborses struct { - Fake *FakeSpdxV1beta1 - ns string -} - -var networkneighborsesResource = v1beta1.SchemeGroupVersion.WithResource("networkneighborses") - -var networkneighborsesKind = v1beta1.SchemeGroupVersion.WithKind("NetworkNeighbors") - -// Get takes name of the networkNeighbors, and returns the corresponding networkNeighbors object, and an error if there is any. -func (c *FakeNetworkNeighborses) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.NetworkNeighbors, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(networkneighborsesResource, c.ns, name), &v1beta1.NetworkNeighbors{}) - - if obj == nil { - return nil, err - } - return obj.(*v1beta1.NetworkNeighbors), err -} - -// List takes label and field selectors, and returns the list of NetworkNeighborses that match those selectors. -func (c *FakeNetworkNeighborses) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.NetworkNeighborsList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(networkneighborsesResource, networkneighborsesKind, c.ns, opts), &v1beta1.NetworkNeighborsList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1beta1.NetworkNeighborsList{ListMeta: obj.(*v1beta1.NetworkNeighborsList).ListMeta} - for _, item := range obj.(*v1beta1.NetworkNeighborsList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested networkNeighborses. -func (c *FakeNetworkNeighborses) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(networkneighborsesResource, c.ns, opts)) - -} - -// Create takes the representation of a networkNeighbors and creates it. Returns the server's representation of the networkNeighbors, and an error, if there is any. -func (c *FakeNetworkNeighborses) Create(ctx context.Context, networkNeighbors *v1beta1.NetworkNeighbors, opts v1.CreateOptions) (result *v1beta1.NetworkNeighbors, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(networkneighborsesResource, c.ns, networkNeighbors), &v1beta1.NetworkNeighbors{}) - - if obj == nil { - return nil, err - } - return obj.(*v1beta1.NetworkNeighbors), err -} - -// Update takes the representation of a networkNeighbors and updates it. Returns the server's representation of the networkNeighbors, and an error, if there is any. -func (c *FakeNetworkNeighborses) Update(ctx context.Context, networkNeighbors *v1beta1.NetworkNeighbors, opts v1.UpdateOptions) (result *v1beta1.NetworkNeighbors, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(networkneighborsesResource, c.ns, networkNeighbors), &v1beta1.NetworkNeighbors{}) - - if obj == nil { - return nil, err - } - return obj.(*v1beta1.NetworkNeighbors), err -} - -// Delete takes name of the networkNeighbors and deletes it. Returns an error if one occurs. -func (c *FakeNetworkNeighborses) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteActionWithOptions(networkneighborsesResource, c.ns, name, opts), &v1beta1.NetworkNeighbors{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeNetworkNeighborses) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(networkneighborsesResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1beta1.NetworkNeighborsList{}) - return err -} - -// Patch applies the patch and returns the patched networkNeighbors. -func (c *FakeNetworkNeighborses) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.NetworkNeighbors, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(networkneighborsesResource, c.ns, name, pt, data, subresources...), &v1beta1.NetworkNeighbors{}) - - if obj == nil { - return nil, err - } - return obj.(*v1beta1.NetworkNeighbors), err -} diff --git a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/fake/fake_softwarecomposition_client.go b/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/fake/fake_softwarecomposition_client.go index c02aa5308..21677c2e0 100644 --- a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/fake/fake_softwarecomposition_client.go +++ b/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/fake/fake_softwarecomposition_client.go @@ -52,10 +52,6 @@ func (c *FakeSpdxV1beta1) NetworkNeighborhoods(namespace string) v1beta1.Network return &FakeNetworkNeighborhoods{c, namespace} } -func (c *FakeSpdxV1beta1) NetworkNeighborses(namespace string) v1beta1.NetworkNeighborsInterface { - return &FakeNetworkNeighborses{c, namespace} -} - func (c *FakeSpdxV1beta1) OpenVulnerabilityExchangeContainers(namespace string) v1beta1.OpenVulnerabilityExchangeContainerInterface { return &FakeOpenVulnerabilityExchangeContainers{c, namespace} } diff --git a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/generated_expansion.go b/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/generated_expansion.go index 4e5f660fd..03b8ba289 100644 --- a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/generated_expansion.go +++ b/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/generated_expansion.go @@ -32,8 +32,6 @@ type KnownServerExpansion interface{} type NetworkNeighborhoodExpansion interface{} -type NetworkNeighborsExpansion interface{} - type OpenVulnerabilityExchangeContainerExpansion interface{} type SBOMSyftExpansion interface{} diff --git a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/networkneighbors.go b/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/networkneighbors.go deleted file mode 100644 index 998d45c4c..000000000 --- a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/networkneighbors.go +++ /dev/null @@ -1,178 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - scheme "github.com/kubescape/storage/pkg/generated/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// NetworkNeighborsesGetter has a method to return a NetworkNeighborsInterface. -// A group's client should implement this interface. -type NetworkNeighborsesGetter interface { - NetworkNeighborses(namespace string) NetworkNeighborsInterface -} - -// NetworkNeighborsInterface has methods to work with NetworkNeighbors resources. -type NetworkNeighborsInterface interface { - Create(ctx context.Context, networkNeighbors *v1beta1.NetworkNeighbors, opts v1.CreateOptions) (*v1beta1.NetworkNeighbors, error) - Update(ctx context.Context, networkNeighbors *v1beta1.NetworkNeighbors, opts v1.UpdateOptions) (*v1beta1.NetworkNeighbors, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.NetworkNeighbors, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.NetworkNeighborsList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.NetworkNeighbors, err error) - NetworkNeighborsExpansion -} - -// networkNeighborses implements NetworkNeighborsInterface -type networkNeighborses struct { - client rest.Interface - ns string -} - -// newNetworkNeighborses returns a NetworkNeighborses -func newNetworkNeighborses(c *SpdxV1beta1Client, namespace string) *networkNeighborses { - return &networkNeighborses{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the networkNeighbors, and returns the corresponding networkNeighbors object, and an error if there is any. -func (c *networkNeighborses) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.NetworkNeighbors, err error) { - result = &v1beta1.NetworkNeighbors{} - err = c.client.Get(). - Namespace(c.ns). - Resource("networkneighborses"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of NetworkNeighborses that match those selectors. -func (c *networkNeighborses) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.NetworkNeighborsList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.NetworkNeighborsList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("networkneighborses"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested networkNeighborses. -func (c *networkNeighborses) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("networkneighborses"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a networkNeighbors and creates it. Returns the server's representation of the networkNeighbors, and an error, if there is any. -func (c *networkNeighborses) Create(ctx context.Context, networkNeighbors *v1beta1.NetworkNeighbors, opts v1.CreateOptions) (result *v1beta1.NetworkNeighbors, err error) { - result = &v1beta1.NetworkNeighbors{} - err = c.client.Post(). - Namespace(c.ns). - Resource("networkneighborses"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(networkNeighbors). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a networkNeighbors and updates it. Returns the server's representation of the networkNeighbors, and an error, if there is any. -func (c *networkNeighborses) Update(ctx context.Context, networkNeighbors *v1beta1.NetworkNeighbors, opts v1.UpdateOptions) (result *v1beta1.NetworkNeighbors, err error) { - result = &v1beta1.NetworkNeighbors{} - err = c.client.Put(). - Namespace(c.ns). - Resource("networkneighborses"). - Name(networkNeighbors.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(networkNeighbors). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the networkNeighbors and deletes it. Returns an error if one occurs. -func (c *networkNeighborses) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("networkneighborses"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *networkNeighborses) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("networkneighborses"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched networkNeighbors. -func (c *networkNeighborses) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.NetworkNeighbors, err error) { - result = &v1beta1.NetworkNeighbors{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("networkneighborses"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/softwarecomposition_client.go b/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/softwarecomposition_client.go index 12d32164e..3b66d2650 100644 --- a/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/softwarecomposition_client.go +++ b/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1/softwarecomposition_client.go @@ -34,7 +34,6 @@ type SpdxV1beta1Interface interface { GeneratedNetworkPoliciesGetter KnownServersGetter NetworkNeighborhoodsGetter - NetworkNeighborsesGetter OpenVulnerabilityExchangeContainersGetter SBOMSyftsGetter SBOMSyftFilteredsGetter @@ -75,10 +74,6 @@ func (c *SpdxV1beta1Client) NetworkNeighborhoods(namespace string) NetworkNeighb return newNetworkNeighborhoods(c, namespace) } -func (c *SpdxV1beta1Client) NetworkNeighborses(namespace string) NetworkNeighborsInterface { - return newNetworkNeighborses(c, namespace) -} - func (c *SpdxV1beta1Client) OpenVulnerabilityExchangeContainers(namespace string) OpenVulnerabilityExchangeContainerInterface { return newOpenVulnerabilityExchangeContainers(c, namespace) } diff --git a/pkg/generated/informers/externalversions/generic.go b/pkg/generated/informers/externalversions/generic.go index aa4077333..afa2d4f16 100644 --- a/pkg/generated/informers/externalversions/generic.go +++ b/pkg/generated/informers/externalversions/generic.go @@ -65,8 +65,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Spdx().V1beta1().KnownServers().Informer()}, nil case v1beta1.SchemeGroupVersion.WithResource("networkneighborhoods"): return &genericInformer{resource: resource.GroupResource(), informer: f.Spdx().V1beta1().NetworkNeighborhoods().Informer()}, nil - case v1beta1.SchemeGroupVersion.WithResource("networkneighborses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Spdx().V1beta1().NetworkNeighborses().Informer()}, nil case v1beta1.SchemeGroupVersion.WithResource("openvulnerabilityexchangecontainers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Spdx().V1beta1().OpenVulnerabilityExchangeContainers().Informer()}, nil case v1beta1.SchemeGroupVersion.WithResource("sbomsyfts"): diff --git a/pkg/generated/informers/externalversions/softwarecomposition/v1beta1/interface.go b/pkg/generated/informers/externalversions/softwarecomposition/v1beta1/interface.go index c1b6efab4..33070e33e 100644 --- a/pkg/generated/informers/externalversions/softwarecomposition/v1beta1/interface.go +++ b/pkg/generated/informers/externalversions/softwarecomposition/v1beta1/interface.go @@ -36,8 +36,6 @@ type Interface interface { KnownServers() KnownServerInformer // NetworkNeighborhoods returns a NetworkNeighborhoodInformer. NetworkNeighborhoods() NetworkNeighborhoodInformer - // NetworkNeighborses returns a NetworkNeighborsInformer. - NetworkNeighborses() NetworkNeighborsInformer // OpenVulnerabilityExchangeContainers returns a OpenVulnerabilityExchangeContainerInformer. OpenVulnerabilityExchangeContainers() OpenVulnerabilityExchangeContainerInformer // SBOMSyfts returns a SBOMSyftInformer. @@ -99,11 +97,6 @@ func (v *version) NetworkNeighborhoods() NetworkNeighborhoodInformer { return &networkNeighborhoodInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } -// NetworkNeighborses returns a NetworkNeighborsInformer. -func (v *version) NetworkNeighborses() NetworkNeighborsInformer { - return &networkNeighborsInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - // OpenVulnerabilityExchangeContainers returns a OpenVulnerabilityExchangeContainerInformer. func (v *version) OpenVulnerabilityExchangeContainers() OpenVulnerabilityExchangeContainerInformer { return &openVulnerabilityExchangeContainerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/generated/informers/externalversions/softwarecomposition/v1beta1/networkneighbors.go b/pkg/generated/informers/externalversions/softwarecomposition/v1beta1/networkneighbors.go deleted file mode 100644 index b7b5fe6b7..000000000 --- a/pkg/generated/informers/externalversions/softwarecomposition/v1beta1/networkneighbors.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - softwarecompositionv1beta1 "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - versioned "github.com/kubescape/storage/pkg/generated/clientset/versioned" - internalinterfaces "github.com/kubescape/storage/pkg/generated/informers/externalversions/internalinterfaces" - v1beta1 "github.com/kubescape/storage/pkg/generated/listers/softwarecomposition/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// NetworkNeighborsInformer provides access to a shared informer and lister for -// NetworkNeighborses. -type NetworkNeighborsInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.NetworkNeighborsLister -} - -type networkNeighborsInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewNetworkNeighborsInformer constructs a new informer for NetworkNeighbors type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewNetworkNeighborsInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredNetworkNeighborsInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredNetworkNeighborsInformer constructs a new informer for NetworkNeighbors type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredNetworkNeighborsInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.SpdxV1beta1().NetworkNeighborses(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.SpdxV1beta1().NetworkNeighborses(namespace).Watch(context.TODO(), options) - }, - }, - &softwarecompositionv1beta1.NetworkNeighbors{}, - resyncPeriod, - indexers, - ) -} - -func (f *networkNeighborsInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredNetworkNeighborsInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *networkNeighborsInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&softwarecompositionv1beta1.NetworkNeighbors{}, f.defaultInformer) -} - -func (f *networkNeighborsInformer) Lister() v1beta1.NetworkNeighborsLister { - return v1beta1.NewNetworkNeighborsLister(f.Informer().GetIndexer()) -} diff --git a/pkg/generated/listers/softwarecomposition/v1beta1/networkneighbors.go b/pkg/generated/listers/softwarecomposition/v1beta1/networkneighbors.go deleted file mode 100644 index 98befd2b4..000000000 --- a/pkg/generated/listers/softwarecomposition/v1beta1/networkneighbors.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// NetworkNeighborsLister helps list NetworkNeighborses. -// All objects returned here must be treated as read-only. -type NetworkNeighborsLister interface { - // List lists all NetworkNeighborses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.NetworkNeighbors, err error) - // NetworkNeighborses returns an object that can list and get NetworkNeighborses. - NetworkNeighborses(namespace string) NetworkNeighborsNamespaceLister - NetworkNeighborsListerExpansion -} - -// networkNeighborsLister implements the NetworkNeighborsLister interface. -type networkNeighborsLister struct { - indexer cache.Indexer -} - -// NewNetworkNeighborsLister returns a new NetworkNeighborsLister. -func NewNetworkNeighborsLister(indexer cache.Indexer) NetworkNeighborsLister { - return &networkNeighborsLister{indexer: indexer} -} - -// List lists all NetworkNeighborses in the indexer. -func (s *networkNeighborsLister) List(selector labels.Selector) (ret []*v1beta1.NetworkNeighbors, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.NetworkNeighbors)) - }) - return ret, err -} - -// NetworkNeighborses returns an object that can list and get NetworkNeighborses. -func (s *networkNeighborsLister) NetworkNeighborses(namespace string) NetworkNeighborsNamespaceLister { - return networkNeighborsNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// NetworkNeighborsNamespaceLister helps list and get NetworkNeighborses. -// All objects returned here must be treated as read-only. -type NetworkNeighborsNamespaceLister interface { - // List lists all NetworkNeighborses in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.NetworkNeighbors, err error) - // Get retrieves the NetworkNeighbors from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.NetworkNeighbors, error) - NetworkNeighborsNamespaceListerExpansion -} - -// networkNeighborsNamespaceLister implements the NetworkNeighborsNamespaceLister -// interface. -type networkNeighborsNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all NetworkNeighborses in the indexer for a given namespace. -func (s networkNeighborsNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.NetworkNeighbors, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.NetworkNeighbors)) - }) - return ret, err -} - -// Get retrieves the NetworkNeighbors from the indexer for a given namespace and name. -func (s networkNeighborsNamespaceLister) Get(name string) (*v1beta1.NetworkNeighbors, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("networkneighbors"), name) - } - return obj.(*v1beta1.NetworkNeighbors), nil -} diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 151e65976..09b87a152 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -107,9 +107,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighborhoodContainer": schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighborhoodContainer(ref), "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighborhoodList": schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighborhoodList(ref), "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighborhoodSpec": schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighborhoodSpec(ref), - "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighbors": schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighbors(ref), - "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighborsList": schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighborsList(ref), - "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighborsSpec": schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighborsSpec(ref), "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkPolicy": schema_pkg_apis_softwarecomposition_v1beta1_NetworkPolicy(ref), "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkPolicyEgressRule": schema_pkg_apis_softwarecomposition_v1beta1_NetworkPolicyEgressRule(ref), "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkPolicyIngressRule": schema_pkg_apis_softwarecomposition_v1beta1_NetworkPolicyIngressRule(ref), @@ -3772,180 +3769,6 @@ func schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighborhoodSpec(ref com } } -func schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighbors(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NetworkNeighbors represents a list of network communications for a specific workload. DEPRECATED - use NetworkNeighborhood instead.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighborsSpec"), - }, - }, - }, - Required: []string{"spec"}, - }, - }, - Dependencies: []string{ - "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighborsSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighborsList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NetworkNeighborsList is a list of NetworkNeighbors. DEPRECATED - use NetworkNeighborhoodList instead.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighbors"), - }, - }, - }, - }, - }, - }, - Required: []string{"items"}, - }, - }, - Dependencies: []string{ - "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighbors", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_pkg_apis_softwarecomposition_v1beta1_NetworkNeighborsSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "matchLabels": { - SchemaProps: spec.SchemaProps{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "matchExpressions": { - SchemaProps: spec.SchemaProps{ - Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"), - }, - }, - }, - }, - }, - "ingress": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "identifier", - "x-kubernetes-patch-strategy": "merge", - }, - }, - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighbor"), - }, - }, - }, - }, - }, - "egress": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "identifier", - "x-kubernetes-patch-strategy": "merge", - }, - }, - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighbor"), - }, - }, - }, - }, - }, - }, - Required: []string{"ingress", "egress"}, - }, - }, - Dependencies: []string{ - "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1.NetworkNeighbor", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"}, - } -} - func schema_pkg_apis_softwarecomposition_v1beta1_NetworkPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/registry/file/generatednetworkpolicy.go b/pkg/registry/file/generatednetworkpolicy.go index 330fb558a..f44d03f75 100644 --- a/pkg/registry/file/generatednetworkpolicy.go +++ b/pkg/registry/file/generatednetworkpolicy.go @@ -7,7 +7,6 @@ import ( "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/storage/pkg/apis/softwarecomposition" - "github.com/kubescape/storage/pkg/apis/softwarecomposition/networkpolicy/v2" "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/attribute" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/pkg/registry/softwarecomposition/networkneighbors/etcd.go b/pkg/registry/softwarecomposition/networkneighbors/etcd.go deleted file mode 100644 index ce5ce80f6..000000000 --- a/pkg/registry/softwarecomposition/networkneighbors/etcd.go +++ /dev/null @@ -1,41 +0,0 @@ -package networkneighbors - -import ( - "github.com/kubescape/storage/pkg/apis/softwarecomposition" - "github.com/kubescape/storage/pkg/registry" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" -) - -// NewREST returns a RESTStorage object that will work against API services. -func NewREST(scheme *runtime.Scheme, storageImpl storage.Interface, optsGetter generic.RESTOptionsGetter) (*registry.REST, error) { - strategy := NewStrategy(scheme) - - dryRunnableStorage := genericregistry.DryRunnableStorage{Codec: nil, Storage: storageImpl} - - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &softwarecomposition.NetworkNeighbors{} }, - NewListFunc: func() runtime.Object { return &softwarecomposition.NetworkNeighborsList{} }, - PredicateFunc: MatchNetworkNeighbor, - DefaultQualifiedResource: softwarecomposition.Resource("networkneighborses"), - SingularQualifiedResource: softwarecomposition.Resource("networkneighbors"), - - Storage: dryRunnableStorage, - - CreateStrategy: strategy, - UpdateStrategy: strategy, - DeleteStrategy: strategy, - - // TODO: define table converter that exposes more than name/creation timestamp - TableConvertor: rest.NewDefaultTableConvertor(softwarecomposition.Resource("networkneighborses")), - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return ®istry.REST{Store: store}, nil -} diff --git a/pkg/registry/softwarecomposition/networkneighbors/strategy.go b/pkg/registry/softwarecomposition/networkneighbors/strategy.go deleted file mode 100644 index f7e701605..000000000 --- a/pkg/registry/softwarecomposition/networkneighbors/strategy.go +++ /dev/null @@ -1,126 +0,0 @@ -package networkneighbors - -import ( - "context" - "fmt" - - "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - "github.com/kubescape/storage/pkg/apis/softwarecomposition" - "github.com/kubescape/storage/pkg/utils" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" -) - -// NewStrategy creates and returns a networkNeighborsStrategy instance -func NewStrategy(typer runtime.ObjectTyper) networkNeighborsStrategy { - return networkNeighborsStrategy{typer, names.SimpleNameGenerator} -} - -// GetAttrs returns labels.Set, fields.Set, and error in case the given runtime.Object is not a Flunder -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - apiserver, ok := obj.(*softwarecomposition.NetworkNeighbors) - if !ok { - return nil, nil, fmt.Errorf("given object is not a NetworkNeighbors") - } - return labels.Set(apiserver.ObjectMeta.Labels), SelectableFields(apiserver), nil -} - -func MatchNetworkNeighbor(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -// SelectableFields returns a field set that represents the object. -func SelectableFields(obj *softwarecomposition.NetworkNeighbors) fields.Set { - return generic.ObjectMetaFieldsSet(&obj.ObjectMeta, true) -} - -type networkNeighborsStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -func (networkNeighborsStrategy) NamespaceScoped() bool { - return true -} - -func (networkNeighborsStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -func (s networkNeighborsStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newNN := obj.(*softwarecomposition.NetworkNeighbors) - oldNN := old.(*softwarecomposition.NetworkNeighbors) - - // completion status cannot be transitioned from 'complete' -> 'partial' - // in such case, we reject status updates - if oldNN.Annotations[helpers.CompletionMetadataKey] == helpers.Complete && newNN.Annotations[helpers.CompletionMetadataKey] == helpers.Partial { - newNN.Annotations[helpers.CompletionMetadataKey] = helpers.Complete - - if v, ok := oldNN.Annotations[helpers.StatusMetadataKey]; ok { - newNN.Annotations[helpers.StatusMetadataKey] = v - } else { - delete(newNN.Annotations, helpers.StatusMetadataKey) - } - } -} - -func (networkNeighborsStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - nn := obj.(*softwarecomposition.NetworkNeighbors) - - allErrors := field.ErrorList{} - - if err := utils.ValidateCompletionAnnotation(nn.Annotations); err != nil { - allErrors = append(allErrors, err) - } - - if err := utils.ValidateStatusAnnotation(nn.Annotations); err != nil { - allErrors = append(allErrors, err) - } - - return allErrors -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (networkNeighborsStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -func (networkNeighborsStrategy) AllowCreateOnUpdate() bool { - return false -} - -func (networkNeighborsStrategy) AllowUnconditionalUpdate() bool { - return false -} - -func (networkNeighborsStrategy) Canonicalize(obj runtime.Object) { -} - -func (networkNeighborsStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - nn := obj.(*softwarecomposition.NetworkNeighbors) - - allErrors := field.ErrorList{} - - if err := utils.ValidateCompletionAnnotation(nn.Annotations); err != nil { - allErrors = append(allErrors, err) - } - - if err := utils.ValidateStatusAnnotation(nn.Annotations); err != nil { - allErrors = append(allErrors, err) - } - - return allErrors -} - -// WarningsOnUpdate returns warnings for the given update. -func (networkNeighborsStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/pkg/registry/softwarecomposition/networkneighbors/strategy_test.go b/pkg/registry/softwarecomposition/networkneighbors/strategy_test.go deleted file mode 100644 index c0b22fbf5..000000000 --- a/pkg/registry/softwarecomposition/networkneighbors/strategy_test.go +++ /dev/null @@ -1,90 +0,0 @@ -package networkneighbors - -import ( - "context" - "testing" - - "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - "github.com/kubescape/storage/pkg/apis/softwarecomposition" - "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func TestPrepareForUpdate(t *testing.T) { - tests := []struct { - name string - oldAnnotations map[string]string - newAnnotations map[string]string - expected map[string]string - }{ - { - name: "transition from complete (with status) to partial - rejected", - oldAnnotations: map[string]string{ - helpers.CompletionMetadataKey: "complete", - helpers.StatusMetadataKey: "initializing", - }, - newAnnotations: map[string]string{ - helpers.CompletionMetadataKey: "partial", - helpers.StatusMetadataKey: "ready", - }, - expected: map[string]string{ - helpers.CompletionMetadataKey: "complete", - helpers.StatusMetadataKey: "initializing", - }, - }, - { - name: "transition from partial (with status) to complete - accepted", - oldAnnotations: map[string]string{ - helpers.CompletionMetadataKey: "partial", - helpers.StatusMetadataKey: "initializing", - }, - newAnnotations: map[string]string{ - helpers.CompletionMetadataKey: "partial", - helpers.StatusMetadataKey: "ready", - }, - expected: map[string]string{ - helpers.CompletionMetadataKey: "partial", - helpers.StatusMetadataKey: "ready", - }, - }, - { - name: "transition from partial (without status) to complete - accepted", - oldAnnotations: map[string]string{ - helpers.CompletionMetadataKey: "partial", - }, - newAnnotations: map[string]string{ - helpers.CompletionMetadataKey: "complete", - helpers.StatusMetadataKey: "ready", - }, - expected: map[string]string{ - helpers.CompletionMetadataKey: "complete", - helpers.StatusMetadataKey: "ready", - }, - }, - { - name: "transition from complete (without status) to partial - rejected", - oldAnnotations: map[string]string{ - helpers.CompletionMetadataKey: "complete", - }, - newAnnotations: map[string]string{ - helpers.CompletionMetadataKey: "partial", - helpers.StatusMetadataKey: "initializing", - }, - expected: map[string]string{ - helpers.CompletionMetadataKey: "complete", - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - s := networkNeighborsStrategy{} - - obj := &softwarecomposition.NetworkNeighbors{ObjectMeta: metav1.ObjectMeta{Annotations: tt.newAnnotations}} - old := &softwarecomposition.NetworkNeighbors{ObjectMeta: metav1.ObjectMeta{Annotations: tt.oldAnnotations}} - - s.PrepareForUpdate(context.Background(), obj, old) - assert.Equal(t, tt.expected, obj.Annotations) - }) - } -}