From 602eac04ce21386f2a47d5e8a1eae36304d8ef62 Mon Sep 17 00:00:00 2001 From: shireenf-ibm Date: Tue, 31 Oct 2023 20:59:28 +0200 Subject: [PATCH] avoid ingress-controller name and ns duplication --- pkg/netpol/common/netpol_commands_common.go | 8 ++++++++ pkg/netpol/connlist/connlist.go | 4 ++-- .../connlist/internal/ingressanalyzer/ingress_analyzer.go | 7 ------- pkg/netpol/diff/diff.go | 5 +---- 4 files changed, 11 insertions(+), 13 deletions(-) diff --git a/pkg/netpol/common/netpol_commands_common.go b/pkg/netpol/common/netpol_commands_common.go index dfdc2a2e..fc4df717 100644 --- a/pkg/netpol/common/netpol_commands_common.go +++ b/pkg/netpol/common/netpol_commands_common.go @@ -11,6 +11,14 @@ type NetpolError interface { Location() string } +// Ingress Controller const - the name and namespace of an ingress-controller pod +const ( + // The actual ingress controller pod is usually unknown and not available in the input resources for the analysis. + // IngressPodName and IngressPodNamespace are used to represent that pod with those placeholder values for name and namespace. + IngressPodName = "ingress-controller" + IngressPodNamespace = "ingress-controller-ns" +) + // formats supported for output of various commands const ( DefaultFormat = "txt" diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index 5f9c6ae2..2e85189f 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -427,7 +427,7 @@ func (ca *ConnlistAnalyzer) getConnectionsList(pe *eval.PolicyEngine, ia *ingres // or if it exists in the peers list from the parsed resources // if not returns a suitable warning message func (ca *ConnlistAnalyzer) existsFocusWorkload(peers []Peer, excludeIngressAnalysis bool) (existFocusWorkload bool, warning string) { - if ca.focusWorkload == ingressanalyzer.IngressPodName { + if ca.focusWorkload == common.IngressPodName { if excludeIngressAnalysis { // if the ingress-analyzer is empty, // then no routes/k8s-ingress objects -> ingrss-controller pod will not be added return false, "The ingress-controller workload was not added to the analysis, since Ingress/Route resources were not found." + @@ -485,7 +485,7 @@ func (ca *ConnlistAnalyzer) getIngressAllowedConnections(ia *ingressanalyzer.Ing return nil, err } // adding the ingress controller pod to the policy engine, - ingressControllerPod, err := pe.AddPodByNameAndNamespace(ingressanalyzer.IngressPodName, ingressanalyzer.IngressPodNamespace) + ingressControllerPod, err := pe.AddPodByNameAndNamespace(common.IngressPodName, common.IngressPodNamespace) if err != nil { return nil, err } diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go index b82ad914..6451c054 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go @@ -31,13 +31,6 @@ import ( "github.com/np-guard/netpol-analyzer/pkg/netpol/scan" ) -const ( - // The actual ingress controller pod is usually unknown and not available in the input resources for the analysis. - // IngressPodName and IngressPodNamespace are used to represent that pod with those placeholder values for name and namespace. - IngressPodName = "ingress-controller" - IngressPodNamespace = "ingress-controller-ns" -) - type serviceInfo struct { // used to populate routesToServicesMap and k8sIngressToServicesMap with their target services info serviceName string diff --git a/pkg/netpol/diff/diff.go b/pkg/netpol/diff/diff.go index 8c01f54c..3b3f9c0e 100644 --- a/pkg/netpol/diff/diff.go +++ b/pkg/netpol/diff/diff.go @@ -257,11 +257,8 @@ func (c *ConnsPair) isSrcOrDstPeerIPType(checkSrc bool) bool { return (checkSrc && src.IsPeerIPType()) || (!checkSrc && dst.IsPeerIPType()) } -// helpers to check if a peer is ingress-controller (a peer created while ingress analysis) -const ingressControllerPodName = "{ingress-controller}" - func isIngressControllerPeer(peer eval.Peer) bool { - return peer.String() == ingressControllerPodName + return peer.Name() == common.IngressPodName } // updateNewOrLostFields updates ConnsPair's newOrLostSrc and newOrLostDst values