Skip to content

Commit

Permalink
avoid ingress-controller name and ns duplication (#260)
Browse files Browse the repository at this point in the history
  • Loading branch information
shireenf-ibm authored Nov 9, 2023
1 parent 3d3f14e commit e1f6b13
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 13 deletions.
8 changes: 8 additions & 0 deletions pkg/netpol/common/netpol_commands_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@ type NetpolError interface {
Location() string
}

// Ingress Controller const - the name and namespace of an ingress-controller pod
const (
// The actual ingress controller pod is usually unknown and not available in the input resources for the analysis.
// IngressPodName and IngressPodNamespace are used to represent that pod with those placeholder values for name and namespace.
IngressPodName = "ingress-controller"
IngressPodNamespace = "ingress-controller-ns"
)

// formats supported for output of various commands
const (
DefaultFormat = "txt"
Expand Down
4 changes: 2 additions & 2 deletions pkg/netpol/connlist/connlist.go
Original file line number Diff line number Diff line change
Expand Up @@ -406,7 +406,7 @@ func (ca *ConnlistAnalyzer) getConnectionsList(pe *eval.PolicyEngine, ia *ingres
// or if it exists in the peers list from the parsed resources
// if not returns a suitable warning message
func (ca *ConnlistAnalyzer) existsFocusWorkload(peers []Peer, excludeIngressAnalysis bool) (existFocusWorkload bool, warning string) {
if ca.focusWorkload == ingressanalyzer.IngressPodName {
if ca.focusWorkload == common.IngressPodName {
if excludeIngressAnalysis { // if the ingress-analyzer is empty,
// then no routes/k8s-ingress objects -> ingrss-controller pod will not be added
return false, "The ingress-controller workload was not added to the analysis, since Ingress/Route resources were not found." +
Expand Down Expand Up @@ -464,7 +464,7 @@ func (ca *ConnlistAnalyzer) getIngressAllowedConnections(ia *ingressanalyzer.Ing
return nil, err
}
// adding the ingress controller pod to the policy engine,
ingressControllerPod, err := pe.AddPodByNameAndNamespace(ingressanalyzer.IngressPodName, ingressanalyzer.IngressPodNamespace)
ingressControllerPod, err := pe.AddPodByNameAndNamespace(common.IngressPodName, common.IngressPodNamespace)
if err != nil {
return nil, err
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,6 @@ import (
"github.com/np-guard/netpol-analyzer/pkg/netpol/manifests/parser"
)

const (
// The actual ingress controller pod is usually unknown and not available in the input resources for the analysis.
// IngressPodName and IngressPodNamespace are used to represent that pod with those placeholder values for name and namespace.
IngressPodName = "ingress-controller"
IngressPodNamespace = "ingress-controller-ns"
)

type serviceInfo struct {
// used to populate routesToServicesMap and k8sIngressToServicesMap with their target services info
serviceName string
Expand Down
5 changes: 1 addition & 4 deletions pkg/netpol/diff/diff.go
Original file line number Diff line number Diff line change
Expand Up @@ -411,11 +411,8 @@ func (c *connsPair) isSrcOrDstPeerIPType(checkSrc bool) bool {
return (checkSrc && src.IsPeerIPType()) || (!checkSrc && dst.IsPeerIPType())
}

// helpers to check if a peer is ingress-controller (a peer created while ingress analysis)
const ingressControllerPodName = "{ingress-controller}"

func isIngressControllerPeer(peer eval.Peer) bool {
return peer.String() == ingressControllerPodName
return peer.Name() == common.IngressPodName
}

// updateNewOrLostFields updates ConnsPair's newOrLostSrc and newOrLostDst values
Expand Down

0 comments on commit e1f6b13

Please sign in to comment.