warning consistency + doc update on IPv6

docs/connlist_output.md

@@ -99,7 +99,11 @@ The frames in the graph represent namespaces of the analyzed cluster.
 ![svg graph](./connlist_example_svg.svg)
 
 
-### Possible warning
+### Possible warnings
 `Route/Ingress specified workload as a backend, but network policies are blocking ingress connections from an arbitrary in-cluster source to this workload. Connectivity map will not include a possibly allowed connection between the ingress controller and this workload.`
 
 Since the analysis assumes the manifest of the ingress controller is unknown, it checks whether an arbitrary workload can access the destination workloads specified in Ingress/Route rules. If such access is not permitted by network policies, this connection is removed from the report. It may be an allowed connection if a network policy specifically allows ingress access to that workload from a specific workload/namespace of the actual ingress controller installed.
+
+`IPv6 addresses are not supported; it will be ignored, and will not appear in the connectivity results.`
+
+While egress rules with `networks` field in an (baseline-)admin-network-policy may select an external destination by IPv6 address format, such addresses will be ignored and omitted from the connectivity report, since the analysis supports only IPv4 addresses for external IP-blocks.

pkg/netpol/eval/internal/k8s/adminnetpol.go

@@ -71,17 +71,17 @@ func (anp *AdminNetworkPolicy) adminPolicyAffectsDirection(isIngress bool) bool
 
 const (
 	anpErrTitle      = "admin network policy"
-	anpErrWarnFormat = anpErrTitle + " %q: %s in rule %q: %s"
+	anpErrWarnFormat = anpErrTitle + " %q: in rule %q: %s"
 )
 
 // anpErr returns string format of an error in a rule in admin netpol
 func (anp *AdminNetworkPolicy) anpRuleErr(ruleName, description string) error {
-	return fmt.Errorf(anpErrWarnFormat, anp.Name, ruleErrTitle, ruleName, description)
+	return fmt.Errorf(anpErrWarnFormat, anp.Name, ruleName, description)
 }
 
 // anpRuleWarning logs a single warning message for an admin network policy rule.
 func (anp *AdminNetworkPolicy) anpRuleWarning(ruleName, warning string) {
-	anp.Logger.Warnf(fmt.Sprintf(anpErrWarnFormat, anp.Name, ruleWarningTitle, ruleName, warning))
+	anp.Logger.Warnf(fmt.Sprintf(anpErrWarnFormat, anp.Name, ruleName, warning))
 }
 
 // logWarnings logs any warnings generated for an admin network policy rule.
@@ -196,11 +196,6 @@ func (anp *AdminNetworkPolicy) GetReferencedIPBlocks() ([]*netset.IPBlock, error
 // But use different types for following fields:
 // Spec, Ingress, Egress, Action, Status - then funcs using/looping any of these fields are not common (sub funcs are common)
 
-const (
-	ruleErrTitle     = "Error  "
-	ruleWarningTitle = "Warning "
-)
-
 // warnings : to contain the warnings from a single rule of an adminNetworkPolicy or a BaselineAdminNetworkPolicy.
 // global to be used in the common func, initialized (cleared) and logged by the relevant (B)ANP calling funcs
 var warnings = []string{}

pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go

@@ -53,17 +53,17 @@ func (banp *BaselineAdminNetworkPolicy) baselineAdminPolicyAffectsDirection(isIn
 
 const (
 	banpErrTitle      = "default baseline admin network policy: "
-	banpErrWarnFormat = banpErrTitle + " %s in rule %q: %s"
+	banpErrWarnFormat = banpErrTitle + " in rule %q: %s"
 )
 
 // banpRuleErr returns string format of an err in a rule in baseline-admin netpol
 func banpRuleErr(ruleName, description string) error {
-	return fmt.Errorf(banpErrWarnFormat, ruleErrTitle, ruleName, description)
+	return fmt.Errorf(banpErrWarnFormat, ruleName, description)
 }
 
 // banpRuleWarning logs a warning message for a specific banp rule.
 func (banp *BaselineAdminNetworkPolicy) banpRuleWarning(ruleName, warning string) {
-	banp.Logger.Warnf(banpErrWarnFormat, ruleWarningTitle, ruleName, warning)
+	banp.Logger.Warnf(banpErrWarnFormat, ruleName, warning)
 }
 
 // logWarnings logs warnings of a given ruleName.

pkg/netpol/eval/internal/k8s/netpol.go

@@ -417,7 +417,7 @@ func (np *NetworkPolicy) GetIngressAllowedConns(src, dst Peer) (*common.Connecti
 }
 
 func (np *NetworkPolicy) netpolWarning(description string) string {
-	return fmt.Sprintf("Network policy %q: %s", np.fullName(), description)
+	return fmt.Sprintf("network policy %q: %s", np.fullName(), description)
 }
 
 func (np *NetworkPolicy) netpolErr(title, description string) error {