diff --git a/cmd/analyzer/subcmds/analysis.go b/cmd/analyzer/subcmds/analysis.go index 90b7b8f71..dba5b5b4f 100644 --- a/cmd/analyzer/subcmds/analysis.go +++ b/cmd/analyzer/subcmds/analysis.go @@ -9,6 +9,7 @@ package subcmds import ( "errors" "fmt" + "slices" "github.com/spf13/cobra" @@ -79,8 +80,21 @@ func analysisVPCConfigs(cmd *cobra.Command, inArgs *inArgs, analysisType vpcmode return err } outFormat := inArgs.outputFormat.ToModelFormat() + consistencyEdgesExternal := slices.Contains([]vpcmodel.OutFormat{vpcmodel.DRAWIO, vpcmodel.SVG, vpcmodel.HTML}, + outFormat) + var groupingType int + switch { + case !inArgs.grouping && !consistencyEdgesExternal: + groupingType = vpcmodel.NoGroupingNoConsistencyEdges + case !inArgs.grouping && consistencyEdgesExternal: + groupingType = vpcmodel.NoGroupingWithConsistencyEdges + case inArgs.grouping && !consistencyEdgesExternal: + groupingType = vpcmodel.GroupingNoConsistencyEdges + default: + groupingType = vpcmodel.GroupingWithConsistencyEdges + } og, err := vpcmodel.NewOutputGenerator(vpcConfigs, - inArgs.grouping, + groupingType, analysisType, false, inArgs.explanationArgs, outFormat, inArgs.lbAbstraction) diff --git a/pkg/commonvpc/testfunc/analysis_output_test_functionality.go b/pkg/commonvpc/testfunc/analysis_output_test_functionality.go index 948051757..2acae47bb 100644 --- a/pkg/commonvpc/testfunc/analysis_output_test_functionality.go +++ b/pkg/commonvpc/testfunc/analysis_output_test_functionality.go @@ -15,7 +15,7 @@ import ( type VpcAnalysisTest struct { VpcTestCommon - Grouping bool + GroupingType int NoLbAbstract bool } @@ -24,6 +24,6 @@ func (tt *VpcAnalysisTest) TestAnalysisSingleTest(t *testing.T, mode testMode, r tt.setMode(mode) t.Run(tt.Name, func(t *testing.T) { t.Parallel() - tt.runSingleCommonTest(t, testDir, rc, tt.Grouping, tt.NoLbAbstract, nil) + tt.runSingleCommonTest(t, testDir, rc, tt.GroupingType, tt.NoLbAbstract, nil) }) } diff --git a/pkg/commonvpc/testfunc/common_test_functionality.go b/pkg/commonvpc/testfunc/common_test_functionality.go index 6f8f1989d..a7e567df1 100644 --- a/pkg/commonvpc/testfunc/common_test_functionality.go +++ b/pkg/commonvpc/testfunc/common_test_functionality.go @@ -47,6 +47,7 @@ const ( suffixOutFileDiffEndpoints = "endpointsDiff" suffixOutFileExplain = "explain" suffixOutFileDetail = "_detail" + consistencyEdgesExternal = "_EdgeConsistent" txtOutSuffix = ".txt" mdOutSuffix = ".md" JSONOutSuffix = ".json" @@ -86,6 +87,7 @@ func getTestFileName(testName string, grouping bool, noLbAbstract bool, detailExplain bool, + addConsistencyEdgesExternal bool, format vpcmodel.OutFormat, configName string, allVPCs bool, @@ -128,6 +130,9 @@ func getTestFileName(testName string, if detailExplain { res += suffixOutFileDetail } + if addConsistencyEdgesExternal { + res += consistencyEdgesExternal + } if !allVPCs { res += strings.ReplaceAll(strings.Join(vpcIDs, ""), ":", "") } @@ -174,9 +179,10 @@ func (tt *VpcTestCommon) initTest() { } func (tt *VpcTestCommon) initTestFileNames(uc vpcmodel.OutputUseCase, - vpcName string, allVPCs, detailExplain bool, testDirOut string, grouping, noLbAbstract bool) error { + vpcName string, allVPCs, detailExplain bool, testDirOut string, grouping, noLbAbstract, + addConsistencyEdgesExternal bool) error { expectedFileName, actualFileName, err := getTestFileName( - tt.Name, uc, grouping, noLbAbstract, detailExplain, tt.Format, vpcName, allVPCs, tt.VpcList) + tt.Name, uc, grouping, noLbAbstract, detailExplain, addConsistencyEdgesExternal, tt.Format, vpcName, allVPCs, tt.VpcList) if err != nil { return err } @@ -191,17 +197,23 @@ func (tt *VpcTestCommon) runTestPerUseCase(t *testing.T, uc vpcmodel.OutputUseCase, mode testMode, outDir string, - grouping, noLbAbstract bool, + groupingType int, + noLbAbstract bool, explanationArgs *vpcmodel.ExplanationArgs) error { detailExplain := false if explanationArgs != nil { detailExplain = explanationArgs.Detail } allVpcs := len(tt.VpcList) == 0 - if err := tt.initTestFileNames(uc, "", allVpcs, detailExplain, outDir, grouping, noLbAbstract); err != nil { + grouping := groupingType == vpcmodel.GroupingNoConsistencyEdges || + groupingType == vpcmodel.GroupingWithConsistencyEdges + addConsistencyEdgesExternal := groupingType == vpcmodel.NoGroupingWithConsistencyEdges || + groupingType == vpcmodel.GroupingWithConsistencyEdges + if err := tt.initTestFileNames(uc, "", allVpcs, detailExplain, outDir, grouping, noLbAbstract, + addConsistencyEdgesExternal); err != nil { return err } - og, err := vpcmodel.NewOutputGenerator(cConfigs, grouping, uc, tt.Format == vpcmodel.ARCHDRAWIO, + og, err := vpcmodel.NewOutputGenerator(cConfigs, groupingType, uc, tt.Format == vpcmodel.ARCHDRAWIO, explanationArgs, tt.Format, !noLbAbstract) if err != nil { return err @@ -326,7 +338,7 @@ func (tt *VpcTestCommon) setMode(mode testMode) { } func (tt *VpcTestCommon) runSingleCommonTest(t *testing.T, testDir string, rc commonvpc.ResourcesContainer, - grouping, noLbAbstract bool, explanationArgs *vpcmodel.ExplanationArgs) { + groupingType int, noLbAbstract bool, explanationArgs *vpcmodel.ExplanationArgs) { // init test - set the input/output file names according to test name tt.initTest() @@ -335,7 +347,8 @@ func (tt *VpcTestCommon) runSingleCommonTest(t *testing.T, testDir string, rc co // generate actual output for all use cases specified for this test for _, uc := range tt.UseCases { - err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, grouping, noLbAbstract, explanationArgs) + err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, groupingType, noLbAbstract, + explanationArgs) require.Equal(t, tt.ErrPerUseCase[uc], err, "comparing actual err to expected err") } for uc, outFile := range tt.ActualOutput { diff --git a/pkg/commonvpc/testfunc/explain_test_functionality.go b/pkg/commonvpc/testfunc/explain_test_functionality.go index 488d0b013..f7b4a1c56 100644 --- a/pkg/commonvpc/testfunc/explain_test_functionality.go +++ b/pkg/commonvpc/testfunc/explain_test_functionality.go @@ -42,6 +42,6 @@ func (tt *VpcExplainTest) TestSingleExplain(t *testing.T, mode testMode, rc comm tt.Format = vpcmodel.Text t.Run(tt.Name, func(t *testing.T) { t.Parallel() - tt.runSingleCommonTest(t, explainOut, rc, false, false, explanationArgs) + tt.runSingleCommonTest(t, explainOut, rc, vpcmodel.NoGroupingNoConsistencyEdges, false, explanationArgs) }) } diff --git a/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go b/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go index 128d1e5c6..60f556226 100644 --- a/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go +++ b/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go @@ -14,6 +14,7 @@ import ( "github.com/stretchr/testify/require" "github.com/np-guard/vpc-network-config-analyzer/pkg/commonvpc" + "github.com/np-guard/vpc-network-config-analyzer/pkg/vpcmodel" ) const secJSONOutSuffix = "_2nd.json" @@ -44,7 +45,8 @@ func (tt *VpcDiffTest) runDiffSingleTest(t *testing.T, testDir string, rc common // generate actual output for all use cases specified for this test for _, uc := range tt.UseCases { - err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, false, false, nil) + err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, vpcmodel.NoGroupingNoConsistencyEdges, false, + nil) require.Equal(t, tt.ErrPerUseCase[uc], err, "comparing diff's actual err to expected err") } for uc, outFile := range tt.ActualOutput { diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 7c5a236bb..435c2a673 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -60,7 +60,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -68,7 +68,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // batch1: cover all use-cases, with text output Format , no Grouping { @@ -92,7 +92,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -100,7 +100,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -138,7 +138,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -146,7 +146,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // respond enabled only on part of the TCP connection { @@ -155,7 +155,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -163,7 +163,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // batch2.5: only vsi-level use-case, with Grouping , drawio Format @@ -173,7 +173,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -181,7 +181,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -189,7 +189,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -197,7 +197,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -205,7 +205,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, //batch3: only vsi-level use-case, no Grouping, with md output formats @@ -279,7 +279,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // iks-nodes example // iks_config_object example has three SG, one of them two targets - a pgw and a LB. @@ -295,7 +295,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -303,7 +303,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, // json examples @@ -403,7 +403,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { @@ -427,7 +427,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // multivpc drawio: { @@ -443,7 +443,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -458,7 +458,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // resource group filtering example // ete-storage-project and ete-backup-and-storage vpcs expected to be filtered out @@ -488,7 +488,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -496,7 +496,6 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: false, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -504,7 +503,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -512,7 +511,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.ARCHSVG, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // commented until https://github.com/np-guard/vpc-network-config-analyzer/issues/847 is fixed // { @@ -528,7 +527,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -536,7 +535,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -545,7 +544,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, // LB examples: @@ -555,7 +554,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -570,7 +569,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -578,7 +577,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -586,7 +585,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -595,7 +594,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -603,7 +602,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -642,7 +641,6 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: false, NoLbAbstract: true, }, { @@ -651,7 +649,6 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: false, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -659,7 +656,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -668,7 +665,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -676,7 +673,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -685,7 +682,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -693,7 +690,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -701,21 +698,71 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, + }, + // tests for AddConsistencyEdgesExternal + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + GroupingType: vpcmodel.NoGroupingWithConsistencyEdges, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + GroupingType: vpcmodel.NoGroupingWithConsistencyEdges, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + GroupingType: vpcmodel.GroupingWithConsistencyEdges, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + GroupingType: vpcmodel.GroupingWithConsistencyEdges, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "iks_config_object", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + GroupingType: vpcmodel.GroupingWithConsistencyEdges, + NoLbAbstract: true, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "iks_config_object", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + GroupingType: vpcmodel.GroupingWithConsistencyEdges, + NoLbAbstract: true, }, } // uncomment the function below to run for updating the expected output -/* -func TestReportWithGeneration(t *testing.T) { + +/*func TestReportWithGeneration(t *testing.T) { // tests is the list of tests to run for testIdx := range tests { tt := tests[testIdx] tt.TestAnalysisSingleTest(t, testfunc.OutputGeneration, &IBMresourcesContainer{}, analysisOut, tt.InputConfig) } fmt.Println("done") -} -*/ +}*/ func TestReportWithComparison(t *testing.T) { // tests is the list of tests to run diff --git a/pkg/ibmvpc/connectivityAnalysis_test.go b/pkg/ibmvpc/connectivityAnalysis_test.go index 9128748f4..1f341b2e0 100644 --- a/pkg/ibmvpc/connectivityAnalysis_test.go +++ b/pkg/ibmvpc/connectivityAnalysis_test.go @@ -196,7 +196,7 @@ func TestAnalyzeConnectivity4(t *testing.T) { func runConnectivityTest(t *testing.T, tc *testNodesConfig, ncList []*naclConfig, expectedStrResult string) { c := createConfigFromTestConfig(tc, ncList) - connectivity, err := c.GetVPCNetworkConnectivity(false, false) + connectivity, err := c.GetVPCNetworkConnectivity(false, vpcmodel.NoGroupingNoConsistencyEdges) require.Nil(t, err) connectivityStr := connectivity.String() fmt.Println(connectivityStr) @@ -372,7 +372,7 @@ vsi-2[10.240.20.4] => vsi-1[10.240.10.4] : All Connections */ func TestAnalyzeConnectivity(t *testing.T) { c := NewSimpleVPCConfig() - connectivity, err := c.GetVPCNetworkConnectivity(false, false) + connectivity, err := c.GetVPCNetworkConnectivity(false, vpcmodel.NoGroupingNoConsistencyEdges) require.Nil(t, err) connectivityStr := connectivity.String() fmt.Println(connectivityStr) diff --git a/pkg/ibmvpc/examples/out/analysis_out/iks_config_object_all_vpcs__with_grouping_no_lbAbstract_EdgeConsistent.txt b/pkg/ibmvpc/examples/out/analysis_out/iks_config_object_all_vpcs__with_grouping_no_lbAbstract_EdgeConsistent.txt new file mode 100644 index 000000000..dc1267e85 --- /dev/null +++ b/pkg/ibmvpc/examples/out/analysis_out/iks_config_object_all_vpcs__with_grouping_no_lbAbstract_EdgeConsistent.txt @@ -0,0 +1,292 @@ +Endpoint connectivity for VPC ky-test-vpc +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP src-ports: 443 +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP src-ports: 443 +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP src-ports: 443 +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-clusterid:1[192.168.32.5] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.32.4],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.36.4],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.40.4],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-node[192.168.0.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.0.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.0.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.0.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.16.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.16.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.16.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.20.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.20.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.20.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.24.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.24.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.24.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => Public Internet (all ranges) : All Connections +iks-node[192.168.32.4] => Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 : All Connections +iks-node[192.168.32.4] => Public Internet 161.26.0.0/16,166.8.0.0/14 : All Connections +iks-node[192.168.32.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.32.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.32.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.32.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => Public Internet (all ranges) : All Connections +iks-node[192.168.36.4] => Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 : All Connections +iks-node[192.168.36.4] => Public Internet 161.26.0.0/16,166.8.0.0/14 : All Connections +iks-node[192.168.36.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.36.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.36.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.36.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.4.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.4.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.4.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => Public Internet (all ranges) : All Connections +iks-node[192.168.40.4] => Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 : All Connections +iks-node[192.168.40.4] => Public Internet 161.26.0.0/16,166.8.0.0/14 : All Connections +iks-node[192.168.40.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.40.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.40.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.40.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.8.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.8.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.8.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 diff --git a/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt new file mode 100644 index 000000000..9df87f9c7 --- /dev/null +++ b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt @@ -0,0 +1,16 @@ +Endpoint connectivity for VPC test-vpc1-ky +Public Internet 147.235.219.206/32 => vsi2-ky[10.240.20.4] : protocol: TCP dst-ports: 22 +db-endpoint-gateway-ky[10.240.30.6] => vsi1-ky[10.240.10.4] : All Connections +db-endpoint-gateway-ky[10.240.30.6] => vsi3a-ky[10.240.30.5] : All Connections +vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/7 : protocol: ICMP +vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/8 : protocol: ICMP +vsi1-ky[10.240.10.4] => Public Internet 161.26.0.0/16 : protocol: UDP +vsi2-ky[10.240.20.4] => Public Internet 142.0.0.0/8 : protocol: ICMP +vsi2-ky[10.240.20.4] => vsi1-ky[10.240.10.4] : All Connections +vsi2-ky[10.240.20.4] => vsi3b-ky[10.240.30.4] : protocol: TCP +vsi3a-ky[10.240.30.5] => db-endpoint-gateway-ky[10.240.30.6] : All Connections +vsi3a-ky[10.240.30.5] => vsi1-ky[10.240.10.4] : All Connections +vsi3b-ky[10.240.30.4] => db-endpoint-gateway-ky[10.240.30.6] : All Connections +vsi3b-ky[10.240.30.4] => vsi1-ky[10.240.10.4] : All Connections +vsi3b-ky[10.240.30.4] => vsi2-ky[10.240.20.4] : protocol: TCP +vsi3b-ky[10.240.30.4] => vsi3a-ky[10.240.30.5] : All Connections diff --git a/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__with_grouping_EdgeConsistent.txt b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__with_grouping_EdgeConsistent.txt new file mode 100644 index 000000000..9dd986906 --- /dev/null +++ b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__with_grouping_EdgeConsistent.txt @@ -0,0 +1,11 @@ +Endpoint connectivity for VPC test-vpc1-ky +Public Internet 147.235.219.206/32 => vsi2-ky[10.240.20.4] : protocol: TCP dst-ports: 22 +db-endpoint-gateway-ky[10.240.30.6],vsi3a-ky[10.240.30.5],vsi3b-ky[10.240.30.4] => db-endpoint-gateway-ky[10.240.30.6],vsi3a-ky[10.240.30.5] : All Connections +db-endpoint-gateway-ky[10.240.30.6],vsi3a-ky[10.240.30.5],vsi3b-ky[10.240.30.4] => vsi1-ky[10.240.10.4] : All Connections +vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/7 : protocol: ICMP +vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/8 : protocol: ICMP +vsi1-ky[10.240.10.4] => Public Internet 161.26.0.0/16 : protocol: UDP +vsi2-ky[10.240.20.4] => Public Internet 142.0.0.0/8 : protocol: ICMP +vsi2-ky[10.240.20.4] => vsi1-ky[10.240.10.4] : All Connections +vsi2-ky[10.240.20.4] => vsi3b-ky[10.240.30.4] : protocol: TCP +vsi3b-ky[10.240.30.4] => vsi2-ky[10.240.20.4] : protocol: TCP diff --git a/pkg/ibmvpc/explainability_test.go b/pkg/ibmvpc/explainability_test.go index 69f7de9df..1a7666584 100644 --- a/pkg/ibmvpc/explainability_test.go +++ b/pkg/ibmvpc/explainability_test.go @@ -966,7 +966,7 @@ func TestMultiExplainSanity1(t *testing.T) { groupedConns := make(map[string]*vpcmodel.GroupConnLines) nodesConn := make(map[string]*vpcmodel.VPCConnectivity) for i, vpcConfig := range vpcsConfig.Configs() { - thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, false) + thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, vpcmodel.NoGroupingNoConsistencyEdges) if err != nil { fmt.Printf("%v. %s", i, err.Error()) } @@ -990,7 +990,7 @@ func TestMultiExplainSanity2(t *testing.T) { groupedConns := make(map[string]*vpcmodel.GroupConnLines) nodesConn := make(map[string]*vpcmodel.VPCConnectivity) for i, vpcConfig := range vpcsConfig.Configs() { - thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, false) + thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, vpcmodel.NoGroupingNoConsistencyEdges) if err != nil { fmt.Printf("%v. %s", i, err.Error()) } diff --git a/pkg/ibmvpc/groupingUnification_test.go b/pkg/ibmvpc/groupingUnification_test.go index a049ca02c..3e65bb290 100644 --- a/pkg/ibmvpc/groupingUnification_test.go +++ b/pkg/ibmvpc/groupingUnification_test.go @@ -19,7 +19,7 @@ func TestGroupingUnification(t *testing.T) { vpcConfigMultiVpc := getConfig(t, "iks_workers_large") require.NotNil(t, vpcConfigMultiVpc, "vpcConfigMultiVpc equals nil") - og, err := vpcmodel.NewOutputGenerator(vpcConfigMultiVpc, true, + og, err := vpcmodel.NewOutputGenerator(vpcConfigMultiVpc, vpcmodel.GroupingNoConsistencyEdges, vpcmodel.AllEndpoints, false, nil, vpcmodel.DRAWIO, true) if err != nil { fmt.Println(err.Error()) diff --git a/pkg/ibmvpc/synthesis_output_test.go b/pkg/ibmvpc/synthesis_output_test.go index ae0016591..18249d908 100644 --- a/pkg/ibmvpc/synthesis_output_test.go +++ b/pkg/ibmvpc/synthesis_output_test.go @@ -54,14 +54,14 @@ var synthesisTests = []*testfunc.VpcAnalysisTest{ InputConfig: "acl_testing5", UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "subnet_grouping", UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, } diff --git a/pkg/linter/linterExecute.go b/pkg/linter/linterExecute.go index 78a7d5ae4..d2bce589e 100644 --- a/pkg/linter/linterExecute.go +++ b/pkg/linter/linterExecute.go @@ -56,7 +56,8 @@ func generateLinters(configs map[string]*vpcmodel.VPCConfig, nodeConn map[string func computeConnectivity(configs map[string]*vpcmodel.VPCConfig) (map[string]*vpcmodel.VPCConnectivity, error) { nodesConn := map[string]*vpcmodel.VPCConnectivity{} for uid, vpcConfig := range configs { - nodesConnThisCfg, err := vpcConfig.GetVPCNetworkConnectivity(false, true) + nodesConnThisCfg, err := vpcConfig.GetVPCNetworkConnectivity(true, + vpcmodel.NoGroupingNoConsistencyEdges) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/explainabilityConnectivity.go b/pkg/vpcmodel/explainabilityConnectivity.go index e7cd0f0e0..6ed5e6d9d 100644 --- a/pkg/vpcmodel/explainabilityConnectivity.go +++ b/pkg/vpcmodel/explainabilityConnectivity.go @@ -101,7 +101,7 @@ func (c *MultipleVPCConfigs) ExplainConnectivity(src, dst string, connQuery *con // No VPCConfig to work with in this case, thus, this case is treated separately return &Explanation{connQuery: connQuery, src: src, dst: dst, srcNodes: srcNodes, dstNodes: dstNodes}, nil } - connectivity, err1 := vpcConfig.GetVPCNetworkConnectivity(false, false) // computes connectivity + connectivity, err1 := vpcConfig.GetVPCNetworkConnectivity(false, NoGroupingNoConsistencyEdges) // computes connectivity if err1 != nil { return nil, err1 } diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index fee87677e..413291152 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -19,6 +19,13 @@ import ( const commaSeparator = "," +const ( + NoGroupingNoConsistencyEdges = iota + NoGroupingWithConsistencyEdges + GroupingNoConsistencyEdges + GroupingWithConsistencyEdges +) + // for each line here can group list of external nodes to cidrs list as of one element // groupedNodesInfo contains the list of nodes to be grouped and their common connection properties type groupingConnections map[EndpointElem]map[string]*groupedExternalNodesInfo @@ -81,22 +88,22 @@ func newGroupingConnections() *groupingConnections { } func newGroupConnLines(c *VPCConfig, v *VPCConnectivity, - grouping bool) (res *GroupConnLines, err error) { + groupingType int) (res *GroupConnLines, err error) { res = &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err = res.computeGrouping(true, grouping) + err = res.computeGrouping(true, groupingType) return res, err } func newGroupConnLinesSubnetConnectivity(c *VPCConfig, s *VPCsubnetConnectivity, - grouping bool) (res *GroupConnLines, err error) { + groupingType int) (res *GroupConnLines, err error) { res = &GroupConnLines{config: c, subnetsConn: s, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err = res.computeGrouping(false, grouping) + err = res.computeGrouping(false, groupingType) return res, err } @@ -329,7 +336,7 @@ func getSubnetOrVPCUID(ep EndpointElem) string { // group public internet ranges for vsis/subnets connectivity lines // internal (vsi/subnets) are added as is -func (g *GroupConnLines) groupExternalAddresses(vsi bool) error { +func (g *GroupConnLines) groupExternalAddresses(vsi, addConsistencyEdgesExternal bool) error { res := []*groupedConnLine{} var allowedConnsCombinedResponsive GeneralResponsiveConnectivityMap if vsi { @@ -362,6 +369,9 @@ func (g *GroupConnLines) groupExternalAddresses(vsi bool) error { } } g.appendGrouped(res) + if addConsistencyEdgesExternal { + g.consistencyEdgesExternal() + } return nil } @@ -568,8 +578,11 @@ func unifiedGroupedElems(srcOrDst EndpointElem, // computeGrouping does the grouping; for vsis (all_endpoints analysis) // if vsi = true otherwise for subnets (all_subnets analysis) // external endpoints are always grouped; vsis/subnets are grouped iff grouping is true -func (g *GroupConnLines) computeGrouping(vsi, grouping bool) (err error) { - err = g.groupExternalAddresses(vsi) +func (g *GroupConnLines) computeGrouping(vsi bool, groupingType int) (err error) { + addConsistencyEdgesExternal := groupingType == NoGroupingWithConsistencyEdges || + groupingType == GroupingWithConsistencyEdges + grouping := groupingType == GroupingNoConsistencyEdges || groupingType == GroupingWithConsistencyEdges + err = g.groupExternalAddresses(vsi, addConsistencyEdgesExternal) if err != nil { return err } diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go new file mode 100644 index 000000000..16094b502 --- /dev/null +++ b/pkg/vpcmodel/groupingGraphical.go @@ -0,0 +1,134 @@ +/* +Copyright 2023- IBM Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package vpcmodel + +import ( + "github.com/np-guard/models/pkg/ipblock" +) + +// for the graphical (html, drawio, svg) representation. In the graph presentation, each node must have all relevant edges. +// this is not the case in the textual presentation. E.g., a textual presentation may look like: +// 142.0.64.0/17 ->vsi2 +// 142.0.0.0/16 -> vsi1 +// 0.0.0.0/0 -> vsi3 +// 142.0.64.0/17 should also be connected to vsi1 and vsi3 +// In order to add missing edges, we go over all the endpoints in grouping that present external nodes, and check for containment +// if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 are added to e1 +func (g *GroupConnLines) consistencyEdgesExternal() { + // 1. Gets a map from external endpoints name to their IPs + eeNameToIPBlock := getMapToIps(g.GroupedLines) + // 2. Gets a map from external endpoints name to their endpoint + eeNameToEE := getMapToEPEs(g.GroupedLines) + // 3. Gets a map from external endpoint name to all the endpoint it contains + containedMap := getContainedEndpointMap(eeNameToIPBlock, eeNameToEE) + // 4. Add edges, based on the above map (3) + g.addEdgesOfContainingEPs(containedMap) +} + +// gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock +func getMapToIps(grouped []*groupedConnLine) map[string]*ipblock.IPBlock { + eeToIPBlock := map[string]*ipblock.IPBlock{} + for _, line := range grouped { + addExternalEndpointToMap(line.Src, eeToIPBlock) + addExternalEndpointToMap(line.Dst, eeToIPBlock) + } + return eeToIPBlock +} + +// gets []*groupedConnLine and returns a map from the string presentation of each endpoint to the endpoint element +func getMapToEPEs(grouped []*groupedConnLine) map[string]EndpointElem { + eeNameToEE := map[string]EndpointElem{} + for _, line := range grouped { + if line.Src.IsExternal() { + eeNameToEE[line.Src.Name()] = line.Src + } else if line.Dst.IsExternal() { + eeNameToEE[line.Dst.Name()] = line.Dst + } + } + return eeNameToEE +} + +func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipblock.IPBlock) { + if !ee.IsExternal() { + return + } + _, ok := endpointsIPBlocks[ee.Name()] + if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines + return + } + endpointsIPBlocks[ee.Name()] = groupedExternalToIPBlock(ee.(*groupedExternalNodes)) +} + +func groupedExternalToIPBlock(ee *groupedExternalNodes) *ipblock.IPBlock { + var res = ipblock.New() + for _, e := range *ee { + res = res.Union(e.ipblock) + } + return res +} + +// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that +// it contained (if any) +func getContainedEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock, + eeNameToEE map[string]EndpointElem) map[string][]EndpointElem { + containedMap := map[string][]EndpointElem{} + for containingEP, containingIP := range endpointsIPBlocks { + containedEPs := []EndpointElem{} + for containedEP, containedIP := range endpointsIPBlocks { + if containedEP == containingEP { + continue + } + if containedIP.ContainedIn(containingIP) { + containedEPs = append(containedEPs, eeNameToEE[containedEP]) + } + } + if len(containedEPs) > 0 { + containedMap[containingEP] = containedEPs + } + } + return containedMap +} + +// iterates over all grouped lines, and for each line adds edges implied by it +func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]EndpointElem) { + for _, line := range g.GroupedLines { + g.addEdgesImpliedOfLine(line, containedMap) + } +} + +// Given a grouping line - l - if one of its ends - e - is external, adds implied edges to all contained external nodes. +// Specifically, iterates over the contained external nodes of e, and for each such node - c - +// adds a line whose internal endpoint is the same as l and external endpoint is c +func (g *GroupConnLines) addEdgesImpliedOfLine(line *groupedConnLine, containedMap map[string][]EndpointElem) { + srcExternal := line.Src.IsExternal() + dstExternal := line.Dst.IsExternal() + if !srcExternal && !dstExternal { + return + } + var containingNode EndpointElem + switch { + // by design, either src or dst can not be both external + case srcExternal: + containingNode = line.Src + case dstExternal: + containingNode = line.Dst + default: + return + } + for _, containedExternal := range containedMap[containingNode.Name()] { + // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" + // end of the edges will always be internal, since "this" edge is not internal. + // Grouping per internal endpoints is done (if requested) after this point + if srcExternal { + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: containedExternal, + Dst: line.Dst, CommonProperties: line.CommonProperties}) + } else { // dstExternal + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: line.Src, + Dst: containedExternal, CommonProperties: line.CommonProperties}) + } + } +} diff --git a/pkg/vpcmodel/grouping_test.go b/pkg/vpcmodel/grouping_test.go index 5b17df392..615892cba 100644 --- a/pkg/vpcmodel/grouping_test.go +++ b/pkg/vpcmodel/grouping_test.go @@ -203,7 +203,7 @@ func TestGroupingPhase1(t *testing.T) { c, v := newVPCConfigTest1() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) groupingStr := res.String(c) @@ -218,7 +218,7 @@ func TestGroupingPhase2(t *testing.T) { res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} // phase 1 - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) groupingStr := res.String(c) require.Equal(t, "vsi1 => Public Internet 1.2.0.0/22,8.8.8.8/32 : All Connections\n"+ @@ -260,7 +260,7 @@ func TestResponsiveGrouping(t *testing.T) { c, v := configResponsiveGrouping() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(true, true) groupingStr := res.String(c) @@ -293,7 +293,7 @@ func TestIPRange(t *testing.T) { c, v := configIPRange() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(true, true) groupingStr := res.String(c) @@ -331,7 +331,7 @@ func TestSelfLoopClique(t *testing.T) { c, v := configSelfLoopClique() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(true, true) groupingStr := res.String(c) @@ -371,7 +371,7 @@ func TestSelfLoopCliqueDiffSubnets(t *testing.T) { c, v := configSelfLoopCliqueDiffSubnets() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(true, true) res.groupInternalSrcOrDst(false, true) @@ -411,7 +411,7 @@ func TestSimpleSelfLoop(t *testing.T) { c, v := configSimpleSelfLoop() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(false, true) res.groupInternalSrcOrDst(true, true) @@ -462,7 +462,7 @@ func TestConfigSelfLoopCliqueLace(t *testing.T) { c, v := configSelfLoopCliqueLace() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(false, true) res.groupInternalSrcOrDst(true, true) @@ -509,7 +509,7 @@ func TestSubnetSelfLoop(t *testing.T) { res := &GroupConnLines{config: c, subnetsConn: s, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(false) + err := res.groupExternalAddresses(false, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(false, false) res.groupInternalSrcOrDst(true, false) diff --git a/pkg/vpcmodel/nodesConnectivity.go b/pkg/vpcmodel/nodesConnectivity.go index 88d34cb71..a75cb4373 100644 --- a/pkg/vpcmodel/nodesConnectivity.go +++ b/pkg/vpcmodel/nodesConnectivity.go @@ -22,7 +22,7 @@ import ( // (3) compute AllowedConnsCombinedResponsive extension of AllowedConnsCombined to contain accurate responsive info // (4) if lbAbstraction required - abstract each lb separately // (5) if grouping required - compute grouping of connectivity results -func (c *VPCConfig) GetVPCNetworkConnectivity(grouping, lbAbstraction bool) (res *VPCConnectivity, err error) { +func (c *VPCConfig) GetVPCNetworkConnectivity(lbAbstraction bool, groupingType int) (res *VPCConnectivity, err error) { res = &VPCConnectivity{ AllowedConnsPerLayer: map[Node]map[string]*ConnectivityResult{}, } @@ -65,7 +65,7 @@ func (c *VPCConfig) GetVPCNetworkConnectivity(grouping, lbAbstraction bool) (res return nil, err3 } res.abstractLoadBalancers(c.LoadBalancers, lbAbstraction) - res.GroupedConnectivity, err = newGroupConnLines(c, res, grouping) + res.GroupedConnectivity, err = newGroupConnLines(c, res, groupingType) return res, err } diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index a935d2fe7..d0795d8fe 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -62,7 +62,7 @@ const ( // the functionality to generate the analysis output in various formats, for that vpc type OutputGenerator struct { configs *MultipleVPCConfigs - outputGrouping bool + outputGrouping bool // todo: is this needed??? (SM) lbAbstraction bool useCase OutputUseCase nodesConn map[string]*VPCConnectivity @@ -72,11 +72,12 @@ type OutputGenerator struct { detailExplain bool } -func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUseCase, - archOnly bool, explanationArgs *ExplanationArgs, f OutFormat, lbAbstraction bool) (*OutputGenerator, error) { +func NewOutputGenerator(cConfigs *MultipleVPCConfigs, groupingType int, uc OutputUseCase, + archOnly bool, explanationArgs *ExplanationArgs, f OutFormat, + lbAbstraction bool) (*OutputGenerator, error) { res := &OutputGenerator{ configs: cConfigs, - outputGrouping: grouping, + outputGrouping: groupingType == GroupingWithConsistencyEdges || groupingType == GroupingNoConsistencyEdges, lbAbstraction: lbAbstraction, useCase: uc, nodesConn: map[string]*VPCConnectivity{}, @@ -88,7 +89,7 @@ func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUs switch uc { case AllEndpoints: for i, vpcConfig := range cConfigs.Configs() { - nodesConn, err := vpcConfig.GetVPCNetworkConnectivity(grouping, res.lbAbstraction) + nodesConn, err := vpcConfig.GetVPCNetworkConnectivity(res.lbAbstraction, groupingType) if err != nil { return nil, err } @@ -96,7 +97,7 @@ func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUs } case AllSubnets: for i, vpcConfig := range cConfigs.Configs() { - subnetsConn, err := vpcConfig.GetSubnetsConnectivity(true, grouping) + subnetsConn, err := vpcConfig.GetSubnetsConnectivity(true, groupingType) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 1b69df9be..fadf31db6 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -118,13 +118,13 @@ func (configs configsForDiff) GetDiff() (*diffBetweenCfgs, error) { func (c *VPCConfig) getAllowedResponsiveConnections( diffAnalysis diffAnalysisType) (responsiveConnectivityMap GeneralResponsiveConnectivityMap, err error) { if diffAnalysis == Subnets { - subnetsConn, err := c.GetSubnetsConnectivity(true, false) + subnetsConn, err := c.GetSubnetsConnectivity(true, NoGroupingNoConsistencyEdges) if err != nil { return nil, err } return subnetsConn.AllowedConnsCombinedResponsive, err } else if diffAnalysis == Vsis { - connectivity1, err := c.GetVPCNetworkConnectivity(false, false) + connectivity1, err := c.GetVPCNetworkConnectivity(false, NoGroupingNoConsistencyEdges) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 2df029b44..0a420e9ad 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -172,7 +172,7 @@ func getSubnetsWithPGW(c *VPCConfig) map[string]bool { } // the main function to compute connectivity per subnet based on resources that capture subnets, such as nacl, pgw, tgw, routing-tables -func (c *VPCConfig) GetSubnetsConnectivity(includePGW, grouping bool) (*VPCsubnetConnectivity, error) { +func (c *VPCConfig) GetSubnetsConnectivity(includePGW bool, groupingType int) (*VPCsubnetConnectivity, error) { var subnetsConnectivityFromACLresources map[string]*IPbasedConnectivityResult var err error for _, fl := range c.FilterResources { @@ -225,7 +225,7 @@ func (c *VPCConfig) GetSubnetsConnectivity(includePGW, grouping bool) (*VPCsubne return nil, err4 } - groupedConnectivity, err5 := newGroupConnLinesSubnetConnectivity(c, res, grouping) + groupedConnectivity, err5 := newGroupConnLinesSubnetConnectivity(c, res, groupingType) if err5 != nil { return nil, err5 }