From 78401ee79c491cb10124e16105814f37e298c321 Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 12 Oct 2023 18:47:54 +0300 Subject: [PATCH 01/31] structs and main functionality of https://github.com/np-guard/vpc-network-config-analyzer/issues/163 --- pkg/common/connectionset.go | 17 +++++++++ pkg/vpcmodel/output.go | 1 + pkg/vpcmodel/semanticDiffSubnets.go | 53 +++++++++++++++++++++++++++++ pkg/vpcmodel/subnetsConnectivity.go | 4 ++- 4 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 pkg/vpcmodel/semanticDiffSubnets.go diff --git a/pkg/common/connectionset.go b/pkg/common/connectionset.go index 079e80e22..4ee9972d8 100644 --- a/pkg/common/connectionset.go +++ b/pkg/common/connectionset.go @@ -524,6 +524,23 @@ func (conn *ConnectionSet) ResponseConnection() *ConnectionSet { return res } +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +///// Diff between ConnectionSet + +// Connection A minus Connection B +type ConnectionSetDiff struct { + ConnectionSet + statefullDiff *ConnectionSet // connection element which is stateful only in A +} + +func (conn *ConnectionSet) ConnectionSet1Minus2(other *ConnectionSet) *ConnectionSet { + // todo: use func (conn *ConnectionSet) Subtract(other *ConnectionSet) *ConnectionSet and note the + // special case in which the connection differs only one being stateful and the other not + return nil +} + +// ToDo up to here in connectionSet + ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// /* diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index ff3512030..48eff9eae 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -60,6 +60,7 @@ func NewOutputGenerator(c *CloudConfig, grouping bool, uc OutputUseCase, archOnl res.subnetsConn = subnetsConn } } + // todo: add for diff return res, nil } diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go new file mode 100644 index 000000000..dff446ed9 --- /dev/null +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -0,0 +1,53 @@ +package vpcmodel + +import "github.com/np-guard/vpc-network-config-analyzer/pkg/common" + +type SubnetsDiff map[EndpointElem]map[EndpointElem]*common.ConnectionSetDiff + +type diffBetweenSubnets struct { + subnet1Connectivity VPCsubnetConnectivity + subnet2Connectivity VPCsubnetConnectivity + subnet1Minus2 SubnetsDiff + subnet2Minus1 SubnetsDiff + + GroupedSubnet1Minus2 *GroupConnLines + GroupedSubnet1Minus1 *GroupConnLines +} + +type DiffType = int + +const ( + NoDiff DiffType = iota + MissingSrcEP + MissingDstEP + MissingSrcDstEP + MissingConnection + ChangedConnection +) + +func (c *CloudConfig) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets, error) { + return nil, nil +} + +// generates from subnet1Connectivity.AllowedConnsCombined and subnet2Connectivity.AllowedConnsCombined +// Two equivalent subnetConnectivity objects s.t. any (src1, dst1) of subnet1Connectivity and +// (src2, dst2) of subnet2Connectivity are either: +// 1. src1 disjoint src2 or dst1 disjoint dst2 +// 2. src1 = src2 and dst1 = dst2 +// +// todo: use DisjointIPBlocks(set1, set2 []*IPBlock) []*IPBlock of ipBlock.go +func (d *diffBetweenSubnets) getConnectivesWithSameIpBlocks() (*subnetConnectivity, *subnetConnectivity) { + return nil, nil +} + +func (connectivity *subnetConnectivity) subnetConnectivitySubtract(other subnetConnectivity) DiffType { + + return NoDiff +} + +// todo: instead of adding functionality to grouping, I plan to have more generic connectivity items that will be grouped +// encode the SubnetsDiff into this generic item as well as the other entities we are grouping +// and then decode in the printing +// the idea is to use instead of *common.ConnectionSet in the grouped entity a string which will encode the connection +// and also the diff where relevant +// this will requires some rewriting in the existing grouping functionality and the way it provides service to subnetsConnectivity and nodesConnectivity diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 8a054ab5f..657b16869 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -7,12 +7,14 @@ import ( "fmt" ) +type subnetConnectivity map[EndpointElem]map[EndpointElem]*common.ConnectionSet + // VPCsubnetConnectivity captures allowed connectivity for subnets, considering nacl and pgw resources type VPCsubnetConnectivity struct { // computed for each node (subnet), by iterating its ConnectivityResult for all relevant VPC resources that capture it AllowedConns map[EndpointElem]*ConfigBasedConnectivityResults // combined connectivity - considering both ingress and egress per connection - AllowedConnsCombined map[EndpointElem]map[EndpointElem]*common.ConnectionSet + AllowedConnsCombined subnetConnectivity CloudConfig *CloudConfig // grouped connectivity result GroupedConnectivity *GroupConnLines From 9a4f947f97e6fe9e6f026508899b360afcbff739 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 15 Oct 2023 16:58:52 +0300 Subject: [PATCH 02/31] Highlevel code and structs --- pkg/common/connectionset.go | 2 +- pkg/vpcmodel/semanticDiffSubnets.go | 102 ++++++++++++++++++++++------ 2 files changed, 82 insertions(+), 22 deletions(-) diff --git a/pkg/common/connectionset.go b/pkg/common/connectionset.go index 4ee9972d8..dc2bfb7d6 100644 --- a/pkg/common/connectionset.go +++ b/pkg/common/connectionset.go @@ -530,7 +530,7 @@ func (conn *ConnectionSet) ResponseConnection() *ConnectionSet { // Connection A minus Connection B type ConnectionSetDiff struct { ConnectionSet - statefullDiff *ConnectionSet // connection element which is stateful only in A + StatefullDiff *ConnectionSet // connection element which is stateful only in A } func (conn *ConnectionSet) ConnectionSet1Minus2(other *ConnectionSet) *ConnectionSet { diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index dff446ed9..37d7cf626 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -2,19 +2,7 @@ package vpcmodel import "github.com/np-guard/vpc-network-config-analyzer/pkg/common" -type SubnetsDiff map[EndpointElem]map[EndpointElem]*common.ConnectionSetDiff - -type diffBetweenSubnets struct { - subnet1Connectivity VPCsubnetConnectivity - subnet2Connectivity VPCsubnetConnectivity - subnet1Minus2 SubnetsDiff - subnet2Minus1 SubnetsDiff - - GroupedSubnet1Minus2 *GroupConnLines - GroupedSubnet1Minus1 *GroupConnLines -} - -type DiffType = int +// ToDo: go over structs specifically * and lack of const ( NoDiff DiffType = iota @@ -25,8 +13,49 @@ const ( ChangedConnection ) -func (c *CloudConfig) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets, error) { - return nil, nil +type connectionDiff struct { + common.ConnectionSetDiff + DiffType +} + +type SubnetsDiff map[EndpointElem]map[EndpointElem]*connectionDiff + +type configsForDiff struct { + config1 *CloudConfig + config2 *CloudConfig +} + +type diffBetweenSubnets struct { + subnet1Subtract2 SubnetsDiff + subnet2Subtract1 SubnetsDiff + + GroupedSubnet1Minus2 *GroupConnLines + GroupedSubnet1Minus1 *GroupConnLines +} + +type DiffType = int + +func (configs configsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets, error) { + // 1. compute connectivity for each of the subnets + subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) + if err != nil { + return nil, nil + } + subnetsConn2, err := configs.config2.GetSubnetsConnectivity(true, grouping) + if err != nil { + return nil, nil + } + + // 2. Computes delta in both directions + subnet1Aligned, subnet2Aligned := subnetsConn1.AllowedConnsCombined.getConnectivesWithSameIpBlocks(subnetsConn2.AllowedConnsCombined) + subnet1Subtract2 := configs.subnetConnectivitySubtract(subnet1Aligned, subnet2Aligned) + subnet2Subtract1 := configs.subnetConnectivitySubtract(subnet2Aligned, subnet1Aligned) + + // 3. ToDo: grouping, see comment at the end of this file + + res := &diffBetweenSubnets{subnet1Subtract2: subnet1Subtract2, + subnet2Subtract1: subnet2Subtract1} + return res, nil } // generates from subnet1Connectivity.AllowedConnsCombined and subnet2Connectivity.AllowedConnsCombined @@ -34,15 +63,46 @@ func (c *CloudConfig) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets, error) // (src2, dst2) of subnet2Connectivity are either: // 1. src1 disjoint src2 or dst1 disjoint dst2 // 2. src1 = src2 and dst1 = dst2 -// -// todo: use DisjointIPBlocks(set1, set2 []*IPBlock) []*IPBlock of ipBlock.go -func (d *diffBetweenSubnets) getConnectivesWithSameIpBlocks() (*subnetConnectivity, *subnetConnectivity) { - return nil, nil +func (connectivity subnetConnectivity) getConnectivesWithSameIpBlocks(other subnetConnectivity) (subnetConnectivity, subnetConnectivity) { + // todo: use DisjointIPBlocks(set1, set2 []*IPBlock) []*IPBlock of ipBlock.go + return connectivity, other } -func (connectivity *subnetConnectivity) subnetConnectivitySubtract(other subnetConnectivity) DiffType { +// assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal +func (configs configsForDiff) subnetConnectivitySubtract(connectivity subnetConnectivity, other subnetConnectivity) SubnetsDiff { + connectivitySubtract := map[EndpointElem]map[EndpointElem]*connectionDiff{} + for src, endpointConns := range connectivity { + for dst, conns := range endpointConns { + if conns.IsEmpty() { + continue + } + + if _, ok := connectivitySubtract[src]; !ok { + connectivitySubtract[src] = map[EndpointElem]*connectionDiff{} + } + if otherSrc, existSrc := other[src]; existSrc { + if otherSrcDst, existDst := otherSrc[dst]; existDst { + diffConnection := conns.Subtract(otherSrcDst) + if diffConnection.IsEmpty() { + continue // no diff + } + connectionSetDiff := common.ConnectionSetDiff{ + *diffConnection, + nil, + } + diffConnectionWithType := &connectionDiff{ + connectionSetDiff, + ChangedConnection, + } + connectivitySubtract[src][dst] = diffConnectionWithType + } + // todo: if src, dst do not exist as node see if src missing in config, dst missing or both missing + // todo: if src and dst both present then call ConnectionSet1Minus2 + } + } + } - return NoDiff + return nil } // todo: instead of adding functionality to grouping, I plan to have more generic connectivity items that will be grouped From 15970f47e916bc120f0cf7c0c9f9b743ad728d73 Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 16 Oct 2023 13:49:45 +0300 Subject: [PATCH 03/31] subnetConnectivitySubtract code; still needs to fill inside functionality code --- pkg/common/connectionset.go | 10 +++- pkg/vpcmodel/semanticDiffSubnets.go | 81 ++++++++++++++++++++++------- 2 files changed, 69 insertions(+), 22 deletions(-) diff --git a/pkg/common/connectionset.go b/pkg/common/connectionset.go index dc2bfb7d6..320ebf1a3 100644 --- a/pkg/common/connectionset.go +++ b/pkg/common/connectionset.go @@ -533,10 +533,16 @@ type ConnectionSetDiff struct { StatefullDiff *ConnectionSet // connection element which is stateful only in A } -func (conn *ConnectionSet) ConnectionSet1Minus2(other *ConnectionSet) *ConnectionSet { +func (conn *ConnectionSet) SubtractWithStateful(other *ConnectionSet) ConnectionSetDiff { // todo: use func (conn *ConnectionSet) Subtract(other *ConnectionSet) *ConnectionSet and note the // special case in which the connection differs only one being stateful and the other not - return nil + diff := ConnectionSetDiff{ConnectionSet{}, + nil} + return diff +} + +func (connn *ConnectionSetDiff) isEmpty() bool { + return false } // ToDo up to here in connectionSet diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index 37d7cf626..734bcec76 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -1,6 +1,8 @@ package vpcmodel -import "github.com/np-guard/vpc-network-config-analyzer/pkg/common" +import ( + "github.com/np-guard/vpc-network-config-analyzer/pkg/common" +) // ToDo: go over structs specifically * and lack of @@ -53,16 +55,41 @@ func (configs configsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets // 3. ToDo: grouping, see comment at the end of this file - res := &diffBetweenSubnets{subnet1Subtract2: subnet1Subtract2, + res := &diffBetweenSubnets{ + subnet1Subtract2: subnet1Subtract2, subnet2Subtract1: subnet2Subtract1} return res, nil } +// for a given EndpointElem (representing a subnet or an external ip) in config return the EndpointElem representing the +// subnet/external address in otherConfig or nil if the subnet does not exist in the other config. +func (config *CloudConfig) getEndpointElemInOtherConfig(other *CloudConfig, ep EndpointElem) *EndpointElem { + if ep.IsExternal() { + for _, node := range other.Nodes { + if node.Name() == ep.Name() { + res := EndpointElem(node) + return &res + } + } + } else { + for _, nodeSet := range other.NodeSets { + if nodeSet.Name() == ep.Name() { + res := EndpointElem(nodeSet) + return &res + } + } + } + return nil +} + // generates from subnet1Connectivity.AllowedConnsCombined and subnet2Connectivity.AllowedConnsCombined // Two equivalent subnetConnectivity objects s.t. any (src1, dst1) of subnet1Connectivity and // (src2, dst2) of subnet2Connectivity are either: // 1. src1 disjoint src2 or dst1 disjoint dst2 // 2. src1 = src2 and dst1 = dst2 +// What is done here is repartitioning the ipBlocks so that the above will hold +// +// todo: verify that the returns objects indeed have exactly the same ipBlocks func (connectivity subnetConnectivity) getConnectivesWithSameIpBlocks(other subnetConnectivity) (subnetConnectivity, subnetConnectivity) { // todo: use DisjointIPBlocks(set1, set2 []*IPBlock) []*IPBlock of ipBlock.go return connectivity, other @@ -76,32 +103,46 @@ func (configs configsForDiff) subnetConnectivitySubtract(connectivity subnetConn if conns.IsEmpty() { continue } - if _, ok := connectivitySubtract[src]; !ok { connectivitySubtract[src] = map[EndpointElem]*connectionDiff{} } - if otherSrc, existSrc := other[src]; existSrc { - if otherSrcDst, existDst := otherSrc[dst]; existDst { - diffConnection := conns.Subtract(otherSrcDst) - if diffConnection.IsEmpty() { - continue // no diff - } - connectionSetDiff := common.ConnectionSetDiff{ - *diffConnection, - nil, - } - diffConnectionWithType := &connectionDiff{ - connectionSetDiff, - ChangedConnection, + srcInOther := configs.config1.getEndpointElemInOtherConfig(configs.config2, src) + dstInOther := configs.config1.getEndpointElemInOtherConfig(configs.config2, dst) + if srcInOther != nil && dstInOther != nil { + if otherSrc, ok := other[*srcInOther]; ok { + if otherSrcDst, ok := otherSrc[*dstInOther]; ok { + subtractConn := conns.SubtractWithStateful(otherSrcDst) + if subtractConn.IsEmpty() { + continue // no diff + } + diffConnectionWithType := &connectionDiff{ + subtractConn, + ChangedConnection, + } + connectivitySubtract[src][dst] = diffConnectionWithType + continue } - connectivitySubtract[src][dst] = diffConnectionWithType } - // todo: if src, dst do not exist as node see if src missing in config, dst missing or both missing - // todo: if src and dst both present then call ConnectionSet1Minus2 } + var diff DiffType + if srcInOther == nil && dstInOther == nil { + diff = MissingSrcDstEP + } else if srcInOther == nil { + diff = MissingSrcEP + } else { + diff = MissingDstEP + } + emptyConnection := common.NewConnectionSet(false) + diffConnectionWithType := &connectionDiff{ + common.ConnectionSetDiff{ + *emptyConnection, + nil, + }, + diff, + } + connectivitySubtract[src][dst] = diffConnectionWithType } } - return nil } From 94000632bd2ce5a203fd7d38f31f1827a6f1aa25 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 17 Oct 2023 09:56:49 +0300 Subject: [PATCH 04/31] Redefined made the connection set diff and added todos --- pkg/common/connectionset.go | 29 ++++++----------------------- pkg/vpcmodel/semanticDiffSubnets.go | 17 ++++++++++------- 2 files changed, 16 insertions(+), 30 deletions(-) diff --git a/pkg/common/connectionset.go b/pkg/common/connectionset.go index 320ebf1a3..c78ba58cd 100644 --- a/pkg/common/connectionset.go +++ b/pkg/common/connectionset.go @@ -191,6 +191,12 @@ func (conn *ConnectionSet) isAllConnectionsWithoutAllowAll() bool { return conn.connectionProperties.Equals(getAllPropertiesObject()) } +// Subtract +// ToDo: Subtract seems to ignore IsStateful: +// 1. is the delta connection stateful +// 2. connectionProperties is identical but conn stateful while other is not +// the 2nd item can be computed here, with enhancement to relevant structure +// the 1st can not since we do not know where exactly the statefullness came from func (conn *ConnectionSet) Subtract(other *ConnectionSet) *ConnectionSet { if conn.IsEmpty() || other.IsEmpty() { return conn @@ -524,29 +530,6 @@ func (conn *ConnectionSet) ResponseConnection() *ConnectionSet { return res } -///////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -///// Diff between ConnectionSet - -// Connection A minus Connection B -type ConnectionSetDiff struct { - ConnectionSet - StatefullDiff *ConnectionSet // connection element which is stateful only in A -} - -func (conn *ConnectionSet) SubtractWithStateful(other *ConnectionSet) ConnectionSetDiff { - // todo: use func (conn *ConnectionSet) Subtract(other *ConnectionSet) *ConnectionSet and note the - // special case in which the connection differs only one being stateful and the other not - diff := ConnectionSetDiff{ConnectionSet{}, - nil} - return diff -} - -func (connn *ConnectionSetDiff) isEmpty() bool { - return false -} - -// ToDo up to here in connectionSet - ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// /* diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index 734bcec76..66f9e26c0 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -16,7 +16,7 @@ const ( ) type connectionDiff struct { - common.ConnectionSetDiff + *common.ConnectionSet DiffType } @@ -95,6 +95,7 @@ func (connectivity subnetConnectivity) getConnectivesWithSameIpBlocks(other subn return connectivity, other } +// Subtract one subnetConnectivity from the other // assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal func (configs configsForDiff) subnetConnectivitySubtract(connectivity subnetConnectivity, other subnetConnectivity) SubnetsDiff { connectivitySubtract := map[EndpointElem]map[EndpointElem]*connectionDiff{} @@ -111,7 +112,13 @@ func (configs configsForDiff) subnetConnectivitySubtract(connectivity subnetConn if srcInOther != nil && dstInOther != nil { if otherSrc, ok := other[*srcInOther]; ok { if otherSrcDst, ok := otherSrc[*dstInOther]; ok { - subtractConn := conns.SubtractWithStateful(otherSrcDst) + // ToDo: current missing stateful: + // todo 1. is the delta connection stateful + // todo 2. connectionProperties is identical but conn stateful while other is not + // the 2nd item can be computed by conns.Subtract, with enhancement to relevant structure + // the 1st can not since we do not know where exactly the statefullness came from + // we might need to repeat the statefullness computation for the delta connection + subtractConn := conns.Subtract(otherSrcDst) if subtractConn.IsEmpty() { continue // no diff } @@ -132,12 +139,8 @@ func (configs configsForDiff) subnetConnectivitySubtract(connectivity subnetConn } else { diff = MissingDstEP } - emptyConnection := common.NewConnectionSet(false) diffConnectionWithType := &connectionDiff{ - common.ConnectionSetDiff{ - *emptyConnection, - nil, - }, + nil, diff, } connectivitySubtract[src][dst] = diffConnectionWithType From bf18d014d213381c21a4fea6709ceb99ba97bae6 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 17 Oct 2023 13:47:32 +0300 Subject: [PATCH 05/31] Minor reorgs --- pkg/vpcmodel/semanticDiffSubnets.go | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index 66f9e26c0..dae10a441 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -27,6 +27,11 @@ type configsForDiff struct { config2 *CloudConfig } +type subnetConfigConnectivity struct { + config *CloudConfig + subnetConnectivity subnetConnectivity +} + type diffBetweenSubnets struct { subnet1Subtract2 SubnetsDiff subnet2Subtract1 SubnetsDiff @@ -50,8 +55,10 @@ func (configs configsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets // 2. Computes delta in both directions subnet1Aligned, subnet2Aligned := subnetsConn1.AllowedConnsCombined.getConnectivesWithSameIpBlocks(subnetsConn2.AllowedConnsCombined) - subnet1Subtract2 := configs.subnetConnectivitySubtract(subnet1Aligned, subnet2Aligned) - subnet2Subtract1 := configs.subnetConnectivitySubtract(subnet2Aligned, subnet1Aligned) + subnetConfigConnectivity1 := subnetConfigConnectivity{configs.config1, subnet1Aligned} + subnetConfigConnectivity2 := subnetConfigConnectivity{configs.config2, subnet2Aligned} + subnet1Subtract2 := subnetConfigConnectivity1.subnetConnectivitySubtract(&subnetConfigConnectivity2) + subnet2Subtract1 := subnetConfigConnectivity2.subnetConnectivitySubtract(&subnetConfigConnectivity1) // 3. ToDo: grouping, see comment at the end of this file @@ -97,9 +104,9 @@ func (connectivity subnetConnectivity) getConnectivesWithSameIpBlocks(other subn // Subtract one subnetConnectivity from the other // assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal -func (configs configsForDiff) subnetConnectivitySubtract(connectivity subnetConnectivity, other subnetConnectivity) SubnetsDiff { +func (subnetConfConnectivity *subnetConfigConnectivity) subnetConnectivitySubtract(other *subnetConfigConnectivity) SubnetsDiff { connectivitySubtract := map[EndpointElem]map[EndpointElem]*connectionDiff{} - for src, endpointConns := range connectivity { + for src, endpointConns := range subnetConfConnectivity.subnetConnectivity { for dst, conns := range endpointConns { if conns.IsEmpty() { continue @@ -107,10 +114,10 @@ func (configs configsForDiff) subnetConnectivitySubtract(connectivity subnetConn if _, ok := connectivitySubtract[src]; !ok { connectivitySubtract[src] = map[EndpointElem]*connectionDiff{} } - srcInOther := configs.config1.getEndpointElemInOtherConfig(configs.config2, src) - dstInOther := configs.config1.getEndpointElemInOtherConfig(configs.config2, dst) + srcInOther := subnetConfConnectivity.config.getEndpointElemInOtherConfig(other.config, src) + dstInOther := subnetConfConnectivity.config.getEndpointElemInOtherConfig(other.config, dst) if srcInOther != nil && dstInOther != nil { - if otherSrc, ok := other[*srcInOther]; ok { + if otherSrc, ok := other.subnetConnectivity[*srcInOther]; ok { if otherSrcDst, ok := otherSrc[*dstInOther]; ok { // ToDo: current missing stateful: // todo 1. is the delta connection stateful From 625fa41df87f09aed6a9cde241a15e4321ad2e11 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 17 Oct 2023 14:53:01 +0300 Subject: [PATCH 06/31] Export SubnetConnectivityMap and enable external creation for unit test --- pkg/vpcmodel/semanticDiffSubnets.go | 8 ++++---- pkg/vpcmodel/subnetsConnectivity.go | 8 ++++++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index dae10a441..56ed1885e 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -29,7 +29,7 @@ type configsForDiff struct { type subnetConfigConnectivity struct { config *CloudConfig - subnetConnectivity subnetConnectivity + subnetConnectivity SubnetConnectivityMap } type diffBetweenSubnets struct { @@ -90,19 +90,19 @@ func (config *CloudConfig) getEndpointElemInOtherConfig(other *CloudConfig, ep E } // generates from subnet1Connectivity.AllowedConnsCombined and subnet2Connectivity.AllowedConnsCombined -// Two equivalent subnetConnectivity objects s.t. any (src1, dst1) of subnet1Connectivity and +// Two equivalent SubnetConnectivityMap objects s.t. any (src1, dst1) of subnet1Connectivity and // (src2, dst2) of subnet2Connectivity are either: // 1. src1 disjoint src2 or dst1 disjoint dst2 // 2. src1 = src2 and dst1 = dst2 // What is done here is repartitioning the ipBlocks so that the above will hold // // todo: verify that the returns objects indeed have exactly the same ipBlocks -func (connectivity subnetConnectivity) getConnectivesWithSameIpBlocks(other subnetConnectivity) (subnetConnectivity, subnetConnectivity) { +func (connectivity SubnetConnectivityMap) getConnectivesWithSameIpBlocks(other SubnetConnectivityMap) (SubnetConnectivityMap, SubnetConnectivityMap) { // todo: use DisjointIPBlocks(set1, set2 []*IPBlock) []*IPBlock of ipBlock.go return connectivity, other } -// Subtract one subnetConnectivity from the other +// Subtract one SubnetConnectivityMap from the other // assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal func (subnetConfConnectivity *subnetConfigConnectivity) subnetConnectivitySubtract(other *subnetConfigConnectivity) SubnetsDiff { connectivitySubtract := map[EndpointElem]map[EndpointElem]*connectionDiff{} diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 657b16869..ce497ca40 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -7,14 +7,14 @@ import ( "fmt" ) -type subnetConnectivity map[EndpointElem]map[EndpointElem]*common.ConnectionSet +type SubnetConnectivityMap map[EndpointElem]map[EndpointElem]*common.ConnectionSet // VPCsubnetConnectivity captures allowed connectivity for subnets, considering nacl and pgw resources type VPCsubnetConnectivity struct { // computed for each node (subnet), by iterating its ConnectivityResult for all relevant VPC resources that capture it AllowedConns map[EndpointElem]*ConfigBasedConnectivityResults // combined connectivity - considering both ingress and egress per connection - AllowedConnsCombined subnetConnectivity + AllowedConnsCombined SubnetConnectivityMap CloudConfig *CloudConfig // grouped connectivity result GroupedConnectivity *GroupConnLines @@ -26,6 +26,10 @@ const ( errUnexpectedTypePeerNode = "unexpected type for peerNode in computeAllowedConnsCombined" ) +func NewSubnetConnectivityMap() SubnetConnectivityMap { + return SubnetConnectivityMap{} +} + func subnetConnLine(subnet string, conn *common.ConnectionSet) string { return fmt.Sprintf("%s : %s\n", subnet, conn.String()) } From d2fbe4e9be637a44359fbf957717606459dc437b Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 18 Oct 2023 09:25:07 +0300 Subject: [PATCH 07/31] Added grouping subnet unittesting as preliminery stage to writing unit testing for semantic diff connectivity --- pkg/vpcmodel/grouping_test.go | 37 +++++++++++++++++++++++++++++ pkg/vpcmodel/subnetsConnectivity.go | 7 ++++++ 2 files changed, 44 insertions(+) diff --git a/pkg/vpcmodel/grouping_test.go b/pkg/vpcmodel/grouping_test.go index 3d51baa49..6c3e3c067 100644 --- a/pkg/vpcmodel/grouping_test.go +++ b/pkg/vpcmodel/grouping_test.go @@ -371,3 +371,40 @@ func TestConfigSelfLoopCliqueLace(t *testing.T) { fmt.Println(groupingStr) fmt.Println("done") } +func configSubnetSelfLoop() (*CloudConfig, *VPCsubnetConnectivity) { + res := &CloudConfig{Nodes: []Node{}} + res.Nodes = append(res.Nodes, + &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1"}, + &mockNetIntf{cidr: "10.3.20.6/32", name: "vsi2"}, + &mockNetIntf{cidr: "10.7.20.7/32", name: "vsi3"}) + + res.NodeSets = append(res.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet1", []Node{res.Nodes[0]}}) + res.NodeSets = append(res.NodeSets, &mockSubnet{"10.3.20.0/22", "subnet2", []Node{res.Nodes[1]}}) + res.NodeSets = append(res.NodeSets, &mockSubnet{"10.7.20.0/22", "subnet3", []Node{res.Nodes[2]}}) + + res1 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} + res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[0], res.NodeSets[1], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[0], res.NodeSets[2], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[1], res.NodeSets[0], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[1], res.NodeSets[2], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[2], res.NodeSets[0], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[2], res.NodeSets[1], common.NewConnectionSet(true)) + + return res, res1 +} + +func TestSubnetSelfLoop(t *testing.T) { + c, s := configSubnetSelfLoop() + res := &GroupConnLines{c: c, s: s, + srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), + groupedEndpointsElemsMap: make(map[string]*groupedEndpointsElems), + groupedExternalNodesMap: make(map[string]*groupedExternalNodes)} + res.groupExternalAddressesForSubnets() + res.groupInternalSrcOrDst(false, false) + res.groupInternalSrcOrDst(true, false) + groupingStr := res.String() + require.Equal(t, "subnet1,subnet2,subnet3 => subnet1,subnet2,subnet3 : All Connections\n\n"+ + "connections are stateful unless marked with *\n", groupingStr) + fmt.Println(groupingStr) + fmt.Println("done") +} diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index ce497ca40..1007cfbf1 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -314,3 +314,10 @@ func (c *CloudConfig) GetConnectivityOutputPerEachSubnetSeparately() string { } return "" } + +func (subnetConnMap SubnetConnectivityMap) updateAllowedSubnetConnsMap(src, dst NodeSet, conn *common.ConnectionSet) { + if _, ok := subnetConnMap[src]; !ok { + subnetConnMap[src] = map[EndpointElem]*common.ConnectionSet{} + } + subnetConnMap[src][dst] = conn +} From 823503ed5a1bc838f324ae6d3b264af0e31c0170 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 18 Oct 2023 10:07:02 +0300 Subject: [PATCH 08/31] exporting functionality for unit test; SubnetConnectivitySubtract should return the diff --- pkg/vpcmodel/semanticDiffSubnets.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index 56ed1885e..a1ef014d7 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -22,12 +22,12 @@ type connectionDiff struct { type SubnetsDiff map[EndpointElem]map[EndpointElem]*connectionDiff -type configsForDiff struct { +type ConfigsForDiff struct { config1 *CloudConfig config2 *CloudConfig } -type subnetConfigConnectivity struct { +type SubnetConfigConnectivity struct { config *CloudConfig subnetConnectivity SubnetConnectivityMap } @@ -42,7 +42,7 @@ type diffBetweenSubnets struct { type DiffType = int -func (configs configsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets, error) { +func (configs ConfigsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets, error) { // 1. compute connectivity for each of the subnets subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) if err != nil { @@ -55,10 +55,10 @@ func (configs configsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets // 2. Computes delta in both directions subnet1Aligned, subnet2Aligned := subnetsConn1.AllowedConnsCombined.getConnectivesWithSameIpBlocks(subnetsConn2.AllowedConnsCombined) - subnetConfigConnectivity1 := subnetConfigConnectivity{configs.config1, subnet1Aligned} - subnetConfigConnectivity2 := subnetConfigConnectivity{configs.config2, subnet2Aligned} - subnet1Subtract2 := subnetConfigConnectivity1.subnetConnectivitySubtract(&subnetConfigConnectivity2) - subnet2Subtract1 := subnetConfigConnectivity2.subnetConnectivitySubtract(&subnetConfigConnectivity1) + subnetConfigConnectivity1 := SubnetConfigConnectivity{configs.config1, subnet1Aligned} + subnetConfigConnectivity2 := SubnetConfigConnectivity{configs.config2, subnet2Aligned} + subnet1Subtract2 := subnetConfigConnectivity1.SubnetConnectivitySubtract(&subnetConfigConnectivity2) + subnet2Subtract1 := subnetConfigConnectivity2.SubnetConnectivitySubtract(&subnetConfigConnectivity1) // 3. ToDo: grouping, see comment at the end of this file @@ -104,7 +104,7 @@ func (connectivity SubnetConnectivityMap) getConnectivesWithSameIpBlocks(other S // Subtract one SubnetConnectivityMap from the other // assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal -func (subnetConfConnectivity *subnetConfigConnectivity) subnetConnectivitySubtract(other *subnetConfigConnectivity) SubnetsDiff { +func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtract(other *SubnetConfigConnectivity) SubnetsDiff { connectivitySubtract := map[EndpointElem]map[EndpointElem]*connectionDiff{} for src, endpointConns := range subnetConfConnectivity.subnetConnectivity { for dst, conns := range endpointConns { @@ -153,7 +153,7 @@ func (subnetConfConnectivity *subnetConfigConnectivity) subnetConnectivitySubtra connectivitySubtract[src][dst] = diffConnectionWithType } } - return nil + return connectivitySubtract } // todo: instead of adding functionality to grouping, I plan to have more generic connectivity items that will be grouped From 769eb7a442020e692175f907b53e378c9c7d7986 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 18 Oct 2023 10:18:48 +0300 Subject: [PATCH 09/31] semantic diff simple unit test --- pkg/vpcmodel/diffSubnets_test.go | 65 ++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 pkg/vpcmodel/diffSubnets_test.go diff --git a/pkg/vpcmodel/diffSubnets_test.go b/pkg/vpcmodel/diffSubnets_test.go new file mode 100644 index 000000000..bed1c0594 --- /dev/null +++ b/pkg/vpcmodel/diffSubnets_test.go @@ -0,0 +1,65 @@ +package vpcmodel + +import ( + "fmt" + "testing" + + "github.com/np-guard/vpc-network-config-analyzer/pkg/common" +) + +// simple diff: +// cfg1 has subnet1, subnet2, subnet3 +// subnet1 -> subnet2 +// subnet2 -> subnet3 +// subnet3 -> subnet2 +// cfg2 has subnet2, subnet3, subnet4 +// subnet2 -> subnet3 +// subnet3 -> subnet4 +// subnet3 -> subnet2 +// expected diff: +// + subnet1 -> subnet2 missing src +// + subnet2 -> subnet3 missing connection +// - subnet3 -> subnet4 missing dst + +func configSimpleSubnetSubtract() (*SubnetConfigConnectivity, *SubnetConfigConnectivity) { + cfg1 := &CloudConfig{Nodes: []Node{}} + cfg1.Nodes = append(cfg1.Nodes, + &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1"}, + &mockNetIntf{cidr: "10.3.20.6/32", name: "vsi2"}, + &mockNetIntf{cidr: "10.7.20.7/32", name: "vsi3"}) + + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet1", []Node{cfg1.Nodes[0]}}) + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.3.20.0/22", "subnet2", []Node{cfg1.Nodes[1]}}) + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.7.20.0/22", "subnet3", []Node{cfg1.Nodes[2]}}) + + cfg2 := &CloudConfig{Nodes: []Node{}} + cfg2.Nodes = append(cfg1.Nodes, + &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1"}, + &mockNetIntf{cidr: "10.3.20.6/32", name: "vsi2"}, + &mockNetIntf{cidr: "10.9.20.7/32", name: "vsi4"}) + + subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[2], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[2], cfg1.NodeSets[1], common.NewConnectionSet(true)) + + subnetConnMap2 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[2], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[0], common.NewConnectionSet(true)) + + subnetConfigConn1 := &SubnetConfigConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} + subnetConfigConn2 := &SubnetConfigConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} + + return subnetConfigConn1, subnetConfigConn2 +} + +func TestSimpleSubnetSubtract(t *testing.T) { + subnetConfigConn1, subnetConfigConn2 := configSimpleSubnetSubtract() + + subnet1Subtract2 := subnetConfigConn1.SubnetConnectivitySubtract(subnetConfigConn2) + subnet2Subtract1 := subnetConfigConn2.SubnetConnectivitySubtract(subnetConfigConn1) + + fmt.Printf("subnet1Subtract2 is %v\nsubnet2Subtract1 is %v\n", subnet1Subtract2, subnet2Subtract1) + +} From 5a652cc55893dcc48e6cdd5601811543b484ffa3 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 18 Oct 2023 11:41:32 +0300 Subject: [PATCH 10/31] improved semantic diff computation --- pkg/vpcmodel/semanticDiffSubnets.go | 39 ++++++++++++++++------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index a1ef014d7..78d25c2da 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -70,6 +70,8 @@ func (configs ConfigsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets // for a given EndpointElem (representing a subnet or an external ip) in config return the EndpointElem representing the // subnet/external address in otherConfig or nil if the subnet does not exist in the other config. +// ToDo: this is done based on names only at the moment. Perhaps take into account other factors such as cidr? +// ToDo: instead of performing this search each time, use a map created once func (config *CloudConfig) getEndpointElemInOtherConfig(other *CloudConfig, ep EndpointElem) *EndpointElem { if ep.IsExternal() { for _, node := range other.Nodes { @@ -114,6 +116,7 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtra if _, ok := connectivitySubtract[src]; !ok { connectivitySubtract[src] = map[EndpointElem]*connectionDiff{} } + diffConnectionWithType := &connectionDiff{nil, NoDiff} srcInOther := subnetConfConnectivity.config.getEndpointElemInOtherConfig(other.config, src) dstInOther := subnetConfConnectivity.config.getEndpointElemInOtherConfig(other.config, dst) if srcInOther != nil && dstInOther != nil { @@ -129,26 +132,21 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtra if subtractConn.IsEmpty() { continue // no diff } - diffConnectionWithType := &connectionDiff{ - subtractConn, - ChangedConnection, - } - connectivitySubtract[src][dst] = diffConnectionWithType - continue + diffConnectionWithType.ConnectionSet = subtractConn + diffConnectionWithType.DiffType = ChangedConnection } } - } - var diff DiffType - if srcInOther == nil && dstInOther == nil { - diff = MissingSrcDstEP - } else if srcInOther == nil { - diff = MissingSrcEP - } else { - diff = MissingDstEP - } - diffConnectionWithType := &connectionDiff{ - nil, - diff, + if diffConnectionWithType.DiffType != ChangedConnection { + diffConnectionWithType.DiffType = MissingConnection + } + } else { // srcInOther == nil || dstInOther == nil + if srcInOther == nil && dstInOther == nil { + diffConnectionWithType.DiffType = MissingSrcDstEP + } else if srcInOther == nil { + diffConnectionWithType.DiffType = MissingSrcEP + } else { + diffConnectionWithType.DiffType = MissingDstEP + } } connectivitySubtract[src][dst] = diffConnectionWithType } @@ -156,6 +154,11 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtra return connectivitySubtract } +// +//func (subnetDiff *SubnetsDiff) String() string { +// +//} + // todo: instead of adding functionality to grouping, I plan to have more generic connectivity items that will be grouped // encode the SubnetsDiff into this generic item as well as the other entities we are grouping // and then decode in the printing From f7359086307f89d78c8d5f35d79bd68b9bd7652b Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 18 Oct 2023 14:11:46 +0300 Subject: [PATCH 11/31] fixed a bug/typo, added ad-hoc printing functionality --- pkg/vpcmodel/semanticDiffSubnets.go | 60 ++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index 78d25c2da..7756ad583 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -1,11 +1,14 @@ package vpcmodel import ( + "fmt" "github.com/np-guard/vpc-network-config-analyzer/pkg/common" ) // ToDo: go over structs specifically * and lack of +type DiffType = int + const ( NoDiff DiffType = iota MissingSrcEP @@ -17,7 +20,7 @@ const ( type connectionDiff struct { *common.ConnectionSet - DiffType + diff DiffType } type SubnetsDiff map[EndpointElem]map[EndpointElem]*connectionDiff @@ -40,8 +43,6 @@ type diffBetweenSubnets struct { GroupedSubnet1Minus1 *GroupConnLines } -type DiffType = int - func (configs ConfigsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets, error) { // 1. compute connectivity for each of the subnets subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) @@ -133,19 +134,19 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtra continue // no diff } diffConnectionWithType.ConnectionSet = subtractConn - diffConnectionWithType.DiffType = ChangedConnection + diffConnectionWithType.diff = ChangedConnection } } - if diffConnectionWithType.DiffType != ChangedConnection { - diffConnectionWithType.DiffType = MissingConnection + if diffConnectionWithType.diff != ChangedConnection { + diffConnectionWithType.diff = MissingConnection } } else { // srcInOther == nil || dstInOther == nil if srcInOther == nil && dstInOther == nil { - diffConnectionWithType.DiffType = MissingSrcDstEP + diffConnectionWithType.diff = MissingSrcDstEP } else if srcInOther == nil { - diffConnectionWithType.DiffType = MissingSrcEP + diffConnectionWithType.diff = MissingSrcEP } else { - diffConnectionWithType.DiffType = MissingDstEP + diffConnectionWithType.diff = MissingDstEP } } connectivitySubtract[src][dst] = diffConnectionWithType @@ -154,10 +155,43 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtra return connectivitySubtract } -// -//func (subnetDiff *SubnetsDiff) String() string { -// -//} +// ToDo: likely the current printing functionality will no longer be needed once the grouping is added +// anyways the diff print will be worked on before the final merge +func (subnetDiff *SubnetsDiff) EnhancedString(thisMinusOther bool) string { + var diffDirection, printDiff string + if thisMinusOther { + diffDirection = "--" + } else { + diffDirection = "++" + } + for src, endpointConnDiff := range *subnetDiff { + for dst, connDiff := range endpointConnDiff { + var connectionSetDiff string + if connDiff.ConnectionSet != nil { + connectionSetDiff = connDiff.ConnectionSet.EnhancedString() + } + printDiff += fmt.Sprintf("%s %s => %s : %s %s\n", diffDirection, src.Name(), dst.Name(), + connectionSetDiff, diffDecription(connDiff.diff)) + } + } + return printDiff +} + +func diffDecription(diff DiffType) string { + switch diff { + case MissingSrcEP: + return "missing source" + case MissingDstEP: + return "missing destination" + case MissingSrcDstEP: + return "missing source and destination" + case MissingConnection: + return "missing connection" + case ChangedConnection: + return "changed connection" + } + return "" +} // todo: instead of adding functionality to grouping, I plan to have more generic connectivity items that will be grouped // encode the SubnetsDiff into this generic item as well as the other entities we are grouping From 20b4e98fe900da59b0049e6dae4c990dbe2173d8 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 18 Oct 2023 14:12:21 +0300 Subject: [PATCH 12/31] unit test written for current functionality --- pkg/vpcmodel/diffSubnets_test.go | 76 +++++++++++++++++++++----------- 1 file changed, 50 insertions(+), 26 deletions(-) diff --git a/pkg/vpcmodel/diffSubnets_test.go b/pkg/vpcmodel/diffSubnets_test.go index bed1c0594..23f6b5d6c 100644 --- a/pkg/vpcmodel/diffSubnets_test.go +++ b/pkg/vpcmodel/diffSubnets_test.go @@ -2,51 +2,66 @@ package vpcmodel import ( "fmt" + "github.com/stretchr/testify/require" + "strings" "testing" "github.com/np-guard/vpc-network-config-analyzer/pkg/common" ) // simple diff: -// cfg1 has subnet1, subnet2, subnet3 +// cfg1 has subnet0, subnet1, subnet2, subnet3 +// subnet0 -> subnet1 // subnet1 -> subnet2 +// subnet3 -> subnet1 // subnet2 -> subnet3 // subnet3 -> subnet2 // cfg2 has subnet2, subnet3, subnet4 -// subnet2 -> subnet3 -// subnet3 -> subnet4 // subnet3 -> subnet2 -// expected diff: -// + subnet1 -> subnet2 missing src -// + subnet2 -> subnet3 missing connection -// - subnet3 -> subnet4 missing dst +// subnet3 -> subnet4 + +// expected diff cfg1 subtract cfg2: +// cfg1 subtract cfg2 +// subnet0 -> subnet1 missing src and dst +// subnet1 -> subnet2 missing src +// subnet3 -> subnet1 missing dst +// subnet2 -> subnet3 missing connection +// +// cfg2 subtract cfg1 +// subnet1 subtract subnet2: +// subnet3 -> subnet4 missing dst func configSimpleSubnetSubtract() (*SubnetConfigConnectivity, *SubnetConfigConnectivity) { - cfg1 := &CloudConfig{Nodes: []Node{}} + cfg1 := &CloudConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} cfg1.Nodes = append(cfg1.Nodes, - &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1"}, - &mockNetIntf{cidr: "10.3.20.6/32", name: "vsi2"}, - &mockNetIntf{cidr: "10.7.20.7/32", name: "vsi3"}) + &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1-1"}, + &mockNetIntf{cidr: "10.3.20.6/32", name: "vsi1-2"}, + &mockNetIntf{cidr: "10.7.20.7/32", name: "vsi1-3"}) - cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet1", []Node{cfg1.Nodes[0]}}) - cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.3.20.0/22", "subnet2", []Node{cfg1.Nodes[1]}}) - cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.7.20.0/22", "subnet3", []Node{cfg1.Nodes[2]}}) + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet0", []Node{cfg1.Nodes[0]}}) + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.1.20.0/22", "subnet1", []Node{cfg1.Nodes[0]}}) + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.2.20.0/22", "subnet2", []Node{cfg1.Nodes[1]}}) + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.3.20.0/22", "subnet3", []Node{cfg1.Nodes[2]}}) - cfg2 := &CloudConfig{Nodes: []Node{}} + cfg2 := &CloudConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} cfg2.Nodes = append(cfg1.Nodes, - &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1"}, - &mockNetIntf{cidr: "10.3.20.6/32", name: "vsi2"}, - &mockNetIntf{cidr: "10.9.20.7/32", name: "vsi4"}) + &mockNetIntf{cidr: "10.3.20.5/32", name: "vsi2-1"}, + &mockNetIntf{cidr: "10.7.20.6/32", name: "vsi2-2"}, + &mockNetIntf{cidr: "10.9.20.7/32", name: "vsi2-3"}) + cfg2.NodeSets = append(cfg2.NodeSets, &mockSubnet{"10.2.20.0/22", "subnet2", []Node{cfg2.Nodes[0]}}) + cfg2.NodeSets = append(cfg2.NodeSets, &mockSubnet{"10.3.20.0/22", "subnet3", []Node{cfg2.Nodes[1]}}) + cfg2.NodeSets = append(cfg2.NodeSets, &mockSubnet{"10.4.20.0/22", "subnet4", []Node{cfg2.Nodes[2]}}) subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[2], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[2], cfg1.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[2], cfg1.NodeSets[3], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[2], common.NewConnectionSet(true)) subnetConnMap2 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[2], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[0], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[0], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[2], common.NewConnectionSet(true)) subnetConfigConn1 := &SubnetConfigConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} subnetConfigConn2 := &SubnetConfigConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} @@ -56,10 +71,19 @@ func configSimpleSubnetSubtract() (*SubnetConfigConnectivity, *SubnetConfigConne func TestSimpleSubnetSubtract(t *testing.T) { subnetConfigConn1, subnetConfigConn2 := configSimpleSubnetSubtract() - subnet1Subtract2 := subnetConfigConn1.SubnetConnectivitySubtract(subnetConfigConn2) - subnet2Subtract1 := subnetConfigConn2.SubnetConnectivitySubtract(subnetConfigConn1) - - fmt.Printf("subnet1Subtract2 is %v\nsubnet2Subtract1 is %v\n", subnet1Subtract2, subnet2Subtract1) + subnet1Subtract2Str := subnet1Subtract2.EnhancedString(true) + fmt.Printf("subnet1Subtract2:\n%v\n", subnet1Subtract2Str) + newLines := strings.Count(subnet1Subtract2Str, "\n") + // there should be 4 lines in subnet1Subtract2Str + require.Equal(t, 4, newLines) + require.Contains(t, subnet1Subtract2Str, "-- subnet3 => subnet1 : missing destination") + require.Contains(t, subnet1Subtract2Str, "-- subnet2 => subnet3 : missing connection") + require.Contains(t, subnet1Subtract2Str, "-- subnet0 => subnet1 : missing source and destination") + require.Contains(t, subnet1Subtract2Str, "-- subnet1 => subnet2 : missing source") + subnet2Subtract1 := subnetConfigConn2.SubnetConnectivitySubtract(subnetConfigConn1) + subnet2Subtract1Str := subnet2Subtract1.EnhancedString(false) + fmt.Printf("subnet2Subtract1:\n%v\n", subnet2Subtract1Str) + require.Equal(t, "++ subnet3 => subnet4 : missing destination\n", subnet2Subtract1Str) } From ce31ddae359c0dcd23478b106a92497f72f1e3c7 Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 19 Oct 2023 11:48:24 +0300 Subject: [PATCH 13/31] lint comments --- pkg/vpcmodel/diffSubnets_test.go | 23 +++++++------- pkg/vpcmodel/grouping_test.go | 6 ++-- pkg/vpcmodel/semanticDiffSubnets.go | 47 ++++++++++++++++++----------- pkg/vpcmodel/subnetsConnectivity.go | 8 ++--- 4 files changed, 48 insertions(+), 36 deletions(-) diff --git a/pkg/vpcmodel/diffSubnets_test.go b/pkg/vpcmodel/diffSubnets_test.go index 23f6b5d6c..f25d0f544 100644 --- a/pkg/vpcmodel/diffSubnets_test.go +++ b/pkg/vpcmodel/diffSubnets_test.go @@ -2,10 +2,11 @@ package vpcmodel import ( "fmt" - "github.com/stretchr/testify/require" "strings" "testing" + "github.com/stretchr/testify/require" + "github.com/np-guard/vpc-network-config-analyzer/pkg/common" ) @@ -31,26 +32,26 @@ import ( // subnet1 subtract subnet2: // subnet3 -> subnet4 missing dst -func configSimpleSubnetSubtract() (*SubnetConfigConnectivity, *SubnetConfigConnectivity) { +func configSimpleSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *SubnetConfigConnectivity) { cfg1 := &CloudConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} cfg1.Nodes = append(cfg1.Nodes, &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1-1"}, &mockNetIntf{cidr: "10.3.20.6/32", name: "vsi1-2"}, &mockNetIntf{cidr: "10.7.20.7/32", name: "vsi1-3"}) - cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet0", []Node{cfg1.Nodes[0]}}) - cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.1.20.0/22", "subnet1", []Node{cfg1.Nodes[0]}}) - cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.2.20.0/22", "subnet2", []Node{cfg1.Nodes[1]}}) + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet0", []Node{cfg1.Nodes[0]}}, + &mockSubnet{"10.1.20.0/22", "subnet1", []Node{cfg1.Nodes[0]}}, + &mockSubnet{"10.2.20.0/22", "subnet2", []Node{cfg1.Nodes[1]}}) cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.3.20.0/22", "subnet3", []Node{cfg1.Nodes[2]}}) cfg2 := &CloudConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} - cfg2.Nodes = append(cfg1.Nodes, + cfg2.Nodes = append(cfg2.Nodes, &mockNetIntf{cidr: "10.3.20.5/32", name: "vsi2-1"}, &mockNetIntf{cidr: "10.7.20.6/32", name: "vsi2-2"}, &mockNetIntf{cidr: "10.9.20.7/32", name: "vsi2-3"}) - cfg2.NodeSets = append(cfg2.NodeSets, &mockSubnet{"10.2.20.0/22", "subnet2", []Node{cfg2.Nodes[0]}}) - cfg2.NodeSets = append(cfg2.NodeSets, &mockSubnet{"10.3.20.0/22", "subnet3", []Node{cfg2.Nodes[1]}}) - cfg2.NodeSets = append(cfg2.NodeSets, &mockSubnet{"10.4.20.0/22", "subnet4", []Node{cfg2.Nodes[2]}}) + cfg2.NodeSets = append(cfg2.NodeSets, &mockSubnet{"10.2.20.0/22", "subnet2", []Node{cfg2.Nodes[0]}}, + &mockSubnet{"10.3.20.0/22", "subnet3", []Node{cfg2.Nodes[1]}}, + &mockSubnet{"10.4.20.0/22", "subnet4", []Node{cfg2.Nodes[2]}}) subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) @@ -63,8 +64,8 @@ func configSimpleSubnetSubtract() (*SubnetConfigConnectivity, *SubnetConfigConne subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[0], common.NewConnectionSet(true)) subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[2], common.NewConnectionSet(true)) - subnetConfigConn1 := &SubnetConfigConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} - subnetConfigConn2 := &SubnetConfigConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} + subnetConfigConn1 = &SubnetConfigConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} + subnetConfigConn2 = &SubnetConfigConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} return subnetConfigConn1, subnetConfigConn2 } diff --git a/pkg/vpcmodel/grouping_test.go b/pkg/vpcmodel/grouping_test.go index 6c3e3c067..20aa4f699 100644 --- a/pkg/vpcmodel/grouping_test.go +++ b/pkg/vpcmodel/grouping_test.go @@ -378,9 +378,9 @@ func configSubnetSelfLoop() (*CloudConfig, *VPCsubnetConnectivity) { &mockNetIntf{cidr: "10.3.20.6/32", name: "vsi2"}, &mockNetIntf{cidr: "10.7.20.7/32", name: "vsi3"}) - res.NodeSets = append(res.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet1", []Node{res.Nodes[0]}}) - res.NodeSets = append(res.NodeSets, &mockSubnet{"10.3.20.0/22", "subnet2", []Node{res.Nodes[1]}}) - res.NodeSets = append(res.NodeSets, &mockSubnet{"10.7.20.0/22", "subnet3", []Node{res.Nodes[2]}}) + res.NodeSets = append(res.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet1", []Node{res.Nodes[0]}}, + &mockSubnet{"10.3.20.0/22", "subnet2", []Node{res.Nodes[1]}}, + &mockSubnet{"10.7.20.0/22", "subnet3", []Node{res.Nodes[2]}}) res1 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[0], res.NodeSets[1], common.NewConnectionSet(true)) diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index 7756ad583..dfa4f84a2 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -2,6 +2,7 @@ package vpcmodel import ( "fmt" + "github.com/np-guard/vpc-network-config-analyzer/pkg/common" ) @@ -55,7 +56,7 @@ func (configs ConfigsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets } // 2. Computes delta in both directions - subnet1Aligned, subnet2Aligned := subnetsConn1.AllowedConnsCombined.getConnectivesWithSameIpBlocks(subnetsConn2.AllowedConnsCombined) + subnet1Aligned, subnet2Aligned := subnetsConn1.AllowedConnsCombined.getConnectivesWithSameIPBlocks(subnetsConn2.AllowedConnsCombined) subnetConfigConnectivity1 := SubnetConfigConnectivity{configs.config1, subnet1Aligned} subnetConfigConnectivity2 := SubnetConfigConnectivity{configs.config2, subnet2Aligned} subnet1Subtract2 := subnetConfigConnectivity1.SubnetConnectivitySubtract(&subnetConfigConnectivity2) @@ -73,19 +74,19 @@ func (configs ConfigsForDiff) GetSubnetsDiff(grouping bool) (*diffBetweenSubnets // subnet/external address in otherConfig or nil if the subnet does not exist in the other config. // ToDo: this is done based on names only at the moment. Perhaps take into account other factors such as cidr? // ToDo: instead of performing this search each time, use a map created once -func (config *CloudConfig) getEndpointElemInOtherConfig(other *CloudConfig, ep EndpointElem) *EndpointElem { +func (c *CloudConfig) getEndpointElemInOtherConfig(other *CloudConfig, ep EndpointElem) EndpointElem { if ep.IsExternal() { for _, node := range other.Nodes { if node.Name() == ep.Name() { res := EndpointElem(node) - return &res + return res } } } else { for _, nodeSet := range other.NodeSets { if nodeSet.Name() == ep.Name() { res := EndpointElem(nodeSet) - return &res + return res } } } @@ -100,12 +101,15 @@ func (config *CloudConfig) getEndpointElemInOtherConfig(other *CloudConfig, ep E // What is done here is repartitioning the ipBlocks so that the above will hold // // todo: verify that the returns objects indeed have exactly the same ipBlocks -func (connectivity SubnetConnectivityMap) getConnectivesWithSameIpBlocks(other SubnetConnectivityMap) (SubnetConnectivityMap, SubnetConnectivityMap) { +func (connectivity SubnetConnectivityMap) getConnectivesWithSameIPBlocks(other SubnetConnectivityMap) ( + alignedConnectivity SubnetConnectivityMap, alignedOther SubnetConnectivityMap) { // todo: use DisjointIPBlocks(set1, set2 []*IPBlock) []*IPBlock of ipBlock.go - return connectivity, other + alignedConnectivity = connectivity + alignedOther = other + return } -// Subtract one SubnetConnectivityMap from the other +// SubnetConnectivitySubtract Subtract one SubnetConnectivityMap from the other // assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtract(other *SubnetConfigConnectivity) SubnetsDiff { connectivitySubtract := map[EndpointElem]map[EndpointElem]*connectionDiff{} @@ -121,8 +125,8 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtra srcInOther := subnetConfConnectivity.config.getEndpointElemInOtherConfig(other.config, src) dstInOther := subnetConfConnectivity.config.getEndpointElemInOtherConfig(other.config, dst) if srcInOther != nil && dstInOther != nil { - if otherSrc, ok := other.subnetConnectivity[*srcInOther]; ok { - if otherSrcDst, ok := otherSrc[*dstInOther]; ok { + if otherSrc, ok := other.subnetConnectivity[srcInOther]; ok { + if otherSrcDst, ok := otherSrc[dstInOther]; ok { // ToDo: current missing stateful: // todo 1. is the delta connection stateful // todo 2. connectionProperties is identical but conn stateful while other is not @@ -141,13 +145,7 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtra diffConnectionWithType.diff = MissingConnection } } else { // srcInOther == nil || dstInOther == nil - if srcInOther == nil && dstInOther == nil { - diffConnectionWithType.diff = MissingSrcDstEP - } else if srcInOther == nil { - diffConnectionWithType.diff = MissingSrcEP - } else { - diffConnectionWithType.diff = MissingDstEP - } + diffConnectionWithType.diff = getDiffType(srcInOther, dstInOther) } connectivitySubtract[src][dst] = diffConnectionWithType } @@ -155,7 +153,19 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) SubnetConnectivitySubtra return connectivitySubtract } -// ToDo: likely the current printing functionality will no longer be needed once the grouping is added +func getDiffType(srcInOther, dstInOther EndpointElem) DiffType { + switch { + case srcInOther == nil && dstInOther == nil: + return MissingSrcDstEP + case srcInOther == nil && dstInOther != nil: + return MissingSrcEP + case srcInOther != nil && dstInOther == nil: + return MissingDstEP + } + return NoDiff +} + +// EnhancedString ToDo: likely the current printing functionality will no longer be needed once the grouping is added // anyways the diff print will be worked on before the final merge func (subnetDiff *SubnetsDiff) EnhancedString(thisMinusOther bool) string { var diffDirection, printDiff string @@ -198,4 +208,5 @@ func diffDecription(diff DiffType) string { // and then decode in the printing // the idea is to use instead of *common.ConnectionSet in the grouped entity a string which will encode the connection // and also the diff where relevant -// this will requires some rewriting in the existing grouping functionality and the way it provides service to subnetsConnectivity and nodesConnectivity +// this will requires some rewriting in the existing grouping functionality and the way it provides +// service to subnetsConnectivity and nodesConnectivity diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 1007cfbf1..a1bb35e74 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -315,9 +315,9 @@ func (c *CloudConfig) GetConnectivityOutputPerEachSubnetSeparately() string { return "" } -func (subnetConnMap SubnetConnectivityMap) updateAllowedSubnetConnsMap(src, dst NodeSet, conn *common.ConnectionSet) { - if _, ok := subnetConnMap[src]; !ok { - subnetConnMap[src] = map[EndpointElem]*common.ConnectionSet{} +func (connectivity SubnetConnectivityMap) updateAllowedSubnetConnsMap(src, dst NodeSet, conn *common.ConnectionSet) { + if _, ok := connectivity[src]; !ok { + connectivity[src] = map[EndpointElem]*common.ConnectionSet{} } - subnetConnMap[src][dst] = conn + connectivity[src][dst] = conn } From 6b5be67bb19214b00d2ffb4c89333e7330336897 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 12 Nov 2023 15:10:21 +0200 Subject: [PATCH 14/31] the diff is no longer limited to subnet - relevant renaming --- pkg/vpcmodel/debugOutput.go | 2 +- pkg/vpcmodel/diffSubnets_test.go | 14 +-- pkg/vpcmodel/drawioOutput.go | 4 +- pkg/vpcmodel/jsonOutput.go | 2 +- pkg/vpcmodel/mdOutput.go | 2 +- pkg/vpcmodel/output.go | 6 +- ...semanticDiffSubnets.go => semanticDiff.go} | 106 +++++++++--------- pkg/vpcmodel/subnetsConnectivity.go | 16 ++- pkg/vpcmodel/textOutput.go | 2 +- pkg/vpcmodel/vpcConnectivity.go | 2 + 10 files changed, 78 insertions(+), 78 deletions(-) rename pkg/vpcmodel/{semanticDiffSubnets.go => semanticDiff.go} (80%) diff --git a/pkg/vpcmodel/debugOutput.go b/pkg/vpcmodel/debugOutput.go index bccd04daf..2788f6b40 100644 --- a/pkg/vpcmodel/debugOutput.go +++ b/pkg/vpcmodel/debugOutput.go @@ -6,7 +6,7 @@ type DebugOutputFormatter struct { func (t *DebugOutputFormatter) WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, - subnetsDiff *DiffBetweenSubnets, + subnetsDiff *diffBetweenCfgs, outFile string, grouping bool, uc OutputUseCase) (*VPCAnalysisOutput, error) { diff --git a/pkg/vpcmodel/diffSubnets_test.go b/pkg/vpcmodel/diffSubnets_test.go index 3b7abd7cd..9b6c0b4c5 100644 --- a/pkg/vpcmodel/diffSubnets_test.go +++ b/pkg/vpcmodel/diffSubnets_test.go @@ -33,7 +33,7 @@ import ( // subnet1 connMissingOrChanged subnet2: // subnet3 -> subnet4 different connection -func configSimpleSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *SubnetConfigConnectivity) { +func configSimpleSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *configConnectivity) { cfg1 := &VPCConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} cfg1.Nodes = append(cfg1.Nodes, &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1-1"}, @@ -72,8 +72,8 @@ func configSimpleSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *SubnetC subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[2], common.NewConnectionSet(true)) subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[2], cfg2.NodeSets[3], common.NewConnectionSet(true)) - subnetConfigConn1 = &SubnetConfigConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} - subnetConfigConn2 = &SubnetConfigConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} + subnetConfigConn1 = &configConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} + subnetConfigConn2 = &configConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} return subnetConfigConn1, subnetConfigConn2 } @@ -85,7 +85,7 @@ func TestSimpleSubnetSubtract(t *testing.T) { fmt.Println("error:", err.Error()) } subnet1Subtract2Str := subnet1Subtract2.EnhancedString(true) - fmt.Printf("subnet1Subtract2:\n%v\n", subnet1Subtract2Str) + fmt.Printf("cfg1ConnRemovedFrom2:\n%v\n", subnet1Subtract2Str) require.Equal(t, err, nil) newLines := strings.Count(subnet1Subtract2Str, "\n") require.Equal(t, 5, newLines) @@ -111,7 +111,7 @@ func TestSimpleSubnetSubtract(t *testing.T) { "No connection, config2: All Connections, subnets-diff-info: subnet5 added\n") } -func configSimpleIPAndSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *SubnetConfigConnectivity) { +func configSimpleIPAndSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *configConnectivity) { cfg1 := &VPCConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.1.20.0/22", "subnet1", nil}, &mockSubnet{"10.2.20.0/22", "subnet2", nil}) @@ -149,8 +149,8 @@ func configSimpleIPAndSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *Su connectionTCP.AddTCPorUDPConn(common.ProtocolTCP, 0, 1000, 0, 443) subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.Nodes[2], connectionTCP) - subnetConfigConn1 = &SubnetConfigConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} - subnetConfigConn2 = &SubnetConfigConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} + subnetConfigConn1 = &configConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} + subnetConfigConn2 = &configConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} return subnetConfigConn1, subnetConfigConn2 } diff --git a/pkg/vpcmodel/drawioOutput.go b/pkg/vpcmodel/drawioOutput.go index 493088604..b4456b6dc 100644 --- a/pkg/vpcmodel/drawioOutput.go +++ b/pkg/vpcmodel/drawioOutput.go @@ -112,7 +112,7 @@ func (d *DrawioOutputFormatter) createEdges() { func (d *DrawioOutputFormatter) WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, - subnetsDiff *DiffBetweenSubnets, + subnetsDiff *diffBetweenCfgs, outFile string, grouping bool, uc OutputUseCase) (*VPCAnalysisOutput, error) { @@ -140,7 +140,7 @@ type ArchDrawioOutputFormatter struct { func (d *ArchDrawioOutputFormatter) WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, - subnetsDiff *DiffBetweenSubnets, + subnetsDiff *diffBetweenCfgs, outFile string, grouping bool, uc OutputUseCase) (*VPCAnalysisOutput, error) { diff --git a/pkg/vpcmodel/jsonOutput.go b/pkg/vpcmodel/jsonOutput.go index 0c88219af..93b9dc5dc 100644 --- a/pkg/vpcmodel/jsonOutput.go +++ b/pkg/vpcmodel/jsonOutput.go @@ -14,7 +14,7 @@ type JSONoutputFormatter struct { func (j *JSONoutputFormatter) WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, - subnetsDiff *DiffBetweenSubnets, + subnetsDiff *diffBetweenCfgs, outFile string, grouping bool, uc OutputUseCase) (*VPCAnalysisOutput, error) { diff --git a/pkg/vpcmodel/mdOutput.go b/pkg/vpcmodel/mdOutput.go index 82afca332..66fbda15e 100644 --- a/pkg/vpcmodel/mdOutput.go +++ b/pkg/vpcmodel/mdOutput.go @@ -18,7 +18,7 @@ const ( func (m *MDoutputFormatter) WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, - subnetsDiff *DiffBetweenSubnets, + subnetsDiff *diffBetweenCfgs, outFile string, grouping bool, uc OutputUseCase) (*VPCAnalysisOutput, error) { diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 12e5ca41f..78de08207 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -42,7 +42,7 @@ type OutputGenerator struct { useCase OutputUseCase nodesConn *VPCConnectivity subnetsConn *VPCsubnetConnectivity - subnetsDiff *DiffBetweenSubnets + subnetsDiff *diffBetweenCfgs } func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, archOnly bool) (*OutputGenerator, error) { @@ -69,7 +69,7 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch } if uc == AllSubnetsDiff { configsForDiff := &ConfigsForDiff{c1, c2} - subnetsDiff, err := configsForDiff.GetSubnetsDiff(grouping) + subnetsDiff, err := configsForDiff.GetDiff(grouping) if err != nil { return nil, err } @@ -111,7 +111,7 @@ func (o *OutputGenerator) Generate(f OutFormat, outFile string) (*VPCAnalysisOut } type OutputFormatter interface { - WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, subnetsDiff *DiffBetweenSubnets, + WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, subnetsDiff *diffBetweenCfgs, outFile string, grouping bool, uc OutputUseCase) (*VPCAnalysisOutput, error) } diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiff.go similarity index 80% rename from pkg/vpcmodel/semanticDiffSubnets.go rename to pkg/vpcmodel/semanticDiff.go index c45349a7c..746d0da54 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -29,24 +29,24 @@ type connectionDiff struct { diff DiffType } -type SubnetsDiff map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff +type connectivesDiff map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff type ConfigsForDiff struct { config1 *VPCConfig config2 *VPCConfig } -type SubnetConfigConnectivity struct { - config *VPCConfig - subnetConnectivity SubnetConnectivityMap +type configConnectivity struct { + config *VPCConfig + connectivity generalConnectivityMap } -type DiffBetweenSubnets struct { - subnet1Subtract2 SubnetsDiff - subnet2Subtract1 SubnetsDiff +type diffBetweenCfgs struct { + cfg1ConnRemovedFrom2 connectivesDiff + cfg2ConnRemovedFrom1 connectivesDiff } -func (configs ConfigsForDiff) GetSubnetsDiff(grouping bool) (*DiffBetweenSubnets, error) { +func (configs ConfigsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { // 1. compute connectivity for each of the subnets subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) if err != nil { @@ -58,29 +58,29 @@ func (configs ConfigsForDiff) GetSubnetsDiff(grouping bool) (*DiffBetweenSubnets } // 2. Computes delta in both directions - subnetConfigConn1 := &SubnetConfigConnectivity{configs.config1, + subnetConfigConn1 := &configConnectivity{configs.config1, subnetsConn1.AllowedConnsCombined} - subnetConfigConn2 := &SubnetConfigConnectivity{configs.config2, + subnetConfigConn2 := &configConnectivity{configs.config2, subnetsConn2.AllowedConnsCombined} alignedConfigConnectivity1, alignedConfigConnectivity2, err := subnetConfigConn1.getConnectivesWithSameIPBlocks(subnetConfigConn2) if err != nil { return nil, err } - subnet1Subtract2, err1 := alignedConfigConnectivity1.connMissingOrChanged(alignedConfigConnectivity2, true) + cfg1ConnRemovedFrom2, err1 := alignedConfigConnectivity1.connMissingOrChanged(alignedConfigConnectivity2, true) if err1 != nil { return nil, err1 } - subnet2Subtract1, err2 := alignedConfigConnectivity2.connMissingOrChanged(alignedConfigConnectivity1, false) + cfg2ConnRemovedFrom1, err2 := alignedConfigConnectivity2.connMissingOrChanged(alignedConfigConnectivity1, false) if err2 != nil { return nil, err2 } // 3. ToDo: grouping, see comment at the end of this file - res := &DiffBetweenSubnets{ - subnet1Subtract2: subnet1Subtract2, - subnet2Subtract1: subnet2Subtract1} + res := &diffBetweenCfgs{ + cfg1ConnRemovedFrom2: cfg1ConnRemovedFrom2, + cfg2ConnRemovedFrom1: cfg2ConnRemovedFrom1} return res, nil } @@ -105,15 +105,15 @@ func (c *VPCConfig) getVPCResourceInfInOtherConfig(other *VPCConfig, ep VPCResou return nil, nil } -// connMissingOrChanged of subnetConfConnectivity w.r.t. the other: +// connMissingOrChanged of confConnectivity w.r.t. the other: // connections may be identical, non-existing in other or existing in other but changed; // the latter are included only if includeChanged, to avoid duplication in the final presentation // // assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal -func (subnetConfConnectivity *SubnetConfigConnectivity) connMissingOrChanged(other *SubnetConfigConnectivity, includeChanged bool) ( - connectivitySubtract SubnetsDiff, err error) { +func (confConnectivity *configConnectivity) connMissingOrChanged(other *configConnectivity, includeChanged bool) ( + connectivitySubtract connectivesDiff, err error) { connectivitySubtract = map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff{} - for src, endpointConns := range subnetConfConnectivity.subnetConnectivity { + for src, endpointConns := range confConnectivity.connectivity { for dst, conns := range endpointConns { if conns.IsEmpty() { continue @@ -121,17 +121,17 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) connMissingOrChanged(oth if _, ok := connectivitySubtract[src]; !ok { connectivitySubtract[src] = map[VPCResourceIntf]*connectionDiff{} } - srcInOther, err1 := subnetConfConnectivity.config.getVPCResourceInfInOtherConfig(other.config, src) + srcInOther, err1 := confConnectivity.config.getVPCResourceInfInOtherConfig(other.config, src) if err1 != nil { return nil, err1 } - dstInOther, err2 := subnetConfConnectivity.config.getVPCResourceInfInOtherConfig(other.config, dst) + dstInOther, err2 := confConnectivity.config.getVPCResourceInfInOtherConfig(other.config, dst) if err2 != nil { return nil, err2 } connDiff := &connectionDiff{conns, nil, missingConnection} if srcInOther != nil && dstInOther != nil { - if otherSrc, ok := other.subnetConnectivity[srcInOther]; ok { + if otherSrc, ok := other.connectivity[srcInOther]; ok { if otherConn, ok := otherSrc[dstInOther]; ok { equalConnections := conns.Equal(otherConn) && // ToDo: https://github.com/np-guard/vpc-network-config-analyzer/issues/199 @@ -176,14 +176,14 @@ func getDiffType(src, srcInOther, dst, dstInOther VPCResourceIntf) DiffType { // EnhancedString ToDo: likely the current printing functionality will no longer be needed once the grouping is added // anyways the diff print will be worked on before the final merge -func (diff *DiffBetweenSubnets) String() string { - return diff.subnet1Subtract2.EnhancedString(true) + - diff.subnet2Subtract1.EnhancedString(false) +func (diff *diffBetweenCfgs) String() string { + return diff.cfg1ConnRemovedFrom2.EnhancedString(true) + + diff.cfg2ConnRemovedFrom1.EnhancedString(false) } -func (subnetDiff *SubnetsDiff) EnhancedString(thisMinusOther bool) string { +func (connDiff *connectivesDiff) EnhancedString(thisMinusOther bool) string { strList := []string{} - for src, endpointConnDiff := range *subnetDiff { + for src, endpointConnDiff := range *connDiff { for dst, connDiff := range endpointConnDiff { conn1Str, conn2Str := "", "" if thisMinusOther { @@ -204,7 +204,7 @@ func (subnetDiff *SubnetsDiff) EnhancedString(thisMinusOther bool) string { return res } -// prints connection for func (subnetDiff *SubnetsDiff) EnhancedString(..) where the connection could be empty +// prints connection for the above EnhancedString(..) where the connection could be empty func connStr(conn *common.ConnectionSet) string { if conn == nil { return "No connection" @@ -238,53 +238,53 @@ func diffAndEndpointsDisc(diff DiffType, src, dst VPCResourceIntf, thisMinusOthe return "", "" } -// getConnectivesWithSameIPBlocks generates from subnet1Connectivity.AllowedConnsCombined and subnet2Connectivity.AllowedConnsCombined -// Two equivalent SubnetConnectivityMap objects s.t. any (src1, dst1) of subnet1Connectivity and -// (src2, dst2) of subnet2Connectivity s.t. if src1 and src2 (dst1 and dst2) are both external then +// getConnectivesWithSameIPBlocks generates from the given generalConnectivityMap +// Two equivalent generalConnectivityMap objects s.t. any (src1, dst1) of the first map and +// (src2, dst2) of the 2nd map s.t. if src1 and src2 (dst1 and dst2) are both external then // they are either equal or disjoint -func (subnetConfConnectivity *SubnetConfigConnectivity) getConnectivesWithSameIPBlocks(otherConfConnectivity *SubnetConfigConnectivity) ( - alignedConnectivityConfig, alignedOtherConnectivityConfig *SubnetConfigConnectivity, myErr error) { +func (confConnectivity *configConnectivity) getConnectivesWithSameIPBlocks(otherConfConnectivity *configConnectivity) ( + alignedConnectivityConfig, alignedOtherConnectivityConfig *configConnectivity, myErr error) { // 1. computes new set of external nodes (only type of nodes here) in cfg1 and cfg2 // does so by computing disjoint block between src+dst ipBlocks in cfg1 and in cfg2 // the new set of external nodes is determined based on them - connectivityIPBlist, err := subnetConfConnectivity.subnetConnectivity.getIPBlocksList() + connectivityIPBlist, err := confConnectivity.connectivity.getIPBlocksList() if err != nil { return nil, nil, err } - otherIPBlist, err := otherConfConnectivity.subnetConnectivity.getIPBlocksList() + otherIPBlist, err := otherConfConnectivity.connectivity.getIPBlocksList() if err != nil { return nil, nil, err } disjointIPblocks := common.DisjointIPBlocks(connectivityIPBlist, otherIPBlist) // 2. copy configs and generates Nodes[] as per disjointIPblocks - err = subnetConfConnectivity.config.refineConfigExternalNodes(disjointIPblocks) + err = confConnectivity.config.refineConfigExternalNodes(disjointIPblocks) if err != nil { return nil, nil, err } - alignedConfig := subnetConfConnectivity.config + alignedConfig := confConnectivity.config err = otherConfConnectivity.config.refineConfigExternalNodes(disjointIPblocks) if err != nil { return nil, nil, err } otherAlignedConfig := otherConfConnectivity.config // 3. resize connections as per the new Nodes[] - alignedConnectivity, err := subnetConfConnectivity.subnetConnectivity.alignConnectionsGivenIPBlists( + alignedConnectivity, err := confConnectivity.connectivity.alignConnectionsGivenIPBlists( alignedConfig, disjointIPblocks) if err != nil { return nil, nil, err } - alignedOtherConnectivity, err := otherConfConnectivity.subnetConnectivity.alignConnectionsGivenIPBlists( + alignedOtherConnectivity, err := otherConfConnectivity.connectivity.alignConnectionsGivenIPBlists( otherAlignedConfig, disjointIPblocks) if err != nil { return nil, nil, err } - return &SubnetConfigConnectivity{alignedConfig, alignedConnectivity}, - &SubnetConfigConnectivity{otherAlignedConfig, alignedOtherConnectivity}, nil + return &configConnectivity{alignedConfig, alignedConnectivity}, + &configConnectivity{otherAlignedConfig, alignedOtherConnectivity}, nil } -func (subnetConnectivity *SubnetConnectivityMap) alignConnectionsGivenIPBlists(config *VPCConfig, disjointIPblocks []*common.IPBlock) ( - alignedConnectivity SubnetConnectivityMap, err error) { - alignedConnectivitySrc, err := subnetConnectivity.actualAlignSrcOrDstGivenIPBlists(config, disjointIPblocks, true) +func (connectivityMap *generalConnectivityMap) alignConnectionsGivenIPBlists(config *VPCConfig, disjointIPblocks []*common.IPBlock) ( + alignedConnectivity generalConnectivityMap, err error) { + alignedConnectivitySrc, err := connectivityMap.actualAlignSrcOrDstGivenIPBlists(config, disjointIPblocks, true) if err != nil { return nil, err } @@ -333,15 +333,15 @@ func resizeNodes(oldNodes []Node, disjointIPblocks []*common.IPBlock) (newNodes return newNodes, nil } -func (subnetConnectivity *SubnetConnectivityMap) actualAlignSrcOrDstGivenIPBlists(config *VPCConfig, +func (connectivityMap *generalConnectivityMap) actualAlignSrcOrDstGivenIPBlists(config *VPCConfig, disjointIPblocks []*common.IPBlock, resizeSrc bool) ( - alignedConnectivity SubnetConnectivityMap, err error) { + alignedConnectivity generalConnectivityMap, err error) { // goes over all sources of connections in connectivity // if src is external then for each IPBlock in disjointIPblocks copies dsts and connection type // otherwise just copies as is err = nil alignedConnectivity = map[VPCResourceIntf]map[VPCResourceIntf]*common.ConnectionSet{} - for src, endpointConns := range *subnetConnectivity { + for src, endpointConns := range *connectivityMap { for dst, conns := range endpointConns { if conns.IsEmpty() { continue @@ -421,9 +421,9 @@ func findNodeWithCidr(configNodes []Node, cidr string) Node { } // get a list of IPBlocks of the src and dst of the connections -func (subnetConnectivity SubnetConnectivityMap) getIPBlocksList() (ipbList []*common.IPBlock, +func (connectivityMap generalConnectivityMap) getIPBlocksList() (ipbList []*common.IPBlock, myErr error) { - for src, endpointConns := range subnetConnectivity { + for src, endpointConns := range connectivityMap { for dst, conns := range endpointConns { if conns.IsEmpty() { continue @@ -471,10 +471,10 @@ func externalNodeToIPBlock(external Node) (ipBlock *common.IPBlock, err error) { // src EndpointElem // dst EndpointElem // } -// func (subnetConnectivity SubnetConnectivityMap) getIntersectingConnections(other SubnetConnectivityMap) (areIntersecting string, +// func (connectivity generalConnectivityMap) getIntersectingConnections(other generalConnectivityMap) (areIntersecting string, // err error) { // err = nil -// for src, endpointConns := range subnetConnectivity { +// for src, endpointConns := range connectivity { // for dst, conns := range endpointConns { // if (!src.IsExternal() && !dst.IsExternal()) || conns.IsEmpty() { // continue // nothing to do here @@ -569,8 +569,8 @@ func externalNodeToIPBlock(external Node) (ipBlock *common.IPBlock, err error) { //// this will requires some rewriting in the existing grouping functionality and the way it provides //// service to subnetsConnectivity and nodesConnectivity // -// func (subnetConnectivity *SubnetConnectivityMap) PrintConnectivity() { -// for src, endpointConns := range *subnetConnectivity { +// func (connectivity *generalConnectivityMap) PrintConnectivity() { +// for src, endpointConns := range *connectivity { // for dst, conns := range endpointConns { // if conns.IsEmpty() { // continue diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 1862cdeb8..e9f71ae15 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -7,14 +7,12 @@ import ( "fmt" ) -type SubnetConnectivityMap map[VPCResourceIntf]map[VPCResourceIntf]*common.ConnectionSet - // VPCsubnetConnectivity captures allowed connectivity for subnets, considering nacl and pgw resources type VPCsubnetConnectivity struct { // computed for each node (subnet), by iterating its ConnectivityResult for all relevant VPC resources that capture it AllowedConns map[VPCResourceIntf]*ConfigBasedConnectivityResults // combined connectivity - considering both ingress and egress per connection - AllowedConnsCombined SubnetConnectivityMap + AllowedConnsCombined generalConnectivityMap VPCConfig *VPCConfig // grouped connectivity result GroupedConnectivity *GroupConnLines @@ -26,8 +24,8 @@ const ( errUnexpectedTypePeerNode = "unexpected type for peerNode in computeAllowedConnsCombined" ) -func NewSubnetConnectivityMap() SubnetConnectivityMap { - return SubnetConnectivityMap{} +func NewSubnetConnectivityMap() generalConnectivityMap { + return generalConnectivityMap{} } func subnetConnLine(subnet string, conn *common.ConnectionSet) string { @@ -315,9 +313,9 @@ func (c *VPCConfig) GetConnectivityOutputPerEachSubnetSeparately() string { return "" } -func (subnetConnectivity SubnetConnectivityMap) updateAllowedSubnetConnsMap(src, dst VPCResourceIntf, conn *common.ConnectionSet) { - if _, ok := subnetConnectivity[src]; !ok { - subnetConnectivity[src] = map[VPCResourceIntf]*common.ConnectionSet{} +func (connectivityMap generalConnectivityMap) updateAllowedSubnetConnsMap(src, dst VPCResourceIntf, conn *common.ConnectionSet) { + if _, ok := connectivityMap[src]; !ok { + connectivityMap[src] = map[VPCResourceIntf]*common.ConnectionSet{} } - subnetConnectivity[src][dst] = conn + connectivityMap[src][dst] = conn } diff --git a/pkg/vpcmodel/textOutput.go b/pkg/vpcmodel/textOutput.go index 75527e083..b030d4fc5 100644 --- a/pkg/vpcmodel/textOutput.go +++ b/pkg/vpcmodel/textOutput.go @@ -18,7 +18,7 @@ func headerOfAnalyzedVPC(vpcName, vpc2Name string) string { func (t *TextOutputFormatter) WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, - subnetsDiff *DiffBetweenSubnets, + subnetsDiff *diffBetweenCfgs, outFile string, grouping bool, uc OutputUseCase) (*VPCAnalysisOutput, error) { diff --git a/pkg/vpcmodel/vpcConnectivity.go b/pkg/vpcmodel/vpcConnectivity.go index a2f908569..84a1e1c41 100644 --- a/pkg/vpcmodel/vpcConnectivity.go +++ b/pkg/vpcmodel/vpcConnectivity.go @@ -4,6 +4,8 @@ import ( "github.com/np-guard/vpc-network-config-analyzer/pkg/common" ) +type generalConnectivityMap map[VPCResourceIntf]map[VPCResourceIntf]*common.ConnectionSet + // VPCConnectivity holds detailed representation of allowed connectivity considering all resources in a vpc config1 instance type VPCConnectivity struct { // computed for each layer separately its allowed connections (ingress and egress separately) From 78fd54fa57e4aa7ed84585f117f6f261eeb33e17 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 12 Nov 2023 15:21:57 +0200 Subject: [PATCH 15/31] Option to call Vsis diff added --- cmd/analyzer/main.go | 2 +- pkg/ibmvpc/analysis_output_test.go | 6 +-- pkg/vpcmodel/output.go | 12 +++--- pkg/vpcmodel/semanticDiff.go | 63 ++++++++++++++++++++++++------ pkg/vpcmodel/textOutput.go | 2 +- 5 files changed, 62 insertions(+), 23 deletions(-) diff --git a/cmd/analyzer/main.go b/cmd/analyzer/main.go index 3811cba96..20f4e389e 100644 --- a/cmd/analyzer/main.go +++ b/cmd/analyzer/main.go @@ -44,7 +44,7 @@ func analysisTypeToUseCase(inArgs *InArgs) vpcmodel.OutputUseCase { case allSubnets: return vpcmodel.AllSubnets case allSubnetsDiff: - return vpcmodel.AllSubnetsDiff + return vpcmodel.CfgsDiff } return vpcmodel.AllEndpoints } diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 772b80f93..b0092a76c 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -95,7 +95,7 @@ func getTestFileName(testName string, res = baseName + suffixOutFileSubnetsLevel case vpcmodel.AllSubnetsNoPGW: res = baseName + suffixOutFileSubnetsLevelNoPGW - case vpcmodel.AllSubnetsDiff: + case vpcmodel.CfgsDiff: res = baseName + suffixOutFileDiffSubnets } switch format { @@ -339,7 +339,7 @@ var tests = []*vpcGeneralTest{ name: "acl_testing5", // TODO: currently for this test, there are 2 connections that only differ in statefulness attribute, and // are not yet displayed in the diff report (sub1-1-ky => sub1-2-ky , sub1-1-ky => sub1-3-ky) - useCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnetsDiff}, + useCases: []vpcmodel.OutputUseCase{vpcmodel.CfgsDiff}, format: vpcmodel.Text, }, } @@ -407,7 +407,7 @@ func (tt *vpcGeneralTest) runTest(t *testing.T) { var vpcConfigs2nd map[string]*vpcmodel.VPCConfig diffUseCase := false for _, useCase := range tt.useCases { - if useCase == vpcmodel.AllSubnetsDiff { + if useCase == vpcmodel.CfgsDiff { diffUseCase = true } } diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 78de08207..45a4b1797 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -29,8 +29,8 @@ const ( AllEndpoints OutputUseCase = iota // connectivity between network interfaces and external ip-blocks SingleSubnet // connectivity per single subnet with nacl AllSubnets // connectivity between subnets (consider nacl + pgw) - AllSubnetsDiff // diff between two subnets connectivity (consider nacl + pgw) AllSubnetsNoPGW // connectivity between subnets (consider nacl only) + CfgsDiff // diff between subnets connectivity of two cfgs (consider nacl + pgw) ) // OutputGenerator captures one vpc config1 with its connectivity analysis results, and implements @@ -42,7 +42,7 @@ type OutputGenerator struct { useCase OutputUseCase nodesConn *VPCConnectivity subnetsConn *VPCsubnetConnectivity - subnetsDiff *diffBetweenCfgs + cfgsDiff *diffBetweenCfgs } func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, archOnly bool) (*OutputGenerator, error) { @@ -67,13 +67,13 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch } res.subnetsConn = subnetsConn } - if uc == AllSubnetsDiff { + if uc == CfgsDiff { configsForDiff := &ConfigsForDiff{c1, c2} - subnetsDiff, err := configsForDiff.GetDiff(grouping) + subnetsDiff, err := configsForDiff.GetDiff(Subnets, grouping) if err != nil { return nil, err } - res.subnetsDiff = subnetsDiff + res.cfgsDiff = subnetsDiff } } return res, nil @@ -107,7 +107,7 @@ func (o *OutputGenerator) Generate(f OutFormat, outFile string) (*VPCAnalysisOut return nil, errors.New("unsupported output format") } - return formatter.WriteOutput(o.config1, o.config2, o.nodesConn, o.subnetsConn, o.subnetsDiff, outFile, o.outputGrouping, o.useCase) + return formatter.WriteOutput(o.config1, o.config2, o.nodesConn, o.subnetsConn, o.cfgsDiff, outFile, o.outputGrouping, o.useCase) } type OutputFormatter interface { diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 746d0da54..0d4993697 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -19,6 +19,13 @@ const ( changedConnection ) +type DiffComputationFor = int + +const ( + Vsis DiffComputationFor = iota + Subnets +) + const ( castingNodeErr = "%s should be external node but casting to Node failed" ) @@ -46,22 +53,38 @@ type diffBetweenCfgs struct { cfg2ConnRemovedFrom1 connectivesDiff } -func (configs ConfigsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { - // 1. compute connectivity for each of the subnets - subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) - if err != nil { - return nil, err - } - subnetsConn2, err := configs.config2.GetSubnetsConnectivity(true, grouping) - if err != nil { - return nil, err +func (configs ConfigsForDiff) GetDiff(diffComputationFor DiffComputationFor, grouping bool) (*diffBetweenCfgs, error) { + // 1. compute connectivity for each of the configurations + var generalConnectivityMap1, generalConnectivityMap2 generalConnectivityMap + if diffComputationFor == Subnets { + subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) + if err != nil { + return nil, err + } + subnetsConn2, err := configs.config2.GetSubnetsConnectivity(true, grouping) + if err != nil { + return nil, err + } + generalConnectivityMap1 = subnetsConn1.AllowedConnsCombined + generalConnectivityMap2 = subnetsConn2.AllowedConnsCombined + } else if diffComputationFor == Vsis { + connectivity1, err := configs.config1.GetVPCNetworkConnectivity(grouping) + if err != nil { + return nil, err + } + connectivity2, err := configs.config2.GetVPCNetworkConnectivity(grouping) + if err != nil { + return nil, err + } + generalConnectivityMap1 = connectivity1.AllowedConnsCombined.nodesConnectivityToGeneralConnectivity() + generalConnectivityMap2 = connectivity2.AllowedConnsCombined.nodesConnectivityToGeneralConnectivity() } // 2. Computes delta in both directions subnetConfigConn1 := &configConnectivity{configs.config1, - subnetsConn1.AllowedConnsCombined} + generalConnectivityMap1} subnetConfigConn2 := &configConnectivity{configs.config2, - subnetsConn2.AllowedConnsCombined} + generalConnectivityMap2} alignedConfigConnectivity1, alignedConfigConnectivity2, err := subnetConfigConn1.getConnectivesWithSameIPBlocks(subnetConfigConn2) if err != nil { @@ -84,6 +107,22 @@ func (configs ConfigsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { return res, nil } +func (nodesConnectivity NodesConnectionsMap) nodesConnectivityToGeneralConnectivity() (generalConnMap generalConnectivityMap) { + generalConnMap = generalConnectivityMap{} + for src, connsMap := range nodesConnectivity { + for dst, conn := range connsMap { + if conn.IsEmpty() { + continue + } + if _, ok := generalConnMap[src]; !ok { + generalConnMap[src] = map[VPCResourceIntf]*common.ConnectionSet{} + } + generalConnMap[src][dst] = conn + } + } + return generalConnMap +} + // for a given VPCResourceIntf (representing a subnet or an external ip) in config return the VPCResourceIntf representing the // subnet/external address in otherConfig or nil if the subnet does not exist in the other config. func (c *VPCConfig) getVPCResourceInfInOtherConfig(other *VPCConfig, ep VPCResourceIntf) (res VPCResourceIntf, err error) { @@ -562,7 +601,7 @@ func externalNodeToIPBlock(external Node) (ipBlock *common.IPBlock, err error) { //} // //// todo: instead of adding functionality to grouping, I plan to have more generic connectivity items that will be grouped -//// encode the subnetsDiff into this generic item as well as the other entities we are grouping +//// encode the cfgsDiff into this generic item as well as the other entities we are grouping //// and then decode in the printing //// the idea is to use instead of *common.ConnectionSet in the grouped entity a string which will encode the connection //// and also the diff where relevant diff --git a/pkg/vpcmodel/textOutput.go b/pkg/vpcmodel/textOutput.go index b030d4fc5..40e301b54 100644 --- a/pkg/vpcmodel/textOutput.go +++ b/pkg/vpcmodel/textOutput.go @@ -36,7 +36,7 @@ func (t *TextOutputFormatter) WriteOutput(c1, c2 *VPCConfig, out += subnetsConn.String() case SingleSubnet: out += c1.GetConnectivityOutputPerEachSubnetSeparately() - case AllSubnetsDiff: + case CfgsDiff: out += subnetsDiff.String() } // write output to file and return the output string From 435b9bc424969ee641c0d51787ff41846585b6fb Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 13 Nov 2023 09:56:18 +0200 Subject: [PATCH 16/31] extended support in code to include VSIs; some more renaming --- cmd/analyzer/main.go | 2 +- cmd/analyzer/parse_args.go | 2 +- pkg/vpcmodel/diffSubnets_test.go | 12 ++-- pkg/vpcmodel/output.go | 6 +- pkg/vpcmodel/semanticDiff.go | 96 ++++++++++++++++++++------------ 5 files changed, 71 insertions(+), 47 deletions(-) diff --git a/cmd/analyzer/main.go b/cmd/analyzer/main.go index 20f4e389e..37dcc0a20 100644 --- a/cmd/analyzer/main.go +++ b/cmd/analyzer/main.go @@ -43,7 +43,7 @@ func analysisTypeToUseCase(inArgs *InArgs) vpcmodel.OutputUseCase { return vpcmodel.SingleSubnet case allSubnets: return vpcmodel.AllSubnets - case allSubnetsDiff: + case allSubnetsDiff, allEndpointsDiff: return vpcmodel.CfgsDiff } return vpcmodel.AllEndpoints diff --git a/cmd/analyzer/parse_args.go b/cmd/analyzer/parse_args.go index e2ce0dad4..c5fbb2494 100644 --- a/cmd/analyzer/parse_args.go +++ b/cmd/analyzer/parse_args.go @@ -48,7 +48,7 @@ var supportedAnalysisTypes = map[string]bool{ allSubnets: true, singleSubnet: true, allSubnetsDiff: true, - allEndpointsDiff: false, + allEndpointsDiff: true, } func getSupportedValuesString(supportedValues map[string]bool) string { diff --git a/pkg/vpcmodel/diffSubnets_test.go b/pkg/vpcmodel/diffSubnets_test.go index 9b6c0b4c5..2987166ac 100644 --- a/pkg/vpcmodel/diffSubnets_test.go +++ b/pkg/vpcmodel/diffSubnets_test.go @@ -80,11 +80,11 @@ func configSimpleSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *configC func TestSimpleSubnetSubtract(t *testing.T) { subnetConfigConn1, subnetConfigConn2 := configSimpleSubnetSubtract() - subnet1Subtract2, err := subnetConfigConn1.connMissingOrChanged(subnetConfigConn2, true) + subnet1Subtract2, err := subnetConfigConn1.connMissingOrChanged(subnetConfigConn2, Subnets, true) if err != nil { fmt.Println("error:", err.Error()) } - subnet1Subtract2Str := subnet1Subtract2.EnhancedString(true) + subnet1Subtract2Str := subnet1Subtract2.EnhancedString(Subnets, true) fmt.Printf("cfg1ConnRemovedFrom2:\n%v\n", subnet1Subtract2Str) require.Equal(t, err, nil) newLines := strings.Count(subnet1Subtract2Str, "\n") @@ -100,12 +100,12 @@ func TestSimpleSubnetSubtract(t *testing.T) { require.Contains(t, subnet1Subtract2Str, "diff-type: changed, source: subnet3, destination: subnet4, "+ "config1: protocol: TCP src-ports: 10-100 dst-ports: 443, config2: All Connections, subnets-diff-info:") - cfg2Subtract1, err := subnetConfigConn2.connMissingOrChanged(subnetConfigConn1, false) + cfg2Subtract1, err := subnetConfigConn2.connMissingOrChanged(subnetConfigConn1, Subnets, false) if err != nil { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - subnet2Subtract1Str := cfg2Subtract1.EnhancedString(false) + subnet2Subtract1Str := cfg2Subtract1.EnhancedString(Subnets, false) fmt.Printf("cfg2Subtract1:\n%v", subnet2Subtract1Str) require.Equal(t, subnet2Subtract1Str, "diff-type: added, source: subnet4, destination: subnet5, config1: "+ "No connection, config2: All Connections, subnets-diff-info: subnet5 added\n") @@ -165,12 +165,12 @@ func TestSimpleIPAndSubnetSubtract(t *testing.T) { } // verified bit by bit :-) - cfg1SubCfg2, err := alignedCfgConn1.connMissingOrChanged(alignedCfgConn2, true) + cfg1SubCfg2, err := alignedCfgConn1.connMissingOrChanged(alignedCfgConn2, Subnets, true) if err != nil { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - cfg1SubtractCfg2Str := cfg1SubCfg2.EnhancedString(true) + cfg1SubtractCfg2Str := cfg1SubCfg2.EnhancedString(Subnets, true) fmt.Printf("cfg1SubCfg2:\n%v\n", cfg1SubtractCfg2Str) newLines := strings.Count(cfg1SubtractCfg2Str, "\n") require.Equal(t, 7, newLines) diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 45a4b1797..55c0873a2 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -68,12 +68,12 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch res.subnetsConn = subnetsConn } if uc == CfgsDiff { - configsForDiff := &ConfigsForDiff{c1, c2} - subnetsDiff, err := configsForDiff.GetDiff(Subnets, grouping) + configsForDiff := &ConfigsForDiff{c1, c2, Subnets} + configsDiff, err := configsForDiff.GetDiff(grouping) if err != nil { return nil, err } - res.cfgsDiff = subnetsDiff + res.cfgsDiff = configsDiff } } return res, nil diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 0d4993697..f540253dc 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -19,10 +19,10 @@ const ( changedConnection ) -type DiffComputationFor = int +type diffAnalysisType = int const ( - Vsis DiffComputationFor = iota + Vsis diffAnalysisType = iota Subnets ) @@ -39,8 +39,9 @@ type connectionDiff struct { type connectivesDiff map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff type ConfigsForDiff struct { - config1 *VPCConfig - config2 *VPCConfig + config1 *VPCConfig + config2 *VPCConfig + diffAnalysis diffAnalysisType } type configConnectivity struct { @@ -51,12 +52,13 @@ type configConnectivity struct { type diffBetweenCfgs struct { cfg1ConnRemovedFrom2 connectivesDiff cfg2ConnRemovedFrom1 connectivesDiff + diffAnalysis diffAnalysisType } -func (configs ConfigsForDiff) GetDiff(diffComputationFor DiffComputationFor, grouping bool) (*diffBetweenCfgs, error) { +func (configs ConfigsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { // 1. compute connectivity for each of the configurations var generalConnectivityMap1, generalConnectivityMap2 generalConnectivityMap - if diffComputationFor == Subnets { + if configs.diffAnalysis == Subnets { subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) if err != nil { return nil, err @@ -67,7 +69,7 @@ func (configs ConfigsForDiff) GetDiff(diffComputationFor DiffComputationFor, gro } generalConnectivityMap1 = subnetsConn1.AllowedConnsCombined generalConnectivityMap2 = subnetsConn2.AllowedConnsCombined - } else if diffComputationFor == Vsis { + } else if configs.diffAnalysis == Vsis { connectivity1, err := configs.config1.GetVPCNetworkConnectivity(grouping) if err != nil { return nil, err @@ -81,20 +83,20 @@ func (configs ConfigsForDiff) GetDiff(diffComputationFor DiffComputationFor, gro } // 2. Computes delta in both directions - subnetConfigConn1 := &configConnectivity{configs.config1, + configConn1 := &configConnectivity{configs.config1, generalConnectivityMap1} - subnetConfigConn2 := &configConnectivity{configs.config2, + configConn2 := &configConnectivity{configs.config2, generalConnectivityMap2} alignedConfigConnectivity1, alignedConfigConnectivity2, err := - subnetConfigConn1.getConnectivesWithSameIPBlocks(subnetConfigConn2) + configConn1.getConnectivesWithSameIPBlocks(configConn2) if err != nil { return nil, err } - cfg1ConnRemovedFrom2, err1 := alignedConfigConnectivity1.connMissingOrChanged(alignedConfigConnectivity2, true) + cfg1ConnRemovedFrom2, err1 := alignedConfigConnectivity1.connMissingOrChanged(alignedConfigConnectivity2, configs.diffAnalysis, true) if err1 != nil { return nil, err1 } - cfg2ConnRemovedFrom1, err2 := alignedConfigConnectivity2.connMissingOrChanged(alignedConfigConnectivity1, false) + cfg2ConnRemovedFrom1, err2 := alignedConfigConnectivity2.connMissingOrChanged(alignedConfigConnectivity1, configs.diffAnalysis, false) if err2 != nil { return nil, err2 } @@ -103,7 +105,8 @@ func (configs ConfigsForDiff) GetDiff(diffComputationFor DiffComputationFor, gro res := &diffBetweenCfgs{ cfg1ConnRemovedFrom2: cfg1ConnRemovedFrom2, - cfg2ConnRemovedFrom1: cfg2ConnRemovedFrom1} + cfg2ConnRemovedFrom1: cfg2ConnRemovedFrom1, + diffAnalysis: configs.diffAnalysis} return res, nil } @@ -125,7 +128,8 @@ func (nodesConnectivity NodesConnectionsMap) nodesConnectivityToGeneralConnectiv // for a given VPCResourceIntf (representing a subnet or an external ip) in config return the VPCResourceIntf representing the // subnet/external address in otherConfig or nil if the subnet does not exist in the other config. -func (c *VPCConfig) getVPCResourceInfInOtherConfig(other *VPCConfig, ep VPCResourceIntf) (res VPCResourceIntf, err error) { +func (c *VPCConfig) getVPCResourceInfInOtherConfig(other *VPCConfig, ep VPCResourceIntf, + diffAnalysis diffAnalysisType) (res VPCResourceIntf, err error) { if ep.IsExternal() { var node Node var ok bool @@ -135,10 +139,23 @@ func (c *VPCConfig) getVPCResourceInfInOtherConfig(other *VPCConfig, ep VPCResou } return nil, fmt.Errorf(castingNodeErr, node.Name()) } - for _, nodeSet := range other.NodeSets { - if nodeSet.Name() == ep.Name() { - res = VPCResourceIntf(nodeSet) - return res, nil + // endpoint is a vsi or a subnet, depending on diffAnalysis value + if diffAnalysis == Vsis { + for _, node := range other.Nodes { + if !node.IsInternal() { + continue + } + if node.Name() == ep.Name() { + res = VPCResourceIntf(node) + return res, nil + } + } + } else if diffAnalysis == Subnets { + for _, nodeSet := range other.NodeSets { + if nodeSet.Name() == ep.Name() { + res = VPCResourceIntf(nodeSet) + return res, nil + } } } return nil, nil @@ -149,22 +166,23 @@ func (c *VPCConfig) getVPCResourceInfInOtherConfig(other *VPCConfig, ep VPCResou // the latter are included only if includeChanged, to avoid duplication in the final presentation // // assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal -func (confConnectivity *configConnectivity) connMissingOrChanged(other *configConnectivity, includeChanged bool) ( - connectivitySubtract connectivesDiff, err error) { - connectivitySubtract = map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff{} +func (confConnectivity *configConnectivity) connMissingOrChanged(other *configConnectivity, + diffAnalysis diffAnalysisType, includeChanged bool) ( + connectivityMissingOrChanged connectivesDiff, err error) { + connectivityMissingOrChanged = map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff{} for src, endpointConns := range confConnectivity.connectivity { for dst, conns := range endpointConns { if conns.IsEmpty() { continue } - if _, ok := connectivitySubtract[src]; !ok { - connectivitySubtract[src] = map[VPCResourceIntf]*connectionDiff{} + if _, ok := connectivityMissingOrChanged[src]; !ok { + connectivityMissingOrChanged[src] = map[VPCResourceIntf]*connectionDiff{} } - srcInOther, err1 := confConnectivity.config.getVPCResourceInfInOtherConfig(other.config, src) + srcInOther, err1 := confConnectivity.config.getVPCResourceInfInOtherConfig(other.config, src, diffAnalysis) if err1 != nil { return nil, err1 } - dstInOther, err2 := confConnectivity.config.getVPCResourceInfInOtherConfig(other.config, dst) + dstInOther, err2 := confConnectivity.config.getVPCResourceInfInOtherConfig(other.config, dst, diffAnalysis) if err2 != nil { return nil, err2 } @@ -185,20 +203,20 @@ func (confConnectivity *configConnectivity) connMissingOrChanged(other *configCo } else { // srcInOther == nil || dstInOther == nil connDiff.diff = getDiffType(src, srcInOther, dst, dstInOther) } - connectivitySubtract[src][dst] = connDiff + connectivityMissingOrChanged[src][dst] = connDiff } } - return connectivitySubtract, nil + return connectivityMissingOrChanged, nil } // lack of a subnet is marked as a missing endpoint // a lack of identical external endpoint is considered as a missing connection // and not as a missing endpoint func getDiffType(src, srcInOther, dst, dstInOther VPCResourceIntf) DiffType { - _, srcIsSubnet := src.(NodeSet) - _, dstIsSubnet := dst.(NodeSet) - missingSrc := srcInOther == nil && srcIsSubnet - missingDst := dstInOther == nil && dstIsSubnet + srcIsInternal := !src.IsExternal() + dstIsInternal := !dst.IsExternal() + missingSrc := srcInOther == nil && srcIsInternal + missingDst := dstInOther == nil && dstIsInternal switch { case missingSrc && missingDst: return missingSrcDstEP @@ -216,11 +234,11 @@ func getDiffType(src, srcInOther, dst, dstInOther VPCResourceIntf) DiffType { // anyways the diff print will be worked on before the final merge func (diff *diffBetweenCfgs) String() string { - return diff.cfg1ConnRemovedFrom2.EnhancedString(true) + - diff.cfg2ConnRemovedFrom1.EnhancedString(false) + return diff.cfg1ConnRemovedFrom2.EnhancedString(diff.diffAnalysis, true) + + diff.cfg2ConnRemovedFrom1.EnhancedString(diff.diffAnalysis, false) } -func (connDiff *connectivesDiff) EnhancedString(thisMinusOther bool) string { +func (connDiff *connectivesDiff) EnhancedString(diffAnalysis diffAnalysisType, thisMinusOther bool) string { strList := []string{} for src, endpointConnDiff := range *connDiff { for dst, connDiff := range endpointConnDiff { @@ -233,8 +251,14 @@ func (connDiff *connectivesDiff) EnhancedString(thisMinusOther bool) string { conn2Str = connStr(connDiff.conn1) } diffType, endpointsDiff := diffAndEndpointsDisc(connDiff.diff, src, dst, thisMinusOther) - printDiff := fmt.Sprintf("diff-type: %s, source: %s, destination: %s, config1: %s, config2: %s, subnets-diff-info: %s\n", - diffType, src.Name(), dst.Name(), conn1Str, conn2Str, endpointsDiff) + diffInfo := "" + if diffAnalysis == Subnets { + diffInfo = "subnets-diff-info:" + } else if diffAnalysis == Vsis { + diffInfo = "vsis-diff-info:" + } + printDiff := fmt.Sprintf("diff-type: %s, source: %s, destination: %s, config1: %s, config2: %s, %s %s\n", + diffType, src.Name(), dst.Name(), conn1Str, conn2Str, diffInfo, endpointsDiff) strList = append(strList, printDiff) } } From 07a21d3f3668caaaf35f23232bc2aabb274b97ce Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 13 Nov 2023 11:57:19 +0200 Subject: [PATCH 17/31] more renaming --- .../{diffSubnets_test.go => semanticDiff_test.go} | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) rename pkg/vpcmodel/{diffSubnets_test.go => semanticDiff_test.go} (96%) diff --git a/pkg/vpcmodel/diffSubnets_test.go b/pkg/vpcmodel/semanticDiff_test.go similarity index 96% rename from pkg/vpcmodel/diffSubnets_test.go rename to pkg/vpcmodel/semanticDiff_test.go index 2987166ac..b76c774d7 100644 --- a/pkg/vpcmodel/diffSubnets_test.go +++ b/pkg/vpcmodel/semanticDiff_test.go @@ -33,7 +33,7 @@ import ( // subnet1 connMissingOrChanged subnet2: // subnet3 -> subnet4 different connection -func configSimpleSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *configConnectivity) { +func configSimpleSubnetDiff() (subnetConfigConn1, subnetConfigConn2 *configConnectivity) { cfg1 := &VPCConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} cfg1.Nodes = append(cfg1.Nodes, &mockNetIntf{cidr: "10.0.20.5/32", name: "vsi1-1"}, @@ -78,8 +78,8 @@ func configSimpleSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *configC return subnetConfigConn1, subnetConfigConn2 } -func TestSimpleSubnetSubtract(t *testing.T) { - subnetConfigConn1, subnetConfigConn2 := configSimpleSubnetSubtract() +func TestSimpleSubnetDiff(t *testing.T) { + subnetConfigConn1, subnetConfigConn2 := configSimpleSubnetDiff() subnet1Subtract2, err := subnetConfigConn1.connMissingOrChanged(subnetConfigConn2, Subnets, true) if err != nil { fmt.Println("error:", err.Error()) @@ -111,7 +111,7 @@ func TestSimpleSubnetSubtract(t *testing.T) { "No connection, config2: All Connections, subnets-diff-info: subnet5 added\n") } -func configSimpleIPAndSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *configConnectivity) { +func configSimpleIPAndSubnetDiff() (subnetConfigConn1, subnetConfigConn2 *configConnectivity) { cfg1 := &VPCConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.1.20.0/22", "subnet1", nil}, &mockSubnet{"10.2.20.0/22", "subnet2", nil}) @@ -155,8 +155,8 @@ func configSimpleIPAndSubnetSubtract() (subnetConfigConn1, subnetConfigConn2 *co return subnetConfigConn1, subnetConfigConn2 } -func TestSimpleIPAndSubnetSubtract(t *testing.T) { - cfgConn1, cfgConn2 := configSimpleIPAndSubnetSubtract() +func TestSimpleIPAndSubnetDiff(t *testing.T) { + cfgConn1, cfgConn2 := configSimpleIPAndSubnetDiff() alignedCfgConn1, alignedCfgConn2, err := cfgConn1.getConnectivesWithSameIPBlocks(cfgConn2) if err != nil { fmt.Printf("err: %v\n", err.Error()) From db9a0305cb33bc02e628950bdefc1f2cf5e88c4b Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 13 Nov 2023 15:28:49 +0200 Subject: [PATCH 18/31] unit test added --- pkg/vpcmodel/semanticDiff_test.go | 98 +++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/pkg/vpcmodel/semanticDiff_test.go b/pkg/vpcmodel/semanticDiff_test.go index b76c774d7..0c7151ade 100644 --- a/pkg/vpcmodel/semanticDiff_test.go +++ b/pkg/vpcmodel/semanticDiff_test.go @@ -189,3 +189,101 @@ func TestSimpleIPAndSubnetDiff(t *testing.T) { require.Contains(t, cfg1SubtractCfg2Str, "diff-type: changed, source: subnet2, destination: Public Internet [200.2.4.0/24], "+ "config1: All Connections, config2: protocol: TCP src-ports: 0-1000 dst-ports: 0-443, subnets-diff-info:") } + +func configSimpleVsisDiff() (configConn1, configConn2 *configConnectivity) { + cfg1 := &VPCConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} + cfg1.Nodes = append(cfg1.Nodes, + &mockNetIntf{name: "vsi0", isPublic: false, cidr: ""}, + &mockNetIntf{name: "vsi1", isPublic: false, cidr: ""}, + &mockNetIntf{name: "vsi2", isPublic: false, cidr: ""}, + &mockNetIntf{name: "vsi3", isPublic: false, cidr: ""}, + &mockNetIntf{cidr: "1.2.3.0/30", name: "public1-1", isPublic: true}) + + cfg1.NodeSets = append(cfg1.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet0", []Node{cfg1.Nodes[0], cfg1.Nodes[1], + cfg1.Nodes[2], cfg1.Nodes[3]}}) + + cfg2 := &VPCConfig{Nodes: []Node{}, NodeSets: []NodeSet{}} + cfg2.Nodes = append(cfg2.Nodes, + &mockNetIntf{name: "vsi1", isPublic: false, cidr: ""}, + &mockNetIntf{name: "vsi2", isPublic: false, cidr: ""}, + &mockNetIntf{name: "vsi3", isPublic: false, cidr: ""}, + &mockNetIntf{name: "vsi4", isPublic: false, cidr: ""}, + &mockNetIntf{cidr: "1.2.3.0/26", name: "public2-1", isPublic: true}) + + cfg2.NodeSets = append(cfg2.NodeSets, &mockSubnet{"10.0.20.0/22", "subnet0", []Node{cfg2.Nodes[0], cfg2.Nodes[1], + cfg2.Nodes[2], cfg2.Nodes[3]}}) + + connectionTCP := common.NewConnectionSet(false) + connectionTCP.AddTCPorUDPConn(common.ProtocolTCP, 10, 100, 443, 443) + cfg1Conn := &VPCConnectivity{AllowedConnsCombined: NewNodesConnectionsMap()} + cfg1Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg1.Nodes[0], cfg1.Nodes[1], common.NewConnectionSet(true)) + cfg1Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg1.Nodes[1], cfg1.Nodes[2], common.NewConnectionSet(true)) + cfg1Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg1.Nodes[1], cfg1.Nodes[3], common.NewConnectionSet(true)) + cfg1Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg1.Nodes[2], cfg1.Nodes[3], connectionTCP) + cfg1Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg1.Nodes[2], cfg1.Nodes[4], connectionTCP) + + cfg2Conn := &VPCConnectivity{AllowedConnsCombined: NewNodesConnectionsMap()} + // 1st connections is identical to these in cfg1; the 2nd one differs in the conn type, the 3rd one has a dst that + // does not exist in cfg1 + cfg2Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg2.Nodes[0], cfg2.Nodes[1], common.NewConnectionSet(true)) + cfg2Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg2.Nodes[1], cfg2.Nodes[2], common.NewConnectionSet(true)) + cfg2Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg2.Nodes[2], cfg2.Nodes[3], common.NewConnectionSet(true)) + cfg2Conn.AllowedConnsCombined.updateAllowedConnsMap(cfg2.Nodes[1], cfg2.Nodes[4], common.NewConnectionSet(true)) + + cfg1ConnGeneral := cfg1Conn.AllowedConnsCombined.nodesConnectivityToGeneralConnectivity() + cfg2ConnGeneral := cfg2Conn.AllowedConnsCombined.nodesConnectivityToGeneralConnectivity() + + configConn1 = &configConnectivity{cfg1, cfg1ConnGeneral} + configConn2 = &configConnectivity{cfg2, cfg2ConnGeneral} + + fmt.Printf("cfg1:\n%v\n", cfg1Conn.AllowedConnsCombined.getCombinedConnsStr()) + fmt.Printf("cfg2:\n%v\n", cfg2Conn.AllowedConnsCombined.getCombinedConnsStr()) + + return configConn1, configConn2 +} + +func TestSimpleVsisDiff(t *testing.T) { + cfgConn1, cfgConn2 := configSimpleVsisDiff() + alignedCfgConn1, alignedCfgConn2, err := cfgConn1.getConnectivesWithSameIPBlocks(cfgConn2) + if err != nil { + fmt.Printf("err: %v\n", err.Error()) + require.Equal(t, err, nil) + return + } + + cfg1SubCfg2, err := alignedCfgConn1.connMissingOrChanged(alignedCfgConn2, Vsis, true) + if err != nil { + fmt.Println("error:", err.Error()) + } + require.Equal(t, err, nil) + cfg1SubCfg2Str := cfg1SubCfg2.EnhancedString(Vsis, true) + fmt.Printf("cfg1SubCfg2Str:\n%v\n", cfg1SubCfg2Str) + newLines := strings.Count(cfg1SubCfg2Str, "\n") + require.Equal(t, 4, newLines) + require.Contains(t, cfg1SubCfg2Str, "diff-type: changed, source: vsi2, destination: vsi3, config1: "+ + "protocol: TCP src-ports: 10-100 dst-ports: 443, config2: All Connections, vsis-diff-info:") + require.Contains(t, cfg1SubCfg2Str, "diff-type: removed, source: vsi0, destination: vsi1, config1: "+ + "All Connections, config2: No connection, vsis-diff-info: vsi0 removed") + require.Contains(t, cfg1SubCfg2Str, "diff-type: removed, source: vsi1, destination: vsi3, config1: "+ + "All Connections, config2: No connection, vsis-diff-info:") + + cfg2SubCfg1, err := alignedCfgConn2.connMissingOrChanged(alignedCfgConn1, Vsis, false) + if err != nil { + fmt.Println("error:", err.Error()) + } + require.Equal(t, err, nil) + cfg2SubCfg1Str := cfg2SubCfg1.EnhancedString(Vsis, true) + fmt.Printf("cfg2SubCfg1Str:\n%v\n", cfg2SubCfg1Str) + newLines = strings.Count(cfg2SubCfg1Str, "\n") + require.Equal(t, 5, newLines) + require.Contains(t, cfg2SubCfg1Str, "diff-type: removed, source: vsi2, "+ + "destination: Public Internet [1.2.3.16/28], config1: All Connections, config2: No connection, vsis-diff-info: \n") + require.Contains(t, cfg2SubCfg1Str, "diff-type: removed, source: vsi2, "+ + "destination: Public Internet [1.2.3.32/27], config1: All Connections, config2: No connection, vsis-diff-info: \n") + require.Contains(t, cfg2SubCfg1Str, "diff-type: removed, source: vsi2, destination: Public Internet [1.2.3.4/30], "+ + "config1: All Connections, config2: No connection, vsis-diff-info: \n") + require.Contains(t, cfg2SubCfg1Str, "diff-type: removed, source: vsi2, "+ + "destination: Public Internet [1.2.3.8/29], config1: All Connections, config2: No connection, vsis-diff-info: \n") + require.Contains(t, cfg2SubCfg1Str, "diff-type: removed, source: vsi3, destination: vsi4, config1: "+ + "All Connections, config2: No connection, vsis-diff-info: vsi4 removed\n") +} From c56492fb0f529f785f49af2f244aa1806b421d7e Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 13 Nov 2023 17:06:29 +0200 Subject: [PATCH 19/31] lint comments --- pkg/vpcmodel/semanticDiff.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index f540253dc..56f66130b 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -110,9 +110,9 @@ func (configs ConfigsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { return res, nil } -func (nodesConnectivity NodesConnectionsMap) nodesConnectivityToGeneralConnectivity() (generalConnMap generalConnectivityMap) { +func (nodesConnMap NodesConnectionsMap) nodesConnectivityToGeneralConnectivity() (generalConnMap generalConnectivityMap) { generalConnMap = generalConnectivityMap{} - for src, connsMap := range nodesConnectivity { + for src, connsMap := range nodesConnMap { for dst, conn := range connsMap { if conn.IsEmpty() { continue From 75b01825bc4ee74aac6a3ff270827da163bd42f9 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 14 Nov 2023 11:27:05 +0200 Subject: [PATCH 20/31] added end-to-end support and test for vsis diff (endpoints diff) --- cmd/analyzer/main.go | 6 +- pkg/ibmvpc/analysis_output_test.go | 23 +- .../examples/acl_testing3endpointsDiff.txt | 3 + .../examples/input_acl_testing3_2nd.json | 1910 +++++++++++++++++ pkg/vpcmodel/output.go | 13 +- pkg/vpcmodel/textOutput.go | 6 +- 6 files changed, 1946 insertions(+), 15 deletions(-) create mode 100644 pkg/ibmvpc/examples/acl_testing3endpointsDiff.txt create mode 100644 pkg/ibmvpc/examples/input_acl_testing3_2nd.json diff --git a/cmd/analyzer/main.go b/cmd/analyzer/main.go index 37dcc0a20..30f0bd4df 100644 --- a/cmd/analyzer/main.go +++ b/cmd/analyzer/main.go @@ -43,8 +43,10 @@ func analysisTypeToUseCase(inArgs *InArgs) vpcmodel.OutputUseCase { return vpcmodel.SingleSubnet case allSubnets: return vpcmodel.AllSubnets - case allSubnetsDiff, allEndpointsDiff: - return vpcmodel.CfgsDiff + case allSubnetsDiff: + return vpcmodel.SubnetsDiff + case allEndpointsDiff: + return vpcmodel.EndpointsDiff } return vpcmodel.AllEndpoints } diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index b0092a76c..efa782e4a 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -52,6 +52,7 @@ const ( suffixOutFileSubnetsLevel = "subnetsBased_withPGW" suffixOutFileSubnetsLevelNoPGW = "subnetsBased_withoutPGW" suffixOutFileDiffSubnets = "subnetsDiff" + suffixOutFileDiffEndpoints = "endpointsDiff" txtOutSuffix = ".txt" debugOutSuffix = "_debug.txt" mdOutSuffix = ".md" @@ -95,8 +96,10 @@ func getTestFileName(testName string, res = baseName + suffixOutFileSubnetsLevel case vpcmodel.AllSubnetsNoPGW: res = baseName + suffixOutFileSubnetsLevelNoPGW - case vpcmodel.CfgsDiff: + case vpcmodel.SubnetsDiff: res = baseName + suffixOutFileDiffSubnets + case vpcmodel.EndpointsDiff: + res = baseName + suffixOutFileDiffEndpoints } switch format { case vpcmodel.Text: @@ -336,10 +339,13 @@ var tests = []*vpcGeneralTest{ format: vpcmodel.Text, }, { - name: "acl_testing5", - // TODO: currently for this test, there are 2 connections that only differ in statefulness attribute, and - // are not yet displayed in the diff report (sub1-1-ky => sub1-2-ky , sub1-1-ky => sub1-3-ky) - useCases: []vpcmodel.OutputUseCase{vpcmodel.CfgsDiff}, + name: "acl_testing5", + useCases: []vpcmodel.OutputUseCase{vpcmodel.SubnetsDiff}, + format: vpcmodel.Text, + }, + { + name: "acl_testing3", + useCases: []vpcmodel.OutputUseCase{vpcmodel.EndpointsDiff}, format: vpcmodel.Text, }, } @@ -347,7 +353,8 @@ var tests = []*vpcGeneralTest{ var formatsAvoidComparison = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} // uncomment the function below to run for updating the expected output -/*var formatsAvoidOutputGeneration = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} +var formatsAvoidOutputGeneration = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} + func TestAllWithGeneration(t *testing.T) { // tests is the list of tests to run for testIdx := range tests { @@ -364,7 +371,7 @@ func TestAllWithGeneration(t *testing.T) { }) } fmt.Println("done") -}*/ +} func TestAllWithComparison(t *testing.T) { // tests is the list of tests to run @@ -407,7 +414,7 @@ func (tt *vpcGeneralTest) runTest(t *testing.T) { var vpcConfigs2nd map[string]*vpcmodel.VPCConfig diffUseCase := false for _, useCase := range tt.useCases { - if useCase == vpcmodel.CfgsDiff { + if useCase == vpcmodel.SubnetsDiff || useCase == vpcmodel.EndpointsDiff { diffUseCase = true } } diff --git a/pkg/ibmvpc/examples/acl_testing3endpointsDiff.txt b/pkg/ibmvpc/examples/acl_testing3endpointsDiff.txt new file mode 100644 index 000000000..643b336ab --- /dev/null +++ b/pkg/ibmvpc/examples/acl_testing3endpointsDiff.txt @@ -0,0 +1,3 @@ +Analysis for diff between VPC test-vpc1-ky and VPC test-vpc2-ky +diff-type: removed, source: vsi1-ky[10.240.10.4], destination: Public Internet [161.26.0.0/16], config1: protocol: UDP *, config2: No connection, vsis-diff-info: +diff-type: removed, source: vsi1-ky[10.240.10.4], destination: vsi2-ky[10.240.20.4], config1: protocol: TCP,UDP, config2: No connection, vsis-diff-info: diff --git a/pkg/ibmvpc/examples/input_acl_testing3_2nd.json b/pkg/ibmvpc/examples/input_acl_testing3_2nd.json new file mode 100644 index 000000000..9d1458311 --- /dev/null +++ b/pkg/ibmvpc/examples/input_acl_testing3_2nd.json @@ -0,0 +1,1910 @@ +{ + "endpoint_gateways": [ + { + "created_at": "2023-03-13T12:08:03.000Z", + "crn": "crn:1", + "health_state": "ok", + "href": "href:2", + "id": "id:3", + "ips": [ + { + "address": "10.240.30.7", + "href": "href:4", + "id": "id:5", + "name": "vpe-for-etcd-db-ky", + "resource_type": "subnet_reserved_ip" + } + ], + "lifecycle_state": "stable", + "name": "db-endpoint-gateway-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "endpoint_gateway", + "security_groups": [ + { + "crn": "crn:8", + "href": "href:9", + "id": "id:10", + "name": "sg1-ky" + } + ], + "service_endpoint": "ttt", + "service_endpoints": [ + "ttt" + ], + "tags": [], + "target": { + "crn": "crn:11", + "resource_type": "provider_cloud_service" + }, + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky" + } + } + ], + "floating_ips": [ + { + "address": "52.118.145.114", + "created_at": "2023-03-13T11:51:29Z", + "crn": "crn:15", + "href": "href:16", + "id": "id:17", + "name": "floating-ip-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "status": "available", + "tags": [], + "target": { + "href": "href:18", + "id": "id:19", + "name": "yarn-canary-guileless-deftly", + "primary_ip": { + "address": "10.240.20.4", + "href": "href:20", + "id": "id:21", + "name": "precision-grudge-daylight-married", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + }, + { + "address": "52.116.129.150", + "created_at": "2023-03-13T11:50:34Z", + "crn": "crn:23", + "href": "href:24", + "id": "id:25", + "name": "public-gw-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "status": "available", + "tags": [], + "target": { + "crn": "crn:26", + "href": "href:27", + "id": "id:28", + "name": "public-gw-ky", + "resource_type": "public_gateway" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + } + ], + "instances": [ + { + "availability_policy": { + "host_failure": "restart" + }, + "bandwidth": 4000, + "boot_volume_attachment": { + "device": { + "id": "id:34" + }, + "href": "href:32", + "id": "id:33", + "name": "craziness-boa-ionic-zestfully", + "volume": { + "crn": "crn:35", + "href": "href:36", + "id": "id:37", + "name": "recharger-refinery-trace-hatchery" + } + }, + "created_at": "2023-03-13T11:51:16Z", + "crn": "crn:29", + "disks": [], + "href": "href:30", + "id": "id:31", + "image": { + "crn": "crn:38", + "href": "href:39", + "id": "id:40", + "name": "ibm-centos-7-9-minimal-amd64-8" + }, + "lifecycle_reasons": [], + "lifecycle_state": "stable", + "memory": 4, + "metadata_service": { + "enabled": false, + "protocol": "http", + "response_hop_limit": 1 + }, + "name": "vsi1-ky", + "network_interfaces": [ + { + "allow_ip_spoofing": false, + "created_at": "2023-03-13T11:51:16Z", + "floating_ips": [], + "href": "href:41", + "id": "id:42", + "name": "cycling-juvenile-traipse-paramount", + "port_speed": 3000, + "primary_ip": { + "address": "10.240.10.4", + "href": "href:43", + "id": "id:44", + "name": "swiftly-running-ounce-chrome", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "security_groups": [ + { + "crn": "crn:8", + "href": "href:9", + "id": "id:10", + "name": "sg1-ky" + } + ], + "status": "available", + "subnet": { + "crn": "crn:45", + "href": "href:46", + "id": "id:47", + "name": "subnet1-ky", + "resource_type": "subnet" + }, + "type": "primary" + } + ], + "numa_count": 1, + "primary_network_interface": { + "href": "href:41", + "id": "id:42", + "name": "cycling-juvenile-traipse-paramount", + "primary_ip": { + "address": "10.240.10.4", + "href": "href:43", + "id": "id:44", + "name": "swiftly-running-ounce-chrome", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "subnet": { + "crn": "crn:45", + "href": "href:46", + "id": "id:47", + "name": "subnet1-ky", + "resource_type": "subnet" + } + }, + "profile": { + "href": "href:48", + "name": "cx2-2x4" + }, + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "instance", + "startable": true, + "status": "running", + "status_reasons": [], + "tags": [], + "total_network_bandwidth": 3000, + "total_volume_bandwidth": 1000, + "vcpu": { + "architecture": "amd64", + "count": 2, + "manufacturer": "intel" + }, + "volume_attachments": [ + { + "device": { + "id": "id:34" + }, + "href": "href:32", + "id": "id:33", + "name": "craziness-boa-ionic-zestfully", + "volume": { + "crn": "crn:35", + "href": "href:36", + "id": "id:37", + "name": "recharger-refinery-trace-hatchery" + } + } + ], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + }, + { + "availability_policy": { + "host_failure": "restart" + }, + "bandwidth": 4000, + "boot_volume_attachment": { + "device": { + "id": "id:54" + }, + "href": "href:52", + "id": "id:53", + "name": "isolating-detector-sycamore-subarctic", + "volume": { + "crn": "crn:55", + "href": "href:56", + "id": "id:57", + "name": "heave-dreary-secluded-delicacy" + } + }, + "created_at": "2023-03-13T11:51:04Z", + "crn": "crn:49", + "disks": [], + "href": "href:50", + "id": "id:51", + "image": { + "crn": "crn:38", + "href": "href:39", + "id": "id:40", + "name": "ibm-centos-7-9-minimal-amd64-8" + }, + "lifecycle_reasons": [], + "lifecycle_state": "stable", + "memory": 4, + "metadata_service": { + "enabled": false, + "protocol": "http", + "response_hop_limit": 1 + }, + "name": "vsi2-ky", + "network_interfaces": [ + { + "allow_ip_spoofing": false, + "created_at": "2023-03-13T11:51:04Z", + "floating_ips": [ + { + "address": "52.118.145.114", + "crn": "crn:15", + "href": "href:16", + "id": "id:17", + "name": "floating-ip-ky" + } + ], + "href": "href:18", + "id": "id:19", + "name": "yarn-canary-guileless-deftly", + "port_speed": 3000, + "primary_ip": { + "address": "10.240.20.4", + "href": "href:20", + "id": "id:21", + "name": "precision-grudge-daylight-married", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "security_groups": [ + { + "crn": "crn:8", + "href": "href:9", + "id": "id:10", + "name": "sg1-ky" + } + ], + "status": "available", + "subnet": { + "crn": "crn:58", + "href": "href:59", + "id": "id:60", + "name": "subnet2-ky", + "resource_type": "subnet" + }, + "type": "primary" + } + ], + "numa_count": 1, + "primary_network_interface": { + "href": "href:18", + "id": "id:19", + "name": "yarn-canary-guileless-deftly", + "primary_ip": { + "address": "10.240.20.4", + "href": "href:20", + "id": "id:21", + "name": "precision-grudge-daylight-married", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "subnet": { + "crn": "crn:58", + "href": "href:59", + "id": "id:60", + "name": "subnet2-ky", + "resource_type": "subnet" + } + }, + "profile": { + "href": "href:48", + "name": "cx2-2x4" + }, + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "instance", + "startable": true, + "status": "running", + "status_reasons": [], + "tags": [], + "total_network_bandwidth": 3000, + "total_volume_bandwidth": 1000, + "vcpu": { + "architecture": "amd64", + "count": 2, + "manufacturer": "intel" + }, + "volume_attachments": [ + { + "device": { + "id": "id:54" + }, + "href": "href:52", + "id": "id:53", + "name": "isolating-detector-sycamore-subarctic", + "volume": { + "crn": "crn:55", + "href": "href:56", + "id": "id:57", + "name": "heave-dreary-secluded-delicacy" + } + } + ], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + }, + { + "availability_policy": { + "host_failure": "restart" + }, + "bandwidth": 4000, + "boot_volume_attachment": { + "device": { + "id": "id:66" + }, + "href": "href:64", + "id": "id:65", + "name": "dispersal-sister-antacid-icon", + "volume": { + "crn": "crn:67", + "href": "href:68", + "id": "id:69", + "name": "moonlight-pawing-video-shed" + } + }, + "created_at": "2023-03-13T11:50:50Z", + "crn": "crn:61", + "disks": [], + "href": "href:62", + "id": "id:63", + "image": { + "crn": "crn:38", + "href": "href:39", + "id": "id:40", + "name": "ibm-centos-7-9-minimal-amd64-8" + }, + "lifecycle_reasons": [], + "lifecycle_state": "stable", + "memory": 4, + "metadata_service": { + "enabled": false, + "protocol": "http", + "response_hop_limit": 1 + }, + "name": "vsi3a-ky", + "network_interfaces": [ + { + "allow_ip_spoofing": false, + "created_at": "2023-03-13T11:50:50Z", + "floating_ips": [], + "href": "href:70", + "id": "id:71", + "name": "data-washstand-blot-scrambler", + "port_speed": 3000, + "primary_ip": { + "address": "10.240.30.5", + "href": "href:72", + "id": "id:73", + "name": "ointment-fading-shabby-sectional", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "security_groups": [ + { + "crn": "crn:8", + "href": "href:9", + "id": "id:10", + "name": "sg1-ky" + } + ], + "status": "available", + "subnet": { + "crn": "crn:74", + "href": "href:75", + "id": "id:76", + "name": "subnet3-ky", + "resource_type": "subnet" + }, + "type": "primary" + } + ], + "numa_count": 1, + "primary_network_interface": { + "href": "href:70", + "id": "id:71", + "name": "data-washstand-blot-scrambler", + "primary_ip": { + "address": "10.240.30.5", + "href": "href:72", + "id": "id:73", + "name": "ointment-fading-shabby-sectional", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "subnet": { + "crn": "crn:74", + "href": "href:75", + "id": "id:76", + "name": "subnet3-ky", + "resource_type": "subnet" + } + }, + "profile": { + "href": "href:48", + "name": "cx2-2x4" + }, + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "instance", + "startable": true, + "status": "running", + "status_reasons": [], + "tags": [], + "total_network_bandwidth": 3000, + "total_volume_bandwidth": 1000, + "vcpu": { + "architecture": "amd64", + "count": 2, + "manufacturer": "intel" + }, + "volume_attachments": [ + { + "device": { + "id": "id:66" + }, + "href": "href:64", + "id": "id:65", + "name": "dispersal-sister-antacid-icon", + "volume": { + "crn": "crn:67", + "href": "href:68", + "id": "id:69", + "name": "moonlight-pawing-video-shed" + } + } + ], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + }, + { + "availability_policy": { + "host_failure": "restart" + }, + "bandwidth": 4000, + "boot_volume_attachment": { + "device": { + "id": "id:82" + }, + "href": "href:80", + "id": "id:81", + "name": "fanning-conceded-reapprove-finishing", + "volume": { + "crn": "crn:83", + "href": "href:84", + "id": "id:85", + "name": "oblong-federal-reason-aide" + } + }, + "created_at": "2023-03-13T11:50:50Z", + "crn": "crn:77", + "disks": [], + "href": "href:78", + "id": "id:79", + "image": { + "crn": "crn:38", + "href": "href:39", + "id": "id:40", + "name": "ibm-centos-7-9-minimal-amd64-8" + }, + "lifecycle_reasons": [], + "lifecycle_state": "stable", + "memory": 4, + "metadata_service": { + "enabled": false, + "protocol": "http", + "response_hop_limit": 1 + }, + "name": "vsi3c-ky", + "network_interfaces": [ + { + "allow_ip_spoofing": false, + "created_at": "2023-03-13T11:50:50Z", + "floating_ips": [], + "href": "href:86", + "id": "id:87", + "name": "contest-dance-divided-brilliant", + "port_speed": 3000, + "primary_ip": { + "address": "10.240.30.4", + "href": "href:88", + "id": "id:89", + "name": "wobbling-pueblo-bulldozer-spring", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "security_groups": [ + { + "crn": "crn:8", + "href": "href:9", + "id": "id:10", + "name": "sg1-ky" + } + ], + "status": "available", + "subnet": { + "crn": "crn:74", + "href": "href:75", + "id": "id:76", + "name": "subnet3-ky", + "resource_type": "subnet" + }, + "type": "primary" + } + ], + "numa_count": 1, + "primary_network_interface": { + "href": "href:86", + "id": "id:87", + "name": "contest-dance-divided-brilliant", + "primary_ip": { + "address": "10.240.30.4", + "href": "href:88", + "id": "id:89", + "name": "wobbling-pueblo-bulldozer-spring", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "subnet": { + "crn": "crn:74", + "href": "href:75", + "id": "id:76", + "name": "subnet3-ky", + "resource_type": "subnet" + } + }, + "profile": { + "href": "href:48", + "name": "cx2-2x4" + }, + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "instance", + "startable": true, + "status": "running", + "status_reasons": [], + "tags": [], + "total_network_bandwidth": 3000, + "total_volume_bandwidth": 1000, + "vcpu": { + "architecture": "amd64", + "count": 2, + "manufacturer": "intel" + }, + "volume_attachments": [ + { + "device": { + "id": "id:82" + }, + "href": "href:80", + "id": "id:81", + "name": "fanning-conceded-reapprove-finishing", + "volume": { + "crn": "crn:83", + "href": "href:84", + "id": "id:85", + "name": "oblong-federal-reason-aide" + } + } + ], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + }, + { + "availability_policy": { + "host_failure": "restart" + }, + "bandwidth": 4000, + "boot_volume_attachment": { + "device": { + "id": "id:95" + }, + "href": "href:93", + "id": "id:94", + "name": "people-emphasize-tracing-majorette", + "volume": { + "crn": "crn:96", + "href": "href:97", + "id": "id:98", + "name": "pogo-unripe-snowdrift-untwist" + } + }, + "created_at": "2023-03-13T11:50:50Z", + "crn": "crn:90", + "disks": [], + "href": "href:91", + "id": "id:92", + "image": { + "crn": "crn:38", + "href": "href:39", + "id": "id:40", + "name": "ibm-centos-7-9-minimal-amd64-8" + }, + "lifecycle_reasons": [], + "lifecycle_state": "stable", + "memory": 4, + "metadata_service": { + "enabled": false, + "protocol": "http", + "response_hop_limit": 1 + }, + "name": "vsi3b-ky", + "network_interfaces": [ + { + "allow_ip_spoofing": false, + "created_at": "2023-03-13T11:50:50Z", + "floating_ips": [], + "href": "href:99", + "id": "id:100", + "name": "filterable-steersman-collar-whoops", + "port_speed": 3000, + "primary_ip": { + "address": "10.240.30.6", + "href": "href:101", + "id": "id:102", + "name": "attach-portfolio-natural-lisp", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "security_groups": [ + { + "crn": "crn:8", + "href": "href:9", + "id": "id:10", + "name": "sg1-ky" + } + ], + "status": "available", + "subnet": { + "crn": "crn:74", + "href": "href:75", + "id": "id:76", + "name": "subnet3-ky", + "resource_type": "subnet" + }, + "type": "primary" + } + ], + "numa_count": 1, + "primary_network_interface": { + "href": "href:99", + "id": "id:100", + "name": "filterable-steersman-collar-whoops", + "primary_ip": { + "address": "10.240.30.6", + "href": "href:101", + "id": "id:102", + "name": "attach-portfolio-natural-lisp", + "resource_type": "subnet_reserved_ip" + }, + "resource_type": "network_interface", + "subnet": { + "crn": "crn:74", + "href": "href:75", + "id": "id:76", + "name": "subnet3-ky", + "resource_type": "subnet" + } + }, + "profile": { + "href": "href:48", + "name": "cx2-2x4" + }, + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "instance", + "startable": true, + "status": "running", + "status_reasons": [], + "tags": [], + "total_network_bandwidth": 3000, + "total_volume_bandwidth": 1000, + "vcpu": { + "architecture": "amd64", + "count": 2, + "manufacturer": "intel" + }, + "volume_attachments": [ + { + "device": { + "id": "id:95" + }, + "href": "href:93", + "id": "id:94", + "name": "people-emphasize-tracing-majorette", + "volume": { + "crn": "crn:96", + "href": "href:97", + "id": "id:98", + "name": "pogo-unripe-snowdrift-untwist" + } + } + ], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + } + ], + "network_acls": [ + { + "created_at": "2023-03-13T11:50:34Z", + "crn": "crn:103", + "href": "href:104", + "id": "id:105", + "name": "acl2-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "rules": [ + { + "action": "allow", + "before": { + "href": "href:108", + "id": "id:109", + "name": "acl2-out-2" + }, + "created_at": "2023-03-13T12:21:36Z", + "destination": "142.0.0.0/8", + "direction": "outbound", + "href": "href:106", + "id": "id:107", + "ip_version": "ipv4", + "name": "acl2-out-1", + "protocol": "icmp", + "source": "10.240.20.0/24" + }, + { + "action": "allow", + "before": { + "href": "href:110", + "id": "id:111", + "name": "acl2-out-3" + }, + "created_at": "2023-03-13T12:21:37Z", + "destination": "10.240.30.0/24", + "direction": "outbound", + "href": "href:108", + "id": "id:109", + "ip_version": "ipv4", + "name": "acl2-out-2", + "protocol": "icmp", + "source": "10.240.20.0/24" + }, + { + "action": "allow", + "before": { + "href": "href:112", + "id": "id:113", + "name": "acl2-in-1" + }, + "created_at": "2023-03-13T12:21:37Z", + "destination": "10.240.10.0/24", + "direction": "outbound", + "href": "href:110", + "id": "id:111", + "ip_version": "ipv4", + "name": "acl2-out-3", + "protocol": "all", + "source": "10.240.20.0/24" + }, + { + "action": "deny", + "before": { + "href": "href:114", + "id": "id:115", + "name": "acl2-in-2" + }, + "created_at": "2023-03-13T12:21:38Z", + "destination": "147.235.219.207/32", + "destination_port_max": 22, + "destination_port_min": 22, + "direction": "inbound", + "href": "href:112", + "id": "id:113", + "ip_version": "ipv4", + "name": "acl2-in-1", + "protocol": "tcp", + "source": "0.0.0.0/0", + "source_port_max": 65535, + "source_port_min": 1 + }, + { + "action": "allow", + "before": { + "href": "href:116", + "id": "id:117", + "name": "acl2-in-3" + }, + "created_at": "2023-03-13T12:21:38Z", + "destination": "147.235.219.206/31", + "destination_port_max": 22, + "destination_port_min": 22, + "direction": "inbound", + "href": "href:114", + "id": "id:115", + "ip_version": "ipv4", + "name": "acl2-in-2", + "protocol": "tcp", + "source": "0.0.0.0/0", + "source_port_max": 65535, + "source_port_min": 1 + }, + { + "action": "allow", + "before": { + "href": "href:118", + "id": "id:119", + "name": "acl2-in-4" + }, + "created_at": "2023-03-13T12:21:39Z", + "destination": "10.240.20.0/24", + "destination_port_max": 22, + "destination_port_min": 22, + "direction": "inbound", + "href": "href:116", + "id": "id:117", + "ip_version": "ipv4", + "name": "acl2-in-3", + "protocol": "tcp", + "source": "10.240.30.0/24", + "source_port_max": 65535, + "source_port_min": 1 + }, + { + "action": "allow", + "created_at": "2023-03-13T12:21:39Z", + "destination": "10.240.20.0/24", + "direction": "inbound", + "href": "href:118", + "id": "id:119", + "ip_version": "ipv4", + "name": "acl2-in-4", + "protocol": "all", + "source": "10.240.10.0/24" + } + ], + "subnets": [ + { + "crn": "crn:58", + "href": "href:59", + "id": "id:60", + "name": "subnet2-ky", + "resource_type": "subnet" + } + ], + "tags": [], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + } + }, + { + "created_at": "2023-03-13T11:50:34Z", + "crn": "crn:120", + "href": "href:121", + "id": "id:122", + "name": "acl1-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "rules": [ + { + "action": "deny", + "before": { + "href": "href:125", + "id": "id:126", + "name": "acl1-out-2" + }, + "created_at": "2023-03-13T12:21:36Z", + "destination": "10.240.20.0/24", + "direction": "outbound", + "href": "href:123", + "id": "id:124", + "ip_version": "ipv4", + "name": "acl1-out-1", + "protocol": "icmp", + "source": "10.240.10.0/24" + }, + { + "action": "deny", + "before": { + "href": "href:127", + "id": "id:128", + "name": "acl1-out-3" + }, + "created_at": "2023-03-13T12:21:37Z", + "destination": "161.26.0.0/16", + "destination_port_max": 65535, + "destination_port_min": 1, + "direction": "outbound", + "href": "href:125", + "id": "id:126", + "ip_version": "ipv4", + "name": "acl1-out-2", + "protocol": "udp", + "source": "10.240.10.0/24", + "source_port_max": 65535, + "source_port_min": 1 + }, + { + "action": "deny", + "before": { + "href": "href:129", + "id": "id:130", + "name": "acl1-in-1" + }, + "created_at": "2023-03-13T12:21:37Z", + "destination": "10.240.20.0/24", + "direction": "outbound", + "href": "href:127", + "id": "id:128", + "ip_version": "ipv4", + "name": "acl1-out-3", + "protocol": "all", + "source": "10.240.10.0/24" + }, + { + "action": "allow", + "before": { + "href": "href:131", + "id": "id:132", + "name": "acl1-in-2" + }, + "created_at": "2023-03-13T12:21:38Z", + "destination": "0.0.0.0/0", + "direction": "inbound", + "href": "href:129", + "id": "id:130", + "ip_version": "ipv4", + "name": "acl1-in-1", + "protocol": "all", + "source": "10.240.30.0/24" + }, + { + "action": "allow", + "created_at": "2023-03-13T12:21:38Z", + "destination": "10.240.10.0/24", + "direction": "inbound", + "href": "href:131", + "id": "id:132", + "ip_version": "ipv4", + "name": "acl1-in-2", + "protocol": "all", + "source": "10.240.20.0/24" + } + ], + "subnets": [ + { + "crn": "crn:45", + "href": "href:46", + "id": "id:47", + "name": "subnet1-ky", + "resource_type": "subnet" + } + ], + "tags": [], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + } + }, + { + "created_at": "2023-03-13T11:50:33Z", + "crn": "crn:133", + "href": "href:134", + "id": "id:135", + "name": "acl3-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "rules": [ + { + "action": "allow", + "before": { + "href": "href:138", + "id": "id:139", + "name": "acl3-out-2" + }, + "created_at": "2023-03-13T12:21:36Z", + "destination": "10.240.10.0/24", + "direction": "outbound", + "href": "href:136", + "id": "id:137", + "ip_version": "ipv4", + "name": "acl3-out-1", + "protocol": "all", + "source": "0.0.0.0/0" + }, + { + "action": "allow", + "before": { + "href": "href:140", + "id": "id:141", + "name": "acl3-in-1" + }, + "created_at": "2023-03-13T12:21:36Z", + "destination": "10.240.20.0/24", + "direction": "outbound", + "href": "href:138", + "id": "id:139", + "ip_version": "ipv4", + "name": "acl3-out-2", + "protocol": "all", + "source": "10.240.30.0/31" + }, + { + "action": "allow", + "before": { + "href": "href:142", + "id": "id:143", + "name": "acl3-in-2" + }, + "created_at": "2023-03-13T12:21:37Z", + "destination": "0.0.0.0/0", + "direction": "inbound", + "href": "href:140", + "id": "id:141", + "ip_version": "ipv4", + "name": "acl3-in-1", + "protocol": "all", + "source": "10.240.10.0/24" + }, + { + "action": "allow", + "created_at": "2023-03-13T12:21:37Z", + "destination": "10.240.30.0/31", + "direction": "inbound", + "href": "href:142", + "id": "id:143", + "ip_version": "ipv4", + "name": "acl3-in-2", + "protocol": "all", + "source": "10.240.20.0/24" + } + ], + "subnets": [ + { + "crn": "crn:74", + "href": "href:75", + "id": "id:76", + "name": "subnet3-ky", + "resource_type": "subnet" + } + ], + "tags": [], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + } + }, + { + "created_at": "2023-03-13T11:50:18Z", + "crn": "crn:144", + "href": "href:145", + "id": "id:146", + "name": "demilune-humorless-captain-lurex", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "rules": [ + { + "action": "allow", + "before": { + "href": "href:149", + "id": "id:150", + "name": "allow-outbound" + }, + "created_at": "2023-03-13T11:50:18Z", + "destination": "0.0.0.0/0", + "direction": "inbound", + "href": "href:147", + "id": "id:148", + "ip_version": "ipv4", + "name": "allow-inbound", + "protocol": "all", + "source": "0.0.0.0/0" + }, + { + "action": "allow", + "created_at": "2023-03-13T11:50:18Z", + "destination": "0.0.0.0/0", + "direction": "outbound", + "href": "href:149", + "id": "id:150", + "ip_version": "ipv4", + "name": "allow-outbound", + "protocol": "all", + "source": "0.0.0.0/0" + } + ], + "subnets": [], + "tags": [], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + } + } + ], + "public_gateways": [ + { + "created_at": "2023-03-13T11:50:34Z", + "crn": "crn:26", + "floating_ip": { + "address": "52.116.129.150", + "crn": "crn:23", + "href": "href:24", + "id": "id:25", + "name": "public-gw-ky" + }, + "href": "href:27", + "id": "id:28", + "name": "public-gw-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "public_gateway", + "status": "available", + "tags": [], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + } + ], + "security_groups": [ + { + "created_at": "2023-03-13T11:50:34Z", + "crn": "crn:8", + "href": "href:9", + "id": "id:10", + "name": "sg1-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "rules": [ + { + "direction": "outbound", + "href": "href:151", + "id": "id:152", + "ip_version": "ipv4", + "protocol": "all", + "remote": { + "cidr_block": "0.0.0.0/0" + } + }, + { + "direction": "inbound", + "href": "href:153", + "id": "id:154", + "ip_version": "ipv4", + "protocol": "all", + "remote": { + "cidr_block": "0.0.0.0/0" + } + } + ], + "tags": [], + "targets": [ + { + "href": "href:86", + "id": "id:87", + "name": "contest-dance-divided-brilliant", + "resource_type": "network_interface" + }, + { + "href": "href:70", + "id": "id:71", + "name": "data-washstand-blot-scrambler", + "resource_type": "network_interface" + }, + { + "href": "href:99", + "id": "id:100", + "name": "filterable-steersman-collar-whoops", + "resource_type": "network_interface" + }, + { + "href": "href:18", + "id": "id:19", + "name": "yarn-canary-guileless-deftly", + "resource_type": "network_interface" + }, + { + "href": "href:41", + "id": "id:42", + "name": "cycling-juvenile-traipse-paramount", + "resource_type": "network_interface" + }, + { + "crn": "crn:1", + "href": "href:2", + "id": "id:3", + "name": "db-endpoint-gateway-ky", + "resource_type": "endpoint_gateway" + } + ], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + } + }, + { + "created_at": "2023-03-13T11:50:18Z", + "crn": "crn:155", + "href": "href:156", + "id": "id:157", + "name": "barbecue-frayed-varied-average", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "rules": [ + { + "direction": "outbound", + "href": "href:158", + "id": "id:159", + "ip_version": "ipv4", + "protocol": "all", + "remote": { + "cidr_block": "0.0.0.0/0" + } + }, + { + "direction": "inbound", + "href": "href:160", + "id": "id:161", + "ip_version": "ipv4", + "protocol": "all", + "remote": { + "crn": "crn:155", + "href": "href:156", + "id": "id:157", + "name": "barbecue-frayed-varied-average" + } + } + ], + "tags": [], + "targets": [], + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + } + } + ], + "subnets": [ + { + "available_ipv4_address_count": 250, + "created_at": "2023-03-13T11:51:03Z", + "crn": "crn:45", + "href": "href:46", + "id": "id:47", + "ip_version": "ipv4", + "ipv4_cidr_block": "10.240.10.0/24", + "name": "subnet1-ky", + "network_acl": { + "crn": "crn:120", + "href": "href:121", + "id": "id:122", + "name": "acl1-ky" + }, + "public_gateway": { + "crn": "crn:26", + "href": "href:27", + "id": "id:28", + "name": "public-gw-ky", + "resource_type": "public_gateway" + }, + "reserved_ips": [ + { + "address": "10.240.10.0", + "auto_delete": false, + "created_at": "2023-03-13T11:51:03Z", + "href": "href:162", + "id": "id:163", + "lifecycle_state": "stable", + "name": "ibm-network-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.10.1", + "auto_delete": false, + "created_at": "2023-03-13T11:51:03Z", + "href": "href:164", + "id": "id:165", + "lifecycle_state": "stable", + "name": "ibm-default-gateway", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.10.2", + "auto_delete": false, + "created_at": "2023-03-13T11:51:03Z", + "href": "href:166", + "id": "id:167", + "lifecycle_state": "stable", + "name": "ibm-dns-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.10.3", + "auto_delete": false, + "created_at": "2023-03-13T11:51:03Z", + "href": "href:168", + "id": "id:169", + "lifecycle_state": "stable", + "name": "ibm-reserved-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.10.4", + "auto_delete": true, + "created_at": "2023-03-13T11:51:16Z", + "href": "href:43", + "id": "id:44", + "lifecycle_state": "stable", + "name": "swiftly-running-ounce-chrome", + "owner": "user", + "resource_type": "subnet_reserved_ip", + "target": { + "href": "href:41", + "id": "id:42", + "name": "cycling-juvenile-traipse-paramount", + "resource_type": "network_interface" + } + }, + { + "address": "10.240.10.255", + "auto_delete": false, + "created_at": "2023-03-13T11:51:03Z", + "href": "href:170", + "id": "id:171", + "lifecycle_state": "stable", + "name": "ibm-broadcast-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + } + ], + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "subnet", + "routing_table": { + "href": "href:172", + "id": "id:173", + "name": "catnap-music-yearbook-rotunda", + "resource_type": "routing_table" + }, + "status": "available", + "tags": [ + "public" + ], + "total_ipv4_address_count": 256, + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + }, + { + "available_ipv4_address_count": 250, + "created_at": "2023-03-13T11:50:50Z", + "crn": "crn:58", + "href": "href:59", + "id": "id:60", + "ip_version": "ipv4", + "ipv4_cidr_block": "10.240.20.0/24", + "name": "subnet2-ky", + "network_acl": { + "crn": "crn:103", + "href": "href:104", + "id": "id:105", + "name": "acl2-ky" + }, + "reserved_ips": [ + { + "address": "10.240.20.0", + "auto_delete": false, + "created_at": "2023-03-13T11:50:50Z", + "href": "href:174", + "id": "id:175", + "lifecycle_state": "stable", + "name": "ibm-network-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.20.1", + "auto_delete": false, + "created_at": "2023-03-13T11:50:50Z", + "href": "href:176", + "id": "id:177", + "lifecycle_state": "stable", + "name": "ibm-default-gateway", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.20.2", + "auto_delete": false, + "created_at": "2023-03-13T11:50:50Z", + "href": "href:178", + "id": "id:179", + "lifecycle_state": "stable", + "name": "ibm-dns-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.20.3", + "auto_delete": false, + "created_at": "2023-03-13T11:50:50Z", + "href": "href:180", + "id": "id:181", + "lifecycle_state": "stable", + "name": "ibm-reserved-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.20.4", + "auto_delete": true, + "created_at": "2023-03-13T11:51:04Z", + "href": "href:20", + "id": "id:21", + "lifecycle_state": "stable", + "name": "precision-grudge-daylight-married", + "owner": "user", + "resource_type": "subnet_reserved_ip", + "target": { + "href": "href:18", + "id": "id:19", + "name": "yarn-canary-guileless-deftly", + "resource_type": "network_interface" + } + }, + { + "address": "10.240.20.255", + "auto_delete": false, + "created_at": "2023-03-13T11:50:50Z", + "href": "href:182", + "id": "id:183", + "lifecycle_state": "stable", + "name": "ibm-broadcast-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + } + ], + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "subnet", + "routing_table": { + "href": "href:172", + "id": "id:173", + "name": "catnap-music-yearbook-rotunda", + "resource_type": "routing_table" + }, + "status": "available", + "tags": [ + "public" + ], + "total_ipv4_address_count": 256, + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + }, + { + "available_ipv4_address_count": 247, + "created_at": "2023-03-13T11:50:37Z", + "crn": "crn:74", + "href": "href:75", + "id": "id:76", + "ip_version": "ipv4", + "ipv4_cidr_block": "10.240.30.0/24", + "name": "subnet3-ky", + "network_acl": { + "crn": "crn:133", + "href": "href:134", + "id": "id:135", + "name": "acl3-ky" + }, + "reserved_ips": [ + { + "address": "10.240.30.0", + "auto_delete": false, + "created_at": "2023-03-13T11:50:37Z", + "href": "href:184", + "id": "id:185", + "lifecycle_state": "stable", + "name": "ibm-network-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.30.1", + "auto_delete": false, + "created_at": "2023-03-13T11:50:37Z", + "href": "href:186", + "id": "id:187", + "lifecycle_state": "stable", + "name": "ibm-default-gateway", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.30.2", + "auto_delete": false, + "created_at": "2023-03-13T11:50:37Z", + "href": "href:188", + "id": "id:189", + "lifecycle_state": "stable", + "name": "ibm-dns-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.30.3", + "auto_delete": false, + "created_at": "2023-03-13T11:50:37Z", + "href": "href:190", + "id": "id:191", + "lifecycle_state": "stable", + "name": "ibm-reserved-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + }, + { + "address": "10.240.30.4", + "auto_delete": true, + "created_at": "2023-03-13T11:50:51Z", + "href": "href:88", + "id": "id:89", + "lifecycle_state": "stable", + "name": "wobbling-pueblo-bulldozer-spring", + "owner": "user", + "resource_type": "subnet_reserved_ip", + "target": { + "href": "href:86", + "id": "id:87", + "name": "contest-dance-divided-brilliant", + "resource_type": "network_interface" + } + }, + { + "address": "10.240.30.5", + "auto_delete": true, + "created_at": "2023-03-13T11:50:51Z", + "href": "href:72", + "id": "id:73", + "lifecycle_state": "stable", + "name": "ointment-fading-shabby-sectional", + "owner": "user", + "resource_type": "subnet_reserved_ip", + "target": { + "href": "href:70", + "id": "id:71", + "name": "data-washstand-blot-scrambler", + "resource_type": "network_interface" + } + }, + { + "address": "10.240.30.6", + "auto_delete": true, + "created_at": "2023-03-13T11:50:51Z", + "href": "href:101", + "id": "id:102", + "lifecycle_state": "stable", + "name": "attach-portfolio-natural-lisp", + "owner": "user", + "resource_type": "subnet_reserved_ip", + "target": { + "href": "href:99", + "id": "id:100", + "name": "filterable-steersman-collar-whoops", + "resource_type": "network_interface" + } + }, + { + "address": "10.240.30.7", + "auto_delete": true, + "created_at": "2023-03-13T12:08:06Z", + "href": "href:4", + "id": "id:5", + "lifecycle_state": "stable", + "name": "vpe-for-etcd-db-ky", + "owner": "user", + "resource_type": "subnet_reserved_ip", + "target": { + "crn": "crn:1", + "href": "href:2", + "id": "id:3", + "name": "db-endpoint-gateway-ky", + "resource_type": "endpoint_gateway" + } + }, + { + "address": "10.240.30.255", + "auto_delete": false, + "created_at": "2023-03-13T11:50:37Z", + "href": "href:192", + "id": "id:193", + "lifecycle_state": "stable", + "name": "ibm-broadcast-address", + "owner": "provider", + "resource_type": "subnet_reserved_ip" + } + ], + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "subnet", + "routing_table": { + "href": "href:172", + "id": "id:173", + "name": "catnap-music-yearbook-rotunda", + "resource_type": "routing_table" + }, + "status": "available", + "tags": [ + "private" + ], + "total_ipv4_address_count": 256, + "vpc": { + "crn": "crn:12", + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_type": "vpc" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + } + ], + "vpcs": [ + { + "classic_access": false, + "created_at": "2023-03-13T11:50:18Z", + "crn": "crn:12", + "cse_source_ips": [ + { + "ip": { + "address": "10.12.127.77" + }, + "zone": { + "href": "href:22", + "name": "us-south-1" + } + }, + { + "ip": { + "address": "10.249.201.197" + }, + "zone": { + "href": "href:194", + "name": "us-south-2" + } + }, + { + "ip": { + "address": "10.12.165.70" + }, + "zone": { + "href": "href:195", + "name": "us-south-3" + } + } + ], + "default_network_acl": { + "crn": "crn:144", + "href": "href:145", + "id": "id:146", + "name": "demilune-humorless-captain-lurex" + }, + "default_routing_table": { + "href": "href:172", + "id": "id:173", + "name": "catnap-music-yearbook-rotunda", + "resource_type": "routing_table" + }, + "default_security_group": { + "crn": "crn:155", + "href": "href:156", + "id": "id:157", + "name": "barbecue-frayed-varied-average" + }, + "href": "href:13", + "id": "id:14", + "name": "test-vpc2-ky", + "resource_group": { + "href": "href:6", + "id": "id:7", + "name": "anonymous" + }, + "resource_type": "vpc", + "status": "available", + "tags": [] + } + ] +} diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 55c0873a2..4b4fa1657 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -30,7 +30,8 @@ const ( SingleSubnet // connectivity per single subnet with nacl AllSubnets // connectivity between subnets (consider nacl + pgw) AllSubnetsNoPGW // connectivity between subnets (consider nacl only) - CfgsDiff // diff between subnets connectivity of two cfgs (consider nacl + pgw) + SubnetsDiff // diff between subnets connectivity of two cfgs (consider nacl + pgw) + EndpointsDiff // diff between vsis connectivity of two cfgs (consider nacl + pgw) ) // OutputGenerator captures one vpc config1 with its connectivity analysis results, and implements @@ -67,7 +68,7 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch } res.subnetsConn = subnetsConn } - if uc == CfgsDiff { + if uc == SubnetsDiff { configsForDiff := &ConfigsForDiff{c1, c2, Subnets} configsDiff, err := configsForDiff.GetDiff(grouping) if err != nil { @@ -75,6 +76,14 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch } res.cfgsDiff = configsDiff } + if uc == EndpointsDiff { + configsForDiff := &ConfigsForDiff{c1, c2, Vsis} + configsDiff, err := configsForDiff.GetDiff(grouping) + if err != nil { + return nil, err + } + res.cfgsDiff = configsDiff + } } return res, nil } diff --git a/pkg/vpcmodel/textOutput.go b/pkg/vpcmodel/textOutput.go index 40e301b54..d640d0686 100644 --- a/pkg/vpcmodel/textOutput.go +++ b/pkg/vpcmodel/textOutput.go @@ -18,7 +18,7 @@ func headerOfAnalyzedVPC(vpcName, vpc2Name string) string { func (t *TextOutputFormatter) WriteOutput(c1, c2 *VPCConfig, conn *VPCConnectivity, subnetsConn *VPCsubnetConnectivity, - subnetsDiff *diffBetweenCfgs, + cfgsDiff *diffBetweenCfgs, outFile string, grouping bool, uc OutputUseCase) (*VPCAnalysisOutput, error) { @@ -36,8 +36,8 @@ func (t *TextOutputFormatter) WriteOutput(c1, c2 *VPCConfig, out += subnetsConn.String() case SingleSubnet: out += c1.GetConnectivityOutputPerEachSubnetSeparately() - case CfgsDiff: - out += subnetsDiff.String() + case SubnetsDiff, EndpointsDiff: + out += cfgsDiff.String() } // write output to file and return the output string _, err := WriteToFile(out, outFile) From 5378e3b2a135aeaa1ccdecd944b98171dc0bcfeb Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 14 Nov 2023 11:35:49 +0200 Subject: [PATCH 21/31] lint --- pkg/ibmvpc/analysis_output_test.go | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index efa782e4a..e26d4186f 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -101,26 +101,33 @@ func getTestFileName(testName string, case vpcmodel.EndpointsDiff: res = baseName + suffixOutFileDiffEndpoints } + suffix, suffixErr := getTestFileSuffix(format) + if suffixErr != nil { + return "", "", suffixErr + } + res += suffix + expectedFileName = res + actualFileName = actualOutFilePrefix + res + return expectedFileName, actualFileName, nil +} + +func getTestFileSuffix(format vpcmodel.OutFormat) (suffix string, err error) { switch format { case vpcmodel.Text: - res += txtOutSuffix + return txtOutSuffix, nil case vpcmodel.Debug: - res += debugOutSuffix + return debugOutSuffix, nil case vpcmodel.MD: - res += mdOutSuffix + return mdOutSuffix, nil case vpcmodel.JSON: - res += jsonOutSuffix + return jsonOutSuffix, nil case vpcmodel.DRAWIO: - res += drawioOutSuffix + return drawioOutSuffix, nil case vpcmodel.ARCHDRAWIO: - res += archDrawioOutSuffix + return archDrawioOutSuffix, nil default: - return "", "", errors.New("unexpected out format") + return "", errors.New("unexpected out format") } - - expectedFileName = res - actualFileName = actualOutFilePrefix + res - return expectedFileName, actualFileName, nil } // initTest: based on the test name, set the input config file name, and the output From 070ccd392db238d3f778b6b7ee5582ef2cf1345e Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 14:40:26 +0200 Subject: [PATCH 22/31] CR comments 1 --- pkg/vpcmodel/grouping_test.go | 2 +- pkg/vpcmodel/semanticDiff.go | 26 +++++++++++++------------- pkg/vpcmodel/semanticDiff_test.go | 8 ++++---- pkg/vpcmodel/subnetsConnectivity.go | 8 ++------ pkg/vpcmodel/vpcConnectivity.go | 2 +- 5 files changed, 21 insertions(+), 25 deletions(-) diff --git a/pkg/vpcmodel/grouping_test.go b/pkg/vpcmodel/grouping_test.go index 77127efe2..cb9a95045 100644 --- a/pkg/vpcmodel/grouping_test.go +++ b/pkg/vpcmodel/grouping_test.go @@ -382,7 +382,7 @@ func configSubnetSelfLoop() (*VPCConfig, *VPCsubnetConnectivity) { &mockSubnet{"10.3.20.0/22", "subnet2", []Node{res.Nodes[1]}}, &mockSubnet{"10.7.20.0/22", "subnet3", []Node{res.Nodes[2]}}) - res1 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} + res1 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[0], res.NodeSets[1], common.NewConnectionSet(true)) res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[0], res.NodeSets[2], common.NewConnectionSet(true)) res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[1], res.NodeSets[0], common.NewConnectionSet(true)) diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 56f66130b..4a8a537d6 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -46,7 +46,7 @@ type ConfigsForDiff struct { type configConnectivity struct { config *VPCConfig - connectivity generalConnectivityMap + connectivity GeneralConnectivityMap } type diffBetweenCfgs struct { @@ -57,7 +57,7 @@ type diffBetweenCfgs struct { func (configs ConfigsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { // 1. compute connectivity for each of the configurations - var generalConnectivityMap1, generalConnectivityMap2 generalConnectivityMap + var generalConnectivityMap1, generalConnectivityMap2 GeneralConnectivityMap if configs.diffAnalysis == Subnets { subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) if err != nil { @@ -110,8 +110,8 @@ func (configs ConfigsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { return res, nil } -func (nodesConnMap NodesConnectionsMap) nodesConnectivityToGeneralConnectivity() (generalConnMap generalConnectivityMap) { - generalConnMap = generalConnectivityMap{} +func (nodesConnMap NodesConnectionsMap) nodesConnectivityToGeneralConnectivity() (generalConnMap GeneralConnectivityMap) { + generalConnMap = GeneralConnectivityMap{} for src, connsMap := range nodesConnMap { for dst, conn := range connsMap { if conn.IsEmpty() { @@ -301,8 +301,8 @@ func diffAndEndpointsDisc(diff DiffType, src, dst VPCResourceIntf, thisMinusOthe return "", "" } -// getConnectivesWithSameIPBlocks generates from the given generalConnectivityMap -// Two equivalent generalConnectivityMap objects s.t. any (src1, dst1) of the first map and +// getConnectivesWithSameIPBlocks generates from the given GeneralConnectivityMap +// Two equivalent GeneralConnectivityMap objects s.t. any (src1, dst1) of the first map and // (src2, dst2) of the 2nd map s.t. if src1 and src2 (dst1 and dst2) are both external then // they are either equal or disjoint func (confConnectivity *configConnectivity) getConnectivesWithSameIPBlocks(otherConfConnectivity *configConnectivity) ( @@ -345,8 +345,8 @@ func (confConnectivity *configConnectivity) getConnectivesWithSameIPBlocks(other &configConnectivity{otherAlignedConfig, alignedOtherConnectivity}, nil } -func (connectivityMap *generalConnectivityMap) alignConnectionsGivenIPBlists(config *VPCConfig, disjointIPblocks []*common.IPBlock) ( - alignedConnectivity generalConnectivityMap, err error) { +func (connectivityMap *GeneralConnectivityMap) alignConnectionsGivenIPBlists(config *VPCConfig, disjointIPblocks []*common.IPBlock) ( + alignedConnectivity GeneralConnectivityMap, err error) { alignedConnectivitySrc, err := connectivityMap.actualAlignSrcOrDstGivenIPBlists(config, disjointIPblocks, true) if err != nil { return nil, err @@ -396,9 +396,9 @@ func resizeNodes(oldNodes []Node, disjointIPblocks []*common.IPBlock) (newNodes return newNodes, nil } -func (connectivityMap *generalConnectivityMap) actualAlignSrcOrDstGivenIPBlists(config *VPCConfig, +func (connectivityMap *GeneralConnectivityMap) actualAlignSrcOrDstGivenIPBlists(config *VPCConfig, disjointIPblocks []*common.IPBlock, resizeSrc bool) ( - alignedConnectivity generalConnectivityMap, err error) { + alignedConnectivity GeneralConnectivityMap, err error) { // goes over all sources of connections in connectivity // if src is external then for each IPBlock in disjointIPblocks copies dsts and connection type // otherwise just copies as is @@ -484,7 +484,7 @@ func findNodeWithCidr(configNodes []Node, cidr string) Node { } // get a list of IPBlocks of the src and dst of the connections -func (connectivityMap generalConnectivityMap) getIPBlocksList() (ipbList []*common.IPBlock, +func (connectivityMap GeneralConnectivityMap) getIPBlocksList() (ipbList []*common.IPBlock, myErr error) { for src, endpointConns := range connectivityMap { for dst, conns := range endpointConns { @@ -534,7 +534,7 @@ func externalNodeToIPBlock(external Node) (ipBlock *common.IPBlock, err error) { // src EndpointElem // dst EndpointElem // } -// func (connectivity generalConnectivityMap) getIntersectingConnections(other generalConnectivityMap) (areIntersecting string, +// func (connectivity GeneralConnectivityMap) getIntersectingConnections(other GeneralConnectivityMap) (areIntersecting string, // err error) { // err = nil // for src, endpointConns := range connectivity { @@ -632,7 +632,7 @@ func externalNodeToIPBlock(external Node) (ipBlock *common.IPBlock, err error) { //// this will requires some rewriting in the existing grouping functionality and the way it provides //// service to subnetsConnectivity and nodesConnectivity // -// func (connectivity *generalConnectivityMap) PrintConnectivity() { +// func (connectivity *GeneralConnectivityMap) PrintConnectivity() { // for src, endpointConns := range *connectivity { // for dst, conns := range endpointConns { // if conns.IsEmpty() { diff --git a/pkg/vpcmodel/semanticDiff_test.go b/pkg/vpcmodel/semanticDiff_test.go index 0c7151ade..6b432c8e1 100644 --- a/pkg/vpcmodel/semanticDiff_test.go +++ b/pkg/vpcmodel/semanticDiff_test.go @@ -59,7 +59,7 @@ func configSimpleSubnetDiff() (subnetConfigConn1, subnetConfigConn2 *configConne connectionTCP := common.NewConnectionSet(false) connectionTCP.AddTCPorUDPConn(common.ProtocolTCP, 10, 100, 443, 443) - subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} + subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[2], common.NewConnectionSet(true)) subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[1], common.NewConnectionSet(true)) @@ -67,7 +67,7 @@ func configSimpleSubnetDiff() (subnetConfigConn1, subnetConfigConn2 *configConne subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[2], common.NewConnectionSet(true)) subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[4], connectionTCP) - subnetConnMap2 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} + subnetConnMap2 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[0], common.NewConnectionSet(true)) subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[2], common.NewConnectionSet(true)) subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[2], cfg2.NodeSets[3], common.NewConnectionSet(true)) @@ -133,14 +133,14 @@ func configSimpleIPAndSubnetDiff() (subnetConfigConn1, subnetConfigConn2 *config // and are comparable // and are comparable // and are comparable - subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} + subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.Nodes[0], cfg1.NodeSets[0], common.NewConnectionSet(true)) subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.Nodes[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.Nodes[1], cfg1.NodeSets[1], common.NewConnectionSet(true)) subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.Nodes[0], common.NewConnectionSet(true)) subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.Nodes[2], common.NewConnectionSet(true)) - subnetConnMap2 := &VPCsubnetConnectivity{AllowedConnsCombined: NewSubnetConnectivityMap()} + subnetConnMap2 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.Nodes[0], cfg2.NodeSets[0], common.NewConnectionSet(true)) subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.Nodes[0], cfg2.NodeSets[1], common.NewConnectionSet(true)) subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.Nodes[1], cfg2.NodeSets[1], common.NewConnectionSet(true)) diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index e9f71ae15..e777bf366 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -12,7 +12,7 @@ type VPCsubnetConnectivity struct { // computed for each node (subnet), by iterating its ConnectivityResult for all relevant VPC resources that capture it AllowedConns map[VPCResourceIntf]*ConfigBasedConnectivityResults // combined connectivity - considering both ingress and egress per connection - AllowedConnsCombined generalConnectivityMap + AllowedConnsCombined GeneralConnectivityMap VPCConfig *VPCConfig // grouped connectivity result GroupedConnectivity *GroupConnLines @@ -24,10 +24,6 @@ const ( errUnexpectedTypePeerNode = "unexpected type for peerNode in computeAllowedConnsCombined" ) -func NewSubnetConnectivityMap() generalConnectivityMap { - return generalConnectivityMap{} -} - func subnetConnLine(subnet string, conn *common.ConnectionSet) string { return fmt.Sprintf("%s : %s\n", subnet, conn.String()) } @@ -313,7 +309,7 @@ func (c *VPCConfig) GetConnectivityOutputPerEachSubnetSeparately() string { return "" } -func (connectivityMap generalConnectivityMap) updateAllowedSubnetConnsMap(src, dst VPCResourceIntf, conn *common.ConnectionSet) { +func (connectivityMap GeneralConnectivityMap) updateAllowedSubnetConnsMap(src, dst VPCResourceIntf, conn *common.ConnectionSet) { if _, ok := connectivityMap[src]; !ok { connectivityMap[src] = map[VPCResourceIntf]*common.ConnectionSet{} } diff --git a/pkg/vpcmodel/vpcConnectivity.go b/pkg/vpcmodel/vpcConnectivity.go index 84a1e1c41..cbddc9d2c 100644 --- a/pkg/vpcmodel/vpcConnectivity.go +++ b/pkg/vpcmodel/vpcConnectivity.go @@ -4,7 +4,7 @@ import ( "github.com/np-guard/vpc-network-config-analyzer/pkg/common" ) -type generalConnectivityMap map[VPCResourceIntf]map[VPCResourceIntf]*common.ConnectionSet +type GeneralConnectivityMap map[VPCResourceIntf]map[VPCResourceIntf]*common.ConnectionSet // VPCConnectivity holds detailed representation of allowed connectivity considering all resources in a vpc config1 instance type VPCConnectivity struct { From 65ed510d333d0bcfb9a1df7f5d8abf2adeea7f97 Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 14:43:32 +0200 Subject: [PATCH 23/31] CR comments 2 --- pkg/vpcmodel/grouping_test.go | 12 ++++----- pkg/vpcmodel/semanticDiff_test.go | 38 ++++++++++++++--------------- pkg/vpcmodel/subnetsConnectivity.go | 2 +- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/pkg/vpcmodel/grouping_test.go b/pkg/vpcmodel/grouping_test.go index cb9a95045..8753902ea 100644 --- a/pkg/vpcmodel/grouping_test.go +++ b/pkg/vpcmodel/grouping_test.go @@ -383,12 +383,12 @@ func configSubnetSelfLoop() (*VPCConfig, *VPCsubnetConnectivity) { &mockSubnet{"10.7.20.0/22", "subnet3", []Node{res.Nodes[2]}}) res1 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} - res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[0], res.NodeSets[1], common.NewConnectionSet(true)) - res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[0], res.NodeSets[2], common.NewConnectionSet(true)) - res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[1], res.NodeSets[0], common.NewConnectionSet(true)) - res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[1], res.NodeSets[2], common.NewConnectionSet(true)) - res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[2], res.NodeSets[0], common.NewConnectionSet(true)) - res1.AllowedConnsCombined.updateAllowedSubnetConnsMap(res.NodeSets[2], res.NodeSets[1], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedConnsMap(res.NodeSets[0], res.NodeSets[1], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedConnsMap(res.NodeSets[0], res.NodeSets[2], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedConnsMap(res.NodeSets[1], res.NodeSets[0], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedConnsMap(res.NodeSets[1], res.NodeSets[2], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedConnsMap(res.NodeSets[2], res.NodeSets[0], common.NewConnectionSet(true)) + res1.AllowedConnsCombined.updateAllowedConnsMap(res.NodeSets[2], res.NodeSets[1], common.NewConnectionSet(true)) return res, res1 } diff --git a/pkg/vpcmodel/semanticDiff_test.go b/pkg/vpcmodel/semanticDiff_test.go index 6b432c8e1..ed1b35f52 100644 --- a/pkg/vpcmodel/semanticDiff_test.go +++ b/pkg/vpcmodel/semanticDiff_test.go @@ -60,17 +60,17 @@ func configSimpleSubnetDiff() (subnetConfigConn1, subnetConfigConn2 *configConne connectionTCP := common.NewConnectionSet(false) connectionTCP.AddTCPorUDPConn(common.ProtocolTCP, 10, 100, 443, 443) subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[2], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[1], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[2], cfg1.NodeSets[3], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[2], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[4], connectionTCP) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.NodeSets[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.NodeSets[1], cfg1.NodeSets[2], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.NodeSets[2], cfg1.NodeSets[3], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[2], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.NodeSets[3], cfg1.NodeSets[4], connectionTCP) subnetConnMap2 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} - subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[0], common.NewConnectionSet(true)) - subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[2], common.NewConnectionSet(true)) - subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[2], cfg2.NodeSets[3], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[0], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedConnsMap(cfg2.NodeSets[1], cfg2.NodeSets[2], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedConnsMap(cfg2.NodeSets[2], cfg2.NodeSets[3], common.NewConnectionSet(true)) subnetConfigConn1 = &configConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} subnetConfigConn2 = &configConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} @@ -134,20 +134,20 @@ func configSimpleIPAndSubnetDiff() (subnetConfigConn1, subnetConfigConn2 *config // and are comparable // and are comparable subnetConnMap1 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.Nodes[0], cfg1.NodeSets[0], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.Nodes[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.Nodes[1], cfg1.NodeSets[1], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.Nodes[0], common.NewConnectionSet(true)) - subnetConnMap1.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg1.NodeSets[1], cfg1.Nodes[2], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.Nodes[0], cfg1.NodeSets[0], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.Nodes[0], cfg1.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.Nodes[1], cfg1.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.NodeSets[1], cfg1.Nodes[0], common.NewConnectionSet(true)) + subnetConnMap1.AllowedConnsCombined.updateAllowedConnsMap(cfg1.NodeSets[1], cfg1.Nodes[2], common.NewConnectionSet(true)) subnetConnMap2 := &VPCsubnetConnectivity{AllowedConnsCombined: GeneralConnectivityMap{}} - subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.Nodes[0], cfg2.NodeSets[0], common.NewConnectionSet(true)) - subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.Nodes[0], cfg2.NodeSets[1], common.NewConnectionSet(true)) - subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.Nodes[1], cfg2.NodeSets[1], common.NewConnectionSet(true)) - subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.Nodes[0], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedConnsMap(cfg2.Nodes[0], cfg2.NodeSets[0], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedConnsMap(cfg2.Nodes[0], cfg2.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedConnsMap(cfg2.Nodes[1], cfg2.NodeSets[1], common.NewConnectionSet(true)) + subnetConnMap2.AllowedConnsCombined.updateAllowedConnsMap(cfg2.NodeSets[1], cfg2.Nodes[0], common.NewConnectionSet(true)) connectionTCP := common.NewConnectionSet(false) connectionTCP.AddTCPorUDPConn(common.ProtocolTCP, 0, 1000, 0, 443) - subnetConnMap2.AllowedConnsCombined.updateAllowedSubnetConnsMap(cfg2.NodeSets[1], cfg2.Nodes[2], connectionTCP) + subnetConnMap2.AllowedConnsCombined.updateAllowedConnsMap(cfg2.NodeSets[1], cfg2.Nodes[2], connectionTCP) subnetConfigConn1 = &configConnectivity{cfg1, subnetConnMap1.AllowedConnsCombined} subnetConfigConn2 = &configConnectivity{cfg2, subnetConnMap2.AllowedConnsCombined} diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index e777bf366..34490a238 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -309,7 +309,7 @@ func (c *VPCConfig) GetConnectivityOutputPerEachSubnetSeparately() string { return "" } -func (connectivityMap GeneralConnectivityMap) updateAllowedSubnetConnsMap(src, dst VPCResourceIntf, conn *common.ConnectionSet) { +func (connectivityMap GeneralConnectivityMap) updateAllowedConnsMap(src, dst VPCResourceIntf, conn *common.ConnectionSet) { if _, ok := connectivityMap[src]; !ok { connectivityMap[src] = map[VPCResourceIntf]*common.ConnectionSet{} } From 81af2c235fcd3368a1d6d4ac8bc0667851adc500 Mon Sep 17 00:00:00 2001 From: ShiriMoran <139739065+ShiriMoran@users.noreply.github.com> Date: Thu, 16 Nov 2023 14:44:15 +0200 Subject: [PATCH 24/31] Update pkg/vpcmodel/output.go Co-authored-by: Adi Sosnovich <82078442+adisos@users.noreply.github.com> --- pkg/vpcmodel/output.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 4b4fa1657..a7613c069 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -31,7 +31,7 @@ const ( AllSubnets // connectivity between subnets (consider nacl + pgw) AllSubnetsNoPGW // connectivity between subnets (consider nacl only) SubnetsDiff // diff between subnets connectivity of two cfgs (consider nacl + pgw) - EndpointsDiff // diff between vsis connectivity of two cfgs (consider nacl + pgw) + EndpointsDiff // diff between vsis connectivity of two cfgs ) // OutputGenerator captures one vpc config1 with its connectivity analysis results, and implements From db16e99acdf443fe1ef4a9eed12421560a06eeac Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 14:56:08 +0200 Subject: [PATCH 25/31] CR comments 3 --- pkg/vpcmodel/output.go | 4 ++-- pkg/vpcmodel/semanticDiff.go | 24 ++++++++++++------------ pkg/vpcmodel/semanticDiff_test.go | 10 +++++----- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index a7613c069..b02749d5e 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -69,7 +69,7 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch res.subnetsConn = subnetsConn } if uc == SubnetsDiff { - configsForDiff := &ConfigsForDiff{c1, c2, Subnets} + configsForDiff := &configsForDiff{c1, c2, Subnets} configsDiff, err := configsForDiff.GetDiff(grouping) if err != nil { return nil, err @@ -77,7 +77,7 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch res.cfgsDiff = configsDiff } if uc == EndpointsDiff { - configsForDiff := &ConfigsForDiff{c1, c2, Vsis} + configsForDiff := &configsForDiff{c1, c2, Vsis} configsDiff, err := configsForDiff.GetDiff(grouping) if err != nil { return nil, err diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 4a8a537d6..a0fb4066f 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -36,9 +36,9 @@ type connectionDiff struct { diff DiffType } -type connectivesDiff map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff +type connectivityDiff map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff -type ConfigsForDiff struct { +type configsForDiff struct { config1 *VPCConfig config2 *VPCConfig diffAnalysis diffAnalysisType @@ -50,12 +50,12 @@ type configConnectivity struct { } type diffBetweenCfgs struct { - cfg1ConnRemovedFrom2 connectivesDiff - cfg2ConnRemovedFrom1 connectivesDiff + cfg1ConnRemovedFrom2 connectivityDiff + cfg2ConnRemovedFrom1 connectivityDiff diffAnalysis diffAnalysisType } -func (configs ConfigsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { +func (configs configsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { // 1. compute connectivity for each of the configurations var generalConnectivityMap1, generalConnectivityMap2 GeneralConnectivityMap if configs.diffAnalysis == Subnets { @@ -168,7 +168,7 @@ func (c *VPCConfig) getVPCResourceInfInOtherConfig(other *VPCConfig, ep VPCResou // assumption: any connection from connectivity and "other" have src (dst) which are either disjoint or equal func (confConnectivity *configConnectivity) connMissingOrChanged(other *configConnectivity, diffAnalysis diffAnalysisType, includeChanged bool) ( - connectivityMissingOrChanged connectivesDiff, err error) { + connectivityMissingOrChanged connectivityDiff, err error) { connectivityMissingOrChanged = map[VPCResourceIntf]map[VPCResourceIntf]*connectionDiff{} for src, endpointConns := range confConnectivity.connectivity { for dst, conns := range endpointConns { @@ -230,15 +230,15 @@ func getDiffType(src, srcInOther, dst, dstInOther VPCResourceIntf) DiffType { return noDiff } -// EnhancedString ToDo: likely the current printing functionality will no longer be needed once the grouping is added +// enhancedString ToDo: likely the current printing functionality will no longer be needed once the grouping is added // anyways the diff print will be worked on before the final merge func (diff *diffBetweenCfgs) String() string { - return diff.cfg1ConnRemovedFrom2.EnhancedString(diff.diffAnalysis, true) + - diff.cfg2ConnRemovedFrom1.EnhancedString(diff.diffAnalysis, false) + return diff.cfg1ConnRemovedFrom2.enhancedString(diff.diffAnalysis, true) + + diff.cfg2ConnRemovedFrom1.enhancedString(diff.diffAnalysis, false) } -func (connDiff *connectivesDiff) EnhancedString(diffAnalysis diffAnalysisType, thisMinusOther bool) string { +func (connDiff *connectivityDiff) enhancedString(diffAnalysis diffAnalysisType, thisMinusOther bool) string { strList := []string{} for src, endpointConnDiff := range *connDiff { for dst, connDiff := range endpointConnDiff { @@ -267,7 +267,7 @@ func (connDiff *connectivesDiff) EnhancedString(diffAnalysis diffAnalysisType, t return res } -// prints connection for the above EnhancedString(..) where the connection could be empty +// prints connection for the above enhancedString(..) where the connection could be empty func connStr(conn *common.ConnectionSet) string { if conn == nil { return "No connection" @@ -638,7 +638,7 @@ func externalNodeToIPBlock(external Node) (ipBlock *common.IPBlock, err error) { // if conns.IsEmpty() { // continue // } -// fmt.Printf("\t%v => %v %v\n", src.Name(), dst.Name(), conns.EnhancedString()) +// fmt.Printf("\t%v => %v %v\n", src.Name(), dst.Name(), conns.enhancedString()) // } // } // } diff --git a/pkg/vpcmodel/semanticDiff_test.go b/pkg/vpcmodel/semanticDiff_test.go index ed1b35f52..2017f9665 100644 --- a/pkg/vpcmodel/semanticDiff_test.go +++ b/pkg/vpcmodel/semanticDiff_test.go @@ -84,7 +84,7 @@ func TestSimpleSubnetDiff(t *testing.T) { if err != nil { fmt.Println("error:", err.Error()) } - subnet1Subtract2Str := subnet1Subtract2.EnhancedString(Subnets, true) + subnet1Subtract2Str := subnet1Subtract2.enhancedString(Subnets, true) fmt.Printf("cfg1ConnRemovedFrom2:\n%v\n", subnet1Subtract2Str) require.Equal(t, err, nil) newLines := strings.Count(subnet1Subtract2Str, "\n") @@ -105,7 +105,7 @@ func TestSimpleSubnetDiff(t *testing.T) { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - subnet2Subtract1Str := cfg2Subtract1.EnhancedString(Subnets, false) + subnet2Subtract1Str := cfg2Subtract1.enhancedString(Subnets, false) fmt.Printf("cfg2Subtract1:\n%v", subnet2Subtract1Str) require.Equal(t, subnet2Subtract1Str, "diff-type: added, source: subnet4, destination: subnet5, config1: "+ "No connection, config2: All Connections, subnets-diff-info: subnet5 added\n") @@ -170,7 +170,7 @@ func TestSimpleIPAndSubnetDiff(t *testing.T) { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - cfg1SubtractCfg2Str := cfg1SubCfg2.EnhancedString(Subnets, true) + cfg1SubtractCfg2Str := cfg1SubCfg2.enhancedString(Subnets, true) fmt.Printf("cfg1SubCfg2:\n%v\n", cfg1SubtractCfg2Str) newLines := strings.Count(cfg1SubtractCfg2Str, "\n") require.Equal(t, 7, newLines) @@ -256,7 +256,7 @@ func TestSimpleVsisDiff(t *testing.T) { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - cfg1SubCfg2Str := cfg1SubCfg2.EnhancedString(Vsis, true) + cfg1SubCfg2Str := cfg1SubCfg2.enhancedString(Vsis, true) fmt.Printf("cfg1SubCfg2Str:\n%v\n", cfg1SubCfg2Str) newLines := strings.Count(cfg1SubCfg2Str, "\n") require.Equal(t, 4, newLines) @@ -272,7 +272,7 @@ func TestSimpleVsisDiff(t *testing.T) { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - cfg2SubCfg1Str := cfg2SubCfg1.EnhancedString(Vsis, true) + cfg2SubCfg1Str := cfg2SubCfg1.enhancedString(Vsis, true) fmt.Printf("cfg2SubCfg1Str:\n%v\n", cfg2SubCfg1Str) newLines = strings.Count(cfg2SubCfg1Str, "\n") require.Equal(t, 5, newLines) From e8262763ffbb5004e57a511c191ebbf06fa0690d Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 15:22:25 +0200 Subject: [PATCH 26/31] CR comments 4 --- pkg/vpcmodel/semanticDiff.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index a0fb4066f..532161356 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -55,6 +55,8 @@ type diffBetweenCfgs struct { diffAnalysis diffAnalysisType } +// GetDiff given 2 *VPCConfigs and an diff analysis - either subnets or endpoints - +// computes and returns the semantic diff of endpoints or subnets connectivity, as per the required analysis func (configs configsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { // 1. compute connectivity for each of the configurations var generalConnectivityMap1, generalConnectivityMap2 GeneralConnectivityMap From ba225dd98eb2ce69e222794ec85337c298c53b42 Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 15:36:49 +0200 Subject: [PATCH 27/31] CR comments 5 --- pkg/vpcmodel/semanticDiff.go | 12 ++++++------ pkg/vpcmodel/semanticDiff_test.go | 10 +++++----- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 532161356..4381e4523 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -232,15 +232,15 @@ func getDiffType(src, srcInOther, dst, dstInOther VPCResourceIntf) DiffType { return noDiff } -// enhancedString ToDo: likely the current printing functionality will no longer be needed once the grouping is added +// string ToDo: likely the current printing functionality will no longer be needed once the grouping is added // anyways the diff print will be worked on before the final merge func (diff *diffBetweenCfgs) String() string { - return diff.cfg1ConnRemovedFrom2.enhancedString(diff.diffAnalysis, true) + - diff.cfg2ConnRemovedFrom1.enhancedString(diff.diffAnalysis, false) + return diff.cfg1ConnRemovedFrom2.string(diff.diffAnalysis, true) + + diff.cfg2ConnRemovedFrom1.string(diff.diffAnalysis, false) } -func (connDiff *connectivityDiff) enhancedString(diffAnalysis diffAnalysisType, thisMinusOther bool) string { +func (connDiff *connectivityDiff) string(diffAnalysis diffAnalysisType, thisMinusOther bool) string { strList := []string{} for src, endpointConnDiff := range *connDiff { for dst, connDiff := range endpointConnDiff { @@ -269,7 +269,7 @@ func (connDiff *connectivityDiff) enhancedString(diffAnalysis diffAnalysisType, return res } -// prints connection for the above enhancedString(..) where the connection could be empty +// prints connection for the above string(..) where the connection could be empty func connStr(conn *common.ConnectionSet) string { if conn == nil { return "No connection" @@ -640,7 +640,7 @@ func externalNodeToIPBlock(external Node) (ipBlock *common.IPBlock, err error) { // if conns.IsEmpty() { // continue // } -// fmt.Printf("\t%v => %v %v\n", src.Name(), dst.Name(), conns.enhancedString()) +// fmt.Printf("\t%v => %v %v\n", src.Name(), dst.Name(), conns.string()) // } // } // } diff --git a/pkg/vpcmodel/semanticDiff_test.go b/pkg/vpcmodel/semanticDiff_test.go index 2017f9665..75dd428ce 100644 --- a/pkg/vpcmodel/semanticDiff_test.go +++ b/pkg/vpcmodel/semanticDiff_test.go @@ -84,7 +84,7 @@ func TestSimpleSubnetDiff(t *testing.T) { if err != nil { fmt.Println("error:", err.Error()) } - subnet1Subtract2Str := subnet1Subtract2.enhancedString(Subnets, true) + subnet1Subtract2Str := subnet1Subtract2.string(Subnets, true) fmt.Printf("cfg1ConnRemovedFrom2:\n%v\n", subnet1Subtract2Str) require.Equal(t, err, nil) newLines := strings.Count(subnet1Subtract2Str, "\n") @@ -105,7 +105,7 @@ func TestSimpleSubnetDiff(t *testing.T) { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - subnet2Subtract1Str := cfg2Subtract1.enhancedString(Subnets, false) + subnet2Subtract1Str := cfg2Subtract1.string(Subnets, false) fmt.Printf("cfg2Subtract1:\n%v", subnet2Subtract1Str) require.Equal(t, subnet2Subtract1Str, "diff-type: added, source: subnet4, destination: subnet5, config1: "+ "No connection, config2: All Connections, subnets-diff-info: subnet5 added\n") @@ -170,7 +170,7 @@ func TestSimpleIPAndSubnetDiff(t *testing.T) { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - cfg1SubtractCfg2Str := cfg1SubCfg2.enhancedString(Subnets, true) + cfg1SubtractCfg2Str := cfg1SubCfg2.string(Subnets, true) fmt.Printf("cfg1SubCfg2:\n%v\n", cfg1SubtractCfg2Str) newLines := strings.Count(cfg1SubtractCfg2Str, "\n") require.Equal(t, 7, newLines) @@ -256,7 +256,7 @@ func TestSimpleVsisDiff(t *testing.T) { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - cfg1SubCfg2Str := cfg1SubCfg2.enhancedString(Vsis, true) + cfg1SubCfg2Str := cfg1SubCfg2.string(Vsis, true) fmt.Printf("cfg1SubCfg2Str:\n%v\n", cfg1SubCfg2Str) newLines := strings.Count(cfg1SubCfg2Str, "\n") require.Equal(t, 4, newLines) @@ -272,7 +272,7 @@ func TestSimpleVsisDiff(t *testing.T) { fmt.Println("error:", err.Error()) } require.Equal(t, err, nil) - cfg2SubCfg1Str := cfg2SubCfg1.enhancedString(Vsis, true) + cfg2SubCfg1Str := cfg2SubCfg1.string(Vsis, true) fmt.Printf("cfg2SubCfg1Str:\n%v\n", cfg2SubCfg1Str) newLines = strings.Count(cfg2SubCfg1Str, "\n") require.Equal(t, 5, newLines) From bce67ed862c70a025e022553828fd57786e0f8fb Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 16:00:40 +0200 Subject: [PATCH 28/31] CR comments 6 --- pkg/vpcmodel/output.go | 4 +-- pkg/vpcmodel/semanticDiff.go | 50 +++++++++++++++++++----------------- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index b02749d5e..a16d4bc3e 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -70,7 +70,7 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch } if uc == SubnetsDiff { configsForDiff := &configsForDiff{c1, c2, Subnets} - configsDiff, err := configsForDiff.GetDiff(grouping) + configsDiff, err := configsForDiff.GetDiff() if err != nil { return nil, err } @@ -78,7 +78,7 @@ func NewOutputGenerator(c1, c2 *VPCConfig, grouping bool, uc OutputUseCase, arch } if uc == EndpointsDiff { configsForDiff := &configsForDiff{c1, c2, Vsis} - configsDiff, err := configsForDiff.GetDiff(grouping) + configsDiff, err := configsForDiff.GetDiff() if err != nil { return nil, err } diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 4381e4523..690617180 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -57,31 +57,15 @@ type diffBetweenCfgs struct { // GetDiff given 2 *VPCConfigs and an diff analysis - either subnets or endpoints - // computes and returns the semantic diff of endpoints or subnets connectivity, as per the required analysis -func (configs configsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { +func (configs configsForDiff) GetDiff() (*diffBetweenCfgs, error) { // 1. compute connectivity for each of the configurations - var generalConnectivityMap1, generalConnectivityMap2 GeneralConnectivityMap - if configs.diffAnalysis == Subnets { - subnetsConn1, err := configs.config1.GetSubnetsConnectivity(true, grouping) - if err != nil { - return nil, err - } - subnetsConn2, err := configs.config2.GetSubnetsConnectivity(true, grouping) - if err != nil { - return nil, err - } - generalConnectivityMap1 = subnetsConn1.AllowedConnsCombined - generalConnectivityMap2 = subnetsConn2.AllowedConnsCombined - } else if configs.diffAnalysis == Vsis { - connectivity1, err := configs.config1.GetVPCNetworkConnectivity(grouping) - if err != nil { - return nil, err - } - connectivity2, err := configs.config2.GetVPCNetworkConnectivity(grouping) - if err != nil { - return nil, err - } - generalConnectivityMap1 = connectivity1.AllowedConnsCombined.nodesConnectivityToGeneralConnectivity() - generalConnectivityMap2 = connectivity2.AllowedConnsCombined.nodesConnectivityToGeneralConnectivity() + generalConnectivityMap1, err := configs.config1.getAllowedConnectionCombined(configs.diffAnalysis) + if err != nil { + return nil, err + } + generalConnectivityMap2, err := configs.config2.getAllowedConnectionCombined(configs.diffAnalysis) + if err != nil { + return nil, err } // 2. Computes delta in both directions @@ -112,6 +96,24 @@ func (configs configsForDiff) GetDiff(grouping bool) (*diffBetweenCfgs, error) { return res, nil } +func (config *VPCConfig) getAllowedConnectionCombined( + diffAnalysis diffAnalysisType) (generalConnectivityMap GeneralConnectivityMap, err error) { + if diffAnalysis == Subnets { + subnetsConn, err := config.GetSubnetsConnectivity(true, false) + if err != nil { + return nil, err + } + return subnetsConn.AllowedConnsCombined, err + } else if diffAnalysis == Vsis { + connectivity1, err := config.GetVPCNetworkConnectivity(false) + if err != nil { + return nil, err + } + return connectivity1.AllowedConnsCombined.nodesConnectivityToGeneralConnectivity(), nil + } + return nil, fmt.Errorf("illegal diff analysis type") +} + func (nodesConnMap NodesConnectionsMap) nodesConnectivityToGeneralConnectivity() (generalConnMap GeneralConnectivityMap) { generalConnMap = GeneralConnectivityMap{} for src, connsMap := range nodesConnMap { From 0c0e5d1bf4d193e58564fb0feafddaa6b3ca1621 Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 16:03:37 +0200 Subject: [PATCH 29/31] lint comment --- pkg/vpcmodel/semanticDiff.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 690617180..2ef1ad836 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -96,16 +96,16 @@ func (configs configsForDiff) GetDiff() (*diffBetweenCfgs, error) { return res, nil } -func (config *VPCConfig) getAllowedConnectionCombined( +func (c *VPCConfig) getAllowedConnectionCombined( diffAnalysis diffAnalysisType) (generalConnectivityMap GeneralConnectivityMap, err error) { if diffAnalysis == Subnets { - subnetsConn, err := config.GetSubnetsConnectivity(true, false) + subnetsConn, err := c.GetSubnetsConnectivity(true, false) if err != nil { return nil, err } return subnetsConn.AllowedConnsCombined, err } else if diffAnalysis == Vsis { - connectivity1, err := config.GetVPCNetworkConnectivity(false) + connectivity1, err := c.GetVPCNetworkConnectivity(false) if err != nil { return nil, err } From 9fd1e969c197a23a42b7e81e154712712b7785bc Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 16:22:21 +0200 Subject: [PATCH 30/31] should be commented - the uncommented code was committed by mistake --- pkg/ibmvpc/analysis_output_test.go | 38 +++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index e26d4186f..b149df065 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -360,25 +360,25 @@ var tests = []*vpcGeneralTest{ var formatsAvoidComparison = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} // uncomment the function below to run for updating the expected output -var formatsAvoidOutputGeneration = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} - -func TestAllWithGeneration(t *testing.T) { - // tests is the list of tests to run - for testIdx := range tests { - tt := tests[testIdx] - // todo - remove the following if when drawio is stable - if formatsAvoidOutputGeneration[tt.format] { - tt.mode = outputIgnore - } else { - tt.mode = outputGeneration - } - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - tt.runTest(t) - }) - } - fmt.Println("done") -} +//var formatsAvoidOutputGeneration = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} +// +//func TestAllWithGeneration(t *testing.T) { +// // tests is the list of tests to run +// for testIdx := range tests { +// tt := tests[testIdx] +// // todo - remove the following if when drawio is stable +// if formatsAvoidOutputGeneration[tt.format] { +// tt.mode = outputIgnore +// } else { +// tt.mode = outputGeneration +// } +// t.Run(tt.name, func(t *testing.T) { +// t.Parallel() +// tt.runTest(t) +// }) +// } +// fmt.Println("done") +//} func TestAllWithComparison(t *testing.T) { // tests is the list of tests to run From d06f80db50f1051b24b86039955da077368bc60c Mon Sep 17 00:00:00 2001 From: shirim Date: Thu, 16 Nov 2023 16:23:27 +0200 Subject: [PATCH 31/31] CR comment --- pkg/ibmvpc/analysis_output_test.go | 4 ++-- pkg/vpcmodel/semanticDiff.go | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index b149df065..d7beef312 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -360,9 +360,9 @@ var tests = []*vpcGeneralTest{ var formatsAvoidComparison = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} // uncomment the function below to run for updating the expected output -//var formatsAvoidOutputGeneration = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} +// var formatsAvoidOutputGeneration = map[vpcmodel.OutFormat]bool{vpcmodel.ARCHDRAWIO: true, vpcmodel.DRAWIO: true} // -//func TestAllWithGeneration(t *testing.T) { +// func TestAllWithGeneration(t *testing.T) { // // tests is the list of tests to run // for testIdx := range tests { // tt := tests[testIdx] diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 2ef1ad836..e715c2b2c 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -59,11 +59,11 @@ type diffBetweenCfgs struct { // computes and returns the semantic diff of endpoints or subnets connectivity, as per the required analysis func (configs configsForDiff) GetDiff() (*diffBetweenCfgs, error) { // 1. compute connectivity for each of the configurations - generalConnectivityMap1, err := configs.config1.getAllowedConnectionCombined(configs.diffAnalysis) + generalConnectivityMap1, err := configs.config1.getAllowedConnectionsCombined(configs.diffAnalysis) if err != nil { return nil, err } - generalConnectivityMap2, err := configs.config2.getAllowedConnectionCombined(configs.diffAnalysis) + generalConnectivityMap2, err := configs.config2.getAllowedConnectionsCombined(configs.diffAnalysis) if err != nil { return nil, err } @@ -96,7 +96,7 @@ func (configs configsForDiff) GetDiff() (*diffBetweenCfgs, error) { return res, nil } -func (c *VPCConfig) getAllowedConnectionCombined( +func (c *VPCConfig) getAllowedConnectionsCombined( diffAnalysis diffAnalysisType) (generalConnectivityMap GeneralConnectivityMap, err error) { if diffAnalysis == Subnets { subnetsConn, err := c.GetSubnetsConnectivity(true, false)