Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

313 explain add routing resources #320

Merged
merged 108 commits into from
Jan 19, 2024
Merged
Show file tree
Hide file tree
Changes from 101 commits
Commits
Show all changes
108 commits
Select commit Hold shift + click to select a range
120b132
init
haim-kermany Nov 29, 2023
0d800b2
go 20
haim-kermany Nov 29, 2023
3b05954
go 20
haim-kermany Nov 29, 2023
e75c3c0
not 1.2
haim-kermany Nov 29, 2023
a120861
Merge branch 'main' into subnet-grouping2
haim-kermany Dec 7, 2023
4d6a3a2
ShowOnSubnetMode for tgw
haim-kermany Dec 7, 2023
55a6259
use go-version-file
haim-kermany Dec 7, 2023
f056052
CR from Ziv
haim-kermany Dec 7, 2023
6d2840c
removing subnetMode flag
haim-kermany Dec 7, 2023
0fd51e2
does not work
haim-kermany Dec 7, 2023
85e53ff
another try
haim-kermany Dec 7, 2023
4290fdf
change subnetmode Location
haim-kermany Dec 7, 2023
d911f9b
test
haim-kermany Dec 7, 2023
ee96ef4
lint
haim-kermany Dec 7, 2023
d609bb7
code review
haim-kermany Dec 7, 2023
7d9baac
documenting
haim-kermany Dec 7, 2023
95daa44
using maps from golang 21
haim-kermany Dec 10, 2023
8d469d6
first implementation
haim-kermany Dec 11, 2023
16d6066
Merge branch 'main' into subnet-grouping2
haim-kermany Dec 12, 2023
ae50b61
code review
haim-kermany Dec 12, 2023
c47a06e
not use pointer to map
haim-kermany Dec 12, 2023
f85c7c8
handle pointers to string
haim-kermany Dec 12, 2023
a83e24b
Merge branch 'subnet-grouping2' into multi_vpc_output
haim-kermany Dec 13, 2023
7ee4065
single file for json
haim-kermany Dec 13, 2023
5141aaf
drawio
haim-kermany Dec 13, 2023
14839cc
update testing
haim-kermany Dec 14, 2023
e878c09
adding tests to main
haim-kermany Dec 18, 2023
2a0a03b
Merge branch 'main' into subnet-grouping2
haim-kermany Dec 18, 2023
f24c062
Merge branch 'subnet-grouping2' into multi_vpc_output
haim-kermany Dec 18, 2023
f37fdf3
support via main
haim-kermany Dec 18, 2023
53acd88
renaming
haim-kermany Dec 19, 2023
a52dc16
remove code
haim-kermany Dec 19, 2023
aa40f8c
lint
haim-kermany Dec 19, 2023
cee8d35
lint
haim-kermany Dec 19, 2023
b274811
lint
haim-kermany Dec 19, 2023
cda4390
lint
haim-kermany Dec 19, 2023
0404d65
aMapEntry
haim-kermany Dec 19, 2023
dc0aa0d
lint
haim-kermany Dec 19, 2023
9508e8c
TextualOutputFormatter
haim-kermany Dec 20, 2023
9fa3846
Merge branch 'main' into subnet-grouping2
haim-kermany Dec 20, 2023
e188ceb
Merge branch 'subnet-grouping2' into multi_vpc_output
haim-kermany Dec 20, 2023
3db9e2b
Merge branch 'main' into subnet-grouping2
haim-kermany Dec 21, 2023
2324b25
Merge branch 'subnet-grouping2' into multi_vpc_output
haim-kermany Dec 21, 2023
bf29ee0
Merge branch 'main' into subnet-grouping2
haim-kermany Dec 27, 2023
140c37c
merge from main
haim-kermany Dec 27, 2023
67fa0cc
fix for json
haim-kermany Dec 27, 2023
a1d301c
Merge branch 'main' into subnet-grouping2
haim-kermany Jan 1, 2024
4bb6229
Merge branch 'subnet-grouping2' into multi_vpc_output
haim-kermany Jan 1, 2024
4c3771e
moving a method to common
haim-kermany Jan 2, 2024
6e7fe21
from main
haim-kermany Jan 2, 2024
2843077
comments
haim-kermany Jan 2, 2024
cf9284b
removing writeoutputgeneric()
haim-kermany Jan 2, 2024
6221a91
lint
haim-kermany Jan 2, 2024
4eb6e8c
Merge branch 'main' into multi_vpc_output
haim-kermany Jan 4, 2024
b525dd2
comments
haim-kermany Jan 7, 2024
1b5c8c1
remove redundent code from main
haim-kermany Jan 7, 2024
d194e72
comment
haim-kermany Jan 7, 2024
c1eca55
added documentation - something took me time figuring out
ShiriMoran Jan 8, 2024
173a1f3
infrastructure for adding router resource to the explanation
ShiriMoran Jan 9, 2024
c4af826
extract code related to RoutingResource between src and dst to be use…
ShiriMoran Jan 9, 2024
13fd2de
more code extraction required for RoutingResource computation
ShiriMoran Jan 10, 2024
810e7c0
merge with main
ShiriMoran Jan 10, 2024
142a393
expanded explanation struct and added computation for RoutingResource…
ShiriMoran Jan 10, 2024
ba61ee5
spelling
ShiriMoran Jan 11, 2024
19ec5bc
renaming
ShiriMoran Jan 11, 2024
1f85980
code for computing actual rules
ShiriMoran Jan 11, 2024
a6a4109
spelling
ShiriMoran Jan 11, 2024
a18c9d5
router and filtersExternal should be in the src dst level
ShiriMoran Jan 11, 2024
bf0e9d7
router and filtersExternal should be in the src dst level
ShiriMoran Jan 11, 2024
8466566
fix error and use actual rules and connection details
ShiriMoran Jan 11, 2024
f15fb98
no containing node for external address implies that it has no router
ShiriMoran Jan 11, 2024
e089176
no use in passing interface by reference
ShiriMoran Jan 11, 2024
67b238a
committing for the weekend; needs to uncomment last changes in groupi…
ShiriMoran Jan 11, 2024
b6ce9c9
adding router details to the explaination and updated
ShiriMoran Jan 14, 2024
4f868e6
finalized
ShiriMoran Jan 14, 2024
2140504
updated TestQueryConnectionSGBasic for router explanation
ShiriMoran Jan 14, 2024
3eff438
added a test to TestSimpleExternalSG for router
ShiriMoran Jan 14, 2024
4aae058
lint comments
ShiriMoran Jan 14, 2024
38d3588
lint comments
ShiriMoran Jan 14, 2024
ec0a762
Merge remote-tracking branch 'origin/main' into 313_explain_add_routi…
ShiriMoran Jan 14, 2024
3044ad8
Merge branch 'main' into 313_explain_add_routingResources
ShiriMoran Jan 14, 2024
b98a515
CR
ShiriMoran Jan 17, 2024
f16fcbb
Update pkg/vpcmodel/nodesExplainability.go
ShiriMoran Jan 17, 2024
0e40040
Merge remote-tracking branch 'origin/313_explain_add_routingResources…
ShiriMoran Jan 17, 2024
4865040
Update pkg/vpcmodel/nodesExplainability.go
ShiriMoran Jan 17, 2024
f8a8dd2
Update pkg/vpcmodel/nodesExplainability.go
ShiriMoran Jan 17, 2024
b174b43
Merge remote-tracking branch 'origin/313_explain_add_routingResources…
ShiriMoran Jan 17, 2024
bf6dc78
Revert "Update pkg/vpcmodel/nodesExplainability.go"
ShiriMoran Jan 17, 2024
25a07e3
Revert "Update pkg/vpcmodel/nodesExplainability.go"
ShiriMoran Jan 17, 2024
c10ea91
CR
ShiriMoran Jan 17, 2024
3797fb0
CR
ShiriMoran Jan 17, 2024
da1956f
Merge branch 'main' into 313_explain_add_routingResources
ShiriMoran Jan 17, 2024
4abf3db
Update pkg/vpcmodel/nodesExplainability.go
ShiriMoran Jan 18, 2024
78ba6fc
CR comments
ShiriMoran Jan 18, 2024
abbd330
CR comments
ShiriMoran Jan 18, 2024
f5bf324
Merge remote-tracking branch 'origin/313_explain_add_routingResources…
ShiriMoran Jan 18, 2024
eb5cb6b
renaming
ShiriMoran Jan 18, 2024
bca592e
removed redundant code
ShiriMoran Jan 18, 2024
c47e804
more CR and renaming
ShiriMoran Jan 18, 2024
05a4b3b
lint comment
ShiriMoran Jan 18, 2024
93e81a8
lint comment
ShiriMoran Jan 18, 2024
0120e80
CR comment: do not use err to indicate some thing that is not actuall…
ShiriMoran Jan 18, 2024
659cd2e
Update pkg/vpcmodel/grouping.go
ShiriMoran Jan 18, 2024
998ffa6
CR comment
ShiriMoran Jan 18, 2024
352880a
Merge remote-tracking branch 'origin/313_explain_add_routingResources…
ShiriMoran Jan 18, 2024
2fcfc81
CR comment
ShiriMoran Jan 18, 2024
02f7bc8
CR comment
ShiriMoran Jan 18, 2024
47699cc
added ToDo
ShiriMoran Jan 18, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
219 changes: 122 additions & 97 deletions pkg/ibmvpc/explainability_test.go

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions pkg/vpcmodel/abstractVPC.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ func (n *VPCResource) VPC() VPCResourceIntf {
return n.VPCRef
}

// todo: define enum for filters
const (
// filter-resources layer names (grouping all vpc resources of that kind)
NaclLayer = "NaclLayer"
Expand Down
33 changes: 20 additions & 13 deletions pkg/vpcmodel/grouping.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ type groupedCommonProperties struct {
conn *common.ConnectionSet
connDiff *connectionDiff
rules *rulesConnection
router RoutingResource
adisos marked this conversation as resolved.
Show resolved Hide resolved
// groupingStrKey is the key by which the grouping is done:
// the string of conn per grouping of conn lines, string of connDiff per grouping of diff lines
// and string of conn and rules for explainblity
Expand Down Expand Up @@ -88,7 +89,7 @@ func newGroupConnLinesDiff(d *diffBetweenCfgs) (res *GroupConnLines, err error)
return res, err
}

func newGroupConnExplainability(c *VPCConfig, e *explainStruct) (res *GroupConnLines, err error) {
func newGroupConnExplainability(c *VPCConfig, e *rulesAndConnDetails) (res *GroupConnLines, err error) {
res = &GroupConnLines{
config: c,
explain: e,
Expand All @@ -107,7 +108,7 @@ type GroupConnLines struct {
nodesConn *VPCConnectivity
subnetsConn *VPCsubnetConnectivity
diff *diffBetweenCfgs
explain *explainStruct
explain *rulesAndConnDetails
srcToDst *groupingConnections
dstToSrc *groupingConnections
// a map to groupedEndpointsElems used by GroupedConnLine from a unified key of such elements
Expand Down Expand Up @@ -317,11 +318,11 @@ func (g *GroupConnLines) groupExternalAddressesForDiff(thisMinusOther bool) erro
// group public internet ranges for explainability lines
func (g *GroupConnLines) groupExternalAddressesForExplainability() error {
var res []*groupedConnLine
for _, rulesSrcDst := range *g.explain {
connStr := rulesSrcDst.conn.String() + semicolon
groupingStrKey := connStr + rulesSrcDst.rules.rulesEncode(g.config)
err := g.addLineToExternalGrouping(&res, rulesSrcDst.src, rulesSrcDst.dst,
&groupedCommonProperties{conn: rulesSrcDst.conn, rules: rulesSrcDst.rules, groupingStrKey: groupingStrKey})
for _, details := range *g.explain {
groupingStrKey := details.explanationEncode(g.config)
err := g.addLineToExternalGrouping(&res, details.src, details.dst,
&groupedCommonProperties{conn: details.conn, router: details.router,
rules: details.actualRules, groupingStrKey: groupingStrKey})
if err != nil {
return err
}
Expand Down Expand Up @@ -547,13 +548,19 @@ func connDiffEncode(src, dst VPCResourceIntf, connDiff *connectionDiff) string {
}

// encodes rulesConnection for grouping
func (rules *rulesConnection) rulesEncode(c *VPCConfig) string {
func (details *srcDstDetails) explanationEncode(c *VPCConfig) string {
connStr := details.conn.String() + semicolon
routingStr := ""
if details.router != nil {
router := details.router
routingStr = router.Name() + ";"
ShiriMoran marked this conversation as resolved.
Show resolved Hide resolved
}
egressStr, ingressStr := "", ""
if len(rules.egressRules) > 0 {
egressStr = "egress:" + rules.egressRules.string(c) + semicolon
if len(details.actualRules.egressRules) > 0 {
egressStr = "egress:" + details.actualRules.egressRules.string(c) + semicolon
}
if len(rules.ingressRules) > 0 {
egressStr = "ingress:" + rules.ingressRules.string(c) + semicolon
if len(details.actualRules.ingressRules) > 0 {
egressStr = "ingress:" + details.actualRules.ingressRules.string(c) + semicolon
}
return egressStr + ingressStr
return connStr + routingStr + egressStr + ingressStr
}
22 changes: 6 additions & 16 deletions pkg/vpcmodel/nodesConnectivity.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,20 +117,10 @@ func (c *VPCConfig) getAllowedConnsPerDirection(isIngress bool, capturedNode Nod
allLayersRes[peerNode] = allowedConnsBetweenCapturedAndPeerNode
} else {
// else : external node -> consider attached routing resources

allowedConnsBetweenCapturedAndPeerNode := NoConns()
// node is associated with either a pgw or a fip
var appliedRouter RoutingResource
for _, router := range c.RoutingResources {
routerConnRes := router.AllowedConnectivity(src, dst)
if !routerConnRes.IsEmpty() { // connection is allowed through router resource
// TODO: consider adding connection attribute with details of routing through this router resource
allowedConnsBetweenCapturedAndPeerNode = routerConnRes
appliedRouter = router
updatePerLayerRes(perLayerRes, router.Kind(), peerNode, routerConnRes)
}
}
if appliedRouter == nil {
appliedRouter, routerConnRes := c.getRoutingResource(src, dst)
if appliedRouter != nil {
updatePerLayerRes(perLayerRes, appliedRouter.Kind(), peerNode, routerConnRes)
} else {
// without fip/pgw there is no external connectivity
allLayersRes[peerNode] = NoConns()
continue
Expand All @@ -139,9 +129,9 @@ func (c *VPCConfig) getAllowedConnsPerDirection(isIngress bool, capturedNode Nod
// TODO: consider moving to pkg ibm-vpc
appliedFilters := appliedRouter.AppliedFiltersKinds()
for layer := range appliedFilters {
allowedConnsBetweenCapturedAndPeerNode = allowedConnsBetweenCapturedAndPeerNode.Intersection(perLayerRes[layer][peerNode])
routerConnRes = routerConnRes.Intersection(perLayerRes[layer][peerNode])
}
allLayersRes[peerNode] = allowedConnsBetweenCapturedAndPeerNode
allLayersRes[peerNode] = routerConnRes
}
}
return allLayersRes, perLayerRes, nil
Expand Down
163 changes: 109 additions & 54 deletions pkg/vpcmodel/nodesExplainability.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
)

// rulesInLayers contains specific rules across all layers (SGLayer/NACLLayer)
// it maps from the layer name to the list of rules
type rulesInLayers map[string][]RulesInFilter

// rulesConnection contains the rules enabling a connection
Expand All @@ -17,19 +18,22 @@ type rulesConnection struct {
egressRules rulesInLayers
}

type rulesSingleSrcDst struct {
src Node
dst Node
conn *common.ConnectionSet
rules *rulesConnection
type srcDstDetails struct {
src Node
dst Node
conn *common.ConnectionSet
router RoutingResource // the router (fip or pgw) to external network; nil if none
filtersExternal map[string]bool // filters relevant for external IP, map keys are the filters kind (NaclLayer/SecurityGroupLayer)
potentialRules *rulesConnection // potentialRules potentially enabling connection
actualRules *rulesConnection // actualRules enabling connection given router; e.g. NACL is not relevant for fip
}

type explainStruct []*rulesSingleSrcDst
type rulesAndConnDetails []*srcDstDetails

type explanation struct {
c *VPCConfig
connQuery *common.ConnectionSet
explainStruct *explainStruct
c *VPCConfig
connQuery *common.ConnectionSet
rulesAndDetails *rulesAndConnDetails // rules and more details for a single src->dst
// grouped connectivity result:
// grouping common explanation lines with common src/dst (internal node) and different dst/src (external node)
// [required due to computation with disjoint ip-blocks]
Expand Down Expand Up @@ -96,38 +100,36 @@ func (c *VPCConfig) getNodesFromInput(cidrOrName string) ([]Node, error) {
return c.getCidrExternalNodes(cidrOrName)
}

// todo: group results. for now just prints each

// ExplainConnectivity todo: this will not be needed here once we connect explanbility to the cli
// todo: support vsi given as an ID/IP address (CRN?)
// todo: connection should be given in a string format, of course
// nil conn means connection is not part of the query
func (c *VPCConfig) ExplainConnectivity(src, dst string, connQuery *common.ConnectionSet) (out string, err error) {
explanationStruct, err1 := c.computeExplainRules(src, dst, connQuery)
srcNodes, dstNodes, err := c.processInput(src, dst)
if err != nil {
return "", err
}
rulesAndDetails, err1 := c.computeExplainRules(srcNodes, dstNodes, connQuery)
if err1 != nil {
return "", err1
}
if connQuery == nil { // find the connection between src and dst if connection not specified in query
err2 := explanationStruct.computeConnections(c)
err2 := rulesAndDetails.computeConnections(c)
if err2 != nil {
return "", err2
}
}
groupedLines, err3 := newGroupConnExplainability(c, &explanationStruct)
c.computeRouterAndActualRules(&rulesAndDetails)
groupedLines, err3 := newGroupConnExplainability(c, &rulesAndDetails)
if err3 != nil {
return "", err3
}
res := &explanation{c, connQuery, &explanationStruct, groupedLines.GroupedLines}
res := &explanation{c, connQuery, &rulesAndDetails, groupedLines.GroupedLines}
return res.String(), nil
}

// computeExplainRules computes the egress and ingress rules contributing to the (existing or missing) connection <src, dst>
func (c *VPCConfig) computeExplainRules(srcName, dstName string, conn *common.ConnectionSet) (explanationStruct explainStruct, err error) {
srcNodes, dstNodes, err := c.processInput(srcName, dstName) // todo: should also handle connection string translation
if err != nil {
return nil, err
}
explanationStruct = make(explainStruct, max(len(srcNodes), len(dstNodes)))
func (c *VPCConfig) computeExplainRules(srcNodes, dstNodes []Node,
conn *common.ConnectionSet) (rulesAndConn rulesAndConnDetails, err error) {
rulesAndConn = make(rulesAndConnDetails, max(len(srcNodes), len(dstNodes)))
i := 0
// either src of dst has more than one item; never both
// the loop is on two dimension since we do not know which, but actually we have a single dimension
Expand All @@ -137,12 +139,53 @@ func (c *VPCConfig) computeExplainRules(srcName, dstName string, conn *common.Co
if err != nil {
return nil, err
}
rulesThisSrcDst := &rulesSingleSrcDst{src, dst, common.NewConnectionSet(false), rulesOfConnection}
explanationStruct[i] = rulesThisSrcDst
rulesThisSrcDst := &srcDstDetails{src, dst, common.NewConnectionSet(false), nil, nil, rulesOfConnection, nil}
rulesAndConn[i] = rulesThisSrcDst
i++
}
}
return explanationStruct, nil
return rulesAndConn, nil
}

// computeActualRules computes from the potentialRules the actualRules that actually enable traffic,
// considering filtersExternal potential.filtersExternal (which was computed based on the RoutingResource)
func (c *VPCConfig) computeRouterAndActualRules(details *rulesAndConnDetails) {
for _, singleSrcDstDetails := range *details {
src := singleSrcDstDetails.src
dst := singleSrcDstDetails.dst
// RoutingResources are computed by the parser for []Nodes of the VPC,
// finds the relevant nodes for the query's src and dst;
// err (err1 or err2) indicates no containing node was found, which is an indication there is no router
containingSrcNode, err1 := c.getContainingConfigNode(src)
containingDstNode, err2 := c.getContainingConfigNode(dst)
adisos marked this conversation as resolved.
Show resolved Hide resolved
var routingResource RoutingResource
var filtersForExternal map[string]bool
if err1 == nil && err2 == nil {
adisos marked this conversation as resolved.
Show resolved Hide resolved
routingResource, _ = c.getRoutingResource(containingSrcNode, containingDstNode)
if routingResource != nil {
filtersForExternal = routingResource.AppliedFiltersKinds() // relevant filtersExternal
}
}
singleSrcDstDetails.router = routingResource
singleSrcDstDetails.filtersExternal = filtersForExternal
if !singleSrcDstDetails.src.IsInternal() || !singleSrcDstDetails.dst.IsInternal() {
actualIngress := computeActualRules(&singleSrcDstDetails.potentialRules.ingressRules, filtersForExternal)
actualEgress := computeActualRules(&singleSrcDstDetails.potentialRules.egressRules, filtersForExternal)
singleSrcDstDetails.actualRules = &rulesConnection{*actualIngress, *actualEgress}
} else {
singleSrcDstDetails.actualRules = singleSrcDstDetails.potentialRules
}
}
ShiriMoran marked this conversation as resolved.
Show resolved Hide resolved
}

func computeActualRules(potentialRules *rulesInLayers, filtersExternal map[string]bool) *rulesInLayers {
actualRules := rulesInLayers{}
for filter, potentialRules := range *potentialRules {
if filtersExternal[filter] {
actualRules[filter] = potentialRules
}
}
return &actualRules
}

func (c *VPCConfig) processInput(srcName, dstName string) (srcNodes, dstNodes []Node, err error) {
Expand Down Expand Up @@ -234,10 +277,11 @@ func (c *VPCConfig) getContainingConfigNode(node Node) (Node, error) {
}

// prints each separately without grouping - for debug
func (explanationStruct *explainStruct) String(c *VPCConfig, connQuery *common.ConnectionSet) (string, error) {
func (explanationStruct *rulesAndConnDetails) String(c *VPCConfig, connQuery *common.ConnectionSet) (string, error) {
resStr := ""
for _, rulesSrcDst := range *explanationStruct {
resStr += stringExplainabilityLine(c, connQuery, rulesSrcDst.src, rulesSrcDst.dst, rulesSrcDst.conn, rulesSrcDst.rules)
for _, srcDstDetails := range *explanationStruct {
resStr += stringExplainabilityLine(c, connQuery, srcDstDetails.src, srcDstDetails.dst,
srcDstDetails.conn, srcDstDetails.router, srcDstDetails.actualRules)
}
return resStr, nil
}
Expand All @@ -247,14 +291,14 @@ func (explanation *explanation) String() string {
groupedLines := explanation.groupedLines
for i, line := range groupedLines {
linesStr[i] = stringExplainabilityLine(explanation.c, explanation.connQuery, line.src, line.dst, line.commonProperties.conn,
line.commonProperties.rules)
line.commonProperties.router, line.commonProperties.rules)
}
sort.Strings(linesStr)
return strings.Join(linesStr, "\n") + "\n"
}

func stringExplainabilityLine(c *VPCConfig, connQuery *common.ConnectionSet, src, dst EndpointElem,
conn *common.ConnectionSet, rules *rulesConnection) string {
conn *common.ConnectionSet, router RoutingResource, rules *rulesConnection) string {
needEgress := !src.IsExternal()
needIngress := !dst.IsExternal()
noIngressRules := len(rules.ingressRules) == 0 && needIngress
Expand All @@ -269,6 +313,10 @@ func stringExplainabilityLine(c *VPCConfig, connQuery *common.ConnectionSet, src
}
resStr := ""
switch {
case router == nil && src.IsExternal():
resStr += fmt.Sprintf("%v no fip router and src is external\n", noConnection)
case router == nil && dst.IsExternal():
resStr += fmt.Sprintf("%v no router (fip/pgw) and dst is external\n", noConnection)
adisos marked this conversation as resolved.
Show resolved Hide resolved
case noIngressRules && noEgressRules:
resStr += fmt.Sprintf("%v connection blocked both by ingress and egress\n", noConnection)
case noIngressRules:
Expand All @@ -282,40 +330,47 @@ func stringExplainabilityLine(c *VPCConfig, connQuery *common.ConnectionSet, src
resStr += ingressRulesStr
}
default: // there is a connection
if connQuery == nil {
resStr = fmt.Sprintf("The following connection exists between %v and %v: %v; its enabled by\n", src.Name(), dst.Name(),
conn.String())
} else {
resStr = fmt.Sprintf("Connection %v exists between %v and %v; its enabled by\n", connQuery.String(),
src.Name(), dst.Name())
}
if needEgress {
resStr += egressRulesStr
}
if needIngress {
resStr += ingressRulesStr
}
return stringExplainabilityConnection(connQuery, src, dst, conn, router, needEgress, needIngress, egressRulesStr, ingressRulesStr)
}
return resStr
}

func stringExplainabilityConnection(connQuery *common.ConnectionSet, src, dst EndpointElem,
conn *common.ConnectionSet, router RoutingResource,
needEgress, needIngress bool, egressRulesStr, ingressRulesStr string) string {
resStr := ""
if connQuery == nil {
resStr = fmt.Sprintf("The following connection exists between %v and %v: %v; its enabled by\n", src.Name(), dst.Name(),
conn.String())
} else {
resStr = fmt.Sprintf("Connection %v exists between %v and %v; its enabled by\n", connQuery.String(),
src.Name(), dst.Name())
}
if src.IsExternal() || dst.IsExternal() {
resStr += "External Router " + router.Kind() + ": " + router.Name() + "\n"
}
if needEgress {
resStr += egressRulesStr
}
if needIngress {
resStr += ingressRulesStr
}
return resStr
}

// todo: connectivity is computed for the entire network, even though we need only for specific src, dst pairs
// this is seems the time spent here should be neglectable, not worth the effort of adding dedicated code.
func (explanationStruct *explainStruct) computeConnections(c *VPCConfig) error {
func (explanationStruct *rulesAndConnDetails) computeConnections(c *VPCConfig) error {
connectivity, err := c.GetVPCNetworkConnectivity(false) // computes connectivity
if err != nil {
return err
}
for _, rulesSrcDst := range *explanationStruct {
// is there a connection?
if (len(rulesSrcDst.rules.egressRules) > 0 || !rulesSrcDst.src.IsInternal()) && // egress enabled or not needed
(len(rulesSrcDst.rules.ingressRules) > 0 || !rulesSrcDst.dst.IsInternal()) { // ingress enabled or not needed
conn, err := connectivity.getConnection(c, rulesSrcDst.src, rulesSrcDst.dst)
if err != nil {
return err
}
rulesSrcDst.conn = conn
for _, srcDstDetails := range *explanationStruct {
conn, err := connectivity.getConnection(c, srcDstDetails.src, srcDstDetails.dst)
if err != nil {
return err
}
srcDstDetails.conn = conn
}
return nil
}
Expand Down
Loading