From f7d9385ed99384d9eef2cc3e22fd0593a2c4af81 Mon Sep 17 00:00:00 2001 From: Ola Saadi Date: Tue, 26 Nov 2024 16:12:56 +0200 Subject: [PATCH] avoid using nil in NameForAnalyzerOut method where possible --- ...rEnableDefaultDifFile_all_vpcs_explain.txt | 4 ++-- ...herExampleEnabledConn_all_vpcs_explain.txt | 4 ++-- ...tgwDisabledDenyPrefix_all_vpcs_explain.txt | 2 +- ...bledDenyPrefix_all_vpcs_explain_detail.txt | 2 +- ...blesTCPRespond_all_vpcs_explain_detail.txt | 4 ++-- ...eDefaultFilter_all_vpcs_explain_detail.txt | 4 ++-- ...SpecificFilter_all_vpcs_explain_detail.txt | 4 ++-- ...tgwExampleCidr_all_vpcs_explain_detail.txt | 24 +++++++++---------- .../tgwSubnetToSubnet_all_vpcs_explain.txt | 2 +- pkg/vpcmodel/explainabilityPrint.go | 14 +++++------ pkg/vpcmodel/grouping.go | 14 +++++------ pkg/vpcmodel/multiExplainability.go | 10 ++++---- pkg/vpcmodel/semanticDiff.go | 8 +++---- pkg/vpcmodel/unifyGrouping.go | 22 ++++++++--------- 14 files changed, 59 insertions(+), 59 deletions(-) diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwAnotherEnableDefaultDifFile_all_vpcs_explain.txt b/pkg/ibmvpc/examples/out/explain_out/tgwAnotherEnableDefaultDifFile_all_vpcs_explain.txt index c446d7c85..400287d6e 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwAnotherEnableDefaultDifFile_all_vpcs_explain.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwAnotherEnableDefaultDifFile_all_vpcs_explain.txt @@ -6,9 +6,9 @@ Interpreted destination(s): test-vpc2-ky/vsi21a-ky[10.240.64.4] Connections from test-vpc1-ky/vsi11-ky[10.240.11.4] to test-vpc2-ky/vsi21a-ky[10.240.64.4]: All Connections Path: - vsi11-ky[10.240.11.4] -> security group sg11-ky -> network ACL acl11-ky -> subnet subnet11-ky -> + test-vpc1-ky/vsi11-ky[10.240.11.4] -> security group sg11-ky -> network ACL acl11-ky -> subnet subnet11-ky -> test-vpc1-ky -> TGW local-tg-ky -> test-vpc2-ky -> - subnet subnet21-ky -> network ACL acl21-ky -> security group sg21-ky -> vsi21a-ky[10.240.64.4] + subnet subnet21-ky -> network ACL acl21-ky -> security group sg21-ky -> test-vpc2-ky/vsi21a-ky[10.240.64.4] ------------------------------------------------------------------------------------------------------------------------ diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwAnotherExampleEnabledConn_all_vpcs_explain.txt b/pkg/ibmvpc/examples/out/explain_out/tgwAnotherExampleEnabledConn_all_vpcs_explain.txt index be7c445fc..6574fa95f 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwAnotherExampleEnabledConn_all_vpcs_explain.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwAnotherExampleEnabledConn_all_vpcs_explain.txt @@ -6,9 +6,9 @@ Interpreted destination(s): test-vpc1-ky/ky-vsi0-subnet11[10.240.80.4] Connections from test-vpc0-ky/ky-vsi0-subnet5[10.240.9.4] to test-vpc1-ky/ky-vsi0-subnet11[10.240.80.4]: All Connections Path: - ky-vsi0-subnet5[10.240.9.4] -> security group sg1-ky -> network ACL acl3-ky -> subnet subnet5 -> + test-vpc0-ky/ky-vsi0-subnet5[10.240.9.4] -> security group sg1-ky -> network ACL acl3-ky -> subnet subnet5 -> test-vpc0-ky -> TGW local-tg-ky -> test-vpc1-ky -> - subnet subnet11 -> network ACL acl11-ky -> security group sg11-ky -> ky-vsi0-subnet11[10.240.80.4] + subnet subnet11 -> network ACL acl11-ky -> security group sg11-ky -> test-vpc1-ky/ky-vsi0-subnet11[10.240.80.4] ------------------------------------------------------------------------------------------------------------------------ diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwDisabledDenyPrefix_all_vpcs_explain.txt b/pkg/ibmvpc/examples/out/explain_out/tgwDisabledDenyPrefix_all_vpcs_explain.txt index 264d056a7..2a7207f11 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwDisabledDenyPrefix_all_vpcs_explain.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwDisabledDenyPrefix_all_vpcs_explain.txt @@ -11,7 +11,7 @@ cross-vpc-connection: transit-connection tg_connection0 of transit-gateway local Ingress: network ACL acl1-ky allows connection; security group sg1-ky allows connection Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> | TGW local-tg-ky | ------------------------------------------------------------------------------------------------------------------------ diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwDisabledDenyPrefix_all_vpcs_explain_detail.txt b/pkg/ibmvpc/examples/out/explain_out/tgwDisabledDenyPrefix_all_vpcs_explain_detail.txt index f3c2fabc6..40d0c2d71 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwDisabledDenyPrefix_all_vpcs_explain_detail.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwDisabledDenyPrefix_all_vpcs_explain_detail.txt @@ -11,7 +11,7 @@ cross-vpc-connection: transit-connection tg_connection0 of transit-gateway local Ingress: network ACL acl1-ky allows connection; security group sg1-ky allows connection Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> | TGW local-tg-ky | diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwDisablesTCPRespond_all_vpcs_explain_detail.txt b/pkg/ibmvpc/examples/out/explain_out/tgwDisablesTCPRespond_all_vpcs_explain_detail.txt index 87cc57fc7..db0b942de 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwDisablesTCPRespond_all_vpcs_explain_detail.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwDisablesTCPRespond_all_vpcs_explain_detail.txt @@ -7,9 +7,9 @@ Connections from test-vpc0-ky/ky-vsi0-subnet0[10.240.0.5] to test-vpc1-ky/ky-vsi TCP response is blocked Path: - ky-vsi0-subnet0[10.240.0.5] -> security group sg1-ky -> network ACL acl1-ky -> subnet subnet0 -> + test-vpc0-ky/ky-vsi0-subnet0[10.240.0.5] -> security group sg1-ky -> network ACL acl1-ky -> subnet subnet0 -> test-vpc0-ky -> TGW local-tg-ky -> test-vpc1-ky -> - subnet subnet10 -> network ACL acl11-ky -> security group sg11-ky -> ky-vsi0-subnet10[10.240.64.4] + subnet subnet10 -> network ACL acl11-ky -> security group sg11-ky -> test-vpc1-ky/ky-vsi0-subnet10[10.240.64.4] Details: diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwEnableDefaultFilter_all_vpcs_explain_detail.txt b/pkg/ibmvpc/examples/out/explain_out/tgwEnableDefaultFilter_all_vpcs_explain_detail.txt index 550da3621..2dbea9b16 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwEnableDefaultFilter_all_vpcs_explain_detail.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwEnableDefaultFilter_all_vpcs_explain_detail.txt @@ -6,9 +6,9 @@ Interpreted destination(s): test-vpc1-ky/ky-vsi0-subnet11[10.240.80.4] Connections from test-vpc0-ky/ky-vsi0-subnet5[10.240.9.4] to test-vpc1-ky/ky-vsi0-subnet11[10.240.80.4]: All Connections Path: - ky-vsi0-subnet5[10.240.9.4] -> security group sg1-ky -> network ACL acl3-ky -> subnet subnet5 -> + test-vpc0-ky/ky-vsi0-subnet5[10.240.9.4] -> security group sg1-ky -> network ACL acl3-ky -> subnet subnet5 -> test-vpc0-ky -> TGW local-tg-ky -> test-vpc1-ky -> - subnet subnet11 -> network ACL acl11-ky -> security group sg11-ky -> ky-vsi0-subnet11[10.240.80.4] + subnet subnet11 -> network ACL acl11-ky -> security group sg11-ky -> test-vpc1-ky/ky-vsi0-subnet11[10.240.80.4] Details: diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwEnabledSpecificFilter_all_vpcs_explain_detail.txt b/pkg/ibmvpc/examples/out/explain_out/tgwEnabledSpecificFilter_all_vpcs_explain_detail.txt index 1e9207bbd..aaf5c38a4 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwEnabledSpecificFilter_all_vpcs_explain_detail.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwEnabledSpecificFilter_all_vpcs_explain_detail.txt @@ -6,9 +6,9 @@ Interpreted destination(s): test-vpc0-ky/ky-vsi0-subnet2[10.240.4.4] Connections from test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] to test-vpc0-ky/ky-vsi0-subnet2[10.240.4.4]: All Connections Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> TGW local-tg-ky -> test-vpc0-ky -> - subnet subnet2 -> network ACL acl2-ky -> security group sg1-ky -> ky-vsi0-subnet2[10.240.4.4] + subnet subnet2 -> network ACL acl2-ky -> security group sg1-ky -> test-vpc0-ky/ky-vsi0-subnet2[10.240.4.4] Details: diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwExampleCidr_all_vpcs_explain_detail.txt b/pkg/ibmvpc/examples/out/explain_out/tgwExampleCidr_all_vpcs_explain_detail.txt index 66351d591..6de8c7615 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwExampleCidr_all_vpcs_explain_detail.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwExampleCidr_all_vpcs_explain_detail.txt @@ -6,9 +6,9 @@ Interpreted destination(s): test-vpc0-ky/ky-vsi1-subnet2[10.240.4.5], test-vpc0- Connections from test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] to test-vpc0-ky/ky-vsi0-subnet2[10.240.4.4]: All Connections Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> TGW local-tg-ky -> test-vpc0-ky -> - subnet subnet2 -> network ACL acl2-ky -> security group sg1-ky -> ky-vsi0-subnet2[10.240.4.4] + subnet subnet2 -> network ACL acl2-ky -> security group sg1-ky -> test-vpc0-ky/ky-vsi0-subnet2[10.240.4.4] Details: @@ -46,9 +46,9 @@ TCP response is enabled; The relevant rules are: Connections from test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] to test-vpc0-ky/ky-vsi0-subnet3[10.240.5.5]: All Connections Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> TGW local-tg-ky -> test-vpc0-ky -> - subnet subnet3 -> network ACL acl2-ky -> security group sg1-ky -> ky-vsi0-subnet3[10.240.5.5] + subnet subnet3 -> network ACL acl2-ky -> security group sg1-ky -> test-vpc0-ky/ky-vsi0-subnet3[10.240.5.5] Details: @@ -86,9 +86,9 @@ TCP response is enabled; The relevant rules are: Connections from test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] to test-vpc0-ky/ky-vsi1-subnet2[10.240.4.5]: All Connections Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> TGW local-tg-ky -> test-vpc0-ky -> - subnet subnet2 -> network ACL acl2-ky -> security group sg1-ky -> ky-vsi1-subnet2[10.240.4.5] + subnet subnet2 -> network ACL acl2-ky -> security group sg1-ky -> test-vpc0-ky/ky-vsi1-subnet2[10.240.4.5] Details: @@ -126,9 +126,9 @@ TCP response is enabled; The relevant rules are: Connections from test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] to test-vpc0-ky/ky-vsi1-subnet3[10.240.5.4]: All Connections Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> TGW local-tg-ky -> test-vpc0-ky -> - subnet subnet3 -> network ACL acl2-ky -> security group sg1-ky -> ky-vsi1-subnet3[10.240.5.4] + subnet subnet3 -> network ACL acl2-ky -> security group sg1-ky -> test-vpc0-ky/ky-vsi1-subnet3[10.240.5.4] Details: @@ -171,7 +171,7 @@ cross-vpc-connection: transit-connection tg_connection0 of transit-gateway local Ingress: network ACL acl1-ky allows connection; security group sg1-ky allows connection Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> | TGW local-tg-ky | @@ -203,7 +203,7 @@ cross-vpc-connection: transit-connection tg_connection0 of transit-gateway local Ingress: network ACL acl1-ky allows connection; security group sg1-ky allows connection Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> | TGW local-tg-ky | @@ -235,7 +235,7 @@ cross-vpc-connection: transit-connection tg_connection0 of transit-gateway local Ingress: network ACL acl1-ky allows connection; security group sg1-ky allows connection Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> | TGW local-tg-ky | @@ -267,7 +267,7 @@ cross-vpc-connection: transit-connection tg_connection0 of transit-gateway local Ingress: network ACL acl1-ky allows connection; security group sg1-ky allows connection Path: - ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> + test-vpc2-ky/ky-vsi1-subnet20[10.240.128.5] -> security group sg21-ky -> network ACL acl21-ky -> subnet subnet20 -> test-vpc2-ky -> | TGW local-tg-ky | diff --git a/pkg/ibmvpc/examples/out/explain_out/tgwSubnetToSubnet_all_vpcs_explain.txt b/pkg/ibmvpc/examples/out/explain_out/tgwSubnetToSubnet_all_vpcs_explain.txt index 0ff701b95..594685c4b 100644 --- a/pkg/ibmvpc/examples/out/explain_out/tgwSubnetToSubnet_all_vpcs_explain.txt +++ b/pkg/ibmvpc/examples/out/explain_out/tgwSubnetToSubnet_all_vpcs_explain.txt @@ -11,7 +11,7 @@ cross-vpc-connection: transit-connection tg_connection3 of transit-gateway local Ingress: network ACL acl31-ky allows connection; security group sg31-ky allows connection Path: - vsi11-ky[10.240.11.4] -> security group sg11-ky -> | network ACL acl11-ky | + test-vpc1-ky/vsi11-ky[10.240.11.4] -> security group sg11-ky -> | network ACL acl11-ky | ------------------------------------------------------------------------------------------------------------------------ diff --git a/pkg/vpcmodel/explainabilityPrint.go b/pkg/vpcmodel/explainabilityPrint.go index a127dfe60..9a5a8a630 100644 --- a/pkg/vpcmodel/explainabilityPrint.go +++ b/pkg/vpcmodel/explainabilityPrint.go @@ -181,7 +181,7 @@ func (g *groupedConnLine) explainabilityLineStr(c *VPCConfig, connQuery *netset. // path in "3" above missingExternalRouter := isExternal && externalRouter == nil - path := "Path:\n" + pathStr(allRulesDetails, filtersRelevant, src, dst, ingressBlocking, egressBlocking, + path := "Path:\n" + pathStr(c, allRulesDetails, filtersRelevant, src, dst, ingressBlocking, egressBlocking, loadBalancerBlocking, missingExternalRouter, externalRouter, crossVpcRouter, crossVpcConnection, rules, privateSubnetRule) + newLine // details is "4" above @@ -440,12 +440,12 @@ func stringFilterEffect(allRulesDetails *rulesDetails, filterLayerName string, t // if the connection does not exist. In the latter case the path is until the first block with the first block between || // e.g.: "vsi1-ky[10.240.10.4] -> SG sg1-ky -> subnet ... -> ACL acl1-ky -> PublicGateway: public-gw-ky -> Public Internet 161.26.0.0/16" // e.g.: "vsi1-ky[10.240.10.4] -> security group sg1-ky -> subnet1-ky -> | network ACL acl1-ky |" -func pathStr(allRulesDetails *rulesDetails, filtersRelevant map[string]bool, src, dst EndpointElem, +func pathStr(c *VPCConfig, allRulesDetails *rulesDetails, filtersRelevant map[string]bool, src, dst EndpointElem, ingressBlocking, egressBlocking, loadBalancerBlocking, missingExternalRouter bool, externalRouter, crossVpcRouter RoutingResource, crossVpcConnection *netset.TransportSet, rules *rulesConnection, privateSubnetRule PrivateSubnetRule) string { var pathSlice []string - pathSlice = append(pathSlice, "\t"+src.NameForAnalyzerOut(nil)) + pathSlice = append(pathSlice, "\t"+src.NameForAnalyzerOut(c)) if loadBalancerBlocking { // todo: add loadBalancer as part of the path and also as blocking??? separate PR? // connection is stopped at the src itself: @@ -463,7 +463,7 @@ func pathStr(allRulesDetails *rulesDetails, filtersRelevant map[string]bool, src return blockedPathStr(pathSlice) } if isExternal { - externalRouterStr := newLineTab + externalRouter.Kind() + space + externalRouter.NameForAnalyzerOut(nil) + externalRouterStr := newLineTab + externalRouter.Kind() + space + externalRouter.NameForAnalyzerOut(c) // externalRouter is fip - add its cidr if externalRouter.Kind() == fipRouter { externalRouterStr += space + externalRouter.ExternalIP() @@ -471,7 +471,7 @@ func pathStr(allRulesDetails *rulesDetails, filtersRelevant map[string]bool, src pathSlice = append(pathSlice, externalRouterStr) } else if crossVpcRouterInPath { // src and dst are internal and there is a cross vpc Router pathSlice = append(pathSlice, newLineTab+src.(InternalNodeIntf).Subnet().VPC().Name(), - crossVpcRouter.Kind()+space+crossVpcRouter.NameForAnalyzerOut(nil)) + crossVpcRouter.Kind()+space+crossVpcRouter.NameForAnalyzerOut(c)) if crossVpcConnection.IsEmpty() { // cross vpc (tgw) denys connection pathSlice[len(pathSlice)-1] = blockedLeft + pathSlice[len(pathSlice)-1] // blocking cross-vpc router return blockedPathStr(pathSlice) @@ -485,9 +485,9 @@ func pathStr(allRulesDetails *rulesDetails, filtersRelevant map[string]bool, src } // got here: full path if len(ingressPath) == 0 { - pathSlice = append(pathSlice, newLineTab+dst.NameForAnalyzerOut(nil)) + pathSlice = append(pathSlice, newLineTab+dst.NameForAnalyzerOut(c)) } else { - pathSlice = append(pathSlice, dst.NameForAnalyzerOut(nil)) + pathSlice = append(pathSlice, dst.NameForAnalyzerOut(c)) } return strings.Join(pathSlice, arrow) } diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index aa22f6841..b6cecc798 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -527,14 +527,14 @@ func (g *GroupConnLines) groupInternalSrcOrDst(srcGrouping, groupVsi bool) { nodesList[i] = line.getSrcOrDst(srcGrouping) } groupedEndpoints := groupedEndpointsElems(nodesList) - groupedNodes := g.cacheGrouped.getAndSetEndpointElemFromCache(&groupedEndpoints) + groupedNodes := g.cacheGrouped.getAndSetEndpointElemFromCache(g.config, &groupedEndpoints) if srcGrouping { res = append(res, &groupedConnLine{groupedNodes, linesGroup[0].Dst, linesGroup[0].CommonProperties}) } else { res = append(res, &groupedConnLine{linesGroup[0].Src, groupedNodes, linesGroup[0].CommonProperties}) } } - g.GroupedLines = unifiedGroupedConnLines(res, g.cacheGrouped, false) + g.GroupedLines = unifiedGroupedConnLines(g.config, res, g.cacheGrouped, false) } // Go over the grouping result and set groups s.t. all semantically equiv groups have a unified reference. @@ -543,20 +543,20 @@ func (g *GroupConnLines) groupInternalSrcOrDst(srcGrouping, groupVsi bool) { // the latter is required due to the functionality treating self loops as don't cares - extendGroupingSelfLoops // in which both srcs and dsts are manipulated but *GroupConnLines is not familiar // within the extendGroupingSelfLoops context and thus can not be done there smoothly -func unifiedGroupedConnLines(oldConnLines []*groupedConnLine, cacheGrouped *cacheGroupedElements, +func unifiedGroupedConnLines(c *VPCConfig, oldConnLines []*groupedConnLine, cacheGrouped *cacheGroupedElements, unifyGroupedExternalNodes bool) []*groupedConnLine { newGroupedLines := make([]*groupedConnLine, len(oldConnLines)) // go over all connections; if src/dst is not external then use groupedEndpointsElemsMap for i, groupedLine := range oldConnLines { - newGroupedLines[i] = &groupedConnLine{unifiedGroupedElems(groupedLine.Src, cacheGrouped, unifyGroupedExternalNodes), - unifiedGroupedElems(groupedLine.Dst, cacheGrouped, unifyGroupedExternalNodes), + newGroupedLines[i] = &groupedConnLine{unifiedGroupedElems(c, groupedLine.Src, cacheGrouped, unifyGroupedExternalNodes), + unifiedGroupedElems(c, groupedLine.Dst, cacheGrouped, unifyGroupedExternalNodes), groupedLine.CommonProperties} } return newGroupedLines } // unifies reference to a single element -func unifiedGroupedElems(srcOrDst EndpointElem, +func unifiedGroupedElems(c *VPCConfig, srcOrDst EndpointElem, cachedGrouped *cacheGroupedElements, unifyGroupedExternalNodes bool) EndpointElem { // external in case external grouping does not need to be unifed @@ -570,7 +570,7 @@ func unifiedGroupedElems(srcOrDst EndpointElem, return srcOrDst } if groupedEE, ok := srcOrDst.(*groupedEndpointsElems); ok { - unifiedGroupedEE := cachedGrouped.getAndSetEndpointElemFromCache(groupedEE) + unifiedGroupedEE := cachedGrouped.getAndSetEndpointElemFromCache(c, groupedEE) return unifiedGroupedEE } if groupedExternal, ok := srcOrDst.(*groupedExternalNodes); ok { diff --git a/pkg/vpcmodel/multiExplainability.go b/pkg/vpcmodel/multiExplainability.go index c294d6989..b08690374 100644 --- a/pkg/vpcmodel/multiExplainability.go +++ b/pkg/vpcmodel/multiExplainability.go @@ -43,8 +43,8 @@ func MultiExplain(srcDstCouples []explainInputEntry, vpcConns map[string]*VPCCon multiExplanation := make([]explainOutputEntry, len(srcDstCouples)) for i, srcDstCouple := range srcDstCouples { emptyExplain := &Explanation{ - src: srcDstCouple.src.NameForAnalyzerOut(nil), - dst: srcDstCouple.dst.NameForAnalyzerOut(nil), + src: srcDstCouple.src.NameForAnalyzerOut(srcDstCouple.c), + dst: srcDstCouple.dst.NameForAnalyzerOut(srcDstCouple.c), } if srcDstCouple.c == nil { // no vpc config implies missing cross-vpc router between src and dst which are not in the same VPC @@ -70,8 +70,8 @@ func MultiExplain(srcDstCouples []explainInputEntry, vpcConns map[string]*VPCCon multiExplanation[i] = explainOutputEntry{emptyExplain, errConn} continue } - explain, errExplain := explainConnectivityForVPC(srcDstCouple.c, srcDstCouple.src.NameForAnalyzerOut(nil), - srcDstCouple.dst.NameForAnalyzerOut(nil), + explain, errExplain := explainConnectivityForVPC(srcDstCouple.c, srcDstCouple.src.NameForAnalyzerOut(srcDstCouple.c), + srcDstCouple.dst.NameForAnalyzerOut(srcDstCouple.c), srcNodes, dstNodes, nil, connectivity) if errExplain != nil { multiExplanation[i] = explainOutputEntry{emptyExplain, errExplain} @@ -105,7 +105,7 @@ func getNodesFromEndpoint(c *VPCConfig, endpoint EndpointElem) ([]Node, error) { } return disjointNodes, nil } - return nil, fmt.Errorf("np-Guard error: %v not of type InternalNodeIntf or groupedExternalNodes", endpoint.NameForAnalyzerOut(nil)) + return nil, fmt.Errorf("np-Guard error: %v not of type InternalNodeIntf or groupedExternalNodes", endpoint.NameForAnalyzerOut(c)) } // CreateMultiExplanationsInput given configs and results of connectivity analysis, generates input diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 224ff44a3..95e27dff5 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -149,14 +149,14 @@ func getVPCResourceInfInOtherConfig(other *VPCConfig, ep VPCResourceIntf, if !node.IsInternal() { continue } - if node.NameForAnalyzerOut(nil) == ep.NameForAnalyzerOut(nil) { + if node.NameForAnalyzerOut(other) == ep.NameForAnalyzerOut(other) { res = VPCResourceIntf(node) return res, nil } } } else if diffAnalysis == Subnets { for _, subnet := range other.Subnets { - if subnet.NameForAnalyzerOut(nil) == ep.NameForAnalyzerOut(nil) { + if subnet.NameForAnalyzerOut(other) == ep.NameForAnalyzerOut(other) { res = VPCResourceIntf(subnet) return res, nil } @@ -467,13 +467,13 @@ func (responsiveConnMap *GeneralResponsiveConnectivityMap) actualAlignSrcOrDstGi if node, ok := src.(Node); ok { origIPBlock = node.IPBlock() } else { - return nil, fmt.Errorf(castingNodeErr, node.NameForAnalyzerOut(nil)) + return nil, fmt.Errorf(castingNodeErr, node.NameForAnalyzerOut(config)) } } else { if node, ok := dst.(Node); ok { origIPBlock = node.IPBlock() } else { - return nil, fmt.Errorf(castingNodeErr, node.NameForAnalyzerOut(nil)) + return nil, fmt.Errorf(castingNodeErr, node.NameForAnalyzerOut(config)) } } if err != nil { diff --git a/pkg/vpcmodel/unifyGrouping.go b/pkg/vpcmodel/unifyGrouping.go index 2b808b09d..8528428be 100644 --- a/pkg/vpcmodel/unifyGrouping.go +++ b/pkg/vpcmodel/unifyGrouping.go @@ -31,18 +31,18 @@ func newCacheGroupedElements() *cacheGroupedElements { func unifyMultiVPC(configs *MultipleVPCConfigs, nodesConn map[string]*VPCConnectivity, subnetsConn map[string]*VPCsubnetConnectivity, uc OutputUseCase) { cache := newCacheGroupedElements() - for vpcUID := range configs.Configs() { + for vpcUID, config := range configs.Configs() { switch uc { case AllEndpoints: if nodesConn[vpcUID] != nil { nodesConn[vpcUID].GroupedConnectivity.GroupedLines = - unifiedGroupedConnLines(nodesConn[vpcUID].GroupedConnectivity.GroupedLines, + unifiedGroupedConnLines(config, nodesConn[vpcUID].GroupedConnectivity.GroupedLines, cache, true) } case AllSubnets: if subnetsConn[vpcUID] != nil { subnetsConn[vpcUID].GroupedConnectivity.GroupedLines = - unifiedGroupedConnLines(subnetsConn[vpcUID].GroupedConnectivity.GroupedLines, + unifiedGroupedConnLines(config, subnetsConn[vpcUID].GroupedConnectivity.GroupedLines, cache, true) } } @@ -64,10 +64,10 @@ func getPublicNetworkNode() *groupedExternalNodes { // gets pointer of an element semantically equiv to grouped in cachedGrouped.groupedEndpointsElemsMap // if exists, nil otherwise func (cachedGrouped *cacheGroupedElements) getExistEndpointElemFromCache( - grouped *groupedEndpointsElems) *groupedEndpointsElems { - // since the endpoints (vsis/subnets) are sorted before printed, grouped.NameForAnalyzerOut(nil) will be identical + c *VPCConfig, grouped *groupedEndpointsElems) *groupedEndpointsElems { + // since the endpoints (vsis/subnets) are sorted before printed, grouped.NameForAnalyzerOut(c) will be identical // to equiv groupedEndpointsElems - if existingGrouped, ok := cachedGrouped.groupedEndpointsElemsMap[grouped.NameForAnalyzerOut(nil)]; ok { + if existingGrouped, ok := cachedGrouped.groupedEndpointsElemsMap[grouped.NameForAnalyzerOut(c)]; ok { return existingGrouped } return nil @@ -76,19 +76,19 @@ func (cachedGrouped *cacheGroupedElements) getExistEndpointElemFromCache( // gets pointer of an element semantically equiv to grouped in cachedGrouped.groupedEndpointsElemsMap // if does not exist, sets the input into the cache func (cachedGrouped *cacheGroupedElements) getAndSetEndpointElemFromCache( - groupedElem *groupedEndpointsElems) *groupedEndpointsElems { - existing := cachedGrouped.getExistEndpointElemFromCache(groupedElem) + c *VPCConfig, groupedElem *groupedEndpointsElems) *groupedEndpointsElems { + existing := cachedGrouped.getExistEndpointElemFromCache(c, groupedElem) if existing != nil { return existing } - cachedGrouped.setEndpointElemFromCache(groupedElem) + cachedGrouped.setEndpointElemFromCache(c, groupedElem) return groupedElem } // sets pointer of an element to cachedGrouped.groupedEndpointsElemsMap func (cachedGrouped *cacheGroupedElements) setEndpointElemFromCache( - groupedElem *groupedEndpointsElems) { - cachedGrouped.groupedEndpointsElemsMap[groupedElem.NameForAnalyzerOut(nil)] = groupedElem + c *VPCConfig, groupedElem *groupedEndpointsElems) { + cachedGrouped.groupedEndpointsElemsMap[groupedElem.NameForAnalyzerOut(c)] = groupedElem } // 2. Similar to the above, functionality related to cachedGrouped.groupedExternalNodesMap