Merge branch 'main' into read_nacls

np-guard · Dec 19, 2024 · 0d4d903 · 0d4d903
2 parents 73103f1 + bd33e7d
commit 0d4d903
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 17 deletions.
diff --git a/pkg/optimize/common.go b/pkg/optimize/common.go
@@ -57,7 +57,7 @@ func IcmpsetPartitions(icmpset *netset.ICMPSet) []netp.ICMP {
 	return result
 }
 
-func IcmpRuleToIcmpSet(icmp netp.ICMP) *netset.ICMPSet {
+func IcmpToIcmpSet(icmp netp.ICMP) *netset.ICMPSet {
 	if icmp.TypeCode == nil {
 		return netset.AllICMPSet()
 	}

diff --git a/pkg/optimize/sg/ipCubesToRules.go b/pkg/optimize/sg/ipCubesToRules.go
@@ -90,8 +90,8 @@ func icmpIPCubesToRules(cubes []ds.Pair[*netset.IPBlock, *netset.ICMPSet], anyPr
 		// also activeICMP will be calculated, which is the icmp values that are still included in the active rules
 		activeICMP := netset.EmptyICMPSet()
 		for startIP, protocol := range activeRules {
-			icmp, _ := protocol.(netp.ICMP)
-			ruleIcmpSet := optimize.IcmpRuleToIcmpSet(icmp)
+			icmp, _ := protocol.(netp.ICMP) // already checked
+			ruleIcmpSet := optimize.IcmpToIcmpSet(icmp)
 			if !ruleIcmpSet.IsSubset(cubes[i].Right) {
 				res = slices.Concat(res, createNewRules(protocol, startIP, cubes[i-1].Left.LastIPAddressObject(), direction, l))
 				delete(activeRules, startIP)
@@ -102,7 +102,7 @@ func icmpIPCubesToRules(cubes []ds.Pair[*netset.IPBlock, *netset.ICMPSet], anyPr
 
 		// if the cube contains icmp values that are not contained in  active rules, new rules will be created
 		for _, p := range optimize.IcmpsetPartitions(cubes[i].Right) {
-			if !optimize.IcmpRuleToIcmpSet(p).IsSubset(activeICMP) {
+			if !optimize.IcmpToIcmpSet(p).IsSubset(activeICMP) {
 				activeRules[cubes[i].Left.FirstIPAddressObject()] = p
 			}
 		}

diff --git a/pkg/optimize/sg/rulesToCubes.go b/pkg/optimize/sg/rulesToCubes.go
@@ -18,7 +18,7 @@ import (
 )
 
 // SG remote
-func rulesToSGCubes(rules *rulesPerProtocol) *sgCubesPerProtocol {
+func rulesToSGCubes(rules *sgRulesPerProtocol) *sgCubesPerProtocol {
 	return &sgCubesPerProtocol{tcp: tcpudpRulesSGCubes(rules.tcp),
 		udp:         tcpudpRulesSGCubes(rules.udp),
 		icmp:        icmpRulesSGCubes(rules.icmp),
@@ -59,14 +59,14 @@ func icmpRulesSGCubes(rules []*ir.SGRule) map[ir.SGName]*netset.ICMPSet {
 		if result[remote] == nil {
 			result[remote] = netset.EmptyICMPSet()
 		}
-		icmpSet := optimize.IcmpRuleToIcmpSet(p)
+		icmpSet := optimize.IcmpToIcmpSet(p)
 		result[remote] = result[remote].Union(icmpSet)
 	}
 	return result
 }
 
 // IP remote
-func rulesToIPCubes(rules *rulesPerProtocol) *ipCubesPerProtocol {
+func rulesToIPCubes(rules *sgRulesPerProtocol) *ipCubesPerProtocol {
 	anyProtocolCubes := anyProtocolRulesToIPCubes(rules.anyProtocol)
 	return &ipCubesPerProtocol{tcp: tcpudpRulesToIPCubes(rules.tcp, anyProtocolCubes),
 		udp:         tcpudpRulesToIPCubes(rules.udp, anyProtocolCubes),
@@ -104,7 +104,7 @@ func icmpRulesToIPCubes(rules []*ir.SGRule, anyProtocolCubes *netset.IPBlock) []
 	for _, rule := range rules {
 		ipb := rule.Remote.(*netset.IPBlock) // already checked
 		p := rule.Protocol.(netp.ICMP)       // already checked
-		r := ds.CartesianPairLeft(ipb, optimize.IcmpRuleToIcmpSet(p))
+		r := ds.CartesianPairLeft(ipb, optimize.IcmpToIcmpSet(p))
 		cubes = cubes.Union(r).(*ds.ProductLeft[*netset.IPBlock, *netset.ICMPSet])
 	}
 	anyProtocolPair := ds.CartesianPairLeft(anyProtocolCubes, netset.AllICMPSet())

diff --git a/pkg/optimize/sg/sg.go b/pkg/optimize/sg/sg.go
@@ -26,12 +26,12 @@ type (
 		sgVPC        string
 	}
 
-	ruleGroups struct {
-		sgRemoteRules *rulesPerProtocol
-		ipRemoteRules *rulesPerProtocol
+	sgRuleGroups struct {
+		sgRemoteRules *sgRulesPerProtocol
+		ipRemoteRules *sgRulesPerProtocol
 	}
 
-	rulesPerProtocol struct {
+	sgRulesPerProtocol struct {
 		tcp         []*ir.SGRule
 		udp         []*ir.SGRule
 		icmp        []*ir.SGRule
@@ -171,9 +171,9 @@ func reduceRulesIPRemote(cubes *ipCubesPerProtocol, direction ir.Direction, l *n
 }
 
 // divide SGCollection to TCP/UDP/ICMP/anyProtocols X SGRemote/IPAddrs rules
-func divideSGRules(rules []*ir.SGRule) *ruleGroups {
-	rulesToSG := &rulesPerProtocol{}
-	rulesToIPAddrs := &rulesPerProtocol{}
+func divideSGRules(rules []*ir.SGRule) *sgRuleGroups {
+	rulesToSG := &sgRulesPerProtocol{}
+	rulesToIPAddrs := &sgRulesPerProtocol{}
 
 	for _, rule := range rules {
 		switch p := rule.Protocol.(type) {
@@ -206,14 +206,14 @@ func divideSGRules(rules []*ir.SGRule) *ruleGroups {
 			}
 		}
 	}
-	return &ruleGroups{sgRemoteRules: rulesToSG, ipRemoteRules: rulesToIPAddrs}
+	return &sgRuleGroups{sgRemoteRules: rulesToSG, ipRemoteRules: rulesToIPAddrs}
 }
 
 func isRemoteIPBlock(rule *ir.SGRule) bool {
 	_, ok := rule.Remote.(*netset.IPBlock)
 	return ok
 }
 
-func (s *rulesPerProtocol) allRules() []*ir.SGRule {
+func (s *sgRulesPerProtocol) allRules() []*ir.SGRule {
 	return slices.Concat(s.tcp, s.udp, s.icmp, s.anyProtocol)
 }