Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/cleanup #93

Merged
merged 5 commits into from
Jan 26, 2024
Merged

Fix/cleanup #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
1b039ea
fix cleanup
Jan 25, 2024
80d8d52
Generate NP only when ready
Jan 25, 2024
c29946f
Silence klogs
Jan 25, 2024
a46f436
fixed units
Jan 25, 2024
d533579
update mock list
Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,26 @@ require (
github.com/anchore/syft v0.98.0
github.com/armosec/utils-k8s-go v0.0.23
github.com/deckarep/golang-set/v2 v2.5.0
github.com/go-logr/zapr v1.2.4
github.com/google/gofuzz v1.2.0
github.com/goradd/maps v0.1.5
github.com/kubescape/go-logger v0.0.22
github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1
github.com/kubescape/k8s-interface v0.0.158
github.com/olvrng/ujson v1.1.0
github.com/puzpuzpuz/xsync/v2 v2.4.1
github.com/spf13/afero v1.11.0
github.com/spf13/cobra v1.8.0
github.com/stretchr/testify v1.8.4
go.opentelemetry.io/otel v1.20.0
go.uber.org/zap v1.26.0
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
k8s.io/api v0.27.4
k8s.io/apimachinery v0.27.4
k8s.io/apiserver v0.26.2
k8s.io/client-go v0.27.4
k8s.io/code-generator v0.26.2
k8s.io/component-base v0.27.2
k8s.io/klog/v2 v2.110.1
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
k8s.io/utils v0.0.0-20230726121419-3b25d923346b
)
Expand Down Expand Up @@ -194,7 +197,6 @@ require (
go.opentelemetry.io/otel/trace v1.20.0 // indirect
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
golang.org/x/crypto v0.16.0 // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/net v0.19.0 // indirect
Expand All @@ -218,7 +220,6 @@ require (
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
k8s.io/klog/v2 v2.110.1 // indirect
k8s.io/kms v0.26.2 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect
sigs.k8s.io/controller-runtime v0.15.0 // indirect
Expand Down
8 changes: 6 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -678,6 +678,7 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
Expand Down Expand Up @@ -846,6 +847,7 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
Expand Down Expand Up @@ -1110,8 +1112,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kubescape/go-logger v0.0.22 h1:gle7wH6emOiGv9ljdpVi82pWLQ3jGucrUucvil6JXHE=
github.com/kubescape/go-logger v0.0.22/go.mod h1:x3HBpZo3cMT/WIdy18BxvVVd5D0e/PWFVk/HiwBNu3g=
github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1 h1:RPrJ95wiCaywdjgFzalOhTH3jyTOAZ6n19cNWjWL5KU=
github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1/go.mod h1:5sz+5Cjvo98lTbTVDiDA4MmlXxeHSVMW/wR0V3hV4K8=
github.com/kubescape/k8s-interface v0.0.158 h1:ibANnz7gOki3oe/+9qHI9PIUxiDReJvbfc2CYn/X3vY=
github.com/kubescape/k8s-interface v0.0.158/go.mod h1:5sz+5Cjvo98lTbTVDiDA4MmlXxeHSVMW/wR0V3hV4K8=
github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs=
github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
Expand Down Expand Up @@ -1485,12 +1487,14 @@ go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI
go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
Expand Down
11 changes: 11 additions & 0 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,22 +18,33 @@ package main

import (
"context"
"flag"
"net/url"
"os"
"time"

utilsmetadata "github.com/armosec/utils-k8s-go/armometadata"
"github.com/go-logr/zapr"
"github.com/kubescape/go-logger"
"github.com/kubescape/go-logger/helpers"
"github.com/kubescape/storage/pkg/cleanup"
"github.com/kubescape/storage/pkg/cmd/server"
"github.com/kubescape/storage/pkg/registry/file"
"github.com/spf13/afero"
"go.uber.org/zap"
genericapiserver "k8s.io/apiserver/pkg/server"
"k8s.io/component-base/cli"
"k8s.io/klog/v2"
)

func main() {
flag.Parse()

if logger, err := zap.NewProduction(); err == nil {
logger = logger.WithOptions(zap.IncreaseLevel(zap.FatalLevel))
klog.SetLogger(zapr.NewLogger(logger))
}

ctx := context.Background()
clusterData, err := utilsmetadata.LoadConfig("/etc/config/clusterData.json")
if err != nil {
Expand Down
6 changes: 3 additions & 3 deletions pkg/apis/softwarecomposition/networkpolicy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ const (
// NetworkPolicySpec provides the specification of a NetworkPolicy
type NetworkPolicySpec struct {
PodSelector metav1.LabelSelector `json:"podSelector" protobuf:"bytes,1,opt,name=podSelector"`
Ingress []NetworkPolicyIngressRule `json:"ingress,omitempty" protobuf:"bytes,2,rep,name=ingress"`
Ingress []NetworkPolicyIngressRule `json:"ingress" protobuf:"bytes,2,rep,name=ingress"`

Egress []NetworkPolicyEgressRule `json:"egress,omitempty" protobuf:"bytes,3,rep,name=egress"`
Egress []NetworkPolicyEgressRule `json:"egress" protobuf:"bytes,3,rep,name=egress"`

PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"`
PolicyTypes []PolicyType `json:"policyTypes" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"`
}

// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
Expand Down
34 changes: 24 additions & 10 deletions pkg/apis/softwarecomposition/networkpolicy/networkpolicy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,13 @@ import (
"crypto/sha256"
"encoding/gob"
"encoding/hex"
"fmt"
"net"
"sort"
"strings"

helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"

"github.com/kubescape/go-logger"
"github.com/kubescape/go-logger/helpers"
"github.com/kubescape/storage/pkg/apis/softwarecomposition"
Expand All @@ -22,6 +25,10 @@ const (
)

func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors, knownServers []softwarecomposition.KnownServer, timeProvider metav1.Time) (softwarecomposition.GeneratedNetworkPolicy, error) {
if !IsAvailable(networkNeighbors) {
return softwarecomposition.GeneratedNetworkPolicy{}, fmt.Errorf("networkNeighbors %s/%s status annotation is not ready", networkNeighbors.Namespace, networkNeighbors.Name)
}

networkPolicy := softwarecomposition.NetworkPolicy{
Kind: "NetworkPolicy",
APIVersion: "networking.k8s.io/v1",
Expand All @@ -33,6 +40,12 @@ func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors
},
Labels: networkNeighbors.Labels,
},
Spec: softwarecomposition.NetworkPolicySpec{
PolicyTypes: []softwarecomposition.PolicyType{
softwarecomposition.PolicyTypeIngress,
softwarecomposition.PolicyTypeEgress,
},
},
}

if networkNeighbors.Spec.MatchLabels != nil {
Expand All @@ -43,14 +56,6 @@ func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors
networkPolicy.Spec.PodSelector.MatchExpressions = networkNeighbors.Spec.MatchExpressions
}

if len(networkNeighbors.Spec.Ingress) > 0 {
networkPolicy.Spec.PolicyTypes = append(networkPolicy.Spec.PolicyTypes, "Ingress")
}

if len(networkNeighbors.Spec.Egress) > 0 {
networkPolicy.Spec.PolicyTypes = append(networkPolicy.Spec.PolicyTypes, "Egress")
}

generatedNetworkPolicy := softwarecomposition.GeneratedNetworkPolicy{
TypeMeta: metav1.TypeMeta{
Kind: "GeneratedNetworkPolicy",
Expand Down Expand Up @@ -166,7 +171,7 @@ func mergeIngressRulesByPorts(rules []softwarecomposition.NetworkPolicyIngressRu
})

// Construct merged rules using sorted keys
var mergedRules []softwarecomposition.NetworkPolicyIngressRule
mergedRules := []softwarecomposition.NetworkPolicyIngressRule{}
for i := range keys {
peers := merged[keys[i]]
sort.Slice(peers, func(i, j int) bool {
Expand Down Expand Up @@ -234,7 +239,7 @@ func mergeEgressRulesByPorts(rules []softwarecomposition.NetworkPolicyEgressRule
})

// Construct merged rules using sorted keys
var mergedRules []softwarecomposition.NetworkPolicyEgressRule
mergedRules := []softwarecomposition.NetworkPolicyEgressRule{}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is useless

for i := range keys {
peers := merged[keys[i]]
sort.Slice(peers, func(i, j int) bool {
Expand Down Expand Up @@ -451,3 +456,12 @@ func removeLabels(labels map[string]string) {
}
}
}

func IsAvailable(networkNeighbors softwarecomposition.NetworkNeighbors) bool {
switch networkNeighbors.GetAnnotations()[helpersv1.StatusMetadataKey] {
case helpersv1.Ready, helpersv1.Completed:
return true
default:
return false
}
}
Loading
Loading