From a0e7fb13ff3e03861e11c3aba5321c121edbb94f Mon Sep 17 00:00:00 2001 From: Yair Slobodin <154875779+YairSlobodin1@users.noreply.github.com> Date: Wed, 1 Jan 2025 17:24:18 +0200 Subject: [PATCH] nACL optimization - fix cmd (#231) --- README.md | 4 ++-- cmd/subcmds/optimize.go | 5 +++-- cmd/subcmds/optimizeACL.go | 21 +++++++++++++++------ pkg/optimize/acl/acl.go | 31 +++++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+), 10 deletions(-) create mode 100644 pkg/optimize/acl/acl.go diff --git a/README.md b/README.md index c814ce26..f2b27623 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Use the `vpcgen` CLI tool with one of the following commands: * `vpcgen synth acl` - generate an nACL for each subnet separately. * `vpcgen synth acl --single` - generate a single nACL for all subnets in the same VPC. * `vpcgen optimize sg` - optimize SGs. -* `vpcgen optimize acl` - optimize nACLs (In progress). +* `vpcgen optimize acl` - optimize nACLs. ## Synthesis #### nACLs Generation @@ -38,7 +38,7 @@ Flags: -n, --sg-name string which security group to optimize ``` -#### nACL optimization (in progress) +#### nACL optimization nACL optimizatin attempts to reduce the number of nACL rules in an nACL without changing the semantic. Specifying the `-n` flag results in optimizing only one given nACL. Otherwise, all nACLs will be optimized. ``` diff --git a/cmd/subcmds/optimize.go b/cmd/subcmds/optimize.go index 447be8ee..b5e24d06 100644 --- a/cmd/subcmds/optimize.go +++ b/cmd/subcmds/optimize.go @@ -17,12 +17,13 @@ import ( func newOptimizeCommand(args *inArgs) *cobra.Command { cmd := &cobra.Command{ Use: "optimize", - Short: "optimization of existing SG (nACLS are not supported yet)", - Long: `optimization of existing SG (nACLS are not supported yet)`, + Short: "optimization of existing SGs and nACLs", + Long: `optimization of existing SGs and nACLs`, } // sub cmds cmd.AddCommand(newOptimizeSGCommand(args)) + cmd.AddCommand(newOptimizeACLCommand(args)) return cmd } diff --git a/cmd/subcmds/optimizeACL.go b/cmd/subcmds/optimizeACL.go index 60327bd2..20cafc49 100644 --- a/cmd/subcmds/optimizeACL.go +++ b/cmd/subcmds/optimizeACL.go @@ -5,18 +5,27 @@ SPDX-License-Identifier: Apache-2.0 package subcmds -import "github.com/spf13/cobra" +import ( + "github.com/spf13/cobra" -// temporarily exported and currently unused -func NewOptimizeACLCommand(_ *inArgs) *cobra.Command { + acloptimizer "github.com/np-guard/vpc-network-config-synthesis/pkg/optimize/acl" +) + +const aclNameFlag = "acl-name" + +func newOptimizeACLCommand(args *inArgs) *cobra.Command { cmd := &cobra.Command{ Use: "acl", - Short: "OptimizeACL is not supported yet", - Long: `OptimizeACL is not supported yet`, + Short: "OptimizeACL attempts to reduce the number of nACL rules in an nACL without changing the semantic.", + Long: `OptimizeACL attempts to reduce the number of nACL rules in an nACL without changing the semantic.`, Args: cobra.NoArgs, RunE: func(cmd *cobra.Command, _ []string) error { - return nil + return optimization(cmd, args, acloptimizer.NewACLOptimizer, false) }, } + + // flags + cmd.PersistentFlags().StringVarP(&args.firewallName, aclNameFlag, "n", "", "which nACL to optimize") + return cmd } diff --git a/pkg/optimize/acl/acl.go b/pkg/optimize/acl/acl.go new file mode 100644 index 00000000..5c02005f --- /dev/null +++ b/pkg/optimize/acl/acl.go @@ -0,0 +1,31 @@ +/* +Copyright 2023- IBM Inc. All Rights Reserved. +SPDX-License-Identifier: Apache-2.0 +*/ + +package acloptimizer + +import ( + "github.com/np-guard/vpc-network-config-synthesis/pkg/ir" + "github.com/np-guard/vpc-network-config-synthesis/pkg/optimize" +) + +type ( + aclOptimizer struct { + aclCollection *ir.ACLCollection + aclName string + aclVPC string + } +) + +func NewACLOptimizer(collection ir.Collection, aclName string) optimize.Optimizer { + components := ir.ScopingComponents(aclName) + if len(components) == 1 { + return &aclOptimizer{aclCollection: collection.(*ir.ACLCollection), aclName: aclName, aclVPC: ""} + } + return &aclOptimizer{aclCollection: collection.(*ir.ACLCollection), aclName: components[1], aclVPC: components[0]} +} + +func (a *aclOptimizer) Optimize() (ir.Collection, error) { + return a.aclCollection, nil +}