Skip to content

Commit

Permalink
fix: use dynamic client for ListPodsTargetedByNetworkPolicy
Browse files Browse the repository at this point in the history
Signed-off-by: deggja <[email protected]>
  • Loading branch information
deggja committed May 9, 2024
1 parent 514eada commit fc8092b
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 105 deletions.
Binary file modified backend/netfetch
Binary file not shown.
106 changes: 1 addition & 105 deletions backend/pkg/k8s/target-scanner.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package k8s
import (
"context"
"fmt"
"strings"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -59,7 +58,7 @@ func GetAllNonSystemNamespaces(dynamicClient dynamic.Interface) ([]string, error
}

// ListPodsTargetedByNetworkPolicy lists all pods targeted by the given network policy in the specified namespace.
func ListPodsTargetedByNetworkPolicy(cynamicClient dynamic.Interface, policy *unstructured.Unstructured, namespace string) ([]string, error) {
func ListPodsTargetedByNetworkPolicy(dynamicClient dynamic.Interface, policy *unstructured.Unstructured, namespace string) ([]string, error) {
// Retrieve the PodSelector (matchLabels)
podSelector, found, err := unstructured.NestedMap(policy.Object, "spec", "podSelector", "matchLabels")
if err != nil {
Expand Down Expand Up @@ -91,106 +90,3 @@ func ListPodsTargetedByNetworkPolicy(cynamicClient dynamic.Interface, policy *un

return targetedPods, nil
}

// DescribeNetworkPolicyRules provides a human-readable description of network policy rules.
func DescribeNetworkPolicyRules(policy *unstructured.Unstructured) string {
var descriptions []string

// Parse Ingress Rules
ingressRules, _, _ := unstructured.NestedSlice(policy.Object, "spec", "ingress")
if len(ingressRules) > 0 {
for _, rule := range ingressRules {
descriptions = append(descriptions, fmt.Sprintf("Allows ingress from %s", describeRule(rule)))
}
} else {
descriptions = append(descriptions, "Blocks all ingress traffic")
}

// Parse Egress Rules
egressRules, _, _ := unstructured.NestedSlice(policy.Object, "spec", "egress")
if len(egressRules) > 0 {
for _, rule := range egressRules {
descriptions = append(descriptions, fmt.Sprintf("Allows egress to %s", describeRule(rule)))
}
} else {
descriptions = append(descriptions, "Blocks all egress traffic")
}

return strings.Join(descriptions, "; ")
}

// describeRule provides a summary of a single ingress or egress rule.
func describeRule(rule interface{}) string {
ruleMap, ok := rule.(map[string]interface{})
if !ok {
return "unknown source/destination"
}

var sources []string

if from, ok := ruleMap["from"].([]interface{}); ok {
for _, fromRule := range from {
source := describeSource(fromRule)
sources = append(sources, source)
}
}

if to, ok := ruleMap["to"].([]interface{}); ok {
for _, toRule := range to {
destination := describeSource(toRule)
sources = append(sources, destination)
}
}

return strings.Join(sources, ", ")
}

// describeSource converts a source/destination object to a human-readable string.
func describeSource(source interface{}) string {
sourceMap, ok := source.(map[string]interface{})
if !ok {
return "unknown"
}

var descriptions []string

if podSelector, ok := sourceMap["podSelector"].(map[string]interface{}); ok {
descriptions = append(descriptions, fmt.Sprintf("pods matching %s", describeSelector(podSelector)))
}

if namespaceSelector, ok := sourceMap["namespaceSelector"].(map[string]interface{}); ok {
descriptions = append(descriptions, fmt.Sprintf("namespaces matching %s", describeSelector(namespaceSelector)))
}

if ipBlock, ok := sourceMap["ipBlock"].(map[string]interface{}); ok {
if cidr, ok := ipBlock["cidr"].(string); ok {
description := fmt.Sprintf("CIDR %s", cidr)

if except, ok := ipBlock["except"].([]interface{}); ok {
var exceptions []string
for _, ex := range except {
if cidrEx, ok := ex.(string); ok {
exceptions = append(exceptions, cidrEx)
}
}
if len(exceptions) > 0 {
description += fmt.Sprintf(" except %s", strings.Join(exceptions, ", "))
}
}
descriptions = append(descriptions, description)
}
}

return strings.Join(descriptions, ", ")
}

// describeSelector converts a map of labels into a human-readable selector string.
func describeSelector(selector map[string]interface{}) string {
var parts []string
for key, value := range selector {
if strVal, ok := value.(string); ok {
parts = append(parts, fmt.Sprintf("%s=%s", key, strVal))
}
}
return strings.Join(parts, ", ")
}

0 comments on commit fc8092b

Please sign in to comment.