connlist

package

v1.1.0 Latest Latest Go to latest Published: Mar 5, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/np-guard/netpol-analyzer

Links

Open Source Insights

Documentation ¶

Overview ¶

The connlist package of netpol-analyzer allows producing a k8s connectivity report based on several resources: k8s NetworkPolicy, k8s Ingress, openshift Route It lists the set of allowed connections between each pair of different peers (k8s workloads or ip-blocks). Connections between workload to itself are excluded from the output. Connectivity inferred from Ingress/Route resources is between {ingress-controller} to k8s workloads. The resources can be extracted from a directory containing YAML manifests, or from a k8s cluster. For more information, see https://github.com/np-guard/netpol-analyzer.

Index ¶

Variables
func GetConnectionSetFromP2PConnection(c Peer2PeerConnection) *common.ConnectionSet
func ValidateOutputFormat(format string) error
type ConnlistAnalyzer
- func NewConnlistAnalyzer(options ...ConnlistAnalyzerOption) *ConnlistAnalyzer
type ConnlistAnalyzerOption
type ConnlistError
type Peer
type Peer2PeerConnection
- func NewPeer2PeerConnection(src, dst eval.Peer, allConns bool, conns map[v1.Protocol][]common.PortRange) Peer2PeerConnection
- func RefineConnListByDisjointPeers(conns []Peer2PeerConnection, m map[string]map[string]eval.Peer) ([]Peer2PeerConnection, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ValidFormats = []string{output.TextFormat, output.JSONFormat, output.DOTFormat,
	output.CSVFormat, output.MDFormat}

ValidFormats array of possible values of output format

Functions ¶

func GetConnectionSetFromP2PConnection ¶ added in v0.4.0

func GetConnectionSetFromP2PConnection(c Peer2PeerConnection) *common.ConnectionSet

returns a *common.ConnectionSet from Peer2PeerConnection data

func ValidateOutputFormat ¶ added in v0.2.0

func ValidateOutputFormat(format string) error

validate the value of the output format

Types ¶

type ConnlistAnalyzer ¶

type ConnlistAnalyzer struct {
	// contains filtered or unexported fields
}

A ConnlistAnalyzer provides API to recursively scan a directory for Kubernetes resources including network policies, and get the list of permitted connectivity between the workloads of the K8s application managed in this directory.

func NewConnlistAnalyzer ¶

func NewConnlistAnalyzer(options ...ConnlistAnalyzerOption) *ConnlistAnalyzer

NewConnlistAnalyzer creates a new instance of ConnlistAnalyzer, and applies the provided functional options.

func (*ConnlistAnalyzer) ConnectionsListToString ¶

func (ca *ConnlistAnalyzer) ConnectionsListToString(conns []Peer2PeerConnection) (string, error)

ConnectionsListToString returns a string of connections from list of Peer2PeerConnection objects in the required output format

func (*ConnlistAnalyzer) ConnlistFromDirPath ¶

func (ca *ConnlistAnalyzer) ConnlistFromDirPath(dirPath string) ([]Peer2PeerConnection, []Peer, error)

ConnlistFromDirPath returns the allowed connections list from dir path containing k8s resources and list of all workloads from the parsed resources

func (*ConnlistAnalyzer) ConnlistFromK8sCluster ¶

func (ca *ConnlistAnalyzer) ConnlistFromK8sCluster(clientset *kubernetes.Clientset) ([]Peer2PeerConnection, []Peer, error)

ConnlistFromK8sCluster returns the allowed connections list from k8s cluster resources and a list of all peers names

func (*ConnlistAnalyzer) ConnlistFromResourceInfos ¶ added in v1.0.0

func (ca *ConnlistAnalyzer) ConnlistFromResourceInfos(info []*resource.Info) ([]Peer2PeerConnection, []Peer, error)

The new interface ConnlistFromResourceInfos returns the allowed-connections list from input slice of resource.Info objects, and the list of all workloads from the parsed resources

func (*ConnlistAnalyzer) Errors ¶

func (ca *ConnlistAnalyzer) Errors() []ConnlistError

Errors returns a slice of ConnlistError with all warnings and errors encountered during processing.

type ConnlistAnalyzerOption ¶

type ConnlistAnalyzerOption func(*ConnlistAnalyzer)

ConnlistAnalyzerOption is the type for specifying options for ConnlistAnalyzer, using Golang's Options Pattern (https://golang.cafe/blog/golang-functional-options-pattern.html).

func WithFocusWorkload ¶

func WithFocusWorkload(workload string) ConnlistAnalyzerOption

func WithLogger ¶

func WithLogger(l logger.Logger) ConnlistAnalyzerOption

WithLogger is a functional option which sets the logger for a ConnlistAnalyzer to use. The provided logger must conform with the package's Logger interface.

func WithMuteErrsAndWarns ¶ added in v1.0.0

func WithMuteErrsAndWarns() ConnlistAnalyzerOption

WithMuteErrsAndWarns is a functional option which directs ConnlistAnalyzer to avoid logging errors/warnings

func WithOutputFormat ¶ added in v0.2.0

func WithOutputFormat(outputFormat string) ConnlistAnalyzerOption

WithOutputFormat is a functional option, allowing user to choose the output format txt/json/dot/csv/md.

func WithStopOnError ¶

func WithStopOnError() ConnlistAnalyzerOption

WithStopOnError is a functional option which directs ConnlistAnalyzer to stop any processing after the first severe error.

type ConnlistError ¶ added in v0.1.2

type ConnlistError common.NetpolError

ConnlistError holds information about a single error/warning that occurred during the parsing and connectivity analysis of k8s-app with network policies

type Peer ¶ added in v0.4.2

type Peer eval.Peer

type Peer2PeerConnection ¶

type Peer2PeerConnection interface {
	// Src returns the source peer
	Src() Peer
	// Dst returns the destination peer
	Dst() Peer
	// AllProtocolsAndPorts returns true if all ports are allowed for all protocols
	AllProtocolsAndPorts() bool
	// ProtocolsAndPorts returns the set of allowed connections
	ProtocolsAndPorts() map[v1.Protocol][]common.PortRange
}

Peer2PeerConnection encapsulates the allowed connectivity result between two peers.

func NewPeer2PeerConnection ¶ added in v0.4.0

func NewPeer2PeerConnection(src, dst eval.Peer, allConns bool, conns map[v1.Protocol][]common.PortRange) Peer2PeerConnection

NewPeer2PeerConnection returns a Peer2PeerConnection object with given src,dst,allConns and conns map

func RefineConnListByDisjointPeers ¶ added in v0.4.0

func RefineConnListByDisjointPeers(conns []Peer2PeerConnection, m map[string]map[string]eval.Peer) ([]Peer2PeerConnection, error)

RefineConnListByDisjointPeers is given as input Peer2PeerConnection slice and a map from peer-str to its disjoint peers, and returns a new Peer2PeerConnection slice with refined ip-blocks from their disjoint peers

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
ingressanalyzer

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL