diff

package

v1.1.0 Latest Latest Go to latest Published: Mar 5, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/np-guard/netpol-analyzer

Links

Open Source Insights

Documentation ¶

Overview ¶

The diff package of netpol-analyzer allows producing a k8s connectivity semantic-diff report based on several resources: k8s NetworkPolicy, k8s Ingress, openshift Route It lists the set of changed/removed/added connections between pair of peers (k8s workloads or ip-blocks). The resources can be extracted from two directories containing YAML manifests. For more information, see https://github.com/np-guard/netpol-analyzer.

Index ¶

Variables
func ValidateDiffOutputFormat(format string) error
type AllowedConnectivity
type ConnectivityDiff
type DiffAnalyzer
- func NewDiffAnalyzer(options ...DiffAnalyzerOption) *DiffAnalyzer
type DiffAnalyzerOption
type DiffError
type DiffTypeStr
type Peer
type SrcDstDiff

Constants ¶

This section is empty.

Variables ¶

View Source

var ValidDiffFormats = []string{output.TextFormat, output.CSVFormat, output.MDFormat, output.DOTFormat}

ValidDiffFormats are the supported formats for output generation of the diff command

Functions ¶

func ValidateDiffOutputFormat ¶

func ValidateDiffOutputFormat(format string) error

ValidateDiffOutputFormat validate the value of the diff output format

Types ¶

type AllowedConnectivity ¶ added in v1.0.0

type AllowedConnectivity interface {
	// AllProtocolsAndPorts returns true if all ports are allowed for all protocols
	AllProtocolsAndPorts() bool
	// ProtocolsAndPorts returns the set of allowed connections
	ProtocolsAndPorts() map[v1.Protocol][]common.PortRange
}

type ConnectivityDiff ¶

type ConnectivityDiff interface {
	// RemovedConnections is a list of differences where the specified conn only exists in ref1
	RemovedConnections() []SrcDstDiff

	// AddedConnections  is a list of differences where the specified conn only exists in ref2
	AddedConnections() []SrcDstDiff

	// ChangedConnections is a list of differences where the specified conn exists in ref1 and ref2 but not identical
	// connection properties
	ChangedConnections() []SrcDstDiff

	// UnchangedConnections is a list of connections that exists in ref1 and ref2, and are identical
	UnchangedConnections() []SrcDstDiff

	// IsEmpty returns true if there is no diff in connectivity, i.e. removed, added and changed connections are empty
	IsEmpty() bool
}

ConnectivityDiff captures the set of differences in terms of connectivity between two input k8s resource sets

type DiffAnalyzer ¶

type DiffAnalyzer struct {
	// contains filtered or unexported fields
}

A DiffAnalyzer provides API to recursively scan two directories for Kubernetes resources including network policies, and get the difference of permitted connectivity between the workloads of the K8s application managed in theses directories.

func NewDiffAnalyzer ¶

func NewDiffAnalyzer(options ...DiffAnalyzerOption) *DiffAnalyzer

NewDiffAnalyzer creates a new instance of DiffAnalyzer, and applies the provided functional options.

func (*DiffAnalyzer) ConnDiffFromDirPaths ¶

func (da *DiffAnalyzer) ConnDiffFromDirPaths(dirPath1, dirPath2 string) (ConnectivityDiff, error)

ConnDiffFromDirPaths returns the connectivity diffs from two dir paths containing k8s resources, representing two versions of manifest sets to compare

func (*DiffAnalyzer) ConnDiffFromResourceInfos ¶ added in v1.0.0

func (da *DiffAnalyzer) ConnDiffFromResourceInfos(infos1, infos2 []*resource.Info) (ConnectivityDiff, error)

ConnDiffFromResourceInfos returns the connectivity diffs from two lists of resource.Info objects, representing two versions of manifest sets to compare

func (*DiffAnalyzer) ConnectivityDiffToString ¶

func (da *DiffAnalyzer) ConnectivityDiffToString(connectivityDiff ConnectivityDiff) (string, error)

ConnectivityDiffToString returns a string of connections diff from connectivityDiff object in the required output format

func (*DiffAnalyzer) Errors ¶

func (da *DiffAnalyzer) Errors() []DiffError

Errors returns a slice of DiffError with all warnings and errors encountered during processing.

type DiffAnalyzerOption ¶

type DiffAnalyzerOption func(*DiffAnalyzer)

DiffAnalyzerOption is the type for specifying options for DiffAnalyzer, using Golang's Options Pattern (https://golang.cafe/blog/golang-functional-options-pattern.html).

func WithArgNames ¶ added in v1.0.0

func WithArgNames(ref1Name, ref2Name string) DiffAnalyzerOption

WithArgNames is a functional option that sets the names to be used for the two sets of analyzed resources (default is ref1,ref2) in the output reports and log messages.

func WithLogger ¶

func WithLogger(l logger.Logger) DiffAnalyzerOption

WithLogger is a functional option which sets the logger for a DiffAnalyzer to use. The provided logger must conform with the package's Logger interface.

func WithOutputFormat ¶

func WithOutputFormat(outputFormat string) DiffAnalyzerOption

WithOutputFormat is a functional option, allowing user to choose the output format txt/csv/md.

func WithStopOnError ¶

func WithStopOnError() DiffAnalyzerOption

WithStopOnError is a functional option which directs DiffAnalyzer to stop any processing after the first severe error.

type DiffError ¶

type DiffError common.NetpolError

DiffError holds information about a single error/warning that occurred during the generating connectivity diff report

type DiffTypeStr ¶ added in v1.0.0

type DiffTypeStr string

const (
	// diff types
	ChangedType   DiffTypeStr = "changed"
	RemovedType   DiffTypeStr = "removed"
	AddedType     DiffTypeStr = "added"
	UnchangedType DiffTypeStr = "unchanged"
)

type Peer ¶ added in v1.0.0

type Peer eval.Peer

type SrcDstDiff ¶ added in v1.0.0

type SrcDstDiff interface {
	// Src returns the source peer
	Src() Peer
	// Dst returns the destination peer
	Dst() Peer
	// Ref1Connectivity returns the AllowedConnectivity from src to dst in ref1
	Ref1Connectivity() AllowedConnectivity
	// Ref2Connectivity returns the AllowedConnectivity from src to dst in ref2
	Ref2Connectivity() AllowedConnectivity
	// IsSrcNewOrRemoved returns true if the src peer exists only in ref2 (if DiffType is Added) or if
	// the src peer exists only in ref1 (if DiffType is Removed)
	IsSrcNewOrRemoved() bool
	// IsDstNewOrRemoved returns true if the dst peer exists only in ref2 (if DiffType is Added) or if
	// the dst peer exists only in ref1 (if DiffType is Removed)
	IsDstNewOrRemoved() bool
	// DiffType returns the diff type of ref2 w.r.t ref1, which can be ChangedType/RemovedType/AddedType/UnchangedType
	DiffType() DiffTypeStr
}

SrcDstDiff captures connectivity diff per one src-dst pair

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL