to generate network policy, 'generate netpol' shoul dbe used now. Also

added subcommand for linkerd ('generate linkerd'
2025-01-19 16:33:21 +01:00 · 2025-01-19 16:33:21 +01:00 · 60ebbf0ef4
commit 60ebbf0ef4
parent 86572e8063
4 changed files with 38 additions and 15 deletions
--- a/cmd/policygen/config.go
+++ b/cmd/policygen/config.go
@ -6,7 +6,6 @@ import (
 	"fmt"
 	"github.com/goccy/go-yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"log"
 	"net"
 	"os"
 	"slices"
@ -187,13 +186,15 @@ func (c *Config) Infer(resolver Resolver) {
 		for _, app := range ns.Applications {
 			if len(app.ServiceAccounts) == 0 {
 				app.ServiceAccounts = resolver.ServiceAccounts(app)
-				log.Printf("Inferred service accounts: %s/%s: %v", app.Namespace.Name, app.Name,
+				fmt.Fprintf(os.Stderr, "Inferred service accounts: %s/%s: %v\n", app.Namespace.Name, app.Name,
 					app.ServiceAccounts)
 			}
 			if len(app.Ports) == 0 && !strings.HasPrefix(ns.Name, "linkerd") {
 				app.Ports = resolver.PortNumbers(app)
-				log.Printf("Inferred ports: %s/%s: %v", app.Namespace.Name, app.Name,
-					app.Ports)
+				if len(app.Ports) > 0 {
+					fmt.Fprintf(os.Stderr, "Inferred ports: %s/%s: %v\n", app.Namespace.Name, app.Name,
+						app.Ports)
+				}
 			}
 		}
 	}
--- a/cmd/policygen/configvalidator.go
+++ b/cmd/policygen/configvalidator.go
@ -56,6 +56,8 @@ func validate(files []string, options *Options) error {

 	config.Infer(cluster)

+	fmt.Fprintln(os.Stderr, "")
+
 	// map  applname1 -> appname2 where appname1 is in an open namespace and app2 is in a closed namespace.
 	// Exclusing when 'from' side is a CIDR.
 	openToClosedAccess := make(map[string]string)
--- a/cmd/policygen/main.go
+++ b/cmd/policygen/main.go
@ -3,7 +3,6 @@ package main
 import (
 	"fmt"
 	"github.com/spf13/cobra"
-	"log"
 	"os"
 )

@ -15,7 +14,7 @@ type Options struct {
 func readConfig(files []string) (*Config, error) {
 	config := &Config{}
 	for _, file := range files {
-		log.Printf("LOADING %s\n", file)
+		fmt.Fprintf(os.Stderr, "Reading %s\n", file)
 		configNew, err := LoadConfig(file)
 		if err != nil {
 			return nil, fmt.Errorf("%s: %w", file, err)
@ -29,7 +28,7 @@ func readConfig(files []string) (*Config, error) {
 	return config, nil
 }

-func generate(files []string, options *Options) error {
+func generateNetworkPolicy(files []string, options *Options) error {
 	if len(files) == 0 {
 		return fmt.Errorf("File expected")
 	}
@ -55,6 +54,10 @@ func generate(files []string, options *Options) error {
 	return nil
 }

+func generateLinkerdPolicies(files []string, options *Options) error {
+	return fmt.Errorf(("Not yet implemented"))
+}
+
 func main() {

 	options := Options{
@ -69,14 +72,31 @@ func main() {

 	generate := &cobra.Command{
 		Use:   "generate",
-		Short: "Generate policies",
-		Long:  "Generate policies",
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return generate(args, &options)
-		},
+		Short: "Generate configuration",
+		Long:  "Generate configuration",
 	}
 	cmd.AddCommand(generate)

+	netpol := &cobra.Command{
+		Use:   "netpol",
+		Short: "Generate NetworkPolicyp",
+		Long:  "Generate NetworkPolicy",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return generateNetworkPolicy(args, &options)
+		},
+	}
+	generate.AddCommand(netpol)
+
+	linkerd := &cobra.Command{
+		Use:   "linkerd",
+		Short: "Generate linkerd authorization policies",
+		Long:  "Generate linkerd authorization policies",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return generateLinkerdPolicies(args, &options)
+		},
+	}
+	generate.AddCommand(linkerd)
+
 	validate := &cobra.Command{
 		Use:   "validate",
 		Short: "Validate configuration",
--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module git.wamblee.org/public/policy-generator

-go 1.23.4
+go 1.23.5

 require (
 	github.com/Masterminds/sprig/v3 v3.3.0
@ -9,6 +9,8 @@ require (
 	github.com/go-playground/validator/v10 v10.23.0
 	github.com/goccy/go-yaml v1.15.13
 	github.com/spf13/cobra v1.8.1
+	k8s.io/api v0.32.0
+	k8s.io/apimachinery v0.32.0
 	k8s.io/client-go v0.32.0
 )

@ -57,8 +59,6 @@ require (
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.32.0 // indirect
-	k8s.io/apimachinery v0.32.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
 	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect