full parsing of config file and validation logic.
This commit is contained in:
parent
f99e885f7a
commit
8c5a099082
@ -74,7 +74,10 @@ communications:
|
||||
- from:
|
||||
- httpd-wamblee-org
|
||||
to:
|
||||
- nexus-server:8081,8082
|
||||
- nexus-server
|
||||
porst:
|
||||
- 8081
|
||||
- 8082
|
||||
|
||||
|
||||
Handling of capabilities:
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/goccy/go-yaml"
|
||||
"net"
|
||||
)
|
||||
@ -32,8 +34,8 @@ func (c CIDR) MarshalYAML() ([]byte, error) {
|
||||
return []byte(string(c)), nil
|
||||
}
|
||||
|
||||
// CIDRS represents each network entry in the YAML
|
||||
type CIDRS struct {
|
||||
// Network represents each network entry in the YAML
|
||||
type Network struct {
|
||||
Name string `yaml:"name"`
|
||||
CIDR CIDR `yaml:"cidr"`
|
||||
Except []CIDR `yaml:"except,omitempty"`
|
||||
@ -46,13 +48,70 @@ type Application struct {
|
||||
}
|
||||
|
||||
type Namespace struct {
|
||||
Namespace string `yaml:"namespace"`
|
||||
Name string `yaml:"name"`
|
||||
Capabilities []string `yaml:"capabilities"`
|
||||
Applications []Application `yaml:"applications"`
|
||||
}
|
||||
|
||||
type Communication struct {
|
||||
From []string `yaml:"from"`
|
||||
To []string `yaml:"to"`
|
||||
Ports []string `yaml:"ports"`
|
||||
}
|
||||
|
||||
// Config represents the top-level YAML structure
|
||||
type Config struct {
|
||||
Networks []CIDRS `yaml:"networks"`
|
||||
Namespaces []Namespace `yaml:"namespaces"`
|
||||
Networks []Network `yaml:"networks,omitempty"`
|
||||
Namespaces []Namespace `yaml:"namespaces,omitempty"`
|
||||
Communications []Communication `yaml:"communications,omitempty"`
|
||||
}
|
||||
|
||||
func (c Config) Validate() error {
|
||||
|
||||
errs := make([]error, 0)
|
||||
|
||||
// namesapaces must be unique
|
||||
ns := make(map[string]bool)
|
||||
for _, namespace := range c.Namespaces {
|
||||
if ns[namespace.Name] {
|
||||
errs = append(errs, fmt.Errorf("Duplicate namespace name %s", namespace.Name))
|
||||
}
|
||||
ns[namespace.Name] = true
|
||||
}
|
||||
|
||||
// network names mus tbe unique
|
||||
networks := make(map[string]bool)
|
||||
for _, network := range c.Networks {
|
||||
if networks[network.Name] {
|
||||
errs = append(errs, fmt.Errorf("Duplicate network name %s", network.Name))
|
||||
}
|
||||
networks[network.Name] = true
|
||||
}
|
||||
|
||||
// application names must be unique
|
||||
apps := make(map[string]bool)
|
||||
for _, namespace := range c.Namespaces {
|
||||
for _, app := range namespace.Applications {
|
||||
if apps[app.Name] {
|
||||
errs = append(errs, fmt.Errorf("Duplicate application %s (%s)", app.Name, namespace.Name))
|
||||
}
|
||||
apps[app.Name] = true
|
||||
}
|
||||
}
|
||||
|
||||
// applications mentioned in a communication must exist
|
||||
for _, communication := range c.Communications {
|
||||
for _, from := range communication.From {
|
||||
if !apps[from] {
|
||||
errs = append(errs, fmt.Errorf("Application does not exist: %s referenced in a communication (%+v)", from, communication))
|
||||
}
|
||||
}
|
||||
for _, to := range communication.To {
|
||||
if !apps[to] {
|
||||
errs = append(errs, fmt.Errorf("Application does not exist: %s referenced in a communication (%+v)", to, communication))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return errors.Join(errs...)
|
||||
}
|
||||
|
||||
@ -9,13 +9,17 @@ import (
|
||||
)
|
||||
|
||||
type Options struct {
|
||||
cni string
|
||||
policyType string
|
||||
}
|
||||
|
||||
func execute(files []string, options *Options) error {
|
||||
if len(files) != 1 {
|
||||
if len(files) == 0 {
|
||||
return fmt.Errorf("File expected")
|
||||
}
|
||||
yamlFile, err := os.ReadFile(files[0])
|
||||
for _, file := range files {
|
||||
fmt.Fprintf(os.Stderr, "Reading config %s\n", file)
|
||||
yamlFile, err := os.ReadFile(file)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading YAML file: %v", err)
|
||||
}
|
||||
@ -30,13 +34,20 @@ func execute(files []string, options *Options) error {
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error parsing YAML: %v", err)
|
||||
}
|
||||
|
||||
err = config.Validate()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Printf("PARSED %+v\n", config)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func main() {
|
||||
options := Options{}
|
||||
options := Options{
|
||||
cni: "cilium",
|
||||
policyType: "netpol",
|
||||
}
|
||||
cmd := &cobra.Command{
|
||||
Use: "policygen",
|
||||
Short: "Generate network policies",
|
||||
|
||||
@ -11,7 +11,7 @@ networks:
|
||||
|
||||
|
||||
namespaces:
|
||||
- namespace: wamblee-org
|
||||
- name: wamblee-org
|
||||
capabilities:
|
||||
- linkerd
|
||||
applications:
|
||||
@ -24,8 +24,27 @@ namespaces:
|
||||
matchLabels:
|
||||
app: nexus-server
|
||||
|
||||
- namespace: exposure
|
||||
- name: exposure
|
||||
applications:
|
||||
- name: httpd-wamblee-org
|
||||
matchLabels:
|
||||
app: wamblee-org
|
||||
|
||||
communications:
|
||||
- from: # can we support both string and list of strings?
|
||||
- httpd-wamblee-org
|
||||
to:
|
||||
- nexus-server
|
||||
- wamblee-static
|
||||
- wamblee-safe
|
||||
|
||||
# or limiting ports further
|
||||
- from:
|
||||
- httpd-wamblee-org
|
||||
to:
|
||||
- nexus-server
|
||||
ports:
|
||||
- 8081
|
||||
- 8082
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user