diff --git a/cmd/policygen/config.go b/cmd/policygen/config.go index abe6c2d..7c35613 100644 --- a/cmd/policygen/config.go +++ b/cmd/policygen/config.go @@ -79,6 +79,12 @@ type Config struct { Communications []*Communication `yaml:"communications,omitempty"` } +func (c *Config) Update(config *Config) { + c.Namespaces = append(c.Namespaces, config.Namespaces...) + c.Networks = append(c.Networks, config.Networks...) + c.Communications = append(c.Communications, config.Communications...) +} + func (c Config) Validate() error { errs := make([]error, 0) @@ -173,10 +179,6 @@ func LoadConfig(file string) (*Config, error) { if err != nil { return nil, fmt.Errorf("Error parsing YAML: %v", err) } - err = config.Validate() - if err != nil { - return nil, err - } // every application must have its namespace field set for _, ns := range config.Namespaces { diff --git a/cmd/policygen/generator.go b/cmd/policygen/generator.go index 0658e38..d67345e 100644 --- a/cmd/policygen/generator.go +++ b/cmd/policygen/generator.go @@ -1,9 +1,7 @@ package main import ( - "fmt" "io" - "log" "os" ) @@ -56,8 +54,6 @@ type Egress struct { } func Generate(writer io.Writer, generator Generator, config *Config) error { - - log.Printf("CONFIG %+v", config) for _, ns := range config.Namespaces { err := generator.GenerateNamespace(os.Stdout, ns) if err != nil { @@ -104,9 +100,6 @@ func Generate(writer io.Writer, generator Generator, config *Config) error { for app, ingress := range ingresses { egress := egresses[app] if !ingress.Empty() || !egress.Empty() { - fmt.Fprintf(os.Stderr, "RULE %s\n", app) - fmt.Fprintf(os.Stderr, " IN %s\n", ingress) - fmt.Fprintf(os.Stderr, " OUT %s\n", egress) err := generator.GenerateCommunicationRule(writer, applications[app], ingress, egress) if err != nil { return err diff --git a/cmd/policygen/main.go b/cmd/policygen/main.go index 33dcb6f..a5daa59 100644 --- a/cmd/policygen/main.go +++ b/cmd/policygen/main.go @@ -17,27 +17,35 @@ func execute(files []string, options *Options) error { if len(files) == 0 { return fmt.Errorf("File expected") } + config := &Config{} for _, file := range files { - config, err := LoadConfig(file) + log.Printf("LOADING %s\n", file) + configNew, err := LoadConfig(file) if err != nil { return err } - - policyTemplates, err := NewPolicyTemplates() + config.Update(configNew) + err = config.Validate() if err != nil { - return err + return fmt.Errorf("Error loading config %s: %w", file, err) } - var generator Generator - generator = NetworkPolicyGenerrator{ - config: config, - policyTemplates: policyTemplates, - } - err = Generate(os.Stdout, generator, config) - if err != nil { - return err - } - + log.Printf("Namespaces %v", config.Namespaces) } + + policyTemplates, err := NewPolicyTemplates() + if err != nil { + return err + } + var generator Generator + generator = NetworkPolicyGenerrator{ + config: config, + policyTemplates: policyTemplates, + } + err = Generate(os.Stdout, generator, config) + if err != nil { + return err + } + return nil } diff --git a/cmd/policygen/netpol_generator.go b/cmd/policygen/netpol_generator.go index 6fd3f3a..939d2c8 100644 --- a/cmd/policygen/netpol_generator.go +++ b/cmd/policygen/netpol_generator.go @@ -3,7 +3,6 @@ package main import ( "fmt" "io" - "log" "os" "slices" ) @@ -17,7 +16,6 @@ func (g NetworkPolicyGenerrator) GenerateNamespace(writer io.Writer, namespace * fmt.Fprintf(os.Stderr, "Namespace %s\n", namespace.Name) templates := g.policyTemplates.NamespaceTemplates("netpol", namespace.Capabilities) - log.Printf("Got %d templates", len(templates)) for _, template := range templates { err := template.Execute(writer, &namespace) @@ -64,14 +62,12 @@ func (g NetworkPolicyGenerrator) GenerateCommunicationRule( for _, pre := range egress.Predefined { allPredefined[pre] = true } - log.Printf("ALl PREDEFINED %v", allPredefined) for predefined, _ := range allPredefined { tmpl := g.policyTemplates.PredefineApplicationPolicyTemplate("netpol", predefined) if tmpl == nil { return fmt.Errorf("Could not find predefined template for netpol/%s", predefined) } - log.Printf("PREDEFINED FOR %s", app.Name) err := tmpl.Execute(writer, map[string]any{ "app": app, "ingress": slices.Contains(ingress.Predefined, predefined), diff --git a/cmd/policygen/templates.go b/cmd/policygen/templates.go index 5c7578f..80edbab 100644 --- a/cmd/policygen/templates.go +++ b/cmd/policygen/templates.go @@ -55,7 +55,6 @@ func showContents(files fs.FS) { panic(err) } for _, entry := range entries { - fmt.Fprintf(os.Stderr, "entry %s %s\n", entry.Name(), entry.Type()) if entry.Type().IsDir() { subdir, err := fs.Sub(files, entry.Name()) if err != nil { diff --git a/cmd/policygen/templates/netpol/pod/apiserver.yaml b/cmd/policygen/templates/netpol/pod/apiserver.yaml index b57d042..70c37e8 100644 --- a/cmd/policygen/templates/netpol/pod/apiserver.yaml +++ b/cmd/policygen/templates/netpol/pod/apiserver.yaml @@ -2,7 +2,7 @@ kind: CiliumNetworkPolicy apiVersion: cilium.io/v2 metadata: - name: {{.app.Name}} + name: {{.app.Name}}-apiserver namespace: {{.app.Namespace.Name}} labels: {{ .labels | toYaml | nindent 4 }} spec: diff --git a/cmd/policygen/templates/netpol/pod/pod.yaml b/cmd/policygen/templates/netpol/pod/pod.yaml index 42f90df..878eafe 100644 --- a/cmd/policygen/templates/netpol/pod/pod.yaml +++ b/cmd/policygen/templates/netpol/pod/pod.yaml @@ -61,7 +61,7 @@ spec: {{- if or .egress.Applications .egress.Networks }} egress: - tp: + to: {{- template "peers" .egress }} {{- template "networks" .egress }} {{- end }}