multiple config files to allow spreading of configuration

2025-01-02 19:21:04 +01:00 · 2025-01-02 19:21:04 +01:00 · c522f16d64
commit c522f16d64
parent 5659d7c18c
7 changed files with 30 additions and 32 deletions
--- a/cmd/policygen/config.go
+++ b/cmd/policygen/config.go
@ -79,6 +79,12 @@ type Config struct {
 	Communications []*Communication `yaml:"communications,omitempty"`
 }

+func (c *Config) Update(config *Config) {
+	c.Namespaces = append(c.Namespaces, config.Namespaces...)
+	c.Networks = append(c.Networks, config.Networks...)
+	c.Communications = append(c.Communications, config.Communications...)
+}
+
 func (c Config) Validate() error {

 	errs := make([]error, 0)
@ -173,10 +179,6 @@ func LoadConfig(file string) (*Config, error) {
 	if err != nil {
 		return nil, fmt.Errorf("Error parsing YAML: %v", err)
 	}
-	err = config.Validate()
-	if err != nil {
-		return nil, err
-	}

 	// every application must have its namespace field set
 	for _, ns := range config.Namespaces {
--- a/cmd/policygen/generator.go
+++ b/cmd/policygen/generator.go
@ -1,9 +1,7 @@
 package main

 import (
-	"fmt"
 	"io"
-	"log"
 	"os"
 )

@ -56,8 +54,6 @@ type Egress struct {
 }

 func Generate(writer io.Writer, generator Generator, config *Config) error {
-
-	log.Printf("CONFIG %+v", config)
 	for _, ns := range config.Namespaces {
 		err := generator.GenerateNamespace(os.Stdout, ns)
 		if err != nil {
@ -104,9 +100,6 @@ func Generate(writer io.Writer, generator Generator, config *Config) error {
 	for app, ingress := range ingresses {
 		egress := egresses[app]
 		if !ingress.Empty() || !egress.Empty() {
-			fmt.Fprintf(os.Stderr, "RULE %s\n", app)
-			fmt.Fprintf(os.Stderr, "  IN %s\n", ingress)
-			fmt.Fprintf(os.Stderr, "  OUT %s\n", egress)
 			err := generator.GenerateCommunicationRule(writer, applications[app], ingress, egress)
 			if err != nil {
 				return err
--- a/cmd/policygen/main.go
+++ b/cmd/policygen/main.go
@ -17,27 +17,35 @@ func execute(files []string, options *Options) error {
 	if len(files) == 0 {
 		return fmt.Errorf("File expected")
 	}
+	config := &Config{}
 	for _, file := range files {
-		config, err := LoadConfig(file)
+		log.Printf("LOADING %s\n", file)
+		configNew, err := LoadConfig(file)
 		if err != nil {
 			return err
 		}
-
-		policyTemplates, err := NewPolicyTemplates()
+		config.Update(configNew)
+		err = config.Validate()
 		if err != nil {
-			return err
+			return fmt.Errorf("Error loading config %s: %w", file, err)
 		}
-		var generator Generator
-		generator = NetworkPolicyGenerrator{
-			config:          config,
-			policyTemplates: policyTemplates,
-		}
-		err = Generate(os.Stdout, generator, config)
-		if err != nil {
-			return err
-		}
-
+		log.Printf("Namespaces %v", config.Namespaces)
 	}
+
+	policyTemplates, err := NewPolicyTemplates()
+	if err != nil {
+		return err
+	}
+	var generator Generator
+	generator = NetworkPolicyGenerrator{
+		config:          config,
+		policyTemplates: policyTemplates,
+	}
+	err = Generate(os.Stdout, generator, config)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }

--- a/cmd/policygen/netpol_generator.go
+++ b/cmd/policygen/netpol_generator.go
@ -3,7 +3,6 @@ package main
 import (
 	"fmt"
 	"io"
-	"log"
 	"os"
 	"slices"
 )
@ -17,7 +16,6 @@ func (g NetworkPolicyGenerrator) GenerateNamespace(writer io.Writer, namespace *
 	fmt.Fprintf(os.Stderr, "Namespace %s\n", namespace.Name)

 	templates := g.policyTemplates.NamespaceTemplates("netpol", namespace.Capabilities)
-	log.Printf("Got %d templates", len(templates))

 	for _, template := range templates {
 		err := template.Execute(writer, &namespace)
@ -64,14 +62,12 @@ func (g NetworkPolicyGenerrator) GenerateCommunicationRule(
 	for _, pre := range egress.Predefined {
 		allPredefined[pre] = true
 	}
-	log.Printf("ALl PREDEFINED %v", allPredefined)

 	for predefined, _ := range allPredefined {
 		tmpl := g.policyTemplates.PredefineApplicationPolicyTemplate("netpol", predefined)
 		if tmpl == nil {
 			return fmt.Errorf("Could not find predefined template for netpol/%s", predefined)
 		}
-		log.Printf("PREDEFINED FOR %s", app.Name)
 		err := tmpl.Execute(writer, map[string]any{
 			"app":     app,
 			"ingress": slices.Contains(ingress.Predefined, predefined),
--- a/cmd/policygen/templates.go
+++ b/cmd/policygen/templates.go
@ -55,7 +55,6 @@ func showContents(files fs.FS) {
 		panic(err)
 	}
 	for _, entry := range entries {
-		fmt.Fprintf(os.Stderr, "entry %s %s\n", entry.Name(), entry.Type())
 		if entry.Type().IsDir() {
 			subdir, err := fs.Sub(files, entry.Name())
 			if err != nil {
--- a/cmd/policygen/templates/netpol/pod/apiserver.yaml
+++ b/cmd/policygen/templates/netpol/pod/apiserver.yaml
@ -2,7 +2,7 @@
 kind: CiliumNetworkPolicy
 apiVersion: cilium.io/v2
 metadata:
-  name: {{.app.Name}}
+  name: {{.app.Name}}-apiserver
  namespace: {{.app.Namespace.Name}}
  labels: {{ .labels | toYaml | nindent 4 }}
 spec:
--- a/cmd/policygen/templates/netpol/pod/pod.yaml
+++ b/cmd/policygen/templates/netpol/pod/pod.yaml
@ -61,7 +61,7 @@ spec:

  {{- if or .egress.Applications .egress.Networks }}
  egress:
-    tp:
+    to:
      {{- template "peers" .egress }}
      {{- template "networks" .egress }}
  {{- end }}