94 lines
2.0 KiB
Go
94 lines
2.0 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"slices"
|
|
)
|
|
|
|
type NetworkPolicyGenerator struct {
|
|
config *Config
|
|
policyTemplates *PolicyTemplates
|
|
}
|
|
|
|
func NewNetworkPolicyGenerator(config *Config, templates *PolicyTemplates) *NetworkPolicyGenerator {
|
|
return &NetworkPolicyGenerator{
|
|
config: config,
|
|
policyTemplates: templates,
|
|
}
|
|
}
|
|
|
|
func (g *NetworkPolicyGenerator) Init(writer io.Writer) error {
|
|
return nil
|
|
}
|
|
|
|
func (g *NetworkPolicyGenerator) GenerateNamespace(writer io.Writer, namespace *Namespace) error {
|
|
fmt.Fprintf(os.Stderr, "Namespace %s\n", namespace.Name)
|
|
|
|
templates := g.policyTemplates.NamespaceTemplates("netpol", namespace.Capabilities)
|
|
|
|
for _, template := range templates {
|
|
err := template.Execute(writer, &namespace)
|
|
if err != nil {
|
|
return fmt.Errorf("Error using template %s: %w", template.Name(), err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (g *NetworkPolicyGenerator) GenerateCommunicationRule(
|
|
writer io.Writer,
|
|
app *Application,
|
|
ingress *Ingress,
|
|
egress *Egress) error {
|
|
|
|
if len(ingress.Applications)+
|
|
len(ingress.Networks)+
|
|
len(egress.Applications)+
|
|
len(egress.Networks) > 0 {
|
|
// non-trivial regular network policy
|
|
|
|
err := g.policyTemplates.Execute("netpol", "pod", writer, map[string]any{
|
|
"app": app,
|
|
"ingress": ingress,
|
|
"egress": egress,
|
|
"labels": map[string]string{
|
|
"policy-generator": "1",
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
allPredefined := make(map[string]bool)
|
|
for _, pre := range ingress.Predefined {
|
|
allPredefined[pre] = true
|
|
}
|
|
for _, pre := range egress.Predefined {
|
|
allPredefined[pre] = true
|
|
}
|
|
|
|
for predefined, _ := range allPredefined {
|
|
err := g.policyTemplates.Execute("netpol", predefined,
|
|
writer, map[string]any{
|
|
"app": app,
|
|
"ingress": slices.Contains(ingress.Predefined, predefined),
|
|
"egress": slices.Contains(egress.Predefined, predefined),
|
|
"labels": map[string]string{
|
|
"policy-generator": "1",
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (g *NetworkPolicyGenerator) Finalize(writer io.Writer) error {
|
|
return nil
|
|
}
|