policy-generator/cmd/policygen/linkerd_generator.go

package main

import (
	"fmt"
	"io"
	"os"
)

type LinkerdPolicyGenerator struct {
	config          *Config
	policyTemplates *PolicyTemplates
}

func (g LinkerdPolicyGenerator) Init(writer io.Writer) error {
	// start by generating network authentications
	for _, network := range g.config.Networks {
		fmt.Fprintf(os.Stderr, "NetworkAuthentication default/%s\n", network.Name)
		template := g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "networkauthentication")
		if template == nil {
			return fmt.Errorf("Linkerd template for network authentication not found")
		}
		err := template.Execute(writer, network)
		if err != nil {
			return fmt.Errorf("Error executing network authentication template for %s", network.Name)
		}
	}
	return nil
}

func (g LinkerdPolicyGenerator) GenerateNamespace(writer io.Writer, namespace *Namespace) error {
	return nil
}

func (g LinkerdPolicyGenerator) GenerateCommunicationRule(
	writer io.Writer,
	app *Application,
	ingress *Ingress,
	egress *Egress) error {

	// and then the meshTLSAuthentications
	fmt.Fprintf(os.Stderr, "MeshTLSAuthentication %s/%s %v\n",
		app.Namespace.Name, app.Name, app.ServiceAccounts)
	template := g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "meshtlsauthentication")
	if template == nil {
		return fmt.Errorf("Could not find meshtlsauthentication template")
	}
	err := template.Execute(writer, app)
	if err != nil {
		return err
	}

	// and the server resources
	fmt.Fprintf(os.Stderr, "Server %s/%s\n",
		app.Namespace.Name, app.Name)
	template = g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "server")
	if template == nil {
		return fmt.Errorf("Could not find meshtlsauthentication template")
	}
	err = template.Execute(writer, app)
	if err != nil {
		return err
	}

	if len(ingress.Applications)+
		len(ingress.Networks)+
		len(egress.Applications)+
		len(egress.Networks) > 0 {
		// non-trivial regular network policy

		// TODO
	}

	return nil
}