Closed shireenf-ibm closed 9 months ago
tested changes locally by printing the []ExposedPeer
result for debug , got expected results
tested changes locally by printing the
[]ExposedPeer
result for debug , got expected results
can you add here few examples for those printed results?
tested changes locally by printing the
[]ExposedPeer
result for debug , got expected resultscan you add here few examples for those printed results? 1.
allow-all-test
: we have one workload and an ingress + egress netpol that allowe all :
(the &{true map[]}
is for all connections , i simply printed %v
for the variable containing AllowedConnectivity
interface value)
test : minimal_test_with_unmatched_ns
: two peers:
same test as in (2.), but added to the ingress netpol following rule
- from:
- namespaceSelector: {}
ports:
- port: 8050
protocol: TCP
so we have the any-namespace
and the namespace with foo selector
enabled on same TCP connection
we should only see that it is exposed to entire ns on that connection (since the ns with selector included in it)
issue #236
task + sub-task :
the focus in this PR is to store the exposure analysis conns separately from the p2pconns; i.e implementations in
connlist
pkgmain file changes in
connlist
:pkg/netpol/connlist/connlist.go : *relevant to review:
getConnectionsBetweenPeers
, andgetConnectionsList
[]ExposedPeer
(in the API functions, and etc.),emptyExposedListOrNil()
: will be reverted in next PR (next sub task),pkg/netpol/connlist/exposed_peer.go: (changes are relevant to review)
pkg/netpol/connlist/exposure_analysis.go : all the file is relevant to review, implementing the interfaces from
pkg/netpol/connlist/exposed_peer.go
+ functionality to compute[]ExposedPeer
from the map computed inconnlist.go
main changes under
eval
pkg which are relevant to review are related to the newpod
flags :IngressProtected and EgressProtected
(adding + handling them), + removed unused code