explainability output - improve wording and format

[adisos]

output examples to review at: https://github.com/np-guard/vpc-network-config-analyzer/tree/main/pkg/ibmvpc/examples/out/explain_out

consider also running from cli with desired input args

[zivnevo]

Some suggestions:

• Header: Connectivity explanation between x and y -> Explaining connectivity from x to y
• No connection between x and y -> No connectivity from x to y
• connection blocked since transit gateway denies route between src and dst -> All connections will be blocked since transit gateway denies route from source to destination

[zivnevo]

More suggestions (errors):

• illegal src: in combined-vpc-local-tg-ky there is more than one resource (crn:551, crn:488) with the given input string vsi1-ky. can not determine which resource to analyze. consider using unique names or use input UID instead. -> illegal src: vsi1-ky matches more than one resource (crn:551, crn:488). Use VPC-name prefixes or CRNs.
• error parsing arguments: wrong connection description protocol 'DEP'; must be one of: 'TCP, UDP, ICMP'. -> error parsing arguments: protocol must be one of: 'TCP', 'UDP', 'ICMP'
• error parsing arguments: src-min-port, src-max-port, dst-min-port and dst-max-port must be in ranges [1, 65535]. -> error parsing arguments: port number must be between 1 and 65535, inclusive.

[ShiriMoran]

Thanks @nevo I'll insert all your suggestions. I'm listing here the identified errors, for coverage sake - see if you want to look into any of these (assuming you did not yet)

// 1. Both src and dst are external address
// 2. Src/dst is a Cidr that contains both internal and external address
// 3. Src/dst represents two different vsis in a certain config. This can be due to multiVpc context
// 4. Src/dst is an internal address within subnets of the VPC but not connected to a vsi
// 5. Src/dst does not present a legal IP address, a legal CIDR or a vsi name (vsi of the vpc)
// 6. Src/dst is an internal address not within subnets of the VPC

[zivnevo]

Thanks @nevo I'll insert all your suggestions. I'm listing here the identified errors, for coverage sake - see if you want to look into any of these (assuming you did not yet)

// 1. Both src and dst are external address
// 2. Src/dst is a Cidr that contains both internal and external address
// 3. Src/dst represents two different vsis in a certain config. This can be due to multiVpc context
// 4. Src/dst is an internal address within subnets of the VPC but not connected to a vsi
// 5. Src/dst does not present a legal IP address, a legal CIDR or a vsi name (vsi of the vpc)
// 6. Src/dst is an internal address not within subnets of the VPC

My version:

1. Both src and dst are external IP addresses
2. Src/dst is a CIDR that contains both internal and external IP addresses
3. Src/dst matches more than one VSI. Use VPC-name prefixes or CRNs (why is this different from the "more than one resource" error?)
4. Src/dst is an IP address within one of the given subnets, but is not connected to a VSI
5. Src/dst is not a legal IP address, CIDR, or VSI name
6. Src/dst is a VPC IP address, but not within any subnet

[ShiriMoran]

Some suggestions:

* Header: `Connectivity explanation between x and y` -> `Explaining connectivity from x to y`

* `No connection between x and y` -> `No connectivity from x to y`

* `connection blocked since transit gateway denies route between src and dst` -> `All connections will be blocked since transit gateway denies route from source to destination`

Similarly: connection blocked since source and destination in different VPCs with no transit gateway in-between -> All connections will be blocked since source and destination in different VPCs with no transit gateway in-between

Output part solved by https://github.com/np-guard/vpc-network-config-analyzer/pull/538

[ShiriMoran]

3. `Src/dst matches more than one VSI. Use VPC-name prefixes or CRNs` (why is this different from the "more than one resource" error?)

Its not different - its the same. We also support IKS node and VPE's (look at the testing with vpe or iks in their names). Would it be correct to use the term VSI?

[ShiriMoran]

4. `Src/dst is an IP address within one of the given subnets, but is not connected to a VSI`

The error message in this case is no network interfaces are connected to 10.240.10.5 in any of the VPCs

[ShiriMoran]

5. Src/dst is not a legal IP address, CIDR, or VSI name

done, but should we also mention here VPEs and IKNodes?

[ShiriMoran]

6. `Src/dst is a VPC IP address, but not within any subnet`

The error message in this case is: illegal src: internal address 10.20.10.0/24 not within the vpc test-vpc1 subnets' address range 10.240.10.0-10.240.10.255, 10.240.20.0-10.240.20.255, 10.240.30.0-10.240.30.255

[ShiriMoran]

error messages comments solved by https://github.com/np-guard/vpc-network-config-analyzer/pull/540