Merge pull request #14 from cybozu-go/fix-summary

summary: skip host-network and not-running pods
cybozu-go · Nov 13, 2024 · f0971b0 · f0971b0
2 parents be4a28f + 9dab4cb
commit f0971b0
Showing 1 changed file with 22 additions and 20 deletions.
diff --git a/cmd/npv/app/summary.go b/cmd/npv/app/summary.go
@@ -10,6 +10,7 @@ import (
 	"text/tabwriter"
 
 	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -62,28 +63,29 @@ func runSummary(ctx context.Context, w io.Writer) error {
 		entry.Namespace = p.Namespace
 		entry.Name = p.Name
 
+		// Skip non-relevant pods
 		if p.Spec.HostNetwork {
-			entry.EgressDeny = -1
-			entry.EgressAllow = -1
-			entry.IngressDeny = -1
-			entry.IngressAllow = -1
-		} else {
-			policies, err := queryPolicyMap(ctx, clientset, dynamicClient, rootOptions.namespace, p.Name)
-			if err != nil {
-				return err
-			}
+			continue
+		}
+		if p.Status.Phase != corev1.PodRunning {
+			continue
+		}
+
+		policies, err := queryPolicyMap(ctx, clientset, dynamicClient, rootOptions.namespace, p.Name)
+		if err != nil {
+			return err
+		}
 
-			for _, p := range policies {
-				switch {
-				case p.IsEgressRule() && p.IsDenyRule():
-					entry.EgressDeny++
-				case p.IsEgressRule() && !p.IsDenyRule():
-					entry.EgressAllow++
-				case !p.IsEgressRule() && p.IsDenyRule():
-					entry.IngressDeny++
-				case !p.IsEgressRule() && !p.IsDenyRule():
-					entry.IngressAllow++
-				}
+		for _, p := range policies {
+			switch {
+			case p.IsEgressRule() && p.IsDenyRule():
+				entry.EgressDeny++
+			case p.IsEgressRule() && !p.IsDenyRule():
+				entry.EgressAllow++
+			case !p.IsEgressRule() && p.IsDenyRule():
+				entry.IngressDeny++
+			case !p.IsEgressRule() && !p.IsDenyRule():
+				entry.IngressAllow++
 			}
 		}
 		summary = append(summary, entry)