From 9dab4cb329e8cb346acf62988c11074fcfd9fa3d Mon Sep 17 00:00:00 2001 From: Daichi Sakaue Date: Wed, 13 Nov 2024 11:39:06 +0900 Subject: [PATCH] summary: skip host-network and not-running pods Signed-off-by: Daichi Sakaue --- cmd/npv/app/summary.go | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/cmd/npv/app/summary.go b/cmd/npv/app/summary.go index df0c331..a1b1b95 100644 --- a/cmd/npv/app/summary.go +++ b/cmd/npv/app/summary.go @@ -10,6 +10,7 @@ import ( "text/tabwriter" "github.com/spf13/cobra" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -62,28 +63,29 @@ func runSummary(ctx context.Context, w io.Writer) error { entry.Namespace = p.Namespace entry.Name = p.Name + // Skip non-relevant pods if p.Spec.HostNetwork { - entry.EgressDeny = -1 - entry.EgressAllow = -1 - entry.IngressDeny = -1 - entry.IngressAllow = -1 - } else { - policies, err := queryPolicyMap(ctx, clientset, dynamicClient, rootOptions.namespace, p.Name) - if err != nil { - return err - } + continue + } + if p.Status.Phase != corev1.PodRunning { + continue + } + + policies, err := queryPolicyMap(ctx, clientset, dynamicClient, rootOptions.namespace, p.Name) + if err != nil { + return err + } - for _, p := range policies { - switch { - case p.IsEgressRule() && p.IsDenyRule(): - entry.EgressDeny++ - case p.IsEgressRule() && !p.IsDenyRule(): - entry.EgressAllow++ - case !p.IsEgressRule() && p.IsDenyRule(): - entry.IngressDeny++ - case !p.IsEgressRule() && !p.IsDenyRule(): - entry.IngressAllow++ - } + for _, p := range policies { + switch { + case p.IsEgressRule() && p.IsDenyRule(): + entry.EgressDeny++ + case p.IsEgressRule() && !p.IsDenyRule(): + entry.EgressAllow++ + case !p.IsEgressRule() && p.IsDenyRule(): + entry.IngressDeny++ + case !p.IsEgressRule() && !p.IsDenyRule(): + entry.IngressAllow++ } } summary = append(summary, entry)