Fix/cleanup (#93)

* fix cleanup Signed-off-by: David Wertenteil <[email protected]> * Generate NP only when ready Signed-off-by: David Wertenteil <[email protected]> * Silence klogs Signed-off-by: David Wertenteil <[email protected]> * fixed units Signed-off-by: David Wertenteil <[email protected]> * update mock list Signed-off-by: David Wertenteil <[email protected]> --------- Signed-off-by: David Wertenteil <[email protected]>
kubescape · Jan 26, 2024 · 5dec0b0 · 5dec0b0
1 parent b400cbf
commit 5dec0b0
Show file tree

Hide file tree

Showing 13 changed files with 442 additions and 169 deletions.
diff --git a/go.mod b/go.mod
@@ -8,23 +8,26 @@ require (
 	github.com/anchore/syft v0.98.0
 	github.com/armosec/utils-k8s-go v0.0.23
 	github.com/deckarep/golang-set/v2 v2.5.0
+	github.com/go-logr/zapr v1.2.4
 	github.com/google/gofuzz v1.2.0
 	github.com/goradd/maps v0.1.5
 	github.com/kubescape/go-logger v0.0.22
-	github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1
+	github.com/kubescape/k8s-interface v0.0.158
 	github.com/olvrng/ujson v1.1.0
 	github.com/puzpuzpuz/xsync/v2 v2.4.1
 	github.com/spf13/afero v1.11.0
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4
 	go.opentelemetry.io/otel v1.20.0
+	go.uber.org/zap v1.26.0
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
 	k8s.io/api v0.27.4
 	k8s.io/apimachinery v0.27.4
 	k8s.io/apiserver v0.26.2
 	k8s.io/client-go v0.27.4
 	k8s.io/code-generator v0.26.2
 	k8s.io/component-base v0.27.2
+	k8s.io/klog/v2 v2.110.1
 	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 )
@@ -194,7 +197,6 @@ require (
 	go.opentelemetry.io/otel/trace v1.20.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
 	golang.org/x/crypto v0.16.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/net v0.19.0 // indirect
@@ -218,7 +220,6 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
-	k8s.io/klog/v2 v2.110.1 // indirect
 	k8s.io/kms v0.26.2 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect
 	sigs.k8s.io/controller-runtime v0.15.0 // indirect

diff --git a/go.sum b/go.sum
@@ -678,6 +678,7 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
 github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -846,6 +847,7 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
@@ -1110,8 +1112,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kubescape/go-logger v0.0.22 h1:gle7wH6emOiGv9ljdpVi82pWLQ3jGucrUucvil6JXHE=
 github.com/kubescape/go-logger v0.0.22/go.mod h1:x3HBpZo3cMT/WIdy18BxvVVd5D0e/PWFVk/HiwBNu3g=
-github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1 h1:RPrJ95wiCaywdjgFzalOhTH3jyTOAZ6n19cNWjWL5KU=
-github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1/go.mod h1:5sz+5Cjvo98lTbTVDiDA4MmlXxeHSVMW/wR0V3hV4K8=
+github.com/kubescape/k8s-interface v0.0.158 h1:ibANnz7gOki3oe/+9qHI9PIUxiDReJvbfc2CYn/X3vY=
+github.com/kubescape/k8s-interface v0.0.158/go.mod h1:5sz+5Cjvo98lTbTVDiDA4MmlXxeHSVMW/wR0V3hV4K8=
 github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs=
 github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
@@ -1485,12 +1487,14 @@ go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI
 go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
 go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
 go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=

diff --git a/main.go b/main.go
@@ -18,22 +18,33 @@ package main
 
 import (
 	"context"
+	"flag"
 	"net/url"
 	"os"
 	"time"
 
 	utilsmetadata "github.com/armosec/utils-k8s-go/armometadata"
+	"github.com/go-logr/zapr"
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/storage/pkg/cleanup"
 	"github.com/kubescape/storage/pkg/cmd/server"
 	"github.com/kubescape/storage/pkg/registry/file"
 	"github.com/spf13/afero"
+	"go.uber.org/zap"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 	"k8s.io/component-base/cli"
+	"k8s.io/klog/v2"
 )
 
 func main() {
+	flag.Parse()
+
+	if logger, err := zap.NewProduction(); err == nil {
+		logger = logger.WithOptions(zap.IncreaseLevel(zap.FatalLevel))
+		klog.SetLogger(zapr.NewLogger(logger))
+	}
+
 	ctx := context.Background()
 	clusterData, err := utilsmetadata.LoadConfig("/etc/config/clusterData.json")
 	if err != nil {

diff --git a/pkg/apis/softwarecomposition/networkpolicy.go b/pkg/apis/softwarecomposition/networkpolicy.go
@@ -32,11 +32,11 @@ const (
 // NetworkPolicySpec provides the specification of a NetworkPolicy
 type NetworkPolicySpec struct {
 	PodSelector metav1.LabelSelector       `json:"podSelector" protobuf:"bytes,1,opt,name=podSelector"`
-	Ingress     []NetworkPolicyIngressRule `json:"ingress,omitempty" protobuf:"bytes,2,rep,name=ingress"`
+	Ingress     []NetworkPolicyIngressRule `json:"ingress" protobuf:"bytes,2,rep,name=ingress"`
 
-	Egress []NetworkPolicyEgressRule `json:"egress,omitempty" protobuf:"bytes,3,rep,name=egress"`
+	Egress []NetworkPolicyEgressRule `json:"egress" protobuf:"bytes,3,rep,name=egress"`
 
-	PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"`
+	PolicyTypes []PolicyType `json:"policyTypes" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"`
 }
 
 // NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods

diff --git a/pkg/apis/softwarecomposition/networkpolicy/networkpolicy.go b/pkg/apis/softwarecomposition/networkpolicy/networkpolicy.go
@@ -5,10 +5,13 @@ import (
 	"crypto/sha256"
 	"encoding/gob"
 	"encoding/hex"
+	"fmt"
 	"net"
 	"sort"
 	"strings"
 
+	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
+
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition"
@@ -22,6 +25,10 @@ const (
 )
 
 func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors, knownServers []softwarecomposition.KnownServer, timeProvider metav1.Time) (softwarecomposition.GeneratedNetworkPolicy, error) {
+	if !IsAvailable(networkNeighbors) {
+		return softwarecomposition.GeneratedNetworkPolicy{}, fmt.Errorf("networkNeighbors %s/%s status annotation is not ready", networkNeighbors.Namespace, networkNeighbors.Name)
+	}
+
 	networkPolicy := softwarecomposition.NetworkPolicy{
 		Kind:       "NetworkPolicy",
 		APIVersion: "networking.k8s.io/v1",
@@ -33,6 +40,12 @@ func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors
 			},
 			Labels: networkNeighbors.Labels,
 		},
+		Spec: softwarecomposition.NetworkPolicySpec{
+			PolicyTypes: []softwarecomposition.PolicyType{
+				softwarecomposition.PolicyTypeIngress,
+				softwarecomposition.PolicyTypeEgress,
+			},
+		},
 	}
 
 	if networkNeighbors.Spec.MatchLabels != nil {
@@ -43,14 +56,6 @@ func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors
 		networkPolicy.Spec.PodSelector.MatchExpressions = networkNeighbors.Spec.MatchExpressions
 	}
 
-	if len(networkNeighbors.Spec.Ingress) > 0 {
-		networkPolicy.Spec.PolicyTypes = append(networkPolicy.Spec.PolicyTypes, "Ingress")
-	}
-
-	if len(networkNeighbors.Spec.Egress) > 0 {
-		networkPolicy.Spec.PolicyTypes = append(networkPolicy.Spec.PolicyTypes, "Egress")
-	}
-
 	generatedNetworkPolicy := softwarecomposition.GeneratedNetworkPolicy{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "GeneratedNetworkPolicy",
@@ -166,7 +171,7 @@ func mergeIngressRulesByPorts(rules []softwarecomposition.NetworkPolicyIngressRu
 	})
 
 	// Construct merged rules using sorted keys
-	var mergedRules []softwarecomposition.NetworkPolicyIngressRule
+	mergedRules := []softwarecomposition.NetworkPolicyIngressRule{}
 	for i := range keys {
 		peers := merged[keys[i]]
 		sort.Slice(peers, func(i, j int) bool {
@@ -234,7 +239,7 @@ func mergeEgressRulesByPorts(rules []softwarecomposition.NetworkPolicyEgressRule
 	})
 
 	// Construct merged rules using sorted keys
-	var mergedRules []softwarecomposition.NetworkPolicyEgressRule
+	mergedRules := []softwarecomposition.NetworkPolicyEgressRule{}
 	for i := range keys {
 		peers := merged[keys[i]]
 		sort.Slice(peers, func(i, j int) bool {
@@ -451,3 +456,12 @@ func removeLabels(labels map[string]string) {
 		}
 	}
 }
+
+func IsAvailable(networkNeighbors softwarecomposition.NetworkNeighbors) bool {
+	switch networkNeighbors.GetAnnotations()[helpersv1.StatusMetadataKey] {
+	case helpersv1.Ready, helpersv1.Completed:
+		return true
+	default:
+		return false
+	}
+}