Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explainability #416

Draft
wants to merge 73 commits into
base: main
Choose a base branch
from
Draft

Explainability #416

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
73 commits
Select commit Hold shift + click to select a range
7286094
adding ANP to parser.k8sobj
shireenf-ibm Apr 30, 2024
cc14430
fixing gocritic rangeValCopy by indexing
shireenf-ibm Apr 30, 2024
bb14609
Merge github.com:np-guard/netpol-analyzer into support_admin_netpolicy
shireenf-ibm Jun 13, 2024
03af344
Merge branch 'main' of github.com:np-guard/netpol-analyzer into suppo…
shireenf-ibm Jun 23, 2024
47b8718
Merge github.com:np-guard/netpol-analyzer into support_admin_netpolicy
shireenf-ibm Jul 4, 2024
150f698
w.i.p. anp support - first commit
shireenf-ibm Jul 8, 2024
87243c2
more examples (2 ANPs/ ANP+NP)
shireenf-ibm Jul 10, 2024
4adf709
fixing references
shireenf-ibm Jul 11, 2024
d25107d
new_test that ensures rule ordering in ANP is respected
shireenf-ibm Jul 11, 2024
d72b159
update the conn representation as complement in case it is shorter (a…
shireenf-ibm Jul 11, 2024
4dfeb6d
test with swapped rules from another test + diff test
shireenf-ibm Jul 11, 2024
de0ff91
more-tests
shireenf-ibm Jul 14, 2024
3eacc3c
fixing conns computations and a test with multiple ANPs
shireenf-ibm Jul 18, 2024
0a85d43
extending output formats of existing tests
shireenf-ibm Jul 18, 2024
3e9db6e
tiny fix
shireenf-ibm Jul 21, 2024
836ed4f
fixing a tinu bug in ruleConnections func
shireenf-ibm Jul 24, 2024
6641bfd
tiny doc updte
shireenf-ibm Jul 29, 2024
619cb88
tiny doc update
shireenf-ibm Jul 29, 2024
b082158
a @todo tbd while review
shireenf-ibm Jul 29, 2024
484d447
return error if ANPs are without name or not unique names
shireenf-ibm Jul 30, 2024
71031e8
remove redundant lines
shireenf-ibm Aug 5, 2024
f672a0b
reverting the changes adding complement string representation (all bu…
shireenf-ibm Aug 11, 2024
eb7a685
Merge github.com:np-guard/netpol-analyzer into support_admin_netpolicy
shireenf-ibm Aug 12, 2024
634706f
Merge remote-tracking branch 'origin/HEAD' into support_admin_netpolicy
shireenf-ibm Aug 12, 2024
2e2ca27
minor updates to netpol_errors
shireenf-ibm Aug 12, 2024
bc29f3f
currently disabling exposure-analysis when there are admin-network-po…
shireenf-ibm Aug 12, 2024
56e9f5d
some organizations (mainly comments updates)
shireenf-ibm Aug 14, 2024
6391bbe
updating some todo messages
shireenf-ibm Aug 14, 2024
9b93505
updating some todo messages/questions
shireenf-ibm Aug 14, 2024
fb5a582
todo question
shireenf-ibm Aug 14, 2024
e168f41
removing a todo that had an answer for, will add some tests on that case
shireenf-ibm Aug 15, 2024
813bf1b
fixing single anp conns compute when ingress and egress are intersect…
shireenf-ibm Aug 15, 2024
5fdac64
Update pkg/internal/netpolerrors/netpol_errors.go
shireenf-ibm Aug 19, 2024
9d81020
Update pkg/netpol/eval/internal/k8s/adminnetpol.go
shireenf-ibm Aug 19, 2024
4839c64
update todo msg
shireenf-ibm Aug 19, 2024
b8ca744
Merge branch 'support_admin_netpolicy' of github.com:np-guard/netpol-…
shireenf-ibm Aug 19, 2024
dcea12d
some fixes to anp so it matches latest apis
shireenf-ibm Aug 19, 2024
586dc7c
fixing port-set union func
shireenf-ibm Aug 20, 2024
ef0ab4d
Update pkg/netpol/connlist/connlist.go
shireenf-ibm Sep 1, 2024
f171a91
Update pkg/netpol/eval/internal/k8s/adminnetpol.go
shireenf-ibm Sep 1, 2024
62d874e
Update pkg/netpol/internal/common/connectionset.go
shireenf-ibm Sep 1, 2024
82ce0f0
Update pkg/netpol/eval/internal/k8s/adminnetpol.go
shireenf-ibm Sep 1, 2024
e40535e
Update pkg/netpol/eval/internal/k8s/adminnetpol.go
shireenf-ibm Sep 1, 2024
92702c0
go.mod + lint fix
shireenf-ibm Sep 2, 2024
eeaf66a
adding todo comment
shireenf-ibm Sep 2, 2024
bcc4545
fixes in subtract
shireenf-ibm Sep 2, 2024
806cc14
one line func eliminated
shireenf-ibm Sep 2, 2024
e972489
uniqueness names are required for netpols and admin-netpols
shireenf-ibm Sep 3, 2024
d3f70e7
hasNetpols considers ANPs too
shireenf-ibm Sep 3, 2024
0778788
Tests for AdminNetworkPolicy (#388)
tanyaveksler Sep 3, 2024
65eff08
updating some todo comment which were updated in BANP PR
shireenf-ibm Sep 9, 2024
c90ac47
sort anps only once before allowed-conns computes (#402)
shireenf-ibm Sep 9, 2024
8d2e6a3
support_banp (#403)
shireenf-ibm Sep 9, 2024
b8c2bbe
adding banp to policy kinds
shireenf-ibm Sep 9, 2024
be0741d
adding comment on priority range
shireenf-ibm Sep 10, 2024
ac39b9f
Update pkg/internal/netpolerrors/netpol_errors.go
shireenf-ibm Sep 15, 2024
d6f8c2f
Update pkg/netpol/eval/internal/k8s/adminnetpol.go
shireenf-ibm Sep 15, 2024
055bd06
Update pkg/netpol/eval/internal/k8s/adminnetpol.go
shireenf-ibm Sep 15, 2024
caf2071
Update pkg/netpol/eval/resources.go
shireenf-ibm Sep 15, 2024
205d829
Update pkg/netpol/eval/internal/k8s/policy_connections.go
shireenf-ibm Sep 15, 2024
8890555
some fixes + a new test
shireenf-ibm Sep 16, 2024
a34c6bf
tiny doc update
shireenf-ibm Sep 19, 2024
c04ee03
demo test
shireenf-ibm Sep 23, 2024
6a88841
tiny change to getPoliciesSelectingPod func and deleting the "depreca…
shireenf-ibm Sep 24, 2024
060e428
removing redundant if statements
shireenf-ibm Sep 29, 2024
c562b5a
Initial implementation of explainability - adding ImplyingRules to th…
tanyaveksler Sep 29, 2024
451000c
More infrastructure changes for explaibability
tanyaveksler Oct 1, 2024
6a120c0
Merge branch 'support_admin_netpolicy' into explainability
tanyaveksler Oct 1, 2024
898c672
Added explainability data from anp/banp and ingress policies
tanyaveksler Oct 1, 2024
f78442f
Fixing linter errors
tanyaveksler Oct 1, 2024
fe063fe
Moved to models v0.5.0 release (netset instead of iplock package).
tanyaveksler Oct 8, 2024
b299c17
Added initiation of CommonImplyingRules
tanyaveksler Oct 8, 2024
fc5b9d0
Minor fixes
tanyaveksler Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 1 addition & 0 deletions cspell.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
"dictionaryDefinitions": [],
"dictionaries": [],
"words": [
"banp",
"connlist",
"netpol",
"netpols",
Expand Down
2 changes: 2 additions & 0 deletions docs/connlist_output.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
Resource manifests considered for a connectivity analysis:
- workload resources (such as Kubernetes Pod / Deployment)
- Kubernetes NetworkPolicy
- Kubernetes AdminNetworkPolicy
- Kubernetes BaselineAdminNetworkPolicy
- Kubernetes Ingress
- Openshift Route

Expand Down
13 changes: 8 additions & 5 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,30 @@
module github.com/np-guard/netpol-analyzer

go 1.21
go 1.23

toolchain go1.23.0

require (
github.com/hashicorp/golang-lru/v2 v2.0.7
github.com/np-guard/models v0.3.4
github.com/np-guard/models v0.5.0
github.com/openshift/api v0.0.0-20230502160752-c71432710382
github.com/spf13/cobra v1.8.1
github.com/stretchr/testify v1.9.0
k8s.io/api v0.29.2
k8s.io/apimachinery v0.29.2
k8s.io/cli-runtime v0.29.2
k8s.io/client-go v0.29.2
sigs.k8s.io/network-policy-api v0.1.5
sigs.k8s.io/yaml v1.4.0

)

require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v4.12.0+incompatible // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
Expand All @@ -46,7 +49,7 @@ require (
github.com/xlab/treeprint v1.2.0 // indirect
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/oauth2 v0.10.0 // indirect
golang.org/x/oauth2 v0.12.0 // indirect
golang.org/x/sync v0.5.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/term v0.18.0 // indirect
Expand Down
21 changes: 12 additions & 9 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,13 @@ github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxER
github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
Expand Down Expand Up @@ -95,8 +96,8 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/np-guard/models v0.3.4 h1:HOhVi6wyGvo+KmYBnQ5Km5HYCF+/PQlDs1v7mL1v05g=
github.com/np-guard/models v0.3.4/go.mod h1:mqE2Irf8r+7HWh8fII0fWbWyQRMHGEo2SgSLN/6VKs8=
github.com/np-guard/models v0.5.0 h1:P37gCg3RD23hZHymFWtthrF+mGIwyHJkWy0wIWIzokQ=
github.com/np-guard/models v0.5.0/go.mod h1:29M8utxinyUpYaDuIuOyCcMBf7EsMWZcIrRWCjFm0Bw=
github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
Expand Down Expand Up @@ -156,8 +157,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
Expand Down Expand Up @@ -191,8 +192,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
Expand Down Expand Up @@ -252,6 +253,8 @@ sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKU
sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY=
sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U=
sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag=
sigs.k8s.io/network-policy-api v0.1.5 h1:xyS7VAaM9EfyB428oFk7WjWaCK6B129i+ILUF4C8l6E=
sigs.k8s.io/network-policy-api v0.1.5/go.mod h1:D7Nkr43VLNd7iYryemnj8qf0N/WjBzTZDxYA+g4u1/Y=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
Expand Down
3 changes: 2 additions & 1 deletion pkg/cli/evaluate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,8 @@ func updatePolicyEngineObjectsFromDirPath(pe *eval.PolicyEngine, podNames []type
objectsList = parser.FilterObjectsList(objectsList, podNames)

var err error
for _, obj := range objectsList {
for i := range objectsList {
obj := objectsList[i]
switch obj.Kind {
case parser.Pod:
err = pe.InsertObject(obj.Pod)
Expand Down
37 changes: 37 additions & 0 deletions pkg/internal/netpolerrors/netpol_errors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,21 @@ const (
UnmarshalErr = "cannot unmarshal array into Go value of type unstructured.detector"
UnableToDecodeErr = "unable to decode"

// errors constants from adminNetworkPolicy and baselineAdminNetworkPolicy
SubjectErrTitle = "invalid Subject:"
oneFieldSetErr = "exactly one field must be set"
OneFieldSetRulePeerErr = oneFieldSetErr + " in a rule peer"
OneFieldSetSubjectErr = oneFieldSetErr + " in a subject"
UnknownRuleActionErr = "unrecognized action"
ANPPortsError = "exactly one field must be set in an AdminNetworkPolicyPort"
ANPIngressRulePeersErr = "from field must be defined and contain at least one item"
ANPEgressRulePeersErr = "to field must be defined and contain at least one item"
ANPMissingNameErr = "missing name for an AdminNetworkPolicy object"
ExposureAnalysisDisabledWithANPs = "exposure analysis is disabled when there are admin-network-policies in the input resources"

BANPAlreadyExists = "only one baseline admin network policy may be provided in input resources; one already exists"
BANPNameAssertion = "only one baseline admin network policy with metadata.name=default can be created in the cluster"

UnknownCommandErr = "unknown command"

NilRepresentativePodSelectorsErr = "representative pod might not be generated if it does not have any representative selector"
Expand Down Expand Up @@ -126,3 +141,25 @@ const colonSep = ": "
func ConcatErrors(err1, err2 string) string {
return err1 + colonSep + err2
}

// SamePriorityErr returns the error message if a priority appears more than once in different admin-network-policies
func SamePriorityErr(name1, name2 string) string {
return "Admin Network Policies: " + name1 + " and " + name2 + " have same priority;" +
"Two policies are considered to be conflicting if they are assigned the same priority."
}

// PriorityValueErr returns error message of invalid priority value in an admin-network-policy
func PriorityValueErr(name string, priority int32) string {
return fmt.Sprintf("Invalid Priority Value: %d in Admin Network Policy: %q; Priority value must be between 0-1000", priority, name)
}

const uniquenessRequest = "Only one object of a given kind can have a given name at a time."

// ANPsWithSameNameErr returns error message when there are two admin-network-policies with same name in the manifests
func ANPsWithSameNameErr(anpName string) string {
return fmt.Sprintf("an AdminNetworkPolicy with name %q is already found. %s", anpName, uniquenessRequest)
}

func NPWithSameNameError(npName string) string {
return fmt.Sprintf("NetworkPolicy %q already exists. %s", npName, uniquenessRequest)
}
Loading
Loading