From ad8c18fe6b27f250fbb2704ab111c6a99489de86 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 29 Sep 2024 11:45:30 +0300 Subject: [PATCH 01/38] test that demonstrates the problem - that the resulting grouped cidr lines do not form a legal graph --- pkg/ibmvpc/analysis_output_test.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 7c5a236bb..8d6d95bbc 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -25,7 +25,19 @@ tests for the entire flow: const analysisOut = "analysis_out" -var tests = []*testfunc.VpcAnalysisTest{ +var tests = []testfunc.VpcAnalysisTest{ + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "iks_config_object", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + Grouping: true, + NoLbAbstract: true, + }, +} + +var tests1 = []*testfunc.VpcAnalysisTest{ { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "acl_testing5", @@ -706,7 +718,7 @@ var tests = []*testfunc.VpcAnalysisTest{ } // uncomment the function below to run for updating the expected output -/* + func TestReportWithGeneration(t *testing.T) { // tests is the list of tests to run for testIdx := range tests { @@ -715,7 +727,6 @@ func TestReportWithGeneration(t *testing.T) { } fmt.Println("done") } -*/ func TestReportWithComparison(t *testing.T) { // tests is the list of tests to run From 2ae832b4de08c5884d71fbee0c034b6a18f1036e Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 30 Sep 2024 11:13:18 +0300 Subject: [PATCH 02/38] added relevant tests to work with while developing --- pkg/ibmvpc/analysis_output_test.go | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 8d6d95bbc..0c5064d06 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -26,6 +26,15 @@ tests for the entire flow: const analysisOut = "analysis_out" var tests = []testfunc.VpcAnalysisTest{ + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "iks_config_object", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + Grouping: true, + NoLbAbstract: true, + }, { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "iks_config_object", @@ -35,6 +44,22 @@ var tests = []testfunc.VpcAnalysisTest{ Grouping: true, NoLbAbstract: true, }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + Grouping: true, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + Grouping: true, + }, } var tests1 = []*testfunc.VpcAnalysisTest{ From 782abe343cb8d856fb55a8aced1da23c1482af8a Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 30 Sep 2024 16:06:41 +0300 Subject: [PATCH 03/38] towards solution of https://github.com/np-guard/vpc-network-config-analyzer/issues/855 added (not yet checked) code to create a map from endpoints name to their IP presentation --- pkg/vpcmodel/grouping.go | 50 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index 0100cf275..07bc8f47f 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -365,6 +365,56 @@ func (g *GroupConnLines) groupExternalAddresses(vsi bool) error { return nil } +// for the html graphical representation. In the graph presentation, each node must have all relevant edges. +// this is not the case in the textual presentation. E.g., a textual presentation may look like: +// 142.0.64.0/17 ->vsi2 +// 142.0.0.0/16 -> vsi1 +// 0.0.0.0/0 -> vsi3 +// 142.0.64.0/17 should also be connected to vsi2 and vsi3 +// In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment +// if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 +func (g *GroupConnLines) consistencyEdgesExternal() error { + // 1. Get a map from external endpoints to their translation to cidrs + eeToIpBlock := getMapToGroupedExternalBlocks(g.GroupedLines) + _ = eeToIpBlock // todo tmp + // 2. Check for containment + // 3. Add edges + return nil +} + +// gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock +func getMapToGroupedExternalBlocks(grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { + for _, line := range grouped { + addExternalEndpointToMap(line.Src, eeToIpBlock) + addExternalEndpointToMap(line.Dst, eeToIpBlock) + } + return eeToIpBlock +} + +func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipblock.IPBlock) { + ipBlock := groupedExternalToIpBlock(ee) + if ipBlock == nil { + return + } + if _, ok := endpointsIPBlocks[ee.Name()]; !ok { + endpointsIPBlocks[ee.Name()] = ipBlock + } +} + +func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { + switch reflect.TypeOf(ee).Elem() { + case reflect.TypeOf(groupedExternalNodes{}): + elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) + var res *ipblock.IPBlock + for _, e := range elements { + res.Union(e.ipblock) + } + return res + default: + return nil + } +} + // group public internet ranges for semantic-diff connectivity lines (subnets/vsis) func (g *GroupConnLines) groupExternalAddressesForDiff(thisMinusOther bool) error { // initialize data structures; this is required for the 2nd call of this function From 4d6338fd37418eafc634d3300e090ab99d2161b6 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 1 Oct 2024 17:00:01 +0300 Subject: [PATCH 04/38] code to add edges; not yet checked --- pkg/ibmvpc/connectivityAnalysis_test.go | 4 +- pkg/ibmvpc/explainability_test.go | 4 +- pkg/linter/linterExecute.go | 2 +- pkg/vpcmodel/explainabilityConnectivity.go | 2 +- pkg/vpcmodel/grouping.go | 118 +++++++++++++++++---- pkg/vpcmodel/nodesConnectivity.go | 5 +- pkg/vpcmodel/output.go | 3 +- pkg/vpcmodel/semanticDiff.go | 2 +- 8 files changed, 110 insertions(+), 30 deletions(-) diff --git a/pkg/ibmvpc/connectivityAnalysis_test.go b/pkg/ibmvpc/connectivityAnalysis_test.go index 9128748f4..7a8c43e29 100644 --- a/pkg/ibmvpc/connectivityAnalysis_test.go +++ b/pkg/ibmvpc/connectivityAnalysis_test.go @@ -196,7 +196,7 @@ func TestAnalyzeConnectivity4(t *testing.T) { func runConnectivityTest(t *testing.T, tc *testNodesConfig, ncList []*naclConfig, expectedStrResult string) { c := createConfigFromTestConfig(tc, ncList) - connectivity, err := c.GetVPCNetworkConnectivity(false, false) + connectivity, err := c.GetVPCNetworkConnectivity(false, false, false) require.Nil(t, err) connectivityStr := connectivity.String() fmt.Println(connectivityStr) @@ -372,7 +372,7 @@ vsi-2[10.240.20.4] => vsi-1[10.240.10.4] : All Connections */ func TestAnalyzeConnectivity(t *testing.T) { c := NewSimpleVPCConfig() - connectivity, err := c.GetVPCNetworkConnectivity(false, false) + connectivity, err := c.GetVPCNetworkConnectivity(false, false, false) require.Nil(t, err) connectivityStr := connectivity.String() fmt.Println(connectivityStr) diff --git a/pkg/ibmvpc/explainability_test.go b/pkg/ibmvpc/explainability_test.go index 69f7de9df..a4ff1ca51 100644 --- a/pkg/ibmvpc/explainability_test.go +++ b/pkg/ibmvpc/explainability_test.go @@ -966,7 +966,7 @@ func TestMultiExplainSanity1(t *testing.T) { groupedConns := make(map[string]*vpcmodel.GroupConnLines) nodesConn := make(map[string]*vpcmodel.VPCConnectivity) for i, vpcConfig := range vpcsConfig.Configs() { - thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, false) + thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, false, false) if err != nil { fmt.Printf("%v. %s", i, err.Error()) } @@ -990,7 +990,7 @@ func TestMultiExplainSanity2(t *testing.T) { groupedConns := make(map[string]*vpcmodel.GroupConnLines) nodesConn := make(map[string]*vpcmodel.VPCConnectivity) for i, vpcConfig := range vpcsConfig.Configs() { - thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, false) + thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, false, false) if err != nil { fmt.Printf("%v. %s", i, err.Error()) } diff --git a/pkg/linter/linterExecute.go b/pkg/linter/linterExecute.go index 78a7d5ae4..fe897f938 100644 --- a/pkg/linter/linterExecute.go +++ b/pkg/linter/linterExecute.go @@ -56,7 +56,7 @@ func generateLinters(configs map[string]*vpcmodel.VPCConfig, nodeConn map[string func computeConnectivity(configs map[string]*vpcmodel.VPCConfig) (map[string]*vpcmodel.VPCConnectivity, error) { nodesConn := map[string]*vpcmodel.VPCConnectivity{} for uid, vpcConfig := range configs { - nodesConnThisCfg, err := vpcConfig.GetVPCNetworkConnectivity(false, true) + nodesConnThisCfg, err := vpcConfig.GetVPCNetworkConnectivity(false, true, false) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/explainabilityConnectivity.go b/pkg/vpcmodel/explainabilityConnectivity.go index e7cd0f0e0..afb7bec39 100644 --- a/pkg/vpcmodel/explainabilityConnectivity.go +++ b/pkg/vpcmodel/explainabilityConnectivity.go @@ -101,7 +101,7 @@ func (c *MultipleVPCConfigs) ExplainConnectivity(src, dst string, connQuery *con // No VPCConfig to work with in this case, thus, this case is treated separately return &Explanation{connQuery: connQuery, src: src, dst: dst, srcNodes: srcNodes, dstNodes: dstNodes}, nil } - connectivity, err1 := vpcConfig.GetVPCNetworkConnectivity(false, false) // computes connectivity + connectivity, err1 := vpcConfig.GetVPCNetworkConnectivity(false, false, false) // computes connectivity if err1 != nil { return nil, err1 } diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index bcff36b59..e3ae6228d 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -81,22 +81,22 @@ func newGroupingConnections() *groupingConnections { } func newGroupConnLines(c *VPCConfig, v *VPCConnectivity, - grouping bool) (res *GroupConnLines, err error) { + grouping, addConsistencyEdgesExternal bool) (res *GroupConnLines, err error) { res = &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err = res.computeGrouping(true, grouping) + err = res.computeGrouping(true, grouping, addConsistencyEdgesExternal) return res, err } func newGroupConnLinesSubnetConnectivity(c *VPCConfig, s *VPCsubnetConnectivity, - grouping bool) (res *GroupConnLines, err error) { + grouping, addConsistencyEdgesExternal bool) (res *GroupConnLines, err error) { res = &GroupConnLines{config: c, subnetsConn: s, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err = res.computeGrouping(false, grouping) + err = res.computeGrouping(false, grouping, addConsistencyEdgesExternal) return res, err } @@ -329,7 +329,7 @@ func getSubnetOrVPCUID(ep EndpointElem) string { // group public internet ranges for vsis/subnets connectivity lines // internal (vsi/subnets) are added as is -func (g *GroupConnLines) groupExternalAddresses(vsi bool) error { +func (g *GroupConnLines) groupExternalAddresses(vsi, addConsistencyEdgesExternal bool) error { res := []*groupedConnLine{} var allowedConnsCombinedResponsive GeneralResponsiveConnectivityMap if vsi { @@ -362,6 +362,9 @@ func (g *GroupConnLines) groupExternalAddresses(vsi bool) error { } } g.appendGrouped(res) + if addConsistencyEdgesExternal { + g.consistencyEdgesExternal() + } return nil } @@ -373,13 +376,13 @@ func (g *GroupConnLines) groupExternalAddresses(vsi bool) error { // 142.0.64.0/17 should also be connected to vsi2 and vsi3 // In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 -func (g *GroupConnLines) consistencyEdgesExternal() error { - // 1. Get a map from external endpoints to their translation to cidrs +func (g *GroupConnLines) consistencyEdgesExternal() { + // 1. Get a map from external endpoints to their IPs eeToIpBlock := getMapToGroupedExternalBlocks(g.GroupedLines) - _ = eeToIpBlock // todo tmp // 2. Check for containment + containedMap := findContainEndpointMap(eeToIpBlock) // 3. Add edges - return nil + g.addEdgesOfContainingEPs(containedMap) } // gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock @@ -402,17 +405,92 @@ func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipb } func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { - switch reflect.TypeOf(ee).Elem() { - case reflect.TypeOf(groupedExternalNodes{}): - elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) - var res *ipblock.IPBlock - for _, e := range elements { - res.Union(e.ipblock) + // EndpointElem must be of type groupedExternalNodes + elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) + var res *ipblock.IPBlock + for _, e := range elements { + res.Union(e.ipblock) + } + return res +} + +// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that contains it +// (if any) +func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (containedMap map[string][]string) { + containedMap = map[string][]string{} + for containedEP, containedIP := range endpointsIPBlocks { + containingEPs := []string{} + for containingEP, containingIP := range endpointsIPBlocks { + if containedIP.ContainedIn(containingIP) { + containingEPs = append(containingEPs, containingEP) + } } - return res - default: - return nil + if len(containingEPs) > 0 { + containedMap[containedEP] = containingEPs + } + } + return containedMap +} + +// give the above containedMap adds edges of containing endpoints +func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string) { + endpointToLines := g.getEndpointToLines() + for _, toAddEdgesLine := range g.GroupedLines { + g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, true) + g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, false) + } +} + +func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, + containedMap map[string][]string, src bool) { + nameToEndpointElem := map[string]EndpointElem{} + for _, line := range g.GroupedLines { + // there could be rewriting with identical values; not an issue complexity wise, and keeps the code simpler + nameToEndpointElem[line.Src.Name()] = line.Src + nameToEndpointElem[line.Dst.Name()] = line.Dst + } + var addToNodeName string + if src { + addToNodeName = line.Src.Name() + } else { + addToNodeName = line.Dst.Name() + } + for _, containedEndpoint := range containedMap[addToNodeName] { + for _, toAddLine := range endpointToLines[containedEndpoint] { + // adding edges; the other end of the edges will always be internal, since "this" edge is not internal + switch { + case src && toAddLine.Src.Name() == addToNodeName: + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], + Dst: toAddLine.Dst, CommonProperties: toAddLine.CommonProperties}) + case !src && toAddLine.Dst.Name() == addToNodeName: + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: toAddLine.Src, + Dst: nameToEndpointElem[addToNodeName], CommonProperties: toAddLine.CommonProperties}) + } + } + } +} + +// creates an auxiliary map between each endpoint element to all the lines it participates in (as src or dst) +func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { + endpointToLines = map[string][]*groupedConnLine{} + for _, line := range g.GroupedLines { + addLineToMap(endpointToLines, line, true) + addLineToMap(endpointToLines, line, false) + } + return endpointToLines +} + +func addLineToMap(endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { + var name string + if src { + name = line.Src.Name() + } else { + name = line.Dst.Name() + } + if _, ok := endpointToLines[name]; !ok { + endpointToLines[name] = []*groupedConnLine{} } + endpointToLines[name] = append(endpointToLines[name], line) } // group public internet ranges for semantic-diff connectivity lines (subnets/vsis) @@ -618,8 +696,8 @@ func unifiedGroupedElems(srcOrDst EndpointElem, // computeGrouping does the grouping; for vsis (all_endpoints analysis) // if vsi = true otherwise for subnets (all_subnets analysis) // external endpoints are always grouped; vsis/subnets are grouped iff grouping is true -func (g *GroupConnLines) computeGrouping(vsi, grouping bool) (err error) { - err = g.groupExternalAddresses(vsi) +func (g *GroupConnLines) computeGrouping(vsi, grouping, addConsistencyEdgesExternal bool) (err error) { + err = g.groupExternalAddresses(vsi, addConsistencyEdgesExternal) if err != nil { return err } diff --git a/pkg/vpcmodel/nodesConnectivity.go b/pkg/vpcmodel/nodesConnectivity.go index 88d34cb71..68621ed93 100644 --- a/pkg/vpcmodel/nodesConnectivity.go +++ b/pkg/vpcmodel/nodesConnectivity.go @@ -22,7 +22,8 @@ import ( // (3) compute AllowedConnsCombinedResponsive extension of AllowedConnsCombined to contain accurate responsive info // (4) if lbAbstraction required - abstract each lb separately // (5) if grouping required - compute grouping of connectivity results -func (c *VPCConfig) GetVPCNetworkConnectivity(grouping, lbAbstraction bool) (res *VPCConnectivity, err error) { +func (c *VPCConfig) GetVPCNetworkConnectivity(grouping, lbAbstraction, + addConsistencyEdgesExternal bool) (res *VPCConnectivity, err error) { res = &VPCConnectivity{ AllowedConnsPerLayer: map[Node]map[string]*ConnectivityResult{}, } @@ -65,7 +66,7 @@ func (c *VPCConfig) GetVPCNetworkConnectivity(grouping, lbAbstraction bool) (res return nil, err3 } res.abstractLoadBalancers(c.LoadBalancers, lbAbstraction) - res.GroupedConnectivity, err = newGroupConnLines(c, res, grouping) + res.GroupedConnectivity, err = newGroupConnLines(c, res, grouping, addConsistencyEdgesExternal) return res, err } diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index a935d2fe7..78ef2dd77 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -83,12 +83,13 @@ func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUs subnetsConn: map[string]*VPCsubnetConnectivity{}, } graphicFormat := slices.Contains([]OutFormat{DRAWIO, ARCHDRAWIO, SVG, ARCHSVG, HTML, ARCHHTML}, f) + graphicNonArchFormat := slices.Contains([]OutFormat{DRAWIO, SVG, HTML}, f) archOnlyFormat := slices.Contains([]OutFormat{ARCHDRAWIO, ARCHSVG, ARCHHTML}, f) if !archOnlyFormat { switch uc { case AllEndpoints: for i, vpcConfig := range cConfigs.Configs() { - nodesConn, err := vpcConfig.GetVPCNetworkConnectivity(grouping, res.lbAbstraction) + nodesConn, err := vpcConfig.GetVPCNetworkConnectivity(grouping, res.lbAbstraction, graphicNonArchFormat) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 1b69df9be..50b079397 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -124,7 +124,7 @@ func (c *VPCConfig) getAllowedResponsiveConnections( } return subnetsConn.AllowedConnsCombinedResponsive, err } else if diffAnalysis == Vsis { - connectivity1, err := c.GetVPCNetworkConnectivity(false, false) + connectivity1, err := c.GetVPCNetworkConnectivity(false, false, false) if err != nil { return nil, err } From 67b52a976134bc5072690d031b648dc3bdb8a202 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 09:22:21 +0300 Subject: [PATCH 05/38] refactor: new code to another file --- pkg/vpcmodel/grouping.go | 125 ------------------------- pkg/vpcmodel/groupingGraphical.go | 136 ++++++++++++++++++++++++++++ pkg/vpcmodel/output.go | 2 +- pkg/vpcmodel/semanticDiff.go | 2 +- pkg/vpcmodel/subnetsConnectivity.go | 5 +- 5 files changed, 141 insertions(+), 129 deletions(-) create mode 100644 pkg/vpcmodel/groupingGraphical.go diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index e3ae6228d..573a51f88 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -368,131 +368,6 @@ func (g *GroupConnLines) groupExternalAddresses(vsi, addConsistencyEdgesExternal return nil } -// for the html graphical representation. In the graph presentation, each node must have all relevant edges. -// this is not the case in the textual presentation. E.g., a textual presentation may look like: -// 142.0.64.0/17 ->vsi2 -// 142.0.0.0/16 -> vsi1 -// 0.0.0.0/0 -> vsi3 -// 142.0.64.0/17 should also be connected to vsi2 and vsi3 -// In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment -// if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 -func (g *GroupConnLines) consistencyEdgesExternal() { - // 1. Get a map from external endpoints to their IPs - eeToIpBlock := getMapToGroupedExternalBlocks(g.GroupedLines) - // 2. Check for containment - containedMap := findContainEndpointMap(eeToIpBlock) - // 3. Add edges - g.addEdgesOfContainingEPs(containedMap) -} - -// gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock -func getMapToGroupedExternalBlocks(grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { - for _, line := range grouped { - addExternalEndpointToMap(line.Src, eeToIpBlock) - addExternalEndpointToMap(line.Dst, eeToIpBlock) - } - return eeToIpBlock -} - -func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipblock.IPBlock) { - ipBlock := groupedExternalToIpBlock(ee) - if ipBlock == nil { - return - } - if _, ok := endpointsIPBlocks[ee.Name()]; !ok { - endpointsIPBlocks[ee.Name()] = ipBlock - } -} - -func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { - // EndpointElem must be of type groupedExternalNodes - elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) - var res *ipblock.IPBlock - for _, e := range elements { - res.Union(e.ipblock) - } - return res -} - -// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that contains it -// (if any) -func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (containedMap map[string][]string) { - containedMap = map[string][]string{} - for containedEP, containedIP := range endpointsIPBlocks { - containingEPs := []string{} - for containingEP, containingIP := range endpointsIPBlocks { - if containedIP.ContainedIn(containingIP) { - containingEPs = append(containingEPs, containingEP) - } - } - if len(containingEPs) > 0 { - containedMap[containedEP] = containingEPs - } - } - return containedMap -} - -// give the above containedMap adds edges of containing endpoints -func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string) { - endpointToLines := g.getEndpointToLines() - for _, toAddEdgesLine := range g.GroupedLines { - g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, true) - g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, false) - } -} - -func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, - containedMap map[string][]string, src bool) { - nameToEndpointElem := map[string]EndpointElem{} - for _, line := range g.GroupedLines { - // there could be rewriting with identical values; not an issue complexity wise, and keeps the code simpler - nameToEndpointElem[line.Src.Name()] = line.Src - nameToEndpointElem[line.Dst.Name()] = line.Dst - } - var addToNodeName string - if src { - addToNodeName = line.Src.Name() - } else { - addToNodeName = line.Dst.Name() - } - for _, containedEndpoint := range containedMap[addToNodeName] { - for _, toAddLine := range endpointToLines[containedEndpoint] { - // adding edges; the other end of the edges will always be internal, since "this" edge is not internal - switch { - case src && toAddLine.Src.Name() == addToNodeName: - g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], - Dst: toAddLine.Dst, CommonProperties: toAddLine.CommonProperties}) - case !src && toAddLine.Dst.Name() == addToNodeName: - g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: toAddLine.Src, - Dst: nameToEndpointElem[addToNodeName], CommonProperties: toAddLine.CommonProperties}) - } - } - } -} - -// creates an auxiliary map between each endpoint element to all the lines it participates in (as src or dst) -func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { - endpointToLines = map[string][]*groupedConnLine{} - for _, line := range g.GroupedLines { - addLineToMap(endpointToLines, line, true) - addLineToMap(endpointToLines, line, false) - } - return endpointToLines -} - -func addLineToMap(endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { - var name string - if src { - name = line.Src.Name() - } else { - name = line.Dst.Name() - } - if _, ok := endpointToLines[name]; !ok { - endpointToLines[name] = []*groupedConnLine{} - } - endpointToLines[name] = append(endpointToLines[name], line) -} - // group public internet ranges for semantic-diff connectivity lines (subnets/vsis) func (g *GroupConnLines) groupExternalAddressesForDiff(thisMinusOther bool) error { // initialize data structures; this is required for the 2nd call of this function diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go new file mode 100644 index 000000000..dfe70fbd7 --- /dev/null +++ b/pkg/vpcmodel/groupingGraphical.go @@ -0,0 +1,136 @@ +/* +Copyright 2023- IBM Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package vpcmodel + +import ( + "github.com/np-guard/models/pkg/ipblock" +) + +// for the html graphical representation. In the graph presentation, each node must have all relevant edges. +// this is not the case in the textual presentation. E.g., a textual presentation may look like: +// 142.0.64.0/17 ->vsi2 +// 142.0.0.0/16 -> vsi1 +// 0.0.0.0/0 -> vsi3 +// 142.0.64.0/17 should also be connected to vsi2 and vsi3 +// In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment +// if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 +func (g *GroupConnLines) consistencyEdgesExternal() { + // 1. Get a map from external endpoints to their IPs + eeToIpBlock := getMapToGroupedExternalBlocks(g.GroupedLines) + // 2. Check for containment + containedMap := findContainEndpointMap(eeToIpBlock) + // 3. Add edges + g.addEdgesOfContainingEPs(containedMap) +} + +// gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock +func getMapToGroupedExternalBlocks(grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { + for _, line := range grouped { + addExternalEndpointToMap(line.Src, eeToIpBlock) + addExternalEndpointToMap(line.Dst, eeToIpBlock) + } + return eeToIpBlock +} + +func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipblock.IPBlock) { + ipBlock := groupedExternalToIpBlock(ee) + if ipBlock == nil { + return + } + if _, ok := endpointsIPBlocks[ee.Name()]; !ok { + endpointsIPBlocks[ee.Name()] = ipBlock + } +} + +func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { + // EndpointElem must be of type groupedExternalNodes + elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) + var res *ipblock.IPBlock + for _, e := range elements { + res.Union(e.ipblock) + } + return res +} + +// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that contains it +// (if any) +func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (containedMap map[string][]string) { + containedMap = map[string][]string{} + for containedEP, containedIP := range endpointsIPBlocks { + containingEPs := []string{} + for containingEP, containingIP := range endpointsIPBlocks { + if containedIP.ContainedIn(containingIP) { + containingEPs = append(containingEPs, containingEP) + } + } + if len(containingEPs) > 0 { + containedMap[containedEP] = containingEPs + } + } + return containedMap +} + +// give the above containedMap adds edges of containing endpoints +func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string) { + endpointToLines := g.getEndpointToLines() + for _, toAddEdgesLine := range g.GroupedLines { + g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, true) + g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, false) + } +} + +func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, + containedMap map[string][]string, src bool) { + nameToEndpointElem := map[string]EndpointElem{} + for _, line := range g.GroupedLines { + // there could be rewriting with identical values; not an issue complexity wise, and keeps the code simpler + nameToEndpointElem[line.Src.Name()] = line.Src + nameToEndpointElem[line.Dst.Name()] = line.Dst + } + var addToNodeName string + if src { + addToNodeName = line.Src.Name() + } else { + addToNodeName = line.Dst.Name() + } + for _, containedEndpoint := range containedMap[addToNodeName] { + for _, toAddLine := range endpointToLines[containedEndpoint] { + // adding edges; the other end of the edges will always be internal, since "this" edge is not internal + switch { + case src && toAddLine.Src.Name() == addToNodeName: + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], + Dst: toAddLine.Dst, CommonProperties: toAddLine.CommonProperties}) + case !src && toAddLine.Dst.Name() == addToNodeName: + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: toAddLine.Src, + Dst: nameToEndpointElem[addToNodeName], CommonProperties: toAddLine.CommonProperties}) + } + } + } +} + +// creates an auxiliary map between each endpoint element to all the lines it participates in (as src or dst) +func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { + endpointToLines = map[string][]*groupedConnLine{} + for _, line := range g.GroupedLines { + addLineToMap(endpointToLines, line, true) + addLineToMap(endpointToLines, line, false) + } + return endpointToLines +} + +func addLineToMap(endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { + var name string + if src { + name = line.Src.Name() + } else { + name = line.Dst.Name() + } + if _, ok := endpointToLines[name]; !ok { + endpointToLines[name] = []*groupedConnLine{} + } + endpointToLines[name] = append(endpointToLines[name], line) +} diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 78ef2dd77..146af9d48 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -97,7 +97,7 @@ func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUs } case AllSubnets: for i, vpcConfig := range cConfigs.Configs() { - subnetsConn, err := vpcConfig.GetSubnetsConnectivity(true, grouping) + subnetsConn, err := vpcConfig.GetSubnetsConnectivity(true, grouping, graphicNonArchFormat) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 50b079397..23166004a 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -118,7 +118,7 @@ func (configs configsForDiff) GetDiff() (*diffBetweenCfgs, error) { func (c *VPCConfig) getAllowedResponsiveConnections( diffAnalysis diffAnalysisType) (responsiveConnectivityMap GeneralResponsiveConnectivityMap, err error) { if diffAnalysis == Subnets { - subnetsConn, err := c.GetSubnetsConnectivity(true, false) + subnetsConn, err := c.GetSubnetsConnectivity(true, false, false) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 2df029b44..45c195897 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -172,7 +172,8 @@ func getSubnetsWithPGW(c *VPCConfig) map[string]bool { } // the main function to compute connectivity per subnet based on resources that capture subnets, such as nacl, pgw, tgw, routing-tables -func (c *VPCConfig) GetSubnetsConnectivity(includePGW, grouping bool) (*VPCsubnetConnectivity, error) { +func (c *VPCConfig) GetSubnetsConnectivity(includePGW, grouping, + addConsistencyEdgesExternal bool) (*VPCsubnetConnectivity, error) { var subnetsConnectivityFromACLresources map[string]*IPbasedConnectivityResult var err error for _, fl := range c.FilterResources { @@ -225,7 +226,7 @@ func (c *VPCConfig) GetSubnetsConnectivity(includePGW, grouping bool) (*VPCsubne return nil, err4 } - groupedConnectivity, err5 := newGroupConnLinesSubnetConnectivity(c, res, grouping) + groupedConnectivity, err5 := newGroupConnLinesSubnetConnectivity(c, res, grouping, addConsistencyEdgesExternal) if err5 != nil { return nil, err5 } From 7fd6f410ca3a73cd490de110e935809066c44436 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 11:23:44 +0300 Subject: [PATCH 06/38] self CR fixed --- pkg/vpcmodel/groupingGraphical.go | 71 +++++++++++++++++-------------- 1 file changed, 39 insertions(+), 32 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index dfe70fbd7..43f268cd1 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -10,7 +10,7 @@ import ( "github.com/np-guard/models/pkg/ipblock" ) -// for the html graphical representation. In the graph presentation, each node must have all relevant edges. +// for the graphical (html, drawio, svg) representation. In the graph presentation, each node must have all relevant edges. // this is not the case in the textual presentation. E.g., a textual presentation may look like: // 142.0.64.0/17 ->vsi2 // 142.0.0.0/16 -> vsi1 @@ -37,13 +37,14 @@ func getMapToGroupedExternalBlocks(grouped []*groupedConnLine) (eeToIpBlock map[ } func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipblock.IPBlock) { - ipBlock := groupedExternalToIpBlock(ee) - if ipBlock == nil { + if !ee.IsExternal() { return } - if _, ok := endpointsIPBlocks[ee.Name()]; !ok { - endpointsIPBlocks[ee.Name()] = ipBlock + _, ok := endpointsIPBlocks[ee.Name()] + if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines + return } + endpointsIPBlocks[ee.Name()] = groupedExternalToIpBlock(ee) } func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { @@ -63,6 +64,9 @@ func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (cont for containedEP, containedIP := range endpointsIPBlocks { containingEPs := []string{} for containingEP, containingIP := range endpointsIPBlocks { + if containingEP == containedEP { + continue + } if containedIP.ContainedIn(containingIP) { containingEPs = append(containingEPs, containingEP) } @@ -74,20 +78,44 @@ func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (cont return containedMap } -// give the above containedMap adds edges of containing endpoints +// given the above containedMap adds edges of containing endpoints func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string) { - endpointToLines := g.getEndpointToLines() + endpointToLines := g.getEndpointToLines() // auxiliary map between each endpoint element to lines it participates in + // (as src or dst) for _, toAddEdgesLine := range g.GroupedLines { g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, true) g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, false) } } +// creates an auxiliary map between each endpoint element to all the lines it participates in (as src or dst) +func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { + endpointToLines = map[string][]*groupedConnLine{} + for _, line := range g.GroupedLines { + addLineToMap(endpointToLines, line, true) + addLineToMap(endpointToLines, line, false) + } + return endpointToLines +} + +func addLineToMap(endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { + var name string + if src { + name = line.Src.Name() + } else { + name = line.Dst.Name() + } + if _, ok := endpointToLines[name]; !ok { + endpointToLines[name] = []*groupedConnLine{} + } + endpointToLines[name] = append(endpointToLines[name], line) +} + func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, containedMap map[string][]string, src bool) { nameToEndpointElem := map[string]EndpointElem{} for _, line := range g.GroupedLines { - // there could be rewriting with identical values; not an issue complexity wise, and keeps the code simpler + // there could be rewriting with identical values; not an issue complexity wise, not checking this keeps the code simpler nameToEndpointElem[line.Src.Name()] = line.Src nameToEndpointElem[line.Dst.Name()] = line.Dst } @@ -99,7 +127,9 @@ func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines m } for _, containedEndpoint := range containedMap[addToNodeName] { for _, toAddLine := range endpointToLines[containedEndpoint] { - // adding edges; the other end of the edges will always be internal, since "this" edge is not internal + // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" + // end of the edges will always be internal, since "this" edge is not internal. + // Grouping per internal endpoints is done (if requested) after this point switch { case src && toAddLine.Src.Name() == addToNodeName: g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], @@ -111,26 +141,3 @@ func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines m } } } - -// creates an auxiliary map between each endpoint element to all the lines it participates in (as src or dst) -func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { - endpointToLines = map[string][]*groupedConnLine{} - for _, line := range g.GroupedLines { - addLineToMap(endpointToLines, line, true) - addLineToMap(endpointToLines, line, false) - } - return endpointToLines -} - -func addLineToMap(endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { - var name string - if src { - name = line.Src.Name() - } else { - name = line.Dst.Name() - } - if _, ok := endpointToLines[name]; !ok { - endpointToLines[name] = []*groupedConnLine{} - } - endpointToLines[name] = append(endpointToLines[name], line) -} From b5fe16a311a3956ac5a83809d11ad375ba16ac2e Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 12:08:55 +0300 Subject: [PATCH 07/38] added new parm to tests --- cmd/analyzer/subcmds/analysis.go | 2 +- .../testfunc/analysis_output_test_functionality.go | 7 ++++--- pkg/commonvpc/testfunc/common_test_functionality.go | 10 ++++++---- pkg/commonvpc/testfunc/explain_test_functionality.go | 2 +- .../testfunc/semantic_diff_test_functionality.go | 3 ++- pkg/ibmvpc/groupingUnification_test.go | 2 +- pkg/vpcmodel/output.go | 7 ++++--- 7 files changed, 19 insertions(+), 14 deletions(-) diff --git a/cmd/analyzer/subcmds/analysis.go b/cmd/analyzer/subcmds/analysis.go index 90b7b8f71..f04ebe1ca 100644 --- a/cmd/analyzer/subcmds/analysis.go +++ b/cmd/analyzer/subcmds/analysis.go @@ -83,7 +83,7 @@ func analysisVPCConfigs(cmd *cobra.Command, inArgs *inArgs, analysisType vpcmode inArgs.grouping, analysisType, false, - inArgs.explanationArgs, outFormat, inArgs.lbAbstraction) + inArgs.explanationArgs, outFormat, inArgs.lbAbstraction, false) if err != nil { return err } diff --git a/pkg/commonvpc/testfunc/analysis_output_test_functionality.go b/pkg/commonvpc/testfunc/analysis_output_test_functionality.go index 948051757..5ec6f36e3 100644 --- a/pkg/commonvpc/testfunc/analysis_output_test_functionality.go +++ b/pkg/commonvpc/testfunc/analysis_output_test_functionality.go @@ -15,8 +15,9 @@ import ( type VpcAnalysisTest struct { VpcTestCommon - Grouping bool - NoLbAbstract bool + Grouping bool + NoLbAbstract bool + addConsistencyEdgesExternal bool } func (tt *VpcAnalysisTest) TestAnalysisSingleTest(t *testing.T, mode testMode, rc commonvpc.ResourcesContainer, testDir, testName string) { @@ -24,6 +25,6 @@ func (tt *VpcAnalysisTest) TestAnalysisSingleTest(t *testing.T, mode testMode, r tt.setMode(mode) t.Run(tt.Name, func(t *testing.T) { t.Parallel() - tt.runSingleCommonTest(t, testDir, rc, tt.Grouping, tt.NoLbAbstract, nil) + tt.runSingleCommonTest(t, testDir, rc, tt.Grouping, tt.NoLbAbstract, nil, tt.addConsistencyEdgesExternal) }) } diff --git a/pkg/commonvpc/testfunc/common_test_functionality.go b/pkg/commonvpc/testfunc/common_test_functionality.go index 6f8f1989d..6a0079406 100644 --- a/pkg/commonvpc/testfunc/common_test_functionality.go +++ b/pkg/commonvpc/testfunc/common_test_functionality.go @@ -192,7 +192,8 @@ func (tt *VpcTestCommon) runTestPerUseCase(t *testing.T, mode testMode, outDir string, grouping, noLbAbstract bool, - explanationArgs *vpcmodel.ExplanationArgs) error { + explanationArgs *vpcmodel.ExplanationArgs, + addConsistencyEdgesExternal bool) error { detailExplain := false if explanationArgs != nil { detailExplain = explanationArgs.Detail @@ -202,7 +203,7 @@ func (tt *VpcTestCommon) runTestPerUseCase(t *testing.T, return err } og, err := vpcmodel.NewOutputGenerator(cConfigs, grouping, uc, tt.Format == vpcmodel.ARCHDRAWIO, - explanationArgs, tt.Format, !noLbAbstract) + explanationArgs, tt.Format, !noLbAbstract, addConsistencyEdgesExternal) if err != nil { return err } @@ -326,7 +327,7 @@ func (tt *VpcTestCommon) setMode(mode testMode) { } func (tt *VpcTestCommon) runSingleCommonTest(t *testing.T, testDir string, rc commonvpc.ResourcesContainer, - grouping, noLbAbstract bool, explanationArgs *vpcmodel.ExplanationArgs) { + grouping, noLbAbstract bool, explanationArgs *vpcmodel.ExplanationArgs, addConsistencyEdgesExternal bool) { // init test - set the input/output file names according to test name tt.initTest() @@ -335,7 +336,8 @@ func (tt *VpcTestCommon) runSingleCommonTest(t *testing.T, testDir string, rc co // generate actual output for all use cases specified for this test for _, uc := range tt.UseCases { - err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, grouping, noLbAbstract, explanationArgs) + err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, grouping, noLbAbstract, + explanationArgs, addConsistencyEdgesExternal) require.Equal(t, tt.ErrPerUseCase[uc], err, "comparing actual err to expected err") } for uc, outFile := range tt.ActualOutput { diff --git a/pkg/commonvpc/testfunc/explain_test_functionality.go b/pkg/commonvpc/testfunc/explain_test_functionality.go index 488d0b013..86d49e63f 100644 --- a/pkg/commonvpc/testfunc/explain_test_functionality.go +++ b/pkg/commonvpc/testfunc/explain_test_functionality.go @@ -42,6 +42,6 @@ func (tt *VpcExplainTest) TestSingleExplain(t *testing.T, mode testMode, rc comm tt.Format = vpcmodel.Text t.Run(tt.Name, func(t *testing.T) { t.Parallel() - tt.runSingleCommonTest(t, explainOut, rc, false, false, explanationArgs) + tt.runSingleCommonTest(t, explainOut, rc, false, false, explanationArgs, false) }) } diff --git a/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go b/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go index 128d1e5c6..7016757af 100644 --- a/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go +++ b/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go @@ -44,7 +44,8 @@ func (tt *VpcDiffTest) runDiffSingleTest(t *testing.T, testDir string, rc common // generate actual output for all use cases specified for this test for _, uc := range tt.UseCases { - err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, false, false, nil) + err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, false, false, + nil, false) require.Equal(t, tt.ErrPerUseCase[uc], err, "comparing diff's actual err to expected err") } for uc, outFile := range tt.ActualOutput { diff --git a/pkg/ibmvpc/groupingUnification_test.go b/pkg/ibmvpc/groupingUnification_test.go index a049ca02c..bbcfa3bf5 100644 --- a/pkg/ibmvpc/groupingUnification_test.go +++ b/pkg/ibmvpc/groupingUnification_test.go @@ -20,7 +20,7 @@ func TestGroupingUnification(t *testing.T) { require.NotNil(t, vpcConfigMultiVpc, "vpcConfigMultiVpc equals nil") og, err := vpcmodel.NewOutputGenerator(vpcConfigMultiVpc, true, - vpcmodel.AllEndpoints, false, nil, vpcmodel.DRAWIO, true) + vpcmodel.AllEndpoints, false, nil, vpcmodel.DRAWIO, true, false) if err != nil { fmt.Println(err.Error()) } diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 146af9d48..44b209cd8 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -73,7 +73,8 @@ type OutputGenerator struct { } func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUseCase, - archOnly bool, explanationArgs *ExplanationArgs, f OutFormat, lbAbstraction bool) (*OutputGenerator, error) { + archOnly bool, explanationArgs *ExplanationArgs, f OutFormat, lbAbstraction, + addConsistencyEdgesExternal bool) (*OutputGenerator, error) { // addConsistencyEdgesExternal is for testing res := &OutputGenerator{ configs: cConfigs, outputGrouping: grouping, @@ -89,7 +90,7 @@ func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUs switch uc { case AllEndpoints: for i, vpcConfig := range cConfigs.Configs() { - nodesConn, err := vpcConfig.GetVPCNetworkConnectivity(grouping, res.lbAbstraction, graphicNonArchFormat) + nodesConn, err := vpcConfig.GetVPCNetworkConnectivity(grouping, res.lbAbstraction, consistencyEdgesExternal) if err != nil { return nil, err } @@ -97,7 +98,7 @@ func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUs } case AllSubnets: for i, vpcConfig := range cConfigs.Configs() { - subnetsConn, err := vpcConfig.GetSubnetsConnectivity(true, grouping, graphicNonArchFormat) + subnetsConn, err := vpcConfig.GetSubnetsConnectivity(true, grouping, consistencyEdgesExternal) if err != nil { return nil, err } From 564c734536b5fdce413b3aec2dd719c29dfc19fb Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 12:23:00 +0300 Subject: [PATCH 08/38] Export parm --- pkg/commonvpc/testfunc/analysis_output_test_functionality.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/commonvpc/testfunc/analysis_output_test_functionality.go b/pkg/commonvpc/testfunc/analysis_output_test_functionality.go index 5ec6f36e3..ad0de395f 100644 --- a/pkg/commonvpc/testfunc/analysis_output_test_functionality.go +++ b/pkg/commonvpc/testfunc/analysis_output_test_functionality.go @@ -17,7 +17,7 @@ type VpcAnalysisTest struct { VpcTestCommon Grouping bool NoLbAbstract bool - addConsistencyEdgesExternal bool + AddConsistencyEdgesExternal bool } func (tt *VpcAnalysisTest) TestAnalysisSingleTest(t *testing.T, mode testMode, rc commonvpc.ResourcesContainer, testDir, testName string) { @@ -25,6 +25,6 @@ func (tt *VpcAnalysisTest) TestAnalysisSingleTest(t *testing.T, mode testMode, r tt.setMode(mode) t.Run(tt.Name, func(t *testing.T) { t.Parallel() - tt.runSingleCommonTest(t, testDir, rc, tt.Grouping, tt.NoLbAbstract, nil, tt.addConsistencyEdgesExternal) + tt.runSingleCommonTest(t, testDir, rc, tt.Grouping, tt.NoLbAbstract, nil, tt.AddConsistencyEdgesExternal) }) } From cd24c4dc1059b87b86adfb5274587cce6f9b3aa2 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 13:40:47 +0300 Subject: [PATCH 09/38] initialization bug fixes --- pkg/vpcmodel/groupingGraphical.go | 3 ++- pkg/vpcmodel/output.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 43f268cd1..9ebfdc986 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -29,6 +29,7 @@ func (g *GroupConnLines) consistencyEdgesExternal() { // gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock func getMapToGroupedExternalBlocks(grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { + eeToIpBlock = map[string]*ipblock.IPBlock{} for _, line := range grouped { addExternalEndpointToMap(line.Src, eeToIpBlock) addExternalEndpointToMap(line.Dst, eeToIpBlock) @@ -50,7 +51,7 @@ func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipb func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { // EndpointElem must be of type groupedExternalNodes elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) - var res *ipblock.IPBlock + var res = ipblock.New() for _, e := range elements { res.Union(e.ipblock) } diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 44b209cd8..8e9864dac 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -84,7 +84,7 @@ func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUs subnetsConn: map[string]*VPCsubnetConnectivity{}, } graphicFormat := slices.Contains([]OutFormat{DRAWIO, ARCHDRAWIO, SVG, ARCHSVG, HTML, ARCHHTML}, f) - graphicNonArchFormat := slices.Contains([]OutFormat{DRAWIO, SVG, HTML}, f) + consistencyEdgesExternal := slices.Contains([]OutFormat{DRAWIO, SVG, HTML}, f) || addConsistencyEdgesExternal archOnlyFormat := slices.Contains([]OutFormat{ARCHDRAWIO, ARCHSVG, ARCHHTML}, f) if !archOnlyFormat { switch uc { From a18daa498791126918569cd26063b4cbe8b875c2 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 15:07:21 +0300 Subject: [PATCH 10/38] typo bug fix --- pkg/vpcmodel/groupingGraphical.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 9ebfdc986..64bff5f74 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -53,7 +53,7 @@ func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) var res = ipblock.New() for _, e := range elements { - res.Union(e.ipblock) + res = res.Union(e.ipblock) } return res } From ded2434bb63b9aa83fcfd1ca90fbdf222a9f4635 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 16:18:47 +0300 Subject: [PATCH 11/38] added to test name and added test; test not working yet (same as before) --- .../testfunc/common_test_functionality.go | 13 +++- pkg/ibmvpc/analysis_output_test.go | 62 +++++++++++-------- ...testing1_new_all_vpcs__EdgeConsistent.txt} | 0 3 files changed, 45 insertions(+), 30 deletions(-) rename pkg/ibmvpc/examples/out/analysis_out/{sg_testing1_new_all_vpcs_.txt => sg_testing1_new_all_vpcs__EdgeConsistent.txt} (100%) diff --git a/pkg/commonvpc/testfunc/common_test_functionality.go b/pkg/commonvpc/testfunc/common_test_functionality.go index 6a0079406..6d29cc82d 100644 --- a/pkg/commonvpc/testfunc/common_test_functionality.go +++ b/pkg/commonvpc/testfunc/common_test_functionality.go @@ -47,6 +47,7 @@ const ( suffixOutFileDiffEndpoints = "endpointsDiff" suffixOutFileExplain = "explain" suffixOutFileDetail = "_detail" + consistencyEdgesExternal = "_EdgeConsistent" txtOutSuffix = ".txt" mdOutSuffix = ".md" JSONOutSuffix = ".json" @@ -86,6 +87,7 @@ func getTestFileName(testName string, grouping bool, noLbAbstract bool, detailExplain bool, + addConsistencyEdgesExternal bool, format vpcmodel.OutFormat, configName string, allVPCs bool, @@ -128,6 +130,9 @@ func getTestFileName(testName string, if detailExplain { res += suffixOutFileDetail } + if addConsistencyEdgesExternal { + res += consistencyEdgesExternal + } if !allVPCs { res += strings.ReplaceAll(strings.Join(vpcIDs, ""), ":", "") } @@ -174,9 +179,10 @@ func (tt *VpcTestCommon) initTest() { } func (tt *VpcTestCommon) initTestFileNames(uc vpcmodel.OutputUseCase, - vpcName string, allVPCs, detailExplain bool, testDirOut string, grouping, noLbAbstract bool) error { + vpcName string, allVPCs, detailExplain bool, testDirOut string, grouping, noLbAbstract, + addConsistencyEdgesExternal bool) error { expectedFileName, actualFileName, err := getTestFileName( - tt.Name, uc, grouping, noLbAbstract, detailExplain, tt.Format, vpcName, allVPCs, tt.VpcList) + tt.Name, uc, grouping, noLbAbstract, detailExplain, addConsistencyEdgesExternal, tt.Format, vpcName, allVPCs, tt.VpcList) if err != nil { return err } @@ -199,7 +205,8 @@ func (tt *VpcTestCommon) runTestPerUseCase(t *testing.T, detailExplain = explanationArgs.Detail } allVpcs := len(tt.VpcList) == 0 - if err := tt.initTestFileNames(uc, "", allVpcs, detailExplain, outDir, grouping, noLbAbstract); err != nil { + if err := tt.initTestFileNames(uc, "", allVpcs, detailExplain, outDir, grouping, noLbAbstract, + addConsistencyEdgesExternal); err != nil { return err } og, err := vpcmodel.NewOutputGenerator(cConfigs, grouping, uc, tt.Format == vpcmodel.ARCHDRAWIO, diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 0c5064d06..ed963b4ff 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -26,39 +26,47 @@ tests for the entire flow: const analysisOut = "analysis_out" var tests = []testfunc.VpcAnalysisTest{ - { - VpcTestCommon: testfunc.VpcTestCommon{ - InputConfig: "iks_config_object", - UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - Format: vpcmodel.Text, - }, - Grouping: true, - NoLbAbstract: true, - }, - { - VpcTestCommon: testfunc.VpcTestCommon{ - InputConfig: "iks_config_object", - UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - Format: vpcmodel.HTML, - }, - Grouping: true, - NoLbAbstract: true, - }, + //{ + // VpcTestCommon: testfunc.VpcTestCommon{ + // InputConfig: "iks_config_object", + // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + // Format: vpcmodel.Text, + // }, + // Grouping: true, + // NoLbAbstract: true, + //}, + //{ + // VpcTestCommon: testfunc.VpcTestCommon{ + // InputConfig: "iks_config_object", + // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + // Format: vpcmodel.HTML, + // }, + // Grouping: true, + // NoLbAbstract: true, + //}, + //{ + // VpcTestCommon: testfunc.VpcTestCommon{ + // InputConfig: "sg_testing1_new", + // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + // Format: vpcmodel.Text, + // }, + // Grouping: true, + //}, + //{ + // VpcTestCommon: testfunc.VpcTestCommon{ + // InputConfig: "sg_testing1_new", + // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + // Format: vpcmodel.HTML, + // }, + // Grouping: true, + //}, { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "sg_testing1_new", UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, - }, - { - VpcTestCommon: testfunc.VpcTestCommon{ - InputConfig: "sg_testing1_new", - UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - Format: vpcmodel.HTML, - }, - Grouping: true, + AddConsistencyEdgesExternal: true, }, } diff --git a/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs_.txt b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt similarity index 100% rename from pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs_.txt rename to pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt From 90f2de469d0c3e9c7287f698b1376a24fb51ab95 Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 17:24:40 +0300 Subject: [PATCH 12/38] use NameForAnalyzerOut(..) instead of Name() --- pkg/vpcmodel/groupingGraphical.go | 36 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 64bff5f74..ca14b3a8c 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -20,7 +20,7 @@ import ( // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { // 1. Get a map from external endpoints to their IPs - eeToIpBlock := getMapToGroupedExternalBlocks(g.GroupedLines) + eeToIpBlock := getMapToGroupedExternalBlocks(g.config, g.GroupedLines) // 2. Check for containment containedMap := findContainEndpointMap(eeToIpBlock) // 3. Add edges @@ -28,24 +28,24 @@ func (g *GroupConnLines) consistencyEdgesExternal() { } // gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock -func getMapToGroupedExternalBlocks(grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { +func getMapToGroupedExternalBlocks(config *VPCConfig, grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { eeToIpBlock = map[string]*ipblock.IPBlock{} for _, line := range grouped { - addExternalEndpointToMap(line.Src, eeToIpBlock) - addExternalEndpointToMap(line.Dst, eeToIpBlock) + addExternalEndpointToMap(line.Src, config, eeToIpBlock) + addExternalEndpointToMap(line.Dst, config, eeToIpBlock) } return eeToIpBlock } -func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipblock.IPBlock) { +func addExternalEndpointToMap(ee EndpointElem, config *VPCConfig, endpointsIPBlocks map[string]*ipblock.IPBlock) { if !ee.IsExternal() { return } - _, ok := endpointsIPBlocks[ee.Name()] + _, ok := endpointsIPBlocks[ee.NameForAnalyzerOut(config)] if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines return } - endpointsIPBlocks[ee.Name()] = groupedExternalToIpBlock(ee) + endpointsIPBlocks[ee.NameForAnalyzerOut(config)] = groupedExternalToIpBlock(ee) } func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { @@ -93,18 +93,18 @@ func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]strin func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { endpointToLines = map[string][]*groupedConnLine{} for _, line := range g.GroupedLines { - addLineToMap(endpointToLines, line, true) - addLineToMap(endpointToLines, line, false) + addLineToMap(g.config, endpointToLines, line, true) + addLineToMap(g.config, endpointToLines, line, false) } return endpointToLines } -func addLineToMap(endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { +func addLineToMap(config *VPCConfig, endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { var name string if src { - name = line.Src.Name() + name = line.Src.NameForAnalyzerOut(config) } else { - name = line.Dst.Name() + name = line.Dst.NameForAnalyzerOut(config) } if _, ok := endpointToLines[name]; !ok { endpointToLines[name] = []*groupedConnLine{} @@ -117,14 +117,14 @@ func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines m nameToEndpointElem := map[string]EndpointElem{} for _, line := range g.GroupedLines { // there could be rewriting with identical values; not an issue complexity wise, not checking this keeps the code simpler - nameToEndpointElem[line.Src.Name()] = line.Src - nameToEndpointElem[line.Dst.Name()] = line.Dst + nameToEndpointElem[line.Src.NameForAnalyzerOut(g.config)] = line.Src + nameToEndpointElem[line.Dst.NameForAnalyzerOut(g.config)] = line.Dst } var addToNodeName string if src { - addToNodeName = line.Src.Name() + addToNodeName = line.Src.NameForAnalyzerOut(g.config) } else { - addToNodeName = line.Dst.Name() + addToNodeName = line.Dst.NameForAnalyzerOut(g.config) } for _, containedEndpoint := range containedMap[addToNodeName] { for _, toAddLine := range endpointToLines[containedEndpoint] { @@ -132,10 +132,10 @@ func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines m // end of the edges will always be internal, since "this" edge is not internal. // Grouping per internal endpoints is done (if requested) after this point switch { - case src && toAddLine.Src.Name() == addToNodeName: + case src && toAddLine.Src.NameForAnalyzerOut(g.config) == addToNodeName: g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], Dst: toAddLine.Dst, CommonProperties: toAddLine.CommonProperties}) - case !src && toAddLine.Dst.Name() == addToNodeName: + case !src && toAddLine.Dst.NameForAnalyzerOut(g.config) == addToNodeName: g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: toAddLine.Src, Dst: nameToEndpointElem[addToNodeName], CommonProperties: toAddLine.CommonProperties}) } From bb14f731864f7a05d96447ae9c39213c24b17a8d Mon Sep 17 00:00:00 2001 From: shirim Date: Sun, 6 Oct 2024 17:33:59 +0300 Subject: [PATCH 13/38] bug fix, test is now working properly --- .../sg_testing1_new_all_vpcs__EdgeConsistent.txt | 1 + pkg/vpcmodel/groupingGraphical.go | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt index 3db6e2a04..9df87f9c7 100644 --- a/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt +++ b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__EdgeConsistent.txt @@ -3,6 +3,7 @@ Public Internet 147.235.219.206/32 => vsi2-ky[10.240.20.4] : protocol: TCP dst-p db-endpoint-gateway-ky[10.240.30.6] => vsi1-ky[10.240.10.4] : All Connections db-endpoint-gateway-ky[10.240.30.6] => vsi3a-ky[10.240.30.5] : All Connections vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/7 : protocol: ICMP +vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/8 : protocol: ICMP vsi1-ky[10.240.10.4] => Public Internet 161.26.0.0/16 : protocol: UDP vsi2-ky[10.240.20.4] => Public Internet 142.0.0.0/8 : protocol: ICMP vsi2-ky[10.240.20.4] => vsi1-ky[10.240.10.4] : All Connections diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index ca14b3a8c..e9cd54b5c 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -131,11 +131,10 @@ func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines m // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" // end of the edges will always be internal, since "this" edge is not internal. // Grouping per internal endpoints is done (if requested) after this point - switch { - case src && toAddLine.Src.NameForAnalyzerOut(g.config) == addToNodeName: + if src { g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], Dst: toAddLine.Dst, CommonProperties: toAddLine.CommonProperties}) - case !src && toAddLine.Dst.NameForAnalyzerOut(g.config) == addToNodeName: + } else { g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: toAddLine.Src, Dst: nameToEndpointElem[addToNodeName], CommonProperties: toAddLine.CommonProperties}) } From 0bed37306aba4948aaa561d7aee442aa81bbd237 Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 7 Oct 2024 09:09:58 +0300 Subject: [PATCH 14/38] added tests; with grouping not working properly yet --- pkg/ibmvpc/analysis_output_test.go | 42 ++++++++++++------- ...all_vpcs__with_grouping_EdgeConsistent.txt | 11 +++++ 2 files changed, 37 insertions(+), 16 deletions(-) create mode 100644 pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__with_grouping_EdgeConsistent.txt diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index ed963b4ff..ea787e259 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -44,22 +44,6 @@ var tests = []testfunc.VpcAnalysisTest{ // Grouping: true, // NoLbAbstract: true, //}, - //{ - // VpcTestCommon: testfunc.VpcTestCommon{ - // InputConfig: "sg_testing1_new", - // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - // Format: vpcmodel.Text, - // }, - // Grouping: true, - //}, - //{ - // VpcTestCommon: testfunc.VpcTestCommon{ - // InputConfig: "sg_testing1_new", - // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - // Format: vpcmodel.HTML, - // }, - // Grouping: true, - //}, { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "sg_testing1_new", @@ -68,6 +52,32 @@ var tests = []testfunc.VpcAnalysisTest{ }, AddConsistencyEdgesExternal: true, }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + AddConsistencyEdgesExternal: true, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + AddConsistencyEdgesExternal: true, + Grouping: true, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + AddConsistencyEdgesExternal: true, + Grouping: true, + }, } var tests1 = []*testfunc.VpcAnalysisTest{ diff --git a/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__with_grouping_EdgeConsistent.txt b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__with_grouping_EdgeConsistent.txt new file mode 100644 index 000000000..9dd986906 --- /dev/null +++ b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs__with_grouping_EdgeConsistent.txt @@ -0,0 +1,11 @@ +Endpoint connectivity for VPC test-vpc1-ky +Public Internet 147.235.219.206/32 => vsi2-ky[10.240.20.4] : protocol: TCP dst-ports: 22 +db-endpoint-gateway-ky[10.240.30.6],vsi3a-ky[10.240.30.5],vsi3b-ky[10.240.30.4] => db-endpoint-gateway-ky[10.240.30.6],vsi3a-ky[10.240.30.5] : All Connections +db-endpoint-gateway-ky[10.240.30.6],vsi3a-ky[10.240.30.5],vsi3b-ky[10.240.30.4] => vsi1-ky[10.240.10.4] : All Connections +vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/7 : protocol: ICMP +vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/8 : protocol: ICMP +vsi1-ky[10.240.10.4] => Public Internet 161.26.0.0/16 : protocol: UDP +vsi2-ky[10.240.20.4] => Public Internet 142.0.0.0/8 : protocol: ICMP +vsi2-ky[10.240.20.4] => vsi1-ky[10.240.10.4] : All Connections +vsi2-ky[10.240.20.4] => vsi3b-ky[10.240.30.4] : protocol: TCP +vsi3b-ky[10.240.30.4] => vsi2-ky[10.240.20.4] : protocol: TCP From 9ba4bc00d56e9b3e1871a7bb097cc54b5c84ac6e Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 7 Oct 2024 11:33:59 +0300 Subject: [PATCH 15/38] somehow it got deleted --- .../analysis_out/sg_testing1_new_all_vpcs_.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs_.txt diff --git a/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs_.txt b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs_.txt new file mode 100644 index 000000000..3db6e2a04 --- /dev/null +++ b/pkg/ibmvpc/examples/out/analysis_out/sg_testing1_new_all_vpcs_.txt @@ -0,0 +1,15 @@ +Endpoint connectivity for VPC test-vpc1-ky +Public Internet 147.235.219.206/32 => vsi2-ky[10.240.20.4] : protocol: TCP dst-ports: 22 +db-endpoint-gateway-ky[10.240.30.6] => vsi1-ky[10.240.10.4] : All Connections +db-endpoint-gateway-ky[10.240.30.6] => vsi3a-ky[10.240.30.5] : All Connections +vsi1-ky[10.240.10.4] => Public Internet 142.0.0.0/7 : protocol: ICMP +vsi1-ky[10.240.10.4] => Public Internet 161.26.0.0/16 : protocol: UDP +vsi2-ky[10.240.20.4] => Public Internet 142.0.0.0/8 : protocol: ICMP +vsi2-ky[10.240.20.4] => vsi1-ky[10.240.10.4] : All Connections +vsi2-ky[10.240.20.4] => vsi3b-ky[10.240.30.4] : protocol: TCP +vsi3a-ky[10.240.30.5] => db-endpoint-gateway-ky[10.240.30.6] : All Connections +vsi3a-ky[10.240.30.5] => vsi1-ky[10.240.10.4] : All Connections +vsi3b-ky[10.240.30.4] => db-endpoint-gateway-ky[10.240.30.6] : All Connections +vsi3b-ky[10.240.30.4] => vsi1-ky[10.240.10.4] : All Connections +vsi3b-ky[10.240.30.4] => vsi2-ky[10.240.20.4] : protocol: TCP +vsi3b-ky[10.240.30.4] => vsi3a-ky[10.240.30.5] : All Connections From 59fbb7c6a5678d8a56e6a9e4c70c4c3c95d925ea Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 7 Oct 2024 11:38:19 +0300 Subject: [PATCH 16/38] generalization --- pkg/vpcmodel/grouping.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index 573a51f88..a2885729e 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -361,10 +361,10 @@ func (g *GroupConnLines) groupExternalAddresses(vsi, addConsistencyEdgesExternal } } } - g.appendGrouped(res) if addConsistencyEdgesExternal { g.consistencyEdgesExternal() } + g.appendGrouped(res) return nil } @@ -422,7 +422,7 @@ func (g *GroupConnLines) groupExternalAddressesForExplainability(allRulesDetails } func (g *GroupConnLines) addLineToExternalGrouping(res *[]*groupedConnLine, - src, dst VPCResourceIntf, commonProps *groupedCommonProperties) error { + src, dst EndpointElem, commonProps *groupedCommonProperties) error { srcNode, srcIsNode := src.(Node) dstNode, dstIsNode := dst.(Node) if dst.IsExternal() && !dstIsNode || From 48169a9e276876a68b8ab70a7b9459e7dec0420b Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 08:55:39 +0300 Subject: [PATCH 17/38] added todos as to what should be done --- pkg/vpcmodel/groupingGraphical.go | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index e9cd54b5c..5210dfdd8 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package vpcmodel import ( + "fmt" "github.com/np-guard/models/pkg/ipblock" ) @@ -19,12 +20,17 @@ import ( // In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { + fmt.Println("1") // 1. Get a map from external endpoints to their IPs - eeToIpBlock := getMapToGroupedExternalBlocks(g.config, g.GroupedLines) + // todo need to work with and add the edges to g.srcToDst and g.dstToSrc, each separately. All together this should be smoother + //combinedGrouped := make([]*groupedConnLine, len(*g.srcToDst)+len(*g.dstToSrc)) + //copy(combinedGrouped, g.srcToDst) + eeToIpBlock := getMapToGroupedExternalBlocks(g.config, g.GroupedLines) // this needs to include both srcToDst and dstToSrc // 2. Check for containment - containedMap := findContainEndpointMap(eeToIpBlock) + containedMap := findContainEndpointMap(eeToIpBlock) // as above, needs to include both // 3. Add edges - g.addEdgesOfContainingEPs(containedMap) + fmt.Println("2") + g.addEdgesOfContainingEPs(containedMap) // separately for each } // gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock @@ -83,6 +89,7 @@ func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (cont func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string) { endpointToLines := g.getEndpointToLines() // auxiliary map between each endpoint element to lines it participates in // (as src or dst) + fmt.Printf("size of g.GroupedLines is %v\n", g.GroupedLines) for _, toAddEdgesLine := range g.GroupedLines { g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, true) g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, false) @@ -114,7 +121,9 @@ func addLineToMap(config *VPCConfig, endpointToLines map[string][]*groupedConnLi func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, containedMap map[string][]string, src bool) { + fmt.Println("here") nameToEndpointElem := map[string]EndpointElem{} + res := []*groupedConnLine{} // dummy place holder for addLineToExternalGrouping for _, line := range g.GroupedLines { // there could be rewriting with identical values; not an issue complexity wise, not checking this keeps the code simpler nameToEndpointElem[line.Src.NameForAnalyzerOut(g.config)] = line.Src @@ -128,15 +137,17 @@ func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines m } for _, containedEndpoint := range containedMap[addToNodeName] { for _, toAddLine := range endpointToLines[containedEndpoint] { + fmt.Printf("about to add to %v line %v => %v\n", addToNodeName, + toAddLine.Src.NameForAnalyzerOut(g.config), toAddLine.Dst.NameForAnalyzerOut(g.config)) // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" // end of the edges will always be internal, since "this" edge is not internal. - // Grouping per internal endpoints is done (if requested) after this point + // Grouping per is done after this point if src { - g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], - Dst: toAddLine.Dst, CommonProperties: toAddLine.CommonProperties}) + g.addLineToExternalGrouping(&res, nameToEndpointElem[addToNodeName], toAddLine.Dst, + toAddLine.CommonProperties) } else { - g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: toAddLine.Src, - Dst: nameToEndpointElem[addToNodeName], CommonProperties: toAddLine.CommonProperties}) + g.addLineToExternalGrouping(&res, toAddLine.Src, nameToEndpointElem[addToNodeName], + toAddLine.CommonProperties) } } } From 8ad74a929411fd649ea248f7a9124ad6f8cf6143 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 11:30:06 +0300 Subject: [PATCH 18/38] refactored first 3 stages to work with srcToDst and dstToSrc --- pkg/vpcmodel/groupingGraphical.go | 62 ++++++++++++++++++------------- 1 file changed, 37 insertions(+), 25 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 5210dfdd8..f96dcb0be 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -20,43 +20,55 @@ import ( // In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { - fmt.Println("1") - // 1. Get a map from external endpoints to their IPs - // todo need to work with and add the edges to g.srcToDst and g.dstToSrc, each separately. All together this should be smoother - //combinedGrouped := make([]*groupedConnLine, len(*g.srcToDst)+len(*g.dstToSrc)) - //copy(combinedGrouped, g.srcToDst) - eeToIpBlock := getMapToGroupedExternalBlocks(g.config, g.GroupedLines) // this needs to include both srcToDst and dstToSrc - // 2. Check for containment - containedMap := findContainEndpointMap(eeToIpBlock) // as above, needs to include both - // 3. Add edges - fmt.Println("2") - g.addEdgesOfContainingEPs(containedMap) // separately for each + // 1. Get a map from name to grouped external + nameExternalToObject := map[string]*groupedExternalNodes{} + getMapNameGroupedExternalToObject(nameExternalToObject, g.srcToDst) + getMapNameGroupedExternalToObject(nameExternalToObject, g.dstToSrc) + // 2. Get a map from grouped external name to their IPs + nameExternalToIpBlock := map[string]*ipblock.IPBlock{} + getMapNameGroupedExternalToIP(nameExternalToIpBlock, g.srcToDst) + getMapNameGroupedExternalToIP(nameExternalToIpBlock, g.dstToSrc) + // 3. Check for containment of ips via nameToIpBlock + containedMap := findContainEndpointMap(nameExternalToIpBlock) + _ = containedMap + //// 4. Add edges + //g.addEdgesOfContainingEPs(containedMap) // separately for each } -// gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock -func getMapToGroupedExternalBlocks(config *VPCConfig, grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { - eeToIpBlock = map[string]*ipblock.IPBlock{} - for _, line := range grouped { - addExternalEndpointToMap(line.Src, config, eeToIpBlock) - addExternalEndpointToMap(line.Dst, config, eeToIpBlock) +// gets *groupingConnections and returns a map from the string presentation of each grouped external to its object +func getMapNameGroupedExternalToObject(nameToGroupedExternal map[string]*groupedExternalNodes, grouped *groupingConnections) { + for _, groupedInfoMap := range *grouped { //groupedExternalNodes + for _, groupedInfoMap := range groupedInfoMap { + name := groupedInfoMap.nodes.Name() + _, ok := nameToGroupedExternal[name] + if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines + return + } + nameToGroupedExternal[name] = &groupedInfoMap.nodes + } } - return eeToIpBlock } -func addExternalEndpointToMap(ee EndpointElem, config *VPCConfig, endpointsIPBlocks map[string]*ipblock.IPBlock) { - if !ee.IsExternal() { - return +// gets *groupingConnections and returns a map from the string presentation of each grouped external to its ipBlock +func getMapNameGroupedExternalToIP(nameToIpBlock map[string]*ipblock.IPBlock, grouped *groupingConnections) { + for _, groupedInfoMap := range *grouped { //groupedExternalNodes + for _, groupedInfoMap := range groupedInfoMap { + addGroupedExternalNode(groupedInfoMap.nodes, nameToIpBlock) + } } - _, ok := endpointsIPBlocks[ee.NameForAnalyzerOut(config)] +} + +func addGroupedExternalNode(externalNodes groupedExternalNodes, endpointsIPBlocks map[string]*ipblock.IPBlock) { + _, ok := endpointsIPBlocks[externalNodes.Name()] if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines return } - endpointsIPBlocks[ee.NameForAnalyzerOut(config)] = groupedExternalToIpBlock(ee) + endpointsIPBlocks[externalNodes.Name()] = groupedExternalToIpBlock(externalNodes) } -func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { +func groupedExternalToIpBlock(externalNodes groupedExternalNodes) *ipblock.IPBlock { // EndpointElem must be of type groupedExternalNodes - elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) + elements := []*ExternalNetwork(externalNodes) var res = ipblock.New() for _, e := range elements { res = res.Union(e.ipblock) From 189752ce75bf23df26b30c60596e8523a6be8541 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 12:00:18 +0300 Subject: [PATCH 19/38] typo fix --- pkg/vpcmodel/groupingGraphical.go | 124 ++++++++++++------------------ 1 file changed, 49 insertions(+), 75 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index f96dcb0be..718541bde 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -7,7 +7,6 @@ SPDX-License-Identifier: Apache-2.0 package vpcmodel import ( - "fmt" "github.com/np-guard/models/pkg/ipblock" ) @@ -21,7 +20,7 @@ import ( // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { // 1. Get a map from name to grouped external - nameExternalToObject := map[string]*groupedExternalNodes{} + nameExternalToObject := map[string]*groupedExternalNodesInfo{} getMapNameGroupedExternalToObject(nameExternalToObject, g.srcToDst) getMapNameGroupedExternalToObject(nameExternalToObject, g.dstToSrc) // 2. Get a map from grouped external name to their IPs @@ -31,20 +30,20 @@ func (g *GroupConnLines) consistencyEdgesExternal() { // 3. Check for containment of ips via nameToIpBlock containedMap := findContainEndpointMap(nameExternalToIpBlock) _ = containedMap - //// 4. Add edges - //g.addEdgesOfContainingEPs(containedMap) // separately for each + // 4. Add edges + //g.addEdgesOfContainingEPs(containedMap, nameExternalToObject) } // gets *groupingConnections and returns a map from the string presentation of each grouped external to its object -func getMapNameGroupedExternalToObject(nameToGroupedExternal map[string]*groupedExternalNodes, grouped *groupingConnections) { +func getMapNameGroupedExternalToObject(nameToGroupedExternal map[string]*groupedExternalNodesInfo, grouped *groupingConnections) { for _, groupedInfoMap := range *grouped { //groupedExternalNodes - for _, groupedInfoMap := range groupedInfoMap { - name := groupedInfoMap.nodes.Name() + for _, groupedInfo := range groupedInfoMap { + name := groupedInfo.nodes.Name() _, ok := nameToGroupedExternal[name] if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines return } - nameToGroupedExternal[name] = &groupedInfoMap.nodes + nameToGroupedExternal[name] = groupedInfo } } } @@ -97,70 +96,45 @@ func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (cont return containedMap } -// given the above containedMap adds edges of containing endpoints -func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string) { - endpointToLines := g.getEndpointToLines() // auxiliary map between each endpoint element to lines it participates in - // (as src or dst) - fmt.Printf("size of g.GroupedLines is %v\n", g.GroupedLines) - for _, toAddEdgesLine := range g.GroupedLines { - g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, true) - g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, false) - } -} - -// creates an auxiliary map between each endpoint element to all the lines it participates in (as src or dst) -func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { - endpointToLines = map[string][]*groupedConnLine{} - for _, line := range g.GroupedLines { - addLineToMap(g.config, endpointToLines, line, true) - addLineToMap(g.config, endpointToLines, line, false) - } - return endpointToLines -} - -func addLineToMap(config *VPCConfig, endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { - var name string - if src { - name = line.Src.NameForAnalyzerOut(config) - } else { - name = line.Dst.NameForAnalyzerOut(config) - } - if _, ok := endpointToLines[name]; !ok { - endpointToLines[name] = []*groupedConnLine{} - } - endpointToLines[name] = append(endpointToLines[name], line) -} - -func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, - containedMap map[string][]string, src bool) { - fmt.Println("here") - nameToEndpointElem := map[string]EndpointElem{} - res := []*groupedConnLine{} // dummy place holder for addLineToExternalGrouping - for _, line := range g.GroupedLines { - // there could be rewriting with identical values; not an issue complexity wise, not checking this keeps the code simpler - nameToEndpointElem[line.Src.NameForAnalyzerOut(g.config)] = line.Src - nameToEndpointElem[line.Dst.NameForAnalyzerOut(g.config)] = line.Dst - } - var addToNodeName string - if src { - addToNodeName = line.Src.NameForAnalyzerOut(g.config) - } else { - addToNodeName = line.Dst.NameForAnalyzerOut(g.config) - } - for _, containedEndpoint := range containedMap[addToNodeName] { - for _, toAddLine := range endpointToLines[containedEndpoint] { - fmt.Printf("about to add to %v line %v => %v\n", addToNodeName, - toAddLine.Src.NameForAnalyzerOut(g.config), toAddLine.Dst.NameForAnalyzerOut(g.config)) - // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" - // end of the edges will always be internal, since "this" edge is not internal. - // Grouping per is done after this point - if src { - g.addLineToExternalGrouping(&res, nameToEndpointElem[addToNodeName], toAddLine.Dst, - toAddLine.CommonProperties) - } else { - g.addLineToExternalGrouping(&res, toAddLine.Src, nameToEndpointElem[addToNodeName], - toAddLine.CommonProperties) - } - } - } -} +//// given the above containedMap adds edges of containing endpoints +//func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string, +// nameExternalToObject map[string]*groupedExternalNodesInfo) { +// for _, toAddEdgesLine := range g.GroupedLines { +// g.addEdgesToLine(toAddEdgesLine, containedMap, true) +// g.addEdgesToLine(toAddEdgesLine, containedMap, false) +// } +//} +// +//func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, +// containedMap map[string][]string, src bool) { +// fmt.Println("here") +// nameToEndpointElem := map[string]EndpointElem{} +// res := []*groupedConnLine{} // dummy place holder for addLineToExternalGrouping +// for _, line := range g.GroupedLines { +// // there could be rewriting with identical values; not an issue complexity wise, not checking this keeps the code simpler +// nameToEndpointElem[line.Src.NameForAnalyzerOut(g.config)] = line.Src +// nameToEndpointElem[line.Dst.NameForAnalyzerOut(g.config)] = line.Dst +// } +// var addToNodeName string +// if src { +// addToNodeName = line.Src.NameForAnalyzerOut(g.config) +// } else { +// addToNodeName = line.Dst.NameForAnalyzerOut(g.config) +// } +// for _, containedEndpoint := range containedMap[addToNodeName] { +// for _, toAddLine := range endpointToLines[containedEndpoint] { +// fmt.Printf("about to add to %v line %v => %v\n", addToNodeName, +// toAddLine.Src.NameForAnalyzerOut(g.config), toAddLine.Dst.NameForAnalyzerOut(g.config)) +// // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" +// // end of the edges will always be internal, since "this" edge is not internal. +// // Grouping per is done after this point +// if src { +// g.addLineToExternalGrouping(&res, nameToEndpointElem[addToNodeName], toAddLine.Dst, +// toAddLine.CommonProperties) +// } else { +// g.addLineToExternalGrouping(&res, toAddLine.Src, nameToEndpointElem[addToNodeName], +// toAddLine.CommonProperties) +// } +// } +// } +//} From ab47848c1adc52ec98712954f25a74186167f077 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 15:11:52 +0300 Subject: [PATCH 20/38] computations adjustments --- pkg/vpcmodel/groupingGraphical.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 718541bde..7054c929b 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -20,7 +20,7 @@ import ( // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { // 1. Get a map from name to grouped external - nameExternalToObject := map[string]*groupedExternalNodesInfo{} + nameExternalToObject := map[string]groupedExternalNodes{} getMapNameGroupedExternalToObject(nameExternalToObject, g.srcToDst) getMapNameGroupedExternalToObject(nameExternalToObject, g.dstToSrc) // 2. Get a map from grouped external name to their IPs @@ -35,7 +35,7 @@ func (g *GroupConnLines) consistencyEdgesExternal() { } // gets *groupingConnections and returns a map from the string presentation of each grouped external to its object -func getMapNameGroupedExternalToObject(nameToGroupedExternal map[string]*groupedExternalNodesInfo, grouped *groupingConnections) { +func getMapNameGroupedExternalToObject(nameToGroupedExternal map[string]groupedExternalNodes, grouped *groupingConnections) { for _, groupedInfoMap := range *grouped { //groupedExternalNodes for _, groupedInfo := range groupedInfoMap { name := groupedInfo.nodes.Name() @@ -43,7 +43,7 @@ func getMapNameGroupedExternalToObject(nameToGroupedExternal map[string]*grouped if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines return } - nameToGroupedExternal[name] = groupedInfo + nameToGroupedExternal[name] = groupedInfo.nodes } } } @@ -75,22 +75,22 @@ func groupedExternalToIpBlock(externalNodes groupedExternalNodes) *ipblock.IPBlo return res } -// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that contains it +// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that it contains // (if any) func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (containedMap map[string][]string) { containedMap = map[string][]string{} - for containedEP, containedIP := range endpointsIPBlocks { - containingEPs := []string{} - for containingEP, containingIP := range endpointsIPBlocks { + for containingEP, containingIP := range endpointsIPBlocks { + containedEPs := []string{} + for containedEP, containedIP := range endpointsIPBlocks { if containingEP == containedEP { continue } if containedIP.ContainedIn(containingIP) { - containingEPs = append(containingEPs, containingEP) + containedEPs = append(containedEPs, containedEP) } } - if len(containingEPs) > 0 { - containedMap[containedEP] = containingEPs + if len(containedEPs) > 0 { + containedMap[containingEP] = containedEPs } } return containedMap From d5f418a1d680f43508e0795533f1eda292397bf6 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 15:54:03 +0300 Subject: [PATCH 21/38] adding edges --- pkg/vpcmodel/groupingGraphical.go | 94 +++++++++++++++---------------- 1 file changed, 44 insertions(+), 50 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 7054c929b..5bae92d5d 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -20,22 +20,22 @@ import ( // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { // 1. Get a map from name to grouped external - nameExternalToObject := map[string]groupedExternalNodes{} - getMapNameGroupedExternalToObject(nameExternalToObject, g.srcToDst) - getMapNameGroupedExternalToObject(nameExternalToObject, g.dstToSrc) + nameExternalToNodes := map[string]groupedExternalNodes{} + getMapNameGroupedExternalToNodes(nameExternalToNodes, g.srcToDst) + getMapNameGroupedExternalToNodes(nameExternalToNodes, g.dstToSrc) // 2. Get a map from grouped external name to their IPs nameExternalToIpBlock := map[string]*ipblock.IPBlock{} getMapNameGroupedExternalToIP(nameExternalToIpBlock, g.srcToDst) getMapNameGroupedExternalToIP(nameExternalToIpBlock, g.dstToSrc) // 3. Check for containment of ips via nameToIpBlock containedMap := findContainEndpointMap(nameExternalToIpBlock) - _ = containedMap - // 4. Add edges - //g.addEdgesOfContainingEPs(containedMap, nameExternalToObject) + // 4. Add edges to g.srcToDst and to g.dstToSrc + g.addEdgesToGroupedConnection(true, containedMap, nameExternalToNodes) + g.addEdgesToGroupedConnection(false, containedMap, nameExternalToNodes) } -// gets *groupingConnections and returns a map from the string presentation of each grouped external to its object -func getMapNameGroupedExternalToObject(nameToGroupedExternal map[string]groupedExternalNodes, grouped *groupingConnections) { +// gets *groupingConnections and returns a map from the string presentation of each grouped external to its nodes +func getMapNameGroupedExternalToNodes(nameToGroupedExternal map[string]groupedExternalNodes, grouped *groupingConnections) { for _, groupedInfoMap := range *grouped { //groupedExternalNodes for _, groupedInfo := range groupedInfoMap { name := groupedInfo.nodes.Name() @@ -96,45 +96,39 @@ func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (cont return containedMap } -//// given the above containedMap adds edges of containing endpoints -//func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string, -// nameExternalToObject map[string]*groupedExternalNodesInfo) { -// for _, toAddEdgesLine := range g.GroupedLines { -// g.addEdgesToLine(toAddEdgesLine, containedMap, true) -// g.addEdgesToLine(toAddEdgesLine, containedMap, false) -// } -//} -// -//func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, -// containedMap map[string][]string, src bool) { -// fmt.Println("here") -// nameToEndpointElem := map[string]EndpointElem{} -// res := []*groupedConnLine{} // dummy place holder for addLineToExternalGrouping -// for _, line := range g.GroupedLines { -// // there could be rewriting with identical values; not an issue complexity wise, not checking this keeps the code simpler -// nameToEndpointElem[line.Src.NameForAnalyzerOut(g.config)] = line.Src -// nameToEndpointElem[line.Dst.NameForAnalyzerOut(g.config)] = line.Dst -// } -// var addToNodeName string -// if src { -// addToNodeName = line.Src.NameForAnalyzerOut(g.config) -// } else { -// addToNodeName = line.Dst.NameForAnalyzerOut(g.config) -// } -// for _, containedEndpoint := range containedMap[addToNodeName] { -// for _, toAddLine := range endpointToLines[containedEndpoint] { -// fmt.Printf("about to add to %v line %v => %v\n", addToNodeName, -// toAddLine.Src.NameForAnalyzerOut(g.config), toAddLine.Dst.NameForAnalyzerOut(g.config)) -// // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" -// // end of the edges will always be internal, since "this" edge is not internal. -// // Grouping per is done after this point -// if src { -// g.addLineToExternalGrouping(&res, nameToEndpointElem[addToNodeName], toAddLine.Dst, -// toAddLine.CommonProperties) -// } else { -// g.addLineToExternalGrouping(&res, toAddLine.Src, nameToEndpointElem[addToNodeName], -// toAddLine.CommonProperties) -// } -// } -// } -//} +// goes over g.srcToDst and over g.dstToSrc; for each "edge" represented by these structs of from/to external nodes, +// duplicates the edge to all "external nodes" entities that are contained in the external node of the edge +func (g *GroupConnLines) addEdgesToGroupedConnection(src bool, containedMap map[string][]string, + nameExternalToNodes map[string]groupedExternalNodes) { + var groupedConnectionToAddBy *groupingConnections + if src { + groupedConnectionToAddBy = g.srcToDst + } else { + groupedConnectionToAddBy = g.dstToSrc + } + for srcOrDstEP, object := range *groupedConnectionToAddBy { + for _, groupedExternalInfo := range object { + fmt.Printf("") + // checks whether the groupedExternalNodes contains other groupedExternalNodes that are in the graph, + // in which case the line should be added to the contained groupedExternalNodes + contained, ok := containedMap[groupedExternalInfo.nodes.Name()] + if !ok { + continue + } + res := []*groupedConnLine{} // dummy placeholder for addLineToExternalGrouping + // goes over all external nodes contained in the node of groupedExternalInfo; the "edge" represented by + // should be duplicated for these external nodes + for _, containedName := range contained { + containedNodes := nameExternalToNodes[containedName] + if src { + g.addLineToExternalGrouping(&res, srcOrDstEP, &containedNodes, + groupedExternalInfo.commonProperties) + } else { + g.addLineToExternalGrouping(&res, &containedNodes, srcOrDstEP, + groupedExternalInfo.commonProperties) + } + } + } + } + +} From 26b43f19818f683a4bb39e03571c970a27f5ffef Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 15:56:43 +0300 Subject: [PATCH 22/38] add edges --- pkg/vpcmodel/grouping.go | 5 ++++- pkg/vpcmodel/groupingGraphical.go | 22 +++++++++++++++------- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index a2885729e..2da7b6576 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -362,7 +362,10 @@ func (g *GroupConnLines) groupExternalAddresses(vsi, addConsistencyEdgesExternal } } if addConsistencyEdgesExternal { - g.consistencyEdgesExternal() + err := g.consistencyEdgesExternal() + if err != nil { + return err + } } g.appendGrouped(res) return nil diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 5bae92d5d..8772f942e 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package vpcmodel import ( + "fmt" "github.com/np-guard/models/pkg/ipblock" ) @@ -18,7 +19,7 @@ import ( // 142.0.64.0/17 should also be connected to vsi2 and vsi3 // In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 -func (g *GroupConnLines) consistencyEdgesExternal() { +func (g *GroupConnLines) consistencyEdgesExternal() error { // 1. Get a map from name to grouped external nameExternalToNodes := map[string]groupedExternalNodes{} getMapNameGroupedExternalToNodes(nameExternalToNodes, g.srcToDst) @@ -30,8 +31,15 @@ func (g *GroupConnLines) consistencyEdgesExternal() { // 3. Check for containment of ips via nameToIpBlock containedMap := findContainEndpointMap(nameExternalToIpBlock) // 4. Add edges to g.srcToDst and to g.dstToSrc - g.addEdgesToGroupedConnection(true, containedMap, nameExternalToNodes) - g.addEdgesToGroupedConnection(false, containedMap, nameExternalToNodes) + err1 := g.addEdgesToGroupedConnection(true, containedMap, nameExternalToNodes) + if err1 != nil { + return err1 + } + err2 := g.addEdgesToGroupedConnection(false, containedMap, nameExternalToNodes) + if err2 != nil { + return err2 + } + return nil } // gets *groupingConnections and returns a map from the string presentation of each grouped external to its nodes @@ -99,7 +107,7 @@ func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (cont // goes over g.srcToDst and over g.dstToSrc; for each "edge" represented by these structs of from/to external nodes, // duplicates the edge to all "external nodes" entities that are contained in the external node of the edge func (g *GroupConnLines) addEdgesToGroupedConnection(src bool, containedMap map[string][]string, - nameExternalToNodes map[string]groupedExternalNodes) { + nameExternalToNodes map[string]groupedExternalNodes) (err error) { var groupedConnectionToAddBy *groupingConnections if src { groupedConnectionToAddBy = g.srcToDst @@ -121,14 +129,14 @@ func (g *GroupConnLines) addEdgesToGroupedConnection(src bool, containedMap map[ for _, containedName := range contained { containedNodes := nameExternalToNodes[containedName] if src { - g.addLineToExternalGrouping(&res, srcOrDstEP, &containedNodes, + err = g.addLineToExternalGrouping(&res, srcOrDstEP, &containedNodes, groupedExternalInfo.commonProperties) } else { - g.addLineToExternalGrouping(&res, &containedNodes, srcOrDstEP, + err = g.addLineToExternalGrouping(&res, &containedNodes, srcOrDstEP, groupedExternalInfo.commonProperties) } } } } - + return err } From d53a243fdedf37afd76f6dca645c855bd2dc6342 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 16:52:35 +0300 Subject: [PATCH 23/38] fix bug --- pkg/vpcmodel/groupingGraphical.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 8772f942e..61379edff 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -128,12 +128,15 @@ func (g *GroupConnLines) addEdgesToGroupedConnection(src bool, containedMap map[ // should be duplicated for these external nodes for _, containedName := range contained { containedNodes := nameExternalToNodes[containedName] - if src { - err = g.addLineToExternalGrouping(&res, srcOrDstEP, &containedNodes, - groupedExternalInfo.commonProperties) - } else { - err = g.addLineToExternalGrouping(&res, &containedNodes, srcOrDstEP, - groupedExternalInfo.commonProperties) + externalNodes := []*ExternalNetwork(containedNodes) + for _, node := range externalNodes { + if src { + err = g.addLineToExternalGrouping(&res, srcOrDstEP, node, + groupedExternalInfo.commonProperties) + } else { + err = g.addLineToExternalGrouping(&res, node, srcOrDstEP, + groupedExternalInfo.commonProperties) + } } } } From 06087a1819f7178fd355aec8d3f1559dd42488fb Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 17:22:38 +0300 Subject: [PATCH 24/38] not working since external networks are oblivious to sub cidrs --- pkg/vpcmodel/grouping.go | 5 +++++ pkg/vpcmodel/groupingGraphical.go | 20 +++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index 2da7b6576..ba0f72af5 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -313,7 +313,12 @@ func (g *groupingConnections) addPublicConnectivity(ep EndpointElem, commonProps if _, ok := (*g)[ep][connKey]; !ok { (*g)[ep][connKey] = &groupedExternalNodesInfo{commonProperties: commonProps} } + fmt.Printf("before appendNode %v: %v\n", targetNode.Name(), (*g)[ep][connKey].nodes.Name()) (*g)[ep][connKey].appendNode(targetNode) + fmt.Printf("after appendNode %v: %v\n", targetNode.Name(), (*g)[ep][connKey].nodes.Name()) + fmt.Printf("appended to %v %v node %v\n", ep.Name(), connKey, targetNode.Name()) + fmt.Println("inside addPublicConnectivity") + g.printGroupingConnections() } // given an endpoint representing a VSI or a subnet diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 61379edff..282fed2b7 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -42,6 +42,24 @@ func (g *GroupConnLines) consistencyEdgesExternal() error { return nil } +func (g *GroupConnLines) printSrcToDst() { + fmt.Println("g.srcToDst\n~~~~~~~~~~~~~~~~") + for src, object := range *g.srcToDst { + for _, externalInfo := range object { + fmt.Printf("\t%v => %v %v\n", src.NameForAnalyzerOut(g.config), externalInfo.nodes.Name(), externalInfo.commonProperties.Conn.string()) + } + } +} + +func (g *groupingConnections) printGroupingConnections() { + fmt.Println("groupingConnections\n~~~~~~~~~~~~~~~~") + for src, object := range *g { + for _, externalInfo := range object { + fmt.Printf("\t%v => %v %v\n", src.Name(), externalInfo.nodes.Name(), externalInfo.commonProperties.Conn.string()) + } + } +} + // gets *groupingConnections and returns a map from the string presentation of each grouped external to its nodes func getMapNameGroupedExternalToNodes(nameToGroupedExternal map[string]groupedExternalNodes, grouped *groupingConnections) { for _, groupedInfoMap := range *grouped { //groupedExternalNodes @@ -108,6 +126,7 @@ func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (cont // duplicates the edge to all "external nodes" entities that are contained in the external node of the edge func (g *GroupConnLines) addEdgesToGroupedConnection(src bool, containedMap map[string][]string, nameExternalToNodes map[string]groupedExternalNodes) (err error) { + fmt.Println("addEdgesToGroupedConnection") var groupedConnectionToAddBy *groupingConnections if src { groupedConnectionToAddBy = g.srcToDst @@ -116,7 +135,6 @@ func (g *GroupConnLines) addEdgesToGroupedConnection(src bool, containedMap map[ } for srcOrDstEP, object := range *groupedConnectionToAddBy { for _, groupedExternalInfo := range object { - fmt.Printf("") // checks whether the groupedExternalNodes contains other groupedExternalNodes that are in the graph, // in which case the line should be added to the contained groupedExternalNodes contained, ok := containedMap[groupedExternalInfo.nodes.Name()] From b4ca0b69696415251b9954a39566a0adfc653378 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 17:39:14 +0300 Subject: [PATCH 25/38] restoring the older version - which now seems ok, given that adding the line in earlier stage does not work due to the essence of ExternalNetwork --- pkg/ibmvpc/analysis_output_test.go | 34 +++--- pkg/vpcmodel/grouping.go | 14 +-- pkg/vpcmodel/groupingGraphical.go | 186 +++++++++++++---------------- 3 files changed, 103 insertions(+), 131 deletions(-) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index ea787e259..8fa23a76a 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -52,14 +52,14 @@ var tests = []testfunc.VpcAnalysisTest{ }, AddConsistencyEdgesExternal: true, }, - { - VpcTestCommon: testfunc.VpcTestCommon{ - InputConfig: "sg_testing1_new", - UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - Format: vpcmodel.HTML, - }, - AddConsistencyEdgesExternal: true, - }, + //{ + // VpcTestCommon: testfunc.VpcTestCommon{ + // InputConfig: "sg_testing1_new", + // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + // Format: vpcmodel.HTML, + // }, + // AddConsistencyEdgesExternal: true, + //}, { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "sg_testing1_new", @@ -69,15 +69,15 @@ var tests = []testfunc.VpcAnalysisTest{ AddConsistencyEdgesExternal: true, Grouping: true, }, - { - VpcTestCommon: testfunc.VpcTestCommon{ - InputConfig: "sg_testing1_new", - UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - Format: vpcmodel.HTML, - }, - AddConsistencyEdgesExternal: true, - Grouping: true, - }, + //{ + // VpcTestCommon: testfunc.VpcTestCommon{ + // InputConfig: "sg_testing1_new", + // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + // Format: vpcmodel.HTML, + // }, + // AddConsistencyEdgesExternal: true, + // Grouping: true, + //}, } var tests1 = []*testfunc.VpcAnalysisTest{ diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index ba0f72af5..573a51f88 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -313,12 +313,7 @@ func (g *groupingConnections) addPublicConnectivity(ep EndpointElem, commonProps if _, ok := (*g)[ep][connKey]; !ok { (*g)[ep][connKey] = &groupedExternalNodesInfo{commonProperties: commonProps} } - fmt.Printf("before appendNode %v: %v\n", targetNode.Name(), (*g)[ep][connKey].nodes.Name()) (*g)[ep][connKey].appendNode(targetNode) - fmt.Printf("after appendNode %v: %v\n", targetNode.Name(), (*g)[ep][connKey].nodes.Name()) - fmt.Printf("appended to %v %v node %v\n", ep.Name(), connKey, targetNode.Name()) - fmt.Println("inside addPublicConnectivity") - g.printGroupingConnections() } // given an endpoint representing a VSI or a subnet @@ -366,13 +361,10 @@ func (g *GroupConnLines) groupExternalAddresses(vsi, addConsistencyEdgesExternal } } } + g.appendGrouped(res) if addConsistencyEdgesExternal { - err := g.consistencyEdgesExternal() - if err != nil { - return err - } + g.consistencyEdgesExternal() } - g.appendGrouped(res) return nil } @@ -430,7 +422,7 @@ func (g *GroupConnLines) groupExternalAddressesForExplainability(allRulesDetails } func (g *GroupConnLines) addLineToExternalGrouping(res *[]*groupedConnLine, - src, dst EndpointElem, commonProps *groupedCommonProperties) error { + src, dst VPCResourceIntf, commonProps *groupedCommonProperties) error { srcNode, srcIsNode := src.(Node) dstNode, dstIsNode := dst.(Node) if dst.IsExternal() && !dstIsNode || diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 282fed2b7..e9cd54b5c 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -7,7 +7,6 @@ SPDX-License-Identifier: Apache-2.0 package vpcmodel import ( - "fmt" "github.com/np-guard/models/pkg/ipblock" ) @@ -19,81 +18,39 @@ import ( // 142.0.64.0/17 should also be connected to vsi2 and vsi3 // In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 -func (g *GroupConnLines) consistencyEdgesExternal() error { - // 1. Get a map from name to grouped external - nameExternalToNodes := map[string]groupedExternalNodes{} - getMapNameGroupedExternalToNodes(nameExternalToNodes, g.srcToDst) - getMapNameGroupedExternalToNodes(nameExternalToNodes, g.dstToSrc) - // 2. Get a map from grouped external name to their IPs - nameExternalToIpBlock := map[string]*ipblock.IPBlock{} - getMapNameGroupedExternalToIP(nameExternalToIpBlock, g.srcToDst) - getMapNameGroupedExternalToIP(nameExternalToIpBlock, g.dstToSrc) - // 3. Check for containment of ips via nameToIpBlock - containedMap := findContainEndpointMap(nameExternalToIpBlock) - // 4. Add edges to g.srcToDst and to g.dstToSrc - err1 := g.addEdgesToGroupedConnection(true, containedMap, nameExternalToNodes) - if err1 != nil { - return err1 - } - err2 := g.addEdgesToGroupedConnection(false, containedMap, nameExternalToNodes) - if err2 != nil { - return err2 - } - return nil -} - -func (g *GroupConnLines) printSrcToDst() { - fmt.Println("g.srcToDst\n~~~~~~~~~~~~~~~~") - for src, object := range *g.srcToDst { - for _, externalInfo := range object { - fmt.Printf("\t%v => %v %v\n", src.NameForAnalyzerOut(g.config), externalInfo.nodes.Name(), externalInfo.commonProperties.Conn.string()) - } - } -} - -func (g *groupingConnections) printGroupingConnections() { - fmt.Println("groupingConnections\n~~~~~~~~~~~~~~~~") - for src, object := range *g { - for _, externalInfo := range object { - fmt.Printf("\t%v => %v %v\n", src.Name(), externalInfo.nodes.Name(), externalInfo.commonProperties.Conn.string()) - } - } +func (g *GroupConnLines) consistencyEdgesExternal() { + // 1. Get a map from external endpoints to their IPs + eeToIpBlock := getMapToGroupedExternalBlocks(g.config, g.GroupedLines) + // 2. Check for containment + containedMap := findContainEndpointMap(eeToIpBlock) + // 3. Add edges + g.addEdgesOfContainingEPs(containedMap) } -// gets *groupingConnections and returns a map from the string presentation of each grouped external to its nodes -func getMapNameGroupedExternalToNodes(nameToGroupedExternal map[string]groupedExternalNodes, grouped *groupingConnections) { - for _, groupedInfoMap := range *grouped { //groupedExternalNodes - for _, groupedInfo := range groupedInfoMap { - name := groupedInfo.nodes.Name() - _, ok := nameToGroupedExternal[name] - if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines - return - } - nameToGroupedExternal[name] = groupedInfo.nodes - } +// gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock +func getMapToGroupedExternalBlocks(config *VPCConfig, grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { + eeToIpBlock = map[string]*ipblock.IPBlock{} + for _, line := range grouped { + addExternalEndpointToMap(line.Src, config, eeToIpBlock) + addExternalEndpointToMap(line.Dst, config, eeToIpBlock) } + return eeToIpBlock } -// gets *groupingConnections and returns a map from the string presentation of each grouped external to its ipBlock -func getMapNameGroupedExternalToIP(nameToIpBlock map[string]*ipblock.IPBlock, grouped *groupingConnections) { - for _, groupedInfoMap := range *grouped { //groupedExternalNodes - for _, groupedInfoMap := range groupedInfoMap { - addGroupedExternalNode(groupedInfoMap.nodes, nameToIpBlock) - } +func addExternalEndpointToMap(ee EndpointElem, config *VPCConfig, endpointsIPBlocks map[string]*ipblock.IPBlock) { + if !ee.IsExternal() { + return } -} - -func addGroupedExternalNode(externalNodes groupedExternalNodes, endpointsIPBlocks map[string]*ipblock.IPBlock) { - _, ok := endpointsIPBlocks[externalNodes.Name()] + _, ok := endpointsIPBlocks[ee.NameForAnalyzerOut(config)] if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines return } - endpointsIPBlocks[externalNodes.Name()] = groupedExternalToIpBlock(externalNodes) + endpointsIPBlocks[ee.NameForAnalyzerOut(config)] = groupedExternalToIpBlock(ee) } -func groupedExternalToIpBlock(externalNodes groupedExternalNodes) *ipblock.IPBlock { +func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { // EndpointElem must be of type groupedExternalNodes - elements := []*ExternalNetwork(externalNodes) + elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) var res = ipblock.New() for _, e := range elements { res = res.Union(e.ipblock) @@ -101,63 +58,86 @@ func groupedExternalToIpBlock(externalNodes groupedExternalNodes) *ipblock.IPBlo return res } -// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that it contains +// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that contains it // (if any) func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (containedMap map[string][]string) { containedMap = map[string][]string{} - for containingEP, containingIP := range endpointsIPBlocks { - containedEPs := []string{} - for containedEP, containedIP := range endpointsIPBlocks { + for containedEP, containedIP := range endpointsIPBlocks { + containingEPs := []string{} + for containingEP, containingIP := range endpointsIPBlocks { if containingEP == containedEP { continue } if containedIP.ContainedIn(containingIP) { - containedEPs = append(containedEPs, containedEP) + containingEPs = append(containingEPs, containingEP) } } - if len(containedEPs) > 0 { - containedMap[containingEP] = containedEPs + if len(containingEPs) > 0 { + containedMap[containedEP] = containingEPs } } return containedMap } -// goes over g.srcToDst and over g.dstToSrc; for each "edge" represented by these structs of from/to external nodes, -// duplicates the edge to all "external nodes" entities that are contained in the external node of the edge -func (g *GroupConnLines) addEdgesToGroupedConnection(src bool, containedMap map[string][]string, - nameExternalToNodes map[string]groupedExternalNodes) (err error) { - fmt.Println("addEdgesToGroupedConnection") - var groupedConnectionToAddBy *groupingConnections +// given the above containedMap adds edges of containing endpoints +func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string) { + endpointToLines := g.getEndpointToLines() // auxiliary map between each endpoint element to lines it participates in + // (as src or dst) + for _, toAddEdgesLine := range g.GroupedLines { + g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, true) + g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, false) + } +} + +// creates an auxiliary map between each endpoint element to all the lines it participates in (as src or dst) +func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { + endpointToLines = map[string][]*groupedConnLine{} + for _, line := range g.GroupedLines { + addLineToMap(g.config, endpointToLines, line, true) + addLineToMap(g.config, endpointToLines, line, false) + } + return endpointToLines +} + +func addLineToMap(config *VPCConfig, endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { + var name string if src { - groupedConnectionToAddBy = g.srcToDst + name = line.Src.NameForAnalyzerOut(config) } else { - groupedConnectionToAddBy = g.dstToSrc + name = line.Dst.NameForAnalyzerOut(config) } - for srcOrDstEP, object := range *groupedConnectionToAddBy { - for _, groupedExternalInfo := range object { - // checks whether the groupedExternalNodes contains other groupedExternalNodes that are in the graph, - // in which case the line should be added to the contained groupedExternalNodes - contained, ok := containedMap[groupedExternalInfo.nodes.Name()] - if !ok { - continue - } - res := []*groupedConnLine{} // dummy placeholder for addLineToExternalGrouping - // goes over all external nodes contained in the node of groupedExternalInfo; the "edge" represented by - // should be duplicated for these external nodes - for _, containedName := range contained { - containedNodes := nameExternalToNodes[containedName] - externalNodes := []*ExternalNetwork(containedNodes) - for _, node := range externalNodes { - if src { - err = g.addLineToExternalGrouping(&res, srcOrDstEP, node, - groupedExternalInfo.commonProperties) - } else { - err = g.addLineToExternalGrouping(&res, node, srcOrDstEP, - groupedExternalInfo.commonProperties) - } - } + if _, ok := endpointToLines[name]; !ok { + endpointToLines[name] = []*groupedConnLine{} + } + endpointToLines[name] = append(endpointToLines[name], line) +} + +func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, + containedMap map[string][]string, src bool) { + nameToEndpointElem := map[string]EndpointElem{} + for _, line := range g.GroupedLines { + // there could be rewriting with identical values; not an issue complexity wise, not checking this keeps the code simpler + nameToEndpointElem[line.Src.NameForAnalyzerOut(g.config)] = line.Src + nameToEndpointElem[line.Dst.NameForAnalyzerOut(g.config)] = line.Dst + } + var addToNodeName string + if src { + addToNodeName = line.Src.NameForAnalyzerOut(g.config) + } else { + addToNodeName = line.Dst.NameForAnalyzerOut(g.config) + } + for _, containedEndpoint := range containedMap[addToNodeName] { + for _, toAddLine := range endpointToLines[containedEndpoint] { + // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" + // end of the edges will always be internal, since "this" edge is not internal. + // Grouping per internal endpoints is done (if requested) after this point + if src { + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], + Dst: toAddLine.Dst, CommonProperties: toAddLine.CommonProperties}) + } else { + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: toAddLine.Src, + Dst: nameToEndpointElem[addToNodeName], CommonProperties: toAddLine.CommonProperties}) } } } - return err } From 488ff334dfc0dc3c479d6b327ebc54dafd3ffc99 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 8 Oct 2024 18:01:09 +0300 Subject: [PATCH 26/38] removed temp code --- pkg/ibmvpc/analysis_output_test.go | 96 ++++++++++++------------------ 1 file changed, 38 insertions(+), 58 deletions(-) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 8fa23a76a..e91b2878c 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -25,62 +25,7 @@ tests for the entire flow: const analysisOut = "analysis_out" -var tests = []testfunc.VpcAnalysisTest{ - //{ - // VpcTestCommon: testfunc.VpcTestCommon{ - // InputConfig: "iks_config_object", - // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - // Format: vpcmodel.Text, - // }, - // Grouping: true, - // NoLbAbstract: true, - //}, - //{ - // VpcTestCommon: testfunc.VpcTestCommon{ - // InputConfig: "iks_config_object", - // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - // Format: vpcmodel.HTML, - // }, - // Grouping: true, - // NoLbAbstract: true, - //}, - { - VpcTestCommon: testfunc.VpcTestCommon{ - InputConfig: "sg_testing1_new", - UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - Format: vpcmodel.Text, - }, - AddConsistencyEdgesExternal: true, - }, - //{ - // VpcTestCommon: testfunc.VpcTestCommon{ - // InputConfig: "sg_testing1_new", - // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - // Format: vpcmodel.HTML, - // }, - // AddConsistencyEdgesExternal: true, - //}, - { - VpcTestCommon: testfunc.VpcTestCommon{ - InputConfig: "sg_testing1_new", - UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - Format: vpcmodel.Text, - }, - AddConsistencyEdgesExternal: true, - Grouping: true, - }, - //{ - // VpcTestCommon: testfunc.VpcTestCommon{ - // InputConfig: "sg_testing1_new", - // UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, - // Format: vpcmodel.HTML, - // }, - // AddConsistencyEdgesExternal: true, - // Grouping: true, - //}, -} - -var tests1 = []*testfunc.VpcAnalysisTest{ +var tests = []*testfunc.VpcAnalysisTest{ { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "acl_testing5", @@ -758,18 +703,53 @@ var tests1 = []*testfunc.VpcAnalysisTest{ }, Grouping: true, }, + // tests for AddConsistencyEdgesExternal + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + AddConsistencyEdgesExternal: true, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + AddConsistencyEdgesExternal: true, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + AddConsistencyEdgesExternal: true, + Grouping: true, + }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "sg_testing1_new", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + AddConsistencyEdgesExternal: true, + Grouping: true, + }, } // uncomment the function below to run for updating the expected output -func TestReportWithGeneration(t *testing.T) { +/*func TestReportWithGeneration(t *testing.T) { // tests is the list of tests to run for testIdx := range tests { tt := tests[testIdx] tt.TestAnalysisSingleTest(t, testfunc.OutputGeneration, &IBMresourcesContainer{}, analysisOut, tt.InputConfig) } fmt.Println("done") -} +}*/ func TestReportWithComparison(t *testing.T) { // tests is the list of tests to run From 6d1e00457b204a57fa20e54d2a464b9692e572ab Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 08:53:09 +0300 Subject: [PATCH 27/38] adjusted tests to the new code --- pkg/vpcmodel/grouping_test.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/vpcmodel/grouping_test.go b/pkg/vpcmodel/grouping_test.go index 5b17df392..615892cba 100644 --- a/pkg/vpcmodel/grouping_test.go +++ b/pkg/vpcmodel/grouping_test.go @@ -203,7 +203,7 @@ func TestGroupingPhase1(t *testing.T) { c, v := newVPCConfigTest1() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) groupingStr := res.String(c) @@ -218,7 +218,7 @@ func TestGroupingPhase2(t *testing.T) { res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} // phase 1 - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) groupingStr := res.String(c) require.Equal(t, "vsi1 => Public Internet 1.2.0.0/22,8.8.8.8/32 : All Connections\n"+ @@ -260,7 +260,7 @@ func TestResponsiveGrouping(t *testing.T) { c, v := configResponsiveGrouping() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(true, true) groupingStr := res.String(c) @@ -293,7 +293,7 @@ func TestIPRange(t *testing.T) { c, v := configIPRange() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(true, true) groupingStr := res.String(c) @@ -331,7 +331,7 @@ func TestSelfLoopClique(t *testing.T) { c, v := configSelfLoopClique() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(true, true) groupingStr := res.String(c) @@ -371,7 +371,7 @@ func TestSelfLoopCliqueDiffSubnets(t *testing.T) { c, v := configSelfLoopCliqueDiffSubnets() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(true, true) res.groupInternalSrcOrDst(false, true) @@ -411,7 +411,7 @@ func TestSimpleSelfLoop(t *testing.T) { c, v := configSimpleSelfLoop() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(false, true) res.groupInternalSrcOrDst(true, true) @@ -462,7 +462,7 @@ func TestConfigSelfLoopCliqueLace(t *testing.T) { c, v := configSelfLoopCliqueLace() res := &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(true) + err := res.groupExternalAddresses(true, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(false, true) res.groupInternalSrcOrDst(true, true) @@ -509,7 +509,7 @@ func TestSubnetSelfLoop(t *testing.T) { res := &GroupConnLines{config: c, subnetsConn: s, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err := res.groupExternalAddresses(false) + err := res.groupExternalAddresses(false, false) require.Equal(t, err, nil) res.groupInternalSrcOrDst(false, false) res.groupInternalSrcOrDst(true, false) From f21e7f1e90223396df57a27576db83d0d085d358 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 08:59:59 +0300 Subject: [PATCH 28/38] lint --- pkg/vpcmodel/groupingGraphical.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index e9cd54b5c..0efc1e441 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -20,21 +20,21 @@ import ( // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { // 1. Get a map from external endpoints to their IPs - eeToIpBlock := getMapToGroupedExternalBlocks(g.config, g.GroupedLines) + eeToIPBlock := getMapToGroupedExternalBlocks(g.config, g.GroupedLines) // 2. Check for containment - containedMap := findContainEndpointMap(eeToIpBlock) + containedMap := findContainEndpointMap(eeToIPBlock) // 3. Add edges g.addEdgesOfContainingEPs(containedMap) } // gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock -func getMapToGroupedExternalBlocks(config *VPCConfig, grouped []*groupedConnLine) (eeToIpBlock map[string]*ipblock.IPBlock) { - eeToIpBlock = map[string]*ipblock.IPBlock{} +func getMapToGroupedExternalBlocks(config *VPCConfig, grouped []*groupedConnLine) (eeToIPBlock map[string]*ipblock.IPBlock) { + eeToIPBlock = map[string]*ipblock.IPBlock{} for _, line := range grouped { - addExternalEndpointToMap(line.Src, config, eeToIpBlock) - addExternalEndpointToMap(line.Dst, config, eeToIpBlock) + addExternalEndpointToMap(line.Src, config, eeToIPBlock) + addExternalEndpointToMap(line.Dst, config, eeToIPBlock) } - return eeToIpBlock + return eeToIPBlock } func addExternalEndpointToMap(ee EndpointElem, config *VPCConfig, endpointsIPBlocks map[string]*ipblock.IPBlock) { @@ -45,10 +45,10 @@ func addExternalEndpointToMap(ee EndpointElem, config *VPCConfig, endpointsIPBlo if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines return } - endpointsIPBlocks[ee.NameForAnalyzerOut(config)] = groupedExternalToIpBlock(ee) + endpointsIPBlocks[ee.NameForAnalyzerOut(config)] = groupedExternalToIPBlock(ee) } -func groupedExternalToIpBlock(ee EndpointElem) *ipblock.IPBlock { +func groupedExternalToIPBlock(ee EndpointElem) *ipblock.IPBlock { // EndpointElem must be of type groupedExternalNodes elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) var res = ipblock.New() From efbabc1bf978aae5b9e3e5cf7b5831f8e2818ea4 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 10:56:01 +0300 Subject: [PATCH 29/38] refactored alg --- pkg/vpcmodel/groupingGraphical.go | 147 ++++++++++++++---------------- 1 file changed, 70 insertions(+), 77 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 0efc1e441..d2f1170f8 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -16,36 +16,51 @@ import ( // 142.0.0.0/16 -> vsi1 // 0.0.0.0/0 -> vsi3 // 142.0.64.0/17 should also be connected to vsi2 and vsi3 -// In order to add missing edges, we go over all the endpoints that present external nodes, and check for containment -// if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 should be added to e1 +// In order to add missing edges, we go over all the endpoints in grouping that present external nodes, and check for containment +// if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 are added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { - // 1. Get a map from external endpoints to their IPs - eeToIPBlock := getMapToGroupedExternalBlocks(g.config, g.GroupedLines) - // 2. Check for containment - containedMap := findContainEndpointMap(eeToIPBlock) - // 3. Add edges + // 1. Gets a map from external endpoints name to their IPs + eeNameToIPBlock := getMapToIps(g.GroupedLines) + // 2. Gets a map from external endpoints name to their endpoint + eeNameToEE := getMapToEPEs(g.GroupedLines) + // 3. Gets a map from external endpoint name to all the endpoint it contains + containedMap := getContainedEndpointMap(eeNameToIPBlock, eeNameToEE) + // 3. Add edges, based on the above map (3) g.addEdgesOfContainingEPs(containedMap) } // gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock -func getMapToGroupedExternalBlocks(config *VPCConfig, grouped []*groupedConnLine) (eeToIPBlock map[string]*ipblock.IPBlock) { +func getMapToIps(grouped []*groupedConnLine) (eeToIPBlock map[string]*ipblock.IPBlock) { eeToIPBlock = map[string]*ipblock.IPBlock{} for _, line := range grouped { - addExternalEndpointToMap(line.Src, config, eeToIPBlock) - addExternalEndpointToMap(line.Dst, config, eeToIPBlock) + addExternalEndpointToMap(line.Src, eeToIPBlock) + addExternalEndpointToMap(line.Dst, eeToIPBlock) } return eeToIPBlock } -func addExternalEndpointToMap(ee EndpointElem, config *VPCConfig, endpointsIPBlocks map[string]*ipblock.IPBlock) { +// gets []*groupedConnLine and returns a map from the string presentation of each endpoint to the endpoint element +func getMapToEPEs(grouped []*groupedConnLine) (eeNameToEE map[string]EndpointElem) { + eeNameToEE = map[string]EndpointElem{} + for _, line := range grouped { + if line.Src.IsExternal() { + eeNameToEE[line.Src.Name()] = line.Src + } else if line.Dst.IsExternal() { + eeNameToEE[line.Dst.Name()] = line.Dst + } + } + return eeNameToEE +} + +func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipblock.IPBlock) { if !ee.IsExternal() { return } - _, ok := endpointsIPBlocks[ee.NameForAnalyzerOut(config)] + _, ok := endpointsIPBlocks[ee.Name()] if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines return } - endpointsIPBlocks[ee.NameForAnalyzerOut(config)] = groupedExternalToIPBlock(ee) + endpointsIPBlocks[ee.Name()] = groupedExternalToIPBlock(ee) } func groupedExternalToIPBlock(ee EndpointElem) *ipblock.IPBlock { @@ -58,86 +73,64 @@ func groupedExternalToIPBlock(ee EndpointElem) *ipblock.IPBlock { return res } -// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that contains it -// (if any) -func findContainEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock) (containedMap map[string][]string) { - containedMap = map[string][]string{} - for containedEP, containedIP := range endpointsIPBlocks { - containingEPs := []string{} - for containingEP, containingIP := range endpointsIPBlocks { - if containingEP == containedEP { +// given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that +// it contained (if any) +func getContainedEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock, + eeNameToEE map[string]EndpointElem) (containedMap map[string][]EndpointElem) { + containedMap = map[string][]EndpointElem{} + for containingEP, containingIP := range endpointsIPBlocks { + containedEPs := []EndpointElem{} + for containedEP, containedIP := range endpointsIPBlocks { + if containedEP == containingEP { continue } if containedIP.ContainedIn(containingIP) { - containingEPs = append(containingEPs, containingEP) + containedEPs = append(containedEPs, eeNameToEE[containedEP]) } } - if len(containingEPs) > 0 { - containedMap[containedEP] = containingEPs + if len(containedEPs) > 0 { + containedMap[containingEP] = containedEPs } } return containedMap } -// given the above containedMap adds edges of containing endpoints -func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]string) { - endpointToLines := g.getEndpointToLines() // auxiliary map between each endpoint element to lines it participates in - // (as src or dst) - for _, toAddEdgesLine := range g.GroupedLines { - g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, true) - g.addEdgesToLine(toAddEdgesLine, endpointToLines, containedMap, false) - } -} - -// creates an auxiliary map between each endpoint element to all the lines it participates in (as src or dst) -func (g *GroupConnLines) getEndpointToLines() (endpointToLines map[string][]*groupedConnLine) { - endpointToLines = map[string][]*groupedConnLine{} +// iterates over all grouped lines, and for each line adds edges implied by it +func (g *GroupConnLines) addEdgesOfContainingEPs(containedMap map[string][]EndpointElem) { for _, line := range g.GroupedLines { - addLineToMap(g.config, endpointToLines, line, true) - addLineToMap(g.config, endpointToLines, line, false) + g.addEdgesImpliedOfLine(line, containedMap) } - return endpointToLines } -func addLineToMap(config *VPCConfig, endpointToLines map[string][]*groupedConnLine, line *groupedConnLine, src bool) { - var name string - if src { - name = line.Src.NameForAnalyzerOut(config) - } else { - name = line.Dst.NameForAnalyzerOut(config) - } - if _, ok := endpointToLines[name]; !ok { - endpointToLines[name] = []*groupedConnLine{} - } - endpointToLines[name] = append(endpointToLines[name], line) -} - -func (g *GroupConnLines) addEdgesToLine(line *groupedConnLine, endpointToLines map[string][]*groupedConnLine, - containedMap map[string][]string, src bool) { - nameToEndpointElem := map[string]EndpointElem{} - for _, line := range g.GroupedLines { - // there could be rewriting with identical values; not an issue complexity wise, not checking this keeps the code simpler - nameToEndpointElem[line.Src.NameForAnalyzerOut(g.config)] = line.Src - nameToEndpointElem[line.Dst.NameForAnalyzerOut(g.config)] = line.Dst +// Given a grouping line - l - if one of its ends - e - is external, adds implied edges to all contained external nodes. +// Specifically, iterates over the contained external nodes of e, and for each such node - c - +// adds a line whose internal endpoint is the same as l and external endpoint is c +func (g *GroupConnLines) addEdgesImpliedOfLine(line *groupedConnLine, containedMap map[string][]EndpointElem) { + srcExternal := line.Src.IsExternal() + dstExternal := line.Dst.IsExternal() + if !srcExternal && !dstExternal { + return } - var addToNodeName string - if src { - addToNodeName = line.Src.NameForAnalyzerOut(g.config) - } else { - addToNodeName = line.Dst.NameForAnalyzerOut(g.config) + var containingNode EndpointElem + switch { + // by design, either src or dst can not be both external + case srcExternal: + containingNode = line.Src + case dstExternal: + containingNode = line.Dst + default: + return } - for _, containedEndpoint := range containedMap[addToNodeName] { - for _, toAddLine := range endpointToLines[containedEndpoint] { - // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" - // end of the edges will always be internal, since "this" edge is not internal. - // Grouping per internal endpoints is done (if requested) after this point - if src { - g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: nameToEndpointElem[addToNodeName], - Dst: toAddLine.Dst, CommonProperties: toAddLine.CommonProperties}) - } else { - g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: toAddLine.Src, - Dst: nameToEndpointElem[addToNodeName], CommonProperties: toAddLine.CommonProperties}) - } + for _, containedExternal := range containedMap[containingNode.Name()] { + // adding edges - namely, lines in grouping. "This" end of the edge is external (by design) and the "other" + // end of the edges will always be internal, since "this" edge is not internal. + // Grouping per internal endpoints is done (if requested) after this point + if srcExternal { + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: containedExternal, + Dst: line.Dst, CommonProperties: line.CommonProperties}) + } else { // dstExternal + g.GroupedLines = append(g.GroupedLines, &groupedConnLine{Src: line.Src, + Dst: containedExternal, CommonProperties: line.CommonProperties}) } } } From 62fc9a11fc11cdaad976f9e82a4c047541b5d231 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 11:47:25 +0300 Subject: [PATCH 30/38] added example yet to complete manually verification --- pkg/ibmvpc/analysis_output_test.go | 10 + ..._grouping_no_lbAbstract_EdgeConsistent.txt | 292 ++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 pkg/ibmvpc/examples/out/analysis_out/iks_config_object_all_vpcs__with_grouping_no_lbAbstract_EdgeConsistent.txt diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index e91b2878c..9024bd26e 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -738,6 +738,16 @@ var tests = []*testfunc.VpcAnalysisTest{ AddConsistencyEdgesExternal: true, Grouping: true, }, + { // todo: finish verifying manually + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "iks_config_object", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.Text, + }, + Grouping: true, + NoLbAbstract: true, + AddConsistencyEdgesExternal: true, + }, } // uncomment the function below to run for updating the expected output diff --git a/pkg/ibmvpc/examples/out/analysis_out/iks_config_object_all_vpcs__with_grouping_no_lbAbstract_EdgeConsistent.txt b/pkg/ibmvpc/examples/out/analysis_out/iks_config_object_all_vpcs__with_grouping_no_lbAbstract_EdgeConsistent.txt new file mode 100644 index 000000000..dc1267e85 --- /dev/null +++ b/pkg/ibmvpc/examples/out/analysis_out/iks_config_object_all_vpcs__with_grouping_no_lbAbstract_EdgeConsistent.txt @@ -0,0 +1,292 @@ +Endpoint connectivity for VPC ky-test-vpc +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +Public Internet (all ranges) => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP src-ports: 443 +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP src-ports: 443 +Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP src-ports: 443 +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +Public Internet 161.26.0.0/16,166.8.0.0/14 => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-clusterid:1[192.168.32.5] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.32.4],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.36.4],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.40.4],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +iks-node[192.168.0.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.0.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.0.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.0.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.0.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.0.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.16.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.16.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.16.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.16.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.16.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.20.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.20.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.20.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.20.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.20.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.24.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.24.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.24.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.24.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.24.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => Public Internet (all ranges) : All Connections +iks-node[192.168.32.4] => Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 : All Connections +iks-node[192.168.32.4] => Public Internet 161.26.0.0/16,166.8.0.0/14 : All Connections +iks-node[192.168.32.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.32.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.32.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.32.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.32.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.32.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => Public Internet (all ranges) : All Connections +iks-node[192.168.36.4] => Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 : All Connections +iks-node[192.168.36.4] => Public Internet 161.26.0.0/16,166.8.0.0/14 : All Connections +iks-node[192.168.36.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.36.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.36.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.36.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.36.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.36.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.4.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.4.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.4.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.4.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.4.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => Public Internet (all ranges) : All Connections +iks-node[192.168.40.4] => Public Internet 1.0.0.0-9.255.255.255,11.0.0.0-100.63.255.255,100.128.0.0-126.255.255.255,128.0.0.0-161.25.255.255,161.27.0.0-166.7.255.255,166.12.0.0-169.253.255.255,169.255.0.0-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0/24,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255 : All Connections +iks-node[192.168.40.4] => Public Internet 161.26.0.0/16,166.8.0.0/14 : All Connections +iks-node[192.168.40.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.40.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.40.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.40.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.40.4] => iks-node[192.168.8.4] : All Connections +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.40.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => iks-clusterid:1[192.168.32.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.32.0-192.168.32.4,192.168.32.6-192.168.35.255] : protocol: TCP,UDP +iks-node[192.168.8.4] => iks-clusterid:1[192.168.36.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.36.6] : protocol: TCP,UDP +iks-node[192.168.8.4] => iks-clusterid:1[192.168.40.5],kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[LB private IP][192.168.40.6] : protocol: TCP,UDP +iks-node[192.168.8.4] => iks-node[192.168.0.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.16.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.20.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.24.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.32.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.36.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.4.4] : All Connections +iks-node[192.168.8.4] => iks-node[192.168.40.4] : All Connections +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] : protocol: TCP,UDP +iks-node[192.168.8.4] => kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] : protocol: TCP,UDP +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.0.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.16.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.20.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.24.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.4.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.0.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.16.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.20.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.24.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.32.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.36.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.4.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.40.4] : protocol: TCP,UDP dst-ports: 30000-32767 +kube-clusterid:1-8fdd1d0a2ce34deba99d0f885451b1ca[Potential LB private IP][192.168.8.0/22] => iks-node[192.168.8.4] : protocol: TCP,UDP dst-ports: 30000-32767 From 59e4cbdbe8f8bc133a36075ff5356e423d7bc754 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 12:29:21 +0300 Subject: [PATCH 31/38] test verified manually --- pkg/ibmvpc/analysis_output_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 9024bd26e..4308af8eb 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -738,7 +738,7 @@ var tests = []*testfunc.VpcAnalysisTest{ AddConsistencyEdgesExternal: true, Grouping: true, }, - { // todo: finish verifying manually + { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "iks_config_object", UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, From 7dc07d8e2395e18d044ab4d39d04b74300dfa044 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 13:51:48 +0300 Subject: [PATCH 32/38] added html test --- pkg/ibmvpc/analysis_output_test.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 4308af8eb..6050af548 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -748,6 +748,16 @@ var tests = []*testfunc.VpcAnalysisTest{ NoLbAbstract: true, AddConsistencyEdgesExternal: true, }, + { + VpcTestCommon: testfunc.VpcTestCommon{ + InputConfig: "iks_config_object", + UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, + Format: vpcmodel.HTML, + }, + Grouping: true, + NoLbAbstract: true, + AddConsistencyEdgesExternal: true, + }, } // uncomment the function below to run for updating the expected output From 8b6cd6f0b6e0e470f45b2acabaeaa5b193c513e1 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 16:01:34 +0300 Subject: [PATCH 33/38] CR: merge grouping and consistencyEdges parms --- cmd/analyzer/subcmds/analysis.go | 18 +++- .../analysis_output_test_functionality.go | 7 +- .../testfunc/common_test_functionality.go | 20 ++-- .../testfunc/explain_test_functionality.go | 2 +- .../semantic_diff_test_functionality.go | 5 +- pkg/ibmvpc/analysis_output_test.go | 99 +++++++++---------- pkg/ibmvpc/connectivityAnalysis_test.go | 4 +- pkg/ibmvpc/explainability_test.go | 4 +- pkg/ibmvpc/groupingUnification_test.go | 4 +- pkg/ibmvpc/synthesis_output_test.go | 4 +- pkg/linter/linterExecute.go | 3 +- pkg/vpcmodel/explainabilityConnectivity.go | 2 +- pkg/vpcmodel/grouping.go | 20 +++- pkg/vpcmodel/nodesConnectivity.go | 5 +- pkg/vpcmodel/output.go | 15 ++- pkg/vpcmodel/semanticDiff.go | 4 +- pkg/vpcmodel/subnetsConnectivity.go | 5 +- 17 files changed, 120 insertions(+), 101 deletions(-) diff --git a/cmd/analyzer/subcmds/analysis.go b/cmd/analyzer/subcmds/analysis.go index f04ebe1ca..dba5b5b4f 100644 --- a/cmd/analyzer/subcmds/analysis.go +++ b/cmd/analyzer/subcmds/analysis.go @@ -9,6 +9,7 @@ package subcmds import ( "errors" "fmt" + "slices" "github.com/spf13/cobra" @@ -79,11 +80,24 @@ func analysisVPCConfigs(cmd *cobra.Command, inArgs *inArgs, analysisType vpcmode return err } outFormat := inArgs.outputFormat.ToModelFormat() + consistencyEdgesExternal := slices.Contains([]vpcmodel.OutFormat{vpcmodel.DRAWIO, vpcmodel.SVG, vpcmodel.HTML}, + outFormat) + var groupingType int + switch { + case !inArgs.grouping && !consistencyEdgesExternal: + groupingType = vpcmodel.NoGroupingNoConsistencyEdges + case !inArgs.grouping && consistencyEdgesExternal: + groupingType = vpcmodel.NoGroupingWithConsistencyEdges + case inArgs.grouping && !consistencyEdgesExternal: + groupingType = vpcmodel.GroupingNoConsistencyEdges + default: + groupingType = vpcmodel.GroupingWithConsistencyEdges + } og, err := vpcmodel.NewOutputGenerator(vpcConfigs, - inArgs.grouping, + groupingType, analysisType, false, - inArgs.explanationArgs, outFormat, inArgs.lbAbstraction, false) + inArgs.explanationArgs, outFormat, inArgs.lbAbstraction) if err != nil { return err } diff --git a/pkg/commonvpc/testfunc/analysis_output_test_functionality.go b/pkg/commonvpc/testfunc/analysis_output_test_functionality.go index ad0de395f..2acae47bb 100644 --- a/pkg/commonvpc/testfunc/analysis_output_test_functionality.go +++ b/pkg/commonvpc/testfunc/analysis_output_test_functionality.go @@ -15,9 +15,8 @@ import ( type VpcAnalysisTest struct { VpcTestCommon - Grouping bool - NoLbAbstract bool - AddConsistencyEdgesExternal bool + GroupingType int + NoLbAbstract bool } func (tt *VpcAnalysisTest) TestAnalysisSingleTest(t *testing.T, mode testMode, rc commonvpc.ResourcesContainer, testDir, testName string) { @@ -25,6 +24,6 @@ func (tt *VpcAnalysisTest) TestAnalysisSingleTest(t *testing.T, mode testMode, r tt.setMode(mode) t.Run(tt.Name, func(t *testing.T) { t.Parallel() - tt.runSingleCommonTest(t, testDir, rc, tt.Grouping, tt.NoLbAbstract, nil, tt.AddConsistencyEdgesExternal) + tt.runSingleCommonTest(t, testDir, rc, tt.GroupingType, tt.NoLbAbstract, nil) }) } diff --git a/pkg/commonvpc/testfunc/common_test_functionality.go b/pkg/commonvpc/testfunc/common_test_functionality.go index 6d29cc82d..a7e567df1 100644 --- a/pkg/commonvpc/testfunc/common_test_functionality.go +++ b/pkg/commonvpc/testfunc/common_test_functionality.go @@ -197,20 +197,24 @@ func (tt *VpcTestCommon) runTestPerUseCase(t *testing.T, uc vpcmodel.OutputUseCase, mode testMode, outDir string, - grouping, noLbAbstract bool, - explanationArgs *vpcmodel.ExplanationArgs, - addConsistencyEdgesExternal bool) error { + groupingType int, + noLbAbstract bool, + explanationArgs *vpcmodel.ExplanationArgs) error { detailExplain := false if explanationArgs != nil { detailExplain = explanationArgs.Detail } allVpcs := len(tt.VpcList) == 0 + grouping := groupingType == vpcmodel.GroupingNoConsistencyEdges || + groupingType == vpcmodel.GroupingWithConsistencyEdges + addConsistencyEdgesExternal := groupingType == vpcmodel.NoGroupingWithConsistencyEdges || + groupingType == vpcmodel.GroupingWithConsistencyEdges if err := tt.initTestFileNames(uc, "", allVpcs, detailExplain, outDir, grouping, noLbAbstract, addConsistencyEdgesExternal); err != nil { return err } - og, err := vpcmodel.NewOutputGenerator(cConfigs, grouping, uc, tt.Format == vpcmodel.ARCHDRAWIO, - explanationArgs, tt.Format, !noLbAbstract, addConsistencyEdgesExternal) + og, err := vpcmodel.NewOutputGenerator(cConfigs, groupingType, uc, tt.Format == vpcmodel.ARCHDRAWIO, + explanationArgs, tt.Format, !noLbAbstract) if err != nil { return err } @@ -334,7 +338,7 @@ func (tt *VpcTestCommon) setMode(mode testMode) { } func (tt *VpcTestCommon) runSingleCommonTest(t *testing.T, testDir string, rc commonvpc.ResourcesContainer, - grouping, noLbAbstract bool, explanationArgs *vpcmodel.ExplanationArgs, addConsistencyEdgesExternal bool) { + groupingType int, noLbAbstract bool, explanationArgs *vpcmodel.ExplanationArgs) { // init test - set the input/output file names according to test name tt.initTest() @@ -343,8 +347,8 @@ func (tt *VpcTestCommon) runSingleCommonTest(t *testing.T, testDir string, rc co // generate actual output for all use cases specified for this test for _, uc := range tt.UseCases { - err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, grouping, noLbAbstract, - explanationArgs, addConsistencyEdgesExternal) + err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, groupingType, noLbAbstract, + explanationArgs) require.Equal(t, tt.ErrPerUseCase[uc], err, "comparing actual err to expected err") } for uc, outFile := range tt.ActualOutput { diff --git a/pkg/commonvpc/testfunc/explain_test_functionality.go b/pkg/commonvpc/testfunc/explain_test_functionality.go index 86d49e63f..f7b4a1c56 100644 --- a/pkg/commonvpc/testfunc/explain_test_functionality.go +++ b/pkg/commonvpc/testfunc/explain_test_functionality.go @@ -42,6 +42,6 @@ func (tt *VpcExplainTest) TestSingleExplain(t *testing.T, mode testMode, rc comm tt.Format = vpcmodel.Text t.Run(tt.Name, func(t *testing.T) { t.Parallel() - tt.runSingleCommonTest(t, explainOut, rc, false, false, explanationArgs, false) + tt.runSingleCommonTest(t, explainOut, rc, vpcmodel.NoGroupingNoConsistencyEdges, false, explanationArgs) }) } diff --git a/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go b/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go index 7016757af..a696cdf07 100644 --- a/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go +++ b/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go @@ -9,6 +9,7 @@ package testfunc import ( _ "embed" "fmt" + "github.com/np-guard/vpc-network-config-analyzer/pkg/vpcmodel" "testing" "github.com/stretchr/testify/require" @@ -44,8 +45,8 @@ func (tt *VpcDiffTest) runDiffSingleTest(t *testing.T, testDir string, rc common // generate actual output for all use cases specified for this test for _, uc := range tt.UseCases { - err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, false, false, - nil, false) + err := tt.runTestPerUseCase(t, vpcConfigs, uc, tt.Mode, testDir, vpcmodel.NoGroupingNoConsistencyEdges, false, + nil) require.Equal(t, tt.ErrPerUseCase[uc], err, "comparing diff's actual err to expected err") } for uc, outFile := range tt.ActualOutput { diff --git a/pkg/ibmvpc/analysis_output_test.go b/pkg/ibmvpc/analysis_output_test.go index 6050af548..435c2a673 100644 --- a/pkg/ibmvpc/analysis_output_test.go +++ b/pkg/ibmvpc/analysis_output_test.go @@ -60,7 +60,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -68,7 +68,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // batch1: cover all use-cases, with text output Format , no Grouping { @@ -92,7 +92,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -100,7 +100,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -138,7 +138,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -146,7 +146,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // respond enabled only on part of the TCP connection { @@ -155,7 +155,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -163,7 +163,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // batch2.5: only vsi-level use-case, with Grouping , drawio Format @@ -173,7 +173,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -181,7 +181,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -189,7 +189,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -197,7 +197,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -205,7 +205,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, //batch3: only vsi-level use-case, no Grouping, with md output formats @@ -279,7 +279,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // iks-nodes example // iks_config_object example has three SG, one of them two targets - a pgw and a LB. @@ -295,7 +295,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -303,7 +303,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, // json examples @@ -403,7 +403,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { @@ -427,7 +427,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // multivpc drawio: { @@ -443,7 +443,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -458,7 +458,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // resource group filtering example // ete-storage-project and ete-backup-and-storage vpcs expected to be filtered out @@ -488,7 +488,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -496,7 +496,6 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.DRAWIO, }, - Grouping: false, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -504,7 +503,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -512,7 +511,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.ARCHSVG, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // commented until https://github.com/np-guard/vpc-network-config-analyzer/issues/847 is fixed // { @@ -528,7 +527,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -536,7 +535,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -545,7 +544,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.DRAWIO, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, // LB examples: @@ -555,7 +554,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -570,7 +569,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -578,7 +577,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -586,7 +585,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints, vpcmodel.AllSubnets}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -595,7 +594,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -603,7 +602,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -642,7 +641,6 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: false, NoLbAbstract: true, }, { @@ -651,7 +649,6 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: false, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -659,7 +656,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -668,7 +665,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -676,7 +673,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, NoLbAbstract: true, }, { @@ -685,7 +682,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -693,7 +690,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -701,7 +698,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, // tests for AddConsistencyEdgesExternal { @@ -710,7 +707,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - AddConsistencyEdgesExternal: true, + GroupingType: vpcmodel.NoGroupingWithConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -718,7 +715,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - AddConsistencyEdgesExternal: true, + GroupingType: vpcmodel.NoGroupingWithConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -726,8 +723,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - AddConsistencyEdgesExternal: true, - Grouping: true, + GroupingType: vpcmodel.GroupingWithConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -735,8 +731,7 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - AddConsistencyEdgesExternal: true, - Grouping: true, + GroupingType: vpcmodel.GroupingWithConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -744,9 +739,8 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.Text, }, - Grouping: true, - NoLbAbstract: true, - AddConsistencyEdgesExternal: true, + GroupingType: vpcmodel.GroupingWithConsistencyEdges, + NoLbAbstract: true, }, { VpcTestCommon: testfunc.VpcTestCommon{ @@ -754,9 +748,8 @@ var tests = []*testfunc.VpcAnalysisTest{ UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllEndpoints}, Format: vpcmodel.HTML, }, - Grouping: true, - NoLbAbstract: true, - AddConsistencyEdgesExternal: true, + GroupingType: vpcmodel.GroupingWithConsistencyEdges, + NoLbAbstract: true, }, } diff --git a/pkg/ibmvpc/connectivityAnalysis_test.go b/pkg/ibmvpc/connectivityAnalysis_test.go index 7a8c43e29..1f341b2e0 100644 --- a/pkg/ibmvpc/connectivityAnalysis_test.go +++ b/pkg/ibmvpc/connectivityAnalysis_test.go @@ -196,7 +196,7 @@ func TestAnalyzeConnectivity4(t *testing.T) { func runConnectivityTest(t *testing.T, tc *testNodesConfig, ncList []*naclConfig, expectedStrResult string) { c := createConfigFromTestConfig(tc, ncList) - connectivity, err := c.GetVPCNetworkConnectivity(false, false, false) + connectivity, err := c.GetVPCNetworkConnectivity(false, vpcmodel.NoGroupingNoConsistencyEdges) require.Nil(t, err) connectivityStr := connectivity.String() fmt.Println(connectivityStr) @@ -372,7 +372,7 @@ vsi-2[10.240.20.4] => vsi-1[10.240.10.4] : All Connections */ func TestAnalyzeConnectivity(t *testing.T) { c := NewSimpleVPCConfig() - connectivity, err := c.GetVPCNetworkConnectivity(false, false, false) + connectivity, err := c.GetVPCNetworkConnectivity(false, vpcmodel.NoGroupingNoConsistencyEdges) require.Nil(t, err) connectivityStr := connectivity.String() fmt.Println(connectivityStr) diff --git a/pkg/ibmvpc/explainability_test.go b/pkg/ibmvpc/explainability_test.go index a4ff1ca51..1a7666584 100644 --- a/pkg/ibmvpc/explainability_test.go +++ b/pkg/ibmvpc/explainability_test.go @@ -966,7 +966,7 @@ func TestMultiExplainSanity1(t *testing.T) { groupedConns := make(map[string]*vpcmodel.GroupConnLines) nodesConn := make(map[string]*vpcmodel.VPCConnectivity) for i, vpcConfig := range vpcsConfig.Configs() { - thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, false, false) + thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, vpcmodel.NoGroupingNoConsistencyEdges) if err != nil { fmt.Printf("%v. %s", i, err.Error()) } @@ -990,7 +990,7 @@ func TestMultiExplainSanity2(t *testing.T) { groupedConns := make(map[string]*vpcmodel.GroupConnLines) nodesConn := make(map[string]*vpcmodel.VPCConnectivity) for i, vpcConfig := range vpcsConfig.Configs() { - thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, false, false) + thisConn, err := vpcConfig.GetVPCNetworkConnectivity(false, vpcmodel.NoGroupingNoConsistencyEdges) if err != nil { fmt.Printf("%v. %s", i, err.Error()) } diff --git a/pkg/ibmvpc/groupingUnification_test.go b/pkg/ibmvpc/groupingUnification_test.go index bbcfa3bf5..3e65bb290 100644 --- a/pkg/ibmvpc/groupingUnification_test.go +++ b/pkg/ibmvpc/groupingUnification_test.go @@ -19,8 +19,8 @@ func TestGroupingUnification(t *testing.T) { vpcConfigMultiVpc := getConfig(t, "iks_workers_large") require.NotNil(t, vpcConfigMultiVpc, "vpcConfigMultiVpc equals nil") - og, err := vpcmodel.NewOutputGenerator(vpcConfigMultiVpc, true, - vpcmodel.AllEndpoints, false, nil, vpcmodel.DRAWIO, true, false) + og, err := vpcmodel.NewOutputGenerator(vpcConfigMultiVpc, vpcmodel.GroupingNoConsistencyEdges, + vpcmodel.AllEndpoints, false, nil, vpcmodel.DRAWIO, true) if err != nil { fmt.Println(err.Error()) } diff --git a/pkg/ibmvpc/synthesis_output_test.go b/pkg/ibmvpc/synthesis_output_test.go index ae0016591..18249d908 100644 --- a/pkg/ibmvpc/synthesis_output_test.go +++ b/pkg/ibmvpc/synthesis_output_test.go @@ -54,14 +54,14 @@ var synthesisTests = []*testfunc.VpcAnalysisTest{ InputConfig: "acl_testing5", UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, { VpcTestCommon: testfunc.VpcTestCommon{ InputConfig: "subnet_grouping", UseCases: []vpcmodel.OutputUseCase{vpcmodel.AllSubnets}, }, - Grouping: true, + GroupingType: vpcmodel.GroupingNoConsistencyEdges, }, } diff --git a/pkg/linter/linterExecute.go b/pkg/linter/linterExecute.go index fe897f938..d2bce589e 100644 --- a/pkg/linter/linterExecute.go +++ b/pkg/linter/linterExecute.go @@ -56,7 +56,8 @@ func generateLinters(configs map[string]*vpcmodel.VPCConfig, nodeConn map[string func computeConnectivity(configs map[string]*vpcmodel.VPCConfig) (map[string]*vpcmodel.VPCConnectivity, error) { nodesConn := map[string]*vpcmodel.VPCConnectivity{} for uid, vpcConfig := range configs { - nodesConnThisCfg, err := vpcConfig.GetVPCNetworkConnectivity(false, true, false) + nodesConnThisCfg, err := vpcConfig.GetVPCNetworkConnectivity(true, + vpcmodel.NoGroupingNoConsistencyEdges) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/explainabilityConnectivity.go b/pkg/vpcmodel/explainabilityConnectivity.go index afb7bec39..6ed5e6d9d 100644 --- a/pkg/vpcmodel/explainabilityConnectivity.go +++ b/pkg/vpcmodel/explainabilityConnectivity.go @@ -101,7 +101,7 @@ func (c *MultipleVPCConfigs) ExplainConnectivity(src, dst string, connQuery *con // No VPCConfig to work with in this case, thus, this case is treated separately return &Explanation{connQuery: connQuery, src: src, dst: dst, srcNodes: srcNodes, dstNodes: dstNodes}, nil } - connectivity, err1 := vpcConfig.GetVPCNetworkConnectivity(false, false, false) // computes connectivity + connectivity, err1 := vpcConfig.GetVPCNetworkConnectivity(false, NoGroupingNoConsistencyEdges) // computes connectivity if err1 != nil { return nil, err1 } diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index 573a51f88..413291152 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -19,6 +19,13 @@ import ( const commaSeparator = "," +const ( + NoGroupingNoConsistencyEdges = iota + NoGroupingWithConsistencyEdges + GroupingNoConsistencyEdges + GroupingWithConsistencyEdges +) + // for each line here can group list of external nodes to cidrs list as of one element // groupedNodesInfo contains the list of nodes to be grouped and their common connection properties type groupingConnections map[EndpointElem]map[string]*groupedExternalNodesInfo @@ -81,22 +88,22 @@ func newGroupingConnections() *groupingConnections { } func newGroupConnLines(c *VPCConfig, v *VPCConnectivity, - grouping, addConsistencyEdgesExternal bool) (res *GroupConnLines, err error) { + groupingType int) (res *GroupConnLines, err error) { res = &GroupConnLines{config: c, nodesConn: v, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err = res.computeGrouping(true, grouping, addConsistencyEdgesExternal) + err = res.computeGrouping(true, groupingType) return res, err } func newGroupConnLinesSubnetConnectivity(c *VPCConfig, s *VPCsubnetConnectivity, - grouping, addConsistencyEdgesExternal bool) (res *GroupConnLines, err error) { + groupingType int) (res *GroupConnLines, err error) { res = &GroupConnLines{config: c, subnetsConn: s, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections(), cacheGrouped: newCacheGroupedElements()} - err = res.computeGrouping(false, grouping, addConsistencyEdgesExternal) + err = res.computeGrouping(false, groupingType) return res, err } @@ -571,7 +578,10 @@ func unifiedGroupedElems(srcOrDst EndpointElem, // computeGrouping does the grouping; for vsis (all_endpoints analysis) // if vsi = true otherwise for subnets (all_subnets analysis) // external endpoints are always grouped; vsis/subnets are grouped iff grouping is true -func (g *GroupConnLines) computeGrouping(vsi, grouping, addConsistencyEdgesExternal bool) (err error) { +func (g *GroupConnLines) computeGrouping(vsi bool, groupingType int) (err error) { + addConsistencyEdgesExternal := groupingType == NoGroupingWithConsistencyEdges || + groupingType == GroupingWithConsistencyEdges + grouping := groupingType == GroupingNoConsistencyEdges || groupingType == GroupingWithConsistencyEdges err = g.groupExternalAddresses(vsi, addConsistencyEdgesExternal) if err != nil { return err diff --git a/pkg/vpcmodel/nodesConnectivity.go b/pkg/vpcmodel/nodesConnectivity.go index 68621ed93..a75cb4373 100644 --- a/pkg/vpcmodel/nodesConnectivity.go +++ b/pkg/vpcmodel/nodesConnectivity.go @@ -22,8 +22,7 @@ import ( // (3) compute AllowedConnsCombinedResponsive extension of AllowedConnsCombined to contain accurate responsive info // (4) if lbAbstraction required - abstract each lb separately // (5) if grouping required - compute grouping of connectivity results -func (c *VPCConfig) GetVPCNetworkConnectivity(grouping, lbAbstraction, - addConsistencyEdgesExternal bool) (res *VPCConnectivity, err error) { +func (c *VPCConfig) GetVPCNetworkConnectivity(lbAbstraction bool, groupingType int) (res *VPCConnectivity, err error) { res = &VPCConnectivity{ AllowedConnsPerLayer: map[Node]map[string]*ConnectivityResult{}, } @@ -66,7 +65,7 @@ func (c *VPCConfig) GetVPCNetworkConnectivity(grouping, lbAbstraction, return nil, err3 } res.abstractLoadBalancers(c.LoadBalancers, lbAbstraction) - res.GroupedConnectivity, err = newGroupConnLines(c, res, grouping, addConsistencyEdgesExternal) + res.GroupedConnectivity, err = newGroupConnLines(c, res, groupingType) return res, err } diff --git a/pkg/vpcmodel/output.go b/pkg/vpcmodel/output.go index 8e9864dac..d0795d8fe 100644 --- a/pkg/vpcmodel/output.go +++ b/pkg/vpcmodel/output.go @@ -62,7 +62,7 @@ const ( // the functionality to generate the analysis output in various formats, for that vpc type OutputGenerator struct { configs *MultipleVPCConfigs - outputGrouping bool + outputGrouping bool // todo: is this needed??? (SM) lbAbstraction bool useCase OutputUseCase nodesConn map[string]*VPCConnectivity @@ -72,25 +72,24 @@ type OutputGenerator struct { detailExplain bool } -func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUseCase, - archOnly bool, explanationArgs *ExplanationArgs, f OutFormat, lbAbstraction, - addConsistencyEdgesExternal bool) (*OutputGenerator, error) { // addConsistencyEdgesExternal is for testing +func NewOutputGenerator(cConfigs *MultipleVPCConfigs, groupingType int, uc OutputUseCase, + archOnly bool, explanationArgs *ExplanationArgs, f OutFormat, + lbAbstraction bool) (*OutputGenerator, error) { res := &OutputGenerator{ configs: cConfigs, - outputGrouping: grouping, + outputGrouping: groupingType == GroupingWithConsistencyEdges || groupingType == GroupingNoConsistencyEdges, lbAbstraction: lbAbstraction, useCase: uc, nodesConn: map[string]*VPCConnectivity{}, subnetsConn: map[string]*VPCsubnetConnectivity{}, } graphicFormat := slices.Contains([]OutFormat{DRAWIO, ARCHDRAWIO, SVG, ARCHSVG, HTML, ARCHHTML}, f) - consistencyEdgesExternal := slices.Contains([]OutFormat{DRAWIO, SVG, HTML}, f) || addConsistencyEdgesExternal archOnlyFormat := slices.Contains([]OutFormat{ARCHDRAWIO, ARCHSVG, ARCHHTML}, f) if !archOnlyFormat { switch uc { case AllEndpoints: for i, vpcConfig := range cConfigs.Configs() { - nodesConn, err := vpcConfig.GetVPCNetworkConnectivity(grouping, res.lbAbstraction, consistencyEdgesExternal) + nodesConn, err := vpcConfig.GetVPCNetworkConnectivity(res.lbAbstraction, groupingType) if err != nil { return nil, err } @@ -98,7 +97,7 @@ func NewOutputGenerator(cConfigs *MultipleVPCConfigs, grouping bool, uc OutputUs } case AllSubnets: for i, vpcConfig := range cConfigs.Configs() { - subnetsConn, err := vpcConfig.GetSubnetsConnectivity(true, grouping, consistencyEdgesExternal) + subnetsConn, err := vpcConfig.GetSubnetsConnectivity(true, groupingType) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 23166004a..fadf31db6 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -118,13 +118,13 @@ func (configs configsForDiff) GetDiff() (*diffBetweenCfgs, error) { func (c *VPCConfig) getAllowedResponsiveConnections( diffAnalysis diffAnalysisType) (responsiveConnectivityMap GeneralResponsiveConnectivityMap, err error) { if diffAnalysis == Subnets { - subnetsConn, err := c.GetSubnetsConnectivity(true, false, false) + subnetsConn, err := c.GetSubnetsConnectivity(true, NoGroupingNoConsistencyEdges) if err != nil { return nil, err } return subnetsConn.AllowedConnsCombinedResponsive, err } else if diffAnalysis == Vsis { - connectivity1, err := c.GetVPCNetworkConnectivity(false, false, false) + connectivity1, err := c.GetVPCNetworkConnectivity(false, NoGroupingNoConsistencyEdges) if err != nil { return nil, err } diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 45c195897..0a420e9ad 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -172,8 +172,7 @@ func getSubnetsWithPGW(c *VPCConfig) map[string]bool { } // the main function to compute connectivity per subnet based on resources that capture subnets, such as nacl, pgw, tgw, routing-tables -func (c *VPCConfig) GetSubnetsConnectivity(includePGW, grouping, - addConsistencyEdgesExternal bool) (*VPCsubnetConnectivity, error) { +func (c *VPCConfig) GetSubnetsConnectivity(includePGW bool, groupingType int) (*VPCsubnetConnectivity, error) { var subnetsConnectivityFromACLresources map[string]*IPbasedConnectivityResult var err error for _, fl := range c.FilterResources { @@ -226,7 +225,7 @@ func (c *VPCConfig) GetSubnetsConnectivity(includePGW, grouping, return nil, err4 } - groupedConnectivity, err5 := newGroupConnLinesSubnetConnectivity(c, res, grouping, addConsistencyEdgesExternal) + groupedConnectivity, err5 := newGroupConnLinesSubnetConnectivity(c, res, groupingType) if err5 != nil { return nil, err5 } From bd4b85df402d17675f0c396cd73ee4529aa09113 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 16:06:41 +0300 Subject: [PATCH 34/38] lint --- pkg/commonvpc/testfunc/semantic_diff_test_functionality.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go b/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go index a696cdf07..60f556226 100644 --- a/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go +++ b/pkg/commonvpc/testfunc/semantic_diff_test_functionality.go @@ -9,12 +9,12 @@ package testfunc import ( _ "embed" "fmt" - "github.com/np-guard/vpc-network-config-analyzer/pkg/vpcmodel" "testing" "github.com/stretchr/testify/require" "github.com/np-guard/vpc-network-config-analyzer/pkg/commonvpc" + "github.com/np-guard/vpc-network-config-analyzer/pkg/vpcmodel" ) const secJSONOutSuffix = "_2nd.json" From 448944d1a08c35981a784897b2bc1016d24aba78 Mon Sep 17 00:00:00 2001 From: ShiriMoran <139739065+ShiriMoran@users.noreply.github.com> Date: Wed, 9 Oct 2024 16:07:50 +0300 Subject: [PATCH 35/38] Update pkg/vpcmodel/groupingGraphical.go Co-authored-by: Ziv Nevo <79099626+zivnevo@users.noreply.github.com> --- pkg/vpcmodel/groupingGraphical.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index d2f1170f8..36dbc4a33 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -15,7 +15,7 @@ import ( // 142.0.64.0/17 ->vsi2 // 142.0.0.0/16 -> vsi1 // 0.0.0.0/0 -> vsi3 -// 142.0.64.0/17 should also be connected to vsi2 and vsi3 +// 142.0.64.0/17 should also be connected to vsi1 and vsi3 // In order to add missing edges, we go over all the endpoints in grouping that present external nodes, and check for containment // if external endpoint e1 is contained in external end point e2 then all the "edges" of e2 are added to e1 func (g *GroupConnLines) consistencyEdgesExternal() { From aafaeac9d054ec17642dbcb8cb198aee252ea79f Mon Sep 17 00:00:00 2001 From: ShiriMoran <139739065+ShiriMoran@users.noreply.github.com> Date: Wed, 9 Oct 2024 16:08:15 +0300 Subject: [PATCH 36/38] Update pkg/vpcmodel/groupingGraphical.go Co-authored-by: Ziv Nevo <79099626+zivnevo@users.noreply.github.com> --- pkg/vpcmodel/groupingGraphical.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index 36dbc4a33..42691bc0b 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -25,7 +25,7 @@ func (g *GroupConnLines) consistencyEdgesExternal() { eeNameToEE := getMapToEPEs(g.GroupedLines) // 3. Gets a map from external endpoint name to all the endpoint it contains containedMap := getContainedEndpointMap(eeNameToIPBlock, eeNameToEE) - // 3. Add edges, based on the above map (3) + // 4. Add edges, based on the above map (3) g.addEdgesOfContainingEPs(containedMap) } From 9137aafde3c77cefee4967c7e5b0819bcee3e9a3 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 16:12:40 +0300 Subject: [PATCH 37/38] CR --- pkg/vpcmodel/groupingGraphical.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index d2f1170f8..d35475a48 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -30,8 +30,8 @@ func (g *GroupConnLines) consistencyEdgesExternal() { } // gets []*groupedConnLine and returns a map from the string presentation of each endpoint to its ipBlock -func getMapToIps(grouped []*groupedConnLine) (eeToIPBlock map[string]*ipblock.IPBlock) { - eeToIPBlock = map[string]*ipblock.IPBlock{} +func getMapToIps(grouped []*groupedConnLine) map[string]*ipblock.IPBlock { + eeToIPBlock := map[string]*ipblock.IPBlock{} for _, line := range grouped { addExternalEndpointToMap(line.Src, eeToIPBlock) addExternalEndpointToMap(line.Dst, eeToIPBlock) @@ -40,8 +40,8 @@ func getMapToIps(grouped []*groupedConnLine) (eeToIPBlock map[string]*ipblock.IP } // gets []*groupedConnLine and returns a map from the string presentation of each endpoint to the endpoint element -func getMapToEPEs(grouped []*groupedConnLine) (eeNameToEE map[string]EndpointElem) { - eeNameToEE = map[string]EndpointElem{} +func getMapToEPEs(grouped []*groupedConnLine) map[string]EndpointElem { + eeNameToEE := map[string]EndpointElem{} for _, line := range grouped { if line.Src.IsExternal() { eeNameToEE[line.Src.Name()] = line.Src @@ -76,8 +76,8 @@ func groupedExternalToIPBlock(ee EndpointElem) *ipblock.IPBlock { // given a map from external endpoints to their IPs returns a map from each endpoint to the endpoints that // it contained (if any) func getContainedEndpointMap(endpointsIPBlocks map[string]*ipblock.IPBlock, - eeNameToEE map[string]EndpointElem) (containedMap map[string][]EndpointElem) { - containedMap = map[string][]EndpointElem{} + eeNameToEE map[string]EndpointElem) map[string][]EndpointElem { + containedMap := map[string][]EndpointElem{} for containingEP, containingIP := range endpointsIPBlocks { containedEPs := []EndpointElem{} for containedEP, containedIP := range endpointsIPBlocks { From 99ad366c256f032c3b56b042569ab2b50bc8d68a Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 9 Oct 2024 16:17:42 +0300 Subject: [PATCH 38/38] CR --- pkg/vpcmodel/groupingGraphical.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkg/vpcmodel/groupingGraphical.go b/pkg/vpcmodel/groupingGraphical.go index ef5c60fce..16094b502 100644 --- a/pkg/vpcmodel/groupingGraphical.go +++ b/pkg/vpcmodel/groupingGraphical.go @@ -60,14 +60,12 @@ func addExternalEndpointToMap(ee EndpointElem, endpointsIPBlocks map[string]*ipb if ok { // no need to update twice; relevant if the same endpoint is in src and dst of different lines return } - endpointsIPBlocks[ee.Name()] = groupedExternalToIPBlock(ee) + endpointsIPBlocks[ee.Name()] = groupedExternalToIPBlock(ee.(*groupedExternalNodes)) } -func groupedExternalToIPBlock(ee EndpointElem) *ipblock.IPBlock { - // EndpointElem must be of type groupedExternalNodes - elements := []*ExternalNetwork(*ee.(*groupedExternalNodes)) +func groupedExternalToIPBlock(ee *groupedExternalNodes) *ipblock.IPBlock { var res = ipblock.New() - for _, e := range elements { + for _, e := range *ee { res = res.Union(e.ipblock) } return res