connlist

package

v0.2.0 Latest Latest Go to latest Published: May 8, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/np-guard/netpol-analyzer

Links

Open Source Insights

Documentation ¶

Overview ¶

The connlist package of netpol-analyzer allows producing a k8s connectivity report based on network policies. It lists the set of allowed connections between each pair of peers (k8s workloads or ip-blocks). The resources can be extracted from a directory containing YAML manifests, or from a k8s cluster. For more information, see https://github.com/np-guard/netpol-analyzer.

Index ¶

Constants
Variables
func ValidateOutputFormat(format string) error
type ConnlistAnalyzer
- func NewConnlistAnalyzer(options ...ConnlistAnalyzerOption) *ConnlistAnalyzer
type ConnlistAnalyzerOption
type ConnlistError
type Peer2PeerConnection

Constants ¶

View Source

const (
	DefaultFormat = "txt"
	TextFormat    = "txt"
	JSONFormat    = "json"
	DOTFormat     = "dot"
	CSVFormat     = "csv"
	MDFormat      = "md"
)

Variables ¶

View Source

var ValidFormats = []string{TextFormat, JSONFormat, DOTFormat, CSVFormat, MDFormat}

ValidFormats array of possible values of output format

Functions ¶

func ValidateOutputFormat ¶ added in v0.2.0

func ValidateOutputFormat(format string) error

validate the value of the output format

Types ¶

type ConnlistAnalyzer ¶

type ConnlistAnalyzer struct {
	// contains filtered or unexported fields
}

A ConnlistAnalyzer provides API to recursively scan a directory for Kubernetes resources including network policies, and get the list of permitted connectivity between the workloads of the K8s application managed in this directory.

func NewConnlistAnalyzer ¶

func NewConnlistAnalyzer(options ...ConnlistAnalyzerOption) *ConnlistAnalyzer

NewConnlistAnalyzer creates a new instance of ConnlistAnalyzer, and applies the provided functional options.

func (*ConnlistAnalyzer) ConnectionsListToString ¶

func (ca *ConnlistAnalyzer) ConnectionsListToString(conns []Peer2PeerConnection) (string, error)

ConnectionsListToString returns a string of connections from list of Peer2PeerConnection objects in the required output format

func (*ConnlistAnalyzer) ConnlistFromDirPath ¶

func (ca *ConnlistAnalyzer) ConnlistFromDirPath(dirPath string) ([]Peer2PeerConnection, error)

ConnlistFromDirPath returns the allowed connections list from dir path containing k8s resources

func (*ConnlistAnalyzer) ConnlistFromK8sCluster ¶

func (ca *ConnlistAnalyzer) ConnlistFromK8sCluster(clientset *kubernetes.Clientset) ([]Peer2PeerConnection, error)

ConnlistFromK8sCluster returns the allowed connections list from k8s cluster resources

func (*ConnlistAnalyzer) ConnlistFromYAMLManifests ¶

func (ca *ConnlistAnalyzer) ConnlistFromYAMLManifests(manifests []scan.YAMLDocumentIntf) ([]Peer2PeerConnection, error)

ConnlistFromYAMLManifests returns the allowed connections list from input YAML manifests

func (*ConnlistAnalyzer) Errors ¶

func (ca *ConnlistAnalyzer) Errors() []ConnlistError

Errors returns a slice of ConnlistError with all warnings and errors encountered during processing.

type ConnlistAnalyzerOption ¶

type ConnlistAnalyzerOption func(*ConnlistAnalyzer)

ConnlistAnalyzerOption is the type for specifying options for ConnlistAnalyzer, using Golang's Options Pattern (https://golang.cafe/blog/golang-functional-options-pattern.html).

func WithFocusWorkload ¶

func WithFocusWorkload(workload string) ConnlistAnalyzerOption

func WithLogger ¶

func WithLogger(l logger.Logger) ConnlistAnalyzerOption

WithLogger is a functional option which sets the logger for a ConnlistAnalyzer to use. The provided logger must conform with the package's Logger interface.

func WithOutputFormat ¶ added in v0.2.0

func WithOutputFormat(outputFormat string) ConnlistAnalyzerOption

WithOutputFormat is a functional option, allowing user to choose the output format txt/json.

func WithStopOnError ¶

func WithStopOnError() ConnlistAnalyzerOption

WithStopOnError is a functional option which directs ConnlistAnalyzer to stop any processing after the first severe error.

func WithWalkFn ¶

func WithWalkFn(walkFn scan.WalkFunction) ConnlistAnalyzerOption

WithWalkFn is a functional option, allowing user to provide their own dir-scanning function. It is relevant when using ConnlistAnalyzer to analyze connectivity from scanned dir resources.

type ConnlistError ¶ added in v0.1.2

type ConnlistError interface {
	IsFatal() bool
	IsSevere() bool
	Error() error
	Location() string
}

ConnlistError holds information about a single error/warning that occurred during the parsing and connectivity analysis of k8s-app with network policies

type Peer2PeerConnection ¶

type Peer2PeerConnection interface {
	// Src returns the source peer
	Src() eval.Peer
	// Dst returns the destination peer
	Dst() eval.Peer
	// AllProtocolsAndPorts returns true if all ports are allowed for all protocols
	AllProtocolsAndPorts() bool
	// ProtocolsAndPorts returns the set of allowed connections
	ProtocolsAndPorts() map[v1.Protocol][]eval.PortRange
}

Peer2PeerConnection encapsulates the allowed connectivity result between two peers.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL