From 19f9c700d1c36fc16e9475aaa0c41d3049768e65 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Fri, 10 Sep 2021 16:22:11 -0700 Subject: [PATCH 01/10] wip Signed-off-by: Evan Baker Co-authored-by: JungukCho --- npm/cache/npmCache.go | 45 ----------------------- npm/cache/npmCache_test.go | 53 +++++++++++++++++---------- npm/http/server/server.go | 17 ++++++--- npm/ipsm/ipsm.go | 20 ++++------- npm/npm.go | 54 ++++++++++++++-------------- npm/pkg/dataplane/debug/converter.go | 25 ++++++------- npm/podController.go | 9 ++--- 7 files changed, 96 insertions(+), 127 deletions(-) diff --git a/npm/cache/npmCache.go b/npm/cache/npmCache.go index 291bb0e12b..71bdd8ee5f 100644 --- a/npm/cache/npmCache.go +++ b/npm/cache/npmCache.go @@ -1,10 +1,6 @@ package cache import ( - "encoding/json" - "fmt" - "io" - "github.com/Azure/azure-container-networking/npm" "github.com/Azure/azure-container-networking/npm/ipsm" ) @@ -16,44 +12,3 @@ type NPMCache struct { ListMap map[string]*ipsm.Ipset SetMap map[string]*ipsm.Ipset } - -// Decode returns NPMCache object after decoding data. -// TODO(jungukcho): This Decode has tight ordering for decoding data due to dependency with Encode function. -// It needs to find a way of relaxing this strong ordering. -func Decode(reader io.Reader) (*NPMCache, error) { - cache := &NPMCache{} - dec := json.NewDecoder(reader) - - if err := dec.Decode(&cache.Nodename); err != nil { - return nil, fmt.Errorf("failed to decode Nodename : %w", err) - } - - if err := dec.Decode(&cache.NsMap); err != nil { - return nil, fmt.Errorf("failed to decode NsMap : %w", err) - } - - if err := dec.Decode(&cache.PodMap); err != nil { - return nil, fmt.Errorf("failed to decode PodMap : %w", err) - } - - if err := dec.Decode(&cache.ListMap); err != nil { - return nil, fmt.Errorf("failed to decode ListMap : %w", err) - } - - if err := dec.Decode(&cache.SetMap); err != nil { - return nil, fmt.Errorf("failed to decode SetMap : %w", err) - } - - return cache, nil -} - -// Encode returns encoded NPMCache data. -// TODO(jungukcho): This Encode has tight ordering for encoding data due to dependency with Decode function. -// It needs to find a way of relaxing this strong ordering. -func Encode(writer io.Writer, npmEncoder npm.NetworkPolicyManagerEncoder) error { - if err := npmEncoder.Encode(writer); err != nil { - return fmt.Errorf("cannot encode NPMCache %w", err) - } - - return nil -} diff --git a/npm/cache/npmCache_test.go b/npm/cache/npmCache_test.go index 934e5a6258..c436a0d6d7 100644 --- a/npm/cache/npmCache_test.go +++ b/npm/cache/npmCache_test.go @@ -1,21 +1,21 @@ package cache import ( - "bytes" + "encoding/json" "reflect" - "strings" "testing" "time" "github.com/Azure/azure-container-networking/npm" "github.com/Azure/azure-container-networking/npm/ipsm" + "github.com/stretchr/testify/assert" k8sversion "k8s.io/apimachinery/pkg/version" kubeinformers "k8s.io/client-go/informers" k8sfake "k8s.io/client-go/kubernetes/fake" fakeexec "k8s.io/utils/exec/testing" ) -func NPMEncoder(nodeName string) npm.NetworkPolicyManagerEncoder { +func NPMEncoder(nodeName string) *npm.NetworkPolicyManager { noResyncPeriodFunc := func() time.Duration { return 0 } kubeclient := k8sfake.NewSimpleClientset() kubeInformer := kubeinformers.NewSharedInformerFactory(kubeclient, noResyncPeriodFunc()) @@ -27,22 +27,22 @@ func NPMEncoder(nodeName string) npm.NetworkPolicyManagerEncoder { npMgr := npm.NewNetworkPolicyManager(kubeInformer, exec, npmVersion, fakeK8sVersion) npMgr.NodeName = nodeName + return npMgr } func TestDecode(t *testing.T) { - encodedNPMCacheData := "\"nodename\"\n{}\n{}\n{}\n{}\n" - reader := strings.NewReader(encodedNPMCacheData) - decodedNPMCache, err := Decode(reader) - if err != nil { + encodedNPMCacheData := []byte(`{"ListMap":{},"Nodename":"abc","NsMap":{},"PodMap":{},"SetMap":{}}`) + decodedNPMCache := NPMCache{} + if err := json.Unmarshal(encodedNPMCacheData, &decodedNPMCache); err != nil { t.Errorf("failed to decode %s to NPMCache", encodedNPMCacheData) } - expected := &NPMCache{ - Nodename: "nodename", + expected := NPMCache{ + ListMap: make(map[string]*ipsm.Ipset), + Nodename: "abc", NsMap: make(map[string]*npm.Namespace), PodMap: make(map[string]*npm.NpmPod), - ListMap: make(map[string]*ipsm.Ipset), SetMap: make(map[string]*ipsm.Ipset), } @@ -52,16 +52,33 @@ func TestDecode(t *testing.T) { } func TestEncode(t *testing.T) { - nodeName := "nodename" + expect := []byte(`{"ListMap":{},"Nodename":"abc","NsMap":{},"PodMap":{},"SetMap":{}}`) + nodeName := "abc" npmEncoder := NPMEncoder(nodeName) - var buf bytes.Buffer - if err := Encode(&buf, npmEncoder); err != nil { - t.Errorf("failed to encode NPMCache") + npmCacheRaw, err := json.Marshal(npmEncoder) + assert.NoError(t, err) + assert.ElementsMatch(t, expect, npmCacheRaw) +} + +func TestEncodeDecode(t *testing.T) { + npmEncoder := NPMEncoder("abc") + npmCacheRaw, err := json.Marshal(npmEncoder) + assert.NoError(t, err) + + decodedNPMCache := NPMCache{} + if err := json.Unmarshal(npmCacheRaw, &decodedNPMCache); err != nil { + t.Errorf("failed to decode %s to NPMCache", npmCacheRaw) + } + + expected := NPMCache{ + ListMap: make(map[string]*ipsm.Ipset), + Nodename: "abc", + NsMap: make(map[string]*npm.Namespace), + PodMap: make(map[string]*npm.NpmPod), + SetMap: make(map[string]*ipsm.Ipset), } - encodedNPMCache := buf.String() - expected := "\"nodename\"\n{}\n{}\n{}\n{}\n" - if encodedNPMCache != expected { - t.Errorf("got '%+v', expected '%+v'", encodedNPMCache, expected) + if !reflect.DeepEqual(decodedNPMCache, expected) { + t.Errorf("got '%+v', expected '%+v'", decodedNPMCache, expected) } } diff --git a/npm/http/server/server.go b/npm/http/server/server.go index 56706959d9..260d6482c2 100644 --- a/npm/http/server/server.go +++ b/npm/http/server/server.go @@ -1,27 +1,30 @@ package server import ( + "encoding/json" "fmt" "net/http" "net/http/pprof" _ "net/http/pprof" - "github.com/Azure/azure-container-networking/npm/cache" + "github.com/Azure/azure-container-networking/log" npmconfig "github.com/Azure/azure-container-networking/npm/config" + "github.com/Azure/azure-container-networking/npm/http/api" "github.com/Azure/azure-container-networking/npm/metrics" "k8s.io/klog" - "github.com/Azure/azure-container-networking/npm" "github.com/gorilla/mux" ) +var DefaultHTTPListeningAddress = fmt.Sprintf("%s:%s", api.DefaultListeningIP, api.DefaultHttpPort) + type NPMRestServer struct { listeningAddress string router *mux.Router } -func NPMRestServerListenAndServe(config npmconfig.Config, npmEncoder npm.NetworkPolicyManagerEncoder) { +func NPMRestServerListenAndServe(config npmconfig.Config, npmEncoder json.Marshaler) { rs := NPMRestServer{} rs.router = mux.NewRouter() @@ -60,12 +63,16 @@ func NPMRestServerListenAndServe(config npmconfig.Config, npmEncoder npm.Network klog.Errorf("Failed to start NPM HTTP Server with error: %+v", srv.ListenAndServe()) } -func (n *NPMRestServer) npmCacheHandler(npmEncoder npm.NetworkPolicyManagerEncoder) http.Handler { +func (n *NPMRestServer) npmCacheHandler(npmEncoder json.Marshaler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - err := cache.Encode(w, npmEncoder) + b, err := npmEncoder.MarshalJSON() if err != nil { http.Error(w, err.Error(), 500) return } + _, err = w.Write(b) + if err != nil { + log.Errorf("failed to write resp: %w", err) + } }) } diff --git a/npm/ipsm/ipsm.go b/npm/ipsm/ipsm.go index 5e00846e88..66a452ed29 100644 --- a/npm/ipsm/ipsm.go +++ b/npm/ipsm/ipsm.go @@ -75,22 +75,16 @@ func NewIpsetManager(exec utilexec.Interface) *IpsetManager { } } -// Encode encodes listmap and setmap. -// The ordering to encode them is important. -// Do encode listMap first and then setMap. -func (ipsMgr *IpsetManager) Encode(enc *json.Encoder) error { +func (ipsMgr *IpsetManager) MarshalListMapJSON() ([]byte, error) { ipsMgr.Lock() defer ipsMgr.Unlock() + return json.Marshal(ipsMgr.listMap) +} - if err := enc.Encode(ipsMgr.listMap); err != nil { - return fmt.Errorf("failed to encode listMap %w", err) - } - - if err := enc.Encode(ipsMgr.setMap); err != nil { - return fmt.Errorf("failed to encode setMap %w", err) - } - - return nil +func (ipsMgr *IpsetManager) MarshalSetMapJSON() ([]byte, error) { + ipsMgr.Lock() + defer ipsMgr.Unlock() + return json.Marshal(ipsMgr.setMap) } // Exists checks if an element exists in setMap/listMap. diff --git a/npm/npm.go b/npm/npm.go index 74db53e8ec..aa9da7444a 100644 --- a/npm/npm.go +++ b/npm/npm.go @@ -5,7 +5,6 @@ package npm import ( "encoding/json" "fmt" - "io" "os" "sync" "time" @@ -41,8 +40,10 @@ type npmNamespaceCache struct { nsMap map[string]*Namespace // Key is ns- } -type NetworkPolicyManagerEncoder interface { - Encode(writer io.Writer) error +func (n *npmNamespaceCache) MarshalJSON() ([]byte, error) { + n.Lock() + defer n.Unlock() + return json.Marshal(n.nsMap) } // NetworkPolicyManager contains informers for pod, namespace and networkpolicy. @@ -97,39 +98,38 @@ func NewNetworkPolicyManager(informerFactory informers.SharedInformerFactory, ex return npMgr } -func (npMgr *NetworkPolicyManager) encode(enc *json.Encoder) error { - if err := enc.Encode(npMgr.NodeName); err != nil { - return fmt.Errorf("failed to encode nodename %w", err) +func (npMgr *NetworkPolicyManager) MarshalJSON() ([]byte, error) { + m := map[string]json.RawMessage{} + npmNamespaceCacheRaw, err := json.Marshal(npMgr.npmNamespaceCache) + if err != nil { + return nil, err } + m["NsMap"] = npmNamespaceCacheRaw - npMgr.npmNamespaceCache.Lock() - defer npMgr.npmNamespaceCache.Unlock() - if err := enc.Encode(npMgr.npmNamespaceCache.nsMap); err != nil { - return fmt.Errorf("failed to encode npm namespace cache %w", err) + podControllerRaw, err := json.Marshal(npMgr.podController) + if err != nil { + return nil, err } + m["PodMap"] = podControllerRaw - return nil -} - -// Encode returns all information of pod, namespace, ipsm map information. -// TODO(jungukcho): While this approach is beneficial to hold separate lock instead of global lock, -// it has strict ordering limitation between encoding and decoding. -// Will find flexible way by maintaining performance benefit. -func (npMgr *NetworkPolicyManager) Encode(writer io.Writer) error { - enc := json.NewEncoder(writer) - if err := npMgr.encode(enc); err != nil { - return err + listMapRaw, err := npMgr.ipsMgr.MarshalListMapJSON() + if err != nil { + return nil, err } + m["ListMap"] = listMapRaw - if err := npMgr.podController.Encode(enc); err != nil { - return err + setMapRaw, err := npMgr.ipsMgr.MarshalSetMapJSON() + if err != nil { + return nil, err } + m["SetMap"] = setMapRaw - if err := npMgr.ipsMgr.Encode(enc); err != nil { - return fmt.Errorf("failed to encode ipsm cache %w", err) + nodeNameRaw, err := json.Marshal(npMgr.NodeName) + if err != nil { + return nil, err } - - return nil + m["Nodename"] = nodeNameRaw + return json.Marshal(m) } // GetAppVersion returns network policy manager app version diff --git a/npm/pkg/dataplane/debug/converter.go b/npm/pkg/dataplane/debug/converter.go index 81a6ab1151..45c4cb26f0 100644 --- a/npm/pkg/dataplane/debug/converter.go +++ b/npm/pkg/dataplane/debug/converter.go @@ -1,13 +1,13 @@ package dataplane import ( - "bufio" "bytes" "context" + "encoding/json" "fmt" + "io/ioutil" "log" "net/http" - "os" "os/exec" "strconv" "strings" @@ -31,15 +31,13 @@ type Converter struct { // NpmCacheFromFile initialize NPM cache from file. func (c *Converter) NpmCacheFromFile(npmCacheJSONFile string) error { - file, err := os.Open(npmCacheJSONFile) + byteArray, err := ioutil.ReadFile(npmCacheJSONFile) if err != nil { - return fmt.Errorf("failed to open file : %w", err) + return fmt.Errorf("error occurred during reading in file : %w", err) } - - defer file.Close() - c.NPMCache, err = cache.Decode(bufio.NewReader(file)) + err = json.Unmarshal(byteArray, c.NPMCache) if err != nil { - return fmt.Errorf("failed to decode npm cache due to : %w", err) + return fmt.Errorf("error occurred during unmarshalling : %w", err) } return nil } @@ -60,12 +58,15 @@ func (c *Converter) NpmCache() error { return fmt.Errorf("failed to request NPM Cache : %w", err) } defer resp.Body.Close() - - c.NPMCache, err = cache.Decode(resp.Body) + byteArray, err := ioutil.ReadAll(resp.Body) if err != nil { - return fmt.Errorf("cannot decode NPM Cache : %w", err) + return fmt.Errorf("error occurred during reading response's data : %w", err) + } + c.NPMCache = &cache.NPMCache{} + err = json.Unmarshal(byteArray, c.NPMCache) + if err != nil { + return fmt.Errorf("error occurred during unmarshalling : %w", err) } - return nil } diff --git a/npm/podController.go b/npm/podController.go index 958bdb0dad..479c98c2ab 100644 --- a/npm/podController.go +++ b/npm/podController.go @@ -109,15 +109,10 @@ func NewPodController(podInformer coreinformer.PodInformer, ipsMgr *ipsm.IpsetMa return podController } -func (c *podController) Encode(enc *json.Encoder) error { +func (c *podController) MarshalJSON() ([]byte, error) { c.Lock() defer c.Unlock() - - if err := enc.Encode(c.podMap); err != nil { - return fmt.Errorf("failed to encode podMap %w", err) - } - - return nil + return json.Marshal(c.podMap) } func (c *podController) lengthOfPodMap() int { From fec6b3611a031f48dea5d6670db6a364121e0565 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Fri, 10 Sep 2021 16:23:22 -0700 Subject: [PATCH 02/10] wip Signed-off-by: Evan Baker Co-authored-by: JungukCho --- npm/cache/npmCache.go | 14 - npm/cache/npmCache_test.go | 84 - npm/http/server/server.go | 4 +- npm/http/server/server_test.go | 43 +- npm/npm.go | 12 +- npm/npmCache.go | 51 + npm/npm_test.go | 40 + npm/pkg/dataplane/debug/const.go | 4 +- npm/pkg/dataplane/debug/converter.go | 16 +- npm/pkg/dataplane/debug/converter_test.go | 16 +- npm/pkg/dataplane/debug/trafficanalyzer.go | 13 +- .../dataplane/debug/trafficanalyzer_test.go | 2 +- .../testfiles/npmCacheWithCustomFormat.json | 654 ------- npm/pkg/dataplane/testfiles/npmcache.json | 1169 ++---------- npm/pkg/dataplane/testfiles/npmgr.json | 1579 +++++++++++++++++ 15 files changed, 1841 insertions(+), 1860 deletions(-) delete mode 100644 npm/cache/npmCache.go delete mode 100644 npm/cache/npmCache_test.go create mode 100644 npm/npmCache.go delete mode 100644 npm/pkg/dataplane/testfiles/npmCacheWithCustomFormat.json create mode 100644 npm/pkg/dataplane/testfiles/npmgr.json diff --git a/npm/cache/npmCache.go b/npm/cache/npmCache.go deleted file mode 100644 index 71bdd8ee5f..0000000000 --- a/npm/cache/npmCache.go +++ /dev/null @@ -1,14 +0,0 @@ -package cache - -import ( - "github.com/Azure/azure-container-networking/npm" - "github.com/Azure/azure-container-networking/npm/ipsm" -) - -type NPMCache struct { - Nodename string - NsMap map[string]*npm.Namespace - PodMap map[string]*npm.NpmPod - ListMap map[string]*ipsm.Ipset - SetMap map[string]*ipsm.Ipset -} diff --git a/npm/cache/npmCache_test.go b/npm/cache/npmCache_test.go deleted file mode 100644 index c436a0d6d7..0000000000 --- a/npm/cache/npmCache_test.go +++ /dev/null @@ -1,84 +0,0 @@ -package cache - -import ( - "encoding/json" - "reflect" - "testing" - "time" - - "github.com/Azure/azure-container-networking/npm" - "github.com/Azure/azure-container-networking/npm/ipsm" - "github.com/stretchr/testify/assert" - k8sversion "k8s.io/apimachinery/pkg/version" - kubeinformers "k8s.io/client-go/informers" - k8sfake "k8s.io/client-go/kubernetes/fake" - fakeexec "k8s.io/utils/exec/testing" -) - -func NPMEncoder(nodeName string) *npm.NetworkPolicyManager { - noResyncPeriodFunc := func() time.Duration { return 0 } - kubeclient := k8sfake.NewSimpleClientset() - kubeInformer := kubeinformers.NewSharedInformerFactory(kubeclient, noResyncPeriodFunc()) - fakeK8sVersion := &k8sversion.Info{ - GitVersion: "v1.20.2", - } - exec := &fakeexec.FakeExec{} - npmVersion := "npm-ut-test" - - npMgr := npm.NewNetworkPolicyManager(kubeInformer, exec, npmVersion, fakeK8sVersion) - npMgr.NodeName = nodeName - - return npMgr -} - -func TestDecode(t *testing.T) { - encodedNPMCacheData := []byte(`{"ListMap":{},"Nodename":"abc","NsMap":{},"PodMap":{},"SetMap":{}}`) - decodedNPMCache := NPMCache{} - if err := json.Unmarshal(encodedNPMCacheData, &decodedNPMCache); err != nil { - t.Errorf("failed to decode %s to NPMCache", encodedNPMCacheData) - } - - expected := NPMCache{ - ListMap: make(map[string]*ipsm.Ipset), - Nodename: "abc", - NsMap: make(map[string]*npm.Namespace), - PodMap: make(map[string]*npm.NpmPod), - SetMap: make(map[string]*ipsm.Ipset), - } - - if !reflect.DeepEqual(decodedNPMCache, expected) { - t.Errorf("got '%+v', expected '%+v'", decodedNPMCache, expected) - } -} - -func TestEncode(t *testing.T) { - expect := []byte(`{"ListMap":{},"Nodename":"abc","NsMap":{},"PodMap":{},"SetMap":{}}`) - nodeName := "abc" - npmEncoder := NPMEncoder(nodeName) - npmCacheRaw, err := json.Marshal(npmEncoder) - assert.NoError(t, err) - assert.ElementsMatch(t, expect, npmCacheRaw) -} - -func TestEncodeDecode(t *testing.T) { - npmEncoder := NPMEncoder("abc") - npmCacheRaw, err := json.Marshal(npmEncoder) - assert.NoError(t, err) - - decodedNPMCache := NPMCache{} - if err := json.Unmarshal(npmCacheRaw, &decodedNPMCache); err != nil { - t.Errorf("failed to decode %s to NPMCache", npmCacheRaw) - } - - expected := NPMCache{ - ListMap: make(map[string]*ipsm.Ipset), - Nodename: "abc", - NsMap: make(map[string]*npm.Namespace), - PodMap: make(map[string]*npm.NpmPod), - SetMap: make(map[string]*ipsm.Ipset), - } - - if !reflect.DeepEqual(decodedNPMCache, expected) { - t.Errorf("got '%+v', expected '%+v'", decodedNPMCache, expected) - } -} diff --git a/npm/http/server/server.go b/npm/http/server/server.go index 260d6482c2..877d1b0891 100644 --- a/npm/http/server/server.go +++ b/npm/http/server/server.go @@ -63,9 +63,9 @@ func NPMRestServerListenAndServe(config npmconfig.Config, npmEncoder json.Marsha klog.Errorf("Failed to start NPM HTTP Server with error: %+v", srv.ListenAndServe()) } -func (n *NPMRestServer) npmCacheHandler(npmEncoder json.Marshaler) http.Handler { +func (n *NPMRestServer) npmCacheHandler(npmCacheEncoder json.Marshaler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - b, err := npmEncoder.MarshalJSON() + b, err := json.Marshal(npmCacheEncoder) if err != nil { http.Error(w, err.Error(), 500) return diff --git a/npm/http/server/server_test.go b/npm/http/server/server_test.go index cba2a2e71a..fc7441ee5f 100644 --- a/npm/http/server/server_test.go +++ b/npm/http/server/server_test.go @@ -1,44 +1,26 @@ package server import ( + "encoding/json" + "io/ioutil" "net/http" "net/http/httptest" - "os" "testing" - "time" - "github.com/Azure/azure-container-networking/npm/cache" "github.com/Azure/azure-container-networking/npm/http/api" "github.com/Azure/azure-container-networking/npm/ipsm" "github.com/stretchr/testify/assert" "github.com/Azure/azure-container-networking/npm" - k8sversion "k8s.io/apimachinery/pkg/version" - kubeinformers "k8s.io/client-go/informers" - k8sfake "k8s.io/client-go/kubernetes/fake" - fakeexec "k8s.io/utils/exec/testing" ) -func NPMEncoder() npm.NetworkPolicyManagerEncoder { - noResyncPeriodFunc := func() time.Duration { return 0 } - kubeclient := k8sfake.NewSimpleClientset() - kubeInformer := kubeinformers.NewSharedInformerFactory(kubeclient, noResyncPeriodFunc()) - fakeK8sVersion := &k8sversion.Info{ - GitVersion: "v1.20.2", - } - exec := &fakeexec.FakeExec{} - npmVersion := "npm-ut-test" - - npmEncoder := npm.NewNetworkPolicyManager(kubeInformer, exec, npmVersion, fakeK8sVersion) - return npmEncoder -} - func TestGetNPMCacheHandler(t *testing.T) { assert := assert.New(t) - npmEncoder := NPMEncoder() + nodeName := "nodename" + npmCacheEncoder := npm.NPMCacheEncoder(nodeName) n := &NPMRestServer{} - handler := n.npmCacheHandler(npmEncoder) + handler := n.npmCacheHandler(npmCacheEncoder) req, err := http.NewRequest(http.MethodGet, api.NPMMgrPath, nil) if err != nil { @@ -53,14 +35,19 @@ func TestGetNPMCacheHandler(t *testing.T) { status, http.StatusOK) } - var actual *cache.NPMCache - actual, err = cache.Decode(rr.Body) + byteArray, err := ioutil.ReadAll(rr.Body) if err != nil { - t.Fatal(err) + t.Errorf("failed to read response's data : %w", err) + } + + actual := &npm.NPMCache{} + err = json.Unmarshal(byteArray, actual) + if err != nil { + t.Fatalf("failed to unmarshal %s due to %v", string(byteArray), err) } - expected := &cache.NPMCache{ - Nodename: os.Getenv("HOSTNAME"), + expected := &npm.NPMCache{ + NodeName: nodeName, NsMap: make(map[string]*npm.Namespace), PodMap: make(map[string]*npm.NpmPod), ListMap: make(map[string]*ipsm.Ipset), diff --git a/npm/npm.go b/npm/npm.go index aa9da7444a..10c7af4a0f 100644 --- a/npm/npm.go +++ b/npm/npm.go @@ -99,36 +99,36 @@ func NewNetworkPolicyManager(informerFactory informers.SharedInformerFactory, ex } func (npMgr *NetworkPolicyManager) MarshalJSON() ([]byte, error) { - m := map[string]json.RawMessage{} + m := map[NPMCacheKey]json.RawMessage{} npmNamespaceCacheRaw, err := json.Marshal(npMgr.npmNamespaceCache) if err != nil { return nil, err } - m["NsMap"] = npmNamespaceCacheRaw + m[NsMap] = npmNamespaceCacheRaw podControllerRaw, err := json.Marshal(npMgr.podController) if err != nil { return nil, err } - m["PodMap"] = podControllerRaw + m[PodMap] = podControllerRaw listMapRaw, err := npMgr.ipsMgr.MarshalListMapJSON() if err != nil { return nil, err } - m["ListMap"] = listMapRaw + m[ListMaap] = listMapRaw setMapRaw, err := npMgr.ipsMgr.MarshalSetMapJSON() if err != nil { return nil, err } - m["SetMap"] = setMapRaw + m[SetMap] = setMapRaw nodeNameRaw, err := json.Marshal(npMgr.NodeName) if err != nil { return nil, err } - m["Nodename"] = nodeNameRaw + m[NodeName] = nodeNameRaw return json.Marshal(m) } diff --git a/npm/npmCache.go b/npm/npmCache.go new file mode 100644 index 0000000000..96e2121b61 --- /dev/null +++ b/npm/npmCache.go @@ -0,0 +1,51 @@ +// Copyright 2018 Microsoft. All rights reserved. +// MIT License +package npm + +import ( + "encoding/json" + "time" + + "github.com/Azure/azure-container-networking/npm/ipsm" + + k8sversion "k8s.io/apimachinery/pkg/version" + + kubeinformers "k8s.io/client-go/informers" + + k8sfake "k8s.io/client-go/kubernetes/fake" + + fakeexec "k8s.io/utils/exec/testing" +) + +type NPMCacheKey string + +const ( + NodeName NPMCacheKey = "NodeName" + NsMap NPMCacheKey = "NsMap" + PodMap NPMCacheKey = "PodMap" + ListMaap NPMCacheKey = "ListMap" + SetMap NPMCacheKey = "SetMap" +) + +type NPMCache struct { + NodeName string + NsMap map[string]*Namespace + PodMap map[string]*NpmPod + ListMap map[string]*ipsm.Ipset + SetMap map[string]*ipsm.Ipset +} + +func NPMCacheEncoder(nodeName string) json.Marshaler { + noResyncPeriodFunc := func() time.Duration { return 0 } + kubeclient := k8sfake.NewSimpleClientset() + kubeInformer := kubeinformers.NewSharedInformerFactory(kubeclient, noResyncPeriodFunc()) + fakeK8sVersion := &k8sversion.Info{ + GitVersion: "v1.20.2", + } + exec := &fakeexec.FakeExec{} + npmVersion := "npm-ut-test" + + npMgr := NewNetworkPolicyManager(kubeclient, kubeInformer, exec, npmVersion, fakeK8sVersion) + npMgr.NodeName = nodeName + return npMgr +} diff --git a/npm/npm_test.go b/npm/npm_test.go index e195421db7..209fa80fbe 100644 --- a/npm/npm_test.go +++ b/npm/npm_test.go @@ -1,12 +1,15 @@ package npm import ( + "encoding/json" "os" + "reflect" "testing" "github.com/Azure/azure-container-networking/npm/ipsm" "github.com/Azure/azure-container-networking/npm/iptm" "github.com/Azure/azure-container-networking/npm/metrics" + "github.com/stretchr/testify/assert" "k8s.io/client-go/tools/cache" "k8s.io/utils/exec" ) @@ -28,6 +31,43 @@ func getKey(obj interface{}, t *testing.T) string { return key } +func TestMarshalJSON(t *testing.T) { + nodeName := "nodename" + npmCacheEncoder := NPMCacheEncoder(nodeName) + npmCacheRaw, err := npmCacheEncoder.MarshalJSON() + + assert.NoError(t, err) + + // TODO(junguk): better to use const in NPMCache and nodeName variable + expect := []byte(`{"ListMap":{},"NodeName":"nodename","NsMap":{},"PodMap":{},"SetMap":{}}`) + assert.ElementsMatch(t, expect, npmCacheRaw) +} + +func TestMarshalUnMarshalJSON(t *testing.T) { + nodeName := "nodename" + npmCacheEncoder := NPMCacheEncoder(nodeName) + + npmCacheRaw, err := npmCacheEncoder.MarshalJSON() + assert.NoError(t, err) + + decodedNPMCache := NPMCache{} + if err := json.Unmarshal(npmCacheRaw, &decodedNPMCache); err != nil { + t.Errorf("failed to decode %s to NPMCache", npmCacheRaw) + } + + expected := NPMCache{ + ListMap: make(map[string]*ipsm.Ipset), + NodeName: "nodename", + NsMap: make(map[string]*Namespace), + PodMap: make(map[string]*NpmPod), + SetMap: make(map[string]*ipsm.Ipset), + } + + if !reflect.DeepEqual(decodedNPMCache, expected) { + t.Errorf("got '%+v', expected '%+v'", decodedNPMCache, expected) + } +} + func TestMain(m *testing.M) { metrics.InitializeAll() exec := exec.New() diff --git a/npm/pkg/dataplane/debug/const.go b/npm/pkg/dataplane/debug/const.go index 9a8a274299..a871d224e1 100644 --- a/npm/pkg/dataplane/debug/const.go +++ b/npm/pkg/dataplane/debug/const.go @@ -43,7 +43,5 @@ var ( const ( iptableSaveFile = "../testfiles/iptablesave" // stored file with json compatible form (i.e., can call json.Unmarshal) - // npmCacheFile = ".../testfiles/npmCache.json" - // stored file with custom encoding in Encode function in npmCache.go - npmCacheWithCustomFormatFile = "../testfiles/npmCacheWithCustomFormat.json" + npmCacheFile = "../testFiles/npmcache.json" ) diff --git a/npm/pkg/dataplane/debug/converter.go b/npm/pkg/dataplane/debug/converter.go index 45c4cb26f0..702ca72db0 100644 --- a/npm/pkg/dataplane/debug/converter.go +++ b/npm/pkg/dataplane/debug/converter.go @@ -12,7 +12,7 @@ import ( "strconv" "strings" - "github.com/Azure/azure-container-networking/npm/cache" + "github.com/Azure/azure-container-networking/npm" "github.com/Azure/azure-container-networking/npm/http/api" NPMIPtable "github.com/Azure/azure-container-networking/npm/pkg/dataplane/iptables" "github.com/Azure/azure-container-networking/npm/pkg/dataplane/parse" @@ -26,18 +26,20 @@ type Converter struct { ListMap map[string]string // key: hash(value), value: one of namespace, label of namespace, multiple values SetMap map[string]string // key: hash(value), value: one of label of pods, cidr, namedport AzureNPMChains map[string]bool - NPMCache *cache.NPMCache + NPMCache *npm.NPMCache } // NpmCacheFromFile initialize NPM cache from file. func (c *Converter) NpmCacheFromFile(npmCacheJSONFile string) error { byteArray, err := ioutil.ReadFile(npmCacheJSONFile) if err != nil { - return fmt.Errorf("error occurred during reading in file : %w", err) + return fmt.Errorf("failed to read %s file : %w", npmCacheJSONFile, err) } + + c.NPMCache = &npm.NPMCache{} err = json.Unmarshal(byteArray, c.NPMCache) if err != nil { - return fmt.Errorf("error occurred during unmarshalling : %w", err) + return fmt.Errorf("failed to unmarshal %s due to %w", string(byteArray), err) } return nil } @@ -60,12 +62,12 @@ func (c *Converter) NpmCache() error { defer resp.Body.Close() byteArray, err := ioutil.ReadAll(resp.Body) if err != nil { - return fmt.Errorf("error occurred during reading response's data : %w", err) + return fmt.Errorf("failed to read response's data : %w", err) } - c.NPMCache = &cache.NPMCache{} + c.NPMCache = &npm.NPMCache{} err = json.Unmarshal(byteArray, c.NPMCache) if err != nil { - return fmt.Errorf("error occurred during unmarshalling : %w", err) + return fmt.Errorf("failed to unmarshal %s due to %w", string(byteArray), err) } return nil } diff --git a/npm/pkg/dataplane/debug/converter_test.go b/npm/pkg/dataplane/debug/converter_test.go index 055ec94b42..dc0258c30d 100644 --- a/npm/pkg/dataplane/debug/converter_test.go +++ b/npm/pkg/dataplane/debug/converter_test.go @@ -14,11 +14,11 @@ func TestGetJSONRulesFromIptableFile(t *testing.T) { c := &Converter{} _, err := c.GetJSONRulesFromIptableFile( util.IptablesFilterTable, - npmCacheWithCustomFormatFile, + npmCacheFile, iptableSaveFile, ) if err != nil { - t.Errorf("error during TestGetJSONRulesFromIptable : %w", err) + t.Errorf("failed to test GetJSONRulesFromIptable : %w", err) } } @@ -26,7 +26,7 @@ func TestGetProtobufRulesFromIptableFile(t *testing.T) { c := &Converter{} _, err := c.GetProtobufRulesFromIptableFile( util.IptablesFilterTable, - npmCacheWithCustomFormatFile, + npmCacheFile, iptableSaveFile, ) if err != nil { @@ -36,9 +36,9 @@ func TestGetProtobufRulesFromIptableFile(t *testing.T) { func TestNpmCacheFromFile(t *testing.T) { c := &Converter{} - err := c.NpmCacheFromFile(npmCacheWithCustomFormatFile) + err := c.NpmCacheFromFile(npmCacheFile) if err != nil { - t.Errorf("Failed to decode NPMCache from %s file : %w", npmCacheWithCustomFormatFile, err) + t.Errorf("Failed to decode NPMCache from %s file : %w", npmCacheFile, err) } } @@ -91,7 +91,7 @@ func TestGetSetType(t *testing.T) { } c := &Converter{} - err := c.initConverterFile(npmCacheWithCustomFormatFile) + err := c.initConverterFile(npmCacheFile) if err != nil { t.Errorf("error during initilizing converter : %w", err) } @@ -313,7 +313,7 @@ func TestGetRulesFromChain(t *testing.T) { } c := &Converter{} - err := c.initConverterFile(npmCacheWithCustomFormatFile) + err := c.initConverterFile(npmCacheFile) if err != nil { t.Errorf("error during initilizing converter : %w", err) } @@ -502,7 +502,7 @@ func TestGetModulesFromRule(t *testing.T) { } c := &Converter{} - err := c.initConverterFile(npmCacheWithCustomFormatFile) + err := c.initConverterFile(npmCacheFile) if err != nil { t.Errorf("error during initilizing converter : %w", err) } diff --git a/npm/pkg/dataplane/debug/trafficanalyzer.go b/npm/pkg/dataplane/debug/trafficanalyzer.go index 5e15407624..fb68732b4f 100644 --- a/npm/pkg/dataplane/debug/trafficanalyzer.go +++ b/npm/pkg/dataplane/debug/trafficanalyzer.go @@ -7,7 +7,6 @@ import ( "strings" "github.com/Azure/azure-container-networking/npm" - "github.com/Azure/azure-container-networking/npm/cache" "github.com/Azure/azure-container-networking/npm/pkg/dataplane/pb" "github.com/Azure/azure-container-networking/npm/util" "google.golang.org/protobuf/encoding/protojson" @@ -78,7 +77,7 @@ func GetNetworkTupleFile( // Common function. func getNetworkTupleCommon( src, dst *Input, - npmCache *cache.NPMCache, + npmCache *npm.NPMCache, allRules []*pb.RuleResponse, ) ([][]byte, []*Tuple, error) { @@ -130,7 +129,7 @@ func getNetworkTupleCommon( return ruleResListJSON, resTupleList, nil } -func getNPMPod(input *Input, npmCache *cache.NPMCache) (*npm.NpmPod, error) { +func getNPMPod(input *Input, npmCache *npm.NPMCache) (*npm.NpmPod, error) { switch input.Type { case PODNAME: if pod, ok := npmCache.PodMap[input.Content]; ok { @@ -209,7 +208,7 @@ func generateTuple(src, dst *npm.NpmPod, rule *pb.RuleResponse) *Tuple { func getHitRules( src, dst *npm.NpmPod, rules []*pb.RuleResponse, - npmCache *cache.NPMCache, + npmCache *npm.NPMCache, ) ([]*pb.RuleResponse, error) { res := make([]*pb.RuleResponse, 0) @@ -267,7 +266,7 @@ func evaluateSetInfo( setInfo *pb.RuleResponse_SetInfo, pod *npm.NpmPod, rule *pb.RuleResponse, - npmCache *cache.NPMCache, + npmCache *npm.NPMCache, ) (bool, error) { switch setInfo.Type { @@ -292,7 +291,7 @@ func evaluateSetInfo( } } -func matchKEYVALUELABELOFNAMESPACE(pod *npm.NpmPod, npmCache *cache.NPMCache, setInfo *pb.RuleResponse_SetInfo) bool { +func matchKEYVALUELABELOFNAMESPACE(pod *npm.NpmPod, npmCache *npm.NPMCache, setInfo *pb.RuleResponse_SetInfo) bool { srcNamespace := util.NamespacePrefix + pod.Namespace key, expectedValue := processKeyValueLabelOfNameSpace(setInfo.Name) actualValue := npmCache.NsMap[srcNamespace].LabelsMap[key] @@ -331,7 +330,7 @@ func matchNESTEDLABELOFPOD(pod *npm.NpmPod, setInfo *pb.RuleResponse_SetInfo) bo return true } -func matchKEYLABELOFNAMESPACE(pod *npm.NpmPod, npmCache *cache.NPMCache, setInfo *pb.RuleResponse_SetInfo) bool { +func matchKEYLABELOFNAMESPACE(pod *npm.NpmPod, npmCache *npm.NPMCache, setInfo *pb.RuleResponse_SetInfo) bool { srcNamespace := util.NamespacePrefix + pod.Namespace key := strings.TrimPrefix(setInfo.Name, util.NamespacePrefix) if _, ok := npmCache.NsMap[srcNamespace].LabelsMap[key]; ok { diff --git a/npm/pkg/dataplane/debug/trafficanalyzer_test.go b/npm/pkg/dataplane/debug/trafficanalyzer_test.go index 9a942afdda..35b97294a5 100644 --- a/npm/pkg/dataplane/debug/trafficanalyzer_test.go +++ b/npm/pkg/dataplane/debug/trafficanalyzer_test.go @@ -233,7 +233,7 @@ func TestGetNetworkTuple(t *testing.T) { _, actualTupleList, err := GetNetworkTupleFile( test.input.src, test.input.dst, - npmCacheWithCustomFormatFile, + npmCacheFile, iptableSaveFile, ) if err != nil { diff --git a/npm/pkg/dataplane/testfiles/npmCacheWithCustomFormat.json b/npm/pkg/dataplane/testfiles/npmCacheWithCustomFormat.json deleted file mode 100644 index 238b533403..0000000000 --- a/npm/pkg/dataplane/testfiles/npmCacheWithCustomFormat.json +++ /dev/null @@ -1,654 +0,0 @@ -"aks-nodepool1-25107630-vmss000001" -{ - "ns-acn": { - "LabelsMap": {} - }, - "ns-dangerous": { - "LabelsMap": {} - }, - "ns-default": { - "LabelsMap": {} - }, - "ns-kube-node-lease": { - "LabelsMap": { - "all": "namespaces" - } - }, - "ns-kube-public": { - "LabelsMap": { - "all": "namespaces" - } - }, - "ns-kube-system": { - "LabelsMap": { - "addonmanager.kubernetes.io/mode": "Reconcile", - "all": "namespaces", - "control-plane": "true", - "kubernetes.io/cluster-service": "true", - "networking/namespace": "kube-system" - } - }, - "ns-monitoring": { - "LabelsMap": {} - }, - "ns-netpol-4537-x": { - "LabelsMap": {} - }, - "ns-test": { - "LabelsMap": {} - }, - "ns-project": { - "LabelsMap": { - "project": "myproject" - } - }, - "ns-testnamespace": { - "LabelsMap": {} - }, - "ns-unsafe": { - "LabelsMap": {} - }, - "ns-x": { - "LabelsMap": { - "ns": "x" - } - }, - "ns-y": { - "LabelsMap": { - "ns": "y" - } - }, - "ns-z": { - "LabelsMap": { - "ns": "z" - } - } -} -{ - "default/ubuntu-proxy-6zg9f": { - "Name": "ubuntu-proxy-6zg9f", - "Namespace": "default", - "PodIP": "10.240.0.17", - "Labels": { - "app.kubernetes.io/tier": "metrics", - "tier": "frontend" - }, - "ContainerPorts": [], - "Phase": "Running" - }, - "default/ubuntu-proxy-vwtx8": { - "Name": "ubuntu-proxy-vwtx8", - "Namespace": "default", - "PodIP": "10.240.0.68", - "Labels": { - "app.kubernetes.io/tier": "metrics", - "tier": "frontend" - }, - "ContainerPorts": [], - "Phase": "Running" - }, - "default/db": { - "Name": "ubuntu-proxy-vwtx8", - "Namespace": "default", - "PodIP": "10.240.0.69", - "Labels": { - "role": "db" - }, - "ContainerPorts": [], - "Phase": "Running" - }, - "kube-system/coredns-77b8db5487-r6ctd": { - "Name": "coredns-77b8db5487-r6ctd", - "Namespace": "kube-system", - "PodIP": "10.240.0.82", - "Labels": { - "k8s-app": "kube-dns", - "kubernetes.io/cluster-service": "true", - "pod-template-hash": "77b8db5487", - "version": "v20" - }, - "ContainerPorts": [ - { - "name": "dns", - "containerPort": 53, - "protocol": "UDP" - }, - { - "name": "dns-tcp", - "containerPort": 53, - "protocol": "TCP" - }, - { - "name": "metrics", - "containerPort": 9153, - "protocol": "TCP" - } - ], - "Phase": "Running" - }, - "kube-system/coredns-77b8db5487-tfxk4": { - "Name": "coredns-77b8db5487-tfxk4", - "Namespace": "kube-system", - "PodIP": "10.240.0.14", - "Labels": { - "k8s-app": "kube-dns", - "kubernetes.io/cluster-service": "true", - "pod-template-hash": "77b8db5487", - "version": "v20" - }, - "ContainerPorts": [ - { - "name": "dns", - "containerPort": 53, - "protocol": "UDP" - }, - { - "name": "dns-tcp", - "containerPort": 53, - "protocol": "TCP" - }, - { - "name": "metrics", - "containerPort": 9153, - "protocol": "TCP" - } - ], - "Phase": "Running" - }, - "kube-system/coredns-autoscaler-cb5bc68df-xjbhc": { - "Name": "coredns-autoscaler-cb5bc68df-xjbhc", - "Namespace": "kube-system", - "PodIP": "10.240.0.10", - "Labels": { - "k8s-app": "coredns-autoscaler", - "pod-template-hash": "cb5bc68df" - }, - "ContainerPorts": [], - "Phase": "Running" - }, - "kube-system/metrics-server-58fdc875d5-rv42s": { - "Name": "metrics-server-58fdc875d5-rv42s", - "Namespace": "kube-system", - "PodIP": "10.240.0.15", - "Labels": { - "k8s-app": "metrics-server", - "pod-template-hash": "58fdc875d5" - }, - "ContainerPorts": [], - "Phase": "Running" - }, - "kube-system/omsagent-4c47t": { - "Name": "omsagent-4c47t", - "Namespace": "kube-system", - "PodIP": "10.240.0.85", - "Labels": { - "component": "oms-agent", - "controller-revision-hash": "799857d4bc", - "kubernetes.azure.com/managedby": "aks", - "pod-template-generation": "7", - "tier": "node" - }, - "ContainerPorts": [ - { - "containerPort": 25225, - "protocol": "TCP" - }, - { - "containerPort": 25224, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "kube-system/omsagent-r9bmf": { - "Name": "omsagent-r9bmf", - "Namespace": "kube-system", - "PodIP": "10.240.0.25", - "Labels": { - "component": "oms-agent", - "controller-revision-hash": "799857d4bc", - "kubernetes.azure.com/managedby": "aks", - "pod-template-generation": "7", - "tier": "node" - }, - "ContainerPorts": [ - { - "containerPort": 25225, - "protocol": "TCP" - }, - { - "containerPort": 25224, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "kube-system/omsagent-rs-6f8864d65f-8pc8b": { - "Name": "omsagent-rs-6f8864d65f-8pc8b", - "Namespace": "kube-system", - "PodIP": "10.240.0.60", - "Labels": { - "kubernetes.azure.com/managedby": "aks", - "pod-template-hash": "6f8864d65f", - "rsName": "omsagent-rs" - }, - "ContainerPorts": [ - { - "containerPort": 25225, - "protocol": "TCP" - }, - { - "containerPort": 25224, - "protocol": "UDP" - }, - { - "name": "in-rs-tcp", - "containerPort": 25227, - "protocol": "TCP" - } - ], - "Phase": "Running" - }, - "kube-system/omsagent-zmmd5": { - "Name": "omsagent-zmmd5", - "Namespace": "kube-system", - "PodIP": "10.240.0.58", - "Labels": { - "component": "oms-agent", - "controller-revision-hash": "799857d4bc", - "kubernetes.azure.com/managedby": "aks", - "pod-template-generation": "7", - "tier": "node" - }, - "ContainerPorts": [ - { - "containerPort": 25225, - "protocol": "TCP" - }, - { - "containerPort": 25224, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "monitoring/prometheus-deployment-54686956bd-89m2j": { - "Name": "prometheus-deployment-54686956bd-89m2j", - "Namespace": "monitoring", - "PodIP": "10.240.0.33", - "Labels": { - "app": "prometheus-server", - "pod-template-hash": "54686956bd" - }, - "ContainerPorts": [ - { - "containerPort": 9090, - "protocol": "TCP" - } - ], - "Phase": "Running" - }, - "test/server": { - "Name": "server", - "Namespace": "test", - "PodIP": "10.240.0.38", - "Labels": { - "app": "server" - }, - "ContainerPorts": [ - { - "name": "serve-80", - "containerPort": 80, - "protocol": "TCP" - } - ], - "Phase": "Running" - }, - "x/a": { - "Name": "a", - "Namespace": "x", - "PodIP": "10.240.0.38", - "Labels": { - "pod": "a" - }, - "ContainerPorts": [ - { - "name": "serve-80", - "containerPort": 80, - "protocol": "UDP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "x/b": { - "Name": "b", - "Namespace": "x", - "PodIP": "10.240.0.59", - "Labels": { - "pod": "b" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "x/c": { - "Name": "c", - "Namespace": "x", - "PodIP": "10.240.0.46", - "Labels": { - "pod": "c" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "testnamespace/a": { - "Name": "a", - "Namespace": "testnamespace", - "PodIP": "10.240.0.12", - "Labels": { - "pod": "a", - "app": "frontend" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "y/b": { - "Name": "b", - "Namespace": "y", - "PodIP": "10.240.0.42", - "Labels": { - "pod": "b" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "y/c": { - "Name": "c", - "Namespace": "y", - "PodIP": "10.240.0.84", - "Labels": { - "pod": "c" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "netpol-4537-x/a": { - "Name": "a", - "Namespace": "netpol-4537-x", - "PodIP": "10.240.0.13", - "Labels": { - "pod": "a" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "z/b": { - "Name": "b", - "Namespace": "z", - "PodIP": "10.240.0.70", - "Labels": { - "pod": "b", - "app": "int" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "z/c": { - "Name": "c", - "Namespace": "z", - "PodIP": "10.240.0.37", - "Labels": { - "pod": "c" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "myproject/frontend1": { - "Name": "frontend1", - "Namespace": "project", - "PodIP": "172.17.0.0", - "Labels": { - "project": "myproject" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - }, - "myproject/frontend2": { - "Name": "frontend", - "Namespace": "project", - "PodIP": "172.17.1.0", - "Labels": { - "project": "myproject" - }, - "ContainerPorts": [ - { - "name": "serve-80-tcp", - "containerPort": 80, - "protocol": "TCP" - }, - { - "name": "serve-80-udp", - "containerPort": 80, - "protocol": "UDP" - } - ], - "Phase": "Running" - } -} -{ - "all-namespaces": {}, - "app:test:int": {}, - "k1:v0:v1": {}, - "ns-addonmanager.kubernetes.io/mode": {}, - "ns-addonmanager.kubernetes.io/mode:Reconcile": {}, - "ns-all": {}, - "ns-all:namespaces": {}, - "ns-control-plane": {}, - "ns-control-plane:true": {}, - "ns-kubernetes.io/cluster-service": {}, - "ns-kubernetes.io/cluster-service:true": {}, - "ns-namespace:dev": {}, - "ns-namespace:test0": {}, - "ns-namespace:test1": {}, - "ns-networking/namespace": {}, - "ns-networking/namespace:kube-system": {}, - "ns-ns": {}, - "ns-ns:dev": {}, - "ns-ns:netpol-4537-x": {}, - "ns-ns:netpol-4537-y": {}, - "ns-ns:x": {}, - "ns-ns:y": {}, - "ns-ns:z": {}, - "ns-project:myproject": {}, - "pod:a:x": {}, - "pod:b:c": {} -} -{ - "allow-backend-to-frontend-on-port-53-policy-in-ns-testnamespace-1out": {}, - "allow-backend-to-frontend-on-port-8000-policy-in-ns-testnamespace-0in": {}, - "allow-multiple-labels-to-multiple-labels-in-ns-acn-0in": {}, - "allow-ns-dev-to-app-frontend-in-ns-testnamespace-0in": {}, - "allow-ns-y-z-pod-b-c-in-ns-netpol-4537-x-0in": {}, - "app": {}, - "app.kubernetes.io/tier": {}, - "app.kubernetes.io/tier:metrics": {}, - "app:backdoor": {}, - "app:backend": {}, - "app:frontend": {}, - "app:int": {}, - "app:k8s": {}, - "app:konnectivity-agent": {}, - "app:prometheus-server": {}, - "app:server": {}, - "app:test": {}, - "binary:cns": {}, - "component": {}, - "component:oms-agent": {}, - "controller-revision-hash": {}, - "controller-revision-hash:799857d4bc": {}, - "deny-all-policy-in-ns-testnamespace-0in": {}, - "group:container": {}, - "k0": {}, - "k1:v0": {}, - "k1:v1": {}, - "k8s-app": {}, - "k8s-app:coredns-autoscaler": {}, - "k8s-app:kube-dns": {}, - "k8s-app:metrics-server": {}, - "k8s-example-policy-in-ns-default-0in": {}, - "k8s-example-policy-in-ns-default-0out": {}, - "kube-system": {}, - "kubernetes.azure.com/managedby": {}, - "kubernetes.azure.com/managedby:aks": {}, - "kubernetes.io/cluster-service": {}, - "kubernetes.io/cluster-service:true": {}, - "namedport:dns": {}, - "namedport:dns-tcp": {}, - "namedport:in-rs-tcp": {}, - "namedport:metrics": {}, - "namedport:serve-80": {}, - "namedport:serve-80-tcp": {}, - "namedport:serve-80-udp": {}, - "ns-acn": {}, - "ns-dangerous": {}, - "ns-default": {}, - "ns-kube-node-lease": {}, - "ns-kube-public": {}, - "ns-kube-system": {}, - "ns-monitoring": {}, - "ns-netpol-4537-x": {}, - "ns-test": {}, - "ns-testnamespace": {}, - "ns-unsafe": {}, - "ns-x": {}, - "ns-y": {}, - "ns-z": {}, - "pod": {}, - "pod-template-generation": {}, - "pod-template-generation:7": {}, - "pod-template-hash": {}, - "pod-template-hash:54686956bd": {}, - "pod-template-hash:58fdc875d5": {}, - "pod-template-hash:6f8864d65f": {}, - "pod-template-hash:77b8db5487": {}, - "pod-template-hash:cb5bc68df": {}, - "pod:a": {}, - "pod:b": {}, - "pod:c": {}, - "pod:x": {}, - "program:cni": {}, - "role:db": {}, - "role:frontend": {}, - "rsName": {}, - "rsName:omsagent-rs": {}, - "team:acn": {}, - "team:aks": {}, - "tier": {}, - "tier:frontend": {}, - "tier:node": {}, - "version": {}, - "version:v20": {} -} \ No newline at end of file diff --git a/npm/pkg/dataplane/testfiles/npmcache.json b/npm/pkg/dataplane/testfiles/npmcache.json index c383524cbf..6d167b74a5 100644 --- a/npm/pkg/dataplane/testfiles/npmcache.json +++ b/npm/pkg/dataplane/testfiles/npmcache.json @@ -1,169 +1,23 @@ { - "Exec": {}, - "NodeName": "aks-nodepool1-25107630-vmss000001", + "NodeName":"aks-nodepool1-25107630-vmss000001", "NsMap": { - "all-namespaces": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": { - "all-namespaces": {}, - "app:test:int": {}, - "k1:v0:v1": {}, - "ns-addonmanager.kubernetes.io/mode": {}, - "ns-addonmanager.kubernetes.io/mode:Reconcile": {}, - "ns-all": {}, - "ns-all:namespaces": {}, - "ns-control-plane": {}, - "ns-control-plane:true": {}, - "ns-kubernetes.io/cluster-service": {}, - "ns-kubernetes.io/cluster-service:true": {}, - "ns-namespace:dev": {}, - "ns-namespace:test0": {}, - "ns-namespace:test1": {}, - "ns-networking/namespace": {}, - "ns-networking/namespace:kube-system": {}, - "ns-ns": {}, - "ns-ns:dev": {}, - "ns-ns:netpol-4537-x": {}, - "ns-ns:netpol-4537-y": {}, - "ns-ns:x": {}, - "ns-ns:y": {}, - "ns-ns:z": {}, - "ns-project:myproject": {}, - "pod:a:x": {}, - "pod:b:c": {} - }, - "SetMap": { - "allow-backend-to-frontend-on-port-53-policy-in-ns-testnamespace-1out": {}, - "allow-backend-to-frontend-on-port-8000-policy-in-ns-testnamespace-0in": {}, - "allow-multiple-labels-to-multiple-labels-in-ns-acn-0in": {}, - "allow-ns-dev-to-app-frontend-in-ns-testnamespace-0in": {}, - "allow-ns-y-z-pod-b-c-in-ns-netpol-4537-x-0in": {}, - "app": {}, - "app.kubernetes.io/tier": {}, - "app.kubernetes.io/tier:metrics": {}, - "app:backdoor": {}, - "app:backend": {}, - "app:frontend": {}, - "app:int": {}, - "app:k8s": {}, - "app:konnectivity-agent": {}, - "app:prometheus-server": {}, - "app:server": {}, - "app:test": {}, - "binary:cns": {}, - "component": {}, - "component:oms-agent": {}, - "controller-revision-hash": {}, - "controller-revision-hash:799857d4bc": {}, - "deny-all-policy-in-ns-testnamespace-0in": {}, - "group:container": {}, - "k0": {}, - "k1:v0": {}, - "k1:v1": {}, - "k8s-app": {}, - "k8s-app:coredns-autoscaler": {}, - "k8s-app:kube-dns": {}, - "k8s-app:metrics-server": {}, - "k8s-example-policy-in-ns-default-0in": {}, - "k8s-example-policy-in-ns-default-0out": {}, - "kube-system": {}, - "kubernetes.azure.com/managedby": {}, - "kubernetes.azure.com/managedby:aks": {}, - "kubernetes.io/cluster-service": {}, - "kubernetes.io/cluster-service:true": {}, - "namedport:dns": {}, - "namedport:dns-tcp": {}, - "namedport:in-rs-tcp": {}, - "namedport:metrics": {}, - "namedport:serve-80": {}, - "namedport:serve-80-tcp": {}, - "namedport:serve-80-udp": {}, - "ns-acn": {}, - "ns-dangerous": {}, - "ns-default": {}, - "ns-kube-node-lease": {}, - "ns-kube-public": {}, - "ns-kube-system": {}, - "ns-monitoring": {}, - "ns-netpol-4537-x": {}, - "ns-test": {}, - "ns-testnamespace": {}, - "ns-unsafe": {}, - "ns-x": {}, - "ns-y": {}, - "ns-z": {}, - "pod": {}, - "pod-template-generation": {}, - "pod-template-generation:7": {}, - "pod-template-hash": {}, - "pod-template-hash:54686956bd": {}, - "pod-template-hash:58fdc875d5": {}, - "pod-template-hash:6f8864d65f": {}, - "pod-template-hash:77b8db5487": {}, - "pod-template-hash:cb5bc68df": {}, - "pod:a": {}, - "pod:b": {}, - "pod:c": {}, - "pod:x": {}, - "program:cni": {}, - "role:db": {}, - "role:frontend": {}, - "rsName": {}, - "rsName:omsagent-rs": {}, - "team:acn": {}, - "team:aks": {}, - "tier": {}, - "tier:frontend": {}, - "tier:node": {}, - "version": {}, - "version:v20": {} - } - } - }, "ns-acn": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} - } + "LabelsMap": {} }, "ns-dangerous": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} - } + "LabelsMap": {} }, "ns-default": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} - } + "LabelsMap": {} }, "ns-kube-node-lease": { "LabelsMap": { "all": "namespaces" - }, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} } }, "ns-kube-public": { "LabelsMap": { "all": "namespaces" - }, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} } }, "ns-kube-system": { @@ -173,95 +27,45 @@ "control-plane": "true", "kubernetes.io/cluster-service": "true", "networking/namespace": "kube-system" - }, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} } }, "ns-monitoring": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} - } + "LabelsMap": {} }, "ns-netpol-4537-x": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} - } + "LabelsMap": {} }, "ns-test": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} - } + "LabelsMap": {} }, "ns-project": { "LabelsMap": { "project": "myproject" - }, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} } }, "ns-testnamespace": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} - } + "LabelsMap": {} }, "ns-unsafe": { - "LabelsMap": {}, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} - } + "LabelsMap": {} }, "ns-x": { "LabelsMap": { "ns": "x" - }, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} } }, "ns-y": { "LabelsMap": { "ns": "y" - }, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} } }, "ns-z": { "LabelsMap": { "ns": "z" - }, - "SetMap": {}, - "IpsMgr": { - "ListMap": {}, - "SetMap": {} } } }, - "PodMap": { + "PodMap": { "default/ubuntu-proxy-6zg9f": { "Name": "ubuntu-proxy-6zg9f", "Namespace": "default", @@ -735,845 +539,118 @@ "Phase": "Running" } }, - "RawNpMap": { - "acn/allow-multiple-labels-to-multiple-labels": { - "metadata": { - "name": "allow-multiple-labels-to-multiple-labels", - "namespace": "acn", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/acn/networkpolicies/allow-multiple-labels-to-multiple-labels", - "uid": "aecb8992-57d4-4610-b927-7569b27b7e59", - "resourceVersion": "29067522", - "generation": 1, - "creationTimestamp": "2021-07-14T20:53:11Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-multiple-labels-to-multiple-labels\",\"namespace\":\"acn\"},\"spec\":{\"ingress\":[{\"from\":[{\"podSelector\":{\"matchLabels\":{\"program\":\"cni\",\"team\":\"acn\"}}},{\"podSelector\":{\"matchLabels\":{\"binary\":\"cns\",\"group\":\"container\"}}}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"k8s\",\"team\":\"aks\"}},\"policyTypes\":[\"Ingress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:53:11Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:ingress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:app": {}, - "f:team": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "k8s", - "team": "aks" - } - }, - "ingress": [ - { - "from": [ - { - "podSelector": { - "matchLabels": { - "program": "cni", - "team": "acn" - } - } - }, - { - "podSelector": { - "matchLabels": { - "binary": "cns", - "group": "container" - } - } - } - ] - } - ], - "policyTypes": [ - "Ingress" - ] - } - }, - "dangerous/allow-backdoor-policy": { - "metadata": { - "name": "allow-backdoor-policy", - "namespace": "dangerous", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/dangerous/networkpolicies/allow-backdoor-policy", - "uid": "ad8ac6eb-d550-457c-8b38-6791835b29c7", - "resourceVersion": "29067521", - "generation": 1, - "creationTimestamp": "2021-07-14T20:53:11Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-backdoor-policy\",\"namespace\":\"dangerous\"},\"spec\":{\"ingress\":[{\"from\":[]}],\"podSelector\":{\"matchLabels\":{\"app\":\"backdoor\"}},\"policyTypes\":[\"Ingress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:53:11Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:ingress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:app": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "backdoor" - } - }, - "ingress": [ - {} - ], - "policyTypes": [ - "Ingress" - ] - } - }, - "default/k8s-example-policy": { - "metadata": { - "name": "k8s-example-policy", - "namespace": "default", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/default/networkpolicies/k8s-example-policy", - "uid": "325bfaff-9974-4dbe-856f-ec4a46303763", - "resourceVersion": "29067527", - "generation": 9, - "creationTimestamp": "2021-07-09T23:14:29Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"k8s-example-policy\",\"namespace\":\"default\"},\"spec\":{\"egress\":[{\"ports\":[{\"port\":5978,\"protocol\":\"TCP\"}],\"to\":[{\"ipBlock\":{\"cidr\":\"10.0.0.0/24\",\"except\":[\"10.0.0.1/32\"]}}]}],\"ingress\":[{\"from\":[{\"ipBlock\":{\"cidr\":\"172.17.0.0/16\",\"except\":[\"172.17.1.0/24\"]}},{\"namespaceSelector\":{\"matchLabels\":{\"project\":\"myproject\"}}},{\"podSelector\":{\"matchLabels\":{\"role\":\"frontend\"}}}],\"ports\":[{\"port\":6379,\"protocol\":\"TCP\"}]}],\"podSelector\":{\"matchLabels\":{\"role\":\"db\"}},\"policyTypes\":[\"Ingress\",\"Egress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:52:30Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:egress": {}, - "f:ingress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:role": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "role": "db" - } - }, - "ingress": [ - { - "ports": [ - { - "protocol": "TCP", - "port": 6379 - } - ], - "from": [ - { - "ipBlock": { - "cidr": "172.17.0.0/16", - "except": [ - "172.17.1.0/24" - ] - } - }, - { - "namespaceSelector": { - "matchLabels": { - "project": "myproject" - } - } - }, - { - "podSelector": { - "matchLabels": { - "role": "frontend" - } - } - } - ] - } - ], - "egress": [ - { - "ports": [ - { - "protocol": "TCP", - "port": 5978 - } - ], - "to": [ - { - "ipBlock": { - "cidr": "10.0.0.0/24", - "except": [ - "10.0.0.1/32" - ] - } - } - ] - } - ], - "policyTypes": [ - "Ingress", - "Egress" - ] - } - }, - "kube-system/konnectivity-agent": { - "metadata": { - "name": "konnectivity-agent", - "namespace": "kube-system", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/kube-system/networkpolicies/konnectivity-agent", - "uid": "9d00b7b2-b29d-4561-aebc-7ef3c2c4bbd4", - "resourceVersion": "437", - "generation": 1, - "creationTimestamp": "2021-03-05T19:45:45Z", - "labels": { - "addonmanager.kubernetes.io/mode": "Reconcile" - }, - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"labels\":{\"addonmanager.kubernetes.io/mode\":\"Reconcile\"},\"name\":\"konnectivity-agent\",\"namespace\":\"kube-system\"},\"spec\":{\"egress\":[{}],\"podSelector\":{\"matchLabels\":{\"app\":\"konnectivity-agent\"}},\"policyTypes\":[\"Egress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-03-05T19:45:45Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - }, - "f:labels": { - ".": {}, - "f:addonmanager.kubernetes.io/mode": {} - } - }, - "f:spec": { - "f:egress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:app": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "konnectivity-agent" - } - }, - "egress": [ - {} - ], - "policyTypes": [ - "Egress" - ] - } - }, - "netpol-4537-x/allow-ns-y-z-pod-b-c": { - "metadata": { - "name": "allow-ns-y-z-pod-b-c", - "namespace": "netpol-4537-x", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/netpol-4537-x/networkpolicies/allow-ns-y-z-pod-b-c", - "uid": "b39959fa-b21e-4872-ace3-e1c113237cf0", - "resourceVersion": "29067525", - "generation": 1, - "creationTimestamp": "2021-07-14T20:53:11Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-ns-y-z-pod-b-c\",\"namespace\":\"netpol-4537-x\"},\"spec\":{\"ingress\":[{\"from\":[{\"namespaceSelector\":{\"matchExpressions\":[{\"key\":\"ns\",\"operator\":\"NotIn\",\"values\":[\"netpol-4537-x\",\"netpol-4537-y\"]}]},\"podSelector\":{\"matchExpressions\":[{\"key\":\"pod\",\"operator\":\"In\",\"values\":[\"b\",\"c\"]},{\"key\":\"app\",\"operator\":\"In\",\"values\":[\"test\",\"int\"]}]}}]}],\"podSelector\":{\"matchExpressions\":[{\"key\":\"pod\",\"operator\":\"In\",\"values\":[\"a\",\"x\"]}]},\"policyTypes\":[\"Ingress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:53:11Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:ingress": {}, - "f:podSelector": { - "f:matchExpressions": {} - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchExpressions": [ - { - "key": "pod", - "operator": "In", - "values": [ - "a", - "x" - ] - } - ] - }, - "ingress": [ - { - "from": [ - { - "podSelector": { - "matchExpressions": [ - { - "key": "pod", - "operator": "In", - "values": [ - "b", - "c" - ] - }, - { - "key": "app", - "operator": "In", - "values": [ - "test", - "int" - ] - } - ] - }, - "namespaceSelector": { - "matchExpressions": [ - { - "key": "ns", - "operator": "NotIn", - "values": [ - "netpol-4537-x", - "netpol-4537-y" - ] - } - ] - } - } - ] - } - ], - "policyTypes": [ - "Ingress" - ] - } - }, - "test/named-port-ingress-rule": { - "metadata": { - "name": "named-port-ingress-rule", - "namespace": "test", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/test/networkpolicies/named-port-ingress-rule", - "uid": "e2030828-8295-411d-887e-0ccccd59514e", - "resourceVersion": "29067534", - "generation": 1, - "creationTimestamp": "2021-07-14T20:53:12Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"named-port-ingress-rule\",\"namespace\":\"test\"},\"spec\":{\"ingress\":[{\"ports\":[{\"port\":\"serve-80\",\"protocol\":\"TCP\"}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"server\"}},\"policyTypes\":[\"Ingress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:53:12Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:ingress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:app": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "server" - } - }, - "ingress": [ - { - "ports": [ - { - "protocol": "TCP", - "port": "serve-80" - } - ] - } - ], - "policyTypes": [ - "Ingress" - ] - } - }, - "testnamespace/allow-all-to-app-frontend": { - "metadata": { - "name": "allow-all-to-app-frontend", - "namespace": "testnamespace", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/allow-all-to-app-frontend", - "uid": "9b155f6d-1284-4b39-8ef2-1aa670833a44", - "resourceVersion": "29067376", - "generation": 1, - "creationTimestamp": "2021-07-14T20:52:29Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-all-to-app-frontend\",\"namespace\":\"testnamespace\"},\"spec\":{\"ingress\":[{}],\"podSelector\":{\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Ingress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:52:29Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:ingress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:app": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "frontend" - } - }, - "ingress": [ - {} - ], - "policyTypes": [ - "Ingress" - ] - } - }, - "testnamespace/allow-backend-to-frontend-on-port-53-policy": { - "metadata": { - "name": "allow-backend-to-frontend-on-port-53-policy", - "namespace": "testnamespace", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/allow-backend-to-frontend-on-port-53-policy", - "uid": "30c97e09-0461-40f8-8a74-de7a61aaaf16", - "resourceVersion": "29067378", - "generation": 1, - "creationTimestamp": "2021-07-14T20:52:29Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-backend-to-frontend-on-port-53-policy\",\"namespace\":\"testnamespace\"},\"spec\":{\"egress\":[{\"ports\":[{\"port\":53,\"protocol\":\"TCP\"},{\"port\":53,\"protocol\":\"UDP\"}]},{\"to\":[{\"namespaceSelector\":{}}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Egress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:52:29Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:egress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:app": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "frontend" - } - }, - "egress": [ - { - "ports": [ - { - "protocol": "TCP", - "port": 53 - }, - { - "protocol": "UDP", - "port": 53 - } - ] - }, - { - "to": [ - { - "namespaceSelector": {} - } - ] - } - ], - "policyTypes": [ - "Egress" - ] - } - }, - "testnamespace/allow-backend-to-frontend-on-port-8000-policy": { - "metadata": { - "name": "allow-backend-to-frontend-on-port-8000-policy", - "namespace": "testnamespace", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/allow-backend-to-frontend-on-port-8000-policy", - "uid": "6d0260ac-7b4d-4547-a22d-4bae6b8ed7f5", - "resourceVersion": "29067519", - "generation": 4, - "creationTimestamp": "2021-07-14T20:52:29Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-backend-to-frontend-on-port-8000-policy\",\"namespace\":\"testnamespace\"},\"spec\":{\"ingress\":[{\"from\":[{\"podSelector\":{\"matchLabels\":{\"app\":\"backend\"}}}],\"ports\":[{\"port\":null}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Ingress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:52:29Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:ingress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:app": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "frontend" - } - }, - "ingress": [ - { - "ports": [ - { - "protocol": "TCP" - } - ], - "from": [ - { - "podSelector": { - "matchLabels": { - "app": "backend" - } - } - } - ] - } - ], - "policyTypes": [ - "Ingress" - ] - } - }, - "testnamespace/allow-ns-dev-to-app-frontend": { - "metadata": { - "name": "allow-ns-dev-to-app-frontend", - "namespace": "testnamespace", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/allow-ns-dev-to-app-frontend", - "uid": "7926d963-e264-46ef-b789-55c0e42c55e6", - "resourceVersion": "29067386", - "generation": 1, - "creationTimestamp": "2021-07-14T20:52:30Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-ns-dev-to-app-frontend\",\"namespace\":\"testnamespace\"},\"spec\":{\"ingress\":[{\"from\":[{\"namespaceSelector\":{\"matchExpressions\":[{\"key\":\"namespace\",\"operator\":\"NotIn\",\"values\":[\"test0\",\"test1\"]}],\"matchLabels\":{\"namespace\":\"dev\"}}}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Ingress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:52:30Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:ingress": {}, - "f:podSelector": { - "f:matchLabels": { - ".": {}, - "f:app": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "frontend" - } - }, - "ingress": [ - { - "from": [ - { - "namespaceSelector": { - "matchLabels": { - "namespace": "dev" - }, - "matchExpressions": [ - { - "key": "namespace", - "operator": "NotIn", - "values": [ - "test0", - "test1" - ] - } - ] - } - } - ] - } - ], - "policyTypes": [ - "Ingress" - ] - } - }, - "testnamespace/deny-all-policy": { - "metadata": { - "name": "deny-all-policy", - "namespace": "testnamespace", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/deny-all-policy", - "uid": "cc2df8ac-f524-4e22-9c4b-39c037442eb3", - "resourceVersion": "29067535", - "generation": 19, - "creationTimestamp": "2021-07-14T20:34:20Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"deny-all-policy\",\"namespace\":\"testnamespace\"},\"spec\":{\"ingress\":[{\"from\":[{\"namespaceSelector\":{}}]}],\"podSelector\":{\"matchExpressions\":[{\"key\":\"k0\",\"operator\":\"DoesNotExist\",\"values\":[]},{\"key\":\"k1\",\"operator\":\"In\",\"values\":[\"v0\",\"v1\"]}],\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Ingress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:53:12Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:ingress": {}, - "f:podSelector": { - "f:matchExpressions": {}, - "f:matchLabels": { - ".": {}, - "f:app": {} - } - }, - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": { - "matchLabels": { - "app": "frontend" - }, - "matchExpressions": [ - { - "key": "k0", - "operator": "DoesNotExist" - }, - { - "key": "k1", - "operator": "In", - "values": [ - "v0", - "v1" - ] - } - ] - }, - "ingress": [ - { - "from": [ - { - "namespaceSelector": {} - } - ] - } - ], - "policyTypes": [ - "Ingress" - ] - } - }, - "unsafe/deny-all-policy": { - "metadata": { - "name": "deny-all-policy", - "namespace": "unsafe", - "selfLink": "/apis/networking.k8s.io/v1/namespaces/unsafe/networkpolicies/deny-all-policy", - "uid": "2bd47895-4b02-4fa3-9909-1b58e2dd5178", - "resourceVersion": "29067529", - "generation": 1, - "creationTimestamp": "2021-07-14T20:53:12Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"deny-all-policy\",\"namespace\":\"unsafe\"},\"spec\":{\"egress\":[],\"podSelector\":{},\"policyTypes\":[\"Egress\"]}}\n" - }, - "managedFields": [ - { - "manager": "kubectl-client-side-apply", - "operation": "Update", - "apiVersion": "networking.k8s.io/v1", - "time": "2021-07-14T20:53:12Z", - "fieldsType": "FieldsV1", - "fieldsV1": { - "f:metadata": { - "f:annotations": { - ".": {}, - "f:kubectl.kubernetes.io/last-applied-configuration": {} - } - }, - "f:spec": { - "f:policyTypes": {} - } - } - } - ] - }, - "spec": { - "podSelector": {}, - "policyTypes": [ - "Egress" - ] - } - } + "ListMap": { + "all-namespaces": {}, + "app:test:int": {}, + "k1:v0:v1": {}, + "ns-addonmanager.kubernetes.io/mode": {}, + "ns-addonmanager.kubernetes.io/mode:Reconcile": {}, + "ns-all": {}, + "ns-all:namespaces": {}, + "ns-control-plane": {}, + "ns-control-plane:true": {}, + "ns-kubernetes.io/cluster-service": {}, + "ns-kubernetes.io/cluster-service:true": {}, + "ns-namespace:dev": {}, + "ns-namespace:test0": {}, + "ns-namespace:test1": {}, + "ns-networking/namespace": {}, + "ns-networking/namespace:kube-system": {}, + "ns-ns": {}, + "ns-ns:dev": {}, + "ns-ns:netpol-4537-x": {}, + "ns-ns:netpol-4537-y": {}, + "ns-ns:x": {}, + "ns-ns:y": {}, + "ns-ns:z": {}, + "ns-project:myproject": {}, + "pod:a:x": {}, + "pod:b:c": {} }, - "ProcessedNpMap": {}, - "TelemetryEnabled": true + "SetMap": { + "allow-backend-to-frontend-on-port-53-policy-in-ns-testnamespace-1out": {}, + "allow-backend-to-frontend-on-port-8000-policy-in-ns-testnamespace-0in": {}, + "allow-multiple-labels-to-multiple-labels-in-ns-acn-0in": {}, + "allow-ns-dev-to-app-frontend-in-ns-testnamespace-0in": {}, + "allow-ns-y-z-pod-b-c-in-ns-netpol-4537-x-0in": {}, + "app": {}, + "app.kubernetes.io/tier": {}, + "app.kubernetes.io/tier:metrics": {}, + "app:backdoor": {}, + "app:backend": {}, + "app:frontend": {}, + "app:int": {}, + "app:k8s": {}, + "app:konnectivity-agent": {}, + "app:prometheus-server": {}, + "app:server": {}, + "app:test": {}, + "binary:cns": {}, + "component": {}, + "component:oms-agent": {}, + "controller-revision-hash": {}, + "controller-revision-hash:799857d4bc": {}, + "deny-all-policy-in-ns-testnamespace-0in": {}, + "group:container": {}, + "k0": {}, + "k1:v0": {}, + "k1:v1": {}, + "k8s-app": {}, + "k8s-app:coredns-autoscaler": {}, + "k8s-app:kube-dns": {}, + "k8s-app:metrics-server": {}, + "k8s-example-policy-in-ns-default-0in": {}, + "k8s-example-policy-in-ns-default-0out": {}, + "kube-system": {}, + "kubernetes.azure.com/managedby": {}, + "kubernetes.azure.com/managedby:aks": {}, + "kubernetes.io/cluster-service": {}, + "kubernetes.io/cluster-service:true": {}, + "namedport:dns": {}, + "namedport:dns-tcp": {}, + "namedport:in-rs-tcp": {}, + "namedport:metrics": {}, + "namedport:serve-80": {}, + "namedport:serve-80-tcp": {}, + "namedport:serve-80-udp": {}, + "ns-acn": {}, + "ns-dangerous": {}, + "ns-default": {}, + "ns-kube-node-lease": {}, + "ns-kube-public": {}, + "ns-kube-system": {}, + "ns-monitoring": {}, + "ns-netpol-4537-x": {}, + "ns-test": {}, + "ns-testnamespace": {}, + "ns-unsafe": {}, + "ns-x": {}, + "ns-y": {}, + "ns-z": {}, + "pod": {}, + "pod-template-generation": {}, + "pod-template-generation:7": {}, + "pod-template-hash": {}, + "pod-template-hash:54686956bd": {}, + "pod-template-hash:58fdc875d5": {}, + "pod-template-hash:6f8864d65f": {}, + "pod-template-hash:77b8db5487": {}, + "pod-template-hash:cb5bc68df": {}, + "pod:a": {}, + "pod:b": {}, + "pod:c": {}, + "pod:x": {}, + "program:cni": {}, + "role:db": {}, + "role:frontend": {}, + "rsName": {}, + "rsName:omsagent-rs": {}, + "team:acn": {}, + "team:aks": {}, + "tier": {}, + "tier:frontend": {}, + "tier:node": {}, + "version": {}, + "version:v20": {} + } } \ No newline at end of file diff --git a/npm/pkg/dataplane/testfiles/npmgr.json b/npm/pkg/dataplane/testfiles/npmgr.json new file mode 100644 index 0000000000..c383524cbf --- /dev/null +++ b/npm/pkg/dataplane/testfiles/npmgr.json @@ -0,0 +1,1579 @@ +{ + "Exec": {}, + "NodeName": "aks-nodepool1-25107630-vmss000001", + "NsMap": { + "all-namespaces": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": { + "all-namespaces": {}, + "app:test:int": {}, + "k1:v0:v1": {}, + "ns-addonmanager.kubernetes.io/mode": {}, + "ns-addonmanager.kubernetes.io/mode:Reconcile": {}, + "ns-all": {}, + "ns-all:namespaces": {}, + "ns-control-plane": {}, + "ns-control-plane:true": {}, + "ns-kubernetes.io/cluster-service": {}, + "ns-kubernetes.io/cluster-service:true": {}, + "ns-namespace:dev": {}, + "ns-namespace:test0": {}, + "ns-namespace:test1": {}, + "ns-networking/namespace": {}, + "ns-networking/namespace:kube-system": {}, + "ns-ns": {}, + "ns-ns:dev": {}, + "ns-ns:netpol-4537-x": {}, + "ns-ns:netpol-4537-y": {}, + "ns-ns:x": {}, + "ns-ns:y": {}, + "ns-ns:z": {}, + "ns-project:myproject": {}, + "pod:a:x": {}, + "pod:b:c": {} + }, + "SetMap": { + "allow-backend-to-frontend-on-port-53-policy-in-ns-testnamespace-1out": {}, + "allow-backend-to-frontend-on-port-8000-policy-in-ns-testnamespace-0in": {}, + "allow-multiple-labels-to-multiple-labels-in-ns-acn-0in": {}, + "allow-ns-dev-to-app-frontend-in-ns-testnamespace-0in": {}, + "allow-ns-y-z-pod-b-c-in-ns-netpol-4537-x-0in": {}, + "app": {}, + "app.kubernetes.io/tier": {}, + "app.kubernetes.io/tier:metrics": {}, + "app:backdoor": {}, + "app:backend": {}, + "app:frontend": {}, + "app:int": {}, + "app:k8s": {}, + "app:konnectivity-agent": {}, + "app:prometheus-server": {}, + "app:server": {}, + "app:test": {}, + "binary:cns": {}, + "component": {}, + "component:oms-agent": {}, + "controller-revision-hash": {}, + "controller-revision-hash:799857d4bc": {}, + "deny-all-policy-in-ns-testnamespace-0in": {}, + "group:container": {}, + "k0": {}, + "k1:v0": {}, + "k1:v1": {}, + "k8s-app": {}, + "k8s-app:coredns-autoscaler": {}, + "k8s-app:kube-dns": {}, + "k8s-app:metrics-server": {}, + "k8s-example-policy-in-ns-default-0in": {}, + "k8s-example-policy-in-ns-default-0out": {}, + "kube-system": {}, + "kubernetes.azure.com/managedby": {}, + "kubernetes.azure.com/managedby:aks": {}, + "kubernetes.io/cluster-service": {}, + "kubernetes.io/cluster-service:true": {}, + "namedport:dns": {}, + "namedport:dns-tcp": {}, + "namedport:in-rs-tcp": {}, + "namedport:metrics": {}, + "namedport:serve-80": {}, + "namedport:serve-80-tcp": {}, + "namedport:serve-80-udp": {}, + "ns-acn": {}, + "ns-dangerous": {}, + "ns-default": {}, + "ns-kube-node-lease": {}, + "ns-kube-public": {}, + "ns-kube-system": {}, + "ns-monitoring": {}, + "ns-netpol-4537-x": {}, + "ns-test": {}, + "ns-testnamespace": {}, + "ns-unsafe": {}, + "ns-x": {}, + "ns-y": {}, + "ns-z": {}, + "pod": {}, + "pod-template-generation": {}, + "pod-template-generation:7": {}, + "pod-template-hash": {}, + "pod-template-hash:54686956bd": {}, + "pod-template-hash:58fdc875d5": {}, + "pod-template-hash:6f8864d65f": {}, + "pod-template-hash:77b8db5487": {}, + "pod-template-hash:cb5bc68df": {}, + "pod:a": {}, + "pod:b": {}, + "pod:c": {}, + "pod:x": {}, + "program:cni": {}, + "role:db": {}, + "role:frontend": {}, + "rsName": {}, + "rsName:omsagent-rs": {}, + "team:acn": {}, + "team:aks": {}, + "tier": {}, + "tier:frontend": {}, + "tier:node": {}, + "version": {}, + "version:v20": {} + } + } + }, + "ns-acn": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-dangerous": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-default": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-kube-node-lease": { + "LabelsMap": { + "all": "namespaces" + }, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-kube-public": { + "LabelsMap": { + "all": "namespaces" + }, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-kube-system": { + "LabelsMap": { + "addonmanager.kubernetes.io/mode": "Reconcile", + "all": "namespaces", + "control-plane": "true", + "kubernetes.io/cluster-service": "true", + "networking/namespace": "kube-system" + }, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-monitoring": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-netpol-4537-x": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-test": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-project": { + "LabelsMap": { + "project": "myproject" + }, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-testnamespace": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-unsafe": { + "LabelsMap": {}, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-x": { + "LabelsMap": { + "ns": "x" + }, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-y": { + "LabelsMap": { + "ns": "y" + }, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + }, + "ns-z": { + "LabelsMap": { + "ns": "z" + }, + "SetMap": {}, + "IpsMgr": { + "ListMap": {}, + "SetMap": {} + } + } + }, + "PodMap": { + "default/ubuntu-proxy-6zg9f": { + "Name": "ubuntu-proxy-6zg9f", + "Namespace": "default", + "PodIP": "10.240.0.17", + "Labels": { + "app.kubernetes.io/tier": "metrics", + "tier": "frontend" + }, + "ContainerPorts": [], + "Phase": "Running" + }, + "default/ubuntu-proxy-vwtx8": { + "Name": "ubuntu-proxy-vwtx8", + "Namespace": "default", + "PodIP": "10.240.0.68", + "Labels": { + "app.kubernetes.io/tier": "metrics", + "tier": "frontend" + }, + "ContainerPorts": [], + "Phase": "Running" + }, + "default/db": { + "Name": "ubuntu-proxy-vwtx8", + "Namespace": "default", + "PodIP": "10.240.0.69", + "Labels": { + "role": "db" + }, + "ContainerPorts": [], + "Phase": "Running" + }, + "kube-system/coredns-77b8db5487-r6ctd": { + "Name": "coredns-77b8db5487-r6ctd", + "Namespace": "kube-system", + "PodIP": "10.240.0.82", + "Labels": { + "k8s-app": "kube-dns", + "kubernetes.io/cluster-service": "true", + "pod-template-hash": "77b8db5487", + "version": "v20" + }, + "ContainerPorts": [ + { + "name": "dns", + "containerPort": 53, + "protocol": "UDP" + }, + { + "name": "dns-tcp", + "containerPort": 53, + "protocol": "TCP" + }, + { + "name": "metrics", + "containerPort": 9153, + "protocol": "TCP" + } + ], + "Phase": "Running" + }, + "kube-system/coredns-77b8db5487-tfxk4": { + "Name": "coredns-77b8db5487-tfxk4", + "Namespace": "kube-system", + "PodIP": "10.240.0.14", + "Labels": { + "k8s-app": "kube-dns", + "kubernetes.io/cluster-service": "true", + "pod-template-hash": "77b8db5487", + "version": "v20" + }, + "ContainerPorts": [ + { + "name": "dns", + "containerPort": 53, + "protocol": "UDP" + }, + { + "name": "dns-tcp", + "containerPort": 53, + "protocol": "TCP" + }, + { + "name": "metrics", + "containerPort": 9153, + "protocol": "TCP" + } + ], + "Phase": "Running" + }, + "kube-system/coredns-autoscaler-cb5bc68df-xjbhc": { + "Name": "coredns-autoscaler-cb5bc68df-xjbhc", + "Namespace": "kube-system", + "PodIP": "10.240.0.10", + "Labels": { + "k8s-app": "coredns-autoscaler", + "pod-template-hash": "cb5bc68df" + }, + "ContainerPorts": [], + "Phase": "Running" + }, + "kube-system/metrics-server-58fdc875d5-rv42s": { + "Name": "metrics-server-58fdc875d5-rv42s", + "Namespace": "kube-system", + "PodIP": "10.240.0.15", + "Labels": { + "k8s-app": "metrics-server", + "pod-template-hash": "58fdc875d5" + }, + "ContainerPorts": [], + "Phase": "Running" + }, + "kube-system/omsagent-4c47t": { + "Name": "omsagent-4c47t", + "Namespace": "kube-system", + "PodIP": "10.240.0.85", + "Labels": { + "component": "oms-agent", + "controller-revision-hash": "799857d4bc", + "kubernetes.azure.com/managedby": "aks", + "pod-template-generation": "7", + "tier": "node" + }, + "ContainerPorts": [ + { + "containerPort": 25225, + "protocol": "TCP" + }, + { + "containerPort": 25224, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "kube-system/omsagent-r9bmf": { + "Name": "omsagent-r9bmf", + "Namespace": "kube-system", + "PodIP": "10.240.0.25", + "Labels": { + "component": "oms-agent", + "controller-revision-hash": "799857d4bc", + "kubernetes.azure.com/managedby": "aks", + "pod-template-generation": "7", + "tier": "node" + }, + "ContainerPorts": [ + { + "containerPort": 25225, + "protocol": "TCP" + }, + { + "containerPort": 25224, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "kube-system/omsagent-rs-6f8864d65f-8pc8b": { + "Name": "omsagent-rs-6f8864d65f-8pc8b", + "Namespace": "kube-system", + "PodIP": "10.240.0.60", + "Labels": { + "kubernetes.azure.com/managedby": "aks", + "pod-template-hash": "6f8864d65f", + "rsName": "omsagent-rs" + }, + "ContainerPorts": [ + { + "containerPort": 25225, + "protocol": "TCP" + }, + { + "containerPort": 25224, + "protocol": "UDP" + }, + { + "name": "in-rs-tcp", + "containerPort": 25227, + "protocol": "TCP" + } + ], + "Phase": "Running" + }, + "kube-system/omsagent-zmmd5": { + "Name": "omsagent-zmmd5", + "Namespace": "kube-system", + "PodIP": "10.240.0.58", + "Labels": { + "component": "oms-agent", + "controller-revision-hash": "799857d4bc", + "kubernetes.azure.com/managedby": "aks", + "pod-template-generation": "7", + "tier": "node" + }, + "ContainerPorts": [ + { + "containerPort": 25225, + "protocol": "TCP" + }, + { + "containerPort": 25224, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "monitoring/prometheus-deployment-54686956bd-89m2j": { + "Name": "prometheus-deployment-54686956bd-89m2j", + "Namespace": "monitoring", + "PodIP": "10.240.0.33", + "Labels": { + "app": "prometheus-server", + "pod-template-hash": "54686956bd" + }, + "ContainerPorts": [ + { + "containerPort": 9090, + "protocol": "TCP" + } + ], + "Phase": "Running" + }, + "test/server": { + "Name": "server", + "Namespace": "test", + "PodIP": "10.240.0.38", + "Labels": { + "app": "server" + }, + "ContainerPorts": [ + { + "name": "serve-80", + "containerPort": 80, + "protocol": "TCP" + } + ], + "Phase": "Running" + }, + "x/a": { + "Name": "a", + "Namespace": "x", + "PodIP": "10.240.0.38", + "Labels": { + "pod": "a" + }, + "ContainerPorts": [ + { + "name": "serve-80", + "containerPort": 80, + "protocol": "UDP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "x/b": { + "Name": "b", + "Namespace": "x", + "PodIP": "10.240.0.59", + "Labels": { + "pod": "b" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "x/c": { + "Name": "c", + "Namespace": "x", + "PodIP": "10.240.0.46", + "Labels": { + "pod": "c" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "testnamespace/a": { + "Name": "a", + "Namespace": "testnamespace", + "PodIP": "10.240.0.12", + "Labels": { + "pod": "a", + "app": "frontend" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "y/b": { + "Name": "b", + "Namespace": "y", + "PodIP": "10.240.0.42", + "Labels": { + "pod": "b" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "y/c": { + "Name": "c", + "Namespace": "y", + "PodIP": "10.240.0.84", + "Labels": { + "pod": "c" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "netpol-4537-x/a": { + "Name": "a", + "Namespace": "netpol-4537-x", + "PodIP": "10.240.0.13", + "Labels": { + "pod": "a" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "z/b": { + "Name": "b", + "Namespace": "z", + "PodIP": "10.240.0.70", + "Labels": { + "pod": "b", + "app": "int" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "z/c": { + "Name": "c", + "Namespace": "z", + "PodIP": "10.240.0.37", + "Labels": { + "pod": "c" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "myproject/frontend1": { + "Name": "frontend1", + "Namespace": "project", + "PodIP": "172.17.0.0", + "Labels": { + "project": "myproject" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + }, + "myproject/frontend2": { + "Name": "frontend", + "Namespace": "project", + "PodIP": "172.17.1.0", + "Labels": { + "project": "myproject" + }, + "ContainerPorts": [ + { + "name": "serve-80-tcp", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "serve-80-udp", + "containerPort": 80, + "protocol": "UDP" + } + ], + "Phase": "Running" + } + }, + "RawNpMap": { + "acn/allow-multiple-labels-to-multiple-labels": { + "metadata": { + "name": "allow-multiple-labels-to-multiple-labels", + "namespace": "acn", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/acn/networkpolicies/allow-multiple-labels-to-multiple-labels", + "uid": "aecb8992-57d4-4610-b927-7569b27b7e59", + "resourceVersion": "29067522", + "generation": 1, + "creationTimestamp": "2021-07-14T20:53:11Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-multiple-labels-to-multiple-labels\",\"namespace\":\"acn\"},\"spec\":{\"ingress\":[{\"from\":[{\"podSelector\":{\"matchLabels\":{\"program\":\"cni\",\"team\":\"acn\"}}},{\"podSelector\":{\"matchLabels\":{\"binary\":\"cns\",\"group\":\"container\"}}}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"k8s\",\"team\":\"aks\"}},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:53:11Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:app": {}, + "f:team": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "k8s", + "team": "aks" + } + }, + "ingress": [ + { + "from": [ + { + "podSelector": { + "matchLabels": { + "program": "cni", + "team": "acn" + } + } + }, + { + "podSelector": { + "matchLabels": { + "binary": "cns", + "group": "container" + } + } + } + ] + } + ], + "policyTypes": [ + "Ingress" + ] + } + }, + "dangerous/allow-backdoor-policy": { + "metadata": { + "name": "allow-backdoor-policy", + "namespace": "dangerous", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/dangerous/networkpolicies/allow-backdoor-policy", + "uid": "ad8ac6eb-d550-457c-8b38-6791835b29c7", + "resourceVersion": "29067521", + "generation": 1, + "creationTimestamp": "2021-07-14T20:53:11Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-backdoor-policy\",\"namespace\":\"dangerous\"},\"spec\":{\"ingress\":[{\"from\":[]}],\"podSelector\":{\"matchLabels\":{\"app\":\"backdoor\"}},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:53:11Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:app": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "backdoor" + } + }, + "ingress": [ + {} + ], + "policyTypes": [ + "Ingress" + ] + } + }, + "default/k8s-example-policy": { + "metadata": { + "name": "k8s-example-policy", + "namespace": "default", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/default/networkpolicies/k8s-example-policy", + "uid": "325bfaff-9974-4dbe-856f-ec4a46303763", + "resourceVersion": "29067527", + "generation": 9, + "creationTimestamp": "2021-07-09T23:14:29Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"k8s-example-policy\",\"namespace\":\"default\"},\"spec\":{\"egress\":[{\"ports\":[{\"port\":5978,\"protocol\":\"TCP\"}],\"to\":[{\"ipBlock\":{\"cidr\":\"10.0.0.0/24\",\"except\":[\"10.0.0.1/32\"]}}]}],\"ingress\":[{\"from\":[{\"ipBlock\":{\"cidr\":\"172.17.0.0/16\",\"except\":[\"172.17.1.0/24\"]}},{\"namespaceSelector\":{\"matchLabels\":{\"project\":\"myproject\"}}},{\"podSelector\":{\"matchLabels\":{\"role\":\"frontend\"}}}],\"ports\":[{\"port\":6379,\"protocol\":\"TCP\"}]}],\"podSelector\":{\"matchLabels\":{\"role\":\"db\"}},\"policyTypes\":[\"Ingress\",\"Egress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:52:30Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:egress": {}, + "f:ingress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:role": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "role": "db" + } + }, + "ingress": [ + { + "ports": [ + { + "protocol": "TCP", + "port": 6379 + } + ], + "from": [ + { + "ipBlock": { + "cidr": "172.17.0.0/16", + "except": [ + "172.17.1.0/24" + ] + } + }, + { + "namespaceSelector": { + "matchLabels": { + "project": "myproject" + } + } + }, + { + "podSelector": { + "matchLabels": { + "role": "frontend" + } + } + } + ] + } + ], + "egress": [ + { + "ports": [ + { + "protocol": "TCP", + "port": 5978 + } + ], + "to": [ + { + "ipBlock": { + "cidr": "10.0.0.0/24", + "except": [ + "10.0.0.1/32" + ] + } + } + ] + } + ], + "policyTypes": [ + "Ingress", + "Egress" + ] + } + }, + "kube-system/konnectivity-agent": { + "metadata": { + "name": "konnectivity-agent", + "namespace": "kube-system", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/kube-system/networkpolicies/konnectivity-agent", + "uid": "9d00b7b2-b29d-4561-aebc-7ef3c2c4bbd4", + "resourceVersion": "437", + "generation": 1, + "creationTimestamp": "2021-03-05T19:45:45Z", + "labels": { + "addonmanager.kubernetes.io/mode": "Reconcile" + }, + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"labels\":{\"addonmanager.kubernetes.io/mode\":\"Reconcile\"},\"name\":\"konnectivity-agent\",\"namespace\":\"kube-system\"},\"spec\":{\"egress\":[{}],\"podSelector\":{\"matchLabels\":{\"app\":\"konnectivity-agent\"}},\"policyTypes\":[\"Egress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-03-05T19:45:45Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + }, + "f:labels": { + ".": {}, + "f:addonmanager.kubernetes.io/mode": {} + } + }, + "f:spec": { + "f:egress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:app": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "konnectivity-agent" + } + }, + "egress": [ + {} + ], + "policyTypes": [ + "Egress" + ] + } + }, + "netpol-4537-x/allow-ns-y-z-pod-b-c": { + "metadata": { + "name": "allow-ns-y-z-pod-b-c", + "namespace": "netpol-4537-x", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/netpol-4537-x/networkpolicies/allow-ns-y-z-pod-b-c", + "uid": "b39959fa-b21e-4872-ace3-e1c113237cf0", + "resourceVersion": "29067525", + "generation": 1, + "creationTimestamp": "2021-07-14T20:53:11Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-ns-y-z-pod-b-c\",\"namespace\":\"netpol-4537-x\"},\"spec\":{\"ingress\":[{\"from\":[{\"namespaceSelector\":{\"matchExpressions\":[{\"key\":\"ns\",\"operator\":\"NotIn\",\"values\":[\"netpol-4537-x\",\"netpol-4537-y\"]}]},\"podSelector\":{\"matchExpressions\":[{\"key\":\"pod\",\"operator\":\"In\",\"values\":[\"b\",\"c\"]},{\"key\":\"app\",\"operator\":\"In\",\"values\":[\"test\",\"int\"]}]}}]}],\"podSelector\":{\"matchExpressions\":[{\"key\":\"pod\",\"operator\":\"In\",\"values\":[\"a\",\"x\"]}]},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:53:11Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": { + "f:matchExpressions": {} + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchExpressions": [ + { + "key": "pod", + "operator": "In", + "values": [ + "a", + "x" + ] + } + ] + }, + "ingress": [ + { + "from": [ + { + "podSelector": { + "matchExpressions": [ + { + "key": "pod", + "operator": "In", + "values": [ + "b", + "c" + ] + }, + { + "key": "app", + "operator": "In", + "values": [ + "test", + "int" + ] + } + ] + }, + "namespaceSelector": { + "matchExpressions": [ + { + "key": "ns", + "operator": "NotIn", + "values": [ + "netpol-4537-x", + "netpol-4537-y" + ] + } + ] + } + } + ] + } + ], + "policyTypes": [ + "Ingress" + ] + } + }, + "test/named-port-ingress-rule": { + "metadata": { + "name": "named-port-ingress-rule", + "namespace": "test", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/test/networkpolicies/named-port-ingress-rule", + "uid": "e2030828-8295-411d-887e-0ccccd59514e", + "resourceVersion": "29067534", + "generation": 1, + "creationTimestamp": "2021-07-14T20:53:12Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"named-port-ingress-rule\",\"namespace\":\"test\"},\"spec\":{\"ingress\":[{\"ports\":[{\"port\":\"serve-80\",\"protocol\":\"TCP\"}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"server\"}},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:53:12Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:app": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "server" + } + }, + "ingress": [ + { + "ports": [ + { + "protocol": "TCP", + "port": "serve-80" + } + ] + } + ], + "policyTypes": [ + "Ingress" + ] + } + }, + "testnamespace/allow-all-to-app-frontend": { + "metadata": { + "name": "allow-all-to-app-frontend", + "namespace": "testnamespace", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/allow-all-to-app-frontend", + "uid": "9b155f6d-1284-4b39-8ef2-1aa670833a44", + "resourceVersion": "29067376", + "generation": 1, + "creationTimestamp": "2021-07-14T20:52:29Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-all-to-app-frontend\",\"namespace\":\"testnamespace\"},\"spec\":{\"ingress\":[{}],\"podSelector\":{\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:52:29Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:app": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "frontend" + } + }, + "ingress": [ + {} + ], + "policyTypes": [ + "Ingress" + ] + } + }, + "testnamespace/allow-backend-to-frontend-on-port-53-policy": { + "metadata": { + "name": "allow-backend-to-frontend-on-port-53-policy", + "namespace": "testnamespace", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/allow-backend-to-frontend-on-port-53-policy", + "uid": "30c97e09-0461-40f8-8a74-de7a61aaaf16", + "resourceVersion": "29067378", + "generation": 1, + "creationTimestamp": "2021-07-14T20:52:29Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-backend-to-frontend-on-port-53-policy\",\"namespace\":\"testnamespace\"},\"spec\":{\"egress\":[{\"ports\":[{\"port\":53,\"protocol\":\"TCP\"},{\"port\":53,\"protocol\":\"UDP\"}]},{\"to\":[{\"namespaceSelector\":{}}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Egress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:52:29Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:egress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:app": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "frontend" + } + }, + "egress": [ + { + "ports": [ + { + "protocol": "TCP", + "port": 53 + }, + { + "protocol": "UDP", + "port": 53 + } + ] + }, + { + "to": [ + { + "namespaceSelector": {} + } + ] + } + ], + "policyTypes": [ + "Egress" + ] + } + }, + "testnamespace/allow-backend-to-frontend-on-port-8000-policy": { + "metadata": { + "name": "allow-backend-to-frontend-on-port-8000-policy", + "namespace": "testnamespace", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/allow-backend-to-frontend-on-port-8000-policy", + "uid": "6d0260ac-7b4d-4547-a22d-4bae6b8ed7f5", + "resourceVersion": "29067519", + "generation": 4, + "creationTimestamp": "2021-07-14T20:52:29Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-backend-to-frontend-on-port-8000-policy\",\"namespace\":\"testnamespace\"},\"spec\":{\"ingress\":[{\"from\":[{\"podSelector\":{\"matchLabels\":{\"app\":\"backend\"}}}],\"ports\":[{\"port\":null}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:52:29Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:app": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "frontend" + } + }, + "ingress": [ + { + "ports": [ + { + "protocol": "TCP" + } + ], + "from": [ + { + "podSelector": { + "matchLabels": { + "app": "backend" + } + } + } + ] + } + ], + "policyTypes": [ + "Ingress" + ] + } + }, + "testnamespace/allow-ns-dev-to-app-frontend": { + "metadata": { + "name": "allow-ns-dev-to-app-frontend", + "namespace": "testnamespace", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/allow-ns-dev-to-app-frontend", + "uid": "7926d963-e264-46ef-b789-55c0e42c55e6", + "resourceVersion": "29067386", + "generation": 1, + "creationTimestamp": "2021-07-14T20:52:30Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"allow-ns-dev-to-app-frontend\",\"namespace\":\"testnamespace\"},\"spec\":{\"ingress\":[{\"from\":[{\"namespaceSelector\":{\"matchExpressions\":[{\"key\":\"namespace\",\"operator\":\"NotIn\",\"values\":[\"test0\",\"test1\"]}],\"matchLabels\":{\"namespace\":\"dev\"}}}]}],\"podSelector\":{\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:52:30Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": { + "f:matchLabels": { + ".": {}, + "f:app": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "frontend" + } + }, + "ingress": [ + { + "from": [ + { + "namespaceSelector": { + "matchLabels": { + "namespace": "dev" + }, + "matchExpressions": [ + { + "key": "namespace", + "operator": "NotIn", + "values": [ + "test0", + "test1" + ] + } + ] + } + } + ] + } + ], + "policyTypes": [ + "Ingress" + ] + } + }, + "testnamespace/deny-all-policy": { + "metadata": { + "name": "deny-all-policy", + "namespace": "testnamespace", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/testnamespace/networkpolicies/deny-all-policy", + "uid": "cc2df8ac-f524-4e22-9c4b-39c037442eb3", + "resourceVersion": "29067535", + "generation": 19, + "creationTimestamp": "2021-07-14T20:34:20Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"deny-all-policy\",\"namespace\":\"testnamespace\"},\"spec\":{\"ingress\":[{\"from\":[{\"namespaceSelector\":{}}]}],\"podSelector\":{\"matchExpressions\":[{\"key\":\"k0\",\"operator\":\"DoesNotExist\",\"values\":[]},{\"key\":\"k1\",\"operator\":\"In\",\"values\":[\"v0\",\"v1\"]}],\"matchLabels\":{\"app\":\"frontend\"}},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:53:12Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": { + "f:matchExpressions": {}, + "f:matchLabels": { + ".": {}, + "f:app": {} + } + }, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app": "frontend" + }, + "matchExpressions": [ + { + "key": "k0", + "operator": "DoesNotExist" + }, + { + "key": "k1", + "operator": "In", + "values": [ + "v0", + "v1" + ] + } + ] + }, + "ingress": [ + { + "from": [ + { + "namespaceSelector": {} + } + ] + } + ], + "policyTypes": [ + "Ingress" + ] + } + }, + "unsafe/deny-all-policy": { + "metadata": { + "name": "deny-all-policy", + "namespace": "unsafe", + "selfLink": "/apis/networking.k8s.io/v1/namespaces/unsafe/networkpolicies/deny-all-policy", + "uid": "2bd47895-4b02-4fa3-9909-1b58e2dd5178", + "resourceVersion": "29067529", + "generation": 1, + "creationTimestamp": "2021-07-14T20:53:12Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"deny-all-policy\",\"namespace\":\"unsafe\"},\"spec\":{\"egress\":[],\"podSelector\":{},\"policyTypes\":[\"Egress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2021-07-14T20:53:12Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": {}, + "policyTypes": [ + "Egress" + ] + } + } + }, + "ProcessedNpMap": {}, + "TelemetryEnabled": true +} \ No newline at end of file From e935a8f46cafa30415a478e6d5e9ae5c507bbb43 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Fri, 10 Sep 2021 15:17:08 -0700 Subject: [PATCH 03/10] Add unit tests --- npm/ipsm/ipsm_test.go | 49 +++++++++++++++++++++++++++++++++++++++ npm/npmCache.go | 1 + npm/npm_test.go | 30 +++++++++++++++++++----- npm/podController_test.go | 27 +++++++++++++++++++++ 4 files changed, 101 insertions(+), 6 deletions(-) diff --git a/npm/ipsm/ipsm_test.go b/npm/ipsm/ipsm_test.go index e99ad5faaf..510acf7f23 100644 --- a/npm/ipsm/ipsm_test.go +++ b/npm/ipsm/ipsm_test.go @@ -11,6 +11,7 @@ import ( "github.com/Azure/azure-container-networking/npm/metrics/promutil" "github.com/Azure/azure-container-networking/npm/util" testutils "github.com/Azure/azure-container-networking/test/utils" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "k8s.io/utils/exec" ) @@ -531,6 +532,54 @@ func TestDestroyNpmIpsets(t *testing.T) { } } +func TestMarshalListMapJSON(t *testing.T) { + testListSet := "test-list" + var calls = []testutils.TestCmd{ + {Cmd: []string{"ipset", "-N", "-exist", util.GetHashedName(testListSet), "setlist"}}, + } + + fexec := testutils.GetFakeExecWithScripts(calls) + ipsMgr := NewIpsetManager(fexec) + defer testutils.VerifyCalls(t, fexec, calls) + + err := ipsMgr.createList(testListSet) + require.NoError(t, err) + + listMapRaw, err := ipsMgr.MarshalListMapJSON() + require.NoError(t, err) + fmt.Println(string(listMapRaw)) + + expect := []byte(`{"test-list":{}}`) + + fmt.Printf("%v\n", ipsMgr.listMap) + assert.ElementsMatch(t, expect, listMapRaw) +} + +func TestMarshalSetMapJSON(t *testing.T) { + testSet := "test-set" + var calls = []testutils.TestCmd{ + {Cmd: []string{"ipset", "-N", "-exist", util.GetHashedName(testSet), "nethash"}}, + } + + fexec := testutils.GetFakeExecWithScripts(calls) + ipsMgr := NewIpsetManager(fexec) + defer testutils.VerifyCalls(t, fexec, calls) + + err := ipsMgr.createSet(testSet, []string{util.IpsetNetHashFlag}) + require.NoError(t, err) + + setMapRaw, err := ipsMgr.MarshalSetMapJSON() + require.NoError(t, err) + fmt.Println(string(setMapRaw)) + + expect := []byte(`{"test-set":{}}`) + for key, val := range ipsMgr.setMap { + fmt.Printf("key: %s value: %+v\n", key, val) + } + + assert.ElementsMatch(t, expect, setMapRaw) +} + // Enable these tests once the the changes for ipsm are enabled /* const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" diff --git a/npm/npmCache.go b/npm/npmCache.go index 96e2121b61..92e01e92c5 100644 --- a/npm/npmCache.go +++ b/npm/npmCache.go @@ -35,6 +35,7 @@ type NPMCache struct { SetMap map[string]*ipsm.Ipset } +// NPMCacheEncoder is used only for unit tests to test encoding and decoding NPMCache. func NPMCacheEncoder(nodeName string) json.Marshaler { noResyncPeriodFunc := func() time.Duration { return 0 } kubeclient := k8sfake.NewSimpleClientset() diff --git a/npm/npm_test.go b/npm/npm_test.go index 209fa80fbe..f27cfa17ca 100644 --- a/npm/npm_test.go +++ b/npm/npm_test.go @@ -10,6 +10,7 @@ import ( "github.com/Azure/azure-container-networking/npm/iptm" "github.com/Azure/azure-container-networking/npm/metrics" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "k8s.io/client-go/tools/cache" "k8s.io/utils/exec" ) @@ -31,20 +32,37 @@ func getKey(obj interface{}, t *testing.T) string { return key } +func TestNSMapMarshalJSON(t *testing.T) { + npmNSCache := &npmNamespaceCache{nsMap: make(map[string]*Namespace)} + nsName := "ns-test" + ns := &Namespace{ + name: nsName, + LabelsMap: map[string]string{ + "test-key": "test-value", + }, + } + + npmNSCache.nsMap[nsName] = ns + nsMapRaw, err := npmNSCache.MarshalJSON() + require.NoError(t, err) + + expect := []byte(`{"ns-test":{"LabelsMap":{"test-key":"test-value"}}}`) + assert.ElementsMatch(t, expect, nsMapRaw) +} + func TestMarshalJSON(t *testing.T) { - nodeName := "nodename" + nodeName := "test-nodename" npmCacheEncoder := NPMCacheEncoder(nodeName) npmCacheRaw, err := npmCacheEncoder.MarshalJSON() - assert.NoError(t, err) - // TODO(junguk): better to use const in NPMCache and nodeName variable - expect := []byte(`{"ListMap":{},"NodeName":"nodename","NsMap":{},"PodMap":{},"SetMap":{}}`) + // "test-nodename" in "NodeName" should be the same as nodeName variable. + expect := []byte(`{"ListMap":{},"NodeName":"test-nodename","NsMap":{},"PodMap":{},"SetMap":{}}`) assert.ElementsMatch(t, expect, npmCacheRaw) } func TestMarshalUnMarshalJSON(t *testing.T) { - nodeName := "nodename" + nodeName := "test-nodename" npmCacheEncoder := NPMCacheEncoder(nodeName) npmCacheRaw, err := npmCacheEncoder.MarshalJSON() @@ -57,7 +75,7 @@ func TestMarshalUnMarshalJSON(t *testing.T) { expected := NPMCache{ ListMap: make(map[string]*ipsm.Ipset), - NodeName: "nodename", + NodeName: nodeName, NsMap: make(map[string]*Namespace), PodMap: make(map[string]*NpmPod), SetMap: make(map[string]*ipsm.Ipset), diff --git a/npm/podController_test.go b/npm/podController_test.go index d4107290fa..f7f59f166a 100644 --- a/npm/podController_test.go +++ b/npm/podController_test.go @@ -11,8 +11,10 @@ import ( "github.com/Azure/azure-container-networking/npm/ipsm" "github.com/Azure/azure-container-networking/npm/util" testutils "github.com/Azure/azure-container-networking/test/utils" + "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" utilexec "k8s.io/utils/exec" + fakeexec "k8s.io/utils/exec/testing" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -635,6 +637,31 @@ func TestPodStatusUpdatePod(t *testing.T) { } } +func TestPodMapMarshalJSON(t *testing.T) { + fexec := &fakeexec.FakeExec{} + f := newFixture(t, fexec) + stopCh := make(chan struct{}) + defer close(stopCh) + f.newPodController(stopCh) + + labels := map[string]string{ + "app": "test-pod", + } + pod := createPod("test-pod", "test-namespace", "0", "1.2.3.4", labels, NonHostNetwork, corev1.PodRunning) + podKey, err := cache.MetaNamespaceKeyFunc(pod) + assert.NoError(t, err) + + npmPod := newNpmPod(pod) + f.podController.podMap[podKey] = npmPod + + npMapRaw, err := f.podController.MarshalJSON() + assert.NoError(t, err) + + expect := []byte(`{"test-namespace/test-pod":{"Name":"test-pod","Namespace":"test-namespace","PodIP":"1.2.3.4","Labels":{},"ContainerPorts":[],"Phase":"Running"}}`) + fmt.Printf("%s\n", string(npMapRaw)) + assert.ElementsMatch(t, expect, npMapRaw) +} + func TestHasValidPodIP(t *testing.T) { podObj := &corev1.Pod{ Status: corev1.PodStatus{ From b07851a842e7c86c6d5d0dc4c267f900c3c48e86 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Fri, 10 Sep 2021 17:00:38 -0700 Subject: [PATCH 04/10] Use correct parameters --- npm/npmCache.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/npm/npmCache.go b/npm/npmCache.go index 92e01e92c5..47b71e196d 100644 --- a/npm/npmCache.go +++ b/npm/npmCache.go @@ -46,7 +46,7 @@ func NPMCacheEncoder(nodeName string) json.Marshaler { exec := &fakeexec.FakeExec{} npmVersion := "npm-ut-test" - npMgr := NewNetworkPolicyManager(kubeclient, kubeInformer, exec, npmVersion, fakeK8sVersion) + npMgr := NewNetworkPolicyManager(kubeInformer, exec, npmVersion, fakeK8sVersion) npMgr.NodeName = nodeName return npMgr } From de62bf99332a1384d58e9a5eb79ea73fa55d1983 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Thu, 16 Sep 2021 15:38:23 -0700 Subject: [PATCH 05/10] Check nil value of ipsMgr before calling marshal function and add UT --- npm/npm.go | 21 ++++++++++++--------- npm/npm_test.go | 9 +++++++++ 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/npm/npm.go b/npm/npm.go index 10c7af4a0f..3298ebab30 100644 --- a/npm/npm.go +++ b/npm/npm.go @@ -100,6 +100,7 @@ func NewNetworkPolicyManager(informerFactory informers.SharedInformerFactory, ex func (npMgr *NetworkPolicyManager) MarshalJSON() ([]byte, error) { m := map[NPMCacheKey]json.RawMessage{} + npmNamespaceCacheRaw, err := json.Marshal(npMgr.npmNamespaceCache) if err != nil { return nil, err @@ -112,17 +113,19 @@ func (npMgr *NetworkPolicyManager) MarshalJSON() ([]byte, error) { } m[PodMap] = podControllerRaw - listMapRaw, err := npMgr.ipsMgr.MarshalListMapJSON() - if err != nil { - return nil, err - } - m[ListMaap] = listMapRaw + if npMgr.ipsMgr != nil { + listMapRaw, err := npMgr.ipsMgr.MarshalListMapJSON() + if err != nil { + return nil, err + } + m[ListMaap] = listMapRaw - setMapRaw, err := npMgr.ipsMgr.MarshalSetMapJSON() - if err != nil { - return nil, err + setMapRaw, err := npMgr.ipsMgr.MarshalSetMapJSON() + if err != nil { + return nil, err + } + m[SetMap] = setMapRaw } - m[SetMap] = setMapRaw nodeNameRaw, err := json.Marshal(npMgr.NodeName) if err != nil { diff --git a/npm/npm_test.go b/npm/npm_test.go index f27cfa17ca..fa8d22fa4a 100644 --- a/npm/npm_test.go +++ b/npm/npm_test.go @@ -50,6 +50,15 @@ func TestNSMapMarshalJSON(t *testing.T) { assert.ElementsMatch(t, expect, nsMapRaw) } +func TestMarshalJSONForNilValues(t *testing.T) { + npMgr := &NetworkPolicyManager{} + npmCacheRaw, err := npMgr.MarshalJSON() + assert.NoError(t, err) + + expect := []byte(`{"NodeName":"","NsMap":null,"PodMap":null}`) + assert.ElementsMatch(t, expect, npmCacheRaw) +} + func TestMarshalJSON(t *testing.T) { nodeName := "test-nodename" npmCacheEncoder := NPMCacheEncoder(nodeName) From 2efd8c5a28a90b68c981482ed5934e22de843a2b Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Thu, 16 Sep 2021 17:06:55 -0700 Subject: [PATCH 06/10] Resolve lint errors --- npm/http/server/server.go | 3 --- npm/ipsm/ipsm.go | 17 +++++++++++++++-- npm/ipsm/ipsm_test.go | 4 ++-- npm/npm.go | 29 +++++++++++++++++++++-------- npm/npmCache.go | 6 +----- npm/podController.go | 13 ++++++++++--- 6 files changed, 49 insertions(+), 23 deletions(-) diff --git a/npm/http/server/server.go b/npm/http/server/server.go index 877d1b0891..4568fbdd17 100644 --- a/npm/http/server/server.go +++ b/npm/http/server/server.go @@ -9,7 +9,6 @@ import ( "github.com/Azure/azure-container-networking/log" npmconfig "github.com/Azure/azure-container-networking/npm/config" - "github.com/Azure/azure-container-networking/npm/http/api" "github.com/Azure/azure-container-networking/npm/metrics" "k8s.io/klog" @@ -17,8 +16,6 @@ import ( "github.com/gorilla/mux" ) -var DefaultHTTPListeningAddress = fmt.Sprintf("%s:%s", api.DefaultListeningIP, api.DefaultHttpPort) - type NPMRestServer struct { listeningAddress string router *mux.Router diff --git a/npm/ipsm/ipsm.go b/npm/ipsm/ipsm.go index 66a452ed29..9b566ecd4f 100644 --- a/npm/ipsm/ipsm.go +++ b/npm/ipsm/ipsm.go @@ -15,6 +15,7 @@ import ( "github.com/Azure/azure-container-networking/log" "github.com/Azure/azure-container-networking/npm/metrics" "github.com/Azure/azure-container-networking/npm/util" + "github.com/pkg/errors" utilexec "k8s.io/utils/exec" ) @@ -78,13 +79,25 @@ func NewIpsetManager(exec utilexec.Interface) *IpsetManager { func (ipsMgr *IpsetManager) MarshalListMapJSON() ([]byte, error) { ipsMgr.Lock() defer ipsMgr.Unlock() - return json.Marshal(ipsMgr.listMap) + + listMapRaw, err := json.Marshal(ipsMgr.listMap) + if err != nil { + return nil, errors.Errorf("failed to marshal ListMap due to %v", err) + } + + return listMapRaw, nil } func (ipsMgr *IpsetManager) MarshalSetMapJSON() ([]byte, error) { ipsMgr.Lock() defer ipsMgr.Unlock() - return json.Marshal(ipsMgr.setMap) + + setMapRaw, err := json.Marshal(ipsMgr.setMap) + if err != nil { + return nil, errors.Errorf("failed to marshal SetMap due to %v", err) + } + + return setMapRaw, nil } // Exists checks if an element exists in setMap/listMap. diff --git a/npm/ipsm/ipsm_test.go b/npm/ipsm/ipsm_test.go index 510acf7f23..51c34ac52c 100644 --- a/npm/ipsm/ipsm_test.go +++ b/npm/ipsm/ipsm_test.go @@ -534,7 +534,7 @@ func TestDestroyNpmIpsets(t *testing.T) { func TestMarshalListMapJSON(t *testing.T) { testListSet := "test-list" - var calls = []testutils.TestCmd{ + calls := []testutils.TestCmd{ {Cmd: []string{"ipset", "-N", "-exist", util.GetHashedName(testListSet), "setlist"}}, } @@ -557,7 +557,7 @@ func TestMarshalListMapJSON(t *testing.T) { func TestMarshalSetMapJSON(t *testing.T) { testSet := "test-set" - var calls = []testutils.TestCmd{ + calls := []testutils.TestCmd{ {Cmd: []string{"ipset", "-N", "-exist", util.GetHashedName(testSet), "nethash"}}, } diff --git a/npm/npm.go b/npm/npm.go index 3298ebab30..55c5c1fedf 100644 --- a/npm/npm.go +++ b/npm/npm.go @@ -15,6 +15,7 @@ import ( "github.com/Azure/azure-container-networking/npm/ipsm" "github.com/Azure/azure-container-networking/npm/metrics" "github.com/Azure/azure-container-networking/npm/util" + "github.com/pkg/errors" "k8s.io/apimachinery/pkg/version" "k8s.io/client-go/informers" coreinformers "k8s.io/client-go/informers/core/v1" @@ -43,7 +44,13 @@ type npmNamespaceCache struct { func (n *npmNamespaceCache) MarshalJSON() ([]byte, error) { n.Lock() defer n.Unlock() - return json.Marshal(n.nsMap) + + nsMapRaw, err := json.Marshal(n.nsMap) + if err != nil { + return nil, errors.Errorf("failed to marshal nsMap due to %v", err) + } + + return nsMapRaw, nil } // NetworkPolicyManager contains informers for pod, namespace and networkpolicy. @@ -103,36 +110,42 @@ func (npMgr *NetworkPolicyManager) MarshalJSON() ([]byte, error) { npmNamespaceCacheRaw, err := json.Marshal(npMgr.npmNamespaceCache) if err != nil { - return nil, err + return nil, errors.Errorf("failed to marshal NPMCache: %v", err) } m[NsMap] = npmNamespaceCacheRaw podControllerRaw, err := json.Marshal(npMgr.podController) if err != nil { - return nil, err + return nil, errors.Errorf("failed to marshal NPMCache: %v", err) } m[PodMap] = podControllerRaw if npMgr.ipsMgr != nil { listMapRaw, err := npMgr.ipsMgr.MarshalListMapJSON() if err != nil { - return nil, err + return nil, errors.Errorf("failed to marshal NPMCache: %v", err) } - m[ListMaap] = listMapRaw + m[ListMap] = listMapRaw setMapRaw, err := npMgr.ipsMgr.MarshalSetMapJSON() if err != nil { - return nil, err + return nil, errors.Errorf("failed to marshal NPMCache: %v", err) } m[SetMap] = setMapRaw } nodeNameRaw, err := json.Marshal(npMgr.NodeName) if err != nil { - return nil, err + return nil, errors.Errorf("failed to marshal NPMCache: %v", err) } m[NodeName] = nodeNameRaw - return json.Marshal(m) + + npmCacheRaw, err := json.Marshal(m) + if err != nil { + return nil, errors.Errorf("failed to marshal NPMCache: %v", err) + } + + return npmCacheRaw, nil } // GetAppVersion returns network policy manager app version diff --git a/npm/npmCache.go b/npm/npmCache.go index 47b71e196d..c130ce8c0a 100644 --- a/npm/npmCache.go +++ b/npm/npmCache.go @@ -7,13 +7,9 @@ import ( "time" "github.com/Azure/azure-container-networking/npm/ipsm" - k8sversion "k8s.io/apimachinery/pkg/version" - kubeinformers "k8s.io/client-go/informers" - k8sfake "k8s.io/client-go/kubernetes/fake" - fakeexec "k8s.io/utils/exec/testing" ) @@ -23,7 +19,7 @@ const ( NodeName NPMCacheKey = "NodeName" NsMap NPMCacheKey = "NsMap" PodMap NPMCacheKey = "PodMap" - ListMaap NPMCacheKey = "ListMap" + ListMap NPMCacheKey = "ListMap" SetMap NPMCacheKey = "SetMap" ) diff --git a/npm/podController.go b/npm/podController.go index 479c98c2ab..8e7f30f64c 100644 --- a/npm/podController.go +++ b/npm/podController.go @@ -13,8 +13,9 @@ import ( "github.com/Azure/azure-container-networking/npm/metrics" "github.com/Azure/azure-container-networking/npm/util" + "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" + apierrors "k8s.io/apimachinery/pkg/api/errors" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/wait" coreinformer "k8s.io/client-go/informers/core/v1" @@ -112,7 +113,13 @@ func NewPodController(podInformer coreinformer.PodInformer, ipsMgr *ipsm.IpsetMa func (c *podController) MarshalJSON() ([]byte, error) { c.Lock() defer c.Unlock() - return json.Marshal(c.podMap) + + podMapRaw, err := json.Marshal(c.podMap) + if err != nil { + return nil, errors.Errorf("failed to marshal podMap due to %v", err) + } + + return podMapRaw, nil } func (c *podController) lengthOfPodMap() int { @@ -302,7 +309,7 @@ func (c *podController) syncPod(key string) error { defer c.Unlock() if err != nil { - if errors.IsNotFound(err) { + if apierrors.IsNotFound(err) { klog.Infof("pod %s not found, may be it is deleted", key) // cleanUpDeletedPod will check if the pod exists in cache, if it does then proceeds with deletion // if it does not exists, then event will be no-op From 514bd7215c2b3d73f58c979370e6c306a1b29a30 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Thu, 16 Sep 2021 16:43:50 -0700 Subject: [PATCH 07/10] Resolve all lint errors --- npm/http/server/server_test.go | 6 +++--- npm/npm.go | 2 +- npm/npmCache.go | 19 ++++++++++--------- npm/npm_test.go | 8 ++++---- npm/pkg/dataplane/debug/converter.go | 6 +++--- npm/pkg/dataplane/debug/trafficanalyzer.go | 12 ++++++------ 6 files changed, 27 insertions(+), 26 deletions(-) diff --git a/npm/http/server/server_test.go b/npm/http/server/server_test.go index fc7441ee5f..35badb204e 100644 --- a/npm/http/server/server_test.go +++ b/npm/http/server/server_test.go @@ -18,7 +18,7 @@ func TestGetNPMCacheHandler(t *testing.T) { assert := assert.New(t) nodeName := "nodename" - npmCacheEncoder := npm.NPMCacheEncoder(nodeName) + npmCacheEncoder := npm.CacheEncoder(nodeName) n := &NPMRestServer{} handler := n.npmCacheHandler(npmCacheEncoder) @@ -40,13 +40,13 @@ func TestGetNPMCacheHandler(t *testing.T) { t.Errorf("failed to read response's data : %w", err) } - actual := &npm.NPMCache{} + actual := &npm.Cache{} err = json.Unmarshal(byteArray, actual) if err != nil { t.Fatalf("failed to unmarshal %s due to %v", string(byteArray), err) } - expected := &npm.NPMCache{ + expected := &npm.Cache{ NodeName: nodeName, NsMap: make(map[string]*npm.Namespace), PodMap: make(map[string]*npm.NpmPod), diff --git a/npm/npm.go b/npm/npm.go index 55c5c1fedf..4d9d8ee326 100644 --- a/npm/npm.go +++ b/npm/npm.go @@ -106,7 +106,7 @@ func NewNetworkPolicyManager(informerFactory informers.SharedInformerFactory, ex } func (npMgr *NetworkPolicyManager) MarshalJSON() ([]byte, error) { - m := map[NPMCacheKey]json.RawMessage{} + m := map[CacheKey]json.RawMessage{} npmNamespaceCacheRaw, err := json.Marshal(npMgr.npmNamespaceCache) if err != nil { diff --git a/npm/npmCache.go b/npm/npmCache.go index c130ce8c0a..707a36b9e7 100644 --- a/npm/npmCache.go +++ b/npm/npmCache.go @@ -13,17 +13,18 @@ import ( fakeexec "k8s.io/utils/exec/testing" ) -type NPMCacheKey string +type CacheKey string +// NPMCache Key Contract for Json marshal and unmarshal const ( - NodeName NPMCacheKey = "NodeName" - NsMap NPMCacheKey = "NsMap" - PodMap NPMCacheKey = "PodMap" - ListMap NPMCacheKey = "ListMap" - SetMap NPMCacheKey = "SetMap" + NodeName CacheKey = "NodeName" + NsMap CacheKey = "NsMap" + PodMap CacheKey = "PodMap" + ListMap CacheKey = "ListMap" + SetMap CacheKey = "SetMap" ) -type NPMCache struct { +type Cache struct { NodeName string NsMap map[string]*Namespace PodMap map[string]*NpmPod @@ -31,8 +32,8 @@ type NPMCache struct { SetMap map[string]*ipsm.Ipset } -// NPMCacheEncoder is used only for unit tests to test encoding and decoding NPMCache. -func NPMCacheEncoder(nodeName string) json.Marshaler { +// CacheEncoder is used only for unit tests to test encoding and decoding Cache. +func CacheEncoder(nodeName string) json.Marshaler { noResyncPeriodFunc := func() time.Duration { return 0 } kubeclient := k8sfake.NewSimpleClientset() kubeInformer := kubeinformers.NewSharedInformerFactory(kubeclient, noResyncPeriodFunc()) diff --git a/npm/npm_test.go b/npm/npm_test.go index fa8d22fa4a..378e30753e 100644 --- a/npm/npm_test.go +++ b/npm/npm_test.go @@ -61,7 +61,7 @@ func TestMarshalJSONForNilValues(t *testing.T) { func TestMarshalJSON(t *testing.T) { nodeName := "test-nodename" - npmCacheEncoder := NPMCacheEncoder(nodeName) + npmCacheEncoder := CacheEncoder(nodeName) npmCacheRaw, err := npmCacheEncoder.MarshalJSON() assert.NoError(t, err) @@ -72,17 +72,17 @@ func TestMarshalJSON(t *testing.T) { func TestMarshalUnMarshalJSON(t *testing.T) { nodeName := "test-nodename" - npmCacheEncoder := NPMCacheEncoder(nodeName) + npmCacheEncoder := CacheEncoder(nodeName) npmCacheRaw, err := npmCacheEncoder.MarshalJSON() assert.NoError(t, err) - decodedNPMCache := NPMCache{} + decodedNPMCache := Cache{} if err := json.Unmarshal(npmCacheRaw, &decodedNPMCache); err != nil { t.Errorf("failed to decode %s to NPMCache", npmCacheRaw) } - expected := NPMCache{ + expected := Cache{ ListMap: make(map[string]*ipsm.Ipset), NodeName: nodeName, NsMap: make(map[string]*Namespace), diff --git a/npm/pkg/dataplane/debug/converter.go b/npm/pkg/dataplane/debug/converter.go index 702ca72db0..a44a3f0beb 100644 --- a/npm/pkg/dataplane/debug/converter.go +++ b/npm/pkg/dataplane/debug/converter.go @@ -26,7 +26,7 @@ type Converter struct { ListMap map[string]string // key: hash(value), value: one of namespace, label of namespace, multiple values SetMap map[string]string // key: hash(value), value: one of label of pods, cidr, namedport AzureNPMChains map[string]bool - NPMCache *npm.NPMCache + NPMCache *npm.Cache } // NpmCacheFromFile initialize NPM cache from file. @@ -36,7 +36,7 @@ func (c *Converter) NpmCacheFromFile(npmCacheJSONFile string) error { return fmt.Errorf("failed to read %s file : %w", npmCacheJSONFile, err) } - c.NPMCache = &npm.NPMCache{} + c.NPMCache = &npm.Cache{} err = json.Unmarshal(byteArray, c.NPMCache) if err != nil { return fmt.Errorf("failed to unmarshal %s due to %w", string(byteArray), err) @@ -64,7 +64,7 @@ func (c *Converter) NpmCache() error { if err != nil { return fmt.Errorf("failed to read response's data : %w", err) } - c.NPMCache = &npm.NPMCache{} + c.NPMCache = &npm.Cache{} err = json.Unmarshal(byteArray, c.NPMCache) if err != nil { return fmt.Errorf("failed to unmarshal %s due to %w", string(byteArray), err) diff --git a/npm/pkg/dataplane/debug/trafficanalyzer.go b/npm/pkg/dataplane/debug/trafficanalyzer.go index fb68732b4f..193c284a31 100644 --- a/npm/pkg/dataplane/debug/trafficanalyzer.go +++ b/npm/pkg/dataplane/debug/trafficanalyzer.go @@ -77,7 +77,7 @@ func GetNetworkTupleFile( // Common function. func getNetworkTupleCommon( src, dst *Input, - npmCache *npm.NPMCache, + npmCache *npm.Cache, allRules []*pb.RuleResponse, ) ([][]byte, []*Tuple, error) { @@ -129,7 +129,7 @@ func getNetworkTupleCommon( return ruleResListJSON, resTupleList, nil } -func getNPMPod(input *Input, npmCache *npm.NPMCache) (*npm.NpmPod, error) { +func getNPMPod(input *Input, npmCache *npm.Cache) (*npm.NpmPod, error) { switch input.Type { case PODNAME: if pod, ok := npmCache.PodMap[input.Content]; ok { @@ -208,7 +208,7 @@ func generateTuple(src, dst *npm.NpmPod, rule *pb.RuleResponse) *Tuple { func getHitRules( src, dst *npm.NpmPod, rules []*pb.RuleResponse, - npmCache *npm.NPMCache, + npmCache *npm.Cache, ) ([]*pb.RuleResponse, error) { res := make([]*pb.RuleResponse, 0) @@ -266,7 +266,7 @@ func evaluateSetInfo( setInfo *pb.RuleResponse_SetInfo, pod *npm.NpmPod, rule *pb.RuleResponse, - npmCache *npm.NPMCache, + npmCache *npm.Cache, ) (bool, error) { switch setInfo.Type { @@ -291,7 +291,7 @@ func evaluateSetInfo( } } -func matchKEYVALUELABELOFNAMESPACE(pod *npm.NpmPod, npmCache *npm.NPMCache, setInfo *pb.RuleResponse_SetInfo) bool { +func matchKEYVALUELABELOFNAMESPACE(pod *npm.NpmPod, npmCache *npm.Cache, setInfo *pb.RuleResponse_SetInfo) bool { srcNamespace := util.NamespacePrefix + pod.Namespace key, expectedValue := processKeyValueLabelOfNameSpace(setInfo.Name) actualValue := npmCache.NsMap[srcNamespace].LabelsMap[key] @@ -330,7 +330,7 @@ func matchNESTEDLABELOFPOD(pod *npm.NpmPod, setInfo *pb.RuleResponse_SetInfo) bo return true } -func matchKEYLABELOFNAMESPACE(pod *npm.NpmPod, npmCache *npm.NPMCache, setInfo *pb.RuleResponse_SetInfo) bool { +func matchKEYLABELOFNAMESPACE(pod *npm.NpmPod, npmCache *npm.Cache, setInfo *pb.RuleResponse_SetInfo) bool { srcNamespace := util.NamespacePrefix + pod.Namespace key := strings.TrimPrefix(setInfo.Name, util.NamespacePrefix) if _, ok := npmCache.NsMap[srcNamespace].LabelsMap[key]; ok { From 094787206e24e8ec0cf0ad39bb5fcbb5a0d12568 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Thu, 16 Sep 2021 17:02:14 -0700 Subject: [PATCH 08/10] Define error --- npm/npm.go | 12 ++++++------ npm/npmCache.go | 3 +++ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/npm/npm.go b/npm/npm.go index 4d9d8ee326..ccd4ae45a8 100644 --- a/npm/npm.go +++ b/npm/npm.go @@ -110,39 +110,39 @@ func (npMgr *NetworkPolicyManager) MarshalJSON() ([]byte, error) { npmNamespaceCacheRaw, err := json.Marshal(npMgr.npmNamespaceCache) if err != nil { - return nil, errors.Errorf("failed to marshal NPMCache: %v", err) + return nil, errors.Errorf("%s: %v", errMarshalNPMCache, err) } m[NsMap] = npmNamespaceCacheRaw podControllerRaw, err := json.Marshal(npMgr.podController) if err != nil { - return nil, errors.Errorf("failed to marshal NPMCache: %v", err) + return nil, errors.Errorf("%s: %v", errMarshalNPMCache, err) } m[PodMap] = podControllerRaw if npMgr.ipsMgr != nil { listMapRaw, err := npMgr.ipsMgr.MarshalListMapJSON() if err != nil { - return nil, errors.Errorf("failed to marshal NPMCache: %v", err) + return nil, errors.Errorf("%s: %v", errMarshalNPMCache, err) } m[ListMap] = listMapRaw setMapRaw, err := npMgr.ipsMgr.MarshalSetMapJSON() if err != nil { - return nil, errors.Errorf("failed to marshal NPMCache: %v", err) + return nil, errors.Errorf("%s: %v", errMarshalNPMCache, err) } m[SetMap] = setMapRaw } nodeNameRaw, err := json.Marshal(npMgr.NodeName) if err != nil { - return nil, errors.Errorf("failed to marshal NPMCache: %v", err) + return nil, errors.Errorf("%s: %v", errMarshalNPMCache, err) } m[NodeName] = nodeNameRaw npmCacheRaw, err := json.Marshal(m) if err != nil { - return nil, errors.Errorf("failed to marshal NPMCache: %v", err) + return nil, errors.Errorf("%s: %v", errMarshalNPMCache, err) } return npmCacheRaw, nil diff --git a/npm/npmCache.go b/npm/npmCache.go index 707a36b9e7..c5cba29e1c 100644 --- a/npm/npmCache.go +++ b/npm/npmCache.go @@ -7,6 +7,7 @@ import ( "time" "github.com/Azure/azure-container-networking/npm/ipsm" + "github.com/pkg/errors" k8sversion "k8s.io/apimachinery/pkg/version" kubeinformers "k8s.io/client-go/informers" k8sfake "k8s.io/client-go/kubernetes/fake" @@ -32,6 +33,8 @@ type Cache struct { SetMap map[string]*ipsm.Ipset } +var errMarshalNPMCache = errors.New("failed to marshal NPM Cache") + // CacheEncoder is used only for unit tests to test encoding and decoding Cache. func CacheEncoder(nodeName string) json.Marshaler { noResyncPeriodFunc := func() time.Duration { return 0 } From eaada8148a7e488b2f5080ffc84e7848b6ab5c12 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Thu, 16 Sep 2021 17:48:32 -0700 Subject: [PATCH 09/10] Use a right file for UT and resolve lint error --- npm/npm.go | 12 ++++++------ npm/pkg/dataplane/debug/const.go | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/npm/npm.go b/npm/npm.go index ccd4ae45a8..403b94fb86 100644 --- a/npm/npm.go +++ b/npm/npm.go @@ -121,15 +121,15 @@ func (npMgr *NetworkPolicyManager) MarshalJSON() ([]byte, error) { m[PodMap] = podControllerRaw if npMgr.ipsMgr != nil { - listMapRaw, err := npMgr.ipsMgr.MarshalListMapJSON() - if err != nil { - return nil, errors.Errorf("%s: %v", errMarshalNPMCache, err) + listMapRaw, listMapMarshalErr := npMgr.ipsMgr.MarshalListMapJSON() + if listMapMarshalErr != nil { + return nil, errors.Errorf("%s: %v", errMarshalNPMCache, listMapMarshalErr) } m[ListMap] = listMapRaw - setMapRaw, err := npMgr.ipsMgr.MarshalSetMapJSON() - if err != nil { - return nil, errors.Errorf("%s: %v", errMarshalNPMCache, err) + setMapRaw, setMapMarshalErr := npMgr.ipsMgr.MarshalSetMapJSON() + if setMapMarshalErr != nil { + return nil, errors.Errorf("%s: %v", errMarshalNPMCache, setMapMarshalErr) } m[SetMap] = setMapRaw } diff --git a/npm/pkg/dataplane/debug/const.go b/npm/pkg/dataplane/debug/const.go index a871d224e1..b37fded3a0 100644 --- a/npm/pkg/dataplane/debug/const.go +++ b/npm/pkg/dataplane/debug/const.go @@ -43,5 +43,5 @@ var ( const ( iptableSaveFile = "../testfiles/iptablesave" // stored file with json compatible form (i.e., can call json.Unmarshal) - npmCacheFile = "../testFiles/npmcache.json" + npmCacheFile = "../testfiles/npmcache.json" ) From 1e1791136ce1980f0b24546b0687933ad2c695a2 Mon Sep 17 00:00:00 2001 From: Junguk Cho Date: Fri, 17 Sep 2021 11:52:06 -0700 Subject: [PATCH 10/10] Use better directory name for managing testfiles --- npm/pkg/dataplane/debug/const.go | 4 ++-- npm/pkg/dataplane/parse/parser_test.go | 2 +- npm/pkg/dataplane/{testfiles => testdata}/iptablesave | 0 npm/pkg/dataplane/{testfiles => testdata}/npmcache.json | 0 npm/pkg/dataplane/{testfiles => testdata}/npmgr.json | 0 5 files changed, 3 insertions(+), 3 deletions(-) rename npm/pkg/dataplane/{testfiles => testdata}/iptablesave (100%) rename npm/pkg/dataplane/{testfiles => testdata}/npmcache.json (100%) rename npm/pkg/dataplane/{testfiles => testdata}/npmgr.json (100%) diff --git a/npm/pkg/dataplane/debug/const.go b/npm/pkg/dataplane/debug/const.go index b37fded3a0..fe36085c27 100644 --- a/npm/pkg/dataplane/debug/const.go +++ b/npm/pkg/dataplane/debug/const.go @@ -41,7 +41,7 @@ var ( // To test paser, converter, and trafficAnalyzer with stored files. const ( - iptableSaveFile = "../testfiles/iptablesave" + iptableSaveFile = "../testdata/iptablesave" // stored file with json compatible form (i.e., can call json.Unmarshal) - npmCacheFile = "../testfiles/npmcache.json" + npmCacheFile = "../testdata/npmcache.json" ) diff --git a/npm/pkg/dataplane/parse/parser_test.go b/npm/pkg/dataplane/parse/parser_test.go index 320a96ef24..bd526ea0a7 100644 --- a/npm/pkg/dataplane/parse/parser_test.go +++ b/npm/pkg/dataplane/parse/parser_test.go @@ -11,7 +11,7 @@ import ( ) func TestParseIptablesObjectFile(t *testing.T) { - _, err := IptablesFile(util.IptablesFilterTable, "../testfiles/iptablesave") + _, err := IptablesFile(util.IptablesFilterTable, "../testdata/iptablesave") if err != nil { t.Fatal(err) } diff --git a/npm/pkg/dataplane/testfiles/iptablesave b/npm/pkg/dataplane/testdata/iptablesave similarity index 100% rename from npm/pkg/dataplane/testfiles/iptablesave rename to npm/pkg/dataplane/testdata/iptablesave diff --git a/npm/pkg/dataplane/testfiles/npmcache.json b/npm/pkg/dataplane/testdata/npmcache.json similarity index 100% rename from npm/pkg/dataplane/testfiles/npmcache.json rename to npm/pkg/dataplane/testdata/npmcache.json diff --git a/npm/pkg/dataplane/testfiles/npmgr.json b/npm/pkg/dataplane/testdata/npmgr.json similarity index 100% rename from npm/pkg/dataplane/testfiles/npmgr.json rename to npm/pkg/dataplane/testdata/npmgr.json