cilium: Handled fromCIDR:ipAddr as fromEntities:world

Signed-off-by: Wazir Ahmed <wazir@accuknox.com>

src/networkpolicy/networkPolicy.go

@@ -1189,7 +1189,6 @@ func checkIngressEntities(namespace string, mergedSrcPerMergedDst map[string][]M
 			entity := strings.Split(aggregatedSrc, "=")[1]
 
 			for _, dst := range aggregatedMergedDsts {
-				included := true
 
 				ingressPolicy := buildNewKnoxIngressPolicy()
 				ingressPolicy.Metadata["namespace"] = namespace
@@ -1211,14 +1210,25 @@ func checkIngressEntities(namespace string, mergedSrcPerMergedDst map[string][]M
 
 				ingressRule := types.Ingress{}
 				ingressRule.FromEntities = []string{entity}
+
+				for _, toPort := range dst.ToPorts {
+					port := types.SpecPort{Port: toPort.Port, Protocol: toPort.Protocol}
+					ingressRule.ToPorts = append(ingressRule.ToPorts, port)
+				}
+
+				for _, icmp := range dst.ICMPs {
+					i := types.SpecICMP{Family: icmp.Family, Type: icmp.Type}
+					ingressRule.ICMPs = append(ingressRule.ICMPs, i)
+				}
+
 				ingressPolicy.Spec.Ingress = append(ingressPolicy.Spec.Ingress, ingressRule)
 
+				included := false
 				for _, policy := range networkPolicies {
 					if cmp.Equal(&ingressPolicy.Spec.Selector, &policy.Spec.Selector) &&
 						policy.Metadata["rule"] == "fromEntities" {
-
-						if !libs.ContainsElement(policy.Spec.Ingress[0].FromEntities, entity) {
-							included = false
+						if libs.ContainsElement(policy.Spec.Ingress[0].FromEntities, entity) {
+							included = true
 							break
 						}
 					}
@@ -1404,22 +1414,6 @@ func buildNetworkPolicy(namespace string, services []types.Service, aggregatedSr
 					networkPolicies = append(networkPolicies, egressPolicy)
 				}
 
-				// check ingress & fromCIDRs rule
-				if discoverPolicyTypes&INGRESS > 0 && discoverRuleTypes&FROM_CIDRS > 0 {
-					// add ingress policy
-					ingressPolicy := buildNewIngressPolicyFromSameSelector(namespace, egressPolicy.Spec.Selector)
-					ingressPolicy.Metadata["rule"] = "fromCIDRs"
-
-					ingressRule := types.Ingress{}
-
-					fromcidr := types.SpecCIDR{
-						CIDRs: cidrSlice,
-					}
-
-					ingressRule.FromCIDRs = []types.SpecCIDR{fromcidr}
-					ingressPolicy.Spec.Ingress = append(ingressPolicy.Spec.Ingress, ingressRule)
-					networkPolicies = append(networkPolicies, ingressPolicy)
-				}
 			} else if dst.Namespace == "reserved:dns" && len(dst.Additionals) > 0 {
 				egressPolicy.Metadata["rule"] = "toFQDNs"
 

src/plugin/cilium.go

@@ -705,6 +705,25 @@ func ConvertKnoxNetworkPolicyToCiliumPolicy(services []types.Service, inPolicy t
 				ciliumIngress.FromEntities = append(ciliumIngress.FromEntities, entity)
 			}
 
+			for _, toPort := range knoxIngress.ToPorts {
+				if ciliumIngress.ToPorts == nil {
+					ciliumIngress.ToPorts = []types.CiliumPortList{{Ports: []types.CiliumPort{}}}
+				}
+				port := types.CiliumPort{Port: toPort.Port, Protocol: strings.ToUpper(toPort.Protocol)}
+				ciliumIngress.ToPorts[0].Ports = append(ciliumIngress.ToPorts[0].Ports, port)
+			}
+
+			for _, icmp := range knoxIngress.ICMPs {
+				if ciliumIngress.ICMPs == nil {
+					ciliumIngress.ICMPs = []types.CiliumICMP{{Fields: []types.CiliumICMPField{}}}
+				}
+				newField := types.CiliumICMPField{
+					Family: icmp.Family,
+					Type:   icmp.Type,
+				}
+				ciliumIngress.ICMPs[0].Fields = append(ciliumIngress.ICMPs[0].Fields, newField)
+			}
+
 			ciliumPolicy.Spec.Ingress = append(ciliumPolicy.Spec.Ingress, ciliumIngress)
 		}