generated from cybozu-go/neco-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
list.go
120 lines (105 loc) · 2.83 KB
/
list.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package cmd
import (
"context"
"encoding/json"
"fmt"
"io"
"strconv"
"strings"
"text/tabwriter"
"github.com/cilium/cilium/api/v1/client/endpoint"
"github.com/spf13/cobra"
)
func init() {
rootCmd.AddCommand(listCmd)
}
var listCmd = &cobra.Command{
Use: "list",
Short: "list network policies applied to a pod",
Long: `List network policies applied to a pod`,
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
return runList(context.Background(), cmd.OutOrStdout(), args[0])
},
}
const (
directionEgress = "EGRESS"
directionIngress = "INGRESS"
)
type derivedFromEntry struct {
Direction string `json:"direction"`
Kind string `json:"kind"`
Namespace string `json:"namespace"`
Name string `json:"name"`
}
func parseDerivedFromEntry(input []string, direction string) derivedFromEntry {
val := derivedFromEntry{
Direction: direction,
}
for _, s := range input {
switch {
case strings.Contains(s, "k8s:io.cilium.k8s.policy.derived-from"):
val.Kind = strings.Split(s, "=")[1]
case strings.Contains(s, "k8s:io.cilium.k8s.policy.namespace"):
val.Namespace = strings.Split(s, "=")[1]
case strings.Contains(s, "k8s:io.cilium.k8s.policy.name"):
val.Name = strings.Split(s, "=")[1]
}
}
return val
}
func runList(ctx context.Context, w io.Writer, name string) error {
_, dynamicClient, client, err := createClients(ctx, name)
if err != nil {
return err
}
endpointID, err := getPodEndpointID(ctx, dynamicClient, rootOptions.namespace, name)
if err != nil {
return err
}
params := endpoint.GetEndpointIDParams{
Context: ctx,
ID: strconv.FormatInt(endpointID, 10),
}
response, err := client.Endpoint.GetEndpointID(¶ms)
if err != nil {
return err
}
policyList := make([]derivedFromEntry, 0)
ingressRules := response.Payload.Status.Policy.Realized.L4.Ingress
for _, rule := range ingressRules {
for _, r := range rule.DerivedFromRules {
policyList = append(policyList, parseDerivedFromEntry(r, directionIngress))
}
}
egressRules := response.Payload.Status.Policy.Realized.L4.Egress
for _, rule := range egressRules {
for _, r := range rule.DerivedFromRules {
policyList = append(policyList, parseDerivedFromEntry(r, directionEgress))
}
}
switch rootOptions.output {
case OutputJson:
text, err := json.MarshalIndent(policyList, "", " ")
if err != nil {
return err
}
_, err = w.Write(text)
return err
case OutputSimple:
tw := tabwriter.NewWriter(w, 0, 1, 1, ' ', 0)
_, err := tw.Write([]byte("DIRECTION\tKIND\tNAMESPACE\tNAME\n"))
if err != nil {
return err
}
for _, p := range policyList {
_, err := tw.Write([]byte(fmt.Sprintf("%v\t%v\t%v\t%v\n", p.Direction, p.Kind, p.Namespace, p.Name)))
if err != nil {
return err
}
}
return tw.Flush()
default:
return fmt.Errorf("unknown format: %s", rootOptions.output)
}
}