adding warnings type

np-guard · Dec 11, 2024 · d71f4e1 · d71f4e1
1 parent fbace5b
commit d71f4e1
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 23 deletions.
diff --git a/pkg/netpol/eval/internal/k8s/adminnetpol.go b/pkg/netpol/eval/internal/k8s/adminnetpol.go
@@ -30,7 +30,7 @@ import (
 // AdminNetworkPolicy is an alias for k8s adminNetworkPolicy object
 type AdminNetworkPolicy struct {
 	*apisv1a.AdminNetworkPolicy                 // embedding k8s admin-network-policy object
-	warnings                    map[string]bool // set of warnings which are raised by the anp
+	warnings                    common.Warnings // set of warnings which are raised by the anp
 }
 
 // Selects returns true if the admin network policy's Spec.Subject selects the peer and if the required direction is in the policy spec
@@ -80,7 +80,7 @@ func (anp *AdminNetworkPolicy) savePolicyWarnings(ruleName string) {
 		anp.warnings = make(map[string]bool)
 	}
 	for _, warning := range ruleWarnings {
-		addWarning(anp.warnings, anp.anpRuleWarning(ruleName, warning))
+		anp.warnings.AddWarning(anp.anpRuleWarning(ruleName, warning))
 	}
 }
 
@@ -180,7 +180,7 @@ func (anp *AdminNetworkPolicy) GetReferencedIPBlocks() ([]*netset.IPBlock, error
 }
 
 func (anp *AdminNetworkPolicy) LogWarnings(l logger.Logger) {
-	logPolicyWarnings(l, anp.warnings)
+	anp.warnings.LogPolicyWarnings(l)
 }
 
 ///////////////////////////////////////////////////////////////////////////////////////////////
@@ -628,17 +628,3 @@ func rulePeersReferencedIPBlocks(rulePeers []apisv1a.AdminNetworkPolicyEgressPee
 	}
 	return res, nil
 }
-
-// addWarning gets a set of warnings and a warning string; adds the warning to the set if not found
-func addWarning(warningsSet map[string]bool, warning string) {
-	if !warningsSet[warning] {
-		warningsSet[warning] = true
-	}
-}
-
-// logPolicyWarnings gets the logger and a set of policy warnings and logs the warnings
-func logPolicyWarnings(l logger.Logger, warningsSet map[string]bool) {
-	for warning := range warningsSet {
-		l.Warnf(warning)
-	}
-}
diff --git a/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go b/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go
@@ -16,12 +16,13 @@ import (
 
 	"github.com/np-guard/netpol-analyzer/pkg/internal/netpolerrors"
 	"github.com/np-guard/netpol-analyzer/pkg/logger"
+	"github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common"
 )
 
 // BaselineAdminNetworkPolicy  is an alias for k8s BaselineAdminNetworkPolicy object
 type BaselineAdminNetworkPolicy struct {
 	*apisv1a.BaselineAdminNetworkPolicy                 // embedding k8s BaselineAdminNetworkPolicy object
-	warnings                            map[string]bool // set of warnings which are raised by the banp
+	warnings                            common.Warnings // set of warnings which are raised by the banp
 }
 
 // Selects returns true if the baseline admin network policy's Spec.Subject selects the peer and if
@@ -71,7 +72,7 @@ func (banp *BaselineAdminNetworkPolicy) savePolicyWarnings(ruleName string) {
 		banp.warnings = make(map[string]bool)
 	}
 	for _, warning := range ruleWarnings {
-		addWarning(banp.warnings, banpRuleWarning(ruleName, warning))
+		banp.warnings.AddWarning(banpRuleWarning(ruleName, warning))
 	}
 }
 
@@ -175,5 +176,5 @@ func (banp *BaselineAdminNetworkPolicy) GetReferencedIPBlocks() ([]*netset.IPBlo
 }
 
 func (banp *BaselineAdminNetworkPolicy) LogWarnings(l logger.Logger) {
-	logPolicyWarnings(l, banp.warnings)
+	banp.warnings.LogPolicyWarnings(l)
 }
diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go
@@ -44,7 +44,7 @@ type NetworkPolicy struct {
 	// - the maximal connection-set which the policy's rules allow to external destinations on egress direction
 	// - the maximal connection-set which the policy's rules allow to all namespaces in the cluster on egress direction
 	EgressPolicyExposure PolicyExposureWithoutSelectors
-	warnings             map[string]bool // set of warnings which are raised by the netpol
+	warnings             common.Warnings // set of warnings which are raised by the netpol
 }
 
 // @todo might help if while pre-process, to check containment of all rules' connections; if all "specific" rules
@@ -210,7 +210,7 @@ func (np *NetworkPolicy) saveNetpolWarning(warning string) {
 	if np.warnings == nil {
 		np.warnings = make(map[string]bool)
 	}
-	addWarning(np.warnings, warning)
+	np.warnings.AddWarning(warning)
 }
 
 // ruleConnsContain returns true if the given protocol and port are contained in connections allowed by rulePorts
@@ -549,7 +549,7 @@ func (np *NetworkPolicy) fullName() string {
 }
 
 func (np *NetworkPolicy) LogWarnings(l logger.Logger) {
-	logPolicyWarnings(l, np.warnings)
+	np.warnings.LogPolicyWarnings(l)
 }
 
 // /////////////////////////////////////////////////////////////////////////////////////////////

diff --git a/pkg/netpol/internal/common/warning_set.go b/pkg/netpol/internal/common/warning_set.go
@@ -0,0 +1,25 @@
+/*
+Copyright 2023- IBM Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package common
+
+import "github.com/np-guard/netpol-analyzer/pkg/logger"
+
+type Warnings map[string]bool // set of warnings which are raised by any policy object
+
+// AddWarning adds the given warning to the current warnings set if not found
+func (w Warnings) AddWarning(warning string) {
+	if !w[warning] {
+		w[warning] = true
+	}
+}
+
+// LogPolicyWarnings logs current warnings into the given logger
+func (w Warnings) LogPolicyWarnings(l logger.Logger) {
+	for warning := range w {
+		l.Warnf(warning)
+	}
+}