fixed linter problems induced by previous commit

rayaisaiah · rayaisaiah · commit 1b64afb62a14 · 2025-02-06T19:23:20.000Z
diff --git a/tools/azure-npm-to-cilium-validator/azure-npm-to-cilium-validator.go b/tools/azure-npm-to-cilium-validator/azure-npm-to-cilium-validator.go
@@ -80,7 +80,7 @@ func main() {
 	printMigrationSummary(namespaces, policiesByNamespace, servicesByNamespace)
 }
 
-func getEndportNetworkPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (ingressPoliciesWithEndport []string, egressPoliciesWithEndport []string) {
+func getEndportNetworkPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (ingressPoliciesWithEndport, egressPoliciesWithEndport []string) {
 	for namespace, policies := range policiesByNamespace {
 		for _, policy := range policies {
 			// Check the ingress field for endport
@@ -100,7 +100,7 @@ func getEndportNetworkPolicies(policiesByNamespace map[string][]*networkingv1.Ne
 			}
 		}
 	}
-	return
+	return ingressPoliciesWithEndport, egressPoliciesWithEndport
 }
 
 func checkEndportInPolicyRules(ports *[]networkingv1.NetworkPolicyPort) bool {
@@ -112,7 +112,7 @@ func checkEndportInPolicyRules(ports *[]networkingv1.NetworkPolicyPort) bool {
 	return false
 }
 
-func getCIDRNetworkPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (ingressPoliciesWithCIDR []string, egressPoliciesWithCIDR []string) {
+func getCIDRNetworkPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (ingressPoliciesWithCIDR, egressPoliciesWithCIDR []string) {
 	for namespace, policies := range policiesByNamespace {
 		for _, policy := range policies {
 			// Check the ingress field for cidr
@@ -133,7 +133,7 @@ func getCIDRNetworkPolicies(policiesByNamespace map[string][]*networkingv1.Netwo
 			}
 		}
 	}
-	return
+	return ingressPoliciesWithCIDR, egressPoliciesWithCIDR
 }
 
 // Check for CIDR in ingress or egress rules
@@ -162,7 +162,7 @@ func getEgressPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPol
 	return egressPolicies
 }
 
-func getExternalTrafficPolicyClusterServices(namespaces *corev1.NamespaceList, servicesByNamespace map[string][]*corev1.Service, policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (unsafeServices []string, noSelectorServices []string) {
+func getExternalTrafficPolicyClusterServices(namespaces *corev1.NamespaceList, servicesByNamespace map[string][]*corev1.Service, policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (unsafeServices, noSelectorServices []string) {
 	var servicesAtRisk, safeServices []string
 
 	for i := range namespaces.Items {
@@ -198,7 +198,7 @@ func getExternalTrafficPolicyClusterServices(namespaces *corev1.NamespaceList, s
 	// Get the services that are at risk but not in the safe services or no selector services lists
 	unsafeServices = difference(&servicesAtRisk, &safeServices, &noSelectorServices)
 
-	return
+	return unsafeServices, noSelectorServices
 }
 
 func hasIngressPolicies(policies []*networkingv1.NetworkPolicy) bool {
@@ -225,7 +225,7 @@ func checkServiceRisk(service *corev1.Service, namespace *string, policiesListAt
 					return true
 				}
 				// Check if there is an allow all ingress policy that matches the service labels
-				if checkPolicyMatchServiceLabels(&service.Spec.Selector, &policy.Spec.PodSelector.MatchLabels) {
+				if checkPolicyMatchServiceLabels(service.Spec.Selector, policy.Spec.PodSelector.MatchLabels) {
 					// TODO add this to above logic and check in one if statement after i am done printing the logs
 					fmt.Printf("found an allow all ingress policy: %s with matching selectors so service %s in the namespace %s is safe\n", policy.Name, service.Name, *namespace)
 					return true
@@ -234,7 +234,7 @@ func checkServiceRisk(service *corev1.Service, namespace *string, policiesListAt
 			// If there are no ingress from but there are ports in the policy; check if the service is safe
 			if len(ingress.From) == 0 && len(ingress.Ports) > 0 {
 				// If the policy targets all pods (allow all) or only pods that are in the service selector, check if traffic is allowed to all the service's target ports
-				if checkPolicySelectorsAreEmpty(&policy.Spec.PodSelector) || checkPolicyMatchServiceLabels(&service.Spec.Selector, &policy.Spec.PodSelector.MatchLabels) {
+				if checkPolicySelectorsAreEmpty(&policy.Spec.PodSelector) || checkPolicyMatchServiceLabels(service.Spec.Selector, policy.Spec.PodSelector.MatchLabels) {
 					if checkServiceTargetPortMatchPolicyPorts(&service.Spec.Ports, &ingress.Ports) {
 						fmt.Printf("found an ingress port policy: %s with matching selectors and target ports so service %s in the namespace %s is safe\n", policy.Name, service.Name, *namespace)
 						return true
@@ -250,17 +250,17 @@ func checkPolicySelectorsAreEmpty(podSelector *metav1.LabelSelector) bool {
 	return len(podSelector.MatchLabels) == 0 && len(podSelector.MatchExpressions) == 0
 }
 
-func checkPolicyMatchServiceLabels(serviceLabels, policyLabels *map[string]string) bool {
+func checkPolicyMatchServiceLabels(serviceLabels, policyLabels map[string]string) bool {
 	// Return false if the policy has more labels than the service
-	if len(*policyLabels) > len(*serviceLabels) {
+	if len(policyLabels) > len(serviceLabels) {
 		return false
 	}
 
 	// Check for each policy label that that label is present in the service labels
 	// Note does not check matchExpressions
-	for policyKey, policyValue := range *policyLabels {
+	for policyKey, policyValue := range policyLabels {
 		matchedPolicyLabelToServiceLabel := false
-		for serviceKey, serviceValue := range *serviceLabels {
+		for serviceKey, serviceValue := range serviceLabels {
 			if policyKey == serviceKey && policyValue == serviceValue {
 				matchedPolicyLabelToServiceLabel = true
 				break

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ func main() {`
`80`	`80`	`printMigrationSummary(namespaces, policiesByNamespace, servicesByNamespace)`
`81`	`81`	`}`
`82`	`82`
`83`		`-func getEndportNetworkPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (ingressPoliciesWithEndport []string, egressPoliciesWithEndport []string) {`
	`83`	`+func getEndportNetworkPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (ingressPoliciesWithEndport, egressPoliciesWithEndport []string) {`
`84`	`84`	`for namespace, policies := range policiesByNamespace {`
`85`	`85`	`for _, policy := range policies {`
`86`	`86`	`// Check the ingress field for endport`
`@@ -100,7 +100,7 @@ func getEndportNetworkPolicies(policiesByNamespace map[string][]*networkingv1.Ne`
`100`	`100`	`}`
`101`	`101`	`}`
`102`	`102`	`}`
`103`		`- return`
	`103`	`+ return ingressPoliciesWithEndport, egressPoliciesWithEndport`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`func checkEndportInPolicyRules(ports *[]networkingv1.NetworkPolicyPort) bool {`
`@@ -112,7 +112,7 @@ func checkEndportInPolicyRules(ports *[]networkingv1.NetworkPolicyPort) bool {`
`112`	`112`	`return false`
`113`	`113`	`}`
`114`	`114`
`115`		`-func getCIDRNetworkPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (ingressPoliciesWithCIDR []string, egressPoliciesWithCIDR []string) {`
	`115`	`+func getCIDRNetworkPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (ingressPoliciesWithCIDR, egressPoliciesWithCIDR []string) {`
`116`	`116`	`for namespace, policies := range policiesByNamespace {`
`117`	`117`	`for _, policy := range policies {`
`118`	`118`	`// Check the ingress field for cidr`
`@@ -133,7 +133,7 @@ func getCIDRNetworkPolicies(policiesByNamespace map[string][]*networkingv1.Netwo`
`133`	`133`	`}`
`134`	`134`	`}`
`135`	`135`	`}`
`136`		`- return`
	`136`	`+ return ingressPoliciesWithCIDR, egressPoliciesWithCIDR`
`137`	`137`	`}`
`138`	`138`
`139`	`139`	`// Check for CIDR in ingress or egress rules`
`@@ -162,7 +162,7 @@ func getEgressPolicies(policiesByNamespace map[string][]*networkingv1.NetworkPol`
`162`	`162`	`return egressPolicies`
`163`	`163`	`}`
`164`	`164`
`165`		`-func getExternalTrafficPolicyClusterServices(namespaces corev1.NamespaceList, servicesByNamespace map[string][]corev1.Service, policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (unsafeServices []string, noSelectorServices []string) {`
	`165`	`+func getExternalTrafficPolicyClusterServices(namespaces corev1.NamespaceList, servicesByNamespace map[string][]corev1.Service, policiesByNamespace map[string][]*networkingv1.NetworkPolicy) (unsafeServices, noSelectorServices []string) {`
`166`	`166`	`var servicesAtRisk, safeServices []string`
`167`	`167`
`168`	`168`	`for i := range namespaces.Items {`
`@@ -198,7 +198,7 @@ func getExternalTrafficPolicyClusterServices(namespaces *corev1.NamespaceList, s`
`198`	`198`	`// Get the services that are at risk but not in the safe services or no selector services lists`
`199`	`199`	`unsafeServices = difference(&servicesAtRisk, &safeServices, &noSelectorServices)`
`200`	`200`
`201`		`- return`
	`201`	`+ return unsafeServices, noSelectorServices`
`202`	`202`	`}`
`203`	`203`
`204`	`204`	`func hasIngressPolicies(policies []*networkingv1.NetworkPolicy) bool {`
`@@ -225,7 +225,7 @@ func checkServiceRisk(service corev1.Service, namespace string, policiesListAt`
`225`	`225`	`return true`
`226`	`226`	`}`
`227`	`227`	`// Check if there is an allow all ingress policy that matches the service labels`
`228`		`- if checkPolicyMatchServiceLabels(&service.Spec.Selector, &policy.Spec.PodSelector.MatchLabels) {`
	`228`	`+ if checkPolicyMatchServiceLabels(service.Spec.Selector, policy.Spec.PodSelector.MatchLabels) {`
`229`	`229`	`// TODO add this to above logic and check in one if statement after i am done printing the logs`
`230`	`230`	`fmt.Printf("found an allow all ingress policy: %s with matching selectors so service %s in the namespace %s is safe\n", policy.Name, service.Name, *namespace)`
`231`	`231`	`return true`
`@@ -234,7 +234,7 @@ func checkServiceRisk(service corev1.Service, namespace string, policiesListAt`
`234`	`234`	`// If there are no ingress from but there are ports in the policy; check if the service is safe`
`235`	`235`	`if len(ingress.From) == 0 && len(ingress.Ports) > 0 {`
`236`	`236`	`// If the policy targets all pods (allow all) or only pods that are in the service selector, check if traffic is allowed to all the service's target ports`
`237`		`- if checkPolicySelectorsAreEmpty(&policy.Spec.PodSelector) \|\| checkPolicyMatchServiceLabels(&service.Spec.Selector, &policy.Spec.PodSelector.MatchLabels) {`
	`237`	`+ if checkPolicySelectorsAreEmpty(&policy.Spec.PodSelector) \|\| checkPolicyMatchServiceLabels(service.Spec.Selector, policy.Spec.PodSelector.MatchLabels) {`
`238`	`238`	`if checkServiceTargetPortMatchPolicyPorts(&service.Spec.Ports, &ingress.Ports) {`
`239`	`239`	`fmt.Printf("found an ingress port policy: %s with matching selectors and target ports so service %s in the namespace %s is safe\n", policy.Name, service.Name, *namespace)`
`240`	`240`	`return true`
`@@ -250,17 +250,17 @@ func checkPolicySelectorsAreEmpty(podSelector *metav1.LabelSelector) bool {`
`250`	`250`	`return len(podSelector.MatchLabels) == 0 && len(podSelector.MatchExpressions) == 0`
`251`	`251`	`}`
`252`	`252`
`253`		`-func checkPolicyMatchServiceLabels(serviceLabels, policyLabels *map[string]string) bool {`
	`253`	`+func checkPolicyMatchServiceLabels(serviceLabels, policyLabels map[string]string) bool {`
`254`	`254`	`// Return false if the policy has more labels than the service`
`255`		`- if len(policyLabels) > len(serviceLabels) {`
	`255`	`+ if len(policyLabels) > len(serviceLabels) {`
`256`	`256`	`return false`
`257`	`257`	`}`
`258`	`258`
`259`	`259`	`// Check for each policy label that that label is present in the service labels`
`260`	`260`	`// Note does not check matchExpressions`
`261`		`- for policyKey, policyValue := range *policyLabels {`
	`261`	`+ for policyKey, policyValue := range policyLabels {`
`262`	`262`	`matchedPolicyLabelToServiceLabel := false`
`263`		`- for serviceKey, serviceValue := range *serviceLabels {`
	`263`	`+ for serviceKey, serviceValue := range serviceLabels {`
`264`	`264`	`if policyKey == serviceKey && policyValue == serviceValue {`
`265`	`265`	`matchedPolicyLabelToServiceLabel = true`
`266`	`266`	`break`