feat: heartbeat log includes counts for cidr and named port netpols

Signed-off-by: Hunter Gregory <[email protected]>

Author: huntergregory

npm/metrics/ai-utils.go

@@ -100,13 +100,16 @@ func SendLog(operationID int, msg string, printLog bool) {
 }
 
 func SendHeartbeatWithNumPolicies() {
-	var message string
 	numPolicies, err := GetNumPolicies()
-	if err == nil {
-		message = fmt.Sprintf("info: NPM heartbeat. Current num policies: %d", numPolicies)
+	numPoliciesString := "unknown"
+	if err != nil {
+		klog.Warningf("warn: NPM hearbeat. Couldn't get number of policies for telemetry log: %s", err.Error())
 	} else {
-		message = fmt.Sprintf("warn: NPM hearbeat. Couldn't get number of policies for telemetry log: %v", err)
-		klog.Warning(message)
+		numPoliciesString = fmt.Sprint(numPolicies)
 	}
+
+	cidrNetPols := GetCidrNetPols()
+	namedPortNetPols := GetNamedPortNetPols()
+	message := fmt.Sprintf("info: NPM hearbeat. Total policies: %s, CIDR policies: %d, NamedPort policies: %d", numPoliciesString, cidrNetPols, namedPortNetPols)
 	SendLog(util.NpmID, message, DonotPrint)
 }

npm/pkg/controlplane/controllers/v2/networkPolicyController.go

@@ -301,10 +301,14 @@ func (c *NetworkPolicyController) syncAddAndUpdateNetPol(netPolObj *networkingv1
 		return metrics.NoOp, nil
 	}
 
-	_, policyExisted := c.rawNpSpecMap[netpolKey]
+	oldNetPolSpec, policyExisted := c.rawNpSpecMap[netpolKey]
+	hadCIDR := false
+	hadNamedPort := false
 	var operationKind metrics.OperationKind
 	if policyExisted {
 		operationKind = metrics.UpdateOp
+		hadCIDR = translation.HasCIDRBlock(oldNetPolSpec)
+		hadNamedPort = translation.HasNamedPort(oldNetPolSpec)
 	} else {
 		operationKind = metrics.CreateOp
 	}
@@ -320,9 +324,25 @@ func (c *NetworkPolicyController) syncAddAndUpdateNetPol(netPolObj *networkingv1
 		return operationKind, fmt.Errorf("[syncAddAndUpdateNetPol] Error: failed to update translated NPMNetworkPolicy into Dataplane due to %w", err)
 	}
 
-	if !policyExisted {
+	if policyExisted {
+		if hadCIDR && !translation.HasCIDRBlock(&netPolObj.Spec) {
+			metrics.DecCidrNetPols()
+		}
+
+		if hadNamedPort && !translation.HasNamedPort(&netPolObj.Spec) {
+			metrics.DecNamedPortNetPols()
+		}
+	} else {
 		// inc metric for NumPolicies only if it a new network policy
 		metrics.IncNumPolicies()
+
+		if translation.HasCIDRBlock(&netPolObj.Spec) {
+			metrics.IncCidrNetPols()
+		}
+
+		if translation.HasNamedPort(&netPolObj.Spec) {
+			metrics.IncNamedPortNetPols()
+		}
 	}
 
 	c.rawNpSpecMap[netpolKey] = &netPolObj.Spec
@@ -331,7 +351,7 @@ func (c *NetworkPolicyController) syncAddAndUpdateNetPol(netPolObj *networkingv1
 
 // DeleteNetworkPolicy handles deleting network policy based on netPolKey.
 func (c *NetworkPolicyController) cleanUpNetworkPolicy(netPolKey string) error {
-	_, cachedNetPolObjExists := c.rawNpSpecMap[netPolKey]
+	cachedNetPolSpec, cachedNetPolObjExists := c.rawNpSpecMap[netPolKey]
 	// if there is no applied network policy with the netPolKey, do not need to clean up process.
 	if !cachedNetPolObjExists {
 		return nil
@@ -342,6 +362,14 @@ func (c *NetworkPolicyController) cleanUpNetworkPolicy(netPolKey string) error {
 		return fmt.Errorf("[cleanUpNetworkPolicy] Error: failed to remove policy due to %w", err)
 	}
 
+	if translation.HasCIDRBlock(cachedNetPolSpec) {
+		metrics.DecCidrNetPols()
+	}
+
+	if translation.HasNamedPort(cachedNetPolSpec) {
+		metrics.DecNamedPortNetPols()
+	}
+
 	// Success to clean up ipset and iptables operations in kernel and delete the cached network policy from RawNpMap
 	delete(c.rawNpSpecMap, netPolKey)
 	metrics.DecNumPolicies()

npm/pkg/controlplane/translation/translatePolicy.go

@@ -684,3 +684,43 @@ func checkOnlyPortRuleExists(
 	}
 	return nil
 }
+
+func HasCIDRBlock(netPolSpec *networkingv1.NetworkPolicySpec) bool {
+	for _, ingress := range netPolSpec.Ingress {
+		for _, from := range ingress.From {
+			if from.IPBlock != nil && from.IPBlock.CIDR != "" {
+				return true
+			}
+		}
+	}
+
+	for _, egress := range netPolSpec.Egress {
+		for _, to := range egress.To {
+			if to.IPBlock != nil && to.IPBlock.CIDR != "" {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
+func HasNamedPort(netPolObj *networkingv1.NetworkPolicySpec) bool {
+	for _, ingress := range netPolObj.Ingress {
+		for _, port := range ingress.Ports {
+			if t, err := portType(port); err != nil && t == namedPortType {
+				return true
+			}
+		}
+	}
+
+	for _, egress := range netPolObj.Egress {
+		for _, port := range egress.Ports {
+			if t, err := portType(port); err != nil && t == namedPortType {
+				return true
+			}
+		}
+	}
+
+	return false
+}