@@ -207,9 +207,9 @@ func getExternalTrafficPolicyClusterServices(
207207 }
208208
209209 // Remove all the safe services from the services at risk
210- unsafeRiskServices = difference (& riskServices , & safeServices )
210+ unsafeRiskServices = difference (riskServices , safeServices )
211211 // Remove all the safe services from the no selector services
212- unsafeNoSelectorServices = difference (& noSelectorServices , & safeServices )
212+ unsafeNoSelectorServices = difference (noSelectorServices , safeServices )
213213 return unsafeRiskServices , unsafeNoSelectorServices
214214}
215215
@@ -302,6 +302,7 @@ func checkServiceTargetPortMatchPolicyPorts(servicePorts []corev1.ServicePort, p
302302 return false
303303 }
304304 // If the policy only has a protocol check the protocol against the service
305+ // Note if a network policy on NPM just targets a protocol it will allow all traffic with containing that protocol (ignoring the port)
305306 if policyPort .Port == nil && policyPort .Protocol != nil {
306307 if string (servicePort .Protocol ) == string (* policyPort .Protocol ) {
307308 matchedserviceTargetPortToPolicyPort = true
@@ -331,13 +332,13 @@ func checkServiceTargetPortMatchPolicyPorts(servicePorts []corev1.ServicePort, p
331332 return true
332333}
333334
334- func difference (slice1 , slice2 * []string ) []string {
335+ func difference (slice1 , slice2 []string ) []string {
335336 m := make (map [string ]struct {})
336- for _ , s := range * slice2 {
337+ for _ , s := range slice2 {
337338 m [s ] = struct {}{}
338339 }
339340 var diff []string
340- for _ , s := range * slice1 {
341+ for _ , s := range slice1 {
341342 if _ , ok := m [s ]; ! ok {
342343 diff = append (diff , s )
343344 }
@@ -355,31 +356,31 @@ func printMigrationSummary(namespaces *corev1.NamespaceList, policiesByNamespace
355356 ingressEndportNetworkPolicy , egressEndportNetworkPolicy := getEndportNetworkPolicies (policiesByNamespace )
356357
357358 // Print the network policies with endport
358- printPoliciesWithEndport (& ingressEndportNetworkPolicy , & egressEndportNetworkPolicy )
359+ printPoliciesWithEndport (ingressEndportNetworkPolicy , egressEndportNetworkPolicy )
359360
360361 fmt .Println ("+------------------------------+-------------------------------+" )
361362
362363 // Get the cidr of the network policies
363364 ingressPoliciesWithCIDR , egressPoliciesWithCIDR := getCIDRNetworkPolicies (policiesByNamespace )
364365
365366 // Print the network policies with CIDR
366- printPoliciesWithCIDR (& ingressPoliciesWithCIDR , & egressPoliciesWithCIDR )
367+ printPoliciesWithCIDR (ingressPoliciesWithCIDR , egressPoliciesWithCIDR )
367368
368369 fmt .Println ("+------------------------------+-------------------------------+" )
369370
370371 // Get the egress of the network policies
371372 egressPolicies := getEgressPolicies (policiesByNamespace )
372373
373374 // Print the network policies with egress
374- printEgressPolicies (& egressPolicies )
375+ printEgressPolicies (egressPolicies )
375376
376377 fmt .Println ("+------------------------------+-------------------------------+" )
377378
378379 // Get services that have externalTrafficPolicy!=Local
379380 unsafeRiskServices , unsafeNoSelectorServices := getExternalTrafficPolicyClusterServices (namespaces , servicesByNamespace , policiesByNamespace )
380381
381382 // Print the services that are at risk
382- printUnsafeServices (& unsafeRiskServices , & unsafeNoSelectorServices )
383+ printUnsafeServices (unsafeRiskServices , unsafeNoSelectorServices )
383384
384385 fmt .Println ("+------------------------------+-------------------------------+" )
385386 if len (ingressEndportNetworkPolicy ) > 0 || len (egressEndportNetworkPolicy ) > 0 ||
@@ -395,82 +396,82 @@ func printMigrationSummary(namespaces *corev1.NamespaceList, policiesByNamespace
395396 }
396397}
397398
398- func printPoliciesWithEndport (ingressEndportNetworkPolicy , egressEndportNetworkPolicy * []string ) {
399- if len (* ingressEndportNetworkPolicy ) == 0 && len (* egressEndportNetworkPolicy ) == 0 {
399+ func printPoliciesWithEndport (ingressEndportNetworkPolicy , egressEndportNetworkPolicy []string ) {
400+ if len (ingressEndportNetworkPolicy ) == 0 && len (egressEndportNetworkPolicy ) == 0 {
400401 fmt .Printf ("%-30s | %-30s \n " , "NetworkPolicy with endport" , "✅" )
401402 } else {
402403 fmt .Printf ("%-30s | %-30s \n " , "NetworkPolicy with endport" , "❌" )
403404 fmt .Println ("Policies affected:" )
404- for _ , policy := range * ingressEndportNetworkPolicy {
405+ for _ , policy := range ingressEndportNetworkPolicy {
405406 policyNamespace := strings .Split (policy , "/" )[0 ]
406407 policyName := strings .Split (policy , "/" )[1 ]
407408 fmt .Printf ("❌ Found NetworkPolicy: \033 [31m%s\033 [0m with ingress endPort field in namespace: \033 [31m%s\033 [0m\n " , policyName , policyNamespace )
408409 }
409- for _ , policy := range * egressEndportNetworkPolicy {
410+ for _ , policy := range egressEndportNetworkPolicy {
410411 policyNamespace := strings .Split (policy , "/" )[0 ]
411412 policyName := strings .Split (policy , "/" )[1 ]
412413 fmt .Printf ("❌ Found NetworkPolicy: \033 [31m%s\033 [0m with engress endPort field in namespace: \033 [31m%s\033 [0m\n " , policyName , policyNamespace )
413414 }
414415 }
415416}
416417
417- func printPoliciesWithCIDR (ingressPoliciesWithCIDR , egressPoliciesWithCIDR * []string ) {
418- if len (* ingressPoliciesWithCIDR ) == 0 && len (* egressPoliciesWithCIDR ) == 0 {
418+ func printPoliciesWithCIDR (ingressPoliciesWithCIDR , egressPoliciesWithCIDR []string ) {
419+ if len (ingressPoliciesWithCIDR ) == 0 && len (egressPoliciesWithCIDR ) == 0 {
419420 fmt .Printf ("%-30s | %-30s \n " , "NetworkPolicy with CIDR" , "✅" )
420421 } else {
421422 fmt .Printf ("%-30s | %-30s \n " , "NetworkPolicy with CIDR" , "❌" )
422423 fmt .Println ("Policies affected:" )
423- for _ , policy := range * ingressPoliciesWithCIDR {
424+ for _ , policy := range ingressPoliciesWithCIDR {
424425 policyNamespace := strings .Split (policy , "/" )[0 ]
425426 policyName := strings .Split (policy , "/" )[1 ]
426427 fmt .Printf ("❌ Found NetworkPolicy: \033 [31m%s\033 [0m with ingress CIDR field in namespace: \033 [31m%s\033 [0m\n " , policyName , policyNamespace )
427428 }
428- for _ , policy := range * egressPoliciesWithCIDR {
429+ for _ , policy := range egressPoliciesWithCIDR {
429430 policyNamespace := strings .Split (policy , "/" )[0 ]
430431 policyName := strings .Split (policy , "/" )[1 ]
431432 fmt .Printf ("❌ Found NetworkPolicy: \033 [31m%s\033 [0m with egress CIDR field in namespace: \033 [31m%s\033 [0m\n " , policyName , policyNamespace )
432433 }
433434 }
434435}
435436
436- func printEgressPolicies (egressPolicies * []string ) {
437- if len (* egressPolicies ) == 0 {
437+ func printEgressPolicies (egressPolicies []string ) {
438+ if len (egressPolicies ) == 0 {
438439 fmt .Printf ("%-30s | %-30s \n " , "NetworkPolicy with egress" , "✅" )
439440 } else {
440441 fmt .Printf ("%-30s | %-30s \n " , "NetworkPolicy with egress" , "❌" )
441442 fmt .Printf ("%-30s | %-30s \n " , "(Not allow all egress)" , "" )
442443 fmt .Println ("Policies affected:" )
443- for _ , policy := range * egressPolicies {
444+ for _ , policy := range egressPolicies {
444445 policyNamespace := strings .Split (policy , "/" )[0 ]
445446 policyName := strings .Split (policy , "/" )[1 ]
446447 fmt .Printf ("❌ Found NetworkPolicy: \033 [31m%s\033 [0m with egress field (non-allow all) in namespace: \033 [31m%s\033 [0m\n " , policyName , policyNamespace )
447448 }
448449 }
449450}
450451
451- func printUnsafeServices (unsafeRiskServices , unsafeNoSelectorServices * []string ) {
452+ func printUnsafeServices (unsafeRiskServices , unsafeNoSelectorServices []string ) {
452453 // If there is no unsafe services and services with no selectors then migration is safe for services with extranalTrafficPolicy=Cluster
453- if len (* unsafeRiskServices ) == 0 {
454+ if len (unsafeRiskServices ) == 0 {
454455 fmt .Printf ("%-30s | %-30s \n " , "Disruption for some" , "✅" )
455456 fmt .Printf ("%-30s | %-30s \n " , "Services with" , "" )
456457 fmt .Printf ("%-30s | %-30s \n " , "externalTrafficPolicy=Cluster" , "" )
457458 } else {
458459 // Remove all no selector services from unsafe services to prevent repeating the same flagged service
459- * unsafeRiskServices = difference (unsafeRiskServices , unsafeNoSelectorServices )
460+ unsafeRiskServices = difference (unsafeRiskServices , unsafeNoSelectorServices )
460461 fmt .Printf ("%-30s | %-30s \n " , "Disruption for some" , "❌" )
461462 fmt .Printf ("%-30s | %-30s \n " , "Services with" , "" )
462463 fmt .Printf ("%-30s | %-30s \n " , "externalTrafficPolicy=Cluster" , "" )
463464 fmt .Println ("Services affected:" )
464465 // If there are any no selector services or unsafe services then print them as they could be impacted by migration
465- if len (* unsafeNoSelectorServices ) > 0 {
466- for _ , service := range * unsafeNoSelectorServices {
466+ if len (unsafeNoSelectorServices ) > 0 {
467+ for _ , service := range unsafeNoSelectorServices {
467468 serviceName := strings .Split (service , "/" )[1 ]
468469 serviceNamespace := strings .Split (service , "/" )[0 ]
469470 fmt .Printf ("❌ Found Service: \033 [31m%s\033 [0m without selectors in namespace: \033 [31m%s\033 [0m\n " , serviceName , serviceNamespace )
470471 }
471472 }
472- if len (* unsafeRiskServices ) > 0 {
473- for _ , service := range * unsafeRiskServices {
473+ if len (unsafeRiskServices ) > 0 {
474+ for _ , service := range unsafeRiskServices {
474475 serviceName := strings .Split (service , "/" )[1 ]
475476 serviceNamespace := strings .Split (service , "/" )[0 ]
476477 fmt .Printf ("❌ Found Service: \033 [31m%s\033 [0m with selectors in namespace: \033 [31m%s\033 [0m\n " , serviceName , serviceNamespace )
0 commit comments