Skip to content

Commit 53fcea0

Browse files
tanyavekslertanyaveksler
authored
Fixed a bug in semantic diff query (#565)
* Fixed a bug in semantic diff query: when skipping the computation of allowed conns between peer1 and peer2, should not automatically skip the reverse direction (computation of allowed connections between peer2 and peer1). Signed-off-by: Tanya <[email protected]> * Fixed a bug in semantic diff query: when skipping the computation of allowed conns between peer1 and peer2, should not automatically skip the reverse direction (computation of allowed connections between peer2 and peer1). Fixed expected result of a test following the above change. Signed-off-by: Tanya <[email protected]> --------- Signed-off-by: Tanya <[email protected]>
1 parent a689a5c commit 53fcea0

File tree

2 files changed

+36
-41
lines changed

2 files changed

+36
-41
lines changed

nca/NetworkConfig/NetworkConfigQuery.py

Lines changed: 33 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1530,35 +1530,31 @@ def compute_diff(self): # noqa: C901
15301530
conn_graph_removed_per_key[key] = self.get_conn_graph_changed_conns(key, old_ip_blocks, False)
15311531
conn_graph_added_per_key[key] = None
15321532
for pair in itertools.product(removed_peers, old_ip_blocks):
1533-
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
1534-
continue
1535-
lost_conns, _, _, _ = self.config1.allowed_connections(pair[0], pair[1])
1536-
if lost_conns:
1537-
conn_graph_removed_per_key[key].add_edge(pair[0], pair[1], lost_conns)
1533+
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
1534+
lost_conns, _, _, _ = self.config1.allowed_connections(pair[0], pair[1])
1535+
if lost_conns:
1536+
conn_graph_removed_per_key[key].add_edge(pair[0], pair[1], lost_conns)
15381537

1539-
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
1540-
continue
1541-
lost_conns, _, _, _ = self.config1.allowed_connections(pair[1], pair[0])
1542-
if lost_conns:
1543-
conn_graph_removed_per_key[key].add_edge(pair[1], pair[0], lost_conns)
1538+
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
1539+
lost_conns, _, _, _ = self.config1.allowed_connections(pair[1], pair[0])
1540+
if lost_conns:
1541+
conn_graph_removed_per_key[key].add_edge(pair[1], pair[0], lost_conns)
15441542

15451543
# 2.1. lost connections between removed peers and intersected peers
15461544
key = 'Lost connections between removed peers and persistent peers'
15471545
keys_list.append(key)
15481546
conn_graph_removed_per_key[key] = self.get_conn_graph_changed_conns(key, PeerSet(), False)
15491547
conn_graph_added_per_key[key] = None
15501548
for pair in itertools.product(removed_peers, intersected_peers):
1551-
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
1552-
continue
1553-
lost_conns, _, _, _ = self.config1.allowed_connections(pair[0], pair[1])
1554-
if lost_conns:
1555-
conn_graph_removed_per_key[key].add_edge(pair[0], pair[1], lost_conns)
1549+
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
1550+
lost_conns, _, _, _ = self.config1.allowed_connections(pair[0], pair[1])
1551+
if lost_conns:
1552+
conn_graph_removed_per_key[key].add_edge(pair[0], pair[1], lost_conns)
15561553

1557-
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
1558-
continue
1559-
lost_conns, _, _, _ = self.config1.allowed_connections(pair[1], pair[0])
1560-
if lost_conns:
1561-
conn_graph_removed_per_key[key].add_edge(pair[1], pair[0], lost_conns)
1554+
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
1555+
lost_conns, _, _, _ = self.config1.allowed_connections(pair[1], pair[0])
1556+
if lost_conns:
1557+
conn_graph_removed_per_key[key].add_edge(pair[1], pair[0], lost_conns)
15621558

15631559
# 3.1. lost/new connections between intersected peers due to changes in policies and labels of pods/namespaces
15641560
key = 'Changed connections between persistent peers'
@@ -1600,17 +1596,15 @@ def compute_diff(self): # noqa: C901
16001596
conn_graph_removed_per_key[key] = None
16011597
conn_graph_added_per_key[key] = self.get_conn_graph_changed_conns(key, PeerSet(), True)
16021598
for pair in itertools.product(intersected_peers, added_peers):
1603-
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
1604-
continue
1605-
new_conns, _, _, _ = self.config2.allowed_connections(pair[0], pair[1])
1606-
if new_conns:
1607-
conn_graph_added_per_key[key].add_edge(pair[0], pair[1], new_conns)
1599+
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
1600+
new_conns, _, _, _ = self.config2.allowed_connections(pair[0], pair[1])
1601+
if new_conns:
1602+
conn_graph_added_per_key[key].add_edge(pair[0], pair[1], new_conns)
16081603

1609-
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
1610-
continue
1611-
new_conns, _, _, _ = self.config2.allowed_connections(pair[1], pair[0])
1612-
if new_conns:
1613-
conn_graph_added_per_key[key].add_edge(pair[1], pair[0], new_conns)
1604+
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
1605+
new_conns, _, _, _ = self.config2.allowed_connections(pair[1], pair[0])
1606+
if new_conns:
1607+
conn_graph_added_per_key[key].add_edge(pair[1], pair[0], new_conns)
16141608

16151609
# 5.1. new connections between added peers
16161610
key = 'New connections between added peers'
@@ -1631,17 +1625,15 @@ def compute_diff(self): # noqa: C901
16311625
conn_graph_added_per_key[key] = self.get_conn_graph_changed_conns(key, new_ip_blocks, True)
16321626

16331627
for pair in itertools.product(added_peers, new_ip_blocks):
1634-
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
1635-
continue
1636-
new_conns, _, _, _ = self.config2.allowed_connections(pair[0], pair[1])
1637-
if new_conns:
1638-
conn_graph_added_per_key[key].add_edge(pair[0], pair[1], new_conns)
1639-
1640-
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
1641-
continue
1642-
new_conns, _, _, _ = self.config2.allowed_connections(pair[1], pair[0])
1643-
if new_conns:
1644-
conn_graph_added_per_key[key].add_edge(pair[1], pair[0], new_conns)
1628+
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
1629+
new_conns, _, _, _ = self.config2.allowed_connections(pair[0], pair[1])
1630+
if new_conns:
1631+
conn_graph_added_per_key[key].add_edge(pair[0], pair[1], new_conns)
1632+
1633+
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
1634+
new_conns, _, _, _ = self.config2.allowed_connections(pair[1], pair[0])
1635+
if new_conns:
1636+
conn_graph_added_per_key[key].add_edge(pair[1], pair[0], new_conns)
16451637

16461638
return self.get_results_for_computed_fw_rules(keys_list, conn_graph_removed_per_key,
16471639
conn_graph_added_per_key)

tests/k8s_testcases/expected_output/semantic_diff_online_boutique_new_synthesized_vs_orig_synthesized.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@ orig_online_boutique_synthesis_res and new_online_synthesis_res are not semantic
22

33
Lost connections between removed peers and persistent peers (based on topology from config: orig_online_boutique_synthesis_res) :
44
src_ns: [default] src_pods: [cartservice] dst_ns: [default] dst_pods: [redis-cart] conn: TCP 6379
5+
src_ns: [kube-system] src_pods: [*] dst: *.googleapis.com conn: All connections
6+
src_ns: [kube-system] src_pods: [*] dst: accounts.google.com conn: All connections
7+
src_ns: [kube-system] src_pods: [*] dst: metadata.google.internal conn: All connections
58

69
Removed connections between persistent peers (based on topology from config: orig_online_boutique_synthesis_res) :
710
src_ns: [default] src_pods: [cartservice] dst_ns: [kube-system] dst_pods: [*] conn: UDP 53

0 commit comments

Comments
 (0)