Support for Gateway-API routes

zivnevo · zivnevo · commit 3192b4928aa9 · 2024-09-16T15:23:14.000+03:00
Also, upgrading to Go 1.22 and K8s 1.30

Signed-off-by: Ziv Nevo &lt;nevo@il.ibm.com&gt;
diff --git a/cmd/nettop/main_test.go b/cmd/nettop/main_test.go
@@ -137,6 +137,15 @@ var (
 			false,
 			[]string{"qotd", "expected_netpol_output.json"},
 		},
+		{
+			"ScoreDemo-with-gateway-api",
+			[][]string{{"score-demo"}},
+			yamlFormat,
+			true,
+			[]string{"-v"},
+			false,
+			[]string{"score-demo", "expected_netpol_output.yaml"},
+		},
 		{
 			"CronJobWithNontrivialNetworkAddresses",
 			[][]string{{"openshift", "openshift-operator-lifecycle-manager-resources.yaml"}},
diff --git a/go.mod b/go.mod
@@ -1,33 +1,36 @@
 module github.com/np-guard/cluster-topology-analyzer/v2
 
-go 1.21
+go 1.22.0
+
+toolchain go1.22.2
 
 require (
 	github.com/np-guard/netpol-analyzer v1.2.0
 	github.com/openshift/api v0.0.0-20230502160752-c71432710382
 	github.com/stretchr/testify v1.9.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.29.2
-	k8s.io/apimachinery v0.29.2
+	k8s.io/api v0.30.0
+	k8s.io/apimachinery v0.30.0
 	k8s.io/cli-runtime v0.29.2
+	sigs.k8s.io/gateway-api v1.1.0
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
+	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
-	github.com/go-logr/logr v1.3.0 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
@@ -39,21 +42,20 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/oauth2 v0.10.0 // indirect
-	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
+	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/client-go v0.29.2 // indirect
-	k8s.io/klog/v2 v2.110.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	k8s.io/client-go v0.30.0 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect
+	k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
diff --git a/go.sum b/go.sum
diff --git a/pkg/analyzer/info_to_resource.go b/pkg/analyzer/info_to_resource.go
@@ -24,13 +24,15 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/validation"
 	"k8s.io/cli-runtime/pkg/resource"
+	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 // k8sWorkloadObjectFromInfo creates a Resource object from an Info object
 func k8sWorkloadObjectFromInfo(info *resource.Info) (*Resource, error) {
 	var podSpecV1 *v1.PodTemplateSpec
 	var resourceCtx Resource
 	var metaObj metaV1.Object
+	resourceCtx.Resource.FilePath = info.Source
 	resourceCtx.Resource.Kind = info.Object.GetObjectKind().GroupVersionKind().Kind
 	switch resourceCtx.Resource.Kind {
 	case pod:
@@ -98,7 +100,9 @@ func k8sServiceFromInfo(info *resource.Info) (*Service, error) {
 	if svcObj == nil {
 		return nil, fmt.Errorf("failed to parse Service resource")
 	}
+
 	var serviceCtx Service
+	serviceCtx.Resource.FilePath = info.Source
 	serviceCtx.Resource.Name = svcObj.GetName()
 	serviceCtx.Resource.Namespace = svcObj.Namespace
 	serviceCtx.Resource.Kind = svcObj.Kind
@@ -146,14 +150,9 @@ func ocRouteFromInfo(info *resource.Info, toExpose servicesToExpose) error {
 		return fmt.Errorf("failed to parse Route resource")
 	}
 
-	exposedServicesInNamespace, ok := toExpose[routeObj.Namespace]
-	if !ok {
-		toExpose[routeObj.Namespace] = map[string][]*intstr.IntOrString{}
-		exposedServicesInNamespace = toExpose[routeObj.Namespace]
-	}
-	appendToSliceInMap(exposedServicesInNamespace, routeObj.Spec.To.Name, &routeObj.Spec.Port.TargetPort)
+	toExpose.appendPort(routeObj.Namespace, routeObj.Spec.To.Name, &routeObj.Spec.Port.TargetPort)
 	for _, backend := range routeObj.Spec.AlternateBackends {
-		appendToSliceInMap(exposedServicesInNamespace, backend.Name, &routeObj.Spec.Port.TargetPort)
+		toExpose.appendPort(routeObj.Namespace, backend.Name, &routeObj.Spec.Port.TargetPort)
 	}
 
 	return nil
@@ -166,16 +165,10 @@ func k8sIngressFromInfo(info *resource.Info, toExpose servicesToExpose) error {
 		return fmt.Errorf("failed to parse Ingress resource")
 	}
 
-	exposedServicesInNamespace, ok := toExpose[ingressObj.Namespace]
-	if !ok {
-		toExpose[ingressObj.Namespace] = map[string][]*intstr.IntOrString{}
-		exposedServicesInNamespace = toExpose[ingressObj.Namespace]
-	}
-
 	defaultBackend := ingressObj.Spec.DefaultBackend
 	if defaultBackend != nil && defaultBackend.Service != nil {
 		portToAppend := portFromServiceBackendPort(&defaultBackend.Service.Port)
-		appendToSliceInMap(exposedServicesInNamespace, defaultBackend.Service.Name, portToAppend)
+		toExpose.appendPort(ingressObj.Namespace, defaultBackend.Service.Name, portToAppend)
 	}
 
 	for ruleIdx := range ingressObj.Spec.Rules {
@@ -185,7 +178,7 @@ func k8sIngressFromInfo(info *resource.Info, toExpose servicesToExpose) error {
 				svc := rule.HTTP.Paths[pathIdx].Backend.Service
 				if svc != nil {
 					portToAppend := portFromServiceBackendPort(&svc.Port)
-					appendToSliceInMap(exposedServicesInNamespace, svc.Name, portToAppend)
+					toExpose.appendPort(ingressObj.Namespace, svc.Name, portToAppend)
 				}
 			}
 		}
@@ -202,6 +195,50 @@ func portFromServiceBackendPort(sbp *networkv1.ServiceBackendPort) *intstr.IntOr
 	return &res
 }
 
+func gatewayHTTPRouteFromInfo(info *resource.Info, toExpose servicesToExpose) error {
+	routeObj := parseResourceFromInfo[gatewayv1.HTTPRoute](info)
+	if routeObj == nil {
+		return fmt.Errorf("failed to parse HTTPRoute resource")
+	}
+
+	for i := range routeObj.Spec.Rules {
+		rule := &routeObj.Spec.Rules[i]
+		for j := range rule.BackendRefs {
+			backend := &rule.BackendRefs[j]
+			namespace := routeObj.Namespace
+			if backend.Namespace != nil {
+				namespace = string(*backend.Namespace)
+			}
+			port := intstr.FromInt32(int32(*backend.Port))
+			toExpose.appendPort(namespace, string(backend.Name), &port)
+		}
+	}
+
+	return nil
+}
+
+func gatewayGRPCRouteFromInfo(info *resource.Info, toExpose servicesToExpose) error {
+	routeObj := parseResourceFromInfo[gatewayv1.GRPCRoute](info)
+	if routeObj == nil {
+		return fmt.Errorf("failed to parse GRPCRoute resource")
+	}
+
+	for i := range routeObj.Spec.Rules {
+		rule := &routeObj.Spec.Rules[i]
+		for j := range rule.BackendRefs {
+			backend := &rule.BackendRefs[j]
+			port := intstr.FromInt32(int32(*backend.Port))
+			namespace := routeObj.Namespace
+			if backend.Namespace != nil {
+				namespace = string(*backend.Namespace)
+			}
+			toExpose.appendPort(namespace, string(backend.Name), &port)
+		}
+	}
+
+	return nil
+}
+
 func parseDeployResource(podSpec *v1.PodTemplateSpec, obj metaV1.Object, resourceCtx *Resource) {
 	resourceCtx.Resource.Name = obj.GetName()
 	resourceCtx.Resource.Namespace = obj.GetNamespace()
diff --git a/pkg/analyzer/resource_accumulator.go b/pkg/analyzer/resource_accumulator.go
@@ -8,7 +8,7 @@ package analyzer
 
 import (
 	"fmt"
-	"regexp"
+	"slices"
 
 	"k8s.io/cli-runtime/pkg/resource"
 
@@ -29,12 +29,13 @@ const (
 	configmap             string = "ConfigMap"
 	route                 string = "Route"
 	ingress               string = "Ingress"
+	httpRoute             string = "HTTPRoute"
+	grpcRoute             string = "GRPCRoute"
 )
 
 var (
-	acceptedK8sTypesRegex = fmt.Sprintf("(^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$)",
-		pod, replicaSet, replicationController, deployment, daemonSet, statefulSet, job, cronJob, service, configmap, route, ingress)
-	acceptedK8sTypes = regexp.MustCompile(acceptedK8sTypesRegex)
+	acceptedK8sKinds = []string{pod, replicaSet, replicationController, deployment, daemonSet, statefulSet, job, cronJob,
+		service, configmap, route, ingress, httpRoute, grpcRoute}
 )
 
 // resourceAccumulator is used to locate all relevant K8s resources in given file-system directories
@@ -116,7 +117,7 @@ func (ra *resourceAccumulator) parseInfo(info *resource.Info) error {
 	}
 
 	kind := info.Object.GetObjectKind().GroupVersionKind().Kind
-	if !acceptedK8sTypes.MatchString(kind) {
+	if !slices.Contains(acceptedK8sKinds, kind) {
 		msg := fmt.Sprintf("skipping object with type: %s", kind)
 		resourcePath := info.Source
 		if resourcePath != "" {
@@ -126,40 +127,37 @@ func (ra *resourceAccumulator) parseInfo(info *resource.Info) error {
 		return nil
 	}
 
+	var err error
 	switch kind {
 	case service:
-		res, err := k8sServiceFromInfo(info)
-		if err != nil {
-			return err
+		var svc *Service
+		svc, err = k8sServiceFromInfo(info)
+		if err == nil {
+			ra.services = append(ra.services, svc)
 		}
-		res.Resource.FilePath = info.Source
-		ra.services = append(ra.services, res)
 	case route:
-		err := ocRouteFromInfo(info, ra.servicesToExpose)
-		if err != nil {
-			return err
-		}
+		err = ocRouteFromInfo(info, ra.servicesToExpose)
 	case ingress:
-		err := k8sIngressFromInfo(info, ra.servicesToExpose)
-		if err != nil {
-			return err
-		}
+		err = k8sIngressFromInfo(info, ra.servicesToExpose)
+	case httpRoute:
+		err = gatewayHTTPRouteFromInfo(info, ra.servicesToExpose)
+	case grpcRoute:
+		err = gatewayGRPCRouteFromInfo(info, ra.servicesToExpose)
 	case configmap:
-		res, err := k8sConfigmapFromInfo(info)
-		if err != nil {
-			return err
+		var cfgmap *cfgMap
+		cfgmap, err = k8sConfigmapFromInfo(info)
+		if err == nil {
+			ra.configmaps = append(ra.configmaps, cfgmap)
 		}
-		ra.configmaps = append(ra.configmaps, res)
 	default:
-		res, err := k8sWorkloadObjectFromInfo(info)
-		if err != nil {
-			return err
+		var wl *Resource
+		wl, err = k8sWorkloadObjectFromInfo(info)
+		if err == nil {
+			ra.workloads = append(ra.workloads, wl)
 		}
-		res.Resource.FilePath = info.Source
-		ra.workloads = append(ra.workloads, res)
 	}
 
-	return nil
+	return err
 }
 
 // inlineConfigMapRefsAsEnvs appends to the Envs of each given resource the ConfigMap values it is referring to
diff --git a/pkg/analyzer/types.go b/pkg/analyzer/types.go
@@ -80,3 +80,12 @@ type Connections struct {
 // A map from namespaces to a map of service names in each namespaces, which we want to expose within the cluster.
 // For each service we hold the ports that should be exposed
 type servicesToExpose map[string]map[string][]*intstr.IntOrString
+
+func (ste servicesToExpose) appendPort(namespace, svcName string, port *intstr.IntOrString) {
+	svcPortsMap, ok := ste[namespace]
+	if !ok {
+		ste[namespace] = map[string][]*intstr.IntOrString{}
+		svcPortsMap = ste[namespace]
+	}
+	svcPortsMap[svcName] = append(svcPortsMap[svcName], port)
+}
diff --git a/pkg/analyzer/utils.go b/pkg/analyzer/utils.go
@@ -21,7 +21,3 @@ func appendAndLogNewError(errs []FileProcessingError, newErr *FileProcessingErro
 	errs = append(errs, *newErr)
 	return errs
 }
-
-func appendToSliceInMap[K comparable, V any](m map[K][]V, key K, newVal V) {
-	m[key] = append(m[key], newVal)
-}
diff --git a/tests/score-demo/expected_netpol_output.yaml b/tests/score-demo/expected_netpol_output.yaml
diff --git a/tests/score-demo/manifests.yaml b/tests/score-demo/manifests.yaml

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,3 @@ func appendAndLogNewError(errs []FileProcessingError, newErr *FileProcessingErro`
`21`	`21`	`errs = append(errs, *newErr)`
`22`	`22`	`return errs`
`23`	`23`	`}`
`24`		`-`
`25`		`-func appendToSliceInMap[K comparable, V any](m map[K][]V, key K, newVal V) {`
`26`		`- m[key] = append(m[key], newVal)`
`27`		`-}`