Skip to content

Commit

Permalink
Merge branch 'master' into intersects-based-queries-optimized
Browse files Browse the repository at this point in the history
  • Loading branch information
tanyaveksler authored Jul 25, 2023
2 parents 0f952e6 + 53fcea0 commit 6d109f8
Show file tree
Hide file tree
Showing 8 changed files with 46 additions and 50 deletions.
2 changes: 1 addition & 1 deletion .github/actions/setup-nca-env/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ description: 'Checks out NCA, then installs the required dependencies'
runs:
using: "composite"
steps:
- uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: 3.8
architecture: x64
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e
uses: github/codeql-action/init@489225d82a57396c6f426a40e66d461b16b3461d
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -44,4 +44,4 @@ jobs:
# queries: ./path/to/local/query, your-org/your-repo/queries@main

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e
uses: github/codeql-action/analyze@489225d82a57396c6f426a40e66d461b16b3461d
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.1.27
uses: github/codeql-action/upload-sarif@489225d82a57396c6f426a40e66d461b16b3461d # v2.1.27
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/test-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ jobs:
runs-on: ubuntu-latest
needs: build_package
steps:
- uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: 3.8
architecture: x64
Expand Down
74 changes: 33 additions & 41 deletions nca/NetworkConfig/NetworkConfigQuery.py
Original file line number Diff line number Diff line change
Expand Up @@ -1530,35 +1530,31 @@ def compute_diff(self): # noqa: C901
conn_graph_removed_per_key[key] = self.get_conn_graph_changed_conns(key, old_ip_blocks, False)
conn_graph_added_per_key[key] = None
for pair in itertools.product(removed_peers, old_ip_blocks):
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
continue
lost_conns, _, _, _ = self.config1.allowed_connections(pair[0], pair[1])
if lost_conns:
conn_graph_removed_per_key[key].add_edge(pair[0], pair[1], lost_conns)
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
lost_conns, _, _, _ = self.config1.allowed_connections(pair[0], pair[1])
if lost_conns:
conn_graph_removed_per_key[key].add_edge(pair[0], pair[1], lost_conns)

if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
continue
lost_conns, _, _, _ = self.config1.allowed_connections(pair[1], pair[0])
if lost_conns:
conn_graph_removed_per_key[key].add_edge(pair[1], pair[0], lost_conns)
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
lost_conns, _, _, _ = self.config1.allowed_connections(pair[1], pair[0])
if lost_conns:
conn_graph_removed_per_key[key].add_edge(pair[1], pair[0], lost_conns)

# 2.1. lost connections between removed peers and intersected peers
key = 'Lost connections between removed peers and persistent peers'
keys_list.append(key)
conn_graph_removed_per_key[key] = self.get_conn_graph_changed_conns(key, PeerSet(), False)
conn_graph_added_per_key[key] = None
for pair in itertools.product(removed_peers, intersected_peers):
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
continue
lost_conns, _, _, _ = self.config1.allowed_connections(pair[0], pair[1])
if lost_conns:
conn_graph_removed_per_key[key].add_edge(pair[0], pair[1], lost_conns)
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
lost_conns, _, _, _ = self.config1.allowed_connections(pair[0], pair[1])
if lost_conns:
conn_graph_removed_per_key[key].add_edge(pair[0], pair[1], lost_conns)

if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
continue
lost_conns, _, _, _ = self.config1.allowed_connections(pair[1], pair[0])
if lost_conns:
conn_graph_removed_per_key[key].add_edge(pair[1], pair[0], lost_conns)
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
lost_conns, _, _, _ = self.config1.allowed_connections(pair[1], pair[0])
if lost_conns:
conn_graph_removed_per_key[key].add_edge(pair[1], pair[0], lost_conns)

# 3.1. lost/new connections between intersected peers due to changes in policies and labels of pods/namespaces
key = 'Changed connections between persistent peers'
Expand Down Expand Up @@ -1600,17 +1596,15 @@ def compute_diff(self): # noqa: C901
conn_graph_removed_per_key[key] = None
conn_graph_added_per_key[key] = self.get_conn_graph_changed_conns(key, PeerSet(), True)
for pair in itertools.product(intersected_peers, added_peers):
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
continue
new_conns, _, _, _ = self.config2.allowed_connections(pair[0], pair[1])
if new_conns:
conn_graph_added_per_key[key].add_edge(pair[0], pair[1], new_conns)
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
new_conns, _, _, _ = self.config2.allowed_connections(pair[0], pair[1])
if new_conns:
conn_graph_added_per_key[key].add_edge(pair[0], pair[1], new_conns)

if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
continue
new_conns, _, _, _ = self.config2.allowed_connections(pair[1], pair[0])
if new_conns:
conn_graph_added_per_key[key].add_edge(pair[1], pair[0], new_conns)
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
new_conns, _, _, _ = self.config2.allowed_connections(pair[1], pair[0])
if new_conns:
conn_graph_added_per_key[key].add_edge(pair[1], pair[0], new_conns)

# 5.1. new connections between added peers
key = 'New connections between added peers'
Expand All @@ -1631,17 +1625,15 @@ def compute_diff(self): # noqa: C901
conn_graph_added_per_key[key] = self.get_conn_graph_changed_conns(key, new_ip_blocks, True)

for pair in itertools.product(added_peers, new_ip_blocks):
if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
continue
new_conns, _, _, _ = self.config2.allowed_connections(pair[0], pair[1])
if new_conns:
conn_graph_added_per_key[key].add_edge(pair[0], pair[1], new_conns)

if not self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
continue
new_conns, _, _, _ = self.config2.allowed_connections(pair[1], pair[0])
if new_conns:
conn_graph_added_per_key[key].add_edge(pair[1], pair[0], new_conns)
if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[0], pair[1]):
new_conns, _, _, _ = self.config2.allowed_connections(pair[0], pair[1])
if new_conns:
conn_graph_added_per_key[key].add_edge(pair[0], pair[1], new_conns)

if self.determine_whether_to_compute_allowed_conns_for_peer_types(pair[1], pair[0]):
new_conns, _, _, _ = self.config2.allowed_connections(pair[1], pair[0])
if new_conns:
conn_graph_added_per_key[key].add_edge(pair[1], pair[0], new_conns)

return self.get_results_for_computed_fw_rules(keys_list, conn_graph_removed_per_key,
conn_graph_added_per_key)
Expand Down
7 changes: 4 additions & 3 deletions nca/Utils/NcaLogger.py
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ def log_message(self, msg, file=None, level=None):

if self._is_collecting_msgs:
if self.is_mute():
self._collected_messages.append(msg)
self._collected_messages.append((msg, file))
else:
print(msg, file=file)

Expand All @@ -101,6 +101,7 @@ def flush_messages(self, silent=False):
Flush all collected messages and print them (or not)
:param bool silent: if silent is True don't print out the messages
"""
if not silent and len(self._collected_messages) > 0:
print(*self._collected_messages, sep="\n")
if not silent:
for msg in self._collected_messages:
print(msg[0], file=msg[1])
self._collected_messages.clear()
2 changes: 1 addition & 1 deletion nca/VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.9.3
1.9.4
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ orig_online_boutique_synthesis_res and new_online_synthesis_res are not semantic

Lost connections between removed peers and persistent peers (based on topology from config: orig_online_boutique_synthesis_res) :
src_ns: [default] src_pods: [cartservice] dst_ns: [default] dst_pods: [redis-cart] conn: TCP 6379
src_ns: [kube-system] src_pods: [*] dst: *.googleapis.com conn: All connections
src_ns: [kube-system] src_pods: [*] dst: accounts.google.com conn: All connections
src_ns: [kube-system] src_pods: [*] dst: metadata.google.internal conn: All connections

Removed connections between persistent peers (based on topology from config: orig_online_boutique_synthesis_res) :
src_ns: [default] src_pods: [cartservice] dst_ns: [kube-system] dst_pods: [*] conn: UDP 53
Expand Down

0 comments on commit 6d109f8

Please sign in to comment.