Skip to content

Commit

Permalink
updated testes and some docs.
Browse files Browse the repository at this point in the history 
Signed-off-by: Shmulik Froimovich <[email protected]>
  • Loading branch information
@shmfr
shmfr committed Jun 26, 2023
1 parent fd40627 commit cdaa329
Show file tree
Hide file tree
Showing 13 changed files with 2,505 additions and 22,332 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ The arguments to `--resource_list` and to `--base_resource_list` should be one o
Choose endpoints type in output (pods/deployments).\
*default:* deployments
- `--explain`\
A pair of node names to explain the policies affecting their connection or lack of it. Relevant only for connectivity query.\
A pair of node names (comma separated) to explain the policies affecting their connection or lack of it. Relevant only for connectivity query.\
Connections including IP-Blocks will show only the configurations of the node in that connection (since, IP-Blocks does
not have configurations).\
e.g. default/deployment-A1,default/deployment-B1.
Expand Down
18 changes: 9 additions & 9 deletions docs/SchemeFileFormat.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,15 +78,15 @@ For example: `my_set/prod_ns/deny_all_policy`. If there are multiple policies na
#### <a name="outputconfig"></a>Output Configuration object
The supported entries in the outputConfiguration object are as follows:

| Field | Description | Value |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| outputFormat | Output format specification. | string [ txt / yaml / csv / md / dot / jpg/ txt_no_fw_rules] |
| outputPath | A file path to redirect output into. | string |
| outputEndpoints | Choose endpoints type in output. | string [ pods / deployments ] |
| subset | A dict object with the defined subset elements to display in the output | [subset](#subset) object |
| fullExplanation | Choose if to print all counterexamples causing the query result in the output | bool |
| excludeIPv6Range | If the policies of the config do not contain any IPv6 addresses, do not include IPv6 range in the query results | bool [default: True] |
| explain | A pair of node names to explain the policies affecting their connection or lack of it. Relevant only for connectivity query. Connections including IP-Blocks will show only the configurations of the node in that connection (since, IP-Blocks does not have configurations). | string [ ns/node1,ns/node2 ] |
| Field | Description | Value |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| outputFormat | Output format specification. | string [ txt / yaml / csv / md / dot / jpg/ txt_no_fw_rules] |
| outputPath | A file path to redirect output into. | string |
| outputEndpoints | Choose endpoints type in output. | string [ pods / deployments ] |
| subset | A dict object with the defined subset elements to display in the output | [subset](#subset) object |
| fullExplanation | Choose if to print all counterexamples causing the query result in the output | bool |
| excludeIPv6Range | If the policies of the config do not contain any IPv6 addresses, do not include IPv6 range in the query results | bool [default: True] |
| explain | A pair of node names (comma separated) to explain the policies affecting their connection or lack of it. Relevant only for connectivityMap query. Connections including IP-Blocks will show only the configurations of the node in that connection (since, IP-Blocks does not have configurations). | string [ ns/node1,ns/node2 ] |

#### <a name="subset"></a>Subset object
The supported entries in the subset object are as follows:
Expand Down
5 changes: 4 additions & 1 deletion nca/NetworkConfig/NetworkConfigQuery.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -806,11 +806,14 @@ def compute_connectivity_output_optimized(self):
"dst_peers": opt_peers_to_compare})
base_peers_num = len(opt_peers_to_compare)
subset_peers = self.compute_subset(opt_peers_to_compare)
all_peers = subset_peers
if len(subset_peers) != base_peers_num:
# remove connections where both of src_peers and dst_peers are out of the subset
subset_conns = ConnectivityProperties.make_conn_props_from_dict({"src_peers": subset_peers}) | \
ConnectivityProperties.make_conn_props_from_dict({"dst_peers": subset_peers})
all_conns_opt &= subset_conns
src_peers, dst_peers = ExplTracker().extract_peers(all_conns_opt)
all_peers = src_peers | dst_peers
all_conns_opt = self.config.filter_conns_by_peer_types(all_conns_opt, opt_peers_to_compare)
expl_conns = all_conns_opt
if self.config.policies_container.layers.does_contain_layer(NetworkLayerName.Istio):
Expand All @@ -820,7 +823,7 @@ def compute_connectivity_output_optimized(self):
else:
output_res, opt_fw_rules = self.get_props_output_full(all_conns_opt, opt_peers_to_compare)
if ExplTracker().is_active():
ExplTracker().set_connections_and_peers(expl_conns, subset_peers)
ExplTracker().set_connections_and_peers(expl_conns, all_peers)
return output_res, opt_fw_rules, opt_fw_rules_tcp, opt_fw_rules_non_tcp

def exec(self):
Expand Down
2 changes: 1 addition & 1 deletion nca/NetworkConfig/NetworkConfigQueryRunner.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ def _run_query_for_each_config(self):
expl_out = ''
if ExplTracker().is_active() and self.output_configuration.explain and \
ExplTracker().is_output_format_supported(self.output_configuration.outputFormat):
expl_out = ExplTracker().explain(self.output_configuration.explain.split(','))
expl_out = '\n\nExplainability results:\n'+ExplTracker().explain(self.output_configuration.explain.split(','))
numerical_result, output, num_not_executed = query_result.compute_final_results(self.output_configuration.outputFormat)
return numerical_result, output + expl_out, num_not_executed

Expand Down
20 changes: 14 additions & 6 deletions nca/Utils/ExplTracker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

from nca.Utils.Utils import Singleton
from nca.Utils.NcaLogger import NcaLogger
from nca.CoreDS.Peer import PeerSet
from nca.CoreDS.Peer import PeerSet, IpBlock
from bs4 import BeautifulSoup
from bs4.element import Tag
from nca.CoreDS.ConnectivityProperties import ConnectivityProperties
Expand Down Expand Up @@ -368,7 +368,15 @@ def explain_all(self):
# use the peer names as defined in the end-points configuration,
# also use one peer for each deployment
peer_names = set()
deployment_names = set()
for peer in self.all_peers:
# if in deployments mode, use one pod from each deployment
deployment_name = self.get_printout_ep_name(peer.full_name())
if isinstance(peer, IpBlock):
deployment_name = peer.name
if self.ep == 'deployments' and deployment_name in deployment_names:
continue
deployment_names.add(deployment_name)
peer_names.add(peer.full_name())
peer_names = sorted(list(peer_names))

Expand Down Expand Up @@ -438,13 +446,13 @@ def explain(self, nodes):

src_node = self.get_working_ep_name(nodes[0])
for node in nodes:
node = self.get_working_ep_name(node)
if not self.ExplDescriptorContainer.get(node):
NcaLogger().log_message(f'Explainability error - {self.get_printout_ep_name(node)} '
ep_node = self.get_working_ep_name(node)
if not self.ExplDescriptorContainer.get(ep_node):
NcaLogger().log_message(f'Explainability error - {node} '
f'was not found in the connectivity results', level='E')
return ''
if not self.ExplPeerToPolicyContainer.get(node):
NcaLogger().log_message(f'Explainability error - {self.get_printout_ep_name(node)} '
if not self.ExplPeerToPolicyContainer.get(ep_node):
NcaLogger().log_message(f'Explainability error - {self.node} '
f'has no explanability results', level='E')
return ''

Expand Down
Loading

0 comments on commit cdaa329

Please sign in to comment.