adding fake ip for pod from core

pkg/netpol/connlist/connlist_test.go

@@ -28,7 +28,7 @@ func getConnlistFromDirPathRes(stopOnErr bool, path string) (*ConnlistAnalyzer,
 // TestConnList tests the output of ConnlistFromDirPath() for valid input resources
 func TestConnList(t *testing.T) {
 	testNames := []string{"ipblockstest", "onlineboutique", "onlineboutique_workloads",
-		"minikube_resources", "online_boutique_workloads_no_ns"}
+		"minikube_resources", "online_boutique_workloads_no_ns", "core_pods_without_host_ip"}
 	expectedOutputFileName := "connlist_output.txt"
 	generateActualOutput := false
 	for _, testName := range testNames {

pkg/netpol/eval/internal/k8s/pod.go

@@ -28,10 +28,7 @@ import (
 	"github.com/np-guard/netpol-analyzer/pkg/netpol/scan"
 )
 
-const (
-	defaultPortsListSize = 8
-	ipv4LoopbackAddr     = "127.0.0.1"
-)
+const defaultPortsListSize = 8
 
 // Pod encapsulates k8s Pod fields that are relevant for evaluating network policies
 type Pod struct {
@@ -212,5 +209,5 @@ func variantFromLabelsMap(labels map[string]string) string {
 }
 
 func getFakePodIP() string {
-	return ipv4LoopbackAddr
+	return scan.IPv4LoopbackAddr
 }

pkg/netpol/scan/scan.go

@@ -26,6 +26,9 @@ import (
 	"github.com/np-guard/netpol-analyzer/pkg/netpol/logger"
 )
 
+// IPv4LoopbackAddr is used as fake IP in the absence of Pod.Status.HostIP or Pod.Status.PodIPs
+const IPv4LoopbackAddr = "127.0.0.1"
+
 type ResourcesScanner struct {
 	logger          logger.Logger
 	stopOnError     bool
@@ -401,11 +404,22 @@ func convertPodListTOK8sObjects(pl *v1.PodList) ([]K8sObject, error) {
 		if isValidKind, err := validateNamespaceAndKind(&pl.Items[i].Namespace, &pl.Items[i].Kind, Pod); !isValidKind {
 			return nil, err
 		}
+		checkAndUpdatePodStatusIPsFields(&pl.Items[i])
 		res[i] = K8sObject{Pod: &pl.Items[i], Kind: Pod}
 	}
 	return res, nil
 }
 
+// checkAndUpdatePodStatusIPsFields adds fake IP to pod.Status.HostIP or pod.Status.PodIPs if missing
+func checkAndUpdatePodStatusIPsFields(rc *v1.Pod) {
+	if rc.Status.HostIP == "" {
+		rc.Status.HostIP = IPv4LoopbackAddr
+	}
+	if len(rc.Status.PodIPs) == 0 {
+		rc.Status.PodIPs = []v1.PodIP{{IP: IPv4LoopbackAddr}}
+	}
+}
+
 func convertNamespaceListTOK8sObjects(nsl *v1.NamespaceList) ([]K8sObject, error) {
 	res := make([]K8sObject, len(nsl.Items))
 	for i := range nsl.Items {
@@ -603,6 +617,7 @@ func parsePod(r io.Reader) *v1.Pod {
 	if isValid, err := validateNamespaceAndKind(&rc.Namespace, &rc.Kind, Pod); !isValid || err != nil {
 		return nil
 	}
+	checkAndUpdatePodStatusIPsFields(&rc)
 	return &rc
 }
 

tests/core_pods_without_host_ip/enable-all-traffic.yaml

@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: enable-all-traffic
+  namespace: kube-system
+spec:
+  podSelector:
+    matchLabels:
+      tier: frontend
+  policyTypes:
+    - Ingress
+  ingress:
+    - {}

tests/core_pods_without_host_ip/ns_list.yaml

@@ -0,0 +1,88 @@
+apiVersion: v1
+items:
+    - metadata:
+        labels:
+            unique-label: defaultNameSpace
+        name: default
+        resourceVersion: "11"
+        selfLink: /api/v1/namespaces/default
+      spec:
+        finalizers:
+            - kubernetes
+      status:
+        phase: Active
+    - metadata:
+        name: dlaas
+        resourceVersion: "11"
+        selfLink: /api/v1/namespaces/dlaas
+      spec:
+        finalizers:
+            - kubernetes
+      status:
+        phase: Active
+    - metadata:
+        name: url-fetcher-ns
+        resourceVersion: "11"
+      spec:
+        finalizers:
+            - kubernetes
+      status:
+        phase: Active
+    - metadata:
+        name: vendor-cert-store
+      spec:
+        finalizers:
+            - kubernetes
+      status:
+        phase: Active
+    - metadata:
+        labels:
+            unique-label: vendor-systemNameSpace
+        name: vendor-system
+      spec:
+        finalizers:
+            - kubernetes
+      status:
+        phase: Active
+    - metadata:
+        creationTimestamp: "2018-03-06T11:49:51Z"
+        name: kube-public
+        selfLink: /api/v1/namespaces/kube-public
+      spec:
+        finalizers:
+            - kubernetes
+      status:
+        phase: Active
+    - metadata:
+        annotations:
+            kubectl.kubernetes.io/last-applied-configuration: |
+                {"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"kube-system","namespace":""}}
+        labels:
+            unique-label: kubeSystemNameSpace
+        name: kube-system
+        resourceVersion: "127"
+        selfLink: /api/v1/namespaces/kube-system
+      spec:
+        finalizers:
+            - kubernetes
+      status:
+        phase: Active
+    - metadata:
+        annotations:
+            kubectl.kubernetes.io/last-applied-configuration: |
+                {"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"kube-system","namespace":""}}
+        creationTimestamp: "2018-03-06T11:49:51Z"
+        labels:
+            unique-label: dummy
+        name: kube-system-dummy-to-ignore
+        resourceVersion: "127"
+        selfLink: /api/v1/namespaces/kube-system-dummy-to-ignore
+      spec:
+        finalizers:
+            - kubernetes
+      status:
+        phase: Active
+kind: NamespaceList
+metadata:
+    resourceVersion: "2996488"
+    selfLink: /api/v1/namespaces