make fmt

Author: mattfenwick

pkg/cli/analyze.go

@@ -166,7 +166,8 @@ func Lint(kubePolicies []*networkingv1.NetworkPolicy) {
 }
 
 // QueryTargetPod matches targets; targets exist in only a single namespace and can't be matched by namespace
-//   label, therefore we match by exact namespace and by pod labels.
+//
+//	label, therefore we match by exact namespace and by pod labels.
 type QueryTargetPod struct {
 	Namespace string
 	Labels    map[string]string

pkg/generator/testcase.go

@@ -135,7 +135,8 @@ func ParseProbeMode(mode string) (ProbeMode, error) {
 }
 
 // ProbeConfig: exactly one field must be non-null (or, in AllAvailable's case, non-false).  This
-//   models a discriminated union (sum type).
+//
+//	models a discriminated union (sum type).
 type ProbeConfig struct {
 	AllAvailable bool
 	PortProtocol *PortProtocol

pkg/generator/testcasegenerator.go

@@ -35,6 +35,7 @@ Test cases:
 1 policy with both ingress and egress
 2 policies with both ingress and egress
 */
+
 type TestCaseGenerator struct {
 	PodIP        string
 	AllowDNS     bool

pkg/kube/labelselector.go

@@ -11,9 +11,10 @@ import (
 
 // IsNameMatch follows the kube pattern of "empty string means matches All"
 // It will return:
-//   if matcher is empty: true
-//   if objectName and matcher are the same: true
-//   otherwise false
+//
+//	if matcher is empty: true
+//	if objectName and matcher are the same: true
+//	otherwise false
 func IsNameMatch(objectName string, matcher string) bool {
 	if matcher == "" {
 		return true

pkg/kube/netpol/policies.go

@@ -27,19 +27,19 @@ func LabelString(labels map[string]string) string {
 	return strings.Join(chunks, "-")
 }
 
-// https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/01-deny-all-traffic-to-an-application.md
-/*
-kind: NetworkPolicy
-apiVersion: networking.k8s.io/v1
-metadata:
-  name: web-deny-all
-spec:
-  podSelector:
-    matchLabels:
-      app: web
-  ingress: []
-*/
+// AllowNothingTo is from https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/01-deny-all-traffic-to-an-application.md
 func AllowNothingTo(namespace string, toLabels map[string]string) *networkingv1.NetworkPolicy {
+	/*
+		kind: NetworkPolicy
+		apiVersion: networking.k8s.io/v1
+		metadata:
+		  name: web-deny-all
+		spec:
+		  podSelector:
+		    matchLabels:
+		      app: web
+		  ingress: []
+	*/
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      fmt.Sprintf("allow-nothing-to-%s", LabelString(toLabels)),
@@ -52,7 +52,7 @@ func AllowNothingTo(namespace string, toLabels map[string]string) *networkingv1.
 	}
 }
 
-// Same as above, but with empty slice instead of nil slice
+// AllowNothingToEmptyIngress is the same as AllowNothingTo, but with empty slice instead of nil slice
 func AllowNothingToEmptyIngress(namespace string, targetLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -86,6 +86,7 @@ spec:
           matchLabels:
             app: bookstore
 */
+
 func AllowFromTo(namespace string, fromLabels map[string]string, toLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -122,6 +123,7 @@ spec:
   ingress:
   - {}
 */
+
 func AllowAllTo(namespace string, toLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -151,6 +153,7 @@ spec:
   podSelector: {}
   ingress: []
 */
+
 func AllowNothingToAnything(namespace string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -179,6 +182,7 @@ spec:
   - from:
     - podSelector: {}
 */
+
 func AllowAllWithinNamespace(namespace string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -218,6 +222,7 @@ spec:
   - from:
     - namespaceSelector: {}
 */
+
 func AllowAllTo_Version2(namespace string, targetLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -255,6 +260,7 @@ spec:
   ingress:
   - from:
 */
+
 func AllowAllTo_Version3(namespace string, targetLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -309,6 +315,7 @@ spec:
         matchLabels:
           purpose: production
 */
+
 func AllowFromNamespaceTo(namespace string, namespaceLabels map[string]string, toLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -353,6 +360,7 @@ spec:
           matchLabels:
             type: monitoring
 */
+
 func AllowFromDifferentNamespaceWithLabelsTo(namespace string, fromLabels, namespaceLabels, toLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -391,6 +399,7 @@ spec:
   ingress:
   - from: []
 */
+
 func AllowFromAnywhere(namespace string, targetLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -429,6 +438,7 @@ spec:
         matchLabels:
           role: monitoring
 */
+
 func AllowSpecificPortTo(namespace string, fromLabels, targetLabels map[string]string, targetPort int) *networkingv1.NetworkPolicy {
 	portRef := intstr.FromInt(targetPort)
 	return &networkingv1.NetworkPolicy{
@@ -485,6 +495,7 @@ spec:
           app: inventory
           role: web
 */
+
 func AllowFromMultipleTo(namespace string, fromLabels []map[string]string, targetLabels map[string]string) *networkingv1.NetworkPolicy {
 	var froms []networkingv1.NetworkPolicyPeer
 	for _, labels := range fromLabels {
@@ -523,6 +534,7 @@ spec:
   - Egress
   egress: []
 */
+
 func AllowNoEgressFromLabels(namespace string, targetLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -558,6 +570,7 @@ spec:
     - port: 53
       protocol: TCP
 */
+
 func AllowEgressOnPort(namespace string, targetLabels map[string]string, port int) *networkingv1.NetworkPolicy {
 	tcp := v1.ProtocolTCP
 	udp := v1.ProtocolUDP
@@ -597,6 +610,7 @@ spec:
   podSelector: {}
   egress: []
 */
+
 func AllowNoEgressFromNamespace(namespace string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -632,6 +646,7 @@ spec:
     to:
     - namespaceSelector: {}
 */
+
 func AllowEgressToAllNamespacesOnPort(namespace string, targetLabels map[string]string, port int) *networkingv1.NetworkPolicy {
 	tcp := v1.ProtocolTCP
 	udp := v1.ProtocolUDP
@@ -676,6 +691,7 @@ spec:
   - Egress
   - Ingress
 */
+
 func AllowNoIngressNorEgress(namespace string, targetLabels map[string]string) *networkingv1.NetworkPolicy {
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{

pkg/kube/service.go

@@ -4,8 +4,9 @@ import "fmt"
 
 // QualifiedServiceAddress returns the address that can be used to hit a service from
 // any namespace in the cluster
-//func QualifiedServiceAddress(serviceName string, namespace string, dnsDomain string) string {
-//	return fmt.Sprintf("%s.%s.svc.%s", serviceName, namespace, dnsDomain)
+//
+//	func QualifiedServiceAddress(serviceName string, namespace string, dnsDomain string) string {
+//		return fmt.Sprintf("%s.%s.svc.%s", serviceName, namespace, dnsDomain)
 func QualifiedServiceAddress(serviceName string, namespace string) string {
 	return fmt.Sprintf("%s.%s.svc.cluster.local", serviceName, namespace)
 }