From d8eff8ed6ad341091427af50b3d36b121c71787a Mon Sep 17 00:00:00 2001 From: comp4990 Date: Sun, 19 Feb 2023 18:44:31 -0500 Subject: [PATCH] Made requested changes --- mkconfig.c | 108 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 69 insertions(+), 39 deletions(-) diff --git a/mkconfig.c b/mkconfig.c index f960d6d..d14a375 100644 --- a/mkconfig.c +++ b/mkconfig.c @@ -34,10 +34,10 @@ void checkArgs(char *sourceaddr, int *sourcetype, char *destaddr, findAddressType(destaddr, desttype); } -void writeFile(char *outputfilename, char *sourceaddr, int sourcetype, - int sourceport, char *destaddr, int desttype, int destport, +void writeFile(char *outputfilename, char *policy_type, char *sourceaddr, int sourcetype, + char *destaddr, int desttype, int port, char *protocol) { - const char *yaml_template = + const char *ingress_yaml_template = "apiVersion: networking.k8s.io/v1\n" "kind: NetworkPolicy\n" "metadata:\n" @@ -46,17 +46,41 @@ void writeFile(char *outputfilename, char *sourceaddr, int sourcetype, "spec:\n" " podSelector:\n" " matchLabels:\n" - " run: nginx\n" + " run: %s\n" //destination + " policyTypes:\n" + " - Ingress\n" " ingress:\n" - " - from:\n%s" - " ports:\n" - " - protocol: %s\n" - " port: %d\n" - " egress:\n" - " - to:\n%s" + " - from:\n%s" //source " ports:\n" " - protocol: %s\n" " port: %d\n"; + + const char *egress_yaml_template = + "apiVersion: networking.k8s.io/v1\n" + "kind: NetworkPolicy\n" + "metadata:\n" + " name: test-network-policy\n" + " namespace: policy-demo\n" + "spec:\n" + " podSelector:\n" + " matchLabels:\n" + " run: %s\n" //source + " policyTypes:\n" + " - Egress\n" + " egress:\n" + " - to:\n%s" //destination + " ports:\n" + " - protocol: %s\n" + " port: %d\n" + " - to:\n" // WE MUST ALLOW ACCESS TO KUBERNETES DNS SERVER, OTHERWISE POD NAMES WILL NOT RESOLVE TO THEIR IP + " - ipBlock:\n" + " cidr: 0.0.0.0/0\n" + " ports:\n" + " - protocol: UDP\n" + " port: 53\n" + " - protocol: TCP\n" + " port: 53\n"; + const char *ip_template = " - ipBlock:\n" " cidr: %s\n"; @@ -65,17 +89,25 @@ void writeFile(char *outputfilename, char *sourceaddr, int sourcetype, " matchLabels:\n" " run: %s\n"; - const char *ingress_template = + const char *source_template = sourcetype == SELECTOR_TYPE_IP ? ip_template : pod_template; - const char *egress_template = + const char *destination_template = desttype == SELECTOR_TYPE_IP ? ip_template : pod_template; - char outputBuf[2000], ingress_template_filled[1000], - egress_template_filled[1000]; - sprintf(ingress_template_filled, ingress_template, sourceaddr); - sprintf(egress_template_filled, egress_template, destaddr); - sprintf(outputBuf, yaml_template, ingress_template_filled, protocol, - sourceport, egress_template_filled, protocol, destport); + char outputBuf[2000], source_template_filled[1000], + destination_template_filled[1000]; + + sprintf(source_template_filled, source_template, sourceaddr); + sprintf(destination_template_filled, destination_template, destaddr); + + if(strcmp(policy_type, "egress") == 0){ + sprintf(outputBuf, egress_yaml_template, sourceaddr, + destination_template_filled, protocol, port); + } + else if(strcmp(policy_type, "ingress") == 0){ + sprintf(outputBuf, ingress_yaml_template, + destaddr, source_template_filled, protocol, port); + } // puts("----------------------"); // printf("%s\n", ingress_template_filled); @@ -91,21 +123,21 @@ void writeFile(char *outputfilename, char *sourceaddr, int sourcetype, fclose(outputFile); } -int main(int argc, char *argv[]) { - if (argc < 6) { +int main(int argc, char *argv[]) { //source, destination, port, protocal and policy + if (argc < 5) { fprintf(stderr, - "Usage:\t %s sourceip sourceport desinationip " - "destinationport protocol [-o outputfile]\n", + "Usage:\t %s policytype sourceip destinationip port " + "protocol [-o outputfile]\n", argv[0]); fprintf(stderr, - "\tor %s sourcepod sourceport desinationpod " - "destinationport protocol [-o outputfile]\n", + "\tor %s policytype sourcepod destinationpod port " + "protocol [-o outputfile]\n", argv[0]); fprintf(stderr, - "\nExample:\t%s nginx 80 access 5978 TCP " + "\nExample:\t%s ingress access nginx 80 TCP " "-o test.yaml\n", argv[0]); - fprintf(stderr, "\t\t%s nginx 80 access 5978 TCP\n", argv[0]); + fprintf(stderr, "\t\t%s egress nginx access 5978 TCP\n", argv[0]); return EX_USAGE; } @@ -122,27 +154,25 @@ int main(int argc, char *argv[]) { if (strlen(output) == 0) { strcpy(output, "ingress-egress-nginx.yaml"); } - - char *sourceaddr = argv[optind]; - int sourceport; - sscanf(argv[optind + 1], "%d", &sourceport); + char *policy_type = argv[optind]; + char *sourceaddr = argv[optind + 1]; char *destaddr = argv[optind + 2]; - int destport; - sscanf(argv[optind + 3], "%d", &destport); + int port; + sscanf(argv[optind + 3], "%d", &port); char *protocol = argv[optind + 4]; int sourcetype, desttype; checkArgs(sourceaddr, &sourcetype, destaddr, &desttype); - writeFile(output, sourceaddr, sourcetype, sourceport, destaddr, - desttype, destport, protocol); + writeFile(output, policy_type, sourceaddr, sourcetype, destaddr, + desttype, port, protocol); - // char cmd[100]; - // sprintf(cmd, "kubectl apply -f ./%s", output); - // - // printf("%s\n", cmd); - // system(cmd); + char cmd[100]; + sprintf(cmd, "kubectl apply -f ./%s", output); + + printf("%s\n", cmd); + system(cmd); return 0; }