[Policy Assistant] explain command: support setting (B)ANPs via CLI arg

[huntergregory]

Successor to #153. Child issue of #150.

Right now we have AdminNetworkPolicies hard-coded (referenced in analyze.go). A user should be able to specify NetworkPolicy, AdminNetworkPolicy, and the BaselineAdminNetworkPolicy by:

• grabbing these from their Kubernetes cluster
• specifying the filepath for all policy yamls
• or both

Code in question:

network-policy-api/cmd/policy-assistant/pkg/cli/analyze.go

Lines 96 to 128 in 669dfbc

	if args.AllNamespaces || len(args.Namespaces) > 0 {
	kubeClient, err := kube.NewKubernetesForContext(args.Context)
	utils.DoOrDie(err)
	namespaces := args.Namespaces
	if args.AllNamespaces {
	nsList, err := kubeClient.GetAllNamespaces()
	utils.DoOrDie(err)
	kubeNamespaces = nsList.Items
	namespaces = []string{v1.NamespaceAll}
	}
	kubePolicies, err = kube.ReadNetworkPoliciesFromKube(kubeClient, namespaces)
	if err != nil {
	logrus.Errorf("unable to read network policies from kube, ns '%s': %+v", namespaces, err)
	}
	kubePods, err = kube.GetPodsInNamespaces(kubeClient, namespaces)
	if err != nil {
	logrus.Errorf("unable to read pods from kube, ns '%s': %+v", namespaces, err)
	}
	}
	// 2. read policies from file
	if args.PolicyPath != "" {
	policiesFromPath, err := kube.ReadNetworkPoliciesFromPath(args.PolicyPath)
	utils.DoOrDie(err)
	kubePolicies = append(kubePolicies, policiesFromPath...)
	}
	// 3. read example policies
	if args.UseExamplePolicies {
	kubePolicies = append(kubePolicies, netpol.AllExamples...)
	kubeANPs = examples.CoreGressRulesCombinedANB
	kubeBANPs = examples.CoreGressRulesCombinedBANB
	}

[Peac36]

/assign

[Peac36]

Hey, @huntergregory can you share more details about the task? Is it about reading (B)ANPs from a cluster or file path?
Since I'm new to the project any information would be helpful.

---

Is there a weekly meeting about this project where I can join and ask these kinds of questions?

[huntergregory]

Hey Nikola, thanks for looking to pick this up. Just fixed this issue's description, let me know if you have any questions.

Is there a weekly meeting about this project where I can join and ask these kinds of questions?

Yes! Would be great to have you. We meet every other Tuesday (some more details at this link)

[huntergregory]

I think the CLI already has the arguments we need (code is in analyze.go). I think they are like --policy-path, --namespace, --all-namespaces.

To create the CLI binary:

• change into the cmd/policy-assistant/ directory
• make cyclonus
• binary at ‘cmd/cyclonus/cyclonus’ I believe

[Peac36]

Thanks for the info Hunter.I already started working on this, but more questions arose.

Should cyclonus always work with the (B)ANPs or they should be enabled/disabled via an arguments?

What is the expected behavior if one of the request fail while trying to get info from the api-server?

[huntergregory]

Should cyclonus always work with the (B)ANPs or they should be enabled/disabled via an arguments?
Let's always include every policy type.

What is the expected behavior if one of the request fail while trying to get info from the api-server?
I would just log errors with logrus.Errorf() and continue. But if API Server returns this:

error: the server doesn't have a resource type "adminnetworkpolicy"

ideally, we would just log a warning message that ANP isn't defined instead of saying there's an error.