func networkPolicies()

in appconfigmgrv2/controllers/network_policies.go [124:171]

• 41 lines of code
• 5 McCabe index (conditional complexity)

func networkPolicies(in *appconfig.AppEnvConfigTemplateV2) ([]*netv1.NetworkPolicy, error) {
	var ps []*netv1.NetworkPolicy

	for i := range in.Spec.Services {
		if len(in.Spec.Services[i].AllowedClients) == 0 {
			continue
		}

		clients := make([]netv1.NetworkPolicyPeer, 0)
		for _, c := range in.Spec.Services[i].AllowedClients {
			ns, app, err := parseAllowedClient(c.Name, in.Namespace)
			if err != nil {
				return nil, fmt.Errorf("parsing allowed client: %v", err)
			}

			// TODO: What to do with namespace? You can only select namespaces by labels,
			// not name.
			_ = ns

			clients = append(clients, netv1.NetworkPolicyPeer{
				NamespaceSelector: nil,
				PodSelector: &metav1.LabelSelector{
					MatchLabels: map[string]string{"app": app},
				},
			})
		}

		ps = append(ps, &netv1.NetworkPolicy{
			ObjectMeta: metav1.ObjectMeta{
				Name:      networkPolicyName(in, i),
				Namespace: in.Namespace,
			},
			Spec: netv1.NetworkPolicySpec{
				PodSelector: metav1.LabelSelector{
					MatchLabels: map[string]string{
						"app": in.Spec.Services[i].DeploymentApp,
					},
				},
				Ingress: []netv1.NetworkPolicyIngressRule{
					{
						From: clients,
					},
				},
			},
		})
	}
	return ps, nil
}