func()

in pkg/resolvers/endpoints.go [324:372]

• 40 lines of code
• 10 McCabe index (conditional complexity)

func (r *defaultEndpointsResolver) getMatchingPodAddresses(ctx context.Context, ls *metav1.LabelSelector, namespace string,
	policy *networking.NetworkPolicy, rulePorts []networking.NetworkPolicyPort, policyType networking.PolicyType) []policyinfo.EndpointInfo {
	var addresses []policyinfo.EndpointInfo

	var portList []policyinfo.Port
	// populate the policy applied targets' ports
	// only populate ports for Ingress and from network policy namespaces as destination ports
	if policyType == networking.PolicyTypeIngress {
		portList = r.getIngressRulesPorts(ctx, policy.Namespace, &policy.Spec.PodSelector, rulePorts)
		if len(rulePorts) != len(portList) && len(portList) == 0 {
			r.logger.Info("Couldn't get matched port list from ingress of policy", "policy", types.NamespacedName{Name: policy.Name, Namespace: policy.Namespace}.String(),
				"ingressPorts", rulePorts, "derivedPorts", portList)
			return nil
		}
	}

	// populate src pods for ingress and dst pods for egress
	podList := &corev1.PodList{}
	if err := r.k8sClient.List(ctx, podList, &client.ListOptions{
		LabelSelector: r.createPodLabelSelector(ls),
		Namespace:     namespace,
	}); err != nil {
		r.logger.Info("Unable to List Pods", "err", err)
		return nil
	}
	r.logger.V(1).Info("Got pods for label selector", "count", len(podList.Items), "selector", ls.String())

	for _, pod := range podList.Items {
		podIP := k8s.GetPodIP(&pod)
		if len(podIP) == 0 {
			continue
		}

		if policyType == networking.PolicyTypeEgress {
			portList = r.getPortList(pod, rulePorts)
			if len(rulePorts) != len(portList) && len(portList) == 0 {
				r.logger.Info("Couldn't get matched port list from the pod", "pod", k8s.NamespacedName(&pod), "expectedPorts", rulePorts)
				continue
			}
		}

		addresses = append(addresses, policyinfo.EndpointInfo{
			CIDR:  policyinfo.NetworkAddress(podIP),
			Ports: portList,
		})
	}

	return addresses
}