func()

in pkg/resolvers/policies_for_pod.go [17:70]

• 51 lines of code
• 14 McCabe index (conditional complexity)

func (r *defaultPolicyReferenceResolver) getReferredPoliciesForPod(ctx context.Context, pod *corev1.Pod, podOld *corev1.Pod) ([]networking.NetworkPolicy, error) {
	policyList := &networking.NetworkPolicyList{}
	if err := r.k8sClient.List(ctx, policyList, client.InNamespace(pod.Namespace)); err != nil {
		return nil, errors.Wrap(err, "failed to fetch policies")
	}
	processedPolicies := sets.Set[types.NamespacedName]{}
	var referredPolicies []networking.NetworkPolicy
	for _, pol := range policyList.Items {
		if r.isPodMatchesPolicySelector(pod, podOld, &pol) {
			referredPolicies = append(referredPolicies, pol)
			processedPolicies.Insert(k8s.NamespacedName(&pol))
			continue
		}
		if r.isPodReferredOnIngressEgress(ctx, pod, &pol) {
			referredPolicies = append(referredPolicies, pol)
			processedPolicies.Insert(k8s.NamespacedName(&pol))
			continue
		}
		if podOld != nil && r.isPodReferredOnIngressEgress(ctx, podOld, &pol) {
			referredPolicies = append(referredPolicies, pol)
			processedPolicies.Insert(k8s.NamespacedName(&pol))
		}
	}
	r.logger.V(1).Info("Policies referred on the same namespace", "pod", k8s.NamespacedName(pod),
		"policies", referredPolicies)

	for _, ref := range r.policyTracker.GetPoliciesWithNamespaceReferences().UnsortedList() {
		r.logger.V(1).Info("Policy containing namespace selectors", "ref", ref)
		if processedPolicies.Has(ref) {
			continue
		}
		policy := &networking.NetworkPolicy{}
		if err := r.k8sClient.Get(ctx, ref, policy); err != nil {
			if client.IgnoreNotFound(err) != nil {
				return nil, errors.Wrap(err, "failed to get policy")
			}
			r.logger.V(1).Info("Policy not found", "reference", ref)
			continue
		}

		if r.isPodReferredOnIngressEgress(ctx, pod, policy) {
			referredPolicies = append(referredPolicies, *policy)
			processedPolicies.Insert(k8s.NamespacedName(policy))
			continue
		}
		if podOld != nil && r.isPodReferredOnIngressEgress(ctx, podOld, policy) {
			referredPolicies = append(referredPolicies, *policy)
			processedPolicies.Insert(k8s.NamespacedName(policy))
		}
	}

	r.logger.V(1).Info("All referred policies", "pod", k8s.NamespacedName(pod), "policies", referredPolicies)
	return referredPolicies, nil
}