func printMigrationSummary()

in tools/azure-npm-to-cilium-validator/azure-npm-to-cilium-validator.go [109:193]

• 54 lines of code
• 16 McCabe index (conditional complexity)

func printMigrationSummary(
	detailedMigrationSummary *bool,
	namespaces *corev1.NamespaceList,
	policiesByNamespace map[string][]*networkingv1.NetworkPolicy,
	servicesByNamespace map[string][]*corev1.Service,
	podsByNamespace map[string][]*corev1.Pod,
) {
	// Get the network policies with endports
	ingressEndportNetworkPolicy, egressEndportNetworkPolicy := getEndportNetworkPolicies(policiesByNamespace)

	// Send endPort telemetry
	metrics.SendLog(scriptMetricOperationID, fmt.Sprintf("[migration script] Found %d network policies with endPort", len(ingressEndportNetworkPolicy)+len(egressEndportNetworkPolicy)), metrics.DonotPrint)

	// Get the network policies with cidr
	ingressPoliciesWithCIDR, egressPoliciesWithCIDR := getCIDRNetworkPolicies(policiesByNamespace)

	// Send cidr telemetry
	metrics.SendLog(scriptMetricOperationID, fmt.Sprintf("[migration script] Found %d network policies with CIDR", len(ingressPoliciesWithCIDR)+len(egressPoliciesWithCIDR)), metrics.DonotPrint)

	// Get the named port
	ingressPoliciesWithNamedPort, egressPoliciesWithNamedPort := getNamedPortPolicies(policiesByNamespace)

	// Send named port telemetry
	metrics.SendLog(scriptMetricOperationID, fmt.Sprintf("[migration script] Found %d network policies with named port", len(ingressPoliciesWithNamedPort)+len(egressPoliciesWithNamedPort)), metrics.DonotPrint)

	// Get the network policies with egress (except not egress allow all)
	egressPolicies := getEgressPolicies(policiesByNamespace)

	// Send egress telemetry
	metrics.SendLog(scriptMetricOperationID, fmt.Sprintf("[migration script] Found %d network policies with egress", len(egressPolicies)), metrics.DonotPrint)

	// Get services that have externalTrafficPolicy!=Local that are unsafe (might have traffic disruption)
	unsafeServices := getUnsafeExternalTrafficPolicyClusterServices(namespaces, servicesByNamespace, policiesByNamespace)

	// Send unsafe services telemetry
	metrics.SendLog(scriptMetricOperationID, fmt.Sprintf("[migration script] Found %d services with externalTrafficPolicy=Cluster", len(unsafeServices)), metrics.DonotPrint)

	unsafeNetworkPolicesInCluster := false
	unsafeServicesInCluster := false
	if len(ingressEndportNetworkPolicy) > 0 || len(egressEndportNetworkPolicy) > 0 ||
		len(ingressPoliciesWithCIDR) > 0 || len(egressPoliciesWithCIDR) > 0 ||
		len(ingressPoliciesWithNamedPort) > 0 || len(egressPoliciesWithNamedPort) > 0 ||
		len(egressPolicies) > 0 {
		unsafeNetworkPolicesInCluster = true
	}
	if len(unsafeServices) > 0 {
		unsafeServicesInCluster = true
	}

	if unsafeNetworkPolicesInCluster || unsafeServicesInCluster {
		// Send cluster unsafe telemetry
		metrics.SendLog(scriptMetricOperationID, "[migration script] Fails some checks. Unsafe to migrate this cluster", metrics.DonotPrint)
	} else {
		// Send cluster safe telemetry
		metrics.SendLog(scriptMetricOperationID, "[migration script] Passes all checks. Safe to migrate this cluster", metrics.DonotPrint)
	}

	// Close the metrics before table is rendered and wait one second to prevent formatting issues
	metrics.Close()
	time.Sleep(time.Second)

	// Print the migration summary table
	renderMigrationSummaryTable(ingressEndportNetworkPolicy, egressEndportNetworkPolicy, ingressPoliciesWithCIDR, egressPoliciesWithCIDR, ingressPoliciesWithNamedPort, egressPoliciesWithNamedPort, egressPolicies, unsafeServices)

	// Print the flagged resource table and cluster resource table if the detailed-report flag is set
	if *detailedMigrationSummary {
		if unsafeNetworkPolicesInCluster {
			renderFlaggedNetworkPolicyTable(ingressEndportNetworkPolicy, egressEndportNetworkPolicy, ingressPoliciesWithCIDR, egressPoliciesWithCIDR, ingressPoliciesWithNamedPort, egressPoliciesWithNamedPort, egressPolicies)
		}
		if unsafeServicesInCluster {
			renderFlaggedServiceTable(unsafeServices)
		}
		renderClusterResourceTable(policiesByNamespace, servicesByNamespace, podsByNamespace)
	}

	// Print if the cluster is safe to migrate
	if unsafeNetworkPolicesInCluster || unsafeServicesInCluster {
		fmt.Println("\n\033[31m✘ Review above issues before migration.\033[0m")
		fmt.Println("Please see \033[32maka.ms/azurenpmtocilium\033[0m for instructions on how to evaluate/assess the above warnings marked by ❌.")
		fmt.Println("NOTE: rerun this script if any modifications (create/update/delete) are made to services or policies.")
	} else {
		fmt.Println("\n\033[32m✔ Safe to migrate this cluster.\033[0m")
		fmt.Println("For more details please see \033[32maka.ms/azurenpmtocilium\033[0m.")
	}
}