Synthesis infra struct

pkg/model/analyzer.go

@@ -21,7 +21,7 @@ func configFromResourcesContainer(recourses *collector.ResourcesContainerModel,
 	config := parser.GetConfig()
 
 	// in debug/verbose mode -- print the parsed config
-	logging.Debugf("the parsed config details: %s", config.getConfigInfoStr())
+	logging.Debugf("the parsed config details: %s", config.GetConfigInfoStr())
 
 	// compute connectivity map from the parsed config
 	config.ComputeConnectivity(vmsFilter)

pkg/model/config.go

@@ -11,9 +11,9 @@ import (
 
 // config captures nsx config
 type config struct {
-	vms                  []*endpoints.VM          // list of all vms
+	Vms                  []*endpoints.VM          // list of all Vms
 	vmsMap               map[string]*endpoints.VM // map from uid to vm objects
-	fw                   *dfw.DFW                 // currently assuming one DFW only (todo: rename pkg dfw)
+	Fw                   *dfw.DFW                 // currently assuming one DFW only (todo: rename pkg dfw)
 	analyzedConnectivity connMap                  // the resulting connectivity map from analyzing this configuration
 	analysisDone         bool
 }
@@ -29,37 +29,37 @@ func (c *config) ComputeConnectivity(vmsFilter []string) {
 	logging.Debugf("compute connectivity on parsed config")
 	res := connMap{}
 	// make sure all vm pairs are in the result, by init with global default
-	res.initPairs(c.fw.GlobalDefaultAllow(), c.vms, vmsFilter)
+	res.initPairs(c.Fw.GlobalDefaultAllow(), c.Vms, vmsFilter)
 	// iterate over all vm pairs in the initialized map at res, get the analysis result per pair
 	for src, srcMap := range res {
 		for dst := range srcMap {
 			if src == dst {
 				continue
 			}
-			conn := c.fw.AllowedConnections(src, dst)
+			conn := c.Fw.AllowedConnections(src, dst)
 			res.add(src, dst, conn)
 		}
 	}
 	c.analyzedConnectivity = res
 	c.analysisDone = true
 }
 
-// getConfigInfoStr returns string describing the captured configuration content
-func (c *config) getConfigInfoStr() string {
+// GetConfigInfoStr returns string describing the captured configuration content
+func (c *config) GetConfigInfoStr() string {
 	var sb strings.Builder
 	sb.WriteString(common.OutputSectionSep)
 	sb.WriteString("VMs:\n")
-	for _, vm := range c.vms {
+	for _, vm := range c.Vms {
 		sb.WriteString(vm.Name() + "\n")
 	}
 	sb.WriteString(common.OutputSectionSep)
 
 	sb.WriteString("DFW:\n")
-	sb.WriteString(c.fw.OriginalRulesStrFormatted())
+	sb.WriteString(c.Fw.OriginalRulesStrFormatted())
 	sb.WriteString(common.ShortSep)
-	sb.WriteString(c.fw.String())
+	sb.WriteString(c.Fw.String())
 	sb.WriteString(common.ShortSep)
-	sb.WriteString(c.fw.AllEffectiveRules())
+	sb.WriteString(c.Fw.AllEffectiveRules())
 	sb.WriteString(common.OutputSectionSep)
 
 	return sb.String()

pkg/model/connectivity_test.go

@@ -25,13 +25,13 @@ var dfwAllowAllByDefault = dfw.NewEmptyDFW(true)      // no rules and global def
 
 // basic test
 var config1 = &config{
-	vms: allVms,
-	fw:  dfwAllowNothingByDefault,
+	Vms: allVms,
+	Fw:  dfwAllowNothingByDefault,
 }
 
 var config2 = &config{
-	vms: allVms,
-	fw:  dfwAllowAllByDefault,
+	Vms: allVms,
+	Fw:  dfwAllowAllByDefault,
 }
 
 func sumPairs(c connMap) int {

pkg/model/dfw/category.go

@@ -75,30 +75,30 @@ var categoriesList = []DfwCategory{
 	ethernetCategory, emergencyCategory, infrastructureCategory, envCategory, appCategoty, emptyCategory,
 }
 
-// effectiveRules are built from original rules, split to separate inbound & outbound rules
+// EffectiveRules are built from original rules, split to separate Inbound & Outbound rules
 // consider already the scope from the original rules
-type effectiveRules struct {
-	inbound  []*FwRule
-	outbound []*FwRule
+type EffectiveRules struct {
+	Inbound  []*FwRule
+	Outbound []*FwRule
 }
 
-func (e *effectiveRules) addInboundRule(r *FwRule) {
+func (e *EffectiveRules) addInboundRule(r *FwRule) {
 	if r != nil {
-		e.inbound = append(e.inbound, r)
+		e.Inbound = append(e.Inbound, r)
 	}
 }
 
-func (e *effectiveRules) addOutboundRule(r *FwRule) {
+func (e *EffectiveRules) addOutboundRule(r *FwRule) {
 	if r != nil {
-		e.outbound = append(e.outbound, r)
+		e.Outbound = append(e.Outbound, r)
 	}
 }
 
-type categorySpec struct {
-	category       DfwCategory
+type CategorySpec struct {
+	Category       DfwCategory
 	rules          []*FwRule // ordered list of rules
-	defaultAction  ruleAction
-	processedRules *effectiveRules // ordered list of effective rules
+	defaultAction  RuleAction
+	ProcessedRules *EffectiveRules // ordered list of effective rules
 	dfwRef         *DFW
 }
 
@@ -110,16 +110,16 @@ type categorySpec struct {
 // todo: may possibly eliminate jumpToAppConns and unify them with notDeterminedConns
 //
 //nolint:gocritic // for now keep commentedOutCode
-func (c *categorySpec) analyzeCategory(src, dst *endpoints.VM, isIngress bool,
+func (c *CategorySpec) analyzeCategory(src, dst *endpoints.VM, isIngress bool,
 ) (allowedConns, jumpToAppConns, deniedConns, nonDet *netset.TransportSet) {
 	allowedConns, jumpToAppConns, deniedConns = netset.NoTransports(), netset.NoTransports(), netset.NoTransports()
-	rules := c.processedRules.inbound // inbound effective rules
+	rules := c.ProcessedRules.Inbound // Inbound effective rules
 	if !isIngress {
-		rules = c.processedRules.outbound // outbound effective rules
+		rules = c.ProcessedRules.Outbound // Outbound effective rules
 	}
 	for _, rule := range rules /*c.rules*/ {
 		if rule.processedRuleCapturesPair(src, dst) /*rule.capturesPair(src, dst, isIngress)*/ {
-			switch rule.action {
+			switch rule.Action {
 			case actionAllow:
 				addedAllowedConns := rule.conn.Subtract(deniedConns).Subtract(jumpToAppConns)
 				allowedConns = allowedConns.Union(addedAllowedConns)
@@ -147,76 +147,76 @@ func (c *categorySpec) analyzeCategory(src, dst *endpoints.VM, isIngress bool,
 	return allowedConns, jumpToAppConns, deniedConns, nonDet
 }
 
-func (c *categorySpec) originalRulesStr() []string {
+func (c *CategorySpec) originalRulesStr() []string {
 	rulesStr := make([]string, len(c.rules))
 	for i := range c.rules {
 		rulesStr[i] = c.rules[i].originalRuleStr()
 	}
 	return rulesStr
 }
 
-func (c *categorySpec) string() string {
+func (c *CategorySpec) string() string {
 	rulesStr := make([]string, len(c.rules)+1)
 	rulesStr[0] = "rules:"
 	for i := range c.rules {
 		rulesStr[i+1] = c.rules[i].string()
 	}
-	return fmt.Sprintf("category: %s\n%s\ndefault action: %s", c.category.string(),
+	return fmt.Sprintf("category: %s\n%s\ndefault action: %s", c.Category.string(),
 		strings.Join(rulesStr, lineSeparatorStr), string(c.defaultAction))
 }
 
-func (c *categorySpec) inboundEffectiveRules() string {
-	rulesStr := make([]string, len(c.processedRules.inbound))
-	for i := range c.processedRules.inbound {
-		rulesStr[i] = c.processedRules.inbound[i].effectiveRuleStr()
+func (c *CategorySpec) inboundEffectiveRules() string {
+	rulesStr := make([]string, len(c.ProcessedRules.Inbound))
+	for i := range c.ProcessedRules.Inbound {
+		rulesStr[i] = c.ProcessedRules.Inbound[i].effectiveRuleStr()
 	}
 	return strings.Join(rulesStr, lineSeparatorStr)
 }
 
-func (c *categorySpec) outboundEffectiveRules() string {
-	rulesStr := make([]string, len(c.processedRules.outbound))
-	for i := range c.processedRules.outbound {
-		rulesStr[i] = c.processedRules.outbound[i].effectiveRuleStr()
+func (c *CategorySpec) outboundEffectiveRules() string {
+	rulesStr := make([]string, len(c.ProcessedRules.Outbound))
+	for i := range c.ProcessedRules.Outbound {
+		rulesStr[i] = c.ProcessedRules.Outbound[i].effectiveRuleStr()
 	}
 	return strings.Join(rulesStr, lineSeparatorStr)
 }
 
-func (c *categorySpec) addRule(src, dst []*endpoints.VM, conn *netset.TransportSet,
+func (c *CategorySpec) addRule(src, dst []*endpoints.VM, conn *netset.TransportSet,
 	action, direction string, ruleID int, origRule *collector.Rule, scope []*endpoints.VM,
 	secPolicyName string, origDefaultRule *collector.FirewallRule) {
 	newRule := &FwRule{
 		srcVMs:             src,
 		dstVMs:             dst,
 		conn:               conn,
-		action:             actionFromString(action),
+		Action:             actionFromString(action),
 		direction:          direction,
 		ruleID:             ruleID,
-		origRuleObj:        origRule,
-		origDefaultRuleObj: origDefaultRule,
+		OrigRuleObj:        origRule,
+		OrigDefaultRuleObj: origDefaultRule,
 		scope:              scope,
 		secPolicyName:      secPolicyName,
-		secPolicyCategory:  c.category.string(),
+		secPolicyCategory:  c.Category.string(),
 		categoryRef:        c,
 		dfwRef:             c.dfwRef,
-		symbolicSrc:        []*symbolicexpr.SymbolicPath{}, // todo tmp
-		symbolicDst:        []*symbolicexpr.SymbolicPath{}, // todo tmp
+		SymbolicSrc:        []*symbolicexpr.SymbolicPath{}, // todo tmp
+		SymbolicDst:        []*symbolicexpr.SymbolicPath{}, // todo tmp
 	}
 	c.rules = append(c.rules, newRule)
 
 	inbound, outbound := newRule.effectiveRules()
-	if c.category != ethernetCategory {
-		c.processedRules.addInboundRule(inbound)
-		c.processedRules.addOutboundRule(outbound)
+	if c.Category != ethernetCategory {
+		c.ProcessedRules.addInboundRule(inbound)
+		c.ProcessedRules.addOutboundRule(outbound)
 	} else {
 		logging.Debugf("rule %d in ethernet category is ignored and not added to list of effective rules", ruleID)
 	}
 }
 
-func newEmptyCategory(c DfwCategory, d *DFW) *categorySpec {
-	return &categorySpec{
-		category:       c,
+func newEmptyCategory(c DfwCategory, d *DFW) *CategorySpec {
+	return &CategorySpec{
+		Category:       c,
 		dfwRef:         d,
 		defaultAction:  actionNone,
-		processedRules: &effectiveRules{},
+		ProcessedRules: &EffectiveRules{},
 	}
 }

pkg/model/dfw/dfw.go

@@ -13,8 +13,8 @@ import (
 )
 
 type DFW struct {
-	categoriesSpecs []*categorySpec // ordered list of categories
-	defaultAction   ruleAction      // global default (?)
+	CategoriesSpecs []*CategorySpec // ordered list of categories
+	DefaultAction   RuleAction      // global default (?)
 
 	pathsToDisplayNames map[string]string // map from printing paths references as display names instead
 }
@@ -36,8 +36,8 @@ func (d *DFW) AllowedConnectionsIngressOrEgress(src, dst *endpoints.VM, isIngres
 	allDeniedConns := netset.NoTransports()
 	allNotDeterminedConns := netset.NoTransports()
 
-	for _, dfwCategory := range d.categoriesSpecs {
-		if dfwCategory.category == ethernetCategory {
+	for _, dfwCategory := range d.CategoriesSpecs {
+		if dfwCategory.Category == ethernetCategory {
 			continue // cuurently skip L2 rules
 		}
 		// get analyzed conns from this category
@@ -62,7 +62,7 @@ func (d *DFW) AllowedConnectionsIngressOrEgress(src, dst *endpoints.VM, isIngres
 			allAllowedConns).Subtract(allDeniedConns)
 	}
 
-	if d.defaultAction == actionAllow {
+	if d.DefaultAction == actionAllow {
 		// if the last category has no default, use the "global" default (todo: check where this value is configured in the api)
 		allAllowedConns = allAllowedConns.Union(allNotDeterminedConns)
 	}
@@ -75,7 +75,7 @@ func (d *DFW) OriginalRulesStrFormatted() string {
 	writer := tabwriter.NewWriter(&builder, 1, 1, 1, ' ', tabwriter.Debug)
 	fmt.Fprintln(writer, "original rules:")
 	fmt.Fprintln(writer, getRulesFormattedHeaderLine())
-	for _, c := range d.categoriesSpecs {
+	for _, c := range d.CategoriesSpecs {
 		for _, ruleStr := range c.originalRulesStr() {
 			if ruleStr == "" {
 				continue
@@ -89,22 +89,22 @@ func (d *DFW) OriginalRulesStrFormatted() string {
 
 // return a string rep that shows the fw-rules in all categories
 func (d *DFW) String() string {
-	categoriesStrings := make([]string, len(d.categoriesSpecs))
-	for i := range d.categoriesSpecs {
-		categoriesStrings[i] = d.categoriesSpecs[i].string()
+	categoriesStrings := make([]string, len(d.CategoriesSpecs))
+	for i := range d.CategoriesSpecs {
+		categoriesStrings[i] = d.CategoriesSpecs[i].string()
 	}
 	return strings.Join(categoriesStrings, lineSeparatorStr)
 }
 
 func (d *DFW) AllEffectiveRules() string {
 	inboundRes := []string{}
 	outboundRes := []string{}
-	for i := range d.categoriesSpecs {
-		if len(d.categoriesSpecs[i].processedRules.inbound) > 0 {
-			inboundRes = append(inboundRes, d.categoriesSpecs[i].inboundEffectiveRules())
+	for i := range d.CategoriesSpecs {
+		if len(d.CategoriesSpecs[i].ProcessedRules.Inbound) > 0 {
+			inboundRes = append(inboundRes, d.CategoriesSpecs[i].inboundEffectiveRules())
 		}
-		if len(d.categoriesSpecs[i].processedRules.outbound) > 0 {
-			outboundRes = append(outboundRes, d.categoriesSpecs[i].outboundEffectiveRules())
+		if len(d.CategoriesSpecs[i].ProcessedRules.Outbound) > 0 {
+			outboundRes = append(outboundRes, d.CategoriesSpecs[i].outboundEffectiveRules())
 		}
 	}
 	inbound := fmt.Sprintf("\nInbound effective rules only:%s%s\n", common.ShortSep, strings.Join(inboundRes, lineSeparatorStr))
@@ -116,52 +116,52 @@ func (d *DFW) AllEffectiveRules() string {
 
 func (d *DFW) AddRule(src, dst []*endpoints.VM, conn *netset.TransportSet, categoryStr, actionStr, direction string,
 	ruleID int, origRule *collector.Rule, scope []*endpoints.VM, secPolicyName string, origDefaultRule *collector.FirewallRule) {
-	for _, fwCategory := range d.categoriesSpecs {
-		if fwCategory.category.string() == categoryStr {
+	for _, fwCategory := range d.CategoriesSpecs {
+		if fwCategory.Category.string() == categoryStr {
 			fwCategory.addRule(src, dst, conn, actionStr, direction, ruleID, origRule, scope, secPolicyName, origDefaultRule)
 		}
 	}
 }
 
 /*func (d *DFW) AddRule(src, dst []*endpoints.VM, conn *netset.TransportSet, categoryStr string, actionStr string) {
-	var categoryObj *categorySpec
-	for _, c := range d.categoriesSpecs {
-		if c.category.string() == categoryStr {
+	var categoryObj *CategorySpec
+	for _, c := range d.CategoriesSpecs {
+		if c.Category.string() == categoryStr {
 			categoryObj = c
 		}
 	}
-	if categoryObj == nil { // create new category if missing
-		categoryObj = &categorySpec{
-			category: dfwCategoryFromString(categoryStr),
+	if categoryObj == nil { // create new Category if missing
+		categoryObj = &CategorySpec{
+			Category: dfwCategoryFromString(categoryStr),
 		}
-		d.categoriesSpecs = append(d.categoriesSpecs, categoryObj)
+		d.CategoriesSpecs = append(d.CategoriesSpecs, categoryObj)
 	}
 
 	newRule := &FwRule{
 		srcVMs: src,
 		dstVMs: dst,
 		conn:   netset.All(), // todo: change
-		action: actionFromString(actionStr),
+		Action: actionFromString(actionStr),
 	}
 	categoryObj.rules = append(categoryObj.rules, newRule)
 }*/
 
 // NewEmptyDFW returns new DFW with global default as from input
 func NewEmptyDFW(globalDefaultAllow bool) *DFW {
 	res := &DFW{
-		defaultAction: actionDeny,
+		DefaultAction: actionDeny,
 	}
 	if globalDefaultAllow {
-		res.defaultAction = actionAllow
+		res.DefaultAction = actionAllow
 	}
 	for _, c := range categoriesList {
-		res.categoriesSpecs = append(res.categoriesSpecs, newEmptyCategory(c, res))
+		res.CategoriesSpecs = append(res.CategoriesSpecs, newEmptyCategory(c, res))
 	}
 	return res
 }
 
 func (d *DFW) GlobalDefaultAllow() bool {
-	return d.defaultAction == actionAllow
+	return d.DefaultAction == actionAllow
 }
 
 func (d *DFW) SetPathsToDisplayNames(m map[string]string) {