From cdeca7e75b037ea5def54c856e4cd92dbbd7d77e Mon Sep 17 00:00:00 2001 From: Dhruv-J Date: Wed, 15 Jan 2025 11:00:30 -0800 Subject: [PATCH] updated with feedback and everything working Signed-off-by: Dhruv-J --- .../apiserver/handlers/fqdncache/handler.go | 11 +++----- .../networkpolicy/networkpolicy_controller.go | 18 ++++++++++++- .../networkpolicy_controller_test.go | 2 ++ pkg/antctl/transform/fqdncache/response.go | 10 ------- .../transform/fqdncache/response_test.go | 26 +------------------ 5 files changed, 23 insertions(+), 44 deletions(-) diff --git a/pkg/agent/apiserver/handlers/fqdncache/handler.go b/pkg/agent/apiserver/handlers/fqdncache/handler.go index f72bef53440..46b44d0fc8d 100644 --- a/pkg/agent/apiserver/handlers/fqdncache/handler.go +++ b/pkg/agent/apiserver/handlers/fqdncache/handler.go @@ -16,7 +16,6 @@ package fqdncache import ( "encoding/json" - "fmt" "net/http" "net/url" @@ -28,10 +27,7 @@ import ( func HandleFunc(aq agentquerier.AgentQuerier) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - fqdnFilter, err := newFilterFromURLQuery(r.URL.Query()) - if err != nil { - klog.ErrorS(err, "Failed to create filter from query") - } + fqdnFilter := newFilterFromURLQuery(r.URL.Query()) dnsEntryCache := aq.GetFqdnCache(fqdnFilter) if err := json.NewEncoder(w).Encode(dnsEntryCache); err != nil { http.Error(w, "Failed to encode response: "+err.Error(), http.StatusInternalServerError) @@ -40,7 +36,6 @@ func HandleFunc(aq agentquerier.AgentQuerier) http.HandlerFunc { } } -func newFilterFromURLQuery(query url.Values) (querier.FQDNCacheFilter, error) { - fmt.Printf("query: %v\n", query) - return querier.FQDNCacheFilter{}, nil +func newFilterFromURLQuery(query url.Values) querier.FQDNCacheFilter { + return querier.FQDNCacheFilter{DomainName: query.Get("domain")} } diff --git a/pkg/agent/controller/networkpolicy/networkpolicy_controller.go b/pkg/agent/controller/networkpolicy/networkpolicy_controller.go index 3cf490205e5..7006b0151e7 100644 --- a/pkg/agent/controller/networkpolicy/networkpolicy_controller.go +++ b/pkg/agent/controller/networkpolicy/networkpolicy_controller.go @@ -19,6 +19,8 @@ import ( "fmt" "net" "reflect" + "regexp" + "strings" "sync" "time" @@ -540,9 +542,23 @@ func NewNetworkPolicyController(antreaClientGetter client.AntreaClientProvider, func (c *Controller) GetFqdnCache(fqdnFilter querier.FQDNCacheFilter) []types.DnsCacheEntry { cacheEntryList := []types.DnsCacheEntry{} + var pattern *regexp.Regexp + var err error + if fqdnFilter != (querier.FQDNCacheFilter{}) { + // have to convert human readable regex, i.e. *.example.com into regex that can be used + regexPattern := "^" + strings.ReplaceAll(regexp.QuoteMeta(fqdnFilter.DomainName), `\*`, ".*") + "$" + pattern, err = regexp.Compile(regexPattern) + if err != nil { + // this pattern will match no strings if there is an error with the regex formatting or usage with the user specified --domain flag + pattern = regexp.MustCompile(`a\A`) + } + } else { + // this pattern will match all strings if the filter is unset + pattern = regexp.MustCompile(`.*`) + } for fqdn, dnsMeta := range c.fqdnController.dnsEntryCache { for _, ipWithExpiration := range dnsMeta.responseIPs { - if fqdnFilter == (querier.FQDNCacheFilter{}) || fqdnFilter.DomainName == fqdn { + if fqdnFilter == (querier.FQDNCacheFilter{}) || pattern.MatchString(fqdn) { entry := types.DnsCacheEntry{FqdnName: fqdn, IpAddress: ipWithExpiration.ip, ExpirationTime: ipWithExpiration.expirationTime} cacheEntryList = append(cacheEntryList, entry) } diff --git a/pkg/agent/controller/networkpolicy/networkpolicy_controller_test.go b/pkg/agent/controller/networkpolicy/networkpolicy_controller_test.go index 147c95e9f9b..896d65a2a67 100644 --- a/pkg/agent/controller/networkpolicy/networkpolicy_controller_test.go +++ b/pkg/agent/controller/networkpolicy/networkpolicy_controller_test.go @@ -960,4 +960,6 @@ func TestGetFqdnCache(t *testing.T) { } returnedList := controller.GetFqdnCache(querier.FQDNCacheFilter{}) assert.ElementsMatch(t, expectedEntryList, returnedList) + returnedList = controller.GetFqdnCache(querier.FQDNCacheFilter{DomainName: "*.io"}) + assert.ElementsMatch(t, []agenttypes.DnsCacheEntry{expectedEntryList[3]}, returnedList) } diff --git a/pkg/antctl/transform/fqdncache/response.go b/pkg/antctl/transform/fqdncache/response.go index b5f2eb9814a..fea0cfffafa 100644 --- a/pkg/antctl/transform/fqdncache/response.go +++ b/pkg/antctl/transform/fqdncache/response.go @@ -35,16 +35,6 @@ func Transform(reader io.Reader, single bool, opts map[string]string) (interface if err != nil { return nil, err } - domain, exists := opts["domain"] - if exists { - var filteredResp []Response - for _, r := range resp { - if r.FqdnName == domain { - filteredResp = append(filteredResp, r) - } - } - resp = filteredResp - } if len(resp) == 0 { return "", nil } diff --git a/pkg/antctl/transform/fqdncache/response_test.go b/pkg/antctl/transform/fqdncache/response_test.go index 3915167e040..dc617a5aaa8 100644 --- a/pkg/antctl/transform/fqdncache/response_test.go +++ b/pkg/antctl/transform/fqdncache/response_test.go @@ -63,34 +63,10 @@ func TestTrasnform(t *testing.T) { expectedError string }{ { - name: "all", + name: "transform all entries", fqdnList: fqdnList, expectedResponse: []Response{{&fqdn1}, {&fqdn2}, {&fqdn3}, {&fqdn4}, {&fqdn5}}, }, - { - name: "only google.com domain name", - opts: map[string]string{ - "domain": "google.com", - }, - fqdnList: fqdnList, - expectedResponse: []Response{{&fqdn1}, {&fqdn2}, {&fqdn3}}, - }, - { - name: "only antrea.io domain name", - opts: map[string]string{ - "domain": "antrea.io", - }, - fqdnList: fqdnList, - expectedResponse: []Response{{&fqdn5}}, - }, - { - name: "domain name that doesn't exist", - opts: map[string]string{ - "domain": "bing.com", - }, - fqdnList: fqdnList, - expectedResponse: []Response{}, - }, } for _, tt := range tests {