Policy name randomizer for network-policy (#678)

* Policy name randomizer using hash method for network-policy Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com> Co-authored-by: Wazir Ahmed <wazir@accuknox.com>
accuknox · Mar 14, 2023 · 1babda3 · 1babda3
1 parent 4bb4ca0
commit 1babda3
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 24 deletions.
diff --git a/src/common/common.go b/src/common/common.go
@@ -2,10 +2,11 @@ package common
 
 import (
 	"fmt"
+	"hash/fnv"
 	"strings"
 )
 
-//Basic Constant
+// Basic Constant
 const (
 	STATUS     = "Passed"
 	LIMIT      = " limit "
@@ -22,7 +23,7 @@ const (
 	L3_L4      = "L3_L4"
 )
 
-//Query Constant
+// Query Constant
 const (
 	WHERE_NAMESPACE_NAME  = ` where namespace_name = "`
 	WHERE                 = ` where `
@@ -33,14 +34,14 @@ const (
 	ORDER_BY_UPDATED_TIME = ` order by updated_time DESC`
 )
 
-//Error Constant
+// Error Constant
 const (
 	INCORRECT_DIRECTION = "incorrect direction"
 	INCORRECT_VERDICT   = "incorrect verdict"
 	INCORRECT_TYPE      = "incorrect type"
 )
 
-//ConvertArrayToString - Convert Array of string to String
+// ConvertArrayToString - Convert Array of string to String
 func ConvertArrayToString(arr []string) string {
 	var str string
 	for _, label := range arr {
@@ -58,7 +59,7 @@ func ConvertArrayToString(arr []string) string {
 
 }
 
-//ConvertStringToArray - Convert String to Array of string
+// ConvertStringToArray - Convert String to Array of string
 func ConvertStringToArray(str string) []string {
 	return strings.Split(str, ",")
 }
@@ -86,3 +87,9 @@ func StringDeDuplication(strSlice []string) []string {
 	}
 	return list
 }
+
+func HashInt(s string) uint32 {
+	h := fnv.New32a()
+	_, _ = h.Write([]byte(s))
+	return h.Sum32()
+}
diff --git a/src/networkpolicy/deduplicator.go b/src/networkpolicy/deduplicator.go
@@ -1,8 +1,10 @@
 package networkpolicy
 
 import (
+	"strconv"
 	"strings"
 
+	"github.com/accuknox/auto-policy-discovery/src/common"
 	"github.com/accuknox/auto-policy-discovery/src/libs"
 	types "github.com/accuknox/auto-policy-discovery/src/types"
 
@@ -761,19 +763,11 @@ func existPolicyName(policyNamesMap map[string]bool, name string) bool {
 }
 
 func GeneratePolicyName(policyNamesMap map[string]bool, policy types.KnoxNetworkPolicy, clusterName string) types.KnoxNetworkPolicy {
-	egressPrefix := "autopol-egress-"
-	ingressPrefix := "autopol-ingress-"
-
 	polType := policy.Metadata["type"]
-	name := "autopol-" + polType + "-" + libs.RandSeq(15)
 
-	for existPolicyName(policyNamesMap, name) {
-		if polType == "egress" {
-			name = egressPrefix + libs.RandSeq(15)
-		} else {
-			name = ingressPrefix + libs.RandSeq(15)
-		}
-	}
+	hashInt := common.HashInt(polType+policy.Metadata["labels"]+policy.Metadata["namespace"]+policy.Metadata["clustername"]+policy.Metadata["containername"])
+	hash := strconv.FormatUint(uint64(hashInt), 10)
+	name := "autopol-" + polType + "-" + hash
 
 	policyNamesMap[name] = true
 

diff --git a/src/systempolicy/systemPolicy.go b/src/systempolicy/systemPolicy.go
@@ -2,7 +2,6 @@ package systempolicy
 
 import (
 	"errors"
-	"hash/fnv"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -771,16 +770,12 @@ func mergeFromSource(pols []types.KnoxSystemPolicy) []types.KnoxSystemPolicy {
 	return results
 }
 
-func hashInt(s string) uint32 {
-	h := fnv.New32a()
-	_, _ = h.Write([]byte(s))
-	return h.Sum32()
-}
-
 func mergeSysPolicies(pols []types.KnoxSystemPolicy) []types.KnoxSystemPolicy {
 	var results []types.KnoxSystemPolicy
 	for _, pol := range pols {
-		pol.Metadata["name"] = "autopol-system-" + strconv.FormatUint(uint64(hashInt(pol.Metadata["labels"]+pol.Metadata["namespace"]+pol.Metadata["clustername"]+pol.Metadata["containername"])), 10)
+		pol.Metadata["name"] = "autopol-system-" +
+			strconv.FormatUint(uint64(common.HashInt(pol.Metadata["labels"]+
+				pol.Metadata["namespace"]+pol.Metadata["clustername"]+pol.Metadata["containername"])), 10)
 		i := checkIfMetadataMatches(pol, results)
 		if i < 0 {
 			results = append(results, pol)