Use getters for retrieving network policy labels

kabicin · kabicin · commit 9ee8575fc98d · 2025-06-03T15:32:17.000-04:00
diff --git a/utils/utils.go b/utils/utils.go
@@ -350,7 +350,7 @@ func createNetworkPolicyEgressRule(appName string, namespace string, config comm
 	if config != nil {
 		rule.To = append(rule.To,
 			// Add peer to allow traffic to other pods belonging to the app
-			createNetworkPolicyPeer(appName, namespace, config, config.GetToNamespaceLabels, config.GetToLabels),
+			createNetworkPolicyPeer(appName, namespace, config, getNetworkPolicyEgressLabelGetters),
 		)
 	}
 	return rule
@@ -456,14 +456,9 @@ func createOpenShiftNetworkPolicyIngressRule(appName string, namespace string, i
 		)
 	}
 
-	if config != nil {
-		rule.From = append(rule.From,
-			// Add peer to allow traffic from other pods belonging to the app
-			createNetworkPolicyPeer(appName, namespace, config, config.GetFromNamespaceLabels, config.GetFromLabels),
-		)
-	}
-	// default to allow traffic from OpenShift monitoring
 	rule.From = append(rule.From,
+		// Add peer to allow traffic from other pods belonging to the app
+		createNetworkPolicyPeer(appName, namespace, config, getNetworkPolicyIngressLabelGetters),
 		// Add peer to allow traffic from OpenShift monitoring
 		networkingv1.NetworkPolicyPeer{
 			NamespaceSelector: &metav1.LabelSelector{
@@ -484,7 +479,7 @@ func createKubernetesNetworkPolicyIngressRule(appName string, namespace string,
 
 	rule := networkingv1.NetworkPolicyIngressRule{}
 	rule.From = []networkingv1.NetworkPolicyPeer{
-		createNetworkPolicyPeer(appName, namespace, config, config.GetFromNamespaceLabels, config.GetFromLabels),
+		createNetworkPolicyPeer(appName, namespace, config, getNetworkPolicyIngressLabelGetters),
 	}
 	return rule
 }
@@ -497,12 +492,12 @@ func createAllowAllNetworkPolicyIngressRule() networkingv1.NetworkPolicyIngressR
 	}
 }
 
-func createNetworkPolicyPeer(appName string, namespace string, networkPolicy common.BaseComponentNetworkPolicy, getNamespaceLabels func() map[string]string, getLabels func() map[string]string) networkingv1.NetworkPolicyPeer {
+func createNetworkPolicyPeer(appName string, namespace string, networkPolicy common.BaseComponentNetworkPolicy, getNetworkPolicyLabelGetters func(common.BaseComponentNetworkPolicy) (func() map[string]string, func() map[string]string)) networkingv1.NetworkPolicyPeer {
 	peer := networkingv1.NetworkPolicyPeer{
 		NamespaceSelector: &metav1.LabelSelector{},
 		PodSelector:       &metav1.LabelSelector{},
 	}
-
+	getNamespaceLabels, getLabels := getNetworkPolicyLabelGetters(networkPolicy)
 	if networkPolicy == nil || getNamespaceLabels() == nil {
 		peer.NamespaceSelector.MatchLabels = map[string]string{
 			"kubernetes.io/metadata.name": namespace,
@@ -559,6 +554,30 @@ func customizeNetworkPolicyPorts(ingress *networkingv1.NetworkPolicyIngressRule,
 	}
 }
 
+func getNetworkPolicyIngressLabelGetters(config common.BaseComponentNetworkPolicy) (func() map[string]string, func() map[string]string) {
+	var getNamespaceLabels, getLabels func() map[string]string
+	if config != nil {
+		getNamespaceLabels = config.GetFromNamespaceLabels
+		getLabels = config.GetFromLabels
+	} else {
+		getNamespaceLabels = nil
+		getLabels = nil
+	}
+	return getNamespaceLabels, getLabels
+}
+
+func getNetworkPolicyEgressLabelGetters(config common.BaseComponentNetworkPolicy) (func() map[string]string, func() map[string]string) {
+	var getNamespaceLabels, getLabels func() map[string]string
+	if config != nil {
+		getNamespaceLabels = config.GetToNamespaceLabels
+		getLabels = config.GetToLabels
+	} else {
+		getNamespaceLabels = nil
+		getLabels = nil
+	}
+	return getNamespaceLabels, getLabels
+}
+
 // returns true if policy is contained within the policyTypes array, false otherwise
 func policyTypesContains(policyTypes []networkingv1.PolicyType, policy networkingv1.PolicyType) bool {
 	for _, currentPolicy := range policyTypes {
