Skip to content

Commit

Permalink
BANP: Add conformance for gress rules
Browse files Browse the repository at this point in the history 
This commit adds conformance tests for mix of ingress
and egress rules in same CRD, which mixes up protocols
and ports in same rules. They should behave in an
idempotent manner with regards to each other.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
  • Loading branch information
@tssurya
tssurya committed Jun 28, 2023
1 parent df0d129 commit 3d592ba
Show file tree
Hide file tree
Showing 3 changed files with 444 additions and 1 deletion.
121 changes: 121 additions & 0 deletions conformance/base/baseline_admin_network_policy/core-gress-rules-combined.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
apiVersion: policy.networking.k8s.io/v1alpha1
kind: BaselineAdminNetworkPolicy
metadata:
name: default
spec:
subject:
namespaces:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-gryffindor
egress:
- name: "allow-to-ravenclaw-everything"
action: "Allow"
to:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
- name: "deny-to-ravenclaw-everything"
action: "Deny"
to:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
- name: "deny-to-slytherin-at-ports-80-53-9003"
action: "Deny"
to:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-slytherin
ports:
- portNumber:
protocol: TCP
port: 80
- portNumber:
protocol: UDP
port: 53
- portNumber:
protocol: SCTP
port: 9003
- name: "allow-to-hufflepuff-at-ports-8080-5353"
action: "Allow"
to:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
ports:
- portNumber:
protocol: TCP
port: 8080
- portNumber:
protocol: UDP
port: 5353
- portNumber:
protocol: SCTP
port: 9003
- name: "deny-to-hufflepuff-everything-else"
action: "Deny"
to:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
ingress:
- name: "allow-from-ravenclaw-everything"
action: "Allow"
from:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
- name: "deny-from-ravenclaw-everything"
action: "Deny"
from:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
- name: "deny-from-slytherin-at-port-80-53-9003"
action: "Deny"
from:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-slytherin
ports:
- portNumber:
protocol: TCP
port: 80
- portNumber:
protocol: UDP
port: 53
- portNumber:
protocol: SCTP
port: 9003
- name: "allow-from-hufflepuff-at-port-80-5353-9003"
action: "Allow"
from:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
ports:
- portNumber:
protocol: TCP
port: 80
- portNumber:
protocol: UDP
port: 5353
- portNumber:
protocol: SCTP
port: 9003
- name: "deny-from-hufflepuff-everything-else"
action: "Deny"
from:
- namespaces:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
2 changes: 1 addition & 1 deletion conformance/tests/admin-network-policy-core-gress-rules.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ var AdminNetworkPolicyGress = suite.ConformanceTest{
Features: []suite.SupportedFeature{
suite.SupportAdminNetworkPolicy,
},
Manifests: []string{"base/admin-network-policy/core-gress-rules-combined.yaml"},
Manifests: []string{"base/admin_network_policy/core-gress-rules-combined.yaml"},
Test: func(t *testing.T, s *suite.ConformanceTestSuite) {

t.Run("Should support an 'allow-gress' policy across different protocols", func(t *testing.T) {
Expand Down
Loading

0 comments on commit 3d592ba

Please sign in to comment.