Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ANP conformance tests for .Spec.Ingress and .Spec.Egress fields #99

Merged
merged 6 commits into from
May 23, 2023
Merged

Add ANP conformance tests for .Spec.Ingress and .Spec.Egress fields #99

merged 6 commits into from
May 23, 2023

Conversation

tssurya
Copy link
Contributor

@tssurya tssurya commented May 17, 2023
edited
Loading

This PR adds conformance for ingress rules and egress rules with 3 actions deny/allow/pass across all 3 protocols udp/sctp/tcp with and without ports.
A new suite of tests will be added for mix of both ingress & egress rules called gressRules with mix of protocols in a new PR.
Depends on #98
Sample Output:

--- PASS: TestConformance (92.63s)                                                                                                                                           
    --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP (15.02s)                                                                                                          
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'allow-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.80s)          
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'allow-egress'_policy_for_SCTP_protocol_at_the_specified_port (3.41s)                       
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'deny-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (6.56s)           
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_a_'deny-egress'_policy_for_SCTP_protocol_at_the_specified_port (3.55s)                         
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'pass-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.34s)           
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_a_'pass-egress'_policy_for_SCTP_protocol_at_the_specified_port (0.32s)                         
    --- PASS: TestConformance/AdminNetworkPolicyEgressTCP (14.03s)                                                                                                           
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_an_'allow-egress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.22s)            
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_an_'allow-egress'_policy_for_TCP_protocol_at_the_specified_port (3.22s)                         
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_an_'deny-egress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (6.55s)             
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_a_'deny-egress'_policy_for_TCP_protocol_at_the_specified_port (3.48s)                           
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_an_'pass-egress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.27s)             
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_a_'pass-egress'_policy_for_TCP_protocol_at_the_specified_port (0.28s)                           
    --- PASS: TestConformance/AdminNetworkPolicyEgressUDP (14.26s)                                                                                                           
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_an_'allow-egress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.25s)            
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_an_'allow-egress'_policy_for_UDP_protocol_at_the_specified_port (3.19s)                         
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_an_'deny-egress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (6.37s)             
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_a_'deny-egress'_policy_for_UDP_protocol_at_the_specified_port (3.60s)                           
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_an_'pass-egress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.42s)             
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_a_'pass-egress'_policy_for_UDP_protocol_at_the_specified_port (0.39s)
    --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP (14.34s)                                                                                                         
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'allow-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.35s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'allow-ingress'_policy_for_SCTP_protocol_at_the_specified_port (3.23s)                     
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'deny-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (6.46s) 
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_a_'deny-ingress'_policy_for_SCTP_protocol_at_the_specified_port (3.57s)  
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'pass-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.41s)         
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_a_'pass-ingress'_policy_for_SCTP_protocol_at_the_specified_port (0.30s)                       
    --- PASS: TestConformance/AdminNetworkPolicyIngressTCP (14.40s)                                                                                                          
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_an_'allow-ingress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.23s)          
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_an_'allow-ingress'_policy_for_TCP_protocol_at_the_specified_port (3.21s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_an_'deny-ingress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (6.57s)           
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_a_'deny-ingress'_policy_for_TCP_protocol_at_the_specified_port (3.69s)                         
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_an_'pass-ingress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.41s)           
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_a_'pass-ingress'_policy_for_TCP_protocol_at_the_specified_port (0.27s)
    --- PASS: TestConformance/AdminNetworkPolicyIngressUDP (14.26s)                                                                                                          
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_an_'allow-ingress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.24s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_an_'allow-ingress'_policy_for_UDP_protocol_at_the_specified_port (3.23s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_an_'deny-ingress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (6.55s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_a_'deny-ingress'_policy_for_UDP_protocol_at_the_specified_port (3.47s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_an_'pass-ingress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.38s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_a_'pass-ingress'_policy_for_UDP_protocol_at_the_specified_port (0.37s)
PASS

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 17, 2023
@netlify
Copy link

netlify bot commented May 17, 2023
edited
Loading

Deploy Preview for kubernetes-sigs-network-policy-api ready!

Name Link
🔨 Latest commit 23e4bc0
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-network-policy-api/deploys/646cd304343a0b000895ca94
😎 Deploy Preview https://deploy-preview-99--kubernetes-sigs-network-policy-api.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@k8s-ci-robot k8s-ci-robot requested review from astoycos and Dyanngg May 17, 2023 12:52
@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label May 17, 2023
@tssurya
Copy link
Contributor Author

tssurya commented May 17, 2023

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 17, 2023
@tssurya tssurya changed the title Add conformance tests with focus on .Spec.Ingress and .Spec.Egress fields Add conformance tests for .Spec.Ingress and .Spec.Egress fields May 18, 2023
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 20, 2023
@tssurya tssurya force-pushed the add-conformance-tests branch from fe40898 to f29d48b Compare May 20, 2023 14:33
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 20, 2023
@tssurya tssurya force-pushed the add-conformance-tests branch from f29d48b to 70c4bfe Compare May 20, 2023 15:49
@tssurya tssurya changed the title Add conformance tests for .Spec.Ingress and .Spec.Egress fields Add ANP conformance tests for .Spec.Ingress and .Spec.Egress fields May 22, 2023
@tssurya tssurya mentioned this pull request May 22, 2023
Closed
32 tasks
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 22, 2023
tssurya added 6 commits May 23, 2023 16:45
@tssurya
Add ingress traffic conformance tests for TCP protocol
6aada39 
This commit tests .Spec.Ingress specifically.
We test deny, allow and pass actions.
We test TCP protocol with and without port combination.

TODO: In future add test for port range and named ports.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
@tssurya
Add ingress traffic conformance tests for SCTP protocol
0d69d97 
This commit tests .Spec.Ingress specifically.
We test deny, allow and pass actions.
We test SCTP protocol with and without port combination.

TODO: In future add test for port range and named ports.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
@tssurya
Add ingress traffic conformance tests for UDP protocol
aedf0b4 
This commit tests .Spec.Ingress specifically.
We test deny, allow and pass actions.
We test UDP protocol with and without port combination.

TODO: In future add test for port range and named ports.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
@tssurya
Add egress traffic conformance tests for TCP protocol
a9321b7 
This commit tests .Spec.Egress specifically.
We test deny, allow and pass actions.
We test TCP protocol with and without port combination.

TODO: In future add test for port range and named ports.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
@tssurya
Add egress traffic conformance tests for UDP protocol
00a9797 
This commit tests .Spec.Egress specifically.
We test deny, allow and pass actions.
We test UDP protocol with and without port combination.

TODO: In future add test for port range and named ports.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
@tssurya
Add egress traffic conformance tests for SCTP protocol
23e4bc0 
This commit tests .Spec.Egress specifically.
We test deny, allow and pass actions.
We test SCTP protocol with and without port combination.

TODO: In future add test for port range and named ports.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
@tssurya tssurya force-pushed the add-conformance-tests branch from 70c4bfe to 23e4bc0 Compare May 23, 2023 14:51
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 23, 2023
@astoycos
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 23, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: astoycos, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 23, 2023
@tssurya
Copy link
Contributor Author

tssurya commented May 23, 2023

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 23, 2023
@k8s-ci-robot k8s-ci-robot merged commit 377a148 into kubernetes-sigs:master May 23, 2023
@tssurya tssurya mentioned this pull request May 24, 2023
Merged
@tssurya tssurya mentioned this pull request Jun 9, 2023
Merged
34 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@astoycos astoycos astoycos left review comments

@Dyanngg Dyanngg Awaiting requested review from Dyanngg

Assignees

@astoycos astoycos

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tssurya @astoycos @k8s-ci-robot