change pod network policy checks

[tylergmuir]

This reworks how the ingress and egress policies are checked. I'm open to input on if this is strict enough of a check, but my initial thought was that if the pod has both some sort of selector that it is probably good enough. While the selector could be too open, I feel like that should be flagged under the network policy check instead of flagging the pod directly.

Ingress check is good if:

• .spec.policyType includes "Ingress"
• .spec.podSelector targets the pod
• .spec.ingress.[*] includes both a port definition and at least one of the following: podSelector, namespaceSelector, ipBlock

Egress check is good if:

• .spec.policyType includes "Ingress"
• .spec.podSelector targets the pod
• .spec.egress.[*] includes both a port definition and at least one of the following: podSelector, namespaceSelector, ipBlock

[derailed]

@tylergmuir Thank you for this update Tyler! The intent of this check is to ensure a given pod is covered by a network policy either as a source or destination. I think there is indeed a problem in this check. If a given policy targets the pod via the selector then your check is valid. However when a given policy does not target the pod directly via the selector, we want to make sure that the pod from/to traffic is covered i.e ingress/egress selects that pod. Does this make sense or am I missing it?

Note: the tests are currently failing.