search

kubernetes-sigs / network-policy-api

This repo addresses further work involving Kubernetes network security beyond the initial NetworkPolicy resource
Apache License 2.0
51 stars 29 forks source link

Add BANP conformance tests for .Spec.Ingress and .Spec.Egress fields #109

Closed tssurya closed 1 year ago

tssurya commented 1 year ago

This is same as done in https://github.com/kubernetes-sigs/network-policy-api/pull/99 but for BANP. Since we don't have BANP Pass action, we don't need that for the tests here.

Sample output as run on OVN-K cluster:

   --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressSCTP (13.04s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressSCTP/Should_support_an_'allow-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.24s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressSCTP/Should_support_an_'allow-egress'_policy_for_SCTP_protocol_at_the_specified_port (3.22s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressSCTP/Should_support_an_'deny-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (6.26s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressSCTP/Should_support_a_'deny-egress'_policy_for_SCTP_protocol_at_the_specified_port (3.29s)
    --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressTCP (13.07s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressTCP/Should_support_an_'allow-egress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.23s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressTCP/Should_support_an_'allow-egress'_policy_for_TCP_protocol_at_the_specified_port (3.24s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressTCP/Should_support_an_'deny-egress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (6.32s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressTCP/Should_support_a_'deny-egress'_policy_for_TCP_protocol_at_the_specified_port (3.26s)
    --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressUDP (13.53s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressUDP/Should_support_an_'allow-egress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.43s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressUDP/Should_support_an_'allow-egress'_policy_for_UDP_protocol_at_the_specified_port (3.52s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressUDP/Should_support_an_'deny-egress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (6.26s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyEgressUDP/Should_support_a_'deny-egress'_policy_for_UDP_protocol_at_the_specified_port (3.30s)
    --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressSCTP (13.23s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressSCTP/Should_support_an_'allow-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.23s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressSCTP/Should_support_an_'allow-ingress'_policy_for_SCTP_protocol_at_the_specified_port (3.24s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressSCTP/Should_support_an_'deny-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (6.29s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressSCTP/Should_support_a_'deny-ingress'_policy_for_SCTP_protocol_at_the_specified_port (3.44s)
    --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressTCP (13.10s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressTCP/Should_support_an_'allow-ingress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.27s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressTCP/Should_support_an_'allow-ingress'_policy_for_TCP_protocol_at_the_specified_port (3.22s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressTCP/Should_support_an_'deny-ingress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (6.31s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressTCP/Should_support_a_'deny-ingress'_policy_for_TCP_protocol_at_the_specified_port (3.28s)
    --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressUDP (13.33s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressUDP/Should_support_an_'allow-ingress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.36s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressUDP/Should_support_an_'allow-ingress'_policy_for_UDP_protocol_at_the_specified_port (3.24s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressUDP/Should_support_an_'deny-ingress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (6.32s)
        --- PASS: TestConformance/BaselineAdminNetworkPolicyIngressUDP/Should_support_a_'deny-ingress'_policy_for_UDP_protocol_at_the_specified_port (3.38s)
PASS
ok      sigs.k8s.io/network-policy-api/conformance  193.009s
?       sigs.k8s.io/network-policy-api/conformance/tests    [no test files]
?       sigs.k8s.io/network-policy-api/conformance/utils/config [no test files]
?       sigs.k8s.io/network-policy-api/conformance/utils/flags  [no test files]
=== RUN   TestPrepareResources
=== RUN   TestPrepareResources/empty_namespace_labels
=== RUN   TestPrepareResources/simple_namespace_labels
=== RUN   TestPrepareResources/overwrite_namespace_labels
--- PASS: TestPrepareResources (0.00s)
    --- PASS: TestPrepareResources/empty_namespace_labels (0.00s)
    --- PASS: TestPrepareResources/simple_namespace_labels (0.00s)
    --- PASS: TestPrepareResources/overwrite_namespace_labels (0.00s)
PASS
netlify[bot] commented 1 year ago

Deploy Preview for kubernetes-sigs-network-policy-api ready!

Name Link
Latest commit 8c46a567512e2ede4511f6e6a266c8e3290bc66e
Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-network-policy-api/deploys/64860fb64a61b9000824d6cd
Deploy Preview https://deploy-preview-109--kubernetes-sigs-network-policy-api.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

astoycos commented 1 year ago

/lgtm /approve

astoycos commented 1 year ago

Thanks @tssurya!

k8s-ci-robot commented 1 year ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: astoycos, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/network-policy-api/blob/master/OWNERS)~~ [astoycos] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment