search

kubernetes-sigs / network-policy-api

This repo addresses further work involving Kubernetes network security beyond the initial NetworkPolicy resource
Apache License 2.0
51 stars 29 forks source link

Add ANP conformance tests for `.Spec.Ingress` and `.Spec.Egress` fields #99

Closed tssurya closed 1 year ago

tssurya commented 1 year ago

This PR adds conformance for ingress rules and egress rules with 3 actions deny/allow/pass across all 3 protocols udp/sctp/tcp with and without ports. A new suite of tests will be added for mix of both ingress & egress rules called gressRules with mix of protocols in a new PR. Depends on https://github.com/kubernetes-sigs/network-policy-api/pull/98 Sample Output:

--- PASS: TestConformance (92.63s)                                                                                                                                           
    --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP (15.02s)                                                                                                          
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'allow-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.80s)          
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'allow-egress'_policy_for_SCTP_protocol_at_the_specified_port (3.41s)                       
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'deny-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (6.56s)           
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_a_'deny-egress'_policy_for_SCTP_protocol_at_the_specified_port (3.55s)                         
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'pass-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.34s)           
        --- PASS: TestConformance/AdminNetworkPolicyEgressSCTP/Should_support_a_'pass-egress'_policy_for_SCTP_protocol_at_the_specified_port (0.32s)                         
    --- PASS: TestConformance/AdminNetworkPolicyEgressTCP (14.03s)                                                                                                           
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_an_'allow-egress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.22s)            
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_an_'allow-egress'_policy_for_TCP_protocol_at_the_specified_port (3.22s)                         
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_an_'deny-egress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (6.55s)             
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_a_'deny-egress'_policy_for_TCP_protocol_at_the_specified_port (3.48s)                           
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_an_'pass-egress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.27s)             
        --- PASS: TestConformance/AdminNetworkPolicyEgressTCP/Should_support_a_'pass-egress'_policy_for_TCP_protocol_at_the_specified_port (0.28s)                           
    --- PASS: TestConformance/AdminNetworkPolicyEgressUDP (14.26s)                                                                                                           
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_an_'allow-egress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.25s)            
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_an_'allow-egress'_policy_for_UDP_protocol_at_the_specified_port (3.19s)                         
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_an_'deny-egress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (6.37s)             
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_a_'deny-egress'_policy_for_UDP_protocol_at_the_specified_port (3.60s)                           
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_an_'pass-egress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.42s)             
        --- PASS: TestConformance/AdminNetworkPolicyEgressUDP/Should_support_a_'pass-egress'_policy_for_UDP_protocol_at_the_specified_port (0.39s)
    --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP (14.34s)                                                                                                         
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'allow-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.35s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'allow-ingress'_policy_for_SCTP_protocol_at_the_specified_port (3.23s)                     
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'deny-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (6.46s) 
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_a_'deny-ingress'_policy_for_SCTP_protocol_at_the_specified_port (3.57s)  
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'pass-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.41s)         
        --- PASS: TestConformance/AdminNetworkPolicyIngressSCTP/Should_support_a_'pass-ingress'_policy_for_SCTP_protocol_at_the_specified_port (0.30s)                       
    --- PASS: TestConformance/AdminNetworkPolicyIngressTCP (14.40s)                                                                                                          
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_an_'allow-ingress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.23s)          
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_an_'allow-ingress'_policy_for_TCP_protocol_at_the_specified_port (3.21s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_an_'deny-ingress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (6.57s)           
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_a_'deny-ingress'_policy_for_TCP_protocol_at_the_specified_port (3.69s)                         
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_an_'pass-ingress'_policy_for_TCP_protocol;_ensure_rule_ordering_is_respected (0.41s)           
        --- PASS: TestConformance/AdminNetworkPolicyIngressTCP/Should_support_a_'pass-ingress'_policy_for_TCP_protocol_at_the_specified_port (0.27s)
    --- PASS: TestConformance/AdminNetworkPolicyIngressUDP (14.26s)                                                                                                          
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_an_'allow-ingress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.24s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_an_'allow-ingress'_policy_for_UDP_protocol_at_the_specified_port (3.23s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_an_'deny-ingress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (6.55s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_a_'deny-ingress'_policy_for_UDP_protocol_at_the_specified_port (3.47s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_an_'pass-ingress'_policy_for_UDP_protocol;_ensure_rule_ordering_is_respected (0.38s)
        --- PASS: TestConformance/AdminNetworkPolicyIngressUDP/Should_support_a_'pass-ingress'_policy_for_UDP_protocol_at_the_specified_port (0.37s)
PASS
netlify[bot] commented 1 year ago

Deploy Preview for kubernetes-sigs-network-policy-api ready!

Name Link
Latest commit 23e4bc0dc393e9b4641392b7f4d9fd13f9834e70
Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-network-policy-api/deploys/646cd304343a0b000895ca94
Deploy Preview https://deploy-preview-99--kubernetes-sigs-network-policy-api.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

tssurya commented 1 year ago

/hold

astoycos commented 1 year ago

/lgtm /approve

k8s-ci-robot commented 1 year ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: astoycos, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/network-policy-api/blob/master/OWNERS)~~ [astoycos] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
tssurya commented 1 year ago

/hold cancel