don't remove representative peers in any-namespace

np-guard / netpol-analyzer

A Golang library for analyzing k8s connectivity-configuration resources (a.k.a. network policies)

Apache License 2.0

9 stars 2 forks source link

don't remove representative peers in any-namespace #352

Closed shireenf-ibm closed 3 months ago

shireenf-ibm commented 3 months ago

issue #236

sub task:

[ ] handling cases of empty nsSelector (any-namespace) with non-empty podSelector : don't refine its representative peer if there is a matching pod in a specific namespace

also: keep representative peer for the case of all pods within a certain namespace

shireenf-ibm commented 3 months ago

in this commit added two examples of exposure to an existing namespace (having real pod in the ns) with current approach:

in first test test_conn_to_all_pods_in_an_existing_ns since we have a real pod in backend we don't see "all pods" exposure line
in second test test_conn_to_new_pod_in_an_existing_ns I used specific podSelector and so we see it in the exposure report