diff --git a/pkg/netpol/connlist/connlist_test.go b/pkg/netpol/connlist/connlist_test.go index 0485f95c..ec8a32c5 100644 --- a/pkg/netpol/connlist/connlist_test.go +++ b/pkg/netpol/connlist/connlist_test.go @@ -840,16 +840,6 @@ var goodPathTests = []struct { exposureAnalysis: true, outputFormats: ValidFormats, }, - { - testDirName: "exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports", - exposureAnalysis: true, - outputFormats: ValidFormats, - }, - { - testDirName: "exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2", - exposureAnalysis: true, - outputFormats: ValidFormats, - }, { testDirName: "exposure_test_egress_with_named_port", exposureAnalysis: true, diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.csv b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.csv deleted file mode 100644 index d6f9e646..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.csv +++ /dev/null @@ -1,10 +0,0 @@ -src,dst,conn -hello-world/workload-a[Deployment],0.0.0.0-255.255.255.255,All Connections -Exposure Analysis Result:,, -Egress Exposure:,, -src,dst,conn -hello-world/workload-a[Deployment],0.0.0.0-255.255.255.255,All Connections -hello-world/workload-a[Deployment],entire-cluster,All Connections -Ingress Exposure:,, -dst,src,conn -hello-world/workload-a[Deployment],entire-cluster,"TCP 8000,UDP http" diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot deleted file mode 100644 index 6a055046..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot +++ /dev/null @@ -1,13 +0,0 @@ -digraph { - subgraph "cluster_hello_world" { - color="black" - fontcolor="black" - "hello-world/workload-a[Deployment]" [label="workload-a[Deployment]" color="blue" fontcolor="blue"] - label="hello-world" - } - "0.0.0.0-255.255.255.255" [label="0.0.0.0-255.255.255.255" color="red2" fontcolor="red2"] - "entire-cluster" [label="entire-cluster" color="red2" fontcolor="red2" shape=diamond] - "entire-cluster" -> "hello-world/workload-a[Deployment]" [label="TCP 8000,UDP http" color="darkorange2" fontcolor="darkgreen" weight=1 style=dashed] - "hello-world/workload-a[Deployment]" -> "0.0.0.0-255.255.255.255" [label="All Connections" color="gold2" fontcolor="darkgreen" weight=1] - "hello-world/workload-a[Deployment]" -> "entire-cluster" [label="All Connections" color="darkorange4" fontcolor="darkgreen" weight=0.5 style=dashed] -} \ No newline at end of file diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot.png b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot.png deleted file mode 100644 index 1d206a8e..00000000 Binary files a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot.png and /dev/null differ diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot.svg b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot.svg deleted file mode 100644 index 6323bb13..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.dot.svg +++ /dev/null @@ -1,56 +0,0 @@ - - - - - - - - -cluster_hello_world - -hello-world - - - -hello-world/workload-a[Deployment] - -workload-a[Deployment] - - - -0.0.0.0-255.255.255.255 - -0.0.0.0-255.255.255.255 - - - -hello-world/workload-a[Deployment]->0.0.0.0-255.255.255.255 - - -All Connections - - - -entire-cluster - -entire-cluster - - - -hello-world/workload-a[Deployment]->entire-cluster - - -All Connections - - - -entire-cluster->hello-world/workload-a[Deployment] - - -TCP 8000,UDP http - - - diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.json b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.json deleted file mode 100644 index 418800ea..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "connlist_results": [ - { - "src": "hello-world/workload-a[Deployment]", - "dst": "0.0.0.0-255.255.255.255", - "conn": "All Connections" - } - ], - "exposure_results": { - "egress_exposure": [ - { - "src": "hello-world/workload-a[Deployment]", - "dst": "0.0.0.0-255.255.255.255", - "conn": "All Connections" - }, - { - "src": "hello-world/workload-a[Deployment]", - "dst": "entire-cluster", - "conn": "All Connections" - } - ], - "ingress_exposure": [ - { - "src": "entire-cluster", - "dst": "hello-world/workload-a[Deployment]", - "conn": "TCP 8000,UDP http" - } - ] - } -} \ No newline at end of file diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.md b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.md deleted file mode 100644 index a5db45e9..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.md +++ /dev/null @@ -1,14 +0,0 @@ -| src | dst | conn | -|-----|-----|------| -| hello-world/workload-a[Deployment] | 0.0.0.0-255.255.255.255 | All Connections | -## Exposure Analysis Result: -### Egress Exposure: -| src | dst | conn | -|-----|-----|------| -| hello-world/workload-a[Deployment] | 0.0.0.0-255.255.255.255 | All Connections | -| hello-world/workload-a[Deployment] | entire-cluster | All Connections | - -### Ingress Exposure: -| dst | src | conn | -|-----|-----|------| -| hello-world/workload-a[Deployment] | entire-cluster | TCP 8000,UDP http | diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.txt b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.txt deleted file mode 100644 index 4e481a88..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2_exposure_output.txt +++ /dev/null @@ -1,12 +0,0 @@ -hello-world/workload-a[Deployment] => 0.0.0.0-255.255.255.255 : All Connections - -Exposure Analysis Result: -Egress Exposure: -hello-world/workload-a[Deployment] => 0.0.0.0-255.255.255.255 : All Connections -hello-world/workload-a[Deployment] => entire-cluster : All Connections - -Ingress Exposure: -hello-world/workload-a[Deployment] <= entire-cluster : TCP 8000,UDP http - -Workloads not protected by network policies: -hello-world/workload-a[Deployment] is not protected on Egress diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.csv b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.csv deleted file mode 100644 index fbb857c9..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.csv +++ /dev/null @@ -1,10 +0,0 @@ -src,dst,conn -hello-world/workload-a[Deployment],0.0.0.0-255.255.255.255,All Connections -Exposure Analysis Result:,, -Egress Exposure:,, -src,dst,conn -hello-world/workload-a[Deployment],0.0.0.0-255.255.255.255,All Connections -hello-world/workload-a[Deployment],entire-cluster,All Connections -Ingress Exposure:,, -dst,src,conn -hello-world/workload-a[Deployment],entire-cluster,"TCP 8000,8090,new-port" diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot deleted file mode 100644 index 898c3c74..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot +++ /dev/null @@ -1,13 +0,0 @@ -digraph { - subgraph "cluster_hello_world" { - color="black" - fontcolor="black" - "hello-world/workload-a[Deployment]" [label="workload-a[Deployment]" color="blue" fontcolor="blue"] - label="hello-world" - } - "0.0.0.0-255.255.255.255" [label="0.0.0.0-255.255.255.255" color="red2" fontcolor="red2"] - "entire-cluster" [label="entire-cluster" color="red2" fontcolor="red2" shape=diamond] - "entire-cluster" -> "hello-world/workload-a[Deployment]" [label="TCP 8000,8090,new-port" color="darkorange2" fontcolor="darkgreen" weight=1 style=dashed] - "hello-world/workload-a[Deployment]" -> "0.0.0.0-255.255.255.255" [label="All Connections" color="gold2" fontcolor="darkgreen" weight=1] - "hello-world/workload-a[Deployment]" -> "entire-cluster" [label="All Connections" color="darkorange4" fontcolor="darkgreen" weight=0.5 style=dashed] -} \ No newline at end of file diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot.png b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot.png deleted file mode 100644 index be77385a..00000000 Binary files a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot.png and /dev/null differ diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot.svg b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot.svg deleted file mode 100644 index 9a1f0b04..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.dot.svg +++ /dev/null @@ -1,56 +0,0 @@ - - - - - - - - -cluster_hello_world - -hello-world - - - -hello-world/workload-a[Deployment] - -workload-a[Deployment] - - - -0.0.0.0-255.255.255.255 - -0.0.0.0-255.255.255.255 - - - -hello-world/workload-a[Deployment]->0.0.0.0-255.255.255.255 - - -All Connections - - - -entire-cluster - -entire-cluster - - - -hello-world/workload-a[Deployment]->entire-cluster - - -All Connections - - - -entire-cluster->hello-world/workload-a[Deployment] - - -TCP 8000,8090,new-port - - - diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.json b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.json deleted file mode 100644 index e3395518..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "connlist_results": [ - { - "src": "hello-world/workload-a[Deployment]", - "dst": "0.0.0.0-255.255.255.255", - "conn": "All Connections" - } - ], - "exposure_results": { - "egress_exposure": [ - { - "src": "hello-world/workload-a[Deployment]", - "dst": "0.0.0.0-255.255.255.255", - "conn": "All Connections" - }, - { - "src": "hello-world/workload-a[Deployment]", - "dst": "entire-cluster", - "conn": "All Connections" - } - ], - "ingress_exposure": [ - { - "src": "entire-cluster", - "dst": "hello-world/workload-a[Deployment]", - "conn": "TCP 8000,8090,new-port" - } - ] - } -} \ No newline at end of file diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.md b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.md deleted file mode 100644 index 30b1bba4..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.md +++ /dev/null @@ -1,14 +0,0 @@ -| src | dst | conn | -|-----|-----|------| -| hello-world/workload-a[Deployment] | 0.0.0.0-255.255.255.255 | All Connections | -## Exposure Analysis Result: -### Egress Exposure: -| src | dst | conn | -|-----|-----|------| -| hello-world/workload-a[Deployment] | 0.0.0.0-255.255.255.255 | All Connections | -| hello-world/workload-a[Deployment] | entire-cluster | All Connections | - -### Ingress Exposure: -| dst | src | conn | -|-----|-----|------| -| hello-world/workload-a[Deployment] | entire-cluster | TCP 8000,8090,new-port | diff --git a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.txt b/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.txt deleted file mode 100644 index 0bfa839a..00000000 --- a/test_outputs/connlist/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_exposure_output.txt +++ /dev/null @@ -1,12 +0,0 @@ -hello-world/workload-a[Deployment] => 0.0.0.0-255.255.255.255 : All Connections - -Exposure Analysis Result: -Egress Exposure: -hello-world/workload-a[Deployment] => 0.0.0.0-255.255.255.255 : All Connections -hello-world/workload-a[Deployment] => entire-cluster : All Connections - -Ingress Exposure: -hello-world/workload-a[Deployment] <= entire-cluster : TCP 8000,8090,new-port - -Workloads not protected by network policies: -hello-world/workload-a[Deployment] is not protected on Egress diff --git a/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports/namespace_and_deployments.yaml b/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports/namespace_and_deployments.yaml deleted file mode 100644 index b7f10e5a..00000000 --- a/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports/namespace_and_deployments.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: hello-world -spec: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: workload-a - namespace: hello-world - labels: - app: a-app -spec: - selector: - matchLabels: - app: a-app - template: - metadata: - labels: - app: a-app - spec: - containers: - - name: hello-world - image: quay.io/shfa/hello-world:latest - ports: - - name: local-dns - containerPort: 8000 # containerport1 - - name: local-dns2 - containerPort: 8050 # containerport2 - - name: http - containerPort: 8090 # containerport3 ---- diff --git a/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports/policy.yaml b/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports/policy.yaml deleted file mode 100644 index 29af6bd2..00000000 --- a/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports/policy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: ingress-based-on-named-ports - namespace: hello-world -spec: - podSelector: - matchLabels: - app: a-app - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: {} - ports: - - port: local-dns - - port: http - - port: new-port diff --git a/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2/namespace_and_deployments.yaml b/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2/namespace_and_deployments.yaml deleted file mode 100644 index b7f10e5a..00000000 --- a/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2/namespace_and_deployments.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: hello-world -spec: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: workload-a - namespace: hello-world - labels: - app: a-app -spec: - selector: - matchLabels: - app: a-app - template: - metadata: - labels: - app: a-app - spec: - containers: - - name: hello-world - image: quay.io/shfa/hello-world:latest - ports: - - name: local-dns - containerPort: 8000 # containerport1 - - name: local-dns2 - containerPort: 8050 # containerport2 - - name: http - containerPort: 8090 # containerport3 ---- diff --git a/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2/policy.yaml b/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2/policy.yaml deleted file mode 100644 index b282a614..00000000 --- a/tests/exposure_test_ingress_from_entire_cluster_with_matched_and_unmatched_named_ports_2/policy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: ingress-based-on-named-ports - namespace: hello-world -spec: - podSelector: - matchLabels: - app: a-app - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: {} - ports: - - port: local-dns - - port: http - protocol: UDP