diff --git a/pkg/apis/networking/validation/validation_test.go b/pkg/apis/networking/validation/validation_test.go index a8b24ca6d4b..3afb32feede 100644 --- a/pkg/apis/networking/validation/validation_test.go +++ b/pkg/apis/networking/validation/validation_test.go @@ -44,7 +44,9 @@ func makeValidNetworkPolicy() *networking.NetworkPolicy { } } -func makeNetworkPolicyCustom(tweaks ...func(networkPolicy *networking.NetworkPolicy)) *networking.NetworkPolicy { +type netpolTweak func(networkPolicy *networking.NetworkPolicy) + +func makeNetworkPolicyCustom(tweaks ...netpolTweak) *networking.NetworkPolicy { networkPolicy := makeValidNetworkPolicy() for _, fn := range tweaks { fn(networkPolicy) @@ -52,25 +54,25 @@ func makeNetworkPolicyCustom(tweaks ...func(networkPolicy *networking.NetworkPol return networkPolicy } +func makePort(proto *api.Protocol, port intstr.IntOrString, endPort int32) networking.NetworkPolicyPort { + r := networking.NetworkPolicyPort{ + Protocol: proto, + Port: nil, + } + if port != intstr.FromInt(0) { + r.Port = &port + } + if endPort != 0 { + r.EndPort = utilpointer.Int32Ptr(endPort) + } + return r +} + func TestValidateNetworkPolicy(t *testing.T) { protocolTCP := api.ProtocolTCP protocolUDP := api.ProtocolUDP protocolICMP := api.Protocol("ICMP") protocolSCTP := api.ProtocolSCTP - endPort := int32(32768) - - // Ports - port80 := intstr.FromInt(80) - port443 := intstr.FromInt(443) - portDns := intstr.FromString("dns") - port7777 := intstr.FromInt(7777) - port32768 := intstr.FromInt(32768) - port30000 := intstr.FromInt(30000) - port32000 := intstr.FromInt(32000) - port35000 := intstr.FromInt(35000) - portInvalidInt := intstr.FromInt(123456789) - portInvalidStr := intstr.FromString("!@#$") - portHttps := intstr.FromString("https") // Tweaks used below. setIngressEmptyFirstElement := func(networkPolicy *networking.NetworkPolicy) { @@ -78,7 +80,11 @@ func TestValidateNetworkPolicy(t *testing.T) { } setIngressFromEmptyFirstElement := func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Ingress[0].From = []networking.NetworkPolicyPeer{{}} + networkPolicy.Spec.Ingress = []networking.NetworkPolicyIngressRule{ + { + From: []networking.NetworkPolicyPeer{{}}, + }, + } } setIngressEmptyPorts := func(networkPolicy *networking.NetworkPolicy) { @@ -88,38 +94,13 @@ func TestValidateNetworkPolicy(t *testing.T) { }, } } - setIngressPorts := func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Ingress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: nil, - Port: &port80, - }, - { - Protocol: &protocolTCP, - Port: nil, - }, - { - Protocol: &protocolTCP, - Port: &port443, - }, - { - Protocol: &protocolUDP, - Port: &portDns, - }, - { - Protocol: &protocolSCTP, - Port: &port7777, - }, - } - } - setIngressPortsHigher := func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Ingress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: &protocolTCP, - Port: &port32768, - EndPort: &endPort, - }, + setIngressPorts := func(ports ...networking.NetworkPolicyPort) netpolTweak { + return func(np *networking.NetworkPolicy) { + np.Spec.Ingress[0].Ports = make([]networking.NetworkPolicyPort, len(ports)) + for i, p := range ports { + np.Spec.Ingress[0].Ports[i] = p + } } } @@ -192,57 +173,12 @@ func TestValidateNetworkPolicy(t *testing.T) { } } - setEgressPorts := func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: nil, - Port: &port80, - }, - { - Protocol: &protocolTCP, - Port: nil, - }, - { - Protocol: &protocolTCP, - Port: &port443, - }, - { - Protocol: &protocolUDP, - Port: &portDns, - }, - { - Protocol: &protocolSCTP, - Port: &port7777, - }, - } - } - - setEgressPortsUDPandHigh := func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: nil, - Port: &port32000, - EndPort: &endPort, - }, - { - Protocol: &protocolUDP, - Port: &portDns, - }, - } - } - - setEgressPortsBothHigh := func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: nil, - Port: &port30000, - EndPort: &endPort, - }, - { - Protocol: nil, - Port: &port32000, - EndPort: &endPort, - }, + setEgressPorts := func(ports ...networking.NetworkPolicyPort) netpolTweak { + return func(np *networking.NetworkPolicy) { + np.Spec.Egress[0].Ports = make([]networking.NetworkPolicyPort, len(ports)) + for i, p := range ports { + np.Spec.Egress[0].Ports[i] = p + } } } @@ -258,37 +194,37 @@ func TestValidateNetworkPolicy(t *testing.T) { // Success Test Number 1 makeNetworkPolicyCustom(setIngressEmptyFirstElement), // Success Test Number 2 - makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressEmptyPorts), + makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressEmptyPorts), // Success Test Number 3 - makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressPorts), + makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressPorts(makePort(nil, intstr.FromInt(80), 0), makePort(&protocolTCP, intstr.FromInt(0), 0), makePort(&protocolTCP, intstr.FromInt(443), 0), makePort(&protocolUDP, intstr.FromString("dns"), 0), makePort(&protocolSCTP, intstr.FromInt(7777), 0))), // Success Test Number 4 - makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromPodSelector("c", "d")), + makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromPodSelector("c", "d")), // Success Test Number 5 - makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromNamespaceSelector), + makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromNamespaceSelector), // Success Test Number 6 - makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromNamespaceSelector, setIngressFromPodSelector("e", "f")), + makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromNamespaceSelector, setIngressFromPodSelector("e", "f")), // Success Test Number 7 - makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock), + makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setIngressFromEmptyFirstElement, setIngressFromIPBlock), // Success Test Number 8 - makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock), + makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromIPBlock), // Success Test Number 9 makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlock, setPolicyTypesEgress), // Success Test Number 10 makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlock, setPolicyTypesIngressEgress), // Success Test Number 11 - makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressPorts), + makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressPorts(makePort(nil, intstr.FromInt(80), 0), makePort(&protocolTCP, intstr.FromInt(0), 0), makePort(&protocolTCP, intstr.FromInt(443), 0), makePort(&protocolUDP, intstr.FromString("dns"), 0), makePort(&protocolSCTP, intstr.FromInt(7777), 0))), // Success Test Number 12 - makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlockIPV6), + makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setIngressFromEmptyFirstElement, setIngressFromIPBlockIPV6), // Success Test Number 13 - makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlockIPV6), + makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromIPBlockIPV6), // Success Test Number 14 makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlockIPV6, setPolicyTypesEgress), // Success Test Number 15 makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlockIPV6, setPolicyTypesIngressEgress), // Success Test Number 16 - makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressPortsUDPandHigh), + makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressPorts(makePort(nil, intstr.FromInt(32000), 32768), makePort(&protocolUDP, intstr.FromString("dns"), 0))), // Success Test Number 17 - makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPortsBothHigh, setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromPodSelector("e", "f"), setIngressPortsHigher), + makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPorts(makePort(nil, intstr.FromInt(30000), 32768), makePort(nil, intstr.FromInt(32000), 32768)), setIngressFromEmptyFirstElement, setIngressFromPodSelector("e", "f"), setIngressPorts(makePort(&protocolTCP, intstr.FromInt(32768), 32768))), } // Success cases are expected to pass validation. @@ -302,10 +238,10 @@ func TestValidateNetworkPolicy(t *testing.T) { invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"} errorCases := map[string]*networking.NetworkPolicy{ - "namespaceSelector and ipBlock": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromNamespaceSelector, setIngressFromIPBlock), + "namespaceSelector and ipBlock": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromNamespaceSelector, setIngressFromIPBlock), "podSelector and ipBlock": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToPodSelector, setEgressToIPBlock), - "missing from and to type": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setEgressEmptyFirstElement, setEgressToEmptyFirstElement), - "invalid spec.podSelector": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromNamespaceSelector, func(networkPolicy *networking.NetworkPolicy) { + "missing from and to type": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setEgressEmptyFirstElement, setEgressToEmptyFirstElement), + "invalid spec.podSelector": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromNamespaceSelector, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec = networking.NetworkPolicySpec{ PodSelector: metav1.LabelSelector{ MatchLabels: invalidSelector, @@ -315,13 +251,10 @@ func TestValidateNetworkPolicy(t *testing.T) { "invalid ingress.ports.protocol": makeNetworkPolicyCustom(setIngressEmptyPorts, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].Ports[0].Protocol = &protocolICMP }), - "invalid ingress.ports.port (int)": makeNetworkPolicyCustom(setIngressEmptyPorts, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Ingress[0].Ports[0].Port = &portInvalidInt - }), - "invalid ingress.ports.port (str)": makeNetworkPolicyCustom(setIngressEmptyPorts, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Ingress[0].Ports[0].Port = &portInvalidStr - }), - "invalid ingress.from.podSelector": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { + "invalid ingress.ports.port (int)": makeNetworkPolicyCustom(setIngressEmptyPorts, setIngressPorts(makePort(&protocolTCP, intstr.FromInt(123456789), 0))), + "invalid ingress.ports.port (str)": makeNetworkPolicyCustom(setIngressEmptyPorts, + setIngressPorts(makePort(&protocolTCP, intstr.FromString("!@#$"), 0))), + "invalid ingress.from.podSelector": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].PodSelector = &metav1.LabelSelector{ MatchLabels: invalidSelector, } @@ -331,51 +264,46 @@ func TestValidateNetworkPolicy(t *testing.T) { MatchLabels: invalidSelector, } }), - "invalid egress.ports.protocol": makeNetworkPolicyCustom(setEgressEmptyPorts, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports[0].Protocol = &protocolICMP - }), - "invalid egress.ports.port (int)": makeNetworkPolicyCustom(setEgressEmptyPorts, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports[0].Port = &portInvalidInt - }), - "invalid egress.ports.port (str)": makeNetworkPolicyCustom(setEgressEmptyPorts, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports[0].Port = &portInvalidStr - }), - "invalid ingress.from.namespaceSelector": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { + "invalid egress.ports.protocol": makeNetworkPolicyCustom(setEgressEmptyPorts, setEgressPorts(makePort(&protocolICMP, intstr.FromInt(80), 0))), + + "invalid egress.ports.port (int)": makeNetworkPolicyCustom(setEgressEmptyPorts, setEgressPorts(makePort(&protocolTCP, intstr.FromInt(123456789), 0))), + "invalid egress.ports.port (str)": makeNetworkPolicyCustom(setEgressEmptyPorts, setEgressPorts(makePort(&protocolTCP, intstr.FromString("!@#$"), 0))), + "invalid ingress.from.namespaceSelector": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].NamespaceSelector = &metav1.LabelSelector{ MatchLabels: invalidSelector, } }), - "missing cidr field": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { + "missing cidr field": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock.CIDR = "" }), - "invalid cidr format": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { + "invalid cidr format": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock.CIDR = "192.168.5.6" }), - "invalid ipv6 cidr format": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlockIPV6, func(networkPolicy *networking.NetworkPolicy) { + "invalid ipv6 cidr format": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromIPBlockIPV6, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock.CIDR = "fd00:192:168::" }), - "except field is an empty string": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { + "except field is an empty string": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock.Except = []string{""} }), - "except field is an space string": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { + "except field is an space string": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock.Except = []string{" "} }), - "except field is an invalid ip": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { + "except field is an invalid ip": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, setIngressFromIPBlock, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock.Except = []string{"300.300.300.300"} }), - "except IP is outside of CIDR range": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { + "except IP is outside of CIDR range": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock = &networking.IPBlock{ CIDR: "192.168.8.0/24", Except: []string{"192.168.9.1/24"}, } }), - "except IP is not strictly within CIDR range": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { + "except IP is not strictly within CIDR range": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock = &networking.IPBlock{ CIDR: "192.168.0.0/24", Except: []string{"192.168.0.0/24"}, } }), - "except IPv6 is outside of CIDR range": makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { + "except IPv6 is outside of CIDR range": makeNetworkPolicyCustom(setIngressFromEmptyFirstElement, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.Ingress[0].From[0].IPBlock = &networking.IPBlock{ CIDR: "fd00:192:168:1::/64", Except: []string{"fd00:192:168:2::/64"}, @@ -387,80 +315,13 @@ func TestValidateNetworkPolicy(t *testing.T) { "too many policyTypes": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlock, func(networkPolicy *networking.NetworkPolicy) { networkPolicy.Spec.PolicyTypes = []networking.PolicyType{"foo", "bar", "baz"} }), - "multiple ports defined, one port range is invalid": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: &protocolUDP, - Port: &port35000, - EndPort: &endPort, - }, - { - Protocol: nil, - Port: &port32000, - EndPort: &endPort, - }, - } - }), - "endPort defined with named/string port": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: &protocolUDP, - Port: &portDns, - EndPort: &endPort, - }, - { - Protocol: nil, - Port: &port32000, - EndPort: &endPort, - }, - } - }), - "endPort defined without port defined": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: &protocolTCP, - EndPort: &endPort, - }, - } - }), - "port is greater than endPort": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: &protocolSCTP, - Port: &port35000, - EndPort: &endPort, - }, - } - }), + "multiple ports defined, one port range is invalid": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPorts(makePort(&protocolUDP, intstr.FromInt(35000), 32768), makePort(nil, intstr.FromInt(32000), 32768))), + "endPort defined with named/string port": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPorts(makePort(&protocolUDP, intstr.FromString("dns"), 32768), makePort(nil, intstr.FromInt(32000), 32768))), + "endPort defined without port defined": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPorts(makePort(&protocolTCP, intstr.FromInt(0), 32768))), + "port is greater than endPort": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPorts(makePort(&protocolSCTP, intstr.FromInt(35000), 32768))), + "multiple invalid port ranges defined": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPorts(makePort(&protocolUDP, intstr.FromInt(35000), 32768), makePort(&protocolTCP, intstr.FromInt(0), 32768), makePort(&protocolTCP, intstr.FromString("https"), 32768))), - "multiple invalid port ranges defined": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: &protocolUDP, - Port: &port35000, - EndPort: &endPort, - }, - { - Protocol: &protocolTCP, - EndPort: &endPort, - }, - { - Protocol: &protocolTCP, - Port: &portHttps, - EndPort: &endPort, - }, - } - }), - - "invalid endport range defined": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, func(networkPolicy *networking.NetworkPolicy) { - networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{ - { - Protocol: nil, - Port: &port30000, - EndPort: utilpointer.Int32Ptr(65537), - }, - } - }), + "invalid endport range defined": makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPorts(makePort(&protocolTCP, intstr.FromInt(30000), 65537))), } // Error cases are not expected to pass validation.