From 0fc096e3aabc413b73b19853d3cb1231e6a10f0a Mon Sep 17 00:00:00 2001
From: Amim Knabben <amim.knabben@gmail.com>
Date: Mon, 25 Jan 2021 20:06:51 -0500
Subject: [PATCH] Allow ingress from pods in all namespaces

---
 test/e2e/network/netpol/network_policy.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/test/e2e/network/netpol/network_policy.go b/test/e2e/network/netpol/network_policy.go
index 62f0f676df5..04cc0966e75 100644
--- a/test/e2e/network/netpol/network_policy.go
+++ b/test/e2e/network/netpol/network_policy.go
@@ -197,6 +197,19 @@ var _ = SIGDescribeCopy("Netpol [LinuxOnly]", func() {
 			ValidateOrFail(k8s, model, &TestCase{ToPort: 80, Protocol: v1.ProtocolTCP, Reachability: reachability})
 		})
 
+		ginkgo.It("should enforce policy to allow ingress traffic from pods in all namespaces [Feature:NetworkPolicy]", func() {
+			nsX, _, _, model, k8s := getK8SModel(f)
+
+			emptyLabel := &metav1.LabelSelector{
+				MatchLabels: map[string]string{},
+			}
+			policy := GetAllowIngressByNamespace("allow-from-another-ns", map[string]string{"pod": "a"}, emptyLabel)
+			CreatePolicy(k8s, policy, nsX)
+
+			reachability := NewReachability(model.AllPods(), true)
+			ValidateOrFail(k8s, model, &TestCase{ToPort: 80, Protocol: v1.ProtocolTCP, Reachability: reachability})
+		})
+
 		ginkgo.It("should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy]", func() {
 			nsX, nsY, nsZ, model, k8s := getK8SModel(f)
 			allowedLabels := &metav1.LabelSelector{