From e8e716e9e3ee0bf504c0a78ef9dabf5244ffae69 Mon Sep 17 00:00:00 2001 From: Abhishek Raut Date: Tue, 29 Sep 2020 13:02:30 -0700 Subject: [PATCH] Fix indentation of egress field in ACNP yamls (#1314) This causes validation errors in ClusterNetworkPolicies when egress rules are specified. This PR also enables antrea NetworkPolicy tests. --- build/yamls/antrea-aks.yml | 88 ++++++++++++++--------------------- build/yamls/antrea-eks.yml | 88 ++++++++++++++--------------------- build/yamls/antrea-gke.yml | 88 ++++++++++++++--------------------- build/yamls/antrea-ipsec.yml | 88 ++++++++++++++--------------------- build/yamls/antrea.yml | 88 ++++++++++++++--------------------- build/yamls/base/crds.yml | 84 ++++++++++++++------------------- test/e2e/antreapolicy_test.go | 1 - 7 files changed, 214 insertions(+), 311 deletions(-) diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index eec5a8de490..ae849a0ab86 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -91,44 +91,44 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object type: array - ingress: + egress: items: - egress: - items: - properties: - action: - enum: - - Allow - - Drop - type: string - ports: - items: + properties: + action: + enum: + - Allow + - Drop + type: string + ports: + items: + properties: + port: + x-kubernetes-int-or-string: true + protocol: + type: string + type: object + type: array + to: + items: + properties: + ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object - type: array - to: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - required: - - action - type: object - type: array + namespaceSelector: + x-kubernetes-preserve-unknown-fields: true + podSelector: + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + required: + - action + type: object + type: array + ingress: + items: properties: action: enum: @@ -137,27 +137,11 @@ spec: type: string from: items: - from: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array properties: ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object namespaceSelector: diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 67ef3150b77..3398ed8f635 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -91,44 +91,44 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object type: array - ingress: + egress: items: - egress: - items: - properties: - action: - enum: - - Allow - - Drop - type: string - ports: - items: + properties: + action: + enum: + - Allow + - Drop + type: string + ports: + items: + properties: + port: + x-kubernetes-int-or-string: true + protocol: + type: string + type: object + type: array + to: + items: + properties: + ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object - type: array - to: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - required: - - action - type: object - type: array + namespaceSelector: + x-kubernetes-preserve-unknown-fields: true + podSelector: + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + required: + - action + type: object + type: array + ingress: + items: properties: action: enum: @@ -137,27 +137,11 @@ spec: type: string from: items: - from: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array properties: ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object namespaceSelector: diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index f780bfba807..e59532d9c71 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -91,44 +91,44 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object type: array - ingress: + egress: items: - egress: - items: - properties: - action: - enum: - - Allow - - Drop - type: string - ports: - items: + properties: + action: + enum: + - Allow + - Drop + type: string + ports: + items: + properties: + port: + x-kubernetes-int-or-string: true + protocol: + type: string + type: object + type: array + to: + items: + properties: + ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object - type: array - to: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - required: - - action - type: object - type: array + namespaceSelector: + x-kubernetes-preserve-unknown-fields: true + podSelector: + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + required: + - action + type: object + type: array + ingress: + items: properties: action: enum: @@ -137,27 +137,11 @@ spec: type: string from: items: - from: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array properties: ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object namespaceSelector: diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 9408b08574a..edea0314951 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -91,44 +91,44 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object type: array - ingress: + egress: items: - egress: - items: - properties: - action: - enum: - - Allow - - Drop - type: string - ports: - items: + properties: + action: + enum: + - Allow + - Drop + type: string + ports: + items: + properties: + port: + x-kubernetes-int-or-string: true + protocol: + type: string + type: object + type: array + to: + items: + properties: + ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object - type: array - to: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - required: - - action - type: object - type: array + namespaceSelector: + x-kubernetes-preserve-unknown-fields: true + podSelector: + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + required: + - action + type: object + type: array + ingress: + items: properties: action: enum: @@ -137,27 +137,11 @@ spec: type: string from: items: - from: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array properties: ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object namespaceSelector: diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 4a57ae4def5..36667630410 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -91,44 +91,44 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object type: array - ingress: + egress: items: - egress: - items: - properties: - action: - enum: - - Allow - - Drop - type: string - ports: - items: + properties: + action: + enum: + - Allow + - Drop + type: string + ports: + items: + properties: + port: + x-kubernetes-int-or-string: true + protocol: + type: string + type: object + type: array + to: + items: + properties: + ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object - type: array - to: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - required: - - action - type: object - type: array + namespaceSelector: + x-kubernetes-preserve-unknown-fields: true + podSelector: + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + required: + - action + type: object + type: array + ingress: + items: properties: action: enum: @@ -137,27 +137,11 @@ spec: type: string from: items: - from: - items: - properties: - ipBlock: - properties: - cidr: - format: cidr - type: string - type: object - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - podSelector: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array properties: ipBlock: properties: - port: - x-kubernetes-int-or-string: true - protocol: + cidr: + format: cidr type: string type: object namespaceSelector: diff --git a/build/yamls/base/crds.yml b/build/yamls/base/crds.yml index cc0321f8291..3879e3692a0 100644 --- a/build/yamls/base/crds.yml +++ b/build/yamls/base/crds.yml @@ -331,60 +331,44 @@ spec: ipBlock: type: object properties: - protocol: + cidr: type: string - port: - x-kubernetes-int-or-string: true - from: - type: array - items: - type: object - properties: - podSelector: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - egress: - type: array - items: - type: object - required: - - action - properties: - # Ensure that Action field allows only ALLOW and DROP values - action: - type: string - enum: ['Allow', 'Drop'] - ports: - type: array - items: + format: cidr + egress: + type: array + items: + type: object + required: + - action + properties: + # Ensure that Action field allows only ALLOW and DROP values + action: + type: string + enum: ['Allow', 'Drop'] + ports: + type: array + items: + type: object + properties: + protocol: + type: string + port: + x-kubernetes-int-or-string: true + to: + type: array + items: + type: object + properties: + podSelector: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + x-kubernetes-preserve-unknown-fields: true + ipBlock: type: object properties: - protocol: + cidr: type: string - port: - x-kubernetes-int-or-string: true - to: - type: array - items: - type: object - properties: - podSelector: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr + format: cidr scope: Cluster names: plural: clusternetworkpolicies diff --git a/test/e2e/antreapolicy_test.go b/test/e2e/antreapolicy_test.go index 10473ccb205..336ee9aba97 100644 --- a/test/e2e/antreapolicy_test.go +++ b/test/e2e/antreapolicy_test.go @@ -106,7 +106,6 @@ func skipIfAntreaPolicyDisabled(tb testing.TB, data *TestData) { if !enabled { tb.Skipf("Skipping test as it required CNP to be enabled") } - tb.Skipf("Skipping test temporarily. Unskip with PR #1237") } func applyDefaultDenyToAllNamespaces(k8s *KubernetesUtils, namespaces []string) error {