diff --git a/api/common/v1alpha1/ref.go b/api/common/v1alpha1/ref.go index 97a53417687a..f5a00d145caa 100644 --- a/api/common/v1alpha1/ref.go +++ b/api/common/v1alpha1/ref.go @@ -112,6 +112,33 @@ type TargetRef struct { SectionName string `json:"sectionName,omitempty"` } +func (t TargetRef) CompareDataplaneKind(other TargetRef) int { + if t.Kind != Dataplane || other.Kind != Dataplane { + return 0 + } + if selectsNameAndNamespace(t) && selectsLabels(other) { + return 1 + } + if selectsLabels(t) && selectsNameAndNamespace(other) { + return -1 + } + if t.SectionName != "" && other.SectionName == "" { + return 1 + } + if t.SectionName == "" && other.SectionName != "" { + return -1 + } + return 0 +} + +func selectsNameAndNamespace(tr TargetRef) bool { + return tr.Name != "" +} + +func selectsLabels(tr TargetRef) bool { + return tr.Labels != nil +} + func IncludesGateways(ref TargetRef) bool { isGateway := ref.Kind == MeshGateway isMeshKind := ref.Kind == Mesh || ref.Kind == MeshSubset diff --git a/pkg/plugins/policies/core/matchers/dataplane.go b/pkg/plugins/policies/core/matchers/dataplane.go index d9451097ca35..4d11e1d716eb 100644 --- a/pkg/plugins/policies/core/matchers/dataplane.go +++ b/pkg/plugins/policies/core/matchers/dataplane.go @@ -184,6 +184,15 @@ func dppSelectedByPolicy( return inbounds, gwListeners, gateway, nil } return []core_rules.InboundListener{}, nil, false, nil + case common_api.Dataplane: + if gateway != nil { + return []core_rules.InboundListener{}, nil, false, nil + } + if allDataplanesSelected(ref) || isSelectedByResourceIdentifier(dpp, ref, meta) || isSelectedByLabels(dpp, ref) { + inbounds := inboundsSelectedBySectionName(ref.SectionName, dpp) + return inbounds, nil, false, nil + } + return []core_rules.InboundListener{}, nil, false, nil case common_api.MeshSubset: if isSupportedProxyType(ref.ProxyTypes, resolveDataplaneProxyType(dpp)) { inbounds, gwListeners, gateway := inboundsSelectedByTags(ref.Tags, dpp, gateway) @@ -221,6 +230,48 @@ func dppSelectedByPolicy( } } +func allDataplanesSelected(ref common_api.TargetRef) bool { + return ref.Name == "" && ref.Namespace == "" && ref.Labels == nil +} + +func inboundsSelectedBySectionName(sectionName string, dpp *core_mesh.DataplaneResource) []core_rules.InboundListener { + var selectedInbounds []core_rules.InboundListener + for _, inbound := range dpp.Spec.GetNetworking().Inbound { + if inbound.State == mesh_proto.Dataplane_Networking_Inbound_Ignored { + continue + } + if sectionName == "" || inbound.Name == sectionName { + intf := dpp.Spec.GetNetworking().ToInboundInterface(inbound) + selectedInbounds = append(selectedInbounds, core_rules.InboundListener{ + Address: intf.DataplaneIP, + Port: intf.DataplanePort, + }) + } + } + return selectedInbounds +} + +// TODO this is common functionality with selecting MeshService by labels, we should refactor this and extract to some common function +func isSelectedByLabels(dpp *core_mesh.DataplaneResource, ref common_api.TargetRef) bool { + if ref.Labels == nil { + return false + } + + for label, value := range ref.Labels { + if dpp.GetMeta().GetLabels()[label] != value { + return false + } + } + return true +} + +func isSelectedByResourceIdentifier(dpp *core_mesh.DataplaneResource, ref common_api.TargetRef, meta core_model.ResourceMeta) bool { + if ref.Name == "" { + return false + } + return core_model.NewResourceIdentifier(dpp) == core_model.TargetRefToResourceIdentifier(meta, ref) +} + func dppSelectedByNamespace(meta core_model.ResourceMeta, dpp *core_mesh.DataplaneResource) bool { switch core_model.PolicyRole(meta) { case mesh_proto.ConsumerPolicyRole, mesh_proto.WorkloadOwnerPolicyRole: @@ -341,6 +392,10 @@ func SortByTargetRef(rl core_model.ResourceList) core_model.ResourceList { return less } + if less := tr1.CompareDataplaneKind(tr2); less != 0 { + return less + } + o1, _ := core_model.ResourceOrigin(r1.GetMeta()) o2, _ := core_model.ResourceOrigin(r2.GetMeta()) if less := o1.Compare(o2); less != 0 { diff --git a/pkg/plugins/policies/core/matchers/dataplane_test.go b/pkg/plugins/policies/core/matchers/dataplane_test.go index 387dbd48fb57..15047be6bdee 100644 --- a/pkg/plugins/policies/core/matchers/dataplane_test.go +++ b/pkg/plugins/policies/core/matchers/dataplane_test.go @@ -1,6 +1,7 @@ package matchers_test import ( + "fmt" "os" "path/filepath" "strings" @@ -18,10 +19,12 @@ import ( "github.com/kumahq/kuma/pkg/plugins/policies/meshhttproute/api/v1alpha1" meshtrafficpermission_api "github.com/kumahq/kuma/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1" test_matchers "github.com/kumahq/kuma/pkg/test/matchers" + test_resources "github.com/kumahq/kuma/pkg/test/resources" ) var _ = Describe("MatchedPolicies", func() { type testCase struct { + testName string dppFile string mesFile string policiesFile string @@ -37,25 +40,29 @@ var _ = Describe("MatchedPolicies", func() { testCaseMap := map[string]*testCase{} for _, f := range files { parts := strings.Split(f.Name(), ".") + if len(parts) < 2 { + continue + } // file name has a format 01.golden.yaml - num, fileType := parts[0], parts[1] - if _, ok := testCaseMap[num]; !ok { - testCaseMap[num] = &testCase{} + name, fileType := parts[0], parts[1] + if _, ok := testCaseMap[name]; !ok { + testCaseMap[name] = &testCase{} + testCaseMap[name].testName = name } switch fileType { case "dataplane": - testCaseMap[num].dppFile = filepath.Join(testDir, f.Name()) + testCaseMap[name].dppFile = filepath.Join(testDir, f.Name()) case "policies": - testCaseMap[num].policiesFile = filepath.Join(testDir, f.Name()) + testCaseMap[name].policiesFile = filepath.Join(testDir, f.Name()) case "golden": - testCaseMap[num].goldenFile = filepath.Join(testDir, f.Name()) + testCaseMap[name].goldenFile = filepath.Join(testDir, f.Name()) case "mes": - testCaseMap[num].mesFile = filepath.Join(testDir, f.Name()) + testCaseMap[name].mesFile = filepath.Join(testDir, f.Name()) } } for _, tc := range testCaseMap { - res = append(res, Entry(tc.goldenFile, *tc)) + res = append(res, Entry(tc.testName, *tc)) } return res } @@ -71,15 +78,7 @@ var _ = Describe("MatchedPolicies", func() { // we're expecting all policies in the file to have the same type or to be mixed with MeshHTTPRoutes Expect(resTypes).To(Or(HaveLen(1), HaveLen(2))) - var resType core_model.ResourceType - switch { - case len(resTypes) == 1: - resType = resTypes[0] - case len(resTypes) == 2 && resTypes[1] == v1alpha1.MeshHTTPRouteType: - resType = resTypes[0] - case len(resTypes) == 2 && resTypes[0] == v1alpha1.MeshHTTPRouteType: - resType = resTypes[1] - } + resType := getResourceType(resTypes) // when policies, err := matchers.MatchedPolicies(resType, dpp, resources) @@ -206,4 +205,125 @@ var _ = Describe("MatchedPolicies", func() { }, generateTableEntries(filepath.Join("testdata", "matchedpolicies", "meshgateways")), ) + + type dataplaneTestCase struct { + dataplaneMeta test_resources.BuildMeta + policyMeta test_resources.BuildMeta + goldenFile string + } + DescribeTableSubtree("should match by kind Dataplane", func(givenResources testCase) { + DescribeTable("should TODO", func(given dataplaneTestCase) { + // given + dpp := readDPP(givenResources.dppFile) + test_resources.UpdateResourceMeta(given.dataplaneMeta, dpp) + + resources, resTypes := readPolicies(givenResources.policiesFile) + + resType := getResourceType(resTypes) + test_resources.UpdateResourcesMeta(given.policyMeta, resources.MeshLocalResources[resType]) + + // when + policies, err := matchers.MatchedPolicies(resType, dpp, resources) + Expect(err).ToNot(HaveOccurred()) + + // then + matchedPolicyList, err := registry.Global().NewList(resType) + Expect(err).ToNot(HaveOccurred()) + + for _, policy := range policies.DataplanePolicies { + Expect(matchedPolicyList.AddItem(policy)).To(Succeed()) + } + bytes, err := yaml.Marshal(rest.From.ResourceList(matchedPolicyList)) + Expect(err).ToNot(HaveOccurred()) + Expect(string(bytes)).To(test_matchers.MatchGoldenYAML(given.goldenFile)) + }, + Entry("uni zone", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneUni, + policyMeta: test_resources.ZoneUni, + goldenFile: buildGoldenFilePath("uni-zone", givenResources.testName), + }), + Entry("k8s zone", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneK8s, + policyMeta: test_resources.ZoneK8s, + goldenFile: buildGoldenFilePath("k8s-zone", givenResources.testName), + }), + Entry("policy global uni, dpp uni - on global", dataplaneTestCase{ + dataplaneMeta: test_resources.SyncToUni(test_resources.ZoneUni), + policyMeta: test_resources.SystemPolicy(test_resources.GlobalUni), + goldenFile: buildGoldenFilePath("policy-from-global-uni-zone-uni-on-global", givenResources.testName), + }), + Entry("policy global uni, dpp uni - on zone", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneUni, + policyMeta: test_resources.SystemPolicy(test_resources.SyncToUni(test_resources.GlobalUni)), + goldenFile: buildGoldenFilePath("policy-from-global-uni-zone-uni-on-zone", givenResources.testName), + }), + Entry("policy global uni, dpp k8s - on zone", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneK8s, + policyMeta: test_resources.SystemPolicy(test_resources.SyncToK8s(test_resources.GlobalUni)), + goldenFile: buildGoldenFilePath("policy-from-global-uni-zone-k8s-on-zone", givenResources.testName), + }), + Entry("policy global uni, dpp k8s - on global", dataplaneTestCase{ + dataplaneMeta: test_resources.SyncToUni(test_resources.ZoneK8s), + policyMeta: test_resources.SystemPolicy(test_resources.GlobalUni), + goldenFile: buildGoldenFilePath("policy-from-global-uni-zone-k8s-on-global", givenResources.testName), + }), + Entry("policy global k8s, dpp uni - on zone", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneUni, + policyMeta: test_resources.SystemPolicy(test_resources.SyncToUni(test_resources.GlobalK8s)), + goldenFile: buildGoldenFilePath("policy-from-global-k8s-zone-uni-on-zone", givenResources.testName), + }), + Entry("policy global k8s, dpp uni - on global", dataplaneTestCase{ + dataplaneMeta: test_resources.SyncToK8s(test_resources.ZoneUni), + policyMeta: test_resources.SystemPolicy(test_resources.GlobalK8s), + goldenFile: buildGoldenFilePath("policy-from-global-k8s-zone-uni-on-global", givenResources.testName), + }), + Entry("policy global k8s, dpp k8s - on zone", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneK8s, + policyMeta: test_resources.SystemPolicy(test_resources.SyncToK8s(test_resources.GlobalK8s)), + goldenFile: buildGoldenFilePath("policy-from-global-k8s-zone-k8s-on-zone", givenResources.testName), + }), + Entry("policy global k8s, dpp k8s - on global", dataplaneTestCase{ + dataplaneMeta: test_resources.SyncToK8s(test_resources.ZoneK8s), + policyMeta: test_resources.SystemPolicy(test_resources.GlobalK8s), + goldenFile: buildGoldenFilePath("policy-from-global-k8s-zone-k8s-on-global", givenResources.testName), + }), + Entry("policy global k8s, dpp uni - on zone", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneUni, + policyMeta: test_resources.SystemPolicy(test_resources.SyncToUni(test_resources.GlobalUni)), + goldenFile: buildGoldenFilePath("policy-global-uni-dpp-k8s-on-zone", givenResources.testName), + }), + Entry("policy global k8s, dpp uni - on global", dataplaneTestCase{ + dataplaneMeta: test_resources.SyncToUni(test_resources.ZoneUni), + policyMeta: test_resources.SystemPolicy(test_resources.GlobalUni), + goldenFile: buildGoldenFilePath("policy-global-uni-dpp-k8s-on-global", givenResources.testName), + }), + Entry("policy synced from other k8s zone", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneUni, + policyMeta: test_resources.ProducerPolicy(test_resources.SyncToUni(test_resources.ZoneK8s)), + goldenFile: buildGoldenFilePath("policy-from-k8s-to-uni", givenResources.testName), + }), + Entry("policy synced from other k8s zone to k8s", dataplaneTestCase{ + dataplaneMeta: test_resources.ZoneK8s, + policyMeta: test_resources.ProducerPolicy(test_resources.SyncToK8s(test_resources.ZoneK8s)), + goldenFile: buildGoldenFilePath("policy-from-k8s-to-k8s", givenResources.testName), + }), + ) + }, generateTableEntries(filepath.Join("testdata", "matchedpolicies", "dataplane-kind"))) }) + +func getResourceType(resTypes []core_model.ResourceType) core_model.ResourceType { + var resType core_model.ResourceType + switch { + case len(resTypes) == 1: + resType = resTypes[0] + case len(resTypes) == 2 && resTypes[1] == v1alpha1.MeshHTTPRouteType: + resType = resTypes[0] + case len(resTypes) == 2 && resTypes[0] == v1alpha1.MeshHTTPRouteType: + resType = resTypes[1] + } + return resType +} + +func buildGoldenFilePath(caseName, testName string) string { + return filepath.Join("testdata", "matchedpolicies", "dataplane-kind", testName, fmt.Sprintf("%s.golden.yaml", caseName)) +} diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels.dataplane.yaml new file mode 100644 index 000000000000..ada41b68bf54 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels.dataplane.yaml @@ -0,0 +1,19 @@ +type: Dataplane +mesh: mesh-1 +name: dp-1 +labels: + k8s.kuma.io/namespace: kuma-demo + app: demo +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + name: main-port + tags: + kuma.io/service: web + version: v1 + - port: 8081 + name: secondary-port + tags: + kuma.io/service: web + version: v3 \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels.policies.yaml new file mode 100644 index 000000000000..78a6f1e6583e --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels.policies.yaml @@ -0,0 +1,34 @@ +# combining policies using kind Dataplane selecting Dataplanes by name and namespace and labels +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + labels: + app: demo + from: + - targetRef: + kind: Mesh + default: + action: Deny +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + from: + - targetRef: + kind: Mesh + default: + action: Allow \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/k8s-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/k8s-zone.golden.yaml new file mode 100644 index 000000000000..1266cd1765b4 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/k8s-zone.golden.yaml @@ -0,0 +1,47 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..5523fd0afe93 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..f676d43a6cf6 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..5523fd0afe93 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..75100a6592a6 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..6a3c6b54ce6f --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..f0d913ab991d --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..6a3c6b54ce6f --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..57474c896d88 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-k8s-to-k8s.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-k8s-to-k8s.golden.yaml new file mode 100644 index 000000000000..b5483680931c --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-k8s-to-k8s.golden.yaml @@ -0,0 +1,47 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-7fddv968x8wdzb48.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-xw4x78829bfvv5zw.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-k8s-to-uni.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-k8s-to-uni.golden.yaml new file mode 100644 index 000000000000..1f1a26695a58 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-from-k8s-to-uni.golden.yaml @@ -0,0 +1,25 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-7fddv968x8wdzb48 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..6a3c6b54ce6f --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..57474c896d88 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/uni-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/uni-zone.golden.yaml new file mode 100644 index 000000000000..873fddad93c0 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-labels/uni-zone.golden.yaml @@ -0,0 +1,45 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName.dataplane.yaml new file mode 100644 index 000000000000..f8b7cb7706cf --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName.dataplane.yaml @@ -0,0 +1,18 @@ +type: Dataplane +mesh: mesh-1 +name: dp-1 +labels: + k8s.kuma.io/namespace: kuma-demo +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + name: main-port + tags: + kuma.io/service: web + version: v1 + - port: 8081 + name: secondary-port + tags: + kuma.io/service: web + version: v3 \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName.policies.yaml new file mode 100644 index 000000000000..d9dc599a4b5f --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName.policies.yaml @@ -0,0 +1,35 @@ +# combining policies using kind Dataplane selecting Dataplanes by name and namespace with specific inbound selected by sectionName +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + from: + - targetRef: + kind: Mesh + default: + action: Deny +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + sectionName: main-port + from: + - targetRef: + kind: Mesh + default: + action: Allow \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/k8s-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/k8s-zone.golden.yaml new file mode 100644 index 000000000000..85000be3869e --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/k8s-zone.golden.yaml @@ -0,0 +1,48 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-uni-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-k8s-zone-uni-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-uni-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-global-uni-zone-uni-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-k8s-to-k8s.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-k8s-to-k8s.golden.yaml new file mode 100644 index 000000000000..cc338f0bee4e --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-k8s-to-k8s.golden.yaml @@ -0,0 +1,48 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-7fddv968x8wdzb48.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-xw4x78829bfvv5zw.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-k8s-to-uni.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-k8s-to-uni.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-from-k8s-to-uni.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-global-uni-dpp-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-global-uni-dpp-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-global-uni-dpp-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-global-uni-dpp-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-global-uni-dpp-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/policy-global-uni-dpp-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/uni-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/uni-zone.golden.yaml new file mode 100644 index 000000000000..e1607e54ccd5 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-and-sectionName/uni-zone.golden.yaml @@ -0,0 +1,46 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName.dataplane.yaml new file mode 100644 index 000000000000..ada41b68bf54 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName.dataplane.yaml @@ -0,0 +1,19 @@ +type: Dataplane +mesh: mesh-1 +name: dp-1 +labels: + k8s.kuma.io/namespace: kuma-demo + app: demo +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + name: main-port + tags: + kuma.io/service: web + version: v1 + - port: 8081 + name: secondary-port + tags: + kuma.io/service: web + version: v3 \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName.policies.yaml new file mode 100644 index 000000000000..f9ef20f02899 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName.policies.yaml @@ -0,0 +1,70 @@ +# combining policies using kind Dataplane selecting Dataplanes by name and namespace with sectionName and labels +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + labels: + app: demo + from: + - targetRef: + kind: Mesh + default: + action: Deny +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + sectionName: main-port + from: + - targetRef: + kind: Mesh + default: + action: Allow +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + from: + - targetRef: + kind: Mesh + default: + action: Allow +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + from: + - targetRef: + kind: Mesh + default: + action: Allow \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/k8s-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/k8s-zone.golden.yaml new file mode 100644 index 000000000000..dc34e924fdb8 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/k8s-zone.golden.yaml @@ -0,0 +1,93 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..cb5a03e90681 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-k8s-on-global.golden.yaml @@ -0,0 +1,46 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..4c4cc12bb03f --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,46 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-86x2565vvdw4dv5b.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..cb5a03e90681 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-uni-on-global.golden.yaml @@ -0,0 +1,46 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..ae751ebe9f4e --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-k8s-zone-uni-on-zone.golden.yaml @@ -0,0 +1,46 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-86x2565vvdw4dv5b + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..3324eb64ea13 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-k8s-on-global.golden.yaml @@ -0,0 +1,44 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..08a95a774d64 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,44 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-86x2565vvdw4dv5b.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..3324eb64ea13 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-uni-on-global.golden.yaml @@ -0,0 +1,44 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..89045bc8f782 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-global-uni-zone-uni-on-zone.golden.yaml @@ -0,0 +1,44 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-86x2565vvdw4dv5b + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-k8s-to-k8s.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-k8s-to-k8s.golden.yaml new file mode 100644 index 000000000000..2640d3e569a5 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-k8s-to-k8s.golden.yaml @@ -0,0 +1,93 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-7fddv968x8wdzb48.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-xw4x78829bfvv5zw.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-xw4x78829bfvv5zw.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-xw4x78829bfvv5zw.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-k8s-to-uni.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-k8s-to-uni.golden.yaml new file mode 100644 index 000000000000..b582027a97d2 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-from-k8s-to-uni.golden.yaml @@ -0,0 +1,48 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-7fddv968x8wdzb48 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-xw4x78829bfvv5zw + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-global-uni-dpp-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-global-uni-dpp-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..3324eb64ea13 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-global-uni-dpp-k8s-on-global.golden.yaml @@ -0,0 +1,44 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-global-uni-dpp-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-global-uni-dpp-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..89045bc8f782 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/policy-global-uni-dpp-k8s-on-zone.golden.yaml @@ -0,0 +1,44 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-w6b2779598z4fd75 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-86x2565vvdw4dv5b + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/uni-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/uni-zone.golden.yaml new file mode 100644 index 000000000000..723d2aef6253 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/combine-name-labels-sectionName/uni-zone.golden.yaml @@ -0,0 +1,89 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + sectionName: main-port + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + sectionName: main-port + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all.dataplane.yaml new file mode 100644 index 000000000000..2ec7f93ee71c --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all.dataplane.yaml @@ -0,0 +1,14 @@ +type: Dataplane +mesh: mesh-1 +name: dp-1 +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + tags: + kuma.io/service: web + version: v1 + - port: 8081 + tags: + kuma.io/service: web + version: v3 \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all.policies.yaml new file mode 100644 index 000000000000..c354b09a9fd8 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all.policies.yaml @@ -0,0 +1,24 @@ +# policies using kind Dataplane selecting all Dataplanes +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +spec: + targetRef: + kind: Dataplane + from: + - targetRef: + kind: Mesh + default: + action: Deny +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +spec: + targetRef: + kind: Dataplane + from: + - targetRef: + kind: Mesh + default: + action: Allow diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/k8s-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/k8s-zone.golden.yaml new file mode 100644 index 000000000000..c66602cbf514 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/k8s-zone.golden.yaml @@ -0,0 +1,41 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..0ce79a5daf38 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-k8s-on-global.golden.yaml @@ -0,0 +1,41 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..bd68462e76d8 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,41 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-4w4v49zf92czxwb8.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-58xvcddfb4w5v7cf.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..0ce79a5daf38 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-uni-on-global.golden.yaml @@ -0,0 +1,41 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2.ns-k8s + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..3b81ec6bb62b --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-k8s-zone-uni-on-zone.golden.yaml @@ -0,0 +1,41 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-4w4v49zf92czxwb8 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-58xvcddfb4w5v7cf + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..e203138375b1 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-k8s-on-global.golden.yaml @@ -0,0 +1,39 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..0bdb0b193904 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,39 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-z7488c7w74xc7b5b.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-z7488b7w74xc78b7.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..e203138375b1 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-uni-on-global.golden.yaml @@ -0,0 +1,39 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..9815134a8e15 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-global-uni-zone-uni-on-zone.golden.yaml @@ -0,0 +1,39 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-z7488c7w74xc7b5b + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-z7488b7w74xc78b7 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-k8s-to-k8s.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-k8s-to-k8s.golden.yaml new file mode 100644 index 000000000000..6a29b5c72520 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-k8s-to-k8s.golden.yaml @@ -0,0 +1,43 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-7z7fb49x47595f5w.kuma-system + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-dz68xw22zdcf2ffv.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-k8s-to-uni.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-k8s-to-uni.golden.yaml new file mode 100644 index 000000000000..73899febd769 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-from-k8s-to-uni.golden.yaml @@ -0,0 +1,43 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-2 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-7z7fb49x47595f5w + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-dz68xw22zdcf2ffv + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-global-uni-dpp-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-global-uni-dpp-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..e203138375b1 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-global-uni-dpp-k8s-on-global.golden.yaml @@ -0,0 +1,39 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-global-uni-dpp-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-global-uni-dpp-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..9815134a8e15 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/policy-global-uni-dpp-k8s-on-zone.golden.yaml @@ -0,0 +1,39 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-2 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2-z7488c7w74xc7b5b + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-z7488b7w74xc78b7 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/uni-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/uni-zone.golden.yaml new file mode 100644 index 000000000000..02c72ded64df --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-all/uni-zone.golden.yaml @@ -0,0 +1,37 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + kuma.io/display-name: mtp-2 + kuma.io/origin: zone + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-2 + spec: + from: + - default: + action: Allow + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +- creationTime: "0001-01-01T00:00:00Z" + labels: + kuma.io/display-name: mtp-1 + kuma.io/origin: zone + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels.dataplane.yaml new file mode 100644 index 000000000000..9a3a75ec80b6 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels.dataplane.yaml @@ -0,0 +1,16 @@ +type: Dataplane +mesh: mesh-1 +name: dp-1 +labels: + app: demo +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + tags: + kuma.io/service: web + version: v1 + - port: 8081 + tags: + kuma.io/service: web + version: v3 \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels.policies.yaml new file mode 100644 index 000000000000..ddf5350ba59d --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels.policies.yaml @@ -0,0 +1,28 @@ +# policies using kind Dataplane selecting Dataplanes by labels +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +spec: + targetRef: + kind: Dataplane + labels: + app: demo + from: + - targetRef: + kind: Mesh + default: + action: Deny +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +spec: + targetRef: + kind: Dataplane + labels: + app: test + from: + - targetRef: + kind: Mesh + default: + action: Allow diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/k8s-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/k8s-zone.golden.yaml new file mode 100644 index 000000000000..b6905738bc9b --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/k8s-zone.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..5523fd0afe93 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..fa47139689eb --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-58xvcddfb4w5v7cf.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..5523fd0afe93 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..fa1068b68f2d --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-58xvcddfb4w5v7cf + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..6a3c6b54ce6f --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..66d507e5c488 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-z7488b7w74xc78b7.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..6a3c6b54ce6f --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..83f0f4bb2d94 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-z7488b7w74xc78b7 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-k8s-to-k8s.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-k8s-to-k8s.golden.yaml new file mode 100644 index 000000000000..a0b07a10bb34 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-k8s-to-k8s.golden.yaml @@ -0,0 +1,25 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-dz68xw22zdcf2ffv.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-k8s-to-uni.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-k8s-to-uni.golden.yaml new file mode 100644 index 000000000000..ae48b8ca2af0 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-from-k8s-to-uni.golden.yaml @@ -0,0 +1,25 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-dz68xw22zdcf2ffv + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..6a3c6b54ce6f --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..83f0f4bb2d94 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-z7488b7w74xc78b7 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/uni-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/uni-zone.golden.yaml new file mode 100644 index 000000000000..3ccb77470607 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-labels/uni-zone.golden.yaml @@ -0,0 +1,22 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + kuma.io/display-name: mtp-1 + kuma.io/origin: zone + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + labels: + app: demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace.dataplane.yaml new file mode 100644 index 000000000000..b684e5647f0d --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace.dataplane.yaml @@ -0,0 +1,16 @@ +type: Dataplane +mesh: mesh-1 +name: dp-1 +labels: + k8s.kuma.io/namespace: kuma-demo +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + tags: + kuma.io/service: web + version: v1 + - port: 8081 + tags: + kuma.io/service: web + version: v3 \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace.policies.yaml new file mode 100644 index 000000000000..54e206550298 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace.policies.yaml @@ -0,0 +1,51 @@ +# policies using kind Dataplane selecting Dataplanes by name and namespace +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + from: + - targetRef: + kind: Mesh + default: + action: Deny +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + name: dp-1 + namespace: other-namespace + from: + - targetRef: + kind: Mesh + default: + action: Allow +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/policy-role: system +spec: + targetRef: + kind: Dataplane + name: dp-2 + namespace: kuma-demo + from: + - targetRef: + kind: Mesh + default: + action: Allow diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/k8s-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/k8s-zone.golden.yaml new file mode 100644 index 000000000000..e32dd9f7b5fa --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/k8s-zone.golden.yaml @@ -0,0 +1,25 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-uni-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-k8s-zone-uni-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-uni-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-global-uni-zone-uni-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-k8s-to-k8s.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-k8s-to-k8s.golden.yaml new file mode 100644 index 000000000000..e46a88fa99e5 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-k8s-to-k8s.golden.yaml @@ -0,0 +1,25 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-7fddv968x8wdzb48.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-k8s-to-uni.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-k8s-to-uni.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-from-k8s-to-uni.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-global-uni-dpp-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-global-uni-dpp-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-global-uni-dpp-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-global-uni-dpp-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-global-uni-dpp-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/policy-global-uni-dpp-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/uni-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/uni-zone.golden.yaml new file mode 100644 index 000000000000..2490235ea5fa --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name-and-namespace/uni-zone.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp-1 + kuma.io/origin: zone + kuma.io/policy-role: system + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + namespace: kuma-demo + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name.dataplane.yaml new file mode 100644 index 000000000000..b684e5647f0d --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name.dataplane.yaml @@ -0,0 +1,16 @@ +type: Dataplane +mesh: mesh-1 +name: dp-1 +labels: + k8s.kuma.io/namespace: kuma-demo +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + tags: + kuma.io/service: web + version: v1 + - port: 8081 + tags: + kuma.io/service: web + version: v3 \ No newline at end of file diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name.policies.yaml new file mode 100644 index 000000000000..7e98e9bb4b4b --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name.policies.yaml @@ -0,0 +1,30 @@ +# policies using kind Dataplane selecting Dataplanes by name +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +labels: + k8s.kuma.io/namespace: kuma-demo +spec: + targetRef: + kind: Dataplane + name: dp-1 + from: + - targetRef: + kind: Mesh + default: + action: Deny +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-2 +labels: + k8s.kuma.io/namespace: kuma-demo +spec: + targetRef: + kind: Dataplane + name: dp-2 + from: + - targetRef: + kind: Mesh + default: + action: Allow diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/k8s-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/k8s-zone.golden.yaml new file mode 100644 index 000000000000..b7ea10a207bd --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/k8s-zone.golden.yaml @@ -0,0 +1,23 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-demo + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1.ns-k8s + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-uni-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-k8s-zone-uni-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-uni-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-uni-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-uni-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-uni-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-uni-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-global-uni-zone-uni-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-k8s-to-k8s.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-k8s-to-k8s.golden.yaml new file mode 100644 index 000000000000..bf0d772a7c64 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-k8s-to-k8s.golden.yaml @@ -0,0 +1,24 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-demo + kuma.io/display-name: mtp-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1-dbzbf448z4f844v2.kuma-system + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-k8s-to-uni.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-k8s-to-uni.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-from-k8s-to-uni.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-global-uni-dpp-k8s-on-global.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-global-uni-dpp-k8s-on-global.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-global-uni-dpp-k8s-on-global.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-global-uni-dpp-k8s-on-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-global-uni-dpp-k8s-on-zone.golden.yaml new file mode 100644 index 000000000000..06b576d24847 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/policy-global-uni-dpp-k8s-on-zone.golden.yaml @@ -0,0 +1,3 @@ +items: [] +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/uni-zone.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/uni-zone.golden.yaml new file mode 100644 index 000000000000..5157c778a0e8 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/uni-zone.golden.yaml @@ -0,0 +1,22 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + labels: + k8s.kuma.io/namespace: kuma-demo + kuma.io/display-name: mtp-1 + kuma.io/origin: zone + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + spec: + from: + - default: + action: Deny + targetRef: + kind: Mesh + targetRef: + kind: Dataplane + name: dp-1 + type: MeshTrafficPermission +next: null +total: 0 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.dataplane.yaml new file mode 100644 index 000000000000..17990845a1e2 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.dataplane.yaml @@ -0,0 +1,16 @@ +type: Dataplane +mesh: mesh-1 +name: dp-1 +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + name: main-port + tags: + kuma.io/service: web + version: v1 + - port: 8081 + name: secondary-port + tags: + kuma.io/service: web + version: v3 diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.golden.yaml new file mode 100644 index 000000000000..aabe7f9656e8 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.golden.yaml @@ -0,0 +1,42 @@ +InboundRules: + 1.1.1.1:8080: [] + 1.1.1.1:8081: [] +Rules: + 1.1.1.1:8080: + - BackendRefOriginIndex: {} + Conf: + action: AllowWithShadowDeny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + type: MeshTrafficPermission + Subset: + - Key: kuma.io/service + Not: false + Value: orders + - BackendRefOriginIndex: {} + Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + type: MeshTrafficPermission + Subset: + - Key: kuma.io/service + Not: true + Value: orders + 1.1.1.1:8081: + - BackendRefOriginIndex: {} + Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mtp-1 + type: MeshTrafficPermission + Subset: [] diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.policies.yaml new file mode 100644 index 000000000000..e68a4da51fc5 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.policies.yaml @@ -0,0 +1,32 @@ +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +spec: + targetRef: + kind: Dataplane + name: dp-1 + sectionName: main-port + from: + - targetRef: + kind: Mesh + default: + action: Allow + - targetRef: + kind: MeshService + name: orders + default: + action: AllowWithShadowDeny +--- +type: MeshTrafficPermission +mesh: mesh-1 +name: mtp-1 +spec: + targetRef: + kind: Dataplane + name: dp-1 + sectionName: secondary-port + from: + - targetRef: + kind: Mesh + default: + action: Deny \ No newline at end of file diff --git a/pkg/plugins/policies/core/rules/sort/sort.go b/pkg/plugins/policies/core/rules/sort/sort.go index 9805332338de..d9b68ef170ca 100644 --- a/pkg/plugins/policies/core/rules/sort/sort.go +++ b/pkg/plugins/policies/core/rules/sort/sort.go @@ -12,6 +12,10 @@ func CompareByPolicyAttributes[T common.PolicyAttributes](a, b T) int { return less } + if less := a.GetTopLevel().CompareDataplaneKind(b.GetTopLevel()); less != 0 { + return less + } + o1, _ := core_model.ResourceOrigin(a.GetResourceMeta()) o2, _ := core_model.ResourceOrigin(b.GetResourceMeta()) if less := o1.Compare(o2); less != 0 { diff --git a/pkg/plugins/policies/meshtimeout/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtimeout/api/v1alpha1/validator.go index 9e42e8094882..077095b4d743 100644 --- a/pkg/plugins/policies/meshtimeout/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshtimeout/api/v1alpha1/validator.go @@ -35,17 +35,20 @@ func (r *MeshTimeoutResource) validateTop(targetRef *common_api.TargetRef) valid SupportedKinds: []common_api.TargetRefKind{ common_api.Mesh, common_api.MeshSubset, + common_api.Dataplane, common_api.MeshGateway, common_api.MeshService, common_api.MeshServiceSubset, common_api.MeshHTTPRoute, }, GatewayListenerTagsAllowed: true, + IsInboundPolicy: true, }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ SupportedKinds: []common_api.TargetRefKind{ common_api.Mesh, + common_api.Dataplane, common_api.MeshSubset, common_api.MeshService, common_api.MeshServiceSubset, diff --git a/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/validator.go index 51226240c285..fea57012a246 100644 --- a/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/validator.go @@ -27,7 +27,9 @@ func validateTop(targetRef *common_api.TargetRef) validators.ValidationError { common_api.MeshSubset, common_api.MeshService, common_api.MeshServiceSubset, + common_api.Dataplane, }, + IsInboundPolicy: true, }) return targetRefErr } diff --git a/pkg/test/resources/matadata.go b/pkg/test/resources/matadata.go new file mode 100644 index 000000000000..20f6eabcba39 --- /dev/null +++ b/pkg/test/resources/matadata.go @@ -0,0 +1,158 @@ +package resources + +import ( + "maps" + + mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" + "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" + core_model "github.com/kumahq/kuma/pkg/core/resources/model" + "github.com/kumahq/kuma/pkg/kds/hash" + "github.com/kumahq/kuma/pkg/test/resources/model" + "github.com/kumahq/kuma/pkg/util/k8s" +) + +type BuildMeta func(name, mesh string, labels map[string]string) core_model.ResourceMeta + +func GlobalUni(name, mesh string, labels map[string]string) core_model.ResourceMeta { + globalLabels := map[string]string{ + "kuma.io/origin": "global", + "kuma.io/display-name": name, + } + maps.Copy(globalLabels, labels) + return &model.ResourceMeta{ + Name: name, + Mesh: mesh, + Labels: globalLabels, + } +} + +func GlobalK8s(name, mesh string, labels map[string]string) core_model.ResourceMeta { + globalLabels := map[string]string{ + "kuma.io/origin": "global", + "k8s.kuma.io/namespace": "ns-k8s", + "kuma.io/mesh": mesh, + "kuma.io/display-name": name, + } + maps.Copy(globalLabels, labels) + return &model.ResourceMeta{ + Name: k8s.K8sNamespacedNameToCoreName(name, "ns-k8s"), + Mesh: mesh, + Labels: globalLabels, + NameExtensions: map[string]string{ + "k8s.kuma.io/namespace": "ns-k8s", + "k8s.kuma.io/name": name, + }, + } +} + +func ZoneUni(name, mesh string, labels map[string]string) core_model.ResourceMeta { + zoneLabels := map[string]string{ + "kuma.io/origin": "zone", + "kuma.io/zone": "zone-uni", + "kuma.io/display-name": name, + } + maps.Copy(zoneLabels, labels) + return &model.ResourceMeta{ + Name: name, + Mesh: mesh, + Labels: zoneLabels, + } +} + +func ZoneK8s(name, mesh string, labels map[string]string) core_model.ResourceMeta { + zoneLabels := map[string]string{ + "kuma.io/origin": "zone", + "kuma.io/zone": "zone-k8s", + "k8s.kuma.io/namespace": "ns-k8s", + "kuma.io/mesh": mesh, + "kuma.io/display-name": name, + } + maps.Copy(zoneLabels, labels) + return &model.ResourceMeta{ + Name: k8s.K8sNamespacedNameToCoreName(name, "ns-k8s"), + Mesh: mesh, + Labels: zoneLabels, + NameExtensions: map[string]string{ + "k8s.kuma.io/namespace": "ns-k8s", + "k8s.kuma.io/name": name, + }, + } +} + +func SystemPolicy(fn BuildMeta) BuildMeta { + return WithNamespace(WithPolicyRole(fn, mesh_proto.SystemPolicyRole), "kuma-system") +} + +func ProducerPolicy(fn BuildMeta) BuildMeta { + return WithPolicyRole(fn, mesh_proto.ProducerPolicyRole) +} + +func WithPolicyRole(fn BuildMeta, policyRole mesh_proto.PolicyRole) BuildMeta { + return func(name, mesh string, labels map[string]string) core_model.ResourceMeta { + meta := fn(name, mesh, labels) + meta.GetLabels()[mesh_proto.PolicyRoleLabel] = string(policyRole) + return meta + } +} + +func WithNamespace(fn BuildMeta, namespace string) BuildMeta { + return func(name, mesh string, labels map[string]string) core_model.ResourceMeta { + meta := fn(name, mesh, labels) + meta.GetLabels()[mesh_proto.KubeNamespaceTag] = namespace + return meta + } +} + +func SyncToUni(fn BuildMeta) BuildMeta { + return func(name, mesh string, labels map[string]string) core_model.ResourceMeta { + m := fn(name, mesh, labels) + var values []string + if v, ok := m.GetLabels()[mesh_proto.ZoneTag]; ok { + values = append(values, v) + } + if v, ok := m.GetLabels()[mesh_proto.KubeNamespaceTag]; ok { + values = append(values, v) + } + return &model.ResourceMeta{ + Name: hash.HashedName(m.GetMesh(), core_model.GetDisplayName(m), values...), + Mesh: m.GetMesh(), + Labels: m.GetLabels(), + } + } +} + +func SyncToK8s(fn BuildMeta) BuildMeta { + return func(name, mesh string, labels map[string]string) core_model.ResourceMeta { + m := fn(name, mesh, labels) + var values []string + if v, ok := m.GetLabels()[mesh_proto.ZoneTag]; ok { + values = append(values, v) + } + if v, ok := m.GetLabels()[mesh_proto.KubeNamespaceTag]; ok { + values = append(values, v) + } + newName := hash.HashedName(m.GetMesh(), core_model.GetDisplayName(m), values...) + return &model.ResourceMeta{ + Name: k8s.K8sNamespacedNameToCoreName(newName, "kuma-system"), + Mesh: m.GetMesh(), + Labels: m.GetLabels(), + NameExtensions: map[string]string{ + "k8s.kuma.io/namespace": "kuma-system", + "k8s.kuma.io/name": newName, + }, + } + } +} + +func UpdateResourcesMeta(fn BuildMeta, rs core_model.ResourceList) { + for _, r := range rs.GetItems() { + if r.Descriptor().Name == mesh.MeshType { + continue + } + UpdateResourceMeta(fn, r) + } +} + +func UpdateResourceMeta(fn BuildMeta, r core_model.Resource) { + r.SetMeta(fn(r.GetMeta().GetName(), r.GetMeta().GetMesh(), r.GetMeta().GetLabels())) +} diff --git a/test/e2e_env/kubernetes/meshtimeout/meshtimeout.go b/test/e2e_env/kubernetes/meshtimeout/meshtimeout.go index 4a7d76325d49..2683651536e3 100644 --- a/test/e2e_env/kubernetes/meshtimeout/meshtimeout.go +++ b/test/e2e_env/kubernetes/meshtimeout/meshtimeout.go @@ -24,6 +24,7 @@ func MeshTimeout() { mesh := fmt.Sprintf("meshtimeout-ms-%s", strings.ToLower(mode.String())) namespace := fmt.Sprintf("%s-namespace", mesh) testServerURL := fmt.Sprintf("test-server.%s.svc:80", namespace) + testServerSecondaryInboundUrl := fmt.Sprintf("test-server.%s.svc:9090", namespace) BeforeAll(func() { err := NewClusterSetup(). @@ -111,6 +112,27 @@ spec: targetRef: kind: Mesh from: + - targetRef: + kind: Mesh + default: + idleTimeout: 20s + http: + requestTimeout: 2s + maxStreamDuration: 20s`, Config.KumaNamespace, mesh)), + Entry("outbound dataplane kind", fmt.Sprintf(` +apiVersion: kuma.io/v1alpha1 +kind: MeshTimeout +metadata: + name: mt1 + namespace: %s + labels: + kuma.io/mesh: %s +spec: + targetRef: + kind: Dataplane + labels: + app: demo-client + to: - targetRef: kind: Mesh default: @@ -163,6 +185,86 @@ spec: return out }(), ) + + It("should configure timeout for single inbound", func() { + policy := fmt.Sprintf(` +apiVersion: kuma.io/v1alpha1 +kind: MeshTimeout +metadata: + name: mt1 + namespace: %s + labels: + kuma.io/mesh: %s +spec: + targetRef: + kind: Dataplane + labels: + app: test-server + sectionName: secondary + from: + - targetRef: + kind: Mesh + default: + idleTimeout: 20s + http: + requestTimeout: 2s + maxStreamDuration: 20s`, Config.KumaNamespace, mesh) + + // Delete all retries and timeouts policy + Expect(DeleteMeshResources(kubernetes.Cluster, mesh, + meshtimeout_api.MeshTimeoutResourceTypeDescriptor, + meshretry_api.MeshRetryResourceTypeDescriptor, + )).To(Succeed()) + // main inbound + Eventually(func(g Gomega) { + start := time.Now() + g.Expect(client.CollectEchoResponse( + kubernetes.Cluster, "demo-client", testServerURL, + client.FromKubernetesPod(namespace, "demo-client"), + client.WithHeader("x-set-response-delay-ms", "5000"), + client.WithMaxTime(10), + )).Should(HaveField("Instance", ContainSubstring("test-server"))) + g.Expect(time.Since(start)).To(BeNumerically(">", time.Second*5)) + }, "30s", "1s").Should(Succeed()) + + // secondary inbound + Eventually(func(g Gomega) { + start := time.Now() + g.Expect(client.CollectEchoResponse( + kubernetes.Cluster, "demo-client", testServerSecondaryInboundUrl, + client.FromKubernetesPod(namespace, "demo-client"), + client.WithHeader("x-set-response-delay-ms", "5000"), + client.WithMaxTime(10), + )).Should(HaveField("Instance", ContainSubstring("test-server"))) + g.Expect(time.Since(start)).To(BeNumerically(">", time.Second*5)) + }, "30s", "1s").Should(Succeed()) + + // when + Expect(YamlK8s(policy)(kubernetes.Cluster)).To(Succeed()) + + // then + // main inbound + Eventually(func(g Gomega) { + start := time.Now() + g.Expect(client.CollectEchoResponse( + kubernetes.Cluster, "demo-client", testServerURL, + client.FromKubernetesPod(namespace, "demo-client"), + client.WithHeader("x-set-response-delay-ms", "5000"), + client.WithMaxTime(10), + )).Should(HaveField("Instance", ContainSubstring("test-server"))) + g.Expect(time.Since(start)).To(BeNumerically(">", time.Second*5)) + }, "30s", "1s", MustPassRepeatedly(5)).Should(Succeed()) + + // secondary inbound + Eventually(func(g Gomega) { + g.Expect(client.CollectFailure( + kubernetes.Cluster, "demo-client", testServerSecondaryInboundUrl, + client.FromKubernetesPod(namespace, "demo-client"), + client.WithHeader("x-set-response-delay-ms", "5000"), + client.WithMaxTime(10), // we don't want 'curl' to return early + )).Should(HaveField("ResponseCode", 504)) + }, "1m", "1s", MustPassRepeatedly(5)).Should(Succeed()) + }) }, Entry("Disabled", mesh_proto.Mesh_MeshServices_Disabled), Entry("Exclusive", mesh_proto.Mesh_MeshServices_Exclusive), diff --git a/test/framework/deployments/testserver/kubernetes.go b/test/framework/deployments/testserver/kubernetes.go index ae514b14f03c..51a4ea9bb107 100644 --- a/test/framework/deployments/testserver/kubernetes.go +++ b/test/framework/deployments/testserver/kubernetes.go @@ -13,6 +13,8 @@ import ( "github.com/kumahq/kuma/test/framework" ) +const secondaryPort = 9090 + type k8SDeployment struct { opts DeploymentOpts } @@ -51,6 +53,12 @@ func (k *k8SDeployment) service() *corev1.Service { TargetPort: intstr.FromString("main"), AppProtocol: &appProtocol, }, + { + Name: "secondary", + Port: int32(secondaryPort), + TargetPort: intstr.FromString("secondary"), + AppProtocol: &appProtocol, + }, }, Selector: map[string]string{ "app": k.Name(), @@ -214,6 +222,10 @@ func (k *k8SDeployment) podSpec() corev1.PodTemplateSpec { ContainerPort: int32(containerPort), Name: "main", }, + { + ContainerPort: int32(secondaryPort), + Name: "secondary", + }, }, Env: []corev1.EnvVar{ { diff --git a/test/server/cmd/echo.go b/test/server/cmd/echo.go index d98550fa3eeb..526ae321b9af 100644 --- a/test/server/cmd/echo.go +++ b/test/server/cmd/echo.go @@ -20,6 +20,8 @@ import ( "github.com/kumahq/kuma/test/server/types" ) +const secondaryInboundPort = 9090 + func newEchoHTTPCmd() *cobra.Command { counters := newCounters() @@ -38,14 +40,7 @@ func newEchoHTTPCmd() *cobra.Command { Short: "Run Test Server with generic echo response", Long: `Run Test Server with generic echo response.`, RunE: func(cmd *cobra.Command, _ []string) error { - promExporter, err := prometheus.New(prometheus.WithoutCounterSuffixes()) - if err != nil { - return err - } - sdkmetric.NewMeterProvider(sdkmetric.WithReader(promExporter)) - promHandler := promhttp.Handler() - - http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { + handleEcho := func(writer http.ResponseWriter, request *http.Request) { headers := request.Header handleDelay(headers) headers.Add("host", request.Host) @@ -76,7 +71,16 @@ func newEchoHTTPCmd() *cobra.Command { if _, err := writer.Write(respBody); err != nil { panic(err) } - }) + } + + promExporter, err := prometheus.New(prometheus.WithoutCounterSuffixes()) + if err != nil { + return err + } + sdkmetric.NewMeterProvider(sdkmetric.WithReader(promExporter)) + promHandler := promhttp.Handler() + + http.HandleFunc("/", handleEcho) http.HandleFunc("/metrics", func(writer http.ResponseWriter, request *http.Request) { promHandler.ServeHTTP(writer, request) }) @@ -122,6 +126,11 @@ func newEchoHTTPCmd() *cobra.Command { if args.tls { return srv.ListenAndServeTLS(args.crtFile, args.keyFile) } + secondInboundMux := http.NewServeMux() + secondInboundMux.HandleFunc("/", handleEcho) + go func() { + _ = http.ListenAndServe(net.JoinHostPort(args.ip, strconv.Itoa(secondaryInboundPort)), secondInboundMux) // nolint: gosec + }() return srv.ListenAndServe() }, }