From 4fa46b9a427d2467b99e88b29dc3898932728a65 Mon Sep 17 00:00:00 2001 From: Charly Molter Date: Wed, 29 Nov 2023 07:21:15 +0100 Subject: [PATCH 1/3] fix(policies): matching at same level doesn't use lexicographic order Add some tests including one as pending which is the repro Fix #8484 Signed-off-by: Charly Molter --- .../rules/from/Pmtp-overrides.golden.yaml | 71 +++++++++++++++++++ .../rules/from/Pmtp-overrides.input.yaml | 42 +++++++++++ .../from/mtp-single-shadow-deny.golden.yaml | 56 +++++++++++++++ .../from/mtp-single-shadow-deny.input.yaml | 27 +++++++ ...mtp-from-overiding-one-another.golden.yaml | 56 +++++++++++++++ ...-mtp-from-overiding-one-another.input.yaml | 32 +++++++++ pkg/test/ginkgo.go | 2 + 7 files changed, 286 insertions(+) create mode 100644 pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.golden.yaml create mode 100644 pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.input.yaml create mode 100644 pkg/plugins/policies/core/rules/testdata/rules/from/mtp-single-shadow-deny.golden.yaml create mode 100644 pkg/plugins/policies/core/rules/testdata/rules/from/mtp-single-shadow-deny.input.yaml create mode 100644 pkg/plugins/policies/core/rules/testdata/rules/from/single-mtp-from-overiding-one-another.golden.yaml create mode 100644 pkg/plugins/policies/core/rules/testdata/rules/from/single-mtp-from-overiding-one-another.input.yaml diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.golden.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.golden.yaml new file mode 100644 index 000000000000..2fa868ce2642 --- /dev/null +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.golden.yaml @@ -0,0 +1,71 @@ +Rules: + 127.0.0.1:80: + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app-b + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: ui + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app-b + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: service-payment + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app-b + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: service-order + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app-b + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: true + Value: service-order + - Key: app.kubernetes.io/name + Not: true + Value: service-payment + - Key: app.kubernetes.io/name + Not: true + Value: ui diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.input.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.input.yaml new file mode 100644 index 000000000000..3e8920c1b672 --- /dev/null +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.input.yaml @@ -0,0 +1,42 @@ +# Lexicographic ordering of top level targetRef with the same kind +type: MeshTrafficPermission +mesh: default +name: default-demo-app +spec: + targetRef: + kind: MeshSubset + tags: + k8s.kuma.io/service-name: demo-app + from: + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: ui + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: service-order + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: service-payment +--- +type: MeshTrafficPermission +mesh: default +name: default-demo-app-b +spec: + targetRef: + kind: MeshSubset + tags: + k8s.kuma.io/service-name: demo-app + from: + - default: + action: Deny + targetRef: + kind: Mesh diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-single-shadow-deny.golden.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-single-shadow-deny.golden.yaml new file mode 100644 index 000000000000..b5f090f08c94 --- /dev/null +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-single-shadow-deny.golden.yaml @@ -0,0 +1,56 @@ +Rules: + 127.0.0.1:80: + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: mtp + type: MeshTrafficPermission + Subset: + - Key: kuma.io/service + Not: false + Value: c + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: mtp + type: MeshTrafficPermission + Subset: + - Key: kuma.io/service + Not: false + Value: b + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: mtp + type: MeshTrafficPermission + Subset: + - Key: kuma.io/service + Not: false + Value: a + - Conf: + action: AllowWithShadowDeny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: mtp + type: MeshTrafficPermission + Subset: + - Key: kuma.io/service + Not: true + Value: a + - Key: kuma.io/service + Not: true + Value: b + - Key: kuma.io/service + Not: true + Value: c diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-single-shadow-deny.input.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-single-shadow-deny.input.yaml new file mode 100644 index 000000000000..f8a1b74a8459 --- /dev/null +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-single-shadow-deny.input.yaml @@ -0,0 +1,27 @@ +# This policy has ShadowDeny for all services except a few selected ones +type: MeshTrafficPermission +name: mtp +mesh: default +spec: + targetRef: + kind: Mesh + from: + - targetRef: + kind: Mesh + default: + action: AllowWithShadowDeny + - targetRef: + kind: MeshService + name: a + default: + action: Deny + - targetRef: + kind: MeshService + name: b + default: + action: Deny + - targetRef: + kind: MeshService + name: c + default: + action: Allow diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/single-mtp-from-overiding-one-another.golden.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/single-mtp-from-overiding-one-another.golden.yaml new file mode 100644 index 000000000000..d6d6cb6926f2 --- /dev/null +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/single-mtp-from-overiding-one-another.golden.yaml @@ -0,0 +1,56 @@ +Rules: + 127.0.0.1:80: + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: ui + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: service-payment + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: service-order + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: true + Value: service-order + - Key: app.kubernetes.io/name + Not: true + Value: service-payment + - Key: app.kubernetes.io/name + Not: true + Value: ui diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/single-mtp-from-overiding-one-another.input.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/single-mtp-from-overiding-one-another.input.yaml new file mode 100644 index 000000000000..f681d5153ce8 --- /dev/null +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/single-mtp-from-overiding-one-another.input.yaml @@ -0,0 +1,32 @@ +# The first entry in from is then overridden by the following ones +type: MeshTrafficPermission +mesh: default +name: default-demo-app +spec: + targetRef: + kind: MeshSubset + tags: + k8s.kuma.io/service-name: demo-app + from: + - default: + action: Deny + targetRef: + kind: Mesh + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: ui + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: service-order + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: service-payment diff --git a/pkg/test/ginkgo.go b/pkg/test/ginkgo.go index 29d8eedeb838..fef9b6ba9393 100644 --- a/pkg/test/ginkgo.go +++ b/pkg/test/ginkgo.go @@ -67,6 +67,8 @@ func EntriesForFolder(folder string) []ginkgo.TableEntry { input := path.Join(testDir, f.Name()) if strings.HasPrefix(f.Name(), "F") { entries = append(entries, ginkgo.FEntry(input, input)) + } else if strings.HasPrefix(f.Name(), "P") { + entries = append(entries, ginkgo.PEntry(input, input)) } else { entries = append(entries, ginkgo.Entry(input, input)) } From de6a0c76052c3d9d14de28e89d01ef2785597df1 Mon Sep 17 00:00:00 2001 From: Charly Molter Date: Wed, 29 Nov 2023 12:00:44 +0100 Subject: [PATCH 2/3] add more tests Signed-off-by: Charly Molter --- ...iple-policies-lexicog-order.dataplane.yaml | 10 +++ ...ultiple-policies-lexicog-order.golden.yaml | 71 +++++++++++++++++++ ...tiple-policies-lexicog-order.policies.yaml | 43 +++++++++++ .../from/mtp-overrides-faulty.golden.yaml | 71 +++++++++++++++++++ .../from/mtp-overrides-faulty.input.yaml | 43 +++++++++++ ....golden.yaml => mtp-overrides.golden.yaml} | 8 +-- ...es.input.yaml => mtp-overrides.input.yaml} | 30 ++++---- 7 files changed, 257 insertions(+), 19 deletions(-) create mode 100644 pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.dataplane.yaml create mode 100644 pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.golden.yaml create mode 100644 pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.policies.yaml create mode 100644 pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides-faulty.golden.yaml create mode 100644 pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides-faulty.input.yaml rename pkg/plugins/policies/core/rules/testdata/rules/from/{Pmtp-overrides.golden.yaml => mtp-overrides.golden.yaml} (93%) rename pkg/plugins/policies/core/rules/testdata/rules/from/{Pmtp-overrides.input.yaml => mtp-overrides.input.yaml} (89%) diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.dataplane.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.dataplane.yaml new file mode 100644 index 000000000000..973ad91cf691 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.dataplane.yaml @@ -0,0 +1,10 @@ +type: Dataplane +mesh: default +name: dp-1 +networking: + address: 1.1.1.1 + inbound: + - port: 8080 + tags: + k8s.kuma.io/service-name: demo-app + kuma.io/service: foo diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.golden.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.golden.yaml new file mode 100644 index 000000000000..ce4cccbaf5df --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.golden.yaml @@ -0,0 +1,71 @@ +Rules: + 1.1.1.1:8080: + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: rule-a + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: rule-b + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: ui + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: rule-a + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: rule-b + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: service-payment + - Conf: + action: Allow + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: rule-a + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: rule-b + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: service-order + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: rule-a + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: true + Value: service-order + - Key: app.kubernetes.io/name + Not: true + Value: service-payment + - Key: app.kubernetes.io/name + Not: true + Value: ui diff --git a/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.policies.yaml b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.policies.yaml new file mode 100644 index 000000000000..52c577b0d985 --- /dev/null +++ b/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/fromrules/multiple-policies-lexicog-order.policies.yaml @@ -0,0 +1,43 @@ +# When using multiple policies with the same top level targetRef the lexicographic order of the policy should be maintained +type: MeshTrafficPermission +mesh: default +name: rule-b +spec: + targetRef: + kind: MeshSubset + tags: + k8s.kuma.io/service-name: demo-app + from: + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: ui + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: service-order + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: service-payment +--- +type: MeshTrafficPermission +mesh: default +name: rule-a +spec: + targetRef: + kind: MeshSubset + tags: + k8s.kuma.io/service-name: demo-app + from: + - default: + action: Deny + targetRef: + kind: Mesh + diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides-faulty.golden.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides-faulty.golden.yaml new file mode 100644 index 000000000000..6ddd0bbe0e68 --- /dev/null +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides-faulty.golden.yaml @@ -0,0 +1,71 @@ +Rules: + 127.0.0.1:80: + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app-a + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: ui + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app-a + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: service-payment + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app-a + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: false + Value: service-order + - Conf: + action: Deny + Origin: + - creationTime: "0001-01-01T00:00:00Z" + mesh: default + modificationTime: "0001-01-01T00:00:00Z" + name: default-demo-app + type: MeshTrafficPermission + Subset: + - Key: app.kubernetes.io/name + Not: true + Value: service-order + - Key: app.kubernetes.io/name + Not: true + Value: service-payment + - Key: app.kubernetes.io/name + Not: true + Value: ui diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides-faulty.input.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides-faulty.input.yaml new file mode 100644 index 000000000000..56cfb7c85a0b --- /dev/null +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides-faulty.input.yaml @@ -0,0 +1,43 @@ +# first policy is most specific it doesn't take precedence #8484 +# Ideally the output of this should be a single rule as the conf is always the same (DENY everything) +type: MeshTrafficPermission +mesh: default +name: default-demo-app-a +spec: + targetRef: + kind: MeshSubset + tags: + k8s.kuma.io/service-name: demo-app + from: + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: ui + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: service-order + - default: + action: Allow + targetRef: + kind: MeshSubset + tags: + app.kubernetes.io/name: service-payment +--- +type: MeshTrafficPermission +mesh: default +name: default-demo-app +spec: + targetRef: + kind: MeshSubset + tags: + k8s.kuma.io/service-name: demo-app + from: + - default: + action: Deny + targetRef: + kind: Mesh diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.golden.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides.golden.yaml similarity index 93% rename from pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.golden.yaml rename to pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides.golden.yaml index 2fa868ce2642..9a4020ba910a 100644 --- a/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.golden.yaml +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides.golden.yaml @@ -11,7 +11,7 @@ Rules: - creationTime: "0001-01-01T00:00:00Z" mesh: default modificationTime: "0001-01-01T00:00:00Z" - name: default-demo-app-b + name: default-demo-app-a type: MeshTrafficPermission Subset: - Key: app.kubernetes.io/name @@ -28,7 +28,7 @@ Rules: - creationTime: "0001-01-01T00:00:00Z" mesh: default modificationTime: "0001-01-01T00:00:00Z" - name: default-demo-app-b + name: default-demo-app-a type: MeshTrafficPermission Subset: - Key: app.kubernetes.io/name @@ -45,7 +45,7 @@ Rules: - creationTime: "0001-01-01T00:00:00Z" mesh: default modificationTime: "0001-01-01T00:00:00Z" - name: default-demo-app-b + name: default-demo-app-a type: MeshTrafficPermission Subset: - Key: app.kubernetes.io/name @@ -57,7 +57,7 @@ Rules: - creationTime: "0001-01-01T00:00:00Z" mesh: default modificationTime: "0001-01-01T00:00:00Z" - name: default-demo-app-b + name: default-demo-app type: MeshTrafficPermission Subset: - Key: app.kubernetes.io/name diff --git a/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.input.yaml b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides.input.yaml similarity index 89% rename from pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.input.yaml rename to pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides.input.yaml index 3e8920c1b672..e913b3d0aa1e 100644 --- a/pkg/plugins/policies/core/rules/testdata/rules/from/Pmtp-overrides.input.yaml +++ b/pkg/plugins/policies/core/rules/testdata/rules/from/mtp-overrides.input.yaml @@ -1,7 +1,21 @@ -# Lexicographic ordering of top level targetRef with the same kind +# first policy is most specific it doesn't take precedence #8484 type: MeshTrafficPermission mesh: default name: default-demo-app +spec: + targetRef: + kind: MeshSubset + tags: + k8s.kuma.io/service-name: demo-app + from: + - default: + action: Deny + targetRef: + kind: Mesh +--- +type: MeshTrafficPermission +mesh: default +name: default-demo-app-a spec: targetRef: kind: MeshSubset @@ -26,17 +40,3 @@ spec: kind: MeshSubset tags: app.kubernetes.io/name: service-payment ---- -type: MeshTrafficPermission -mesh: default -name: default-demo-app-b -spec: - targetRef: - kind: MeshSubset - tags: - k8s.kuma.io/service-name: demo-app - from: - - default: - action: Deny - targetRef: - kind: Mesh From b4836660ebbd3561e0d1ff0abf24d02ce31bade0 Mon Sep 17 00:00:00 2001 From: Charly Molter Date: Wed, 29 Nov 2023 12:06:16 +0100 Subject: [PATCH 3/3] fix golangci-lint Signed-off-by: Charly Molter --- pkg/test/ginkgo.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkg/test/ginkgo.go b/pkg/test/ginkgo.go index fef9b6ba9393..6b5104734e0e 100644 --- a/pkg/test/ginkgo.go +++ b/pkg/test/ginkgo.go @@ -65,11 +65,12 @@ func EntriesForFolder(folder string) []ginkgo.TableEntry { for _, f := range files { if !f.IsDir() && strings.HasSuffix(f.Name(), ".input.yaml") { input := path.Join(testDir, f.Name()) - if strings.HasPrefix(f.Name(), "F") { + switch { + case strings.HasPrefix(f.Name(), "F"): entries = append(entries, ginkgo.FEntry(input, input)) - } else if strings.HasPrefix(f.Name(), "P") { + case strings.HasPrefix(f.Name(), "P"): entries = append(entries, ginkgo.PEntry(input, input)) - } else { + default: entries = append(entries, ginkgo.Entry(input, input)) } }