Skip to content

Comments

Give precendence to IPBlock field over PodSelector#77

Merged
zeeke merged 2 commits intok8snetworkplumbingwg:masterfrom
zeeke:us/OCPBUGS-45980
Sep 30, 2025
Merged

Give precendence to IPBlock field over PodSelector#77
zeeke merged 2 commits intok8snetworkplumbingwg:masterfrom
zeeke:us/OCPBUGS-45980

Conversation

@zeeke
Copy link
Member

@zeeke zeeke commented Jun 12, 2025

As per API description [1]:

IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be."

if a policy rule has a from/to rule with an IPBlock field,
then the PodSelector and NamespaceSelector fields must be ignored.

[1] https://github.com/k8snetworkplumbingwg/multi-networkpolicy/blob/master/scheme.yml#L88

this PR also contains a refactor around renderIngressFrom and renderEgressTo.

zeeke added 2 commits June 12, 2025 12:04
@zeeke
Refactor renderIngressFrom and renderEgressTo
845f77f 
and split them in multple smaller functions.

Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
@zeeke
Give precendence to IPBlock field over PodSelector
71d037d 
As per API description [1]:
> IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be."

if a policy rule has a from/to rule with an IPBlock field,
then the PodSelector and NamespaceSelector fields must be ignored.

[1] https://github.com/k8snetworkplumbingwg/multi-networkpolicy/blob/master/scheme.yml#L88

Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
@coveralls
Copy link

coveralls commented Jun 12, 2025

Pull Request Test Coverage Report for Build 15607622077

Details

  • 129 of 161 (80.12%) changed or added relevant lines in 1 file are covered.
  • 2 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.1%) to 58.32%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pkg/server/policyrules.go 129 161 80.12%
Files with Coverage Reduction New Missed Lines %
pkg/server/policyrules.go 2 89.39%
Totals Coverage Status
Change from base Build 14706240416: 0.1%
Covered Lines: 1132
Relevant Lines: 1941
💛 - Coveralls

SchSeba
SchSeba approved these changes Sep 30, 2025
View reviewed changes
Copy link
Contributor

@SchSeba SchSeba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zeeke zeeke merged commit 2849ee0 into k8snetworkplumbingwg:master Sep 30, 2025
10 checks passed
@zeeke zeeke mentioned this pull request Oct 30, 2025
Merged
@openshift-merge-robot
Copy link

openshift-merge-robot commented Nov 6, 2025

Fix included in accepted release 4.21.0-0.nightly-2025-11-05-234508

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SchSeba SchSeba SchSeba approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@zeeke @coveralls @openshift-merge-robot @SchSeba