Azure NPM UT Test Refactor (#467)

* add policy yamls for test scenarios

* fix policy names

* fix jump entry

Author: matmerr

npm/testpolicies/allow-all-from-app-backend.yaml

@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Egress
+  podSelector:
+    matchLabels:
+      app: "backend"
+  egress:
+    - {}

npm/testpolicies/allow-all-ns-to-frontend.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - from:
+        - namespaceSelector: {}

npm/testpolicies/allow-all-to-app-frontend.yaml

@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-to-app-frontend
+  namespace: testnamespace
+spec:
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - {}
+  policyTypes:
+    - Ingress

npm/testpolicies/allow-app-backend-to-app-frontend-port-8000.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-backend-to-frontend-on-port-8000-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: frontend
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: backend
+      ports:
+        - port: 8000

npm/testpolicies/allow-app-frontend-tcp-port-or-udp-port-53.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-backend-to-frontend-on-port-53-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Egress
+  podSelector:
+    matchLabels:
+      app: frontend
+  egress:
+    - ports:
+        - protocol: TCP
+          port: 53
+        - protocol: UDP
+          port: 53
+    - to:
+        - namespaceSelector: {}

npm/testpolicies/allow-backend-to-frontend.yaml

@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  podSelector:
+    matchLabels:
+      app: "backend"
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: frontend
+  policyTypes:
+    - Ingress

npm/testpolicies/allow-internal-and-external.yaml

@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-backdoor-policy
+  namespace: dangerous
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "backdoor"
+  ingress:
+    - from: []

npm/testpolicies/allow-multiple-labels-to-multiple-labels.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-multiple-labels-to-multiple-labels
+  namespace: acn
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: k8s
+      team: aks
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              program: cni
+              team: acn
+        - podSelector:
+            matchLabels:
+              binary: cns
+              group: container

npm/testpolicies/allow-ns-dev-and-app-backend-to-app-frontend.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: backend
+          namespaceSelector:
+            matchLabels:
+              ns: dev

npm/testpolicies/allow-ns-dev-to-app-frontend.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ns-dev-to-app-frontend
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              namespace: "dev"
+            matchExpressions:
+              - key: namespace
+                operator: NotIn
+                values:
+                  - test0
+                  - test1