Fix NetworkPolicy engresses not having node/pod selectors displayed (#4467)

src/common/k8s-api/endpoints/daemon-set.api.ts

@@ -27,6 +27,7 @@ import { metricsApi } from "./metrics.api";
 import type { KubeJsonApiData } from "../kube-json-api";
 import type { IPodContainer, IPodMetrics } from "./pods.api";
 import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
+import type { LabelSelector } from "../kube-object";
 
 export class DaemonSet extends WorkloadKubeObject {
   static kind = "DaemonSet";
@@ -39,11 +40,7 @@ export class DaemonSet extends WorkloadKubeObject {
   }
 
   declare spec: {
-    selector: {
+    selector: LabelSelector;
-      matchLabels: {
-        [name: string]: string;
-      };
-    };
     template: {
       metadata: {
         creationTimestamp?: string;

src/common/k8s-api/endpoints/deployment.api.ts

@@ -28,6 +28,7 @@ import { metricsApi } from "./metrics.api";
 import type { IPodMetrics } from "./pods.api";
 import type { KubeJsonApiData } from "../kube-json-api";
 import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
+import type { LabelSelector } from "../kube-object";
 
 export class DeploymentApi extends KubeApi<Deployment> {
   protected getScaleApiUrl(params: { namespace: string; name: string }) {
@@ -122,7 +123,7 @@ export class Deployment extends WorkloadKubeObject {
 
   declare spec: {
     replicas: number;
-    selector: { matchLabels: { [app: string]: string }};
+    selector: LabelSelector;
     template: {
       metadata: {
         creationTimestamp?: string;

src/common/k8s-api/endpoints/job.api.ts

@@ -27,6 +27,7 @@ import { metricsApi } from "./metrics.api";
 import type { KubeJsonApiData } from "../kube-json-api";
 import type { IPodContainer, IPodMetrics } from "./pods.api";
 import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
+import type { LabelSelector } from "../kube-object";
 
 export class Job extends WorkloadKubeObject {
   static kind = "Job";
@@ -42,11 +43,7 @@ export class Job extends WorkloadKubeObject {
     parallelism?: number;
     completions?: number;
     backoffLimit?: number;
-    selector?: {
+    selector?: LabelSelector;
-      matchLabels: {
-        [name: string]: string;
-      };
-    };
     template: {
       metadata: {
         creationTimestamp?: string;

src/common/k8s-api/endpoints/network-policy.api.ts

@@ -19,7 +19,7 @@
  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
 
-import { KubeObject } from "../kube-object";
+import { KubeObject, LabelSelector } from "../kube-object";
 import { autoBind } from "../../utils";
 import { KubeApi } from "../kube-api";
 import type { KubeJsonApiData } from "../kube-json-api";
@@ -30,46 +30,94 @@ export interface IPolicyIpBlock {
   except?: string[];
 }
 
-export interface IPolicySelector {
+/**
-  matchLabels: {
+ * @deprecated Use `LabelSelector` instead
-    [label: string]: string;
+ */
-  };
+export type IPolicySelector = LabelSelector;
+
+export interface NetworkPolicyPort {
+  /**
+   * The protocol which network traffic must match.
+   *
+   * One of:
+   * - `"TCP"`
+   * - `"UDP"`
+   * - `"SCTP"`
+   *
+   * @default "TCP"
+   */
+  protocol?: string;
+
+  /**
+   * The port on the given protocol. This can either be a numerical or named
+   * port on a pod. If this field is not provided, this matches all port names and
+   * numbers.
+   *
+   * If present, only traffic on the specified protocol AND port will be matched.
+   */
+  port?: number | string;
+
+  /**
+   * If set, indicates that the range of ports from port to endPort, inclusive,
+   * should be allowed by the policy. This field cannot be defined if the port field
+   * is not defined or if the port field is defined as a named (string) port.
+   *
+   * The endPort must be equal or greater than port.
+   */
+  endPort?: number;
+}
+
+export interface NetworkPolicyPeer {
+  /**
+   * IPBlock defines policy on a particular IPBlock. If this field is set then
+   * neither of the other fields can be.
+   */
+  ipBlock?: IPolicyIpBlock;
+
+  /**
+   * Selects Namespaces using cluster-scoped labels. This field follows standard label
+   * selector semantics; if present but empty, it selects all namespaces.
+   *
+   * If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
+   * the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
+   *
+   * Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
+   */
+  namespaceSelector?: LabelSelector;
+
+  /**
+   * This is a label selector which selects Pods. This field follows standard label
+   * selector semantics; if present but empty, it selects all pods.
+   *
+   * If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
+   * the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
+   *
+   * Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
+   */
+  podSelector?: LabelSelector;
 }
 
 export interface IPolicyIngress {
-  from: {
+  from?: NetworkPolicyPeer[];
-    ipBlock?: IPolicyIpBlock;
+  ports?: NetworkPolicyPort[];
-    namespaceSelector?: IPolicySelector;
-    podSelector?: IPolicySelector;
-  }[];
-  ports: {
-    protocol: string;
-    port: number;
-  }[];
 }
 
 export interface IPolicyEgress {
-  to: {
+  to?: NetworkPolicyPeer[];
-    ipBlock: IPolicyIpBlock;
+  ports?: NetworkPolicyPort[];
-  }[];
+}
-  ports: {
+
-    protocol: string;
+export type PolicyType = "Ingress" | "Egress";
-    port: number;
+
-  }[];
+export interface NetworkPolicySpec {
+  podSelector: LabelSelector;
+  policyTypes?: PolicyType[];
+  ingress?: IPolicyIngress[];
+  egress?: IPolicyEgress[];
 }
 
 export interface NetworkPolicy {
-  spec: {
+  spec: NetworkPolicySpec;
-    podSelector: {
-      matchLabels: {
-        [label: string]: string;
-        role: string;
-      };
-    };
-    policyTypes: string[];
-    ingress: IPolicyIngress[];
-    egress: IPolicyEgress[];
-  };
 }
 
 export class NetworkPolicy extends KubeObject {

src/common/k8s-api/endpoints/persistent-volume-claims.api.ts

@@ -19,7 +19,7 @@
  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
 
-import { KubeObject } from "../kube-object";
+import { KubeObject, LabelSelector } from "../kube-object";
 import { autoBind } from "../../utils";
 import { IMetrics, metricsApi } from "./metrics.api";
 import type { Pod } from "./pods.api";
@@ -51,16 +51,7 @@ export interface PersistentVolumeClaim {
   spec: {
     accessModes: string[];
     storageClassName: string;
-    selector: {
+    selector: LabelSelector;
-      matchLabels: {
-        release: string;
-      };
-      matchExpressions: {
-        key: string; // environment,
-        operator: string; // In,
-        values: string[]; // [dev]
-      }[];
-    };
     resources: {
       requests: {
         storage: string; // 8Gi

src/common/k8s-api/endpoints/poddisruptionbudget.api.ts

@@ -20,7 +20,7 @@
  */
 
 import { autoBind } from "../../utils";
-import { KubeObject } from "../kube-object";
+import { KubeObject, LabelSelector } from "../kube-object";
 import { KubeApi } from "../kube-api";
 import type { KubeJsonApiData } from "../kube-json-api";
 import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
@@ -29,7 +29,7 @@ export interface PodDisruptionBudget {
   spec: {
     minAvailable: string;
     maxUnavailable: string;
-    selector: { matchLabels: { [app: string]: string }};
+    selector: LabelSelector;
   };
   status: {
     currentHealthy: number

src/common/k8s-api/endpoints/replica-set.api.ts

@@ -27,6 +27,7 @@ import { metricsApi } from "./metrics.api";
 import type { IPodContainer, IPodMetrics, Pod } from "./pods.api";
 import type { KubeJsonApiData } from "../kube-json-api";
 import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
+import type { LabelSelector } from "../kube-object";
 
 export class ReplicaSetApi extends KubeApi<ReplicaSet> {
   protected getScaleApiUrl(params: { namespace: string; name: string }) {
@@ -78,7 +79,7 @@ export class ReplicaSet extends WorkloadKubeObject {
 
   declare spec: {
     replicas?: number;
-    selector: { matchLabels: { [app: string]: string }};
+    selector: LabelSelector;
     template?: {
       metadata: {
         labels: {

src/common/k8s-api/endpoints/stateful-set.api.ts

@@ -26,6 +26,7 @@ import { metricsApi } from "./metrics.api";
 import type { IPodMetrics } from "./pods.api";
 import type { KubeJsonApiData } from "../kube-json-api";
 import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
+import type { LabelSelector } from "../kube-object";
 
 export class StatefulSetApi extends KubeApi<StatefulSet> {
   protected getScaleApiUrl(params: { namespace: string; name: string }) {
@@ -82,11 +83,7 @@ export class StatefulSet extends WorkloadKubeObject {
   declare spec: {
     serviceName: string;
     replicas: number;
-    selector: {
+    selector: LabelSelector;
-      matchLabels: {
-        [key: string]: string;
-      };
-    };
     template: {
       metadata: {
         labels: {

src/common/k8s-api/kube-object.ts

@@ -104,6 +104,34 @@ export class KubeCreationError extends Error {
   }
 }
 
+export type LabelMatchExpression = {
+  /**
+   * The label key that the selector applies to.
+   */
+  key: string;
+} & (
+  {
+    /**
+     * This represents the key's relationship to a set of values.
+     */
+    operator: "Exists" | "DoesNotExist";
+    values?: undefined;
+  }
+  |
+  {
+    operator: "In" | "NotIn";
+    /**
+     * The set of values for to match according to the operator for the label.
+     */
+    values: string[];
+  }
+);
+
+export interface LabelSelector {
+  matchLabels?: Record<string, string | undefined>;
+  matchExpressions?: LabelMatchExpression[];
+}
+
 export class KubeObject<Metadata extends KubeObjectMetadata = KubeObjectMetadata, Status = any, Spec = any> implements ItemObject {
   static readonly kind?: string;
   static readonly namespaced?: boolean;

src/renderer/components/+network-policies/__tests__/network-policy-details.test.tsx

@@ -0,0 +1,56 @@
+/**
+ * Copyright (c) 2021 OpenLens Authors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+import React from "react";
+import { findByTestId, findByText, render } from "@testing-library/react";
+import { NetworkPolicy, NetworkPolicySpec } from "../../../../common/k8s-api/endpoints";
+import { NetworkPolicyDetails } from "../network-policy-details";
+
+jest.mock("../../kube-object-meta");
+
+describe("NetworkPolicyDetails", () => {
+  it("should render w/o errors", () => {
+    const policy = new NetworkPolicy({ metadata: {} as any, spec: {}} as any);
+    const { container } = render(<NetworkPolicyDetails object={policy} />);
+
+    expect(container).toBeInstanceOf(HTMLElement);
+  });
+
+  it("should render egress nodeSelector", async () => {
+    const spec: NetworkPolicySpec = {
+      egress: [{
+        to: [{
+          namespaceSelector: {
+            matchLabels: {
+              foo: "bar",
+            },
+          },
+        }],
+      }],
+      podSelector: {},
+    };
+    const policy = new NetworkPolicy({ metadata: {} as any, spec } as any);
+    const { container } = render(<NetworkPolicyDetails object={policy} />);
+
+    expect(await findByTestId(container, "egress-0")).toBeInstanceOf(HTMLElement);
+    expect(await findByText(container, "foo: bar")).toBeInstanceOf(HTMLElement);
+  });
+});

src/renderer/components/+network-policies/network-policy-details.module.css

@@ -20,7 +20,13 @@
  */
 
 .NetworkPolicyDetails {
-  .SubTitle {
+  .networkPolicyPeerTitle {
     text-transform: none
   }
+
+  .networkPolicyPeer {
+    &:not(:last-of-type) {
+      padding-bottom: 16px;
+    }
+  }
 }

src/renderer/components/+network-policies/network-policy-details.tsx

@@ -19,12 +19,11 @@
  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
 
-import "./network-policy-details.scss";
+import styles from "./network-policy-details.module.css";
 
-import get from "lodash/get";
+import React from "react";
-import React, { Fragment } from "react";
 import { DrawerItem, DrawerTitle } from "../drawer";
-import { IPolicyEgress, IPolicyIngress, IPolicyIpBlock, IPolicySelector, NetworkPolicy } from "../../../common/k8s-api/endpoints/network-policy.api";
+import { IPolicyIpBlock, IPolicySelector, NetworkPolicy, NetworkPolicyPeer, NetworkPolicyPort } from "../../../common/k8s-api/endpoints/network-policy.api";
 import { Badge } from "../badge";
 import { SubTitle } from "../layout/sub-title";
 import { observer } from "mobx-react";
@@ -37,79 +36,85 @@ interface Props extends KubeObjectDetailsProps<NetworkPolicy> {
 
 @observer
 export class NetworkPolicyDetails extends React.Component<Props> {
-  renderIngressFrom(ingress: IPolicyIngress) {
+  renderIPolicyIpBlock(ipBlock: IPolicyIpBlock | undefined) {
-    const { from } = ingress;
+    if (!ipBlock) {
-
+      return null;
-    if (!from) return null;
-
-    return (
-      <>
-        <SubTitle title="From"/>
-        {from.map(item =>
-          Object.keys(item).map(key => {
-            const data = get(item, key);
-
-            if (key === "ipBlock") {
-              const { cidr, except } = data as IPolicyIpBlock;
-
-              if (!cidr) return null;
-
-              return (
-                <DrawerItem name={key} key={key}>
-                  cidr: {cidr}, {" "}
-                  {except &&
-                  `except: ${except.join(", ")}`
     }
+
+    const { cidr, except = [] } = ipBlock;
+
+    if (!cidr) {
+      return null;
+    }
+
+    const items = [`cidr: ${cidr}`];
+
+    if (except.length > 0) {
+      items.push(`except: ${except.join(", ")}`);
+    }
+
+    return (
+      <DrawerItem name="ipBlock">
+        {items.join(", ")}
       </DrawerItem>
     );
   }
-            const selector: IPolicySelector = data;
 
-            if (selector.matchLabels) {
+  renderIPolicySelector(name: string, selector: IPolicySelector | undefined) {
+    if (!selector) {
+      return null;
+    }
+
     return (
-                <DrawerItem name={key} key={key}>
+      <DrawerItem name={name}>
         {
           Object
             .entries(selector.matchLabels)
             .map(data => data.join(": "))
             .join(", ")
+          || "(empty)"
         }
       </DrawerItem>
     );
   }
-            else {
-              return (<DrawerItem name={key} key={key}>(empty)</DrawerItem>);
-            }
-          }),
-        )}
-      </>
-    );
-  }
 
-  renderEgressTo(egress: IPolicyEgress) {
+  renderNetworkPolicyPeers(name: string, peers: NetworkPolicyPeer[] | undefined) {
-    const { to } = egress;
+    if (!peers) {
-
+      return null;
-    if (!to) return null;
+    }
 
     return (
       <>
-        <SubTitle title="To"/>
+        <SubTitle className={styles.networkPolicyPeerTitle} title={name}/>
-        {to.map(item => {
+        {
-          const { ipBlock: { cidr, except } = {}} = item;
+          peers.map((peer, index) => (
+            <div key={index} className={styles.networkPolicyPeer}>
+              {this.renderIPolicyIpBlock(peer.ipBlock)}
+              {this.renderIPolicySelector("namespaceSelector", peer.namespaceSelector)}
+              {this.renderIPolicySelector("podSelector", peer.podSelector)}
+            </div>
+          ))
+        }
+      </>
+    );
+  }
 
-          if (!cidr) return null;
+  renderNetworkPolicyPorts(ports: NetworkPolicyPort[] | undefined) {
+    if (!ports) {
+      return null;
+    }
 
     return (
-            <DrawerItem name="ipBlock" key={cidr}>
+      <DrawerItem name="Ports">
-              cidr: {cidr}, {" "}
+        <ul>
-              {except &&
+          {ports.map(({ protocol = "TCP", port = "<all>", endPort }, index) => (
-              `except: ${except.join(", ")}`
+            <li key={index}>
-              }
+              {protocol}:{port}{typeof endPort === "number" && `:${endPort}`}
+            </li>
+          ))}
+        </ul>
       </DrawerItem>
     );
-        })}
-      </>
-    );
   }
 
   render() {
@@ -129,49 +134,38 @@ export class NetworkPolicyDetails extends React.Component<Props> {
     const selector = policy.getMatchLabels();
 
     return (
-      <div className="NetworkPolicyDetails">
+      <div className={styles.NetworkPolicyDetails}>
         <KubeObjectMeta object={policy}/>
 
         <DrawerItem name="Pod Selector" labelsOnly={selector.length > 0}>
-          {selector.length > 0 ?
+          {
-            policy.getMatchLabels().map(label => <Badge key={label} label={label}/>) :
+            selector.length > 0
-            `(empty) (Allowing the specific traffic to all pods in this namespace)`
+              ? policy.getMatchLabels().map(label => <Badge key={label} label={label}/>)
+              : `(empty) (Allowing the specific traffic to all pods in this namespace)`
           }
         </DrawerItem>
 
         {ingress && (
           <>
             <DrawerTitle title="Ingress"/>
-            {ingress.map((ingress, i) => {
+            {ingress.map((ingress, i) => (
-              const { ports } = ingress;
+              <div key={i} data-testid={`ingress-${i}`}>
-
+                {this.renderNetworkPolicyPorts(ingress.ports)}
-              return (
+                {this.renderNetworkPolicyPeers("From", ingress.from)}
-                <Fragment key={i}>
+              </div>
-                  <DrawerItem name="Ports">
+            ))}
-                    {ports && ports.map(({ port, protocol }) => `${protocol || ""}:${port || ""}`).join(", ")}
-                  </DrawerItem>
-                  {this.renderIngressFrom(ingress)}
-                </Fragment>
-              );
-            })}
           </>
         )}
 
         {egress && (
           <>
             <DrawerTitle title="Egress"/>
-            {egress.map((egress, i) => {
+            {egress.map((egress, i) => (
-              const { ports } = egress;
+              <div key={i} data-testid={`egress-${i}`}>
-
+                {this.renderNetworkPolicyPorts(egress.ports)}
-              return (
+                {this.renderNetworkPolicyPeers("To", egress.to)}
-                <Fragment key={i}>
+              </div>
-                  <DrawerItem name="Ports">
+            ))}
-                    {ports && ports.map(({ port, protocol }) => `${protocol || ""}:${port || ""}`).join(", ")}
-                  </DrawerItem>
-                  {this.renderEgressTo(egress)}
-                </Fragment>
-              );
-            })}
           </>
         )}
       </div>