Attempt at doing access policy tests less flaky

kartverket · Sep 9, 2024 · 948f03b · 948f03b
1 parent eae4bfc
commit 948f03b
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/pkg/resourcegenerator/networkpolicy/dynamic/common.go b/pkg/resourcegenerator/networkpolicy/dynamic/common.go
@@ -8,6 +8,8 @@ import (
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"slices"
+	"strings"
 )
 
 func init() {
@@ -95,6 +97,7 @@ func getEgressRules(accessPolicy *podtypes.AccessPolicy, appNamespace string) []
 }
 
 func getEgressRule(outboundRule podtypes.InternalRule, namespace string) networkingv1.NetworkPolicyEgressRule {
+	slices.SortFunc(outboundRule.Ports, sortNetPolPorts)
 	egressRuleForOutboundRule := networkingv1.NetworkPolicyEgressRule{
 		To: []networkingv1.NetworkPolicyPeer{
 			{
@@ -270,3 +273,21 @@ func getIngressGatewayLabel(isInternal bool) map[string]string {
 		return map[string]string{"app": "istio-ingress-external"}
 	}
 }
+
+var sortNetPolPorts = func(a networkingv1.NetworkPolicyPort, b networkingv1.NetworkPolicyPort) int {
+	switch {
+	case a.Port.Type != b.Port.Type:
+		// different types, can't compare
+		return 0
+	case a.Port.Type == intstr.String && b.Port.Type == intstr.String:
+		// lexicographical order
+		return strings.Compare(a.Port.StrVal, b.Port.StrVal)
+	case a.Port.IntValue() < b.Port.IntValue():
+		return -1
+	case a.Port.IntValue() > b.Port.IntValue():
+		return 1
+	default:
+		// we should never be here ¯\_(ツ)_/¯
+		return 0
+	}
+}