From 948f03bd2d1119700f132427ad89f8be3f7e482f Mon Sep 17 00:00:00 2001
From: Even Holthe <even.holthe@kartverket.no>
Date: Mon, 9 Sep 2024 14:00:19 +0200
Subject: [PATCH] Attempt at doing access policy tests less flaky

---
 .../networkpolicy/dynamic/common.go           | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/pkg/resourcegenerator/networkpolicy/dynamic/common.go b/pkg/resourcegenerator/networkpolicy/dynamic/common.go
index 50f1fe5c..313204a9 100644
--- a/pkg/resourcegenerator/networkpolicy/dynamic/common.go
+++ b/pkg/resourcegenerator/networkpolicy/dynamic/common.go
@@ -8,6 +8,8 @@ import (
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"slices"
+	"strings"
 )
 
 func init() {
@@ -95,6 +97,7 @@ func getEgressRules(accessPolicy *podtypes.AccessPolicy, appNamespace string) []
 }
 
 func getEgressRule(outboundRule podtypes.InternalRule, namespace string) networkingv1.NetworkPolicyEgressRule {
+	slices.SortFunc(outboundRule.Ports, sortNetPolPorts)
 	egressRuleForOutboundRule := networkingv1.NetworkPolicyEgressRule{
 		To: []networkingv1.NetworkPolicyPeer{
 			{
@@ -270,3 +273,21 @@ func getIngressGatewayLabel(isInternal bool) map[string]string {
 		return map[string]string{"app": "istio-ingress-external"}
 	}
 }
+
+var sortNetPolPorts = func(a networkingv1.NetworkPolicyPort, b networkingv1.NetworkPolicyPort) int {
+	switch {
+	case a.Port.Type != b.Port.Type:
+		// different types, can't compare
+		return 0
+	case a.Port.Type == intstr.String && b.Port.Type == intstr.String:
+		// lexicographical order
+		return strings.Compare(a.Port.StrVal, b.Port.StrVal)
+	case a.Port.IntValue() < b.Port.IntValue():
+		return -1
+	case a.Port.IntValue() > b.Port.IntValue():
+		return 1
+	default:
+		// we should never be here ¯\_(ツ)_/¯
+		return 0
+	}
+}