From 3bcc57a708e2fc3304c6544aea052e594f1c8712 Mon Sep 17 00:00:00 2001 From: taimurhafeez Date: Mon, 23 Mar 2026 11:54:04 +0000 Subject: [PATCH 1/3] Updates the manual remediation script for the configure-network-policies-namespaces rule to align with the downstream test implementation --- .../tests/ocp4/e2e-remediation.sh | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh b/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh index a1db721761ee..f1bbdcb7b6aa 100755 --- a/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh +++ b/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh @@ -1,12 +1,4 @@ #!/bin/bash -cat << EOF | oc apply -f - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: e2e-test -EOF -sleep 10 # Deploy a single NetworkPolicy per non control plane namespace for NS in $(oc get namespaces -o json | jq -r '.items[] | select((.metadata.name | startswith("openshift") | not) and (.metadata.name | startswith("kube-") | not) and .metadata.name != "default") | .metadata.name'); do cat << EOF | oc apply -n "$NS" -f - @@ -14,12 +6,11 @@ cat << EOF | oc apply -n "$NS" -f - apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: allow-all-ingress + name: allow-same-namespace spec: - podSelector: {} + podSelector: ingress: - - {} - policyTypes: - - Ingress + - from: + - podSelector: {} EOF done From f1ddb523eff45b83e944d5472295a9ff25b40701 Mon Sep 17 00:00:00 2001 From: taimurhafeez Date: Mon, 23 Mar 2026 12:07:58 +0000 Subject: [PATCH 2/3] reverted back original namespace --- .../tests/ocp4/e2e-remediation.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh b/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh index f1bbdcb7b6aa..27818aeac481 100755 --- a/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh +++ b/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh @@ -1,4 +1,14 @@ #!/bin/bash +# Create a test namespace to ensure we have at least one non-control-plane namespace +cat << EOF | oc apply -f - +--- +apiVersion: v1 +kind: Namespace +metadata: + name: e2e-test +EOF +sleep 10 + # Deploy a single NetworkPolicy per non control plane namespace for NS in $(oc get namespaces -o json | jq -r '.items[] | select((.metadata.name | startswith("openshift") | not) and (.metadata.name | startswith("kube-") | not) and .metadata.name != "default") | .metadata.name'); do cat << EOF | oc apply -n "$NS" -f - From 6c40909f9d596beb7b41799f46c59722688e3551 Mon Sep 17 00:00:00 2001 From: taimurhafeez Date: Mon, 23 Mar 2026 12:10:29 +0000 Subject: [PATCH 3/3] removed uninteded lines added --- .../tests/ocp4/e2e-remediation.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh b/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh index 27818aeac481..def569778ca1 100755 --- a/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh +++ b/applications/openshift/networking/configure_network_policies_namespaces/tests/ocp4/e2e-remediation.sh @@ -1,5 +1,4 @@ #!/bin/bash -# Create a test namespace to ensure we have at least one non-control-plane namespace cat << EOF | oc apply -f - --- apiVersion: v1 @@ -8,7 +7,6 @@ metadata: name: e2e-test EOF sleep 10 - # Deploy a single NetworkPolicy per non control plane namespace for NS in $(oc get namespaces -o json | jq -r '.items[] | select((.metadata.name | startswith("openshift") | not) and (.metadata.name | startswith("kube-") | not) and .metadata.name != "default") | .metadata.name'); do cat << EOF | oc apply -n "$NS" -f -