Skip to content

feat: add TCP and UDP support to remoteProtocol on Allow entries#2641

Merged
chance-coleman merged 13 commits intomainfrom
chance/core-481
May 8, 2026
Merged

feat: add TCP and UDP support to remoteProtocol on Allow entries#2641
chance-coleman merged 13 commits intomainfrom
chance/core-481

Conversation

@chance-coleman
Copy link
Copy Markdown
Contributor

@chance-coleman chance-coleman commented Apr 30, 2026

Description

Extends the remoteProtocol field on the Allow type to accept TCP and UDP
alongside the existing TLS and HTTP values.

  • TCP and UDP now set the transport protocol on generated NetworkPolicy
    ports; TLS and HTTP remain Istio ServiceEntry concerns only
  • Port 15008 (ztunnel HBONE) is no longer injected into UDP-only policies
  • Removes the post-generation protocol mutation in allow-egress-dns.ts
  • Adds validator guards for invalid TCP/UDP combinations (e.g. UDP with
    remoteHost, TCP/UDP without a port, UDP with KubeAPI/KubeNodes/CloudMetadata)
  • Updates CRD schema, generated types, and reference docs
  • Adds unit tests and an e2e UDP NetworkPolicy enforcement test

Related Issue

Fixes Core-481

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Steps to Validate

  • npx vitest run
  • uds run -f tasks/test.yaml e2e-tests

This deploys the test resources (including the new UDP echo server/client pods), runs the full vitest E2E suite, then removes test resources. The two new tests to watch are:

  • UDP NetworkPolicy - DNS allowed, TCP DNS blocked
  • UDP NetworkPolicy - custom allow and deny

Checklist before merging

@chance-coleman chance-coleman self-assigned this Apr 30, 2026
github-actions[bot]
github-actions Bot previously requested changes Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 18 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–324
src/pepr/operator/controllers/network/policies.ts 50–325
src/pepr/operator/controllers/network/policies.ts 49–326

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 11127d467e257783c8df0b08dd743301f6a3f58a6a3b1c023d7434cd004a684b

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: 9bbbc9e58756dd0a683ef57ca9ed27f283173b57ae421351c47f93e01bd3e863

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: 6dc956a141c2e89fad454bf40d89114c9094a8eaa1b55a50a37f72f753c495b6

Tip: Customize your compliance reviews with Lula.

@github-actions github-actions Bot dismissed their stale review May 1, 2026 15:49

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 19 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

@chance-coleman chance-coleman marked this pull request as ready for review May 1, 2026 16:51
@chance-coleman chance-coleman requested a review from a team as a code owner May 1, 2026 16:51
@chance-coleman
Copy link
Copy Markdown
Contributor Author

chance-coleman commented May 1, 2026

@greptileai

@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented May 1, 2026
edited
Loading

Greptile Summary

This PR extends remoteProtocol on the Allow CRD type to accept TCP and UDP alongside the existing TLS/HTTP values. TCP/UDP now stamp the protocol field on generated NetworkPolicy ports, the allowEgressDNS post-generation UDP mutation is replaced with a clean declarative approach, port 15008 (ztunnel HBONE) is skipped for UDP-only policies, and a comprehensive set of validator guards prevents invalid combinations. The implementation is well-structured and thoroughly tested at both the unit and e2e levels.

Confidence Score: 4/5

Safe to merge; all findings are P2 quality-of-life issues with no functional defects in the changed paths.

No P0 or P1 issues found. Three P2 issues: a placeholder TODO issue reference, a missing UDP+CloudMetadata validator test, and a timing-sensitive e2e test that retry:2 partially mitigates. Core logic in the validator, generator, and policy injector is sound and well-covered by unit tests.

test/vitest/network.spec.ts (UDP timing), src/pepr/operator/crd/validators/package-validator.spec.ts (CloudMetadata gap), src/pepr/operator/crd/sources/package/v1alpha1.ts (TODO placeholder).

Important Files Changed

Filename Overview
src/pepr/operator/controllers/network/policies.ts Changed else if to two independent if blocks for ingress/egress 15008 injection; UDP-only port lists now skip injection. Protocol field added to injected 15008 port. Logic is correct.
src/pepr/operator/crd/validators/package-validator.ts Validator correctly expanded: L7 vs L4 protocol separation, UDP+remoteHost denied, UDP+KubeAPI/KubeNodes/CloudMetadata denied, TCP/UDP without port denied. Dedicated remoteHost guard removed but equivalent coverage retained through inverse checks.
src/pepr/operator/controllers/network/generate.ts Clean addition of protocol stamping for TCP/UDP remoteProtocol on NetworkPolicy ports; TLS/HTTP left without protocol (Istio concern only). Port 0 guard improved from falsy to !== undefined.
src/pepr/operator/controllers/network/defaults/allow-egress-dns.ts Post-generation mutation removed; remoteProtocol: UDP now passed into generate() declaratively. Clean simplification.
src/pepr/operator/controllers/istio/egress-ports.ts Defensive throw added for TCP/UDP without ports; validator should prevent this path from being reached in practice. Good defensive programming.
src/pepr/operator/crd/sources/package/v1alpha1.ts TCP/UDP added to remoteProtocol enum. TODO comment uses placeholder #ISSUE instead of a real tracking issue number for the planned L4/L7 field split.
test/vitest/network.spec.ts Two new UDP e2e tests added. DNS test is solid; custom allow/deny test uses a 2500ms timing delay that may be flaky under API latency pressure despite retry:2.
src/pepr/operator/crd/validators/package-validator.spec.ts Comprehensive new validator tests added; UDP+CloudMetadata combination is implemented in the validator but not covered by any test case.
src/test/app-curl.yaml UDP echo server/client deployments added using curlimages/curl with sleep 3600; nc is invoked via execInPod at test time rather than as a container entrypoint.
src/test/app-curl-packages.yaml New UDS Package CRs for UDP echo server/client namespaces correctly use remoteProtocol: UDP with matching port 5000.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Allow entry with remoteProtocol] --> B{Validator}
    B -->|UDP + remoteHost| C[DENY]
    B -->|UDP + KubeAPI/KubeNodes/CloudMetadata| D[DENY]
    B -->|TCP/UDP + no port| E[DENY]
    B -->|TLS/HTTP + no remoteHost| F[DENY]
    B -->|remoteHost/TLS/HTTP + Ingress| G[DENY]
    B -->|valid| H[generate.ts]
    H --> I{remoteProtocol?}
    I -->|TCP| J[ports with protocol: TCP]
    I -->|UDP| K[ports with protocol: UDP]
    I -->|TLS/HTTP/undefined| L[ports without protocol field]
    J --> M[policies.ts]
    K --> M
    L --> M
    M --> N{all ports UDP?}
    N -->|yes| O[skip 15008 injection]
    N -->|no| P[inject port 15008 with protocol: TCP]
    H --> Q{remoteHost set?}
    Q -->|yes + TLS/HTTP/TCP| R[egress-ports.ts → Istio ServiceEntry]
    Q -->|no| S[NetworkPolicy only]
Loading

Comments Outside Diff (2)

  1. src/pepr/operator/crd/sources/package/v1alpha1.ts, line 717-720 (link)

    P2 Placeholder issue reference in TODO comment

    The TODO references #ISSUE rather than a real tracking issue number. If this open design debt isn't linked to an actual issue it is likely to be lost and never acted on before v1.

  2. src/pepr/operator/crd/validators/package-validator.spec.ts, line 844-876 (link)

    P2 Missing test for UDP + CloudMetadata

    The code at package-validator.ts explicitly denies UDP + CloudMetadata alongside KubeAPI and KubeNodes, but the test file only covers UDP + KubeAPI and UDP + KubeNodes. A dedicated case for CloudMetadata would prevent silent regression if the CloudMetadata entry is accidentally dropped from the validator condition.

Reviews (1): Last reviewed commit: "chore: review cleanup" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 1, 2026
View reviewed changes
Comment thread test/vitest/network.spec.ts
@mjnagel
Copy link
Copy Markdown
Contributor

mjnagel commented May 1, 2026

@codex review

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented May 1, 2026

Codex Review: Didn't find any major issues. Breezy!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@github-actions github-actions Bot dismissed their stale review May 1, 2026 18:52

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 19 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

joelmccoy
joelmccoy reviewed May 1, 2026
View reviewed changes
Comment thread src/pepr/operator/crd/sources/package/v1alpha1.ts Outdated
@github-actions github-actions Bot dismissed their stale review May 1, 2026 21:57

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 19 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

mjnagel
mjnagel reviewed May 5, 2026
View reviewed changes
Comment thread docs/how-to-guides/networking/define-network-access.mdx Outdated
Comment thread src/pepr/operator/crd/sources/package/v1alpha1.ts Outdated
Comment thread src/pepr/operator/crd/sources/package/v1alpha1.ts Outdated
Comment thread src/pepr/operator/crd/sources/package/v1alpha1.ts Outdated
Comment thread src/pepr/operator/crd/validators/package-validator.ts Outdated
Comment thread src/pepr/operator/crd/validators/package-validator.ts Outdated
Comment thread test/vitest/network.spec.ts
Comment thread src/test/app-curl-packages.yaml
Comment thread docs/how-to-guides/networking/define-network-access.mdx Outdated
Comment thread docs/how-to-guides/networking/define-network-access.mdx Outdated
@github-actions github-actions Bot dismissed their stale review May 5, 2026 18:33

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 20 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

@github-actions github-actions Bot dismissed their stale review May 5, 2026 18:38

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 21 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

joelmccoy
joelmccoy reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@joelmccoy joelmccoy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly looking good! I found possibly two bugs we want to address? And a couple other small comments for consideration.

Comment thread src/pepr/operator/controllers/istio/egress-ports.ts Outdated
Comment thread src/pepr/operator/controllers/istio/egress-ambient.spec.ts Outdated
Comment thread src/pepr/operator/crd/sources/istio/virtualservice-v1.ts
Comment thread src/pepr/operator/crd/validators/package-validator.spec.ts
Comment thread src/pepr/operator/crd/generated/package-v1alpha1.ts Outdated
@github-actions github-actions Bot dismissed their stale review May 7, 2026 15:21

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 22 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

@github-actions github-actions Bot dismissed their stale review May 7, 2026 15:25

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 22 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

mjnagel
mjnagel reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mjnagel mjnagel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two edge cases I identified while testing a variety of packages - still iterating a bit locally but in both of these cases we are provisioning resources we don't need to for UDP (since authpols are TCP handling only).

Comment thread src/pepr/operator/controllers/istio/egress-ambient.spec.ts
Comment thread src/pepr/operator/controllers/network/policies.ts
@github-actions github-actions Bot dismissed their stale review May 7, 2026 15:33

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 22 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

@github-actions github-actions Bot dismissed their stale review May 7, 2026 16:08

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 25 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/authorizationPolicies.ts 253–466
src/pepr/operator/controllers/network/authorizationPolicies.ts 252–467
src/pepr/operator/controllers/network/authorizationPolicies.ts 251–468

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: e9ab1d7eb328f280c2c0df94e25df2f42ecafd32adfe36c7d591f7325f9966d6

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d5828c8768776057a92f6a65601324c0f252baeacbcaa0da0bb5141f6c9a0794

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: 719d280387251fd6ae4210d6c33fa49998567db0e5f6982dfe1cd56e8c97b003

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

joelmccoy
joelmccoy reviewed May 7, 2026
View reviewed changes
Comment thread src/pepr/operator/controllers/istio/egress-ports.ts Outdated
Comment thread src/pepr/operator/crd/generated/package-v1alpha1.ts Outdated
@github-actions github-actions Bot dismissed their stale review May 7, 2026 17:39

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 25 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/authorizationPolicies.ts 253–466
src/pepr/operator/controllers/network/authorizationPolicies.ts 252–467
src/pepr/operator/controllers/network/authorizationPolicies.ts 251–468

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: e9ab1d7eb328f280c2c0df94e25df2f42ecafd32adfe36c7d591f7325f9966d6

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d5828c8768776057a92f6a65601324c0f252baeacbcaa0da0bb5141f6c9a0794

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: 719d280387251fd6ae4210d6c33fa49998567db0e5f6982dfe1cd56e8c97b003

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

@github-actions github-actions Bot dismissed their stale review May 7, 2026 17:42

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 25 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/authorizationPolicies.ts 253–466
src/pepr/operator/controllers/network/authorizationPolicies.ts 252–467
src/pepr/operator/controllers/network/authorizationPolicies.ts 251–468

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: e9ab1d7eb328f280c2c0df94e25df2f42ecafd32adfe36c7d591f7325f9966d6

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d5828c8768776057a92f6a65601324c0f252baeacbcaa0da0bb5141f6c9a0794

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: 719d280387251fd6ae4210d6c33fa49998567db0e5f6982dfe1cd56e8c97b003

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–326
src/pepr/operator/controllers/network/policies.ts 50–327
src/pepr/operator/controllers/network/policies.ts 49–328

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: 2fa9c2bb37e7214fb810536d08c23a9623b0278b1a83ba3ff0f35a37733435a4

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: d57629b263d33bdc4bafc295133cb6d2b29da6e8a1eac3597f6ecbc007694c73

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: adb86ee538a40632650126eb8fc37a8720a881256840013d549067dfbbd30bdf

Tip: Customize your compliance reviews with Lula.

mjnagel
mjnagel previously approved these changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mjnagel mjnagel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall - I had a few final nits reviewing the diffs but everything seemed to function as expected in testing.

Comment thread src/pepr/operator/controllers/network/authorizationPolicies.ts Outdated
Comment thread src/pepr/operator/controllers/network/generate.ts Outdated
Comment thread src/pepr/operator/controllers/network/generate.ts Outdated
Comment thread src/pepr/operator/controllers/network/policies.ts Outdated
@github-actions github-actions Bot dismissed their stale review May 8, 2026 13:25

Superseded by a new Lula compliance review.

github-actions[bot]
github-actions Bot previously requested changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lula Compliance Overview

Please review the changes to ensure they meet compliance standards.

Reviewed Changes

Lula reviewed 25 files changed that affect compliance.

File Lines Changed
src/pepr/operator/controllers/network/authorizationPolicies.ts 253–466
src/pepr/operator/controllers/network/authorizationPolicies.ts 252–467
src/pepr/operator/controllers/network/authorizationPolicies.ts 251–468

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: e2bce28b251739d908189693e42467e04a0eb7fc45a9915520e4010cf1302206

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: 4b591059c53d90625c0db79a89836f5826920b9f9abd991c2d8eeda0d88f5370

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: 1b073b3c295aa5c3d104627fe8af24f6f1986adb797e4b6a778607c046b634c8

File Lines Changed
src/pepr/operator/controllers/network/policies.ts 51–324
src/pepr/operator/controllers/network/policies.ts 50–325
src/pepr/operator/controllers/network/policies.ts 49–326

UUID: a9d420a8-1ad2-479f-a438-aa4ca0f57473
sha256: cc965b2b6a25d8f9685b9de987bf95b24963454ca342f92810e06147d590cd35

UUID: cd540e07-153b-424c-90e0-c0daec56b18f
sha256: 482082adba4f947f8440c61f2f89de991e8ca850e52e318de6522b02b9edc4cd

UUID: cd540e07-153b-424c-90e0-c0daec56b16a
sha256: 36ecc66c56480f9387d67030ebb23a8f27e77cc24f4833b2edffe949538b1e32

Tip: Customize your compliance reviews with Lula.

joelmccoy
joelmccoy approved these changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@joelmccoy joelmccoy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - validated the edge cases we identified locally and things seem to working great

@chance-coleman chance-coleman dismissed github-actions[bot]’s stale review May 8, 2026 17:15

unrelated to lula compliance

@chance-coleman chance-coleman merged commit ea32261 into main May 8, 2026
65 of 77 checks passed
@chance-coleman chance-coleman deleted the chance/core-481 branch May 8, 2026 17:15
@github-actions github-actions Bot mentioned this pull request May 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@joelmccoy joelmccoy joelmccoy approved these changes

@mjnagel mjnagel mjnagel approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

@chance-coleman chance-coleman

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chance-coleman @mjnagel @joelmccoy