d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/scripts/validation/validate-network-policies.sh

84 lines
2.8 KiB
Bash
Raw Permalink Normal View History

Add Oracle Aggregator and CCIP Integration - Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00
#!/usr/bin/env bash
# Validate Network Policies
# This script validates that Network Policies are correctly applied and working
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
NAMESPACE="${NAMESPACE:-besu-network}"
log_success "Validating Network Policies..."
# Check if Network Policies are applied
log_warn "Checking Network Policies..."
NETWORK_POLICIES=$(kubectl get networkpolicies -n "$NAMESPACE" -o name 2>/dev/null || echo "")
if [ -z "$NETWORK_POLICIES" ]; then
log_error "✗ No Network Policies found in namespace $NAMESPACE"
log_warn "Applying Network Policies..."
kubectl apply -f "$PROJECT_ROOT/k8s/network-policies/default-deny.yaml"
else
log_success "✓ Network Policies found:"
echo "$NETWORK_POLICIES"
fi
# Validate specific policies
log_warn "Validating specific policies..."
# Check default-deny policy
if kubectl get networkpolicy default-deny-all -n "$NAMESPACE" &>/dev/null; then
log_success "✓ default-deny-all policy exists"
else
log_error "✗ default-deny-all policy not found"
exit 1
fi
# Check validator policy
if kubectl get networkpolicy allow-validator-internal -n "$NAMESPACE" &>/dev/null; then
log_success "✓ allow-validator-internal policy exists"
else
log_error "✗ allow-validator-internal policy not found"
exit 1
fi
# Check sentry policy
if kubectl get networkpolicy allow-sentry-p2p -n "$NAMESPACE" &>/dev/null; then
log_success "✓ allow-sentry-p2p policy exists"
else
log_error "✗ allow-sentry-p2p policy not found"
exit 1
fi
# Check RPC policy
if kubectl get networkpolicy allow-rpc-http -n "$NAMESPACE" &>/dev/null; then
log_success "✓ allow-rpc-http policy exists"
else
log_error "✗ allow-rpc-http policy not found"
exit 1
fi
# Test pod-to-pod communication (if pods are running)
log_warn "Testing pod-to-pod communication..."
VALIDATOR_PODS=$(kubectl get pods -n "$NAMESPACE" -l component=validator -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || echo "")
RPC_PODS=$(kubectl get pods -n "$NAMESPACE" -l component=rpc -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || echo "")
if [ -n "$VALIDATOR_PODS" ] && [ -n "$RPC_PODS" ]; then
log_warn "Testing connectivity from validator to RPC (should be blocked)..."
# This should be blocked by Network Policies
if kubectl exec -n "$NAMESPACE" "$VALIDATOR_PODS" -- nc -zv besu-rpc-0.besu-rpc.besu-network.svc.cluster.local 8545 2>&1 | grep -q "Connection refused\|timeout"; then
log_success "✓ Network Policies are working (connection blocked as expected)"
else
log_warn "⚠ Connection test inconclusive (pods may not be ready)"
fi
else
log_warn "⚠ Pods not ready for connectivity testing"
fi
log_success "Network Policies validation completed"
Reference in New Issue Copy Permalink