More fixed expected results.

Small fix in printing TCP connections in dot format. Signed-off-by: Tanya <[email protected]>
IBM · May 21, 2024 · 3b30228 · 3b30228
1 parent 7bb7132
commit 3b30228
Show file tree

Hide file tree

Showing 35 changed files with 271 additions and 293 deletions.
diff --git a/nca/FWRules/DotGraph.py b/nca/FWRules/DotGraph.py
@@ -232,9 +232,8 @@ def _set_labels_dict(self):
         # for each label, the short will look like "tcp<port>" if there is a port, or "TCP" if there is no port
         for label in self.labels:
             splitted_label = label.replace('{', '').replace('}', '').split(',')
-            label_type = self.get_val_by_key_from_list(splitted_label, 'protocols')
+            label_type = self.get_val_by_key_from_list(splitted_label, 'protocols') or 'TCP'
             label_port = self.get_val_by_key_from_list(splitted_label, 'dst_ports')
-            assert label == 'All' or label_type
             # a 'dst_ports' can be too long (like 'port0,port1-port2' ) we trim it to the first port:
             if len(label_port) > 6:
                 label_port = label_port.split(',')[0].split('-')[0]

diff --git a/tests/expected_cmdline_output_files/livesim_test_all_dot.dot b/tests/expected_cmdline_output_files/livesim_test_all_dot.dot
@@ -4,7 +4,7 @@ digraph {
 	fontsize=30
 	fontcolor=maroon
 	subgraph cluster_map_explanation {
-	dict_box [label=<<table border="0" cellspacing="0"><tr><td  align="text">Connectivity legend<br align="left" /></td></tr><tr><td align="text" tooltip="All" href="bogus">All     All<br align="left" /></td></tr><tr><td align="text" tooltip="{protocols:TCP,dst_ports:5678,paths:/foo(/*)?}" href="bogus">tcp5678     {protocols:TCP,dst_ports:5678,...<br align="left" /></td></tr><tr><td align="text" tooltip="{protocols:TCP,dst_ports:80,hosts:httpbin.example.com,paths:(/status(/*)?)|(/delay(/*)?)}" href="bogus">tcp80     {protocols:TCP,dst_ports:80,ho...<br align="left" /></td></tr></table>> shape=box]
+	dict_box [label=<<table border="0" cellspacing="0"><tr><td  align="text">Connectivity legend<br align="left" /></td></tr><tr><td align="text" tooltip="All" href="bogus">All     All<br align="left" /></td></tr><tr><td align="text" tooltip="{dst_ports:5678,paths:/foo(/*)?}" href="bogus">tcp5678     {dst_ports:5678,paths:/foo(/*)?}<br align="left" /></td></tr><tr><td align="text" tooltip="{dst_ports:80,hosts:httpbin.example.com,paths:(/status(/*)?)|(/delay(/*)?)}" href="bogus">tcp80     {dst_ports:80,hosts:httpbin.ex...<br align="left" /></td></tr></table>> shape=box]
 	"0.0.0.0/0" [label=<<table border="0" cellspacing="0"><tr><td>0.0.0.0/0</td></tr></table>> shape=box fontcolor=red2 tooltip="IP Block"]
 subgraph cluster_default_namespace{
 	label="default"
@@ -42,8 +42,8 @@ subgraph cluster_kube_system_namespace{
 	"0.0.0.0/0" -> "ingress-controller-ns/ingress-controller-livesim(Pod)"[label="All" labeltooltip="All" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=none]
 	"0.0.0.0/0" -> "istio-system/istio-ingressgateway-livesim(Pod)"[label="All" labeltooltip="All" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=none]
 	"default/deployment-B(Deployment)" -> "default/deployment-A(Deployment)"[label="All" labeltooltip="All" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=normal]
-	"ingress-controller-ns/ingress-controller-livesim(Pod)" -> "default/foo-app(Pod)"[label="tcp5678" labeltooltip="{protocols:TCP,dst_ports:5678,paths:/foo(/*)?}" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=none]
-	"istio-system/istio-ingressgateway-livesim(Pod)" -> "default/httpbin(Deployment)"[label="tcp80" labeltooltip="{protocols:TCP,dst_ports:80,hosts:httpbin.example.com,paths:(/status(/*)?)|(/delay(/*)?)}" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=none]
+	"ingress-controller-ns/ingress-controller-livesim(Pod)" -> "default/foo-app(Pod)"[label="tcp5678" labeltooltip="{dst_ports:5678,paths:/foo(/*)?}" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=none]
+	"istio-system/istio-ingressgateway-livesim(Pod)" -> "default/httpbin(Deployment)"[label="tcp80" labeltooltip="{dst_ports:80,hosts:httpbin.example.com,paths:(/status(/*)?)|(/delay(/*)?)}" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=none]
 	"kube-system/kube-dns-livesim(Pod)" -> "0.0.0.0/0"[label="All" labeltooltip="All" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=normal]
 	"kube-system/kube-dns-livesim(Pod)" -> "default/foo-app(Pod)"[label="All" labeltooltip="All" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=none]
 	"kube-system/kube-dns-livesim(Pod)" -> "default/httpbin(Deployment)"[label="All" labeltooltip="All" color=darkorange4 fontcolor=darkgreen dir=both arrowhead=normal arrowtail=none]

diff --git a/tests/expected_cmdline_output_files/livesim_test_all_txt.txt b/tests/expected_cmdline_output_files/livesim_test_all_txt.txt
@@ -3,8 +3,8 @@ src: 0.0.0.0/0 dst_ns: [default] dst_pods: [!has(dep)] conn: All connections
 src: 0.0.0.0/0 dst_ns: [ingress-controller-ns,istio-system,kube-system] dst_pods: [*] conn: All connections
 src_ns: [default] src_pods: [dep=A] dst_ns: [default] dst_pods: [dep=B] conn: All connections
 src_ns: [default] src_pods: [dep=B] dst_ns: [default] dst_pods: [dep=A] conn: All connections
-src_ns: [ingress-controller-ns] src_pods: [*] dst_ns: [default] dst_pods: [foo-app] conn: {protocols:TCP,dst_ports:5678,paths:/foo(/*)?}
-src_ns: [istio-system] src_pods: [*] dst_ns: [default] dst_pods: [httpbin] conn: {protocols:TCP,dst_ports:80,hosts:httpbin.example.com,paths:(/status(/*)?)|(/delay(/*)?)}
+src_ns: [ingress-controller-ns] src_pods: [*] dst_ns: [default] dst_pods: [foo-app] conn: {dst_ports:5678,paths:/foo(/*)?}
+src_ns: [istio-system] src_pods: [*] dst_ns: [default] dst_pods: [httpbin] conn: {dst_ports:80,hosts:httpbin.example.com,paths:(/status(/*)?)|(/delay(/*)?)}
 src_ns: [kube-system] src_pods: [*] dst: 0.0.0.0/0 conn: All connections
 src_ns: [kube-system] src_pods: [*] dst_ns: [default] dst_pods: [!has(dep)] conn: All connections
 src_ns: [kube-system] src_pods: [*] dst_ns: [ingress-controller-ns,istio-system,kube-system] dst_pods: [*] conn: All connections

diff --git a/...olicies/expected_output/istio-bookinfo-connectivity_test_methods_basic_1_query_output.txt b/...olicies/expected_output/istio-bookinfo-connectivity_test_methods_basic_1_query_output.txt
@@ -1,6 +1,6 @@
 For connections of type TCP, final fw rules for query: connectivity-istio-test-methods-basic-1, config: istio-test-methods-basic-1:
 src_ns: [default] src_pods: [*] dst: 0.0.0.0/0 conn: All connections
-src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=details] conn: {protocols:TCP,dst_ports:80,methods:GET}
+src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=details] conn: {dst_ports:80,methods:GET}
 src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=reviews] conn: All connections
 
 For connections of type non-TCP, final fw rules for query: connectivity-istio-test-methods-basic-1, config: istio-test-methods-basic-1:

diff --git a/...licies/expected_output/istio-bookinfo-connectivity_test_methods_basic_1_query_output.yaml b/...licies/expected_output/istio-bookinfo-connectivity_test_methods_basic_1_query_output.yaml
@@ -4,19 +4,6 @@
   numerical_result: 0
   explanation:
   - TCP_rules:
-    - src_ns:
-      - default
-      src_pods:
-      - app=productpage
-      dst_ns:
-      - default
-      dst_pods:
-      - app=details
-      connection:
-      - protocols: TCP
-        dst_ports:
-        - 80
-        methods: GET
     - src_ns:
       - default
       src_pods:
@@ -35,6 +22,18 @@
       - app=reviews
       connection:
       - All connections
+    - src_ns:
+      - default
+      src_pods:
+      - app=productpage
+      dst_ns:
+      - default
+      dst_pods:
+      - app=details
+      connection:
+      - dst_ports:
+        - 80
+        methods: GET
     non-TCP_rules:
     - src_ip_block:
       - 0.0.0.0/0

diff --git a/...olicies/expected_output/istio-bookinfo-connectivity_test_methods_basic_2_query_output.txt b/...olicies/expected_output/istio-bookinfo-connectivity_test_methods_basic_2_query_output.txt
@@ -1,7 +1,7 @@
 For connections of type TCP, final fw rules for query: connectivity-istio-test-methods-basic-2, config: istio-test-methods-basic-2:
 src_ns: [default] src_pods: [*] dst: 0.0.0.0/0 conn: All connections
-src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=details] conn: {protocols:TCP,methods:all but GET}
-src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=reviews] conn: {protocols:TCP,methods:PUT}
+src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=details] conn: {methods:all but GET}
+src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=reviews] conn: {methods:PUT}
 
 For connections of type non-TCP, final fw rules for query: connectivity-istio-test-methods-basic-2, config: istio-test-methods-basic-2:
 src: 0.0.0.0/0 dst_ns: [default] dst_pods: [*] conn: All connections

diff --git a/...licies/expected_output/istio-bookinfo-connectivity_test_methods_basic_2_query_output.yaml b/...licies/expected_output/istio-bookinfo-connectivity_test_methods_basic_2_query_output.yaml
@@ -7,14 +7,11 @@
     - src_ns:
       - default
       src_pods:
-      - app=productpage
-      dst_ns:
-      - default
-      dst_pods:
-      - app=details
+      - '*'
+      dst_ip_block:
+      - 0.0.0.0/0
       connection:
-      - protocols: TCP
-        methods: all but GET
+      - All connections
     - src_ns:
       - default
       src_pods:
@@ -24,16 +21,17 @@
       dst_pods:
       - app=reviews
       connection:
-      - protocols: TCP
-        methods: PUT
+      - methods: PUT
     - src_ns:
       - default
       src_pods:
-      - '*'
-      dst_ip_block:
-      - 0.0.0.0/0
+      - app=productpage
+      dst_ns:
+      - default
+      dst_pods:
+      - app=details
       connection:
-      - All connections
+      - methods: all but GET
     non-TCP_rules:
     - src_ip_block:
       - 0.0.0.0/0

diff --git a/...olicies/expected_output/istio-bookinfo-connectivity_test_methods_paths_1_query_output.txt b/...olicies/expected_output/istio-bookinfo-connectivity_test_methods_paths_1_query_output.txt
@@ -1,6 +1,6 @@
 For connections of type TCP, final fw rules for query: connectivity-istio-test-methods-paths-1, config: istio-test-methods-paths-1:
 src_ns: [default] src_pods: [*] dst: 0.0.0.0/0 conn: All connections
-src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=details] conn: {protocols:TCP,dst_ports:80,methods:GET,hosts:allowed-host.com,paths:all but /bad/path1, /bad/path3},{protocols:TCP,dst_ports:80,methods:GET,hosts:all but allowed-host.com, disallowed-host.com,paths:/good_path1, /good_path2, /some/path2},{protocols:TCP,dst_ports:80,methods:PUT,hosts:all but disallowed-host.com,paths:/good_path1, /good_path2, /some/path2},{protocols:TCP,dst_ports:80,methods:all but GET, PUT,hosts:allowed-host.com,paths:all but /bad/path1, /bad/path3, /some/path2},{protocols:TCP,dst_ports:90,methods:GET, PUT,hosts:all but disallowed-host.com,paths:/good_path1, /good_path2, /some/path2},{protocols:TCP,dst_ports:100,methods:all but PUT,hosts:allowed-host.com,paths:all but /bad/path1, /bad/path3, /some/path2},{protocols:TCP,dst_ports:100,methods:all but PUT,hosts:all but allowed-host.com,paths:/some/path3},{protocols:TCP,dst_ports:100,methods:PUT,paths:/some/path3},{protocols:TCP,dst_ports:1-79,81-89,91-99,101-65535,methods:all but PUT,hosts:allowed-host.com,paths:all but /bad/path1, /bad/path3, /some/path2}
+src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=details] conn: {dst_ports:80,methods:GET,hosts:allowed-host.com,paths:all but /bad/path1, /bad/path3},{dst_ports:80,methods:GET,hosts:all but allowed-host.com, disallowed-host.com,paths:/good_path1, /good_path2, /some/path2},{dst_ports:80,methods:PUT,hosts:all but disallowed-host.com,paths:/good_path1, /good_path2, /some/path2},{dst_ports:80,methods:all but GET, PUT,hosts:allowed-host.com,paths:all but /bad/path1, /bad/path3, /some/path2},{dst_ports:90,methods:GET, PUT,hosts:all but disallowed-host.com,paths:/good_path1, /good_path2, /some/path2},{dst_ports:100,methods:all but PUT,hosts:allowed-host.com,paths:all but /bad/path1, /bad/path3, /some/path2},{dst_ports:100,methods:all but PUT,hosts:all but allowed-host.com,paths:/some/path3},{dst_ports:100,methods:PUT,paths:/some/path3},{dst_ports:1-79,81-89,91-99,101-65535,methods:all but PUT,hosts:allowed-host.com,paths:all but /bad/path1, /bad/path3, /some/path2}
 
 For connections of type non-TCP, final fw rules for query: connectivity-istio-test-methods-paths-1, config: istio-test-methods-paths-1:
 src: 0.0.0.0/0 dst_ns: [default] dst_pods: [*] conn: All connections

diff --git a/...licies/expected_output/istio-bookinfo-connectivity_test_methods_paths_1_query_output.yaml b/...licies/expected_output/istio-bookinfo-connectivity_test_methods_paths_1_query_output.yaml
@@ -21,55 +21,46 @@
       dst_pods:
       - app=details
       connection:
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 80
         methods: GET
         hosts: allowed-host.com
         paths: all but /bad/path1, /bad/path3
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 80
         methods: GET
         hosts: all but allowed-host.com, disallowed-host.com
         paths: /good_path1, /good_path2, /some/path2
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 80
         methods: PUT
         hosts: all but disallowed-host.com
         paths: /good_path1, /good_path2, /some/path2
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 80
         methods: all but GET, PUT
         hosts: allowed-host.com
         paths: all but /bad/path1, /bad/path3, /some/path2
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 90
         methods: GET, PUT
         hosts: all but disallowed-host.com
         paths: /good_path1, /good_path2, /some/path2
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 100
         methods: all but PUT
         hosts: allowed-host.com
         paths: all but /bad/path1, /bad/path3, /some/path2
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 100
         methods: all but PUT
         hosts: all but allowed-host.com
         paths: /some/path3
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 100
         methods: PUT
         paths: /some/path3
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 1-79
         - 81-89
         - 91-99

diff --git a/...icies/expected_output/istio-bookinfo-connectivity_test_operation_allow_1_query_output.txt b/...icies/expected_output/istio-bookinfo-connectivity_test_operation_allow_1_query_output.txt
@@ -1,6 +1,6 @@
 For connections of type TCP, final fw rules for query: connectivity-istio-test-operation-allow-1, config: istio-test-operation-allow-1:
 src_ns: [default] src_pods: [*] dst: 0.0.0.0/0 conn: All connections
-src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=details] conn: {protocols:TCP,methods:GET,paths:/info*},{protocols:TCP,methods:POST,paths:/data}
+src_ns: [default] src_pods: [app=productpage] dst_ns: [default] dst_pods: [app=details] conn: {methods:GET,paths:/info*},{methods:POST,paths:/data}
 
 For connections of type non-TCP, final fw rules for query: connectivity-istio-test-operation-allow-1, config: istio-test-operation-allow-1:
 src: 0.0.0.0/0 dst_ns: [default] dst_pods: [*] conn: All connections

diff --git a/...cies/expected_output/istio-bookinfo-connectivity_test_operation_allow_1_query_output.yaml b/...cies/expected_output/istio-bookinfo-connectivity_test_operation_allow_1_query_output.yaml
@@ -21,11 +21,9 @@
       dst_pods:
       - app=details
       connection:
-      - protocols: TCP
-        methods: GET
+      - methods: GET
         paths: /info*
-      - protocols: TCP
-        methods: POST
+      - methods: POST
         paths: /data
     non-TCP_rules:
     - src_ip_block:

diff --git a/...licies/expected_output/istio-bookinfo-connectivity_test_operation_deny_1_query_output.txt b/...licies/expected_output/istio-bookinfo-connectivity_test_operation_deny_1_query_output.txt
@@ -1,8 +1,8 @@
 For connections of type TCP, final fw rules for query: connectivity-istio-test-operation-deny-1, config: istio-test-operation-deny-1:
-src: 0.0.0.0/0 dst_ns: [default] dst_pods: [*] conn: {protocols:TCP,methods:all but GET}
+src: 0.0.0.0/0 dst_ns: [default] dst_pods: [*] conn: {methods:all but GET}
 src: 0.0.0.0/0 dst_ns: [default] dst_pods: [app!=details] conn: All connections
 src_ns: [default] src_pods: [*] dst: 0.0.0.0/0 conn: All connections
-src_ns: [default] src_pods: [*] dst_ns: [default] dst_pods: [*] conn: {protocols:TCP,methods:all but GET}
+src_ns: [default] src_pods: [*] dst_ns: [default] dst_pods: [*] conn: {methods:all but GET}
 src_ns: [default] src_pods: [*] dst_ns: [default] dst_pods: [app!=details] conn: All connections
 src_ns: [default] src_pods: [app=details] dst_ns: [default] dst_pods: [*] conn: All connections
 

diff --git a/...icies/expected_output/istio-bookinfo-connectivity_test_operation_deny_1_query_output.yaml b/...icies/expected_output/istio-bookinfo-connectivity_test_operation_deny_1_query_output.yaml
@@ -4,26 +4,6 @@
   numerical_result: 0
   explanation:
   - TCP_rules:
-    - src_ip_block:
-      - 0.0.0.0/0
-      dst_ns:
-      - default
-      dst_pods:
-      - '*'
-      connection:
-      - protocols: TCP
-        methods: all but GET
-    - src_ns:
-      - default
-      src_pods:
-      - '*'
-      dst_ns:
-      - default
-      dst_pods:
-      - '*'
-      connection:
-      - protocols: TCP
-        methods: all but GET
     - src_ip_block:
       - 0.0.0.0/0
       dst_ns:
@@ -60,6 +40,24 @@
       - '*'
       connection:
       - All connections
+    - src_ip_block:
+      - 0.0.0.0/0
+      dst_ns:
+      - default
+      dst_pods:
+      - '*'
+      connection:
+      - methods: all but GET
+    - src_ns:
+      - default
+      src_pods:
+      - '*'
+      dst_ns:
+      - default
+      dst_pods:
+      - '*'
+      connection:
+      - methods: all but GET
     non-TCP_rules:
     - src_ip_block:
       - 0.0.0.0/0

diff --git a/tests/fw_rules_tests/policies/expected_output/istio-test1-scheme_query1_output.txt b/tests/fw_rules_tests/policies/expected_output/istio-test1-scheme_query1_output.txt
@@ -1,11 +1,11 @@
 For connections of type TCP, final fw rules for query: istio-policy1, config: istio-policy1:
 src: 0.0.0.0/0 dst_ns: [default] dst_pods: [app=special_skydive] conn: All connections
 src: 0.0.0.0/0 dst_ns: [kube-system,vendor-system] dst_pods: [*] conn: All connections
-src: 1.2.3.0/24 dst_ns: [default] dst_pods: [*] conn: {protocols:TCP,dst_ports:26257}
+src: 1.2.3.0/24 dst_ns: [default] dst_pods: [*] conn: {dst_ports:26257}
 src_ns: [default,kube-system,vendor-system] src_pods: [*] dst: 0.0.0.0/0 conn: All connections
 src_ns: [default,kube-system,vendor-system] src_pods: [*] dst_ns: [default] dst_pods: [app=special_skydive] conn: All connections
 src_ns: [default,kube-system,vendor-system] src_pods: [*] dst_ns: [kube-system,vendor-system] dst_pods: [*] conn: All connections
-src_ns: [default,vendor-system] src_pods: [*] dst_ns: [default] dst_pods: [*] conn: {protocols:TCP,dst_ports:26257}
+src_ns: [default,vendor-system] src_pods: [*] dst_ns: [default] dst_pods: [*] conn: {dst_ports:26257}
 
 For connections of type non-TCP, final fw rules for query: istio-policy1, config: istio-policy1:
 src: 0.0.0.0/0 dst_ns: [default,kube-system,vendor-system] dst_pods: [*] conn: All connections

diff --git a/tests/fw_rules_tests/policies/expected_output/istio-test1-scheme_query1_output.yaml b/tests/fw_rules_tests/policies/expected_output/istio-test1-scheme_query1_output.yaml
@@ -11,8 +11,7 @@
       dst_pods:
       - '*'
       connection:
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 26257
     - src_ns:
       - default
@@ -24,8 +23,7 @@
       dst_pods:
       - '*'
       connection:
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 26257
     - src_ip_block:
       - 0.0.0.0/0

diff --git a/tests/fw_rules_tests/policies/expected_output/istio-test1-scheme_query2_output.txt b/tests/fw_rules_tests/policies/expected_output/istio-test1-scheme_query2_output.txt
@@ -1,8 +1,8 @@
 For connections of type TCP, final fw rules for query: istio-policy2, config: istio-policy2:
-src: 1.2.3.0/24,2.2.2.2/32 dst_ns: [default] dst_pods: [app=skydive] conn: {protocols:TCP,dst_ports:30,50}
+src: 1.2.3.0/24,2.2.2.2/32 dst_ns: [default] dst_pods: [app=skydive] conn: {dst_ports:30,50}
 src_ns: [default,kube-system,vendor-system] src_pods: [*] dst: 0.0.0.0/0 conn: All connections
-src_ns: [default,kube-system] src_pods: [*] dst_ns: [default] dst_pods: [app=skydive] conn: {protocols:TCP,dst_ports:30,50}
-src_ns: [default] src_pods: [app=special_skydive] dst_ns: [default] dst_pods: [*] conn: {protocols:TCP,dst_ports:30,50}
+src_ns: [default,kube-system] src_pods: [*] dst_ns: [default] dst_pods: [app=skydive] conn: {dst_ports:30,50}
+src_ns: [default] src_pods: [app=special_skydive] dst_ns: [default] dst_pods: [*] conn: {dst_ports:30,50}
 
 For connections of type non-TCP, final fw rules for query: istio-policy2, config: istio-policy2:
 src: 0.0.0.0/0 dst_ns: [default,kube-system,vendor-system] dst_pods: [*] conn: All connections

diff --git a/tests/fw_rules_tests/policies/expected_output/istio-test1-scheme_query2_output.yaml b/tests/fw_rules_tests/policies/expected_output/istio-test1-scheme_query2_output.yaml
@@ -12,8 +12,7 @@
       dst_pods:
       - app=skydive
       connection:
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 30
         - 50
     - src_ns:
@@ -26,8 +25,7 @@
       dst_pods:
       - app=skydive
       connection:
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 30
         - 50
     - src_ns:
@@ -39,8 +37,7 @@
       dst_pods:
       - '*'
       connection:
-      - protocols: TCP
-        dst_ports:
+      - dst_ports:
         - 30
         - 50
     - src_ns:

diff --git a/.../fw_rules_tests/policies/expected_output/test4-scheme_query_connectivity_map_4_output.csv b/.../fw_rules_tests/policies/expected_output/test4-scheme_query_connectivity_map_4_output.csv
@@ -3,9 +3,9 @@
 "","","0.0.0.0/0","[default,ibm-system-new,kube-system-new-dummy-to-ignore]","[*]","All connections",
 "","[default,ibm-system-new,kube-system-new,kube-system-new-dummy-to-ignore]","[*]","","0.0.0.0/0","All connections",
 "","[default,ibm-system-new,kube-system-new,kube-system-new-dummy-to-ignore]","[*]","[default,ibm-system-new,kube-system-new-dummy-to-ignore]","[*]","All connections",
-"","[default]","[*]","[kube-system-new]","[*]","{protocols:TCP,dst_ports:85-90}",
-"","[ibm-system-new]","[*]","[kube-system-new]","[*]","{protocols:TCP,dst_ports:80-90}",
 "","[kube-system-new-dummy-to-ignore]","[*]","[kube-system-new]","[*]","{protocols:TCP,dst_ports:80-88}",
+"","[ibm-system-new]","[*]","[kube-system-new]","[*]","{protocols:TCP,dst_ports:80-90}",
+"","[default]","[*]","[kube-system-new]","[*]","{protocols:TCP,dst_ports:85-90}",
 
 "query","src_ns","src_pods","dst_ns","dst_pods","connection",
 "connectivity_map_4, config: np3","","","","","",