)]}'
{"elasticsearch/values.yaml":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":699,"context_line":"      enabled: false"},{"line_number":700,"context_line":"      port: 30920"},{"line_number":701,"context_line":""},{"line_number":702,"context_line":"network_policy:"},{"line_number":703,"context_line":"  elasticsearch:"},{"line_number":704,"context_line":"    ingress:"},{"line_number":705,"context_line":"      - {}"},{"line_number":706,"context_line":"    egress:"},{"line_number":707,"context_line":"      - {}"},{"line_number":708,"context_line":""},{"line_number":709,"context_line":"storage:"},{"line_number":710,"context_line":"  enabled: true"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"ffb9cba7_bdcb6951","line":707,"range":{"start_line":702,"start_character":0,"end_line":707,"end_character":10},"updated":"2019-04-23 14:58:26.000000000","message":"This can be removed, as it\u0027s a duplicate key","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"}],"fluent-logging/values.yaml":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":584,"context_line":"      port: 32329"},{"line_number":585,"context_line":""},{"line_number":586,"context_line":"network_policy:"},{"line_number":587,"context_line":"  prometheus-fluentd-exporter:"},{"line_number":588,"context_line":"    ingress:"},{"line_number":589,"context_line":"      - {}"},{"line_number":590,"context_line":"  fluentd:"},{"line_number":591,"context_line":"    ingress:"},{"line_number":592,"context_line":"      - {}"},{"line_number":593,"context_line":""},{"line_number":594,"context_line":"pod:"},{"line_number":595,"context_line":"  security_context:"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"ffb9cba7_9dc22533","line":592,"range":{"start_line":587,"start_character":0,"end_line":592,"end_character":10},"updated":"2019-04-23 14:58:26.000000000","message":"We should add default egress rules here as well","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"}],"helm-toolkit/templates/manifests/_network_policy.tpl":[{"author":{"_account_id":8898,"name":"Chris Wedgwood","email":"cw@f00f.org","username":"anticw"},"change_message_id":"667430e5add5474033842f6d7896fb25544f851e","unresolved":false,"context_lines":[{"line_number":23,"context_line":"    hosts:"},{"line_number":24,"context_line":"      default: kube-dns"},{"line_number":25,"context_line":"    host_fqdn_override:"},{"line_number":26,"context_line":"      default: null"},{"line_number":27,"context_line":"    path:"},{"line_number":28,"context_line":"      default: null"},{"line_number":29,"context_line":"    scheme: http"},{"line_number":30,"context_line":"    port:"}],"source_content_type":"text/x-smarty","patch_set":13,"id":"5fc1f717_81c6a567","line":27,"range":{"start_line":26,"start_character":6,"end_line":27,"end_character":9},"updated":"2019-04-09 22:23:31.000000000","message":"needed?","commit_id":"73ca776e2b9677535e85aa17516dc87d0a2fa621"},{"author":{"_account_id":28849,"name":"Meghan Heisler","email":"mkheisler93@gmail.com","username":"mh783g"},"change_message_id":"c629145af4c70183a6c7bece1e9e549cdd876eb9","unresolved":false,"context_lines":[{"line_number":23,"context_line":"    hosts:"},{"line_number":24,"context_line":"      default: kube-dns"},{"line_number":25,"context_line":"    host_fqdn_override:"},{"line_number":26,"context_line":"      default: null"},{"line_number":27,"context_line":"    path:"},{"line_number":28,"context_line":"      default: null"},{"line_number":29,"context_line":"    scheme: http"},{"line_number":30,"context_line":"    port:"}],"source_content_type":"text/x-smarty","patch_set":13,"id":"3fce034c_185f3b42","line":27,"range":{"start_line":26,"start_character":6,"end_line":27,"end_character":9},"in_reply_to":"5fc1f717_81c6a567","updated":"2019-04-11 19:41:12.000000000","message":"yes, without the path k8s deployment gets stuck trying to set up dns.","commit_id":"73ca776e2b9677535e85aa17516dc87d0a2fa621"}],"prometheus/values.yaml":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":239,"context_line":"      port: 30900"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"network_policy:"},{"line_number":242,"context_line":"  prometheus:"},{"line_number":243,"context_line":"    ingress:"},{"line_number":244,"context_line":"      - {}"},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"secrets:"},{"line_number":247,"context_line":"  tls:"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"ffb9cba7_3d069988","line":244,"range":{"start_line":242,"start_character":0,"end_line":244,"end_character":10},"updated":"2019-04-23 14:58:26.000000000","message":"we should add a default egress rule here as well","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"}],"tools/deployment/network-policy/040-ldap.sh":[{"author":{"_account_id":8898,"name":"Chris Wedgwood","email":"cw@f00f.org","username":"anticw"},"change_message_id":"667430e5add5474033842f6d7896fb25544f851e","unresolved":false,"context_lines":[{"line_number":24,"context_line":"  network_policy: true"},{"line_number":25,"context_line":"network_policy:"},{"line_number":26,"context_line":"  ldap:"},{"line_number":27,"context_line":"    ingress:"},{"line_number":28,"context_line":"      - from:"},{"line_number":29,"context_line":"        - podSelector:"},{"line_number":30,"context_line":"            matchLabels:"},{"line_number":31,"context_line":"              application: ldap"}],"source_content_type":"text/x-sh","patch_set":13,"id":"5fc1f717_01a87589","line":28,"range":{"start_line":27,"start_character":0,"end_line":28,"end_character":13},"updated":"2019-04-09 22:23:31.000000000","message":"here","commit_id":"73ca776e2b9677535e85aa17516dc87d0a2fa621"},{"author":{"_account_id":8898,"name":"Chris Wedgwood","email":"cw@f00f.org","username":"anticw"},"change_message_id":"667430e5add5474033842f6d7896fb25544f851e","unresolved":false,"context_lines":[{"line_number":44,"context_line":"        - podSelector:"},{"line_number":45,"context_line":"            matchLabels:"},{"line_number":46,"context_line":"              application: prometheus"},{"line_number":47,"context_line":"        ports:"},{"line_number":48,"context_line":"        - protocol: TCP"},{"line_number":49,"context_line":"          port: 389"},{"line_number":50,"context_line":"        - protocol: TCP"},{"line_number":51,"context_line":"          port: 80"}],"source_content_type":"text/x-sh","patch_set":13,"id":"5fc1f717_c1958d41","line":48,"range":{"start_line":47,"start_character":0,"end_line":48,"end_character":23},"updated":"2019-04-09 22:23:31.000000000","message":"vs here\n\nmixed indent style\n\n\nk8s output when objects are dumped tends to be:\n\nfoo:\n- bar:","commit_id":"73ca776e2b9677535e85aa17516dc87d0a2fa621"},{"author":{"_account_id":28849,"name":"Meghan Heisler","email":"mkheisler93@gmail.com","username":"mh783g"},"change_message_id":"c629145af4c70183a6c7bece1e9e549cdd876eb9","unresolved":false,"context_lines":[{"line_number":44,"context_line":"        - podSelector:"},{"line_number":45,"context_line":"            matchLabels:"},{"line_number":46,"context_line":"              application: prometheus"},{"line_number":47,"context_line":"        ports:"},{"line_number":48,"context_line":"        - protocol: TCP"},{"line_number":49,"context_line":"          port: 389"},{"line_number":50,"context_line":"        - protocol: TCP"},{"line_number":51,"context_line":"          port: 80"}],"source_content_type":"text/x-sh","patch_set":13,"id":"3fce034c_98300b0a","line":48,"range":{"start_line":47,"start_character":0,"end_line":48,"end_character":23},"in_reply_to":"5fc1f717_c1958d41","updated":"2019-04-11 19:41:12.000000000","message":"all of the mixed indents should be fixed now","commit_id":"73ca776e2b9677535e85aa17516dc87d0a2fa621"}],"tools/deployment/network-policy/045-mariadb.sh":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":58,"context_line":"          - protocol: TCP"},{"line_number":59,"context_line":"            port: 80"},{"line_number":60,"context_line":"    egress:"},{"line_number":61,"context_line":"      - from:"},{"line_number":62,"context_line":"        - podSelector:"},{"line_number":63,"context_line":"            matchLabels:"},{"line_number":64,"context_line":"              application: ingress"}],"source_content_type":"text/x-sh","patch_set":24,"id":"ffb9cba7_7a917799","line":61,"range":{"start_line":61,"start_character":8,"end_line":61,"end_character":12},"updated":"2019-04-23 14:58:26.000000000","message":"This should be \u0027to\u0027.","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"},{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":61,"context_line":"      - from:"},{"line_number":62,"context_line":"        - podSelector:"},{"line_number":63,"context_line":"            matchLabels:"},{"line_number":64,"context_line":"              application: ingress"},{"line_number":65,"context_line":"EOF"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"#NOTE: Deploy command"}],"source_content_type":"text/x-sh","patch_set":24,"id":"ffb9cba7_5ad7d34c","line":64,"range":{"start_line":64,"start_character":27,"end_line":64,"end_character":34},"updated":"2019-04-23 14:58:26.000000000","message":"This should be set to \u0027mariadb\u0027, as the ingress pods deployed as part of the mariadb chart also have the \u0027mariadb\u0027 application label.  We\u0027ll also want to include the relevant ports for the egress policy","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"}],"tools/deployment/network-policy/050-prometheus.sh":[{"author":{"_account_id":8898,"name":"Chris Wedgwood","email":"cw@f00f.org","username":"anticw"},"change_message_id":"667430e5add5474033842f6d7896fb25544f851e","unresolved":false,"context_lines":[{"line_number":57,"context_line":"          port: 80"},{"line_number":58,"context_line":"        - protocol: TCP"},{"line_number":59,"context_line":"          port: 443"},{"line_number":60,"context_line":"    egress:"},{"line_number":61,"context_line":"      - to:"},{"line_number":62,"context_line":"        - podSelector:"},{"line_number":63,"context_line":"            matchLabels:"},{"line_number":64,"context_line":"              application: grafana"},{"line_number":65,"context_line":"        ports:"},{"line_number":66,"context_line":"        - protocol: TCP"},{"line_number":67,"context_line":"          port: 80"},{"line_number":68,"context_line":"        - protocol: TCP"},{"line_number":69,"context_line":"          port: 3000"}],"source_content_type":"text/x-sh","patch_set":13,"id":"5fc1f717_a1964148","line":66,"range":{"start_line":60,"start_character":3,"end_line":66,"end_character":19},"updated":"2019-04-09 22:23:31.000000000","message":"again here","commit_id":"73ca776e2b9677535e85aa17516dc87d0a2fa621"},{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":24,"context_line":"  network_policy: true"},{"line_number":25,"context_line":"network_policy:"},{"line_number":26,"context_line":"  prometheus:"},{"line_number":27,"context_line":"    ingress:"},{"line_number":28,"context_line":"      - from:"},{"line_number":29,"context_line":"        - podSelector:"},{"line_number":30,"context_line":"            matchLabels:"}],"source_content_type":"text/x-sh","patch_set":24,"id":"ffb9cba7_5d302d57","line":27,"range":{"start_line":27,"start_character":4,"end_line":27,"end_character":11},"updated":"2019-04-23 14:58:26.000000000","message":"We\u0027ll want to include egress rule overrides for Prometheus to the various exporters deployed here, namely the mysql, elasticsearch, and kube-state-metrics exporters","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"}],"tools/deployment/network-policy/100-grafana.sh":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":24,"context_line":"  network_policy: true"},{"line_number":25,"context_line":"network_policy:"},{"line_number":26,"context_line":"  grafana:"},{"line_number":27,"context_line":"    ingress:"},{"line_number":28,"context_line":"      - from:"},{"line_number":29,"context_line":"        - podSelector:"},{"line_number":30,"context_line":"            matchLabels:"}],"source_content_type":"text/x-sh","patch_set":24,"id":"ffb9cba7_9d4545b6","line":27,"range":{"start_line":27,"start_character":4,"end_line":27,"end_character":11},"updated":"2019-04-23 14:58:26.000000000","message":"We\u0027ll need egress rules for prometheus (as it\u0027s Grafana\u0027s datasource), ldap, and grafana itself (since the grafana test pod needs to query the grafana API) and the associated ports (should be 80, 389, and 3000 i think)","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"}],"tools/deployment/network-policy/110-nagios.sh":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":24,"context_line":"  network_policy: true"},{"line_number":25,"context_line":"network_policy:"},{"line_number":26,"context_line":"  nagios:"},{"line_number":27,"context_line":"    ingress:"},{"line_number":28,"context_line":"      - from:"},{"line_number":29,"context_line":"        - podSelector:"},{"line_number":30,"context_line":"            matchLabels:"}],"source_content_type":"text/x-sh","patch_set":24,"id":"ffb9cba7_1d1395b7","line":27,"range":{"start_line":27,"start_character":4,"end_line":27,"end_character":11},"updated":"2019-04-23 14:58:26.000000000","message":"The egress rules for Nagios should include Prometheus, Elasticsearch, and LDAP, and the ports associated with them (should just be 80 and 389)","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"}],"tools/deployment/network-policy/120-elasticsearch.sh":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":31,"context_line":"        ports:"},{"line_number":32,"context_line":"          - protocol: TCP"},{"line_number":33,"context_line":"            port: 9108"},{"line_number":34,"context_line":"    egress:"},{"line_number":35,"context_line":"      - {}"},{"line_number":36,"context_line":"  elasticsearch:"},{"line_number":37,"context_line":"    ingress:"},{"line_number":38,"context_line":"      - from:"}],"source_content_type":"text/x-sh","patch_set":24,"id":"ffb9cba7_dd697d25","line":35,"range":{"start_line":34,"start_character":0,"end_line":35,"end_character":10},"updated":"2019-04-23 14:58:26.000000000","message":"We should just need an egress rule for Elasticsearch here and the port required - should be similar to the following:\n    egress:\n      - to:\n        - podSelector:\n            matchLabels:\n              application: elasticsearch\n        ports:\n          - protocol: TCP\n            port: 80\n          - protocol: TCP\n            port: 443","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"},{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40f98c24f767176d5498d9878e0a9b8a5604f2b7","unresolved":false,"context_lines":[{"line_number":34,"context_line":"    egress:"},{"line_number":35,"context_line":"      - {}"},{"line_number":36,"context_line":"  elasticsearch:"},{"line_number":37,"context_line":"    ingress:"},{"line_number":38,"context_line":"      - from:"},{"line_number":39,"context_line":"        - podSelector:"},{"line_number":40,"context_line":"            matchLabels:"}],"source_content_type":"text/x-sh","patch_set":24,"id":"ffb9cba7_3d621940","line":37,"range":{"start_line":37,"start_character":4,"end_line":37,"end_character":11},"updated":"2019-04-23 14:58:26.000000000","message":"We also may need an egress rule for Elasticsearch for things like the helm test pod and ldap","commit_id":"266c715f7c4b92f6dbaa03ed0092640f5260d629"}],"tools/deployment/network-policy/901-test-networkpolicy.sh":[{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"a27b103f4293e54295d3d60ec135b6cdfd2e1a43","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"# Doing positive tests"},{"line_number":60,"context_line":"test_netpol osh-infra grafana dashboard mariadb.osh-infra.svc.cluster.local:3306 success"},{"line_number":61,"context_line":""}],"source_content_type":"text/x-sh","patch_set":11,"id":"5fc1f717_8629458a","line":61,"updated":"2019-04-04 04:19:53.000000000","message":"extra line - with all these new netpol in place - should we not add more tests to this?","commit_id":"7951d660cecf40c7c4205fd1f7a84717d36261b7"},{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"eb4e9c94a99e812839aeefa1809fc9d023bac7bd","unresolved":false,"context_lines":[{"line_number":54,"context_line":"test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail"},{"line_number":55,"context_line":"test_netpol osh-infra mariadb server prometheus.osh-infra.svc.cluster.local fail"},{"line_number":56,"context_line":"test_netpol osh-infra mariadb server openstack-metrics.openstack.svc.cluster.local:9103 fail"},{"line_number":57,"context_line":"test_netpol osh-infra prometheus api mariadb.osh-infra.svc.cluster.local fail"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"# Doing positive tests"},{"line_number":60,"context_line":"test_netpol osh-infra grafana dashboard mariadb.osh-infra.svc.cluster.local:3306 success"}],"source_content_type":"text/x-sh","patch_set":21,"id":"3fce034c_15f1c101","line":57,"range":{"start_line":57,"start_character":0,"end_line":57,"end_character":77},"updated":"2019-04-18 19:01:10.000000000","message":"This patch set looks good, but I agree with Tin\u0027s earlier comment that we could add more testing here, as there are quite a few components being covered in this patch set.","commit_id":"0bc61d3a92f3eb7e852ab067cd73055266b4461b"},{"author":{"_account_id":28849,"name":"Meghan Heisler","email":"mkheisler93@gmail.com","username":"mh783g"},"change_message_id":"614cdebe4d6700a0177bb14d3fa8e61e3462d34f","unresolved":false,"context_lines":[{"line_number":54,"context_line":"test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail"},{"line_number":55,"context_line":"test_netpol osh-infra mariadb server prometheus.osh-infra.svc.cluster.local fail"},{"line_number":56,"context_line":"test_netpol osh-infra mariadb server openstack-metrics.openstack.svc.cluster.local:9103 fail"},{"line_number":57,"context_line":"test_netpol osh-infra prometheus api mariadb.osh-infra.svc.cluster.local fail"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"# Doing positive tests"},{"line_number":60,"context_line":"test_netpol osh-infra grafana dashboard mariadb.osh-infra.svc.cluster.local:3306 success"}],"source_content_type":"text/x-sh","patch_set":21,"id":"3fce034c_1597813c","line":57,"range":{"start_line":57,"start_character":0,"end_line":57,"end_character":77},"in_reply_to":"3fce034c_15f1c101","updated":"2019-04-18 19:16:42.000000000","message":"The majority of the egress work was applied to maria db, which was already a large part of this test which is why I didn\u0027t add much more. Most of the other releases won\u0027t send out egress traffic so I\u0027m not sure if they need to be tested.","commit_id":"0bc61d3a92f3eb7e852ab067cd73055266b4461b"}]}