Add EgressRule to NetworkPolicy

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>

pkg/apis/networking/validation/validation.go

@@ -81,6 +81,48 @@ func ValidateNetworkPolicySpec(spec *networking.NetworkPolicySpec, fldPath *fiel
 			}
 		}
 	}
+	// Validate egress rules
+	for i, egress := range spec.Egress {
+		egressPath := fldPath.Child("egress").Index(i)
+		for i, port := range egress.Ports {
+			portPath := egressPath.Child("ports").Index(i)
+			if port.Protocol != nil && *port.Protocol != api.ProtocolTCP && *port.Protocol != api.ProtocolUDP {
+				allErrs = append(allErrs, field.NotSupported(portPath.Child("protocol"), *port.Protocol, []string{string(api.ProtocolTCP), string(api.ProtocolUDP)}))
+			}
+			if port.Port != nil {
+				if port.Port.Type == intstr.Int {
+					for _, msg := range validation.IsValidPortNum(int(port.Port.IntVal)) {
+						allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.IntVal, msg))
+					}
+				} else {
+					for _, msg := range validation.IsValidPortName(port.Port.StrVal) {
+						allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.StrVal, msg))
+					}
+				}
+			}
+		}
+		for i, to := range egress.To {
+			toPath := egressPath.Child("to").Index(i)
+			numTo := 0
+			if to.PodSelector != nil {
+				numTo++
+				allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(to.PodSelector, toPath.Child("podSelector"))...)
+			}
+			if to.NamespaceSelector != nil {
+				numTo++
+				allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(to.NamespaceSelector, toPath.Child("namespaceSelector"))...)
+			}
+			if to.IPBlock != nil {
+				numTo++
+				allErrs = append(allErrs, ValidateIPBlock(to.IPBlock, toPath.Child("ipBlock"))...)
+			}
+			if numTo == 0 {
+				allErrs = append(allErrs, field.Required(toPath, "must specify a to type"))
+			} else if numTo > 1 {
+				allErrs = append(allErrs, field.Forbidden(toPath, "may not specify more than 1 to type"))
+			}
+		}
+	}
 	return allErrs
 }