Summary

This PR adds support for SourcesToFilter parameter to network-blackhole-port fault. This field is needed to supply IPs that should be protected from the fault. This will be helpful for certain sidecar containers such as FIS sidecar to protect their service related endpoints from getting impacted by the fault. We already have this for network-latency and network-packet-loss faults.

Implementation details

• Add new field SourcesToFilter to NetworkFaultRequest
• Update network-blackhole-port fault injection function so that it loops through SourcesToFilter and adds an ACCEPT rule for each source to the fault chain.
• Update network-blackhole-port/start request handler so that it adds TMDS IP to SourcesToFilter if the fault is for egress traffic and the port of the fault matches TMDS port. TMDS access is blocked for the task only by egress faults so we need to protect TMDS IP only for egress faults.

Testing

Ran a bunch of manual tests for host and awsvpc network mode tasks. Verified that

1. IPs provided to the API in SourcesToFilter field are still accessible after an egress network-blackhole-port fault is injected. Other IP on the fault's port are not accessible.
2. TMDS IP is protected if the fault is of egress type and port 80.

New tests cover the changes: yes

Description for the changelog

Enhancement: Add SourcesToFilter support for network-blackhole-port fault

Additional Information

Does this PR include breaking model changes? If so, Have you added transformation functions?

Does this PR include the addition of new environment variables in the README?

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.