Network Policies require to_pod_labels which should be optional

[vrabbi]

Describe the bug

TMC allows for not defining a pod selector to apply a network policy to which in turn means it applies to all pods in the relevant namespace/workspace. the TMC resource requires supplying the to_pod_labels field and it is a map type, however when providing an empty map eg to_pod_labels = {} this fails as well as it complains about requiring the data structure to be an array in the API but it is being passed a value of null.

Reproduction steps

1. create a network policy resource as such:

resource "tanzu-mission-control_network_policy" "kube_system_egress" {
  name = "allow-egress-to-kube-system"

  scope {
    workspace {
      workspace = "saample"
    }
  }

  spec {
    input {
      custom_egress {
        rules {
          ports {
            port = "53"
            protocol = "TCP"
          }
          ports {
            port = "53"
            protocol = "UDP"
          }
          rule_spec {
            custom_selector {
              namespace_selector = {
                "kubernetes.io/metadata.name" = "kube-system"
              }
            }
          }
        }
      }
    }
  }
}

2. when this fails try adding the following under custom_egress and see it fail again with a different error:

        to_pod_labels = {}

3. Add an actual label and see that it works

        to_pod_labels = {"demo" = "true"}

Expected behavior

network policy should allow not specifying the to_pod_labels and or allow an empty selector

Additional context

No response

[ramya-bangera]

@vrabbi - This is a known issue and tracked already in our Jira

[ramya-bangera]

@vrabbi - I have tagged you in the Jira ticket