Test fix

pkg/labeler/labeler_test.go

@@ -883,20 +883,18 @@ func TestLabelFlow(t *testing.T) {
 		// In AWS, connections to service IPs have the original tuple (podIP,
 		// serviceIP) and the reply tuple (podIP, podIP).
 		var (
-			localAvailabilityZone    = "local_availability_zone"
-			localAvailabilityZoneID  = "usw2-az1"
-			localInstance            = "local_instance"
-			remoteInstance           = "remote_instance"
-			localNamespace           = "local_namespace"
-			remoteNamespace          = "remote_namespace"
-			localPod                 = "local_pod"
-			remotePod                = "remote_pod"
-			localNode                = "local_node"
-			remoteNode               = "remote_node"
-			localApp                 = "local_app"
-			remoteApp                = "remote_app"
-			remoteAvailabilityZone   = "remote_availability_zone"
-			remoteAvailabilityZoneID = "usw2-az2"
+			localAvailabilityZone  = "local_availability_zone"
+			localInstance          = "local_instance"
+			remoteInstance         = "remote_instance"
+			localNamespace         = "local_namespace"
+			remoteNamespace        = "remote_namespace"
+			localPod               = "local_pod"
+			remotePod              = "remote_pod"
+			localNode              = "local_node"
+			remoteNode             = "remote_node"
+			localApp               = "local_app"
+			remoteApp              = "remote_app"
+			remoteAvailabilityZone = "remote_availability_zone"
 
 			origSrcIP  = netip.MustParseAddr("10.0.0.1")
 			origDstIP  = netip.MustParseAddr("10.0.0.2")
@@ -1005,7 +1003,7 @@ func TestLabelFlow(t *testing.T) {
 			PacketsOut:             origPackets,
 			BytesOut:               origBytes,
 			Proto:                  protocolTCP,
-			LocalAvailabilityZone:  localAvailabilityZoneID,
+			LocalAvailabilityZone:  localAvailabilityZone,
 			LocalNode:              localNode,
 			LocalInstanceID:        localInstance,
 			LocalNamespace:         localNamespace,
@@ -1017,7 +1015,7 @@ func TestLabelFlow(t *testing.T) {
 			RemoteIP:               replySrcIP,
 			RemotePort:             replySrcPort,
 			RemoteNode:             remoteNode,
-			RemoteAvailabilityZone: remoteAvailabilityZoneID,
+			RemoteAvailabilityZone: remoteAvailabilityZone,
 			RemoteInstanceID:       remoteInstance,
 			RemoteNamespace:        remoteNamespace,
 			RemotePod:              remotePod,

pkg/labeler/public_ranges.go

@@ -156,10 +156,8 @@ func (d *remoteIPPrefixDetail) Normalize() {
 
 // Sometimes AWS advertises a single prefix under multiple services at a time,
 // in which case we need to choose which service to attribute it to
-// (consistently). We care that we attribute traffic to S3 where possible so
-// that in ambiguous situations we mark customer's outbound traffic as going
-// through VPC Endpoint rather than NAT Gateway (rounding our pricing and
-// charges down rather than up). This is a simple heuristic but it should work.
+// (consistently). We attribute traffic to S3 where possible, then to Amazon
+// services, then to EC2.
 //
 // By convention, lower priority number = higher priority.
 var awsServicePriorities map[string]int = map[string]int{
@@ -282,9 +280,6 @@ func refreshRemoteIPs(aws AWSIPRanges, gcp GCPIPRanges, google GoogleIPRanges, a
 			// find a prefix twice, we prioritise a non-empty SystemService over
 			// an empty SystemService and AzureStorageService SystemService over
 			// any SystemService.
-			//
-			// AzureStorage is important because we want to have no false
-			// negatives when identifying SMT traffic.
 			if detail, ok := remoteIPRanges[ip.ToIPv4().ToKey()]; !ok || (((detail.service == AzureCloudService || detail.service == AzureService || detail.service == "") && pg.Properties.SystemService != "") || (pg.Properties.SystemService == AzureStorageService) || (detail.region == AzureGlobalRegion && region != AzureGlobalRegion && detail.service == service)) {
 				// If the prefix hasn't been found, OR
 				//