github.com/cilium/cilium@v1.16.2/pkg/auth/authmap_cache_test.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package auth 5 6 import ( 7 "testing" 8 "time" 9 10 "github.com/sirupsen/logrus" 11 "github.com/stretchr/testify/assert" 12 13 "github.com/cilium/cilium/pkg/policy" 14 ) 15 16 func Test_authMapCache_restoreCache(t *testing.T) { 17 am := authMapCache{ 18 logger: logrus.New(), 19 authmap: &fakeAuthMap{ 20 entries: map[authKey]authInfo{ 21 { 22 localIdentity: 1000, 23 remoteIdentity: 2000, 24 remoteNodeID: 10, 25 authType: policy.AuthTypeDisabled, 26 }: { 27 expiration: time.Now().Add(10 * time.Minute), 28 }, 29 }, 30 }, 31 cacheEntries: map[authKey]authInfoCache{}, 32 } 33 34 err := am.restoreCache() 35 assert.NoError(t, err) 36 37 assert.Len(t, am.cacheEntries, 1) 38 39 val, err := am.Get(authKey{ 40 localIdentity: 1000, 41 remoteIdentity: 2000, 42 remoteNodeID: 10, 43 authType: policy.AuthTypeDisabled, 44 }) 45 assert.NoError(t, err) 46 assert.NotNil(t, val) 47 } 48 49 func Test_authMapCache_allReturnsCopy(t *testing.T) { 50 am := authMapCache{ 51 logger: logrus.New(), 52 authmap: &fakeAuthMap{ 53 entries: map[authKey]authInfo{}, 54 }, 55 cacheEntries: map[authKey]authInfoCache{ 56 { 57 localIdentity: 1000, 58 remoteIdentity: 2000, 59 remoteNodeID: 10, 60 authType: policy.AuthTypeDisabled, 61 }: { 62 authInfo: authInfo{time.Now().Add(10 * time.Minute)}, 63 storedAt: time.Now().Add(-10 * time.Minute), 64 }, 65 }, 66 } 67 68 all, err := am.All() 69 assert.NoError(t, err) 70 assert.Len(t, all, 1) 71 72 all[authKey{ 73 localIdentity: 10000, 74 remoteIdentity: 20000, 75 remoteNodeID: 100, 76 authType: policy.AuthTypeDisabled, 77 }] = authInfo{ 78 expiration: time.Now().Add(10 * time.Minute), 79 } 80 assert.Len(t, all, 2) 81 assert.Len(t, am.cacheEntries, 1) 82 } 83 84 func Test_authMapCache_Delete(t *testing.T) { 85 fakeMap := &fakeAuthMap{ 86 entries: map[authKey]authInfo{ 87 { 88 localIdentity: 1000, 89 remoteIdentity: 2000, 90 remoteNodeID: 10, 91 authType: policy.AuthTypeDisabled, 92 }: { 93 expiration: time.Now().Add(10 * time.Minute), 94 }, 95 }, 96 } 97 am := authMapCache{ 98 logger: logrus.New(), 99 authmap: fakeMap, 100 cacheEntries: map[authKey]authInfoCache{ 101 { 102 localIdentity: 1000, 103 remoteIdentity: 2000, 104 remoteNodeID: 10, 105 authType: policy.AuthTypeDisabled, 106 }: { 107 authInfo: authInfo{time.Now().Add(10 * time.Minute)}, 108 storedAt: time.Now().Add(-10 * time.Minute), 109 }, 110 { 111 localIdentity: 3000, 112 remoteIdentity: 2000, 113 remoteNodeID: 10, 114 authType: policy.AuthTypeDisabled, 115 }: { 116 authInfo: authInfo{time.Now().Add(10 * time.Minute)}, 117 storedAt: time.Now().Add(-10 * time.Minute), 118 }, 119 { 120 localIdentity: 4000, 121 remoteIdentity: 2000, 122 remoteNodeID: 10, 123 authType: policy.AuthTypeDisabled, 124 }: { 125 authInfo: authInfo{time.Now().Add(10 * time.Minute)}, 126 storedAt: time.Now().Add(-10 * time.Minute), 127 }, 128 }, 129 } 130 131 assert.Len(t, am.cacheEntries, 3) 132 133 err := am.Delete(authKey{ 134 localIdentity: 1000, 135 remoteIdentity: 2000, 136 remoteNodeID: 10, 137 authType: policy.AuthTypeDisabled, 138 }) 139 assert.NoError(t, err) 140 assert.Len(t, am.cacheEntries, 2) 141 142 err = am.Delete(authKey{ 143 localIdentity: 3000, 144 remoteIdentity: 2000, 145 remoteNodeID: 10, 146 authType: policy.AuthTypeDisabled, 147 }) 148 assert.NoError(t, err) 149 assert.Len(t, am.cacheEntries, 1) // Delete from cache 150 151 fakeMap.failDelete = true 152 err = am.Delete(authKey{ 153 localIdentity: 4000, 154 remoteIdentity: 2000, 155 remoteNodeID: 10, 156 authType: policy.AuthTypeDisabled, 157 }) 158 assert.ErrorContains(t, err, "failed to delete auth entry from map: failed to delete entry") 159 assert.Len(t, am.cacheEntries, 1) // Technical error -> keep in cache 160 } 161 162 func Test_authMapCache_DeleteIf(t *testing.T) { 163 fakeMap := &fakeAuthMap{ 164 entries: map[authKey]authInfo{ 165 { 166 localIdentity: 1000, 167 remoteIdentity: 2000, 168 remoteNodeID: 10, 169 authType: policy.AuthTypeDisabled, 170 }: { 171 expiration: time.Now().Add(10 * time.Minute), 172 }, 173 }, 174 } 175 am := authMapCache{ 176 logger: logrus.New(), 177 authmap: fakeMap, 178 cacheEntries: map[authKey]authInfoCache{ 179 { 180 localIdentity: 1000, 181 remoteIdentity: 2000, 182 remoteNodeID: 10, 183 authType: policy.AuthTypeDisabled, 184 }: { 185 authInfo: authInfo{time.Now().Add(10 * time.Minute)}, 186 storedAt: time.Now().Add(-10 * time.Minute), 187 }, 188 { 189 localIdentity: 3000, 190 remoteIdentity: 2000, 191 remoteNodeID: 10, 192 authType: policy.AuthTypeDisabled, 193 }: { 194 authInfo: authInfo{time.Now().Add(10 * time.Minute)}, 195 storedAt: time.Now().Add(-10 * time.Minute), 196 }, 197 { 198 localIdentity: 4000, 199 remoteIdentity: 2000, 200 remoteNodeID: 10, 201 authType: policy.AuthTypeDisabled, 202 }: { 203 authInfo: authInfo{time.Now().Add(10 * time.Minute)}, 204 storedAt: time.Now().Add(-10 * time.Minute), 205 }, 206 }, 207 } 208 209 assert.Len(t, am.cacheEntries, 3) 210 211 err := am.DeleteIf(func(key authKey, info authInfo) bool { 212 return key.localIdentity == 1000 || key.localIdentity == 3000 213 }) 214 assert.NoError(t, err) 215 assert.Len(t, am.cacheEntries, 1) 216 217 fakeMap.failDelete = true 218 err = am.DeleteIf(func(key authKey, info authInfo) bool { 219 return key.localIdentity == 4000 220 }) 221 assert.ErrorContains(t, err, "failed to delete auth entry from map: failed to delete entry") 222 assert.Len(t, am.cacheEntries, 1) 223 }