github.com/cilium/cilium@v1.16.2/pkg/identity/cache/cache_test.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package cache 5 6 import ( 7 "context" 8 "testing" 9 10 "github.com/stretchr/testify/require" 11 12 cmtypes "github.com/cilium/cilium/pkg/clustermesh/types" 13 "github.com/cilium/cilium/pkg/identity" 14 "github.com/cilium/cilium/pkg/labels" 15 "github.com/cilium/cilium/pkg/testutils" 16 ) 17 18 var ( 19 kvstoreLabels = labels.NewLabelsFromModel([]string{ 20 "k8s:app=etcd", 21 "k8s:etcd_cluster=cilium-etcd", 22 "k8s:io.cilium/app=etcd-operator", 23 "k8s:io.kubernetes.pod.namespace=kube-system", 24 "k8s:io.cilium.k8s.policy.serviceaccount=default", 25 "k8s:io.cilium.k8s.policy.cluster=default", 26 }) 27 ) 28 29 func TestLookupReservedIdentity(t *testing.T) { 30 testutils.IntegrationTest(t) 31 32 mgr := NewCachingIdentityAllocator(newDummyOwner()) 33 <-mgr.InitIdentityAllocator(nil) 34 35 hostID := identity.GetReservedID("host") 36 require.NotNil(t, mgr.LookupIdentityByID(context.TODO(), hostID)) 37 38 id := mgr.LookupIdentity(context.TODO(), labels.NewLabelsFromModel([]string{"reserved:host"})) 39 require.NotNil(t, id) 40 require.Equal(t, hostID, id.ID) 41 42 worldID := identity.GetReservedID("world") 43 require.NotNil(t, mgr.LookupIdentityByID(context.TODO(), worldID)) 44 45 id = mgr.LookupIdentity(context.TODO(), labels.NewLabelsFromModel([]string{"reserved:world"})) 46 require.NotNil(t, id) 47 require.Equal(t, worldID, id.ID) 48 49 identity.InitWellKnownIdentities(fakeConfig, cmtypes.ClusterInfo{Name: "default", ID: 5}) 50 51 id = mgr.LookupIdentity(context.TODO(), kvstoreLabels) 52 require.NotNil(t, id) 53 require.Equal(t, identity.ReservedCiliumKVStore, id.ID) 54 } 55 56 func TestLookupReservedIdentityByLabels(t *testing.T) { 57 testutils.IntegrationTest(t) 58 59 ni, err := identity.ParseNumericIdentity("129") 60 require.Nil(t, err) 61 identity.AddUserDefinedNumericIdentity(ni, "kvstore") 62 identity.AddReservedIdentity(ni, "kvstore") 63 64 type args struct { 65 lbls labels.Labels 66 } 67 tests := []struct { 68 name string 69 args args 70 want *identity.Identity 71 }{ 72 { 73 name: "fixed-identity", 74 args: args{ 75 lbls: labels.Labels{labels.LabelKeyFixedIdentity: labels.ParseLabel(labels.LabelKeyFixedIdentity + "=" + "kvstore")}, 76 }, 77 want: identity.NewIdentity(ni, labels.Labels{"kvstore": labels.NewLabel("kvstore", "", labels.LabelSourceReserved)}), 78 }, 79 { 80 name: "fixed-identity+reserved-identity returns fixed", 81 args: args{ 82 lbls: labels.Labels{ 83 labels.LabelKeyFixedIdentity: labels.ParseLabel(labels.LabelKeyFixedIdentity + "=" + "kvstore"), 84 labels.IDNameHost: labels.LabelHost[labels.IDNameHost], 85 }, 86 }, 87 want: identity.NewIdentity(ni, labels.Labels{"kvstore": labels.NewLabel("kvstore", "", labels.LabelSourceReserved)}), 88 }, 89 { 90 name: "reserved-identity+fixed-identity returns fixed", 91 args: args{ 92 lbls: labels.Labels{ 93 labels.IDNameHost: labels.LabelHost[labels.IDNameHost], 94 labels.LabelKeyFixedIdentity: labels.ParseLabel(labels.LabelKeyFixedIdentity + "=" + "kvstore"), 95 }, 96 }, 97 want: identity.NewIdentity(ni, labels.Labels{"kvstore": labels.NewLabel("kvstore", "", labels.LabelSourceReserved)}), 98 }, 99 { 100 name: "non-existing-fixed-identity", 101 args: args{ 102 lbls: labels.Labels{labels.LabelKeyFixedIdentity: labels.ParseLabel(labels.LabelKeyFixedIdentity + "=" + "kube-dns")}, 103 }, 104 want: nil, 105 }, 106 { 107 name: "reserved-identity", 108 args: args{ 109 lbls: labels.LabelHost, 110 }, 111 want: identity.NewIdentity(identity.ReservedIdentityHost, labels.LabelHost), 112 }, 113 { 114 name: "reserved-identity+other-labels", 115 args: args{ 116 lbls: labels.Labels{ 117 labels.IDNameHost: labels.LabelHost[labels.IDNameHost], 118 "id.foo": labels.ParseLabel("id.foo"), 119 }, 120 }, 121 want: identity.NewIdentity(identity.ReservedIdentityHost, labels.Labels{ 122 labels.IDNameHost: labels.LabelHost[labels.IDNameHost], 123 "id.foo": labels.ParseLabel("id.foo"), 124 }, 125 ), 126 }, 127 { 128 name: "well-known-kvstore", 129 args: args{ 130 lbls: kvstoreLabels, 131 }, 132 want: identity.NewIdentity(identity.ReservedCiliumKVStore, kvstoreLabels), 133 }, 134 { 135 name: "no fixed and reserved identities returns nil", 136 args: args{ 137 lbls: labels.Labels{ 138 "id.foo": labels.ParseLabel("id.foo"), 139 }, 140 }, 141 want: nil, 142 }, 143 } 144 145 for _, tt := range tests { 146 got := identity.LookupReservedIdentityByLabels(tt.args.lbls) 147 switch { 148 case got == nil && tt.want == nil: 149 case got == nil && tt.want != nil || 150 got != nil && tt.want == nil || 151 got.ID != tt.want.ID: 152 153 t.Errorf("test %s: LookupReservedIdentityByLabels() = %v, want %v", tt.name, got, tt.want) 154 } 155 } 156 }