github.com/cilium/cilium@v1.16.2/pkg/labelsfilter/filter_test.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package labelsfilter 5 6 import ( 7 "reflect" 8 "regexp" 9 "testing" 10 11 "github.com/stretchr/testify/require" 12 13 k8sConst "github.com/cilium/cilium/pkg/k8s/apis/cilium.io" 14 "github.com/cilium/cilium/pkg/labels" 15 ) 16 17 func TestFilterLabels(t *testing.T) { 18 wanted := labels.Labels{ 19 "id.lizards": labels.NewLabel("id.lizards", "web", labels.LabelSourceContainer), 20 "id.lizards.k8s": labels.NewLabel("id.lizards.k8s", "web", labels.LabelSourceK8s), 21 "io.kubernetes.pod.namespace": labels.NewLabel("io.kubernetes.pod.namespace", "default", labels.LabelSourceContainer), 22 "app.kubernetes.io": labels.NewLabel("app.kubernetes.io", "my-nginx", labels.LabelSourceContainer), 23 "foo2.lizards.k8s": labels.NewLabel("foo2.lizards.k8s", "web", labels.LabelSourceK8s), 24 "io.cilium.k8s.policy.cluster": labels.NewLabel("io.cilium.k8s.policy.cluster", "default", labels.LabelSourceContainer), 25 } 26 27 err := ParseLabelPrefixCfg([]string{":!ignor[eE]", "id.*", "foo"}, []string{}, "") 28 require.Nil(t, err) 29 dlpcfg := validLabelPrefixes 30 allNormalLabels := map[string]string{ 31 "io.kubernetes.container.hash": "cf58006d", 32 "io.kubernetes.container.name": "POD", 33 "io.kubernetes.container.restartCount": "0", 34 "io.kubernetes.container.terminationMessagePath": "", 35 "io.kubernetes.pod.name": "my-nginx-3800858182-07i3n", 36 "io.kubernetes.pod.namespace": "default", 37 "app.kubernetes.io": "my-nginx", 38 "kubernetes.io.foo": "foo", 39 "beta.kubernetes.io.foo": "foo", 40 "annotation.kubectl.kubernetes.io": "foo", 41 "annotation.hello": "world", 42 "annotation." + k8sConst.CiliumIdentityAnnotationDeprecated: "12356", 43 "io.kubernetes.pod.terminationGracePeriod": "30", 44 "io.kubernetes.pod.uid": "c2e22414-dfc3-11e5-9792-080027755f5a", 45 "ignore": "foo", 46 "ignorE": "foo", 47 "annotation.kubernetes.io/config.seen": "2017-05-30T14:22:17.691491034Z", 48 "controller-revision-hash": "123456", 49 "io.cilium.k8s.policy.cluster": "default", 50 } 51 allLabels := labels.Map2Labels(allNormalLabels, labels.LabelSourceContainer) 52 filtered, _ := dlpcfg.filterLabels(allLabels) 53 require.Equal(t, 3, len(filtered)) 54 allLabels["id.lizards"] = labels.NewLabel("id.lizards", "web", labels.LabelSourceContainer) 55 allLabels["id.lizards.k8s"] = labels.NewLabel("id.lizards.k8s", "web", labels.LabelSourceK8s) 56 filtered, _ = dlpcfg.filterLabels(allLabels) 57 require.Equal(t, 5, len(filtered)) 58 // Checking that it does not need to an exact match of "foo", but "foo2" also works since it's not a regex 59 allLabels["foo2.lizards.k8s"] = labels.NewLabel("foo2.lizards.k8s", "web", labels.LabelSourceK8s) 60 filtered, _ = dlpcfg.filterLabels(allLabels) 61 require.Equal(t, 6, len(filtered)) 62 // Checking that "foo" only works if it's the prefix of a label 63 allLabels["lizards.foo.lizards.k8s"] = labels.NewLabel("lizards.foo.lizards.k8s", "web", labels.LabelSourceK8s) 64 filtered, _ = dlpcfg.filterLabels(allLabels) 65 require.Equal(t, 6, len(filtered)) 66 require.EqualValues(t, wanted, filtered) 67 // Making sure we are deep copying the labels 68 allLabels["id.lizards"] = labels.NewLabel("id.lizards", "web", "I can change this and doesn't affect any one") 69 require.EqualValues(t, wanted, filtered) 70 } 71 72 func TestDefaultFilterLabels(t *testing.T) { 73 wanted := labels.Labels{ 74 "app.kubernetes.io": labels.NewLabel("app.kubernetes.io", "my-nginx", labels.LabelSourceContainer), 75 "id.lizards.k8s": labels.NewLabel("id.lizards.k8s", "web", labels.LabelSourceK8s), 76 "id.lizards": labels.NewLabel("id.lizards", "web", labels.LabelSourceContainer), 77 "ignorE": labels.NewLabel("ignorE", "foo", labels.LabelSourceContainer), 78 "ignore": labels.NewLabel("ignore", "foo", labels.LabelSourceContainer), 79 "host": labels.NewLabel("host", "", labels.LabelSourceReserved), 80 "io.kubernetes.pod.namespace": labels.NewLabel("io.kubernetes.pod.namespace", "default", labels.LabelSourceContainer), 81 "ioXkubernetes": labels.NewLabel("ioXkubernetes", "foo", labels.LabelSourceContainer), 82 "io.cilium.k8s.policy.cluster": labels.NewLabel("io.cilium.k8s.policy.cluster", "default", labels.LabelSourceContainer), 83 } 84 85 err := ParseLabelPrefixCfg([]string{}, []string{}, "") 86 require.Nil(t, err) 87 dlpcfg := validLabelPrefixes 88 allNormalLabels := map[string]string{ 89 "io.kubernetes.container.hash": "cf58006d", 90 "io.kubernetes.container.name": "POD", 91 "io.kubernetes.container.restartCount": "0", 92 "io.kubernetes.container.terminationMessagePath": "", 93 "io.kubernetes.pod.name": "my-nginx-0", 94 "io.kubernetes.pod.namespace": "default", 95 "app.kubernetes.io": "my-nginx", 96 "kubernetes.io.foo": "foo", 97 "beta.kubernetes.io.foo": "foo", 98 "annotation.kubectl.kubernetes.io": "foo", 99 "annotation.hello": "world", 100 "annotation." + k8sConst.CiliumIdentityAnnotationDeprecated: "12356", 101 "io.kubernetes.pod.terminationGracePeriod": "30", 102 "io.kubernetes.pod.uid": "c2e22414-dfc3-11e5-9792-080027755f5a", 103 "ioXkubernetes": "foo", 104 "ignore": "foo", 105 "ignorE": "foo", 106 "annotation.kubernetes.io/config.seen": "2017-05-30T14:22:17.691491034Z", 107 "controller-revision-hash": "123456", 108 "statefulset.kubernetes.io/pod-name": "my-nginx-0", 109 "batch.kubernetes.io/job-completion-index": "42", 110 "apps.kubernetes.io/pod-index": "0", 111 "io.cilium.k8s.policy.cluster": "default", 112 } 113 allLabels := labels.Map2Labels(allNormalLabels, labels.LabelSourceContainer) 114 allLabels["host"] = labels.NewLabel("host", "", labels.LabelSourceReserved) 115 filtered, _ := dlpcfg.filterLabels(allLabels) 116 require.Equal(t, len(wanted)-2, len(filtered)) // -2 because we add two labels in the next lines 117 allLabels["id.lizards"] = labels.NewLabel("id.lizards", "web", labels.LabelSourceContainer) 118 allLabels["id.lizards.k8s"] = labels.NewLabel("id.lizards.k8s", "web", labels.LabelSourceK8s) 119 filtered, _ = dlpcfg.filterLabels(allLabels) 120 require.EqualValues(t, wanted, filtered) 121 } 122 123 func TestFilterLabelsDocExample(t *testing.T) { 124 wanted := labels.Labels{ 125 "io.cilium.k8s.namespace.labels": labels.NewLabel("io.cilium.k8s.namespace.labels", "foo", labels.LabelSourceK8s), 126 "k8s-app-team": labels.NewLabel("k8s-app-team", "foo", labels.LabelSourceK8s), 127 "app-production": labels.NewLabel("app-production", "foo", labels.LabelSourceK8s), 128 "name-defined": labels.NewLabel("name-defined", "foo", labels.LabelSourceK8s), 129 "host": labels.NewLabel("host", "", labels.LabelSourceReserved), 130 "io.kubernetes.pod.namespace": labels.NewLabel("io.kubernetes.pod.namespace", "docker", labels.LabelSourceAny), 131 "io.cilium.k8s.policy.cluster": labels.NewLabel("io.cilium.k8s.policy.cluster", "default", labels.LabelSourceK8s), 132 } 133 134 err := ParseLabelPrefixCfg([]string{"k8s:io.kubernetes.pod.namespace", "k8s:k8s-app", "k8s:app", "k8s:name", "k8s:io.cilium.k8s.policy.cluster"}, []string{}, "") 135 require.Nil(t, err) 136 dlpcfg := validLabelPrefixes 137 allNormalLabels := map[string]string{ 138 "io.cilium.k8s.namespace.labels": "foo", 139 "k8s-app-team": "foo", 140 "app-production": "foo", 141 "name-defined": "foo", 142 } 143 allLabels := labels.Map2Labels(allNormalLabels, labels.LabelSourceK8s) 144 filtered, _ := dlpcfg.filterLabels(allLabels) 145 require.Equal(t, 4, len(filtered)) 146 147 // Reserved labels are included. 148 allLabels["host"] = labels.NewLabel("host", "", labels.LabelSourceReserved) 149 filtered, _ = dlpcfg.filterLabels(allLabels) 150 require.Equal(t, 5, len(filtered)) 151 152 // io.kubernetes.pod.namespace=docker matches because the default list has any:io.kubernetes.pod.namespace. 153 allLabels["io.kubernetes.pod.namespace"] = labels.NewLabel("io.kubernetes.pod.namespace", "docker", labels.LabelSourceAny) 154 filtered, _ = dlpcfg.filterLabels(allLabels) 155 require.Equal(t, 6, len(filtered)) 156 157 // io.cilium.k8s.policy.cluster=default matches because the default list has k8s:io.cilium.k8s.policy.cluster. 158 allLabels["io.cilium.k8s.policy.cluster"] = labels.NewLabel("io.cilium.k8s.policy.cluster", "default", labels.LabelSourceK8s) 159 filtered, _ = dlpcfg.filterLabels(allLabels) 160 require.Equal(t, 7, len(filtered)) 161 162 // container:k8s-app-role=foo doesn't match because it doesn't have source k8s. 163 allLabels["k8s-app-role"] = labels.NewLabel("k8s-app-role", "foo", labels.LabelSourceContainer) 164 filtered, _ = dlpcfg.filterLabels(allLabels) 165 require.Equal(t, 7, len(filtered)) 166 require.EqualValues(t, wanted, filtered) 167 } 168 169 func TestFilterLabelsByRegex(t *testing.T) { 170 type args struct { 171 excludePatterns []*regexp.Regexp 172 labels map[string]string 173 } 174 tests := []struct { 175 name string 176 args args 177 want map[string]string 178 }{ 179 { 180 name: "exclude_test", 181 args: args{ 182 []*regexp.Regexp{regexp.MustCompile("foobar.*")}, 183 map[string]string{ 184 "topology.kubernetes.io/region": "us-east-1", 185 "foobar.com": "unwanted-label", 186 }, 187 }, 188 want: map[string]string{ 189 "topology.kubernetes.io/region": "us-east-1", 190 }, 191 }, 192 { 193 name: "multi_exclude_test", 194 args: args{ 195 []*regexp.Regexp{ 196 regexp.MustCompile("foo.*"), 197 regexp.MustCompile("bar.*"), 198 }, 199 map[string]string{ 200 "topology.kubernetes.io/region": "us-east-1", 201 "foo.com": "unwanted-label", 202 "bar.com": "unwanted-label", 203 }, 204 }, 205 want: map[string]string{ 206 "topology.kubernetes.io/region": "us-east-1", 207 }, 208 }, 209 { 210 name: "baseline_test", 211 args: args{ 212 []*regexp.Regexp{}, 213 map[string]string{ 214 "topology.kubernetes.io/region": "us-east-1", 215 "foobar.com": "unwanted-label", 216 }, 217 }, 218 want: map[string]string{ 219 "topology.kubernetes.io/region": "us-east-1", 220 "foobar.com": "unwanted-label", 221 }, 222 }, 223 } 224 for _, tt := range tests { 225 t.Run(tt.name, func(t *testing.T) { 226 if got := FilterLabelsByRegex(tt.args.excludePatterns, tt.args.labels); !reflect.DeepEqual(got, tt.want) { 227 t.Errorf("FilterLabelsByRegex() = %v, want %v", got, tt.want) 228 } 229 }) 230 } 231 }