github.com/cilium/cilium@v1.16.2/pkg/maps/egressmap/policy_test.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package egressmap
     5  
     6  import (
     7  	"errors"
     8  	"net/netip"
     9  	"testing"
    10  
    11  	"github.com/cilium/ebpf"
    12  	"github.com/cilium/ebpf/rlimit"
    13  	"github.com/cilium/hive/hivetest"
    14  	"github.com/stretchr/testify/assert"
    15  
    16  	"github.com/cilium/cilium/pkg/bpf"
    17  	"github.com/cilium/cilium/pkg/testutils"
    18  )
    19  
    20  func TestPolicyMap(t *testing.T) {
    21  	testutils.PrivilegedTest(t)
    22  
    23  	bpf.CheckOrMountFS("")
    24  	assert.Nil(t, rlimit.RemoveMemlock())
    25  
    26  	egressPolicyMap := createPolicyMap(hivetest.Lifecycle(t), DefaultPolicyConfig, ebpf.PinNone)
    27  
    28  	sourceIP1 := netip.MustParseAddr("1.1.1.1")
    29  	sourceIP2 := netip.MustParseAddr("1.1.1.2")
    30  
    31  	destCIDR1 := netip.MustParsePrefix("2.2.1.0/24")
    32  	destCIDR2 := netip.MustParsePrefix("2.2.2.0/24")
    33  
    34  	egressIP1 := netip.MustParseAddr("3.3.3.1")
    35  	egressIP2 := netip.MustParseAddr("3.3.3.2")
    36  
    37  	err := egressPolicyMap.Update(sourceIP1, destCIDR1, egressIP1, egressIP1)
    38  	assert.Nil(t, err)
    39  
    40  	err = egressPolicyMap.Update(sourceIP2, destCIDR2, egressIP2, egressIP2)
    41  	assert.Nil(t, err)
    42  
    43  	val, err := egressPolicyMap.Lookup(sourceIP1, destCIDR1)
    44  	assert.Nil(t, err)
    45  
    46  	assert.Equal(t, val.EgressIP.Addr(), egressIP1)
    47  	assert.Equal(t, val.GatewayIP.Addr(), egressIP1)
    48  
    49  	val, err = egressPolicyMap.Lookup(sourceIP2, destCIDR2)
    50  	assert.Nil(t, err)
    51  
    52  	assert.Equal(t, val.EgressIP.Addr(), egressIP2)
    53  	assert.Equal(t, val.GatewayIP.Addr(), egressIP2)
    54  
    55  	err = egressPolicyMap.Delete(sourceIP2, destCIDR2)
    56  	assert.Nil(t, err)
    57  
    58  	val, err = egressPolicyMap.Lookup(sourceIP1, destCIDR1)
    59  	assert.Nil(t, err)
    60  
    61  	assert.Equal(t, val.EgressIP.Addr(), egressIP1)
    62  	assert.Equal(t, val.GatewayIP.Addr(), egressIP1)
    63  
    64  	_, err = egressPolicyMap.Lookup(sourceIP2, destCIDR2)
    65  	assert.True(t, errors.Is(err, ebpf.ErrKeyNotExist))
    66  }