github.com/cilium/cilium@v1.16.2/pkg/maps/egressmap/policy_test.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package egressmap 5 6 import ( 7 "errors" 8 "net/netip" 9 "testing" 10 11 "github.com/cilium/ebpf" 12 "github.com/cilium/ebpf/rlimit" 13 "github.com/cilium/hive/hivetest" 14 "github.com/stretchr/testify/assert" 15 16 "github.com/cilium/cilium/pkg/bpf" 17 "github.com/cilium/cilium/pkg/testutils" 18 ) 19 20 func TestPolicyMap(t *testing.T) { 21 testutils.PrivilegedTest(t) 22 23 bpf.CheckOrMountFS("") 24 assert.Nil(t, rlimit.RemoveMemlock()) 25 26 egressPolicyMap := createPolicyMap(hivetest.Lifecycle(t), DefaultPolicyConfig, ebpf.PinNone) 27 28 sourceIP1 := netip.MustParseAddr("1.1.1.1") 29 sourceIP2 := netip.MustParseAddr("1.1.1.2") 30 31 destCIDR1 := netip.MustParsePrefix("2.2.1.0/24") 32 destCIDR2 := netip.MustParsePrefix("2.2.2.0/24") 33 34 egressIP1 := netip.MustParseAddr("3.3.3.1") 35 egressIP2 := netip.MustParseAddr("3.3.3.2") 36 37 err := egressPolicyMap.Update(sourceIP1, destCIDR1, egressIP1, egressIP1) 38 assert.Nil(t, err) 39 40 err = egressPolicyMap.Update(sourceIP2, destCIDR2, egressIP2, egressIP2) 41 assert.Nil(t, err) 42 43 val, err := egressPolicyMap.Lookup(sourceIP1, destCIDR1) 44 assert.Nil(t, err) 45 46 assert.Equal(t, val.EgressIP.Addr(), egressIP1) 47 assert.Equal(t, val.GatewayIP.Addr(), egressIP1) 48 49 val, err = egressPolicyMap.Lookup(sourceIP2, destCIDR2) 50 assert.Nil(t, err) 51 52 assert.Equal(t, val.EgressIP.Addr(), egressIP2) 53 assert.Equal(t, val.GatewayIP.Addr(), egressIP2) 54 55 err = egressPolicyMap.Delete(sourceIP2, destCIDR2) 56 assert.Nil(t, err) 57 58 val, err = egressPolicyMap.Lookup(sourceIP1, destCIDR1) 59 assert.Nil(t, err) 60 61 assert.Equal(t, val.EgressIP.Addr(), egressIP1) 62 assert.Equal(t, val.GatewayIP.Addr(), egressIP1) 63 64 _, err = egressPolicyMap.Lookup(sourceIP2, destCIDR2) 65 assert.True(t, errors.Is(err, ebpf.ErrKeyNotExist)) 66 }