github.com/cilium/cilium@v1.16.2/pkg/policy/api/entity_test.go

github.com/cilium/cilium@v1.16.2/pkg/policy/api/entity_test.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package api
     5  
     6  import (
     7  	"fmt"
     8  	"testing"
     9  
    10  	"github.com/stretchr/testify/require"
    11  
    12  	k8sapi "github.com/cilium/cilium/pkg/k8s/apis/cilium.io"
    13  	"github.com/cilium/cilium/pkg/labels"
    14  )
    15  
    16  // matches returns true if the entity matches the labels
    17  func (e Entity) matches(ctx labels.LabelArray) bool {
    18  	return EntitySlice{e}.matches(ctx)
    19  }
    20  
    21  // matches returns true if any of the entities in the slice match the labels
    22  func (s EntitySlice) matches(ctx labels.LabelArray) bool {
    23  	return s.GetAsEndpointSelectors().Matches(ctx)
    24  }
    25  
    26  func TestEntityMatches(t *testing.T) {
    27  	InitEntities("cluster1")
    28  
    29  	require.Equal(t, true, EntityHost.matches(labels.ParseLabelArray("reserved:host")))
    30  	require.Equal(t, true, EntityHost.matches(labels.ParseLabelArray("reserved:host", "id:foo")))
    31  	require.Equal(t, false, EntityHost.matches(labels.ParseLabelArray("reserved:world")))
    32  	require.Equal(t, false, EntityHost.matches(labels.ParseLabelArray("reserved:health")))
    33  	require.Equal(t, false, EntityHost.matches(labels.ParseLabelArray("reserved:unmanaged")))
    34  	require.Equal(t, false, EntityHost.matches(labels.ParseLabelArray("reserved:none")))
    35  	require.Equal(t, false, EntityHost.matches(labels.ParseLabelArray("id=foo")))
    36  
    37  	require.Equal(t, true, EntityAll.matches(labels.ParseLabelArray("reserved:host")))
    38  	require.Equal(t, true, EntityAll.matches(labels.ParseLabelArray("reserved:world")))
    39  	require.Equal(t, true, EntityAll.matches(labels.ParseLabelArray("reserved:health")))
    40  	require.Equal(t, true, EntityAll.matches(labels.ParseLabelArray("reserved:unmanaged")))
    41  	require.Equal(t, true, EntityAll.matches(labels.ParseLabelArray("reserved:none"))) // in a white-list model, All trumps None
    42  	require.Equal(t, true, EntityAll.matches(labels.ParseLabelArray("id=foo")))
    43  
    44  	require.Equal(t, true, EntityCluster.matches(labels.ParseLabelArray("reserved:host")))
    45  	require.Equal(t, true, EntityCluster.matches(labels.ParseLabelArray("reserved:init")))
    46  	require.Equal(t, true, EntityCluster.matches(labels.ParseLabelArray("reserved:health")))
    47  	require.Equal(t, true, EntityCluster.matches(labels.ParseLabelArray("reserved:unmanaged")))
    48  	require.Equal(t, false, EntityCluster.matches(labels.ParseLabelArray("reserved:world")))
    49  	require.Equal(t, false, EntityCluster.matches(labels.ParseLabelArray("reserved:none")))
    50  
    51  	clusterLabel := fmt.Sprintf("k8s:%s=%s", k8sapi.PolicyLabelCluster, "cluster1")
    52  	require.Equal(t, true, EntityCluster.matches(labels.ParseLabelArray(clusterLabel, "id=foo")))
    53  	require.Equal(t, true, EntityCluster.matches(labels.ParseLabelArray(clusterLabel, "id=foo", "id=bar")))
    54  	require.Equal(t, false, EntityCluster.matches(labels.ParseLabelArray("id=foo")))
    55  
    56  	require.Equal(t, false, EntityWorld.matches(labels.ParseLabelArray("reserved:host")))
    57  	require.Equal(t, true, EntityWorld.matches(labels.ParseLabelArray("reserved:world")))
    58  	require.Equal(t, false, EntityWorld.matches(labels.ParseLabelArray("reserved:health")))
    59  	require.Equal(t, false, EntityWorld.matches(labels.ParseLabelArray("reserved:unmanaged")))
    60  	require.Equal(t, false, EntityWorld.matches(labels.ParseLabelArray("reserved:none")))
    61  	require.Equal(t, false, EntityWorld.matches(labels.ParseLabelArray("id=foo")))
    62  	require.Equal(t, false, EntityWorld.matches(labels.ParseLabelArray("id=foo", "id=bar")))
    63  
    64  	require.Equal(t, false, EntityNone.matches(labels.ParseLabelArray("reserved:host")))
    65  	require.Equal(t, false, EntityNone.matches(labels.ParseLabelArray("reserved:world")))
    66  	require.Equal(t, false, EntityNone.matches(labels.ParseLabelArray("reserved:health")))
    67  	require.Equal(t, false, EntityNone.matches(labels.ParseLabelArray("reserved:unmanaged")))
    68  	require.Equal(t, false, EntityNone.matches(labels.ParseLabelArray("reserved:init")))
    69  	require.Equal(t, false, EntityNone.matches(labels.ParseLabelArray("id=foo")))
    70  	require.Equal(t, false, EntityNone.matches(labels.ParseLabelArray(clusterLabel, "id=foo", "id=bar")))
    71  
    72  }
    73  
    74  func TestEntitySliceMatches(t *testing.T) {
    75  	InitEntities("cluster1")
    76  
    77  	slice := EntitySlice{EntityHost, EntityWorld}
    78  	require.Equal(t, true, slice.matches(labels.ParseLabelArray("reserved:host")))
    79  	require.Equal(t, true, slice.matches(labels.ParseLabelArray("reserved:world")))
    80  	require.Equal(t, false, slice.matches(labels.ParseLabelArray("reserved:health")))
    81  	require.Equal(t, false, slice.matches(labels.ParseLabelArray("reserved:unmanaged")))
    82  	require.Equal(t, false, slice.matches(labels.ParseLabelArray("reserved:none")))
    83  	require.Equal(t, false, slice.matches(labels.ParseLabelArray("id=foo")))
    84  
    85  	slice = EntitySlice{EntityHost, EntityHealth}
    86  	require.Equal(t, true, slice.matches(labels.ParseLabelArray("reserved:host")))
    87  	require.Equal(t, false, slice.matches(labels.ParseLabelArray("reserved:world")))
    88  	require.Equal(t, true, slice.matches(labels.ParseLabelArray("reserved:health")))
    89  	require.Equal(t, false, slice.matches(labels.ParseLabelArray("reserved:unmanaged")))
    90  	require.Equal(t, false, slice.matches(labels.ParseLabelArray("reserved:none")))
    91  	require.Equal(t, false, slice.matches(labels.ParseLabelArray("id=foo")))
    92  }