github.com/cilium/cilium@v1.16.2/pkg/policy/api/fqdn_test.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package api 5 6 import ( 7 "fmt" 8 "testing" 9 10 "github.com/stretchr/testify/require" 11 ) 12 13 // TestFQDNSelectorSanitize tests that the sanitizer correctly catches bad 14 // cases, and allows good ones. 15 func TestFQDNSelectorSanitize(t *testing.T) { 16 setUpSuite(t) 17 18 for _, accept := range []FQDNSelector{ 19 {MatchName: "cilium.io."}, 20 {MatchName: "get-cilium.io."}, 21 {MatchName: "foo.cilium.io."}, 22 {MatchName: "cilium.io"}, 23 {MatchName: "_cilium.io"}, 24 {MatchPattern: "*.cilium.io"}, 25 {MatchPattern: "*._cilium.io"}, 26 {MatchPattern: "*cilium.io"}, 27 {MatchPattern: "cilium.io"}, 28 } { 29 err := accept.sanitize() 30 require.NoError(t, err, fmt.Sprintf("FQDNSelector %+v was rejected but it should be valid", accept)) 31 } 32 33 for _, reject := range []FQDNSelector{ 34 {MatchName: "a{1,2}.cilium.io."}, 35 {MatchPattern: "[a-z]*.cilium.io."}, 36 {MatchName: "cilium.io", MatchPattern: "*cilium.io"}, 37 } { 38 err := reject.sanitize() 39 require.Error(t, err, fmt.Sprintf("FQDNSelector %+v was accepted but it should be invalid", reject)) 40 } 41 } 42 43 // TestPortRuleDNSSanitize tests that the sanitizer correctly catches bad 44 // cases, and allows good ones. 45 func TestPortRuleDNSSanitize(t *testing.T) { 46 setUpSuite(t) 47 48 for _, accept := range []PortRuleDNS{ 49 {MatchName: "cilium.io."}, 50 {MatchName: "get-cilium.io."}, 51 {MatchName: "foo.cilium.io."}, 52 {MatchName: "cilium.io"}, 53 {MatchName: "_cilium.io"}, 54 {MatchPattern: "*.cilium.io"}, 55 {MatchPattern: "*._cilium.io"}, 56 {MatchPattern: "*cilium.io"}, 57 {MatchPattern: "cilium.io"}, 58 } { 59 err := accept.Sanitize() 60 require.NoError(t, err, fmt.Sprintf("PortRuleDNS %+v was rejected but it should be valid", accept)) 61 } 62 63 for _, reject := range []PortRuleDNS{ 64 {MatchName: "a{1,2}.cilium.io."}, 65 {MatchPattern: "[a-z]*.cilium.io."}, 66 {MatchName: "a{1,2}.cilium.io.", MatchPattern: "[a-z]*.cilium.io."}, 67 } { 68 err := reject.Sanitize() 69 require.Error(t, err, fmt.Sprintf("PortRuleDNS %+v was accepted but it should be invalid", reject)) 70 } 71 } 72 73 // TestPortRuleDNSSanitize tests that the sanitizer correctly catches bad 74 // cases, and allows good ones. 75 func BenchmarkFQDNSelectorString(b *testing.B) { 76 b.ReportAllocs() 77 b.ResetTimer() 78 for i := 0; i < b.N; i++ { 79 for _, s := range []FQDNSelector{ 80 {MatchName: "cilium.io"}, 81 {MatchPattern: "[a-z]*.cilium.io"}, 82 {MatchName: "a{1,2}.cilium.io", MatchPattern: "[a-z]*.cilium.io"}, 83 {MatchPattern: "*.cilium.io"}, 84 } { 85 _ = s.String() 86 } 87 } 88 }