github.com/cilium/cilium@v1.16.2/pkg/policy/api/fqdn_test.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package api
     5  
     6  import (
     7  	"fmt"
     8  	"testing"
     9  
    10  	"github.com/stretchr/testify/require"
    11  )
    12  
    13  // TestFQDNSelectorSanitize tests that the sanitizer correctly catches bad
    14  // cases, and allows good ones.
    15  func TestFQDNSelectorSanitize(t *testing.T) {
    16  	setUpSuite(t)
    17  
    18  	for _, accept := range []FQDNSelector{
    19  		{MatchName: "cilium.io."},
    20  		{MatchName: "get-cilium.io."},
    21  		{MatchName: "foo.cilium.io."},
    22  		{MatchName: "cilium.io"},
    23  		{MatchName: "_cilium.io"},
    24  		{MatchPattern: "*.cilium.io"},
    25  		{MatchPattern: "*._cilium.io"},
    26  		{MatchPattern: "*cilium.io"},
    27  		{MatchPattern: "cilium.io"},
    28  	} {
    29  		err := accept.sanitize()
    30  		require.NoError(t, err, fmt.Sprintf("FQDNSelector %+v was rejected but it should be valid", accept))
    31  	}
    32  
    33  	for _, reject := range []FQDNSelector{
    34  		{MatchName: "a{1,2}.cilium.io."},
    35  		{MatchPattern: "[a-z]*.cilium.io."},
    36  		{MatchName: "cilium.io", MatchPattern: "*cilium.io"},
    37  	} {
    38  		err := reject.sanitize()
    39  		require.Error(t, err, fmt.Sprintf("FQDNSelector %+v was accepted but it should be invalid", reject))
    40  	}
    41  }
    42  
    43  // TestPortRuleDNSSanitize tests that the sanitizer correctly catches bad
    44  // cases, and allows good ones.
    45  func TestPortRuleDNSSanitize(t *testing.T) {
    46  	setUpSuite(t)
    47  
    48  	for _, accept := range []PortRuleDNS{
    49  		{MatchName: "cilium.io."},
    50  		{MatchName: "get-cilium.io."},
    51  		{MatchName: "foo.cilium.io."},
    52  		{MatchName: "cilium.io"},
    53  		{MatchName: "_cilium.io"},
    54  		{MatchPattern: "*.cilium.io"},
    55  		{MatchPattern: "*._cilium.io"},
    56  		{MatchPattern: "*cilium.io"},
    57  		{MatchPattern: "cilium.io"},
    58  	} {
    59  		err := accept.Sanitize()
    60  		require.NoError(t, err, fmt.Sprintf("PortRuleDNS %+v was rejected but it should be valid", accept))
    61  	}
    62  
    63  	for _, reject := range []PortRuleDNS{
    64  		{MatchName: "a{1,2}.cilium.io."},
    65  		{MatchPattern: "[a-z]*.cilium.io."},
    66  		{MatchName: "a{1,2}.cilium.io.", MatchPattern: "[a-z]*.cilium.io."},
    67  	} {
    68  		err := reject.Sanitize()
    69  		require.Error(t, err, fmt.Sprintf("PortRuleDNS %+v was accepted but it should be invalid", reject))
    70  	}
    71  }
    72  
    73  // TestPortRuleDNSSanitize tests that the sanitizer correctly catches bad
    74  // cases, and allows good ones.
    75  func BenchmarkFQDNSelectorString(b *testing.B) {
    76  	b.ReportAllocs()
    77  	b.ResetTimer()
    78  	for i := 0; i < b.N; i++ {
    79  		for _, s := range []FQDNSelector{
    80  			{MatchName: "cilium.io"},
    81  			{MatchPattern: "[a-z]*.cilium.io"},
    82  			{MatchName: "a{1,2}.cilium.io", MatchPattern: "[a-z]*.cilium.io"},
    83  			{MatchPattern: "*.cilium.io"},
    84  		} {
    85  			_ = s.String()
    86  		}
    87  	}
    88  }