github.com/cilium/cilium@v1.16.2/pkg/policy/api/groups_test.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package api 5 6 import ( 7 "context" 8 "fmt" 9 "net/netip" 10 "testing" 11 12 "github.com/stretchr/testify/require" 13 ) 14 15 func GetGroupsRule() Groups { 16 return Groups{ 17 AWS: &AWSGroup{ 18 Labels: map[string]string{ 19 "test": "a", 20 }, 21 SecurityGroupsIds: []string{ 22 "a", "b", "c", 23 }, 24 SecurityGroupsNames: []string{ 25 "a", "b", "c", 26 }, 27 }, 28 } 29 } 30 func GetCallBackWithRule(ips ...string) GroupProviderFunc { 31 netIPs := make([]netip.Addr, 0, len(ips)) 32 for _, ip := range ips { 33 if addr, err := netip.ParseAddr(ip); err == nil { 34 netIPs = append(netIPs, addr) 35 } 36 } 37 38 return func(ctx context.Context, group *Groups) ([]netip.Addr, error) { 39 return netIPs, nil 40 } 41 } 42 43 func TestGetCIDRSetWithValidValue(t *testing.T) { 44 cb := GetCallBackWithRule("192.168.1.1") 45 RegisterToGroupsProvider(AWSProvider, cb) 46 47 expectedCidrRule := []CIDRRule{ 48 {Cidr: "192.168.1.1/32", ExceptCIDRs: []CIDR{}, Generated: true}} 49 group := GetGroupsRule() 50 cidr, err := group.GetCidrSet(context.TODO()) 51 require.EqualValues(t, expectedCidrRule, cidr) 52 require.Nil(t, err) 53 } 54 55 func TestGetCIDRSetWithMultipleSorted(t *testing.T) { 56 cb := GetCallBackWithRule("192.168.1.1", "192.168.10.10", "192.168.10.3") 57 RegisterToGroupsProvider(AWSProvider, cb) 58 expectedCidrRule := []CIDRRule{ 59 {Cidr: "192.168.1.1/32", ExceptCIDRs: []CIDR{}, Generated: true}, 60 {Cidr: "192.168.10.3/32", ExceptCIDRs: []CIDR{}, Generated: true}, 61 {Cidr: "192.168.10.10/32", ExceptCIDRs: []CIDR{}, Generated: true}} 62 group := GetGroupsRule() 63 cidr, err := group.GetCidrSet(context.TODO()) 64 require.EqualValues(t, expectedCidrRule, cidr) 65 require.Nil(t, err) 66 } 67 68 func TestGetCIDRSetWithUniqueCIDRRule(t *testing.T) { 69 cb := GetCallBackWithRule("192.168.1.1", "192.168.10.10", "192.168.1.1") 70 RegisterToGroupsProvider(AWSProvider, cb) 71 72 cidrRule := []CIDRRule{ 73 {Cidr: "192.168.1.1/32", ExceptCIDRs: []CIDR{}, Generated: true}, 74 {Cidr: "192.168.10.10/32", ExceptCIDRs: []CIDR{}, Generated: true}} 75 76 group := GetGroupsRule() 77 cidr, err := group.GetCidrSet(context.TODO()) 78 require.EqualValues(t, cidrRule, cidr) 79 require.Nil(t, err) 80 } 81 82 func TestGetCIDRSetWithError(t *testing.T) { 83 setUpSuite(t) 84 85 cb := func(ctx context.Context, group *Groups) ([]netip.Addr, error) { 86 return []netip.Addr{}, fmt.Errorf("Invalid credentials") 87 } 88 RegisterToGroupsProvider(AWSProvider, cb) 89 group := GetGroupsRule() 90 cidr, err := group.GetCidrSet(context.TODO()) 91 require.Nil(t, cidr) 92 require.Error(t, err) 93 } 94 95 func TestWithoutProviderRegister(t *testing.T) { 96 setUpSuite(t) 97 98 providers.Delete(AWSProvider) 99 group := GetGroupsRule() 100 cidr, err := group.GetCidrSet(context.TODO()) 101 require.Nil(t, cidr) 102 require.Error(t, err) 103 } 104 105 func BenchmarkGetCIDRSet(b *testing.B) { 106 cb := GetCallBackWithRule("192.168.1.1", "192.168.10.10", "192.168.10.3") 107 RegisterToGroupsProvider(AWSProvider, cb) 108 group := GetGroupsRule() 109 b.ReportAllocs() 110 b.ResetTimer() 111 for i := 0; i < b.N; i++ { 112 _, err := group.GetCidrSet(context.TODO()) 113 if err != nil { 114 b.Fatal(err) 115 } 116 } 117 }