github.com/fafucoder/cilium@v1.6.11/test/helpers/policygen/policygen.go (about)

     1  // Copyright 2017 Authors of Cilium
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  package policygen
    15  
    16  var policiesTestSuite = PolicyTestSuite{
    17  	l3Checks: []PolicyTestKind{
    18  		{
    19  			name:  "No Policy",
    20  			kind:  ingress,
    21  			tests: ConnResultAllOK,
    22  			template: map[string]string{
    23  				"fromEndpoints": `[{}]`,
    24  			},
    25  		},
    26  		{
    27  			name:  "Ingress Label",
    28  			kind:  ingress,
    29  			tests: ConnResultAllOK,
    30  			template: map[string]string{
    31  				"fromEndpoints": `[{"matchLabels": { "id": "{{.SrcPod}}"}}]`,
    32  			},
    33  		},
    34  		{
    35  			name:  "Ingress Label Invalid",
    36  			kind:  ingress,
    37  			tests: ConnResultAllTimeout,
    38  			template: map[string]string{
    39  				"fromEndpoints": `[{"matchLabels": { "id": "{{.SrcPod}}Invalid"}}]`,
    40  			},
    41  		},
    42  	},
    43  	l4Checks: []PolicyTestKind{
    44  		{
    45  			name:     "No Policy",
    46  			kind:     ingress,
    47  			tests:    ConnResultAllOK,
    48  			template: map[string]string{},
    49  		},
    50  		{
    51  			name:  "Ingress Port 80 No protocol",
    52  			kind:  ingress,
    53  			tests: ConnResultOnlyHTTP,
    54  			template: map[string]string{
    55  				"ports": `[{"port": "80"}]`,
    56  			},
    57  		},
    58  		{
    59  			name:  "Egress Port 80 No protocol",
    60  			kind:  egress,
    61  			tests: ConnResultOnlyHTTP,
    62  			template: map[string]string{
    63  				"ports": `[{"port": "80"}]`,
    64  			},
    65  		},
    66  		{
    67  			name:  "Ingress Port 80 TCP",
    68  			kind:  ingress,
    69  			tests: ConnResultOnlyHTTP,
    70  			template: map[string]string{
    71  				"ports": `[{"port": "80", "protocol": "TCP"}]`,
    72  			},
    73  		},
    74  		{
    75  			name:  "Ingress Port 80 UDP",
    76  			kind:  ingress,
    77  			tests: ConnResultAllTimeout,
    78  			template: map[string]string{
    79  				"ports": `[{"port": "80", "protocol": "UDP"}]`,
    80  			},
    81  		},
    82  		{
    83  			name:  "Egress Port 80 TCP",
    84  			kind:  egress,
    85  			tests: ConnResultOnlyHTTP,
    86  			template: map[string]string{
    87  				"ports": `[{"port": "80", "protocol": "TCP"}]`,
    88  			},
    89  		},
    90  		{
    91  			name:  "Egress Port 80 UDP",
    92  			kind:  egress,
    93  			tests: ConnResultAllTimeout,
    94  			template: map[string]string{
    95  				"ports": `[{"port": "80", "protocol": "UDP"}]`,
    96  			},
    97  		},
    98  	},
    99  	l7Checks: []PolicyTestKind{
   100  		{
   101  			name:     "No Policy",
   102  			kind:     ingress,
   103  			tests:    ConnResultAllOK,
   104  			template: map[string]string{},
   105  		},
   106  		{
   107  			name:  "Ingress policy /private/",
   108  			kind:  ingress,
   109  			tests: ConnResultOnlyHTTPPrivate,
   110  			template: map[string]string{
   111  				"rules": `{"http": [{"method": "GET", "path": "/private"}]}`,
   112  				"ports": `[{"port": "80", "protocol": "TCP"}]`,
   113  			},
   114  			exclude: []string{
   115  				"L4:Ingress Port 80 UDP",
   116  				"L4:Ingress Port 80 No protocol",
   117  			},
   118  		},
   119  		{
   120  			name:  "Egress policy to /private/",
   121  			kind:  egress,
   122  			tests: ConnResultOnlyHTTPPrivate,
   123  			template: map[string]string{
   124  				"rules": `{"http": [{"method": "GET", "path": "/private"}]}`,
   125  				"ports": `[{"port": "80", "protocol": "TCP"}]`,
   126  			},
   127  			exclude: []string{
   128  				"L4:Egress Port 80 UDP",
   129  				"L4:Egress Port 80 No protocol",
   130  			},
   131  		},
   132  	},
   133  }
   134  
   135  // GeneratedTestSpec returns a `TestSpec` array with all the policies
   136  // possibilities based on all combinations of `policiesTestSuite`
   137  func GeneratedTestSpec() []TestSpec {
   138  	var testSpecs = []TestSpec{}
   139  	for _, l3 := range policiesTestSuite.l3Checks {
   140  		for _, l4 := range policiesTestSuite.l4Checks {
   141  			for _, l7 := range policiesTestSuite.l7Checks {
   142  				for _, dst := range DestinationsTypes {
   143  					testSpecs = append(testSpecs, TestSpec{
   144  						l3:          l3,
   145  						l4:          l4,
   146  						l7:          l7,
   147  						Destination: dst,
   148  					})
   149  				}
   150  			}
   151  		}
   152  	}
   153  	return testSpecs
   154  }
   155  
   156  // GetBasicTestSpec returns a very simple TestSpec with a L4 and L7 policy that
   157  // allow traffic only to /private/
   158  func GetBasicTestSpec() TestSpec {
   159  	return TestSpec{
   160  		l3: PolicyTestKind{
   161  			name:  "No Policy",
   162  			kind:  ingress,
   163  			tests: ConnResultAllOK,
   164  			template: map[string]string{
   165  				"FromEndpoints": `[{}]`,
   166  			},
   167  		},
   168  		l4: PolicyTestKind{
   169  			name:  "Ingress Port 80 TCP",
   170  			kind:  ingress,
   171  			tests: ConnResultOnlyHTTP,
   172  			template: map[string]string{
   173  				"Ports": `[{"port": "80", "protocol": "TCP"}]`,
   174  			},
   175  		},
   176  		l7: PolicyTestKind{
   177  			name:  "Ingress policy /private/",
   178  			kind:  ingress,
   179  			tests: ConnResultOnlyHTTPPrivate,
   180  			template: map[string]string{
   181  				"Rules": `{"http": [{"method": "GET", "path": "/private"}]}`,
   182  				"Ports": `[{"port": "80", "protocol": "TCP"}]`,
   183  			},
   184  		},
   185  		Destination: DestinationsTypes[0],
   186  	}
   187  }