github.com/imran-kn/cilium-fork@v1.6.9/pkg/policy/api/fqdn_test.go

github.com/imran-kn/cilium-fork@v1.6.9/pkg/policy/api/fqdn_test.go (about)

     1  // Copyright 2018 Authors of Cilium
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // +build !privileged_tests
    16  
    17  package api
    18  
    19  import (
    20  	. "gopkg.in/check.v1"
    21  )
    22  
    23  // TestFQDNSelectorSanitize tests that the sanitizer correctly catches bad
    24  // cases, and allows good ones.
    25  func (s *PolicyAPITestSuite) TestFQDNSelectorSanitize(c *C) {
    26  	for _, accept := range []FQDNSelector{
    27  		{MatchName: "cilium.io."},
    28  		{MatchName: "get-cilium.io."},
    29  		{MatchName: "foo.cilium.io."},
    30  		{MatchName: "cilium.io"},
    31  		{MatchPattern: "*.cilium.io"},
    32  		{MatchPattern: "*cilium.io"},
    33  		{MatchPattern: "cilium.io"},
    34  	} {
    35  		err := accept.sanitize()
    36  		c.Assert(err, IsNil, Commentf("FQDNSelector %+v was rejected but it should be valid", accept))
    37  	}
    38  
    39  	for _, reject := range []FQDNSelector{
    40  		{MatchName: "a{1,2}.cilium.io."},
    41  		{MatchPattern: "[a-z]*.cilium.io."},
    42  		{MatchName: "cilium.io", MatchPattern: "*cilium.io"},
    43  	} {
    44  		err := reject.sanitize()
    45  		c.Assert(err, Not(IsNil), Commentf("FQDNSelector %+v was accepted but it should be invalid", reject))
    46  	}
    47  }
    48  
    49  // TestPortRuleDNSSanitize tests that the sanitizer correctly catches bad
    50  // cases, and allows good ones.
    51  func (s *PolicyAPITestSuite) TestPortRuleDNSSanitize(c *C) {
    52  	for _, accept := range []PortRuleDNS{
    53  		{MatchName: "cilium.io."},
    54  		{MatchName: "get-cilium.io."},
    55  		{MatchName: "foo.cilium.io."},
    56  		{MatchName: "cilium.io"},
    57  		{MatchPattern: "*.cilium.io"},
    58  		{MatchPattern: "*cilium.io"},
    59  		{MatchPattern: "cilium.io"},
    60  	} {
    61  		err := accept.Sanitize()
    62  		c.Assert(err, IsNil, Commentf("PortRuleDNS %+v was rejected but it should be valid", accept))
    63  	}
    64  
    65  	for _, reject := range []PortRuleDNS{
    66  		{MatchName: "a{1,2}.cilium.io."},
    67  		{MatchPattern: "[a-z]*.cilium.io."},
    68  		{MatchName: "a{1,2}.cilium.io.", MatchPattern: "[a-z]*.cilium.io."},
    69  	} {
    70  		err := reject.Sanitize()
    71  		c.Assert(err, Not(IsNil), Commentf("PortRuleDNS %+v was accepted but it should be invalid", reject))
    72  	}
    73  }