github.com/imran-kn/cilium-fork@v1.6.9/pkg/policy/groups/helpers_test.go (about) 1 // Copyright 2018 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // +build !privileged_tests 16 17 package groups 18 19 import ( 20 "fmt" 21 "net" 22 23 "github.com/cilium/cilium/pkg/checker" 24 cilium_v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2" 25 "github.com/cilium/cilium/pkg/policy/api" 26 27 . "gopkg.in/check.v1" 28 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 29 "k8s.io/apimachinery/pkg/types" 30 ) 31 32 func getSamplePolicy(name, ns string) *cilium_v2.CiliumNetworkPolicy { 33 cnp := &cilium_v2.CiliumNetworkPolicy{} 34 35 cnp.ObjectMeta.Name = name 36 cnp.ObjectMeta.Namespace = ns 37 cnp.ObjectMeta.UID = types.UID("123") 38 cnp.Spec = &api.Rule{ 39 EndpointSelector: api.EndpointSelector{ 40 LabelSelector: &metav1.LabelSelector{ 41 MatchLabels: map[string]string{ 42 "test": "true", 43 }, 44 }, 45 }, 46 } 47 return cnp 48 } 49 50 func (s *GroupsTestSuite) TestCorrectDerivativeName(c *C) { 51 name := "test" 52 cnp := getSamplePolicy(name, "testns") 53 DerivativeCNP, err := createDerivativeCNP(cnp) 54 c.Assert(err, IsNil) 55 c.Assert( 56 DerivativeCNP.ObjectMeta.Name, 57 Equals, 58 fmt.Sprintf("%s-togroups-%s", name, cnp.ObjectMeta.UID)) 59 } 60 61 func (s *GroupsTestSuite) TestDerivativePoliciesAreDeletedIfNoToGroups(c *C) { 62 name := "test" 63 cnp := getSamplePolicy(name, "testns") 64 65 cnp.Spec.Egress = []api.EgressRule{ 66 { 67 ToPorts: []api.PortRule{ 68 { 69 Ports: []api.PortProtocol{ 70 {Port: "5555"}, 71 }, 72 }, 73 }, 74 }, 75 } 76 77 DerivativeCNP, err := createDerivativeCNP(cnp) 78 c.Assert(err, IsNil) 79 c.Assert(DerivativeCNP.Specs[0].Egress, checker.DeepEquals, cnp.Spec.Egress) 80 c.Assert(len(DerivativeCNP.Specs), Equals, 1) 81 } 82 83 func (s *GroupsTestSuite) TestDerivativePoliciesAreInheritCorrectly(c *C) { 84 85 cb := func(group *api.ToGroups) ([]net.IP, error) { 86 return []net.IP{net.ParseIP("192.168.1.1")}, nil 87 } 88 89 api.RegisterToGroupsProvider(api.AWSProvider, cb) 90 91 name := "test" 92 cnp := getSamplePolicy(name, "testns") 93 94 cnp.Spec.Egress = []api.EgressRule{ 95 { 96 ToPorts: []api.PortRule{ 97 { 98 Ports: []api.PortProtocol{ 99 {Port: "5555"}, 100 }, 101 }, 102 }, 103 ToGroups: []api.ToGroups{ 104 { 105 AWS: &api.AWSGroup{ 106 Labels: map[string]string{ 107 "test": "a", 108 }, 109 }, 110 }, 111 }, 112 }, 113 } 114 115 DerivativeCNP, err := createDerivativeCNP(cnp) 116 c.Assert(err, IsNil) 117 c.Assert(DerivativeCNP.Spec, IsNil) 118 c.Assert(len(DerivativeCNP.Specs), Equals, 1) 119 c.Assert(DerivativeCNP.Specs[0].Egress[0].ToPorts, checker.DeepEquals, cnp.Spec.Egress[0].ToPorts) 120 c.Assert(len(DerivativeCNP.Specs[0].Egress[0].ToGroups), Equals, 0) 121 }