github.com/kiali/kiali@v1.84.0/business/checkers/destinationrules/namespacewide_mtls_checker_test.go (about) 1 package destinationrules 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 security_v1beta "istio.io/client-go/pkg/apis/security/v1beta1" 8 9 "github.com/kiali/kiali/config" 10 "github.com/kiali/kiali/kubernetes" 11 "github.com/kiali/kiali/models" 12 "github.com/kiali/kiali/tests/data" 13 "github.com/kiali/kiali/tests/testutils/validations" 14 ) 15 16 // Context: DestinationRule enables namespace-wide mTLS 17 // Context: There is one PeerAuthn enabling PERMISSIVE mTLS 18 // It doesn't return any validation 19 func TestMTLSNshWideDREnabledWithNsPolicyPermissive(t *testing.T) { 20 assert := assert.New(t) 21 conf := config.NewConfig() 22 config.Set(conf) 23 24 destinationRule := data.AddTrafficPolicyToDestinationRule(data.CreateMTLSTrafficPolicyForDestinationRules(), 25 data.CreateEmptyDestinationRule("bookinfo", "dr-mtls", "*.bookinfo.svc.cluster.local")) 26 27 mTlsDetails := kubernetes.MTLSDetails{ 28 PeerAuthentications: []*security_v1beta.PeerAuthentication{ 29 data.CreateEmptyPeerAuthentication("default", "bookinfo", data.CreateMTLS("PERMISSIVE")), 30 }, 31 } 32 33 validations, valid := NamespaceWideMTLSChecker{ 34 DestinationRule: destinationRule, 35 MTLSDetails: mTlsDetails, 36 }.Check() 37 38 assert.Empty(validations) 39 assert.True(valid) 40 } 41 42 // Context: DestinationRule enables namespace-wide mTLS 43 // Context: There is one PeerAuthn enabling STRICT mTLS 44 // It doesn't return any validation 45 func TestMTLSNsWideDREnabledWithPolicy(t *testing.T) { 46 destinationRule := data.AddTrafficPolicyToDestinationRule(data.CreateMTLSTrafficPolicyForDestinationRules(), 47 data.CreateEmptyDestinationRule("bookinfo", "dr-mtls", "*.bookinfo.svc.cluster.local")) 48 49 mTlsDetails := kubernetes.MTLSDetails{ 50 PeerAuthentications: []*security_v1beta.PeerAuthentication{ 51 data.CreateEmptyPeerAuthentication("default", "bookinfo", data.CreateMTLS("STRICT")), 52 }, 53 } 54 55 assert := assert.New(t) 56 57 validations, valid := NamespaceWideMTLSChecker{ 58 DestinationRule: destinationRule, 59 MTLSDetails: mTlsDetails, 60 }.Check() 61 62 assert.Empty(validations) 63 assert.True(valid) 64 } 65 66 // Context: DestinationRule enables namespace-wide mTLS 67 // Context: There is one MeshPolicy enabling mTLS 68 // It doesn't return any validation 69 func TestMTLSNsWideDREnabledWithMeshPolicy(t *testing.T) { 70 destinationRule := data.AddTrafficPolicyToDestinationRule(data.CreateMTLSTrafficPolicyForDestinationRules(), 71 data.CreateEmptyDestinationRule("bookinfo", "dr-mtls", "*.bookinfo.svc.cluster.local")) 72 73 mTlsDetails := kubernetes.MTLSDetails{ 74 MeshPeerAuthentications: []*security_v1beta.PeerAuthentication{ 75 data.CreateEmptyMeshPeerAuthentication("default", data.CreateMTLS("STRICT")), 76 }, 77 } 78 79 assert := assert.New(t) 80 81 validations, valid := NamespaceWideMTLSChecker{ 82 DestinationRule: destinationRule, 83 MTLSDetails: mTlsDetails, 84 }.Check() 85 86 assert.Empty(validations) 87 assert.True(valid) 88 } 89 90 // Context: DestinationRule enables namespace-wide mTLS 91 // Context: There isn't any policy enabling mTLS 92 // It doesn't return any validation 93 func TestMTLSNsWideDREnabledWithoutPolicy(t *testing.T) { 94 destinationRule := data.AddTrafficPolicyToDestinationRule(data.CreateMTLSTrafficPolicyForDestinationRules(), 95 data.CreateEmptyDestinationRule("bookinfo", "dr-mtls", "*.bookinfo.svc.cluster.local")) 96 97 mTlsDetails := kubernetes.MTLSDetails{} 98 99 assert := assert.New(t) 100 101 vals, valid := NamespaceWideMTLSChecker{ 102 DestinationRule: destinationRule, 103 MTLSDetails: mTlsDetails, 104 }.Check() 105 106 assert.NotEmpty(vals) 107 assert.Equal(1, len(vals)) 108 assert.False(valid) 109 110 validation := vals[0] 111 assert.NotNil(validation) 112 assert.Equal(models.ErrorSeverity, validation.Severity) 113 assert.Equal("spec/trafficPolicy/tls/mode", validation.Path) 114 assert.NoError(validations.ConfirmIstioCheckMessage("destinationrules.mtls.nspolicymissing", validation)) 115 }