github.com/kiali/kiali@v1.84.0/business/checkers/peerauthentications/disabled_namespacewide_checker_test.go (about)

     1  package peerauthentications
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/kiali/kiali/config"
     8  	"github.com/kiali/kiali/models"
     9  	"github.com/kiali/kiali/tests/testutils/validations"
    10  )
    11  
    12  // This vals works only with AutoMTls disabled
    13  
    14  // Context: PeerAuthn disabled
    15  // Context: DestinationRule tls mode disabled
    16  // It doesn't return any validation
    17  func TestPeerAuthnDisabledDestRuleDisabled(t *testing.T) {
    18  	testNoDisabledNsValidations("disabled_namespacewide_checker_1.yaml", t)
    19  }
    20  
    21  // Context: PeerAuthn disabled
    22  // Context: DestinationRule tls mode ISTIO_MUTUAL
    23  // It returns a validation
    24  func TestPeerAuthnDisabledDestRuleEnabled(t *testing.T) {
    25  	testWithDisabledNsValidations("disabled_namespacewide_checker_2.yaml", t)
    26  }
    27  
    28  // Context: PeerAuthn disabled
    29  // Context: Mesh-wide DestinationRule tls mode disabled
    30  // It doesn't return a validation
    31  func TestPeerAuthnDisabledMeshWideDestRuleDisabled(t *testing.T) {
    32  	testNoDisabledNsValidations("disabled_namespacewide_checker_3.yaml", t)
    33  }
    34  
    35  // Context: PeerAuthn disabled
    36  // Context: Mesh-wide DestinationRule tls mode ISTIO_MUTUAL
    37  // It returns a validation
    38  func TestPeerAuthnDisabledMeshWideDestRuleEnabled(t *testing.T) {
    39  	testWithDisabledNsValidations("disabled_namespacewide_checker_4.yaml", t)
    40  }
    41  
    42  // Context: PeerAuthn disabled
    43  // Context: No Destination Rule at any level
    44  // It doesn't return any validation
    45  func TestPeerAuthnDisabledNoDestRule(t *testing.T) {
    46  	testNoDisabledNsValidations("disabled_namespacewide_checker_5.yaml", t)
    47  }
    48  
    49  // Context: PeerAuthn disabled at namespace
    50  // Context: DR disabled at namespace
    51  // Context: mTLS strict at mesh-level (PeerAuthn + DestRule)
    52  // It doesn't return any validation
    53  func TestPeerAuthnDisabledNamespaceMtlsMeshWideEnabled(t *testing.T) {
    54  	testNoDisabledNsValidations("disabled_namespacewide_checker_6.yaml", t)
    55  }
    56  
    57  func disabledNamespacetestPrep(scenario string, t *testing.T) ([]*models.IstioCheck, bool) {
    58  	conf := config.NewConfig()
    59  	config.Set(conf)
    60  
    61  	loader := yamlFixtureLoaderFor(scenario)
    62  	err := loader.Load()
    63  
    64  	vals, valid := DisabledNamespaceWideChecker{
    65  		PeerAuthn:        loader.GetResources().PeerAuthentications[0],
    66  		DestinationRules: loader.GetResources().DestinationRules,
    67  	}.Check()
    68  
    69  	if err != nil {
    70  		t.Error("Error loading test data.")
    71  	}
    72  
    73  	return vals, valid
    74  }
    75  
    76  func testNoDisabledNsValidations(scenario string, t *testing.T) {
    77  	vals, valid := disabledNamespacetestPrep(scenario, t)
    78  
    79  	tb := validations.IstioCheckTestAsserter{T: t, Validations: vals, Valid: valid}
    80  	tb.AssertNoValidations()
    81  }
    82  
    83  func testWithDisabledNsValidations(scenario string, t *testing.T) {
    84  	vals, valid := disabledNamespacetestPrep(scenario, t)
    85  
    86  	tb := validations.IstioCheckTestAsserter{T: t, Validations: vals, Valid: valid}
    87  	tb.AssertValidationsPresent(1, false)
    88  	tb.AssertValidationAt(0, models.ErrorSeverity, "spec/mtls", "peerauthentications.mtls.disabledestinationrulemissing")
    89  }
    90  
    91  func yamlFixtureLoaderFor(file string) *validations.YamlFixtureLoader {
    92  	path := fmt.Sprintf("../../../tests/data/validations/peerauthentications/%s", file)
    93  	return &validations.YamlFixtureLoader{Filename: path}
    94  }