github.com/kiali/kiali@v1.84.0/business/checkers/sidecars/egress_listener_checker_test.go (about) 1 package sidecars 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 networking_v1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" 9 10 "github.com/kiali/kiali/config" 11 "github.com/kiali/kiali/kubernetes" 12 "github.com/kiali/kiali/models" 13 "github.com/kiali/kiali/tests/data" 14 "github.com/kiali/kiali/tests/testutils/validations" 15 ) 16 17 func TestEgressHostFormatCorrect(t *testing.T) { 18 assert := assert.New(t) 19 20 c := config.Get() 21 c.ExternalServices.Istio.IstioIdentityDomain = "svc.cluster.local" 22 config.Set(c) 23 24 vals, valid := EgressHostChecker{ 25 RegistryServices: data.CreateFakeMultiRegistryServices([]string{"details.bookinfo.svc.cluster.local", "reviews.bookinfo.svc.cluster.local"}, "bookinfo", "*"), 26 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateExternalServiceEntry()}), 27 Sidecar: sidecarWithHosts([]string{ 28 "*/*", 29 "~/*", 30 "./*", 31 "./reviews.bookinfo.svc.cluster.local", 32 "./*.bookinfo.svc.cluster.local", 33 "./wikipedia.org", 34 "bookinfo/*", 35 "bookinfo/*.bookinfo.svc.cluster.local", 36 "bookinfo/reviews.bookinfo.svc.cluster.local", 37 "bookinfo/wikipedia.org", 38 }), 39 }.Check() 40 41 assert.Empty(vals) 42 assert.True(valid) 43 } 44 45 func TestEgressHostNotFoundService(t *testing.T) { 46 assert := assert.New(t) 47 48 vals, valid := EgressHostChecker{ 49 RegistryServices: data.CreateFakeRegistryServicesLabels("reviews", "bookinfo"), 50 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateExternalServiceEntry()}), 51 Sidecar: sidecarWithHosts([]string{ 52 "bookinfo2/reviews.bookinfo2.svc.cluster.local", 53 }), 54 }.Check() 55 56 assert.NotEmpty(vals) 57 assert.True(valid) 58 assert.Equal(models.WarningSeverity, vals[0].Severity) 59 assert.Equal("spec/egress[0]/hosts[0]", vals[0].Path) 60 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", vals[0])) 61 } 62 63 func TestEgressHostNotFoundWronglyExportedService(t *testing.T) { 64 assert := assert.New(t) 65 66 vals, valid := EgressHostChecker{ 67 RegistryServices: data.CreateFakeRegistryServices("reviews.bookinfo2.svc.cluster.local", "bookinfo", "wrong"), 68 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateExternalServiceEntry()}), 69 Sidecar: sidecarWithHosts([]string{ 70 "bookinfo2/reviews.bookinfo2.svc.cluster.local", 71 }), 72 }.Check() 73 74 assert.NotEmpty(vals) 75 assert.True(valid) 76 assert.Equal(models.WarningSeverity, vals[0].Severity) 77 assert.Equal("spec/egress[0]/hosts[0]", vals[0].Path) 78 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", vals[0])) 79 } 80 81 func TestEgressHostFoundExportedService(t *testing.T) { 82 assert := assert.New(t) 83 84 vals, valid := EgressHostChecker{ 85 RegistryServices: data.CreateFakeRegistryServices("reviews.bookinfo2.svc.cluster.local", "bookinfo", "*"), 86 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateExternalServiceEntry()}), 87 Sidecar: sidecarWithHosts([]string{ 88 "bookinfo2/reviews.bookinfo2.svc.cluster.local", 89 }), 90 }.Check() 91 92 assert.Empty(vals) 93 assert.True(valid) 94 } 95 96 func TestEgressHostFoundLocalService(t *testing.T) { 97 assert := assert.New(t) 98 99 vals, valid := EgressHostChecker{ 100 RegistryServices: data.CreateFakeRegistryServices("reviews.bookinfo2.svc.cluster.local", "bookinfo2", "*"), 101 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateExternalServiceEntry()}), 102 Sidecar: sidecarWithHosts([]string{ 103 "bookinfo2/reviews.bookinfo2.svc.cluster.local", 104 }), 105 }.Check() 106 107 assert.Empty(vals) 108 assert.True(valid) 109 } 110 111 func TestEgressExportedInternalServiceEntryPresent(t *testing.T) { 112 assert := assert.New(t) 113 114 vals, valid := EgressHostChecker{ 115 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 116 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshInternalServiceEntry("details-se", "bookinfo3", []string{"details.bookinfo2.svc.cluster.local"})}), 117 Sidecar: sidecarWithHosts([]string{ 118 "bookinfo/details.bookinfo2.svc.cluster.local", 119 }), 120 }.Check() 121 122 assert.Empty(vals) 123 assert.True(valid) 124 } 125 126 func TestEgressExportedExternalServiceEntryPresent(t *testing.T) { 127 assert := assert.New(t) 128 129 vals, valid := EgressHostChecker{ 130 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 131 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshExternalServiceEntry("details-se", "bookinfo3", []string{"www.myhost.com"})}), 132 Sidecar: sidecarWithHosts([]string{ 133 "bookinfo/www.myhost.com", 134 }), 135 }.Check() 136 137 assert.Empty(vals) 138 assert.True(valid) 139 } 140 141 func TestWildcardHostEgressExportedExternalServiceEntryNotPresent(t *testing.T) { 142 assert := assert.New(t) 143 144 vals, valid := EgressHostChecker{ 145 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 146 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshExternalServiceEntry("details-se", "bookinfo3", []string{"www.myhost.com"})}), 147 Sidecar: sidecarWithHosts([]string{ 148 "bookinfo/*.myhost.com", 149 }), 150 }.Check() 151 152 assert.NotEmpty(vals) 153 assert.True(valid) 154 assert.Equal(models.WarningSeverity, vals[0].Severity) 155 assert.Equal("spec/egress[0]/hosts[0]", vals[0].Path) 156 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", vals[0])) 157 } 158 159 func TestEgressExportedExternalWildcardServiceEntryPresent(t *testing.T) { 160 assert := assert.New(t) 161 162 vals, valid := EgressHostChecker{ 163 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 164 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshExternalServiceEntry("details-se", "bookinfo3", []string{"*.myhost.com"})}), 165 Sidecar: sidecarWithHosts([]string{ 166 "bookinfo/www.myhost.com", 167 }), 168 }.Check() 169 170 assert.Empty(vals) 171 assert.True(valid) 172 } 173 174 func TestEgressExportedInternalServiceEntryNotPresent(t *testing.T) { 175 assert := assert.New(t) 176 177 vals, valid := EgressHostChecker{ 178 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 179 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshInternalServiceEntry("details-se", "bookinfo3", []string{"details.bookinfo2.svc.cluster.local"})}), 180 Sidecar: sidecarWithHosts([]string{ 181 "bookinfo/details.bookinfo.svc.cluster.local", 182 }), 183 }.Check() 184 185 assert.NotEmpty(vals) 186 assert.True(valid) 187 assert.Equal(models.WarningSeverity, vals[0].Severity) 188 assert.Equal("spec/egress[0]/hosts[0]", vals[0].Path) 189 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", vals[0])) 190 } 191 192 func TestEgressExportedExternalServiceEntryNotPresent(t *testing.T) { 193 assert := assert.New(t) 194 195 vals, valid := EgressHostChecker{ 196 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 197 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshExternalServiceEntry("details-se", "bookinfo3", []string{"www.myhost.com"})}), 198 Sidecar: sidecarWithHosts([]string{ 199 "bookinfo/www.wrong.com", 200 }), 201 }.Check() 202 203 assert.NotEmpty(vals) 204 assert.True(valid) 205 assert.Equal(models.WarningSeverity, vals[0].Severity) 206 assert.Equal("spec/egress[0]/hosts[0]", vals[0].Path) 207 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", vals[0])) 208 } 209 210 func TestEgressExportedWildcardInternalServiceEntryPresent(t *testing.T) { 211 assert := assert.New(t) 212 213 vals, valid := EgressHostChecker{ 214 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 215 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshInternalServiceEntry("details-se", "bookinfo3", []string{"*.bookinfo2.svc.cluster.local"})}), 216 Sidecar: sidecarWithHosts([]string{ 217 "bookinfo/details.bookinfo2.svc.cluster.local", 218 }), 219 }.Check() 220 221 assert.Empty(vals) 222 assert.True(valid) 223 } 224 225 func TestEgressExportedWildcardInternalServiceEntryNotPresent(t *testing.T) { 226 assert := assert.New(t) 227 228 vals, valid := EgressHostChecker{ 229 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 230 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshInternalServiceEntry("details-se", "bookinfo3", []string{"*.bookinfo3.svc.cluster.local"})}), 231 Sidecar: sidecarWithHosts([]string{ 232 "bookinfo/*.bookinfo2.svc.cluster.local", 233 }), 234 }.Check() 235 236 assert.NotEmpty(vals) 237 assert.True(valid) 238 assert.Equal(models.WarningSeverity, vals[0].Severity) 239 assert.Equal("spec/egress[0]/hosts[0]", vals[0].Path) 240 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", vals[0])) 241 } 242 243 func TestEgressExportedNonFQDNInternalServiceEntryNotPresent(t *testing.T) { 244 assert := assert.New(t) 245 246 vals, valid := EgressHostChecker{ 247 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "*"), 248 ServiceEntries: kubernetes.ServiceEntryHostnames([]*networking_v1beta1.ServiceEntry{data.CreateEmptyMeshInternalServiceEntry("details-se", "bookinfo3", []string{"details"})}), 249 Sidecar: sidecarWithHosts([]string{ 250 "bookinfo/details.bookinfo2.svc.cluster.local", 251 }), 252 }.Check() 253 254 assert.NotEmpty(vals) 255 assert.True(valid) 256 assert.Equal(models.WarningSeverity, vals[0].Severity) 257 assert.Equal("spec/egress[0]/hosts[0]", vals[0].Path) 258 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", vals[0])) 259 } 260 261 func TestEgressHostCrossNamespaceServiceNotFound(t *testing.T) { 262 assert := assert.New(t) 263 264 hosts := []string{ 265 "*/*.example.com", 266 "*/www.example.com", 267 "*/example.prod.svc.cluster.local", 268 "~/*.example.com", 269 "~/www.example.com", 270 "~/example.prod.svc.cluster.local", 271 "bookinfo/reviews.bogus.svc.cluster.local", 272 "bookinfo/*.bogus.svc.cluster.local", 273 } 274 275 vals, valid := EgressHostChecker{ 276 Sidecar: sidecarWithHosts(hosts), 277 }.Check() 278 279 assert.NotEmpty(vals) 280 assert.Len(vals, len(hosts)) 281 assert.True(valid) 282 283 for i, c := range vals { 284 assert.Equal(models.WarningSeverity, c.Severity) 285 assert.Equal(fmt.Sprintf("spec/egress[0]/hosts[%d]", i), c.Path) 286 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", c)) 287 } 288 } 289 290 func TestEgressServiceNotFound(t *testing.T) { 291 assert := assert.New(t) 292 293 vals, valid := EgressHostChecker{ 294 Sidecar: sidecarWithHosts([]string{ 295 "bookinfo/boggus.bookinfo.svc.cluster.local", 296 "bookinfo/boggus.org", 297 }), 298 }.Check() 299 300 assert.NotEmpty(vals) 301 assert.Len(vals, 2) 302 assert.True(valid) 303 304 for i, c := range vals { 305 assert.Equal(models.WarningSeverity, c.Severity) 306 assert.Equal(fmt.Sprintf("spec/egress[0]/hosts[%d]", i), c.Path) 307 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", c)) 308 } 309 } 310 311 func TestEgressRegistryService(t *testing.T) { 312 assert := assert.New(t) 313 314 vals, valid := EgressHostChecker{ 315 Sidecar: sidecarWithHosts([]string{ 316 "bookinfo/boggus.bookinfo.svc.cluster.local", 317 }), 318 RegistryServices: data.CreateFakeRegistryServices("boggus.bookinfo.svc.cluster.local", "bookinfo", "."), 319 }.Check() 320 321 assert.Empty(vals) 322 assert.True(valid) 323 } 324 325 func TestEgressRegistryServiceExported(t *testing.T) { 326 assert := assert.New(t) 327 328 vals, valid := EgressHostChecker{ 329 Sidecar: sidecarWithHosts([]string{ 330 "bookinfo/boggus.bookinfo.svc.cluster.local", 331 }), 332 RegistryServices: data.CreateFakeRegistryServices("boggus.bookinfo.svc.cluster.local", "bookinfo2", "*"), 333 }.Check() 334 335 assert.Empty(vals) 336 assert.True(valid) 337 } 338 339 func TestEgressRegistryServiceNotFound(t *testing.T) { 340 assert := assert.New(t) 341 342 vals, valid := EgressHostChecker{ 343 Sidecar: sidecarWithHosts([]string{ 344 "bookinfo/boggus.bookinfo.svc.cluster.local", 345 }), 346 RegistryServices: data.CreateFakeRegistryServices("wrong.bookinfo.svc.cluster.local", "bookinfo", "."), 347 }.Check() 348 349 assert.NotEmpty(vals) 350 assert.Len(vals, 1) 351 assert.True(valid) 352 353 for i, c := range vals { 354 assert.Equal(models.WarningSeverity, c.Severity) 355 assert.Equal(fmt.Sprintf("spec/egress[0]/hosts[%d]", i), c.Path) 356 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", c)) 357 } 358 } 359 360 func TestEgressRegistryServiceNotFoundWronglyExported(t *testing.T) { 361 assert := assert.New(t) 362 363 vals, valid := EgressHostChecker{ 364 Sidecar: sidecarWithHosts([]string{ 365 "bookinfo/boggus.bookinfo.svc.cluster.local", 366 }), 367 RegistryServices: data.CreateFakeRegistryServices("boggus.bookinfo.svc.cluster.local", "bookinfo", "bookinfo2"), 368 }.Check() 369 370 assert.NotEmpty(vals) 371 assert.Len(vals, 1) 372 assert.True(valid) 373 374 for i, c := range vals { 375 assert.Equal(models.WarningSeverity, c.Severity) 376 assert.Equal(fmt.Sprintf("spec/egress[0]/hosts[%d]", i), c.Path) 377 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", c)) 378 } 379 } 380 381 func TestEgressRegistryServiceNotFoundWronglyExported2(t *testing.T) { 382 assert := assert.New(t) 383 384 vals, valid := EgressHostChecker{ 385 Sidecar: sidecarWithHosts([]string{ 386 "bookinfo/boggus.bookinfo.svc.cluster.local", 387 }), 388 RegistryServices: data.CreateFakeRegistryServices("boggus.bookinfo.svc.cluster.local", "bookinfo2", "."), 389 }.Check() 390 391 assert.NotEmpty(vals) 392 assert.Len(vals, 1) 393 assert.True(valid) 394 395 for i, c := range vals { 396 assert.Equal(models.WarningSeverity, c.Severity) 397 assert.Equal(fmt.Sprintf("spec/egress[0]/hosts[%d]", i), c.Path) 398 assert.NoError(validations.ConfirmIstioCheckMessage("sidecar.egress.servicenotfound", c)) 399 } 400 } 401 402 func sidecarWithHosts(hl []string) *networking_v1beta1.Sidecar { 403 return data.AddHostsToSidecar(hl, data.CreateSidecar("sidecar", "bookinfo")) 404 }