github.com/kiali/kiali@v1.84.0/business/istio_config_test.go (about) 1 package business 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/golang/protobuf/ptypes/wrappers" 8 osproject_v1 "github.com/openshift/api/project/v1" 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 api_networking_v1beta1 "istio.io/api/networking/v1beta1" 12 networking_v1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" 13 auth_v1 "k8s.io/api/authorization/v1" 14 core_v1 "k8s.io/api/core/v1" 15 meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 16 "k8s.io/apimachinery/pkg/runtime" 17 18 "github.com/kiali/kiali/config" 19 "github.com/kiali/kiali/kubernetes" 20 "github.com/kiali/kiali/kubernetes/kubetest" 21 "github.com/kiali/kiali/models" 22 "github.com/kiali/kiali/tests/data" 23 "github.com/kiali/kiali/tests/testutils/validations" 24 ) 25 26 func TestParseListParams(t *testing.T) { 27 objects := "" 28 labelSelector := "" 29 criteria := ParseIstioConfigCriteria(objects, labelSelector, "") 30 31 assert.True(t, criteria.IncludeVirtualServices) 32 assert.True(t, criteria.IncludeDestinationRules) 33 assert.True(t, criteria.IncludeServiceEntries) 34 35 objects = "gateways" 36 criteria = ParseIstioConfigCriteria(objects, labelSelector, "") 37 38 assert.True(t, criteria.IncludeGateways) 39 assert.False(t, criteria.IncludeVirtualServices) 40 assert.False(t, criteria.IncludeDestinationRules) 41 assert.False(t, criteria.IncludeServiceEntries) 42 43 criteria = ParseIstioConfigCriteria(objects, labelSelector, "") 44 45 assert.True(t, criteria.IncludeGateways) 46 assert.False(t, criteria.IncludeVirtualServices) 47 assert.False(t, criteria.IncludeDestinationRules) 48 assert.False(t, criteria.IncludeServiceEntries) 49 50 objects = "virtualservices" 51 criteria = ParseIstioConfigCriteria(objects, labelSelector, "") 52 53 assert.False(t, criteria.IncludeGateways) 54 assert.True(t, criteria.IncludeVirtualServices) 55 assert.False(t, criteria.IncludeDestinationRules) 56 assert.False(t, criteria.IncludeServiceEntries) 57 58 objects = "destinationrules" 59 criteria = ParseIstioConfigCriteria(objects, labelSelector, "") 60 61 assert.False(t, criteria.IncludeGateways) 62 assert.False(t, criteria.IncludeVirtualServices) 63 assert.True(t, criteria.IncludeDestinationRules) 64 assert.False(t, criteria.IncludeServiceEntries) 65 66 objects = "serviceentries" 67 criteria = ParseIstioConfigCriteria(objects, labelSelector, "") 68 69 assert.False(t, criteria.IncludeGateways) 70 assert.False(t, criteria.IncludeVirtualServices) 71 assert.False(t, criteria.IncludeDestinationRules) 72 assert.True(t, criteria.IncludeServiceEntries) 73 74 objects = "virtualservices" 75 criteria = ParseIstioConfigCriteria(objects, labelSelector, "") 76 77 assert.False(t, criteria.IncludeGateways) 78 assert.True(t, criteria.IncludeVirtualServices) 79 assert.False(t, criteria.IncludeDestinationRules) 80 assert.False(t, criteria.IncludeServiceEntries) 81 82 objects = "destinationrules,virtualservices" 83 criteria = ParseIstioConfigCriteria(objects, labelSelector, "") 84 85 assert.False(t, criteria.IncludeGateways) 86 assert.True(t, criteria.IncludeVirtualServices) 87 assert.True(t, criteria.IncludeDestinationRules) 88 assert.False(t, criteria.IncludeServiceEntries) 89 90 objects = "notsupported" 91 criteria = ParseIstioConfigCriteria(objects, labelSelector, "") 92 93 assert.False(t, criteria.IncludeGateways) 94 assert.False(t, criteria.IncludeVirtualServices) 95 assert.False(t, criteria.IncludeDestinationRules) 96 assert.False(t, criteria.IncludeServiceEntries) 97 } 98 99 func TestGetIstioConfigList(t *testing.T) { 100 assert := assert.New(t) 101 conf := config.NewConfig() 102 config.Set(conf) 103 104 criteria := IstioConfigCriteria{ 105 IncludeGateways: false, 106 IncludeVirtualServices: false, 107 IncludeDestinationRules: false, 108 IncludeServiceEntries: false, 109 } 110 cluster := conf.KubernetesConfig.ClusterName 111 112 configService := mockGetIstioConfigList(t) 113 114 istioconfigList, err := configService.GetIstioConfigList(context.TODO(), cluster, criteria) 115 116 assert.Equal(0, len(istioconfigList.Gateways)) 117 assert.Equal(0, len(istioconfigList.VirtualServices)) 118 assert.Equal(0, len(istioconfigList.DestinationRules)) 119 assert.Equal(0, len(istioconfigList.ServiceEntries)) 120 assert.Nil(err) 121 122 criteria.IncludeGateways = true 123 124 istioconfigList, err = configService.GetIstioConfigList(context.TODO(), cluster, criteria) 125 126 assert.Equal(2, len(istioconfigList.Gateways)) 127 assert.Equal(0, len(istioconfigList.VirtualServices)) 128 assert.Equal(0, len(istioconfigList.DestinationRules)) 129 assert.Equal(0, len(istioconfigList.ServiceEntries)) 130 assert.Nil(err) 131 132 criteria.IncludeVirtualServices = true 133 134 istioconfigList, err = configService.GetIstioConfigList(context.TODO(), cluster, criteria) 135 136 assert.Equal(2, len(istioconfigList.Gateways)) 137 assert.Equal(2, len(istioconfigList.VirtualServices)) 138 assert.Equal(0, len(istioconfigList.DestinationRules)) 139 assert.Equal(0, len(istioconfigList.ServiceEntries)) 140 assert.Nil(err) 141 142 criteria.IncludeDestinationRules = true 143 144 istioconfigList, err = configService.GetIstioConfigList(context.TODO(), cluster, criteria) 145 146 assert.Equal(2, len(istioconfigList.Gateways)) 147 assert.Equal(2, len(istioconfigList.VirtualServices)) 148 assert.Equal(2, len(istioconfigList.DestinationRules)) 149 assert.Equal(0, len(istioconfigList.ServiceEntries)) 150 assert.Nil(err) 151 152 criteria.IncludeServiceEntries = true 153 154 istioconfigList, err = configService.GetIstioConfigList(context.TODO(), cluster, criteria) 155 156 assert.Equal(2, len(istioconfigList.Gateways)) 157 assert.Equal(2, len(istioconfigList.VirtualServices)) 158 assert.Equal(2, len(istioconfigList.DestinationRules)) 159 assert.Equal(1, len(istioconfigList.ServiceEntries)) 160 assert.Nil(err) 161 } 162 163 func TestGetIstioConfigDetails(t *testing.T) { 164 assert := assert.New(t) 165 166 configService := mockGetIstioConfigDetails(t) 167 conf := config.Get() 168 169 istioConfigDetails, err := configService.GetIstioConfigDetails(context.TODO(), conf.KubernetesConfig.ClusterName, "test", "gateways", "gw-1") 170 assert.Equal("gw-1", istioConfigDetails.Gateway.Name) 171 assert.True(istioConfigDetails.Permissions.Update) 172 assert.False(istioConfigDetails.Permissions.Delete) 173 assert.Nil(err) 174 175 istioConfigDetails, err = configService.GetIstioConfigDetails(context.TODO(), conf.KubernetesConfig.ClusterName, "test", "virtualservices", "reviews") 176 assert.Equal("reviews", istioConfigDetails.VirtualService.Name) 177 assert.Equal("VirtualService", istioConfigDetails.VirtualService.Kind) 178 assert.Equal("networking.istio.io/v1beta1", istioConfigDetails.VirtualService.APIVersion) 179 assert.Nil(err) 180 181 istioConfigDetails, err = configService.GetIstioConfigDetails(context.TODO(), conf.KubernetesConfig.ClusterName, "test", "destinationrules", "reviews-dr") 182 assert.Equal("reviews-dr", istioConfigDetails.DestinationRule.Name) 183 assert.Equal("DestinationRule", istioConfigDetails.DestinationRule.Kind) 184 assert.Equal("networking.istio.io/v1beta1", istioConfigDetails.DestinationRule.APIVersion) 185 assert.Nil(err) 186 187 istioConfigDetails, err = configService.GetIstioConfigDetails(context.TODO(), conf.KubernetesConfig.ClusterName, "test", "serviceentries", "googleapis") 188 assert.Equal("googleapis", istioConfigDetails.ServiceEntry.Name) 189 assert.Equal("ServiceEntry", istioConfigDetails.ServiceEntry.Kind) 190 assert.Equal("networking.istio.io/v1beta1", istioConfigDetails.ServiceEntry.APIVersion) 191 assert.Nil(err) 192 193 istioConfigDetails, err = configService.GetIstioConfigDetails(context.TODO(), conf.KubernetesConfig.ClusterName, "test", "rules-bad", "stdio") 194 assert.Error(err) 195 } 196 197 func TestCheckMulticlusterPermissions(t *testing.T) { 198 assert := assert.New(t) 199 200 configService := mockGetIstioConfigDetailsMulticluster(t) 201 202 istioConfigDetails, err := configService.GetIstioConfigDetails(context.TODO(), config.Get().KubernetesConfig.ClusterName, "test", "gateways", "gw-1") 203 assert.Equal("gw-1", istioConfigDetails.Gateway.Name) 204 assert.True(istioConfigDetails.Permissions.Update) 205 assert.False(istioConfigDetails.Permissions.Delete) 206 assert.Nil(err) 207 208 istioConfigDetailsRemote, err := configService.GetIstioConfigDetails(context.TODO(), "east", "test", "gateways", "gw-1") 209 assert.Equal("gw-1", istioConfigDetailsRemote.Gateway.Name) 210 assert.True(istioConfigDetailsRemote.Permissions.Update) 211 assert.False(istioConfigDetailsRemote.Permissions.Delete) 212 assert.Nil(err) 213 } 214 215 func mockGetIstioConfigList(t *testing.T) IstioConfigService { 216 fakeIstioObjects := []runtime.Object{&osproject_v1.Project{ObjectMeta: meta_v1.ObjectMeta{Name: "test"}}} 217 for _, g := range fakeGetGateways() { 218 fakeIstioObjects = append(fakeIstioObjects, g.DeepCopyObject()) 219 } 220 for _, v := range fakeGetVirtualServices() { 221 fakeIstioObjects = append(fakeIstioObjects, v.DeepCopyObject()) 222 } 223 for _, d := range fakeGetDestinationRules() { 224 fakeIstioObjects = append(fakeIstioObjects, d.DeepCopyObject()) 225 } 226 for _, s := range fakeGetServiceEntries() { 227 fakeIstioObjects = append(fakeIstioObjects, s.DeepCopyObject()) 228 } 229 k8s := kubetest.NewFakeK8sClient( 230 fakeIstioObjects..., 231 ) 232 k8s.OpenShift = true 233 234 cache := SetupBusinessLayer(t, k8s, *config.NewConfig()) 235 236 k8sclients := make(map[string]kubernetes.ClientInterface) 237 k8sclients[config.Get().KubernetesConfig.ClusterName] = k8s 238 return IstioConfigService{userClients: k8sclients, kialiCache: cache, businessLayer: NewWithBackends(k8sclients, k8sclients, nil, nil)} 239 } 240 241 func fakeGetGateways() []*networking_v1beta1.Gateway { 242 gw1 := data.CreateEmptyGateway("gw-1", "test", map[string]string{ 243 "app": "my-gateway1-controller", 244 }) 245 gw1.Spec.Servers = []*api_networking_v1beta1.Server{ 246 { 247 Port: &api_networking_v1beta1.Port{ 248 Number: 80, 249 Name: "http", 250 Protocol: "HTTP", 251 }, 252 Hosts: []string{ 253 "uk.bookinfo.com", 254 "eu.bookinfo.com", 255 }, 256 Tls: &api_networking_v1beta1.ServerTLSSettings{ 257 HttpsRedirect: true, 258 }, 259 }, 260 } 261 262 gw2 := data.CreateEmptyGateway("gw-2", "test", map[string]string{ 263 "app": "my-gateway2-controller", 264 }) 265 gw2.Spec.Servers = []*api_networking_v1beta1.Server{ 266 { 267 Port: &api_networking_v1beta1.Port{ 268 Number: 80, 269 Name: "http", 270 Protocol: "HTTP", 271 }, 272 Hosts: []string{ 273 "uk.bookinfo.com", 274 "eu.bookinfo.com", 275 }, 276 Tls: &api_networking_v1beta1.ServerTLSSettings{ 277 HttpsRedirect: true, 278 }, 279 }, 280 } 281 282 return []*networking_v1beta1.Gateway{gw1, gw2} 283 } 284 285 func fakeGetVirtualServices() []*networking_v1beta1.VirtualService { 286 virtualService1 := data.AddHttpRoutesToVirtualService(data.CreateHttpRouteDestination("reviews", "v2", 50), 287 data.AddHttpRoutesToVirtualService(data.CreateHttpRouteDestination("reviews", "v3", 50), 288 data.CreateEmptyVirtualService("reviews", "test", []string{"reviews"}), 289 ), 290 ) 291 292 virtualService2 := data.AddHttpRoutesToVirtualService(data.CreateHttpRouteDestination("details", "v2", 50), 293 data.AddHttpRoutesToVirtualService(data.CreateHttpRouteDestination("details", "v3", 50), 294 data.CreateEmptyVirtualService("details", "test", []string{"details"}), 295 ), 296 ) 297 298 return []*networking_v1beta1.VirtualService{virtualService1, virtualService2} 299 } 300 301 func fakeGetDestinationRules() []*networking_v1beta1.DestinationRule { 302 destinationRule1 := data.AddSubsetToDestinationRule(data.CreateSubset("v1", "v1"), 303 data.AddSubsetToDestinationRule(data.CreateSubset("v2", "v2"), 304 data.CreateEmptyDestinationRule("test", "reviews-dr", "reviews"))) 305 306 errors := wrappers.UInt32Value{Value: 50} 307 destinationRule1.Spec.TrafficPolicy = &api_networking_v1beta1.TrafficPolicy{ 308 ConnectionPool: &api_networking_v1beta1.ConnectionPoolSettings{ 309 Http: &api_networking_v1beta1.ConnectionPoolSettings_HTTPSettings{ 310 MaxRequestsPerConnection: 100, 311 }, 312 }, 313 OutlierDetection: &api_networking_v1beta1.OutlierDetection{ 314 Consecutive_5XxErrors: &errors, 315 }, 316 } 317 318 destinationRule2 := data.AddSubsetToDestinationRule(data.CreateSubset("v1", "v1"), 319 data.AddSubsetToDestinationRule(data.CreateSubset("v2", "v2"), 320 data.CreateEmptyDestinationRule("test", "details-dr", "details"))) 321 322 destinationRule2.Spec.TrafficPolicy = &api_networking_v1beta1.TrafficPolicy{ 323 ConnectionPool: &api_networking_v1beta1.ConnectionPoolSettings{ 324 Http: &api_networking_v1beta1.ConnectionPoolSettings_HTTPSettings{ 325 MaxRequestsPerConnection: 100, 326 }, 327 }, 328 OutlierDetection: &api_networking_v1beta1.OutlierDetection{ 329 Consecutive_5XxErrors: &errors, 330 }, 331 } 332 333 return []*networking_v1beta1.DestinationRule{destinationRule1, destinationRule2} 334 } 335 336 func fakeGetServiceEntries() []*networking_v1beta1.ServiceEntry { 337 serviceEntry := networking_v1beta1.ServiceEntry{} 338 serviceEntry.Name = "googleapis" 339 serviceEntry.Namespace = "test" 340 serviceEntry.Spec.Hosts = []string{ 341 "*.googleapis.com", 342 } 343 serviceEntry.Spec.Ports = []*api_networking_v1beta1.ServicePort{ 344 { 345 Number: 443, 346 Name: "https", 347 Protocol: "HTTP", 348 }, 349 } 350 return []*networking_v1beta1.ServiceEntry{&serviceEntry} 351 } 352 353 func fakeGetSelfSubjectAccessReview() []*auth_v1.SelfSubjectAccessReview { 354 create := auth_v1.SelfSubjectAccessReview{ 355 Spec: auth_v1.SelfSubjectAccessReviewSpec{ 356 ResourceAttributes: &auth_v1.ResourceAttributes{ 357 Namespace: "test", 358 Verb: "create", 359 Resource: "destinationrules", 360 }, 361 }, 362 Status: auth_v1.SubjectAccessReviewStatus{ 363 Allowed: true, 364 Reason: "authorized", 365 }, 366 } 367 update := auth_v1.SelfSubjectAccessReview{ 368 Spec: auth_v1.SelfSubjectAccessReviewSpec{ 369 ResourceAttributes: &auth_v1.ResourceAttributes{ 370 Namespace: "test", 371 Verb: "patch", 372 Resource: "destinationrules", 373 }, 374 }, 375 Status: auth_v1.SubjectAccessReviewStatus{ 376 Allowed: true, 377 Reason: "authorized", 378 }, 379 } 380 delete := auth_v1.SelfSubjectAccessReview{ 381 Spec: auth_v1.SelfSubjectAccessReviewSpec{ 382 ResourceAttributes: &auth_v1.ResourceAttributes{ 383 Namespace: "test", 384 Verb: "delete", 385 Resource: "destinationrules", 386 }, 387 }, 388 Status: auth_v1.SubjectAccessReviewStatus{ 389 Allowed: false, 390 Reason: "not authorized", 391 }, 392 } 393 return []*auth_v1.SelfSubjectAccessReview{&create, &update, &delete} 394 } 395 396 // Need to mock out the SelfSubjectAccessReview. 397 type fakeAccessReview struct{ kubernetes.ClientInterface } 398 399 func (a *fakeAccessReview) GetSelfSubjectAccessReview(ctx context.Context, namespace, api, resourceType string, verbs []string) ([]*auth_v1.SelfSubjectAccessReview, error) { 400 return fakeGetSelfSubjectAccessReview(), nil 401 } 402 403 func mockGetIstioConfigDetails(t *testing.T) IstioConfigService { 404 conf := config.NewConfig() 405 config.Set(conf) 406 fakeIstioObjects := []runtime.Object{ 407 fakeGetGateways()[0], 408 fakeGetVirtualServices()[0], 409 fakeGetDestinationRules()[0], 410 fakeGetServiceEntries()[0], 411 &osproject_v1.Project{ObjectMeta: meta_v1.ObjectMeta{Name: "test"}}, 412 } 413 k8s := kubetest.NewFakeK8sClient(fakeIstioObjects...) 414 k8s.OpenShift = true 415 416 cache := SetupBusinessLayer(t, k8s, *conf) 417 418 k8sclients := make(map[string]kubernetes.ClientInterface) 419 k8sclients[conf.KubernetesConfig.ClusterName] = &fakeAccessReview{k8s} 420 return IstioConfigService{userClients: k8sclients, kialiCache: cache, businessLayer: NewWithBackends(k8sclients, k8sclients, nil, nil)} 421 } 422 423 func mockGetIstioConfigDetailsMulticluster(t *testing.T) IstioConfigService { 424 conf := config.NewConfig() 425 config.Set(conf) 426 fakeIstioObjects := []runtime.Object{ 427 fakeGetGateways()[0], 428 fakeGetVirtualServices()[0], 429 fakeGetDestinationRules()[0], 430 fakeGetServiceEntries()[0], 431 &osproject_v1.Project{ObjectMeta: meta_v1.ObjectMeta{Name: "test"}}, 432 } 433 k8s := kubetest.NewFakeK8sClient(fakeIstioObjects...) 434 k8s.OpenShift = true 435 436 cache := SetupBusinessLayer(t, k8s, *conf) 437 438 k8sclients := make(map[string]kubernetes.ClientInterface) 439 k8sclients[conf.KubernetesConfig.ClusterName] = &fakeAccessReview{k8s} 440 k8sclients["east"] = &fakeAccessReview{k8s} 441 return IstioConfigService{userClients: k8sclients, kialiCache: cache, businessLayer: NewWithBackends(k8sclients, k8sclients, nil, nil)} 442 } 443 444 func TestIsValidHost(t *testing.T) { 445 conf := config.NewConfig() 446 config.Set(conf) 447 448 vs := data.CreateEmptyVirtualService("reviews", "test", []string{"reviews"}) 449 vs = data.AddHttpRoutesToVirtualService(data.CreateHttpRouteDestination("reviews", "v2", 50), vs) 450 vs = data.AddHttpRoutesToVirtualService(data.CreateHttpRouteDestination("reviews", "v3", 50), vs) 451 452 assert.False(t, models.IsVSValidHost(vs, "test", "")) 453 assert.False(t, models.IsVSValidHost(vs, "test", "ratings")) 454 assert.True(t, models.IsVSValidHost(vs, "test", "reviews")) 455 } 456 457 func TestHasCircuitBreaker(t *testing.T) { 458 conf := config.NewConfig() 459 config.Set(conf) 460 461 errors := wrappers.UInt32Value{Value: 50} 462 dRule1 := data.CreateEmptyDestinationRule("test", "reviews", "reviews") 463 dRule1.Spec.TrafficPolicy = &api_networking_v1beta1.TrafficPolicy{ 464 ConnectionPool: &api_networking_v1beta1.ConnectionPoolSettings{ 465 Http: &api_networking_v1beta1.ConnectionPoolSettings_HTTPSettings{ 466 MaxRequestsPerConnection: 100, 467 }, 468 }, 469 OutlierDetection: &api_networking_v1beta1.OutlierDetection{ 470 Consecutive_5XxErrors: &errors, 471 }, 472 } 473 dRule1 = data.AddSubsetToDestinationRule(data.CreateSubset("v1", "v1"), dRule1) 474 dRule1 = data.AddSubsetToDestinationRule(data.CreateSubset("v2", "v2"), dRule1) 475 476 assert.False(t, models.HasDRCircuitBreaker(dRule1, "test", "", "")) 477 assert.True(t, models.HasDRCircuitBreaker(dRule1, "test", "reviews", "")) 478 assert.False(t, models.HasDRCircuitBreaker(dRule1, "test", "reviews-bad", "")) 479 assert.True(t, models.HasDRCircuitBreaker(dRule1, "test", "reviews", "v1")) 480 assert.True(t, models.HasDRCircuitBreaker(dRule1, "test", "reviews", "v2")) 481 assert.True(t, models.HasDRCircuitBreaker(dRule1, "test", "reviews", "v3")) 482 assert.False(t, models.HasDRCircuitBreaker(dRule1, "test", "reviews-bad", "v2")) 483 484 dRule2 := data.CreateEmptyDestinationRule("test", "reviews", "reviews") 485 dRule2 = data.AddSubsetToDestinationRule(data.CreateSubset("v1", "v1"), dRule2) 486 dRule2 = data.AddSubsetToDestinationRule(data.CreateSubset("v2", "v2"), dRule2) 487 dRule2.Spec.Subsets[1].TrafficPolicy = &api_networking_v1beta1.TrafficPolicy{ 488 ConnectionPool: &api_networking_v1beta1.ConnectionPoolSettings{ 489 Http: &api_networking_v1beta1.ConnectionPoolSettings_HTTPSettings{ 490 MaxRequestsPerConnection: 100, 491 }, 492 }, 493 OutlierDetection: &api_networking_v1beta1.OutlierDetection{ 494 Consecutive_5XxErrors: &errors, 495 }, 496 } 497 498 assert.True(t, models.HasDRCircuitBreaker(dRule2, "test", "reviews", "")) 499 assert.False(t, models.HasDRCircuitBreaker(dRule2, "test", "reviews", "v1")) 500 assert.True(t, models.HasDRCircuitBreaker(dRule2, "test", "reviews", "v2")) 501 assert.False(t, models.HasDRCircuitBreaker(dRule2, "test", "reviews-bad", "v2")) 502 } 503 504 func TestDeleteIstioConfigDetails(t *testing.T) { 505 assert := assert.New(t) 506 k8s := kubetest.NewFakeK8sClient(data.CreateEmptyVirtualService("reviews-to-delete", "test", []string{"reviews"})) 507 cache := SetupBusinessLayer(t, k8s, *config.NewConfig()) 508 conf := config.Get() 509 510 k8sclients := make(map[string]kubernetes.ClientInterface) 511 k8sclients[conf.KubernetesConfig.ClusterName] = k8s 512 configService := IstioConfigService{userClients: k8sclients, kialiCache: cache, controlPlaneMonitor: poller} 513 514 err := configService.DeleteIstioConfigDetail(context.Background(), conf.KubernetesConfig.ClusterName, "test", "virtualservices", "reviews-to-delete") 515 assert.Nil(err) 516 } 517 518 func TestUpdateIstioConfigDetails(t *testing.T) { 519 assert := assert.New(t) 520 require := require.New(t) 521 k8s := kubetest.NewFakeK8sClient(data.CreateEmptyVirtualService("reviews-to-update", "test", []string{"reviews"})) 522 cache := SetupBusinessLayer(t, k8s, *config.NewConfig()) 523 conf := config.Get() 524 525 k8sclients := make(map[string]kubernetes.ClientInterface) 526 k8sclients[conf.KubernetesConfig.ClusterName] = k8s 527 configService := IstioConfigService{userClients: k8sclients, kialiCache: cache, controlPlaneMonitor: poller} 528 529 updatedVirtualService, err := configService.UpdateIstioConfigDetail(context.Background(), conf.KubernetesConfig.ClusterName, "test", "virtualservices", "reviews-to-update", "{}") 530 require.NoError(err) 531 assert.Equal("test", updatedVirtualService.Namespace.Name) 532 assert.Equal("virtualservices", updatedVirtualService.ObjectType) 533 assert.Equal("reviews-to-update", updatedVirtualService.VirtualService.Name) 534 } 535 536 func TestCreateIstioConfigDetails(t *testing.T) { 537 assert := assert.New(t) 538 k8s := kubetest.NewFakeK8sClient() 539 cache := SetupBusinessLayer(t, k8s, *config.NewConfig()) 540 conf := config.Get() 541 542 k8sclients := make(map[string]kubernetes.ClientInterface) 543 k8sclients[conf.KubernetesConfig.ClusterName] = k8s 544 configService := IstioConfigService{userClients: k8sclients, kialiCache: cache, controlPlaneMonitor: poller} 545 546 createVirtualService, err := configService.CreateIstioConfigDetail(context.Background(), conf.KubernetesConfig.ClusterName, "test", "virtualservices", []byte("{}")) 547 assert.Equal("test", createVirtualService.Namespace.Name) 548 assert.Equal("virtualservices", createVirtualService.ObjectType) 549 // Name is now encoded in the payload of the virtualservice so, it modifies this test 550 // assert.Equal("reviews-to-update", createVirtualService.VirtualService.Name) 551 assert.Nil(err) 552 } 553 554 func TestFilterIstioObjectsForWorkloadSelector(t *testing.T) { 555 assert := assert.New(t) 556 557 path := "../tests/data/filters/workload-selector-filter.yaml" 558 loader := &validations.YamlFixtureLoader{Filename: path} 559 err := loader.Load() 560 if err != nil { 561 t.Error("Error loading test data.") 562 } 563 564 istioConfigList := loader.GetResources() 565 566 s := "app=my-gateway" 567 gw := kubernetes.FilterGatewaysBySelector(s, istioConfigList.Gateways) 568 assert.Equal(1, len(gw)) 569 assert.Equal("my-gateway", gw[0].Name) 570 571 s = "app=my-envoyfilter" 572 ef := kubernetes.FilterEnvoyFiltersBySelector(s, istioConfigList.EnvoyFilters) 573 assert.Equal(1, len(ef)) 574 assert.Equal("my-envoyfilter", ef[0].Name) 575 576 s = "app=my-sidecar" 577 sc := kubernetes.FilterSidecarsBySelector(s, istioConfigList.Sidecars) 578 assert.Equal(1, len(sc)) 579 assert.Equal("my-sidecar", sc[0].Name) 580 581 s = "app=my-security" 582 ap := kubernetes.FilterAuthorizationPoliciesBySelector(s, istioConfigList.AuthorizationPolicies) 583 assert.Equal(1, len(ap)) 584 585 s = "app=my-security" 586 ra := kubernetes.FilterRequestAuthenticationsBySelector(s, istioConfigList.RequestAuthentications) 587 assert.Equal(1, len(ra)) 588 589 s = "app=my-security" 590 pa := kubernetes.FilterPeerAuthenticationsBySelector(s, istioConfigList.PeerAuthentications) 591 assert.Equal(1, len(pa)) 592 } 593 594 func TestListWithAllNamespacesButNoAccessReturnsEmpty(t *testing.T) { 595 assert := assert.New(t) 596 require := require.New(t) 597 598 conf := config.NewConfig() 599 conf.KubernetesConfig.CacheTokenNamespaceDuration = 10000 600 conf.KubernetesConfig.ClusterName = "Kubernetes" 601 kubernetes.SetConfig(t, *conf) 602 fakeIstioObjects := []runtime.Object{ 603 &core_v1.Namespace{ObjectMeta: meta_v1.ObjectMeta{Name: "test"}}, 604 } 605 fakeIstioObjects = append(fakeIstioObjects, kubernetes.ToRuntimeObjects(fakeGetGateways())...) 606 k8s := kubetest.NewFakeK8sClient(fakeIstioObjects...) 607 608 cache := SetupBusinessLayer(t, k8s, *conf) 609 610 // Set the token and set the namespaces so that when namespace access is checked, 611 // the token namespace cache will be used but will not have the "test" namespace 612 // in it so the list should return empty. 613 k8s.Token = "test" 614 cache.SetNamespaces("test", []models.Namespace{{Name: "nottest", Cluster: "Kubernetes"}}) 615 k8sclients := make(map[string]kubernetes.ClientInterface) 616 k8sclients[conf.KubernetesConfig.ClusterName] = k8s 617 configService := NewWithBackends(k8sclients, k8sclients, nil, nil).IstioConfig 618 619 criteria := IstioConfigCriteria{ 620 IncludeGateways: true, 621 } 622 623 istioConfigList, err := configService.GetIstioConfigList(context.Background(), conf.KubernetesConfig.ClusterName, criteria) 624 require.NoError(err) 625 626 assert.Len(istioConfigList.Gateways, 0) 627 } 628 629 func TestListNamespaceScopedReturnsAllAccessibleNamespaces(t *testing.T) { 630 assert := assert.New(t) 631 require := require.New(t) 632 633 conf := config.NewConfig() 634 conf.KubernetesConfig.CacheTokenNamespaceDuration = 10000 635 conf.Deployment.AccessibleNamespaces = []string{"test", "test-b", "istio-system"} 636 conf.Deployment.ClusterWideAccess = false 637 kubernetes.SetConfig(t, *conf) 638 objects := []runtime.Object{ 639 &core_v1.Namespace{ObjectMeta: meta_v1.ObjectMeta{Name: "istio-system"}}, 640 &core_v1.Namespace{ObjectMeta: meta_v1.ObjectMeta{Name: "test"}}, 641 &core_v1.Namespace{ObjectMeta: meta_v1.ObjectMeta{Name: "test-b"}}, 642 &core_v1.Namespace{ObjectMeta: meta_v1.ObjectMeta{Name: "test-c"}}, 643 } 644 objects = append(objects, kubernetes.ToRuntimeObjects(fakeGetGateways())...) 645 testBGateways := fakeGetGateways() 646 for _, gateway := range testBGateways { 647 gateway.Namespace = "test-b" 648 objects = append(objects, gateway) 649 } 650 testCGateways := fakeGetGateways() 651 for _, gateway := range testCGateways { 652 gateway.Namespace = "test-c" 653 objects = append(objects, gateway) 654 } 655 k8s := kubetest.NewFakeK8sClient(objects...) 656 657 SetupBusinessLayer(t, k8s, *conf) 658 659 k8sclients := make(map[string]kubernetes.ClientInterface) 660 k8sclients[conf.KubernetesConfig.ClusterName] = k8s 661 configService := NewWithBackends(k8sclients, k8sclients, nil, nil).IstioConfig 662 663 criteria := IstioConfigCriteria{ 664 IncludeGateways: true, 665 } 666 667 istioConfigList, err := configService.GetIstioConfigList(context.Background(), conf.KubernetesConfig.ClusterName, criteria) 668 require.NoError(err) 669 670 assert.Len(istioConfigList.Gateways, 4) 671 }