github.com/kiali/kiali@v1.84.0/business/references/peer_auth_references_test.go (about) 1 package references 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 networking_v1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" 8 security_v1beta "istio.io/client-go/pkg/apis/security/v1beta1" 9 10 "github.com/kiali/kiali/config" 11 "github.com/kiali/kiali/kubernetes" 12 "github.com/kiali/kiali/models" 13 "github.com/kiali/kiali/tests/data" 14 ) 15 16 func prepareTestForPeerAuth(pa *security_v1beta.PeerAuthentication, drs []*networking_v1beta1.DestinationRule) models.IstioReferences { 17 drReferences := PeerAuthReferences{ 18 MTLSDetails: kubernetes.MTLSDetails{ 19 PeerAuthentications: []*security_v1beta.PeerAuthentication{pa}, 20 DestinationRules: drs, 21 EnabledAutoMtls: false, 22 }, 23 WorkloadsPerNamespace: map[string]models.WorkloadList{ 24 "istio-system": data.CreateWorkloadList("istio-system", 25 data.CreateWorkloadListItem("grafana", map[string]string{"app": "grafana"})), 26 "bookinfo": data.CreateWorkloadList("bookinfo", 27 data.CreateWorkloadListItem("details", map[string]string{"app": "details"})), 28 }, 29 } 30 return *drReferences.References()[models.IstioReferenceKey{ObjectType: "peerauthentication", Namespace: pa.Namespace, Name: pa.Name}] 31 } 32 33 func TestMeshPeerAuthDisabledReferences(t *testing.T) { 34 assert := assert.New(t) 35 conf := config.NewConfig() 36 config.Set(conf) 37 38 // Setup mocks 39 references := prepareTestForPeerAuth(getPeerAuth(t, "disable-mesh-mtls", "istio-system"), 40 getPADestinationRules(t, "istio-system")) 41 assert.Empty(references.ServiceReferences) 42 43 // Check Workload references empty 44 assert.Empty(references.WorkloadReferences) 45 46 // Check DR and AuthPolicy references 47 assert.Len(references.ObjectReferences, 1) 48 assert.Equal(references.ObjectReferences[0].Name, "disable-mtls") 49 assert.Equal(references.ObjectReferences[0].Namespace, "istio-system") 50 assert.Equal(references.ObjectReferences[0].ObjectType, "destinationrule") 51 } 52 53 func TestNamespacePeerAuthDisabledReferences(t *testing.T) { 54 assert := assert.New(t) 55 conf := config.NewConfig() 56 config.Set(conf) 57 58 // Setup mocks 59 references := prepareTestForPeerAuth(getPeerAuth(t, "disable-namespace-mtls", "bookinfo"), 60 getPADestinationRules(t, "bookinfo")) 61 assert.Empty(references.ServiceReferences) 62 63 // Check Workload references empty 64 assert.Empty(references.WorkloadReferences) 65 66 // Check DR and AuthPolicy references 67 assert.Len(references.ObjectReferences, 1) 68 assert.Equal(references.ObjectReferences[0].Name, "disable-namespace") 69 assert.Equal(references.ObjectReferences[0].Namespace, "bookinfo") 70 assert.Equal(references.ObjectReferences[0].ObjectType, "destinationrule") 71 } 72 73 func TestMeshNamespacePeerAuthDisabledReferences(t *testing.T) { 74 assert := assert.New(t) 75 conf := config.NewConfig() 76 config.Set(conf) 77 78 // Setup mocks 79 references := prepareTestForPeerAuth(getPeerAuth(t, "disable-namespace-mtls", "bookinfo"), 80 getPADestinationRules(t, "istio-system")) 81 assert.Empty(references.ServiceReferences) 82 83 // Check Workload references empty 84 assert.Empty(references.WorkloadReferences) 85 86 // Check DR and AuthPolicy references 87 assert.Equal(references.ObjectReferences[0].Name, "disable-mtls") 88 assert.Equal(references.ObjectReferences[0].Namespace, "istio-system") 89 assert.Equal(references.ObjectReferences[0].ObjectType, "destinationrule") 90 } 91 92 func TestMeshPeerAuthEnabledReferences(t *testing.T) { 93 assert := assert.New(t) 94 conf := config.NewConfig() 95 config.Set(conf) 96 97 // Setup mocks 98 references := prepareTestForPeerAuth(getPeerAuth(t, "strict-mesh-mtls", "istio-system"), 99 getPADestinationRules(t, "istio-system")) 100 assert.Empty(references.ServiceReferences) 101 102 // Check Workload references empty 103 assert.Empty(references.WorkloadReferences) 104 105 // Check DR and AuthPolicy references 106 assert.Len(references.ObjectReferences, 1) 107 assert.Equal(references.ObjectReferences[0].Name, "enable-mtls") 108 assert.Equal(references.ObjectReferences[0].Namespace, "istio-system") 109 assert.Equal(references.ObjectReferences[0].ObjectType, "destinationrule") 110 } 111 112 func TestNamespacePeerAuthEnabledReferences(t *testing.T) { 113 assert := assert.New(t) 114 conf := config.NewConfig() 115 config.Set(conf) 116 117 // Setup mocks 118 references := prepareTestForPeerAuth(getPeerAuth(t, "strict-namespace-mtls", "bookinfo"), 119 getPADestinationRules(t, "bookinfo")) 120 assert.Empty(references.ServiceReferences) 121 122 // Check Workload references empty 123 assert.Empty(references.WorkloadReferences) 124 125 // Check DR and AuthPolicy references 126 assert.Len(references.ObjectReferences, 1) 127 assert.Equal(references.ObjectReferences[0].Name, "enable-namespace") 128 assert.Equal(references.ObjectReferences[0].Namespace, "bookinfo") 129 assert.Equal(references.ObjectReferences[0].ObjectType, "destinationrule") 130 } 131 132 func TestMeshNamespacePeerAuthEnabledReferences(t *testing.T) { 133 assert := assert.New(t) 134 conf := config.NewConfig() 135 config.Set(conf) 136 137 // Setup mocks 138 references := prepareTestForPeerAuth(getPeerAuth(t, "strict-namespace-mtls", "bookinfo"), 139 getPADestinationRules(t, "istio-system")) 140 assert.Empty(references.ServiceReferences) 141 142 // Check Workload references empty 143 assert.Empty(references.WorkloadReferences) 144 145 // Check DR and AuthPolicy references 146 assert.Len(references.ObjectReferences, 1) 147 assert.Equal(references.ObjectReferences[0].Name, "enable-mtls") 148 assert.Equal(references.ObjectReferences[0].Namespace, "istio-system") 149 assert.Equal(references.ObjectReferences[0].ObjectType, "destinationrule") 150 } 151 152 func TestMeshPeerAuthWorkloadReferences(t *testing.T) { 153 assert := assert.New(t) 154 conf := config.NewConfig() 155 config.Set(conf) 156 157 // Setup mocks 158 references := prepareTestForPeerAuth(getPeerAuth(t, "permissive-mesh-mtls", "istio-system"), 159 getPADestinationRules(t, "istio-system")) 160 assert.Empty(references.ServiceReferences) 161 assert.Empty(references.ObjectReferences) 162 163 // Check Workload references 164 assert.Len(references.WorkloadReferences, 1) 165 assert.Equal(references.WorkloadReferences[0].Name, "grafana") 166 assert.Equal(references.WorkloadReferences[0].Namespace, "istio-system") 167 } 168 169 func TestNamespacePeerAuthWorkloadReferences(t *testing.T) { 170 assert := assert.New(t) 171 conf := config.NewConfig() 172 config.Set(conf) 173 174 // Setup mocks 175 references := prepareTestForPeerAuth(getPeerAuth(t, "permissive-namespace-mtls", "bookinfo"), 176 getPADestinationRules(t, "bookinfo")) 177 assert.Empty(references.ServiceReferences) 178 assert.Empty(references.ObjectReferences) 179 180 // Check Workload references 181 assert.Len(references.WorkloadReferences, 1) 182 assert.Equal(references.WorkloadReferences[0].Name, "details") 183 assert.Equal(references.WorkloadReferences[0].Namespace, "bookinfo") 184 } 185 186 func getPADestinationRules(t *testing.T, namespace string) []*networking_v1beta1.DestinationRule { 187 loader := yamlFixtureLoader("peer-auth-drs.yaml") 188 err := loader.Load() 189 if err != nil { 190 t.Error("Error loading test data.") 191 } 192 193 return loader.FindDestinationRuleIn(namespace) 194 } 195 196 func getPeerAuth(t *testing.T, name, namespace string) *security_v1beta.PeerAuthentication { 197 loader := yamlFixtureLoader("peer-auth-drs.yaml") 198 err := loader.Load() 199 if err != nil { 200 t.Error("Error loading test data.") 201 } 202 203 return loader.FindPeerAuthentication(name, namespace) 204 }