github.com/verrazzano/verrazzano@v1.7.0/platform-operator/internal/k8s/netpolicy/netpolicy_test.go

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/internal/k8s/netpolicy/netpolicy_test.go (about)

     1  // Copyright (c) 2021, 2022, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package netpolicy
     5  
     6  import (
     7  	"context"
     8  	"k8s.io/apimachinery/pkg/util/intstr"
     9  	"testing"
    10  
    11  	"github.com/stretchr/testify/assert"
    12  	"github.com/verrazzano/verrazzano/platform-operator/constants"
    13  	netv1 "k8s.io/api/networking/v1"
    14  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    15  	k8sfake "k8s.io/client-go/kubernetes/fake"
    16  	k8scheme "k8s.io/client-go/kubernetes/scheme"
    17  	"sigs.k8s.io/controller-runtime/pkg/client"
    18  	ctrlfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
    19  	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
    20  )
    21  
    22  // TestCreateNetworkPolicies tests creating network policies for the operator.
    23  // GIVEN a call to CreateOrUpdateNetworkPolicies
    24  // WHEN the network policies do not exist
    25  // THEN the network policies are created
    26  func TestCreateNetworkPolicies(t *testing.T) {
    27  	asserts := assert.New(t)
    28  	mockClient := ctrlfake.NewClientBuilder().WithScheme(k8scheme.Scheme).Build()
    29  
    30  	// create the network policy
    31  	opResult, errors := CreateOrUpdateNetworkPolicies(k8sfake.NewSimpleClientset(), mockClient)
    32  	asserts.Empty(errors)
    33  	asserts.Contains(opResult, controllerutil.OperationResultCreated)
    34  
    35  	// fetch the policy and make sure the spec matches what we expect
    36  	netPolicy := &netv1.NetworkPolicy{}
    37  	err := mockClient.Get(context.TODO(), client.ObjectKey{Namespace: constants.VerrazzanoInstallNamespace, Name: networkPolicyPodName}, netPolicy)
    38  	asserts.NoError(err)
    39  
    40  	expectedNetPolicies := newNetworkPolicies()
    41  	var expectedSpecs []netv1.NetworkPolicySpec
    42  	for _, netpol := range expectedNetPolicies {
    43  		expectedSpecs = append(expectedSpecs, netpol.Spec)
    44  	}
    45  	asserts.Contains(expectedSpecs, netPolicy.Spec)
    46  }
    47  
    48  // TestUpdateNetworkPolicies tests updating network policies for the operator.
    49  // GIVEN a call to CreateOrUpdateNetworkPolicies
    50  // WHEN the network policies already exist
    51  // THEN the network policies are updated
    52  func TestUpdateNetworkPolicies(t *testing.T) {
    53  	asserts := assert.New(t)
    54  	port := intstr.FromInt(9100)
    55  	netpol := &netv1.NetworkPolicy{
    56  		TypeMeta: metav1.TypeMeta{
    57  			APIVersion: networkPolicyAPIVersion,
    58  			Kind:       networkPolicyKind,
    59  		},
    60  		ObjectMeta: metav1.ObjectMeta{
    61  			Namespace: constants.VerrazzanoInstallNamespace,
    62  			Name:      networkPolicyPodName,
    63  		},
    64  		Spec: netv1.NetworkPolicySpec{
    65  			PodSelector: metav1.LabelSelector{
    66  				MatchLabels: map[string]string{
    67  					podAppLabel: networkPolicyPodName,
    68  				},
    69  			},
    70  			PolicyTypes: []netv1.PolicyType{
    71  				netv1.PolicyTypeIngress,
    72  				netv1.PolicyTypeEgress,
    73  			},
    74  			Egress: []netv1.NetworkPolicyEgressRule{
    75  				{
    76  					Ports: []netv1.NetworkPolicyPort{
    77  						{
    78  							Port: &port,
    79  						},
    80  					},
    81  				},
    82  			},
    83  			Ingress: []netv1.NetworkPolicyIngressRule{
    84  				{
    85  					From: []netv1.NetworkPolicyPeer{
    86  						{
    87  							NamespaceSelector: &metav1.LabelSelector{
    88  								MatchLabels: map[string]string{
    89  									verrazzanoNamespaceLabel: constants.VerrazzanoMonitoringNamespace,
    90  								},
    91  							},
    92  							PodSelector: &metav1.LabelSelector{
    93  								MatchLabels: map[string]string{
    94  									appNameLabel: constants.PrometheusStorageLabelValue,
    95  								},
    96  							},
    97  						},
    98  					},
    99  				},
   100  			},
   101  		},
   102  	}
   103  
   104  	mockClient := ctrlfake.NewClientBuilder().WithScheme(k8scheme.Scheme).WithObjects(netpol).Build()
   105  
   106  	// this call should update the network policy
   107  	opResult, errors := CreateOrUpdateNetworkPolicies(k8sfake.NewSimpleClientset(), mockClient)
   108  	asserts.Empty(errors)
   109  	asserts.Contains(opResult, controllerutil.OperationResultUpdated)
   110  
   111  	// fetch the policy and make sure the spec matches what we expect
   112  	netPolicy := &netv1.NetworkPolicy{}
   113  	err := mockClient.Get(context.TODO(), client.ObjectKey{Namespace: constants.VerrazzanoInstallNamespace, Name: networkPolicyPodName}, netPolicy)
   114  	asserts.NoError(err)
   115  
   116  	expectedNetPolicies := newNetworkPolicies()
   117  	var expectedSpecs []netv1.NetworkPolicySpec
   118  	for _, netpol := range expectedNetPolicies {
   119  		expectedSpecs = append(expectedSpecs, netpol.Spec)
   120  	}
   121  	asserts.Contains(expectedSpecs, netPolicy.Spec)
   122  }