github.com/zhyoulun/cilium@v1.6.12/pkg/policy/cidr_test.go (about) 1 // Copyright 2018 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // +build !privileged_tests 16 17 package policy 18 19 import ( 20 "net" 21 22 "github.com/cilium/cilium/pkg/checker" 23 "github.com/cilium/cilium/pkg/labels" 24 "github.com/cilium/cilium/pkg/policy/api" 25 26 . "gopkg.in/check.v1" 27 ) 28 29 func (ds *PolicyTestSuite) TestgetPrefixesFromCIDR(c *C) { 30 inputToCIDRString := map[string]string{ 31 "0.0.0.0/0": "0.0.0.0/0", 32 "192.0.2.3": "192.0.2.3/32", 33 "192.0.2.3/32": "192.0.2.3/32", 34 "192.0.2.3/24": "192.0.2.0/24", 35 "192.0.2.0/24": "192.0.2.0/24", 36 "::/0": "::/0", 37 "fdff::ff": "fdff::ff/128", 38 } 39 expected := []*net.IPNet{} 40 inputs := []api.CIDR{} 41 for ruleStr, cidr := range inputToCIDRString { 42 _, net, err := net.ParseCIDR(cidr) 43 c.Assert(err, IsNil) 44 expected = append(expected, net) 45 inputs = append(inputs, api.CIDR(ruleStr)) 46 } 47 result := getPrefixesFromCIDR(inputs) 48 c.Assert(result, checker.DeepEquals, expected) 49 } 50 51 func (ds *PolicyTestSuite) TestGetCIDRPrefixes(c *C) { 52 rules := api.Rules{ 53 &api.Rule{ 54 EndpointSelector: api.NewESFromLabels(labels.ParseSelectLabel("bar")), 55 Ingress: []api.IngressRule{ 56 { 57 FromCIDR: []api.CIDR{ 58 "192.0.2.0/24", 59 }, 60 }, 61 }, 62 Egress: []api.EgressRule{ 63 { 64 ToCIDR: []api.CIDR{ 65 "192.0.2.0/24", 66 "192.0.3.0/24", 67 }, 68 }, 69 }, 70 }, 71 } 72 73 // We have three CIDR instances in the ruleset, check that all exist 74 expectedCIDRStrings := []string{ 75 "192.0.2.0/24", 76 "192.0.2.0/24", 77 "192.0.3.0/24", 78 } 79 expectedCIDRs := []*net.IPNet{} 80 for _, ipStr := range expectedCIDRStrings { 81 _, cidr, err := net.ParseCIDR(ipStr) 82 c.Assert(err, IsNil) 83 expectedCIDRs = append(expectedCIDRs, cidr) 84 } 85 c.Assert(GetCIDRPrefixes(rules), checker.DeepEquals, expectedCIDRs) 86 87 // Now, test with CIDRSets. 88 rules = api.Rules{ 89 &api.Rule{ 90 EndpointSelector: api.NewESFromLabels(labels.ParseSelectLabel("bar")), 91 Ingress: []api.IngressRule{ 92 { 93 FromCIDRSet: []api.CIDRRule{ 94 { 95 Cidr: "192.0.2.0/24", 96 ExceptCIDRs: []api.CIDR{"192.0.2.128/25"}, 97 }, 98 }, 99 }, 100 }, 101 Egress: []api.EgressRule{ 102 { 103 ToCIDRSet: []api.CIDRRule{ 104 { 105 Cidr: "10.0.0.0/8", 106 ExceptCIDRs: []api.CIDR{"10.0.0.0/16"}, 107 }, 108 }, 109 }, 110 }, 111 }, 112 } 113 114 // Once exceptions apply, here are the list of CIDRs. 115 expectedCIDRStrings = []string{ 116 "192.0.2.0/25", 117 // Not "192.0.2.128/25", 118 "10.128.0.0/9", 119 "10.64.0.0/10", 120 "10.32.0.0/11", 121 "10.16.0.0/12", 122 "10.8.0.0/13", 123 "10.4.0.0/14", 124 "10.2.0.0/15", 125 "10.1.0.0/16", 126 // Not "10.0.0.0/16", 127 } 128 expectedCIDRs = []*net.IPNet{} 129 for _, ipStr := range expectedCIDRStrings { 130 _, cidr, err := net.ParseCIDR(ipStr) 131 c.Assert(err, IsNil) 132 expectedCIDRs = append(expectedCIDRs, cidr) 133 } 134 c.Assert(GetCIDRPrefixes(rules), checker.DeepEquals, expectedCIDRs) 135 }