github.phpd.cn/cilium/cilium@v1.6.12/pkg/identity/cache/cache_test.go

github.phpd.cn/cilium/cilium@v1.6.12/pkg/identity/cache/cache_test.go (about)

     1  // Copyright 2018 Authors of Cilium
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // +build !privileged_tests
    16  
    17  package cache
    18  
    19  import (
    20  	"testing"
    21  
    22  	"github.com/cilium/cilium/pkg/identity"
    23  	"github.com/cilium/cilium/pkg/labels"
    24  	"github.com/cilium/cilium/pkg/option"
    25  
    26  	. "gopkg.in/check.v1"
    27  )
    28  
    29  var (
    30  	kvstoreLabels = labels.NewLabelsFromModel([]string{
    31  		"k8s:app=etcd",
    32  		"k8s:etcd_cluster=cilium-etcd",
    33  		"k8s:io.cilium/app=etcd-operator",
    34  		"k8s:io.kubernetes.pod.namespace=kube-system",
    35  		"k8s:io.cilium.k8s.policy.serviceaccount=default",
    36  		"k8s:io.cilium.k8s.policy.cluster=default",
    37  	})
    38  )
    39  
    40  // Hook up gocheck into the "go test" runner.
    41  func Test(t *testing.T) {
    42  	TestingT(t)
    43  }
    44  
    45  type IdentityCacheTestSuite struct{}
    46  
    47  var _ = Suite(&IdentityCacheTestSuite{})
    48  
    49  func (s *IdentityCacheTestSuite) SetUpTest(c *C) {
    50  	option.Config.K8sNamespace = "kube-system"
    51  }
    52  
    53  func (s *IdentityCacheTestSuite) TestLookupReservedIdentity(c *C) {
    54  	bak := option.Config.ClusterName
    55  	option.Config.ClusterName = "default"
    56  	defer func() {
    57  		option.Config.ClusterName = bak
    58  	}()
    59  
    60  	hostID := identity.GetReservedID("host")
    61  	c.Assert(LookupIdentityByID(hostID), Not(IsNil))
    62  
    63  	id := LookupIdentity(labels.NewLabelsFromModel([]string{"reserved:host"}))
    64  	c.Assert(id, Not(IsNil))
    65  	c.Assert(id.ID, Equals, hostID)
    66  
    67  	worldID := identity.GetReservedID("world")
    68  	c.Assert(LookupIdentityByID(worldID), Not(IsNil))
    69  
    70  	id = LookupIdentity(labels.NewLabelsFromModel([]string{"reserved:world"}))
    71  	c.Assert(id, Not(IsNil))
    72  	c.Assert(id.ID, Equals, worldID)
    73  
    74  	identity.InitWellKnownIdentities()
    75  
    76  	id = LookupIdentity(kvstoreLabels)
    77  	c.Assert(id, Not(IsNil))
    78  	c.Assert(id.ID, Equals, identity.ReservedCiliumKVStore)
    79  }
    80  
    81  func (s *IdentityCacheTestSuite) TestLookupReservedIdentityByLabels(c *C) {
    82  	ni, err := identity.ParseNumericIdentity("129")
    83  	c.Assert(err, IsNil)
    84  	identity.AddUserDefinedNumericIdentity(ni, "kvstore")
    85  	identity.AddReservedIdentity(ni, "kvstore")
    86  
    87  	type args struct {
    88  		lbls labels.Labels
    89  	}
    90  	tests := []struct {
    91  		name string
    92  		args args
    93  		want *identity.Identity
    94  	}{
    95  		{
    96  			name: "fixed-identity",
    97  			args: args{
    98  				lbls: labels.Labels{labels.LabelKeyFixedIdentity: labels.ParseLabel(labels.LabelKeyFixedIdentity + "=" + "kvstore")},
    99  			},
   100  			want: identity.NewIdentity(ni, labels.Labels{"kvstore": labels.NewLabel("kvstore", "", labels.LabelSourceReserved)}),
   101  		},
   102  		{
   103  			name: "non-existing-fixed-identity",
   104  			args: args{
   105  				lbls: labels.Labels{labels.LabelKeyFixedIdentity: labels.ParseLabel(labels.LabelKeyFixedIdentity + "=" + "kube-dns")},
   106  			},
   107  			want: nil,
   108  		},
   109  		{
   110  			name: "reserved-identity",
   111  			args: args{
   112  				lbls: labels.Labels{labels.LabelSourceReserved: labels.NewLabel(labels.LabelSourceReservedKeyPrefix+"host", "", labels.LabelSourceReserved)},
   113  			},
   114  			want: identity.NewIdentity(identity.ReservedIdentityHost, labels.Labels{"host": labels.ParseLabel("reserved:host")}),
   115  		},
   116  		{
   117  			name: "reserved-identity+other-labels",
   118  			args: args{
   119  				lbls: labels.Labels{
   120  					labels.LabelSourceReserved: labels.ParseLabel("reserved:host"),
   121  					"id.foo":                   labels.ParseLabel("id.foo"),
   122  				},
   123  			},
   124  			want: nil,
   125  		},
   126  		{
   127  			name: "well-known-kvstore",
   128  			args: args{
   129  				lbls: kvstoreLabels,
   130  			},
   131  			want: identity.NewIdentity(identity.ReservedCiliumKVStore, kvstoreLabels),
   132  		},
   133  	}
   134  
   135  	for _, tt := range tests {
   136  		got := LookupReservedIdentityByLabels(tt.args.lbls)
   137  		switch {
   138  		case got == nil && tt.want == nil:
   139  		case got == nil && tt.want != nil ||
   140  			got != nil && tt.want == nil ||
   141  			got.ID != tt.want.ID:
   142  
   143  			c.Errorf("test %s: LookupReservedIdentityByLabels() = %v, want %v", tt.name, got, tt.want)
   144  		}
   145  	}
   146  }