istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tools/istio-iptables/pkg/config/validation_test.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package config 16 17 import ( 18 "strconv" 19 "strings" 20 "testing" 21 22 "istio.io/istio/pkg/test/util/assert" 23 ) 24 25 func NOwnerGroups(n int) string { 26 var values []string 27 for i := 0; i < n; i++ { 28 values = append(values, strconv.Itoa(i)) 29 } 30 return strings.Join(values, ",") 31 } 32 33 func TestValidateOwnerGroups_Valid(t *testing.T) { 34 cases := []struct { 35 name string 36 include string 37 exclude string 38 }{ 39 { 40 name: "capture all groups", 41 include: "*", 42 }, 43 { 44 name: "capture 63 groups", 45 include: NOwnerGroups(63), // just below the limit 46 }, 47 { 48 name: "capture 64 groups", 49 include: NOwnerGroups(64), // limit 50 }, 51 { 52 name: "capture all but 64 groups", 53 exclude: NOwnerGroups(64), 54 }, 55 { 56 name: "capture all but 65 groups", 57 exclude: NOwnerGroups(65), // we don't have to put a limit on the number of groups to exclude 58 }, 59 { 60 name: "capture all but 1000 groups", 61 exclude: NOwnerGroups(1000), // we don't have to put a limit on the number of groups to exclude 62 }, 63 } 64 for _, tc := range cases { 65 t.Run(tc.name, func(t *testing.T) { 66 err := ValidateOwnerGroups(tc.include, tc.exclude) 67 assert.NoError(t, err) 68 }) 69 } 70 } 71 72 func TestValidateOwnerGroups_Invalid(t *testing.T) { 73 cases := []struct { 74 name string 75 include string 76 exclude string 77 }{ 78 { 79 name: "capture 65 groups", 80 include: NOwnerGroups(65), // just above the limit 81 }, 82 { 83 name: "capture 100 groups", 84 include: NOwnerGroups(100), // above the limit 85 }, 86 } 87 for _, tc := range cases { 88 t.Run(tc.name, func(t *testing.T) { 89 err := ValidateOwnerGroups(tc.include, tc.exclude) 90 assert.Error(t, err) 91 }) 92 } 93 } 94 95 func TestValidateIPv4LoopbackCidr_Valid(t *testing.T) { 96 cases := []struct { 97 name string 98 cidr string 99 }{ 100 { 101 name: "valid IPv4 loopback CIDR", 102 cidr: "127.0.0.1/32", 103 }, 104 } 105 106 for _, tc := range cases { 107 t.Run(tc.name, func(t *testing.T) { 108 err := ValidateIPv4LoopbackCidr(tc.cidr) 109 assert.NoError(t, err) 110 }) 111 } 112 } 113 114 func TestValidateIPv4LoopbackCidr_Invalid(t *testing.T) { 115 cases := []struct { 116 name string 117 cidr string 118 }{ 119 { 120 name: "invalid IPv4 loopback CIDR", 121 cidr: "192.168.1.1/24", 122 }, 123 { 124 name: "invalid CIDR with mask below range", 125 cidr: "10.0.0.1/7", 126 }, 127 { 128 name: "invalid CIDR with mask above range", 129 cidr: "172.16.0.1/40", 130 }, 131 } 132 133 for _, tc := range cases { 134 t.Run(tc.name, func(t *testing.T) { 135 err := ValidateIPv4LoopbackCidr(tc.cidr) 136 assert.Error(t, err) 137 }) 138 } 139 }