k8s.io/kubernetes@v1.29.3/pkg/apis/networking/v1/defaults_test.go (about) 1 /* 2 Copyright 2017 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1_test 18 19 import ( 20 "reflect" 21 "testing" 22 23 networkingv1 "k8s.io/api/networking/v1" 24 apiequality "k8s.io/apimachinery/pkg/api/equality" 25 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 "k8s.io/apimachinery/pkg/runtime" 27 "k8s.io/kubernetes/pkg/api/legacyscheme" 28 _ "k8s.io/kubernetes/pkg/apis/core/install" 29 _ "k8s.io/kubernetes/pkg/apis/networking/install" 30 . "k8s.io/kubernetes/pkg/apis/networking/v1" 31 utilpointer "k8s.io/utils/pointer" 32 ) 33 34 func TestSetDefaultNetworkPolicy(t *testing.T) { 35 tests := []struct { 36 original *networkingv1.NetworkPolicy 37 expected *networkingv1.NetworkPolicy 38 }{ 39 { // Empty NetworkPolicy should be set to PolicyTypes Ingress 40 original: &networkingv1.NetworkPolicy{ 41 Spec: networkingv1.NetworkPolicySpec{ 42 PodSelector: metav1.LabelSelector{ 43 MatchLabels: map[string]string{"a": "b"}, 44 }, 45 }, 46 }, 47 expected: &networkingv1.NetworkPolicy{ 48 Spec: networkingv1.NetworkPolicySpec{ 49 PodSelector: metav1.LabelSelector{ 50 MatchLabels: map[string]string{"a": "b"}, 51 }, 52 PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress}, 53 }, 54 }, 55 }, 56 { // Empty Ingress NetworkPolicy should be set to PolicyTypes Ingress 57 original: &networkingv1.NetworkPolicy{ 58 Spec: networkingv1.NetworkPolicySpec{ 59 PodSelector: metav1.LabelSelector{ 60 MatchLabels: map[string]string{"a": "b"}, 61 }, 62 Ingress: []networkingv1.NetworkPolicyIngressRule{}, 63 }, 64 }, 65 expected: &networkingv1.NetworkPolicy{ 66 Spec: networkingv1.NetworkPolicySpec{ 67 PodSelector: metav1.LabelSelector{ 68 MatchLabels: map[string]string{"a": "b"}, 69 }, 70 Ingress: []networkingv1.NetworkPolicyIngressRule{}, 71 PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress}, 72 }, 73 }, 74 }, 75 { // Defined Ingress and Egress should be set to Ingress,Egress 76 original: &networkingv1.NetworkPolicy{ 77 Spec: networkingv1.NetworkPolicySpec{ 78 PodSelector: metav1.LabelSelector{ 79 MatchLabels: map[string]string{"a": "b"}, 80 }, 81 Ingress: []networkingv1.NetworkPolicyIngressRule{ 82 { 83 From: []networkingv1.NetworkPolicyPeer{ 84 { 85 PodSelector: &metav1.LabelSelector{ 86 MatchLabels: map[string]string{"c": "d"}, 87 }, 88 NamespaceSelector: &metav1.LabelSelector{ 89 MatchLabels: map[string]string{"c": "d"}, 90 }, 91 }, 92 }, 93 }, 94 }, 95 Egress: []networkingv1.NetworkPolicyEgressRule{ 96 { 97 To: []networkingv1.NetworkPolicyPeer{ 98 { 99 NamespaceSelector: &metav1.LabelSelector{ 100 MatchLabels: map[string]string{"c": "d"}, 101 }, 102 }, 103 }, 104 }, 105 }, 106 }, 107 }, 108 expected: &networkingv1.NetworkPolicy{ 109 Spec: networkingv1.NetworkPolicySpec{ 110 PodSelector: metav1.LabelSelector{ 111 MatchLabels: map[string]string{"a": "b"}, 112 }, 113 Ingress: []networkingv1.NetworkPolicyIngressRule{ 114 { 115 From: []networkingv1.NetworkPolicyPeer{ 116 { 117 PodSelector: &metav1.LabelSelector{ 118 MatchLabels: map[string]string{"c": "d"}, 119 }, 120 NamespaceSelector: &metav1.LabelSelector{ 121 MatchLabels: map[string]string{"c": "d"}, 122 }, 123 }, 124 }, 125 }, 126 }, 127 Egress: []networkingv1.NetworkPolicyEgressRule{ 128 { 129 To: []networkingv1.NetworkPolicyPeer{ 130 { 131 NamespaceSelector: &metav1.LabelSelector{ 132 MatchLabels: map[string]string{"c": "d"}, 133 }, 134 }, 135 }, 136 }, 137 }, 138 PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress}, 139 }, 140 }, 141 }, 142 { // Egress only with unset PolicyTypes should be set to Ingress, Egress 143 original: &networkingv1.NetworkPolicy{ 144 Spec: networkingv1.NetworkPolicySpec{ 145 PodSelector: metav1.LabelSelector{ 146 MatchLabels: map[string]string{"a": "b"}, 147 }, 148 Egress: []networkingv1.NetworkPolicyEgressRule{ 149 { 150 To: []networkingv1.NetworkPolicyPeer{ 151 { 152 NamespaceSelector: &metav1.LabelSelector{ 153 MatchLabels: map[string]string{"c": "d"}, 154 }, 155 }, 156 }, 157 }, 158 }, 159 }, 160 }, 161 expected: &networkingv1.NetworkPolicy{ 162 Spec: networkingv1.NetworkPolicySpec{ 163 PodSelector: metav1.LabelSelector{ 164 MatchLabels: map[string]string{"a": "b"}, 165 }, 166 Egress: []networkingv1.NetworkPolicyEgressRule{ 167 { 168 To: []networkingv1.NetworkPolicyPeer{ 169 { 170 NamespaceSelector: &metav1.LabelSelector{ 171 MatchLabels: map[string]string{"c": "d"}, 172 }, 173 }, 174 }, 175 }, 176 }, 177 PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress}, 178 }, 179 }, 180 }, 181 { // Egress only with PolicyTypes set to Egress should be set to only Egress 182 original: &networkingv1.NetworkPolicy{ 183 Spec: networkingv1.NetworkPolicySpec{ 184 PodSelector: metav1.LabelSelector{ 185 MatchLabels: map[string]string{"a": "b"}, 186 }, 187 Egress: []networkingv1.NetworkPolicyEgressRule{ 188 { 189 To: []networkingv1.NetworkPolicyPeer{ 190 { 191 NamespaceSelector: &metav1.LabelSelector{ 192 MatchLabels: map[string]string{"Egress": "only"}, 193 }, 194 }, 195 }, 196 }, 197 }, 198 PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, 199 }, 200 }, 201 expected: &networkingv1.NetworkPolicy{ 202 Spec: networkingv1.NetworkPolicySpec{ 203 PodSelector: metav1.LabelSelector{ 204 MatchLabels: map[string]string{"a": "b"}, 205 }, 206 Egress: []networkingv1.NetworkPolicyEgressRule{ 207 { 208 To: []networkingv1.NetworkPolicyPeer{ 209 { 210 NamespaceSelector: &metav1.LabelSelector{ 211 MatchLabels: map[string]string{"Egress": "only"}, 212 }, 213 }, 214 }, 215 }, 216 }, 217 PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, 218 }, 219 }, 220 }, 221 } 222 223 for i, test := range tests { 224 original := test.original 225 expected := test.expected 226 obj2 := roundTrip(t, runtime.Object(original)) 227 got, ok := obj2.(*networkingv1.NetworkPolicy) 228 if !ok { 229 t.Errorf("(%d) unexpected object: %v", i, got) 230 t.FailNow() 231 } 232 if !apiequality.Semantic.DeepEqual(got.Spec, expected.Spec) { 233 t.Errorf("(%d) got different than expected\ngot:\n\t%+v\nexpected:\n\t%+v", i, got.Spec, expected.Spec) 234 } 235 } 236 } 237 238 func TestSetDefaultsForIngressClassParametersReference(t *testing.T) { 239 tests := []struct { 240 name string 241 original *networkingv1.IngressClass 242 expected *networkingv1.IngressClass 243 }{ 244 { 245 name: "populated parameters sets the default Scope", 246 original: &networkingv1.IngressClass{ 247 Spec: networkingv1.IngressClassSpec{ 248 Controller: "controller", 249 Parameters: &networkingv1.IngressClassParametersReference{ 250 Kind: "k", 251 Name: "n", 252 }, 253 }, 254 }, 255 expected: &networkingv1.IngressClass{ 256 Spec: networkingv1.IngressClassSpec{ 257 Controller: "controller", 258 Parameters: &networkingv1.IngressClassParametersReference{ 259 Kind: "k", 260 Name: "n", 261 Scope: utilpointer.String(networkingv1.IngressClassParametersReferenceScopeCluster), 262 }, 263 }, 264 }, 265 }, 266 { 267 name: "existing scope is not overridden", 268 original: &networkingv1.IngressClass{ 269 Spec: networkingv1.IngressClassSpec{ 270 Controller: "controller", 271 Parameters: &networkingv1.IngressClassParametersReference{ 272 Kind: "k", 273 Name: "n", 274 Scope: utilpointer.String(networkingv1.IngressClassParametersReferenceScopeNamespace), 275 Namespace: utilpointer.String("foo-ns"), 276 }, 277 }, 278 }, 279 expected: &networkingv1.IngressClass{ 280 Spec: networkingv1.IngressClassSpec{ 281 Controller: "controller", 282 Parameters: &networkingv1.IngressClassParametersReference{ 283 Kind: "k", 284 Name: "n", 285 Scope: utilpointer.String(networkingv1.IngressClassParametersReferenceScopeNamespace), 286 Namespace: utilpointer.String("foo-ns"), 287 }, 288 }, 289 }, 290 }, 291 { 292 name: "empty Parameters does not set the default Scope", 293 original: &networkingv1.IngressClass{ 294 Spec: networkingv1.IngressClassSpec{ 295 Controller: "controller", 296 }, 297 }, 298 expected: &networkingv1.IngressClass{ 299 Spec: networkingv1.IngressClassSpec{ 300 Controller: "controller", 301 }, 302 }, 303 }, 304 } 305 306 for _, test := range tests { 307 t.Run(test.name, func(t *testing.T) { 308 original := test.original 309 expected := test.expected 310 obj2 := roundTrip(t, runtime.Object(original)) 311 got, ok := obj2.(*networkingv1.IngressClass) 312 if !ok { 313 t.Errorf("unexpected object: %v", got) 314 t.FailNow() 315 } 316 if !apiequality.Semantic.DeepEqual(got.Spec, expected.Spec) { 317 t.Errorf("got different than expected\ngot:\n\t%+v\nexpected:\n\t%+v", got.Spec, expected.Spec) 318 } 319 }) 320 } 321 } 322 323 func roundTrip(t *testing.T, obj runtime.Object) runtime.Object { 324 t.Helper() 325 data, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(SchemeGroupVersion), obj) 326 if err != nil { 327 t.Errorf("%v\n %#v", err, obj) 328 return nil 329 } 330 obj2, err := runtime.Decode(legacyscheme.Codecs.UniversalDecoder(), data) 331 if err != nil { 332 t.Errorf("%v\nData: %s\nSource: %#v", err, string(data), obj) 333 return nil 334 } 335 obj3 := reflect.New(reflect.TypeOf(obj).Elem()).Interface().(runtime.Object) 336 err = legacyscheme.Scheme.Convert(obj2, obj3, nil) 337 if err != nil { 338 t.Errorf("%v\nSource: %#v", err, obj2) 339 return nil 340 } 341 return obj3 342 }