114 lines
2.9 KiB
Go
114 lines
2.9 KiB
Go
/*
|
|
Copyright 2021 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package networkpolicy
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/util/intstr"
|
|
api "k8s.io/kubernetes/pkg/apis/core"
|
|
"k8s.io/kubernetes/pkg/apis/networking"
|
|
)
|
|
|
|
func makeNetworkPolicy(isIngress, isEgress, hasEndPort bool) *networking.NetworkPolicy {
|
|
|
|
protocolTCP := api.ProtocolTCP
|
|
endPort := int32(32000)
|
|
netPol := &networking.NetworkPolicy{
|
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar", Generation: 0},
|
|
Spec: networking.NetworkPolicySpec{
|
|
PodSelector: metav1.LabelSelector{
|
|
MatchLabels: map[string]string{"a": "b"},
|
|
},
|
|
},
|
|
}
|
|
egress := networking.NetworkPolicyEgressRule{
|
|
To: []networking.NetworkPolicyPeer{
|
|
{
|
|
NamespaceSelector: &metav1.LabelSelector{
|
|
MatchLabels: map[string]string{"c": "d"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
ingress := networking.NetworkPolicyIngressRule{
|
|
From: []networking.NetworkPolicyPeer{
|
|
{
|
|
NamespaceSelector: &metav1.LabelSelector{
|
|
MatchLabels: map[string]string{"c": "d"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
ports := []networking.NetworkPolicyPort{
|
|
{
|
|
Protocol: &protocolTCP,
|
|
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 31000},
|
|
},
|
|
}
|
|
|
|
ingress.Ports = ports
|
|
egress.Ports = ports
|
|
|
|
if hasEndPort {
|
|
ingress.Ports[0].EndPort = &endPort
|
|
egress.Ports[0].EndPort = &endPort
|
|
}
|
|
|
|
if isIngress {
|
|
netPol.Spec.Ingress = append(netPol.Spec.Ingress, ingress)
|
|
}
|
|
|
|
if isEgress {
|
|
netPol.Spec.Egress = append(netPol.Spec.Egress, egress)
|
|
}
|
|
|
|
return netPol
|
|
}
|
|
|
|
func TestNetworkPolicyStrategy(t *testing.T) {
|
|
|
|
// Create a Network Policy containing EndPort defined to compare with the generated by the tests
|
|
netPol := makeNetworkPolicy(true, true, false)
|
|
|
|
Strategy.PrepareForCreate(context.Background(), netPol)
|
|
|
|
if netPol.Generation != 1 {
|
|
t.Errorf("Create: Test failed. Network Policy Generation should be 1, got %d",
|
|
netPol.Generation)
|
|
}
|
|
|
|
errs := Strategy.Validate(context.Background(), netPol)
|
|
if len(errs) != 0 {
|
|
t.Errorf("Unexpected error from validation for created Network Policy: %v", errs)
|
|
}
|
|
|
|
updatedNetPol := makeNetworkPolicy(true, true, true)
|
|
updatedNetPol.ObjectMeta.SetResourceVersion("1")
|
|
Strategy.PrepareForUpdate(context.Background(), updatedNetPol, netPol)
|
|
|
|
errs = Strategy.ValidateUpdate(context.Background(), updatedNetPol, netPol)
|
|
if len(errs) != 0 {
|
|
t.Errorf("Unexpected error from validation for updated Network Policy: %v", errs)
|
|
}
|
|
|
|
}
|