github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 14:07:14 +00:00
Code Issues Projects Releases Wiki Activity

Add tweaking functions to TestValidateNetworkPolicy

Browse Source 
Signed-off-by: Daniela Lins <danielamlins@gmail.com>
This commit is contained in:
Daniela Lins 2021-02-13 17:57:04 +01:00
parent 7f083d339f
commit 50d93d989f
1 changed files with 160 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
pkg/apis/networking/validation/validation_test.go
View File

@ -33,12 +33,172 @@ import (
utilpointer "k8s.io/utils/pointer" utilpointer "k8s.io/utils/pointer"
) )
func makeValidNetworkPolicy() *networking.NetworkPolicy {
return &networking.NetworkPolicy{
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Spec: networking.NetworkPolicySpec{
PodSelector: metav1.LabelSelector{
MatchLabels: map[string]string{"a": "b"},
},
},
}
}
func TestValidateNetworkPolicy(t *testing.T) { func TestValidateNetworkPolicy(t *testing.T) {
protocolTCP := api.ProtocolTCP protocolTCP := api.ProtocolTCP
protocolUDP := api.ProtocolUDP protocolUDP := api.ProtocolUDP
protocolICMP := api.Protocol("ICMP") protocolICMP := api.Protocol("ICMP")
protocolSCTP := api.ProtocolSCTP protocolSCTP := api.ProtocolSCTP
endPort := int32(32768) endPort := int32(32768)
// Tweaks used below.
setIngressEmptyIngressRule := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress = []networking.NetworkPolicyIngressRule{}
}
setIngressEmptyFrom := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].From = []networking.NetworkPolicyPeer{}
}
setIngressEmptyPorts := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].Ports = []networking.NetworkPolicyPort{}
}
setIngressPorts := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].Ports = []networking.NetworkPolicyPort{
{
Protocol: nil,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 80},
},
{
Protocol: &protocolTCP,
Port: nil,
},
{
Protocol: &protocolTCP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 443},
},
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.String, StrVal: "dns"},
},
{
Protocol: &protocolSCTP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 7777},
},
}
}
setIngressPortsHigher := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].Ports = []networking.NetworkPolicyPort{
{
Protocol: &protocolTCP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 65535},
EndPort: &endPort,
},
}
}
setIngressFromPodSelector := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].From[0].PodSelector = &metav1.LabelSelector{
MatchLabels: map[string]string{"c": "d"},
}
}
setAlternativeIngressFromPodSelector := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].From[0].PodSelector = &metav1.LabelSelector{
MatchLabels: map[string]string{"e": "f"},
}
}
setIngressFromNamespaceSelector := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].From[0].NamespaceSelector = &metav1.LabelSelector{
MatchLabels: map[string]string{"c": "d"},
}
}
setIngressFromIPBlock := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].From[0].IPBlock = &networking.IPBlock{
CIDR: "192.168.0.0/16",
Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
}
}
setEgressEmptyTo := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].To = []networking.NetworkPolicyPeer{}
}
setEgressToNamespaceSelector := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].To[0].NamespaceSelector =&metav1.LabelSelector{
MatchLabels: map[string]string{"c": "d"},
}
}
setEgressPorts := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{
{
Protocol: nil,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 80},
},
{
Protocol: &protocolTCP,
Port: nil,
},
{
Protocol: &protocolTCP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 443},
},
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.String, StrVal: "dns"},
},
{
Protocol: &protocolSCTP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 7777},
},
}
}
setEgressPortsUDPandHigh := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{
{
Protocol: nil,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 32000},
EndPort: &endPort,
},
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.String, StrVal: "dns"},
},
}
}
setEgressPortsBothHigh := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{
{
Protocol: nil,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 30000},
EndPort: &endPort,
},
{
Protocol: nil,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 32000},
EndPort: &endPort,
},
}
}
setEgressToIPBlock := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].To[0].IPBlock = &networking.IPBlock{
CIDR: "192.168.0.0/16",
Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
}
}
setPolicyTypesIngressEgress := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.PolicyTypes = []networking.PolicyType{networking.PolicyTypeIngress, networking.PolicyTypeEgress}
}
setPolicyTypesEgress := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.PolicyTypes = []networking.PolicyType{networking.PolicyTypeEgress}
}
successCases := []networking.NetworkPolicy{ successCases := []networking.NetworkPolicy{
{ {
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},