github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 23:37:01 +00:00
Code Issues Projects Releases Wiki Activity

Add IPV6 IPBlock to success cases

Browse Source 
Signed-off-by: Daniela Lins <danielamlins@gmail.com>
This commit is contained in:
Daniela Lins 2021-02-17 23:02:57 +01:00
parent 77da0540e6
commit 8572c973d8
1 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
pkg/apis/networking/validation/validation_test.go
View File

@ -58,10 +58,8 @@ func TestValidateNetworkPolicy(t *testing.T) {
protocolICMP := api.Protocol("ICMP")
protocolSCTP := api.ProtocolSCTP
endPort := int32(32768)
// Tweaks used below.
// setIngressEmptyIngressRule := func(networkPolicy *networking.NetworkPolicy) {
// networkPolicy.Spec.Ingress = []networking.NetworkPolicyIngressRule{}
// }
setIngressEmptyFirstElement := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress = []networking.NetworkPolicyIngressRule{networking.NetworkPolicyIngressRule{}}
}
@ -141,23 +139,15 @@ func TestValidateNetworkPolicy(t *testing.T) {
setIngressFromIPBlockIPV6 := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Ingress[0].From[0].IPBlock = &networking.IPBlock{
CIDR: "fd00:192:168::/64",
CIDR: "fd00:192:168::/48",
Except: []string{"fd00:192:168:3::/64", "fd00:192:168:4::/64"},
}
}
// setEgressEmptyEgressRule := func(networkPolicy *networking.NetworkPolicy) {
// networkPolicy.Spec.Egress = []networking.NetworkPolicyEgressRule{}
// }
setEgressEmptyFirstElement := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress = []networking.NetworkPolicyEgressRule{networking.NetworkPolicyEgressRule{}}
}
// setEgressEmptyTo := func(networkPolicy *networking.NetworkPolicy) {
// networkPolicy.Spec.Egress[0].To = []networking.NetworkPolicyPeer{}
// }
setEgressToEmptyFirstElement := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].To = []networking.NetworkPolicyPeer{networking.NetworkPolicyPeer{}}
}
@ -174,6 +164,20 @@ func TestValidateNetworkPolicy(t *testing.T) {
}
}
setEgressToIPBlock := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].To[0].IPBlock = &networking.IPBlock{
CIDR: "192.168.0.0/16",
Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
}
}
setEgressToIPBlockIPV6 := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].To[0].IPBlock = &networking.IPBlock{
CIDR: "fd00:192:168::/48",
Except: []string{"fd00:192:168:3::/64", "fd00:192:168:4::/64"},
}
}
setEgressPorts := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].Ports = []networking.NetworkPolicyPort{
{
@ -228,21 +232,14 @@ func TestValidateNetworkPolicy(t *testing.T) {
}
}
setEgressToIPBlock := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.Egress[0].To[0].IPBlock = &networking.IPBlock{
CIDR: "192.168.0.0/16",
Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
}
setPolicyTypesEgress := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.PolicyTypes = []networking.PolicyType{networking.PolicyTypeEgress}
}
setPolicyTypesIngressEgress := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.PolicyTypes = []networking.PolicyType{networking.PolicyTypeIngress, networking.PolicyTypeEgress}
}
setPolicyTypesEgress := func(networkPolicy *networking.NetworkPolicy) {
networkPolicy.Spec.PolicyTypes = []networking.PolicyType{networking.PolicyTypeEgress}
}
successCases := []*networking.NetworkPolicy{
makeNetworkPolicyCustom(setIngressEmptyFirstElement),
makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressEmptyFrom, setIngressEmptyPorts),
@ -255,10 +252,10 @@ func TestValidateNetworkPolicy(t *testing.T) {
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlock, setPolicyTypesEgress),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlock, setPolicyTypesIngressEgress),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressPorts),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock),
makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlock),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlock, setPolicyTypesEgress),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlock, setPolicyTypesIngressEgress),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlockIPV6),
makeNetworkPolicyCustom(setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setIngressFromIPBlockIPV6),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlockIPV6, setPolicyTypesEgress),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToIPBlockIPV6, setPolicyTypesIngressEgress),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressPortsUDPandHigh),
makeNetworkPolicyCustom(setEgressEmptyFirstElement, setEgressToEmptyFirstElement, setEgressToNamespaceSelector, setEgressPortsBothHigh, setIngressEmptyFirstElement, setIngressFromEmptyFirstElement, setAlternativeIngressFromPodSelector, setIngressPortsHigher),
}