github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

add api e2e test for port ranges of netpolices

Browse Source
This commit is contained in:
jornshen 2021-03-04 20:39:47 +08:00
parent edc7f023a4
commit 90e215dfd2
2 changed files with 88 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
test/e2e/network/netpol/network_policy_api.go
View File

@ -23,6 +23,7 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apimachinery/pkg/watch" "k8s.io/apimachinery/pkg/watch"
@ -50,37 +51,24 @@ var _ = common.SIGDescribe("Netpol API", func() {
ns := f.Namespace.Name ns := f.Namespace.Name
npVersion := "v1" npVersion := "v1"
npClient := f.ClientSet.NetworkingV1().NetworkPolicies(ns) npClient := f.ClientSet.NetworkingV1().NetworkPolicies(ns)
npTemplate := &networkingv1.NetworkPolicy{
ObjectMeta: metav1.ObjectMeta{ namespaceSelector := &metav1.LabelSelector{
GenerateName: "e2e-example-netpol", MatchLabels: map[string]string{
Labels: map[string]string{ "ns-name": "pod-b",
"special-label": f.UniqueName,
},
},
Spec: networkingv1.NetworkPolicySpec{
// Apply this policy to the Server
PodSelector: metav1.LabelSelector{
MatchLabels: map[string]string{
"pod-name": "test-pod",
},
},
// Allow traffic only from client-a in namespace-b
Ingress: []networkingv1.NetworkPolicyIngressRule{{
From: []networkingv1.NetworkPolicyPeer{{
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"ns-name": "pod-b",
},
},
PodSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"pod-name": "client-a",
},
},
}},
}},
}, },
} }
podSelector := &metav1.LabelSelector{
MatchLabels: map[string]string{
"pod-name": "client-a",
},
}
ingressRule := networkingv1.NetworkPolicyIngressRule{}
ingressRule.From = append(ingressRule.From, networkingv1.NetworkPolicyPeer{PodSelector: podSelector, NamespaceSelector: namespaceSelector})
npTemplate := GenNetworkPolicy(SetGenerateName("e2e-example-netpol"),
SetObjectMetaLabel(map[string]string{"special-label": f.UniqueName}),
SetSpecPodSelectorMatchLabels(map[string]string{"pod-name": "test-pod"}),
SetSpecIngressRules(ingressRule))
// Discovery // Discovery
ginkgo.By("getting /apis") ginkgo.By("getting /apis")
{ {
@ -209,4 +197,63 @@ var _ = common.SIGDescribe("Netpol API", func() {
framework.ExpectNoError(err) framework.ExpectNoError(err)
framework.ExpectEqual(len(nps.Items), 0, "filtered list should have 0 items") framework.ExpectEqual(len(nps.Items), 0, "filtered list should have 0 items")
}) })
/*
Release: v1.21
Testname: NetworkPolicy support EndPort Field
Description:
- EndPort field cannot be defined if the Port field is not defined
- EndPort field cannot be defined if the Port field is defined as a named (string) port.
- EndPort field must be equal or greater than port.
*/
ginkgo.It("should support creating NetworkPolicy API with endport field [Feature:NetworkPolicyEndPort]", func() {
ns := f.Namespace.Name
npClient := f.ClientSet.NetworkingV1().NetworkPolicies(ns)
ginkgo.By("EndPort field cannot be defined if the Port field is not defined.")
var endport int32 = 20000
egressRule := networkingv1.NetworkPolicyEgressRule{}
egressRule.Ports = append(egressRule.Ports, networkingv1.NetworkPolicyPort{EndPort: &endport})
npTemplate := GenNetworkPolicy(SetGenerateName("e2e-example-netpol-endport-validate"),
SetObjectMetaLabel(map[string]string{"special-label": f.UniqueName}),
SetSpecPodSelectorMatchLabels(map[string]string{"pod-name": "test-pod"}),
SetSpecEgressRules(egressRule))
_, err := npClient.Create(context.TODO(), npTemplate, metav1.CreateOptions{})
framework.ExpectError(err, "request template:%v", npTemplate)
ginkgo.By("EndPort field cannot be defined if the Port field is defined as a named (string) port.")
egressRule = networkingv1.NetworkPolicyEgressRule{}
egressRule.Ports = append(egressRule.Ports, networkingv1.NetworkPolicyPort{Port: &intstr.IntOrString{Type: intstr.String, StrVal: "serve-80"}, EndPort: &endport})
npTemplate.Spec.Egress = []networkingv1.NetworkPolicyEgressRule{egressRule}
_, err = npClient.Create(context.TODO(), npTemplate, metav1.CreateOptions{})
framework.ExpectError(err, "request template:%v", npTemplate)
ginkgo.By("EndPort field must be equal or greater than port.")
ginkgo.By("When EndPort field is smaller than port, it will failed")
egressRule = networkingv1.NetworkPolicyEgressRule{}
egressRule.Ports = append(egressRule.Ports, networkingv1.NetworkPolicyPort{Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 30000}, EndPort: &endport})
npTemplate.Spec.Egress = []networkingv1.NetworkPolicyEgressRule{egressRule}
_, err = npClient.Create(context.TODO(), npTemplate, metav1.CreateOptions{})
framework.ExpectError(err, "request template:%v", npTemplate)
ginkgo.By("EndPort field is equal with port.")
egressRule.Ports[0].Port = &intstr.IntOrString{Type: intstr.Int, IntVal: 20000}
npTemplate.Spec.Egress = []networkingv1.NetworkPolicyEgressRule{egressRule}
_, err = npClient.Create(context.TODO(), npTemplate, metav1.CreateOptions{})
framework.ExpectNoError(err, "request template:%v", npTemplate)
ginkgo.By("EndPort field is greater than port.")
egressRule = networkingv1.NetworkPolicyEgressRule{}
egressRule.Ports = append(egressRule.Ports, networkingv1.NetworkPolicyPort{Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 10000}, EndPort: &endport})
npTemplate.Spec.Egress = []networkingv1.NetworkPolicyEgressRule{egressRule}
_, err = npClient.Create(context.TODO(), npTemplate, metav1.CreateOptions{})
framework.ExpectNoError(err, "request template:%v", npTemplate)
ginkgo.By("deleting all test collection")
err = npClient.DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector: "special-label=" + f.UniqueName})
framework.ExpectNoError(err)
nps, err := npClient.List(context.TODO(), metav1.ListOptions{LabelSelector: "special-label=" + f.UniqueName})
framework.ExpectNoError(err)
framework.ExpectEqual(len(nps.Items), 0, "filtered list should be 0 items")
})
}) })

12
test/e2e/network/netpol/policies.go
View File

@ -47,6 +47,18 @@ func SetObjectMetaName(name string) SetFunc {
} }
} }
func SetGenerateName(name string) SetFunc {
return func(policy *networkingv1.NetworkPolicy) {
policy.ObjectMeta.GenerateName = name
}
}
func SetObjectMetaLabel(targetLabels map[string]string) SetFunc {
return func(policy *networkingv1.NetworkPolicy) {
policy.ObjectMeta.Labels = targetLabels
}
}
func SetSpecPodSelector(targetSelector metav1.LabelSelector) SetFunc { func SetSpecPodSelector(targetSelector metav1.LabelSelector) SetFunc {
return func(policy *networkingv1.NetworkPolicy) { return func(policy *networkingv1.NetworkPolicy) {
policy.Spec.PodSelector = targetSelector policy.Spec.PodSelector = targetSelector