Skip to content

Commit a2d413f

Browse files
rayaisaiahrayaisaiah
committed
added complete UTs for GetEndportNetworkPolicies, GetCIDRNetworkPolicies, and GetEgressPolicies
1 parent 1b64afb commit a2d413f

File tree

1 file changed

+244
-12
lines changed

1 file changed

+244
-12
lines changed

tools/azure-npm-to-cilium-validator/azure-npm-to-cilium-validator_test.go

Lines changed: 244 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,18 @@ func TestGetEndportNetworkPolicies(t *testing.T) {
117117
name: "Multiple polices in a namespace with ingress or egress endport",
118118
policiesByNamespace: map[string][]*networkingv1.NetworkPolicy{
119119
"namespace1": {
120+
{
121+
ObjectMeta: metav1.ObjectMeta{Name: "ingress-endport-policy"},
122+
Spec: networkingv1.NetworkPolicySpec{
123+
Ingress: []networkingv1.NetworkPolicyIngressRule{
124+
{
125+
Ports: []networkingv1.NetworkPolicyPort{
126+
{Port: intstrPtr(intstr.FromInt(80)), EndPort: int32Ptr(90)},
127+
},
128+
},
129+
},
130+
},
131+
},
120132
{
121133
ObjectMeta: metav1.ObjectMeta{Name: "egress-endport-policy"},
122134
Spec: networkingv1.NetworkPolicySpec{
@@ -150,17 +162,17 @@ func TestGetEndportNetworkPolicies(t *testing.T) {
150162
},
151163
},
152164
},
153-
expectedIngressEndportPolicies: []string{"namespace1/ingress-and-egress-endport-policy"},
165+
expectedIngressEndportPolicies: []string{"namespace1/ingress-endport-policy", "namespace1/ingress-and-egress-endport-policy"},
154166
expectedEgressEndportPolicies: []string{"namespace1/egress-endport-policy", "namespace1/ingress-and-egress-endport-policy"},
155167
},
156168
{
157169
name: "Multiple polices in multiple namespaces with ingress or egress endport or no endport",
158170
policiesByNamespace: map[string][]*networkingv1.NetworkPolicy{
159171
"namespace1": {
160172
{
161-
ObjectMeta: metav1.ObjectMeta{Name: "egress-endport-policy"},
173+
ObjectMeta: metav1.ObjectMeta{Name: "ingress-endport-policy"},
162174
Spec: networkingv1.NetworkPolicySpec{
163-
Egress: []networkingv1.NetworkPolicyEgressRule{
175+
Ingress: []networkingv1.NetworkPolicyIngressRule{
164176
{
165177
Ports: []networkingv1.NetworkPolicyPort{
166178
{Port: intstrPtr(intstr.FromInt(80)), EndPort: int32Ptr(90)},
@@ -191,9 +203,9 @@ func TestGetEndportNetworkPolicies(t *testing.T) {
191203
},
192204
"namespace2": {
193205
{
194-
ObjectMeta: metav1.ObjectMeta{Name: "ingress-endport-policy"},
206+
ObjectMeta: metav1.ObjectMeta{Name: "egress-endport-policy"},
195207
Spec: networkingv1.NetworkPolicySpec{
196-
Ingress: []networkingv1.NetworkPolicyIngressRule{
208+
Egress: []networkingv1.NetworkPolicyEgressRule{
197209
{
198210
Ports: []networkingv1.NetworkPolicyPort{
199211
{Port: intstrPtr(intstr.FromInt(80)), EndPort: int32Ptr(90)},
@@ -202,6 +214,18 @@ func TestGetEndportNetworkPolicies(t *testing.T) {
202214
},
203215
},
204216
},
217+
{
218+
ObjectMeta: metav1.ObjectMeta{Name: "no-endport-policy"},
219+
Spec: networkingv1.NetworkPolicySpec{
220+
Ingress: []networkingv1.NetworkPolicyIngressRule{
221+
{
222+
Ports: []networkingv1.NetworkPolicyPort{
223+
{Port: intstrPtr(intstr.FromInt(80))},
224+
},
225+
},
226+
},
227+
},
228+
},
205229
},
206230
"namespace3": {
207231
{
@@ -218,8 +242,8 @@ func TestGetEndportNetworkPolicies(t *testing.T) {
218242
},
219243
},
220244
},
221-
expectedIngressEndportPolicies: []string{"namespace1/ingress-and-egress-endport-policy", "namespace2/ingress-endport-policy"},
222-
expectedEgressEndportPolicies: []string{"namespace1/egress-endport-policy", "namespace1/ingress-and-egress-endport-policy"},
245+
expectedIngressEndportPolicies: []string{"namespace1/ingress-endport-policy", "namespace1/ingress-and-egress-endport-policy"},
246+
expectedEgressEndportPolicies: []string{"namespace1/ingress-and-egress-endport-policy", "namespace2/egress-endport-policy"},
223247
},
224248
}
225249

@@ -341,7 +365,7 @@ func TestGetCIDRNetworkPolicies(t *testing.T) {
341365
expectedEgressCIDRPolicies: []string{"namespace1/ingress-and-egress-cidr-policy"},
342366
},
343367
{
344-
name: "Multiple namespaces and policies",
368+
name: "Multiple polices in a namespace with ingress or egress CIDR",
345369
policiesByNamespace: map[string][]*networkingv1.NetworkPolicy{
346370
"namespace1": {
347371
{
@@ -356,6 +380,77 @@ func TestGetCIDRNetworkPolicies(t *testing.T) {
356380
},
357381
},
358382
},
383+
{
384+
ObjectMeta: metav1.ObjectMeta{Name: "egress-cidr-policy"},
385+
Spec: networkingv1.NetworkPolicySpec{
386+
Egress: []networkingv1.NetworkPolicyEgressRule{
387+
{
388+
To: []networkingv1.NetworkPolicyPeer{
389+
{IPBlock: &networkingv1.IPBlock{CIDR: "192.168.0.0/16"}},
390+
},
391+
},
392+
},
393+
},
394+
},
395+
{
396+
ObjectMeta: metav1.ObjectMeta{Name: "ingress-and-egress-cidr-policy"},
397+
Spec: networkingv1.NetworkPolicySpec{
398+
Ingress: []networkingv1.NetworkPolicyIngressRule{
399+
{
400+
From: []networkingv1.NetworkPolicyPeer{
401+
{IPBlock: &networkingv1.IPBlock{CIDR: "192.168.0.0/16"}},
402+
},
403+
},
404+
},
405+
Egress: []networkingv1.NetworkPolicyEgressRule{
406+
{
407+
To: []networkingv1.NetworkPolicyPeer{
408+
{IPBlock: &networkingv1.IPBlock{CIDR: "192.168.0.0/16"}},
409+
},
410+
},
411+
},
412+
},
413+
},
414+
},
415+
},
416+
expectedIngressCIDRPolicies: []string{"namespace1/ingress-cidr-policy", "namespace1/ingress-and-egress-cidr-policy"},
417+
expectedEgressCIDRPolicies: []string{"namespace1/egress-cidr-policy", "namespace1/ingress-and-egress-cidr-policy"},
418+
},
419+
{
420+
name: "Multiple polices in multiple namespaces with ingress or egress CIDR or no CIDR",
421+
policiesByNamespace: map[string][]*networkingv1.NetworkPolicy{
422+
"namespace1": {
423+
{
424+
ObjectMeta: metav1.ObjectMeta{Name: "ingress-cidr-policy"},
425+
Spec: networkingv1.NetworkPolicySpec{
426+
Ingress: []networkingv1.NetworkPolicyIngressRule{
427+
{
428+
From: []networkingv1.NetworkPolicyPeer{
429+
{IPBlock: &networkingv1.IPBlock{CIDR: "192.168.0.0/16"}},
430+
},
431+
},
432+
},
433+
},
434+
},
435+
{
436+
ObjectMeta: metav1.ObjectMeta{Name: "ingress-and-egress-cidr-policy"},
437+
Spec: networkingv1.NetworkPolicySpec{
438+
Ingress: []networkingv1.NetworkPolicyIngressRule{
439+
{
440+
From: []networkingv1.NetworkPolicyPeer{
441+
{IPBlock: &networkingv1.IPBlock{CIDR: "192.168.0.0/16"}},
442+
},
443+
},
444+
},
445+
Egress: []networkingv1.NetworkPolicyEgressRule{
446+
{
447+
To: []networkingv1.NetworkPolicyPeer{
448+
{IPBlock: &networkingv1.IPBlock{CIDR: "192.168.0.0/16"}},
449+
},
450+
},
451+
},
452+
},
453+
},
359454
},
360455
"namespace2": {
361456
{
@@ -370,10 +465,36 @@ func TestGetCIDRNetworkPolicies(t *testing.T) {
370465
},
371466
},
372467
},
468+
{
469+
ObjectMeta: metav1.ObjectMeta{Name: "no-cidr-policy"},
470+
Spec: networkingv1.NetworkPolicySpec{
471+
Ingress: []networkingv1.NetworkPolicyIngressRule{
472+
{
473+
From: []networkingv1.NetworkPolicyPeer{
474+
{PodSelector: &metav1.LabelSelector{}},
475+
},
476+
},
477+
},
478+
},
479+
},
480+
},
481+
"namespace3": {
482+
{
483+
ObjectMeta: metav1.ObjectMeta{Name: "no-cidr-policy"},
484+
Spec: networkingv1.NetworkPolicySpec{
485+
Ingress: []networkingv1.NetworkPolicyIngressRule{
486+
{
487+
From: []networkingv1.NetworkPolicyPeer{
488+
{PodSelector: &metav1.LabelSelector{}},
489+
},
490+
},
491+
},
492+
},
493+
},
373494
},
374495
},
375-
expectedIngressCIDRPolicies: []string{"namespace1/ingress-cidr-policy"},
376-
expectedEgressCIDRPolicies: []string{"namespace2/egress-cidr-policy"},
496+
expectedIngressCIDRPolicies: []string{"namespace1/ingress-cidr-policy", "namespace1/ingress-and-egress-cidr-policy"},
497+
expectedEgressCIDRPolicies: []string{"namespace2/egress-cidr-policy", "namespace1/ingress-and-egress-cidr-policy"},
377498
},
378499
}
379500

@@ -516,7 +637,7 @@ func TestGetEgressPolicies(t *testing.T) {
516637
expectedEgressPolicies: []string{"namespace1/egress-to-and-ports-policy"},
517638
},
518639
{
519-
name: "Multiple namespaces and policies",
640+
name: "Multiple egress polices in a namespace with To or Port fields",
520641
policiesByNamespace: map[string][]*networkingv1.NetworkPolicy{
521642
"namespace1": {
522643
{
@@ -531,6 +652,68 @@ func TestGetEgressPolicies(t *testing.T) {
531652
},
532653
},
533654
},
655+
{
656+
ObjectMeta: metav1.ObjectMeta{Name: "egress-ports-policy"},
657+
Spec: networkingv1.NetworkPolicySpec{
658+
Egress: []networkingv1.NetworkPolicyEgressRule{
659+
{
660+
Ports: []networkingv1.NetworkPolicyPort{
661+
{Port: intstrPtr(intstr.FromInt(80))},
662+
},
663+
},
664+
},
665+
},
666+
},
667+
{
668+
ObjectMeta: metav1.ObjectMeta{Name: "egress-to-and-ports-policy"},
669+
Spec: networkingv1.NetworkPolicySpec{
670+
Egress: []networkingv1.NetworkPolicyEgressRule{
671+
{
672+
To: []networkingv1.NetworkPolicyPeer{
673+
{PodSelector: &metav1.LabelSelector{}},
674+
},
675+
Ports: []networkingv1.NetworkPolicyPort{
676+
{Port: intstrPtr(intstr.FromInt(80))},
677+
},
678+
},
679+
},
680+
},
681+
},
682+
},
683+
},
684+
expectedEgressPolicies: []string{"namespace1/egress-to-policy", "namespace1/egress-ports-policy", "namespace1/egress-to-and-ports-policy"},
685+
},
686+
{
687+
name: "Multiple egresss polices in multiple namespaces with To or Port fields or no egress",
688+
policiesByNamespace: map[string][]*networkingv1.NetworkPolicy{
689+
"namespace1": {
690+
{
691+
ObjectMeta: metav1.ObjectMeta{Name: "egress-to-policy"},
692+
Spec: networkingv1.NetworkPolicySpec{
693+
Egress: []networkingv1.NetworkPolicyEgressRule{
694+
{
695+
To: []networkingv1.NetworkPolicyPeer{
696+
{PodSelector: &metav1.LabelSelector{}},
697+
},
698+
},
699+
},
700+
},
701+
},
702+
{
703+
ObjectMeta: metav1.ObjectMeta{Name: "egress-to-and-ports-policy"},
704+
Spec: networkingv1.NetworkPolicySpec{
705+
Egress: []networkingv1.NetworkPolicyEgressRule{
706+
{
707+
To: []networkingv1.NetworkPolicyPeer{
708+
{PodSelector: &metav1.LabelSelector{}},
709+
},
710+
Ports: []networkingv1.NetworkPolicyPort{
711+
{Port: intstrPtr(intstr.FromInt(80))},
712+
},
713+
},
714+
},
715+
},
716+
},
534717
},
535718
"namespace2": {
536719
{
@@ -545,9 +728,58 @@ func TestGetEgressPolicies(t *testing.T) {
545728
},
546729
},
547730
},
731+
{
732+
ObjectMeta: metav1.ObjectMeta{Name: "no-egress-policy"},
733+
Spec: networkingv1.NetworkPolicySpec{
734+
Ingress: []networkingv1.NetworkPolicyIngressRule{
735+
{
736+
From: []networkingv1.NetworkPolicyPeer{
737+
{PodSelector: &metav1.LabelSelector{}},
738+
},
739+
},
740+
},
741+
},
742+
},
743+
},
744+
"namespace3": {
745+
{
746+
ObjectMeta: metav1.ObjectMeta{Name: "egress-to-policy"},
747+
Spec: networkingv1.NetworkPolicySpec{
748+
Egress: []networkingv1.NetworkPolicyEgressRule{
749+
{
750+
To: []networkingv1.NetworkPolicyPeer{
751+
{PodSelector: &metav1.LabelSelector{}},
752+
},
753+
},
754+
},
755+
},
756+
},
757+
{
758+
ObjectMeta: metav1.ObjectMeta{Name: "allow-all-egress-policy"},
759+
Spec: networkingv1.NetworkPolicySpec{
760+
PolicyTypes: []networkingv1.PolicyType{"Egress"},
761+
Egress: []networkingv1.NetworkPolicyEgressRule{
762+
{},
763+
},
764+
},
765+
},
766+
},
767+
"namespace4": {
768+
{
769+
ObjectMeta: metav1.ObjectMeta{Name: "no-egress-policy"},
770+
Spec: networkingv1.NetworkPolicySpec{
771+
Ingress: []networkingv1.NetworkPolicyIngressRule{
772+
{
773+
From: []networkingv1.NetworkPolicyPeer{
774+
{PodSelector: &metav1.LabelSelector{}},
775+
},
776+
},
777+
},
778+
},
779+
},
548780
},
549781
},
550-
expectedEgressPolicies: []string{"namespace1/egress-to-policy", "namespace2/egress-ports-policy"},
782+
expectedEgressPolicies: []string{"namespace1/egress-to-policy", "namespace1/egress-to-and-ports-policy", "namespace2/egress-ports-policy", "namespace3/egress-to-policy"},
551783
},
552784
}
553785

0 commit comments

Comments
 (0)