|
| 1 | +// Licensed to the Apache Software Foundation (ASF) under one or more |
| 2 | +// contributor license agreements. See the NOTICE file distributed with |
| 3 | +// this work for additional information regarding copyright ownership. |
| 4 | +// The ASF licenses this file to You under the Apache License, Version 2.0 |
| 5 | +// (the "License"); you may not use this file except in compliance with |
| 6 | +// the License. You may obtain a copy of the License at |
| 7 | +// |
| 8 | +// http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +// |
| 10 | +// Unless required by applicable law or agreed to in writing, software |
| 11 | +// distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | +// See the License for the specific language governing permissions and |
| 14 | +// limitations under the License. |
| 15 | + |
| 16 | +package plugins |
| 17 | + |
| 18 | +import ( |
| 19 | + "testing" |
| 20 | + |
| 21 | + "github.com/stretchr/testify/assert" |
| 22 | + |
| 23 | + adctypes "github.com/apache/apisix-ingress-controller/api/adc" |
| 24 | + "github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations" |
| 25 | +) |
| 26 | + |
| 27 | +func TestIPRestrictionHandler(t *testing.T) { |
| 28 | + // Test with allowlist only |
| 29 | + anno := map[string]string{ |
| 30 | + annotations.AnnotationsAllowlistSourceRange: "10.2.2.2,192.168.0.0/16", |
| 31 | + } |
| 32 | + p := NewIPRestrictionHandler() |
| 33 | + out, err := p.Handle(annotations.NewExtractor(anno)) |
| 34 | + assert.Nil(t, err, "checking given error") |
| 35 | + assert.NotNil(t, out, "checking output is not nil") |
| 36 | + config := out.(*adctypes.IPRestrictConfig) |
| 37 | + assert.Len(t, config.Allowlist, 2, "checking size of allowlist") |
| 38 | + assert.Equal(t, "10.2.2.2", config.Allowlist[0]) |
| 39 | + assert.Equal(t, "192.168.0.0/16", config.Allowlist[1]) |
| 40 | + assert.Nil(t, config.Blocklist, "checking blocklist is nil") |
| 41 | + assert.Equal(t, "ip-restriction", p.PluginName()) |
| 42 | + |
| 43 | + // Test with both allowlist and blocklist |
| 44 | + anno[annotations.AnnotationsBlocklistSourceRange] = "172.17.0.0/16,127.0.0.1" |
| 45 | + out, err = p.Handle(annotations.NewExtractor(anno)) |
| 46 | + assert.Nil(t, err, "checking given error") |
| 47 | + assert.NotNil(t, out, "checking output is not nil") |
| 48 | + config = out.(*adctypes.IPRestrictConfig) |
| 49 | + assert.Len(t, config.Allowlist, 2, "checking size of allowlist") |
| 50 | + assert.Equal(t, "10.2.2.2", config.Allowlist[0]) |
| 51 | + assert.Equal(t, "192.168.0.0/16", config.Allowlist[1]) |
| 52 | + assert.Len(t, config.Blocklist, 2, "checking size of blocklist") |
| 53 | + assert.Equal(t, "172.17.0.0/16", config.Blocklist[0]) |
| 54 | + assert.Equal(t, "127.0.0.1", config.Blocklist[1]) |
| 55 | + |
| 56 | + // Test with blocklist only |
| 57 | + delete(anno, annotations.AnnotationsAllowlistSourceRange) |
| 58 | + out, err = p.Handle(annotations.NewExtractor(anno)) |
| 59 | + assert.Nil(t, err, "checking given error") |
| 60 | + assert.NotNil(t, out, "checking output is not nil") |
| 61 | + config = out.(*adctypes.IPRestrictConfig) |
| 62 | + assert.Nil(t, config.Allowlist, "checking allowlist is nil") |
| 63 | + assert.Len(t, config.Blocklist, 2, "checking size of blocklist") |
| 64 | + assert.Equal(t, "172.17.0.0/16", config.Blocklist[0]) |
| 65 | + assert.Equal(t, "127.0.0.1", config.Blocklist[1]) |
| 66 | + |
| 67 | + // Test with neither allowlist nor blocklist |
| 68 | + delete(anno, annotations.AnnotationsBlocklistSourceRange) |
| 69 | + out, err = p.Handle(annotations.NewExtractor(anno)) |
| 70 | + assert.Nil(t, err, "checking given error") |
| 71 | + assert.Nil(t, out, "checking the given ip-restriction plugin config is nil") |
| 72 | +} |
0 commit comments