- 
                Notifications
    You must be signed in to change notification settings 
- Fork 141
          Add CEL validation test for targetRef in ClientSettingsPolicy
          #3623
        
          New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
          
     Merged
      
        
      
    
  
     Merged
                    Changes from 60 commits
      Commits
    
    
            Show all changes
          
          
            62 commits
          
        
        Select commit
          Hold shift + click to select a range
      
      dbb5b5c
              
                Add CEL validation test for targetRef in ClientSettingsPolicy
              
              
                shaun-nx 48ec86b
              
                gofumpt
              
              
                shaun-nx c7129bd
              
                Add tests for targetRefGroup
              
              
                shaun-nx 87a4e0e
              
                Rename tests
              
              
                shaun-nx 29f201e
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx d921ed2
              
                Move tests into clientsettingspolicy_test.go
              
              
                shaun-nx f22269a
              
                Update tests to create a ClientSettingsPolicy resource during tests
              
              
                shaun-nx 7fddffa
              
                make lint in tests
              
              
                shaun-nx dd66a79
              
                Update tests to create a ClientSettingsPolicy object during validation
              
              
                shaun-nx d664f35
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx cd9bada
              
                Update TargetRegGroup tests
              
              
                shaun-nx 7d9989d
              
                Fix lint errors
              
              
                shaun-nx 9274e57
              
                Group valid and invalid test cases into single test function
              
              
                shaun-nx 506b01c
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx f99ab29
              
                Revert dependency version
              
              
                shaun-nx ad80b70
              
                Move imports
              
              
                shaun-nx e5479fb
              
                Define constants for Kinds and Groups
              
              
                shaun-nx 1789701
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx aa4a6b2
              
                Use controller-runtime library to get cluster information
              
              
                shaun-nx 8f74214
              
                Add Makefile targets to run CEL test and re format test
              
              
                shaun-nx 4486bd5
              
                Ensure TestClientSettingsPoliciesTargetRefKind and TestClientSettings…
              
              
                shaun-nx 1adf168
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx 7c6dba4
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx 69f485b
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx 1ad24c4
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx aa5adc6
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx 29f26ef
              
                Update test to use `gomega` test library
              
              
                shaun-nx f26eea3
              
                Add ci workflow job for cel tests
              
              
                shaun-nx efa4a81
              
                Add new line
              
              
                shaun-nx d25661a
              
                Add `Deploy Kubernetes` step
              
              
                shaun-nx c413895
              
                Add step to apply CRDs in cel-tests CI job
              
              
                shaun-nx 9962e03
              
                Add `--server-side` to apply command
              
              
                shaun-nx feca4ed
              
                Add `working-directory` to test run and remove code coverage steps
              
              
                shaun-nx 8d84e7b
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx ddce60f
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx d518ada
              
                Add t.Parallel()
              
              
                shaun-nx 39a6b38
              
                Use g.Expect for errors and ensure unique policy names
              
              
                shaun-nx 5079c21
              
                Return and assert errors from `getKubernetesClient`
              
              
                shaun-nx ce0960b
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx 248df53
              
                Remove nil error checks
              
              
                shaun-nx c5860e2
              
                Create and return client on same line
              
              
                shaun-nx 83139ce
              
                Use `rand.Prime` to attempt to keep policy names unique for each para…
              
              
                shaun-nx a4e58ee
              
                Remove unused dependency
              
              
                shaun-nx 339e6b8
              
                Fix imports
              
              
                shaun-nx 716d051
              
                Add helper functions to gernated unique resource names
              
              
                shaun-nx d273281
              
                Move `getKubernetesClient` function to helpers
              
              
                shaun-nx 4a6e84e
              
                Fix test failures
              
              
                shaun-nx 66b7105
              
                Update `TestMustCreateKubernetesClient` to only assert client creation
              
              
                shaun-nx 510aac1
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx c45403a
              
                Remove test for creating kubernetes cluster
              
              
                shaun-nx e284740
              
                Add common finctions for cel tests
              
              
                shaun-nx 06adc0e
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx cb43b52
              
                Move common constatns to `common.go` and add v1alpha2 to client schema
              
              
                shaun-nx 9217339
              
                Move helper functions to common.go and add tests
              
              
                shaun-nx f30f117
              
                unexport consnts and functions in cel common file
              
              
                shaun-nx e18b9dc
              
                unexport randomPrimeNumber and uniqueResourceName
              
              
                shaun-nx 869a091
              
                Fix casing in comments
              
              
                shaun-nx 92caf12
              
                Remove duplicate error checks
              
              
                shaun-nx 81fd868
              
                Initialise ginko and k8sClient at the start of each test
              
              
                shaun-nx 94a8dd0
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx 801d2f3
              
                Merge branch 'main' into tests/cel-clientsettingspolicies
              
              
                shaun-nx 37c85d2
              
                Add timeout to k8sClient Create
              
              
                shaun-nx File filter
Filter by extension
Conversations
          Failed to load comments.   
        
        
          
      Loading
        
  Jump to
        
          Jump to file
        
      
      
          Failed to load files.   
        
        
          
      Loading
        
  Diff view
Diff view
There are no files selected for viewing
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
              | Original file line number | Diff line number | Diff line change | 
|---|---|---|
| @@ -0,0 +1,166 @@ | ||
| package cel | ||
|  | ||
| import ( | ||
| "context" | ||
| "testing" | ||
|  | ||
| . "github.com/onsi/gomega" | ||
| controllerruntime "sigs.k8s.io/controller-runtime" | ||
| "sigs.k8s.io/controller-runtime/pkg/client" | ||
| gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" | ||
|  | ||
| ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" | ||
| ) | ||
|  | ||
| func TestClientSettingsPoliciesTargetRefKind(t *testing.T) { | ||
|         
                  shaun-nx marked this conversation as resolved.
              Show resolved
            Hide resolved | ||
| t.Parallel() | ||
| g := NewWithT(t) | ||
| k8sClient, err := getKubernetesClient(t) | ||
| g.Expect(err).ToNot(HaveOccurred()) | ||
| tests := []struct { | ||
| policySpec ngfAPIv1alpha1.ClientSettingsPolicySpec | ||
| name string | ||
| wantErrors []string | ||
| }{ | ||
| { | ||
| name: "Validate TargetRef of kind Gateway is allowed", | ||
| policySpec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ | ||
| TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ | ||
| Kind: gatewayKind, | ||
| Group: gatewayGroup, | ||
| }, | ||
| }, | ||
| }, | ||
| { | ||
| name: "Validate TargetRef of kind HTTPRoute is allowed", | ||
| policySpec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ | ||
| TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ | ||
| Kind: httpRouteKind, | ||
| Group: gatewayGroup, | ||
| }, | ||
| }, | ||
| }, | ||
| { | ||
| name: "Validate TargetRef of kind GRPCRoute is allowed", | ||
| policySpec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ | ||
| TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ | ||
| Kind: grpcRouteKind, | ||
| Group: gatewayGroup, | ||
| }, | ||
| }, | ||
| }, | ||
| { | ||
| name: "Validate Invalid TargetRef Kind is not allowed", | ||
| wantErrors: []string{expectedTargetRefKindError}, | ||
| policySpec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ | ||
| TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ | ||
| Kind: invalidKind, | ||
| Group: gatewayGroup, | ||
| }, | ||
| }, | ||
| }, | ||
| { | ||
| name: "Validate TCPRoute TargetRef Kind is not allowed", | ||
| wantErrors: []string{expectedTargetRefKindError}, | ||
| policySpec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ | ||
| TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ | ||
| Kind: tcpRouteKind, | ||
| Group: gatewayGroup, | ||
| }, | ||
| }, | ||
| }, | ||
| } | ||
|  | ||
| for _, tt := range tests { | ||
| t.Run(tt.name, func(t *testing.T) { | ||
| t.Parallel() | ||
| validateClientSettingsPolicy(t, tt, g, k8sClient) | ||
| }) | ||
| } | ||
| } | ||
|  | ||
| func TestClientSettingsPoliciesTargetRefGroup(t *testing.T) { | ||
| t.Parallel() | ||
| g := NewWithT(t) | ||
| k8sClient, err := getKubernetesClient(t) | ||
| g.Expect(err).ToNot(HaveOccurred()) | ||
|         
                  sjberman marked this conversation as resolved.
              Show resolved
            Hide resolved | ||
| tests := []struct { | ||
| policySpec ngfAPIv1alpha1.ClientSettingsPolicySpec | ||
| name string | ||
| wantErrors []string | ||
| }{ | ||
| { | ||
| name: "Validate gateway.networking.k8s.io TargetRef Group is allowed", | ||
| policySpec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ | ||
| TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ | ||
| Kind: gatewayKind, | ||
| Group: gatewayGroup, | ||
| }, | ||
| }, | ||
| }, | ||
| { | ||
| name: "Validate invalid.networking.k8s.io TargetRef Group is not allowed", | ||
| wantErrors: []string{expectedTargetRefGroupError}, | ||
| policySpec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ | ||
| TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ | ||
| Kind: gatewayKind, | ||
| Group: invalidGroup, | ||
| }, | ||
| }, | ||
| }, | ||
| { | ||
| name: "Validate discovery.k8s.io/v1 TargetRef Group is not allowed", | ||
| wantErrors: []string{expectedTargetRefGroupError}, | ||
| policySpec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ | ||
| TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ | ||
| Kind: gatewayKind, | ||
| Group: discoveryGroup, | ||
| }, | ||
| }, | ||
| }, | ||
| } | ||
|  | ||
| for _, tt := range tests { | ||
| t.Run(tt.name, func(t *testing.T) { | ||
| t.Parallel() | ||
| validateClientSettingsPolicy(t, tt, g, k8sClient) | ||
| }) | ||
| } | ||
| } | ||
|  | ||
| func validateClientSettingsPolicy(t *testing.T, tt struct { | ||
|         
                  shaun-nx marked this conversation as resolved.
              Show resolved
            Hide resolved | ||
| policySpec ngfAPIv1alpha1.ClientSettingsPolicySpec | ||
| name string | ||
| wantErrors []string | ||
| }, g *WithT, k8sClient client.Client, | ||
| ) { | ||
| t.Helper() | ||
|         
                  sjberman marked this conversation as resolved.
              Show resolved
            Hide resolved | ||
|  | ||
| policySpec := tt.policySpec | ||
| policySpec.TargetRef.Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) | ||
| policyName := uniqueResourceName(testPolicyName) | ||
|  | ||
| clientSettingsPolicy := &ngfAPIv1alpha1.ClientSettingsPolicy{ | ||
| ObjectMeta: controllerruntime.ObjectMeta{ | ||
| Name: policyName, | ||
| Namespace: defaultNamespace, | ||
| }, | ||
| Spec: policySpec, | ||
| } | ||
|  | ||
| err := k8sClient.Create(context.Background(), clientSettingsPolicy) | ||
|         
                  sarthyparty marked this conversation as resolved.
              Outdated
          
            Show resolved
            Hide resolved         
                  shaun-nx marked this conversation as resolved.
              Outdated
          
            Show resolved
            Hide resolved | ||
|  | ||
| // Clean up after test | ||
| defer func() { | ||
| _ = k8sClient.Delete(context.Background(), clientSettingsPolicy) | ||
| }() | ||
|  | ||
| if len(tt.wantErrors) == 0 { | ||
| g.Expect(err).ToNot(HaveOccurred()) | ||
| } else { | ||
| g.Expect(err).To(HaveOccurred()) | ||
| for _, wantError := range tt.wantErrors { | ||
| g.Expect(err.Error()).To(ContainSubstring(wantError), "Expected error '%s' not found in: %s", wantError, err.Error()) | ||
| } | ||
| } | ||
| } | ||
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              | Original file line number | Diff line number | Diff line change | 
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| package cel | ||
|  | ||
| import ( | ||
| "crypto/rand" | ||
| "fmt" | ||
| "testing" | ||
|  | ||
| "k8s.io/apimachinery/pkg/runtime" | ||
| controllerruntime "sigs.k8s.io/controller-runtime" | ||
| "sigs.k8s.io/controller-runtime/pkg/client" | ||
|  | ||
| ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" | ||
| ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" | ||
| ) | ||
|  | ||
| const ( | ||
| gatewayKind = "Gateway" | ||
| httpRouteKind = "HTTPRoute" | ||
| grpcRouteKind = "GRPCRoute" | ||
| tcpRouteKind = "TCPRoute" | ||
| invalidKind = "InvalidKind" | ||
| ) | ||
|  | ||
| const ( | ||
| gatewayGroup = "gateway.networking.k8s.io" | ||
| invalidGroup = "invalid.networking.k8s.io" | ||
| discoveryGroup = "discovery.k8s.io/v1" | ||
| ) | ||
|  | ||
| const ( | ||
| expectedTargetRefKindError = `TargetRef Kind must be one of: Gateway, HTTPRoute, or GRPCRoute` | ||
| expectedTargetRefGroupError = `TargetRef Group must be gateway.networking.k8s.io.` | ||
| ) | ||
|  | ||
| const ( | ||
| defaultNamespace = "default" | ||
| ) | ||
|  | ||
| const ( | ||
| testPolicyName = "test-policy" | ||
| testTargetRefName = "test-targetRef" | ||
| ) | ||
|  | ||
| // getKubernetesClient returns a client connected to a real Kubernetes cluster. | ||
| func getKubernetesClient(t *testing.T) (k8sClient client.Client, err error) { | ||
| t.Helper() | ||
| // Use controller-runtime to get cluster connection | ||
| k8sConfig, err := controllerruntime.GetConfig() | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|  | ||
| // Set up scheme with NGF types | ||
| scheme := runtime.NewScheme() | ||
| if err = ngfAPIv1alpha1.AddToScheme(scheme); err != nil { | ||
| return nil, err | ||
| } | ||
| if err = ngfAPIv1alpha2.AddToScheme(scheme); err != nil { | ||
| return nil, err | ||
| } | ||
| // Create a new client with the scheme and return it | ||
| return client.New(k8sConfig, client.Options{Scheme: scheme}) | ||
| } | ||
|  | ||
| // randomPrimeNumber generates a random prime number of 64 bits. | ||
| // It panics if it fails to generate a random prime number. | ||
| func randomPrimeNumber() int64 { | ||
| primeNum, err := rand.Prime(rand.Reader, 64) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to generate random prime number: %w", err)) | ||
| } | ||
| return primeNum.Int64() | ||
| } | ||
|  | ||
| // uniqueResourceName generates a unique resource name by appending a random prime number to the given name. | ||
| func uniqueResourceName(name string) string { | ||
| return fmt.Sprintf("%s-%d", name, randomPrimeNumber()) | ||
| } | 
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              | Original file line number | Diff line number | Diff line change | 
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| package cel | ||
|  | ||
| import ( | ||
| "testing" | ||
|  | ||
| . "github.com/onsi/gomega" | ||
| ) | ||
|  | ||
| func TestMustGenerateRandomPrimeNumber(t *testing.T) { | ||
| t.Parallel() | ||
| g := NewWithT(t) | ||
| g.Expect(func() { | ||
| _ = randomPrimeNumber() | ||
| }).ToNot(Panic()) | ||
| } | ||
|  | ||
| func TestMustReturnUniqueResourceName(t *testing.T) { | ||
| t.Parallel() | ||
| g := NewWithT(t) | ||
|  | ||
| name := "test-resource" | ||
| uniqueName := uniqueResourceName(name) | ||
|  | ||
| g.Expect(uniqueName).To(HavePrefix(name)) | ||
| g.Expect(len(uniqueName)).To(BeNumerically(">", len(name))) | ||
| } | 
      
      Oops, something went wrong.
        
    
  
  Add this suggestion to a batch that can be applied as a single commit.
  This suggestion is invalid because no changes were made to the code.
  Suggestions cannot be applied while the pull request is closed.
  Suggestions cannot be applied while viewing a subset of changes.
  Only one suggestion per line can be applied in a batch.
  Add this suggestion to a batch that can be applied as a single commit.
  Applying suggestions on deleted lines is not supported.
  You must change the existing code in this line in order to create a valid suggestion.
  Outdated suggestions cannot be applied.
  This suggestion has been applied or marked resolved.
  Suggestions cannot be applied from pending reviews.
  Suggestions cannot be applied on multi-line comments.
  Suggestions cannot be applied while the pull request is queued to merge.
  Suggestion cannot be applied right now. Please check back later.
  
    
  
    
Uh oh!
There was an error while loading. Please reload this page.