Skip to content

test: add create endpoint info policy test #3141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 13, 2024
Merged

test: add create endpoint info policy test #3141

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
126 changes: 126 additions & 0 deletions cni/network/network_windows_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -899,6 +899,38 @@ func GetTestCNSResponseSecondaryWindows(macAddress string) map[string]network.In
}
}

func GetRawACLPolicy() (ret json.RawMessage) {
var data map[string]interface{}
formatted := []byte(`{
"Type": "ACL",
"Protocols": "6",
"Action": "Block",
"Direction": "Out",
"RemoteAddresses": "168.63.129.16/32",
"RemotePorts": "80",
"Priority": 200,
"RuleType": "Switch"
}`)
json.Unmarshal(formatted, &data) // nolint
minified, _ := json.Marshal(data) // nolint
ret = json.RawMessage(minified)
return ret
}

func GetRawOutBoundNATPolicy() (ret json.RawMessage) {
var data map[string]interface{}
formatted := []byte(`{
"Type": "OutBoundNAT",
"ExceptionList": [
"10.224.0.0/16"
]
}`)
json.Unmarshal(formatted, &data) // nolint
minified, _ := json.Marshal(data) // nolint
ret = json.RawMessage(minified)
return ret
}

// Happy path scenario for add and delete
func TestPluginWindowsAdd(t *testing.T) {
resources := GetTestResources()
Expand All @@ -908,6 +940,20 @@ func TestPluginWindowsAdd(t *testing.T) {
MultiTenancy: true,
EnableExactMatchForPodName: true,
Master: "eth0",
// these are added to test that policies propagate to endpoint info
AdditionalArgs: []cni.KVPair{
{
Name: "EndpointPolicy",
Value: GetRawOutBoundNATPolicy(),
},
{
Name: "EndpointPolicy",
Value: GetRawACLPolicy(),
},
},
WindowsSettings: cni.WindowsSettings{ // included to test functionality
EnableLoopbackDSR: true,
},
}
nwCfg := cni.NetworkConfig{
CNIVersion: "0.3.0",
Expand Down Expand Up @@ -1002,6 +1048,31 @@ func TestPluginWindowsAdd(t *testing.T) {
Gateway: net.ParseIP("20.0.0.1"),
},
},
EndpointPolicies: []policy.Policy{
{
Type: policy.EndpointPolicy,
Data: GetRawOutBoundNATPolicy(),
},
{
Type: policy.EndpointPolicy,
Data: GetRawACLPolicy(),
},
{
Type: policy.EndpointPolicy,
// if enabled we create a loopback dsr policy based on the cns ip config
Data: json.RawMessage(`{"Type":"LoopbackDSR","IPAddress":"20.0.0.10"}`),
},
},
NetworkPolicies: []policy.Policy{
{
Type: policy.EndpointPolicy,
Data: GetRawOutBoundNATPolicy(),
},
{
Type: policy.EndpointPolicy,
Data: GetRawACLPolicy(),
},
},
},
epIDRegex: `.*`,
},
Expand Down Expand Up @@ -1047,6 +1118,30 @@ func TestPluginWindowsAdd(t *testing.T) {
Gateway: net.ParseIP("10.0.0.1"),
},
},
EndpointPolicies: []policy.Policy{
{
Type: policy.EndpointPolicy,
Data: GetRawOutBoundNATPolicy(),
},
{
Type: policy.EndpointPolicy,
Data: GetRawACLPolicy(),
},
{
Type: policy.EndpointPolicy,
Data: json.RawMessage(`{"Type":"LoopbackDSR","IPAddress":"10.0.0.10"}`),
},
},
NetworkPolicies: []policy.Policy{
{
Type: policy.EndpointPolicy,
Data: GetRawOutBoundNATPolicy(),
},
{
Type: policy.EndpointPolicy,
Data: GetRawACLPolicy(),
},
},
},
epIDRegex: `.*`,
},
Expand Down Expand Up @@ -1211,6 +1306,37 @@ func TestPluginWindowsAdd(t *testing.T) {
require.NoError(t, err)
}

// confirm separate entities
// that is, if one is modified, the other should not be modified
epInfos := []*network.EndpointInfo{}
for _, val := range allEndpoints {
epInfos = append(epInfos, val)
}
if len(epInfos) > 1 {
// ensure the endpoint data and options are separate entities when in separate endpoint infos
epInfo1 := epInfos[0]
epInfo2 := epInfos[1]
epInfo1.Data["dummy"] = "dummy value"
epInfo1.Options["dummy"] = "another dummy value"
require.NotEqual(t, epInfo1.Data, epInfo2.Data)
require.NotEqual(t, epInfo1.Options, epInfo2.Options)

// ensure the endpoint policy slices are separate entities when in separate endpoint infos
if len(epInfo1.EndpointPolicies) > 0 {
epInfo1.EndpointPolicies[0] = policy.Policy{
Type: policy.ACLPolicy,
}
require.NotEqual(t, epInfo1.EndpointPolicies, epInfo2.EndpointPolicies)
}
// ensure the network policy slices are separate entities when in separate endpoint infos
if len(epInfo1.NetworkPolicies) > 0 {
epInfo1.NetworkPolicies[0] = policy.Policy{
Type: policy.ACLPolicy,
}
require.NotEqual(t, epInfo1.NetworkPolicies, epInfo2.NetworkPolicies)
}
}

// ensure deleted
require.Empty(t, allEndpoints)
})
Expand Down
Loading