Skip to content

Commit 21708a1

Browse files
QxBytesQxBytes
authored
test: add create endpoint info policy test (Azure#3141)
1 parent 2a6e215 commit 21708a1

File tree

1 file changed

+126
-0
lines changed

1 file changed

+126
-0
lines changed

cni/network/network_windows_test.go

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -899,6 +899,38 @@ func GetTestCNSResponseSecondaryWindows(macAddress string) map[string]network.In
899899
}
900900
}
901901

902+
func GetRawACLPolicy() (ret json.RawMessage) {
903+
var data map[string]interface{}
904+
formatted := []byte(`{
905+
"Type": "ACL",
906+
"Protocols": "6",
907+
"Action": "Block",
908+
"Direction": "Out",
909+
"RemoteAddresses": "168.63.129.16/32",
910+
"RemotePorts": "80",
911+
"Priority": 200,
912+
"RuleType": "Switch"
913+
}`)
914+
json.Unmarshal(formatted, &data) // nolint
915+
minified, _ := json.Marshal(data) // nolint
916+
ret = json.RawMessage(minified)
917+
return ret
918+
}
919+
920+
func GetRawOutBoundNATPolicy() (ret json.RawMessage) {
921+
var data map[string]interface{}
922+
formatted := []byte(`{
923+
"Type": "OutBoundNAT",
924+
"ExceptionList": [
925+
"10.224.0.0/16"
926+
]
927+
}`)
928+
json.Unmarshal(formatted, &data) // nolint
929+
minified, _ := json.Marshal(data) // nolint
930+
ret = json.RawMessage(minified)
931+
return ret
932+
}
933+
902934
// Happy path scenario for add and delete
903935
func TestPluginWindowsAdd(t *testing.T) {
904936
resources := GetTestResources()
@@ -908,6 +940,20 @@ func TestPluginWindowsAdd(t *testing.T) {
908940
MultiTenancy: true,
909941
EnableExactMatchForPodName: true,
910942
Master: "eth0",
943+
// these are added to test that policies propagate to endpoint info
944+
AdditionalArgs: []cni.KVPair{
945+
{
946+
Name: "EndpointPolicy",
947+
Value: GetRawOutBoundNATPolicy(),
948+
},
949+
{
950+
Name: "EndpointPolicy",
951+
Value: GetRawACLPolicy(),
952+
},
953+
},
954+
WindowsSettings: cni.WindowsSettings{ // included to test functionality
955+
EnableLoopbackDSR: true,
956+
},
911957
}
912958
nwCfg := cni.NetworkConfig{
913959
CNIVersion: "0.3.0",
@@ -1002,6 +1048,31 @@ func TestPluginWindowsAdd(t *testing.T) {
10021048
Gateway: net.ParseIP("20.0.0.1"),
10031049
},
10041050
},
1051+
EndpointPolicies: []policy.Policy{
1052+
{
1053+
Type: policy.EndpointPolicy,
1054+
Data: GetRawOutBoundNATPolicy(),
1055+
},
1056+
{
1057+
Type: policy.EndpointPolicy,
1058+
Data: GetRawACLPolicy(),
1059+
},
1060+
{
1061+
Type: policy.EndpointPolicy,
1062+
// if enabled we create a loopback dsr policy based on the cns ip config
1063+
Data: json.RawMessage(`{"Type":"LoopbackDSR","IPAddress":"20.0.0.10"}`),
1064+
},
1065+
},
1066+
NetworkPolicies: []policy.Policy{
1067+
{
1068+
Type: policy.EndpointPolicy,
1069+
Data: GetRawOutBoundNATPolicy(),
1070+
},
1071+
{
1072+
Type: policy.EndpointPolicy,
1073+
Data: GetRawACLPolicy(),
1074+
},
1075+
},
10051076
},
10061077
epIDRegex: `.*`,
10071078
},
@@ -1047,6 +1118,30 @@ func TestPluginWindowsAdd(t *testing.T) {
10471118
Gateway: net.ParseIP("10.0.0.1"),
10481119
},
10491120
},
1121+
EndpointPolicies: []policy.Policy{
1122+
{
1123+
Type: policy.EndpointPolicy,
1124+
Data: GetRawOutBoundNATPolicy(),
1125+
},
1126+
{
1127+
Type: policy.EndpointPolicy,
1128+
Data: GetRawACLPolicy(),
1129+
},
1130+
{
1131+
Type: policy.EndpointPolicy,
1132+
Data: json.RawMessage(`{"Type":"LoopbackDSR","IPAddress":"10.0.0.10"}`),
1133+
},
1134+
},
1135+
NetworkPolicies: []policy.Policy{
1136+
{
1137+
Type: policy.EndpointPolicy,
1138+
Data: GetRawOutBoundNATPolicy(),
1139+
},
1140+
{
1141+
Type: policy.EndpointPolicy,
1142+
Data: GetRawACLPolicy(),
1143+
},
1144+
},
10501145
},
10511146
epIDRegex: `.*`,
10521147
},
@@ -1211,6 +1306,37 @@ func TestPluginWindowsAdd(t *testing.T) {
12111306
require.NoError(t, err)
12121307
}
12131308

1309+
// confirm separate entities
1310+
// that is, if one is modified, the other should not be modified
1311+
epInfos := []*network.EndpointInfo{}
1312+
for _, val := range allEndpoints {
1313+
epInfos = append(epInfos, val)
1314+
}
1315+
if len(epInfos) > 1 {
1316+
// ensure the endpoint data and options are separate entities when in separate endpoint infos
1317+
epInfo1 := epInfos[0]
1318+
epInfo2 := epInfos[1]
1319+
epInfo1.Data["dummy"] = "dummy value"
1320+
epInfo1.Options["dummy"] = "another dummy value"
1321+
require.NotEqual(t, epInfo1.Data, epInfo2.Data)
1322+
require.NotEqual(t, epInfo1.Options, epInfo2.Options)
1323+
1324+
// ensure the endpoint policy slices are separate entities when in separate endpoint infos
1325+
if len(epInfo1.EndpointPolicies) > 0 {
1326+
epInfo1.EndpointPolicies[0] = policy.Policy{
1327+
Type: policy.ACLPolicy,
1328+
}
1329+
require.NotEqual(t, epInfo1.EndpointPolicies, epInfo2.EndpointPolicies)
1330+
}
1331+
// ensure the network policy slices are separate entities when in separate endpoint infos
1332+
if len(epInfo1.NetworkPolicies) > 0 {
1333+
epInfo1.NetworkPolicies[0] = policy.Policy{
1334+
Type: policy.ACLPolicy,
1335+
}
1336+
require.NotEqual(t, epInfo1.NetworkPolicies, epInfo2.NetworkPolicies)
1337+
}
1338+
}
1339+
12141340
// ensure deleted
12151341
require.Empty(t, allEndpoints)
12161342
})

0 commit comments

Comments
 (0)