| /* |
| Copyright 2017 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package storage |
| |
| import ( |
| "testing" |
| |
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
| "k8s.io/apimachinery/pkg/fields" |
| "k8s.io/apimachinery/pkg/labels" |
| "k8s.io/apimachinery/pkg/runtime" |
| "k8s.io/apimachinery/pkg/util/intstr" |
| "k8s.io/apiserver/pkg/registry/generic" |
| genericregistrytest "k8s.io/apiserver/pkg/registry/generic/testing" |
| etcdtesting "k8s.io/apiserver/pkg/storage/etcd/testing" |
| api "k8s.io/kubernetes/pkg/apis/core" |
| "k8s.io/kubernetes/pkg/apis/networking" |
| "k8s.io/kubernetes/pkg/registry/registrytest" |
| ) |
| |
| func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) { |
| etcdStorage, server := registrytest.NewEtcdStorage(t, networking.GroupName) |
| restOptions := generic.RESTOptions{ |
| StorageConfig: etcdStorage, |
| Decorator: generic.UndecoratedStorage, |
| DeleteCollectionWorkers: 1, |
| ResourcePrefix: "networkpolicies", |
| } |
| return NewREST(restOptions), server |
| } |
| |
| func validNetworkPolicy() *networking.NetworkPolicy { |
| return &networking.NetworkPolicy{ |
| ObjectMeta: metav1.ObjectMeta{ |
| Name: "foo", |
| Namespace: "default", |
| }, |
| Spec: networking.NetworkPolicySpec{ |
| PodSelector: metav1.LabelSelector{ |
| MatchLabels: map[string]string{"label-1": "value-1"}, |
| }, |
| Ingress: []networking.NetworkPolicyIngressRule{ |
| { |
| From: []networking.NetworkPolicyPeer{ |
| { |
| PodSelector: &metav1.LabelSelector{ |
| MatchLabels: map[string]string{"label-2": "value-2"}, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| } |
| } |
| |
| func TestCreate(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store) |
| np := validNetworkPolicy() |
| np.ObjectMeta = metav1.ObjectMeta{GenerateName: "foo-"} |
| test.TestCreate( |
| // valid |
| np, |
| // invalid |
| &networking.NetworkPolicy{ |
| ObjectMeta: metav1.ObjectMeta{Name: "name with spaces"}, |
| }, |
| ) |
| } |
| |
| func TestUpdate(t *testing.T) { |
| protocolICMP := api.Protocol("ICMP") |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store) |
| test.TestUpdate( |
| // valid |
| validNetworkPolicy(), |
| // updateFunc |
| func(obj runtime.Object) runtime.Object { |
| object := obj.(*networking.NetworkPolicy) |
| object.Spec.Ingress = []networking.NetworkPolicyIngressRule{ |
| { |
| From: []networking.NetworkPolicyPeer{ |
| { |
| IPBlock: &networking.IPBlock{ |
| CIDR: "192.168.0.0/16", |
| Except: []string{"192.168.3.0/24", "192.168.4.0/24"}, |
| }, |
| }, |
| }, |
| }, |
| } |
| return object |
| }, |
| // invalid updateFunc |
| func(obj runtime.Object) runtime.Object { |
| object := obj.(*networking.NetworkPolicy) |
| object.Spec.Ingress = []networking.NetworkPolicyIngressRule{ |
| { |
| Ports: []networking.NetworkPolicyPort{ |
| { |
| Protocol: &protocolICMP, |
| Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 80}, |
| }, |
| }, |
| }, |
| } |
| return object |
| }, |
| ) |
| } |
| |
| func TestDelete(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store) |
| test.TestDelete(validNetworkPolicy()) |
| } |
| |
| func TestGet(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store) |
| test.TestGet(validNetworkPolicy()) |
| } |
| |
| func TestList(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store) |
| test.TestList(validNetworkPolicy()) |
| } |
| |
| func TestWatch(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store) |
| test.TestWatch( |
| validNetworkPolicy(), |
| // matching labels |
| []labels.Set{}, |
| // not matching labels |
| []labels.Set{ |
| {"foo": "bar"}, |
| }, |
| // matching fields |
| []fields.Set{ |
| {"metadata.name": "foo"}, |
| }, |
| // not matching fields |
| []fields.Set{ |
| {"metadata.name": "bar"}, |
| {"name": "foo"}, |
| }, |
| ) |
| } |
| |
| func TestShortNames(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| expected := []string{"netpol"} |
| registrytest.AssertShortNames(t, storage, expected) |
| } |