Skip to content

Commit

Permalink
Backend TLS Policy Cel tests
Browse files Browse the repository at this point in the history
  • Loading branch information
Ygnas committed Oct 17, 2023
1 parent 96a7748 commit 2b2a8b9
Showing 1 changed file with 198 additions and 0 deletions.
198 changes: 198 additions & 0 deletions pkg/test/cel/backendtlspolicy_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
/*
Copyright 2023 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package main

import (
"context"
"fmt"
"strings"
"testing"
"time"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
gatewayv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
"sigs.k8s.io/gateway-api/apis/v1beta1"
)

func TestBackendTLSPolicyConfig(t *testing.T) {
tests := []struct {
name string
wantErrors []string
routeConfig gatewayv1a2.BackendTLSPolicyConfig
}{
{
name: "invalid BackendTLSPolicyConfig with missing fields",
routeConfig: gatewayv1a2.BackendTLSPolicyConfig{},
wantErrors: []string{"spec.tls.hostname in body should be at least 1 chars long", "must specify either CACertRefs or WellKnownCACerts"},
},
{
name: "valid BackendTLSPolicyConfig",
routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
WellKnownCACerts: ptrTo(gatewayv1a2.WellKnownCACertType("System")),
Hostname: "foo.example.com",
},
wantErrors: []string{},
},
{
name: "invalid BackendTLSPolicyConfig with both CACertRefs and WellKnownCACerts",
routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
CACertRefs: []v1beta1.LocalObjectReference{
{
Group: "group",
Kind: "kind",
Name: "name",
},
},
WellKnownCACerts: ptrTo(gatewayv1a2.WellKnownCACertType("System")),
Hostname: "foo.example.com",
},
wantErrors: []string{"must not contain both CACertRefs and WellKnownCACerts"},
},
{
name: "invalid BackendTLSPolicyConfig with missing hostname field",
routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
CACertRefs: []v1beta1.LocalObjectReference{
{
Group: "group",
Kind: "kind",
Name: "name",
},
},
},
wantErrors: []string{"spec.tls.hostname in body should be at least 1 chars long"},
},
{
name: "invalid BackendTLSPolicyConfig with missing caCertRefs[0].name and caCertRefs[0].kind field",
routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
CACertRefs: []v1beta1.LocalObjectReference{
{
Group: "group",
},
},
Hostname: "foo.example.com",
},
wantErrors: []string{"spec.tls.caCertRefs[0].name in body should be at least 1 chars long", "spec.tls.caCertRefs[0].kind in body should be at least 1 chars long"},
},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
route := &gatewayv1a2.BackendTLSPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("foo-%v", time.Now().UnixNano()),
Namespace: metav1.NamespaceDefault,
},
Spec: gatewayv1a2.BackendTLSPolicySpec{
TargetRef: gatewayv1a2.PolicyTargetReferenceWithSectionName{
PolicyTargetReference: gatewayv1a2.PolicyTargetReference{
Group: "group",
Kind: "kind",
Name: "name",
Namespace: ptrTo(gatewayv1a2.Namespace("ns")),
},
},
TLS: tc.routeConfig,
},
}
validateBackendTLSPolicy(t, route, tc.wantErrors)
})
}
}

func TestPolicyTargetReferenceWithSectionName(t *testing.T) {
tests := []struct {
name string
wantErrors []string
routeConfig gatewayv1a2.PolicyTargetReferenceWithSectionName
}{
{
name: "invalid PolicyTargetReferenceWithSectionName with missing targetRef.name and targetRef.kind field",
routeConfig: gatewayv1a2.PolicyTargetReferenceWithSectionName{},
wantErrors: []string{"spec.targetRef.name in body should be at least 1 chars long", "spec.targetRef.kind in body should be at least 1 chars long"},
},
{
name: "valid PolicyTargetReferenceWithSectionName",
routeConfig: gatewayv1a2.PolicyTargetReferenceWithSectionName{
PolicyTargetReference: gatewayv1a2.PolicyTargetReference{
Group: "group",
Kind: "kind",
Name: "name",
Namespace: ptrTo(gatewayv1a2.Namespace("ns")),
},
},
wantErrors: []string{},
},
{
name: "invalid PolicyTargetReferenceWithSectionName SectionName field cannot be empty",
routeConfig: gatewayv1a2.PolicyTargetReferenceWithSectionName{
PolicyTargetReference: gatewayv1a2.PolicyTargetReference{
Group: "group",
Kind: "kind",
Name: "name",
Namespace: ptrTo(gatewayv1a2.Namespace("ns")),
},
SectionName: ptrTo(gatewayv1a2.SectionName("")),
},
wantErrors: []string{"spec.targetRef.sectionName in body should be at least 1 chars long"},
},
}

for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
route := &gatewayv1a2.BackendTLSPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("foo-%v", time.Now().UnixNano()),
Namespace: metav1.NamespaceDefault,
},
Spec: gatewayv1a2.BackendTLSPolicySpec{
TargetRef: tc.routeConfig,
TLS: gatewayv1a2.BackendTLSPolicyConfig{
CACertRefs: []v1beta1.LocalObjectReference{
{
Group: "group",
Kind: "kind",
Name: "name",
},
},
Hostname: "foo.example.com",
},
},
}
validateBackendTLSPolicy(t, route, tc.wantErrors)
})
}
}

func validateBackendTLSPolicy(t *testing.T, route *gatewayv1a2.BackendTLSPolicy, wantErrors []string) {
t.Helper()

ctx := context.Background()
err := k8sClient.Create(ctx, route)

if (len(wantErrors) != 0) != (err != nil) {
t.Fatalf("Unexpected response while creating BackendTLSPolicy %q; got err=\n%v\n;want error=%v", fmt.Sprintf("%v/%v", route.Namespace, route.Name), err, wantErrors)
}

var missingErrorStrings []string
for _, wantError := range wantErrors {
if !strings.Contains(strings.ToLower(err.Error()), strings.ToLower(wantError)) {
missingErrorStrings = append(missingErrorStrings, wantError)
}
}
if len(missingErrorStrings) != 0 {
t.Errorf("Unexpected response while creating BackendTLSPolicy %q; got err=\n%v\n;missing strings within error=%q", fmt.Sprintf("%v/%v", route.Namespace, route.Name), err, missingErrorStrings)
}
}

0 comments on commit 2b2a8b9

Please sign in to comment.