policy: Add e2e egress tests (#13390)

This change adds e2e `EgressNetwork` tests that exercise: - default policy - explicit allows via route types - routing of egress traffic to in-cluster services via backend refs Signed-off-by: Zahari Dichev <[email protected]>
linkerd · Dec 2, 2024 · b7e1b49 · b7e1b49
1 parent ecde6d2
commit b7e1b49
Show file tree

Hide file tree

Showing 8 changed files with 860 additions and 67 deletions.
diff --git a/policy-test/src/lib.rs b/policy-test/src/lib.rs
@@ -8,9 +8,10 @@ pub mod grpc;
 pub mod outbound_api;
 pub mod web;
 
+use kube::runtime::wait::Condition;
 use linkerd_policy_controller_k8s_api::{
     self as k8s,
-    policy::{httproute::ParentReference, EgressNetwork},
+    policy::{httproute::ParentReference, EgressNetwork, TrafficPolicy},
     ResourceExt,
 };
 use maplit::{btreemap, convert_args};
@@ -349,6 +350,26 @@ pub fn endpoints_ready(obj: Option<&k8s::Endpoints>) -> bool {
     false
 }
 
+pub fn egress_network_traffic_policy_is(
+    policy: TrafficPolicy,
+) -> impl Condition<EgressNetwork> + 'static {
+    move |egress_net: Option<&EgressNetwork>| {
+        if let Some(egress_net) = &egress_net {
+            let status = egress_net.status.clone();
+            assert_status_accepted(status.map(|s| s.conditions).unwrap_or_default());
+
+            return egress_net.spec.traffic_policy == policy;
+        }
+        false
+    }
+}
+
+pub fn assert_status_accepted(conditions: Vec<k8s::Condition>) {
+    conditions
+        .iter()
+        .any(|c| c.type_ == "Accepted" && c.status == "True");
+}
+
 #[tracing::instrument(skip_all, fields(%pod, %container))]
 pub async fn logs(client: &kube::Client, ns: &str, pod: &str, container: &str) {
     let params = kube::api::LogParams {