243 lines
7.2 KiB
Go
243 lines
7.2 KiB
Go
package wsnetworkpolicy
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
. "github.com/onsi/ginkgo"
|
|
. "github.com/onsi/gomega"
|
|
. "github.com/onsi/gomega/gstruct"
|
|
corev1 "k8s.io/api/core/v1"
|
|
k8snetwork "k8s.io/api/networking/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/labels"
|
|
netv1lister "k8s.io/client-go/listers/networking/v1"
|
|
"k8s.io/client-go/tools/record"
|
|
"k8s.io/klog"
|
|
"kubesphere.io/kubesphere/pkg/apis/network/v1alpha1"
|
|
tenant "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
|
|
"kubesphere.io/kubesphere/pkg/controller/network/controllerapi"
|
|
controllertesting "kubesphere.io/kubesphere/pkg/controller/network/testing"
|
|
)
|
|
|
|
var (
|
|
fakeControllerBuilder *controllertesting.FakeControllerBuilder
|
|
c controllerapi.Controller
|
|
npLister netv1lister.NetworkPolicyLister
|
|
stopCh chan struct{}
|
|
deletePolicy metav1.DeletionPropagation
|
|
testName string
|
|
)
|
|
|
|
var _ = Describe("Wsnetworkpolicy", func() {
|
|
BeforeEach(func() {
|
|
deletePolicy = metav1.DeletePropagationBackground
|
|
fakeControllerBuilder = controllertesting.NewFakeControllerBuilder()
|
|
informer, k8sinformer := fakeControllerBuilder.NewControllerInformer()
|
|
stopCh = make(chan struct{})
|
|
c = NewController(fakeControllerBuilder.KubeClient, fakeControllerBuilder.KsClient,
|
|
informer.Network().V1alpha1().WorkspaceNetworkPolicies(), k8sinformer.Networking().V1().NetworkPolicies(),
|
|
k8sinformer.Core().V1().Namespaces(), informer.Tenant().V1alpha1().Workspaces())
|
|
originalController := c.(*controller)
|
|
go originalController.wsnpInformer.Informer().Run(stopCh)
|
|
go originalController.networkPolicyInformer.Informer().Run(stopCh)
|
|
go originalController.namespaceInformer.Informer().Run(stopCh)
|
|
go originalController.workspaceInformer.Informer().Run(stopCh)
|
|
originalController.recorder = &record.FakeRecorder{}
|
|
go c.Run(1, stopCh)
|
|
npLister = k8sinformer.Networking().V1().NetworkPolicies().Lister()
|
|
testName = "test"
|
|
ns1 := newWorkspaceNamespaces("ns1", testName)
|
|
ns2 := newWorkspaceNamespaces("ns2", testName)
|
|
_, err := fakeControllerBuilder.KubeClient.CoreV1().Namespaces().Create(ns1)
|
|
Expect(err).ShouldNot(HaveOccurred())
|
|
_, err = fakeControllerBuilder.KubeClient.CoreV1().Namespaces().Create(ns2)
|
|
Expect(err).ShouldNot(HaveOccurred())
|
|
})
|
|
|
|
AfterEach(func() {
|
|
close(stopCh)
|
|
})
|
|
|
|
It("Should proper ingress rule when using workspaceSelector", func() {
|
|
label := map[string]string{"workspace": "test-selector"}
|
|
ws := &tenant.Workspace{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "test",
|
|
Labels: label,
|
|
},
|
|
}
|
|
_, err := fakeControllerBuilder.KsClient.TenantV1alpha1().Workspaces().Create(ws)
|
|
wsnp := newWorkspaceNP(testName)
|
|
wsnp.Spec.PolicyTypes = []k8snetwork.PolicyType{k8snetwork.PolicyTypeIngress}
|
|
wsnp.Spec.Ingress = []v1alpha1.WorkspaceNetworkPolicyIngressRule{
|
|
v1alpha1.WorkspaceNetworkPolicyIngressRule{
|
|
From: []v1alpha1.WorkspaceNetworkPolicyPeer{
|
|
v1alpha1.WorkspaceNetworkPolicyPeer{
|
|
WorkspaceSelector: &metav1.LabelSelector{
|
|
MatchLabels: label,
|
|
},
|
|
},
|
|
},
|
|
}}
|
|
_, err = fakeControllerBuilder.KsClient.NetworkV1alpha1().WorkspaceNetworkPolicies().Create(wsnp)
|
|
Expect(err).ShouldNot(HaveOccurred())
|
|
expect1Json := `{
|
|
"apiVersion": "networking.k8s.io/v1",
|
|
"kind": "NetworkPolicy",
|
|
"metadata": {
|
|
"name": "test-np",
|
|
"namespace": "ns1",
|
|
"labels": {
|
|
"networking.kubesphere.io/wsnp": "test"
|
|
}
|
|
},
|
|
"spec": {
|
|
"policyTypes": [
|
|
"Ingress"
|
|
],
|
|
"ingress": [
|
|
{
|
|
"from": [
|
|
{
|
|
"namespaceSelector": {
|
|
"matchLabels": {
|
|
"kubesphere.io/workspace": "test"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}`
|
|
expect1 := &k8snetwork.NetworkPolicy{}
|
|
Expect(controllertesting.StringToObject(expect1Json, expect1)).ShouldNot(HaveOccurred())
|
|
nps := []*k8snetwork.NetworkPolicy{}
|
|
Eventually(func() error {
|
|
selector, _ := labels.Parse(workspaceNetworkPolicyLabel + "==test")
|
|
nps, err = npLister.List(selector)
|
|
if err != nil {
|
|
klog.Errorf("Failed to list npmerr:%s", err.Error())
|
|
return err
|
|
}
|
|
if len(nps) != 2 {
|
|
return fmt.Errorf("Length is not right, current length :%d", len(nps))
|
|
}
|
|
return nil
|
|
}, time.Second*5, time.Second).ShouldNot(HaveOccurred())
|
|
|
|
for _, np := range nps {
|
|
Expect(np.Labels).To(Equal(expect1.Labels))
|
|
Expect(np.Spec).To(Equal(expect1.Spec))
|
|
}
|
|
// create a new ws will change the `From`
|
|
ws2 := &tenant.Workspace{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "test2",
|
|
Labels: label,
|
|
},
|
|
}
|
|
_, err = fakeControllerBuilder.KsClient.TenantV1alpha1().Workspaces().Create(ws2)
|
|
Expect(err).ShouldNot(HaveOccurred())
|
|
expect2Json := `{
|
|
"apiVersion": "networking.k8s.io/v1",
|
|
"kind": "NetworkPolicy",
|
|
"metadata": {
|
|
"name": "test-np",
|
|
"namespace": "ns1",
|
|
"labels": {
|
|
"networking.kubesphere.io/wsnp": "test"
|
|
}
|
|
},
|
|
"spec": {
|
|
"policyTypes": [
|
|
"Ingress"
|
|
],
|
|
"ingress": [
|
|
{
|
|
"from": [
|
|
{
|
|
"namespaceSelector": {
|
|
"matchExpressions": [{
|
|
"key": "kubesphere.io/workspace",
|
|
"operator":"In",
|
|
"values": ["test", "test2"]
|
|
}]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}`
|
|
expect2 := &k8snetwork.NetworkPolicy{}
|
|
Expect(controllertesting.StringToObject(expect2Json, expect2)).ShouldNot(HaveOccurred())
|
|
|
|
id := func(element interface{}) string {
|
|
e := element.(*k8snetwork.NetworkPolicy)
|
|
return e.Namespace
|
|
}
|
|
Eventually(func() []*k8snetwork.NetworkPolicy {
|
|
selector, _ := labels.Parse(workspaceNetworkPolicyLabel + "=test")
|
|
nps, err := npLister.List(selector)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
if len(nps) != 2 {
|
|
klog.Errorf("Length is not right, current length :%d", len(nps))
|
|
return nil
|
|
}
|
|
return nps
|
|
}, time.Second*5, time.Second).Should(MatchAllElements(id, Elements{
|
|
"ns1": PointTo(MatchFields(IgnoreExtras, Fields{
|
|
"Spec": Equal(expect2.Spec),
|
|
})),
|
|
"ns2": PointTo(MatchFields(IgnoreExtras, Fields{
|
|
"Spec": Equal(expect2.Spec),
|
|
})),
|
|
}))
|
|
})
|
|
|
|
It("Should create networkpolicies", func() {
|
|
//create a wsnp
|
|
_, err := fakeControllerBuilder.KsClient.NetworkV1alpha1().WorkspaceNetworkPolicies().Create(newWorkspaceNP(testName))
|
|
Expect(err).ShouldNot(HaveOccurred())
|
|
Eventually(func() error {
|
|
selector, _ := labels.Parse(workspaceNetworkPolicyLabel + "=" + testName)
|
|
nps, err := npLister.List(selector)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if len(nps) != 2 {
|
|
return fmt.Errorf("Length is not right, current length :%d", len(nps))
|
|
}
|
|
return nil
|
|
}, time.Second*5, time.Second).ShouldNot(HaveOccurred())
|
|
err = fakeControllerBuilder.KsClient.NetworkV1alpha1().WorkspaceNetworkPolicies().Delete(testName, &metav1.DeleteOptions{
|
|
PropagationPolicy: &deletePolicy,
|
|
})
|
|
Expect(err).ShouldNot(HaveOccurred())
|
|
})
|
|
})
|
|
|
|
func newWorkspaceNP(name string) *v1alpha1.WorkspaceNetworkPolicy {
|
|
return &v1alpha1.WorkspaceNetworkPolicy{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
},
|
|
Spec: v1alpha1.WorkspaceNetworkPolicySpec{
|
|
Workspace: name,
|
|
},
|
|
}
|
|
}
|
|
|
|
func newWorkspaceNamespaces(ns, ws string) *corev1.Namespace {
|
|
return &corev1.Namespace{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: ns,
|
|
Labels: map[string]string{workspaceSelectorLabel: ws},
|
|
},
|
|
}
|
|
}
|