Skip to content

Commit

Permalink
add e2e test cases in antrea policy verify invalid selector;
Browse files Browse the repository at this point in the history
  • Loading branch information
wenqiq committed Apr 27, 2021
1 parent d31909b commit 4907307
Showing 1 changed file with 76 additions and 0 deletions.
76 changes: 76 additions & 0 deletions test/e2e/antreapolicy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2995,3 +2995,79 @@ func TestAntreaClusterNetworkPolicyStats(t *testing.T) {
}
k8sUtils.Cleanup(namespaces)
}

func testInvalidACNPPodSelectorNsSelectorMatchExpressions(t *testing.T) {
invalidLSErr := fmt.Errorf("invalid Antrea NetworkPolicy with namespaceSelector but matchExpressions invalid")

allowAction := crdv1alpha1.RuleActionAllow
selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"env": "dummy"}}
nsSelectA := metav1.LabelSelector{MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "env", Operator: "xxx", Values: []string{"xxxx"}}}}

var acnp = &crdv1alpha1.ClusterNetworkPolicy{
ObjectMeta: metav1.ObjectMeta{
Namespace: testNamespace, Name: "cnptest", Labels: map[string]string{"antrea-e2e": "cnp1"}},
Spec: crdv1alpha1.ClusterNetworkPolicySpec{
AppliedTo: []crdv1alpha1.NetworkPolicyPeer{
{PodSelector: &selectorA},
{NamespaceSelector: &nsSelectA},
},
Priority: 10,
Ingress: []crdv1alpha1.Rule{
{
Action: &allowAction,
},
},
},
}

if _, err := k8sUtils.CreateOrUpdateACNP(acnp); err == nil {
failOnError(invalidLSErr, t)
}
}

func testInvalidCGPPodSelectorNsSelectorMatchExpressions(t *testing.T) {
invalidLSErr := fmt.Errorf("invalid clustergroup with namespaceSelector but matchExpressions invalid")

nsSelectA := metav1.LabelSelector{MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "env", Operator: "xxx", Values: []string{"xxxx"}}}}

cgName := "cg-test"
cg := &crdv1alpha2.ClusterGroup{
ObjectMeta: metav1.ObjectMeta{
Name: cgName,
},
Spec: crdv1alpha2.GroupSpec{
NamespaceSelector: &nsSelectA,
},
}
if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil {
// Above creation of CG must fail as it is an invalid spec.
failOnError(invalidLSErr, t)
}
}

func TestInvalidLabelSelectorInResource(t *testing.T) {
data, err := setupTest(t)
if err != nil {
t.Fatalf("Error when setting up test: %v", err)
}
defer teardownTest(t, data)
initK8s := func() {
skipIfAntreaPolicyDisabled(t, data)
var err error
// k8sUtils is a global var
k8sUtils, err = NewKubernetesUtils(data)
failOnError(err, t)
}
if k8sUtils == nil {
initK8s()
}

t.Run("TestGroupInvalidLabelSelectorInResource", func(t *testing.T) {
t.Run("Case=InvalidACNPPodSelectorNsSelectorMatchExpressions", func(t *testing.T) {
testInvalidACNPPodSelectorNsSelectorMatchExpressions(t)
})
t.Run("CASE=InvalidCGPPodSelectorNsSelectorMatchExpressions", func(t *testing.T) {
testInvalidCGPPodSelectorNsSelectorMatchExpressions(t)
})
})
}

0 comments on commit 4907307

Please sign in to comment.