Define FeatureSecurityPolicy in features.go

kubernetes · Jun 19, 2018 · d40ea79 · d40ea79
1 parent 4629c5c
commit d40ea79
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 2 deletions.
diff --git a/pkg/backends/features/features.go b/pkg/backends/features/features.go
@@ -17,6 +17,8 @@ limitations under the License.
 package features
 
 import (
+	"sort"
+
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/kubernetes/pkg/cloudprovider/providers/gce/cloud/meta"
 
@@ -27,14 +29,16 @@ import (
 const (
 	// FeatureHTTP2 defines the feature name of HTTP2.
 	FeatureHTTP2 = "HTTP2"
+	// FeatureSecurityPolicy defines the feature name of SecurityPolicy.
+	FeatureSecurityPolicy = "SecurityPolicy"
 )
 
 var (
 	// versionToFeatures stores the mapping from the required API
 	// version to feature names.
 	versionToFeatures = map[meta.Version][]string{
 		meta.VersionAlpha: []string{FeatureHTTP2},
-		meta.VersionBeta:  []string{},
+		meta.VersionBeta:  []string{FeatureSecurityPolicy},
 	}
 )
 
@@ -50,6 +54,11 @@ func featuresFromServicePort(sp *utils.ServicePort) []string {
 	if sp.Protocol == annotations.ProtocolHTTP2 {
 		features = append(features, FeatureHTTP2)
 	}
+	if sp.BackendConfig != nil && sp.BackendConfig.Spec.SecurityPolicy != nil {
+		features = append(features, FeatureSecurityPolicy)
+	}
+	// Keep feature names sorted to be consistent.
+	sort.Strings(features)
 	return features
 }
 
@@ -86,7 +95,7 @@ var (
 	}
 )
 
-// IsLowerVersion reutrns if v1 is a lower version than v2.
+// IsLowerVersion returns if v1 is a lower version than v2.
 func IsLowerVersion(v1, v2 meta.Version) bool {
 	return versionMap[v1] < versionMap[v2]
 }
diff --git a/pkg/backends/features/features_test.go b/pkg/backends/features/features_test.go
@@ -25,6 +25,7 @@ import (
 	"k8s.io/kubernetes/pkg/cloudprovider/providers/gce/cloud/meta"
 
 	"k8s.io/ingress-gce/pkg/annotations"
+	backendconfigv1beta1 "k8s.io/ingress-gce/pkg/apis/backendconfig/v1beta1"
 	"k8s.io/ingress-gce/pkg/utils"
 )
 
@@ -45,6 +46,29 @@ var (
 		ID:       fakeSvcPortID,
 		Protocol: annotations.ProtocolHTTP2,
 	}
+
+	svcPortWithSecurityPolicy = utils.ServicePort{
+		ID: fakeSvcPortID,
+		BackendConfig: &backendconfigv1beta1.BackendConfig{
+			Spec: backendconfigv1beta1.BackendConfigSpec{
+				SecurityPolicy: &backendconfigv1beta1.SecurityPolicyConfig{
+					Name: "policy-test",
+				},
+			},
+		},
+	}
+
+	svcPortWithHTTP2SecurityPolicy = utils.ServicePort{
+		ID:       fakeSvcPortID,
+		Protocol: annotations.ProtocolHTTP2,
+		BackendConfig: &backendconfigv1beta1.BackendConfig{
+			Spec: backendconfigv1beta1.BackendConfigSpec{
+				SecurityPolicy: &backendconfigv1beta1.SecurityPolicyConfig{
+					Name: "policy-test",
+				},
+			},
+		},
+	}
 )
 
 func TestFeaturesFromServicePort(t *testing.T) {
@@ -63,6 +87,16 @@ func TestFeaturesFromServicePort(t *testing.T) {
 			svcPort:          svcPortWithHTTP2,
 			expectedFeatures: []string{"HTTP2"},
 		},
+		{
+			desc:             "SecurityPolicy",
+			svcPort:          svcPortWithSecurityPolicy,
+			expectedFeatures: []string{"SecurityPolicy"},
+		},
+		{
+			desc:             "HTTP2 + SecurityPolicy",
+			svcPort:          svcPortWithHTTP2SecurityPolicy,
+			expectedFeatures: []string{"HTTP2", "SecurityPolicy"},
+		},
 	}
 
 	for _, tc := range testCases {
@@ -89,6 +123,16 @@ func TestVersionFromFeatures(t *testing.T) {
 			features:        []string{FeatureHTTP2},
 			expectedVersion: meta.VersionAlpha,
 		},
+		{
+			desc:            "SecurityPolicy",
+			features:        []string{FeatureSecurityPolicy},
+			expectedVersion: meta.VersionBeta,
+		},
+		{
+			desc:            "HTTP2 + SecurityPolicy",
+			features:        []string{FeatureHTTP2, FeatureSecurityPolicy},
+			expectedVersion: meta.VersionAlpha,
+		},
 		{
 			desc:            "unknown feature",
 			features:        []string{"whatisthis"},
@@ -124,6 +168,16 @@ func TestVersionFromDescription(t *testing.T) {
 			backendServiceDesc: `{"kubernetes.io/service-name":"my-service","kubernetes.io/service-port":"my-port","x-features":["HTTP2"]}`,
 			expectedVersion:    meta.VersionAlpha,
 		},
+		{
+			desc:               "SecurityPolicy",
+			backendServiceDesc: `{"kubernetes.io/service-name":"my-service","kubernetes.io/service-port":"my-port","x-features":["SecurityPolicy"]}`,
+			expectedVersion:    meta.VersionBeta,
+		},
+		{
+			desc:               "HTTP2 + SecurityPolicy",
+			backendServiceDesc: `{"kubernetes.io/service-name":"my-service","kubernetes.io/service-port":"my-port","x-features":["HTTP2","SecurityPolicy"]}`,
+			expectedVersion:    meta.VersionAlpha,
+		},
 		{
 			desc:               "HTTP2 + unknown",
 			backendServiceDesc: `{"kubernetes.io/service-name":"my-service","kubernetes.io/service-port":"my-port","x-features":["HTTP2","whatisthis"]}`,
@@ -154,6 +208,16 @@ func TestVersionFromServicePort(t *testing.T) {
 			svcPort:         svcPortWithHTTP2,
 			expectedVersion: meta.VersionAlpha,
 		},
+		{
+			desc:            "enabled security policy",
+			svcPort:         svcPortWithSecurityPolicy,
+			expectedVersion: meta.VersionBeta,
+		},
+		{
+			desc:            "enabled http2 + security policy",
+			svcPort:         svcPortWithHTTP2SecurityPolicy,
+			expectedVersion: meta.VersionAlpha,
+		},
 	}
 
 	for _, tc := range testCases {