mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-03 19:58:17 +00:00
networkPolicy validation ipv6 unit tests
Add ipv6 cases to the validation unit tests.
This commit is contained in:
Antonio Ojea
@@ -283,6 +283,99 @@ func TestValidateNetworkPolicy(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Egress: []networking.NetworkPolicyEgressRule{
|
||||||
|
{
|
||||||
|
To: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
NamespaceSelector: &metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"c": "d"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "fd00:192:168::/48",
|
||||||
|
Except: []string{"fd00:192:168:3::/64", "fd00:192:168:4::/64"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "fd00:192:168::/48",
|
||||||
|
Except: []string{"fd00:192:168:3::/64", "fd00:192:168:4::/64"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Egress: []networking.NetworkPolicyEgressRule{
|
||||||
|
{
|
||||||
|
To: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "fd00:192:168::/48",
|
||||||
|
Except: []string{"fd00:192:168:3::/64", "fd00:192:168:4::/64"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PolicyTypes: []networking.PolicyType{networking.PolicyTypeEgress},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Egress: []networking.NetworkPolicyEgressRule{
|
||||||
|
{
|
||||||
|
To: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "fd00:192:168::/48",
|
||||||
|
Except: []string{"fd00:192:168:3::/64", "fd00:192:168:4::/64"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PolicyTypes: []networking.PolicyType{networking.PolicyTypeIngress, networking.PolicyTypeEgress},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Success cases are expected to pass validation.
|
// Success cases are expected to pass validation.
|
||||||
@@ -562,6 +655,26 @@ func TestValidateNetworkPolicy(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"invalid ipv6 cidr format": {
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "fd00:192:168::",
|
||||||
|
Except: []string{"fd00:192:168:3::/64", "fd00:192:168:4::/64"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
"except field is an empty string": {
|
"except field is an empty string": {
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
Spec: networking.NetworkPolicySpec{
|
Spec: networking.NetworkPolicySpec{
|
||||||
@@ -602,6 +715,26 @@ func TestValidateNetworkPolicy(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"except IPv6 is outside of CIDR range": {
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "fd00:192:168:1::/64",
|
||||||
|
Except: []string{"fd00:192:168:2::/64"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
"invalid policyTypes": {
|
"invalid policyTypes": {
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
Spec: networking.NetworkPolicySpec{
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
|||||||
Reference in New Issue
Block a user