kuma
109 строк · 2.8 Кб
1package meshtrafficpermission
2
3import (
4"fmt"
5
6"github.com/gruntwork-io/terratest/modules/k8s"
7. "github.com/onsi/ginkgo/v2"
8. "github.com/onsi/gomega"
9
10"github.com/kumahq/kuma/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1"
11. "github.com/kumahq/kuma/test/framework"
12"github.com/kumahq/kuma/test/framework/envs/kubernetes"
13)
14
15func API() {
16meshName := "meshtrafficpermission-api"
17
18BeforeAll(func() {
19err := NewClusterSetup().
20Install(MeshKubernetes(meshName)).
21Setup(kubernetes.Cluster)
22Expect(err).ToNot(HaveOccurred())
23})
24
25E2EAfterEach(func() {
26Expect(DeleteMeshResources(kubernetes.Cluster, meshName, v1alpha1.MeshTrafficPermissionResourceTypeDescriptor)).To(Succeed())
27})
28
29E2EAfterAll(func() {
30Expect(kubernetes.Cluster.DeleteMesh(meshName)).To(Succeed())
31})
32
33It("should create MeshTrafficPermission policy", func() {
34// given no MeshTrafficPermissions
35mtps, err := kubernetes.Cluster.GetKumactlOptions().KumactlList("meshtrafficpermissions", meshName)
36Expect(err).ToNot(HaveOccurred())
37Expect(mtps).To(BeEmpty())
38
39// when
40Expect(YamlK8s(fmt.Sprintf(`
41apiVersion: kuma.io/v1alpha1
42kind: MeshTrafficPermission
43metadata:
44name: mtp1
45namespace: %s
46labels:
47kuma.io/mesh: meshtrafficpermission-api
48spec:
49targetRef:
50kind: MeshService
51name: backend
52from:
53- targetRef:
54kind: Mesh
55default:
56action: Allow
57- targetRef:
58kind: MeshService
59name: backend
60default:
61action: AllowWithShadowDeny
62- targetRef:
63kind: MeshServiceSubset
64name: backend
65tags:
66version: v1
67default:
68action: Deny
69`, Config.KumaNamespace))(kubernetes.Cluster)).To(Succeed())
70
71// then
72mtps, err = kubernetes.Cluster.GetKumactlOptions().KumactlList("meshtrafficpermissions", meshName)
73Expect(err).ToNot(HaveOccurred())
74Expect(mtps).To(HaveLen(1))
75Expect(mtps[0]).To(Equal(fmt.Sprintf("mtp1.%s", Config.KumaNamespace)))
76})
77
78It("should deny creating policy in the non-system namespace", func() {
79// given no MeshTrafficPermissions
80mtps, err := kubernetes.Cluster.GetKumactlOptions().KumactlList("meshtrafficpermissions", meshName)
81Expect(err).ToNot(HaveOccurred())
82Expect(mtps).To(BeEmpty())
83
84// when
85err = k8s.KubectlApplyFromStringE(
86kubernetes.Cluster.GetTesting(),
87kubernetes.Cluster.GetKubectlOptions(), `
88apiVersion: kuma.io/v1alpha1
89kind: MeshTrafficPermission
90metadata:
91name: mtp1
92namespace: default
93labels:
94kuma.io/mesh: meshtrafficpermission-api
95spec:
96targetRef:
97kind: MeshService
98name: backend
99from:
100- targetRef:
101kind: Mesh
102default:
103action: Allow
104`)
105
106Expect(err).To(HaveOccurred())
107Expect(err.Error()).To(ContainSubstring(fmt.Sprintf("policy can only be created in the system namespace:%s", Config.KumaNamespace)))
108})
109}
110