tetragon

labels_test.go
119 строк · 5.3 Кб
Перенос по словам
1
// SPDX-License-Identifier: Apache-2.0
2
// Copyright Authors of Tetragon
3

4
package filters
5

6
import (
7
	"context"
8
	"testing"
9

10
	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
11
	"github.com/cilium/tetragon/api/v1/tetragon"
12
	"github.com/stretchr/testify/assert"
13
)
14

15
func TestLabelSelectorFilterInvalidFilter(t *testing.T) {
16
	filter := []*tetragon.Filter{{Labels: []string{"!@#$%"}}}
17
	_, err := BuildFilterList(context.Background(), filter, []OnBuildFilter{&LabelsFilter{}})
18
	assert.Error(t, err)
19
}
20

21
func TestLabelSelectorFilterInvalidEvent(t *testing.T) {
22
	filter := []*tetragon.Filter{{Labels: []string{"key1,key2"}}}
23
	fl, err := BuildFilterList(context.Background(), filter, []OnBuildFilter{&LabelsFilter{}})
24
	assert.NoError(t, err)
25

26
	// nil pod should not match.
27
	exec := tetragon.GetEventsResponse_ProcessExec{
28
		ProcessExec: &tetragon.ProcessExec{Process: &tetragon.Process{}},
29
	}
30
	ev := v1.Event{Event: &tetragon.GetEventsResponse{Event: &exec}}
31
	assert.False(t, fl.MatchOne(&ev))
32

33
	// nil process should not match.
34
	exec.ProcessExec.Process = nil
35
	assert.False(t, fl.MatchOne(&ev))
36
}
37

38
func TestLabelSelectorFilterNoValue(t *testing.T) {
39
	filter := []*tetragon.Filter{{Labels: []string{"key1,key2"}}}
40
	fl, err := BuildFilterList(context.Background(), filter, []OnBuildFilter{&LabelsFilter{}})
41
	assert.NoError(t, err)
42
	exec := tetragon.GetEventsResponse_ProcessExec{
43
		ProcessExec: &tetragon.ProcessExec{Process: &tetragon.Process{Pod: &tetragon.Pod{PodLabels: map[string]string{}}}},
44
	}
45
	ev := v1.Event{Event: &tetragon.GetEventsResponse{Event: &exec}}
46
	assert.False(t, fl.MatchOne(&ev))
47
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key3": "val3"}
48
	assert.False(t, fl.MatchOne(&ev))
49
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1"}
50
	assert.False(t, fl.MatchOne(&ev))
51
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1", "key2": "val2"}
52
	assert.True(t, fl.MatchOne(&ev))
53
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1", "key2": "val2", "key3": "val3"}
54
	assert.True(t, fl.MatchOne(&ev))
55
}
56

57
func TestLabelSelectorFilterWithValue(t *testing.T) {
58
	filter := []*tetragon.Filter{{Labels: []string{"key1=val1,key2=val2"}}}
59
	fl, err := BuildFilterList(context.Background(), filter, []OnBuildFilter{&LabelsFilter{}})
60
	assert.NoError(t, err)
61
	exec := tetragon.GetEventsResponse_ProcessExec{
62
		ProcessExec: &tetragon.ProcessExec{Process: &tetragon.Process{Pod: &tetragon.Pod{PodLabels: map[string]string{}}}},
63
	}
64
	ev := v1.Event{Event: &tetragon.GetEventsResponse{Event: &exec}}
65
	assert.False(t, fl.MatchOne(&ev))
66
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key3": "val3"}
67
	assert.False(t, fl.MatchOne(&ev))
68
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1"}
69
	assert.False(t, fl.MatchOne(&ev))
70
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "foo", "key2": "bar"}
71
	assert.False(t, fl.MatchOne(&ev))
72
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1", "key2": "val2"}
73
	assert.True(t, fl.MatchOne(&ev))
74
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1", "key2": "val2", "key3": "val3"}
75
	assert.True(t, fl.MatchOne(&ev))
76
}
77

78
func TestLabelSelectorFilterEmptySelector(t *testing.T) {
79
	filter := []*tetragon.Filter{{Labels: []string{""}}}
80
	fl, err := BuildFilterList(context.Background(), filter, []OnBuildFilter{&LabelsFilter{}})
81
	assert.NoError(t, err)
82
	exec := tetragon.GetEventsResponse_ProcessExec{
83
		ProcessExec: &tetragon.ProcessExec{Process: &tetragon.Process{Pod: &tetragon.Pod{PodLabels: map[string]string{}}}},
84
	}
85

86
	// empty selector matches everything.
87
	ev := v1.Event{Event: &tetragon.GetEventsResponse{Event: &exec}}
88
	assert.True(t, fl.MatchOne(&ev))
89
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key3": "val3"}
90
	assert.True(t, fl.MatchOne(&ev))
91
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1"}
92
	assert.True(t, fl.MatchOne(&ev))
93
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "foo", "key2": "bar"}
94
	assert.True(t, fl.MatchOne(&ev))
95
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1", "key2": "val2"}
96
	assert.True(t, fl.MatchOne(&ev))
97
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "val1", "key2": "val2", "key3": "val3"}
98
	assert.True(t, fl.MatchOne(&ev))
99
}
100

101
func TestLabelSelectorFilterSetSelector(t *testing.T) {
102
	filter := []*tetragon.Filter{{Labels: []string{"key1 in (foo, bar), key2 notin (baz)"}}}
103
	fl, err := BuildFilterList(context.Background(), filter, []OnBuildFilter{&LabelsFilter{}})
104
	assert.NoError(t, err)
105
	exec := tetragon.GetEventsResponse_ProcessExec{
106
		ProcessExec: &tetragon.ProcessExec{Process: &tetragon.Process{Pod: &tetragon.Pod{PodLabels: map[string]string{}}}},
107
	}
108

109
	ev := v1.Event{Event: &tetragon.GetEventsResponse{Event: &exec}}
110
	assert.False(t, fl.MatchOne(&ev))
111
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "foo"}
112
	assert.True(t, fl.MatchOne(&ev))
113
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "bar", "key2": "baz"}
114
	assert.False(t, fl.MatchOne(&ev))
115
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "foo", "key2": "foo"}
116
	assert.True(t, fl.MatchOne(&ev))
117
	exec.ProcessExec.Process.Pod.PodLabels = map[string]string{"key1": "foo", "key2": "foo", "key3": "foo"}
118
	assert.True(t, fl.MatchOne(&ev))
119
}
120
tetragon

Использование cookies
