consul/api/connect_intention_test.go

191 lines
3.9 KiB
Go
Raw Normal View History

package api
import (
"testing"
"github.com/stretchr/testify/require"
)
2018-05-16 15:53:33 +00:00
func TestAPI_ConnectIntentionCreateListGetUpdateDelete(t *testing.T) {
t.Parallel()
require := require.New(t)
c, s := makeClient(t)
defer s.Stop()
connect := c.Connect()
// Create
ixn := testIntention()
id, _, err := connect.IntentionCreate(ixn, nil)
require.Nil(err)
require.NotEmpty(id)
// List it
list, _, err := connect.Intentions(nil)
require.Nil(err)
require.Len(list, 1)
actual := list[0]
ixn.ID = id
ixn.CreatedAt = actual.CreatedAt
ixn.UpdatedAt = actual.UpdatedAt
ixn.CreateIndex = actual.CreateIndex
ixn.ModifyIndex = actual.ModifyIndex
ixn.Hash = actual.Hash
require.Equal(ixn, actual)
2018-03-28 17:14:32 +00:00
// Get it
actual, _, err = connect.IntentionGet(id, nil)
require.Nil(err)
require.Equal(ixn, actual)
2018-05-12 05:19:21 +00:00
2018-05-16 15:53:33 +00:00
// Update it
ixn.SourceName = ixn.SourceName + "-different"
2018-05-16 15:53:33 +00:00
_, err = connect.IntentionUpdate(ixn, nil)
require.NoError(err)
// Get it
actual, _, err = connect.IntentionGet(id, nil)
require.NoError(err)
ixn.UpdatedAt = actual.UpdatedAt
ixn.ModifyIndex = actual.ModifyIndex
ixn.Hash = actual.Hash
2018-05-16 15:53:33 +00:00
require.Equal(ixn, actual)
2018-05-12 05:19:21 +00:00
// Delete it
_, err = connect.IntentionDelete(id, nil)
require.Nil(err)
// Get it (should be gone)
actual, _, err = connect.IntentionGet(id, nil)
require.Nil(err)
require.Nil(actual)
2018-03-28 17:14:32 +00:00
}
func TestAPI_ConnectIntentionGet_invalidId(t *testing.T) {
t.Parallel()
require := require.New(t)
c, s := makeClient(t)
defer s.Stop()
connect := c.Connect()
// Get it
actual, _, err := connect.IntentionGet("hello", nil)
require.Nil(actual)
require.Error(err)
require.Contains(err.Error(), "UUID") // verify it contains the message
}
2018-03-28 17:14:32 +00:00
func TestAPI_ConnectIntentionMatch(t *testing.T) {
t.Parallel()
require := require.New(t)
c, s := makeClient(t)
defer s.Stop()
connect := c.Connect()
// Create
{
insert := [][]string{
{"default", "*"},
{"default", "bar"},
{"default", "baz"}, // shouldn't match
2018-03-28 17:14:32 +00:00
}
for _, v := range insert {
ixn := testIntention()
ixn.DestinationNS = v[0]
ixn.DestinationName = v[1]
id, _, err := connect.IntentionCreate(ixn, nil)
require.Nil(err)
require.NotEmpty(id)
}
}
// Match it
result, _, err := connect.IntentionMatch(&IntentionMatch{
By: IntentionMatchDestination,
Names: []string{"bar"},
2018-03-28 17:14:32 +00:00
}, nil)
require.Nil(err)
require.Len(result, 1)
var actual [][]string
expected := [][]string{
{"default", "bar"},
{"default", "*"},
}
for _, ixn := range result["bar"] {
2018-03-28 17:14:32 +00:00
actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName})
}
require.Equal(expected, actual)
}
2018-05-12 00:19:54 +00:00
func TestAPI_ConnectIntentionCheck(t *testing.T) {
t.Parallel()
require := require.New(t)
c, s := makeClient(t)
defer s.Stop()
connect := c.Connect()
// Create
{
insert := [][]string{
{"default", "*", "default", "bar", "deny"},
{"default", "foo", "default", "bar", "allow"},
2018-05-12 00:19:54 +00:00
}
for _, v := range insert {
ixn := testIntention()
ixn.SourceNS = v[0]
ixn.SourceName = v[1]
ixn.DestinationNS = v[2]
ixn.DestinationName = v[3]
ixn.Action = IntentionAction(v[4])
2018-05-12 00:19:54 +00:00
id, _, err := connect.IntentionCreate(ixn, nil)
require.Nil(err)
require.NotEmpty(id)
}
}
// Match the deny rule
2018-05-12 00:19:54 +00:00
{
result, _, err := connect.IntentionCheck(&IntentionCheck{
Source: "default/qux",
Destination: "default/bar",
2018-05-12 00:19:54 +00:00
}, nil)
require.NoError(err)
2018-05-12 00:19:54 +00:00
require.False(result)
}
// Match the allow rule
2018-05-12 00:19:54 +00:00
{
result, _, err := connect.IntentionCheck(&IntentionCheck{
Source: "default/foo",
Destination: "default/bar",
2018-05-12 00:19:54 +00:00
}, nil)
require.NoError(err)
2018-05-12 00:19:54 +00:00
require.True(result)
}
}
func testIntention() *Intention {
return &Intention{
SourceNS: "default",
SourceName: "api",
DestinationNS: "default",
DestinationName: "db",
Precedence: 9,
Action: IntentionActionAllow,
SourceType: IntentionSourceConsul,
Meta: map[string]string{},
}
}