ingress-nginx-helm/pkg/ingress/annotations/ipwhitelist/main_test.go

/*
Copyright 2016 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package ipwhitelist

import (
	"testing"

	api "k8s.io/api/core/v1"
	extensions "k8s.io/api/extensions/v1beta1"
	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/util/intstr"

	"k8s.io/ingress-nginx/pkg/ingress/defaults"
)

func buildIngress() *extensions.Ingress {
	defaultBackend := extensions.IngressBackend{
		ServiceName: "default-backend",
		ServicePort: intstr.FromInt(80),
	}

	return &extensions.Ingress{
		ObjectMeta: meta_v1.ObjectMeta{
			Name:      "foo",
			Namespace: api.NamespaceDefault,
		},
		Spec: extensions.IngressSpec{
			Backend: &extensions.IngressBackend{
				ServiceName: "default-backend",
				ServicePort: intstr.FromInt(80),
			},
			Rules: []extensions.IngressRule{
				{
					Host: "foo.bar.com",
					IngressRuleValue: extensions.IngressRuleValue{
						HTTP: &extensions.HTTPIngressRuleValue{
							Paths: []extensions.HTTPIngressPath{
								{
									Path:    "/foo",
									Backend: defaultBackend,
								},
							},
						},
					},
				},
			},
		},
	}
}

type mockBackend struct {
	defaults.Backend
}

func (m mockBackend) GetDefaultBackend() defaults.Backend {
	return m.Backend
}

func TestParseAnnotations(t *testing.T) {
	ing := buildIngress()
	tests := map[string]struct {
		net        string
		expectCidr []string
		expectErr  bool
		errOut     string
	}{
		"test parse a valid net": {
			net:        "10.0.0.0/24",
			expectCidr: []string{"10.0.0.0/24"},
			expectErr:  false,
		},
		"test parse a invalid net": {
			net:       "ww",
			expectErr: true,
			errOut:    "the annotation does not contain a valid IP address or network: invalid CIDR address: ww",
		},
		"test parse a empty net": {
			net:       "",
			expectErr: true,
			errOut:    "the annotation does not contain a valid IP address or network: invalid CIDR address: ",
		},
		"test parse multiple valid cidr": {
			net:        "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24",
			expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"},
			expectErr:  false,
		},
	}

	for testName, test := range tests {
		data := map[string]string{}
		data[whitelist] = test.net
		ing.SetAnnotations(data)
		p := NewParser(mockBackend{})
		i, err := p.Parse(ing)
		if err != nil && !test.expectErr {
			t.Errorf("%v:unexpected error: %v", testName, err)
		}
		if test.expectErr {
			if err.Error() != test.errOut {
				t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error())
			}
		}
		if !test.expectErr {
			sr, ok := i.(*SourceRange)
			if !ok {
				t.Errorf("%v:expected a SourceRange type", testName)
			}
			if !strsEquals(sr.CIDR, test.expectCidr) {
				t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR)
			}
		}
	}
}

// Test that when we have a whitelist set on the Backend that is used when we
// don't have the annotation
func TestParseAnnotationsWithDefaultConfig(t *testing.T) {
	ing := buildIngress()
	mockBackend := mockBackend{}
	mockBackend.Backend.WhitelistSourceRange = []string{"4.4.4.0/24", "1.2.3.4/32"}
	tests := map[string]struct {
		net        string
		expectCidr []string
		expectErr  bool
		errOut     string
	}{
		"test parse a valid net": {
			net:        "10.0.0.0/24",
			expectCidr: []string{"10.0.0.0/24"},
			expectErr:  false,
		},
		"test parse a invalid net": {
			net:       "ww",
			expectErr: true,
			errOut:    "the annotation does not contain a valid IP address or network: invalid CIDR address: ww",
		},
		"test parse a empty net": {
			net:       "",
			expectErr: true,
			errOut:    "the annotation does not contain a valid IP address or network: invalid CIDR address: ",
		},
		"test parse multiple valid cidr": {
			net:        "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24",
			expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"},
			expectErr:  false,
		},
	}

	for testName, test := range tests {
		data := map[string]string{}
		data[whitelist] = test.net
		ing.SetAnnotations(data)
		p := NewParser(mockBackend)
		i, err := p.Parse(ing)
		if err != nil && !test.expectErr {
			t.Errorf("%v:unexpected error: %v", testName, err)
		}
		if test.expectErr {
			if err.Error() != test.errOut {
				t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error())
			}
		}
		if !test.expectErr {
			sr, ok := i.(*SourceRange)
			if !ok {
				t.Errorf("%v:expected a SourceRange type", testName)
			}
			if !strsEquals(sr.CIDR, test.expectCidr) {
				t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR)
			}
		}
	}
}

func strsEquals(a, b []string) bool {
	if len(a) != len(b) {
		return false
	}
	for i, v := range a {
		if v != b[i] {
			return false
		}
	}
	return true
}
Add ip/cidr white list support 2016-06-06 18:31:40 +00:00			`/*`
Remove "All rights reserved" from all the headers 2016-09-08 11:02:39 +00:00			`Copyright 2016 The Kubernetes Authors.`
Add ip/cidr white list support 2016-06-06 18:31:40 +00:00
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package ipwhitelist`

			`import (`
			`"testing"`

Update generic controller 2017-07-16 19:19:59 +00:00			`api "k8s.io/api/core/v1"`
			`extensions "k8s.io/api/extensions/v1beta1"`
Update nginx and generic controller 2017-04-01 14:39:42 +00:00			`meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`"k8s.io/apimachinery/pkg/util/intstr"`
Split implementations from generic code 2016-11-10 22:56:29 +00:00
Update dependencies 2017-10-06 20:33:32 +00:00			`"k8s.io/ingress-nginx/pkg/ingress/defaults"`
Add ip/cidr white list support 2016-06-06 18:31:40 +00:00			`)`

			`func buildIngress() *extensions.Ingress {`
			`defaultBackend := extensions.IngressBackend{`
			`ServiceName: "default-backend",`
			`ServicePort: intstr.FromInt(80),`
			`}`

			`return &extensions.Ingress{`
Update nginx and generic controller 2017-04-01 14:39:42 +00:00			`ObjectMeta: meta_v1.ObjectMeta{`
Add ip/cidr white list support 2016-06-06 18:31:40 +00:00			`Name: "foo",`
			`Namespace: api.NamespaceDefault,`
			`},`
			`Spec: extensions.IngressSpec{`
			`Backend: &extensions.IngressBackend{`
			`ServiceName: "default-backend",`
			`ServicePort: intstr.FromInt(80),`
			`},`
			`Rules: []extensions.IngressRule{`
			`{`
			`Host: "foo.bar.com",`
			`IngressRuleValue: extensions.IngressRuleValue{`
			`HTTP: &extensions.HTTPIngressRuleValue{`
			`Paths: []extensions.HTTPIngressPath{`
			`{`
			`Path: "/foo",`
			`Backend: defaultBackend,`
			`},`
			`},`
			`},`
			`},`
			`},`
			`},`
			`},`
			`}`
			`}`

Deny location mapping in case of specific errors 2016-12-29 20:02:06 +00:00			`type mockBackend struct {`
Use whitelist-source-range from configmap when no annotation on ingress. Even though we were returning a SourceRange it was being ignored because we were also returning an error. Detect the case (and add tests) when the annotation is not present and use the BackendConfig in that case. Fixes #473. 2017-03-28 18:20:49 +00:00			`defaults.Backend`
Deny location mapping in case of specific errors 2016-12-29 20:02:06 +00:00			`}`

			`func (m mockBackend) GetDefaultBackend() defaults.Backend {`
Use whitelist-source-range from configmap when no annotation on ingress. Even though we were returning a SourceRange it was being ignored because we were also returning an error. Detect the case (and add tests) when the annotation is not present and use the BackendConfig in that case. Fixes #473. 2017-03-28 18:20:49 +00:00			`return m.Backend`
Deny location mapping in case of specific errors 2016-12-29 20:02:06 +00:00			`}`

Check for errors in nginx template 2016-07-28 21:35:36 +00:00			`func TestParseAnnotations(t *testing.T) {`
			`ing := buildIngress()`
Fix Todo:convert sequence to table 2017-08-16 08:46:08 +00:00			`tests := map[string]struct {`
			`net string`
			`expectCidr []string`
			`expectErr bool`
			`errOut string`
			`}{`
			`"test parse a valid net": {`
			`net: "10.0.0.0/24",`
			`expectCidr: []string{"10.0.0.0/24"},`
			`expectErr: false,`
			`},`
			`"test parse a invalid net": {`
			`net: "ww",`
			`expectErr: true,`
			`errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ww",`
			`},`
			`"test parse a empty net": {`
			`net: "",`
			`expectErr: true,`
			`errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ",`
			`},`
			`"test parse multiple valid cidr": {`
			`net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24",`
			`expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"},`
			`expectErr: false,`
			`},`
Sort whitelist list to avoid random orders 2016-12-15 14:18:06 +00:00			`}`

Fix Todo:convert sequence to table 2017-08-16 08:46:08 +00:00			`for testName, test := range tests {`
			`data := map[string]string{}`
			`data[whitelist] = test.net`
			`ing.SetAnnotations(data)`
			`p := NewParser(mockBackend{})`
			`i, err := p.Parse(ing)`
			`if err != nil && !test.expectErr {`
			`t.Errorf("%v:unexpected error: %v", testName, err)`
			`}`
			`if test.expectErr {`
			`if err.Error() != test.errOut {`
			`t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error())`
			`}`
			`}`
			`if !test.expectErr {`
			`sr, ok := i.(*SourceRange)`
			`if !ok {`
			`t.Errorf("%v:expected a SourceRange type", testName)`
			`}`
			`if !strsEquals(sr.CIDR, test.expectCidr) {`
			`t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR)`
			`}`
			`}`
Sort whitelist list to avoid random orders 2016-12-15 14:18:06 +00:00			`}`
			`}`

Use whitelist-source-range from configmap when no annotation on ingress. Even though we were returning a SourceRange it was being ignored because we were also returning an error. Detect the case (and add tests) when the annotation is not present and use the BackendConfig in that case. Fixes #473. 2017-03-28 18:20:49 +00:00			`// Test that when we have a whitelist set on the Backend that is used when we`
			`// don't have the annotation`
			`func TestParseAnnotationsWithDefaultConfig(t *testing.T) {`
			`ing := buildIngress()`
			`mockBackend := mockBackend{}`
			`mockBackend.Backend.WhitelistSourceRange = []string{"4.4.4.0/24", "1.2.3.4/32"}`
Fix Todo:convert sequence to table 2017-08-16 08:46:08 +00:00			`tests := map[string]struct {`
			`net string`
			`expectCidr []string`
			`expectErr bool`
			`errOut string`
			`}{`
			`"test parse a valid net": {`
			`net: "10.0.0.0/24",`
			`expectCidr: []string{"10.0.0.0/24"},`
			`expectErr: false,`
			`},`
			`"test parse a invalid net": {`
			`net: "ww",`
			`expectErr: true,`
			`errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ww",`
			`},`
			`"test parse a empty net": {`
			`net: "",`
			`expectErr: true,`
			`errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ",`
			`},`
			`"test parse multiple valid cidr": {`
			`net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24",`
			`expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"},`
			`expectErr: false,`
			`},`
Use whitelist-source-range from configmap when no annotation on ingress. Even though we were returning a SourceRange it was being ignored because we were also returning an error. Detect the case (and add tests) when the annotation is not present and use the BackendConfig in that case. Fixes #473. 2017-03-28 18:20:49 +00:00			`}`

Fix Todo:convert sequence to table 2017-08-16 08:46:08 +00:00			`for testName, test := range tests {`
			`data := map[string]string{}`
			`data[whitelist] = test.net`
			`ing.SetAnnotations(data)`
			`p := NewParser(mockBackend)`
			`i, err := p.Parse(ing)`
			`if err != nil && !test.expectErr {`
			`t.Errorf("%v:unexpected error: %v", testName, err)`
			`}`
			`if test.expectErr {`
			`if err.Error() != test.errOut {`
			`t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error())`
			`}`
			`}`
			`if !test.expectErr {`
			`sr, ok := i.(*SourceRange)`
			`if !ok {`
			`t.Errorf("%v:expected a SourceRange type", testName)`
			`}`
			`if !strsEquals(sr.CIDR, test.expectCidr) {`
			`t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR)`
			`}`
			`}`
Use whitelist-source-range from configmap when no annotation on ingress. Even though we were returning a SourceRange it was being ignored because we were also returning an error. Detect the case (and add tests) when the annotation is not present and use the BackendConfig in that case. Fixes #473. 2017-03-28 18:20:49 +00:00			`}`
			`}`

Sort whitelist list to avoid random orders 2016-12-15 14:18:06 +00:00			`func strsEquals(a, b []string) bool {`
			`if len(a) != len(b) {`
			`return false`
			`}`
			`for i, v := range a {`
			`if v != b[i] {`
			`return false`
Split implementations from generic code 2016-11-10 22:56:29 +00:00			`}`
Sort whitelist list to avoid random orders 2016-12-15 14:18:06 +00:00			`}`
			`return true`
Check for errors in nginx template 2016-07-28 21:35:36 +00:00			`}`