diff options
Diffstat (limited to 'spec/lib/gitlab/kubernetes')
| -rw-r--r-- | spec/lib/gitlab/kubernetes/cilium_network_policy_spec.rb | 274 | ||||
| -rw-r--r-- | spec/lib/gitlab/kubernetes/kube_client_spec.rb | 64 | ||||
| -rw-r--r-- | spec/lib/gitlab/kubernetes/network_policy_spec.rb | 235 |
3 files changed, 0 insertions, 573 deletions
diff --git a/spec/lib/gitlab/kubernetes/cilium_network_policy_spec.rb b/spec/lib/gitlab/kubernetes/cilium_network_policy_spec.rb deleted file mode 100644 index ec1f46100a4..00000000000 --- a/spec/lib/gitlab/kubernetes/cilium_network_policy_spec.rb +++ /dev/null @@ -1,274 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Gitlab::Kubernetes::CiliumNetworkPolicy do - let(:policy) do - described_class.new( - name: name, - namespace: namespace, - description: description, - selector: selector, - ingress: ingress, - egress: egress, - labels: labels, - resource_version: resource_version, - annotations: annotations - ) - end - - let(:resource) do - ::Kubeclient::Resource.new( - apiVersion: Gitlab::Kubernetes::CiliumNetworkPolicy::API_VERSION, - kind: Gitlab::Kubernetes::CiliumNetworkPolicy::KIND, - metadata: { name: name, namespace: namespace, resourceVersion: resource_version, annotations: annotations }, - spec: { endpointSelector: endpoint_selector, ingress: ingress, egress: egress }, - description: description - ) - end - - let(:selector) { endpoint_selector } - let(:labels) { nil } - let(:name) { 'example-name' } - let(:namespace) { 'example-namespace' } - let(:endpoint_selector) { { matchLabels: { role: 'db' } } } - let(:description) { 'example-description' } - let(:partial_class_name) { described_class.name.split('::').last } - let(:resource_version) { 101 } - let(:annotations) { { 'app.gitlab.com/alert': 'true' } } - let(:ingress) do - [ - { - fromEndpoints: [ - { matchLabels: { project: 'myproject' } } - ] - } - ] - end - - let(:egress) do - [ - { - ports: [{ port: 5978 }] - } - ] - end - - include_examples 'network policy common specs' - - describe '.from_yaml' do - let(:manifest) do - <<~POLICY - apiVersion: cilium.io/v2 - kind: CiliumNetworkPolicy - description: example-description - metadata: - name: example-name - namespace: example-namespace - resourceVersion: 101 - annotations: - app.gitlab.com/alert: "true" - spec: - endpointSelector: - matchLabels: - role: db - ingress: - - fromEndpoints: - - matchLabels: - project: myproject - egress: - - ports: - - port: 5978 - POLICY - end - - subject { Gitlab::Kubernetes::CiliumNetworkPolicy.from_yaml(manifest)&.generate } - - it { is_expected.to eq(resource) } - - context 'with nil manifest' do - let(:manifest) { nil } - - it { is_expected.to be_nil } - end - - context 'with invalid manifest' do - let(:manifest) { "\tfoo: bar" } - - it { is_expected.to be_nil } - end - - context 'with manifest without metadata' do - let(:manifest) do - <<~POLICY - apiVersion: cilium.io/v2 - kind: CiliumNetworkPolicy - spec: - endpointSelector: - matchLabels: - role: db - ingress: - - fromEndpoints: - matchLabels: - project: myproject - POLICY - end - - it { is_expected.to be_nil } - end - - context 'with manifest without spec' do - let(:manifest) do - <<~POLICY - apiVersion: cilium.io/v2 - kind: CiliumNetworkPolicy - metadata: - name: example-name - namespace: example-namespace - POLICY - end - - it { is_expected.to be_nil } - end - - context 'with disallowed class' do - let(:manifest) do - <<~POLICY - apiVersion: cilium.io/v2 - kind: CiliumNetworkPolicy - metadata: - name: example-name - namespace: example-namespace - creationTimestamp: 2020-04-14T00:08:30Z - spec: - endpointSelector: - matchLabels: - role: db - ingress: - - fromEndpoints: - matchLabels: - project: myproject - POLICY - end - - it { is_expected.to be_nil } - end - end - - describe '.from_resource' do - let(:resource) do - ::Kubeclient::Resource.new( - description: description, - metadata: { - name: name, namespace: namespace, creationTimestamp: '2020-04-14T00:08:30Z', - labels: { app: 'foo' }, resourceVersion: resource_version, annotations: annotations - }, - spec: { endpointSelector: endpoint_selector, ingress: ingress, egress: nil, labels: nil } - ) - end - - let(:generated_resource) do - ::Kubeclient::Resource.new( - apiVersion: Gitlab::Kubernetes::CiliumNetworkPolicy::API_VERSION, - kind: Gitlab::Kubernetes::CiliumNetworkPolicy::KIND, - description: description, - metadata: { name: name, namespace: namespace, resourceVersion: resource_version, labels: { app: 'foo' }, annotations: annotations }, - spec: { endpointSelector: endpoint_selector, ingress: ingress } - ) - end - - subject { Gitlab::Kubernetes::CiliumNetworkPolicy.from_resource(resource)&.generate } - - it { is_expected.to eq(generated_resource) } - - context 'with nil resource' do - let(:resource) { nil } - - it { is_expected.to be_nil } - end - - context 'with resource without metadata' do - let(:resource) do - ::Kubeclient::Resource.new( - spec: { endpointSelector: endpoint_selector, ingress: ingress, egress: nil, labels: nil } - ) - end - - it { is_expected.to be_nil } - end - - context 'with resource without spec' do - let(:resource) do - ::Kubeclient::Resource.new( - metadata: { name: name, namespace: namespace, uid: '128cf288-7de4-11ea-aceb-42010a800089', resourceVersion: resource_version } - ) - end - - it { is_expected.to be_nil } - end - - context 'with environment_ids' do - subject { Gitlab::Kubernetes::CiliumNetworkPolicy.from_resource(resource, [1, 2, 3]) } - - it 'includes environment_ids in as_json result' do - expect(subject.as_json).to include(environment_ids: [1, 2, 3]) - end - end - end - - describe '#resource' do - subject { policy.resource } - - let(:resource) do - { - apiVersion: Gitlab::Kubernetes::CiliumNetworkPolicy::API_VERSION, - kind: Gitlab::Kubernetes::CiliumNetworkPolicy::KIND, - metadata: { name: name, namespace: namespace, resourceVersion: resource_version, annotations: annotations }, - spec: { endpointSelector: endpoint_selector, ingress: ingress, egress: egress }, - description: description - } - end - - it { is_expected.to eq(resource) } - - context 'with labels' do - let(:labels) { { app: 'foo' } } - - before do - resource[:metadata][:labels] = { app: 'foo' } - end - - it { is_expected.to eq(resource) } - end - - context 'without resource_version' do - let(:resource_version) { nil } - - before do - resource[:metadata].delete(:resourceVersion) - end - - it { is_expected.to eq(resource) } - end - - context 'with nil egress' do - let(:egress) { nil } - - before do - resource[:spec].delete(:egress) - end - - it { is_expected.to eq(resource) } - end - - context 'without annotations' do - let(:annotations) { nil } - - before do - resource[:metadata].delete(:annotations) - end - - it { is_expected.to eq(resource) } - end - end -end diff --git a/spec/lib/gitlab/kubernetes/kube_client_spec.rb b/spec/lib/gitlab/kubernetes/kube_client_spec.rb index 521f13dc9cc..dfd5092b54d 100644 --- a/spec/lib/gitlab/kubernetes/kube_client_spec.rb +++ b/spec/lib/gitlab/kubernetes/kube_client_spec.rb @@ -227,20 +227,6 @@ RSpec.describe Gitlab::Kubernetes::KubeClient do end end - describe '#cilium_networking_client' do - subject { client.cilium_networking_client } - - it_behaves_like 'a Kubeclient' - - it 'has the cilium API group endpoint' do - expect(subject.api_endpoint.to_s).to match(%r{\/apis\/cilium.io\Z}) - end - - it 'has the api_version' do - expect(subject.instance_variable_get(:@api_version)).to eq('v2') - end - end - describe '#metrics_client' do subject { client.metrics_client } @@ -428,56 +414,6 @@ RSpec.describe Gitlab::Kubernetes::KubeClient do end end - describe 'networking API group' do - let(:networking_client) { client.networking_client } - - [ - :create_network_policy, - :get_network_policies, - :get_network_policy, - :update_network_policy, - :delete_network_policy - ].each do |method| - describe "##{method}" do - include_examples 'redirection not allowed', method - include_examples 'dns rebinding not allowed', method - - it 'delegates to the networking client' do - expect(client).to delegate_method(method).to(:networking_client) - end - - it 'responds to the method' do - expect(client).to respond_to method - end - end - end - end - - describe 'cilium API group' do - let(:cilium_networking_client) { client.cilium_networking_client } - - [ - :create_cilium_network_policy, - :get_cilium_network_policies, - :get_cilium_network_policy, - :update_cilium_network_policy, - :delete_cilium_network_policy - ].each do |method| - describe "##{method}" do - include_examples 'redirection not allowed', method - include_examples 'dns rebinding not allowed', method - - it 'delegates to the cilium client' do - expect(client).to delegate_method(method).to(:cilium_networking_client) - end - - it 'responds to the method' do - expect(client).to respond_to method - end - end - end - end - describe 'non-entity methods' do it 'does not proxy for non-entity methods' do expect(client).not_to respond_to :proxy_url diff --git a/spec/lib/gitlab/kubernetes/network_policy_spec.rb b/spec/lib/gitlab/kubernetes/network_policy_spec.rb deleted file mode 100644 index 2cba37a1302..00000000000 --- a/spec/lib/gitlab/kubernetes/network_policy_spec.rb +++ /dev/null @@ -1,235 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Gitlab::Kubernetes::NetworkPolicy do - let(:policy) do - described_class.new( - name: name, - namespace: namespace, - selector: selector, - ingress: ingress, - labels: labels - ) - end - - let(:resource) do - ::Kubeclient::Resource.new( - kind: Gitlab::Kubernetes::NetworkPolicy::KIND, - metadata: { name: name, namespace: namespace }, - spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } - ) - end - - let(:selector) { pod_selector } - let(:labels) { nil } - let(:name) { 'example-name' } - let(:namespace) { 'example-namespace' } - let(:pod_selector) { { matchLabels: { role: 'db' } } } - - let(:ingress) do - [ - { - from: [ - { namespaceSelector: { matchLabels: { project: 'myproject' } } } - ] - } - ] - end - - let(:egress) do - [ - { - ports: [{ port: 5978 }] - } - ] - end - - include_examples 'network policy common specs' - - describe '.from_yaml' do - let(:manifest) do - <<~POLICY - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: example-name - namespace: example-namespace - spec: - podSelector: - matchLabels: - role: db - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: - matchLabels: - project: myproject - POLICY - end - - subject { Gitlab::Kubernetes::NetworkPolicy.from_yaml(manifest)&.generate } - - it { is_expected.to eq(resource) } - - context 'with nil manifest' do - let(:manifest) { nil } - - it { is_expected.to be_nil } - end - - context 'with invalid manifest' do - let(:manifest) { "\tfoo: bar" } - - it { is_expected.to be_nil } - end - - context 'with manifest without metadata' do - let(:manifest) do - <<~POLICY - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - spec: - podSelector: - matchLabels: - role: db - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: - matchLabels: - project: myproject - POLICY - end - - it { is_expected.to be_nil } - end - - context 'with manifest without spec' do - let(:manifest) do - <<~POLICY - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: example-name - namespace: example-namespace - POLICY - end - - it { is_expected.to be_nil } - end - - context 'with disallowed class' do - let(:manifest) do - <<~POLICY - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: example-name - namespace: example-namespace - creationTimestamp: 2020-04-14T00:08:30Z - spec: - podSelector: - matchLabels: - role: db - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: - matchLabels: - project: myproject - POLICY - end - - it { is_expected.to be_nil } - end - end - - describe '.from_resource' do - let(:resource) do - ::Kubeclient::Resource.new( - metadata: { - name: name, namespace: namespace, creationTimestamp: '2020-04-14T00:08:30Z', - labels: { app: 'foo' }, resourceVersion: '4990' - }, - spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } - ) - end - - let(:generated_resource) do - ::Kubeclient::Resource.new( - kind: Gitlab::Kubernetes::NetworkPolicy::KIND, - metadata: { name: name, namespace: namespace, labels: { app: 'foo' } }, - spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } - ) - end - - subject { Gitlab::Kubernetes::NetworkPolicy.from_resource(resource)&.generate } - - it { is_expected.to eq(generated_resource) } - - context 'with nil resource' do - let(:resource) { nil } - - it { is_expected.to be_nil } - end - - context 'with resource without metadata' do - let(:resource) do - ::Kubeclient::Resource.new( - spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } - ) - end - - it { is_expected.to be_nil } - end - - context 'with resource without spec' do - let(:resource) do - ::Kubeclient::Resource.new( - metadata: { name: name, namespace: namespace, uid: '128cf288-7de4-11ea-aceb-42010a800089', resourceVersion: '4990' } - ) - end - - it { is_expected.to be_nil } - end - - context 'with environment_ids' do - subject { Gitlab::Kubernetes::NetworkPolicy.from_resource(resource, [1, 2, 3]) } - - it 'includes environment_ids in as_json result' do - expect(subject.as_json).to include(environment_ids: [1, 2, 3]) - end - end - end - - describe '#resource' do - subject { policy.resource } - - let(:resource) do - { - kind: Gitlab::Kubernetes::NetworkPolicy::KIND, - metadata: { name: name, namespace: namespace }, - spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } - } - end - - it { is_expected.to eq(resource) } - - context 'with labels' do - let(:labels) { { app: 'foo' } } - let(:resource) do - { - kind: Gitlab::Kubernetes::NetworkPolicy::KIND, - metadata: { name: name, namespace: namespace, labels: { app: 'foo' } }, - spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } - } - end - - it { is_expected.to eq(resource) } - end - end -end |