1package api 2 3import ( 4 "testing" 5 6 "github.com/stretchr/testify/require" 7) 8 9func TestAPI_ConnectIntentionCreateListGetUpdateDelete(t *testing.T) { 10 t.Parallel() 11 12 c, s := makeClient(t) 13 defer s.Stop() 14 15 s.WaitForServiceIntentions(t) 16 17 connect := c.Connect() 18 19 // Create 20 ixn := testIntention() 21 id, _, err := connect.IntentionCreate(ixn, nil) 22 require.Nil(t, err) 23 require.NotEmpty(t, id) 24 25 // List it 26 list, _, err := connect.Intentions(nil) 27 require.Nil(t, err) 28 require.Len(t, list, 1) 29 30 actual := list[0] 31 ixn.ID = id 32 ixn.CreatedAt = actual.CreatedAt 33 ixn.UpdatedAt = actual.UpdatedAt 34 ixn.CreateIndex = actual.CreateIndex 35 ixn.ModifyIndex = actual.ModifyIndex 36 ixn.Hash = actual.Hash 37 require.Equal(t, ixn, actual) 38 39 // Get it 40 actual, _, err = connect.IntentionGet(id, nil) 41 require.Nil(t, err) 42 require.Equal(t, ixn, actual) 43 44 // Update it 45 ixn.SourceName = ixn.SourceName + "-different" 46 _, err = connect.IntentionUpdate(ixn, nil) 47 require.NoError(t, err) 48 49 // Get it 50 actual, _, err = connect.IntentionGet(id, nil) 51 require.NoError(t, err) 52 ixn.UpdatedAt = actual.UpdatedAt 53 ixn.ModifyIndex = actual.ModifyIndex 54 ixn.Hash = actual.Hash 55 require.Equal(t, ixn, actual) 56 57 // Delete it 58 _, err = connect.IntentionDelete(id, nil) 59 require.Nil(t, err) 60 61 // Get it (should be gone) 62 actual, _, err = connect.IntentionGet(id, nil) 63 require.Nil(t, err) 64 require.Nil(t, actual) 65} 66 67func TestAPI_ConnectIntentionGet_invalidId(t *testing.T) { 68 t.Parallel() 69 70 c, s := makeClient(t) 71 defer s.Stop() 72 73 s.WaitForServiceIntentions(t) 74 75 connect := c.Connect() 76 77 // Get it 78 actual, _, err := connect.IntentionGet("hello", nil) 79 require.Nil(t, actual) 80 require.Error(t, err) 81 require.Contains(t, err.Error(), "UUID") // verify it contains the message 82} 83 84func TestAPI_ConnectIntentionMatch(t *testing.T) { 85 t.Parallel() 86 87 c, s := makeClient(t) 88 defer s.Stop() 89 90 s.WaitForServiceIntentions(t) 91 92 connect := c.Connect() 93 94 // Create 95 { 96 insert := [][]string{ 97 {"default", "*"}, 98 {"default", "bar"}, 99 {"default", "baz"}, // shouldn't match 100 } 101 102 for _, v := range insert { 103 ixn := testIntention() 104 ixn.DestinationNS = v[0] 105 ixn.DestinationName = v[1] 106 id, _, err := connect.IntentionCreate(ixn, nil) 107 require.Nil(t, err) 108 require.NotEmpty(t, id) 109 } 110 } 111 112 // Match it 113 result, _, err := connect.IntentionMatch(&IntentionMatch{ 114 By: IntentionMatchDestination, 115 Names: []string{"bar"}, 116 }, nil) 117 require.Nil(t, err) 118 require.Len(t, result, 1) 119 120 var actual [][]string 121 expected := [][]string{ 122 {"default", "bar"}, 123 {"default", "*"}, 124 } 125 for _, ixn := range result["bar"] { 126 actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName}) 127 } 128 129 require.Equal(t, expected, actual) 130} 131 132func TestAPI_ConnectIntentionCheck(t *testing.T) { 133 t.Parallel() 134 135 c, s := makeClient(t) 136 defer s.Stop() 137 138 s.WaitForServiceIntentions(t) 139 140 connect := c.Connect() 141 142 // Create 143 { 144 insert := [][]string{ 145 {"default", "*", "default", "bar", "deny"}, 146 {"default", "foo", "default", "bar", "allow"}, 147 } 148 149 for _, v := range insert { 150 ixn := testIntention() 151 ixn.SourceNS = v[0] 152 ixn.SourceName = v[1] 153 ixn.DestinationNS = v[2] 154 ixn.DestinationName = v[3] 155 ixn.Action = IntentionAction(v[4]) 156 id, _, err := connect.IntentionCreate(ixn, nil) 157 require.Nil(t, err) 158 require.NotEmpty(t, id) 159 } 160 } 161 162 // Match the deny rule 163 { 164 result, _, err := connect.IntentionCheck(&IntentionCheck{ 165 Source: "default/qux", 166 Destination: "default/bar", 167 }, nil) 168 require.NoError(t, err) 169 require.False(t, result) 170 } 171 172 // Match the allow rule 173 { 174 result, _, err := connect.IntentionCheck(&IntentionCheck{ 175 Source: "default/foo", 176 Destination: "default/bar", 177 }, nil) 178 require.NoError(t, err) 179 require.True(t, result) 180 } 181} 182 183func testIntention() *Intention { 184 return &Intention{ 185 SourceNS: "default", 186 SourceName: "api", 187 DestinationNS: "default", 188 DestinationName: "db", 189 Precedence: 9, 190 Action: IntentionActionAllow, 191 SourceType: IntentionSourceConsul, 192 } 193} 194