-
Notifications
You must be signed in to change notification settings - Fork 16
/
simple-v6-ingress-list.bats
executable file
·71 lines (58 loc) · 2.87 KB
/
simple-v6-ingress-list.bats
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/env bats
# Note:
# These test cases, simple, will create simple (one policy for ingress) and test the
# traffic policying by ncat (nc) command. In addition, these cases also verifies that
# simple ip6tables generation check by ip6tables-save and pod-iptable in multi-networkpolicy pod.
setup() {
cd $BATS_TEST_DIRNAME
load "common"
server_net1=$(get_net1_ip6 "test-simple-v6-ingress-list" "pod-server")
client_a_net1=$(get_net1_ip6 "test-simple-v6-ingress-list" "pod-client-a")
client_b_net1=$(get_net1_ip6 "test-simple-v6-ingress-list" "pod-client-b")
client_c_net1=$(get_net1_ip6 "test-simple-v6-ingress-list" "pod-client-c")
}
@test "setup simple test environments" {
# create test manifests
kubectl create -f simple-v6-ingress-list.yml
# verify all pods are available
run kubectl -n test-simple-v6-ingress-list wait --for=condition=ready -l app=test-simple-v6-ingress-list pod --timeout=${kubewait_timeout}
[ "$status" -eq "0" ]
# wait for sync
sleep 5
}
@test "test-simple-v6-ingress-list check client-a -> server" {
# nc should succeed from client-a to server by policy
run kubectl -n test-simple-v6-ingress-list exec pod-client-a -- sh -c "echo x | nc -w 1 ${server_net1} 5555"
[ "$status" -eq "0" ]
}
@test "test-simple-v6-ingress-list check client-b -> server" {
# nc should NOT succeed from client-b to server by policy
run kubectl -n test-simple-v6-ingress-list exec pod-client-b -- sh -c "echo x | nc -w 1 ${server_net1} 5555"
[ "$status" -eq "1" ]
}
@test "test-simple-v6-ingress-list check client-c -> server" {
# nc should succeed from client-c to server by policy
run kubectl -n test-simple-v6-ingress-list exec pod-client-c -- sh -c "echo x | nc -w 1 ${server_net1} 5555"
[ "$status" -eq "0" ]
}
@test "test-simple-v6-ingress-list check server -> client-a" {
# nc should succeed from server to client-a by no policy definition for direction (egress for pod-server)
run kubectl -n test-simple-v6-ingress-list exec pod-server -- sh -c "echo x | nc -w 1 ${client_a_net1} 5555"
[ "$status" -eq "0" ]
}
@test "test-simple-v6-ingress-list check server -> client-b" {
# nc should succeed from server to client-b by no policy definition for direction (egress for pod-server)
run kubectl -n test-simple-v6-ingress-list exec pod-server -- sh -c "echo x | nc -w 1 ${client_b_net1} 5555"
[ "$status" -eq "0" ]
}
@test "test-simple-v6-ingress-list check server -> client-c" {
# nc should succeed from server to client-c by no policy definition for direction (egress for pod-server)
run kubectl -n test-simple-v6-ingress-list exec pod-server -- sh -c "echo x | nc -w 1 ${client_c_net1} 5555"
[ "$status" -eq "0" ]
}
@test "cleanup environments" {
# remove test manifests
kubectl delete -f simple-v6-ingress-list.yml
run kubectl -n test-simple-v6-ingress-list wait --for=delete -l app=test-simple-v6-ingress-list pod --timeout=${kubewait_timeout}
[ "$status" -eq "0" ]
}