def setUp(self): self.pod_name = "podname" self.namespace = "namespace" self.profile_name = "namespace_podname" self.auth_token = "authtoken12345" self.api_root = "https://10.100.0.1:443/api/v1/" self.network_config = {"policy": {}} self.driver = KubernetesAnnotationDriver(self.pod_name, self.namespace, self.auth_token, self.api_root, None, None, None, None) assert_equal(self.driver.profile_name, self.profile_name) # Mock the DatastoreClient self.client = MagicMock(spec=DatastoreClient) self.driver._client = self.client
def setUp(self): self.pod_name = "podname" self.namespace = "namespace" self.profile_name = "namespace_podname" self.auth_token = "authtoken12345" self.api_root = "https://10.100.0.1:443/api/v1/" self.network_config = { "policy": {} } self.driver = KubernetesAnnotationDriver(self.pod_name, self.namespace, self.auth_token, self.api_root, None, None, None, None) assert_equal(self.driver.profile_name, self.profile_name) # Mock the DatastoreClient self.client = MagicMock(spec=DatastoreClient) self.driver._client = self.client
class KubernetesAnnotationDriverTest(unittest.TestCase): """ Test class for KubernetesAnnotationDriver class. """ def setUp(self): self.pod_name = "podname" self.namespace = "namespace" self.profile_name = "namespace_podname" self.auth_token = "authtoken12345" self.api_root = "https://10.100.0.1:443/api/v1/" self.network_config = {"policy": {}} self.driver = KubernetesAnnotationDriver(self.pod_name, self.namespace, self.auth_token, self.api_root, None, None, None, None) assert_equal(self.driver.profile_name, self.profile_name) # Mock the DatastoreClient self.client = MagicMock(spec=DatastoreClient) self.driver._client = self.client @patch("calico_cni.policy_drivers.KubernetesAnnotationDriver._get_api_pod", autospec=True) def test_generate_rules_mainline(self, m_get_pod): # Generate rules rules = self.driver.generate_rules() # Assert correct. Should return rules which isolate the pod by namespace. expected = Rules(id=self.profile_name, inbound_rules=[ Rule(action="allow", src_tag="namespace_namespace") ], outbound_rules=[Rule(action="allow")]) assert_equal(rules, expected) @patch("calico_cni.policy_drivers.KubernetesAnnotationDriver._get_api_pod", autospec=True) def test_generate_rules_kube_system(self, m_get_pod): # Use kube-system namespace. self.driver.namespace = "kube-system" # Generate rules rules = self.driver.generate_rules() # Assert correct. Should allow all. expected = Rules(id=self.profile_name, inbound_rules=[Rule(action="allow")], outbound_rules=[Rule(action="allow")]) assert_equal(rules, expected) def test_remove_profile(self): self.driver.remove_profile() self.driver._client.remove_profile.assert_called_once_with( self.driver.profile_name) def test_remove_missing_profile(self): self.driver._client.remove_profile.side_effect = KeyError # Nothing should be raised. self.driver.remove_profile() @patch("calico_cni.policy_drivers.KubernetesAnnotationDriver._get_api_pod", autospec=True) def test_generate_rules_annotations(self, m_get_pod): # Mock get_metadata to return annotations. annotations = {"projectcalico.org/policy": "allow tcp"} self.driver._get_metadata = MagicMock(spec=self.driver._get_metadata) self.driver._get_metadata.return_value = annotations # Generate rules rules = self.driver.generate_rules() # Assert correct. Should allow all. expected = Rules(id=self.profile_name, inbound_rules=[Rule(action="allow", protocol="tcp")], outbound_rules=[Rule(action="allow")]) assert_equal(rules, expected) @patch("calico_cni.policy_drivers.KubernetesAnnotationDriver._get_api_pod", autospec=True) def test_generate_rules_parse_error(self, m_get_pod): # Mock get_metadata to return annotations. annotations = {"projectcalico.org/policy": "allow tcp"} self.driver._get_metadata = MagicMock(spec=self.driver._get_metadata) self.driver._get_metadata.return_value = annotations # Mock to raise error self.driver.policy_parser = MagicMock(spec=self.driver.policy_parser) self.driver.policy_parser.parse_line.side_effect = ValueError # Generate rules assert_raises(ApplyProfileError, self.driver.generate_rules) def test_generate_tags(self): # Mock get_metadata to return labels. labels = {"key": "value"} self.driver._get_metadata = MagicMock(spec=self.driver._get_metadata) self.driver._get_metadata.return_value = labels # Call tags = self.driver.generate_tags() # Assert assert_equal(tags, set(["namespace_namespace", "namespace_key_value"])) @patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_api_pod(self, m_json_load, m_session): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod1 = '{"metadata": {"namespace": "a", "name": "pod-1"}}' api_root = "http://*****:*****@patch("calico_cni.policy_drivers.HTTPClient", autospec=True) @patch("calico_cni.policy_drivers.Query", autospec=True) @patch("calico_cni.policy_drivers.KubeConfig", autospec=True) def test_get_api_pod_kubeconfig(self, m_kcfg, m_query, m_http): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod = Mock() pod.obj = '{"metadata": {"namespace": "a", "name": "pod-1"}}' m_query(1, 2, 3).get_by_name.return_value = pod api_root = "http://*****:*****@patch("calico_cni.policy_drivers.HTTPClient", autospec=True) @patch("calico_cni.policy_drivers.Query", autospec=True) @patch("calico_cni.policy_drivers.KubeConfig", autospec=True) def test_get_api_pod_kubeconfig_error(self, m_kcfg, m_query, m_http): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod = Mock() pod.obj = '{"metadata": {"namespace": "a", "name": "pod-1"}}' m_query(1, 2, 3).get_by_name.side_effect = KeyError api_root = "http://*****:*****@patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_api_pod_with_client_certs(self, m_json_load, m_session): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod1 = '{"metadata": {"namespace": "a", "name": "pod-1"}}' api_root = "http://*****:*****@patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_pod_config_error(self, m_json_load, m_session): """Test _get_api_path with API Access Error """ # Set up mock objects self.driver.auth_token = 'TOKEN' m_session_obj = Mock() m_session_obj.headers = Mock() m_session_obj.get.side_effect = BaseException m_session.return_value = m_session_obj m_session_obj.__enter__ = Mock(return_value=m_session_obj) m_session_obj.__exit__ = Mock(return_value=False) # Call method under test assert_raises(ApplyProfileError, self.driver._get_api_pod) @patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_pod_config_response_code(self, m_json_load, m_session): """Test _get_api_path with incorrect status_code """ # Set up class member self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod1 = '{"metadata": {"namespace": "a", "name": "pod-1"}}' # Set up mock objects self.driver.auth_token = 'TOKEN' get_obj = Mock() get_obj.status_code = 404 m_session_obj = Mock() m_session_obj.headers = Mock() m_session_obj.get.return_value = get_obj m_session.return_value = m_session_obj m_session_obj.__enter__ = Mock(return_value=m_session_obj) m_session_obj.__exit__ = Mock(return_value=False) # Call method under test assert_raises(ApplyProfileError, self.driver._get_api_pod) @patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_api_pod_parse_error(self, m_json_load, m_session): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod1 = '{"metadata": {"namespace": "a", "name": "pod-1"}}' api_root = "http://kubernetesapi:8080/api/v1/" self.driver.api_root = api_root # Set up mock objects self.driver.auth_token = 'TOKEN' m_json_load.side_effect = TypeError get_obj = Mock() get_obj.status_code = 200 get_obj.text = pod1 m_session_obj = Mock() m_session_obj.headers = Mock() m_session_obj.get.return_value = get_obj m_session.return_value = m_session_obj m_session_obj.__enter__ = Mock(return_value=m_session_obj) m_session_obj.__exit__ = Mock(return_value=False) # Call method under test assert_raises(ApplyProfileError, self.driver._get_api_pod) def test_get_metadata_missing(self): # Mock out self.pod in the driver. self.driver.pod = {} # Attempt to get metadata annotations = self.driver._get_metadata("annotations") # Should be None assert_equal(annotations, None)
class KubernetesAnnotationDriverTest(unittest.TestCase): """ Test class for KubernetesAnnotationDriver class. """ def setUp(self): self.pod_name = "podname" self.namespace = "namespace" self.profile_name = "namespace_podname" self.auth_token = "authtoken12345" self.api_root = "https://10.100.0.1:443/api/v1/" self.network_config = { "policy": {} } self.driver = KubernetesAnnotationDriver(self.pod_name, self.namespace, self.auth_token, self.api_root, None, None, None, None) assert_equal(self.driver.profile_name, self.profile_name) # Mock the DatastoreClient self.client = MagicMock(spec=DatastoreClient) self.driver._client = self.client @patch("calico_cni.policy_drivers.KubernetesAnnotationDriver._get_api_pod", autospec=True) def test_generate_rules_mainline(self, m_get_pod): # Generate rules rules = self.driver.generate_rules() # Assert correct. Should return rules which isolate the pod by namespace. expected = Rules(id=self.profile_name, inbound_rules=[Rule(action="allow", src_tag="namespace_namespace")], outbound_rules=[Rule(action="allow")]) assert_equal(rules, expected) @patch("calico_cni.policy_drivers.KubernetesAnnotationDriver._get_api_pod", autospec=True) def test_generate_rules_kube_system(self, m_get_pod): # Use kube-system namespace. self.driver.namespace = "kube-system" # Generate rules rules = self.driver.generate_rules() # Assert correct. Should allow all. expected = Rules(id=self.profile_name, inbound_rules=[Rule(action="allow")], outbound_rules=[Rule(action="allow")]) assert_equal(rules, expected) def test_remove_profile(self): self.driver.remove_profile() self.driver._client.remove_profile.assert_called_once_with(self.driver.profile_name) def test_remove_missing_profile(self): self.driver._client.remove_profile.side_effect = KeyError # Nothing should be raised. self.driver.remove_profile() @patch("calico_cni.policy_drivers.KubernetesAnnotationDriver._get_api_pod", autospec=True) def test_generate_rules_annotations(self, m_get_pod): # Mock get_metadata to return annotations. annotations = {"projectcalico.org/policy": "allow tcp"} self.driver._get_metadata = MagicMock(spec=self.driver._get_metadata) self.driver._get_metadata.return_value = annotations # Generate rules rules = self.driver.generate_rules() # Assert correct. Should allow all. expected = Rules(id=self.profile_name, inbound_rules=[Rule(action="allow", protocol="tcp")], outbound_rules=[Rule(action="allow")]) assert_equal(rules, expected) @patch("calico_cni.policy_drivers.KubernetesAnnotationDriver._get_api_pod", autospec=True) def test_generate_rules_parse_error(self, m_get_pod): # Mock get_metadata to return annotations. annotations = {"projectcalico.org/policy": "allow tcp"} self.driver._get_metadata = MagicMock(spec=self.driver._get_metadata) self.driver._get_metadata.return_value = annotations # Mock to raise error self.driver.policy_parser = MagicMock(spec=self.driver.policy_parser) self.driver.policy_parser.parse_line.side_effect = ValueError # Generate rules assert_raises(ApplyProfileError, self.driver.generate_rules) def test_generate_tags(self): # Mock get_metadata to return labels. labels = {"key": "value"} self.driver._get_metadata = MagicMock(spec=self.driver._get_metadata) self.driver._get_metadata.return_value = labels # Call tags = self.driver.generate_tags() # Assert assert_equal(tags, set(["namespace_namespace", "namespace_key_value"])) @patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_api_pod(self, m_json_load, m_session): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod1 = '{"metadata": {"namespace": "a", "name": "pod-1"}}' api_root = "http://*****:*****@patch("calico_cni.policy_drivers.HTTPClient", autospec=True) @patch("calico_cni.policy_drivers.Query", autospec=True) @patch("calico_cni.policy_drivers.KubeConfig", autospec=True) def test_get_api_pod_kubeconfig(self, m_kcfg, m_query, m_http): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod = Mock() pod.obj = '{"metadata": {"namespace": "a", "name": "pod-1"}}' m_query(1, 2, 3).get_by_name.return_value = pod api_root = "http://*****:*****@patch("calico_cni.policy_drivers.HTTPClient", autospec=True) @patch("calico_cni.policy_drivers.Query", autospec=True) @patch("calico_cni.policy_drivers.KubeConfig", autospec=True) def test_get_api_pod_kubeconfig_error(self, m_kcfg, m_query, m_http): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod = Mock() pod.obj = '{"metadata": {"namespace": "a", "name": "pod-1"}}' m_query(1, 2, 3).get_by_name.side_effect = KeyError api_root = "http://*****:*****@patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_api_pod_with_client_certs(self, m_json_load, m_session): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod1 = '{"metadata": {"namespace": "a", "name": "pod-1"}}' api_root = "http://*****:*****@patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_pod_config_error(self, m_json_load, m_session): """Test _get_api_path with API Access Error """ # Set up mock objects self.driver.auth_token = 'TOKEN' m_session_obj = Mock() m_session_obj.headers = Mock() m_session_obj.get.side_effect = BaseException m_session.return_value = m_session_obj m_session_obj.__enter__ = Mock(return_value=m_session_obj) m_session_obj.__exit__ = Mock(return_value=False) # Call method under test assert_raises(ApplyProfileError, self.driver._get_api_pod) @patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_pod_config_response_code(self, m_json_load, m_session): """Test _get_api_path with incorrect status_code """ # Set up class member self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod1 = '{"metadata": {"namespace": "a", "name": "pod-1"}}' # Set up mock objects self.driver.auth_token = 'TOKEN' get_obj = Mock() get_obj.status_code = 404 m_session_obj = Mock() m_session_obj.headers = Mock() m_session_obj.get.return_value = get_obj m_session.return_value = m_session_obj m_session_obj.__enter__ = Mock(return_value=m_session_obj) m_session_obj.__exit__ = Mock(return_value=False) # Call method under test assert_raises(ApplyProfileError, self.driver._get_api_pod) @patch('calico_cni.policy_drivers.requests.Session', autospec=True) @patch('json.loads', autospec=True) def test_get_api_pod_parse_error(self, m_json_load, m_session): # Set up driver. self.driver.pod_name = 'pod-1' self.driver.namespace = 'a' pod1 = '{"metadata": {"namespace": "a", "name": "pod-1"}}' api_root = "http://kubernetesapi:8080/api/v1/" self.driver.api_root = api_root # Set up mock objects self.driver.auth_token = 'TOKEN' m_json_load.side_effect = TypeError get_obj = Mock() get_obj.status_code = 200 get_obj.text = pod1 m_session_obj = Mock() m_session_obj.headers = Mock() m_session_obj.get.return_value = get_obj m_session.return_value = m_session_obj m_session_obj.__enter__ = Mock(return_value=m_session_obj) m_session_obj.__exit__ = Mock(return_value=False) # Call method under test assert_raises(ApplyProfileError, self.driver._get_api_pod) def test_get_metadata_missing(self): # Mock out self.pod in the driver. self.driver.pod = {} # Attempt to get metadata annotations = self.driver._get_metadata("annotations") # Should be None assert_equal(annotations, None)