formalize e2e test case path of testInvalidACNPPodSelector;

antrea-io · Apr 27, 2021 · e5cf4fa · e5cf4fa
1 parent f54298e
commit e5cf4fa
Showing 1 changed file with 31 additions and 76 deletions.
diff --git a/test/e2e/antreapolicy_test.go b/test/e2e/antreapolicy_test.go
@@ -664,6 +664,36 @@ func testInvalidTierANPRefDelete(t *testing.T) {
 	failOnError(k8sUtils.DeleteTier(tr.Name), t)
 }
 
+// testInvalidACNPPodSelectorNsSelectorMatchExpressions testes creating a ClusterNetworkPolicy with invalid LabelSelector(MatchExpressions)
+func testInvalidACNPPodSelectorNsSelectorMatchExpressions(t *testing.T) {
+	invalidLSErr := fmt.Errorf("create Antrea NetworkPolicy with namespaceSelector but matchExpressions invalid")
+
+	allowAction := crdv1alpha1.RuleActionAllow
+	selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"env": "dummy"}}
+	nsSelectA := metav1.LabelSelector{MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "env", Operator: "xxx", Values: []string{"xxxx"}}}}
+
+	var acnp = &crdv1alpha1.ClusterNetworkPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: testNamespace, Name: "cnptest", Labels: map[string]string{"antrea-e2e": "cnp1"}},
+		Spec: crdv1alpha1.ClusterNetworkPolicySpec{
+			AppliedTo: []crdv1alpha1.NetworkPolicyPeer{
+				{PodSelector: &selectorA},
+				{NamespaceSelector: &nsSelectA},
+			},
+			Priority: 10,
+			Ingress: []crdv1alpha1.Rule{
+				{
+					Action: &allowAction,
+				},
+			},
+		},
+	}
+
+	if _, err := k8sUtils.CreateOrUpdateACNP(acnp); err == nil {
+		failOnError(invalidLSErr, t)
+	}
+}
+
 // testACNPAllowXBtoA tests traffic from X/B to pods with label A, after applying the default deny
 // k8s NetworkPolicies in all namespaces and ACNP to allow X/B to A.
 func testACNPAllowXBtoA(t *testing.T) {
@@ -2560,6 +2590,7 @@ func TestAntreaPolicy(t *testing.T) {
 		t.Run("Case=ANPTierDoesNotExistDenied", func(t *testing.T) { testInvalidANPTierDoesNotExist(t) })
 		t.Run("Case=ANPPortRangePortUnsetDenied", func(t *testing.T) { testInvalidANPPortRangePortUnset(t) })
 		t.Run("Case=ANPPortRangePortEndPortSmallDenied", func(t *testing.T) { testInvalidANPPortRangeEndPortSmall(t) })
+		t.Run("Case=ACNPInvalidPodSelectorNsSelectorMatchExpressions", func(t *testing.T) { testInvalidACNPPodSelectorNsSelectorMatchExpressions(t) })
 	})
 
 	t.Run("TestGroupValidateTiers", func(t *testing.T) {
@@ -2995,79 +3026,3 @@ func TestAntreaClusterNetworkPolicyStats(t *testing.T) {
 	}
 	k8sUtils.Cleanup(namespaces)
 }
-
-func testInvalidACNPPodSelectorNsSelectorMatchExpressions(t *testing.T) {
-	invalidLSErr := fmt.Errorf("invalid Antrea NetworkPolicy with namespaceSelector but matchExpressions invalid")
-
-	allowAction := crdv1alpha1.RuleActionAllow
-	selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"env": "dummy"}}
-	nsSelectA := metav1.LabelSelector{MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "env", Operator: "xxx", Values: []string{"xxxx"}}}}
-
-	var acnp = &crdv1alpha1.ClusterNetworkPolicy{
-		ObjectMeta: metav1.ObjectMeta{
-			Namespace: testNamespace, Name: "cnptest", Labels: map[string]string{"antrea-e2e": "cnp1"}},
-		Spec: crdv1alpha1.ClusterNetworkPolicySpec{
-			AppliedTo: []crdv1alpha1.NetworkPolicyPeer{
-				{PodSelector: &selectorA},
-				{NamespaceSelector: &nsSelectA},
-			},
-			Priority: 10,
-			Ingress: []crdv1alpha1.Rule{
-				{
-					Action: &allowAction,
-				},
-			},
-		},
-	}
-
-	if _, err := k8sUtils.CreateOrUpdateACNP(acnp); err == nil {
-		failOnError(invalidLSErr, t)
-	}
-}
-
-func testInvalidCGPPodSelectorNsSelectorMatchExpressions(t *testing.T) {
-	invalidLSErr := fmt.Errorf("invalid clustergroup with namespaceSelector but matchExpressions invalid")
-
-	nsSelectA := metav1.LabelSelector{MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "env", Operator: "xxx", Values: []string{"xxxx"}}}}
-
-	cgName := "cg-test"
-	cg := &crdv1alpha2.ClusterGroup{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: cgName,
-		},
-		Spec: crdv1alpha2.GroupSpec{
-			NamespaceSelector: &nsSelectA,
-		},
-	}
-	if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil {
-		// Above creation of CG must fail as it is an invalid spec.
-		failOnError(invalidLSErr, t)
-	}
-}
-
-func TestInvalidLabelSelectorInResource(t *testing.T) {
-	data, err := setupTest(t)
-	if err != nil {
-		t.Fatalf("Error when setting up test: %v", err)
-	}
-	defer teardownTest(t, data)
-	initK8s := func() {
-		skipIfAntreaPolicyDisabled(t, data)
-		var err error
-		// k8sUtils is a global var
-		k8sUtils, err = NewKubernetesUtils(data)
-		failOnError(err, t)
-	}
-	if k8sUtils == nil {
-		initK8s()
-	}
-
-	t.Run("TestGroupInvalidLabelSelectorInResource", func(t *testing.T) {
-		t.Run("Case=InvalidACNPPodSelectorNsSelectorMatchExpressions", func(t *testing.T) {
-			testInvalidACNPPodSelectorNsSelectorMatchExpressions(t)
-		})
-		t.Run("CASE=InvalidCGPPodSelectorNsSelectorMatchExpressions", func(t *testing.T) {
-			testInvalidCGPPodSelectorNsSelectorMatchExpressions(t)
-		})
-	})
-}