@@ -3,16 +3,18 @@ package targetgroupbinding
33import (
44 "context"
55 "errors"
6+ "testing"
7+
68 awssdk "github.com/aws/aws-sdk-go/aws"
79 ec2sdk "github.com/aws/aws-sdk-go/service/ec2"
10+ "github.com/golang/mock/gomock"
811 "github.com/stretchr/testify/assert"
912 corev1 "k8s.io/api/core/v1"
1013 "k8s.io/apimachinery/pkg/types"
1114 "k8s.io/apimachinery/pkg/util/intstr"
1215 elbv2api "sigs.k8s.io/aws-load-balancer-controller/apis/elbv2/v1beta1"
1316 "sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
1417 "sigs.k8s.io/aws-load-balancer-controller/pkg/networking"
15- "testing"
1618)
1719
1820func Test_defaultNetworkingManager_computeIngressPermissionsForTGBNetworking (t * testing.T ) {
@@ -1412,3 +1414,288 @@ func Test_defaultNetworkingManager_computeRestrictedIngressPermissionsPerSG(t *t
14121414 })
14131415 }
14141416}
1417+
1418+ func Test_defaultNetworkingManager_resolveEndpointSGForENI (t * testing.T ) {
1419+ type fetchSGInfosByIDCall struct {
1420+ req []string
1421+ resp map [string ]networking.SecurityGroupInfo
1422+ err error
1423+ }
1424+
1425+ type fields struct {
1426+ fetchSGInfosByRequestCalls []fetchSGInfosByIDCall
1427+ endpointSGTags map [string ]string
1428+ }
1429+ type args struct {
1430+ ctx context.Context
1431+ eniInfo networking.ENIInfo
1432+ }
1433+ tests := []struct {
1434+ name string
1435+ fields fields
1436+ args args
1437+ want string
1438+ wantErr bool
1439+ }{
1440+ {
1441+ name : "Only one security group in eniInfo returns early" ,
1442+ fields : fields {
1443+ endpointSGTags : map [string ]string {},
1444+ },
1445+ args : args {
1446+ ctx : context .Background (),
1447+ eniInfo : networking.ENIInfo {
1448+ NetworkInterfaceID : "eni-a" ,
1449+ SecurityGroups : []string {"sg-a" },
1450+ },
1451+ },
1452+ want : "sg-a" ,
1453+ wantErr : false ,
1454+ },
1455+ {
1456+ name : "No security group in eniInfo returns error" ,
1457+ fields : fields {
1458+ endpointSGTags : map [string ]string {},
1459+ fetchSGInfosByRequestCalls : []fetchSGInfosByIDCall {
1460+ {
1461+ req : []string {},
1462+ resp : map [string ]networking.SecurityGroupInfo {},
1463+ },
1464+ },
1465+ },
1466+ args : args {
1467+ ctx : context .Background (),
1468+ eniInfo : networking.ENIInfo {
1469+ NetworkInterfaceID : "eni-a" ,
1470+ SecurityGroups : []string {},
1471+ },
1472+ },
1473+ want : "" ,
1474+ wantErr : true ,
1475+ },
1476+ {
1477+ name : "A single security group with cluster name tag and no endpoint tags set" ,
1478+ fields : fields {
1479+ endpointSGTags : map [string ]string {},
1480+ fetchSGInfosByRequestCalls : []fetchSGInfosByIDCall {
1481+ {
1482+ req : []string {"sg-a" , "sg-b" },
1483+ resp : map [string ]networking.SecurityGroupInfo {
1484+ "sg-a" : {
1485+ SecurityGroupID : "sg-a" ,
1486+ Tags : map [string ]string {
1487+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1488+ },
1489+ },
1490+ "sg-b" : {
1491+ SecurityGroupID : "sg-b" ,
1492+ Tags : map [string ]string {
1493+ "keyA" : "valueA" ,
1494+ "keyB" : "valueB2" ,
1495+ "keyC" : "valueC" ,
1496+ "keyD" : "valueD" ,
1497+ },
1498+ },
1499+ },
1500+ },
1501+ },
1502+ },
1503+ args : args {
1504+ ctx : context .Background (),
1505+ eniInfo : networking.ENIInfo {
1506+ NetworkInterfaceID : "eni-a" ,
1507+ SecurityGroups : []string {"sg-a" , "sg-b" },
1508+ },
1509+ },
1510+ want : "sg-a" ,
1511+ wantErr : false ,
1512+ },
1513+ {
1514+ name : "A single security group with cluster name tag and one endpoint tag set" ,
1515+ fields : fields {
1516+ endpointSGTags : map [string ]string {
1517+ "keyA" : "valueA" ,
1518+ },
1519+ fetchSGInfosByRequestCalls : []fetchSGInfosByIDCall {
1520+ {
1521+ req : []string {"sg-a" , "sg-b" },
1522+ resp : map [string ]networking.SecurityGroupInfo {
1523+ "sg-a" : {
1524+ SecurityGroupID : "sg-a" ,
1525+ Tags : map [string ]string {
1526+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1527+ },
1528+ },
1529+ "sg-b" : {
1530+ SecurityGroupID : "sg-b" ,
1531+ Tags : map [string ]string {
1532+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1533+ "keyA" : "valueA" ,
1534+ "keyB" : "valueB2" ,
1535+ "keyC" : "valueC" ,
1536+ "keyD" : "valueD" ,
1537+ },
1538+ },
1539+ },
1540+ },
1541+ },
1542+ },
1543+ args : args {
1544+ ctx : context .Background (),
1545+ eniInfo : networking.ENIInfo {
1546+ NetworkInterfaceID : "eni-a" ,
1547+ SecurityGroups : []string {"sg-a" , "sg-b" },
1548+ },
1549+ },
1550+ want : "sg-b" ,
1551+ wantErr : false ,
1552+ },
1553+ {
1554+ name : "A single security group with cluster name tag and one endpoint tag set with no matches" ,
1555+ fields : fields {
1556+ endpointSGTags : map [string ]string {
1557+ "keyA" : "valueNotA" ,
1558+ },
1559+ fetchSGInfosByRequestCalls : []fetchSGInfosByIDCall {
1560+ {
1561+ req : []string {"sg-a" , "sg-b" },
1562+ resp : map [string ]networking.SecurityGroupInfo {
1563+ "sg-a" : {
1564+ SecurityGroupID : "sg-a" ,
1565+ Tags : map [string ]string {
1566+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1567+ },
1568+ },
1569+ "sg-b" : {
1570+ SecurityGroupID : "sg-b" ,
1571+ Tags : map [string ]string {
1572+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1573+ "keyA" : "valueA" ,
1574+ "keyB" : "valueB2" ,
1575+ "keyC" : "valueC" ,
1576+ "keyD" : "valueD" ,
1577+ },
1578+ },
1579+ },
1580+ },
1581+ },
1582+ },
1583+ args : args {
1584+ ctx : context .Background (),
1585+ eniInfo : networking.ENIInfo {
1586+ NetworkInterfaceID : "eni-a" ,
1587+ SecurityGroups : []string {"sg-a" , "sg-b" },
1588+ },
1589+ },
1590+ want : "" ,
1591+ wantErr : true ,
1592+ },
1593+ {
1594+ name : "A single security group with cluster name tag and multiple endpoint tags set" ,
1595+ fields : fields {
1596+ endpointSGTags : map [string ]string {
1597+ "keyA" : "valueA" ,
1598+ "keyB" : "valueB2" ,
1599+ },
1600+ fetchSGInfosByRequestCalls : []fetchSGInfosByIDCall {
1601+ {
1602+ req : []string {"sg-a" , "sg-b" },
1603+ resp : map [string ]networking.SecurityGroupInfo {
1604+ "sg-a" : {
1605+ SecurityGroupID : "sg-a" ,
1606+ Tags : map [string ]string {
1607+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1608+ },
1609+ },
1610+ "sg-b" : {
1611+ SecurityGroupID : "sg-b" ,
1612+ Tags : map [string ]string {
1613+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1614+ "keyA" : "valueA" ,
1615+ "keyB" : "valueB2" ,
1616+ "keyC" : "valueC" ,
1617+ "keyD" : "valueD" ,
1618+ },
1619+ },
1620+ },
1621+ },
1622+ },
1623+ },
1624+ args : args {
1625+ ctx : context .Background (),
1626+ eniInfo : networking.ENIInfo {
1627+ NetworkInterfaceID : "eni-a" ,
1628+ SecurityGroups : []string {"sg-a" , "sg-b" },
1629+ },
1630+ },
1631+ want : "sg-b" ,
1632+ wantErr : false ,
1633+ },
1634+ {
1635+ name : "A single security group with cluster name tag and multiple endpoint tags set with no matches" ,
1636+ fields : fields {
1637+ endpointSGTags : map [string ]string {
1638+ "keyA" : "valueA" ,
1639+ "keyB" : "valueNotB2" ,
1640+ },
1641+ fetchSGInfosByRequestCalls : []fetchSGInfosByIDCall {
1642+ {
1643+ req : []string {"sg-a" , "sg-b" },
1644+ resp : map [string ]networking.SecurityGroupInfo {
1645+ "sg-a" : {
1646+ SecurityGroupID : "sg-a" ,
1647+ Tags : map [string ]string {
1648+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1649+ },
1650+ },
1651+ "sg-b" : {
1652+ SecurityGroupID : "sg-b" ,
1653+ Tags : map [string ]string {
1654+ "kubernetes.io/cluster/cluster-a" : "owned" ,
1655+ "keyA" : "valueA" ,
1656+ "keyB" : "valueB2" ,
1657+ "keyC" : "valueC" ,
1658+ "keyD" : "valueD" ,
1659+ },
1660+ },
1661+ },
1662+ },
1663+ },
1664+ },
1665+ args : args {
1666+ ctx : context .Background (),
1667+ eniInfo : networking.ENIInfo {
1668+ NetworkInterfaceID : "eni-a" ,
1669+ SecurityGroups : []string {"sg-a" , "sg-b" },
1670+ },
1671+ },
1672+ want : "" ,
1673+ wantErr : true ,
1674+ },
1675+ }
1676+ for _ , tt := range tests {
1677+ ctrl := gomock .NewController (t )
1678+ defer ctrl .Finish ()
1679+
1680+ sgManager := networking .NewMockSecurityGroupManager (ctrl )
1681+ for _ , call := range tt .fields .fetchSGInfosByRequestCalls {
1682+ sgManager .EXPECT ().FetchSGInfosByID (gomock .Any (), call .req ).Return (call .resp , call .err )
1683+ }
1684+
1685+ t .Run (tt .name , func (t * testing.T ) {
1686+ m := & defaultNetworkingManager {
1687+ sgManager : sgManager ,
1688+ clusterName : "cluster-a" ,
1689+ endpointSGTags : tt .fields .endpointSGTags ,
1690+ }
1691+ got , err := m .resolveEndpointSGForENI (tt .args .ctx , tt .args .eniInfo )
1692+ if (err != nil ) != tt .wantErr {
1693+ t .Errorf ("defaultNetworkingManager.resolveEndpointSGForENI() error = %v, wantErr %v" , err , tt .wantErr )
1694+ return
1695+ }
1696+ if got != tt .want {
1697+ t .Errorf ("defaultNetworkingManager.resolveEndpointSGForENI() = %v, want %v" , got , tt .want )
1698+ }
1699+ })
1700+ }
1701+ }
0 commit comments