1use linkerd_policy_controller_k8s_api::{self as api, policy::httproute::*};
2use linkerd_policy_test::admission;
3
4#[tokio::test(flavor = "current_thread")]
5async fn accepts_valid() {
6 admission::accepts(|ns| HttpRoute {
7 metadata: api::ObjectMeta {
8 namespace: Some(ns.clone()),
9 name: Some("test".to_string()),
10 ..Default::default()
11 },
12 spec: HttpRouteSpec {
13 inner: CommonRouteSpec {
14 parent_refs: Some(vec![server_parent_ref(ns)]),
15 },
16 hostnames: None,
17 rules: Some(rules()),
18 },
19 status: None,
20 })
21 .await;
22}
23
24#[tokio::test(flavor = "current_thread")]
25async fn rejects_relative_path_match() {
26 admission::rejects(|ns| HttpRoute {
27 metadata: meta(&ns),
28 spec: HttpRouteSpec {
29 inner: CommonRouteSpec {
30 parent_refs: Some(vec![server_parent_ref(ns)]),
31 },
32 hostnames: None,
33 rules: Some(vec![HttpRouteRule {
34 matches: Some(vec![HttpRouteMatch {
35 path: Some(HttpPathMatch::Exact {
36 value: "foo/bar".to_string(),
37 }),
38 ..HttpRouteMatch::default()
39 }]),
40 filters: None,
41 backend_refs: None,
42 timeouts: None,
43 }]),
44 },
45 status: None,
46 })
47 .await;
48}
49
50#[tokio::test(flavor = "current_thread")]
51async fn rejects_relative_redirect_path() {
52 admission::rejects(|ns| HttpRoute {
53 metadata: meta(&ns),
54 spec: HttpRouteSpec {
55 inner: CommonRouteSpec {
56 parent_refs: Some(vec![server_parent_ref(ns)]),
57 },
58 hostnames: None,
59 rules: Some(vec![HttpRouteRule {
60 matches: Some(vec![HttpRouteMatch {
61 path: Some(HttpPathMatch::Exact {
62 value: "/foo".to_string(),
63 }),
64 ..HttpRouteMatch::default()
65 }]),
66 filters: Some(vec![HttpRouteFilter::RequestRedirect {
67 request_redirect: HttpRequestRedirectFilter {
68 scheme: None,
69 hostname: None,
70 path: Some(HttpPathModifier::ReplaceFullPath {
71 replace_full_path: "foo/bar".to_string(),
72 }),
73 port: None,
74 status_code: None,
75 },
76 }]),
77 backend_refs: None,
78 timeouts: None,
79 }]),
80 },
81 status: None,
82 })
83 .await;
84}
85
86fn server_parent_ref(ns: impl ToString) -> ParentReference {
87 ParentReference {
88 group: Some("policy.linkerd.io".to_string()),
89 kind: Some("Server".to_string()),
90 namespace: Some(ns.to_string()),
91 name: "my-server".to_string(),
92 section_name: None,
93 port: None,
94 }
95}
96
97fn meta(ns: impl ToString) -> api::ObjectMeta {
98 api::ObjectMeta {
99 namespace: Some(ns.to_string()),
100 name: Some("test".to_string()),
101 ..Default::default()
102 }
103}
104
105fn rules() -> Vec<HttpRouteRule> {
106 vec![HttpRouteRule {
107 matches: Some(vec![HttpRouteMatch {
108 path: Some(HttpPathMatch::Exact {
109 value: "/foo".to_string(),
110 }),
111 ..HttpRouteMatch::default()
112 }]),
113 filters: None,
114 backend_refs: None,
115 timeouts: None,
116 }]
117}
View as plain text