httproute-invalid-cross-namespace-parent-ref.go

Documentation: sigs.k8s.io/gateway-api/conformance/tests

     1  /*
     2  Copyright 2022 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package tests
    18  
    19  import (
    20  	"testing"
    21  
    22  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    23  	"k8s.io/apimachinery/pkg/types"
    24  
    25  	v1 "sigs.k8s.io/gateway-api/apis/v1"
    26  	"sigs.k8s.io/gateway-api/conformance/utils/kubernetes"
    27  	"sigs.k8s.io/gateway-api/conformance/utils/suite"
    28  )
    29  
    30  func init() {
    31  	ConformanceTests = append(ConformanceTests, HTTPRouteInvalidCrossNamespaceParentRef)
    32  }
    33  
    34  var HTTPRouteInvalidCrossNamespaceParentRef = suite.ConformanceTest{
    35  	ShortName:   "HTTPRouteInvalidCrossNamespaceParentRef",
    36  	Description: "A single HTTPRoute in the gateway-conformance-web-backend namespace should fail to attach to a Gateway in another namespace that it is not allowed to",
    37  	Features: []suite.SupportedFeature{
    38  		suite.SupportGateway,
    39  		suite.SupportHTTPRoute,
    40  	},
    41  	Manifests: []string{"tests/httproute-invalid-cross-namespace-parent-ref.yaml"},
    42  	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
    43  		gwNN := types.NamespacedName{Name: "same-namespace", Namespace: "gateway-conformance-infra"}
    44  		routeNN := types.NamespacedName{Name: "invalid-cross-namespace-parent-ref", Namespace: "gateway-conformance-web-backend"}
    45  		kubernetes.HTTPRouteMustHaveResolvedRefsConditionsTrue(t, suite.Client, suite.TimeoutConfig, routeNN, gwNN)
    46  
    47  		// When running conformance tests, implementations are expected to have visibility across all namespaces, and
    48  		// must be setting this condition on routes that are not allowed. However, outside of conformance testing,
    49  		// it's also valid for implementations to run in modes where they only have access to a limited subset of
    50  		// namespaces, in which case they are not obligated to populate this condition on routes they cannot access.
    51  		t.Run("HTTPRoute should have an Accepted: false condition with reason NotAllowedByListeners", func(t *testing.T) {
    52  			acceptedCond := metav1.Condition{
    53  				Type:   string(v1.RouteConditionAccepted),
    54  				Status: metav1.ConditionFalse,
    55  				Reason: string(v1.RouteReasonNotAllowedByListeners),
    56  			}
    57  
    58  			kubernetes.HTTPRouteMustHaveCondition(t, suite.Client, suite.TimeoutConfig, routeNN, gwNN, acceptedCond)
    59  		})
    60  
    61  		t.Run("Route should not have Parents set in status", func(t *testing.T) {
    62  			kubernetes.HTTPRouteMustHaveNoAcceptedParents(t, suite.Client, suite.TimeoutConfig, routeNN)
    63  		})
    64  
    65  		t.Run("Gateway should have 0 Routes attached", func(t *testing.T) {
    66  			kubernetes.GatewayMustHaveZeroRoutes(t, suite.Client, suite.TimeoutConfig, gwNN)
    67  		})
    68  	},
    69  }
    70
View as plain text