forked from kyma-project/kyma
-
Notifications
You must be signed in to change notification settings - Fork 0
/
istio.go
97 lines (84 loc) · 2.25 KB
/
istio.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package suite
import (
"bytes"
"text/template"
"github.com/ghodss/yaml"
"github.com/stretchr/testify/require"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/dynamic"
)
const (
denierDefinition = `
apiVersion: "config.istio.io/v1alpha2"
kind: denier
metadata:
name: gw
namespace: {{.Namespace}}
spec:
status:
code: 7
message: |
Not allowed by istio denier
`
checkNothingDefinition = `
apiVersion: "config.istio.io/v1alpha2"
kind: checknothing
metadata:
name: gw
namespace: {{.Namespace}}
spec:
`
ruleDefinition = `
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: {{.Service}}
namespace: {{.Namespace}}
spec:
match: (destination.service == "{{.Service}}.{{.Namespace}}.svc.cluster.local") && (source.labels["{{.AccessLabel}}"] != "true")
actions:
- handler: gw.denier
instances:
- gw.checknothing
`
)
func (ts *TestSuite) createIstioResources() {
var data = struct {
Namespace string
AccessLabel string
Service string
}{
Namespace: ts.namespace,
AccessLabel: ts.accessLabel,
Service: ts.gatewaySvcName,
}
denierTmpl := template.Must(template.New("denier").Parse(denierDefinition))
checkNothingTmpl := template.Must(template.New("checknothing").Parse(checkNothingDefinition))
ruleTmpl := template.Must(template.New("rule").Parse(ruleDefinition))
cp := dynamic.NewDynamicClientPool(ts.config)
for _, tmpl := range []*template.Template{denierTmpl, checkNothingTmpl, ruleTmpl} {
obj := ts.unmarshal(data, tmpl)
kind := obj["kind"].(string)
denierInterface, _ := cp.ClientForGroupVersionKind(schema.GroupVersionKind{
Version: "v1alpha2",
Group: "config.istio.io",
Kind: kind,
})
dcl := denierInterface.Resource(&metav1.APIResource{
Namespaced: true,
Name: kind + "s",
}, ts.namespace)
dcl.Create(&unstructured.Unstructured{Object: obj})
}
}
func (ts *TestSuite) unmarshal(data interface{}, tmpl *template.Template) map[string]interface{} {
var obj map[string]interface{}
var buffer bytes.Buffer
err := tmpl.Execute(&buffer, &data)
require.NoError(ts.t, err)
err = yaml.Unmarshal(buffer.Bytes(), &obj)
require.NoError(ts.t, err)
return obj
}