Add destination namespace check in indexer

traefik · May 11, 2020 · 295e883 · 295e883
1 parent f1596dd
commit 295e883
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 15 deletions.
diff --git a/docs/content/configuration.md b/docs/content/configuration.md
@@ -139,8 +139,10 @@ Other types of route groups and detailed information are available [in the speci
 
 By default, all traffic is denied so we need to grant access to clients to our application. This is done by defining a `TrafficTarget`.
 
-??? Note "TrafficTarget Source & Destination"
-    Please note that TrafficTarget is a namespaced resource. Therefore, the source and the destination namespace needs to be explicitly defined.
+!!! Note "TrafficTarget Source & Destination"
+    Please note that TrafficTarget is a namespaced resource.
+    If the destination namespace is not populated, the TrafficTarget namespace will be used as the destination namespace.
+    The source namespace must be populated, as it cannot be inferred.
 
 ```yaml
 ---

diff --git a/pkg/topology/builder.go b/pkg/topology/builder.go
@@ -722,6 +722,11 @@ func (r *resources) indexSMIResources(ignoredResources mk8s.IgnoreWrapper, tts [
 			continue
 		}
 
+		// If the destination namepace is empty or blank, set it to the trafficTarget namespace.
+		if trafficTarget.Destination.Namespace == "" {
+			trafficTarget.Destination.Namespace = trafficTarget.Namespace
+		}
+
 		key := Key{trafficTarget.Name, trafficTarget.Namespace}
 		r.TrafficTargets[key] = trafficTarget
 	}

diff --git a/pkg/topology/builder_test.go b/pkg/topology/builder_test.go
@@ -1,4 +1,4 @@
-package topology_test
+package topology
 
 import (
 	"context"
@@ -9,7 +9,6 @@ import (
 	"time"
 
 	mk8s "github.com/containous/maesh/pkg/k8s"
-	"github.com/containous/maesh/pkg/topology"
 	access "github.com/servicemeshinterface/smi-sdk-go/pkg/apis/access/v1alpha1"
 	spec "github.com/servicemeshinterface/smi-sdk-go/pkg/apis/specs/v1alpha1"
 	split "github.com/servicemeshinterface/smi-sdk-go/pkg/apis/split/v1alpha2"
@@ -77,11 +76,11 @@ func TestTopologyBuilder_BuildIgnoresNamespaces(t *testing.T) {
 	got, err := builder.Build(ignoredResources)
 	require.NoError(t, err)
 
-	want := &topology.Topology{
-		Services:              make(map[topology.Key]*topology.Service),
-		Pods:                  make(map[topology.Key]*topology.Pod),
-		ServiceTrafficTargets: make(map[topology.ServiceTrafficTargetKey]*topology.ServiceTrafficTarget),
-		TrafficSplits:         make(map[topology.Key]*topology.TrafficSplit),
+	want := &Topology{
+		Services:              make(map[Key]*Service),
+		Pods:                  make(map[Key]*Pod),
+		ServiceTrafficTargets: make(map[ServiceTrafficTargetKey]*ServiceTrafficTarget),
+		TrafficSplits:         make(map[Key]*TrafficSplit),
 	}
 
 	assert.Equal(t, want, got)
@@ -473,9 +472,44 @@ func TestTopologyBuilder_BuildTrafficTargetMultipleSourcesAndDestinations(t *tes
 	assertTopology(t, "testdata/topology-multi-sources-destinations.json", got)
 }
 
+func TestTopologyBuilder_EmptyTrafficTargetDestinationNamespace(t *testing.T) {
+	namespace := "foo"
+	tt := &access.TrafficTarget{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "TrafficTarget",
+			APIVersion: "access.smi-spec.io/v1alpha1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: namespace,
+			Name:      "test",
+		},
+		Destination: access.IdentityBindingSubject{
+			Kind: "ServiceAccount",
+			Name: "test",
+			Port: "80",
+		},
+	}
+
+	k8sClient := fake.NewSimpleClientset()
+	smiAccessClient := accessfake.NewSimpleClientset(tt)
+	smiSplitClient := splitfake.NewSimpleClientset()
+	smiSpecClient := specfake.NewSimpleClientset()
+
+	builder, err := createBuilder(k8sClient, smiAccessClient, smiSpecClient, smiSplitClient)
+	require.NoError(t, err)
+
+	ignoredResources := mk8s.NewIgnored()
+	res, err := builder.loadResources(ignoredResources)
+	require.NoError(t, err)
+
+	actual, exists := res.TrafficTargets[Key{Name: "test", Namespace: namespace}]
+	assert.Equal(t, true, exists)
+	assert.Equal(t, namespace, actual.Destination.Namespace)
+}
+
 // createBuilder initializes the different k8s factories and start them, initializes listers and create
 // a new topology.Builder.
-func createBuilder(k8sClient k8s.Interface, smiAccessClient accessclient.Interface, smiSpecClient specsclient.Interface, smiSplitClient splitclient.Interface) (*topology.Builder, error) {
+func createBuilder(k8sClient k8s.Interface, smiAccessClient accessclient.Interface, smiSpecClient specsclient.Interface, smiSplitClient splitclient.Interface) (*Builder, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 	defer cancel()
 
@@ -526,7 +560,7 @@ func createBuilder(k8sClient k8s.Interface, smiAccessClient accessclient.Interfa
 	logger := logrus.New()
 	logger.SetOutput(ioutil.Discard)
 
-	return &topology.Builder{
+	return &Builder{
 		ServiceLister:        svcLister,
 		EndpointsLister:      epLister,
 		PodLister:            podLister,
@@ -538,8 +572,8 @@ func createBuilder(k8sClient k8s.Interface, smiAccessClient accessclient.Interfa
 	}, nil
 }
 
-func nn(name, ns string) topology.Key {
-	return topology.Key{
+func nn(name, ns string) Key {
+	return Key{
 		Name:      name,
 		Namespace: ns,
 	}
@@ -737,11 +771,11 @@ func createServiceAccount(ns, name string) *corev1.ServiceAccount {
 	}
 }
 
-func assertTopology(t *testing.T, filename string, got *topology.Topology) {
+func assertTopology(t *testing.T, filename string, got *Topology) {
 	data, err := ioutil.ReadFile(filename)
 	require.NoError(t, err)
 
-	var want topology.Topology
+	var want Topology
 
 	err = json.Unmarshal(data, &want)
 	require.NoError(t, err)