allow_list_test.go

package nebula

import (
	"net"
	"regexp"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestAllowList_Allow(t *testing.T) {
	assert.Equal(t, true, ((*AllowList)(nil)).Allow(ip2int(net.ParseIP("1.1.1.1"))))

	tree := NewCIDRTree()
	tree.AddCIDR(getCIDR("0.0.0.0/0"), true)
	tree.AddCIDR(getCIDR("10.0.0.0/8"), false)
	tree.AddCIDR(getCIDR("10.42.42.0/24"), true)
	al := &AllowList{cidrTree: tree}

	assert.Equal(t, true, al.Allow(ip2int(net.ParseIP("1.1.1.1"))))
	assert.Equal(t, false, al.Allow(ip2int(net.ParseIP("10.0.0.4"))))
	assert.Equal(t, true, al.Allow(ip2int(net.ParseIP("10.42.42.42"))))
}

func TestAllowList_AllowName(t *testing.T) {
	assert.Equal(t, true, ((*AllowList)(nil)).AllowName("docker0"))

	rules := []AllowListNameRule{
		{Name: regexp.MustCompile("^docker.*$"), Allow: false},
		{Name: regexp.MustCompile("^tun.*$"), Allow: false},
	}
	al := &AllowList{nameRules: rules}

	assert.Equal(t, false, al.AllowName("docker0"))
	assert.Equal(t, false, al.AllowName("tun0"))
	assert.Equal(t, true, al.AllowName("eth0"))

	rules = []AllowListNameRule{
		{Name: regexp.MustCompile("^eth.*$"), Allow: true},
		{Name: regexp.MustCompile("^ens.*$"), Allow: true},
	}
	al = &AllowList{nameRules: rules}

	assert.Equal(t, false, al.AllowName("docker0"))
	assert.Equal(t, true, al.AllowName("eth0"))
	assert.Equal(t, true, al.AllowName("ens5"))
}