Add UT

Signed-off-by: Dyanngg <[email protected]>
antrea-io · Jun 30, 2023 · 70c6db5 · 70c6db5
1 parent 0b0983f
commit 70c6db5
Show file tree

Hide file tree

Showing 4 changed files with 868 additions and 36 deletions.
diff --git a/pkg/controller/networkpolicy/adminnetworkpolicy.go b/pkg/controller/networkpolicy/adminnetworkpolicy.go
@@ -267,20 +267,17 @@ func (n *NetworkPolicyController) processAdminNetworkPolicy(anp *v1alpha1.AdminN
 		}
 		clusterPeers, perNSLabelPeers := splitPolicyPeerByScope(anpIngressRule.From)
 		if len(clusterPeers) > 0 || len(perNSLabelPeers) == 0 {
-			ruleATGs := n.processClusterSubject(anp.Spec.Subject)
 			peer, ags := n.toAntreaPeerForPolicyCRD(clusterPeers)
 			rule := controlplane.NetworkPolicyRule{
-				Direction:       controlplane.DirectionIn,
-				From:            *peer,
-				Services:        services,
-				Name:            anpIngressRule.Name,
-				Action:          anpActionToCRDAction(anpIngressRule.Action),
-				Priority:        int32(idx),
-				AppliedToGroups: getAppliedToGroupNames(ruleATGs),
+				Direction: controlplane.DirectionIn,
+				From:      *peer,
+				Services:  services,
+				Name:      anpIngressRule.Name,
+				Action:    anpActionToCRDAction(anpIngressRule.Action),
+				Priority:  int32(idx),
 			}
 			rules = append(rules, rule)
 			addressGroups = mergeAddressGroups(addressGroups, ags...)
-			appliedToGroups = mergeAppliedToGroups(appliedToGroups, ruleATGs...)
 		}
 		//TODO: implement SameLabels and NotSameLabels for per NS label ingress peers
 	}
@@ -291,24 +288,24 @@ func (n *NetworkPolicyController) processAdminNetworkPolicy(anp *v1alpha1.AdminN
 		}
 		clusterPeers, perNSLabelPeers := splitPolicyPeerByScope(anpEgressRule.To)
 		if len(clusterPeers) > 0 || len(perNSLabelPeers) == 0 {
-			ruleATGs := n.processClusterSubject(anp.Spec.Subject)
 			peer, ags := n.toAntreaPeerForPolicyCRD(clusterPeers)
 			rule := controlplane.NetworkPolicyRule{
-				Direction:       controlplane.DirectionOut,
-				To:              *peer,
-				Services:        services,
-				Name:            anpEgressRule.Name,
-				Action:          anpActionToCRDAction(anpEgressRule.Action),
-				Priority:        int32(idx),
-				AppliedToGroups: getAppliedToGroupNames(ruleATGs),
+				Direction: controlplane.DirectionOut,
+				To:        *peer,
+				Services:  services,
+				Name:      anpEgressRule.Name,
+				Action:    anpActionToCRDAction(anpEgressRule.Action),
+				Priority:  int32(idx),
 			}
 			rules = append(rules, rule)
 			addressGroups = mergeAddressGroups(addressGroups, ags...)
-			appliedToGroups = mergeAppliedToGroups(appliedToGroups, ruleATGs...)
 		}
 		//TODO: implement SameLabels and NotSameLabels for per NS label egress peers
 	}
 	priority := float64(anp.Spec.Priority)
+	if !appliedToPerRule {
+		appliedToGroups = mergeAppliedToGroups(appliedToGroups, n.processClusterSubject(anp.Spec.Subject)...)
+	}
 	internalNetworkPolicy := &antreatypes.NetworkPolicy{
 		Name:       internalNetworkPolicyKeyFunc(anp),
 		Generation: anp.Generation,
@@ -340,20 +337,17 @@ func (n *NetworkPolicyController) processBaselineAdminNetworkPolicy(banp *v1alph
 		}
 		clusterPeers, perNSLabelPeers := splitPolicyPeerByScope(banpIngressRule.From)
 		if len(clusterPeers) > 0 || len(perNSLabelPeers) == 0 {
-			ruleATGs := n.processClusterSubject(banp.Spec.Subject)
 			peer, ags := n.toAntreaPeerForPolicyCRD(clusterPeers)
 			rule := controlplane.NetworkPolicyRule{
-				Direction:       controlplane.DirectionIn,
-				From:            *peer,
-				Services:        services,
-				Name:            banpIngressRule.Name,
-				Action:          banpActionToCRDAction(banpIngressRule.Action),
-				Priority:        int32(idx),
-				AppliedToGroups: getAppliedToGroupNames(ruleATGs),
+				Direction: controlplane.DirectionIn,
+				From:      *peer,
+				Services:  services,
+				Name:      banpIngressRule.Name,
+				Action:    banpActionToCRDAction(banpIngressRule.Action),
+				Priority:  int32(idx),
 			}
 			rules = append(rules, rule)
 			addressGroups = mergeAddressGroups(addressGroups, ags...)
-			appliedToGroups = mergeAppliedToGroups(appliedToGroups, ruleATGs...)
 		}
 		//TODO: implement SameLabels and NotSameLabels for per NS label ingress peers
 	}
@@ -364,23 +358,23 @@ func (n *NetworkPolicyController) processBaselineAdminNetworkPolicy(banp *v1alph
 		}
 		clusterPeers, perNSLabelPeers := splitPolicyPeerByScope(banpEgressRule.To)
 		if len(clusterPeers) > 0 || len(perNSLabelPeers) == 0 {
-			ruleATGs := n.processClusterSubject(banp.Spec.Subject)
 			peer, ags := n.toAntreaPeerForPolicyCRD(clusterPeers)
 			rule := controlplane.NetworkPolicyRule{
-				Direction:       controlplane.DirectionOut,
-				To:              *peer,
-				Services:        services,
-				Name:            banpEgressRule.Name,
-				Action:          banpActionToCRDAction(banpEgressRule.Action),
-				Priority:        int32(idx),
-				AppliedToGroups: getAppliedToGroupNames(ruleATGs),
+				Direction: controlplane.DirectionOut,
+				To:        *peer,
+				Services:  services,
+				Name:      banpEgressRule.Name,
+				Action:    banpActionToCRDAction(banpEgressRule.Action),
+				Priority:  int32(idx),
 			}
 			rules = append(rules, rule)
 			addressGroups = mergeAddressGroups(addressGroups, ags...)
-			appliedToGroups = mergeAppliedToGroups(appliedToGroups, ruleATGs...)
 		}
 		//TODO: implement SameLabels and NotSameLabels for per NS label egress peers
 	}
+	if !appliedToPerRule {
+		appliedToGroups = mergeAppliedToGroups(appliedToGroups, n.processClusterSubject(banp.Spec.Subject)...)
+	}
 	internalNetworkPolicy := &antreatypes.NetworkPolicy{
 		Name:       internalNetworkPolicyKeyFunc(banp),
 		Generation: banp.Generation,