feat(kuma-cp): implement possibility to select proxies in policies by new kind Dataplane

pkg/plugins/policies/core/matchers/dataplane_test.go

@@ -1,6 +1,8 @@
 package matchers_test
 
 import (
+	"fmt"
+	test_resources "github.com/kumahq/kuma/pkg/test/resources"
 	"os"
 	"path/filepath"
 	"strings"
@@ -22,6 +24,7 @@ import (
 
 var _ = Describe("MatchedPolicies", func() {
 	type testCase struct {
+		testName     string
 		dppFile      string
 		mesFile      string
 		policiesFile string
@@ -37,25 +40,29 @@ var _ = Describe("MatchedPolicies", func() {
 		testCaseMap := map[string]*testCase{}
 		for _, f := range files {
 			parts := strings.Split(f.Name(), ".")
+			if len(parts) < 2 {
+				continue
+			}
 			// file name has a format 01.golden.yaml
-			num, fileType := parts[0], parts[1]
-			if _, ok := testCaseMap[num]; !ok {
-				testCaseMap[num] = &testCase{}
+			name, fileType := parts[0], parts[1]
+			if _, ok := testCaseMap[name]; !ok {
+				testCaseMap[name] = &testCase{}
+				testCaseMap[name].testName = name
 			}
 			switch fileType {
 			case "dataplane":
-				testCaseMap[num].dppFile = filepath.Join(testDir, f.Name())
+				testCaseMap[name].dppFile = filepath.Join(testDir, f.Name())
 			case "policies":
-				testCaseMap[num].policiesFile = filepath.Join(testDir, f.Name())
+				testCaseMap[name].policiesFile = filepath.Join(testDir, f.Name())
 			case "golden":
-				testCaseMap[num].goldenFile = filepath.Join(testDir, f.Name())
+				testCaseMap[name].goldenFile = filepath.Join(testDir, f.Name())
 			case "mes":
-				testCaseMap[num].mesFile = filepath.Join(testDir, f.Name())
+				testCaseMap[name].mesFile = filepath.Join(testDir, f.Name())
 			}
 		}
 
 		for _, tc := range testCaseMap {
-			res = append(res, Entry(tc.goldenFile, *tc))
+			res = append(res, Entry(tc.testName, *tc))
 		}
 		return res
 	}
@@ -71,15 +78,7 @@ var _ = Describe("MatchedPolicies", func() {
 			// we're expecting all policies in the file to have the same type or to be mixed with MeshHTTPRoutes
 			Expect(resTypes).To(Or(HaveLen(1), HaveLen(2)))
 
-			var resType core_model.ResourceType
-			switch {
-			case len(resTypes) == 1:
-				resType = resTypes[0]
-			case len(resTypes) == 2 && resTypes[1] == v1alpha1.MeshHTTPRouteType:
-				resType = resTypes[0]
-			case len(resTypes) == 2 && resTypes[0] == v1alpha1.MeshHTTPRouteType:
-				resType = resTypes[1]
-			}
+			resType := getResourceType(resTypes)
 
 			// when
 			policies, err := matchers.MatchedPolicies(resType, dpp, resources)
@@ -206,4 +205,109 @@ var _ = Describe("MatchedPolicies", func() {
 		},
 		generateTableEntries(filepath.Join("testdata", "matchedpolicies", "meshgateways")),
 	)
+
+	type dataplaneTestCase struct {
+		dataplaneMeta test_resources.BuildMeta
+		policyMeta    test_resources.BuildMeta
+		goldenFile    string
+	}
+	FDescribeTableSubtree("should match by kind Dataplane", func(givenResources testCase) {
+		DescribeTable("should TODO", func(given dataplaneTestCase) {
+			// given
+			dpp := readDPP(givenResources.dppFile)
+			test_resources.UpdateResourceMeta(given.dataplaneMeta, dpp)
+
+			resources, resTypes := readPolicies(givenResources.policiesFile)
+			resType := getResourceType(resTypes)
+			test_resources.UpdateResourcesMeta(given.policyMeta, resources.MeshLocalResources[resType])
+
+			// when
+			policies, err := matchers.MatchedPolicies(resType, dpp, resources)
+			Expect(err).ToNot(HaveOccurred())
+
+			// then
+			matchedPolicyList, err := registry.Global().NewList(resType)
+			Expect(err).ToNot(HaveOccurred())
+
+			for _, policy := range policies.DataplanePolicies {
+				Expect(matchedPolicyList.AddItem(policy)).To(Succeed())
+			}
+			bytes, err := yaml.Marshal(rest.From.ResourceList(matchedPolicyList))
+			Expect(err).ToNot(HaveOccurred())
+			Expect(string(bytes)).To(test_matchers.MatchGoldenYAML(given.goldenFile))
+		},
+			Entry("uni zone", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneUni,
+				policyMeta:    test_resources.ZoneUni,
+				goldenFile:    buildGoldenFilePath("uni-zone", givenResources.testName),
+			}),
+			Entry("k8s zone", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneK8s,
+				policyMeta:    test_resources.ZoneK8s,
+				goldenFile:    buildGoldenFilePath("k8s-zone", givenResources.testName),
+			}),
+			Entry("policy global uni, dpp uni", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneUni,
+				policyMeta:    test_resources.SystemPolicy(test_resources.GlobalUni),
+				goldenFile:    buildGoldenFilePath("policy-from-global-uni-zone-uni", givenResources.testName),
+			}),
+			Entry("policy global uni, dpp k8s", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneK8s,
+				policyMeta:    test_resources.SystemPolicy(test_resources.GlobalUni),
+				goldenFile:    buildGoldenFilePath("policy-from-global-uni-zone-k8s", givenResources.testName),
+			}),
+			Entry("policy global k8s, dpp uni", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneUni,
+				policyMeta:    test_resources.SystemPolicy(test_resources.GlobalK8s),
+				goldenFile:    buildGoldenFilePath("policy-from-global-k8s-zone-uni", givenResources.testName),
+			}),
+			Entry("policy global k8s, dpp k8s", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneK8s,
+				policyMeta:    test_resources.SystemPolicy(test_resources.GlobalK8s),
+				goldenFile:    buildGoldenFilePath("policy-from-global-k8s-zone-k8s", givenResources.testName),
+			}),
+			Entry("policy global k8s, dpp uni", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneUni,
+				policyMeta:    test_resources.SystemPolicy(test_resources.GlobalUni),
+				goldenFile:    buildGoldenFilePath("policy-global-uni-dpp-k8s", givenResources.testName),
+			}),
+			Entry("policy synced from other k8s zone", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneUni,
+				policyMeta:    test_resources.ProducerPolicy(test_resources.SyncToUni(test_resources.ZoneK8s)),
+				goldenFile:    buildGoldenFilePath("policy-form-k8s-to-uni", givenResources.testName),
+			}),
+			Entry("policy synced from other uni zone", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneK8s,
+				policyMeta:    test_resources.ProducerPolicy(test_resources.SyncToK8s(test_resources.ZoneUni)),
+				goldenFile:    buildGoldenFilePath("policy-form-uni-to-k8s", givenResources.testName),
+			}),
+			Entry("policy synced from other uni zone to uni", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneUni,
+				policyMeta:    test_resources.ProducerPolicy(test_resources.SyncToUni(test_resources.ZoneUni)),
+				goldenFile:    buildGoldenFilePath("policy-form-uni-to-uni", givenResources.testName),
+			}),
+			Entry("policy synced from other k8s zone to k8s", dataplaneTestCase{
+				dataplaneMeta: test_resources.ZoneK8s,
+				policyMeta:    test_resources.ProducerPolicy(test_resources.SyncToK8s(test_resources.ZoneK8s)),
+				goldenFile:    buildGoldenFilePath("policy-form-k8s-to-k8s", givenResources.testName),
+			}),
+		)
+	}, generateTableEntries(filepath.Join("testdata", "matchedpolicies", "dataplane-kind")))
 })
+
+func getResourceType(resTypes []core_model.ResourceType) core_model.ResourceType {
+	var resType core_model.ResourceType
+	switch {
+	case len(resTypes) == 1:
+		resType = resTypes[0]
+	case len(resTypes) == 2 && resTypes[1] == v1alpha1.MeshHTTPRouteType:
+		resType = resTypes[0]
+	case len(resTypes) == 2 && resTypes[0] == v1alpha1.MeshHTTPRouteType:
+		resType = resTypes[1]
+	}
+	return resType
+}
+
+func buildGoldenFilePath(caseName, testName string) string {
+	return filepath.Join("testdata", "matchedpolicies", "dataplane-kind", "golden", fmt.Sprintf("%s.%s.golden.yaml", caseName, testName))
+}

pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/golden/k8s-zone.simple-policy.golden.yaml

@@ -0,0 +1,41 @@
+items:
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    k8s.kuma.io/namespace: ns-k8s
+    kuma.io/display-name: mtp-2
+    kuma.io/mesh: mesh-1
+    kuma.io/origin: zone
+    kuma.io/zone: zone-k8s
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-2.ns-k8s
+  spec:
+    from:
+    - default:
+        action: Allow
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    k8s.kuma.io/namespace: ns-k8s
+    kuma.io/display-name: mtp-1
+    kuma.io/mesh: mesh-1
+    kuma.io/origin: zone
+    kuma.io/zone: zone-k8s
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-1.ns-k8s
+  spec:
+    from:
+    - default:
+        action: Deny
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+next: null
+total: 0

pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/golden/policy-form-k8s-to-k8s.simple-policy.golden.yaml

@@ -0,0 +1,43 @@
+items:
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    k8s.kuma.io/namespace: ns-k8s
+    kuma.io/display-name: mtp-2
+    kuma.io/mesh: mesh-1
+    kuma.io/origin: zone
+    kuma.io/policy-role: producer
+    kuma.io/zone: zone-k8s
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-2-7z7fb49x47595f5w.kuma-system
+  spec:
+    from:
+    - default:
+        action: Allow
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    k8s.kuma.io/namespace: ns-k8s
+    kuma.io/display-name: mtp-1
+    kuma.io/mesh: mesh-1
+    kuma.io/origin: zone
+    kuma.io/policy-role: producer
+    kuma.io/zone: zone-k8s
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-1-dz68xw22zdcf2ffv.kuma-system
+  spec:
+    from:
+    - default:
+        action: Deny
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+next: null
+total: 0

pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/golden/policy-form-k8s-to-uni.simple-policy.golden.yaml

@@ -0,0 +1,43 @@
+items:
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    k8s.kuma.io/namespace: ns-k8s
+    kuma.io/display-name: mtp-2
+    kuma.io/mesh: mesh-1
+    kuma.io/origin: zone
+    kuma.io/policy-role: producer
+    kuma.io/zone: zone-k8s
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-2-7z7fb49x47595f5w
+  spec:
+    from:
+    - default:
+        action: Allow
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    k8s.kuma.io/namespace: ns-k8s
+    kuma.io/display-name: mtp-1
+    kuma.io/mesh: mesh-1
+    kuma.io/origin: zone
+    kuma.io/policy-role: producer
+    kuma.io/zone: zone-k8s
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-1-dz68xw22zdcf2ffv
+  spec:
+    from:
+    - default:
+        action: Deny
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+next: null
+total: 0

pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/golden/policy-form-uni-to-k8s.simple-policy.golden.yaml

@@ -0,0 +1,39 @@
+items:
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    kuma.io/display-name: mtp-2
+    kuma.io/origin: zone
+    kuma.io/policy-role: producer
+    kuma.io/zone: zone-uni
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-2-fcfffxvxvw584d2w.kuma-system
+  spec:
+    from:
+    - default:
+        action: Allow
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    kuma.io/display-name: mtp-1
+    kuma.io/origin: zone
+    kuma.io/policy-role: producer
+    kuma.io/zone: zone-uni
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-1-67668f5275f2c656.kuma-system
+  spec:
+    from:
+    - default:
+        action: Deny
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+next: null
+total: 0

pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/golden/policy-form-uni-to-uni.simple-policy.golden.yaml

@@ -0,0 +1,39 @@
+items:
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    kuma.io/display-name: mtp-2
+    kuma.io/origin: zone
+    kuma.io/policy-role: producer
+    kuma.io/zone: zone-uni
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-2-fcfffxvxvw584d2w
+  spec:
+    from:
+    - default:
+        action: Allow
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+- creationTime: "0001-01-01T00:00:00Z"
+  labels:
+    kuma.io/display-name: mtp-1
+    kuma.io/origin: zone
+    kuma.io/policy-role: producer
+    kuma.io/zone: zone-uni
+  mesh: mesh-1
+  modificationTime: "0001-01-01T00:00:00Z"
+  name: mtp-1-67668f5275f2c656
+  spec:
+    from:
+    - default:
+        action: Deny
+      targetRef:
+        kind: Mesh
+    targetRef:
+      kind: Dataplane
+  type: MeshTrafficPermission
+next: null
+total: 0