traefik/pkg/middlewares/ipallowlist/ip_allowlist_test.go

125 lines
2.7 KiB
Go
Raw Normal View History

2022-10-26 15:16:05 +00:00
package ipallowlist
2018-04-03 16:36:03 +00:00
import (
2018-11-14 09:18:03 +00:00
"context"
2018-04-03 16:36:03 +00:00
"net/http"
"net/http/httptest"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
2023-02-03 14:24:05 +00:00
"github.com/traefik/traefik/v3/pkg/config/dynamic"
2018-04-03 16:36:03 +00:00
)
2022-10-26 15:16:05 +00:00
func TestNewIPAllowLister(t *testing.T) {
2018-04-03 16:36:03 +00:00
testCases := []struct {
desc string
2022-10-26 15:16:05 +00:00
allowList dynamic.IPAllowList
2018-11-14 09:18:03 +00:00
expectedError bool
2018-04-03 16:36:03 +00:00
}{
{
2018-11-14 09:18:03 +00:00
desc: "invalid IP",
2022-10-26 15:16:05 +00:00
allowList: dynamic.IPAllowList{
2018-11-14 09:18:03 +00:00
SourceRange: []string{"foo"},
},
expectedError: true,
2018-04-03 16:36:03 +00:00
},
{
2018-11-14 09:18:03 +00:00
desc: "valid IP",
2022-10-26 15:16:05 +00:00
allowList: dynamic.IPAllowList{
2018-11-14 09:18:03 +00:00
SourceRange: []string{"10.10.10.10"},
},
2018-04-03 16:36:03 +00:00
},
{
desc: "invalid HTTP status code",
allowList: dynamic.IPAllowList{
SourceRange: []string{"10.10.10.10"},
RejectStatusCode: 600,
},
expectedError: true,
},
2018-04-03 16:36:03 +00:00
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
2018-11-14 09:18:03 +00:00
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
2022-10-26 15:16:05 +00:00
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
2018-04-03 16:36:03 +00:00
2018-11-14 09:18:03 +00:00
if test.expectedError {
assert.Error(t, err)
2018-04-03 16:36:03 +00:00
} else {
require.NoError(t, err)
2022-10-26 15:16:05 +00:00
assert.NotNil(t, allowLister)
2018-04-03 16:36:03 +00:00
}
})
}
}
2022-10-26 15:16:05 +00:00
func TestIPAllowLister_ServeHTTP(t *testing.T) {
2018-04-03 16:36:03 +00:00
testCases := []struct {
desc string
2022-10-26 15:16:05 +00:00
allowList dynamic.IPAllowList
remoteAddr string
expected int
2018-04-03 16:36:03 +00:00
}{
{
2018-11-14 09:18:03 +00:00
desc: "authorized with remote address",
2022-10-26 15:16:05 +00:00
allowList: dynamic.IPAllowList{
2018-11-14 09:18:03 +00:00
SourceRange: []string{"20.20.20.20"},
},
remoteAddr: "20.20.20.20:1234",
expected: 200,
2018-04-03 16:36:03 +00:00
},
{
2018-11-14 09:18:03 +00:00
desc: "non authorized with remote address",
2022-10-26 15:16:05 +00:00
allowList: dynamic.IPAllowList{
2018-11-14 09:18:03 +00:00
SourceRange: []string{"20.20.20.20"},
},
remoteAddr: "20.20.20.21:1234",
expected: 403,
2018-04-03 16:36:03 +00:00
},
{
desc: "authorized with remote address, reject 404",
allowList: dynamic.IPAllowList{
SourceRange: []string{"20.20.20.20"},
RejectStatusCode: 404,
},
remoteAddr: "20.20.20.20:1234",
expected: 200,
},
{
desc: "non authorized with remote address, reject 404",
allowList: dynamic.IPAllowList{
SourceRange: []string{"20.20.20.20"},
RejectStatusCode: 404,
},
remoteAddr: "20.20.20.21:1234",
expected: 404,
},
2018-04-03 16:36:03 +00:00
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
2018-11-14 09:18:03 +00:00
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
2022-10-26 15:16:05 +00:00
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
2018-04-03 16:36:03 +00:00
require.NoError(t, err)
recorder := httptest.NewRecorder()
req := httptest.NewRequest(http.MethodGet, "http://10.10.10.10", nil)
if len(test.remoteAddr) > 0 {
req.RemoteAddr = test.remoteAddr
}
2022-10-26 15:16:05 +00:00
allowLister.ServeHTTP(recorder, req)
2018-04-03 16:36:03 +00:00
assert.Equal(t, test.expected, recorder.Code)
})
}
}