Initial test for connection file

zivnevo · zivnevo · commit 2477eea03170 · 2024-03-28T15:07:19.000+02:00
Signed-off-by: ZIV NEVO &lt;NEVO@il.ibm.com&gt;
diff --git a/pkg/analyzer/policies_synthesizer_test.go b/pkg/analyzer/policies_synthesizer_test.go
@@ -131,6 +131,15 @@ func TestPoliciesSynthesizerAPIDnsPort(t *testing.T) {
 	}
 }
 
+func TestPoliciesSynthesizerConnectionsFile(t *testing.T) {
+	dirPath := filepath.Join(getTestsDir(), "sockshop", "manifests")
+	connFilePath := filepath.Join(getTestsDir(), "sockshop", "connections.txt")
+	synthesizer := NewPoliciesSynthesizer(WithConnectionsFile(connFilePath))
+	netpols, err := synthesizer.PoliciesFromFolderPaths([]string{dirPath})
+	require.Nil(t, err)
+	require.Len(t, netpols, 15)
+}
+
 func TestPoliciesSynthesizerAPIFatalError(t *testing.T) {
 	dirPath1 := filepath.Join(getTestsDir(), "k8s_wordpress_example")
 	dirPath2 := filepath.Join(getTestsDir(), "badPath")
diff --git a/tests/sockshop/connections.txt b/tests/sockshop/connections.txt
@@ -0,0 +1,21 @@
+sock-shop/deployment/orders    -> sock-shop/service/catalogue       | TCP:80
+sock-shop/deployment/catalogue -> sock-shop/deployment/catalogue-db
+# sock-shop/deployment/orders -> 59.48.20.0/24 | TCP:443
+
+# Known workloads in NS ns1, can connect to known workloads in NS sock-shop, named session-db
+sock-shop/_/_ -> sock-shop/_/session-db
+
+# All workloads in NS ns1, can connect to the deployment catalogue-db in NS sock-shop
+ns1/*/* -> sock-shop/deployment/shipping
+
+# All workloads in the cluster, can connect to the deployment catalogue-db in NS sock-shop
+*/*/* -> sock-shop/deployment/orders
+
+# 0.0.0.0/0 -> sock-shop/deployment/catalogue-db
+
+
+
+# ns1/*/session-db # not supported
+# ns1/deployment/* # not supported
+# */deployment/*   # not supported
+# */deployment/session-db # not supported
