Merge pull request #303 from bpfoster/issue-302

Fix handling of multiple label selectors in a service
derailed · Apr 2, 2024 · d09ec25 · d09ec25
2 parents f736e64 + a88940e
commit d09ec25
Show file tree

Hide file tree

Showing 4 changed files with 188 additions and 1 deletion.
diff --git a/internal/db/db.go b/internal/db/db.go
@@ -382,14 +382,18 @@ func matchSel(labels map[string]string, e metav1.LabelSelectorRequirement) bool
 
 // MatchLabels check if pod labels match a selector.
 func MatchLabels(labels, sel map[string]string) bool {
+	if len(sel) == 0 {
+		return false
+	}
+
 	var count int
 	for k, v := range sel {
 		if v1, ok := labels[k]; ok && v == v1 {
 			count++
 		}
 	}
 
-	return count > 0
+	return count == len(sel)
 }
 
 func (db *DB) Exists(kind types.GVR, fqn string) bool {

diff --git a/internal/lint/svc_test.go b/internal/lint/svc_test.go
@@ -35,6 +35,27 @@ func TestSVCLint(t *testing.T) {
 
 }
 
+func TestSVCLint2(t *testing.T) {
+	dba, err := test.NewTestDB()
+	assert.NoError(t, err)
+	l := db.NewLoader(dba)
+
+	ctx := test.MakeCtx(t)
+	assert.NoError(t, test.LoadDB[*v1.Service](ctx, l.DB, "core/svc/2.yaml", internal.Glossary[internal.SVC]))
+	assert.NoError(t, test.LoadDB[*v1.Pod](ctx, l.DB, "core/pod/4.yaml", internal.Glossary[internal.PO]))
+	assert.NoError(t, test.LoadDB[*v1.Endpoints](ctx, l.DB, "core/ep/1.yaml", internal.Glossary[internal.EP]))
+
+	svc := NewService(test.MakeCollector(t), dba)
+	assert.Nil(t, svc.Lint(test.MakeContext("v1/pods", "pods")))
+	assert.Equal(t, 1, len(svc.Outcome()))
+
+	ii := svc.Outcome()["default/svc1"]
+	assert.Equal(t, 1, len(ii))
+	assert.Equal(t, `[POP-1109] Single endpoint is associated with this service`, ii[0].Message)
+	assert.Equal(t, rules.WarnLevel, ii[0].Level)
+
+}
+
 func Test_svcCheckEndpoints(t *testing.T) {
 	uu := map[string]struct {
 		kind     v1.ServiceType

diff --git a/internal/lint/testdata/core/pod/4.yaml b/internal/lint/testdata/core/pod/4.yaml
@@ -0,0 +1,140 @@
+---
+apiVersion: v1
+kind: List
+items:
+- apiVersion: v1
+  kind: Pod
+  metadata:
+    name: aaa
+    namespace: default
+    labels:
+      app: p1
+      instance: aaa
+  spec:
+    serviceAccountName: default
+    tolerations:
+    - key: t1
+      operator: Exists
+      effect: NoSchedule
+    containers:
+    - name: c1
+      image: alpine
+      resources:
+        requests:
+          cpu: 1
+          memory: 1Mi
+        limits:
+          cpu: 1
+          memory: 1Mi
+      ports:
+      - containerPort: 8080
+        name: http
+        protocol: TCP
+      env:
+        - name: env1
+          valueFrom:
+            configMapKeyRef:
+              name: cm1
+              key: ns
+        - name: env2
+          valueFrom:
+            secretKeyRef:
+              name: sec1
+              key: k1
+      volumeMounts:
+      - name: config
+        mountPath: "/config"
+        readOnly: true
+    volumes:
+    - name: mypd
+      persistentVolumeClaim:
+        claimName: pvc1
+    - name: config
+      configMap:
+        name: cm3
+        items:
+        - key: k1
+          path: "game.properties"
+        - key: k2
+          path: "user-interface.properties"
+    - name: secret
+      secret:
+        secretName: sec1
+        optional: false
+        items:
+        - key: ca.crt
+          path: "game.properties"
+        - key: namespace
+          path: "user-interface.properties"
+  status:
+    podIPs:
+    - ip: 172.1.0.3
+    # - ip: 172.1.4.5
+- apiVersion: v1
+  kind: Pod
+  metadata:
+    name: bbb
+    namespace: default
+    labels:
+      app: p1
+      instance: bbb
+  spec:
+    serviceAccountName: default
+    tolerations:
+      - key: t1
+        operator: Exists
+        effect: NoSchedule
+    containers:
+      - name: c1
+        image: alpine
+        resources:
+          requests:
+            cpu: 1
+            memory: 1Mi
+          limits:
+            cpu: 1
+            memory: 1Mi
+        ports:
+          - containerPort: 9090
+            name: bbb
+            protocol: TCP
+        env:
+          - name: env1
+            valueFrom:
+              configMapKeyRef:
+                name: cm1
+                key: ns
+          - name: env2
+            valueFrom:
+              secretKeyRef:
+                name: sec1
+                key: k1
+        volumeMounts:
+          - name: config
+            mountPath: "/config"
+            readOnly: true
+    volumes:
+      - name: mypd
+        persistentVolumeClaim:
+          claimName: pvc1
+      - name: config
+        configMap:
+          name: cm3
+          items:
+            - key: k1
+              path: "game.properties"
+            - key: k2
+              path: "user-interface.properties"
+      - name: secret
+        secret:
+          secretName: sec1
+          optional: false
+          items:
+            - key: ca.crt
+              path: "game.properties"
+            - key: namespace
+              path: "user-interface.properties"
+  status:
+    podIPs:
+      - ip: 172.1.0.3
+    # - ip: 172.1.4.5
diff --git a/internal/lint/testdata/core/svc/2.yaml b/internal/lint/testdata/core/svc/2.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: List
+items:
+- apiVersion: v1
+  kind: Service
+  metadata:
+    labels:
+      app: p1
+    name: svc1
+    namespace: default
+  spec:
+    ports:
+    - name: http
+      port: 9090
+      protocol: TCP
+      targetPort: bbb
+    selector:
+      app: p1
+      instance: bbb
+    sessionAffinity: None
+  status:
+    loadBalancer: {}