cnf:network-add-nftables-test-cases #366
Conversation
gkopels
force-pushed
the
add-custom-nftables-test-cases
branch
10 times, most recently
from
19b87aa to
6bbb0c1
Compare
| @@ -38,6 +38,7 @@ type NetworkConfig struct { | |||
| //nolint:lll | |||
| PrometheusOperatorNamespace string `yaml:"prometheus_operator_namespace" envconfig:"ECO_CNF_CORE_NET_PROMETHEUS_OPERATOR_NAMESPACE"` | |||
| MlbAddressPoolIP string `envconfig:"ECO_CNF_CORE_NET_MLB_ADDR_LIST"` | |||
| SecurityIPAddList string `envconfig:"ECO_CNF_CORE_NET_SECURITY_ADDR_LIST"` | |||
There was a problem hiding this comment.
Why do we need it? Is MlbAddressPoolIP not good for that?
There was a problem hiding this comment.
We can use it. Its the same addresses
| // delete table inet custom_table | ||
| // table inet custom_table { | ||
| // }` | ||
| CustomFireWallDelete = `data:;base64, ` + |
There was a problem hiding this comment.
| CustomFireWallDelete = `data:;base64, ` + | |
| CustomFirewallDelete = `data:;base64, ` + |
| // ReporterCRDsToDump tells to the reporter what CRs to dump. | ||
| ReporterCRDsToDump = []k8sreporter.CRData{} | ||
| // ExternalMacVlanNADName represents default external NetworkAttachmentDefinition name. | ||
| ExternalMacVlanNADName = "external" |
There was a problem hiding this comment.
Pls move it to the tests
| apimachinerytype "k8s.io/apimachinery/pkg/types" | ||
| ) | ||
|
|
||
| var ( |
There was a problem hiding this comment.
move all var under describe or to the tsparams
| masterPodIPv4Prefix = "172.16.0.1/24" | ||
| masterPodIPv4Address = "172.16.0.1" |
There was a problem hiding this comment.
| masterPodIPv4Prefix = "172.16.0.1/24" | |
| masterPodIPv4Address = "172.16.0.1" | |
| masterPodIPv4Address = "172.16.0.1" | |
| masterPodIPv4WithPrefix = masterPodIPv4Address + "/24" | |
| return testPod | ||
| } | ||
|
|
||
| func validateTCPTraffic(clientPod *pod.Builder, destIPAddrs []string, interfaceName, |
There was a problem hiding this comment.
no need return an error
There was a problem hiding this comment.
I prefer to leave the error message. There are tests that I am expecting an error
There was a problem hiding this comment.
please move the func to metallb.internal.cmd
There was a problem hiding this comment.
I moved it to network.internal.cmd
| stringgzip := "gzip" | ||
|
|
||
| mode := 384 | ||
| fileContents := fileContentString |
There was a problem hiding this comment.
that is the base64 string
There was a problem hiding this comment.
what does it mean?
you can use it
Source: &fileContentString,
There was a problem hiding this comment.
I am using mc WithRawConfig to create and delete the machineConfig. This is using IgnitionConfig. So I am using the fileContents and not directly adding to Source:
There was a problem hiding this comment.
Sorry, I don'y understand. This is work for me:
https://github.com/openshift-kni/eco-gotests/pull/378/files#diff-22e4ee6efd525f4fd9fbbfbc89a65635f4039a762ef79e6181e6063bbccd3712R550
Yes I already made the change. Not sure why it didnt show after I pushed. I see it now
| Create() | ||
| Expect(err).ToNot(HaveOccurred(), "Failed to create nftables machine config") | ||
|
|
||
| err = WaitForMcpStable(APIClient, 4*time.Minute, 30*time.Second, "workercnf") |
There was a problem hiding this comment.
"workercnf" should be a var
| Create() | ||
| Expect(err).ToNot(HaveOccurred(), "Failed to create nftables machine config") | ||
|
|
||
| err = WaitForMcpStable(APIClient, 4*time.Minute, 30*time.Second, "workercnf") |
There was a problem hiding this comment.
Please increase the timers
| } | ||
|
|
||
| // WaitForMcpStable waits for the stability of the MCP with the given name. | ||
| func WaitForMcpStable(apiClient *clients.Settings, waitingTime, stableDuration time.Duration, mcpName string) error { |
There was a problem hiding this comment.
I'm pretty sure we have the same func somewhere, please reuse it
gkopels
force-pushed
the
add-custom-nftables-test-cases
branch
18 times, most recently
from
b336a5a to
e306cc0
Compare
| // This yaml is created using butane file. | ||
| // butane mc-update-input-rule8888.bu -o mc-custom-firewall-input-port8888.yaml. |
| ` | ||
|
|
||
| // FRRDefaultBGPPreConfig represents FRR daemon BGP minimal config. | ||
| FRRDefaultBGPPreConfig = ` bgp router-id 10.10.10.11 |
| `GRXpH7IcoJX2/I3Z6/a57e/Xffuy2Gze0C2WD+2AVf/U3WGGVEW9O/uz/w0AAP//` + | ||
| `kU0CJQUBAAA=` | ||
| // FRRBaseConfig represents FRR daemon minimal configuration. | ||
| FRRBaseConfig = `! |
There was a problem hiding this comment.
I can't find where it is being used.
| ipv4SecurityIPList []string, | ||
| hubIPv4ExternalAddresses []string, | ||
| ipv4NodeAddrList []string, | ||
| hubPodWorkerName []string, |
There was a problem hiding this comment.
no need.
_ = createFrrPodTest("hub-pod-worker-0", workerNodeList[0].Object.Name, hubConfigMap.Definition.Name, containerFrrName, []string{}, hub0BRstaticIPAnnotation, false)
| "Failed to update the machineconfiguration cluster file") | ||
| } | ||
|
|
||
| func createExternalNad(name string) { |
There was a problem hiding this comment.
There is the same func in common
There was a problem hiding this comment.
Used existing define.CreateNadWithMasterPlugin func
| return ipAddressListWithoutPrefix | ||
| } | ||
|
|
||
| func buildRoutesMapWithSpecificRoutes(podList []*pod.Builder, workerNodeList []*nodes.Builder, |
There was a problem hiding this comment.
reuse from frrk8-tests.go
There was a problem hiding this comment.
here again. I will give you a call and we can discuss where to place it
There was a problem hiding this comment.
moved to network.internal.frrconfig
| return routesMap | ||
| } | ||
|
|
||
| func setStaticRoute(frrPod *pod.Builder, action, destIP string, nextHopMap map[string]string) { |
There was a problem hiding this comment.
moved to network.internal.frrconfig
| return testPod | ||
| } | ||
|
|
||
| func validateTCPTraffic(clientPod *pod.Builder, destIPAddrs []string, interfaceName, |
There was a problem hiding this comment.
please move the func to metallb.internal.cmd
| stringgzip := "gzip" | ||
|
|
||
| mode := 384 | ||
| fileContents := fileContentString |
There was a problem hiding this comment.
what does it mean?
you can use it
Source: &fileContentString,
| Expect(err).ToNot(HaveOccurred(), "Failed to wait for MCP to be stable") | ||
| } | ||
|
|
||
| func createStaticRouteOnWorkerNodes(testPodList []*pod.Builder, routeMap map[string]string, routeAction, |
There was a problem hiding this comment.
please rename the func, it's not only create
gkopels
force-pushed
the
add-custom-nftables-test-cases
branch
14 times, most recently
from
ee3ba43 to
5ffcef2
Compare
| @@ -160,3 +176,12 @@ func getNumberOfPackets(line, firstFieldSubstr string) int { | |||
|
|
|||
| return numberOfPackets | |||
| } | |||
|
|
|||
| func removePrefixFromIPList(ipAddressList []string) []string { | |||
There was a problem hiding this comment.
please reuse func from metallb common: move it and use it
There was a problem hiding this comment.
I already moved it to network.internal.frrconfig
| } | ||
|
|
||
| if len(nextHopList) == 0 { | ||
| glog.Error("Nexthop IP addresses list is empty") |
There was a problem hiding this comment.
Please use glog.V(90).Infof instead
| } | ||
|
|
||
| // BuildRoutesMapWithSpecificRoutes creates a route map with specific routes. | ||
| func BuildRoutesMapWithSpecificRoutes(podList []*pod.Builder, workerNodeList []*nodes.Builder, |
There was a problem hiding this comment.
BuildRoutesMapWithSpecificRoutes and SetStaticRoute are not related to frr. Please move them to cmd.go or netenv.go
| } | ||
|
|
||
| // RemovePrefixFromIPList removes the prefix from an IP address. | ||
| func RemovePrefixFromIPList(ipAddressList []string) []string { |
There was a problem hiding this comment.
not related to frr func. And you already added it to cmd.go
There was a problem hiding this comment.
removed from frrconfig
|
|
||
| // ReporterNamespacesToDump tells to the reporter from where to collect logs. | ||
| ReporterNamespacesToDump = map[string]string{ | ||
| "openshift-performance-addon-operator": "performance", |
There was a problem hiding this comment.
Why do you need to dump openshift-performance-addon-operator ns? Please add ns that you're using in the test suite
There was a problem hiding this comment.
correct removed and changed to security-tests
| err error | ||
| ) | ||
| BeforeAll(func() { | ||
|
|
|
|
||
| It("Verify the creation of a new custom node firewall NFTables table with an ingress rule", | ||
| reportxml.ID("77412"), func() { | ||
|
|
| "Failed to update the machineconfiguration cluster file") | ||
| } | ||
|
|
||
| func createExternalNad(name string) { |
| masterConfigMap.Definition.Name, containerFrrName, []string{}, masterStaticIPAnnotation, true) | ||
| } | ||
|
|
||
| func createStaticIPAnnotations(internalNADName, externalNADName string, internalIPAddresses, |
There was a problem hiding this comment.
still here
In my code its changed. Try refreshing and look again?
| stringgzip := "gzip" | ||
|
|
||
| mode := 384 | ||
| fileContents := fileContentString |
There was a problem hiding this comment.
Sorry, I don'y understand. This is work for me:
https://github.com/openshift-kni/eco-gotests/pull/378/files#diff-22e4ee6efd525f4fd9fbbfbc89a65635f4039a762ef79e6181e6063bbccd3712R550
Yes I already made the change. Not sure why it didnt show after I pushed. I see it now
gkopels
force-pushed
the
add-custom-nftables-test-cases
branch
4 times, most recently
from
a4ab1e0 to
602b55a
Compare
|
|
||
| // CreateExternalNad creats an external network-attchment-definition using the br-ex interface. | ||
| func CreateExternalNad(apiClient *clients.Settings, name, testNameSpace string) { | ||
| glog.V(2).Info("Creating external BR-EX NetworkAttachmentDefinition") |
There was a problem hiding this comment.
| glog.V(2).Info("Creating external BR-EX NetworkAttachmentDefinition") | |
| glog.V(90).Info("Creating external BR-EX NetworkAttachmentDefinition") |
| return | ||
| } | ||
|
|
||
| // Create the NetworkAttachmentDefinition | ||
| _, err = define.CreateNadWithMasterPlugin(apiClient, name, testNameSpace, macVlanPlugin) | ||
| if err != nil { | ||
| glog.V(90).Infof("Failed to create external NetworkAttachmentDefinition: %v", err) | ||
|
|
||
| return |
There was a problem hiding this comment.
Please return the error
| return | ||
| } | ||
|
|
||
| glog.V(2).Infof("Successfully created external NetworkAttachmentDefinition: %s", name) |
There was a problem hiding this comment.
| glog.V(2).Infof("Successfully created external NetworkAttachmentDefinition: %s", name) | |
| glog.V(90).Infof("Successfully created external NetworkAttachmentDefinition: %s", name) |
| } | ||
|
|
||
| // WaitForMcpStable waits for the stability of the MCP with the given name. | ||
| func WaitForMcpStable(apiClient *clients.Settings, waitingTime, stableDuration time.Duration, mcpName string) error { |
There was a problem hiding this comment.
Please add glog.V(90).Infof
| @@ -628,14 +643,17 @@ var _ = Describe("FRR", Ordered, Label(tsparams.LabelFRRTestCases), ContinueOnFa | |||
| srIovInterfacesUnderTest[0], frrNodeSecIntIPv4Addresses[1], "2001:100::253", vlanID) | |||
|
|
|||
| By("Adding static routes to the speakers") | |||
| speakerRoutesMap := buildRoutesMapWithSpecificRoutes(frrk8sPods, hubSecIntIPv4Addresses) | |||
| // speakerRoutesMap := buildRoutesMapWithSpecificRoutes(frrk8sPods, hubSecIntIPv4Addresses) | |||
|
|
||
| // ReporterNamespacesToDump tells to the reporter from where to collect logs. | ||
| ReporterNamespacesToDump = map[string]string{ | ||
| "security-tests": "security-tests", |
There was a problem hiding this comment.
Please use TestNamespaceName
| masterConfigMap.Definition.Name, containerFrrName, []string{}, masterStaticIPAnnotation, true) | ||
| } | ||
|
|
||
| func createStaticIPAnnotations(internalNADName, externalNADName string, internalIPAddresses, |
gkopels
force-pushed
the
add-custom-nftables-test-cases
branch
from
602b55a to
471b138
Compare
| return | ||
| } | ||
|
|
||
| // Create the NetworkAttachmentDefinition | ||
| _, err = define.CreateNadWithMasterPlugin(apiClient, name, testNameSpace, macVlanPlugin) | ||
| if err != nil { | ||
| glog.V(90).Infof("Failed to create external NetworkAttachmentDefinition: %v", err) | ||
|
|
||
| return |
| err = mcp.WaitToBeStableFor(stableDuration, waitingTime) | ||
|
|
||
| if err != nil { | ||
| glog.V(90).Infof("Failed to create external NetworkAttachmentDefinition: %v", err) |
| func WaitForMcpStable(apiClient *clients.Settings, waitingTime, stableDuration time.Duration, mcpName string) error { | ||
| mcp, err := mco.Pull(apiClient, mcpName) | ||
|
|
||
| glog.V(90).Info("Waiting for mcp to be stable after adding or deleting a machine-Config") |
There was a problem hiding this comment.
| glog.V(90).Info("Waiting for mcp to be stable after adding or deleting a machine-Config") | |
| glog.V(90).Info("Waiting for mcp to be stable") |
| // TestNamespaceName security-tests namespace where all test cases are performed. | ||
| TestNamespaceName = "security-tests" | ||
| // ReporterCRDsToDump tells to the reporter what CRs to dump. | ||
| ReporterCRDsToDump = []k8sreporter.CRData{} |
There was a problem hiding this comment.
Please add CRs what you want to dump after the failure. machineconfigs or something else
There was a problem hiding this comment.
Let me know when you are free for a call
gkopels
force-pushed
the
add-custom-nftables-test-cases
branch
from
471b138 to
3686479
Compare
gkopels
force-pushed
the
add-custom-nftables-test-cases
branch
from
3686479 to
36d1201
Compare
Add first of two PRs cnf network nftables custom firewall test cases