diff --git a/test/e2e/framework.go b/test/e2e/framework.go index b32ee0f08..fc7d07f50 100644 --- a/test/e2e/framework.go +++ b/test/e2e/framework.go @@ -8,20 +8,16 @@ import ( "net" "os/exec" "regexp" - "strconv" "strings" "time" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/wait" clientset "k8s.io/client-go/kubernetes" - "k8s.io/client-go/kubernetes/scheme" restclient "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" - "k8s.io/client-go/tools/remotecommand" "github.com/vmware-tanzu/nsx-operator/pkg/client/clientset/versioned" "github.com/vmware-tanzu/nsx-operator/pkg/nsx/services/common" @@ -82,11 +78,14 @@ type TestData struct { var testData *TestData +//Temporarily disable traffic check +/* type PodIPs struct { ipv4 *net.IP ipv6 *net.IP ipStrings []string } +*/ func initProvider() error { providerFactory := map[string]func(string) (providers.ProviderInterface, error){ @@ -405,6 +404,8 @@ func (data *TestData) getCRResource(timeout time.Duration, cr string, namespace return crs, nil } +//Temporarily disable traffic check +/* // podWaitFor polls the K8s apiServer until the specified Pod is found (in the test Namespace) and // the condition predicate is met (or until the provided timeout expires). func (data *TestData) podWaitFor(timeout time.Duration, name, namespace string, condition PodCondition) (*corev1.Pod, error) { @@ -594,6 +595,7 @@ func (data *TestData) runNetcatCommandFromPod(namespace string, podName string, } return nil } +*/ func applyYAML(filename string, ns string) error { cmd := fmt.Sprintf("kubectl apply -f %s -n %s", filename, ns) @@ -615,6 +617,8 @@ func applyYAML(filename string, ns string) error { return nil } +//Temporarily disable traffic check +/* func runCommand(cmd string) (string, error) { err := wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { var stdout, stderr bytes.Buffer @@ -636,6 +640,7 @@ func runCommand(cmd string) (string, error) { }) return "", err } +*/ func deleteYAML(filename string, ns string) error { cmd := fmt.Sprintf("kubectl delete -f %s -n %s", filename, ns) diff --git a/test/e2e/nsx_security_policy_test.go b/test/e2e/nsx_security_policy_test.go index 3b721eb41..ac7cbb0f8 100644 --- a/test/e2e/nsx_security_policy_test.go +++ b/test/e2e/nsx_security_policy_test.go @@ -15,12 +15,9 @@ package e2e import ( - "fmt" "path/filepath" "testing" - "github.com/stretchr/testify/assert" - "github.com/vmware-tanzu/nsx-operator/pkg/nsx/services/common" ) @@ -32,30 +29,33 @@ const ( // This is the very basic, blocking all in and out traffic between pods should take effect. func TestSecurityPolicyBasicTraffic(t *testing.T) { ns := "test-security-policy-1" - busybox := "busybox" - ncPod := "nc-pod" securityPolicyName := "isolate-policy-1" + var err error setupTest(t, ns) defer teardownTest(t, ns, defaultTimeout) - // Create pods - busyboxPath, _ := filepath.Abs("./manifest/testSecurityPolicy/busybox.yaml") - _ = applyYAML(busyboxPath, ns) - netcatPath, _ := filepath.Abs("./manifest/testSecurityPolicy/netcat-pod.yaml") - _ = applyYAML(netcatPath, ns) - - // Wait for pods - ps, err := testData.podWaitForIPs(defaultTimeout, busybox, ns) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod %s", busybox) - iPs, err := testData.podWaitForIPs(defaultTimeout, ncPod, ns) - t.Logf("Pods are %v", iPs) - assertNil(t, err, "Error when waiting for IP for Pod %s", ncPod) - - // Ping from pod - err = testData.runPingCommandFromPod(ns, busybox, iPs, 4) - assertNil(t, err, "Error when running ping command from test Pod %s", busybox) - + // Temporarily disable traffic check + /* + // Create pods + busyboxPath, _ := filepath.Abs("./manifest/testSecurityPolicy/busybox.yaml") + _ = applyYAML(busyboxPath, ns) + netcatPath, _ := filepath.Abs("./manifest/testSecurityPolicy/netcat-pod.yaml") + _ = applyYAML(netcatPath, ns) + + busybox := "busybox" + ncPod := "nc-pod + // Wait for pods + ps, err := testData.podWaitForIPs(defaultTimeout, busybox, ns) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod %s", busybox) + iPs, err := testData.podWaitForIPs(defaultTimeout, ncPod, ns) + t.Logf("Pods are %v", iPs) + assertNil(t, err, "Error when waiting for IP for Pod %s", ncPod) + + // Ping from pod + err = testData.runPingCommandFromPod(ns, busybox, iPs, 4) + assertNil(t, err, "Error when running ping command from test Pod %s", busybox) + */ // Create security policy nsIsolationPath, _ := filepath.Abs("./manifest/testSecurityPolicy/ns-isolation-policy.yaml") _ = applyYAML(nsIsolationPath, ns) @@ -69,9 +69,12 @@ func TestSecurityPolicyBasicTraffic(t *testing.T) { err = testData.waitForResourceExistOrNot(ns, common.ResourceTypeRule, securityPolicyName, true) assertNil(t, err) - // Ping from pod - err = testData.runPingCommandFromPod(ns, busybox, iPs, 4) - assertNotNil(t, err, "Error when running ping command from test Pod %s", busybox) + //Temporarily disable traffic check + /* + // Ping from pod + err = testData.runPingCommandFromPod(ns, busybox, iPs, 4) + assertNotNil(t, err, "Error when running ping command from test Pod %s", busybox) + */ // Delete security policy _ = deleteYAML(nsIsolationPath, ns) @@ -84,9 +87,12 @@ func TestSecurityPolicyBasicTraffic(t *testing.T) { err = testData.waitForResourceExistOrNot(ns, common.ResourceTypeRule, securityPolicyName, false) assertNil(t, err) - // Ping from pod - err = testData.runPingCommandFromPod(ns, busybox, iPs, 4) - assertNil(t, err, "Error when running ping command from test Pod %s", busybox) + //Temporarily disable traffic check + /* + // Ping from pod + err = testData.runPingCommandFromPod(ns, busybox, iPs, 4) + assertNil(t, err, "Error when running ping command from test Pod %s", busybox) + */ } // TestSecurityPolicyAddDeleteRule verifies that when adding or deleting rule, the security policy will be updated. @@ -144,9 +150,7 @@ func TestSecurityPolicyAddDeleteRule(t *testing.T) { func TestSecurityPolicyMatchExpression(t *testing.T) { ns := "test-security-policy-match-expression" securityPolicyName := "expression-policy-1" - clientA := "client-a" - clientB := "client-b" - podA := "pod-a" + var err error setupTest(t, ns) defer teardownTest(t, ns, defaultTimeout) @@ -155,22 +159,28 @@ func TestSecurityPolicyMatchExpression(t *testing.T) { _ = applyYAML(podPath, ns) defer deleteYAML(podPath, "") - // Wait for pods - ps, err := testData.podWaitForIPs(defaultTimeout, clientA, ns) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod %s", clientA) - psb, err := testData.podWaitForIPs(defaultTimeout, clientB, ns) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod %s", clientB) - iPs, err := testData.podWaitForIPs(defaultTimeout, podA, ns) - t.Logf("Pods are %v", iPs) - assertNil(t, err, "Error when waiting for IP for Pod %s", podA) - - // Ping from pod - err = testData.runPingCommandFromPod(ns, clientA, iPs, 4) - assertNil(t, err, "Error when running ping command from Pod %s", clientA) - err = testData.runPingCommandFromPod(ns, clientB, iPs, 4) - assertNil(t, err, "Error when running ping command from Pod %s", clientB) + // Temporarily disable traffic check + //clientA := "client-a" + //clientB := "client-b" + //podA := "pod-a" + /* + // Wait for pods + ps, err := testData.podWaitForIPs(defaultTimeout, clientA, ns) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod %s", clientA) + psb, err := testData.podWaitForIPs(defaultTimeout, clientB, ns) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod %s", clientB) + iPs, err := testData.podWaitForIPs(defaultTimeout, podA, ns) + t.Logf("Pods are %v", iPs) + assertNil(t, err, "Error when waiting for IP for Pod %s", podA) + + // Ping from pod + err = testData.runPingCommandFromPod(ns, clientA, iPs, 4) + assertNil(t, err, "Error when running ping command from Pod %s", clientA) + err = testData.runPingCommandFromPod(ns, clientB, iPs, 4) + assertNil(t, err, "Error when running ping command from Pod %s", clientB) + */ // Create security policy nsIsolationPath, _ := filepath.Abs("./manifest/testSecurityPolicy/match-expression.yaml") @@ -185,11 +195,14 @@ func TestSecurityPolicyMatchExpression(t *testing.T) { err = testData.waitForResourceExistOrNot(ns, common.ResourceTypeRule, securityPolicyName, true) assertNil(t, err) - // Ping from pod - err = testData.runPingCommandFromPod(ns, clientA, iPs, 4) - assertNil(t, err, "Error when running ping command from Pod %s", clientA) - err = testData.runPingCommandFromPod(ns, clientB, iPs, 4) - assert.NotNilf(t, err, "Error when running ping command from Pod %s", clientB) + // Temporarily disable traffic check + /* + // Ping from pod + err = testData.runPingCommandFromPod(ns, clientA, iPs, 4) + assertNil(t, err, "Error when running ping command from Pod %s", clientA) + err = testData.runPingCommandFromPod(ns, clientB, iPs, 4) + assert.NotNilf(t, err, "Error when running ping command from Pod %s", clientB) + */ // Delete security policy _ = deleteYAML(nsIsolationPath, ns) @@ -202,13 +215,17 @@ func TestSecurityPolicyMatchExpression(t *testing.T) { err = testData.waitForResourceExistOrNot(ns, common.ResourceTypeRule, securityPolicyName, false) assertNil(t, err) - // Ping from pod - err = testData.runPingCommandFromPod(ns, clientA, iPs, 4) - assertNil(t, err, "Error when running ping command from Pod %s", clientA) - err = testData.runPingCommandFromPod(ns, clientB, iPs, 4) - assertNil(t, err, "Error when running ping command from Pod %s", clientB) + // Temporarily disable traffic check + /* + // Ping from pod + err = testData.runPingCommandFromPod(ns, clientA, iPs, 4) + assertNil(t, err, "Error when running ping command from Pod %s", clientA) + err = testData.runPingCommandFromPod(ns, clientB, iPs, 4) + assertNil(t, err, "Error when running ping command from Pod %s", clientB) + */ } +/* // TestSecurityPolicyNamedPort0 verifies that the traffic of security policy when named port applied. // This test is to verify the named port feature of security policy. // When appliedTo is in policy level. @@ -763,3 +780,4 @@ func TestSecurityPolicyNamedPort7(t *testing.T) { err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, false) assertNil(t, err) } +*/ diff --git a/test/e2e/util.go b/test/e2e/util.go index 90ed9daaa..874b0d04a 100644 --- a/test/e2e/util.go +++ b/test/e2e/util.go @@ -30,6 +30,8 @@ func assertNil(t *testing.T, object interface{}, msgAndArgs ...interface{}) bool panic("assertion failed") } +//Temporarily disable traffic check +/* func assertNotNil(t *testing.T, object interface{}, msgAndArgs ...interface{}) bool { if assert.NotNil(t, object, msgAndArgs...) { t.Logf("assertNotNil: %v", object) @@ -37,6 +39,7 @@ func assertNotNil(t *testing.T, object interface{}, msgAndArgs ...interface{}) b } panic("assertion failed") } +*/ func assertTrue(t *testing.T, value bool, msgAndArgs ...interface{}) bool { if assert.True(t, value, msgAndArgs...) {