Skip to content

Commit

Permalink
Update UTs.
Browse files Browse the repository at this point in the history
  • Loading branch information
Milan Lenco committed Dec 7, 2018
1 parent 98733e5 commit 8127611
Show file tree
Hide file tree
Showing 6 changed files with 924 additions and 1,077 deletions.
4 changes: 4 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ test:
go test ./plugins/policy/configurator -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/renderer/cache -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/renderer/acl -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/renderer/vpptcp -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/cache -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/cache/namespaceidx -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/cache/podidx -tags="${GO_BUILD_TAGS}"
Expand All @@ -101,6 +102,7 @@ test-race:
go test ./plugins/policy/configurator -race -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/renderer/cache -race -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/renderer/acl -race -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/renderer/vpptcp -race -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/cache -race -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/cache/namespaceidx -race -tags="${GO_BUILD_TAGS}"
go test ./plugins/policy/cache/podidx -race -tags="${GO_BUILD_TAGS}"
Expand All @@ -127,6 +129,7 @@ test-cover: get-covtools
go test -covermode=count -coverprofile=${COVER_DIR}cov_u7.out ./plugins/policy/configurator -tags="${GO_BUILD_TAGS}"
go test -covermode=count -coverprofile=${COVER_DIR}cov_u8.out ./plugins/policy/renderer/cache -tags="${GO_BUILD_TAGS}"
go test -covermode=count -coverprofile=${COVER_DIR}cov_u9.out ./plugins/policy/renderer/acl -tags="${GO_BUILD_TAGS}"
go test -covermode=count -coverprofile=${COVER_DIR}cov_u10.out ./plugins/policy/renderer/vpptcp -tags="${GO_BUILD_TAGS}"
go test -covermode=count -coverprofile=${COVER_DIR}cov_u11.out -coverpkg=./plugins/service/processor,./plugins/service/configurator ./plugins/service -tags="${GO_BUILD_TAGS}"
go test -covermode=count -coverprofile=${COVER_DIR}cov_u12.out ./plugins/policy/cache -tags="${GO_BUILD_TAGS}"
go test -covermode=count -coverprofile=${COVER_DIR}cov_u13.out ./plugins/policy/cache/namespaceidx -tags="${GO_BUILD_TAGS}"
Expand All @@ -147,6 +150,7 @@ test-cover: get-covtools
${COVER_DIR}cov_u7.out \
${COVER_DIR}cov_u8.out \
${COVER_DIR}cov_u9.out \
${COVER_DIR}cov_u10.out \
${COVER_DIR}cov_u11.out \
${COVER_DIR}cov_u12.out \
${COVER_DIR}cov_u13.out \
Expand Down
158 changes: 107 additions & 51 deletions plugins/policy/renderer/acl/acl_renderer_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (
"github.com/contiv/vpp/mock/localclient"
controller "github.com/contiv/vpp/plugins/controller/api"
"github.com/contiv/vpp/plugins/ipv4net"
"github.com/contiv/vpp/plugins/contivconf"
"github.com/contiv/vpp/plugins/policy/renderer"
"github.com/contiv/vpp/plugins/policy/renderer/cache"
. "github.com/contiv/vpp/plugins/policy/renderer/testdata"
Expand All @@ -54,6 +55,33 @@ var (
vppTxn controller.Transaction
)

type contivConfMock struct {
mainIfaceName string
otherIfaces []string
}

func (m* contivConfMock) SetMainInterfaceName(ifaceName string) {
m.mainIfaceName = ifaceName
}

func (m* contivConfMock) GetMainInterfaceName() string {
return m.mainIfaceName
}

func (m* contivConfMock) SetOtherVPPInterfaces(interfaces []string) {
m.otherIfaces = interfaces
}

func (m* contivConfMock) GetOtherVPPInterfaces() contivconf.OtherInterfaces {
interfaces := contivconf.OtherInterfaces{}
for _, otherIface := range m.otherIfaces {
interfaces = append(interfaces, &contivconf.OtherInterfaceConfig{
InterfaceName: otherIface,
})
}
return interfaces
}

func commitTxn() error {
if vppTxn == nil {
return nil
Expand Down Expand Up @@ -89,13 +117,23 @@ func updateTxnFactory(txnTracker *localclient.TxnTracker) func() controller.Upda
}
}

func verifyReflectiveACL(engine *MockACLEngine, ipv4Net ipv4net.API, ifName string, onOutputIfs bool, expectedToHave bool) {
ifs := []string{}
func nodeOutputInterfaces(ipv4Net ipv4net.API, contivConf ContivConf) (ifs []string) {
mainIfaceName := contivConf.GetMainInterfaceName()
if mainIfaceName != "" {
ifs = append(ifs, mainIfaceName)
}
for _, otherIface := range contivConf.GetOtherVPPInterfaces() {
ifs = append(ifs, otherIface.InterfaceName)
}
ifs = append(ifs, ipv4Net.GetVxlanBVIIfName())
ifs = append(ifs, ipv4Net.GetHostInterconnectIfName())
return ifs
}

func verifyReflectiveACL(engine *MockACLEngine, ipv4Net ipv4net.API, contivConf ContivConf, ifName string, onOutputIfs bool, expectedToHave bool) {
var ifs []string
if onOutputIfs {
ifs = ipv4Net.GetOtherPhysicalIfNames()
ifs = append(ifs, ipv4Net.GetVxlanBVIIfName())
ifs = append(ifs, ipv4Net.GetMainPhysicalIfName())
ifs = append(ifs, ipv4Net.GetHostInterconnectIfName())
ifs = nodeOutputInterfaces(ipv4Net, contivConf)
}
ifs = append(ifs, ifName)

Expand Down Expand Up @@ -127,11 +165,8 @@ func verifyReflectiveACL(engine *MockACLEngine, ipv4Net ipv4net.API, ifName stri
gomega.Expect(ipRule.Udp).To(gomega.BeNil())
}

func verifyGlobalTable(engine *MockACLEngine, ipv4Net ipv4net.API, expectedToHave bool) {
ifs := ipv4Net.GetOtherPhysicalIfNames()
ifs = append(ifs, ipv4Net.GetVxlanBVIIfName())
ifs = append(ifs, ipv4Net.GetMainPhysicalIfName())
ifs = append(ifs, ipv4Net.GetHostInterconnectIfName())
func verifyGlobalTable(engine *MockACLEngine, ipv4Net ipv4net.API, contivConf ContivConf, expectedToHave bool) {
ifs := nodeOutputInterfaces(ipv4Net, contivConf)

acl := engine.GetACLByName(ACLNamePrefix + cache.GlobalTableID)
if !expectedToHave {
Expand Down Expand Up @@ -159,9 +194,12 @@ func TestEgressRulesOnePod(t *testing.T) {
egress := []*renderer.ContivRule{Ts5.Rule1 /* UDP, OTHER not allowed */, Ts5.Rule2}

// Prepare mocks.
// -> ContivConf plugin
contivConf := &contivConfMock{}
contivConf.SetMainInterfaceName(mainIfName)

// -> IPv4Net plugin
ipv4Net := NewMockIPv4Net()
ipv4Net.SetMainPhysicalIfName(mainIfName)
ipv4Net.SetVxlanBVIIfName(vxlanIfName)
ipv4Net.SetHostInterconnectIfName(hostInterIfName)
ipv4Net.SetPodIfName(Pod1, Pod1IfName)
Expand Down Expand Up @@ -193,8 +231,8 @@ func TestEgressRulesOnePod(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(2))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, false, true)
verifyGlobalTable(aclEngine, ipv4Net, false)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, false, true)
verifyGlobalTable(aclEngine, ipv4Net, contivConf,false)

// Test connections (Pod1 can receive connection only from 10.10.0.0/16:[TCP:ANY]).
gomega.Expect(aclEngine.ConnectionPodToPod(Pod1, Pod6, renderer.TCP, somePort, 80)).To(gomega.Equal(ConnActionAllow))
Expand Down Expand Up @@ -232,9 +270,12 @@ func TestIngressRulesOnePod(t *testing.T) {
egress := []*renderer.ContivRule{}

// Prepare mocks.
// -> ContivConf plugin
contivConf := &contivConfMock{}
contivConf.SetMainInterfaceName(mainIfName)

// -> IPv4Net plugin
ipv4Net := NewMockIPv4Net()
ipv4Net.SetMainPhysicalIfName(mainIfName)
ipv4Net.SetVxlanBVIIfName(vxlanIfName)
ipv4Net.SetHostInterconnectIfName(hostInterIfName)
ipv4Net.SetPodIfName(Pod1, Pod1IfName)
Expand Down Expand Up @@ -266,8 +307,8 @@ func TestIngressRulesOnePod(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(3))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, contivConf,true)

// Test connections (Pod1 can initiate connection only to 10.10.0.0/16:[TCP:ANY]).
gomega.Expect(aclEngine.ConnectionPodToPod(Pod1, Pod6, renderer.TCP, somePort, 80)).To(gomega.Equal(ConnActionAllow))
Expand Down Expand Up @@ -309,9 +350,12 @@ func TestEgressRulesTwoPods(t *testing.T) {
egress := []*renderer.ContivRule{Ts5.Rule1 /* UDP, OTHER not allowed */, Ts5.Rule2}

// Prepare mocks.
// -> ContivConf plugin
contivConf := &contivConfMock{}
contivConf.SetMainInterfaceName(mainIfName)

// -> IPv4Net plugin
ipv4Net := NewMockIPv4Net()
ipv4Net.SetMainPhysicalIfName(mainIfName)
ipv4Net.SetVxlanBVIIfName(vxlanIfName)
ipv4Net.SetHostInterconnectIfName(hostInterIfName)
ipv4Net.SetPodIfName(Pod1, Pod1IfName)
Expand Down Expand Up @@ -349,9 +393,9 @@ func TestEgressRulesTwoPods(t *testing.T) {
// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(2)) /* pod1 and pod2 should share the same local table */
gomega.Expect(aclEngine.GetNumOfACLChanges()).To(gomega.Equal(2))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, false, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod2IfName, false, true)
verifyGlobalTable(aclEngine, ipv4Net, false)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, false, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod2IfName, false, true)
verifyGlobalTable(aclEngine, ipv4Net, contivConf,false)

// Test connections (Pod1, Pod2 can receive connection only from 10.10.0.0/16:[TCP:ANY]).
// -> dst = pod1
Expand Down Expand Up @@ -392,9 +436,9 @@ func TestEgressRulesTwoPods(t *testing.T) {
// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(2))
gomega.Expect(aclEngine.GetNumOfACLChanges()).To(gomega.Equal(4)) /* changed interfaces for local table + reflective ACL */
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, false, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod2IfName, false, false)
verifyGlobalTable(aclEngine, ipv4Net, false)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, false, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod2IfName, false, false)
verifyGlobalTable(aclEngine, ipv4Net, contivConf,false)
}

func TestCombinedRules(t *testing.T) {
Expand All @@ -421,9 +465,12 @@ func TestCombinedRules(t *testing.T) {
}

// Prepare mocks.
// -> ContivConf plugin
contivConf := &contivConfMock{}
contivConf.SetMainInterfaceName(mainIfName)

// -> IPv4Net plugin
ipv4Net := NewMockIPv4Net()
ipv4Net.SetMainPhysicalIfName(mainIfName)
ipv4Net.SetVxlanBVIIfName(vxlanIfName)
ipv4Net.SetHostInterconnectIfName(hostInterIfName)
ipv4Net.SetPodIfName(Pod1, Pod1IfName)
Expand Down Expand Up @@ -460,9 +507,9 @@ func TestCombinedRules(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(4))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, contivConf,true)

// Test connections.
// -> src = pod1
Expand Down Expand Up @@ -511,9 +558,9 @@ func TestCombinedRules(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(4))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, contivConf, true)

// Test connections.
// -> src = pod1
Expand Down Expand Up @@ -577,9 +624,12 @@ func TestCombinedRulesWithResync(t *testing.T) {
}

// Prepare mocks.
// -> ContivConf plugin
contivConf := &contivConfMock{}
contivConf.SetMainInterfaceName(mainIfName)

// -> IPv4Net plugin
ipv4Net := NewMockIPv4Net()
ipv4Net.SetMainPhysicalIfName(mainIfName)
ipv4Net.SetVxlanBVIIfName(vxlanIfName)
ipv4Net.SetHostInterconnectIfName(hostInterIfName)
ipv4Net.SetPodIfName(Pod1, Pod1IfName)
Expand Down Expand Up @@ -646,9 +696,9 @@ func TestCombinedRulesWithResync(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(4))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, contivConf, true)

// Test connections.
// -> src = pod1
Expand Down Expand Up @@ -700,9 +750,9 @@ func TestCombinedRulesWithResync(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(4))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, contivConf, true)

// Test connections.
// -> src = pod1
Expand Down Expand Up @@ -761,9 +811,12 @@ func TestCombinedRulesWithResyncAndRemovedPod(t *testing.T) {
}

// Prepare mocks.
// -> ContivConf plugin
contivConf := &contivConfMock{}
contivConf.SetMainInterfaceName(mainIfName)

// -> IPv4Net plugin
ipv4Net := NewMockIPv4Net()
ipv4Net.SetMainPhysicalIfName(mainIfName)
ipv4Net.SetVxlanBVIIfName(vxlanIfName)
ipv4Net.SetHostInterconnectIfName(hostInterIfName)
ipv4Net.SetPodIfName(Pod1, Pod1IfName)
Expand Down Expand Up @@ -821,9 +874,9 @@ func TestCombinedRulesWithResyncAndRemovedPod(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(3))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod3IfName, true, false)
verifyGlobalTable(aclEngine, ipv4Net, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod3IfName, true, false)
verifyGlobalTable(aclEngine, ipv4Net, contivConf,true)

// Test connections (removed pod3 = no ACLs assigned to pod3).
// -> src = pod1
Expand Down Expand Up @@ -877,9 +930,9 @@ func TestCombinedRulesWithResyncAndRemovedPod(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(4))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod3IfName, true, true)
verifyGlobalTable(aclEngine, ipv4Net, contivConf, true)

// Test connections.
// -> src = pod1
Expand Down Expand Up @@ -938,9 +991,12 @@ func TestCombinedRulesWithRemovedPods(t *testing.T) {
}

// Prepare mocks.
// -> ContivConf plugin
contivConf := &contivConfMock{}
contivConf.SetMainInterfaceName(mainIfName)

// -> IPv4Net plugin
ipv4Net := NewMockIPv4Net()
ipv4Net.SetMainPhysicalIfName(mainIfName)
ipv4Net.SetVxlanBVIIfName(vxlanIfName)
ipv4Net.SetHostInterconnectIfName(hostInterIfName)
ipv4Net.SetPodIfName(Pod1, Pod1IfName)
Expand Down Expand Up @@ -987,9 +1043,9 @@ func TestCombinedRulesWithRemovedPods(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(3))
verifyReflectiveACL(aclEngine, ipv4Net, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, Pod3IfName, true, false)
verifyGlobalTable(aclEngine, ipv4Net, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod1IfName, true, true)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf, Pod3IfName, true, false)
verifyGlobalTable(aclEngine, ipv4Net, contivConf,true)

// Test connections (removed pod3 = no ACLs assigned to pod3).
// -> src = pod1
Expand Down Expand Up @@ -1041,6 +1097,6 @@ func TestCombinedRulesWithRemovedPods(t *testing.T) {

// Test ACLs.
gomega.Expect(aclEngine.GetNumOfACLs()).To(gomega.Equal(0)) /* all ACLs cleaned up */
verifyReflectiveACL(aclEngine, ipv4Net, "", false, false)
verifyGlobalTable(aclEngine, ipv4Net, false)
verifyReflectiveACL(aclEngine, ipv4Net, contivConf,"", false, false)
verifyGlobalTable(aclEngine, ipv4Net, contivConf,false)
}
Loading

0 comments on commit 8127611

Please sign in to comment.