Skip to content

Commit

Permalink
cnf-network: add multi-netpolicy tests for ipvlan cni (#345)
Browse files Browse the repository at this point in the history
  • Loading branch information
ajaggapa authored Dec 31, 2024
1 parent 49edbf0 commit 389b893
Show file tree
Hide file tree
Showing 5 changed files with 865 additions and 269 deletions.
4 changes: 4 additions & 0 deletions tests/cnf/core/network/policy/internal/tsparams/consts.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,8 @@ const (
LabelSuite = "policy"
// TestNamespaceName policy namespace where all test cases are performed.
TestNamespaceName = "policy-tests"
// MultiNetPolNs1 policy namespace where all test cases are performed.
MultiNetPolNs1 = "policy-ns1"
// MultiNetPolNs2 policy namespace where all test cases are performed.
MultiNetPolNs2 = "policy-ns2"
)
28 changes: 28 additions & 0 deletions tests/cnf/core/network/policy/internal/tsparams/policyvars.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,32 @@ var (
WaitTrafficTimeout = 1 * time.Minute
// RetryTrafficInterval represents retry interval for the traffic Eventually functions.
RetryTrafficInterval = 20 * time.Second
// AllOpen represents that ports 5001,5002,5003 to be open.
AllOpen = map[string]string{"5001": "pass", "5002": "pass", "5003": "pass"}
// AllClose represents that ports 5001,5002,5003 to be close.
AllClose = map[string]string{"5001": "fail", "5002": "fail", "5003": "fail"}
// P5001Open represents that port 5001 to be open and 5002-3 to be closed.
P5001Open = map[string]string{"5001": "pass", "5002": "fail", "5003": "fail"}
// P5001p5002Open represents that port 5001 & 5002 to be open and 5003 to be closed.
P5001p5002Open = map[string]string{"5001": "pass", "5002": "pass", "5003": "fail"}
// Protocols indicates list of protocols used in policy tests.
Protocols = []string{"tcp", "tcp", "udp"}
// Ports indicates list of ports used in policy tests.
Ports = []string{"5001", "5002", "5003"}
// TestData represents test resource data for policy tests.
TestData = PodsData{
"pod1": {IPv4: "192.168.10.10/24", IPv6: "2001:0:0:1::10/64", Protocols: Protocols, Ports: Ports},
"pod2": {IPv4: "192.168.10.11/24", IPv6: "2001:0:0:1::11/64", Protocols: Protocols, Ports: Ports},
"pod3": {IPv4: "192.168.10.12/24", IPv6: "2001:0:0:1::12/64", Protocols: Protocols, Ports: Ports},
"pod4": {IPv4: "192.168.20.11/24", IPv6: "2001:0:0:2::11/64", Protocols: Protocols, Ports: Ports},
"pod5": {IPv4: "192.168.20.12/24", IPv6: "2001:0:0:2::12/64", Protocols: Protocols, Ports: Ports},
}
)

// PodsData contains test pods data used for policy tests.
type PodsData map[string]struct {
IPv4 string
IPv6 string
Protocols []string
Ports []string
}
99 changes: 99 additions & 0 deletions tests/cnf/core/network/policy/tests/common.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
package tests

import (
"encoding/xml"
"fmt"
"net"
"strings"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"github.com/openshift-kni/eco-goinfra/pkg/pod"
"github.com/openshift-kni/eco-gotests/tests/cnf/core/network/policy/internal/tsparams"
)

func verifyPaths(
sPod, dPod *pod.Builder,
ipv4ExpectedResult, ipv6ExpectedResult map[string]string,
testData tsparams.PodsData,
) {
By("Deriving applicable paths between given source and destination pods")
runNmapAndValidateResults(sPod, testData[sPod.Object.Name].IPv4,
testData[dPod.Object.Name].Protocols, testData[dPod.Object.Name].Ports,
strings.Split(testData[dPod.Object.Name].IPv4, "/")[0], ipv4ExpectedResult)
runNmapAndValidateResults(sPod, testData[sPod.Object.Name].IPv6,
testData[dPod.Object.Name].Protocols, testData[dPod.Object.Name].Ports,
strings.Split(testData[dPod.Object.Name].IPv6, "/")[0], ipv6ExpectedResult)
}

func runNmapAndValidateResults(
sPod *pod.Builder,
sourceIP string,
protocols []string,
ports []string,
targetIP string,
expectedResult map[string]string) {
// NmapXML defines the structure nmap command output in xml.
type NmapXML struct {
XMLName xml.Name `xml:"nmaprun"`
Text string `xml:",chardata"`
Host struct {
Text string `xml:",chardata"`
Status struct {
Text string `xml:",chardata"`
State string `xml:"state,attr"`
} `xml:"status"`
Address []struct {
Text string `xml:",chardata"`
Addr string `xml:"addr,attr"`
Addrtype string `xml:"addrtype,attr"`
} `xml:"address"`
Ports struct {
Text string `xml:",chardata"`
Port []struct {
Text string `xml:",chardata"`
Protocol string `xml:"protocol,attr"`
Portid string `xml:"portid,attr"`
State struct {
Text string `xml:",chardata"`
State string `xml:"state,attr"`
} `xml:"state"`
} `xml:"port"`
} `xml:"ports"`
} `xml:"host"`
}

By("Running nmap command in source pod")

var nmapOutput NmapXML

nmapCmd := fmt.Sprintf("nmap -v -oX - -sT -sU -p T:5001,T:5002,U:5003 %s", targetIP)

if net.ParseIP(targetIP).To4() == nil {
nmapCmd += " -6"
}

output, err := sPod.ExecCommand([]string{"/bin/bash", "-c", nmapCmd})
Expect(err).NotTo(HaveOccurred(), "Failed to execute nmap command in source pod")

err = xml.Unmarshal(output.Bytes(), &nmapOutput)
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Failed to unmarshal nmap output: %s", output.String()))

By("Verifying nmap output is matching with expected results")
Expect(len(nmapOutput.Host.Ports.Port)).To(Equal(len(ports)),
fmt.Sprintf("number of ports in nmap output as expected. Nmap XML output: %v", nmapOutput.Host.Ports.Port))

for index := range len(nmapOutput.Host.Ports.Port) {
if expectedResult[nmapOutput.Host.Ports.Port[index].Portid] == "pass" {
By(fmt.Sprintf("Path %s/%s =====> %s:%s:%s Expected to Pass\n",
sPod.Object.Name, sourceIP, targetIP, protocols[index], ports[index]))
Expect(nmapOutput.Host.Ports.Port[index].State.State).To(Equal("open"),
fmt.Sprintf("Port is not open as expected. Output: %v", nmapOutput.Host.Ports.Port[index]))
} else {
By(fmt.Sprintf("Path %s/%s =====> %s:%s:%s Expected to Fail\n",
sPod.Object.Name, sourceIP, targetIP, protocols[index], ports[index]))
Expect(nmapOutput.Host.Ports.Port[index].State.State).To(SatisfyAny(Equal("open|filtered"), Equal("filtered")),
fmt.Sprintf("Port is not filtered as expected. Output: %v", nmapOutput.Host.Ports.Port[index]))
}
}
}
Loading

0 comments on commit 389b893

Please sign in to comment.