cnf-network: add multi-netpolicy tests for ipvlan cni

tests/cnf/core/network/policy/internal/tsparams/consts.go

@@ -5,4 +5,8 @@ const (
 	LabelSuite = "policy"
 	// TestNamespaceName policy namespace where all test cases are performed.
 	TestNamespaceName = "policy-tests"
+	// MultiNetPolNs1 policy namespace where all test cases are performed.
+	MultiNetPolNs1 = "policy-ns1"
+	// MultiNetPolNs2 policy namespace where all test cases are performed.
+	MultiNetPolNs2 = "policy-ns2"
 )

tests/cnf/core/network/policy/internal/tsparams/policyvars.go

@@ -47,4 +47,32 @@ var (
 	WaitTrafficTimeout = 1 * time.Minute
 	// RetryTrafficInterval represents retry interval for the traffic Eventually functions.
 	RetryTrafficInterval = 20 * time.Second
+	// AllOpen represents that ports 5001,5002,5003 to be open.
+	AllOpen = map[string]string{"5001": "pass", "5002": "pass", "5003": "pass"}
+	// AllClose represents that ports 5001,5002,5003 to be close.
+	AllClose = map[string]string{"5001": "fail", "5002": "fail", "5003": "fail"}
+	// P5001Open represents that port 5001 to be open and 5002-3 to be closed.
+	P5001Open = map[string]string{"5001": "pass", "5002": "fail", "5003": "fail"}
+	// P5001p5002Open represents that port 5001 & 5002 to be open and 5003 to be closed.
+	P5001p5002Open = map[string]string{"5001": "pass", "5002": "pass", "5003": "fail"}
+	// Protocols indicates list of protocols used in policy tests.
+	Protocols = []string{"tcp", "tcp", "udp"}
+	// Ports indicates list of ports used in policy tests.
+	Ports = []string{"5001", "5002", "5003"}
+	// TestData represents test resource data for policy tests.
+	TestData = PodsData{
+		"pod1": {IPv4: "192.168.10.10/24", IPv6: "2001:0:0:1::10/64", Protocols: Protocols, Ports: Ports},
+		"pod2": {IPv4: "192.168.10.11/24", IPv6: "2001:0:0:1::11/64", Protocols: Protocols, Ports: Ports},
+		"pod3": {IPv4: "192.168.10.12/24", IPv6: "2001:0:0:1::12/64", Protocols: Protocols, Ports: Ports},
+		"pod4": {IPv4: "192.168.20.11/24", IPv6: "2001:0:0:2::11/64", Protocols: Protocols, Ports: Ports},
+		"pod5": {IPv4: "192.168.20.12/24", IPv6: "2001:0:0:2::12/64", Protocols: Protocols, Ports: Ports},
+	}
 )
+
+// PodsData contains test pods data used for policy tests.
+type PodsData map[string]struct {
+	IPv4      string
+	IPv6      string
+	Protocols []string
+	Ports     []string
+}

tests/cnf/core/network/policy/tests/common.go

@@ -0,0 +1,99 @@
+package tests
+
+import (
+	"encoding/xml"
+	"fmt"
+	"net"
+	"strings"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/openshift-kni/eco-goinfra/pkg/pod"
+	"github.com/openshift-kni/eco-gotests/tests/cnf/core/network/policy/internal/tsparams"
+)
+
+func verifyPaths(
+	sPod, dPod *pod.Builder,
+	ipv4ExpectedResult, ipv6ExpectedResult map[string]string,
+	testData tsparams.PodsData,
+) {
+	By("Deriving applicable paths between given source and destination pods")
+	runNmapAndValidateResults(sPod, testData[sPod.Object.Name].IPv4,
+		testData[dPod.Object.Name].Protocols, testData[dPod.Object.Name].Ports,
+		strings.Split(testData[dPod.Object.Name].IPv4, "/")[0], ipv4ExpectedResult)
+	runNmapAndValidateResults(sPod, testData[sPod.Object.Name].IPv6,
+		testData[dPod.Object.Name].Protocols, testData[dPod.Object.Name].Ports,
+		strings.Split(testData[dPod.Object.Name].IPv6, "/")[0], ipv6ExpectedResult)
+}
+
+func runNmapAndValidateResults(
+	sPod *pod.Builder,
+	sourceIP string,
+	protocols []string,
+	ports []string,
+	targetIP string,
+	expectedResult map[string]string) {
+	// NmapXML defines the structure nmap command output in xml.
+	type NmapXML struct {
+		XMLName xml.Name `xml:"nmaprun"`
+		Text    string   `xml:",chardata"`
+		Host    struct {
+			Text   string `xml:",chardata"`
+			Status struct {
+				Text  string `xml:",chardata"`
+				State string `xml:"state,attr"`
+			} `xml:"status"`
+			Address []struct {
+				Text     string `xml:",chardata"`
+				Addr     string `xml:"addr,attr"`
+				Addrtype string `xml:"addrtype,attr"`
+			} `xml:"address"`
+			Ports struct {
+				Text string `xml:",chardata"`
+				Port []struct {
+					Text     string `xml:",chardata"`
+					Protocol string `xml:"protocol,attr"`
+					Portid   string `xml:"portid,attr"`
+					State    struct {
+						Text  string `xml:",chardata"`
+						State string `xml:"state,attr"`
+					} `xml:"state"`
+				} `xml:"port"`
+			} `xml:"ports"`
+		} `xml:"host"`
+	}
+
+	By("Running nmap command in source pod")
+
+	var nmapOutput NmapXML
+
+	nmapCmd := fmt.Sprintf("nmap -v -oX - -sT -sU -p T:5001,T:5002,U:5003 %s", targetIP)
+
+	if net.ParseIP(targetIP).To4() == nil {
+		nmapCmd += " -6"
+	}
+
+	output, err := sPod.ExecCommand([]string{"/bin/bash", "-c", nmapCmd})
+	Expect(err).NotTo(HaveOccurred(), "Failed to execute nmap command in source pod")
+
+	err = xml.Unmarshal(output.Bytes(), &nmapOutput)
+	Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Failed to unmarshal nmap output: %s", output.String()))
+
+	By("Verifying nmap output is matching with expected results")
+	Expect(len(nmapOutput.Host.Ports.Port)).To(Equal(len(ports)),
+		fmt.Sprintf("number of ports in nmap output as expected. Nmap XML output: %v", nmapOutput.Host.Ports.Port))
+
+	for index := range len(nmapOutput.Host.Ports.Port) {
+		if expectedResult[nmapOutput.Host.Ports.Port[index].Portid] == "pass" {
+			By(fmt.Sprintf("Path %s/%s =====> %s:%s:%s Expected to Pass\n",
+				sPod.Object.Name, sourceIP, targetIP, protocols[index], ports[index]))
+			Expect(nmapOutput.Host.Ports.Port[index].State.State).To(Equal("open"),
+				fmt.Sprintf("Port is not open as expected. Output: %v", nmapOutput.Host.Ports.Port[index]))
+		} else {
+			By(fmt.Sprintf("Path %s/%s =====> %s:%s:%s Expected to Fail\n",
+				sPod.Object.Name, sourceIP, targetIP, protocols[index], ports[index]))
+			Expect(nmapOutput.Host.Ports.Port[index].State.State).To(SatisfyAny(Equal("open|filtered"), Equal("filtered")),
+				fmt.Sprintf("Port is not filtered as expected. Output: %v", nmapOutput.Host.Ports.Port[index]))
+		}
+	}
+}