New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add e2e test which verifies traffic policies and firewall in services #10972

Open

manuelbuil wants to merge 1 commit into k3s-io:master from manuelbuil:addTestAdvanceFeatureServices

+611 −0

Contributor

manuelbuil commented Oct 2, 2024 •

edited

Loading

Proposed Changes

New e2e test to verify services externaltrafficpolicy, internaltrafficpolicy and loadBalancerSourceRanges

Types of Changes

New e2e test

Verification

Run go test

Testing

Linked Issues

User-Facing Change

Further Comments

manuelbuil requested a review from a team as a code owner

October 2, 2024 14:20

manuelbuil force-pushed the addTestAdvanceFeatureServices branch 2 times, most recently from fbabd3b to bb73757 Compare

October 3, 2024 11:12

manuelbuil changed the title ~~Add e2e test which verifies externaltrafficpolicy and internaltraffic policy~~ Add e2e test which verifies traffic policies and firewall

manuelbuil changed the title ~~Add e2e test which verifies traffic policies and firewall~~ Add e2e test which verifies traffic policies and firewall in services

manuelbuil mentioned this pull request

Simplify svclb daemonset #10954

Open

codecov bot commented Oct 3, 2024 •

edited

Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 44.10%. Comparing base (6c6d87d) to head (3be3ae2).
Report is 11 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (6c6d87d) and HEAD (3be3ae2). Click for more details.

HEAD has 1 upload less than BASE

Flag BASE (6c6d87d) HEAD (3be3ae2)

e2etests 7 6

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10972      +/-   ##
==========================================
- Coverage   50.06%   44.10%   -5.96%     
==========================================
  Files         178      178              
  Lines       14801    14814      +13     
==========================================
- Hits         7410     6534     -876     
- Misses       6044     7077    +1033     
+ Partials     1347     1203     -144

Flag	Coverage Δ
e2etests	`36.47% <ø> (-9.80%)`	⬇️
inttests	`36.73% <ø> (-0.02%)`	⬇️
unittests	`13.52% <ø> (-0.03%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

manuelbuil force-pushed the addTestAdvanceFeatureServices branch 2 times, most recently from 975da3f to bc30eee Compare

October 3, 2024 15:17

thomasferrandiz previously approved these changes

View reviewed changes

manuelbuil dismissed thomasferrandiz’s stale review via

October 4, 2024 10:38

manuelbuil force-pushed the addTestAdvanceFeatureServices branch from bc30eee to 2031570 Compare

October 4, 2024 10:38

manuelbuil requested a review from thomasferrandiz

October 7, 2024 09:01

VestigeJ previously approved these changes

View reviewed changes

dereknola requested changes

View reviewed changes

tests/e2e/svcpoliciesandfirewall/svcpoliciesandfirewall_test.go Outdated

+              var nodeOS = flag.String("nodeOS", "bento/ubuntu-24.04", "VM operating system")
+              var serverCount = flag.Int("serverCount", 1, "number of server nodes")
+              var agentCount = flag.Int("agentCount", 1, "number of agent nodes")
+              var hardened = flag.Bool("hardened", false, "true or false")

Member

dereknola Oct 7, 2024

Not used.

Suggested change

var hardened = flag.Bool("hardened", false, "true or false")

Contributor Author

manuelbuil Oct 8, 2024

good

tests/e2e/svcpoliciesandfirewall/svcpoliciesandfirewall_test.go Outdated

Comment on lines 125 to 128

+              		Eventually(func() (int, error) {
+              			externalIPs, _ := e2e.FetchExternalIPs(kubeConfigFile, lbSvc)
+              			return len(externalIPs), nil
+              		}, "25s", "5s").Should(Equal(2), "external IP count not equal to 2")

Member

dereknola Oct 7, 2024

Your ignoring the error state that could occur from FetchExternalIPs but Ginkgo can handle that.

Suggested change

      
            		Eventually(func() (int, error) {
          
            			externalIPs, _ := e2e.FetchExternalIPs(kubeConfigFile, lbSvc)
          
            			return len(externalIPs), nil
          
            		}, "25s", "5s").Should(Equal(2), "external IP count not equal to 2")
          
            		Eventually(func() ([]string, error) {
          
            		        return e2e.FetchExternalIPs(kubeConfigFile, lbSvc)
          
            		}, "25s", "5s").Should(HaveLen(2), "external IP count not equal to 2")

Contributor Author

manuelbuil Oct 8, 2024

Thanks, I did not know about the HaveLen

tests/e2e/svcpoliciesandfirewall/svcpoliciesandfirewall_test.go

		@@ -0,0 +1,363 @@
		// This test verifies:

Member

dereknola Oct 7, 2024

Note: I hand wrote these corrections, so spacing might be bad, don't just commit them via GH 😄

tests/e2e/svcpoliciesandfirewall/svcpoliciesandfirewall_test.go Outdated

Comment on lines 130 to 136

+              		Eventually(func() (bool, error) {
+              			externalIPs, _ := e2e.FetchExternalIPs(kubeConfigFile, lbSvcExt)
+              			if len(externalIPs) != 1 {
+              				return false, nil
+              			}
+              			return externalIPs[0] == serverNodeIP, nil
+              		}, "25s", "5s").Should(BeTrue(), "external IP count not equal to 1 or external IP does not match serverNodeIP")

Member

dereknola Oct 7, 2024

Suggested change

      
            		Eventually(func() (bool, error) {
          
            			externalIPs, _ := e2e.FetchExternalIPs(kubeConfigFile, lbSvcExt)
          
            			if len(externalIPs) != 1 {
          
            				return false, nil
          
            			}
          
            			return externalIPs[0] == serverNodeIP, nil
          
            		}, "25s", "5s").Should(BeTrue(), "external IP count not equal to 1 or external IP does not match serverNodeIP")
          
            		Eventually(func(g Gomega) (bool, error) {
          
            			externalIPs, _ := e2e.FetchExternalIPs(kubeConfigFile, lbSvcExt)
          
            			g.Expect(externalIPs).To(HaveLen(1), "more than 1 exernalIP found")
          
            			g.Expect(externalIPs[0]).To(Equal(serverNodeIP),"external IP does not match servernodeIP")
          
            		}, "25s", "5s").Should(Succeed())

Member

dereknola Oct 7, 2024

We can use the gomega Assertions In Eventually feature to standardize the checks

Contributor Author

manuelbuil Oct 8, 2024

thanks! Your suggestion looks better :)

tests/e2e/svcpoliciesandfirewall/svcpoliciesandfirewall_test.go Outdated

Comment on lines 168 to 176

+              			Eventually(func() (bool) {
+              				cmd := "curl -s --max-time 5 " + externalIP + ":82/ip"
+              				_, err := e2e.RunCommand(cmd)
+              				if err != nil && strings.Contains(err.Error(), "exit status") {
+              					// Treat exit status as a successful condition
+              					return true
+              				}
+              				return false
+              			}, "40s", "5s").Should(BeTrue())

Member

dereknola Oct 7, 2024

Use gomega error matcher

Suggested change

      
            			Eventually(func() (bool) {
          
            				cmd := "curl -s --max-time 5 " + externalIP + ":82/ip"
          
            				_, err := e2e.RunCommand(cmd)
          
            				if err != nil && strings.Contains(err.Error(), "exit status") {
          
            					// Treat exit status as a successful condition
          
            					return true
          
            				}
          
            				return false
          
            			}, "40s", "5s").Should(BeTrue())
          
            			Eventually(func() error {
          
            				cmd := "curl -s --max-time 5 " + externalIP + ":82/ip"
          
            				_, err := e2e.RunCommand(cmd)
          
            				return err
          
            			}, "40s", "5s").Should(MatchError(ContainSubstring("exit status")))

Contributor Author

manuelbuil Oct 8, 2024

done, thanks!

tests/e2e/svcpoliciesandfirewall/svcpoliciesandfirewall_test.go Outdated

Comment on lines 229 to 230

		return serverNodeName != "" && clientPod1 != "" && clientPod2 != "" && clientPod1Node != "" && clientPod2Node != "", nil
		}, "25s", "5s").Should(BeTrue(), "All pod names and nodes should be non-empty")

Member

dereknola Oct 7, 2024

You should be able to rewrite this using the g Gomega feature like the above comment, don't embed a complex series of checks as a single return statement, have each one be check with some g.Expect(serverNodeName).NotTo(BeEmpty) etc.

Contributor Author

manuelbuil Oct 8, 2024

When passing func(g Gomega) and checking variables along the function, there isn't really a need to return anything, right?

tests/e2e/svcpoliciesandfirewall/svcpoliciesandfirewall_test.go Outdated

Comment on lines 337 to 345

+              			Eventually(func() (bool) {
+              				cmd := "curl -s --max-time 5 " + node.InternalIP + ":82"
+              				_, err := e2e.RunCmdOnNode(cmd, nodes[1].Name)
+              				if err != nil && strings.Contains(err.Error(), "exit status") {
+              					// Treat exit status as a successful condition
+              					return true
+              				}
+              				return false
+              			}, "40s", "5s").Should(BeTrue())

Member

dereknola Oct 7, 2024

Same as above, rewrite using the gomega error matcher checks

Contributor Author

manuelbuil Oct 8, 2024

done!

manuelbuil requested a review from dereknola

October 8, 2024 09:47


          Add e2e test for advanced fields in services

3be3ae2

Signed-off-by: manuelbuil <[email protected]>

manuelbuil dismissed VestigeJ’s stale review via

3be3ae2

October 8, 2024 09:52

manuelbuil force-pushed the addTestAdvanceFeatureServices branch from 2031570 to 3be3ae2 Compare

October 8, 2024 09:53

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet