policygen

package
v1.10.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 19, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Copyright 2017 Authors of Cilium

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	HTTP        = "HTTP"
	HTTPPrivate = "HTTPPrivate"
	Ping        = "Ping"
	UDP         = "UDP"
)

Variables

View Source
var (
	ConnTests              = []string{Ping, HTTP, HTTPPrivate}
	ConnTestsFailedResults = []ResultType{
		ResultTimeout,
		ResultAuth,
	}
	ConnTestsActions = map[string]func(srcPod string, dest TargetDetails, kub *helpers.Kubectl) ResultType{
		Ping:        PingAction,
		HTTP:        HTTPActionPublic,
		HTTPPrivate: HTTPActionPrivate,
	}

	ConnResultAllOK = ConnTestSpec{
		HTTP:        ResultOK,
		HTTPPrivate: ResultOK,
		Ping:        ResultOK,
		UDP:         ResultOK,
	}

	ConnResultAllTimeout = ConnTestSpec{
		HTTP:        ResultTimeout,
		HTTPPrivate: ResultTimeout,
		Ping:        ResultTimeout,
		UDP:         ResultTimeout,
	}

	ConnResultOnlyHTTP = ConnTestSpec{
		HTTP:        ResultOK,
		HTTPPrivate: ResultOK,
		Ping:        ResultTimeout,
		UDP:         ResultTimeout,
	}

	ConnResultOnlyHTTPPrivate = ConnTestSpec{
		HTTP:        ResultAuth,
		HTTPPrivate: ResultOK,
		Ping:        ResultTimeout,
		UDP:         ResultTimeout,
	}

	DestinationsTypes = []Target{
		{Kind: service},
		{Kind: nodePort},
		{Kind: direct},
	}

	NodePortStart = 10000

	ResultTimeout = ResultType{"timeout", false}
	ResultAuth    = ResultType{"reply", false}
	ResultOK      = ResultType{"reply", true}
)

Functions

This section is empty.

Types

type ConnTestSpec

type ConnTestSpec struct {
	HTTP        ResultType
	HTTPPrivate ResultType
	Ping        ResultType
	UDP         ResultType
}

ConnTestSpec Connectivity Test Specification. This structs contains the mapping of all protocols tested and the expected result based on the context of each test case

func (*ConnTestSpec) GetField

func (conn *ConnTestSpec) GetField(field string) ResultType

GetField method to retrieve the value of any type of the struct. It is used by `TestSpec` to created expected results

type PolicyTestKind

type PolicyTestKind struct {
	// contains filtered or unexported fields
}

PolicyTestKind is utilized to describe a new TestCase It needs a described name, the kind of the test (Egrees or Ingress) and the expected result of `ConnTestSpec` Template field is used to render the cilium network policy.

func (*PolicyTestKind) SetTemplate

func (pol *PolicyTestKind) SetTemplate(result *map[string]interface{}, spec *TestSpec) error

SetTemplate renders the template field from the PolicyTest struct using go templates. The result will be stored in the result parameter. The spec parameters is needed to retrieve the source and destination pods and pass the information to the go template.

type PolicyTestSuite

type PolicyTestSuite struct {
	// contains filtered or unexported fields
}

PolicyTestSuite groups together L3, L4, and L7 policy-related tests.

type ResultType

type ResultType struct {
	// contains filtered or unexported fields
}

ResultType defines the expected result for a connectivity test.

func HTTPAction

func HTTPAction(srcPod string, target string, kub *helpers.Kubectl) ResultType

HTTPAction runs a helpers.CurlFail from specified pod to a specified target. It needs a `helpers.Kubectl` instance to run the command in the pod. It returns a ResultType struct.

func HTTPActionPrivate

func HTTPActionPrivate(srcPod string, dest TargetDetails, kub *helpers.Kubectl) ResultType

HTTPActionPrivate runs a HTTPAction to /private/ using destTargetDetails

func HTTPActionPublic

func HTTPActionPublic(srcPod string, dest TargetDetails, kub *helpers.Kubectl) ResultType

HTTPActionPublic runs a CurlAction to /public/ using destTargetDetails

func NetPerfAction

func NetPerfAction(srcPod string, dest TargetDetails, kub *helpers.Kubectl) ResultType

NetPerfAction TODO make this function (GH-2029)

func PingAction

func PingAction(srcPod string, dest TargetDetails, kub *helpers.Kubectl) ResultType

PingAction executes a ping from the `srcPod` to the dest using Kubectl object. Returns a ResultType corresponding to the exit code of the ping command.

func (ResultType) String

func (res ResultType) String() string

String returns the ResultType in humman readable format

type Target

type Target struct {
	Kind       string // serviceL3, serviceL4, NodePort, Direct
	PortNumber int
}

Target defines the destination for traffic when running tests

func (*Target) CreateApplyManifest

func (t *Target) CreateApplyManifest(spec *TestSpec, base string) error

CreateApplyManifest creates the manifest for the type of the target and applies it in kubernetes. It will fail if the service manifest cannot be created correctly or applied to Kubernetes

func (*Target) GetManifestName

func (t *Target) GetManifestName(spec *TestSpec) string

GetManifestName returns the manifest filename for the target using the spec parameter

func (*Target) GetManifestPath

func (t *Target) GetManifestPath(spec *TestSpec, base string) string

GetManifestPath returns the manifest path for the target using the spec parameter

func (*Target) GetServiceName

func (t *Target) GetServiceName(spec *TestSpec) string

GetServiceName returns the prefix of spec prefixed with the kind of the the target

func (*Target) GetTarget

func (t *Target) GetTarget(spec *TestSpec) (*TargetDetails, error)

GetTarget returns a `TargetDetails` with the IP and Port to run the tests in spec. It needs the `TestSpec` parameter to be able to retrieve the service name. It'll return an error if the service is not defined or cannot be retrieved. This function only returns the first port mapped in the service; It'll not work with multiple ports.

func (*Target) SetPortNumber

func (t *Target) SetPortNumber() int

SetPortNumber returns an unused port on the host to use in a Kubernetes NodePort service

type TargetDetails

type TargetDetails net.TCPAddr

TargetDetails represents the address of a TCP end point.

func (TargetDetails) String

func (target TargetDetails) String() string

String combines host and port into a network address of the form "host:port" or, if host contains a colon or a percent sign, "[host]:port".

type TestSpec

type TestSpec struct {
	SrcPod      string
	DestPod     string
	Prefix      string
	Destination Target
	Kub         *helpers.Kubectl
	// contains filtered or unexported fields
}

TestSpec defined a new test specification. It contains three different rules (l3, l4, l7) and a destination and source pod in which test will run. Each testSpec has a prefix, which is a label used to group all resources created by the TestSpec. Each test is executed using a type of Destination which is defined under Target struct. This struct needs a `*helpers.Kubectl` to run the needed commands

func GeneratedTestSpec

func GeneratedTestSpec() []TestSpec

GeneratedTestSpec returns a `TestSpec` array with all the policies possibilities based on all combinations of `policiesTestSuite`

func GetBasicTestSpec

func GetBasicTestSpec() TestSpec

GetBasicTestSpec returns a very simple TestSpec with a L4 and L7 policy that allow traffic only to /private/

func (*TestSpec) ApplyManifest

func (t *TestSpec) ApplyManifest(base string) (string, error)

ApplyManifest applies a new deployment manifest into the Kubernetes cluster. Returns an error if the manifest cannot be applied correctly

func (*TestSpec) CreateCiliumNetworkPolicy

func (t *TestSpec) CreateCiliumNetworkPolicy() (string, error)

CreateCiliumNetworkPolicy returns a CiliumNetworkPolicy based on the `TestSpec` l3, l4 and l7 rules. Returns an error if any of the `PolicyTest` set Template fails or if spec cannot be dump as string

func (*TestSpec) CreateManifests

func (t *TestSpec) CreateManifests() error

CreateManifests creates a new pod manifest. It sets a random prefix for the `TestCase` and creates two new pods (srcPod and DestPod). Returns an error if the manifest cannot be created

func (*TestSpec) Destroy

func (t *TestSpec) Destroy(delay time.Duration, base string) error

Destroy deletes the pods, CiliumNetworkPolicies and Destinations created by `TestSpec` after specified delay. The delay parameter is used to have the pod running for a while and keep Cilium and Kubernetes with a consider load.

func (*TestSpec) ExecTest

func (t *TestSpec) ExecTest() error

ExecTest runs the connectivityTest for the expected `PolicyTest`. It will assert using gomega.

func (*TestSpec) GetManifestName

func (t *TestSpec) GetManifestName() string

GetManifestName returns a string with the `TestSpec` manifest name

func (*TestSpec) GetManifestsPath

func (t *TestSpec) GetManifestsPath(base string) string

GetManifestsPath returns the `TestSpec` manifest path

func (*TestSpec) GetPodMetadata

func (t *TestSpec) GetPodMetadata() (map[string]string, error)

GetPodMetadata returns a map with the pod name and the IP for the pods used by the `TestSpec`. Returns an error in case that the pod info cannot be retrieved correctly.

func (*TestSpec) GetTestExpects

func (t *TestSpec) GetTestExpects() map[string]ResultType

GetTestExpects returns a map with the connTestType and the expected result based on the `testExpect`

func (*TestSpec) InvalidNetworkPolicyApply

func (t *TestSpec) InvalidNetworkPolicyApply(base string) (*cnpv2.CiliumNetworkPolicy, error)

InvalidNetworkPolicyApply it writes the policy and applies to Kubernetes, but instead of apply the policy, this return the CNP status for the TestSpec policy. This function is only used when a invalid combination of policies are created, where we need to test that the error is present.

func (*TestSpec) IsPolicyInvalid

func (t *TestSpec) IsPolicyInvalid() bool

IsPolicyInvalid validates that the policy combination does not match with testSpec.exclude information. That means that if a policy cannot be installed we know that the combination is invalid.

func (*TestSpec) NetworkPolicyApply

func (t *TestSpec) NetworkPolicyApply(base string) error

NetworkPolicyApply applies the CiliumNetworkPolicy in Kubernetes and wait until the statuses of all pods have been updated. Returns an error if the status of the pods did not update or if the policy was unable to be applied

func (*TestSpec) NetworkPolicyName

func (t *TestSpec) NetworkPolicyName() string

NetworkPolicyName returns the name of the NetworkPolicy

func (*TestSpec) RunTest

func (t *TestSpec) RunTest(kub *helpers.Kubectl)

RunTest runs all the `TestSpec` methods and makes the needed assertions for Ginkgo tests. This method will create pods, wait for pods to be ready, apply a new CiliumNetworkPolicy and create a new Destination (Service, NodePort) if needed. Then it will execute `connectivityTest` and compare the results with the expected results within the test specification

func (TestSpec) String

func (t TestSpec) String() string

String return the testSpec definition on human-readable format

type TestSpecsGroup

type TestSpecsGroup []*TestSpec

TestSpecsGroup is a group of different TestSpec

func (TestSpecsGroup) ConnectivityTest

func (tg TestSpecsGroup) ConnectivityTest()

ConnectivityTest runs the Connectivity test per each TestSpec defined into the TestSpecsGroup

func (TestSpecsGroup) CreateAndApplyCNP

func (tg TestSpecsGroup) CreateAndApplyCNP(kub *helpers.Kubectl)

CreateAndApplyCNP creates all Cilium Network Policies and it applies those manifests to the given Kubernetes instance.

func (TestSpecsGroup) CreateAndApplyManifests

func (tg TestSpecsGroup) CreateAndApplyManifests(kub *helpers.Kubectl)

CreateAndApplyManifests creates all of the pods manifests and applies those manifest to the given kubernetes instance.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL