// TestIcmp tests https://paninetworks.kanbanize.com/ctrl_board/3/cards/395/details
func (s *MySuite) TestIcmp(c *check.C) {
policyIn := common.Policy{}
err := json.Unmarshal([]byte(icmpPolicy), &policyIn)
if err != nil {
c.Fatal(err)
c.FailNow()
}
}
// findUser finds the uid or name of the user of the first process that runs in a container
func (s *DockerDaemonSuite) findUser(c *check.C, container string) string {
out, err := s.d.Cmd("top", container)
c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
rows := strings.Split(out, "\n")
if len(rows) < 2 {
// No process rows founds
c.FailNow()
}
return strings.Fields(rows[1])[0]
}
// TestAuthZPluginAllowEventStream verifies event stream propagates correctly after request pass through by the authorization plugin
func (s *DockerAuthzSuite) TestAuthZPluginAllowEventStream(c *check.C) {
testRequires(c, DaemonIsLinux)
// start the daemon and load busybox to avoid pulling busybox from Docker Hub
s.d.Start(c, "--authorization-plugin="+testAuthZPlugin)
s.ctrl.reqRes.Allow = true
s.ctrl.resRes.Allow = true
c.Assert(s.d.LoadBusybox(), check.IsNil)
startTime := strconv.FormatInt(daemonTime(c).Unix(), 10)
// Add another command to to enable event pipelining
eventsCmd := exec.Command(dockerBinary, "--host", s.d.Sock(), "events", "--since", startTime)
stdout, err := eventsCmd.StdoutPipe()
if err != nil {
c.Assert(err, check.IsNil)
}
observer := eventObserver{
buffer: new(bytes.Buffer),
command: eventsCmd,
scanner: bufio.NewScanner(stdout),
startTime: startTime,
}
err = observer.Start()
c.Assert(err, checker.IsNil)
defer observer.Stop()
// Create a container and wait for the creation events
out, err := s.d.Cmd("run", "-d", "busybox", "top")
c.Assert(err, check.IsNil, check.Commentf(out))
containerID := strings.TrimSpace(out)
c.Assert(s.d.WaitRun(containerID), checker.IsNil)
events := map[string]chan bool{
"create": make(chan bool, 1),
"start": make(chan bool, 1),
}
matcher := matchEventLine(containerID, "container", events)
processor := processEventMatch(events)
go observer.Match(matcher, processor)
// Ensure all events are received
for event, eventChannel := range events {
select {
case <-time.After(30 * time.Second):
// Fail the test
observer.CheckEventError(c, containerID, event, matcher)
c.FailNow()
case <-eventChannel:
// Ignore, event received
}
}
// Ensure both events and container endpoints are passed to the authorization plugin
assertURIRecorded(c, s.ctrl.requestsURIs, "/events")
assertURIRecorded(c, s.ctrl.requestsURIs, "/containers/create")
assertURIRecorded(c, s.ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", containerID))
}
func (s *MySuite) TestPolicy(c *check.C) {
cfg := &common.ServiceConfig{Common: common.CommonConfig{Api: &common.Api{Port: 0, RestTimeoutMillis: 100}}}
log.Printf("Test: Mock service config:\n\t%#v\n\t%#v\n", cfg.Common.Api, cfg.ServiceSpecific)
svc := &mockSvc{mySuite: s}
svc.tenants = make(map[uint64]string)
svc.tenantsStr = make(map[string]uint64)
svc.segments = make(map[uint64]string)
svc.segmentsStr = make(map[string]uint64)
svcInfo, err := common.InitializeService(svc, *cfg, nil)
if err != nil {
c.Error(err)
c.FailNow()
}
msg := <-svcInfo.Channel
log.Printf("Test: Mock service says %s; listening on %s\n", msg, svcInfo.Address)
addrComponents := strings.Split(svcInfo.Address, ":")
portStr := addrComponents[len(addrComponents)-1]
s.servicePort, err = strconv.ParseUint(portStr, 10, 64)
if err != nil {
c.Error(err)
c.FailNow()
}
s.serviceURL = fmt.Sprintf("http://%s", svcInfo.Address)
log.Printf("Test: Mock service listens at %s\n", s.serviceURL)
polSvc := &PolicySvc{}
err = common.SimpleOverwriteSchema(polSvc, s.serviceURL)
if err != nil {
c.Fatal(err)
}
log.Printf("Policy schema created.")
svcInfo, err = common.SimpleStartService(polSvc, s.serviceURL)
if err != nil {
c.Fatal(err)
}
msg = <-svcInfo.Channel
fmt.Printf("Policy service listening %s on said: %s", svcInfo.Address, msg)
clientConfig := common.GetDefaultRestClientConfig(s.serviceURL)
client, err := common.NewRestClient(clientConfig)
if err != nil {
c.Fatal(err)
}
polURL := "http://" + svcInfo.Address + "/policies"
log.Println("1. Add policy pol1")
policyIn := common.Policy{}
err = json.Unmarshal([]byte(romanaPolicy1), &policyIn)
if err != nil {
c.Fatal(err)
c.FailNow()
}
policyOut := common.Policy{}
err = client.Post(polURL, policyIn, &policyOut)
if err != nil {
c.Error(err)
c.FailNow()
}
log.Printf("Added policy result: %s", policyOut)
c.Assert(policyOut.Name, check.Equals, "pol1")
c.Assert(policyOut.ID, check.Equals, uint64(1))
c.Assert(len(policyOut.AppliedTo), check.Equals, len(policyIn.AppliedTo))
c.Assert(len(policyOut.Ingress[0].Peers), check.Equals, len(policyIn.Ingress[0].Peers))
c.Assert(client.GetStatusCode(), check.Equals, 200)
pol1ExternalID := policyIn.ExternalID
policyIn.ExternalID = "asdfghjkl"
policyIn.ID = policyOut.ID
log.Printf("2. Add policy again with different External ID %s but same ID %d", policyIn.ExternalID, policyIn.ID)
err = client.Post(polURL, policyIn, &policyOut)
c.Assert(err.(common.HttpError).StatusCode, check.Equals, http.StatusConflict)
log.Printf("2. Result: %+v", policyOut)
log.Println("3. Add policy again")
policyIn.ExternalID = pol1ExternalID
policyIn.ID = 0
err = client.Post(polURL, policyIn, &policyOut)
c.Assert(err.(common.HttpError).StatusCode, check.Equals, http.StatusConflict)
log.Printf("3. Result: %+v", policyOut)
log.Println("4. Add policy pol2")
err = json.Unmarshal([]byte(romanaPolicy2), &policyIn)
if err != nil {
c.Fatal(err)
}
err = client.Post(polURL, policyIn, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Added policy result: %s", policyOut)
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(policyOut.Name, check.Equals, "pol2")
log.Println("5. Add default policy")
one := uint64(1)
defPol := common.Policy{
Direction: common.PolicyDirectionIngress,
Name: "default",
ExternalID: "default",
AppliedTo: []common.Endpoint{{TenantNetworkID: &one}},
Ingress: []common.RomanaIngress{
common.RomanaIngress{
Peers: []common.Endpoint{{Peer: common.Wildcard}},
Rules: []common.Rule{{Protocol: common.Wildcard}},
},
},
}
err = client.Post(polURL, defPol, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Added policy result: %s", policyOut)
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(policyOut.Name, check.Equals, "default")
log.Println("6. Test list policies - should have 3.")
var policies []common.Policy
err = client.Get(polURL, &policies)
if err != nil {
c.Fatal(err)
}
c.Assert(len(policies), check.Equals, 3)
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(policies[0].Name, check.Equals, "pol1")
c.Assert(policies[1].Name, check.Equals, "pol2")
c.Assert(policies[2].Name, check.Equals, "default")
log.Println("7. Test get policy.")
policyGet := common.Policy{}
err = client.Get(polURL+"/1", &policyGet)
if err != nil {
c.Fatal(err)
}
c.Assert(policyGet.Name, check.Equals, policies[0].Name)
c.Assert(client.GetStatusCode(), check.Equals, 200)
log.Println("8. Test delete by ID - delete pol1")
policyOut = common.Policy{}
err = client.Delete(polURL+"/1", nil, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Deleted policy result: %s", policyOut)
c.Assert(policyOut.Name, check.Equals, "pol1")
c.Assert(policyOut.ID, check.Equals, uint64(1))
c.Assert(client.GetStatusCode(), check.Equals, 200)
log.Println("9. Test list policies - should have 2 now - pol2 and default.")
err = client.Get(polURL, &policies)
if err != nil {
c.Fatal(err)
}
c.Assert(len(policies), check.Equals, 2)
c.Assert(policies[0].Name, check.Equals, "pol2")
c.Assert(policies[1].Name, check.Equals, "default")
c.Assert(client.GetStatusCode(), check.Equals, 200)
log.Println("10. Test delete by ExternalID - delete policy 2")
err = json.Unmarshal([]byte(romanaPolicy2), &policyIn)
if err != nil {
c.Fatal(err)
}
log.Printf("Unmarshaled %s to %v", romanaPolicy2, policyIn)
policyOut = common.Policy{}
err = client.Delete(polURL, policyIn, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Deleted policy result: %s", policyOut)
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(policyOut.Name, check.Equals, policyIn.Name)
log.Println("10. Test list policies - should have 1 now - only default")
err = client.Get(polURL, &policies)
if err != nil {
c.Fatal(err)
}
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(len(policies), check.Equals, 1)
c.Assert(policies[0].Name, check.Equals, "default")
log.Println("11. Test find by name policies - should find it")
findURL := "http://" + svcInfo.Address + "/find/policies"
err = client.Get(findURL+"/default", &policyOut)
if err != nil {
c.Fatal(err)
}
c.Assert(policyOut.Name, check.Equals, "default")
log.Println("12. Test find by name policies with non-existent policy - should NOT find it")
err = client.Get(findURL+"/blabla", &policyOut)
httpErr := err.(common.HttpError)
c.Assert(client.GetStatusCode(), check.Equals, http.StatusNotFound)
c.Assert(httpErr.ResourceType, check.Equals, "policy")
c.Assert(httpErr.StatusCode, check.Equals, http.StatusNotFound)
c.Assert(httpErr.ResourceID, check.Equals, "blabla")
log.Printf("%v", err)
log.Println("13. Test delete by ExternalID - delete default policy")
policyOut = common.Policy{}
err = client.Delete(polURL, defPol, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Deleted policy result: %s", policyOut)
c.Assert(policyOut.Name, check.Equals, defPol.Name)
c.Assert(client.GetStatusCode(), check.Equals, 200)
log.Println("14. Test list policies - should have 0 now")
err = client.Get(polURL, &policies)
if err != nil {
c.Fatal(err)
}
c.Assert(len(policies), check.Equals, 0)
log.Println("15. Test delete by ExternalID - delete default policy - should be Not Found error now")
policyOut = common.Policy{}
err = client.Delete(polURL, defPol, &policyOut)
if err == nil {
panic("Expected error")
}
httpErr = err.(common.HttpError)
c.Assert(client.GetStatusCode(), check.Equals, http.StatusNotFound)
c.Assert(httpErr.ResourceType, check.Equals, "policy")
c.Assert(httpErr.StatusCode, check.Equals, http.StatusNotFound)
// TODO
// Important! This should really be done in policy agent.
// Only done here as temporary measure.
id := makeId(defPol.AppliedTo, defPol.Name)
c.Assert(httpErr.ResourceID, check.Equals, id)
// c.Assert(httpErr.ResourceID, check.Equals, "default")
log.Printf("%v", err)
}
func (s *MySuite) TestStore(c *check.C) {
var err error
store := ipamStore{}
store.ServiceStore = &store
storeConfig := make(map[string]interface{})
storeConfig["type"] = "sqlite3"
storeConfig["database"] = s.RomanaTestSuite.GetMockSqliteFile("ipam")
err = store.SetConfig(storeConfig)
c.Assert(err, check.IsNil)
cidr := "10.0.0.0/8"
ip, _, _ := net.ParseCIDR(cidr)
dc := common.Datacenter{Cidr: cidr, IpVersion: 4, Prefix: common.IPv4ToInt(ip), PrefixBits: 8, PortBits: 8, TenantBits: 4, SegmentBits: 4}
_, network, _ := net.ParseCIDR("10.1.0.0/16")
hostIpInt := common.IPv4ToInt(network.IP)
segmentBitShift := uint64(8)
tenantBitShift := uint64(segmentBitShift + 4)
upToEndpointIpInt := hostIpInt | (1 << tenantBitShift) | (1 << segmentBitShift)
// 253
// 127
// 63
// 31
for _, stride := range []uint{0, 1, 2, 4} {
// for _, stride := range []uint{0} {
err = store.CreateSchema(true)
if err != nil {
panic(err)
}
err = store.Connect()
if err != nil {
panic(err)
}
dc.EndpointSpaceBits = stride
dc.EndpointBits = 8 - stride
endpoint := &Endpoint{Id: 0, EffectiveNetworkID: 0, HostId: "X", SegmentID: "X", TenantID: "X"}
i := uint(1)
firstIp := ""
var upperBound uint
switch stride {
case 0:
upperBound = 253
case 1:
upperBound = 127
case 2:
upperBound = 64
case 4:
upperBound = 16
}
log.Printf("For %d/%d go until 1= %d", dc.EndpointBits, stride, upperBound)
for i = 1; i <= uint(upperBound); i++ {
endpoint.Id = 0
msg := fmt.Sprintf("For stride %d, endpoint bits %d, try %d\n", stride, dc.EndpointBits, i)
log.Println(msg)
err = store.addEndpoint(endpoint, upToEndpointIpInt, dc)
if err != nil {
c.Error(fmt.Sprintf("Unexpected error on try %d: %v", i, err))
c.FailNow()
}
log.Printf("%s: Got IP: %s (effective network ID %d)", msg, endpoint.Ip, endpoint.EffectiveNetworkID)
if firstIp == "" {
firstIp = endpoint.Ip
}
}
// Here we have reached the end...
endpoint.Id = 0
err = store.addEndpoint(endpoint, upToEndpointIpInt, dc)
if err == nil {
c.Error(fmt.Sprintf("Expected error, but got %+v", endpoint))
c.FailNow()
}
endpoint.Id = 0
_, err = store.deleteEndpoint(firstIp)
if err != nil {
c.Error(fmt.Sprintf("Unexpected error on try %d: %v", i, err))
c.FailNow()
}
endpoint.Id = 0
err = store.addEndpoint(endpoint, upToEndpointIpInt, dc)
if err != nil {
c.Error(fmt.Sprintf("Unexpected error on try %d: %v", i, err))
c.Fail()
}
c.Assert(endpoint.Ip, check.Equals, firstIp)
if c.Failed() {
return
}
endpoint.Id = 0
err = store.addEndpoint(endpoint, upToEndpointIpInt, dc)
if err == nil {
c.Error(fmt.Sprintf("Expected error, but got %+v", endpoint))
c.FailNow()
}
}
}
// Test the topology service
func (s *MySuite) TestTopology(c *check.C) {
myLog(c, "Entering TestTopology()")
dir, _ := os.Getwd()
myLog(c, "In", dir)
myLog(c, "Starting topology service")
topoSvc := &TopologySvc{}
svcInfo, err := common.SimpleStartService(topoSvc, s.rootURL)
if err != nil {
c.Error(err)
}
msg := <-svcInfo.Channel
myLog(c, "Topology service said:", msg)
addr := "http://" + svcInfo.Address
client, err := common.NewRestClient(common.GetDefaultRestClientConfig(addr))
if err != nil {
c.Error(err)
}
myLog(c, "Calling ", addr)
topIndex := &common.IndexResponse{}
err = client.Get("/", &topIndex)
if err != nil {
c.Error(err)
c.FailNow()
}
c.Assert(topIndex.ServiceName, check.Equals, "topology")
hostsRelURL := topIndex.Links.FindByRel("host-list")
hostsURL := addr + hostsRelURL
myLog(c, "Host list URL: ", hostsURL)
// Get list of hosts - should be empty for now.
var hostList []common.Host
err = client.Get(hostsRelURL, &hostList)
if err != nil {
c.Error(err)
c.FailNow()
}
myLog(c, "Host list: ", hostList)
c.Assert(len(hostList), check.Equals, 0)
newHostReq := common.Host{Ip: "10.10.10.10", AgentPort: 9999, Name: "host10", RomanaIp: "15.15.15.15"}
newHostResp := common.Host{}
err = client.Post(hostsRelURL, newHostReq, &newHostResp)
if err != nil {
c.Error(err)
c.FailNow()
}
myLog(c, "Response: ", newHostResp)
myLog(c, "Waiting for....", time.Hour)
// time.Sleep(time.Hour)
c.Assert(newHostResp.Ip, check.Equals, "10.10.10.10")
c.Assert(newHostResp.ID, check.Equals, uint64(1))
newHostReq = common.Host{Ip: "10.10.10.11", AgentPort: 9999, Name: "host11", RomanaIp: "15.15.15.16"}
newHostResp = common.Host{}
err = client.Post(hostsRelURL, newHostReq, &newHostResp)
if err != nil {
c.Error(err)
c.FailNow()
}
myLog(c, "Response: ", newHostResp)
c.Assert(newHostResp.ID, check.Equals, uint64(2))
err = client.Post(hostsRelURL, newHostReq, &newHostResp)
httpErr := err.(common.HttpError)
myLog(c, "Attempt to add duplicate host: %v", httpErr)
c.Assert(httpErr.StatusCode, check.Equals, 409)
newHostReqWithoutRomanaIP := common.Host{Ip: "10.10.10.12", AgentPort: 9999, Name: "host12"}
newHostRespWithoutRomanaIP := common.Host{}
err = client.Post(hostsRelURL, newHostReqWithoutRomanaIP, &newHostRespWithoutRomanaIP)
if err != nil {
c.Error(err)
c.FailNow()
}
myLog(c, "Response: ", newHostRespWithoutRomanaIP)
c.Assert(newHostRespWithoutRomanaIP.Ip, check.Equals, "10.10.10.12")
c.Assert(newHostRespWithoutRomanaIP.RomanaIp, check.Equals, "10.2.0.0/16")
c.Assert(newHostRespWithoutRomanaIP.ID, check.Equals, uint64(3))
newHostReqWithoutRomanaIP = common.Host{Ip: "10.10.10.13", AgentPort: 9999, Name: "host13"}
newHostRespWithoutRomanaIP = common.Host{}
err = client.Post(hostsRelURL, newHostReqWithoutRomanaIP, &newHostRespWithoutRomanaIP)
if err != nil {
c.Error(err)
c.FailNow()
}
myLog(c, "Response: ", newHostRespWithoutRomanaIP)
c.Assert(newHostRespWithoutRomanaIP.Ip, check.Equals, "10.10.10.13")
c.Assert(newHostRespWithoutRomanaIP.RomanaIp, check.Equals, "10.3.0.0/16")
c.Assert(newHostRespWithoutRomanaIP.ID, check.Equals, uint64(4))
// TODO: auto generation of romana cidr currently don't
// handle manually assigned one gracefully, thus tests
// to be added here once that support is added.
var hostList2 []common.Host
err = client.Get(hostsRelURL, &hostList2)
if err != nil {
c.Error(err)
c.FailNow()
}
myLog(c, "Host list: ", hostList2)
c.Assert(len(hostList2), check.Equals, 4)
}