Esempio n. 1
0
// TestIcmp tests https://paninetworks.kanbanize.com/ctrl_board/3/cards/395/details
func (s *MySuite) TestIcmp(c *check.C) {
	policyIn := common.Policy{}
	err := json.Unmarshal([]byte(icmpPolicy), &policyIn)
	if err != nil {
		c.Fatal(err)
		c.FailNow()
	}
}
// findUser finds the uid or name of the user of the first process that runs in a container
func (s *DockerDaemonSuite) findUser(c *check.C, container string) string {
	out, err := s.d.Cmd("top", container)
	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
	rows := strings.Split(out, "\n")
	if len(rows) < 2 {
		// No process rows founds
		c.FailNow()
	}
	return strings.Fields(rows[1])[0]
}
// TestAuthZPluginAllowEventStream verifies event stream propagates correctly after request pass through by the authorization plugin
func (s *DockerAuthzSuite) TestAuthZPluginAllowEventStream(c *check.C) {
	testRequires(c, DaemonIsLinux)

	// start the daemon and load busybox to avoid pulling busybox from Docker Hub
	s.d.Start(c, "--authorization-plugin="+testAuthZPlugin)
	s.ctrl.reqRes.Allow = true
	s.ctrl.resRes.Allow = true
	c.Assert(s.d.LoadBusybox(), check.IsNil)

	startTime := strconv.FormatInt(daemonTime(c).Unix(), 10)
	// Add another command to to enable event pipelining
	eventsCmd := exec.Command(dockerBinary, "--host", s.d.Sock(), "events", "--since", startTime)
	stdout, err := eventsCmd.StdoutPipe()
	if err != nil {
		c.Assert(err, check.IsNil)
	}

	observer := eventObserver{
		buffer:    new(bytes.Buffer),
		command:   eventsCmd,
		scanner:   bufio.NewScanner(stdout),
		startTime: startTime,
	}

	err = observer.Start()
	c.Assert(err, checker.IsNil)
	defer observer.Stop()

	// Create a container and wait for the creation events
	out, err := s.d.Cmd("run", "-d", "busybox", "top")
	c.Assert(err, check.IsNil, check.Commentf(out))
	containerID := strings.TrimSpace(out)
	c.Assert(s.d.WaitRun(containerID), checker.IsNil)

	events := map[string]chan bool{
		"create": make(chan bool, 1),
		"start":  make(chan bool, 1),
	}

	matcher := matchEventLine(containerID, "container", events)
	processor := processEventMatch(events)
	go observer.Match(matcher, processor)

	// Ensure all events are received
	for event, eventChannel := range events {

		select {
		case <-time.After(30 * time.Second):
			// Fail the test
			observer.CheckEventError(c, containerID, event, matcher)
			c.FailNow()
		case <-eventChannel:
			// Ignore, event received
		}
	}

	// Ensure both events and container endpoints are passed to the authorization plugin
	assertURIRecorded(c, s.ctrl.requestsURIs, "/events")
	assertURIRecorded(c, s.ctrl.requestsURIs, "/containers/create")
	assertURIRecorded(c, s.ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", containerID))
}
Esempio n. 4
0
func (s *MySuite) TestPolicy(c *check.C) {
	cfg := &common.ServiceConfig{Common: common.CommonConfig{Api: &common.Api{Port: 0, RestTimeoutMillis: 100}}}
	log.Printf("Test: Mock service config:\n\t%#v\n\t%#v\n", cfg.Common.Api, cfg.ServiceSpecific)
	svc := &mockSvc{mySuite: s}
	svc.tenants = make(map[uint64]string)
	svc.tenantsStr = make(map[string]uint64)
	svc.segments = make(map[uint64]string)
	svc.segmentsStr = make(map[string]uint64)
	svcInfo, err := common.InitializeService(svc, *cfg, nil)

	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	msg := <-svcInfo.Channel
	log.Printf("Test: Mock service says %s; listening on %s\n", msg, svcInfo.Address)
	addrComponents := strings.Split(svcInfo.Address, ":")
	portStr := addrComponents[len(addrComponents)-1]
	s.servicePort, err = strconv.ParseUint(portStr, 10, 64)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	s.serviceURL = fmt.Sprintf("http://%s", svcInfo.Address)
	log.Printf("Test: Mock service listens at %s\n", s.serviceURL)

	polSvc := &PolicySvc{}
	err = common.SimpleOverwriteSchema(polSvc, s.serviceURL)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Policy schema created.")

	svcInfo, err = common.SimpleStartService(polSvc, s.serviceURL)
	if err != nil {
		c.Fatal(err)
	}

	msg = <-svcInfo.Channel
	fmt.Printf("Policy service listening %s on said: %s", svcInfo.Address, msg)

	clientConfig := common.GetDefaultRestClientConfig(s.serviceURL)
	client, err := common.NewRestClient(clientConfig)
	if err != nil {
		c.Fatal(err)
	}
	polURL := "http://" + svcInfo.Address + "/policies"

	log.Println("1. Add policy pol1")
	policyIn := common.Policy{}
	err = json.Unmarshal([]byte(romanaPolicy1), &policyIn)
	if err != nil {
		c.Fatal(err)
		c.FailNow()
	}
	policyOut := common.Policy{}
	err = client.Post(polURL, policyIn, &policyOut)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	log.Printf("Added policy result: %s", policyOut)
	c.Assert(policyOut.Name, check.Equals, "pol1")
	c.Assert(policyOut.ID, check.Equals, uint64(1))
	c.Assert(len(policyOut.AppliedTo), check.Equals, len(policyIn.AppliedTo))
	c.Assert(len(policyOut.Ingress[0].Peers), check.Equals, len(policyIn.Ingress[0].Peers))
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	pol1ExternalID := policyIn.ExternalID
	policyIn.ExternalID = "asdfghjkl"
	policyIn.ID = policyOut.ID
	log.Printf("2. Add policy again with different External ID %s but same ID %d", policyIn.ExternalID, policyIn.ID)
	err = client.Post(polURL, policyIn, &policyOut)
	c.Assert(err.(common.HttpError).StatusCode, check.Equals, http.StatusConflict)
	log.Printf("2. Result: %+v", policyOut)

	log.Println("3. Add policy again")
	policyIn.ExternalID = pol1ExternalID
	policyIn.ID = 0
	err = client.Post(polURL, policyIn, &policyOut)
	c.Assert(err.(common.HttpError).StatusCode, check.Equals, http.StatusConflict)
	log.Printf("3. Result: %+v", policyOut)

	log.Println("4. Add policy pol2")
	err = json.Unmarshal([]byte(romanaPolicy2), &policyIn)
	if err != nil {
		c.Fatal(err)
	}
	err = client.Post(polURL, policyIn, &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Added policy result: %s", policyOut)
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(policyOut.Name, check.Equals, "pol2")

	log.Println("5. Add default policy")
	one := uint64(1)
	defPol := common.Policy{
		Direction:  common.PolicyDirectionIngress,
		Name:       "default",
		ExternalID: "default",
		AppliedTo:  []common.Endpoint{{TenantNetworkID: &one}},
		Ingress: []common.RomanaIngress{
			common.RomanaIngress{
				Peers: []common.Endpoint{{Peer: common.Wildcard}},
				Rules: []common.Rule{{Protocol: common.Wildcard}},
			},
		},
	}
	err = client.Post(polURL, defPol, &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Added policy result: %s", policyOut)
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(policyOut.Name, check.Equals, "default")

	log.Println("6. Test list policies - should have 3.")
	var policies []common.Policy
	err = client.Get(polURL, &policies)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(len(policies), check.Equals, 3)
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(policies[0].Name, check.Equals, "pol1")
	c.Assert(policies[1].Name, check.Equals, "pol2")
	c.Assert(policies[2].Name, check.Equals, "default")

	log.Println("7. Test get policy.")
	policyGet := common.Policy{}
	err = client.Get(polURL+"/1", &policyGet)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(policyGet.Name, check.Equals, policies[0].Name)
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	log.Println("8. Test delete by ID - delete pol1")
	policyOut = common.Policy{}
	err = client.Delete(polURL+"/1", nil, &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Deleted policy result: %s", policyOut)
	c.Assert(policyOut.Name, check.Equals, "pol1")
	c.Assert(policyOut.ID, check.Equals, uint64(1))
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	log.Println("9. Test list policies - should have 2 now - pol2 and default.")
	err = client.Get(polURL, &policies)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(len(policies), check.Equals, 2)
	c.Assert(policies[0].Name, check.Equals, "pol2")
	c.Assert(policies[1].Name, check.Equals, "default")
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	log.Println("10. Test delete by ExternalID - delete policy 2")
	err = json.Unmarshal([]byte(romanaPolicy2), &policyIn)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Unmarshaled %s to %v", romanaPolicy2, policyIn)
	policyOut = common.Policy{}
	err = client.Delete(polURL, policyIn, &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Deleted policy result: %s", policyOut)
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(policyOut.Name, check.Equals, policyIn.Name)

	log.Println("10. Test list policies - should have 1 now - only default")
	err = client.Get(polURL, &policies)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(len(policies), check.Equals, 1)
	c.Assert(policies[0].Name, check.Equals, "default")

	log.Println("11. Test find by name policies - should find it")
	findURL := "http://" + svcInfo.Address + "/find/policies"
	err = client.Get(findURL+"/default", &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(policyOut.Name, check.Equals, "default")

	log.Println("12. Test find by name policies with non-existent policy - should NOT find it")
	err = client.Get(findURL+"/blabla", &policyOut)
	httpErr := err.(common.HttpError)
	c.Assert(client.GetStatusCode(), check.Equals, http.StatusNotFound)
	c.Assert(httpErr.ResourceType, check.Equals, "policy")
	c.Assert(httpErr.StatusCode, check.Equals, http.StatusNotFound)
	c.Assert(httpErr.ResourceID, check.Equals, "blabla")
	log.Printf("%v", err)

	log.Println("13. Test delete by ExternalID - delete default policy")
	policyOut = common.Policy{}
	err = client.Delete(polURL, defPol, &policyOut)

	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Deleted policy result: %s", policyOut)
	c.Assert(policyOut.Name, check.Equals, defPol.Name)
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	log.Println("14. Test list policies - should have 0 now")
	err = client.Get(polURL, &policies)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(len(policies), check.Equals, 0)

	log.Println("15. Test delete by ExternalID - delete default policy - should be Not Found error now")
	policyOut = common.Policy{}
	err = client.Delete(polURL, defPol, &policyOut)
	if err == nil {
		panic("Expected error")
	}
	httpErr = err.(common.HttpError)
	c.Assert(client.GetStatusCode(), check.Equals, http.StatusNotFound)
	c.Assert(httpErr.ResourceType, check.Equals, "policy")
	c.Assert(httpErr.StatusCode, check.Equals, http.StatusNotFound)
	// TODO
	// Important! This should really be done in policy agent.
	// Only done here as temporary measure.
	id := makeId(defPol.AppliedTo, defPol.Name)
	c.Assert(httpErr.ResourceID, check.Equals, id)
	//	c.Assert(httpErr.ResourceID, check.Equals, "default")

	log.Printf("%v", err)

}
Esempio n. 5
0
func (s *MySuite) TestStore(c *check.C) {
	var err error

	store := ipamStore{}
	store.ServiceStore = &store

	storeConfig := make(map[string]interface{})
	storeConfig["type"] = "sqlite3"
	storeConfig["database"] = s.RomanaTestSuite.GetMockSqliteFile("ipam")
	err = store.SetConfig(storeConfig)
	c.Assert(err, check.IsNil)
	cidr := "10.0.0.0/8"
	ip, _, _ := net.ParseCIDR(cidr)

	dc := common.Datacenter{Cidr: cidr, IpVersion: 4, Prefix: common.IPv4ToInt(ip), PrefixBits: 8, PortBits: 8, TenantBits: 4, SegmentBits: 4}

	_, network, _ := net.ParseCIDR("10.1.0.0/16")
	hostIpInt := common.IPv4ToInt(network.IP)

	segmentBitShift := uint64(8)
	tenantBitShift := uint64(segmentBitShift + 4)
	upToEndpointIpInt := hostIpInt | (1 << tenantBitShift) | (1 << segmentBitShift)
	// 253
	// 127
	// 63
	// 31
	for _, stride := range []uint{0, 1, 2, 4} {
		//	for _, stride := range []uint{0} {
		err = store.CreateSchema(true)
		if err != nil {
			panic(err)
		}
		err = store.Connect()
		if err != nil {
			panic(err)
		}
		dc.EndpointSpaceBits = stride
		dc.EndpointBits = 8 - stride
		endpoint := &Endpoint{Id: 0, EffectiveNetworkID: 0, HostId: "X", SegmentID: "X", TenantID: "X"}
		i := uint(1)
		firstIp := ""
		var upperBound uint
		switch stride {
		case 0:
			upperBound = 253
		case 1:
			upperBound = 127
		case 2:
			upperBound = 64
		case 4:
			upperBound = 16
		}
		log.Printf("For %d/%d go until 1= %d", dc.EndpointBits, stride, upperBound)
		for i = 1; i <= uint(upperBound); i++ {
			endpoint.Id = 0
			msg := fmt.Sprintf("For stride %d, endpoint bits %d, try %d\n", stride, dc.EndpointBits, i)
			log.Println(msg)
			err = store.addEndpoint(endpoint, upToEndpointIpInt, dc)
			if err != nil {
				c.Error(fmt.Sprintf("Unexpected error on try %d: %v", i, err))
				c.FailNow()
			}
			log.Printf("%s: Got IP: %s (effective network ID %d)", msg, endpoint.Ip, endpoint.EffectiveNetworkID)
			if firstIp == "" {
				firstIp = endpoint.Ip
			}

		}
		// Here we have reached the end...
		endpoint.Id = 0
		err = store.addEndpoint(endpoint, upToEndpointIpInt, dc)
		if err == nil {
			c.Error(fmt.Sprintf("Expected error, but got %+v", endpoint))
			c.FailNow()
		}

		endpoint.Id = 0
		_, err = store.deleteEndpoint(firstIp)
		if err != nil {
			c.Error(fmt.Sprintf("Unexpected error on try %d: %v", i, err))
			c.FailNow()
		}
		endpoint.Id = 0
		err = store.addEndpoint(endpoint, upToEndpointIpInt, dc)
		if err != nil {
			c.Error(fmt.Sprintf("Unexpected error on try %d: %v", i, err))
			c.Fail()
		}
		c.Assert(endpoint.Ip, check.Equals, firstIp)
		if c.Failed() {
			return
		}

		endpoint.Id = 0
		err = store.addEndpoint(endpoint, upToEndpointIpInt, dc)
		if err == nil {
			c.Error(fmt.Sprintf("Expected error, but got %+v", endpoint))
			c.FailNow()
		}

	}
}
Esempio n. 6
0
// Test the topology service
func (s *MySuite) TestTopology(c *check.C) {
	myLog(c, "Entering TestTopology()")

	dir, _ := os.Getwd()
	myLog(c, "In", dir)
	myLog(c, "Starting topology service")
	topoSvc := &TopologySvc{}
	svcInfo, err := common.SimpleStartService(topoSvc, s.rootURL)
	if err != nil {
		c.Error(err)
	}
	msg := <-svcInfo.Channel
	myLog(c, "Topology service said:", msg)
	addr := "http://" + svcInfo.Address
	client, err := common.NewRestClient(common.GetDefaultRestClientConfig(addr))
	if err != nil {
		c.Error(err)
	}
	myLog(c, "Calling ", addr)

	topIndex := &common.IndexResponse{}
	err = client.Get("/", &topIndex)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}

	c.Assert(topIndex.ServiceName, check.Equals, "topology")
	hostsRelURL := topIndex.Links.FindByRel("host-list")
	hostsURL := addr + hostsRelURL
	myLog(c, "Host list URL: ", hostsURL)

	// Get list of hosts - should be empty for now.
	var hostList []common.Host
	err = client.Get(hostsRelURL, &hostList)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	myLog(c, "Host list: ", hostList)
	c.Assert(len(hostList), check.Equals, 0)
	newHostReq := common.Host{Ip: "10.10.10.10", AgentPort: 9999, Name: "host10", RomanaIp: "15.15.15.15"}

	newHostResp := common.Host{}
	err = client.Post(hostsRelURL, newHostReq, &newHostResp)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	myLog(c, "Response: ", newHostResp)
	myLog(c, "Waiting for....", time.Hour)
	//	time.Sleep(time.Hour)

	c.Assert(newHostResp.Ip, check.Equals, "10.10.10.10")
	c.Assert(newHostResp.ID, check.Equals, uint64(1))

	newHostReq = common.Host{Ip: "10.10.10.11", AgentPort: 9999, Name: "host11", RomanaIp: "15.15.15.16"}
	newHostResp = common.Host{}
	err = client.Post(hostsRelURL, newHostReq, &newHostResp)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	myLog(c, "Response: ", newHostResp)
	c.Assert(newHostResp.ID, check.Equals, uint64(2))

	err = client.Post(hostsRelURL, newHostReq, &newHostResp)
	httpErr := err.(common.HttpError)
	myLog(c, "Attempt to add duplicate host: %v", httpErr)
	c.Assert(httpErr.StatusCode, check.Equals, 409)

	newHostReqWithoutRomanaIP := common.Host{Ip: "10.10.10.12", AgentPort: 9999, Name: "host12"}
	newHostRespWithoutRomanaIP := common.Host{}
	err = client.Post(hostsRelURL, newHostReqWithoutRomanaIP, &newHostRespWithoutRomanaIP)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	myLog(c, "Response: ", newHostRespWithoutRomanaIP)

	c.Assert(newHostRespWithoutRomanaIP.Ip, check.Equals, "10.10.10.12")
	c.Assert(newHostRespWithoutRomanaIP.RomanaIp, check.Equals, "10.2.0.0/16")
	c.Assert(newHostRespWithoutRomanaIP.ID, check.Equals, uint64(3))

	newHostReqWithoutRomanaIP = common.Host{Ip: "10.10.10.13", AgentPort: 9999, Name: "host13"}
	newHostRespWithoutRomanaIP = common.Host{}
	err = client.Post(hostsRelURL, newHostReqWithoutRomanaIP, &newHostRespWithoutRomanaIP)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	myLog(c, "Response: ", newHostRespWithoutRomanaIP)

	c.Assert(newHostRespWithoutRomanaIP.Ip, check.Equals, "10.10.10.13")
	c.Assert(newHostRespWithoutRomanaIP.RomanaIp, check.Equals, "10.3.0.0/16")
	c.Assert(newHostRespWithoutRomanaIP.ID, check.Equals, uint64(4))

	// TODO: auto generation of romana cidr currently don't
	//       handle manually assigned one gracefully, thus tests
	//       to be added here once that support is added.

	var hostList2 []common.Host
	err = client.Get(hostsRelURL, &hostList2)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	myLog(c, "Host list: ", hostList2)
	c.Assert(len(hostList2), check.Equals, 4)
}