func TestPodUsesNonExistingService(t *testing.T) { kube := mocks.NewKubeClient() client := new(contrail_mocks.ApiClient) client.Init() client.AddInterceptor("virtual-machine-interface", &VmiInterceptor{}) client.AddInterceptor("virtual-network", &NetworkInterceptor{}) allocator := new(mocks.AddressAllocator) controller := NewTestController(kube, client, allocator, nil) pod1 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz1", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "testpod", "uses": "nonexisting", }, }, } netnsProject := new(types.Project) netnsProject.SetFQName("", []string{"default-domain", "testns"}) client.Create(netnsProject) allocator.On("LocateIpAddress", string(pod1.ObjectMeta.UID)).Return("10.0.0.1", nil) allocator.On("ReleaseIpAddress", string(pod1.ObjectMeta.UID)).Return() kube.PodInterface.On("Update", pod1).Return(pod1, nil) shutdown := make(chan struct{}) go controller.Run(shutdown) controller.AddPod(pod1) time.Sleep(100 * time.Millisecond) _, err := types.NetworkPolicyByName(client, "default-domain:testns:nonexisting") assert.NoError(t, err) _, err = types.VirtualNetworkByName(client, "default-domain:testns:testpod") assert.NoError(t, err) controller.DeletePod(pod1) time.Sleep(100 * time.Millisecond) type shutdownMsg struct { } shutdown <- shutdownMsg{} _, err = types.VirtualNetworkByName(client, "default-domain:testns:testpod") assert.Error(t, err) _, err = types.NetworkPolicyByName(client, "default-domain:testns:nonexisting") assert.Error(t, err) allocator.AssertExpectations(t) }
func (c *consistencyChecker) globalNetworkCheckPolicyAttachment(network *types.VirtualNetwork) bool { policyName := makeGlobalNetworkPolicyName(c.config, network.GetFQName()) policy, err := types.NetworkPolicyByName(c.client, strings.Join(policyName, ":")) if err != nil { glog.V(3).Infof("No network policy for %s", network.GetName()) return true } policyRefs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Error(err) return true } for _, ref := range policyRefs { if ref.Uuid == policy.GetUuid() { glog.V(5).Infof("Network %s attached to %s", network.GetName(), policy.GetUuid()) return true } } err = policyAttach(c.client, network, policy) if err != nil { glog.Error(err) } else { glog.Infof("attached global network %s to policy", strings.Join(network.GetFQName(), ":")) } return false }
func (m *NetworkManagerImpl) locatePolicy(targetName []string) (*types.NetworkPolicy, error) { policyName := makeGlobalNetworkPolicyName(m.config, targetName) policy, err := types.NetworkPolicyByName(m.client, strings.Join(policyName, ":")) if err != nil { policy = new(types.NetworkPolicy) policy.SetFQName("project", policyName) err = m.client.Create(policy) } return policy, err }
func (m *ServiceManagerImpl) releasePolicyIfEmpty(tenant, serviceName string) (*types.NetworkPolicy, error) { policyName := makeServicePolicyName(m.config, tenant, serviceName) policy, err := types.NetworkPolicyByName(m.client, strings.Join(policyName, ":")) if err != nil { return nil, nil } refs, err := policy.GetVirtualNetworkBackRefs() if err == nil && len(refs) == 0 { // Delete policy err = m.client.Delete(policy) if err == nil { return nil, nil } } else if err != nil { glog.Errorf("Release policy %s: %v", serviceName, err) } return policy, err }
func TestGlobalNetworkConsistencyConfigChange(t *testing.T) { env := new(TestFramework) env.SetUp("192.0.2.0/24") config := env.config config.GlobalNetworks = []string{"default-domain:cluster:global"} pod1 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz1", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "server", config.NetworkTag: "backend", }, }, } pod2 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz2", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "client", config.NetworkTag: "client", config.NetworkAccessTag: "svc", }, }, } pod3 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "gPod", Namespace: "cluster", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "global", config.NetworkTag: "global", }, }, } service := &api.Service{ ObjectMeta: api.ObjectMeta{ Name: "s1", Namespace: "testns", Labels: map[string]string{ config.NetworkTag: "svc", }, }, Spec: api.ServiceSpec{ Selector: map[string]string{ "Name": "server", }, ClusterIP: "10.254.42.42", }, } clusterProject := new(types.Project) clusterProject.SetFQName("", []string{"default-domain", "cluster"}) require.NoError(t, env.client.Create(clusterProject)) netnsProject := new(types.Project) netnsProject.SetFQName("", []string{"default-domain", "testns"}) require.NoError(t, env.client.Create(netnsProject)) env.Start() env.AddPod(pod3) env.AddPod(pod1) env.AddPod(pod2) env.AddService(service, "server") env.SyncBarrier() assert.True(t, env.checker.Check()) config.GlobalNetworks = []string{} for i := 0; i < 2; i++ { assert.False(t, env.checker.Check()) } assert.True(t, env.checker.Check()) policyName := makeGlobalNetworkPolicyName(config, []string{"default-domain", "cluster", "global"}) _, err := types.NetworkPolicyByName(env.client, strings.Join(policyName, ":")) require.Error(t, err) env.DeletePod(pod1) env.DeletePod(pod2) env.DeletePod(pod3) env.DeleteService(service, "server") env.SyncBarrier() env.Shutdown() assert.True(t, env.checker.Check()) }
func TestGlobalNetworkConsistencyUpdateNetwork(t *testing.T) { env := new(TestFramework) env.SetUp("192.0.2.0/24") config := env.config config.GlobalNetworks = []string{"default-domain:cluster:global"} pod1 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz1", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "server", config.NetworkTag: "backend", }, }, } pod2 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz2", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "client", config.NetworkTag: "client", config.NetworkAccessTag: "svc", }, }, } pod3 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "gPod", Namespace: "cluster", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "global", config.NetworkTag: "global", }, }, } service := &api.Service{ ObjectMeta: api.ObjectMeta{ Name: "s1", Namespace: "testns", Labels: map[string]string{ config.NetworkTag: "svc", }, }, Spec: api.ServiceSpec{ Selector: map[string]string{ "Name": "server", }, ClusterIP: "10.254.42.42", }, } clusterProject := new(types.Project) clusterProject.SetFQName("", []string{"default-domain", "cluster"}) require.NoError(t, env.client.Create(clusterProject)) netnsProject := new(types.Project) netnsProject.SetFQName("", []string{"default-domain", "testns"}) require.NoError(t, env.client.Create(netnsProject)) env.Start() env.AddPod(pod1) env.AddPod(pod2) env.AddPod(pod3) env.AddService(service, "server") env.SyncBarrier() // This connects the global-network policy with the respective network which is created after // the policy. assert.False(t, env.checker.Check()) // It should be ok now. assert.True(t, env.checker.Check()) policyName := makeGlobalNetworkPolicyName(config, []string{"default-domain", "cluster", "global"}) policy, err := types.NetworkPolicyByName(env.client, strings.Join(policyName, ":")) require.NoError(t, err) netRefs, err := policy.GetVirtualNetworkBackRefs() require.NoError(t, err) assert.Len(t, netRefs, 3) assert.Len(t, policy.GetNetworkPolicyEntries().PolicyRule, 2) env.DeletePod(pod1) env.DeletePod(pod2) env.DeleteService(service, "server") env.SyncBarrier() _, err = types.NetworkPolicyByName(env.client, strings.Join(policyName, ":")) assert.Error(t, err) assert.True(t, env.checker.Check()) env.Shutdown() }
func TestConsistencyPodUpdateRemovePrev(t *testing.T) { env := new(TestFramework) env.SetUp("192.0.2.0/24") client := env.client config := env.config pod1 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "x-1", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "client", config.NetworkTag: "client", config.NetworkAccessTag: "red", }, }, } pod2 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "x-2", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "client", config.NetworkTag: "client", config.NetworkAccessTag: "red", }, }, } pod3 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "redPod", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "red", config.NetworkTag: "redPrivate", }, }, } pod4 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "bluePod", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "Name": "blue", config.NetworkTag: "bluePrivate", }, }, } redService := &api.Service{ ObjectMeta: api.ObjectMeta{ Name: "red", Namespace: "testns", Labels: map[string]string{ config.NetworkTag: "red", }, }, Spec: api.ServiceSpec{ Selector: map[string]string{ "Name": "red", }, ClusterIP: "10.254.42.42", }, } blueService := &api.Service{ ObjectMeta: api.ObjectMeta{ Name: "blue", Namespace: "testns", Labels: map[string]string{ config.NetworkTag: "blue", }, }, Spec: api.ServiceSpec{ Selector: map[string]string{ "Name": "blue", }, ClusterIP: "10.254.42.43", }, } netnsProject := new(types.Project) netnsProject.SetFQName("", []string{"default-domain", "testns"}) client.Create(netnsProject) env.Start() env.AddPod(pod1) env.AddService(redService, "red") env.AddPod(pod2) env.AddPod(pod3) env.AddPod(pod4) env.AddService(blueService, "blue") env.SyncBarrier() serviceConnections := getNetworkServiceConnections(t, client, config, "testns", "client") assert.EqualValues(t, []string{"default", "red"}, serviceConnections) assert.True(t, env.checker.Check()) policyName := makeServicePolicyName(config, "testns", "red") _, err := types.NetworkPolicyByName(client, strings.Join(policyName, ":")) assert.NoError(t, err) clonePodAndUpdateAccessTag := func(pod *api.Pod, color string) *api.Pod { newPod := new(api.Pod) *newPod = *pod newPod.Labels = make(map[string]string, 0) for k, v := range pod.Labels { newPod.Labels[k] = v } newPod.Labels[config.NetworkAccessTag] = color return newPod } // Update connections on pod1 nPod1 := clonePodAndUpdateAccessTag(pod1, "blue") env.UpdatePod(pod1, nPod1) env.SyncBarrier() serviceConnections = getNetworkServiceConnections(t, client, config, "testns", "client") assert.EqualValues(t, []string{"default", "red", "blue"}, serviceConnections) assert.True(t, env.checker.Check(), "red and blue present") // Update connections on pod2 // This will leave a stale connection to network red. nPod2 := clonePodAndUpdateAccessTag(pod2, "blue") env.UpdatePod(pod2, nPod2) env.SyncBarrier() serviceConnections = getNetworkServiceConnections(t, client, config, "testns", "client") assert.EqualValues(t, []string{"default", "red", "blue"}, serviceConnections) assert.False(t, env.checker.Check()) env.DeleteService(redService, "red") env.SyncBarrier() // The second pass will delete the connection to network red. assert.False(t, env.checker.Check()) serviceConnections = getNetworkServiceConnections(t, client, config, "testns", "client") assert.EqualValues(t, []string{"default", "blue"}, serviceConnections) assert.True(t, env.checker.Check()) env.Shutdown() _, err = types.NetworkPolicyByName(client, strings.Join(policyName, ":")) assert.Error(t, err) }
func TestServiceWithMultipleUsers(t *testing.T) { kube := mocks.NewKubeClient() client := new(contrail_mocks.ApiClient) client.Init() client.AddInterceptor("virtual-machine-interface", &VmiInterceptor{}) client.AddInterceptor("virtual-network", &NetworkInterceptor{}) allocator := new(mocks.AddressAllocator) controller := NewTestController(kube, client, allocator, nil) pod1 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-server", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "server", }, }, } pod2 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz1", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "client1", "uses": "x1", }, }, } pod3 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz2", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "client1", "uses": "x1", }, }, } pod4 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz3", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "client2", "uses": "x1", }, }, } service := &api.Service{ ObjectMeta: api.ObjectMeta{ Name: "s1", Namespace: "testns", Labels: map[string]string{ "name": "x1", }, }, Spec: api.ServiceSpec{ Selector: map[string]string{ "name": "server", }, ClusterIP: "10.254.42.42", }, } netnsProject := new(types.Project) netnsProject.SetFQName("", []string{"default-domain", "testns"}) client.Create(netnsProject) allocator.On("LocateIpAddress", string(pod1.ObjectMeta.UID)).Return("10.0.0.1", nil) allocator.On("LocateIpAddress", string(pod2.ObjectMeta.UID)).Return("10.0.0.2", nil) allocator.On("LocateIpAddress", string(pod3.ObjectMeta.UID)).Return("10.0.0.3", nil) allocator.On("LocateIpAddress", string(pod4.ObjectMeta.UID)).Return("10.0.0.4", nil) allocator.On("ReleaseIpAddress", string(pod1.ObjectMeta.UID)).Return() allocator.On("ReleaseIpAddress", string(pod2.ObjectMeta.UID)).Return() allocator.On("ReleaseIpAddress", string(pod3.ObjectMeta.UID)).Return() allocator.On("ReleaseIpAddress", string(pod4.ObjectMeta.UID)).Return() kube.PodInterface.On("Update", pod1).Return(pod1, nil) kube.PodInterface.On("Update", pod2).Return(pod2, nil) kube.PodInterface.On("Update", pod3).Return(pod3, nil) kube.PodInterface.On("Update", pod4).Return(pod4, nil) kube.PodInterface.On("List", mock.Anything, mock.Anything).Return(&api.PodList{Items: []api.Pod{*pod1}}, nil) shutdown := make(chan struct{}) go controller.Run(shutdown) controller.AddPod(pod1) controller.AddService(service) controller.AddPod(pod2) controller.AddPod(pod3) controller.AddPod(pod4) time.Sleep(100 * time.Millisecond) policy, err := types.NetworkPolicyByName(client, "default-domain:testns:x1") assert.NoError(t, err) if err == nil { assert.Len(t, policy.GetNetworkPolicyEntries().PolicyRule, 2) assert.True(t, policyHasRule(policy, "default-domain:testns:client1", "default-domain:testns:service-x1")) assert.True(t, policyHasRule(policy, "default-domain:testns:client2", "default-domain:testns:service-x1")) } _, err = types.VirtualNetworkByName(client, "default-domain:testns:client2") assert.NoError(t, err) controller.DeletePod(pod3) time.Sleep(100 * time.Millisecond) policy, err = types.NetworkPolicyByName(client, "default-domain:testns:x1") assert.NoError(t, err) if err == nil { assert.Len(t, policy.GetNetworkPolicyEntries().PolicyRule, 2) } controller.DeletePod(pod4) time.Sleep(100 * time.Millisecond) _, err = types.VirtualNetworkByName(client, "default-domain:testns:client2") assert.Error(t, err) policy, err = types.NetworkPolicyByName(client, "default-domain:testns:x1") assert.NoError(t, err) if err == nil { assert.Len(t, policy.GetNetworkPolicyEntries().PolicyRule, 1) assert.True(t, policyHasRule(policy, "default-domain:testns:client1", "default-domain:testns:service-x1")) } controller.DeletePod(pod2) time.Sleep(100 * time.Millisecond) policy, err = types.NetworkPolicyByName(client, "default-domain:testns:x1") assert.NoError(t, err) if err == nil { assert.Len(t, policy.GetNetworkPolicyEntries().PolicyRule, 0) } controller.DeletePod(pod1) controller.DeleteService(service) time.Sleep(100 * time.Millisecond) type shutdownMsg struct { } shutdown <- shutdownMsg{} policy, err = types.NetworkPolicyByName(client, "default-domain:testns:x1") assert.Error(t, err) }
func TestServiceAddWithPod(t *testing.T) { kube := mocks.NewKubeClient() client := new(contrail_mocks.ApiClient) client.Init() client.AddInterceptor("virtual-machine-interface", &VmiInterceptor{}) client.AddInterceptor("virtual-network", &NetworkInterceptor{}) netnsProject := new(types.Project) netnsProject.SetFQName("domain", []string{"default-domain", "testns"}) assert.NoError(t, client.Create(netnsProject)) allocator := new(mocks.AddressAllocator) controller := NewTestController(kube, client, allocator, nil) pod := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "testpod", }, }, } service := &api.Service{ ObjectMeta: api.ObjectMeta{ Name: "s1", Namespace: "testns", Labels: map[string]string{ "name": "x1", }, }, Spec: api.ServiceSpec{ Selector: map[string]string{ "name": "testpod", }, ClusterIP: "10.254.42.42", }, } allocator.On("LocateIpAddress", string(pod.ObjectMeta.UID)).Return("10.0.0.1", nil) kube.PodInterface.On("Update", pod).Return(pod, nil) kube.PodInterface.On("List", mock.Anything, mock.Anything).Return(&api.PodList{Items: []api.Pod{*pod}}, nil) shutdown := make(chan struct{}) go controller.Run(shutdown) controller.AddPod(pod) controller.AddService(service) time.Sleep(100 * time.Millisecond) type shutdownMsg struct { } shutdown <- shutdownMsg{} time.Sleep(100 * time.Millisecond) obj, err := client.FindByName("virtual-network", "default-domain:testns:service-x1") require.NoError(t, err) serviceNet := obj.(*types.VirtualNetwork) sip, err := controller.networkMgr.LocateFloatingIp(serviceNet, service.Name, service.Spec.ClusterIP) assert.NoError(t, err) refList, err := sip.GetVirtualMachineInterfaceRefs() assert.Nil(t, err) assert.NotEmpty(t, refList) policy, err := types.NetworkPolicyByName(client, "default-domain:testns:x1") assert.NoError(t, err) if err == nil { assert.Len(t, policy.GetNetworkPolicyEntries().PolicyRule, 0) } }
func TestServiceUpdatePublicIp(t *testing.T) { kube := mocks.NewKubeClient() client := new(contrail_mocks.ApiClient) client.Init() client.AddInterceptor("virtual-machine-interface", &VmiInterceptor{}) client.AddInterceptor("virtual-network", &NetworkInterceptor{}) client.AddInterceptor("instance-ip", &IpInterceptor{}) client.AddInterceptor("floating-ip", &FloatingIpInterceptor{}) controller := NewTestController(kube, client, nil, nil) pod1 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-sv1", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "service", }, }, } pod2 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-sv2", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "service", }, }, } pod3 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz3", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "client", "uses": "svc", }, }, } service := &api.Service{ ObjectMeta: api.ObjectMeta{ Name: "service", Namespace: "testns", Labels: map[string]string{ "name": "svc", }, }, Spec: api.ServiceSpec{ Selector: map[string]string{ "name": "service", }, ClusterIP: "10.254.42.42", Type: api.ServiceTypeLoadBalancer, }, } netnsProject := new(types.Project) netnsProject.SetFQName("", []string{"default-domain", "testns"}) client.Create(netnsProject) kube.PodInterface.On("Update", pod1).Return(pod1, nil) kube.PodInterface.On("Update", pod2).Return(pod2, nil) kube.PodInterface.On("Update", pod3).Return(pod3, nil) selectPods := labels.Set(map[string]string{"name": "service"}).AsSelector() kube.PodInterface.On("List", selectPods, mock.Anything).Return(&api.PodList{Items: []api.Pod{*pod1, *pod2}}, nil) kube.ServiceInterface.On("Update", service).Return(service, nil) shutdown := make(chan struct{}) go controller.Run(shutdown) controller.AddPod(pod1) controller.AddPod(pod2) controller.AddPod(pod3) controller.AddService(service) time.Sleep(100 * time.Millisecond) fqn := strings.Split(controller.config.PublicNetwork, ":") fqn = append(fqn, fqn[len(fqn)-1]) fqn = append(fqn, service.Name) fip, err := types.FloatingIpByName(client, strings.Join(fqn, ":")) assert.NoError(t, err) if err == nil { vmList, err := getFloatingIpToInstanceList(client, fip) assert.NoError(t, err) assert.Len(t, vmList, 2) assert.Contains(t, vmList, string(pod1.UID)) assert.Contains(t, vmList, string(pod2.UID)) } nService := new(api.Service) *nService = *service nService.Spec.Type = api.ServiceTypeClusterIP controller.UpdateService(service, nService) time.Sleep(100 * time.Millisecond) _, err = types.FloatingIpByName(client, strings.Join(fqn, ":")) assert.Error(t, err) controller.UpdateService(nService, service) time.Sleep(100 * time.Millisecond) type shutdownMsg struct { } shutdown <- shutdownMsg{} fip, err = types.FloatingIpByName(client, strings.Join(fqn, ":")) assert.NoError(t, err) if err == nil { vmList, err := getFloatingIpToInstanceList(client, fip) assert.NoError(t, err) assert.Len(t, vmList, 2) assert.Contains(t, vmList, string(pod1.UID)) assert.Contains(t, vmList, string(pod2.UID)) } policy, err := types.NetworkPolicyByName(client, "default-domain:testns:svc") assert.NoError(t, err) if err == nil { assert.Len(t, policy.GetNetworkPolicyEntries().PolicyRule, 1) assert.True(t, policyHasRule(policy, "default-domain:testns:client", "default-domain:testns:service-svc")) } }
func TestServiceUpdateLabel(t *testing.T) { kube := mocks.NewKubeClient() client := new(contrail_mocks.ApiClient) client.Init() client.AddInterceptor("virtual-machine-interface", &VmiInterceptor{}) client.AddInterceptor("virtual-network", &NetworkInterceptor{}) client.AddInterceptor("instance-ip", &IpInterceptor{}) client.AddInterceptor("floating-ip", &FloatingIpInterceptor{}) controller := NewTestController(kube, client, nil, nil) pod1 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-sv1", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "server", }, }, } pod2 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz2", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "client1", "uses": "red", }, }, } pod3 := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "test-xz3", Namespace: "testns", UID: kubetypes.UID(uuid.New()), Labels: map[string]string{ "name": "client2", "uses": "blue", }, }, } service := &api.Service{ ObjectMeta: api.ObjectMeta{ Name: "service", Namespace: "testns", Labels: map[string]string{ "name": "red", }, }, Spec: api.ServiceSpec{ Selector: map[string]string{ "name": "server", }, ClusterIP: "10.254.42.42", Type: api.ServiceTypeLoadBalancer, }, } netnsProject := new(types.Project) netnsProject.SetFQName("", []string{"default-domain", "testns"}) client.Create(netnsProject) kube.PodInterface.On("Update", pod1).Return(pod1, nil) kube.PodInterface.On("Update", pod2).Return(pod2, nil) kube.PodInterface.On("Update", pod3).Return(pod3, nil) selectServer := labels.Set(map[string]string{"name": "server"}).AsSelector() kube.PodInterface.On("List", selectServer, mock.Anything).Return(&api.PodList{Items: []api.Pod{*pod1}}, nil) kube.ServiceInterface.On("Update", service).Return(service, nil) shutdown := make(chan struct{}) go controller.Run(shutdown) controller.AddPod(pod1) controller.AddPod(pod2) controller.AddPod(pod3) controller.AddService(service) time.Sleep(100 * time.Millisecond) redPolicy, err := types.NetworkPolicyByName(client, "default-domain:testns:red") assert.NoError(t, err) if err == nil { assert.Len(t, redPolicy.GetNetworkPolicyEntries().PolicyRule, 1) assert.True(t, policyHasRule(redPolicy, "default-domain:testns:client1", "default-domain:testns:service-red")) refs, err := redPolicy.GetVirtualNetworkBackRefs() assert.NoError(t, err) nameList := getReferenceListNames(refs) assert.Contains(t, nameList, "default-domain:testns:client1") assert.Contains(t, nameList, "default-domain:testns:service-red") } bluePolicy, err := types.NetworkPolicyByName(client, "default-domain:testns:blue") assert.NoError(t, err) if err == nil { assert.Len(t, bluePolicy.GetNetworkPolicyEntries().PolicyRule, 0) refs, err := bluePolicy.GetVirtualNetworkBackRefs() assert.NoError(t, err) assert.Len(t, refs, 1) } nService := new(api.Service) *nService = *service nService.Labels = map[string]string{ "name": "blue", } // The service will receive a different PublicIP because this is translated into a service delete operation, // followed by an add. kube.ServiceInterface.On("Update", nService).Return(nService, nil) controller.UpdateService(service, nService) time.Sleep(100 * time.Millisecond) type shutdownMsg struct { } shutdown <- shutdownMsg{} bluePolicy, err = types.NetworkPolicyByName(client, "default-domain:testns:blue") assert.NoError(t, err) if err == nil { assert.Len(t, bluePolicy.GetNetworkPolicyEntries().PolicyRule, 1) assert.True(t, policyHasRule(bluePolicy, "default-domain:testns:client2", "default-domain:testns:service-blue")) refs, err := bluePolicy.GetVirtualNetworkBackRefs() assert.NoError(t, err) nameList := getReferenceListNames(refs) assert.Contains(t, nameList, "default-domain:testns:client2") assert.Contains(t, nameList, "default-domain:testns:service-blue") } redPolicy, err = types.NetworkPolicyByName(client, "default-domain:testns:red") assert.NoError(t, err) if err == nil { assert.Len(t, redPolicy.GetNetworkPolicyEntries().PolicyRule, 0) refs, err := redPolicy.GetVirtualNetworkBackRefs() assert.NoError(t, err) assert.Len(t, refs, 1) } fip, err := types.FloatingIpByName(client, "default-domain:testns:service-blue:service-blue:service") assert.NoError(t, err) if err == nil { vmList, err := getFloatingIpToInstanceList(client, fip) assert.NoError(t, err) assert.Len(t, vmList, 1) assert.Contains(t, vmList, string(pod1.UID)) } }