diff --git a/test/e2e/framework.go b/test/e2e/framework.go index a321d135b..d52220c81 100644 --- a/test/e2e/framework.go +++ b/test/e2e/framework.go @@ -642,8 +642,7 @@ func applyYAML(filename string, ns string) error { return nil } -//Temporarily disable traffic check -/* +// Temporarily disable traffic check func runCommand(cmd string) (string, error) { err := wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { var stdout, stderr bytes.Buffer @@ -665,7 +664,6 @@ func runCommand(cmd string) (string, error) { }) return "", err } -*/ func deleteYAML(filename string, ns string) error { cmd := fmt.Sprintf("kubectl delete -f %s -n %s", filename, ns) diff --git a/test/e2e/nsx_security_policy_test.go b/test/e2e/nsx_security_policy_test.go index 5bef4affc..bb350fa94 100644 --- a/test/e2e/nsx_security_policy_test.go +++ b/test/e2e/nsx_security_policy_test.go @@ -274,7 +274,6 @@ func TestSecurityPolicyNamedPortWithoutPod(t *testing.T) { assertNil(t, err) } -/* // TestSecurityPolicyNamedPort0 verifies that the traffic of security policy when named port applied. // This test is to verify the named port feature of security policy. // When appliedTo is in policy level. @@ -282,9 +281,9 @@ func TestSecurityPolicyNamedPort0(t *testing.T) { nsClient := "client" nsWeb := "web" securityPolicyName := "named-port-policy" - clientA := "client" - webA := "web" - labelWeb := "tcp-deployment" + ruleName0 := "all-ingress-isolation" + ruleName1 := "all-egress-isolation" + var err error testData.deleteNamespace(nsClient, defaultTimeout) testData.deleteNamespace(nsWeb, defaultTimeout) @@ -298,27 +297,39 @@ func TestSecurityPolicyNamedPort0(t *testing.T) { _ = applyYAML(podPath, "") defer deleteYAML(podPath, "") - // Wait for pods - ps, err := testData.podWaitForIPs(defaultTimeout, clientA, nsClient) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod %s", clientA) - psb, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod %s", webA) - err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) - assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + // Temporarily disable traffic check + /* + clientA := "client" + webA := "web" + labelWeb := "tcp-deployment" + + // Wait for pods + ps, err := testData.podWaitForIPs(defaultTimeout, clientA, nsClient) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod %s", clientA) + psb, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod %s", webA) + err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) + assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + */ // Check nsx-t resource existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, true) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, true) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName0, true) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, true) assertNil(t, err) - // Nc from pod - err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[0], 80) - assertNil(t, err, "Error when running nc command from Pod %s", clientA) - err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[1], 80) - assertNil(t, err, "Error when running nc command from Pod %s", clientA) + // Temporarily disable traffic check + /* + // Nc from pod + err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[0], 80) + assertNil(t, err, "Error when running nc command from Pod %s", clientA) + err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[1], 80) + assertNil(t, err, "Error when running nc command from Pod %s", clientA) + */ // Delete all _ = deleteYAML(podPath, "") @@ -328,7 +339,9 @@ func TestSecurityPolicyNamedPort0(t *testing.T) { // Check nsx-t resource not existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, false) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, false) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName0, false) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, false) assertNil(t, err) } @@ -339,9 +352,9 @@ func TestSecurityPolicyNamedPort1(t *testing.T) { nsClient := "client" nsWeb := "web" securityPolicyName := "named-port-policy" - clientA := "client" - webA := "web" - labelWeb := "tcp-deployment" + ruleName0 := "all-ingress-isolation" + ruleName1 := "all-egress-isolation" + var err error testData.deleteNamespace(nsClient, defaultTimeout) testData.deleteNamespace(nsWeb, defaultTimeout) @@ -355,27 +368,39 @@ func TestSecurityPolicyNamedPort1(t *testing.T) { _ = applyYAML(podPath, "") defer deleteYAML(podPath, "") - // Wait for pods - ps, err := testData.podWaitForIPs(defaultTimeout, clientA, nsClient) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod %s", clientA) - psb, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod %s", webA) - err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) - assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + // Temporarily disable traffic check + /* + clientA := "client" + webA := "web" + labelWeb := "tcp-deployment" + + // Wait for pods + ps, err := testData.podWaitForIPs(defaultTimeout, clientA, nsClient) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod %s", clientA) + psb, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod %s", webA) + err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) + assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + */ // Check nsx-t resource existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, true) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, true) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName0, true) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, true) assertNil(t, err) - // Nc from pod - err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[0], 80) - assertNil(t, err, "Error when running nc command from Pod %s", clientA) - err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[1], 80) - assertNil(t, err, "Error when running nc command from Pod %s", clientA) + // Temporarily disable traffic check + /* + // Nc from pod + err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[0], 80) + assertNil(t, err, "Error when running nc command from Pod %s", clientA) + err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[1], 80) + assertNil(t, err, "Error when running nc command from Pod %s", clientA) + */ // Delete all _ = deleteYAML(podPath, "") @@ -385,7 +410,9 @@ func TestSecurityPolicyNamedPort1(t *testing.T) { // Check nsx-t resource not existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, false) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, false) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName0, false) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, false) assertNil(t, err) } @@ -396,9 +423,10 @@ func TestSecurityPolicyNamedPort2(t *testing.T) { nsClient := "client" nsWeb := "web" securityPolicyName := "named-port-policy" + ruleName0 := "all-ingress-isolation" + ruleName1 := "all-egress-isolation" clientA := "client" - webA := "web" - labelWeb := "tcp-deployment" + var err error testData.deleteNamespace(nsClient, defaultTimeout) testData.deleteNamespace(nsWeb, defaultTimeout) @@ -412,20 +440,28 @@ func TestSecurityPolicyNamedPort2(t *testing.T) { _ = applyYAML(podPath, "") defer deleteYAML(podPath, "") - // Wait for pods - ps, err := testData.podWaitForIPs(defaultTimeout, clientA, nsClient) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod %s", clientA) - psb, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod %s", webA) - err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) - assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + // Temporarily disable traffic check + /* + webA := "web" + labelWeb := "tcp-deployment" + + // Wait for pods + ps, err := testData.podWaitForIPs(defaultTimeout, clientA, nsClient) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod %s", clientA) + psb, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod %s", webA) + err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) + assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + */ // Check nsx-t resource existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, true) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, true) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName0, true) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, true) assertNil(t, err) // Label ns @@ -433,11 +469,14 @@ func TestSecurityPolicyNamedPort2(t *testing.T) { _, err = runCommand(cmd) assertNil(t, err, "Error when running command %s", cmd) - // Nc from pod - err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[0], 80) - assertNil(t, err, "Error when running nc command from Pod %s", clientA) - err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[1], 80) - assertNil(t, err, "Error when running nc command from Pod %s", clientA) + // Temporarily disable traffic check + /* + // Nc from pod + err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[0], 80) + assertNil(t, err, "Error when running nc command from Pod %s", clientA) + err = testData.runNetcatCommandFromPod(nsClient, clientA, clientA, psb[1], 80) + assertNil(t, err, "Error when running nc command from Pod %s", clientA) + */ // Delete all _ = deleteYAML(podPath, "") @@ -447,7 +486,9 @@ func TestSecurityPolicyNamedPort2(t *testing.T) { // Check nsx-t resource not existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, false) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, false) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName0, false) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, false) assertNil(t, err) } @@ -457,10 +498,9 @@ func TestSecurityPolicyNamedPort2(t *testing.T) { func TestSecurityPolicyNamedPort3(t *testing.T) { nsDB := "db" nsWeb := "web" - containerName := "web" securityPolicyName := "named-port-policy" - labelWeb := "tcp-deployment" - labelDB := "mysql" + ruleName0 := "all-ingress-isolation" + ruleName1 := "all-egress-isolation" testData.deleteNamespace(nsDB, defaultTimeout) testData.deleteNamespace(nsWeb, defaultTimeout) @@ -479,26 +519,38 @@ func TestSecurityPolicyNamedPort3(t *testing.T) { _ = applyYAML(podPath, "") defer deleteYAML(podPath, "") - // Wait for pods - ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) + // Temporarily disable traffic check + /* + containerName := "web" + labelWeb := "tcp-deployment" + labelDB := "mysql" - _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) - err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) - assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + // Wait for pods + ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) + + _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) + err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) + assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + */ // Check nsx-t resource existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, true) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, true) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName0, true) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, true) assertNil(t, err) - // Nc from pod - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) - assertNil(t, err, "Error when running nc command from Pod %s", "web") + // Temporarily disable traffic check + /* + // Nc from pod + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + */ // Delete all _ = deleteYAML(podPath, "") @@ -508,7 +560,9 @@ func TestSecurityPolicyNamedPort3(t *testing.T) { // Check nsx-t resource not existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, false) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, false) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName0, false) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, false) assertNil(t, err) } @@ -518,10 +572,7 @@ func TestSecurityPolicyNamedPort3(t *testing.T) { func TestSecurityPolicyNamedPort4(t *testing.T) { nsDB := "db" nsWeb := "web" - containerName := "web" securityPolicyName := "named-port-policy" - labelWeb := "tcp-deployment" - labelDB := "mysql" testData.deleteNamespace(nsDB, defaultTimeout) testData.deleteNamespace(nsWeb, defaultTimeout) @@ -540,16 +591,23 @@ func TestSecurityPolicyNamedPort4(t *testing.T) { _ = applyYAML(podPath, "") defer deleteYAML(podPath, "") - // Wait for pods - ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) + // Temporarily disable traffic check + /* + containerName := "web" + labelWeb := "tcp-deployment" + labelDB := "mysql" - _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) - err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) - assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + // Wait for pods + ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) + + _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) + err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) + assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + */ // Check nsx-t resource existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, true) @@ -557,9 +615,12 @@ func TestSecurityPolicyNamedPort4(t *testing.T) { err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, securityPolicyName, true) assertNil(t, err) - // Nc from pod - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) - assertNil(t, err, "Error when running nc command from Pod %s", "web") + // Temporarily disable traffic check + /* + // Nc from pod + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + */ // Delete all _ = deleteYAML(podPath, "") @@ -580,13 +641,9 @@ func TestSecurityPolicyNamedPort5(t *testing.T) { nsDB := "db" nsDB2 := "db2" nsWeb := "web" - containerName := "web" securityPolicyName := "named-port-policy" ruleName := "named-port-policy-0-0-0" ruleName1 := "named-port-policy-0-0-1" - labelWeb := "tcp-deployment" - labelDB := "mysql" - labelDB2 := "mysql2" testData.deleteNamespace(nsDB, defaultTimeout) testData.deleteNamespace(nsDB2, defaultTimeout) @@ -608,32 +665,43 @@ func TestSecurityPolicyNamedPort5(t *testing.T) { _ = applyYAML(podPath, "") defer deleteYAML(podPath, "") - // Wait for pods - ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) + // Temporarily disable traffic check + /* + containerName := "web" + labelWeb := "tcp-deployment" + labelDB := "mysql" + labelDB2 := "mysql2" + + // Wait for pods + ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) - ps2, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB2, labelDB2) - t.Logf("Pods are %v", ps2) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB2) + ps2, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB2, labelDB2) + t.Logf("Pods are %v", ps2) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB2) - _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) - err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) - assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) + err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) + assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + */ // Check nsx-t resource existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, true) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName, true) - assertNil(t, err) - - // Nc from pod - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps2[0], 1234) - assertNotNil(t, err, "Error when running nc command from Pod %s", "web") - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) - assertNil(t, err, "Error when running nc command from Pod %s", "web") + // Temporarily disable traffic check + /* + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName, true) + assertNil(t, err) + + // Nc from pod + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps2[0], 1234) + assertNotNil(t, err, "Error when running nc command from Pod %s", "web") + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + */ // Label ns cmd = fmt.Sprintf("kubectl label ns %s %s=%s --overwrite", nsDB2, "role", "db") @@ -641,14 +709,17 @@ func TestSecurityPolicyNamedPort5(t *testing.T) { assertNil(t, err, "Error when running command %s", cmd) err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, true) - assertNil(t, err) - - // Nc from pod - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps2[0], 1234) - assertNil(t, err, "Error when running nc command from Pod %s", "web") - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) - assertNil(t, err, "Error when running nc command from Pod %s", "web") + // Temporarily disable traffic check + /* + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, true) + assertNil(t, err) + + // Nc from pod + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps2[0], 1234) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + */ // Delete all _ = deleteYAML(podPath, "") @@ -673,13 +744,9 @@ func TestSecurityPolicyNamedPort6(t *testing.T) { nsDB := "db" nsDB2 := "db2" nsWeb := "web" - containerName := "web" securityPolicyName := "named-port-policy" ruleName := "named-port-policy-0-0-0" ruleName1 := "named-port-policy-0-0-1" - labelWeb := "tcp-deployment" - labelDB := "mysql" - labelDB2 := "mysql2" testData.deleteNamespace(nsDB, defaultTimeout) testData.deleteNamespace(nsDB2, defaultTimeout) @@ -704,34 +771,45 @@ func TestSecurityPolicyNamedPort6(t *testing.T) { _ = applyYAML(podPath, "") defer deleteYAML(podPath, "") - // Wait for pods - ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) + // Temporarily disable traffic check + /* + containerName := "web" + labelWeb := "tcp-deployment" + labelDB := "mysql" + labelDB2 := "mysql2" + + // Wait for pods + ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) - ps2, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB2, labelDB2) - t.Logf("Pods are %v", ps2) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB2) + ps2, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB2, labelDB2) + t.Logf("Pods are %v", ps2) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB2) - _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) - err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) - assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) + err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) + assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + */ // Check nsx-t resource existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, true) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName, true) - assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, false) - assertNil(t, err) - - // Nc from pod - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps2[0], 3306) - assertNil(t, err, "Error when running nc command from Pod %s", "web") - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) - assertNil(t, err, "Error when running nc command from Pod %s", "web") + // Temporarily disable traffic check + /* + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName, true) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, false) + assertNil(t, err) + + // Nc from pod + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps2[0], 3306) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + */ // Delete all _ = deleteYAML(podPath, "") @@ -756,13 +834,9 @@ func TestSecurityPolicyNamedPort7(t *testing.T) { nsDB := "db" nsDB2 := "db2" nsWeb := "web" - containerName := "web" securityPolicyName := "named-port-policy" ruleName := "named-port-policy-0-0-0" ruleName1 := "named-port-policy-0-0-1" - labelWeb := "tcp-deployment" - labelDB := "mysql" - labelDB2 := "mysql2" testData.deleteNamespace(nsDB, defaultTimeout) testData.deleteNamespace(nsDB2, defaultTimeout) @@ -787,34 +861,44 @@ func TestSecurityPolicyNamedPort7(t *testing.T) { _ = applyYAML(podPath, "") defer deleteYAML(podPath, "") - // Wait for pods - ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) - t.Logf("Pods are %v", ps) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) + // Temporarily disable traffic check + /* + containerName := "web" + labelWeb := "tcp-deployment" + labelDB := "mysql" + labelDB2 := "mysql2" + // Wait for pods + ps, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB, labelDB) + t.Logf("Pods are %v", ps) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB) - ps2, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB2, labelDB2) - t.Logf("Pods are %v", ps2) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB2) + ps2, _, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsDB2, labelDB2) + t.Logf("Pods are %v", ps2) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsDB2) - _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) - t.Logf("Pods are %v", psb) - assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) - err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) - assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + _, psb, err := testData.deploymentWaitForIPsOrNames(defaultTimeout, nsWeb, labelWeb) + t.Logf("Pods are %v", psb) + assertNil(t, err, "Error when waiting for IP for Pod ns %s", nsWeb) + err = testData.waitForCRReadyOrDeleted(defaultTimeout, SP, nsWeb, securityPolicyName, Ready) + assertNil(t, err, "Error when waiting for Security Policy %s", securityPolicyName) + */ // Check nsx-t resource existing err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeSecurityPolicy, securityPolicyName, true) assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName, true) - assertNil(t, err) - err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, true) - assertNil(t, err) - - // Nc from pod - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps2[0], 1234) - assertNil(t, err, "Error when running nc command from Pod %s", "web") - err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) - assertNil(t, err, "Error when running nc command from Pod %s", "web") + // Temporarily disable traffic check + /* + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName, true) + assertNil(t, err) + err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, true) + assertNil(t, err) + + // Nc from pod + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps2[0], 1234) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + err = testData.runNetcatCommandFromPod(nsWeb, psb[0], containerName, ps[0], 3306) + assertNil(t, err, "Error when running nc command from Pod %s", "web") + */ // Delete all _ = deleteYAML(podPath, "") @@ -829,4 +913,3 @@ func TestSecurityPolicyNamedPort7(t *testing.T) { err = testData.waitForResourceExistOrNot(nsWeb, common.ResourceTypeRule, ruleName1, false) assertNil(t, err) } -*/