kubesphere/test/e2e/e2e_test.go

package e2e_test

import (
	"context"
	"time"

	"k8s.io/klog"

	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
	appsv1 "k8s.io/api/apps/v1"
	batchv1 "k8s.io/api/batch/v1"
	corev1 "k8s.io/api/core/v1"
	"k8s.io/apimachinery/pkg/labels"
	"k8s.io/client-go/kubernetes/scheme"
	"kubesphere.io/kubesphere/pkg/apis/network/v1alpha1"
	"kubesphere.io/kubesphere/pkg/test"
	"sigs.k8s.io/controller-runtime/pkg/client"
)

var simpleDeployYaml = `apiVersion: apps/v1
kind: Deployment
metadata:
  name:  nginx
  namespace: production
  labels:
    name:  nginx
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
       app: nginx
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        name:  nginx
        app: nginx
        color : red
    spec:
      containers:
      - image:  nginx:alpine
        name:  nginx
        imagePullPolicy: IfNotPresent
        resources:
          requests:
            cpu: "20m"
            memory: "55M"
        env:
        - name:  ENVVARNAME
          value:  ENVVARVALUE       
        ports:
        - containerPort:  80
          name:  http
      restartPolicy: Always`

var simpleNPYaml = `apiVersion: network.kubesphere.io/v1alpha1
kind: NamespaceNetworkPolicy
metadata:
  name: allow-icmp-only
  namespace: production
spec:
  selector: color == 'red'
  ingress:
  - action: Allow
    protocol: ICMP
    source:
      selector: color == 'blue'
      namespaceSelector: all()`

var simpleJobYaml = `apiVersion: batch/v1
kind: Job
metadata:
  name: test-connect
  namespace: production
spec:
  template:
    metadata:
      labels:
        color : blue
    spec:
      containers:
      - name: test-connect
        image: alpine
        command: ["ping", "1.1.1.1"]
      restartPolicy: Never
  backoffLimit: 1`

var testNs = "production"
var _ = Describe("E2e for network policy", func() {
	BeforeEach(func() {
		Expect(test.EnsureNamespace(ctx.Client, testNs)).ShouldNot(HaveOccurred())
	})

	AfterEach(func() {
		Expect(test.DeleteNamespace(ctx.Client, testNs)).ShouldNot(HaveOccurred())
		ns := &corev1.Namespace{}
		ns.Name = testNs
		Expect(test.WaitForDeletion(ctx.Client, ns, time.Second*5, time.Minute)).ShouldNot(HaveOccurred())
	})

	It("Should work well in simple namespaceNetworkPolicy", func() {
		decode := scheme.Codecs.UniversalDeserializer().Decode
		obj, _, err := decode([]byte(simpleDeployYaml), nil, nil)
		Expect(err).ShouldNot(HaveOccurred(), "Failed to parse yaml")
		deploy := obj.(*appsv1.Deployment)
		Expect(ctx.Client.Create(context.TODO(), obj)).ShouldNot(HaveOccurred())
		Expect(test.WaitForController(ctx.Client, deploy.Namespace, deploy.Name, *deploy.Spec.Replicas, time.Second*2, time.Minute)).ShouldNot(HaveOccurred())
		defer func() {
			Expect(ctx.Client.Delete(context.TODO(), deploy)).ShouldNot(HaveOccurred())
		}()
		obj, _, err = decode([]byte(simpleNPYaml), nil, nil)
		Expect(err).ShouldNot(HaveOccurred(), "Failed to parse networkpolicy yaml")
		np := obj.(*v1alpha1.NamespaceNetworkPolicy)
		Expect(ctx.Client.Create(context.TODO(), np)).ShouldNot(HaveOccurred())
		defer func() {
			Expect(ctx.Client.Delete(context.TODO(), np)).ShouldNot(HaveOccurred())
			Expect(test.WaitForDeletion(ctx.Client, np, time.Second*2, time.Minute)).ShouldNot(HaveOccurred())
		}()
		obj, _, err = decode([]byte(simpleJobYaml), nil, nil)
		Expect(err).ShouldNot(HaveOccurred(), "Failed to parse job yaml")

		//create a job to test
		job := obj.(*batchv1.Job)
		selector, _ := labels.Parse("app=nginx")
		podlist := &corev1.PodList{}
		Expect(ctx.Client.List(context.TODO(), &client.ListOptions{
			Namespace:     deploy.Namespace,
			LabelSelector: selector,
		}, podlist)).ShouldNot(HaveOccurred())
		Expect(podlist.Items).To(HaveLen(int(*deploy.Spec.Replicas)))
		podip := podlist.Items[0].Status.PodIP
		job.Spec.Template.Spec.Containers[0].Command = []string{"ping", "-c", "4", podip}
		job.Spec.Template.Labels["color"] = "yellow"
		orginalJob := job.DeepCopy()
		Expect(ctx.Client.Create(context.TODO(), job)).ShouldNot(HaveOccurred())
		defer func() {
			Expect(ctx.Client.Delete(context.TODO(), job)).ShouldNot(HaveOccurred())
		}()
		klog.Infoln("sleep 10s to wait for controller creating np")
		time.Sleep(time.Second * 10)
		Expect(test.WaitForJobFail(ctx.Client, job.Namespace, job.Name, time.Second*3, time.Minute)).ShouldNot(HaveOccurred(), "Failed to block connection")

		//change job color
		job = orginalJob.DeepCopy()
		Expect(ctx.Client.Delete(context.TODO(), job)).ShouldNot(HaveOccurred())
		Expect(test.WaitForDeletion(ctx.Client, job, time.Second*2, time.Minute)).ShouldNot(HaveOccurred())
		job.Spec.Template.Labels["color"] = "blue"
		Expect(ctx.Client.Create(context.TODO(), job)).ShouldNot(HaveOccurred())
		Expect(test.WaitForJobSucceed(ctx.Client, job.Namespace, job.Name, time.Second*3, time.Minute)).ShouldNot(HaveOccurred(), "Connection failed")
	})
})