Ginkgo: Added PolicyGeneration on Nightly tests#2258
Conversation
There was a problem hiding this comment.
exported const HTTP should have comment (or a comment on this block) or be unexported
There was a problem hiding this comment.
exported var ConnTests should have comment or be unexported
There was a problem hiding this comment.
If this file is added intentionally, it should be added to CODEOWNERS file, as this is the only change in this PR that is pulling in the requirement for Janitor's review.
If this file is here accidentally we may need to add it to .gitignore to avoid it popping up later.
There was a problem hiding this comment.
Sorry, I was testing this in my local Jenkins and I did not remove it. My fault!
There was a problem hiding this comment.
In this case, we only need if the exit was success or not. The error message is not essential.(A lot of them are supposed to fail)
There was a problem hiding this comment.
Still, logging the errors in debug mode may be useful.
There was a problem hiding this comment.
The main problem to log things that didn't work cause a lot of noise, and opens tasks like #2221
Have a lot of logs that says fail when it is supposed to fail creates a lot of confusion.
There was a problem hiding this comment.
In this case, we only need if the exit was success or not. The error message is not essential.(A lot of them are supposed to fail)
There was a problem hiding this comment.
Still, logging the errors in debug mode may be useful.
There was a problem hiding this comment.
Magic numbers? Can you add a comment with the meaning of each number?
There was a problem hiding this comment.
I'm not sure why this is commented, but it would be good to either uncomment&fix, or open an issue and add a line above the comment that links to the GH issue so we can know why this commented code exists, and find out more.
There was a problem hiding this comment.
exported method GetConnectivyTest returns unexported type []policygen.connTestResultType, which can be annoying to use
There was a problem hiding this comment.
exported method GetConnectivyTest returns unexported type []policygen.connTestResultType, which can be annoying to use
nebril
left a comment
There was a problem hiding this comment.
Most of my comments are stylistic or nitpicks, but there are some bigger ones. Please ping me for any clarifications.
There was a problem hiding this comment.
Still, logging the errors in debug mode may be useful.
There was a problem hiding this comment.
Still, logging the errors in debug mode may be useful.
| if err != nil { | ||
| return "", 0, err | ||
| } | ||
| return data.Spec.ClusterIP, int(data.Spec.Ports[0].Port), nil |
There was a problem hiding this comment.
This will panic if data.Spec.Ports is empty. Please add a check for it and return an error accordingly.
| // the command in the provided buffers. Returns false if the command failed | ||
| // during its execution. | ||
| func (s *SSHMeta) Execute(cmd string, stdout io.Writer, stderr io.Writer) bool { | ||
| func (s *SSHMeta) Execute(cmd string, stdout io.Writer, stderr io.Writer) (bool, error) { |
There was a problem hiding this comment.
I think that at this point returning bool is redundant. Can you change it so only error is returned?
| func (s *SSHMeta) ExecWithSudo(cmd string, stdout io.Writer, stderr io.Writer) bool { | ||
| command := fmt.Sprintf("sudo %s", cmd) | ||
| return s.Execute(command, stdout, stderr) | ||
| result, _ := s.Execute(command, stdout, stderr) |
There was a problem hiding this comment.
Returning only error in all Exec* methods would make sure that we don't ignore any errors.
There was a problem hiding this comment.
Please change name of the variable to expectedTestResult or sth like that.
There was a problem hiding this comment.
I don't get why do we need these two for loops. As I understand, DetermineStatus returns what result is expected from give testType? What does it matter which rules are matched first?
There was a problem hiding this comment.
Easy, this is an example rule:
IngressRule on pod dest:
-- allow PORT 8080 --> ResultTimeout
EgressRule on src pod:
-- only access to /private/ url to port 80:
Testcase:
- If src pod made an http request to http://destPod:80/private --> ResultTimeout Correct. (The rule that match is the IngressRule)
- If src pod made an http request to http://destPod:80/public --> ResultAuth --> The expected was ResultTimeout
So, we need to check the egress before the ingress part to determine the status of the expected result
There was a problem hiding this comment.
The error should be propagated; change log message on line 75 to be kub.logger.WithError(err).Errorf(...
There was a problem hiding this comment.
Can you change this function to return an error similar to Execute on line 81 above? Would make the functions more uniform in their implementation.
There was a problem hiding this comment.
log message is a bit verbose. what about "HTTPAction returned unexpected exit code %d" ?
There was a problem hiding this comment.
Create a GH issue and ref it here with GH-XXXX so that we know this is tracked.
There was a problem hiding this comment.
Will the result always be a result timeout if the result was not successful?
There was a problem hiding this comment.
fmt.Errorf("%s not implemented yet", t.Kind)
There was a problem hiding this comment.
NetworkPolicyCreate --> CreateCiliumNetworkPolicy
There was a problem hiding this comment.
Use consistency in comments esp. when referring to types. Change resutltType and resulttype --> ResultType
There was a problem hiding this comment.
package comment should be of the form "Package policygen ..."
There was a problem hiding this comment.
exported var ConnTests should have comment or be unexported
There was a problem hiding this comment.
package comment should be of the form "Package policygen ..."
There was a problem hiding this comment.
package comment should be of the form "Package policygen ..."
There was a problem hiding this comment.
exported const KubectlCmd should have comment (or a comment on this block) or be unexported
2a7858a to
84a782b
Compare
|
@ianvernon @nebril this PR should be ok, all the comments are now fixed. Regards |
ianvernon
left a comment
There was a problem hiding this comment.
Comments are fixed well-enough that I think this can be merged
|
@nebril any update on this please? |
|
test this please |
8ff10ec to
c765137
Compare
|
@eloycoto please rebase and fix merge conflicts. |
e85f152 to
1cc2848
Compare
- Added a new policy generation tool under helpers/policygen folder. - Added exitCode on CMDRes - Added Kubectl.GetServiceHostPort method. - Added NightlyK8sPolicies test Signed-off-by: Eloy Coto <eloy.coto@gmail.com>
Signed-off-by: Eloy Coto <eloy.coto@gmail.com>
Fix an issue when l3 was ResultTimeout in ingress and Egress has a deny policy. Egress rules are the first match, so it should check first the egress part instead ingress Signed-off-by: Eloy Coto <eloy.coto@gmail.com>
Fix L7 isssues on egress+ingress cases
Return only the error instead of sucess, err Signed-off-by: Eloy Coto <eloy.coto@gmail.com>
Signed-off-by: Eloy Coto <eloy.coto@gmail.com>
Signed-off-by: Eloy Coto <eloy.coto@gmail.com>
This issue covers a few test cases for issue #2029, not all yet, but I'll provide more test cases this week.
Summary:
Signed-off-by: Eloy Coto eloy.coto@gmail.com