WIP: E2E test case for Kmesh L4 authorization

[YaoZengzeng]

What type of PR is this?

/kind enhancement

What this PR does / why we need it:

Which issue(s) this PR fixes:
Fixes #492

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 17 lines in your changes missing coverage. Please review.

Project coverage is 45.23%. Comparing base (2eb3f92) to head (335cb2a).
Report is 176 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/status/status_server.go	0.00%	17 Missing ⚠️

Files with missing lines	Coverage Δ
pkg/status/status_server.go	34.93% <0.00%> (-0.96%)	⬇️

... and 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 724789d...335cb2a. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[YaoZengzeng]

/test

[kmesh-bot]

@YaoZengzeng: No presubmit jobs available for kmesh-net/kmesh@main

Details

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[YaoZengzeng]

/retest

[hzxuzhonghu]

why do you choose this special workload as a src client

[YaoZengzeng]

There is no specific choice, any workload managed by Kmesh is OK.

[hzxuzhonghu]

? why require at least 2 addresses

[YaoZengzeng]

One for allow and one for deny.

[hzxuzhonghu]

This is too wide, for tcp authz, can we only check reset?

[hzxuzhonghu]

A hacky way, would prefer using fmt.Sprintf or golang template

[hzxuzhonghu]

authz offloading is disabled by default, the only way to enable it is kmeshctl authx enable

[kmesh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bitcoffeeiux for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[weli-l]

/retest

[hzxuzhonghu]

/test all

[kmesh-bot]

@hzxuzhonghu: No presubmit jobs available for kmesh-net/kmesh@main

Details

In response to this:

/test all

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[YaoZengzeng]

/test all

[kmesh-bot]

@YaoZengzeng: No presubmit jobs available for kmesh-net/kmesh@main

Details

In response to this:

/test all

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[YaoZengzeng]

/retest

[hzxuzhonghu]

Fogot to submit comments

[hzxuzhonghu]

remove

[hzxuzhonghu]

remove

[hzxuzhonghu]

nit: we can split test cases by the functionalities

[hzxuzhonghu]

hmm, this is the server instance

[hzxuzhonghu]

there is retry.Until that can be used

[hzxuzhonghu]

shoudn't you wait until the policy has been populated? I cannot understand how you make it

[YaoZengzeng]

replace by #1349