Introduced kubernetes Introspect utilities.

Introduced kubernetes introspect utilities and corresponding checks
for k8s objects in kube manager.
Added few introspect checks in agent as well

Change-Id: I064a664383b126ee3467c15ab433ce360d02a21e
Closes-bug: #1773072

common/connections.py

@@ -5,7 +5,8 @@
 from tcutils.agent.vna_introspect_utils import *
 from tcutils.collector.opserver_introspect_utils import *
 from tcutils.collector.analytics_tests import *
-from tcutils.config.kube_manager_introspect_utils import KubeManagerInspect
+
+from tcutils.kubernetes.k8s_introspect_utils import KubeManagerInspect
 from vnc_api.vnc_api import *
 from tcutils.vdns.dns_introspect_utils import DnsAgentInspect
 from tcutils.util import custom_dict, get_plain_uuid
@@ -228,7 +229,7 @@ def get_kube_manager_h(self, refresh=False):
         if not getattr(self, '_kube_manager_inspect', None) or refresh:
             for km_ip in self.inputs.kube_manager_ips:
                 #contrail-status would increase run time hence netstat approach
-                cmd = 'netstat -antp | grep :8108 | grep LISTEN'
+                cmd = 'netstat -antp | grep :%s | grep LISTEN' % self.inputs.k8s_port
                 if 'LISTEN' in self.inputs.run_cmd_on_server(km_ip, cmd,
                                    container='contrail-kube-manager'):
                     self._kube_manager_inspect = KubeManagerInspect(km_ip,

common/contrail_test_init.py

@@ -281,6 +281,8 @@ def parse_ini_file(self):
                                           'dns_port', '8092')
         self.agent_port = read_config_option(self.config, 'services',
                                           'agent_port', '8085')
+        self.k8s_port = read_config_option(self.config, 'services',
+                                          'k8s_port', '8108')
         self.api_server_ip = read_config_option(self.config, 'services',
                                           'config_api_ip', None)
         self.analytics_api_ip = read_config_option(self.config, 'services',
@@ -798,6 +800,7 @@ def parse_yml_file(self):
         self.analytics_api_port = contrail_configs.get('ANALYTICS_API_PORT') or '8081'
         self.bgp_port = contrail_configs.get('CONTROL_INTROSPECT_PORT') or '8083'
         self.dns_port = contrail_configs.get('DNS_INTROSPECT_PORT') or '8092'
+        self.k8s_port = contrail_configs.get('K8S_INTROSPECT_PORT') or '8108'
         self.agent_port = '8085'
         self.api_server_ip = contrail_configs.get('CONFIG_API_VIP')
         self.analytics_api_ip = contrail_configs.get('ANALYTICS_API_VIP')

fixtures/k8s/ingress.py

@@ -32,7 +32,8 @@ def __init__(self,
         self.tls = [] if tls is None else tls
         self.default_backend = {} if default_backend is None else default_backend
         self.v1_beta_h = self.k8s_client.v1_beta_h
-
+        self.connections = connections
+
         self.already_exists = None
 
     def setUp(self):
@@ -48,6 +49,10 @@ def verify_on_setup(self):
             self.logger.error('Ingress %s verification in Contrail api failed'
                               % (self.name))
             return False
+        if not self.verify_ingress_in_kube_manager():
+            self.logger.error('Ingress %s verification in Kube Manager failed'
+                              % (self.name))
+            return False
         self.logger.info('Ingress %s verification passed' % (self.name))
         return True
     # end verify_on_setup
@@ -148,3 +153,17 @@ def verify_ingress_in_k8s(self):
                          self.name))
         return True
     # end verify_ingress_in_k8s
+
+    @retry(delay=1, tries=10)
+    def verify_ingress_in_kube_manager(self):
+        km_h = self.connections.get_kube_manager_h()
+        self.lb_info = km_h.get_svc_or_ingress_lb_info(uuid = self.uuid)
+        if self.lb_info:
+            self.logger.info('Ingress %s with uuid %s found in kube manager' 
+                             % (self.name, self.uuid))
+        else:
+            self.logger.warn('Ingress %s with uuid %s not found in kube manager' 
+                             % (self.name, self.uuid))
+            return False
+        return True
+    # end verify_service_in_kube_manager

fixtures/k8s/namespace.py

@@ -52,6 +52,10 @@ def verify_on_setup(self):
                 self.logger.error('Namespace %s not seen in Contrail API' % (
                 self.name))
                 return False
+            if not self.verify_namespace_in_kube_manager():
+                self.logger.error('Namespace %s not seen in Kube Manager' % (
+                self.name))
+                return False
             self.logger.info('Namespace %s verification passed' % (self.name))
         self.verify_is_run = True
         return True
@@ -114,6 +118,25 @@ def verify_namespace_in_contrail_api(self):
             self.api_s_obj.uuid))
         return True
     # end verify_namespace_in_contrail_api
+
+    @retry(delay=2, tries=10)
+    def verify_namespace_in_kube_manager(self):
+        km_h = self.connections.get_kube_manager_h()
+        self.namespace_info = km_h.get_namespace_info(ns_uuid = self.uuid)
+        if self.namespace_info:
+            if self.namespace_info['phase'] == "Active":
+                self.logger.info('Namespace %s with uuid %s found in kube manager' 
+                             % (self.name, self.uuid))
+            else:
+                self.logger.warn("Namespace present in kube manager but phase is %s"
+                                 % self.namespace_info['phase'])
+                return False
+        else:
+            self.logger.warn('Namespace %s with uuid %s not found in kube manager' 
+                             % (self.name, self.uuid))
+            return False
+        return True
+    # end verify_namespace_in_kube_manager
 
     def cleanUp(self):
         super(NamespaceFixture, self).cleanUp()

fixtures/k8s/network_policy.py

@@ -25,15 +25,38 @@ def __init__(self,
         self.metadata = {} if metadata is None else metadata
         self.spec = {} if spec is None else spec
         self.v1_networking = self.k8s_client.v1_networking
-
+        self.agent_inspect = connections.agent_inspect
+        self.connections = connections
+        self.inputs = connections.inputs
+        self.k8s_default_network_policies = ['default-policy-management:k8s-allowall',
+                                             'default-policy-management:k8s-Ingress',
+                                             'default-policy-management:k8s-denyall']
+        self.k8s_defaut_aps = "default-policy-management:k8s"
+
         self.already_exists = None
 
     def setUp(self):
         super(NetworkPolicyFixture, self).setUp()
         self.create()
 
     def verify_on_setup(self):
-        pass
+        if not self.verify_network_policy_in_k8s():
+            self.logger.error('Network Policy %s verification in kubernetes failed'
+                              % (self.name))
+            return False
+        if not self.verify_network_policy_in_kube_manager():
+            self.logger.error('Network Policy %s verification in Kube Manager failed'
+                              % (self.name))
+            return False
+        if not self.verify_default_policies_in_agent():
+            self.logger.error('Default k8s Policy verification in Agent failed')
+            return False
+        if not self.verify_firewall_policy_in_agent():
+            self.logger.error('Network Policy %s verification in Agent failed'
+                              % (self.name))
+            return False
+        self.logger.info('Network Policy %s verification passed' % (self.name))
+        return True
     # end verify_on_setup
 
     def cleanUp(self):
@@ -87,4 +110,72 @@ def update(self, metadata=None, spec=None):
             metadata=self.metadata,
             spec=self.spec)
         self._populate_attr()
-    # end create
+    # end update
+
+    @retry(delay=1, tries=10)
+    def verify_network_policy_in_k8s(self):
+        if self.read():
+            self.logger.info("Network policy found in k8s")
+        else:
+            self.logger.warn('Network policy not Found in K8s')
+            return False
+        return True
+    # end verify_ingress_in_k8s
+
+    @retry(delay=1, tries=10)
+    def verify_network_policy_in_kube_manager(self):
+        km_h = self.connections.get_kube_manager_h()
+        self.np_info = km_h.get_network_policy_info(np_uuid = self.uuid)
+        if self.np_info:
+            self.logger.info('Network Policy %s with uuid %s found in kube manager' 
+                             % (self.name, self.uuid))
+        else:
+            self.logger.warn('Network Policy %s with uuid %s not found in kube manager' 
+                             % (self.name, self.uuid))
+            return False
+        return True
+    # end verify_ingress_in_k8s
+
+    @retry(delay=1, tries=10)
+    def verify_firewall_policy_in_agent(self):
+        km_h = self.connections.get_kube_manager_h()
+        agent_h = self.agent_inspect[self.inputs.compute_ips[0]]
+        # Get associated Firewall policy.
+        self.np_info = km_h.get_network_policy_info(np_uuid = self.uuid)
+        fw_polify_fq_name = self.np_info['vnc_firewall_policy_fqname']
+        # Search for corresponding firewall policy in agent
+        fwPolicy = agent_h.get_fw_policy(policy_fq_name = fw_polify_fq_name)
+        #fw_policyNames = [elem['name'] for elem in fwPolicyList]
+        if not fwPolicy:
+            self.logger.warn("Network policy with name %s not found in agent"
+                             % self.name)
+            return False
+        return True
+    #end verify_firewall_policy_in_agent
+
+    @retry(delay=1, tries=10)
+    def verify_default_policies_in_agent(self):
+        km_h = self.connections.get_kube_manager_h()
+        agent_h = self.agent_inspect[self.inputs.compute_ips[0]]
+
+        default_aps = agent_h.get_aps(aps_fq_name = self.k8s_defaut_aps)
+        if not default_aps:
+            self.logger.warn("Default APS %s for k8s not found in agent"
+                             % self.k8s_defaut_aps)
+            return False
+        aps_fw_policy_uuid = [elem['firewall_policy'] for elem in default_aps['firewall_policy_list']]
+        for elem in self.k8s_default_network_policies :
+            fw_policy = agent_h.get_fw_policy(policy_fq_name = elem)
+            if not fw_policy:
+                self.logger.warn("Network policy with name %s not found in agent"
+                             % elem)
+                return False
+            if fw_policy['uuid'] not in aps_fw_policy_uuid:
+                self.logger.warn("Network policy with name %s not associated with default ks8"
+                             % elem)
+                return False                
+        return True
+    #end verify_firewall_policy_in_agent
+
+
+

fixtures/k8s/pod.py

@@ -71,6 +71,10 @@ def verify_on_setup(self):
             self.logger.error('Pod %s not seen in Contrail agent' % (
                 self.name))
             return False
+        if not self.verify_pod_in_kube_manager():
+            self.logger.error('Pod %s not seen in Contrail Kube Manager' % (
+                self.name))
+            return False
         self.logger.info('Pod %s verification passed' % (self.name))
         return True
     # end verify_on_setup
@@ -278,6 +282,20 @@ def set_compute_ip(self):
             self.compute_ip = self.host_ip
     # end set_compute_ip
 
+    @retry(delay=2, tries=10)
+    def verify_pod_in_kube_manager(self):
+        km_h = self.connections.get_kube_manager_h()
+        self.pod_info = km_h.get_pod_info(pod_uuid = self.uuid)
+        if self.pod_info:
+            self.logger.info('Pod %s with uuid %s found in kube manager' 
+                             % (self.name, self.uuid))
+        else:
+            self.logger.warn('Pod %s with uuid %s not found in kube manager' 
+                             % (self.name, self.uuid))
+            return False
+        return True
+    # verify_pod_in_kube_manager
+
     @retry(delay=2, tries=10)
     def verify_pod_in_contrail_agent(self):
         self.set_compute_ip()

fixtures/k8s/service.py

@@ -23,6 +23,7 @@ def __init__(self,
         self.metadata = {} if metadata is None else metadata
         self.spec = {} if spec is None else spec
         self.v1_h = self.k8s_client.v1_h
+        self.connections = connections
 
         self.already_exists = None
 
@@ -35,6 +36,10 @@ def verify_on_setup(self):
             self.logger.error('Service %s verification in Contrail api failed'
                               % (self.name))
             return False
+        if not self.verify_service_in_kube_manager():
+            self.logger.error('Service %s verification in Kube Manager failed'
+                              % (self.name))
+            return False
         self.logger.info('Service %s verification passed' % (self.name))
         return True
     # end verify_on_setup
@@ -97,17 +102,30 @@ def verify_service_in_contrail_api(self):
                 'Service UUID %s not yet found in contrail-api' %
                 (self.uuid))
             return False
-        exp_name = 'service-%s' % (self.name)
-        if obj.name != exp_name:
+        if self.name not in obj.name:
             self.logger.warn(
-                'Service %s name not matching that in contrail-api'
+                'Service name not matching that in contrail-api'
                 'Expected : %s, Got : %s' %
-                (self.name, exp_name, obj.name))
+                (self.name, obj.name))
             return False
         self.logger.info('Validated that Service %s is seen in '
                          'contrail-api' % (self.name))
         return True
     # end verify_service_in_contrail_api
+
+    @retry(delay=1, tries=10)
+    def verify_service_in_kube_manager(self):
+        km_h = self.connections.get_kube_manager_h()
+        self.lb_info = km_h.get_svc_or_ingress_lb_info(uuid = self.uuid)
+        if self.lb_info:
+            self.logger.info('Service %s with uuid %s found in kube manager' 
+                             % (self.name, self.uuid))
+        else:
+            self.logger.warn('Service %s with uuid %s not found in kube manager' 
+                             % (self.name, self.uuid))
+            return False
+        return True
+    # end verify_service_in_kube_manager
 
     @retry(delay=1, tries=10)
     def get_external_ips(self):