Azure · huntergregory · Oct 29, 2021 · Oct 19, 2021 · Oct 26, 2021 · Oct 26, 2021
@@ -29,8 +29,6 @@ var (
 		IPSetMode:   ipsets.ApplyAllIPSets,
 		NetworkName: AzureNetworkName,
 	}
-	// ErrResetDataPlane  error while resetting dataplane
-	ErrResetDataPlane = fmt.Errorf("Failed to reset dataplane")
 )
 
 type DataPlane struct {
@@ -89,16 +87,26 @@ func (dp *DataPlane) InitializeDataPlane() error {
 	// Create Kube-All-NS IPSet
 	kubeAllSet := ipsets.NewIPSetMetadata(util.KubeAllNamespacesFlag, ipsets.KeyLabelOfNamespace)
 	dp.CreateIPSets([]*ipsets.IPSetMetadata{kubeAllSet})
-	return dp.initializeDataPlane()
+	if err := dp.initializeDataPlane(); err != nil {
+		return npmerrors.ErrorWrapper(npmerrors.InitializeDataPlane, false, "failed to initialize overall dataplane", err)
+	}
+	// TODO update when piped error is fixed in fexec
+	// if err := dp.policyMgr.Initialize(); err != nil {
+	// 	return npmerrors.ErrorWrapper(npmerrors.InitializeDataPlane, false, "failed to initialize policy dataplane", err)
+	// }
+	return nil
 }
 
 // ResetDataPlane helps in cleaning up dataplane sets and policies programmed
 // by NPM, retunring a clean slate
 func (dp *DataPlane) ResetDataPlane() error {
-	err := dp.ipsetMgr.ResetIPSets()
-	if err != nil {
-		return ErrResetDataPlane
+	if err := dp.ipsetMgr.ResetIPSets(); err != nil {
+		return npmerrors.ErrorWrapper(npmerrors.ResetDataPlane, false, "failed to reset ipsets dataplane", err)
 	}
+	// TODO update when piped error is fixed in fexec
+	// if err := dp.policyMgr.Reset(); err != nil {
+	// 	return npmerrors.ErrorWrapper(npmerrors.ResetDataPlane, false, "failed to reset policy dataplane", err)
+	// }
 	return dp.resetDataPlane()
 }
 
@@ -280,12 +288,12 @@ func (dp *DataPlane) UpdatePolicy(policy *policies.NPMNetworkPolicy) error {
 	// and remove/apply only the delta of IPSets and policies
 
 	// Taking the easy route here, delete existing policy
-	err := dp.policyMgr.RemovePolicy(policy.Name, nil)
+	err := dp.RemovePolicy(policy.Name)
 	if err != nil {
 		return fmt.Errorf("[DataPlane] error while updating policy: %w", err)
 	}
 	// and add the new updated policy
-	err = dp.policyMgr.AddPolicy(policy, nil)
+	err = dp.AddPolicy(policy)
 	if err != nil {
 		return fmt.Errorf("[DataPlane] error while updating policy: %w", err)
 	}

@@ -1,6 +1,7 @@
 package dataplane
 
 import (
+	"fmt"
 	"testing"
 
 	"github.com/Azure/azure-container-networking/common"
@@ -20,12 +21,10 @@ var (
 		ExitCode: 0,
 	}
 
-	emptyMockIOShim = common.NewMockIOShim([]testutils.TestCmd{})
-
 	setPodKey1 = &ipsets.TranslatedIPSet{
 		Metadata: ipsets.NewIPSetMetadata("setpodkey1", ipsets.KeyLabelOfPod),
 	}
-	testPolicyobj = &policies.NPMNetworkPolicy{
+	testPolicyobj = policies.NPMNetworkPolicy{
 		Name: "ns1/testpolicy",
 		PodSelectorIPSets: []*ipsets.TranslatedIPSet{
 			{
@@ -68,7 +67,9 @@ var (
 
 func TestNewDataPlane(t *testing.T) {
 	metrics.InitializeAll()
-	dp, err := NewDataPlane("testnode", emptyMockIOShim)
+
+	calls := getNewDataplaneTestCalls()
+	dp, err := NewDataPlane("testnode", common.NewMockIOShim(calls))
 	require.NoError(t, err)
 
 	if dp == nil {
@@ -81,7 +82,9 @@ func TestNewDataPlane(t *testing.T) {
 
 func TestInitializeDataPlane(t *testing.T) {
 	metrics.InitializeAll()
-	dp, err := NewDataPlane("testnode", emptyMockIOShim)
+
+	calls := append(getNewDataplaneTestCalls(), policies.GetInitializeTestCalls()...)
+	dp, err := NewDataPlane("testnode", common.NewMockIOShim(calls))
 	require.NoError(t, err)
 
 	assert.NotNil(t, dp)
@@ -91,7 +94,10 @@ func TestInitializeDataPlane(t *testing.T) {
 
 func TestResetDataPlane(t *testing.T) {
 	metrics.InitializeAll()
-	dp, err := NewDataPlane("testnode", emptyMockIOShim)
+
+	calls := append(getNewDataplaneTestCalls(), getInitializeTestCalls()...)
+	calls = append(calls, getResetTestCalls()...)
+	dp, err := NewDataPlane("testnode", common.NewMockIOShim(calls))
 	require.NoError(t, err)
 
 	assert.NotNil(t, dp)
@@ -103,7 +109,9 @@ func TestResetDataPlane(t *testing.T) {
 
 func TestCreateAndDeleteIpSets(t *testing.T) {
 	metrics.InitializeAll()
-	dp, err := NewDataPlane("testnode", emptyMockIOShim)
+
+	calls := getNewDataplaneTestCalls()
+	dp, err := NewDataPlane("testnode", common.NewMockIOShim(calls))
 	require.NoError(t, err)
 	assert.NotNil(t, dp)
 	setsTocreate := []*ipsets.IPSetMetadata{
@@ -141,7 +149,9 @@ func TestCreateAndDeleteIpSets(t *testing.T) {
 
 func TestAddToSet(t *testing.T) {
 	metrics.InitializeAll()
-	dp, err := NewDataPlane("testnode", emptyMockIOShim)
+
+	calls := getNewDataplaneTestCalls()
+	dp, err := NewDataPlane("testnode", common.NewMockIOShim(calls))
 	require.NoError(t, err)
 
 	setsTocreate := []*ipsets.IPSetMetadata{
@@ -201,23 +211,26 @@ func TestAddToSet(t *testing.T) {
 
 func TestApplyPolicy(t *testing.T) {
 	metrics.InitializeAll()
-	calls := []testutils.TestCmd{fakeIPSetRestoreSuccess}
+
+	calls := append(getNewDataplaneTestCalls(), getAddPolicyTestCallsForDP(&testPolicyobj)...)
 	ioShim := common.NewMockIOShim(calls)
 	dp, err := NewDataPlane("testnode", ioShim)
 	require.NoError(t, err)
 
-	err = dp.AddPolicy(testPolicyobj)
+	err = dp.AddPolicy(&testPolicyobj)
 	require.NoError(t, err)
 }
 
 func TestRemovePolicy(t *testing.T) {
 	metrics.InitializeAll()
-	calls := []testutils.TestCmd{fakeIPSetRestoreSuccess, fakeIPSetRestoreSuccess}
+
+	calls := append(getNewDataplaneTestCalls(), getAddPolicyTestCallsForDP(&testPolicyobj)...)
+	calls = append(calls, getRemovePolicyTestCallsForDP(&testPolicyobj)...)
 	ioShim := common.NewMockIOShim(calls)
 	dp, err := NewDataPlane("testnode", ioShim)
 	require.NoError(t, err)
 
-	err = dp.AddPolicy(testPolicyobj)
+	err = dp.AddPolicy(&testPolicyobj)
 	require.NoError(t, err)
 
 	err = dp.RemovePolicy(testPolicyobj.Name)
@@ -226,22 +239,71 @@ func TestRemovePolicy(t *testing.T) {
 
 func TestUpdatePolicy(t *testing.T) {
 	metrics.InitializeAll()
-	calls := []testutils.TestCmd{fakeIPSetRestoreSuccess, fakeIPSetRestoreSuccess}
-	ioShim := common.NewMockIOShim(calls)
-	dp, err := NewDataPlane("testnode", ioShim)
-	require.NoError(t, err)
-
-	err = dp.AddPolicy(testPolicyobj)
-	require.NoError(t, err)
 
-	testPolicyobj.ACLs = []*policies.ACLPolicy{
+	updatedTestPolicyobj := testPolicyobj
+	updatedTestPolicyobj.ACLs = []*policies.ACLPolicy{
 		{
 			PolicyID:  "testpol1",
 			Target:    policies.Dropped,
 			Direction: policies.Ingress,
 		},
 	}
 
-	err = dp.UpdatePolicy(testPolicyobj)
+	calls := append(getNewDataplaneTestCalls(), getAddPolicyTestCallsForDP(&testPolicyobj)...)
+	calls = append(calls, getRemovePolicyTestCallsForDP(&testPolicyobj)...)
+	calls = append(calls, getAddPolicyTestCallsForDP(&updatedTestPolicyobj)...)
+	for _, call := range calls {
+		fmt.Println(call)
+	}
+	ioShim := common.NewMockIOShim(calls)
+	dp, err := NewDataPlane("testnode", ioShim)
+	require.NoError(t, err)
+
+	err = dp.AddPolicy(&testPolicyobj)
+	require.NoError(t, err)
+
+	err = dp.UpdatePolicy(&updatedTestPolicyobj)
 	require.NoError(t, err)
 }
+
+func getNewDataplaneTestCalls() []testutils.TestCmd {
+	return append(getResetTestCalls(), getInitializeTestCalls()...)
+}
+
+func getInitializeTestCalls() []testutils.TestCmd {
+	return []testutils.TestCmd{}
+	// TODO update when piped error is fixed in fexec
+	// return policies.GetInitializeTestCalls()
+}
+
+func getResetTestCalls() []testutils.TestCmd {
+	return ipsets.GetResetTestCalls()
+	// TODO update when piped error is fixed in fexec
+	// return append(ipsets.GetResetTestCalls(), policies.GetResetTestCalls()...)
+}
+
+func getAddPolicyTestCallsForDP(networkPolicy *policies.NPMNetworkPolicy) []testutils.TestCmd {
+	toAddOrUpdateSets := getAffectedIPSets(networkPolicy)
+	calls := ipsets.GetApplyIPSetsTestCalls(toAddOrUpdateSets, nil)
+	calls = append(calls, policies.GetAddPolicyTestCalls(networkPolicy)...)
+	return calls
+}
+
+func getRemovePolicyTestCallsForDP(networkPolicy *policies.NPMNetworkPolicy) []testutils.TestCmd {
+	// NOTE toDeleteSets is only correct if these ipsets are referenced by no other policy in iMgr
+	toDeleteSets := getAffectedIPSets(networkPolicy)
+	calls := policies.GetRemovePolicyTestCalls(networkPolicy)
+	calls = append(calls, ipsets.GetApplyIPSetsTestCalls(nil, toDeleteSets)...)
+	return calls
+}
+
+func getAffectedIPSets(networkPolicy *policies.NPMNetworkPolicy) []*ipsets.IPSetMetadata {
+	sets := make([]*ipsets.IPSetMetadata, 0)
+	for _, translatedIPSet := range networkPolicy.PodSelectorIPSets {
+		sets = append(sets, translatedIPSet.Metadata)
+	}
+	for _, translatedIPSet := range networkPolicy.RuleIPSets {
+		sets = append(sets, translatedIPSet.Metadata)
+	}
+	return sets
+}
@@ -29,9 +29,9 @@ type FileCreator struct {
 	ioShim                 *common.IOShim
 }
 
-// TODO for iptables:
-// lineFailurePattern := "line (\\d+) failed"
-// AND "Error occurred at line: (\\d+)"
+// TODO ideas:
+// - section to error handler(s) map for addLine
+// - error handlers have the kind of line error pattern as a requirement
 
 // Line defines the content, section, and error handlers for a line
 type Line struct {

@@ -3,6 +3,7 @@ package ipsets
 import (
 	"errors"
 	"fmt"
+	"reflect"
 
 	"github.com/Azure/azure-container-networking/log"
 	"github.com/Azure/azure-container-networking/npm/util"
@@ -387,3 +388,7 @@ func (set *IPSet) canSetBeSelectorIPSet() bool {
 		set.Type == Namespace ||
 		set.Type == NestedLabelOfPod)
 }
+
+func (ipset *TranslatedIPSet) Equals(otherIPSet *TranslatedIPSet) bool {
+	return reflect.DeepEqual(ipset, otherIPSet)
+}