Flexible pipeline #6 Test

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
antrea-io · Dec 6, 2021 · 790cfdc · 790cfdc
1 parent 714f1a7
commit 790cfdc
Show file tree

Hide file tree

Showing 8 changed files with 486 additions and 265 deletions.
diff --git a/pkg/agent/openflow/client_test.go b/pkg/agent/openflow/client_test.go
@@ -23,7 +23,6 @@ import (
 	"testing"
 	"time"
 
-	"antrea.io/ofnet/ofctrl"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -64,7 +63,7 @@ func installNodeFlows(ofClient Client, cacheKey string) (int, error) {
 	}
 	err := ofClient.InstallNodeFlows(hostName, peerConfigs, &utilip.DualStackIPs{IPv4: peerNodeIP}, 0, nil)
 	client := ofClient.(*client)
-	fCacheI, ok := client.nodeFlowCache.Load(hostName)
+	fCacheI, ok := client.featurePodConnectivity.nodeFlowCache.Load(hostName)
 	if ok {
 		return len(fCacheI.(flowCache)), err
 	}
@@ -78,7 +77,7 @@ func installPodFlows(ofClient Client, cacheKey string) (int, error) {
 	ofPort := uint32(10)
 	err := ofClient.InstallPodFlows(containerID, []net.IP{podIP}, podMAC, ofPort)
 	client := ofClient.(*client)
-	fCacheI, ok := client.podFlowCache.Load(containerID)
+	fCacheI, ok := client.featurePodConnectivity.podFlowCache.Load(containerID)
 	if ok {
 		return len(fCacheI.(flowCache)), err
 	}
@@ -109,6 +108,10 @@ func TestIdempotentFlowInstallation(t *testing.T) {
 			client.ofEntryOperations = m
 			client.nodeConfig = nodeConfig
 			client.networkConfig = networkConfig
+			templatesList := client.initializeFeatures(true)
+			for _, templates := range templatesList {
+				generatePipeline(templates)
+			}
 
 			m.EXPECT().AddAll(gomock.Any()).Return(nil).Times(1)
 			// Installing the flows should succeed, and all the flows should be added into the cache.
@@ -138,6 +141,10 @@ func TestIdempotentFlowInstallation(t *testing.T) {
 			client.ofEntryOperations = m
 			client.nodeConfig = nodeConfig
 			client.networkConfig = networkConfig
+			templatesList := client.initializeFeatures(true)
+			for _, templates := range templatesList {
+				generatePipeline(templates)
+			}
 
 			errorCall := m.EXPECT().AddAll(gomock.Any()).Return(errors.New("Bundle error")).Times(1)
 			m.EXPECT().AddAll(gomock.Any()).Return(nil).After(errorCall)
@@ -180,6 +187,10 @@ func TestFlowInstallationFailed(t *testing.T) {
 			client.ofEntryOperations = m
 			client.nodeConfig = nodeConfig
 			client.networkConfig = networkConfig
+			templatesList := client.initializeFeatures(true)
+			for _, templates := range templatesList {
+				generatePipeline(templates)
+			}
 
 			// We generate an error for AddAll call.
 			m.EXPECT().AddAll(gomock.Any()).Return(errors.New("Bundle error"))
@@ -215,6 +226,10 @@ func TestConcurrentFlowInstallation(t *testing.T) {
 			client.ofEntryOperations = m
 			client.nodeConfig = nodeConfig
 			client.networkConfig = networkConfig
+			templatesList := client.initializeFeatures(true)
+			for _, templates := range templatesList {
+				generatePipeline(templates)
+			}
 
 			var concurrentCalls atomic.Value // set to true if we observe concurrent calls
 			timeoutCh := make(chan struct{})
@@ -258,9 +273,6 @@ func TestConcurrentFlowInstallation(t *testing.T) {
 }
 
 func Test_client_InstallTraceflowFlows(t *testing.T) {
-	type ofSwitch struct {
-		ofctrl.OFSwitch
-	}
 	type fields struct {
 	}
 	type args struct {
@@ -404,16 +416,24 @@ func prepareTraceflowFlow(ctrl *gomock.Controller) *client {
 	c := ofClient.(*client)
 	c.cookieAllocator = cookie.NewAllocator(0)
 	c.nodeConfig = nodeConfig
-	m := ovsoftest.NewMockBridge(ctrl)
-	m.EXPECT().AddFlowsInBundle(gomock.Any(), nil, nil).Return(nil).Times(1)
-	c.bridge = m
+	m := oftest.NewMockOFEntryOperations(ctrl)
+	c.ofEntryOperations = m
+	c.nodeConfig = nodeConfig
+	c.networkConfig = networkConfig
+	templatesList := c.initializeFeatures(true)
+	for _, templates := range templatesList {
+		generatePipeline(templates)
+	}
+
+	m.EXPECT().AddAll(gomock.Any()).Return(nil).Times(1)
+	c.bridge = ovsoftest.NewMockBridge(ctrl)
 
 	mFlow := ovsoftest.NewMockFlow(ctrl)
 	ctx := &conjMatchFlowContext{dropFlow: mFlow}
 	mFlow.EXPECT().FlowProtocol().Return(binding.Protocol("ip"))
-	mFlow.EXPECT().CopyToBuilder(priorityNormal+2, false).Return(EgressDefaultTable.BuildFlow(priorityNormal + 2)).Times(1)
-	c.globalConjMatchFlowCache["mockContext"] = ctx
-	c.policyCache.Add(&policyRuleConjunction{metricFlows: []binding.Flow{c.denyRuleMetricFlow(123, false)}})
+	mFlow.EXPECT().CopyToBuilder(priorityNormal+2, false).Return(EgressDefaultTable.ofTable.BuildFlow(priorityNormal + 2)).Times(1)
+	c.featureNetworkPolicy.globalConjMatchFlowCache["mockContext"] = ctx
+	c.featureNetworkPolicy.policyCache.Add(&policyRuleConjunction{metricFlows: []binding.Flow{c.featureNetworkPolicy.denyRuleMetricFlow(123, false)}})
 	return c
 }
 

diff --git a/test/e2e/basic_test.go b/test/e2e/basic_test.go
@@ -399,6 +399,9 @@ func testReconcileGatewayRoutesOnStartup(t *testing.T, data *TestData, isIPv6 bo
 				continue
 			}
 			route := Route{}
+			if net.ParseIP(matches[1]) != nil {
+				matches[1] = fmt.Sprintf("%s/32", matches[1])
+			}
 			if _, route.peerPodCIDR, err = net.ParseCIDR(matches[1]); err != nil {
 				return nil, fmt.Errorf("%s is not a valid net CIDR", matches[1])
 			}
@@ -762,7 +765,7 @@ func testGratuitousARP(t *testing.T, data *TestData, namespace string) {
 	// be sent 100ms after processing CNI ADD request.
 	time.Sleep(100 * time.Millisecond)
 
-	cmd := []string{"ovs-ofctl", "dump-flows", defaultBridgeName, fmt.Sprintf("table=10,arp,arp_spa=%s", podIP.ipv4.String())}
+	cmd := []string{"ovs-ofctl", "dump-flows", defaultBridgeName, fmt.Sprintf("table=ARPSpoofGuard,arp,arp_spa=%s", podIP.ipv4.String())}
 	stdout, _, err := data.runCommandFromPod(antreaNamespace, antreaPodName, ovsContainerName, cmd)
 	if err != nil {
 		t.Fatalf("Error when querying openflow: %v", err)

diff --git a/test/e2e/framework.go b/test/e2e/framework.go
@@ -1494,6 +1494,11 @@ func (data *TestData) createNginxClusterIPService(name, namespace string, affini
 	return data.createService(name, namespace, 80, 80, map[string]string{"app": "nginx"}, affinity, false, corev1.ServiceTypeClusterIP, ipFamily)
 }
 
+// createAgnhostClusterIPService creates a ClusterIP agnhost service with the given name.
+func (data *TestData) createAgnhostClusterIPService(serviceName string, affinity bool, ipFamily *corev1.IPFamily) (*corev1.Service, error) {
+	return data.createService(serviceName, testNamespace, 8080, 8080, map[string]string{"app": "agnhost"}, affinity, false, corev1.ServiceTypeClusterIP, ipFamily)
+}
+
 // createAgnhostNodePortService creates a NodePort agnhost service with the given name.
 func (data *TestData) createAgnhostNodePortService(serviceName string, affinity, nodeLocalExternal bool, ipFamily *corev1.IPFamily) (*corev1.Service, error) {
 	return data.createService(serviceName, testNamespace, 8080, 8080, map[string]string{"app": "agnhost"}, affinity, nodeLocalExternal, corev1.ServiceTypeNodePort, ipFamily)

diff --git a/test/e2e/performance_test.go b/test/e2e/performance_test.go
@@ -28,6 +28,8 @@ import (
 	networkv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
+
+	"antrea.io/antrea/pkg/agent/openflow"
 )
 
 const (
@@ -283,17 +285,17 @@ func WaitNetworkPolicyRealize(policyRules int, data *TestData) error {
 
 // checkRealize checks if all CIDR rules in the Network Policy have been realized as OVS flows. It counts the number of
 // flows installed in the ingressRuleTable of the OVS bridge of the control-plane Node. This relies on the implementation
-// knowledge that given a single ingress policy, the Antrea agent will install exactly one flow per CIDR rule in table 90.
-// checkRealize returns true when the number of flows exceeds the number of CIDR, because each table has a default flow
-// entry which is used for default matching.
+// knowledge that given a single ingress policy, the Antrea agent will install exactly one flow per CIDR rule in table
+// IngressRule. checkRealize returns true when the number of flows exceeds the number of CIDR, because each table has a
+// default flow entry which is used for default matching.
 // Since the check is done over SSH, the time measurement is not completely accurate.
 func checkRealize(policyRules int, data *TestData) (bool, error) {
 	antreaPodName, err := data.getAntreaPodOnNode(controlPlaneNodeName())
 	if err != nil {
 		return false, err
 	}
-	// table 90 is the ingressRuleTable where the rules in workload network policy is being applied to.
-	cmd := []string{"ovs-ofctl", "dump-flows", defaultBridgeName, "table=90"}
+	// table IngressRule is the ingressRuleTable where the rules in workload network policy is being applied to.
+	cmd := []string{"ovs-ofctl", "dump-flows", defaultBridgeName, fmt.Sprintf("table=%s", openflow.IngressRuleTable.GetName())}
 	stdout, _, err := data.runCommandFromPod(antreaNamespace, antreaPodName, "antrea-agent", cmd)
 	if err != nil {
 		return false, err