test: don't check destination label in RuntimePolicies with PolicyAud…

…itMode It might rarely happen that the host starts pinging fast enough that the endpoint still has identity "init" / 5. This currently leads to fail the test. As already done in the egress case, ignore the destination labels when checking the hubble observe output. Fixes #11954 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
cilium · Jun 10, 2020 · 027ea95 · 027ea95
1 parent 47f8d32
commit 027ea95
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/test/runtime/Policies.go b/test/runtime/Policies.go
@@ -1550,11 +1550,15 @@ var _ = Describe("RuntimePolicies", func() {
 				res := vm.Exec(helpers.Ping(endpointIP.IPV4))
 				res.ExpectSuccess("Not able to ping endpoint with no ingress policy")
 
+				// We might start pinging fast enough that the endpoint still has identity "init" / 5.
+				// In PolicyAuditMode, this means that the ping will succeed. Therefore we don't
+				// check for the source labels in the output (they can by either [reserved:init]
+				// or [container:somelabel]), only the endpoint ID.
 				By("Testing hubble observe output")
 				// Checks for a ingress policy verdict event (type 5)
 				err := hubbleRes.WaitUntilMatchFilterLine(
-					`{.source.labels} -> {.destination.ID} {.destination.labels} {.IP.destination} : {.verdict} {.event_type.type}`,
-					fmt.Sprintf("[reserved:host] -> %s [container:somelabel] %s : FORWARDED 5", endpointID, endpointIP.IPV4))
+					`{.source.labels} -> {.IP.destination} : {.verdict} {.event_type.type}`,
+					fmt.Sprintf("[reserved:host] -> %s : FORWARDED 5", endpointIP.IPV4))
 				Expect(err).To(BeNil(), "Default policy verdict on ingress failed")
 				// Checks for the subsequent trace:to-endpoint event (type 4)
 				hubbleRes.ExpectContainsFilterLine(