fix(test): introduced new security group rules

kubernetes · May 2, 2023 · b35b7a9 · b35b7a9
1 parent 4e38127
commit b35b7a9
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 16 deletions.
diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf
@@ -1020,21 +1020,21 @@ resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-egress-a
   type              = "egress"
 }
 
-resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-4-0to0-masters-minimal-ipv6-example-com" {
+resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-all-0to0-nodes-minimal-ipv6-example-com" {
   from_port                = 0
-  protocol                 = "4"
-  security_group_id        = aws_security_group.masters-minimal-ipv6-example-com.id
+  protocol                 = "-1"
+  security_group_id        = aws_security_group.nodes-minimal-ipv6-example-com.id
   source_security_group_id = aws_security_group.nodes-minimal-ipv6-example-com.id
-  to_port                  = 65535
+  to_port                  = 0
   type                     = "ingress"
 }
 
-resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-all-0to0-nodes-minimal-ipv6-example-com" {
+resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-ipip-0to0-masters-minimal-ipv6-example-com" {
   from_port                = 0
-  protocol                 = "-1"
-  security_group_id        = aws_security_group.nodes-minimal-ipv6-example-com.id
+  protocol                 = "ipip"
+  security_group_id        = aws_security_group.masters-minimal-ipv6-example-com.id
   source_security_group_id = aws_security_group.nodes-minimal-ipv6-example-com.id
-  to_port                  = 0
+  to_port                  = 65535
   type                     = "ingress"
 }
 

diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf
@@ -1029,6 +1029,15 @@ resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-
   type                     = "ingress"
 }
 
+resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-icmp-8to8-masters-minimal-ipv6-example-com" {
+  from_port                = 8
+  protocol                 = "icmp"
+  security_group_id        = aws_security_group.masters-minimal-ipv6-example-com.id
+  source_security_group_id = aws_security_group.nodes-minimal-ipv6-example-com.id
+  to_port                  = 8
+  type                     = "ingress"
+}
+
 resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-tcp-1to2379-masters-minimal-ipv6-example-com" {
   from_port                = 1
   protocol                 = "tcp"

diff --git a/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf b/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf
@@ -761,6 +761,15 @@ resource "aws_security_group_rule" "from-nodes-minimal-warmpool-example-com-ingr
   type                     = "ingress"
 }
 
+resource "aws_security_group_rule" "from-nodes-minimal-warmpool-example-com-ingress-icmp-8to8-masters-minimal-warmpool-example-com" {
+  from_port                = 8
+  protocol                 = "icmp"
+  security_group_id        = aws_security_group.masters-minimal-warmpool-example-com.id
+  source_security_group_id = aws_security_group.nodes-minimal-warmpool-example-com.id
+  to_port                  = 8
+  type                     = "ingress"
+}
+
 resource "aws_security_group_rule" "from-nodes-minimal-warmpool-example-com-ingress-tcp-1to2379-masters-minimal-warmpool-example-com" {
   from_port                = 1
   protocol                 = "tcp"

diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf
@@ -1134,21 +1134,21 @@ resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-egress-
   type              = "egress"
 }
 
-resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-4-0to0-masters-privatecalico-example-com" {
+resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-all-0to0-nodes-privatecalico-example-com" {
   from_port                = 0
-  protocol                 = "4"
-  security_group_id        = aws_security_group.masters-privatecalico-example-com.id
+  protocol                 = "-1"
+  security_group_id        = aws_security_group.nodes-privatecalico-example-com.id
   source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
-  to_port                  = 65535
+  to_port                  = 0
   type                     = "ingress"
 }
 
-resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-all-0to0-nodes-privatecalico-example-com" {
+resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-ipip-0to0-masters-privatecalico-example-com" {
   from_port                = 0
-  protocol                 = "-1"
-  security_group_id        = aws_security_group.nodes-privatecalico-example-com.id
+  protocol                 = "ipip"
+  security_group_id        = aws_security_group.masters-privatecalico-example-com.id
   source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
-  to_port                  = 0
+  to_port                  = 65535
   type                     = "ingress"
 }
 

diff --git a/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf b/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf
@@ -1121,6 +1121,15 @@ resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress
   type                     = "ingress"
 }
 
+resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-icmp-8to8-masters-privatecilium-example-com" {
+  from_port                = 8
+  protocol                 = "icmp"
+  security_group_id        = aws_security_group.masters-privatecilium-example-com.id
+  source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
+  to_port                  = 8
+  type                     = "ingress"
+}
+
 resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
   from_port                = 1
   protocol                 = "tcp"

diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf
@@ -1121,6 +1121,15 @@ resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress
   type                     = "ingress"
 }
 
+resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-icmp-8to8-masters-privatecilium-example-com" {
+  from_port                = 8
+  protocol                 = "icmp"
+  security_group_id        = aws_security_group.masters-privatecilium-example-com.id
+  source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
+  to_port                  = 8
+  type                     = "ingress"
+}
+
 resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
   from_port                = 1
   protocol                 = "tcp"

diff --git a/tests/integration/update_cluster/privatecilium2/kubernetes.tf b/tests/integration/update_cluster/privatecilium2/kubernetes.tf
@@ -1137,6 +1137,15 @@ resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress
   type                     = "ingress"
 }
 
+resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-icmp-8to8-masters-privatecilium-example-com" {
+  from_port                = 8
+  protocol                 = "icmp"
+  security_group_id        = aws_security_group.masters-privatecilium-example-com.id
+  source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
+  to_port                  = 8
+  type                     = "ingress"
+}
+
 resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
   from_port                = 1
   protocol                 = "tcp"

diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf
@@ -1154,6 +1154,15 @@ resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com
   type                     = "ingress"
 }
 
+resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com-ingress-icmp-8to8-masters-privateciliumadvanced-example-com" {
+  from_port                = 8
+  protocol                 = "icmp"
+  security_group_id        = aws_security_group.masters-privateciliumadvanced-example-com.id
+  source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
+  to_port                  = 8
+  type                     = "ingress"
+}
+
 resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com-ingress-tcp-1to2379-masters-privateciliumadvanced-example-com" {
   from_port                = 1
   protocol                 = "tcp"