Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-2325: Add E2E test cases for ingress #173

Merged
merged 1 commit into from
Oct 19, 2022
Merged

OCPBUGS-2325: Add E2E test cases for ingress #173

merged 1 commit into from
Oct 19, 2022

Conversation

martinkennelly
Copy link
Contributor

Signed-off-by: Martin Kennelly mkennell@redhat.com

/cc @msherif1234

More to come but this is a start.

msherif1234
msherif1234 reviewed Sep 15, 2022
View reviewed changes
Copy link
Contributor

@msherif1234 msherif1234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice work!!

test/e2e/daemonset/daemonset.go Outdated Show resolved Hide resolved
test/e2e/daemonset/daemonset.go Outdated Show resolved Hide resolved
README.md Outdated
@@ -225,6 +225,8 @@ make test-race

1. Bring up KinD cluster and deploy ingress node firewall operator from the steps outlined previously.
2. Run full E2E test

Note: SCTP tests are disabled by default. Enable by setting environment variable `ENABLE_SCTP_TESTS=true`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since u already editing this we should callout all args to our e2e so user of the repo can know what are the different knobs
also u need to default the same for our BM ci run here
openshift-ci/run_e2e.sh ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also pls explain why the default for SCTP is disabled, and include lkm dependencies

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also u need to default the same for our BM ci run here
openshift-ci/run_e2e.sh ?

You talking about wanting to enable SCTP tests on BM?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unable to do it easily - SCTP module unloaded on CoreOS by default. Its loaded by default in the KinD image however and its tested there and works ok. Is this sufficient?

test/e2e/functional/tests/e2e.go Outdated Show resolved Hide resolved
test/e2e/functional/tests/e2e.go Outdated Show resolved Hide resolved
test/e2e/images/images.go Outdated Show resolved Hide resolved
test/e2e/ingress-node-firewall/ingress-node-firewall.go Outdated Show resolved Hide resolved
test/e2e/ingress-node-firewall/ingress-node-firewall.go Show resolved Hide resolved
test/e2e/ingress-node-firewall/ingress-node-firewall.go Outdated Show resolved Hide resolved
test/e2e/pods/pods.go Outdated Show resolved Hide resolved
@martinkennelly martinkennelly mentioned this pull request Oct 3, 2022
Merged
@martinkennelly martinkennelly changed the title Add E2E test cases for rules Add E2E test cases for ingress Oct 12, 2022
@martinkennelly martinkennelly mentioned this pull request Oct 12, 2022
Closed
@martinkennelly
Copy link
Contributor Author

@msherif1234 When youre back, PTAL.

@martinkennelly martinkennelly mentioned this pull request Oct 13, 2022
Closed
msherif1234
msherif1234 reviewed Oct 13, 2022
View reviewed changes
Copy link
Contributor

@msherif1234 msherif1234 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some initial comments I will need to spend more time when get back from PTO, pls open JIRA bug and added to the title we need to bring this to 4.12.
The fact that ur CI run passes for me is very concerning given we have an issue with current RHEL with virtio #139

openshift-ci/run_e2e.sh
# control over the test cases that we would not enjoy if we attached to any other interface.
# Pod IPs are visibly by the XDP program after they have been de-encapsulated and for OVN-Kubernetes as the CNI - this is a GENEVE interface.
# Since OVN-Kubernetes is the default CNI for OCP, we set the interface to test against as the GENEVE interface.
export NODE_INTERFACE=genev_sys_6081
Copy link
Contributor

@msherif1234 msherif1234 Oct 13, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm why we need this ? what was wrong with the prev logic ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because we know in advance what the interface name is now so theres no need to look it up

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this might be ok for ci but it’s not how will users use it can we at least comment out the old way till he have rhel9 then try it again on +ve side having ci passing is good

test/README.md Outdated Show resolved Hide resolved
test/e2e/images/images.go Outdated Show resolved Hide resolved
@msherif1234
Copy link
Contributor

why we no longer check event logging for the deny rules ?

@martinkennelly
Copy link
Contributor Author

why we no longer check event logging for the deny rules ?

I didn't think it was the right way to test success or failure. I wanted to rely on a connection being allowed or denied and not what the XDP program was reporting via events.

@msherif1234
Copy link
Contributor

why we no longer check event logging for the deny rules ?

I didn't think it was the right way to test success or failure. I wanted to rely on a connection being allowed or denied and not what the XDP program was reporting via events.

We need both making sure events is emitted is very important part of this feature

@martinkennelly martinkennelly changed the title Add E2E test cases for ingress OCPBUGS-2325: Add E2E test cases for ingress Oct 13, 2022
@openshift-ci-robot
Copy link

@martinkennelly: An error was encountered querying GitHub for users with public email (asood@redhat.com) for bug OCPBUGS-2325 on the Jira server at https://issues.redhat.com/. No known errors were detected, please see the full error message for details.

Full error message. Post "http://ghproxy/graphql": dial tcp 172.30.229.2:80: i/o timeout

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

In response to this:

Signed-off-by: Martin Kennelly mkennell@redhat.com

/cc @msherif1234

More to come but this is a start.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@msherif1234
Copy link
Contributor

/Jira refresh

@openshift-ci-robot
Copy link

@msherif1234: An error was encountered querying GitHub for users with public email (asood@redhat.com) for bug OCPBUGS-2325 on the Jira server at https://issues.redhat.com/. No known errors were detected, please see the full error message for details.

Full error message. Post "http://ghproxy/graphql": dial tcp 172.30.229.2:80: connect: connection refused

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

In response to this:

/Jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

msherif1234
msherif1234 reviewed Oct 14, 2022
View reviewed changes
test/e2e/pods/pods.go Outdated Show resolved Hide resolved
test/e2e/ingress-node-firewall/ingress-node-firewall.go
inf.SetName(name)
inf.SetNamespace(operatorNamespace)
return inf
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should check/wait also nodeState object to be deleted, similar to how we do currently

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not familiar with the code surrounding this. Isnt it deleted when no ingress node firewall config no longer targets a node? If so, why would we wait for it to be deleted when we are just deleting INFs?

test/e2e/functional/tests/e2e.go Show resolved Hide resolved
@msherif1234
Copy link
Contributor

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Oct 14, 2022
@openshift-ci-robot
Copy link

@msherif1234: This pull request references Jira Issue OCPBUGS-2325, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.12.0) matches configured target version for branch (4.12.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @asood-rh

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested a review from asood-rh October 14, 2022 09:02
@openshift-cherrypick-robot
Copy link

@msherif1234: once the present PR merges, I will cherry-pick it on top of 4.12 in a new PR and assign it to you.

In response to this:

/cherry-pick 4.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@martinkennelly martinkennelly changed the title OCPBUGS-2325: Add E2E test cases for ingress WIP: OCPBUGS-2325: Add E2E test cases for ingress Oct 15, 2022
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 15, 2022
msherif1234
msherif1234 reviewed Oct 17, 2022
View reviewed changes
test/e2e/functional/tests/e2e.go
// For OCP, pod IPs are visible on the GENEVE interface (with OVN-Kubernetes as the CNI) or vlan interface (with Openshift-SDN as the CNI).
// This is where we want to attach our XDP program and perform filtering.
// For OCP with OVN-Kubernetes as the CNI, the interface name is always 'genev_sys_6081'.
table := []struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW when I originally mentioned tables I was referring to https://onsi.github.io/ginkgo/#table-specs
since it was my mistake for lack of clarity I can convert your tables to ginko once ur changes are merged

@martinkennelly
Copy link
Contributor Author

Test output for run on OCP:

$ make test-e2e
which: no operator-sdk in (/home/mkennell/.cargo/bin:/home/mkennell/.local/bin:/home/mkennell/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/usr/local/go/bin:/usr/local/go/bin:/home/mkennell/go/bin)
/home/mkennell/repos/ingress-node-firewall/bin/controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..."
go fmt ./...
go vet ./...
==== Generating DaemonSet manifest
hack/generate-daemon-manifest.sh
/home/mkennell/repos/ingress-node-firewall/bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
cp bundle/manifests/* manifests/stable
rm -rf /tmp/test_validation_logs/
mkdir -p /tmp/test_validation_logs/
go test --tags=validationtests -v ./test/e2e/validation -ginkgo.v -junit /tmp/test_validation_logs/ -report /tmp/test_validation_logs/ 
=== RUN   TestValidation
Running Suite: Ingress Node Firewall Operator Validation Suite
==============================================================
Random Seed: 1666090570
Will run 4 of 4 specs

IngressNodeFirewall IngressNodeFirewall 
  should have the IngressNodeFirewall Operator deployment in running state
  /home/mkennell/repos/ingress-node-firewall/test/e2e/validation/tests/validation.go:33
•
------------------------------
IngressNodeFirewall IngressNodeFirewall 
  should have the IngressNodeFirewallConfig CRD available in the cluster
  /home/mkennell/repos/ingress-node-firewall/test/e2e/validation/tests/validation.go:55
•
------------------------------
IngressNodeFirewall IngressNodeFirewall 
  should have the IngressNodeFirewall CRD available in the cluster
  /home/mkennell/repos/ingress-node-firewall/test/e2e/validation/tests/validation.go:61
•
------------------------------
IngressNodeFirewall IngressNodeFirewall 
  should have the IngressNodeFirewallNodeState CRD available in the cluster
  /home/mkennell/repos/ingress-node-firewall/test/e2e/validation/tests/validation.go:67
•
JUnit report was created: /tmp/test_validation_logs/validation_junit.xml

Ran 4 of 4 Specs in 1.333 seconds
SUCCESS! -- 4 Passed | 0 Failed | 0 Pending | 0 Skipped

You're using deprecated Ginkgo functionality:
=============================================
Ginkgo 2.0 is under active development and will introduce several new features, improvements, and a small handful of breaking changes.
A release candidate for 2.0 is now available and 2.0 should GA in Fall 2021.  Please give the RC a try and send us feedback!
  - To learn more, view the migration guide at https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md
  - For instructions on using the Release Candidate visit https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md#using-the-beta
  - To comment, chime in at https://github.com/onsi/ginkgo/issues/711

  You are using a custom reporter.  Support for custom reporters will likely be removed in V2.  Most users were using them to generate junit or teamcity reports and this functionality will be merged into the core reporter.  In addition, Ginkgo 2.0 will support emitting a JSON-formatted report that users can then manipulate to generate custom reports.

  If this change will be impactful to you please leave a comment on https://github.com/onsi/ginkgo/issues/711
  Learn more at: https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md#removed-custom-reporters

To silence deprecations that can be silenced set the following environment variable:
  ACK_GINKGO_DEPRECATIONS=1.16.5

--- PASS: TestValidation (1.89s)
PASS
ok  	github.com/openshift/ingress-node-firewall/test/e2e/validation	2.482s
rm -rf /tmp/test_e2e_logs/
mkdir -p /tmp/test_e2e_logs/
go test -timeout 20m --tags=e2etests -v ./test/e2e/functional -ginkgo.v -junit /tmp/test_e2e_logs/ -report /tmp/test_e2e_logs/ 
2022/10/18 11:56:14 SCTP tests are disabled
=== RUN   TestE2E
Running Suite: Ingress Node Firewall Operator E2E Suite
=======================================================
Random Seed: 1666090574
Will run 17 of 17 specs

Ingress Node Firewall Ingress 
  block a port with a single rule defining the destinations port
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:23.659 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    block a port with a single rule defining the destinations port
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Ingress 
  block a port using a range when multiple source CIDRs exist
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:45.447 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    block a port using a range when multiple source CIDRs exist
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Ingress 
  block multiple ports
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:37.405 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    block multiple ports
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Ingress 
  block port when rules for a source CIDR are located in multiple IngressNodeFirewall objects
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:28.306 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    block port when rules for a source CIDR are located in multiple IngressNodeFirewall objects
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Ingress 
  merges transport protocol rules when source CIDRs overlap in multiple IngressNodeFirewalls and the count of source CIDRs for each policy is different
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:45.400 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    merges transport protocol rules when source CIDRs overlap in multiple IngressNodeFirewalls and the count of source CIDRs for each policy is different
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Ingress 
  merges multiple IngressNodeFirewalls which contain multiple ingress entries with protocol rules for all protocols
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:161.728 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    merges multiple IngressNodeFirewalls which contain multiple ingress entries with protocol rules for all protocols
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Ingress 
  block port when rules for a source CIDR are located in multiple IngressNodeFirewall objects
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:29.040 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    block port when rules for a source CIDR are located in multiple IngressNodeFirewall objects
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Ingress 
  merges transport protocol rules when source CIDRs overlap in multiple IngressNodeFirewalls but the number of source CIDRs in each policy is different
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:36.956 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    merges transport protocol rules when source CIDRs overlap in multiple IngressNodeFirewalls but the number of source CIDRs in each policy is different
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Ingress 
  block ICMP echo request
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV6] Confirm IngressNodeFirewall policy application for protocol ICMPv6 from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV6] Checking if drop events created

• [SLOW TEST:39.085 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Ingress
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:123
    block ICMP echo request
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:742
------------------------------
Ingress Node Firewall Statistics 
  should expose at least one endpoint via a daemon metrics service
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:964
•
------------------------------
Ingress Node Firewall Statistics 
  should expose daemon metrics
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:991

• [SLOW TEST:40.981 seconds]
Ingress Node Firewall
/home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:107
  Statistics
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:934
    should expose daemon metrics
    /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:991
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall TCP rule
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1144
•
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall UDP rule
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1156
•
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall ICMPV4 rule
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1168
•
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall ICMPV6 rule
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1180
•
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall SCTP rule
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1192
•
------------------------------
Ingress Node Firewall Webhook 
  should block any rules which conflict with failsafe rules
  /home/mkennell/repos/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1204
•
JUnit report was created: /tmp/test_e2e_logs/e2e_junit.xml

Ran 17 of 17 Specs in 493.048 seconds
SUCCESS! -- 17 Passed | 0 Failed | 0 Pending | 0 Skipped

You're using deprecated Ginkgo functionality:
=============================================
Ginkgo 2.0 is under active development and will introduce several new features, improvements, and a small handful of breaking changes.
A release candidate for 2.0 is now available and 2.0 should GA in Fall 2021.  Please give the RC a try and send us feedback!
  - To learn more, view the migration guide at https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md
  - For instructions on using the Release Candidate visit https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md#using-the-beta
  - To comment, chime in at https://github.com/onsi/ginkgo/issues/711

  You are using a custom reporter.  Support for custom reporters will likely be removed in V2.  Most users were using them to generate junit or teamcity reports and this functionality will be merged into the core reporter.  In addition, Ginkgo 2.0 will support emitting a JSON-formatted report that users can then manipulate to generate custom reports.

  If this change will be impactful to you please leave a comment on https://github.com/onsi/ginkgo/issues/711
  Learn more at: https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md#removed-custom-reporters

To silence deprecations that can be silenced set the following environment variable:
  ACK_GINKGO_DEPRECATIONS=1.16.5

--- PASS: TestE2E (493.71s)
PASS
ok  	github.com/openshift/ingress-node-firewall/test/e2e/functional	494.370s

msherif1234
msherif1234 reviewed Oct 18, 2022
View reviewed changes
test/README.md Outdated Show resolved Hide resolved
msherif1234
msherif1234 reviewed Oct 18, 2022
View reviewed changes
test/e2e/daemonset/daemonset.go
err := wait.PollImmediate(retryInterval, timeout, func() (done bool, err error) {
ctx, cancel := context.WithTimeout(context.Background(), timeout)
defer cancel()
err = client.Get(ctx, types.NamespacedName{Name: name, Namespace: namespace}, ds)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit can this be replaced with

if err := status.IsIngressNodeFirewallConfigAvailable(ctx, client, namespace); err != nil {
    return false, err
}
return true, nil

@msherif1234
Copy link
Contributor

/retest

msherif1234
msherif1234 reviewed Oct 18, 2022
View reviewed changes
test/e2e/node/node.go
node := nodesList.Items[0]

for _, address := range node.Status.Addresses {
ip := net.ParseIP(address.Address)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't need to check address.Type == v1.NodeInternalIP 1st gere and below ?

msherif1234
msherif1234 reviewed Oct 18, 2022
View reviewed changes
test/e2e/pods/pods.go
func GetIPV6(ips []corev1.PodIP) string {
for _, ip := range ips {
parsedIP := net.ParseIP(ip.IP)
if parsedIP.To4() == nil {
Copy link
Contributor

@msherif1234 msherif1234 Oct 18, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: why not use .To16 != nil similar to GetIPv4

@openshift-cherrypick-robot
Copy link

@msherif1234: once the present PR merges, I will cherry-pick it on top of release-4.12 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@martinkennelly martinkennelly changed the title WIP: OCPBUGS-2325: Add E2E test cases for ingress OCPBUGS-2325: Add E2E test cases for ingress Oct 19, 2022
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 19, 2022
@martinkennelly
Add E2E test cases for INF ingress
b5d50d4 
Signed-off-by: Martin Kennelly <mkennell@redhat.com>
@msherif1234
Copy link
Contributor

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 19, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 19, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: martinkennelly, msherif1234

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 19, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 19, 2022

@martinkennelly: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit 8c5e56d into openshift:master Oct 19, 2022
@openshift-ci-robot
Copy link

@martinkennelly: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-2325 has been moved to the MODIFIED state.

In response to this:

Signed-off-by: Martin Kennelly mkennell@redhat.com

/cc @msherif1234

More to come but this is a start.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@msherif1234 msherif1234 mentioned this pull request Oct 20, 2022
Merged
@martinkennelly martinkennelly mentioned this pull request Oct 21, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msherif1234 msherif1234 msherif1234 left review comments

@asood-rh asood-rh Awaiting requested review from asood-rh

Assignees

@msherif1234 msherif1234

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@martinkennelly @msherif1234 @openshift-ci-robot @openshift-cherrypick-robot @openshift-merge-robot