Add new functions to FakeAddressSetFactory for more insight into

existing address sets. Update db generation function from policy_test.go to be dualstack- compatible (policy_test.go still only uses ipv4, but peer_address_set_test.go, has ipv4, ipv6 and dualstack). Add tests for PeerAddressSet and peerAddressSetSyncer Update Netpol-owned address sets to peer-owned. Add netpol test that verifies that default deny port groups and port groups for policies without peer selectors (IpBlock) are cleaned up om sync. Update policy sync tests with existing policy in every namespace to make sure port groups won't be deleted as stale before being updated. Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
ovn-org · Dec 22, 2022 · 6fd7d9e · 6fd7d9e
1 parent 85eebcf
commit 6fd7d9e
Show file tree

Hide file tree

Showing 4 changed files with 1,228 additions and 219 deletions.
diff --git a/go-controller/pkg/ovn/address_set/fake_address_set.go b/go-controller/pkg/ovn/address_set/fake_address_set.go
@@ -1,6 +1,7 @@
 package addressset
 
 import (
+	"fmt"
 	"net"
 	"sync"
 	"sync/atomic"
@@ -30,20 +31,32 @@ type FakeAddressSetFactory struct {
 	asf *ovnAddressSetFactory
 	sync.Mutex
 	// maps address set name to object
-	sets           map[string]*fakeAddressSets
-	controllerName string
+	sets                map[string]*fakeAddressSets
+	controllerName      string
+	errOnNextNewAddrSet bool
 }
 
 // fakeFactory implements the AddressSetFactory interface
 var _ AddressSetFactory = &FakeAddressSetFactory{}
 
+const FakeASFError = "fake asf error"
+
+// ErrOnNextNewASCall will make FakeAddressSetFactory return FakeASFError on the next NewAddressSet call
+func (f *FakeAddressSetFactory) ErrOnNextNewASCall() {
+	f.errOnNextNewAddrSet = true
+}
+
 // NewAddressSet returns a new address set object
 func (f *FakeAddressSetFactory) NewAddressSet(dbIndex *DbIndex, ips []net.IP) (AddressSet, error) {
+	if f.errOnNextNewAddrSet {
+		f.errOnNextNewAddrSet = false
+		return nil, fmt.Errorf(FakeASFError)
+	}
 	f.Lock()
 	defer f.Unlock()
 	name := dbIndex.toOvsdbIndex(f.controllerName).GetObjName()
 	_, ok := f.sets[name]
-	gomega.Expect(ok).To(gomega.BeFalse())
+	gomega.Expect(ok).To(gomega.BeFalse(), fmt.Sprintf("new address set %s already exists", name))
 	set, err := f.newFakeAddressSets(ips, dbIndex, f.removeAddressSet)
 	if err != nil {
 		return nil, err
@@ -146,8 +159,9 @@ func (f *FakeAddressSetFactory) removeAddressSet(name string) {
 // ExpectAddressSetWithIPs ensures the named address set exists with the given set of IPs
 func (f *FakeAddressSetFactory) expectAddressSetWithIPs(g gomega.Gomega, dbIndex *DbIndex, ips []string) {
 	var lenAddressSet int
-	as := f.getAddressSet(dbIndex.toOvsdbIndex(f.controllerName).GetObjName())
-	gomega.Expect(as).ToNot(gomega.BeNil())
+	asName := dbIndex.toOvsdbIndex(f.controllerName).GetObjName()
+	as := f.getAddressSet(asName)
+	gomega.Expect(as).ToNot(gomega.BeNil(), fmt.Sprintf("expected address set %s to exist", asName))
 	defer as.Unlock()
 	as4 := as.ipv4
 	if as4 != nil {
@@ -253,6 +267,11 @@ func (f *FakeAddressSetFactory) EventuallyExpectNoAddressSet(dbIndexOrNsName any
 	}).Should(gomega.BeFalse())
 }
 
+// ExpectNumberOfAddressSets ensures the number of created address sets equals given number
+func (f *FakeAddressSetFactory) ExpectNumberOfAddressSets(n int) {
+	gomega.Expect(len(f.sets)).To(gomega.Equal(n))
+}
+
 func (f *FakeAddressSetFactory) getASName(dbIndex *DbIndex, ipFamily string) string {
 	objID := dbIndex.toOvsdbIndex(f.controllerName).GetObjName()
 	if ipFamily != "" {

diff --git a/go-controller/pkg/ovn/namespace_test.go b/go-controller/pkg/ovn/namespace_test.go
@@ -104,12 +104,10 @@ var _ = ginkgo.Describe("OVN Namespace Operations", func() {
 				OwnerName:       "namespace2",
 			}
 			fakeOvn.asf.NewAddressSet(ns2, []net.IP{net.ParseIP("1.1.1.2")})
-			// netpol-owned address set for existing netpol, should stay
+			// netpol peer address set for existing netpol, should stay
 			netpol := &addressset.DbIndex{
-				OwnerObjectType: libovsdbops.NetworkPolicyOwnerType,
-				OwnerNamespace:  "namespace1",
-				OwnerName:       "netpol1",
-				InternalID:      "egress.0",
+				OwnerObjectType: libovsdbops.NetpolPeerASOwnerType,
+				OwnerName:       "namespace/netpol1",
 			}
 			fakeOvn.asf.NewAddressSet(netpol, []net.IP{net.ParseIP("1.1.1.3")})
 			// egressQoS-owned address set, should stay