forked from flomesh-io/osm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
e2e_ip_exclusion_test.go
100 lines (82 loc) · 3.02 KB
/
e2e_ip_exclusion_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package e2e
import (
"fmt"
"time"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
. "github.com/openservicemesh/osm/tests/framework"
)
var _ = OSMDescribe("Tests traffic via IP range exclusion",
OSMDescribeInfo{
Tier: 2,
Bucket: 5,
},
func() {
Context("Test IP range exclusion", func() {
testIPExclusion()
})
})
func testIPExclusion() {
const sourceName = "client"
const destName = "server"
var ns = []string{sourceName, destName}
It("Tests HTTP traffic to external server via IP exclusion", func() {
// Install OSM
installOpts := Td.GetOSMInstallOpts()
installOpts.EnablePermissiveMode = false // explicitly set to false to demonstrate IP exclusion
Expect(Td.InstallOSM(installOpts)).To(Succeed())
meshConfig, _ := Td.GetMeshConfig(Td.OsmNamespace)
// Create Test NS
for _, n := range ns {
Expect(Td.CreateNs(n, nil)).To(Succeed())
}
// Only add source namespace to the mesh, destination is simulating an external cluster
Expect(Td.AddNsToMesh(true, sourceName)).To(Succeed())
// Set up the destination HTTP server. It is not part of the mesh
svcAccDef, podDef, svcDef, err := Td.SimplePodApp(
SimplePodAppDef{
PodName: destName,
Namespace: destName,
Image: fortioImageName,
Ports: []int{fortioHTTPPort},
OS: Td.ClusterOS,
})
Expect(err).NotTo(HaveOccurred())
_, err = Td.CreateServiceAccount(destName, &svcAccDef)
Expect(err).NotTo(HaveOccurred())
_, err = Td.CreatePod(destName, podDef)
Expect(err).NotTo(HaveOccurred())
dstSvc, err := Td.CreateService(destName, svcDef)
Expect(err).NotTo(HaveOccurred())
// Expect it to be up and running in it's receiver namespace
Expect(Td.WaitForPodsRunningReady(destName, 90*time.Second, 1, nil)).To(Succeed())
// The destination IP will be programmed as an IP exclusion
destinationIPRange := fmt.Sprintf("%s/32", dstSvc.Spec.ClusterIP)
meshConfig.Spec.Traffic.OutboundIPRangeExclusionList = []string{destinationIPRange}
_, err = Td.UpdateOSMConfig(meshConfig)
Expect(err).NotTo(HaveOccurred())
srcPod := setupSource(sourceName, false)
By("Using IP range exclusion to access destination")
// All ready. Expect client to reach server
clientToServer := HTTPRequestDef{
SourceNs: sourceName,
SourcePod: srcPod.Name,
SourceContainer: srcPod.Name,
Destination: fmt.Sprintf("%s.%s:%d", dstSvc.Name, dstSvc.Namespace, fortioHTTPPort),
}
srcToDestStr := fmt.Sprintf("%s -> %s",
fmt.Sprintf("%s/%s", sourceName, srcPod.Name),
clientToServer.Destination)
cond := Td.WaitForRepeatedSuccess(func() bool {
result := Td.HTTPRequest(clientToServer)
if result.Err != nil || result.StatusCode != 200 {
Td.T.Logf("> (%s) HTTP Req failed %d %v",
srcToDestStr, result.StatusCode, result.Err)
return false
}
Td.T.Logf("> (%s) HTTP Req succeeded: %d", srcToDestStr, result.StatusCode)
return true
}, 5, 90*time.Second)
Expect(cond).To(BeTrue(), "Failed testing HTTP traffic from source pod %s to destination %s", srcPod.Name, destinationIPRange)
})
}