Test CRD podSelector update

When the podSelector of a NP is updated,
the podSelector on the respective CRD must also be
updated with the same values.

Depends-On: https://review.openstack.org/#/c/636590/

Change-Id: I0faa3272e0920604da79f52d51f200335891f605

kuryr_tempest_plugin/tests/scenario/base.py

@@ -79,7 +79,8 @@ class BaseKuryrScenarioTest(manager.NetworkScenarioTest):
                 fip['floatingip']['id'])
 
     @classmethod
-    def create_network_policy(cls, name=None, namespace='default'):
+    def create_network_policy(cls, name=None, namespace='default',
+                              match_labels=None):
         if not name:
             name = data_utils.rand_name(prefix='kuryr-network-policy')
         np = cls.k8s_client.V1NetworkPolicy()
@@ -94,11 +95,28 @@ class BaseKuryrScenarioTest(manager.NetworkScenarioTest):
                                                                ports=None)],
             pod_selector=cls.k8s_client.V1LabelSelector(
                 match_expressions=None,
-                match_labels=None),
+                match_labels=match_labels),
             policy_types=['Ingress', 'Egress'])
         return cls.k8s_client.NetworkingV1Api(
         ).create_namespaced_network_policy(namespace=namespace, body=np)
 
+    @classmethod
+    def update_network_policy(cls, np):
+        np_name = np.metadata.name
+        np_namespace = np.metadata.namespace
+        np_updated = cls.k8s_client.NetworkingV1Api(
+            ).replace_namespaced_network_policy(
+                name=np_name, namespace=np_namespace, body=np)
+        return np_updated
+
+    @classmethod
+    def read_network_policy(cls, np):
+        np_name = np.metadata.name
+        np_namespace = np.metadata.namespace
+        return cls.k8s_client.NetworkingV1Api(
+            ).read_namespaced_network_policy(
+                name=np_name, namespace=np_namespace)
+
     @classmethod
     def create_pod(cls, name=None, labels=None, image='kuryr/demo',
                    namespace="default", annotations=None, wait_for_status=True,

kuryr_tempest_plugin/tests/scenario/test_network_policy.py

@@ -18,12 +18,15 @@ import time
 from oslo_log import log as logging
 from tempest import config
 from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
 
 from kuryr_tempest_plugin.tests.scenario import base
 
 LOG = logging.getLogger(__name__)
 CONF = config.CONF
 
+TIMEOUT_PERIOD = 20
+
 
 class TestNetworkPolicyScenario(base.BaseKuryrScenarioTest):
 
@@ -68,3 +71,59 @@ class TestNetworkPolicyScenario(base.BaseKuryrScenarioTest):
         sgs_after = self.list_security_groups(fields='id')
         sg_ids_after = [sg['id'] for sg in sgs_after]
         self.assertNotIn(sg_id, sg_ids_after)
+
+    @decorators.idempotent_id('44daf8fe-6a4b-4ca9-8685-97fb1f573e5e')
+    def test_update_network_policy(self):
+        """Update a Network Policy with a new pod selector
+
+        This method creates a Network Policy with a specific pod selector
+        and updates it with a new pod selector. The CRD should always have
+        the same pod selector as the Policy.
+        """
+
+        match_labels = {'app': 'demo'}
+        np = self.create_network_policy(match_labels=match_labels)
+        self.addCleanup(self.delete_network_policy,
+                        np.metadata.name)
+        kuryr_netpolicy_crd_name = 'np-' + np.metadata.name
+        kuryrnetpolicies = ''
+        start = time.time()
+        while time.time() - start < TIMEOUT_PERIOD:
+            try:
+                kuryrnetpolicies = self.get_kuryr_netpolicy_crds(
+                    name=kuryr_netpolicy_crd_name)
+                break
+            except kubernetes.client.rest.ApiException:
+                time.sleep(1)
+                continue
+        if not kuryrnetpolicies:
+            raise lib_exc.TimeoutException()
+
+        crd_pod_selector = kuryrnetpolicies['spec']['podSelector']
+        self.assertEqual(crd_pod_selector.get('matchLabels'),
+                         match_labels)
+
+        match_labels = {'context': 'demo'}
+        np = self.read_network_policy(np)
+        np.spec.pod_selector.match_labels = match_labels
+        np = self.update_network_policy(np)
+
+        labels = {}
+        start = time.time()
+        label_key = match_labels.keys()[0]
+        while time.time() - start < TIMEOUT_PERIOD:
+            try:
+                time.sleep(1)
+                updated_knp = self.get_kuryr_netpolicy_crds(
+                    name=kuryr_netpolicy_crd_name)
+                crd_pod_selector = updated_knp['spec']['podSelector']
+                labels = crd_pod_selector.get('matchLabels')
+                if labels.get(label_key):
+                    break
+            except kubernetes.client.rest.ApiException:
+                continue
+
+        if not labels.get(label_key):
+            raise lib_exc.TimeoutException()
+
+        self.assertEqual(labels, match_labels)