Adapt Network Policy tempest tests for IPv6.

Additionally, there was narrowed down amount of security group rules for test_ipblock_network_policy_allow_except test, as it only requires pod to pod connection, so that instead of creating rules for entire wide range (like 0.0.0.0/0 or ::/0) but only for network, which the pods are in. Change-Id: I9e9b2af6404d6cfd3e43e149fd89b8825fa2cb35
2020-05-07 18:12:55 +02:00 · 2020-05-07 18:12:55 +02:00 · 5569dabadc
commit 5569dabadc
parent 9db2bf03ed
2 changed files with 16 additions and 6 deletions
--- a/kuryr_tempest_plugin/tests/scenario/test_network_policy.py
+++ b/kuryr_tempest_plugin/tests/scenario/test_network_policy.py
@ -16,6 +16,7 @@ import json
 import kubernetes
 import time

+import netaddr
 from oslo_log import log as logging
 from tempest import config
 from tempest.lib import decorators
@ -84,7 +85,17 @@ class TestNetworkPolicyScenario(base.BaseKuryrScenarioTest):
    def test_ipblock_network_policy_allow_except(self):
        namespace_name, namespace = self.create_namespace()
        self.addCleanup(self.delete_namespace, namespace_name)
-        allow_all_cidr = '0.0.0.0/0'
+        cidr = self.get_kuryr_network_crds(
+            namespace_name)['status']['subnetCIDR']
+
+        ipn = netaddr.IPNetwork(cidr)
+        max_prefixlen = "/32"
+        curl_tmpl = "curl {}{}"
+        if ipn.version == 6:
+            max_prefixlen = "/128"
+            curl_tmpl = "curl [{}]{}"
+
+        allow_all_cidr = cidr
        pod_ip_list = []
        pod_name_list = []
        cmd_list = []
@ -96,8 +107,7 @@ class TestNetworkPolicyScenario(base.BaseKuryrScenarioTest):
            pod_name_list.append(pod_name)
            pod_ip = self.get_pod_ip(pod_name, namespace=namespace_name)
            pod_ip_list.append(pod_ip)
-            cmd = ["/bin/sh", "-c", "curl {dst_ip}:8080".format(
-                dst_ip=pod_ip_list[i])]
+            cmd = ["/bin/sh", "-c", curl_tmpl.format(pod_ip_list[i], ':8080')]
            cmd_list.append(cmd)

        # Check connectivity from pod4 to other pods before creating NP
@ -112,9 +122,9 @@ class TestNetworkPolicyScenario(base.BaseKuryrScenarioTest):
        # and second pod on egress
        np = self.create_network_policy(
            namespace=namespace_name, ingress_ipblock_cidr=allow_all_cidr,
-            ingress_ipblock_except=[pod_ip_list[0]+'/32'],
+            ingress_ipblock_except=[pod_ip_list[0] + max_prefixlen],
            egress_ipblock_cidr=allow_all_cidr,
-            egress_ipblock_except=[pod_ip_list[1]+'/32'])
+            egress_ipblock_except=[pod_ip_list[1] + max_prefixlen])

        LOG.debug("Creating network policy %s", np)
        network_policy_name = np.metadata.name
@ -440,7 +450,6 @@ class TestNetworkPolicyScenario(base.BaseKuryrScenarioTest):
                'egressSgRules': [{'security_group_rule': sg_rule}],
                'ingressSgRules': [],
                'networkpolicy_spec': {
-                    'podSelector': {},
                    'policyTypes': ['Ingress'],
                    'podSelector': {}},
                'podSelector': {},
--- a/requirements.txt
+++ b/requirements.txt
@ -12,3 +12,4 @@ testrepository>=0.0.18 # Apache-2.0/BSD
 testtools>=2.2.0 # MIT
 kubernetes>=5.0.0 # Apache-2.0
 oslo.concurrency>=3.26.0 # Apache-2.0
+netaddr>=0.7.19 # BSD