Commit Graph

200 Commits

Author SHA1 Message Date
Zuul
1020b0f906 Merge "Fail get_controller_pod_names when no pods found" 2020-08-27 17:55:33 +00:00
Itzik Brown
bc8b216943 Fail get_controller_pod_names when no pods found
Also skip test_unsupported_service_type for non containerized setups

Change-Id: I4c33cf40ffb6efc43260b6d58d2d0c0c15dd8c89
2020-08-18 11:06:44 +03:00
Roman Dobosz
53f01c482c Support for vifs being in 'spec' and 'status' objects.
In order to move vif information from 'spec' to 'status', we need
to support both for the transition time.

Change-Id: I2cb66e25534e44b79f660b10498086aa88ad805c
2020-08-17 06:47:31 +00:00
Itzik Brown
2fe1791ff2 Remove skip of test_service_udp_ping
It was skipped because of 1886909 which should be fixed

Depends-On: https://review.opendev.org/#/c/742384/
Change-Id: Ia28cf8b9c27560f4672a3bc46fd8a12eae790a51
2020-08-05 14:58:15 +00:00
Maysa Macedo
2b388b8a93 Support KuryrLoadbalancer CRD
This commit includes the support for
KuryrLoadBalancer CRD on services tests.

Change-Id: I62a9e301d90ce5aff87b14ac4f1af02fe46436a5
2020-07-30 19:12:51 +02:00
Michał Dulko
5dc54def33 Adapt NP tests to new CRD format
This commit adapts network policy tests to new KuryrNetworkPolicy CRD
format. This includes splitting TestNetworkPolicy class into two
versions and a bit of refactoring to allow that.

Change-Id: Id303620090df194297e16384d3522c3e3bb2ca58
2020-07-30 10:25:42 +02:00
Roman Dobosz
8456f2fe16 Fix test in order to work with new kuryrport CRD.
Currently, all the information was stored within the pod annotations,
and so the tests are utilizing annotations. With upcoming annotation to
CRD transition, in order to get the VIF information we need to also
check the CRD.

Change-Id: If639b63dcf660ed709623c8d5f788026619c895c
2020-07-24 04:07:00 +00:00
Itzik Brown
6760376f17 Skip service_udp_ping until Bug 1886909 is fixed
Launchpad: https://bugs.launchpad.net/networking-ovn/+bug/1886909
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1846189

Change-Id: I7f51b0189003d4489a929b6c5ceebb9bd5fbd159
2020-07-09 09:22:47 +03:00
Maysa Macedo
07b2267e59 Retrieve KuryrNets CR when supported
Right now we're attempt to get a KuryrNetworks CR after namespace
creation regardless if it's supported or not on the Cluster, which
causes the test test_ipblock_network_policy_allow_except to fail with
NotFound.

This commit fixes the issue by ensuring the correct CR is retrieved
when supported.

Change-Id: Ifce4316cf58ae010b267fd99b654cd816c0bff8a
2020-06-16 14:52:01 +02:00
Itzik Brown
c281c48a53 Raise timeout exception kuryrnetwork events
Raise a timeout exception when kuryrnetwork CRD creation times out

Change-Id: I20f23ef805320e63fad99c49de0c8fdfd9c9936d
2020-05-25 12:51:12 +03:00
Zuul
50a569cd30 Merge "Fix a typo in base" 2020-05-21 11:51:35 +00:00
Itzik Brown
952fce3df4 Fix a typo in base
Change-Id: I7d59a996289ee70b606c0366e2afc80ff14d6600
2020-05-20 05:20:15 +03:00
Maysa Macedo
3cc3a5d4d3 Raise Time out exception for Network policy events
It's possible that a Network Policy CRD creation times out,
and right now we're allowing the test to proceed without the CRD
in place. This commit enforces a time out exception is raised
when both creation/deletion of CRD times out.

Change-Id: I08260ddff218f176648725872f1d6c9b3542373c
2020-05-18 10:41:39 +00:00
Zuul
c625f775a6 Merge "Adapt Network Policy tempest tests for IPv6." 2020-05-12 15:50:12 +00:00
gryf
5569dabadc Adapt Network Policy tempest tests for IPv6.
Additionally, there was narrowed down amount of security group rules for
test_ipblock_network_policy_allow_except test, as it only requires pod
to pod connection, so that instead of creating rules for entire wide
range (like 0.0.0.0/0 or ::/0) but only for network, which the pods are
in.

Change-Id: I9e9b2af6404d6cfd3e43e149fd89b8825fa2cb35
2020-05-07 18:12:55 +02:00
Zuul
9d79a03807 Merge "Add retry for check ports in test_port_pool" 2020-05-05 10:20:40 +00:00
Zuul
1c6df3b03b Merge "Update docs building, py27 cleanup" 2020-05-04 21:25:00 +00:00
Andreas Jaeger
0bdc711816 Update docs building, py27 cleanup
Update docs building, cleanup after py27 removal a bit:
* Update requirements for Sphinx and openstackdocstheme for
  python 3
* Remove unneeded sections from setup.cfg
* Remove install_command, it's unneeded, the default is fine.
* Move constraints into deps, use TOX_CONSTRAINTS instead of obsolete
  UPPER_CONSTRAINTS
* Switch to hacking 3.0, fix problems found

Change-Id: I8b5634b02b399a0678c611b7be8593280b666953
2020-05-03 11:32:38 +02:00
Itzik Brown
92e18b336f Check connectivty from within the cluster
Check connectivity to the service from a pods within the namespace in
test_namespace instead from outisde

Change-Id: I5af7fc1be342d7fafa217347b1d84c3679c118c1
2020-04-27 09:58:17 +03:00
Itzik Brown
50dd6acbab Add retry for check ports in test_port_pool
We want to make sure we give enough time for the ports to be created

Change-Id: I94eecb307f72b50c938369c64cd473b224c6b19a
2020-04-21 16:18:33 +03:00
Zuul
a715d9ffd2 Merge "Retry exec_command_in_pod" 2020-03-18 10:28:10 +00:00
Zuul
4c34f0dcba Merge "Adapt namespace test to the kuryrnetwork CRD object" 2020-03-17 11:10:25 +00:00
Michał Dulko
bf2afa0c54 Retry exec_command_in_pod
From time to time we get some etcd issues on the gate and when that
happens Kubernetes API likes to greet us with a 500 error. This commit
makes sure that exec_command_in_pod retries requests like that so that in
such case we don't fail a test.

Change-Id: Ibaf2b70dfb8222dfafb9e0a451674473377074c0
2020-03-17 09:20:29 +01:00
Luis Tomas Bolivar
fe61431318 Adapt namespace test to the kuryrnetwork CRD object
Change-Id: If0aaf748d13027b3d660aa0f74c4f6653e911250
2020-03-16 11:29:24 +01:00
Ramon Lobillo
fcdb516637 Limit time for pod creation
Busy-waiting for POD creation for a number of seconds
(240 by default). If expired throws a TimeoutException.

Reuse static method wait_for_pod_status.

Change-Id: I1e212871e564ba3e10fa39c1bd7a2c5946954bb9
2020-03-12 14:55:37 +00:00
Zuul
6cd840bff2 Merge "Check ingress and egress IPBlock rules for NP" 2020-03-03 10:14:40 +00:00
Genadi Chereshnya
d88e00caa1 Check ingress and egress IPBlock rules for NP
Create 4 pods
Check that the http connection works before applying NP rules
Apply NP by allowing all and blocking pod1 ingress and pod2 egress
Check that http connection from pod1 to pod4 is blocked
Check that http connection from pod4 to pod2 is blocked
Check that http connection from pod4 to pod3 is still working

Change-Id: Ida893c0ca6a340b342d903974ec64b8a8c98565b
2020-03-02 15:22:03 +01:00
Michał Dulko
5eb1634b98 Fix Python 2 compatiblity
Technically we haven't dropped compatibility with Python 2 yet, so this
commit fixes 2 places that were incompatible.

Change-Id: I5d5ad4ed119afe71e10495bc907d8f55c0f9d4c4
2020-02-26 17:10:08 +01:00
Michał Dulko
681ff7a0cc Basic IPv6 support
This commit fixes stuff related to the fact that most apps require IPv6
addresses to be in brackets. Also now tests that use floating ips are
skipped if IPv6 is configured. FIPs are not supported on IPv6 and we
need to figure out other way to test them.

Implements: blueprint kuryr-ipv6-support
Change-Id: Ic2be3cf93bd9d114af907d26198e8011281bfabf
2020-02-14 18:07:26 +01:00
gryf
c440c298c4 Fix the decorator argument for failing test.
Recently added decorator for unstable tests require an argument bug to
be a string. In this patch we fix that.

Change-Id: I20ba88f1adb3ec4eef985c5cfa28a7d3b2575b2d
2020-01-24 06:59:39 +01:00
Zuul
4c9eb5cdb4 Merge "Mark test_ipblock_network_policy_sg_rules as unstable" 2020-01-23 08:53:37 +00:00
Michał Dulko
ab729cd433 Mark test_ipblock_network_policy_sg_rules as unstable
Seems like that test is critically unstable, I'm marking it as such to
make sure tests will be more forgiving.

Change-Id: Ic4c262189c74a93383f5b5274b4ccc41bf542446
Related-Bug: 1860554
2020-01-22 15:05:18 +01:00
Itzik Brown
e701961deb Adjust initial ports list in port_pool test
Adjusting also test_port_pool_min_max_update,
Due to prepopulation of ports when creating namespace.

Change-Id: Id1720eaf94b3a278aa126e2ed3cb9bcdda8e631f
2019-12-24 12:05:33 +02:00
Zuul
2ddd1dd65d Merge "Reduce flakiness of pod creation timeout" 2019-12-04 12:22:46 +00:00
Zuul
43eca0b09a Merge "Increading a timeout to 120 seconds on CRD creation" 2019-12-04 11:20:00 +00:00
Zuul
e4e7ae04a9 Merge "Add a check for ClusterIP IP of LB service" 2019-12-02 16:27:15 +00:00
Maysa Macedo
f34269cd22 Reduce flakiness of pod creation timeout
As this test recreates the namespace and a pod on it,
it could take a bit longer for the older KuryrNet CRD
to be removed and recreated, plus the pool to be populated
causing the pod creation to timeout. This commit reduce the
flakiness by increasing the timeout.

Change-Id: I31a874c5f1d0d134e555a32b09a71e9466daea77
2019-11-28 14:50:48 +01:00
Itzik Brown
47c0c5478f Add a check for ClusterIP IP of LB service
Check from a pod the connectivity to the internal IP of
LB services instead of from an external node

Change-Id: I6ce0b16985de6cc7182026975a63f03844d9d9ee
2019-11-27 16:27:27 +02:00
Genadi Chereshnya
08e857f7db Increading a timeout to 120 seconds on CRD creation
This is needed because it takes time to update Network resources
(for example LB or SG) after Network policy creation

Change-Id: I9b234386d861dfd35ed2062f7951dbe15538a034
2019-11-25 13:06:23 +02:00
Michał Dulko
8d66ca382a Mark test_namespace_sg_isolation as unstable
We have issues with this test, most likely due to Neutron bug [1]. This
commit marks it as unstable, so it gets skipped on failure.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1688323

Change-Id: I8a1bfab6e4b6c0e08d8cd2b7e8c6a5efdd87bbd3
2019-11-25 10:23:16 +01:00
Zuul
1a7a438a4d Merge "Ensure correct failure message is checked on CRD validation" 2019-11-20 09:22:35 +00:00
Maysa Macedo
feaef8ed86 Ensure correct failure message is checked on CRD validation
The error message retuned when a CRD is not validated has changed
on Kubernetes 1.16. We should also update the NP and Namespaces
tempests tests to match it, as the gate is using Kubernetes 1.16.

Change-Id: I4ed2bdbbc664579689763f2759741b0efced6db6
2019-11-19 18:27:02 +00:00
Michał Dulko
2619af8513 Fix Python 3 compatibility in network policy tests
In Python 3 {}.keys() return a view, not a list, so we cannot index it.
This commit fixes test_update_network_policy to anticipate that.

Change-Id: Idb6adec1d4b4b4a0f3c65b03c157f5fbb1c278de
2019-11-13 17:50:54 +01:00
Itzik Brown
ffae68805f Skip Namespace isolation when NP is enabled
Change-Id: I113bc0e365eb40d7ae5f306516bfc1dc0a718c8a
Depends-On: I5b6b9a908a48eef9aa7cb08ca3a95269b1300578
2019-11-07 11:35:24 +00:00
Genadi Chereshnya
4175a85a16 Testing basic Network policy IPBlock functionality
Creating network policy with ipblock_cidr for ingress and egress
and testing that appropriate Security group rules were created

Change-Id: Id97a4a9c0a3e45300a18251ab30ca7dd72a415e0
2019-11-03 14:08:50 +02:00
Zuul
b197432a1d Merge "Adjust expected number of ports to config values" 2019-10-25 19:11:03 +00:00
Itzik Brown
a0775316ac Adjust expected number of ports to config values
Check the number of ports after the third pod creation based on the values
of ports_pool_batch and ports_pool_min

Change-Id: Ic0d821979b4277b564705022c0858721ef52348f
2019-10-25 12:25:47 +03:00
Itzik Brown
66958972da Add subnet_per_namespace config option
Change-Id: I0e2f3834bde465560b8d4c4ae375c38b41118000
Depends-on: I49e0f59008894078f9e40198873caa78767ef0b3
2019-10-22 15:30:17 +03:00
Itzik Brown
42c4d53441 Adjust initial ports list in port_pool test
Due to prepopulation of ports when creating namespace

Change-Id: I0d3b554d841c24fa6d34e2e243cf900e146e2415
2019-10-12 19:56:59 +03:00
Itzik Brown
089dabfacf Make the label of kuryr-controller customizable
Change-Id: I656f33674b5fa499e1c8f2813a7fbac9d2280b74
2019-09-26 08:54:42 +00:00