Merge pull request #587 from tigera/smc-refactor-conncheck

Factor out connection checker into own package.
kgtw · Feb 24, 2020 · fdacebb · fdacebb
2 parents 90c407c + 34210ba
commit fdacebb
Show file tree

Hide file tree

Showing 21 changed files with 522 additions and 501 deletions.
diff --git a/Makefile b/Makefile
@@ -474,13 +474,13 @@ bin/iptables-locker: $(LOCAL_BUILD_DEP) go.mod $(shell find iptables -type f -na
 	$(DOCKER_GO_BUILD) \
 	    sh -c 'go build -v -i -o $@ -v $(BUILD_FLAGS) $(LDFLAGS) "$(PACKAGE_NAME)/fv/iptables-locker"'
 
-bin/test-workload: $(LOCAL_BUILD_DEP) go.mod fv/cgroup/cgroup.go fv/utils/utils.go fv/conncheck/*.go fv/test-workload/*.go
+bin/test-workload: $(LOCAL_BUILD_DEP) go.mod fv/cgroup/cgroup.go fv/utils/utils.go fv/connectivity/*.go fv/test-workload/*.go
 	@echo Building test-workload...
 	mkdir -p bin
 	$(DOCKER_GO_BUILD) \
 	    sh -c 'go build -v -i -o $@ -v $(BUILD_FLAGS) $(LDFLAGS) "$(PACKAGE_NAME)/fv/test-workload"'
 
-bin/test-connection: $(LOCAL_BUILD_DEP) go.mod fv/cgroup/cgroup.go fv/utils/utils.go fv/conncheck/*.go fv/test-connection/*.go
+bin/test-connection: $(LOCAL_BUILD_DEP) go.mod fv/cgroup/cgroup.go fv/utils/utils.go fv/connectivity/*.go fv/test-connection/*.go
 	@echo Building test-connection...
 	mkdir -p bin
 	$(DOCKER_GO_BUILD) \

diff --git a/fv/apply_on_forward_test.go b/fv/apply_on_forward_test.go
@@ -1,6 +1,4 @@
-// +build fvtests
-
-// Copyright (c) 2018 Tigera, Inc. All rights reserved.
+// Copyright (c) 2020 Tigera, Inc. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,6 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// +build fvtests
+
 package fv_test
 
 import (
@@ -25,6 +25,7 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 
+	"github.com/projectcalico/felix/fv/connectivity"
 	"github.com/projectcalico/felix/fv/infrastructure"
 	"github.com/projectcalico/felix/fv/utils"
 	"github.com/projectcalico/felix/fv/workload"
@@ -42,7 +43,7 @@ var _ = infrastructure.DatastoreDescribe("apply on forward tests; with 2 nodes",
 		client  client.Interface
 		w       [2]*workload.Workload
 		hostW   [2]*workload.Workload
-		cc      *workload.ConnectivityChecker
+		cc      *connectivity.Checker
 	)
 
 	BeforeEach(func() {
@@ -65,7 +66,7 @@ var _ = infrastructure.DatastoreDescribe("apply on forward tests; with 2 nodes",
 			hostW[ii] = workload.Run(felixes[ii], fmt.Sprintf("host%d", ii), "", felixes[ii].IP, "8055", "tcp")
 		}
 
-		cc = &workload.ConnectivityChecker{}
+		cc = &connectivity.Checker{}
 	})
 
 	AfterEach(func() {

diff --git a/fv/bpf_test.go b/fv/bpf_test.go
@@ -28,30 +28,30 @@ import (
 	"strings"
 	"time"
 
-	options2 "github.com/projectcalico/libcalico-go/lib/options"
-
 	"github.com/davecgh/go-spew/spew"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/kubernetes"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	"github.com/projectcalico/libcalico-go/lib/apiconfig"
+	api "github.com/projectcalico/libcalico-go/lib/apis/v3"
+	client "github.com/projectcalico/libcalico-go/lib/clientv3"
+	"github.com/projectcalico/libcalico-go/lib/ipam"
+	cnet "github.com/projectcalico/libcalico-go/lib/net"
+	options2 "github.com/projectcalico/libcalico-go/lib/options"
 
 	"github.com/projectcalico/felix/bpf"
 	"github.com/projectcalico/felix/bpf/nat"
+	. "github.com/projectcalico/felix/fv/connectivity"
 	"github.com/projectcalico/felix/fv/containers"
 	"github.com/projectcalico/felix/fv/infrastructure"
 	"github.com/projectcalico/felix/fv/utils"
 	"github.com/projectcalico/felix/fv/workload"
-	"github.com/projectcalico/libcalico-go/lib/apiconfig"
-	api "github.com/projectcalico/libcalico-go/lib/apis/v3"
-	client "github.com/projectcalico/libcalico-go/lib/clientv3"
-	"github.com/projectcalico/libcalico-go/lib/ipam"
-	cnet "github.com/projectcalico/libcalico-go/lib/net"
 )
 
 // We run with and without connection-time load balancing for a couple of reasons:
@@ -140,7 +140,7 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 			infra          infrastructure.DatastoreInfra
 			felixes        []*infrastructure.Felix
 			calicoClient   client.Interface
-			cc             *workload.ConnectivityChecker
+			cc             *Checker
 			externalClient *containers.Container
 			bpfLog         *containers.Container
 			options        infrastructure.TopologyOptions
@@ -164,7 +164,7 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 			bpfLog = containers.Run("bpf-log", containers.RunOpts{AutoRemove: true}, "--privileged", "calico/bpftool:v5.3-amd64", "/bpftool", "prog", "tracelog")
 			infra = getInfra()
 
-			cc = &workload.ConnectivityChecker{
+			cc = &Checker{
 				CheckSNAT: true,
 			}
 			cc.Protocol = testOpts.protocol
@@ -573,9 +573,9 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 						ip := testSvc.Spec.ClusterIP
 						port := uint16(testSvc.Spec.Ports[0].Port)
 
-						cc.ExpectSome(w[0][1], workload.IP(ip), port)
-						cc.ExpectSome(w[1][0], workload.IP(ip), port)
-						cc.ExpectSome(w[1][1], workload.IP(ip), port)
+						cc.ExpectSome(w[0][1], TargetIP(ip), port)
+						cc.ExpectSome(w[1][0], TargetIP(ip), port)
+						cc.ExpectSome(w[1][1], TargetIP(ip), port)
 						cc.CheckConnectivity()
 					})
 
@@ -584,7 +584,7 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 							ip := testSvc.Spec.ClusterIP
 							port := uint16(testSvc.Spec.Ports[0].Port)
 
-							cc.ExpectSome(w[0][0], workload.IP(ip), port)
+							cc.ExpectSome(w[0][0], TargetIP(ip), port)
 							cc.CheckConnectivity()
 						})
 
@@ -593,8 +593,8 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 							ip := testSvc.Spec.ClusterIP
 							port := uint16(testSvc.Spec.Ports[0].Port)
 
-							cc.ExpectSome(felixes[0], workload.IP(ip), port)
-							cc.ExpectNone(felixes[1], workload.IP(ip), port)
+							cc.ExpectSome(felixes[0], TargetIP(ip), port)
+							cc.ExpectNone(felixes[1], TargetIP(ip), port)
 							cc.CheckConnectivity()
 						})
 					} else {
@@ -603,8 +603,8 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 							ip := testSvc.Spec.ClusterIP
 							port := uint16(testSvc.Spec.Ports[0].Port)
 
-							cc.ExpectNone(felixes[0], workload.IP(ip), port)
-							cc.ExpectNone(felixes[1], workload.IP(ip), port)
+							cc.ExpectNone(felixes[0], TargetIP(ip), port)
+							cc.ExpectNone(felixes[1], TargetIP(ip), port)
 							cc.CheckConnectivity()
 						})
 					}
@@ -637,10 +637,10 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 								ip := testSvc.Spec.ClusterIP
 								port := uint16(testSvc.Spec.Ports[0].Port)
 
-								cc.ExpectSome(felixes[0], workload.IP(ip), port)
-								cc.ExpectSome(felixes[1], workload.IP(ip), port)
-								cc.ExpectNone(w[0][1], workload.IP(ip), port)
-								cc.ExpectNone(w[1][0], workload.IP(ip), port)
+								cc.ExpectSome(felixes[0], TargetIP(ip), port)
+								cc.ExpectSome(felixes[1], TargetIP(ip), port)
+								cc.ExpectNone(w[0][1], TargetIP(ip), port)
+								cc.ExpectNone(w[1][0], TargetIP(ip), port)
 								cc.CheckConnectivity()
 							})
 						})
@@ -651,8 +651,8 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 						ip := testSvc.Spec.ClusterIP
 						port := uint16(testSvc.Spec.Ports[0].Port)
 
-						cc.ExpectSome(w[0][1], workload.IP(ip), port)
-						cc.ExpectSome(w[1][0], workload.IP(ip), port)
+						cc.ExpectSome(w[0][1], TargetIP(ip), port)
+						cc.ExpectSome(w[1][0], TargetIP(ip), port)
 						cc.CheckConnectivity()
 
 						By("Checking timestamps on conntrack entries are sane")
@@ -718,19 +718,19 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 							ip := testSvcUpdated.Spec.ClusterIP
 							port := uint16(testSvcUpdated.Spec.Ports[0].Port)
 
-							cc.ExpectSome(w[0][1], workload.IP(ip), port)
-							cc.ExpectSome(w[1][0], workload.IP(ip), port)
-							cc.ExpectSome(w[1][1], workload.IP(ip), port)
+							cc.ExpectSome(w[0][1], TargetIP(ip), port)
+							cc.ExpectSome(w[1][0], TargetIP(ip), port)
+							cc.ExpectSome(w[1][1], TargetIP(ip), port)
 							cc.CheckConnectivity()
 						})
 
 						It("should not have connectivity from all workloads via the old port", func() {
 							ip := testSvc.Spec.ClusterIP
 							port := uint16(testSvc.Spec.Ports[0].Port)
 
-							cc.ExpectNone(w[0][1], workload.IP(ip), port)
-							cc.ExpectNone(w[1][0], workload.IP(ip), port)
-							cc.ExpectNone(w[1][1], workload.IP(ip), port)
+							cc.ExpectNone(w[0][1], TargetIP(ip), port)
+							cc.ExpectNone(w[1][0], TargetIP(ip), port)
+							cc.ExpectNone(w[1][1], TargetIP(ip), port)
 							cc.CheckConnectivity()
 
 							natmaps, natbacks := dumpNATmaps(felixes)
@@ -781,9 +781,9 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 								ip := testSvcUpdated.Spec.ClusterIP
 								port := uint16(testSvcUpdated.Spec.Ports[0].Port)
 
-								cc.ExpectNone(w[0][1], workload.IP(ip), port)
-								cc.ExpectNone(w[1][0], workload.IP(ip), port)
-								cc.ExpectNone(w[1][1], workload.IP(ip), port)
+								cc.ExpectNone(w[0][1], TargetIP(ip), port)
+								cc.ExpectNone(w[1][0], TargetIP(ip), port)
+								cc.ExpectNone(w[1][1], TargetIP(ip), port)
 								cc.CheckConnectivity()
 
 								for i, f := range felixes {
@@ -841,9 +841,9 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 						ip := testSvc.Spec.ClusterIP
 						port := uint16(testSvc.Spec.Ports[0].Port)
 
-						cc.ExpectSome(w[1][1], workload.IP(ip), port)
-						cc.ExpectSome(w[1][1], workload.IP(ip), port)
-						cc.ExpectSome(w[1][1], workload.IP(ip), port)
+						cc.ExpectSome(w[1][1], TargetIP(ip), port)
+						cc.ExpectSome(w[1][1], TargetIP(ip), port)
+						cc.ExpectSome(w[1][1], TargetIP(ip), port)
 						cc.CheckConnectivity()
 
 						if !testOpts.connTimeEnabled {
@@ -883,9 +883,9 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 						clusterIP := testSvc.Spec.ClusterIP
 						port := uint16(testSvc.Spec.Ports[0].Port)
 
-						cc.ExpectSome(w[0][1], workload.IP(clusterIP), port)
-						cc.ExpectSome(w[1][0], workload.IP(clusterIP), port)
-						cc.ExpectSome(w[1][1], workload.IP(clusterIP), port)
+						cc.ExpectSome(w[0][1], TargetIP(clusterIP), port)
+						cc.ExpectSome(w[1][0], TargetIP(clusterIP), port)
+						cc.ExpectSome(w[1][1], TargetIP(clusterIP), port)
 						cc.CheckConnectivity()
 
 					})
@@ -895,20 +895,20 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 							node0IP := felixes[0].IP
 							node1IP := felixes[1].IP
 							// Via remote nodeport, should fail.
-							cc.ExpectNone(w[0][1], workload.IP(node1IP), npPort)
-							cc.ExpectNone(w[1][0], workload.IP(node1IP), npPort)
-							cc.ExpectNone(w[1][1], workload.IP(node1IP), npPort)
+							cc.ExpectNone(w[0][1], TargetIP(node1IP), npPort)
+							cc.ExpectNone(w[1][0], TargetIP(node1IP), npPort)
+							cc.ExpectNone(w[1][1], TargetIP(node1IP), npPort)
 							// Include a check that goes via the local nodeport to make sure the dataplane has converged.
-							cc.ExpectSome(w[0][1], workload.IP(node0IP), npPort)
+							cc.ExpectSome(w[0][1], TargetIP(node0IP), npPort)
 							cc.CheckConnectivity()
 						})
 					} else {
 						It("should have connectivity from all workloads via a nodeport to workload 0", func() {
 							node1IP := felixes[1].IP
 
-							cc.ExpectSome(w[0][1], workload.IP(node1IP), npPort)
-							cc.ExpectSome(w[1][0], workload.IP(node1IP), npPort)
-							cc.ExpectSome(w[1][1], workload.IP(node1IP), npPort)
+							cc.ExpectSome(w[0][1], TargetIP(node1IP), npPort)
+							cc.ExpectSome(w[1][0], TargetIP(node1IP), npPort)
+							cc.ExpectSome(w[1][1], TargetIP(node1IP), npPort)
 							cc.CheckConnectivity()
 						})
 					}
@@ -917,7 +917,7 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 						It("should have connectivity from a workload via a nodeport on another node to workload 0", func() {
 							ip := felixes[1].IP
 
-							cc.ExpectSome(w[2][1], workload.IP(ip), npPort)
+							cc.ExpectSome(w[2][1], TargetIP(ip), npPort)
 							cc.CheckConnectivity()
 
 						})
@@ -927,16 +927,16 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 						if !testOpts.connTimeEnabled {
 							Skip("FIXME pod cannot connect to self without connect time lb")
 						}
-						cc.ExpectSome(w[0][0], workload.IP(felixes[1].IP), npPort)
-						cc.ExpectSome(w[0][0], workload.IP(felixes[0].IP), npPort)
+						cc.ExpectSome(w[0][0], TargetIP(felixes[1].IP), npPort)
+						cc.ExpectSome(w[0][0], TargetIP(felixes[0].IP), npPort)
 						cc.CheckConnectivity()
 					})
 
 					It("should not have connectivity from external to w[0] via local/remote node", func() {
-						cc.ExpectNone(externalClient, workload.IP(felixes[1].IP), npPort)
-						cc.ExpectNone(externalClient, workload.IP(felixes[0].IP), npPort)
+						cc.ExpectNone(externalClient, TargetIP(felixes[1].IP), npPort)
+						cc.ExpectNone(externalClient, TargetIP(felixes[0].IP), npPort)
 						// Include a check that goes via the local nodeport to make sure the dataplane has converged.
-						cc.ExpectSome(w[0][1], workload.IP(felixes[0].IP), npPort)
+						cc.ExpectSome(w[0][1], TargetIP(felixes[0].IP), npPort)
 						cc.CheckConnectivity()
 					})
 
@@ -961,9 +961,9 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 									Skip("FIXME externalClient also does conntime balancing")
 								}
 
-								cc.ExpectNone(externalClient, workload.IP(felixes[1].IP), npPort)
+								cc.ExpectNone(externalClient, TargetIP(felixes[1].IP), npPort)
 								// Include a check that goes via the nodeport with a local backing pod to make sure the dataplane has converged.
-								cc.ExpectSome(externalClient, workload.IP(felixes[0].IP), npPort)
+								cc.ExpectSome(externalClient, TargetIP(felixes[0].IP), npPort)
 								cc.CheckConnectivity()
 							})
 						} else {
@@ -972,7 +972,7 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 									Skip("FIXME externalClient also does conntime balancing")
 								}
 
-								cc.ExpectSome(externalClient, workload.IP(felixes[1].IP), npPort)
+								cc.ExpectSome(externalClient, TargetIP(felixes[1].IP), npPort)
 								cc.CheckConnectivity()
 							})
 						}
@@ -987,7 +987,7 @@ func describeBPFTests(opts ...bpfTestOpt) bool {
 								"nodePortIP":       felixes[1].IP,
 							}).Infof("external->nodeport connection")
 
-							cc.ExpectSome(externalClient, workload.IP(felixes[0].IP), npPort)
+							cc.ExpectSome(externalClient, TargetIP(felixes[0].IP), npPort)
 							cc.CheckConnectivity()
 						})
 					})

diff --git a/fv/config_update_test.go b/fv/config_update_test.go
@@ -1,6 +1,4 @@
-// +build fvtests
-
-// Copyright (c) 2017-2018 Tigera, Inc. All rights reserved.
+// Copyright (c) 2020 Tigera, Inc. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,25 +12,26 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// +build fvtests
+
 package fv_test
 
 import (
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
-
+	"context"
+	"errors"
 	"time"
 
-	"context"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
 
-	"errors"
+	api "github.com/projectcalico/libcalico-go/lib/apis/v3"
+	client "github.com/projectcalico/libcalico-go/lib/clientv3"
+	"github.com/projectcalico/libcalico-go/lib/options"
 
 	"github.com/projectcalico/felix/fv/containers"
 	"github.com/projectcalico/felix/fv/infrastructure"
 	"github.com/projectcalico/felix/fv/metrics"
 	"github.com/projectcalico/felix/fv/workload"
-	api "github.com/projectcalico/libcalico-go/lib/apis/v3"
-	client "github.com/projectcalico/libcalico-go/lib/clientv3"
-	"github.com/projectcalico/libcalico-go/lib/options"
 )
 
 const (