Add tests for egress policy & custom offerings

Author: vishesh92

pkg/cloud/isolated_network_test.go

@@ -84,6 +84,7 @@ var _ = ginkgo.Describe("Network", func() {
 					PublicIpAddresses: []*csapi.PublicIpAddress{{Id: dummies.PublicIPID, Ipaddress: "fakeIP"}}}, nil)
 			as.EXPECT().NewAssociateIpAddressParams().Return(&csapi.AssociateIpAddressParams{})
 			as.EXPECT().AssociateIpAddress(gomock.Any())
+			ns.EXPECT().GetNetworkByID(dummies.ISONet1.ID, gomock.Any()).Return(&csapi.Network{Egressdefaultpolicy: false}, 1, nil)
 			fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, gomock.Any()).
 				DoAndReturn(func(_ string, protocol string) *csapi.CreateEgressFirewallRuleParams {
 					p := &csapi.CreateEgressFirewallRuleParams{}
@@ -138,6 +139,7 @@ var _ = ginkgo.Describe("Network", func() {
 	ginkgo.Context("for a closed firewall", func() {
 		ginkgo.It("OpenFirewallRule asks CloudStack to open the firewall", func() {
 			dummies.Zone1.Network = dummies.ISONet1
+			ns.EXPECT().GetNetworkByID(dummies.ISONet1.ID, gomock.Any()).Return(&csapi.Network{Egressdefaultpolicy: false}, 1, nil)
 			fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, gomock.Any()).
 				DoAndReturn(func(_ string, protocol string) *csapi.CreateEgressFirewallRuleParams {
 					p := &csapi.CreateEgressFirewallRuleParams{}
@@ -165,6 +167,7 @@ var _ = ginkgo.Describe("Network", func() {
 		ginkgo.It("OpenFirewallRule asks CloudStack to open the firewall anyway, but doesn't fail", func() {
 			dummies.Zone1.Network = dummies.ISONet1
 
+			ns.EXPECT().GetNetworkByID(dummies.ISONet1.ID, gomock.Any()).Return(&csapi.Network{Egressdefaultpolicy: false}, 1, nil)
 			fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, gomock.Any()).
 				DoAndReturn(func(_ string, protocol string) *csapi.CreateEgressFirewallRuleParams {
 					p := &csapi.CreateEgressFirewallRuleParams{}

test/e2e/common.go

@@ -62,12 +62,25 @@ const (
 	InvalidDomainName            = "CLOUDSTACK_INVALID_DOMAIN_NAME"
 	InvalidTemplateName          = "CLOUDSTACK_INVALID_TEMPLATE_NAME"
 	InvalidCPOfferingName        = "CLOUDSTACK_INVALID_CONTROL_PLANE_MACHINE_OFFERING"
+
+	CustomNetworkOfferingWithEgressPolicyName = "CLOUDSTACK_NETWORK_CUSTOM_OFFERING_EGRESS_POLICY_TRUE_NAME"
+	NetworkNameWithCustomOffering             = "CLOUDSTACK_NETWORK_NAME_WITH_CUSTOM_OFFERING"
+
+	VPCName                          = "CLOUDSTACK_VPC_NAME"
+	VPCNetworkName                   = "CLOUDSTACK_VPC_NETWORK_NAME"
+	CustomVPCOfferingName            = "CLOUDSTACK_CUSTOM_VPC_OFFERING_NAME"
+	CustomVPCNetworkOfferingName     = "CLOUDSTACK_CUSTOM_VPC_NETWORK_OFFERING_NAME"
+	VPCWithCustomOfferingName        = "CLOUDSTACK_VPC_NAME_WITH_CUSTOM_OFFERING"
+	VPCNetworkWithCustomOfferingName = "CLOUDSTACK_VPC_NETWORK_NAME_WITH_CUSTOM_OFFERING"
 )
 
 const (
 	ControlPlaneIndicator      = "-control-plane-"
 	MachineDeploymentIndicator = "-md-"
 	DataVolumePrefix           = "DATA-"
+	DefaultVPCOffering         = "Default VPC offering"
+	DefaultVPCNetworkOffering  = "DefaultIsolatedNetworkOfferingForVpcNetworks"
+	DefaultNetworkOffering     = "DefaultIsolatedNetworkOfferingWithSourceNatService"
 )
 
 type CommonSpecInput struct {
@@ -391,15 +404,11 @@ func CheckNetworkExists(client *cloudstack.CloudStackClient, networkName string)
 		}
 		return false, err
 	} else if count > 1 {
-		return false, fmt.Errorf("Expected 0-1 Network with name %s, but got %d.", networkName, count)
+		return false, fmt.Errorf("expected 0-1 network with name %s, but got %d", networkName, count)
 	}
 	return count == 1, nil
 }
 
-func CheckVPCExists(client *cloudstack.CloudStackClient, vpcName string) (bool, error) {
-	return CheckVPCExistsInProject(client, vpcName, "")
-}
-
 func CheckVPCExistsInProject(client *cloudstack.CloudStackClient, vpcName string, project string) (bool, error) {
 	p := client.VPC.NewListVPCsParams()
 	p.SetName(vpcName)
@@ -419,7 +428,7 @@ func CheckVPCExistsInProject(client *cloudstack.CloudStackClient, vpcName string
 		}
 		return false, err
 	} else if listResp.Count > 1 {
-		return false, fmt.Errorf("Expected 0-1 VPC with name %s, but got %d.", vpcName, listResp.Count)
+		return false, fmt.Errorf("expected 0-1 vpc with name %s, but got %d", vpcName, listResp.Count)
 	}
 	return listResp.Count == 1, nil
 }

test/e2e/config/cloudstack.yaml

@@ -89,6 +89,8 @@ providers:
       - sourcePath: "../data/infrastructure-cloudstack/v1beta3/cluster-template-second-cluster.yaml"
       - sourcePath: "../data/infrastructure-cloudstack/v1beta3/cluster-template-shared-network-kubevip.yaml"
       - sourcePath: "../data/infrastructure-cloudstack/v1beta3/cluster-template-vpc-network.yaml"
+      - sourcePath: "../data/infrastructure-cloudstack/v1beta3/cluster-template-custom-vpc-offering.yaml"
+      - sourcePath: "../data/infrastructure-cloudstack/v1beta3/cluster-template-network-with-custom-offering.yaml"
       - sourcePath: "../data/infrastructure-cloudstack/v1beta3/cluster-template-invalid-disk-offering.yaml"
       - sourcePath: "../data/infrastructure-cloudstack/v1beta3/cluster-template-invalid-disk-offering-size-for-non-customized.yaml"
       - sourcePath: "../data/infrastructure-cloudstack/v1beta3/cluster-template-invalid-disk-offering-size-for-customized.yaml"
@@ -129,10 +131,20 @@ variables:
   CLOUDSTACK_INVALID_ACCOUNT_NAME: accountXXXX
   CLOUDSTACK_DOMAIN_NAME: ROOT
   CLOUDSTACK_INVALID_DOMAIN_NAME: domainXXXX
+
   CLOUDSTACK_NETWORK_NAME: isolated-for-e2e-1
+  CLOUDSTACK_NETWORK_NAME_WITH_CUSTOM_OFFERING: isolated-for-e2e-1-with-custom-offering
+  CLOUDSTACK_NETWORK_CUSTOM_OFFERING_EGRESS_POLICY_TRUE_NAME: CustomNetworkOfferingWithEgressPolicyTrue
+
   CLOUDSTACK_VPC_NETWORK_NAME: vpc-isolated-for-e2e-1
   CLOUDSTACK_VPC_NAME: vpc-for-e2e-1
   CLOUDSTACK_VPC_CIDR: 10.10.0.0/16
+
+  CLOUDSTACK_VPC_NAME_WITH_CUSTOM_OFFERING: vpc-for-e2e-1-with-custom-offering
+  CLOUDSTACK_VPC_NETWORK_NAME_WITH_CUSTOM_OFFERING: vpc-isolated-for-e2e-1-with-custom-offering
+  CLOUDSTACK_CUSTOM_VPC_OFFERING_NAME: "CustomVPCOffering"
+  CLOUDSTACK_CUSTOM_VPC_NETWORK_OFFERING_NAME: "CustomVPCNetworkOffering"
+
   CLOUDSTACK_GATEWAY: 10.10.0.1
   CLOUDSTACK_NETMASK: 255.255.255.0
   CLOUDSTACK_NEW_NETWORK_NAME: isolated-for-e2e-new

test/e2e/data/infrastructure-cloudstack/v1beta3/cluster-template-custom-vpc-offering/cluster-with-custom-vpc-offering.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta3
+kind: CloudStackCluster
+metadata:
+  name: ${CLUSTER_NAME}
+spec:
+  failureDomains:
+  - name: ${CLOUDSTACK_FD1_NAME}
+    acsEndpoint:
+      name: ${CLOUDSTACK_FD1_SECRET_NAME}
+      namespace: default
+    zone:
+      name: ${CLOUDSTACK_ZONE_NAME}
+      network:
+        name: ${CLOUDSTACK_VPC_NETWORK_NAME_WITH_CUSTOM_OFFERING}
+        gateway: ${CLOUDSTACK_GATEWAY}
+        netmask: ${CLOUDSTACK_NETMASK}
+        offering: ${CLOUDSTACK_CUSTOM_VPC_NETWORK_OFFERING_NAME}
+        vpc:
+          name: ${CLOUDSTACK_VPC_NAME_WITH_CUSTOM_OFFERING}
+          cidr: ${CLOUDSTACK_VPC_CIDR}
+          offering: ${CLOUDSTACK_CUSTOM_VPC_OFFERING_NAME}
+  controlPlaneEndpoint:
+    host: ""
+    port: 6443

test/e2e/data/infrastructure-cloudstack/v1beta3/cluster-template-custom-vpc-offering/kustomization.yaml

@@ -0,0 +1,6 @@
+bases:
+  - ../bases/cluster-with-kcp.yaml
+  - ../bases/md.yaml
+
+patchesStrategicMerge:
+- ./cluster-with-custom-vpc-offering.yaml

test/e2e/data/infrastructure-cloudstack/v1beta3/cluster-template-network-with-custom-offering/cluster-with-network-with-custom-offering.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta3
+kind: CloudStackCluster
+metadata:
+  name: ${CLUSTER_NAME}
+spec:
+  failureDomains:
+  - name: ${CLOUDSTACK_FD1_NAME}
+    acsEndpoint:
+      name: ${CLOUDSTACK_FD1_SECRET_NAME}
+      namespace: default
+    zone:
+      name: ${CLOUDSTACK_ZONE_NAME}
+      network:
+        name: ${CLOUDSTACK_NETWORK_NAME_WITH_CUSTOM_OFFERING}
+        gateway: ${CLOUDSTACK_GATEWAY}
+        netmask: ${CLOUDSTACK_NETMASK}
+        offering:
+          name: ${CLOUDSTACK_NETWORK_CUSTOM_OFFERING_EGRESS_POLICY_TRUE_NAME}
+  controlPlaneEndpoint:
+    host: ""
+    port: 6443

test/e2e/data/infrastructure-cloudstack/v1beta3/cluster-template-network-with-custom-offering/kustomization.yaml

@@ -0,0 +1,6 @@
+bases:
+  - ../bases/cluster-with-kcp.yaml
+  - ../bases/md.yaml
+
+patchesStrategicMerge:
+- ./cluster-with-network-with-custom-offering.yaml

test/e2e/network_with_custom_offering.go

@@ -0,0 +1,107 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package e2e
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/utils/pointer"
+
+	"sigs.k8s.io/cluster-api/test/framework/clusterctl"
+	"sigs.k8s.io/cluster-api/util"
+)
+
+// NetworkWithCustomOfferingSpec implements a test that verifies that an app deployed to the workload cluster works.
+func NetworkWithCustomOfferingSpec(ctx context.Context, inputGetter func() CommonSpecInput) {
+	var (
+		specName            = "network-with-custom-offering"
+		input               CommonSpecInput
+		namespace           *corev1.Namespace
+		cancelWatches       context.CancelFunc
+		clusterResources    *clusterctl.ApplyClusterTemplateAndWaitResult
+		networkOfferingName string
+		networkName         string
+	)
+
+	BeforeEach(func() {
+		Expect(ctx).NotTo(BeNil(), "ctx is required for %s spec", specName)
+		input = inputGetter()
+		Expect(input.E2EConfig).ToNot(BeNil(), "Invalid argument. input.E2EConfig can't be nil when calling %s spec", specName)
+		Expect(input.ClusterctlConfigPath).To(BeAnExistingFile(), "Invalid argument. input.ClusterctlConfigPath must be an existing file when calling %s spec", specName)
+		Expect(input.BootstrapClusterProxy).ToNot(BeNil(), "Invalid argument. input.BootstrapClusterProxy can't be nil when calling %s spec", specName)
+		Expect(os.MkdirAll(input.ArtifactFolder, 0750)).To(Succeed(), "Invalid argument. input.ArtifactFolder can't be created for %s spec", specName)
+
+		Expect(input.E2EConfig.Variables).To(HaveKey(KubernetesVersion))
+
+		// Setup a Namespace where to host objects for this spec and create a watcher for the namespace events.
+		namespace, cancelWatches = setupSpecNamespace(ctx, specName, input.BootstrapClusterProxy, input.ArtifactFolder)
+		clusterResources = new(clusterctl.ApplyClusterTemplateAndWaitResult)
+
+		networkOfferingName = input.E2EConfig.GetVariable(CustomNetworkOfferingWithEgressPolicyName)
+		networkName = input.E2EConfig.GetVariable(NetworkNameWithCustomOffering)
+
+		csClient := CreateCloudStackClient(ctx, input.BootstrapClusterProxy.GetKubeconfigPath())
+		exists, err := CheckNetworkExists(csClient, networkName)
+		Expect(err).To(BeNil())
+		Expect(exists).To(BeFalse())
+	})
+
+	It("Should create a new network with a custom offering", func() {
+		clusterctl.ApplyClusterTemplateAndWait(ctx, clusterctl.ApplyClusterTemplateAndWaitInput{
+			ClusterProxy:    input.BootstrapClusterProxy,
+			CNIManifestPath: input.E2EConfig.GetVariable(CNIPath),
+			ConfigCluster: clusterctl.ConfigClusterInput{
+				LogFolder:                filepath.Join(input.ArtifactFolder, "clusters", input.BootstrapClusterProxy.GetName()),
+				ClusterctlConfigPath:     input.ClusterctlConfigPath,
+				KubeconfigPath:           input.BootstrapClusterProxy.GetKubeconfigPath(),
+				InfrastructureProvider:   clusterctl.DefaultInfrastructureProvider,
+				Flavor:                   specName,
+				Namespace:                namespace.Name,
+				ClusterName:              fmt.Sprintf("%s-%s", specName, util.RandomString(6)),
+				KubernetesVersion:        input.E2EConfig.GetVariable(KubernetesVersion),
+				ControlPlaneMachineCount: pointer.Int64(1),
+				WorkerMachineCount:       pointer.Int64(1),
+			},
+			WaitForClusterIntervals:      input.E2EConfig.GetIntervals(specName, "wait-cluster"),
+			WaitForControlPlaneIntervals: input.E2EConfig.GetIntervals(specName, "wait-control-plane"),
+			WaitForMachineDeployments:    input.E2EConfig.GetIntervals(specName, "wait-worker-nodes"),
+		}, clusterResources)
+
+		csClient := CreateCloudStackClient(ctx, input.BootstrapClusterProxy.GetKubeconfigPath())
+
+		Byf("Checking if network %s exists with offering %s with egress policy %t", networkName, networkOfferingName, true)
+		network, count, err := csClient.Network.GetNetworkByName(networkName)
+		Expect(err).To(BeNil())
+		Expect(count).To(BeEquivalentTo(1))
+		Expect(network.Name).To(BeEquivalentTo(networkName))
+		Expect(network.Networkofferingname).To(BeEquivalentTo(networkOfferingName))
+		Expect(network.Egressdefaultpolicy).To(BeEquivalentTo(true))
+
+		By("PASSED!")
+	})
+
+	AfterEach(func() {
+		// Dumps all the resources in the spec namespace, then cleanups the cluster object and the spec namespace itself.
+		dumpSpecResourcesAndCleanup(ctx, specName, input.BootstrapClusterProxy, input.ArtifactFolder, namespace, cancelWatches, clusterResources.Cluster, input.E2EConfig.GetIntervals, input.SkipCleanup)
+	})
+}

test/e2e/network_with_custom_offering_test.go

@@ -0,0 +1,39 @@
+//go:build e2e
+// +build e2e
+
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package e2e
+
+import (
+	"context"
+
+	. "github.com/onsi/ginkgo/v2"
+)
+
+var _ = Describe("When testing network with custom offering", func() {
+	NetworkWithCustomOfferingSpec(context.TODO(), func() CommonSpecInput {
+		return CommonSpecInput{
+			E2EConfig:             e2eConfig,
+			ClusterctlConfigPath:  clusterctlConfigPath,
+			BootstrapClusterProxy: bootstrapClusterProxy,
+			ArtifactFolder:        artifactFolder,
+			SkipCleanup:           skipCleanup,
+		}
+	})
+
+})

test/e2e/resource_cleanup.go

@@ -88,6 +88,14 @@ func ResourceCleanupSpec(ctx context.Context, inputGetter func() CommonSpecInput
 		Expect(err).To(BeNil())
 		Expect(exists).To(BeTrue())
 
+		Byf("Checking if network %s exists with offering %s with egress policy %t", networkName, DefaultNetworkOffering, false)
+		network, count, err := csClient.Network.GetNetworkByName(networkName)
+		Expect(err).To(BeNil())
+		Expect(count).To(BeEquivalentTo(1))
+		Expect(network.Name).To(BeEquivalentTo(networkName))
+		Expect(network.Networkofferingname).To(BeEquivalentTo(DefaultNetworkOffering))
+		Expect(network.Egressdefaultpolicy).To(BeEquivalentTo(false))
+
 		By("PASSED!")
 	})