connectivity: Add ResultCurlTimeout

It checks for a failed curl command without any network policy drops. Used in follow-up commits to validate expected result for LRP tests. The results pertain to network policy as well non network policy related checks, so move them accordingly. Signed-off-by: Aditi Ghag <[email protected]>
cilium · May 31, 2024 · c5bb958 · c5bb958
1 parent dd3eae3
commit c5bb958
Show file tree

Hide file tree

Showing 2 changed files with 125 additions and 118 deletions.
diff --git a/connectivity/check/policy.go b/connectivity/check/policy.go
@@ -13,16 +13,17 @@ import (
 	"sync"
 	"time"
 
-	flowpb "github.com/cilium/cilium/api/v1/flow"
-	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
-	"github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/scheme"
 	networkingv1 "k8s.io/api/networking/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	clientsetscheme "k8s.io/client-go/kubernetes/scheme"
 
+	flowpb "github.com/cilium/cilium/api/v1/flow"
+	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
+	"github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/scheme"
+
 	"github.com/cilium/cilium-cli/defaults"
 	"github.com/cilium/cilium-cli/k8s"
 )
@@ -262,120 +263,6 @@ func authRequiredDropReason(flow *flowpb.Flow) bool {
 	return flow.GetDropReasonDesc() == flowpb.DropReason_AUTH_REQUIRED
 }
 
-var (
-	// ResultNone expects a successful command, don't match any packets.
-	ResultNone = Result{
-		None: true,
-	}
-
-	// ResultOK expects a successful command and a matching flow.
-	ResultOK = Result{}
-
-	// ResultDNSOK expects a successful command, only generating DNS traffic.
-	ResultDNSOK = Result{
-		DNSProxy: true,
-	}
-
-	// ResultDNSOKDropCurlTimeout expects a failed command, generating DNS traffic and a dropped flow.
-	ResultDNSOKDropCurlTimeout = Result{
-		DNSProxy:       true,
-		Drop:           true,
-		DropReasonFunc: defaultDropReason,
-		ExitCode:       ExitCurlTimeout,
-	}
-
-	// ResultDNSOKDropCurlHTTPError expects a failed command, generating DNS traffic and a dropped flow.
-	ResultDNSOKDropCurlHTTPError = Result{
-		DNSProxy:       true,
-		L7Proxy:        true,
-		Drop:           true,
-		DropReasonFunc: defaultDropReason,
-		ExitCode:       ExitCurlHTTPError,
-	}
-
-	// ResultCurlHTTPError expects a failed command, but no dropped flow or DNS proxy.
-	ResultCurlHTTPError = Result{
-		L7Proxy:        true,
-		Drop:           false,
-		DropReasonFunc: defaultDropReason,
-		ExitCode:       ExitCurlHTTPError,
-	}
-
-	// ResultDrop expects a dropped flow and a failed command.
-	ResultDrop = Result{
-		Drop:           true,
-		ExitCode:       ExitAnyError,
-		DropReasonFunc: defaultDropReason,
-	}
-
-	// ResultDropAuthRequired expects a dropped flow with auth required as reason.
-	ResultDropAuthRequired = Result{
-		Drop:           true,
-		DropReasonFunc: authRequiredDropReason,
-	}
-
-	// ResultAnyReasonEgressDrop expects a dropped flow at Egress and a failed command.
-	ResultAnyReasonEgressDrop = Result{
-		Drop:           true,
-		DropReasonFunc: defaultDropReason,
-		EgressDrop:     true,
-		ExitCode:       ExitAnyError,
-	}
-
-	// ResultPolicyDenyEgressDrop expects a dropped flow at Egress due to policy deny and a failed command.
-	ResultPolicyDenyEgressDrop = Result{
-		Drop:           true,
-		DropReasonFunc: policyDenyReason,
-		EgressDrop:     true,
-		ExitCode:       ExitAnyError,
-	}
-
-	// ResultDefaultDenyEgressDrop expects a dropped flow at Egress due to default deny and a failed command.
-	ResultDefaultDenyEgressDrop = Result{
-		Drop:           true,
-		DropReasonFunc: defaultDenyReason,
-		EgressDrop:     true,
-		ExitCode:       ExitAnyError,
-	}
-
-	// ResultIngressAnyReasonDrop expects a dropped flow at Ingress and a failed command.
-	ResultIngressAnyReasonDrop = Result{
-		Drop:           true,
-		IngressDrop:    true,
-		DropReasonFunc: defaultDropReason,
-		ExitCode:       ExitAnyError,
-	}
-
-	// ResultPolicyDenyIngressDrop expects a dropped flow at Ingress due to policy deny reason and a failed command.
-	ResultPolicyDenyIngressDrop = Result{
-		Drop:           true,
-		IngressDrop:    true,
-		DropReasonFunc: policyDenyReason,
-		ExitCode:       ExitAnyError,
-	}
-
-	// ResultDefaultDenyIngressDrop expects a dropped flow at Ingress due to default deny reason and a failed command.
-	ResultDefaultDenyIngressDrop = Result{
-		Drop:           true,
-		IngressDrop:    true,
-		DropReasonFunc: defaultDenyReason,
-		ExitCode:       ExitAnyError,
-	}
-
-	// ResultDropCurlTimeout expects a dropped flow and a failed command.
-	ResultDropCurlTimeout = Result{
-		Drop:     true,
-		ExitCode: ExitCurlTimeout,
-	}
-
-	// ResultDropCurlHTTPError expects a dropped flow and a failed command.
-	ResultDropCurlHTTPError = Result{
-		L7Proxy:  true,
-		Drop:     true,
-		ExitCode: ExitCurlHTTPError,
-	}
-)
-
 type ExpectationsFunc func(a *Action) (egress, ingress Result)
 
 // WithExpectations sets the getExpectations test result function to use during tests

diff --git a/connectivity/check/result.go b/connectivity/check/result.go
@@ -9,8 +9,9 @@ import (
 	"strconv"
 	"strings"
 
-	flowpb "github.com/cilium/cilium/api/v1/flow"
 	dto "github.com/prometheus/client_model/go"
+
+	flowpb "github.com/cilium/cilium/api/v1/flow"
 )
 
 type Result struct {
@@ -75,6 +76,125 @@ const (
 	ExitCurlTimeout   ExitCode = 28
 )
 
+var (
+	// ResultNone expects a successful command, don't match any packets.
+	ResultNone = Result{
+		None: true,
+	}
+
+	// ResultCurlTimeout expects a failed command, don't match any packets.
+	ResultCurlTimeout = Result{
+		ExitCode: ExitCurlTimeout,
+	}
+
+	// ResultOK expects a successful command and a matching flow.
+	ResultOK = Result{}
+
+	// ResultDNSOK expects a successful command, only generating DNS traffic.
+	ResultDNSOK = Result{
+		DNSProxy: true,
+	}
+
+	// ResultDNSOKDropCurlTimeout expects a failed command, generating DNS traffic and a dropped flow.
+	ResultDNSOKDropCurlTimeout = Result{
+		DNSProxy:       true,
+		Drop:           true,
+		DropReasonFunc: defaultDropReason,
+		ExitCode:       ExitCurlTimeout,
+	}
+
+	// ResultDNSOKDropCurlHTTPError expects a failed command, generating DNS traffic and a dropped flow.
+	ResultDNSOKDropCurlHTTPError = Result{
+		DNSProxy:       true,
+		L7Proxy:        true,
+		Drop:           true,
+		DropReasonFunc: defaultDropReason,
+		ExitCode:       ExitCurlHTTPError,
+	}
+
+	// ResultCurlHTTPError expects a failed command, but no dropped flow or DNS proxy.
+	ResultCurlHTTPError = Result{
+		L7Proxy:        true,
+		Drop:           false,
+		DropReasonFunc: defaultDropReason,
+		ExitCode:       ExitCurlHTTPError,
+	}
+
+	// ResultDrop expects a dropped flow and a failed command.
+	ResultDrop = Result{
+		Drop:           true,
+		ExitCode:       ExitAnyError,
+		DropReasonFunc: defaultDropReason,
+	}
+
+	// ResultDropAuthRequired expects a dropped flow with auth required as reason.
+	ResultDropAuthRequired = Result{
+		Drop:           true,
+		DropReasonFunc: authRequiredDropReason,
+	}
+
+	// ResultAnyReasonEgressDrop expects a dropped flow at Egress and a failed command.
+	ResultAnyReasonEgressDrop = Result{
+		Drop:           true,
+		DropReasonFunc: defaultDropReason,
+		EgressDrop:     true,
+		ExitCode:       ExitAnyError,
+	}
+
+	// ResultPolicyDenyEgressDrop expects a dropped flow at Egress due to policy deny and a failed command.
+	ResultPolicyDenyEgressDrop = Result{
+		Drop:           true,
+		DropReasonFunc: policyDenyReason,
+		EgressDrop:     true,
+		ExitCode:       ExitAnyError,
+	}
+
+	// ResultDefaultDenyEgressDrop expects a dropped flow at Egress due to default deny and a failed command.
+	ResultDefaultDenyEgressDrop = Result{
+		Drop:           true,
+		DropReasonFunc: defaultDenyReason,
+		EgressDrop:     true,
+		ExitCode:       ExitAnyError,
+	}
+
+	// ResultIngressAnyReasonDrop expects a dropped flow at Ingress and a failed command.
+	ResultIngressAnyReasonDrop = Result{
+		Drop:           true,
+		IngressDrop:    true,
+		DropReasonFunc: defaultDropReason,
+		ExitCode:       ExitAnyError,
+	}
+
+	// ResultPolicyDenyIngressDrop expects a dropped flow at Ingress due to policy deny reason and a failed command.
+	ResultPolicyDenyIngressDrop = Result{
+		Drop:           true,
+		IngressDrop:    true,
+		DropReasonFunc: policyDenyReason,
+		ExitCode:       ExitAnyError,
+	}
+
+	// ResultDefaultDenyIngressDrop expects a dropped flow at Ingress due to default deny reason and a failed command.
+	ResultDefaultDenyIngressDrop = Result{
+		Drop:           true,
+		IngressDrop:    true,
+		DropReasonFunc: defaultDenyReason,
+		ExitCode:       ExitAnyError,
+	}
+
+	// ResultDropCurlTimeout expects a dropped flow and a failed command.
+	ResultDropCurlTimeout = Result{
+		Drop:     true,
+		ExitCode: ExitCurlTimeout,
+	}
+
+	// ResultDropCurlHTTPError expects a dropped flow and a failed command.
+	ResultDropCurlHTTPError = Result{
+		L7Proxy:  true,
+		Drop:     true,
+		ExitCode: ExitCurlHTTPError,
+	}
+)
+
 func (e ExitCode) String() string {
 	switch e {
 	case ExitAnyError: