Adding test cases for the ipsecConfig API

Testing that empty ipsecConfig translates into disabled mode, and that empty strings are not allowed for ipsecConfog.mode Added transition tests (added OnUpdate section to the file) for checking that ipsecConfog.mode can not be removed once set, that ipsec can be safely disabled, and that empty ispecConfig is not changed when changing other ovnKubernetesConfig fields. Additionally updated all successful path tests (without expecterError) since ipsecConfig setting appears now on all the out yaml file as a feature. Signed-off-by: Josh Salomon <[email protected]>
openshift · Jan 8, 2024 · 0e619cd · 0e619cd
1 parent 48d8d61
commit 0e619cd
Showing 1 changed file with 143 additions and 1 deletion.
diff --git a/operator/v1/stable.network.testsuite.yaml b/operator/v1/stable.network.testsuite.yaml
@@ -35,6 +35,8 @@ tests:
               routingViaHost: false
               ipv4:
                 internalMasqueradeSubnet: "169.254.168.0/29"
+            ipsecConfig:
+              mode: Disabled
         disableNetworkDiagnostics: false
         logLevel: Normal
         operatorLogLevel: Normal
@@ -124,6 +126,8 @@ tests:
               ipv6:
                 internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125"
               routingViaHost: false
+            ipsecConfig:
+              mode: Disabled
         disableNetworkDiagnostics: false
         logLevel: Normal
         operatorLogLevel: Normal
@@ -147,6 +151,8 @@ tests:
               routingViaHost: false
               ipv6:
                 internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20"
+            ipsecConfig:
+              mode: Disabled
         disableNetworkDiagnostics: false
         logLevel: Normal
         operatorLogLevel: Normal
@@ -263,4 +269,140 @@ tests:
         disableNetworkDiagnostics: false
         logLevel: Normal
         operatorLogLevel: Normal
-        migration: {}
+        migration: {}
+  - name: "IPsec - Empty ipsecConfig is allowed in initial state"
+    initial: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig: {}
+    expected: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig: {}
+        disableNetworkDiagnostics: false
+        logLevel: Normal
+        operatorLogLevel: Normal
+  - name: "IPsec - Populated ipsecConfig is allowed"
+    initial: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig:
+              mode: Full
+    expected: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig:
+              mode: Full
+        disableNetworkDiagnostics: false
+        logLevel: Normal
+        operatorLogLevel: Normal
+  - name: "IPsec - Start without setting ipsecConfig"
+    initial: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork:
+          ovnKubernetesConfig:
+    expected: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork: {}
+        disableNetworkDiagnostics: false
+        logLevel: Normal
+        operatorLogLevel: Normal
+  - name: "IPsec - empty string is not allowed"
+    initial: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig: 
+              mode: ""
+    expectedError: "Unsupported value: \"\": supported values: \"Disabled\", \"External\", \"Full\""
+  onUpdate:
+  - name: "IPsec - Removing ipsecConfig.mode is not allowed"
+    initial: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec:
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig:
+              mode: Full
+    updated: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec:
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig: {}
+    expectedError: "ipsecConfig.mode is required"
+  - name: "IPsec - Disabling IPsec"
+    initial: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec:
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig:
+              mode: Full
+    updated: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec:
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig:
+              mode: Disabled
+    expected: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec:
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig:
+              mode: Disabled
+        disableNetworkDiagnostics: false
+        logLevel: Normal
+        operatorLogLevel: Normal
+  - name: "IPsec - Empty ipsecConfig when changing other parameters"
+    initial: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig: {}
+    updated: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec:
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig: {}
+            mtu: 5888
+    expected: |
+      apiVersion: operator.openshift.io/v1
+      kind: Network
+      spec: 
+        defaultNetwork:
+          ovnKubernetesConfig:
+            ipsecConfig: {}
+            mtu: 5888
+        disableNetworkDiagnostics: false
+        logLevel: Normal
+        operatorLogLevel: Normal