From 0e619cd8c633c96c4064c2b126b781ceea7cd57b Mon Sep 17 00:00:00 2001 From: Josh Salomon <41079547+JoshSalomon@users.noreply.github.com> Date: Sun, 17 Dec 2023 18:56:32 +0200 Subject: [PATCH] Adding test cases for the ipsecConfig API Testing that empty ipsecConfig translates into disabled mode, and that empty strings are not allowed for ipsecConfog.mode Added transition tests (added OnUpdate section to the file) for checking that ipsecConfog.mode can not be removed once set, that ipsec can be safely disabled, and that empty ispecConfig is not changed when changing other ovnKubernetesConfig fields. Additionally updated all successful path tests (without expecterError) since ipsecConfig setting appears now on all the out yaml file as a feature. Signed-off-by: Josh Salomon <41079547+JoshSalomon@users.noreply.github.com> --- operator/v1/stable.network.testsuite.yaml | 144 +++++++++++++++++++++- 1 file changed, 143 insertions(+), 1 deletion(-) diff --git a/operator/v1/stable.network.testsuite.yaml b/operator/v1/stable.network.testsuite.yaml index 6c616371b2e..47d5354280f 100644 --- a/operator/v1/stable.network.testsuite.yaml +++ b/operator/v1/stable.network.testsuite.yaml @@ -35,6 +35,8 @@ tests: routingViaHost: false ipv4: internalMasqueradeSubnet: "169.254.168.0/29" + ipsecConfig: + mode: Disabled disableNetworkDiagnostics: false logLevel: Normal operatorLogLevel: Normal @@ -124,6 +126,8 @@ tests: ipv6: internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" routingViaHost: false + ipsecConfig: + mode: Disabled disableNetworkDiagnostics: false logLevel: Normal operatorLogLevel: Normal @@ -147,6 +151,8 @@ tests: routingViaHost: false ipv6: internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + ipsecConfig: + mode: Disabled disableNetworkDiagnostics: false logLevel: Normal operatorLogLevel: Normal @@ -263,4 +269,140 @@ tests: disableNetworkDiagnostics: false logLevel: Normal operatorLogLevel: Normal - migration: {} \ No newline at end of file + migration: {} + - name: "IPsec - Empty ipsecConfig is allowed in initial state" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "IPsec - Populated ipsecConfig is allowed" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Full + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Full + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "IPsec - Start without setting ipsecConfig" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: {} + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "IPsec - empty string is not allowed" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: "" + expectedError: "Unsupported value: \"\": supported values: \"Disabled\", \"External\", \"Full\"" + onUpdate: + - name: "IPsec - Removing ipsecConfig.mode is not allowed" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Full + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + expectedError: "ipsecConfig.mode is required" + - name: "IPsec - Disabling IPsec" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Full + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "IPsec - Empty ipsecConfig when changing other parameters" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + mtu: 5888 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + mtu: 5888 + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal