Revision b58bff5ed942c84aef56015d236c573ea024270f authored by Joe Stringer on 18 May 2018, 18:27:13 UTC, committed by Romain Lenglet on 18 May 2018, 23:01:08 UTC
When adding an L7 rule to an L4 policy, the recent endpoint logic changes did not properly propagate the need to recompile the BPF program, so entirely skipped it, leading to #4181. Fix it by tracking whether the L4 policy changes in regeneratePolicy() and including this in the final "needToRegenerateBPF" result. Fixes: #4181 Signed-off-by: Joe Stringer <joe@covalent.io>
1 parent ae39ed9
20-identity-list.sh
#!/bin/bash
# Tests to validate `cilium identity list` CLI commands.
dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source "${dir}/helpers.bash"
# dir might have been overwritten by helpers.bash
dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
TEST_NAME=$(get_filename_without_extension $0)
LOGS_DIR="${dir}/cilium-files/${TEST_NAME}/logs"
redirect_debug_logs ${LOGS_DIR}
set -ex
log "${TEST_NAME} has been deprecated and replaced by test/runtime/cli.go: test identity list"
exit 0
function start_containers {
docker run -dt --net=$TEST_NET --name foo -l id.foo tgraf/netperf
docker run -dt --net=$TEST_NET --name bar -l id.bar tgraf/netperf
docker run -dt --net=$TEST_NET --name baz -l id.baz tgraf/netperf
}
function remove_containers {
docker rm -f foo foo bar baz 2> /dev/null || true
}
function restart_cilium {
echo "------ restarting cilium ------"
service cilium restart
echo "------ waiting for cilium agent get up and running ------"
wait_for_cilium_status
}
function cleanup {
gather_files ${TEST_NAME} ${TEST_SUITE}
cilium policy delete --all 2> /dev/null || true
docker rm -f foo foo bar baz 2> /dev/null || true
}
trap cleanup EXIT
cleanup
logs_clear
# Checks that the `cilium identity list "<labels>"` response matches expectations.
#
# The test launches three containers and waits until 3 endpoints are created in Cilium. It then extracts the security ID
# from the `cilium endpoint list` output.
function test_identity_list {
remove_containers
restart_cilium
start_containers
wait_for_endpoints 3
cilium endpoint list
local ID=$(cilium endpoint list | grep id.foo | awk '{print $4}')
# Get expected response and replace all newline chars with a single space.
local response=$(cilium identity list "container:id.foo" | sed ':a;N;$!ba;s/\n/ /g')
echo "Check if endpoint security ID $ID is in response $response"
if ! grep $ID <(echo "${response}"); then
abort "Expected $ID to be found in $response"
fi
}
# Checks that the `cilium identity list --reserved` response matches expectations.
function test_identity_list_reserved {
local response=$(cilium identity list --reserved | sed ':a;N;$!ba;s/\n/ /g' | grep '1 host.*2 world\|2 world.*1 host')
local exit_code=$?
echo "Response is $response"
if [[ 0 != ${exit_code} ]]; then
abort "Expected: 0 exit code; Got: ${exit_code}"
fi
}
cilium identity list
cilium endpoint list
create_cilium_docker_network
test_identity_list
cleanup
logs_clear
test_identity_list_reserved
test_succeeded "${TEST_NAME}"
Computing file changes ...
