rancher/multus-cni
1
0
Fork 0
forked from github/multus-cni
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d4a3ea4fd0b778e08b2493df079b3cf7b77cfa9e
multus-cni/pkg/cni/thick_cni_test.go

243 lines
6.9 KiB
Go
Raw Normal View History

thick-plugin: refactor multus Multus is refactored as a thick plugin, featuring 2 main components: - a server listening to a unix domain socket, running in a pod - a shim, a binary on the host that will send JSON requests built from its environment / stdin values to the aforementioned server. The pod where the multus daemon is running must share the host's PID namespace. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> react to maintainers review Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> thick, deployment: update the daemonset spec Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> thick, config: validate the cni config passed by the runtime Without this patch, we're blindly trusting anything sent by the server. This way, we assure the requests arriving at the multus controller are valid before hand. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> thick: model client / server config Also add a new command line parameter on the multus controller, pointing it to the server configuration. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> SQUASH candidate, thick, config: cleanup the configuration Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> multus: use args.args instead of an env variable CNI is already filling the args structure; we should consume that rather than rely on the environment variables. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> unit tests: remove weird tests that check an impossible scenario Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> docs, thick: document the thick plugin variant Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> thick, server, multus: re-use common types Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
2021-12-16 18:18:35 +01:00
// Copyright (c) 2021 Multus Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
package cni
import (
"context"
"fmt"
"io/ioutil"
"os"
"testing"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/containernetworking/cni/pkg/skel"
"github.com/containernetworking/cni/pkg/version"
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containernetworking/plugins/pkg/testutils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
utilwait "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/kubernetes/fake"
"k8s.io/client-go/tools/record"
netfake "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/client/clientset/versioned/fake"
k8s "gopkg.in/k8snetworkplumbingwg/multus-cni.v3/pkg/k8sclient"
testhelpers "gopkg.in/k8snetworkplumbingwg/multus-cni.v3/pkg/testing"
)
const suiteName = "Thick CNI architecture"
func TestMultusThickCNIArchitecture(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, suiteName)
}
type fakeExec struct{}
// ExecPlugin executes the plugin
func (fe *fakeExec) ExecPlugin(ctx context.Context, pluginPath string, stdinData []byte, environ []string) ([]byte, error) {
return []byte("{}"), nil
}
// FindInPath finds in path
func (fe *fakeExec) FindInPath(plugin string, paths []string) (string, error) {
return "", nil
}
// Decode decodes
func (fe *fakeExec) Decode(jsonBytes []byte) (version.PluginInfo, error) {
return nil, nil
}
var _ = Describe(suiteName, func() {
const thickCNISocketDirPath = "multus-cni-thick-arch-socket-path"
var thickPluginRunDir string
BeforeEach(func() {
var err error
thickPluginRunDir, err = ioutil.TempDir("", thickCNISocketDirPath)
Expect(err).ToNot(HaveOccurred())
})
AfterEach(func() {
Expect(os.RemoveAll(thickPluginRunDir)).To(Succeed())
})
Context("the directory does *not* exist", func() {
It("", func() {
Expect(FilesystemPreRequirements(thickPluginRunDir)).To(Succeed())
})
})
Context("the directory exists beforehand with the correct permissions", func() {
BeforeEach(func() {
Expect(os.MkdirAll(thickPluginRunDir, 0700)).To(Succeed())
})
It("verifies the filesystem requirements of the socket dir", func() {
Expect(FilesystemPreRequirements(thickPluginRunDir)).To(Succeed())
})
})
Context("CNI operations started from the shim", func() {
const (
containerID = "123456789"
ifaceName = "eth0"
podName = "my-little-pod"
)
var (
cniServer *Server
K8sClient *k8s.ClientInfo
netns ns.NetNS
)
BeforeEach(func() {
var err error
K8sClient = fakeK8sClient()
Expect(FilesystemPreRequirements(thickPluginRunDir)).To(Succeed())
cniServer, err = startCNIServer(thickPluginRunDir, K8sClient)
Expect(err).NotTo(HaveOccurred())
netns, err = testutils.NewNS()
Expect(err).NotTo(HaveOccurred())
// the namespace and podUID parameters below are hard-coded in the generation function
Expect(prepareCNIEnv(netns.Path(), "test", podName, "testUID")).To(Succeed())
Expect(createFakePod(K8sClient, podName)).To(Succeed())
})
AfterEach(func() {
Expect(cniServer.Close()).To(Succeed())
Expect(teardownCNIEnv()).To(Succeed())
Expect(K8sClient.Client.CoreV1().Pods("test").Delete(
context.TODO(), podName, metav1.DeleteOptions{}))
})
It("ADD works successfully", func() {
Expect(CmdAdd(cniCmdArgs(containerID, netns.Path(), ifaceName, referenceConfig(thickPluginRunDir)))).To(Succeed())
})
It("DEL works successfully", func() {
Expect(CmdDel(cniCmdArgs(containerID, netns.Path(), ifaceName, referenceConfig(thickPluginRunDir)))).To(Succeed())
})
It("CHECK works successfully", func() {
Expect(CmdCheck(cniCmdArgs(containerID, netns.Path(), ifaceName, referenceConfig(thickPluginRunDir)))).To(Succeed())
})
})
})
func fakeK8sClient() *k8s.ClientInfo {
const magicNumber = 10
return &k8s.ClientInfo{
Client: fake.NewSimpleClientset(),
NetClient: netfake.NewSimpleClientset().K8sCniCncfIoV1(),
EventRecorder: record.NewFakeRecorder(magicNumber),
}
}
func cniCmdArgs(containerID string, netnsPath string, ifName string, stdinData string) *skel.CmdArgs {
return &skel.CmdArgs{
ContainerID: containerID,
Netns: netnsPath,
IfName: ifName,
StdinData: []byte(stdinData)}
}
func prepareCNIEnv(netnsPath string, namespaceName string, podName string, podUID string) error {
cniArgs := fmt.Sprintf("K8S_POD_NAMESPACE=%s;K8S_POD_NAME=%s;K8S_POD_INFRA_CONTAINER_ID=;K8S_POD_UID=%s", namespaceName, podName, podUID)
if err := os.Setenv("CNI_COMMAND", "ADD"); err != nil {
return err
}
if err := os.Setenv("CNI_CONTAINERID", "123456789"); err != nil {
return err
}
if err := os.Setenv("CNI_NETNS", netnsPath); err != nil {
return err
}
if err := os.Setenv("CNI_ARGS", cniArgs); err != nil {
return err
}
return nil
}
func teardownCNIEnv() error {
if err := os.Unsetenv("CNI_COMMAND"); err != nil {
return err
}
if err := os.Unsetenv("CNI_CONTAINERID"); err != nil {
return err
}
if err := os.Unsetenv("CNI_NETNS"); err != nil {
return err
}
if err := os.Unsetenv("CNI_ARGS"); err != nil {
return err
}
return nil
}
func createFakePod(k8sClient *k8s.ClientInfo, podName string) error {
var err error
fakePod := testhelpers.NewFakePod(podName, "", "")
_, err = k8sClient.Client.CoreV1().Pods(fakePod.GetNamespace()).Create(
context.TODO(), fakePod, metav1.CreateOptions{})
return err
}
func startCNIServer(runDir string, k8sClient *k8s.ClientInfo) (*Server, error) {
const period = 0
cniServer, err := newCNIServer(runDir, k8sClient, &fakeExec{})
if err != nil {
return nil, err
}
l, err := ServerListener(SocketPath(runDir))
if err != nil {
return nil, fmt.Errorf("failed to start the CNI server using socket %s. Reason: %+v", SocketPath(runDir), err)
}
cniServer.SetKeepAlivesEnabled(false)
go utilwait.Forever(func() {
if err := cniServer.Serve(l); err != nil {
utilruntime.HandleError(fmt.Errorf("CNI server Serve() failed: %v", err))
}
}, period)
return cniServer, nil
}
func referenceConfig(thickPluginSocketDir string) string {
const referenceConfigTemplate = `{
"name": "node-cni-network",
"type": "multus",
"socketDir": "%s",
"defaultnetworkfile": "/tmp/foo.multus.conf",
"defaultnetworkwaitseconds": 3,
"delegates": [{
"name": "weave1",
"cniVersion": "0.3.1",
"type": "weave-net"
}]}`
return fmt.Sprintf(referenceConfigTemplate, thickPluginSocketDir)
}
Reference in New Issue Copy Permalink