...

Source file src/edge-infra.dev/pkg/sds/remoteaccess/wireguard/store/integration/integration_test.go

Documentation: edge-infra.dev/pkg/sds/remoteaccess/wireguard/store/integration

     1  package integration
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  	"net"
     7  	"os"
     8  	"strings"
     9  	"testing"
    10  	"time"
    11  
    12  	"github.com/stretchr/testify/assert"
    13  	"github.com/stretchr/testify/require"
    14  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    15  
    16  	corev1 "k8s.io/api/core/v1"
    17  
    18  	v1cluster "edge-infra.dev/pkg/edge/apis/cluster/v1alpha1"
    19  	"edge-infra.dev/pkg/sds/remoteaccess/constants"
    20  	v1vpnconfig "edge-infra.dev/pkg/sds/remoteaccess/k8s/apis/vpnconfigs/v1"
    21  	s "edge-infra.dev/pkg/sds/remoteaccess/wireguard/store"
    22  	"edge-infra.dev/test/f2"
    23  	"edge-infra.dev/test/f2/x/ktest"
    24  )
    25  
    26  var f f2.Framework
    27  
    28  var (
    29  	projectID     = "ret-edge-b79we3ikmc7j9mihuwst2"
    30  	testPublicKey = "wbWuHrJEPC2Ui7XVQoWuM/8HZAG1FlLC/08L2vvEEgw="
    31  
    32  	isEnabled = true
    33  
    34  	inSubnetIPAddress = "172.16.16.12"
    35  
    36  	clusterAName = "cluster-a"
    37  	testClusterA = createCluster(clusterAName)
    38  
    39  	testVPNConfig = createVPNConfig(clusterAName, inSubnetIPAddress, isEnabled)
    40  
    41  	expectedStoreSecretInterfaceLines = []string{
    42  		"[Interface]",
    43  	}
    44  	expectedStoreSecretPeerLines = []string{
    45  		"",
    46  		"[Peer]",
    47  	}
    48  
    49  	vpnNamespace = &corev1.Namespace{
    50  		ObjectMeta: metav1.ObjectMeta{
    51  			Name: constants.VPNNamespace,
    52  		},
    53  	}
    54  )
    55  
    56  func TestMain(m *testing.M) {
    57  	f = f2.New(context.Background(),
    58  		f2.WithExtensions(
    59  			ktest.New(),
    60  		)).
    61  		Setup(func(ctx f2.Context) (f2.Context, error) {
    62  			k, err := ktest.FromContext(ctx)
    63  			if err != nil {
    64  				return ctx, err
    65  			}
    66  			// Override timeouts if we aren't using a live cluster
    67  			if !*k.Env.UseExistingCluster {
    68  				k.Timeout = 5 * time.Second
    69  				k.Tick = 10 * time.Millisecond
    70  			}
    71  			return ctx, nil
    72  		}).Teardown()
    73  	os.Exit(f.Run(m))
    74  }
    75  
    76  func TestStoreWireguard(t *testing.T) {
    77  	var (
    78  		store    *s.Store
    79  		subnet   *net.IPNet
    80  		clientIP net.IP
    81  		relayIP  net.IP
    82  	)
    83  	feature := f2.NewFeature("StoreWireguard").
    84  		Setup("create wireguard instances", func(ctx f2.Context, t *testing.T) f2.Context {
    85  			var err error
    86  			k := ktest.FromContextT(ctx, t)
    87  			require.NoError(t, k.Client.Create(ctx, vpnNamespace.DeepCopy()))
    88  
    89  			store, err = s.Get(ctx, k.Client, testVPNConfig.DeepCopy(), testClusterA)
    90  			require.NoError(t, err)
    91  
    92  			storeIP := net.ParseIP("172.16.16.120")
    93  			require.NoError(t, store.UpdateIPAddress(ctx, k.Client, constants.StoreName, clusterAName, storeIP))
    94  			return ctx
    95  		}).
    96  		Setup("create subnet and client IP", func(ctx f2.Context, t *testing.T) f2.Context {
    97  			var err error
    98  			_, subnet, err = net.ParseCIDR("172.16.16.0/28")
    99  			require.NoError(t, err)
   100  
   101  			clientIP = net.ParseIP("172.16.16.1")
   102  
   103  			relayIP = net.ParseIP("34.148.150.151")
   104  			return ctx
   105  		}).
   106  		Test("store secret contains expected data", func(ctx f2.Context, t *testing.T) f2.Context {
   107  			secretData := store.GenerateConfigurationSecretData(subnet, clientIP, relayIP, testPublicKey)
   108  			secretLines := strings.Split(string(secretData), "\n")
   109  
   110  			// assert expected lines appear in interface and peer sections
   111  			assert.Equal(t, expectedStoreSecretInterfaceLines, secretLines[:1])
   112  			assert.Equal(t, expectedStoreSecretPeerLines, secretLines[4:6])
   113  
   114  			// check store interface address is set
   115  			expectedInterfaceLine := fmt.Sprintf("Address = %s/28", store.GetIPAddress())
   116  			assert.Equal(t, expectedInterfaceLine, secretLines[2])
   117  
   118  			// check store interface MTU is set
   119  			expectedMTULine := fmt.Sprintf("MTU = %s", constants.MTU)
   120  			assert.Equal(t, expectedMTULine, secretLines[3])
   121  
   122  			// check endpoint is set in peer config
   123  			expectedEndpointLine := fmt.Sprintf("Endpoint = %s:51820", relayIP)
   124  			assert.Equal(t, expectedEndpointLine, secretLines[7])
   125  
   126  			// check relay public key is set in peer config
   127  			expectedRelayPublicKeyLine := fmt.Sprintf("PublicKey = %s", testPublicKey)
   128  			assert.Equal(t, expectedRelayPublicKeyLine, secretLines[8])
   129  
   130  			// check client ip address is set in peer config
   131  			expectedStoreAllowedIPsLine := fmt.Sprintf("AllowedIPs = %s/32", clientIP)
   132  			assert.Equal(t, expectedStoreAllowedIPsLine, secretLines[9])
   133  			return ctx
   134  		}).Feature()
   135  
   136  	f.Test(t, feature)
   137  }
   138  
   139  func createCluster(name string) *v1cluster.Cluster {
   140  	return &v1cluster.Cluster{
   141  		ObjectMeta: metav1.ObjectMeta{Name: name},
   142  		Spec: v1cluster.ClusterSpec{
   143  			Banner:       "dev0-zynstra",
   144  			Fleet:        "store",
   145  			Location:     "us-east1-c",
   146  			Name:         "4c4d-30-05-22",
   147  			Organization: "edge-dev0-retail-gmi062",
   148  			ProjectID:    projectID,
   149  			Type:         "sds",
   150  		},
   151  	}
   152  }
   153  
   154  func createVPNConfig(name, ip string, enabled bool) *v1vpnconfig.VPNConfig {
   155  	return &v1vpnconfig.VPNConfig{
   156  		TypeMeta:   metav1.TypeMeta{Kind: "VPNConfig", APIVersion: "remoteaccess.edge.ncr.com"},
   157  		ObjectMeta: metav1.ObjectMeta{Namespace: constants.VPNNamespace, Name: name, UID: "1234"},
   158  		Spec: v1vpnconfig.VPNConfigSpec{
   159  			Enabled: enabled,
   160  		},
   161  		Status: &v1vpnconfig.VPNConfigStatus{
   162  			IP: ip,
   163  		},
   164  	}
   165  }
   166  

View as plain text