def test_reporting_interval_not_int(self):
"""
Test exception is raised if status reporting interval is invalid.
"""
cfg_dict = {"InterfacePrefix": "blah", "ReportingIntervalSecs": "NaN"}
with self.assertRaisesRegexp(ConfigException, "Field was not integer.*"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_bad_log_level(self):
for field in ("LogSeverityFile", "LogSeverityScreen", "LogSeveritySys"):
cfg_dict = { "LogInterfacePrefix": "blah",
field: "bloop" }
with self.assertRaisesRegexp(ConfigException,
"Invalid log level.*%s" % field):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_blank_metadata_addr(self):
cfg_dict = { "InterfacePrefix": "blah",
"MetadataAddr": "",
"MetadataPort": "123" }
with self.assertRaisesRegexp(ConfigException,
"Blank value.*MetadataAddr"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_ip_in_ip_enabled_bad(self):
cfg_dict = { "InterfacePrefix": "blah",
"IpInIpEnabled": "blah" }
with self.assertRaisesRegexp(ConfigException,
"Field was not a valid Boolean"
".*IpInIpEnabled"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_metadata_port_not_int(self):
cfg_dict = { "InterfacePrefix": "blah",
"MetadataAddr": "127.0.0.1",
"MetadataPort": "bloop" }
with self.assertRaisesRegexp(ConfigException,
"Field was not integer.*MetadataPort"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_bad_metadata_addr(self):
cfg_dict = { "InterfacePrefix": "blah",
"MetadataAddr": "bloop",
"MetadataPort": "123" }
with self.assertRaisesRegexp(ConfigException,
"Invalid or unresolvable.*MetadataAddr"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
self.m_gethostbyname.assert_has_calls([mock.call("bloop")])
def test_metadata_port_not_int(self):
cfg_dict = { "InterfacePrefix": "blah",
"MetadataAddr": "127.0.0.1",
"MetadataPort": "bloop" }
with self.assertRaisesRegexp(ConfigException,
"Field was not integer.*MetadataPort"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_bad_metadata_addr(self):
cfg_dict = { "InterfacePrefix": "blah",
"MetadataAddr": "bloop",
"MetadataPort": "123" }
with self.assertRaisesRegexp(ConfigException,
"Invalid or unresolvable.*MetadataAddr"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
self.m_gethostbyname.assert_has_calls([mock.call("bloop")])
def test_reporting_interval_not_int(self):
"""
Test exception is raised if status reporting interval is invalid.
"""
cfg_dict = {"InterfacePrefix": "blah", "ReportingIntervalSecs": "NaN"}
with self.assertRaisesRegexp(ConfigException,
"Field was not integer.*"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_blank_metadata_addr(self):
cfg_dict = {
"InterfacePrefix": "blah",
"MetadataAddr": "",
"MetadataPort": "123"
}
with self.assertRaisesRegexp(ConfigException,
"Blank value.*MetadataAddr"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_metadata_port_not_valid_1(self):
for i in (0, -1, 99999):
log.debug("Test invalid metadata port %d", i)
cfg_dict = { "InterfacePrefix": "blah",
"MetadataAddr": "127.0.0.1",
"MetadataPort": i }
with self.assertRaisesRegexp(ConfigException,
"Invalid field value.*MetadataPort"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_metadata_port_not_valid_1(self):
for i in (0, -1, 99999):
log.debug("Test invalid metadata port %d", i)
cfg_dict = { "InterfacePrefix": "blah",
"MetadataAddr": "127.0.0.1",
"MetadataPort": i }
with self.assertRaisesRegexp(ConfigException,
"Invalid field value.*MetadataPort"):
load_config("felix_missing.cfg", host_dict=cfg_dict)
def test_interface_prefix(self):
cfg_dict = {"InterfacePrefix": "foo"}
config = load_config("felix_interface_prefix.cfg",
host_dict=cfg_dict)
self.assertEqual(config.IFACE_PREFIX, ['foo'])
cfg_dict = {"InterfacePrefix": "foo,bar"}
config = load_config("felix_interface_prefix.cfg",
host_dict=cfg_dict)
self.assertEqual(config.IFACE_PREFIX, ['foo', 'bar'])
def test_no_logfile(self):
# Logging to file can be excluded by explicitly saying "none" -
# but if in etcd config the file is still created.
cfg_dict = {"InterfacePrefix": "blah", "LogFilePath": "None"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.LOGFILE, None)
cfg_dict = {"InterfacePrefix": "blah"}
config = load_config("felix_nolog.cfg", host_dict=cfg_dict)
self.assertEqual(config.LOGFILE, None)
self.assertEqual(config.DRIVERLOGFILE, None)
def test_no_logfile(self):
# Logging to file can be excluded by explicitly saying "none" -
# but if in etcd config the file is still created.
cfg_dict = {"InterfacePrefix": "blah", "LogFilePath": "None"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.LOGFILE, None)
cfg_dict = {"InterfacePrefix": "blah"}
config = load_config("felix_nolog.cfg", host_dict=cfg_dict)
self.assertEqual(config.LOGFILE, None)
self.assertEqual(config.DRIVERLOGFILE, None)
def setUp(self):
super(TestRulesManager, self).setUp()
self.config = load_config("felix_default.cfg")
self.m_updater = Mock(spec=IptablesUpdater)
self.m_ipset_mgr = Mock(spec=IpsetManager)
self.mgr = RulesManager(self.config, 4, self.m_updater,
self.m_ipset_mgr)
def test_applying_metadata(self):
"""
Tests that a snapshot with metadata works OK.
"""
self.config = load_config("felix_default.cfg", global_dict={
"MetadataPort": "8775",
"MetadataAddr": "127.0.0.1"})
d = self.dispatch_chain()
ifaces = {'tapabcdef', 'tap123456', 'tapb7d849'}
d.apply_snapshot(ifaces, async=True)
self.step_actor(d)
from_updates = [
'--append felix-FROM-ENDPOINT --in-interface tapabcdef --goto felix-from-abcdef',
'--append felix-FROM-ENDPOINT --in-interface tap123456 --goto felix-from-123456',
'--append felix-FROM-ENDPOINT --in-interface tapb7d849 --goto felix-from-b7d849',
'--append felix-FROM-ENDPOINT --jump DROP -m comment '
'--comment "From unknown endpoint"',
]
to_updates = [
'--append felix-TO-ENDPOINT --out-interface tapabcdef --goto felix-to-abcdef',
'--append felix-TO-ENDPOINT --out-interface tap123456 --goto felix-to-123456',
'--append felix-TO-ENDPOINT --out-interface tapb7d849 --goto felix-to-b7d849',
'--append felix-TO-ENDPOINT --jump DROP -m comment --comment "To unknown endpoint"',
]
from_chain_names = set(['felix-from-abcdef', 'felix-from-123456', 'felix-from-b7d849'])
to_chain_names = set(['felix-to-abcdef', 'felix-to-123456', 'felix-to-b7d849'])
args = self.iptables_updater.rewrite_chains.call_args
self.assert_iptables_update(
args, to_updates, from_updates, to_chain_names,
from_chain_names
)
def test_applying_metadata(self):
"""
Tests that a snapshot with metadata works OK.
"""
self.config = load_config("felix_default.cfg", global_dict={
"MetadataPort": "8775",
"MetadataAddr": "127.0.0.1"})
d = self.getDispatchChain()
ifaces = ['tapabcdef', 'tap123456', 'tapb7d849']
d.apply_snapshot(ifaces, async=True)
self.step_actor(d)
from_updates = [
'--append felix-FROM-ENDPOINT --in-interface tapabcdef --goto felix-from-abcdef',
'--append felix-FROM-ENDPOINT --in-interface tap123456 --goto felix-from-123456',
'--append felix-FROM-ENDPOINT --in-interface tapb7d849 --goto felix-from-b7d849',
'--append felix-FROM-ENDPOINT --jump DROP -m comment '
'--comment "From unknown endpoint"',
]
to_updates = [
'--append felix-TO-ENDPOINT --out-interface tapabcdef --goto felix-to-abcdef',
'--append felix-TO-ENDPOINT --out-interface tap123456 --goto felix-to-123456',
'--append felix-TO-ENDPOINT --out-interface tapb7d849 --goto felix-to-b7d849',
'--append felix-TO-ENDPOINT --jump DROP -m comment --comment "To unknown endpoint"',
]
from_chain_names = set(['felix-from-abcdef', 'felix-from-123456', 'felix-from-b7d849'])
to_chain_names = set(['felix-to-abcdef', 'felix-to-123456', 'felix-to-b7d849'])
args = self.iptables_updater.rewrite_chains.call_args
self.assert_iptables_update(
args, to_updates, from_updates, to_chain_names,
from_chain_names
)
def test_drop_valid(self):
for value in ("DROP", "LOG-and-DROP", "ACCEPT", "LOG-and-ACCEPT"):
cfg_dict = {
"DropActionOverride": value,
}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.ACTION_ON_DROP, value)
def test_etcd_endpoints_inconsistent_protocols(self):
env_dict = {
"FELIX_ETCDENDPOINTS": "https://a:1, http://b:2,http://c:3 "
}
with self.assertRaisesRegexp(
ConfigException, "Inconsistent protocols in EtcdEndpoints"):
conf = load_config("felix_default.cfg", env_dict=env_dict)
def test_bad_plugin_name(self):
env_dict = {"FELIX_IPTABLESGENERATORPLUGIN": "unknown"}
with self.assertRaisesRegexp(ImportError,
'No plugin called "unknown" has been '
'registered for entrypoint '
'"calico.felix.iptables_generator".'):
config = load_config("felix_default.cfg", env_dict=env_dict)
def test_bad_plugin_name(self):
env_dict = {"FELIX_IPTABLESGENERATORPLUGIN": "unknown"}
with self.assertRaisesRegexp(
ImportError, 'No plugin called "unknown" has been '
'registered for entrypoint '
'"calico.felix.iptables_generator".'):
config = load_config("felix_default.cfg", env_dict=env_dict)
def test_build_input_chain_return(self):
host_dict = {"MetadataAddr": "123.0.0.1", "MetadataPort": "1234", "DefaultEndpointToHostAction": "RETURN"}
config = load_config("felix_default.cfg", host_dict=host_dict)
chain, deps = config.plugins["iptables_generator"].filter_input_chain(ip_version=6)
self.assertEqual(chain, INPUT_CHAINS["Return"])
self.assertEqual(deps, set(["felix-FROM-ENDPOINT"]))
def setUp(self):
super(TestRules, self).setUp()
host_dict = {"MetadataAddr": "123.0.0.1", "MetadataPort": "1234", "DefaultEndpointToHostAction": "DROP"}
self.config = load_config("felix_default.cfg", host_dict=host_dict)
self.iptables_generator = self.config.plugins["iptables_generator"]
self.m_iptables_updater = Mock(spec=IptablesUpdater)
def test_default_config(self):
"""
Test various ways of defaulting config.
"""
files = [
"felix_missing.cfg", # does not exist
"felix_empty.cfg", # empty file
"felix_empty_section.cfg", # file with empty section
"felix_extra.cfg", # extra config is just logged
]
for filename in files:
host_dict = {"InterfacePrefix": "blah", "MetadataPort": 123}
global_dict = {
"InterfacePrefix": "overridden",
"MetadataAddr": "1.2.3.4"
}
config = load_config(filename,
host_dict=host_dict,
global_dict=global_dict)
# Test defaulting.
self.assertEqual(config.ETCD_ADDR, "localhost:4001")
self.assertEqual(config.ETCD_SCHEME, "http")
self.assertEqual(config.ETCD_KEY_FILE, None)
self.assertEqual(config.ETCD_CERT_FILE, None)
self.assertEqual(config.ETCD_CA_FILE, None)
self.assertEqual(config.HOSTNAME, socket.gethostname())
self.assertEqual(config.IFACE_PREFIX, "blah")
self.assertEqual(config.METADATA_PORT, 123)
self.assertEqual(config.METADATA_IP, "1.2.3.4")
self.assertEqual(config.REPORTING_INTERVAL_SECS, 30)
self.assertEqual(config.REPORTING_TTL_SECS, 90)
def test_main_greenlet(self, m_iwait, m_MasqueradeManager,
m_IptablesUpdater, m_UpdateSplitter,
m_start, m_load,
m_ipset_4, m_check_call, m_iface_exists,
m_iface_up, m_configure_global_kernel_config,
m_list_interface_ips, m_path_exists, m_conntrack):
m_IptablesUpdater.return_value.greenlet = mock.Mock()
m_MasqueradeManager.return_value.greenlet = mock.Mock()
m_UpdateSplitter.return_value.greenlet = mock.Mock()
m_list_interface_ips.return_value = set()
env_dict = {
"FELIX_ETCDADDR": "localhost:4001",
"FELIX_ETCDSCHEME": "http",
"FELIX_ETCDKEYFILE": "none",
"FELIX_ETCDCERTFILE": "none",
"FELIX_ETCDCAFILE": "none",
"FELIX_FELIXHOSTNAME": "myhost",
"FELIX_INTERFACEPREFIX": "tap",
"FELIX_METADATAIP": "10.0.0.1",
"FELIX_METADATAPORT": "1234",
"FELIX_IPINIPENABLED": "True",
"FELIX_IPINIPMTU": "1480",
"FELIX_DEFAULTINPUTCHAINACTION": "RETURN"
}
config = load_config("felix_missing.cfg", env_dict=env_dict)
with gevent.Timeout(5):
self.assertRaises(TestException,
felix._main_greenlet, config)
m_load.assert_called_once_with(async=False)
m_iface_exists.assert_called_once_with("tunl0")
m_iface_up.assert_called_once_with("tunl0")
m_configure_global_kernel_config.assert_called_once_with()
m_conntrack.assert_called_once_with()
def test_main_greenlet(self, m_iwait, m_MasqueradeManager,
m_IptablesUpdater, m_UpdateSplitter, m_start,
m_load, m_ipset_4, m_check_call, m_iface_exists,
m_iface_up, m_configure_global_kernel_config,
m_list_interface_ips):
m_IptablesUpdater.return_value.greenlet = mock.Mock()
m_MasqueradeManager.return_value.greenlet = mock.Mock()
m_UpdateSplitter.return_value.greenlet = mock.Mock()
m_list_interface_ips.return_value = set()
env_dict = {
"FELIX_ETCDADDR": "localhost:4001",
"FELIX_ETCDSCHEME": "http",
"FELIX_ETCDKEYFILE": "none",
"FELIX_ETCDCERTFILE": "none",
"FELIX_ETCDCAFILE": "none",
"FELIX_FELIXHOSTNAME": "myhost",
"FELIX_INTERFACEPREFIX": "tap",
"FELIX_METADATAIP": "10.0.0.1",
"FELIX_METADATAPORT": "1234",
"FELIX_IPINIPENABLED": "True",
"FELIX_IPINIPMTU": "1480",
"FELIX_DEFAULTINPUTCHAINACTION": "RETURN"
}
config = load_config("felix_missing.cfg", env_dict=env_dict)
with gevent.Timeout(5):
self.assertRaises(TestException, felix._main_greenlet, config)
m_load.assert_called_once_with(async=False)
m_iface_exists.assert_called_once_with("tunl0")
m_iface_up.assert_called_once_with("tunl0")
m_configure_global_kernel_config.assert_called_once_with()
def test_default_config(self):
"""
Test various ways of defaulting config.
"""
files = [ "felix_missing.cfg", # does not exist
"felix_empty.cfg", # empty file
"felix_empty_section.cfg", # file with empty section
"felix_extra.cfg", # extra config is just logged
]
for filename in files:
host_dict = { "InterfacePrefix": "blah",
"MetadataPort": 123 }
global_dict = { "InterfacePrefix": "overridden",
"MetadataAddr": "1.2.3.4" }
config = load_config(filename,
host_dict=host_dict,
global_dict=global_dict)
# Test defaulting.
self.assertEqual(config.ETCD_ADDR, "localhost:4001")
self.assertEqual(config.ETCD_SCHEME, "http")
self.assertEqual(config.ETCD_KEY_FILE, None)
self.assertEqual(config.ETCD_CERT_FILE, None)
self.assertEqual(config.ETCD_CA_FILE, None)
self.assertEqual(config.HOSTNAME, socket.gethostname())
self.assertEqual(config.IFACE_PREFIX, "blah")
self.assertEqual(config.METADATA_PORT, 123)
self.assertEqual(config.METADATA_IP, "1.2.3.4")
self.assertEqual(config.REPORTING_INTERVAL_SECS, 30)
self.assertEqual(config.REPORTING_TTL_SECS, 90)
def test_prometheus_port_defaults(self):
cfg_dict = {"InterfacePrefix": "blah"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.PROM_METRICS_PORT, 9091)
self.assertEqual(config.PROM_METRICS_DRIVER_PORT, 9092)
self.assertEqual(config.PROM_METRICS_ENABLED, False)
def test_prometheus_port_defaults(self):
cfg_dict = {"InterfacePrefix": "blah"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.PROM_METRICS_PORT, 9091)
self.assertEqual(config.PROM_METRICS_DRIVER_PORT, 9092)
self.assertEqual(config.PROM_METRICS_ENABLED, False)
def test_failsafe_ports_empty(self):
cfg_dict = {
"FailsafeInboundHostPorts": "",
"FailsafeOutboundHostPorts": "400,500",
}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.FAILSAFE_INBOUND_PORTS, [])
self.assertEqual(config.FAILSAFE_OUTBOUND_PORTS, [400, 500])
def test_host_if_poll_defaulted(self):
"""
Test that the poll interval is defaulted if out-of-range
"""
cfg_dict = {"InterfacePrefix": "blah", "HostInterfacePollInterval": "-1"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.HOST_IF_POLL_INTERVAL_SECS, 10)
def test_failsafe_ports_empty(self):
cfg_dict = {
"FailsafeInboundHostPorts": "",
"FailsafeOutboundHostPorts": "400,500",
}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.FAILSAFE_INBOUND_PORTS, [])
self.assertEqual(config.FAILSAFE_OUTBOUND_PORTS, [400, 500])
def test_negative_reporting_interval(self):
"""
Test that status reporting is disabled if interval time is negative.
"""
cfg_dict = {"InterfacePrefix": "blah", "ReportingIntervalSecs": -42, "ReportingTTLSecs": 7}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.REPORTING_INTERVAL_SECS, 0)
self.assertEqual(config.REPORTING_TTL_SECS, 0)
def test_reporting_float(self):
"""
Test that float reporting interval and ttl values are rounded down to integer.
"""
cfg_dict = {"InterfacePrefix": "blah", "ReportingIntervalSecs": 21.75, "ReportingTTLSecs": 63.248}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.REPORTING_INTERVAL_SECS, 21)
self.assertEqual(config.REPORTING_TTL_SECS, 63)
def test_valid_interval_and_ttl(self):
"""
Test valid reporting parameters are not changed.
"""
cfg_dict = {"InterfacePrefix": "blah", "ReportingIntervalSecs": 42, "ReportingTTLSecs": 47}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.REPORTING_INTERVAL_SECS, 42)
self.assertEqual(config.REPORTING_TTL_SECS, 47)
def test_default_ttl(self):
"""
Test that ttl is defaulted to at least 2.5 times the reporting
interval.
"""
cfg_dict = {"InterfacePrefix": "blah", "ReportingIntervalSecs": "21", "ReportingTTLSecs": "21"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.REPORTING_TTL_SECS, 52)
def setUp(self):
super(TestLocalEndpoint, self).setUp()
self.config = load_config("felix_default.cfg", global_dict={
"EndpointReportingEnabled": "False"})
self.m_iptables_updater = Mock(spec=IptablesUpdater)
self.m_dispatch_chains = Mock(spec=DispatchChains)
self.m_rules_mgr = Mock(spec=RulesManager)
self.m_manager = Mock(spec=EndpointManager)
self.m_status_rep = Mock(spec=EtcdStatusReporter)
def test_host_if_poll_defaulted(self):
"""
Test that the poll interval is defaulted if out-of-range
"""
cfg_dict = {"InterfacePrefix": "blah",
"HostInterfacePollInterval": "-1"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.HOST_IF_POLL_INTERVAL_SECS, 10)
def test_etcd_endpoints(self):
env_dict = {
"FELIX_ETCDENDPOINTS":
"http://localhost:1, http://localhost:2,http://localhost:3 "
}
conf = load_config("felix_default.cfg", env_dict=env_dict)
self.assertEqual(conf.ETCD_ADDRS,
["localhost:1", "localhost:2", "localhost:3"])
self.assertEqual(conf.ETCD_SCHEME, "http")
def test_reporting_interval_and_ttl_zero(self):
"""
Test that zero reporting interval and ttl are passed correctly.
"""
config = load_config
cfg_dict = {"InterfacePrefix": "blah", "ReportingIntervalSecs": 0, "ReportingTTLSecs": 0}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.REPORTING_INTERVAL_SECS, 0)
self.assertEqual(config.REPORTING_TTL_SECS, 0)
def test_hex_mark(self):
"""
Test that the IptablesMarkMask accepts hexadecimal values.
"""
cfg_dict = {"InterfacePrefix": "blah", "IptablesMarkMask": "0x60"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.IPTABLES_MARK_MASK, 0x00000060)
self.assertEqual(config.IPTABLES_MARK_ACCEPT, "0x20")
self.assertEqual(config.IPTABLES_MARK_NEXT_TIER, "0x40")
def test_too_many_mark_bits(self):
"""
Test that the mark masks are defaulted when the option is out of range.
"""
cfg_dict = {"InterfacePrefix": "blah", "IptablesMarkMask": "9876543210"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.IPTABLES_MARK_MASK, 0xFF000000)
self.assertEqual(config.IPTABLES_MARK_ACCEPT, "0x1000000")
self.assertEqual(config.IPTABLES_MARK_NEXT_TIER, "0x2000000")
def test_prometheus_port_invalid(self):
cfg_dict = {"InterfacePrefix": "blah",
"PrometheusMetricsEnabled": False,
"PrometheusMetricsPort": -1,
"EtcdDriverPrometheusMetricsPort": 65536}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.PROM_METRICS_PORT, 9091)
self.assertEqual(config.PROM_METRICS_DRIVER_PORT, 9092)
self.assertEqual(config.PROM_METRICS_ENABLED, False)
def test_prometheus_port_valid(self):
cfg_dict = {"InterfacePrefix": "blah",
"PrometheusMetricsEnabled": True,
"PrometheusMetricsPort": 9123,
"EtcdDriverPrometheusMetricsPort": 9124}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.PROM_METRICS_PORT, 9123)
self.assertEqual(config.PROM_METRICS_DRIVER_PORT, 9124)
self.assertEqual(config.PROM_METRICS_ENABLED, True)
def test_no_metadata(self):
# Metadata can be excluded by explicitly saying "none"
cfg_dict = {"InterfacePrefix": "blah", "MetadataAddr": "NoNe", "MetadataPort": 123}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
# Test defaulting.
self.assertEqual(config.METADATA_IP, None)
self.assertEqual(config.METADATA_PORT, None)
def test_prometheus_port_valid(self):
cfg_dict = {"InterfacePrefix": "blah",
"PrometheusMetricsEnabled": True,
"PrometheusMetricsPort": 9123,
"EtcdDriverPrometheusMetricsPort": 9124}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.PROM_METRICS_PORT, 9123)
self.assertEqual(config.PROM_METRICS_DRIVER_PORT, 9124)
self.assertEqual(config.PROM_METRICS_ENABLED, True)
def test_prometheus_port_invalid(self):
cfg_dict = {"InterfacePrefix": "blah",
"PrometheusMetricsEnabled": False,
"PrometheusMetricsPort": -1,
"EtcdDriverPrometheusMetricsPort": 65536}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.PROM_METRICS_PORT, 9091)
self.assertEqual(config.PROM_METRICS_DRIVER_PORT, 9092)
self.assertEqual(config.PROM_METRICS_ENABLED, False)
def test_hex_mark(self):
"""
Test that the IptablesMarkMask accepts hexadecimal values.
"""
cfg_dict = {"InterfacePrefix": "blah", "IptablesMarkMask": "0x60"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.IPTABLES_MARK_MASK, 0x00000060)
self.assertEqual(config.IPTABLES_MARK_ACCEPT, "0x20")
self.assertEqual(config.IPTABLES_MARK_NEXT_TIER, "0x40")
def setUp(self):
super(TestLocalEndpoint, self).setUp()
self.config = load_config(
"felix_default.cfg",
global_dict={"EndpointReportingEnabled": "False"})
self.m_iptables_updater = Mock(spec=IptablesUpdater)
self.m_dispatch_chains = Mock(spec=DispatchChains)
self.m_rules_mgr = Mock(spec=RulesManager)
self.m_manager = Mock(spec=EndpointManager)
self.m_status_rep = Mock(spec=EtcdStatusReporter)
def setUp(self):
super(TestIptablesUpdater, self).setUp()
self.stub = IptablesStub("filter")
env_dict = {"FELIX_REFRESHINTERVAL": "0"}
self.config = load_config("felix_default.cfg", env_dict=env_dict)
self.ipt = IptablesUpdater("filter", self.config, 4)
self.ipt._execute_iptables = self.stub.apply_iptables_restore
self.check_output_patch = patch("gevent.subprocess.check_output", autospec=True)
self.m_check_output = self.check_output_patch.start()
self.m_check_output.side_effect = self.fake_check_output
def test_too_many_mark_bits(self):
"""
Test that the mark masks are defaulted when the option is out of range.
"""
cfg_dict = { "InterfacePrefix": "blah",
"IptablesMarkMask": "9876543210" }
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.IPTABLES_MARK_MASK, 0xff000000)
self.assertEqual(config.IPTABLES_MARK_ACCEPT, "0x1000000")
self.assertEqual(config.IPTABLES_MARK_NEXT_TIER, "0x2000000")
def test_forward_chain_multiple_prefixes(self):
host_dict = {
"InterfacePrefix": "tap,cali",
}
config = load_config("felix_empty.cfg", host_dict=host_dict)
generator = config.plugins["iptables_generator"]
chain, deps = generator.filter_forward_chain(ip_version=4)
self.maxDiff = None
self.assertEqual(chain, TAP_CALI_FORWARD_CHAIN)
self.assertEqual(deps,
set(["felix-FROM-ENDPOINT", "felix-TO-ENDPOINT"]))
def setUp(self):
super(TestRules, self).setUp()
host_dict = {
"MetadataAddr": "123.0.0.1",
"MetadataPort": "1234",
"DefaultEndpointToHostAction": "DROP"
}
self.config = load_config("felix_default.cfg", host_dict=host_dict)
self.iptables_generator = self.config.plugins["iptables_generator"]
self.m_iptables_updater = Mock(spec=IptablesUpdater)
def setUp(self):
super(TestIptablesUpdater, self).setUp()
self.stub = IptablesStub("filter")
env_dict = {"FELIX_REFRESHINTERVAL": "0"}
self.config = load_config("felix_default.cfg", env_dict=env_dict)
self.ipt = IptablesUpdater("filter", self.config, 4)
self.ipt._execute_iptables = self.stub.apply_iptables_restore
self.check_output_patch = patch("gevent.subprocess.check_output",
autospec=True)
self.m_check_output = self.check_output_patch.start()
self.m_check_output.side_effect = self.fake_check_output
def test_reporting_float(self):
"""
Test that float reporting interval and ttl values are rounded down to integer.
"""
cfg_dict = { "InterfacePrefix": "blah",
"ReportingIntervalSecs": 21.75,
"ReportingTTLSecs": 63.248}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.REPORTING_INTERVAL_SECS, 21)
self.assertEqual(config.REPORTING_TTL_SECS, 63)
def test_insufficient_mark_bits(self):
"""
Test that the mark masks are defaulted when there are insufficient
bits.
"""
cfg_dict = {"InterfacePrefix": "blah", "IptablesMarkMask": "0"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.IPTABLES_MARK_MASK, 0xFF000000)
self.assertEqual(config.IPTABLES_MARK_ACCEPT, "0x1000000")
self.assertEqual(config.IPTABLES_MARK_NEXT_TIER, "0x2000000")
def test_insufficient_mark_bits(self):
"""
Test that the mark masks are defaulted when there are insufficient
bits.
"""
cfg_dict = {"InterfacePrefix": "blah", "IptablesMarkMask": "0"}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.IPTABLES_MARK_MASK, 0xff000000)
self.assertEqual(config.IPTABLES_MARK_ACCEPT, "0x1000000")
self.assertEqual(config.IPTABLES_MARK_NEXT_TIER, "0x2000000")
def test_negative_reporting_interval(self):
"""
Test that status reporting is disabled if interval time is negative.
"""
cfg_dict = { "InterfacePrefix": "blah",
"ReportingIntervalSecs": -42,
"ReportingTTLSecs": 7 }
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.REPORTING_INTERVAL_SECS, 0)
self.assertEqual(config.REPORTING_TTL_SECS, 0)
def test_valid_interval_and_ttl(self):
"""
Test valid reporting parameters are not changed.
"""
cfg_dict = { "InterfacePrefix": "blah",
"ReportingIntervalSecs": 42,
"ReportingTTLSecs": 47}
config = load_config("felix_missing.cfg", host_dict=cfg_dict)
self.assertEqual(config.REPORTING_INTERVAL_SECS, 42)
self.assertEqual(config.REPORTING_TTL_SECS, 47)
