def setUp(self): super().setUp() # Traffic Director Configuration self.td = traffic_director.TrafficDirectorManager( self.gcp_api_manager, project=self.project, resource_prefix=self.namespace, network=self.network) # Test Server Runner self.server_runner = server_app.KubernetesServerRunner( k8s.KubernetesNamespace(self.k8s_api_manager, self.server_namespace), deployment_name=self.server_name, image_name=self.server_image, gcp_service_account=self.gcp_service_account, td_bootstrap_image=self.td_bootstrap_image, xds_server_uri=self.xds_server_uri, network=self.network) # Test Client Runner self.client_runner = client_app.KubernetesClientRunner( k8s.KubernetesNamespace(self.k8s_api_manager, self.client_namespace), deployment_name=self.client_name, image_name=self.client_image, gcp_service_account=self.gcp_service_account, td_bootstrap_image=self.td_bootstrap_image, xds_server_uri=self.xds_server_uri, network=self.network, debug_use_port_forwarding=self.debug_use_port_forwarding, stats_port=self.client_port, reuse_namespace=self.server_namespace == self.client_namespace)
def cleanup_td_for_gke(project, network, resource_prefix, resource_suffix): gcp_api_manager = gcp.api.GcpApiManager() plain_td = traffic_director.TrafficDirectorManager( gcp_api_manager, project=project, network=network, resource_prefix=resource_prefix, resource_suffix=resource_suffix) security_td = traffic_director.TrafficDirectorSecureManager( gcp_api_manager, project=project, network=network, resource_prefix=resource_prefix, resource_suffix=resource_suffix) # TODO: cleanup appnet resources. # appnet_td = traffic_director.TrafficDirectorAppNetManager( # gcp_api_manager, # project=project, # network=network, # resource_prefix=resource_prefix, # resource_suffix=resource_suffix) logger.info( '----- Removing traffic director for gke, prefix %s, suffix %s', resource_prefix, resource_suffix) security_td.cleanup(force=True) # appnet_td.cleanup(force=True) plain_td.cleanup(force=True)
def __init__(self, absl_flags: Mapping[str, Any] = None): if absl_flags is not None: for key in absl_flags: setattr(self, key, absl_flags[key]) # API managers self.k8s_api_manager = k8s.KubernetesApiManager(self.kube_context) self.gcp_api_manager = gcp.api.GcpApiManager() self.td = traffic_director.TrafficDirectorManager( self.gcp_api_manager, self.project, resource_prefix=self.resource_prefix, resource_suffix=(self.resource_suffix or ""), network=self.network, ) # Kubernetes namespace self.k8s_namespace = k8s.KubernetesNamespace(self.k8s_api_manager, self.resource_prefix) # Kubernetes Test Client self.test_client_runner = client_app.KubernetesClientRunner( self.k8s_namespace, deployment_name=self.client_name, image_name=self.client_image, gcp_project=self.project, gcp_api_manager=self.gcp_api_manager, gcp_service_account=self.gcp_service_account, td_bootstrap_image=self.td_bootstrap_image, network=self.network, debug_use_port_forwarding=self.debug_use_port_forwarding, stats_port=self.client_port, reuse_namespace=True) # Kubernetes Test Servers self.test_server_runner = server_app.KubernetesServerRunner( self.k8s_namespace, deployment_name=self.server_name, image_name=self.server_image, gcp_project=self.project, gcp_api_manager=self.gcp_api_manager, gcp_service_account=self.gcp_service_account, td_bootstrap_image=self.td_bootstrap_image, network=self.network) self.test_server_alternative_runner = server_app.KubernetesServerRunner( self.k8s_namespace, deployment_name=self.server_name + '-alternative', image_name=self.server_image, gcp_project=self.project, gcp_api_manager=self.gcp_api_manager, gcp_service_account=self.gcp_service_account, td_bootstrap_image=self.td_bootstrap_image, network=self.network, reuse_namespace=True) logging.info('Strategy of GCP resources management: %s', self.strategy)
def __init__(self, absl_flags: Mapping[str, Any] = None): if absl_flags is not None: for key in absl_flags: setattr(self, key, absl_flags[key]) # Pick a client_namespace_suffix if not set if self.resource_suffix is None: self.resource_suffix = "" else: raise NotImplementedError( 'Predefined resource_suffix is not supported for UrlMap tests') logging.info('GcpResourceManager: resource prefix=%s, suffix=%s', self.resource_prefix, self.resource_suffix) # API managers self.k8s_api_manager = k8s.KubernetesApiManager(self.kube_context) self.gcp_api_manager = gcp.api.GcpApiManager() self.td = traffic_director.TrafficDirectorManager( self.gcp_api_manager, self.project, resource_prefix=self.resource_prefix, resource_suffix=(self.resource_suffix or ""), network=self.network, compute_api_version=self.compute_api_version, ) # Kubernetes namespace self.k8s_namespace = k8s.KubernetesNamespace(self.k8s_api_manager, self.resource_prefix) # Kubernetes Test Servers self.test_server_runner = server_app.KubernetesServerRunner( self.k8s_namespace, deployment_name=self.server_name, image_name=self.server_image, gcp_project=self.project, gcp_api_manager=self.gcp_api_manager, gcp_service_account=self.gcp_service_account, td_bootstrap_image=self.td_bootstrap_image, xds_server_uri=self.xds_server_uri, network=self.network, enable_workload_identity=self.enable_workload_identity) self.test_server_alternative_runner = server_app.KubernetesServerRunner( self.k8s_namespace, deployment_name=self.server_name + '-alternative', image_name=self.server_image, gcp_project=self.project, gcp_api_manager=self.gcp_api_manager, gcp_service_account=self.gcp_service_account, td_bootstrap_image=self.td_bootstrap_image, xds_server_uri=self.xds_server_uri, network=self.network, enable_workload_identity=self.enable_workload_identity, reuse_namespace=True) self.test_server_affinity_runner = server_app.KubernetesServerRunner( self.k8s_namespace, deployment_name=self.server_name + '-affinity', image_name=self.server_image, gcp_project=self.project, gcp_api_manager=self.gcp_api_manager, gcp_service_account=self.gcp_service_account, td_bootstrap_image=self.td_bootstrap_image, xds_server_uri=self.xds_server_uri, network=self.network, enable_workload_identity=self.enable_workload_identity, reuse_namespace=True) logging.info('Strategy of GCP resources management: %s', self.strategy)
def main(argv): if len(argv) > 1: raise app.UsageError('Too many command-line arguments.') command = _CMD.value security_mode = _SECURITY.value project: str = xds_flags.PROJECT.value network: str = xds_flags.NETWORK.value namespace = xds_flags.NAMESPACE.value # Test server server_name = xds_flags.SERVER_NAME.value server_port = xds_flags.SERVER_PORT.value server_maintenance_port = xds_flags.SERVER_MAINTENANCE_PORT.value server_xds_host = xds_flags.SERVER_XDS_HOST.value server_xds_port = xds_flags.SERVER_XDS_PORT.value gcp_api_manager = gcp.api.GcpApiManager() if security_mode is None: td = traffic_director.TrafficDirectorManager(gcp_api_manager, project=project, resource_prefix=namespace, network=network) else: td = traffic_director.TrafficDirectorSecureManager( gcp_api_manager, project=project, resource_prefix=namespace, network=network) if server_maintenance_port is None: server_maintenance_port = _DEFAULT_SECURE_MODE_MAINTENANCE_PORT try: if command in ('create', 'cycle'): logger.info('Create mode') if security_mode is None: logger.info('No security') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) elif security_mode == 'mtls': logger.info('Setting up mtls') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) td.setup_server_security(server_namespace=namespace, server_name=server_name, server_port=server_port, tls=True, mtls=True) td.setup_client_security(server_namespace=namespace, server_name=server_name, tls=True, mtls=True) elif security_mode == 'tls': logger.info('Setting up tls') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) td.setup_server_security(server_namespace=namespace, server_name=server_name, server_port=server_port, tls=True, mtls=False) td.setup_client_security(server_namespace=namespace, server_name=server_name, tls=True, mtls=False) elif security_mode == 'plaintext': logger.info('Setting up plaintext') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) td.setup_server_security(server_namespace=namespace, server_name=server_name, server_port=server_port, tls=False, mtls=False) td.setup_client_security(server_namespace=namespace, server_name=server_name, tls=False, mtls=False) elif security_mode == 'mtls_error': # Error case: server expects client mTLS cert, # but client configured only for TLS logger.info('Setting up mtls_error') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) td.setup_server_security(server_namespace=namespace, server_name=server_name, server_port=server_port, tls=True, mtls=True) td.setup_client_security(server_namespace=namespace, server_name=server_name, tls=True, mtls=False) elif security_mode == 'server_authz_error': # Error case: client does not authorize server # because of mismatched SAN name. logger.info('Setting up mtls_error') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) # Regular TLS setup, but with client policy configured using # intentionality incorrect server_namespace. td.setup_server_security(server_namespace=namespace, server_name=server_name, server_port=server_port, tls=True, mtls=False) incorrect_namespace = f'incorrect-namespace-{uuid.uuid4().hex}' td.setup_client_security(server_namespace=incorrect_namespace, server_name=server_name, tls=True, mtls=False) logger.info('Works!') except Exception: # noqa pylint: disable=broad-except logger.exception('Got error during creation') if command in ('cleanup', 'cycle'): logger.info('Cleaning up') td.cleanup(force=True) if command == 'backends-add': logger.info('Adding backends') k8s_api_manager = k8s.KubernetesApiManager( xds_k8s_flags.KUBE_CONTEXT.value) k8s_namespace = k8s.KubernetesNamespace(k8s_api_manager, namespace) neg_name, neg_zones = k8s_namespace.get_service_neg( server_name, server_port) td.load_backend_service() td.backend_service_add_neg_backends(neg_name, neg_zones) td.wait_for_backends_healthy_status() # TODO(sergiitk): wait until client reports rpc health elif command == 'backends-cleanup': td.load_backend_service() td.backend_service_remove_all_backends()
def main(argv): # pylint: disable=too-many-locals,too-many-branches,too-many-statements if len(argv) > 1: raise app.UsageError('Too many command-line arguments.') # Must be called before KubernetesApiManager or GcpApiManager init. xds_flags.set_socket_default_timeout_from_flag() command = _CMD.value security_mode = _SECURITY.value project: str = xds_flags.PROJECT.value network: str = xds_flags.NETWORK.value # Resource names. resource_prefix: str = xds_flags.RESOURCE_PREFIX.value resource_suffix: str = xds_flags.RESOURCE_SUFFIX.value # Test server server_name = xds_flags.SERVER_NAME.value server_port = xds_flags.SERVER_PORT.value server_maintenance_port = xds_flags.SERVER_MAINTENANCE_PORT.value server_xds_host = xds_flags.SERVER_XDS_HOST.value server_xds_port = xds_flags.SERVER_XDS_PORT.value server_namespace = _KubernetesServerRunner.make_namespace_name( resource_prefix, resource_suffix) gcp_api_manager = gcp.api.GcpApiManager() if security_mode is None: td = traffic_director.TrafficDirectorManager( gcp_api_manager, project=project, network=network, resource_prefix=resource_prefix, resource_suffix=resource_suffix) else: td = traffic_director.TrafficDirectorSecureManager( gcp_api_manager, project=project, network=network, resource_prefix=resource_prefix, resource_suffix=resource_suffix) if server_maintenance_port is None: server_maintenance_port = \ _KubernetesServerRunner.DEFAULT_SECURE_MODE_MAINTENANCE_PORT try: if command in ('create', 'cycle'): logger.info('Create mode') if security_mode is None: logger.info('No security') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) elif security_mode == 'mtls': logger.info('Setting up mtls') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) td.setup_server_security(server_namespace=server_namespace, server_name=server_name, server_port=server_port, tls=True, mtls=True) td.setup_client_security(server_namespace=server_namespace, server_name=server_name, tls=True, mtls=True) elif security_mode == 'tls': logger.info('Setting up tls') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) td.setup_server_security(server_namespace=server_namespace, server_name=server_name, server_port=server_port, tls=True, mtls=False) td.setup_client_security(server_namespace=server_namespace, server_name=server_name, tls=True, mtls=False) elif security_mode == 'plaintext': logger.info('Setting up plaintext') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) td.setup_server_security(server_namespace=server_namespace, server_name=server_name, server_port=server_port, tls=False, mtls=False) td.setup_client_security(server_namespace=server_namespace, server_name=server_name, tls=False, mtls=False) elif security_mode == 'mtls_error': # Error case: server expects client mTLS cert, # but client configured only for TLS logger.info('Setting up mtls_error') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) td.setup_server_security(server_namespace=server_namespace, server_name=server_name, server_port=server_port, tls=True, mtls=True) td.setup_client_security(server_namespace=server_namespace, server_name=server_name, tls=True, mtls=False) elif security_mode == 'server_authz_error': # Error case: client does not authorize server # because of mismatched SAN name. logger.info('Setting up mtls_error') td.setup_for_grpc(server_xds_host, server_xds_port, health_check_port=server_maintenance_port) # Regular TLS setup, but with client policy configured using # intentionality incorrect server_namespace. td.setup_server_security(server_namespace=server_namespace, server_name=server_name, server_port=server_port, tls=True, mtls=False) td.setup_client_security( server_namespace=f'incorrect-namespace-{rand.rand_string()}', server_name=server_name, tls=True, mtls=False) logger.info('Works!') except Exception: # noqa pylint: disable=broad-except logger.exception('Got error during creation') if command in ('cleanup', 'cycle'): logger.info('Cleaning up') td.cleanup(force=True) if command == 'backends-add': logger.info('Adding backends') k8s_api_manager = k8s.KubernetesApiManager( xds_k8s_flags.KUBE_CONTEXT.value) k8s_namespace = k8s.KubernetesNamespace(k8s_api_manager, server_namespace) neg_name, neg_zones = k8s_namespace.get_service_neg( server_name, server_port) td.load_backend_service() td.backend_service_add_neg_backends(neg_name, neg_zones) td.wait_for_backends_healthy_status() elif command == 'backends-cleanup': td.load_backend_service() td.backend_service_remove_all_backends() elif command == 'unused-xds-port': try: unused_xds_port = td.find_unused_forwarding_rule_port() logger.info('Found unused forwarding rule port: %s', unused_xds_port) except Exception: # noqa pylint: disable=broad-except logger.exception("Couldn't find unused forwarding rule port")
def main(argv): if len(argv) > 1: raise app.UsageError('Too many command-line arguments.') command = _CMD.value security_mode = _SECURITY.value project: str = xds_flags.PROJECT.value network: str = xds_flags.NETWORK.value namespace = xds_flags.NAMESPACE.value # Test server server_name = xds_flags.SERVER_NAME.value server_port = xds_flags.SERVER_PORT.value server_xds_host = xds_flags.SERVER_XDS_HOST.value server_xds_port = xds_flags.SERVER_XDS_PORT.value gcp_api_manager = gcp.api.GcpApiManager() if security_mode is None: td = traffic_director.TrafficDirectorManager(gcp_api_manager, project=project, resource_prefix=namespace, network=network) else: td = traffic_director.TrafficDirectorSecureManager( gcp_api_manager, project=project, resource_prefix=namespace, network=network) # noinspection PyBroadException try: if command == 'create' or command == 'cycle': logger.info('Create-only mode') if security_mode is None: logger.info('No security') td.setup_for_grpc(server_xds_host, server_xds_port) elif security_mode == 'mtls': logger.info('Setting up mtls') td.setup_for_grpc(server_xds_host, server_xds_port) td.setup_server_security(server_namespace=namespace, server_name=server_name, server_port=server_port, tls=True, mtls=True) td.setup_client_security(server_namespace=namespace, server_name=server_name, tls=True, mtls=True) elif security_mode == 'tls': logger.info('Setting up tls') td.setup_for_grpc(server_xds_host, server_xds_port) td.setup_server_security(server_namespace=namespace, server_name=server_name, server_port=server_port, tls=True, mtls=False) td.setup_client_security(server_namespace=namespace, server_name=server_name, tls=True, mtls=False) elif security_mode == 'plaintext': logger.info('Setting up plaintext') td.setup_for_grpc(server_xds_host, server_xds_port) td.setup_server_security(server_namespace=namespace, server_name=server_name, server_port=server_port, tls=False, mtls=False) td.setup_client_security(server_namespace=namespace, server_name=server_name, tls=False, mtls=False) logger.info('Works!') except Exception: logger.exception('Got error during creation') if command == 'cleanup' or command == 'cycle': logger.info('Cleaning up') td.cleanup(force=True) if command == 'backends-add': logger.info('Adding backends') k8s_api_manager = k8s.KubernetesApiManager( xds_k8s_flags.KUBE_CONTEXT.value) k8s_namespace = k8s.KubernetesNamespace(k8s_api_manager, namespace) neg_name, neg_zones = k8s_namespace.get_service_neg( server_name, server_port) td.load_backend_service() td.backend_service_add_neg_backends(neg_name, neg_zones) # TODO(sergiitk): wait until client reports rpc health elif command == 'backends-cleanup': td.load_backend_service() td.backend_service_remove_all_backends()