check: don't pass policy YAML to WithCiliumEgressPolicy()

As CiliumEgressGatewayPolicyParams allows now to use a single policy template across all test scenarios, stop passing the same policy template to all invocations of WithCiliumEgressPolicy() Signed-off-by: Gilberto Bertin <[email protected]>
cilium · Jan 4, 2024 · 0b1759d · 0b1759d
1 parent 0a85f6c
commit 0b1759d
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 16 deletions.
diff --git a/...vity/manifests/egress-gateway-policy.yaml → ...heck/manifests/egress-gateway-policy.yaml b/...vity/manifests/egress-gateway-policy.yaml → ...heck/manifests/egress-gateway-policy.yaml
diff --git a/connectivity/check/test.go b/connectivity/check/test.go
@@ -37,6 +37,9 @@ import (
 	"github.com/cloudflare/cfssl/signer/local"
 )
 
+//go:embed manifests/egress-gateway-policy.yaml
+var egressGatewayPolicyYAML string
+
 const (
 	// KubernetesSourcedLabelPrefix is the optional prefix used in labels to
 	// indicate they are sourced from Kubernetes.
@@ -485,8 +488,8 @@ type CiliumEgressGatewayPolicyParams struct {
 // Test, to be applied when the test starts running. When calling this method,
 // note that the egress gateway enabled feature requirement is applied directly
 // here.
-func (t *Test) WithCiliumEgressGatewayPolicy(policy string, params CiliumEgressGatewayPolicyParams) *Test {
-	pl, err := parseCiliumEgressGatewayPolicyYAML(policy)
+func (t *Test) WithCiliumEgressGatewayPolicy(params CiliumEgressGatewayPolicyParams) *Test {
+	pl, err := parseCiliumEgressGatewayPolicyYAML(egressGatewayPolicyYAML)
 	if err != nil {
 		t.Fatalf("Parsing policy YAML: %s", err)
 	}

diff --git a/connectivity/suite.go b/connectivity/suite.go
@@ -185,9 +185,6 @@ var (
 
 	//go:embed manifests/echo-ingress-mutual-authentication.yaml
 	echoIngressMutualAuthPolicyYAML string
-
-	//go:embed manifests/egress-gateway-policy.yaml
-	egressGatewayPolicyYAML string
 )
 
 var (
@@ -794,11 +791,11 @@ func Run(ctx context.Context, ct *check.ConnectivityTest, addExtraTests func(*ch
 
 	if ct.Params().IncludeUnsafeTests {
 		ct.NewTest("egress-gateway").
-			WithCiliumEgressGatewayPolicy(egressGatewayPolicyYAML, check.CiliumEgressGatewayPolicyParams{
+			WithCiliumEgressGatewayPolicy(check.CiliumEgressGatewayPolicyParams{
 				Name:            "cegp-sample-client",
 				PodSelectorKind: "client",
 			}).
-			WithCiliumEgressGatewayPolicy(egressGatewayPolicyYAML, check.CiliumEgressGatewayPolicyParams{
+			WithCiliumEgressGatewayPolicy(check.CiliumEgressGatewayPolicyParams{
 				Name:            "cegp-sample-echo",
 				PodSelectorKind: "echo",
 			}).
@@ -812,7 +809,7 @@ func Run(ctx context.Context, ct *check.ConnectivityTest, addExtraTests func(*ch
 
 	if versioncheck.MustCompile(">=1.14.0")(ct.CiliumVersion) {
 		ct.NewTest("egress-gateway-excluded-cidrs").
-			WithCiliumEgressGatewayPolicy(egressGatewayPolicyYAML, check.CiliumEgressGatewayPolicyParams{
+			WithCiliumEgressGatewayPolicy(check.CiliumEgressGatewayPolicyParams{
 				Name:            "cegp-sample-client",
 				PodSelectorKind: "client",
 				ExcludedCIDRs:   check.ExternalNodeExcludedCIDRs,

diff --git a/connectivity/tests/egressgateway.go b/connectivity/tests/egressgateway.go
@@ -37,10 +37,11 @@ func (e *bpfEgressGatewayPolicyEntry) matches(t bpfEgressGatewayPolicyEntry) boo
 		t.GatewayIP == e.GatewayIP
 }
 
-// waitForBpfPolicyEntries waits for the egress gateway policy maps on each node to be populated with the entries for
-// the cegp-sample CiliumEgressGatewayExcludedCIDRsPolicy
+// waitForBpfPolicyEntries waits for the egress gateway policy maps on each node to be populated with the entries
+// returned by the targetEntriesCallback
 func waitForBpfPolicyEntries(ctx context.Context, t *check.Test,
-	targetEntriesCallback func(ciliumPod check.Pod) []bpfEgressGatewayPolicyEntry) {
+	targetEntriesCallback func(ciliumPod check.Pod) []bpfEgressGatewayPolicyEntry,
+) {
 	ct := t.Context()
 
 	w := wait.NewObserver(ctx, wait.Parameters{Timeout: 10 * time.Second})
@@ -132,12 +133,17 @@ func extractClientIPFromResponse(res string) net.IP {
 	return net.ParseIP(clientIP.ClientIP).To4()
 }
 
-// EgressGateway is a test case which, given the cegp-sample CiliumEgressGatewayPolicy targeting:
+// EgressGateway is a test case which, given the cegp-sample-client CiliumEgressGatewayPolicy targeting:
 // - a couple of client pods (kind=client) as source
 // - the 0.0.0.0/0 destination CIDR
 // - kind-worker2 as gateway node
 //
-// This suite tests connectivity for:
+// and the cegp-sample-echo CiliumEgressGatewayPolicy targeting:
+// - the echo service pods (kind=echo) as source
+// - the 0.0.0.0/0 destination CIDR
+// - kind-worker2 as gateway node
+//
+// tests connectivity for:
 // - pod to host traffic
 // - pod to service traffic
 // - pod to external IP traffic
@@ -290,15 +296,14 @@ func (s *egressGateway) Run(ctx context.Context, t *check.Test) {
 	}
 }
 
-// EgressGatewayExcludedCIDRs is a test case which, given the cegp-sample-excluded-cidrs CiliumEgressGatewayPolicy
+// EgressGatewayExcludedCIDRs is a test case which, given the cegp-sample CiliumEgressGatewayPolicy targeting:
 // targeting:
 // - a couple of client pods (kind=client) as source
 // - the 0.0.0.0/0 destination CIDR
 // - the IP of the external node as excluded CIDR
 // - kind-worker2 as gateway node
 //
-// This suite tests tests the excludedCIDRs property and ensure traffic matching
-// an excluded CIDR does not get masqueraded with the egress IP.
+// This suite tests the excludedCIDRs property and ensure traffic matching an excluded CIDR does not get masqueraded with the egress IP
 func EgressGatewayExcludedCIDRs() check.Scenario {
 	return &egressGatewayExcludedCIDRs{}
 }