github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/enforcer/proxy/enforcerproxy_test.go (about) 1 package enforcerproxy 2 3 import ( 4 "context" 5 "fmt" 6 "testing" 7 "time" 8 9 gomock "github.com/golang/mock/gomock" 10 . "github.com/smartystreets/goconvey/convey" 11 "go.aporeto.io/enforcerd/trireme-lib/collector" 12 "go.aporeto.io/enforcerd/trireme-lib/controller/constants" 13 "go.aporeto.io/enforcerd/trireme-lib/controller/internal/enforcer" 14 "go.aporeto.io/enforcerd/trireme-lib/controller/internal/enforcer/utils/rpcwrapper" 15 "go.aporeto.io/enforcerd/trireme-lib/controller/internal/enforcer/utils/rpcwrapper/mockrpcwrapper" 16 "go.aporeto.io/enforcerd/trireme-lib/controller/internal/processmon/mockprocessmon" 17 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/env" 18 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/fqconfig" 19 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/packettracing" 20 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/remoteenforcer" 21 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/secrets" 22 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/secrets/testhelper" 23 "go.aporeto.io/enforcerd/trireme-lib/controller/runtime" 24 "go.aporeto.io/enforcerd/trireme-lib/policy" 25 ) 26 27 const procMountPoint = "/proc" 28 29 var ( 30 keypem, caPool, certPEM string 31 token []byte 32 ) 33 34 func init() { 35 keypem = `-----BEGIN EC PRIVATE KEY----- 36 MHcCAQEEIPkiHqtH372JJdAG/IxJlE1gv03cdwa8Lhg2b3m/HmbyoAoGCCqGSM49 37 AwEHoUQDQgAEAfAL+AfPj/DnxrU6tUkEyzEyCxnflOWxhouy1bdzhJ7vxMb1vQ31 38 8ZbW/WvMN/ojIXqXYrEpISoojznj46w64w== 39 -----END EC PRIVATE KEY-----` 40 41 caPool = `-----BEGIN CERTIFICATE----- 42 MIIBhTCCASwCCQC8b53yGlcQazAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJVUzEL 43 MAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NKQzEQMA4GA1UECgwHVHJpcmVtZTEPMA0G 44 A1UEAwwGdWJ1bnR1MB4XDTE2MDkyNzIyNDkwMFoXDTI2MDkyNTIyNDkwMFowSzEL 45 MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTSkMxEDAOBgNVBAoM 46 B1RyaXJlbWUxDzANBgNVBAMMBnVidW50dTBZMBMGByqGSM49AgEGCCqGSM49AwEH 47 A0IABJxneTUqhbtgEIwpKUUzwz3h92SqcOdIw3mfQkMjg3Vobvr6JKlpXYe9xhsN 48 rygJmLhMAN9gjF9qM9ybdbe+m3owCgYIKoZIzj0EAwIDRwAwRAIgC1fVMqdBy/o3 49 jNUje/Hx0fZF9VDyUK4ld+K/wF3QdK4CID1ONj/Kqinrq2OpjYdkgIjEPuXoOoR1 50 tCym8dnq4wtH 51 -----END CERTIFICATE----- 52 -----BEGIN CERTIFICATE----- 53 MIIB3jCCAYOgAwIBAgIJALsW7pyC2ERQMAoGCCqGSM49BAMCMEsxCzAJBgNVBAYT 54 AlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0pDMRAwDgYDVQQKDAdUcmlyZW1l 55 MQ8wDQYDVQQDDAZ1YnVudHUwHhcNMTYwOTI3MjI0OTAwWhcNMjYwOTI1MjI0OTAw 56 WjBLMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NKQzEQMA4G 57 A1UECgwHVHJpcmVtZTEPMA0GA1UEAwwGdWJ1bnR1MFkwEwYHKoZIzj0CAQYIKoZI 58 zj0DAQcDQgAE4c2Fd7XeIB1Vfs51fWwREfLLDa55J+NBalV12CH7YEAnEXjl47aV 59 cmNqcAtdMUpf2oz9nFVI81bgO+OSudr3CqNQME4wHQYDVR0OBBYEFOBftuI09mmu 60 rXjqDyIta1gT8lqvMB8GA1UdIwQYMBaAFOBftuI09mmurXjqDyIta1gT8lqvMAwG 61 A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAMylAHhbFA0KqhXIFiXNpEbH 62 JKaELL6UXXdeQ5yup8q+AiEAh5laB9rbgTymjaANcZ2YzEZH4VFS3CKoSdVqgnwC 63 dW4= 64 -----END CERTIFICATE-----` 65 66 certPEM = `-----BEGIN CERTIFICATE----- 67 MIIBhjCCASwCCQCPCdgp39gHJTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJVUzEL 68 MAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NKQzEQMA4GA1UECgwHVHJpcmVtZTEPMA0G 69 A1UEAwwGdWJ1bnR1MB4XDTE2MDkyNzIyNDkwMFoXDTI2MDkyNTIyNDkwMFowSzEL 70 MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTSkMxEDAOBgNVBAoM 71 B1RyaXJlbWUxDzANBgNVBAMMBnVidW50dTBZMBMGByqGSM49AgEGCCqGSM49AwEH 72 A0IABAHwC/gHz4/w58a1OrVJBMsxMgsZ35TlsYaLstW3c4Se78TG9b0N9fGW1v1r 73 zDf6IyF6l2KxKSEqKI854+OsOuMwCgYIKoZIzj0EAwIDSAAwRQIgQwQn0jnK/XvD 74 KxgQd/0pW5FOAaB41cMcw4/XVlphO1oCIQDlGie+WlOMjCzrV0Xz+XqIIi1pIgPT 75 IG7Nv+YlTVp5qA== 76 -----END CERTIFICATE-----` 77 78 token = []byte{0x65, 0x79, 0x4A, 0x68, 0x62, 0x47, 0x63, 0x69, 0x4F, 0x69, 0x4A, 0x46, 0x55, 0x7A, 0x49, 0x31, 0x4E, 0x69, 0x49, 0x73, 0x49, 0x6E, 0x52, 0x35, 0x63, 0x43, 0x49, 0x36, 0x49, 0x6B, 0x70, 0x58, 0x56, 0x43, 0x4A, 0x39, 0x2E, 0x65, 0x79, 0x4A, 0x59, 0x49, 0x6A, 0x6F, 0x78, 0x4F, 0x44, 0x51, 0x32, 0x4E, 0x54, 0x6B, 0x78, 0x4D, 0x7A, 0x63, 0x33, 0x4E, 0x44, 0x41, 0x35, 0x4D, 0x7A, 0x4D, 0x35, 0x4D, 0x7A, 0x51, 0x33, 0x4D, 0x54, 0x4D, 0x77, 0x4D, 0x6A, 0x4D, 0x35, 0x4E, 0x6A, 0x45, 0x79, 0x4E, 0x6A, 0x55, 0x79, 0x4D, 0x7A, 0x45, 0x77, 0x4E, 0x44, 0x51, 0x30, 0x4F, 0x44, 0x63, 0x34, 0x4D, 0x7A, 0x45, 0x78, 0x4E, 0x6A, 0x4D, 0x30, 0x4E, 0x7A, 0x6B, 0x32, 0x4D, 0x6A, 0x4D, 0x32, 0x4D, 0x7A, 0x67, 0x30, 0x4E, 0x54, 0x59, 0x30, 0x4E, 0x6A, 0x51, 0x78, 0x4E, 0x7A, 0x67, 0x78, 0x4E, 0x44, 0x41, 0x78, 0x4F, 0x44, 0x63, 0x35, 0x4F, 0x44, 0x4D, 0x30, 0x4D, 0x44, 0x51, 0x78, 0x4E, 0x53, 0x77, 0x69, 0x57, 0x53, 0x49, 0x36, 0x4F, 0x44, 0x59, 0x78, 0x4F, 0x44, 0x41, 0x7A, 0x4E, 0x6A, 0x45, 0x33, 0x4D, 0x6A, 0x67, 0x34, 0x4D, 0x54, 0x6B, 0x79, 0x4D, 0x44, 0x41, 0x30, 0x4D, 0x6A, 0x41, 0x33, 0x4D, 0x44, 0x63, 0x30, 0x4D, 0x44, 0x6B, 0x78, 0x4D, 0x54, 0x41, 0x33, 0x4D, 0x54, 0x49, 0x33, 0x4D, 0x7A, 0x49, 0x78, 0x4F, 0x54, 0x45, 0x34, 0x4D, 0x54, 0x45, 0x77, 0x4F, 0x44, 0x41, 0x77, 0x4E, 0x54, 0x41, 0x79, 0x4F, 0x54, 0x59, 0x79, 0x4D, 0x6A, 0x49, 0x78, 0x4D, 0x54, 0x41, 0x32, 0x4E, 0x44, 0x41, 0x30, 0x4D, 0x54, 0x6B, 0x32, 0x4F, 0x54, 0x49, 0x34, 0x4D, 0x54, 0x55, 0x78, 0x4D, 0x6A, 0x55, 0x31, 0x4E, 0x54, 0x55, 0x30, 0x4F, 0x54, 0x63, 0x73, 0x49, 0x6D, 0x56, 0x34, 0x63, 0x43, 0x49, 0x36, 0x4D, 0x54, 0x55, 0x7A, 0x4D, 0x7A, 0x49, 0x30, 0x4D, 0x54, 0x6B, 0x78, 0x4D, 0x6E, 0x30, 0x2E, 0x56, 0x43, 0x44, 0x30, 0x54, 0x61, 0x4C, 0x69, 0x66, 0x74, 0x35, 0x63, 0x6A, 0x6E, 0x66, 0x74, 0x73, 0x7A, 0x57, 0x63, 0x43, 0x74, 0x56, 0x64, 0x59, 0x49, 0x63, 0x5A, 0x44, 0x58, 0x63, 0x73, 0x67, 0x66, 0x47, 0x41, 0x69, 0x33, 0x42, 0x77, 0x6F, 0x73, 0x4A, 0x50, 0x68, 0x6F, 0x76, 0x6A, 0x57, 0x65, 0x56, 0x65, 0x74, 0x6E, 0x55, 0x44, 0x44, 0x46, 0x69, 0x45, 0x37, 0x4E, 0x78, 0x76, 0x4E, 0x6A, 0x32, 0x52, 0x43, 0x53, 0x79, 0x4A, 0x76, 0x2D, 0x52, 0x6F, 0x71, 0x72, 0x6F, 0x78, 0x4E, 0x48, 0x4B, 0x4B, 0x37, 0x77} 79 } 80 81 func eventCollector() collector.EventCollector { 82 newEvent := &collector.DefaultCollector{} 83 return newEvent 84 } 85 86 func secretGen() secrets.Secrets { 87 88 _, newSecret, _ := testhelper.NewTestCompactPKISecrets() 89 return newSecret 90 } 91 92 func createPUInfo() *policy.PUInfo { 93 94 rules := policy.IPRuleList{ 95 policy.IPRule{ 96 Addresses: []string{"192.30.253.0/24"}, 97 Ports: []string{"80"}, 98 Protocols: []string{"TCP"}, 99 Policy: &policy.FlowPolicy{Action: policy.Reject}, 100 }, 101 102 policy.IPRule{ 103 Addresses: []string{"192.30.253.0/24"}, 104 Ports: []string{"443"}, 105 Protocols: []string{"TCP"}, 106 Policy: &policy.FlowPolicy{Action: policy.Accept}, 107 }, 108 } 109 110 ips := policy.ExtendedMap{ 111 policy.DefaultNamespace: "172.17.0.1", 112 } 113 114 runtime := policy.NewPURuntimeWithDefaults() 115 runtime.SetIPAddresses(ips) 116 plc := policy.NewPUPolicy("testServerID", "/ns1", policy.Police, rules, rules, nil, nil, nil, nil, nil, nil, ips, 0, 0, nil, nil, []string{}, policy.EnforcerMapping, policy.Reject|policy.Log, policy.Reject|policy.Log) 117 118 return policy.PUInfoFromPolicyAndRuntime("testServerID", plc, runtime) 119 120 } 121 122 func setupProxyEnforcer() enforcer.Enforcer { 123 mutualAuthorization := false 124 defaultExternalIPCacheTimeout := time.Second * 40 125 126 fqConfig := fqconfig.NewFilterQueue( 127 1, 128 []string{}, 129 ) 130 131 policyEnf := NewProxyEnforcer( 132 context.Background(), 133 mutualAuthorization, 134 fqConfig, 135 eventCollector(), 136 secretGen(), 137 "testServerID", 138 10*time.Minute, 139 constants.DefaultRemoteArg, 140 procMountPoint, 141 defaultExternalIPCacheTimeout, 142 false, 143 &runtime.Configuration{TCPTargetNetworks: []string{"0.0.0.0/0"}}, 144 make(chan *policy.RuntimeError), 145 &env.RemoteParameters{}, 146 nil, 147 false, 148 false, 149 "", 150 rpcwrapper.NewRPCServer(), 151 ) 152 return policyEnf 153 } 154 155 func TestNewDefaultProxyEnforcer(t *testing.T) { 156 ctrl := gomock.NewController(t) 157 defer ctrl.Finish() 158 159 Convey("When I try to start a proxy enforcer with defaults", t, func() { 160 policyEnf := setupProxyEnforcer() 161 162 e, ok := policyEnf.(*ProxyInfo) 163 So(ok, ShouldBeTrue) 164 Convey("Then policyEnf should be correct", func() { 165 So(e, ShouldNotBeNil) 166 So(e.rpchdl, ShouldNotBeNil) 167 So(e.statsServerSecret, ShouldNotEqual, "") 168 }) 169 }) 170 } 171 172 func TestInitRemoteEnforcer(t *testing.T) { 173 ctrl := gomock.NewController(t) 174 defer ctrl.Finish() 175 176 Convey("When I try to start a proxy enforcer with defaults", t, func() { 177 rpchdl := mockrpcwrapper.NewMockRPCClient(ctrl) 178 policyEnf := setupProxyEnforcer() 179 e := policyEnf.(*ProxyInfo) 180 e.rpchdl = rpchdl 181 182 Convey("When I try to initiate a remote enforcer", func() { 183 rpchdl.EXPECT().RemoteCall("testServerID", remoteenforcer.InitEnforcer, gomock.Any(), gomock.Any()).Times(1).Return(nil) 184 err := e.initRemoteEnforcer("testServerID") 185 186 Convey("Then I should not get any error", func() { 187 So(err, ShouldBeNil) 188 }) 189 }) 190 }) 191 } 192 193 func TestEnforce(t *testing.T) { 194 ctrl := gomock.NewController(t) 195 defer ctrl.Finish() 196 197 Convey("When I try to start a proxy enforcer with defaults", t, func() { 198 rpchdl := mockrpcwrapper.NewMockRPCClient(ctrl) 199 prochdl := mockprocessmon.NewMockProcessManager(ctrl) 200 policyEnf := setupProxyEnforcer() 201 e := policyEnf.(*ProxyInfo) 202 e.rpchdl = rpchdl 203 e.prochdl = prochdl 204 205 pu := createPUInfo() 206 207 Convey("When launching the remote fails, it should error", func() { 208 prochdl.EXPECT().LaunchRemoteEnforcer("pu", gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(false, fmt.Errorf("error")) 209 err := e.Enforce(context.Background(), "pu", pu) 210 So(err, ShouldNotBeNil) 211 }) 212 213 Convey("When launching the remote succeeds, and init is false, but the rpc calls fails, it should work", func() { 214 prochdl.EXPECT().LaunchRemoteEnforcer("pu", gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(false, nil) 215 rpchdl.EXPECT().RemoteCall("pu", remoteenforcer.Enforce, gomock.Any(), gomock.Any()).Return(fmt.Errorf("error")) 216 prochdl.EXPECT().KillRemoteEnforcer("pu", true) 217 err := e.Enforce(context.Background(), "pu", pu) 218 So(err, ShouldNotBeNil) 219 }) 220 221 Convey("When launching the remote succeeds, and init is false, and rpc succeeds, it should work", func() { 222 prochdl.EXPECT().LaunchRemoteEnforcer("pu", gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(false, nil) 223 rpchdl.EXPECT().RemoteCall("pu", remoteenforcer.Enforce, gomock.Any(), gomock.Any()).Return(nil) 224 err := e.Enforce(context.Background(), "pu", pu) 225 So(err, ShouldBeNil) 226 }) 227 228 Convey("When launching the remote succeeds, and init is true, and init of remote fails, it should error", func() { 229 prochdl.EXPECT().LaunchRemoteEnforcer("pu", gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(true, nil) 230 rpchdl.EXPECT().RemoteCall("pu", remoteenforcer.InitEnforcer, gomock.Any(), gomock.Any()).Times(1).Return(fmt.Errorf("error")) 231 prochdl.EXPECT().KillRemoteEnforcer("pu", true) 232 err := e.Enforce(context.Background(), "pu", pu) 233 So(err, ShouldNotBeNil) 234 }) 235 236 Convey("When launching succeeds with init true, it should not error", func() { 237 prochdl.EXPECT().LaunchRemoteEnforcer("pu", gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(true, nil) 238 rpchdl.EXPECT().RemoteCall("pu", remoteenforcer.InitEnforcer, gomock.Any(), gomock.Any()).Times(1).Return(nil) 239 rpchdl.EXPECT().RemoteCall("pu", remoteenforcer.Enforce, gomock.Any(), gomock.Any()).Return(nil) 240 err := e.Enforce(context.Background(), "pu", pu) 241 So(err, ShouldBeNil) 242 }) 243 }) 244 } 245 246 func TestUnenforce(t *testing.T) { 247 ctrl := gomock.NewController(t) 248 defer ctrl.Finish() 249 250 Convey("When I try to start a proxy enforcer with defaults", t, func() { 251 rpchdl := mockrpcwrapper.NewMockRPCClient(ctrl) 252 prochdl := mockprocessmon.NewMockProcessManager(ctrl) 253 policyEnf := setupProxyEnforcer() 254 e := policyEnf.(*ProxyInfo) 255 e.rpchdl = rpchdl 256 e.prochdl = prochdl 257 258 Convey("When I try to call unenforce", func() { 259 rpchdl.EXPECT().RemoteCall("testServerID", remoteenforcer.Unenforce, gomock.Any(), gomock.Any()).Times(1).Return(nil) 260 prochdl.EXPECT().KillRemoteEnforcer("testServerID", true) 261 err := e.Unenforce(context.Background(), "testServerID") 262 So(err, ShouldBeNil) 263 }) 264 265 Convey("When I try to call unenforce and there is a failure", func() { 266 rpchdl.EXPECT().RemoteCall("testServerID", remoteenforcer.Unenforce, gomock.Any(), gomock.Any()).Times(1).Return(fmt.Errorf("error")) 267 prochdl.EXPECT().KillRemoteEnforcer("testServerID", true) 268 err := e.Unenforce(context.Background(), "testServerID") 269 270 Convey("Then I should not get an error", func() { 271 So(err, ShouldBeNil) 272 }) 273 }) 274 }) 275 } 276 277 func TestUpdateSecrets(t *testing.T) { 278 ctrl := gomock.NewController(t) 279 defer ctrl.Finish() 280 281 Convey("When I update the secrets", t, func() { 282 rpchdl := mockrpcwrapper.NewMockRPCClient(ctrl) 283 prochdl := mockprocessmon.NewMockProcessManager(ctrl) 284 policyEnf := setupProxyEnforcer() 285 e := policyEnf.(*ProxyInfo) 286 e.rpchdl = rpchdl 287 e.prochdl = prochdl 288 289 Convey("When there is no container, I should get no error", func() { 290 rpchdl.EXPECT().ContextList().Return([]string{}) 291 err := e.UpdateSecrets(secretGen()) 292 So(err, ShouldBeNil) 293 }) 294 295 Convey("When I get a set of PUs, I should update all of them", func() { 296 rpchdl.EXPECT().ContextList().Return([]string{"pu1", "pu2"}) 297 rpchdl.EXPECT().RemoteCall("pu1", remoteenforcer.UpdateSecrets, gomock.Any(), gomock.Any()) 298 rpchdl.EXPECT().RemoteCall("pu2", remoteenforcer.UpdateSecrets, gomock.Any(), gomock.Any()) 299 300 err := e.UpdateSecrets(secretGen()) 301 So(err, ShouldBeNil) 302 }) 303 304 Convey("When I get a set of PUs, and one of them fails, I should get an error", func() { 305 rpchdl.EXPECT().ContextList().Return([]string{"pu1", "pu2"}) 306 rpchdl.EXPECT().RemoteCall("pu1", remoteenforcer.UpdateSecrets, gomock.Any(), gomock.Any()).Return(fmt.Errorf("error")) 307 rpchdl.EXPECT().RemoteCall("pu2", remoteenforcer.UpdateSecrets, gomock.Any(), gomock.Any()) 308 309 err := e.UpdateSecrets(secretGen()) 310 So(err, ShouldNotBeNil) 311 }) 312 }) 313 } 314 func TestCleanup(t *testing.T) { 315 ctrl := gomock.NewController(t) 316 defer ctrl.Finish() 317 318 Convey("When I request a cleanup", t, func() { 319 rpchdl := mockrpcwrapper.NewMockRPCClient(ctrl) 320 prochdl := mockprocessmon.NewMockProcessManager(ctrl) 321 policyEnf := setupProxyEnforcer() 322 e := policyEnf.(*ProxyInfo) 323 e.rpchdl = rpchdl 324 e.prochdl = prochdl 325 326 Convey("When there is no container, I should get no error", func() { 327 rpchdl.EXPECT().ContextList().Return([]string{}) 328 err := e.CleanUp() 329 So(err, ShouldBeNil) 330 }) 331 332 Convey("When I get a set of PUs, I should call kill for all of them", func() { 333 rpchdl.EXPECT().ContextList().Return([]string{"pu1", "pu2"}) 334 prochdl.EXPECT().KillRemoteEnforcer("pu1", false) 335 prochdl.EXPECT().KillRemoteEnforcer("pu2", false) 336 err := e.CleanUp() 337 So(err, ShouldBeNil) 338 }) 339 }) 340 } 341 342 func TestEnableDatapathPacketTracing(t *testing.T) { 343 ctrl := gomock.NewController(t) 344 defer ctrl.Finish() 345 346 Convey("When I try to start a proxy enforcer with defaults", t, func() { 347 rpchdl := mockrpcwrapper.NewMockRPCClient(ctrl) 348 prochdl := mockprocessmon.NewMockProcessManager(ctrl) 349 policyEnf := setupProxyEnforcer() 350 e := policyEnf.(*ProxyInfo) 351 e.rpchdl = rpchdl 352 e.prochdl = prochdl 353 354 Convey("When I try to call unenforce", func() { 355 rpchdl.EXPECT().RemoteCall("testServerID", remoteenforcer.EnableDatapathPacketTracing, gomock.Any(), gomock.Any()).Times(1).Return(nil) 356 err := e.EnableDatapathPacketTracing(context.TODO(), "testServerID", packettracing.NetworkOnly, 10*time.Second) 357 So(err, ShouldBeNil) 358 }) 359 360 Convey("When I try to call unenforce and there is a failure", func() { 361 rpchdl.EXPECT().RemoteCall("testServerID", remoteenforcer.EnableDatapathPacketTracing, gomock.Any(), gomock.Any()).Times(1).Return(fmt.Errorf("error")) 362 err := e.EnableDatapathPacketTracing(context.TODO(), "testServerID", packettracing.NetworkOnly, 10*time.Second) 363 364 Convey("Then I should get an error", func() { 365 So(err, ShouldNotBeNil) 366 }) 367 }) 368 }) 369 } 370 371 func TestEnableIPTablesPacketTracing(t *testing.T) { 372 ctrl := gomock.NewController(t) 373 defer ctrl.Finish() 374 375 Convey("When I try to start a proxy enforcer with defaults", t, func() { 376 rpchdl := mockrpcwrapper.NewMockRPCClient(ctrl) 377 prochdl := mockprocessmon.NewMockProcessManager(ctrl) 378 policyEnf := setupProxyEnforcer() 379 e := policyEnf.(*ProxyInfo) 380 e.rpchdl = rpchdl 381 e.prochdl = prochdl 382 383 Convey("When I try to call unenforce", func() { 384 rpchdl.EXPECT().RemoteCall("testServerID", remoteenforcer.EnableIPTablesPacketTracing, gomock.Any(), gomock.Any()).Times(1).Return(nil) 385 err := e.EnableIPTablesPacketTracing(context.TODO(), "testServerID", 10*time.Second) 386 So(err, ShouldBeNil) 387 }) 388 389 Convey("When I try to call unenforce and there is a failure", func() { 390 rpchdl.EXPECT().RemoteCall("testServerID", remoteenforcer.EnableIPTablesPacketTracing, gomock.Any(), gomock.Any()).Times(1).Return(fmt.Errorf("error")) 391 err := e.EnableIPTablesPacketTracing(context.TODO(), "testServerID", 10*time.Second) 392 393 Convey("Then I should get an error", func() { 394 So(err, ShouldNotBeNil) 395 }) 396 }) 397 }) 398 } 399 400 func TestSetTargetNetworks(t *testing.T) { 401 ctrl := gomock.NewController(t) 402 defer ctrl.Finish() 403 404 Convey("When update the target networks", t, func() { 405 rpchdl := mockrpcwrapper.NewMockRPCClient(ctrl) 406 prochdl := mockprocessmon.NewMockProcessManager(ctrl) 407 policyEnf := setupProxyEnforcer() 408 e := policyEnf.(*ProxyInfo) 409 e.rpchdl = rpchdl 410 e.prochdl = prochdl 411 412 Convey("When there is no container, I should get no error", func() { 413 rpchdl.EXPECT().ContextList().Return([]string{}) 414 err := e.SetTargetNetworks(&runtime.Configuration{}) 415 So(err, ShouldBeNil) 416 }) 417 418 Convey("When I get a set of PUs, I should call kill for all of them", func() { 419 rpchdl.EXPECT().ContextList().Return([]string{"pu1", "pu2"}) 420 rpchdl.EXPECT().RemoteCall("pu1", remoteenforcer.SetTargetNetworks, gomock.Any(), gomock.Any()) 421 rpchdl.EXPECT().RemoteCall("pu2", remoteenforcer.SetTargetNetworks, gomock.Any(), gomock.Any()) 422 err := e.SetTargetNetworks(&runtime.Configuration{}) 423 So(err, ShouldBeNil) 424 }) 425 426 Convey("When I get a set of PUs, and one of them fails, I should get an error", func() { 427 rpchdl.EXPECT().ContextList().Return([]string{"pu1", "pu2"}) 428 rpchdl.EXPECT().RemoteCall("pu1", remoteenforcer.SetTargetNetworks, gomock.Any(), gomock.Any()).Return(fmt.Errorf("error")) 429 rpchdl.EXPECT().RemoteCall("pu2", remoteenforcer.SetTargetNetworks, gomock.Any(), gomock.Any()) 430 err := e.SetTargetNetworks(&runtime.Configuration{}) 431 So(err, ShouldNotBeNil) 432 }) 433 }) 434 } 435 436 func TestPostReportEvent(t *testing.T) { 437 ctrl := gomock.NewController(t) 438 defer ctrl.Finish() 439 rpchdl := mockrpcwrapper.NewMockRPCServer(ctrl) 440 c := eventCollector() 441 442 request := rpcwrapper.Request{ 443 PayloadType: rpcwrapper.PacketReport, 444 Payload: &collector.PacketReport{ 445 DestinationIP: "12.12.12.12", 446 SourceIP: "1.1.1.1", 447 }, 448 } 449 statsserver := &ProxyRPCServer{ 450 rpchdl: rpchdl, 451 collector: c, 452 secret: "test", 453 ctx: context.Background(), 454 } 455 response := &rpcwrapper.Response{} 456 457 Convey("Given i receive a invalid message from the remote enforcer ", t, func() { 458 rpchdl.EXPECT().ProcessMessage(gomock.Any(), gomock.Any()).Times(1).Return(false) 459 err := statsserver.PostReportEvent(request, response) 460 So(err, ShouldNotBeNil) 461 }) 462 463 Convey("Given i receive a valid message from the remote enforcer ", t, func() { 464 rpchdl.EXPECT().ProcessMessage(gomock.Any(), gomock.Any()).Times(1).Return(true) 465 err := statsserver.PostReportEvent(request, response) 466 So(err, ShouldBeNil) 467 }) 468 }