From 37d46ecf8615a724d2639515e70f9daaccf70cfb Mon Sep 17 00:00:00 2001
From: Senthil Kumaran <senthilx@amazon.com>
Date: Thu, 20 Jun 2024 18:06:13 -0700
Subject: [PATCH] Refactor static canary tests.

- Remove any config changes to aws-node pod in BeforeSuite.
- Remove dependency on multiple EC2 apis.
---
 scripts/run-static-canary.sh                  |  2 +-
 .../az-traffic/pod_az_traffic_suite_test.go   | 49 +++++++++++++++++++
 .../pod_traffic_across_az_test.go             | 48 +++++++++---------
 3 files changed, 74 insertions(+), 25 deletions(-)
 create mode 100644 test/integration/az-traffic/pod_az_traffic_suite_test.go
 rename test/integration/{cni => az-traffic}/pod_traffic_across_az_test.go (92%)

diff --git a/scripts/run-static-canary.sh b/scripts/run-static-canary.sh
index b5e1520bd4..1240191cee 100755
--- a/scripts/run-static-canary.sh
+++ b/scripts/run-static-canary.sh
@@ -21,7 +21,7 @@ function run_ginkgo_test() {
   local focus=$1
   echo "Running ginkgo tests with focus: $focus"
 
-  (CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --no-color --focus="$focus" -v --timeout 10m --fail-on-pending $GINKGO_TEST_BUILD/cni.test -- \
+  (CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --no-color --focus="$focus" -v --timeout 10m --fail-on-pending $GINKGO_TEST_BUILD/az-traffic.test -- \
       --cluster-kubeconfig="$KUBE_CONFIG_PATH" \
       --cluster-name="$CLUSTER_NAME" \
       --aws-region="$REGION" \
diff --git a/test/integration/az-traffic/pod_az_traffic_suite_test.go b/test/integration/az-traffic/pod_az_traffic_suite_test.go
new file mode 100644
index 0000000000..292bdf5aa2
--- /dev/null
+++ b/test/integration/az-traffic/pod_az_traffic_suite_test.go
@@ -0,0 +1,49 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//     http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package az_traffic
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/amazon-vpc-cni-k8s/test/framework"
+	"github.com/aws/amazon-vpc-cni-k8s/test/framework/utils"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestAZConnectivity(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "CNI AZ Traffic Test Suite")
+}
+
+var _ = BeforeSuite(func() {
+	f = framework.New(framework.GlobalOptions)
+
+	By("creating test namespace")
+	f.K8sResourceManagers.NamespaceManager().CreateNamespace(utils.DefaultTestNamespace)
+
+	By(fmt.Sprintf("getting the node with the node label key %s and value %s",
+		f.Options.NgNameLabelKey, f.Options.NgNameLabelVal))
+	_, err := f.K8sResourceManagers.NodeManager().GetNodes(f.Options.NgNameLabelKey, f.Options.NgNameLabelVal)
+	Expect(err).ToNot(HaveOccurred())
+
+})
+
+var _ = AfterSuite(func() {
+	By("deleting test namespace")
+	f.K8sResourceManagers.NamespaceManager().
+		DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace)
+})
diff --git a/test/integration/cni/pod_traffic_across_az_test.go b/test/integration/az-traffic/pod_traffic_across_az_test.go
similarity index 92%
rename from test/integration/cni/pod_traffic_across_az_test.go
rename to test/integration/az-traffic/pod_traffic_across_az_test.go
index 841f99c027..3985f08c4d 100644
--- a/test/integration/cni/pod_traffic_across_az_test.go
+++ b/test/integration/az-traffic/pod_traffic_across_az_test.go
@@ -1,4 +1,4 @@
-package cni
+package az_traffic
 
 import (
 	"fmt"
@@ -7,10 +7,10 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/cloudwatch"
 
+	"github.com/aws/amazon-vpc-cni-k8s/test/framework"
 	"github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest"
 	"github.com/aws/amazon-vpc-cni-k8s/test/framework/utils"
 	"github.com/aws/amazon-vpc-cni-k8s/test/integration/common"
-	"github.com/aws/aws-sdk-go/service/ec2"
 	coreV1 "k8s.io/api/core/v1"
 
 	. "github.com/onsi/ginkgo/v2"
@@ -24,6 +24,8 @@ var (
 
 const MetricNamespace = "NetworkingAZConnectivity"
 
+var f *framework.Framework
+
 var _ = Describe("[STATIC_CANARY] AZ Node Presence", FlakeAttempts(retries), func() {
 
 	Context("While testing AZ availability", func() {
@@ -69,7 +71,6 @@ var _ = Describe("[STATIC_CANARY] test pod networking", FlakeAttempts(retries),
 	var (
 		err        error
 		serverPort int
-		protocol   string
 
 		// The command to run on server pods, to allow incoming
 		// connections for different traffic type
@@ -99,16 +100,6 @@ var _ = Describe("[STATIC_CANARY] test pod networking", FlakeAttempts(retries),
 	)
 
 	JustBeforeEach(func() {
-		By("authorizing security group ingress on instance security group")
-		err = f.CloudServices.EC2().
-			AuthorizeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false)
-		Expect(err).ToNot(HaveOccurred())
-
-		By("authorizing security group egress on instance security group")
-		err = f.CloudServices.EC2().
-			AuthorizeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0")
-		Expect(err).ToNot(HaveOccurred())
-
 		netcatContainer := manifest.
 			NewNetCatAlpineContainer(f.Options.TestImageRegistry).
 			Command(serverListenCmd).
@@ -138,16 +129,6 @@ var _ = Describe("[STATIC_CANARY] test pod networking", FlakeAttempts(retries),
 	})
 
 	JustAfterEach(func() {
-		By("revoking security group ingress on instance security group")
-		err = f.CloudServices.EC2().
-			RevokeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false)
-		Expect(err).ToNot(HaveOccurred())
-
-		By("revoking security group egress on instance security group")
-		err = f.CloudServices.EC2().
-			RevokeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0")
-		Expect(err).ToNot(HaveOccurred())
-
 		By("deleting the Daemonset.")
 		err = f.K8sResourceManagers.DaemonSetManager().DeleteAndWaitTillDaemonSetIsDeleted(testDaemonSet, utils.DefaultDeploymentReadyTimeout)
 		Expect(err).ToNot(HaveOccurred())
@@ -157,7 +138,6 @@ var _ = Describe("[STATIC_CANARY] test pod networking", FlakeAttempts(retries),
 
 		BeforeEach(func() {
 			serverPort = 2273
-			protocol = ec2.ProtocolTcp
 			// Test tcp connection using netcat
 			serverListenCmd = []string{"nc"}
 			// The nc flag "-l" for listen mode, "-k" to keep server up and not close
@@ -380,3 +360,23 @@ func RunCommandOnPod(receiverPod coreV1.Pod, command []string) (string, string,
 		}
 	}
 }
+
+// testConnectivity verifies connectivity between tester and server
+func testConnectivity(senderPod coreV1.Pod, receiverPod coreV1.Pod, expectedStdout string,
+	expectedStderr string, port int, getTestCommandFunc func(receiverPod coreV1.Pod, port int) []string) {
+
+	testerCommand := getTestCommandFunc(receiverPod, port)
+
+	fmt.Fprintf(GinkgoWriter, "verifying connectivity from pod %s on node %s with IP %s to pod"+
+		" %s on node %s with IP %s\n", senderPod.Name, senderPod.Spec.NodeName, senderPod.Status.PodIP,
+		receiverPod.Name, receiverPod.Spec.NodeName, receiverPod.Status.PodIP)
+
+	stdOut, stdErr, err := f.K8sResourceManagers.PodManager().
+		PodExec(senderPod.Namespace, senderPod.Name, testerCommand)
+	Expect(err).ToNot(HaveOccurred())
+
+	fmt.Fprintf(GinkgoWriter, "stdout: %s and stderr: %s\n", stdOut, stdErr)
+
+	Expect(stdErr).To(ContainSubstring(expectedStderr))
+	Expect(stdOut).To(ContainSubstring(expectedStdout))
+}