From 130dfc61d1fdf15e48a5d33323fed9ac15438688 Mon Sep 17 00:00:00 2001
From: Kanha gupta <kanhag4163@gmail.com>
Date: Wed, 29 May 2024 02:43:07 +0530
Subject: [PATCH] Review 2 changes

Signed-off-by: Kanha gupta <kanhag4163@gmail.com>
---
 pkg/antctl/raw/check/installation/policy.go   | 123 ------------------
 .../check/installation/test_egressdenyall.go  |  51 +++++++-
 .../check/installation/test_ingressdenyall.go |  50 ++++++-
 3 files changed, 88 insertions(+), 136 deletions(-)
 delete mode 100644 pkg/antctl/raw/check/installation/policy.go

diff --git a/pkg/antctl/raw/check/installation/policy.go b/pkg/antctl/raw/check/installation/policy.go
deleted file mode 100644
index 668a6f06e82..00000000000
--- a/pkg/antctl/raw/check/installation/policy.go
+++ /dev/null
@@ -1,123 +0,0 @@
-// Copyright 2024 Antrea Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package installation
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"time"
-
-	networkingv1 "k8s.io/api/networking/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/wait"
-	"k8s.io/client-go/kubernetes"
-)
-
-func WaitForNetworkPolicyReady(ctx context.Context, client kubernetes.Interface, namespace string, policyName string, clusterName string) error {
-	fmt.Fprintf(os.Stdout, fmt.Sprintf("[%s] ", clusterName)+"Waiting for NetworkPolicy %s to get applied successfully...\n", policyName)
-	err := wait.PollUntilContextTimeout(ctx, 2*time.Second, 1*time.Minute, true, func(ctx context.Context) (bool, error) {
-		_, err := client.NetworkingV1().NetworkPolicies(namespace).Get(ctx, policyName, metav1.GetOptions{})
-		if err != nil {
-			return false, nil
-		}
-		return true, nil
-	})
-	if err != nil {
-		return fmt.Errorf("error while waiting for NetworkPolicy to get ready: %w", err)
-	}
-	fmt.Fprintf(os.Stdout, fmt.Sprintf("[%s] ", clusterName)+"NetworkPolicy %s is ready.\n", policyName)
-	return nil
-}
-
-func WaitForNetworkPolicyTeardown(ctx context.Context, client kubernetes.Interface, namespace string, policyName string, clusterName string) error {
-	err := client.NetworkingV1().NetworkPolicies(namespace).Delete(ctx, policyName, metav1.DeleteOptions{})
-	if err != nil {
-		return fmt.Errorf("error deleting NetworkPolicy: %w", err)
-	}
-	err = wait.PollUntilContextTimeout(ctx, 2*time.Second, 1*time.Minute, true, func(ctx context.Context) (bool, error) {
-		_, err := client.NetworkingV1().NetworkPolicies(namespace).Get(ctx, policyName, metav1.GetOptions{})
-		if err != nil {
-			if errors.IsNotFound(err) {
-				return true, nil
-			}
-			return false, err
-		}
-		return false, nil
-	})
-	if err != nil {
-		fmt.Fprintf(os.Stdout, fmt.Sprintf("[%s] ", clusterName)+"NetworkPolicy deletion failed: %v\n", err)
-	} else {
-		fmt.Fprintf(os.Stdout, fmt.Sprintf("[%s] ", clusterName)+"NetworkPolicy deletion successful\n")
-	}
-	return nil
-}
-
-func ApplyIngressDenyAll(ctx context.Context, client kubernetes.Interface, namespace string) error {
-	networkPolicy := &networkingv1.NetworkPolicy{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "ingress-deny-all",
-			Namespace: namespace,
-		},
-		Spec: networkingv1.NetworkPolicySpec{
-			PodSelector: metav1.LabelSelector{
-				MatchExpressions: []metav1.LabelSelectorRequirement{
-					{
-						Key:      "name",
-						Operator: metav1.LabelSelectorOpIn,
-						Values:   []string{echoSameNodeDeploymentName, echoOtherNodeDeploymentName},
-					},
-				},
-			},
-			PolicyTypes: []networkingv1.PolicyType{
-				networkingv1.PolicyTypeIngress,
-			},
-		},
-	}
-	_, err := client.NetworkingV1().NetworkPolicies(namespace).Create(ctx, networkPolicy, metav1.CreateOptions{})
-	if err != nil {
-		return fmt.Errorf("error creating NetworkPolicy: %w", err)
-	}
-	return nil
-}
-
-func ApplyEgressDenyAll(ctx context.Context, client kubernetes.Interface, namespace string) error {
-	networkPolicy := &networkingv1.NetworkPolicy{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "egress-deny-all",
-			Namespace: namespace,
-		},
-		Spec: networkingv1.NetworkPolicySpec{
-			PodSelector: metav1.LabelSelector{
-				MatchExpressions: []metav1.LabelSelectorRequirement{
-					{
-						Key:      "name",
-						Operator: metav1.LabelSelectorOpIn,
-						Values:   []string{clientDeploymentName},
-					},
-				},
-			},
-			PolicyTypes: []networkingv1.PolicyType{
-				networkingv1.PolicyTypeEgress,
-			},
-		},
-	}
-	_, err := client.NetworkingV1().NetworkPolicies(namespace).Create(ctx, networkPolicy, metav1.CreateOptions{})
-	if err != nil {
-		return fmt.Errorf("error creating NetworkPolicy: %w", err)
-	}
-	return nil
-}
diff --git a/pkg/antctl/raw/check/installation/test_egressdenyall.go b/pkg/antctl/raw/check/installation/test_egressdenyall.go
index 44deb88ec20..96109ac8d84 100644
--- a/pkg/antctl/raw/check/installation/test_egressdenyall.go
+++ b/pkg/antctl/raw/check/installation/test_egressdenyall.go
@@ -17,6 +17,10 @@ package installation
 import (
 	"context"
 	"fmt"
+
+	networkingv1 "k8s.io/api/networking/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
 )
 
 type EgressDenyAllConnectivityTest struct{}
@@ -26,21 +30,54 @@ func init() {
 }
 
 func (a EgressDenyAllConnectivityTest) Run(ctx context.Context, testContext *testContext) error {
-	ApplyEgressDenyAll(ctx, testContext.client, testContext.namespace)
-	err := WaitForNetworkPolicyReady(ctx, testContext.client, testContext.namespace, "egress-deny-all", testContext.clusterName)
-	if err != nil {
+	services := []string{echoSameNodeDeploymentName}
+	if testContext.echoOtherNodePod != nil {
+		services = append(services, echoOtherNodeDeploymentName)
+	}
+	if err := applyEgressDenyAll(ctx, testContext.client, testContext.namespace); err != nil {
 		return err
 	}
-	services := []string{echoSameNodeDeploymentName, echoOtherNodeDeploymentName}
+	testContext.Log("NetworkPolicy applied successfully")
 	for _, clientPod := range testContext.clientPods {
 		for _, service := range services {
 			if err := testContext.runAgnhostConnect(ctx, clientPod.Name, "", service, 80); err != nil {
-				testContext.Log("NetworkPolicy is working as expected with Pod %s and Service %s", clientPod.Name, service)
+				testContext.Log("NetworkPolicy is working as expected: Pod %s cannot connect to Service %s", clientPod.Name, service)
 			} else {
-				return fmt.Errorf("NetworkPolicy is not working as expected with Pod %s and Service %s ", clientPod.Name, service)
+				return fmt.Errorf("networkPolicy is not working as expected: Pod %s connected to Service %s when it should not", clientPod.Name, service)
 			}
 		}
 	}
-	WaitForNetworkPolicyTeardown(ctx, testContext.client, testContext.namespace, "egress-deny-all", testContext.clusterName)
+	if err := testContext.client.NetworkingV1().NetworkPolicies(testContext.namespace).Delete(ctx, "egress-deny-all", metav1.DeleteOptions{}); err != nil {
+		return fmt.Errorf("NetworkPolicy deletion failed: %w", err)
+	}
+	testContext.Log("NetworkPolicy deletion successful")
+	return nil
+}
+
+func applyEgressDenyAll(ctx context.Context, client kubernetes.Interface, namespace string) error {
+	networkPolicy := &networkingv1.NetworkPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "egress-deny-all",
+			Namespace: namespace,
+		},
+		Spec: networkingv1.NetworkPolicySpec{
+			PodSelector: metav1.LabelSelector{
+				MatchExpressions: []metav1.LabelSelectorRequirement{
+					{
+						Key:      "name",
+						Operator: metav1.LabelSelectorOpIn,
+						Values:   []string{clientDeploymentName},
+					},
+				},
+			},
+			PolicyTypes: []networkingv1.PolicyType{
+				networkingv1.PolicyTypeEgress,
+			},
+		},
+	}
+	_, err := client.NetworkingV1().NetworkPolicies(namespace).Create(ctx, networkPolicy, metav1.CreateOptions{})
+	if err != nil {
+		return fmt.Errorf("error creating NetworkPolicy: %w", err)
+	}
 	return nil
 }
diff --git a/pkg/antctl/raw/check/installation/test_ingressdenyall.go b/pkg/antctl/raw/check/installation/test_ingressdenyall.go
index c32844785ed..9f7735c57c7 100644
--- a/pkg/antctl/raw/check/installation/test_ingressdenyall.go
+++ b/pkg/antctl/raw/check/installation/test_ingressdenyall.go
@@ -17,6 +17,10 @@ package installation
 import (
 	"context"
 	"fmt"
+
+	networkingv1 "k8s.io/api/networking/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
 )
 
 type IngressDenyAllConnectivityTest struct{}
@@ -26,21 +30,55 @@ func init() {
 }
 
 func (a IngressDenyAllConnectivityTest) Run(ctx context.Context, testContext *testContext) error {
-	ApplyIngressDenyAll(ctx, testContext.client, testContext.namespace)
-	err := WaitForNetworkPolicyReady(ctx, testContext.client, testContext.namespace, "ingress-deny-all", testContext.clusterName)
-	if err != nil {
+	values := []string{echoSameNodeDeploymentName}
+	if testContext.echoOtherNodePod != nil {
+		values = append(values, echoOtherNodeDeploymentName)
+	}
+	if err := applyIngressDenyAll(ctx, testContext.client, testContext.namespace, values); err != nil {
 		return err
 	}
+	testContext.Log("NetworkPolicy applied successfully")
 	services := []string{echoSameNodeDeploymentName, echoOtherNodeDeploymentName}
 	for _, clientPod := range testContext.clientPods {
 		for _, service := range services {
 			if err := testContext.runAgnhostConnect(ctx, clientPod.Name, "", service, 80); err != nil {
-				testContext.Log("NetworkPolicy is working as expected with Pod %s and Service %s", clientPod.Name, service)
+				testContext.Log("NetworkPolicy is working as expected: Pod %s cannot connect to Service %s", clientPod.Name, service)
 			} else {
-				return fmt.Errorf("networkPolicy is not working as expected with Pod %s and Service %s ", clientPod.Name, service)
+				return fmt.Errorf("networkPolicy is not working as expected: Pod %s connected to Service %s when it should not", clientPod.Name, service)
 			}
 		}
 	}
-	WaitForNetworkPolicyTeardown(ctx, testContext.client, testContext.namespace, "ingress-deny-all", testContext.clusterName)
+	if err := testContext.client.NetworkingV1().NetworkPolicies(testContext.namespace).Delete(ctx, "ingress-deny-all", metav1.DeleteOptions{}); err != nil {
+		return fmt.Errorf("NetworkPolicy deletion failed: %w", err)
+	}
+	testContext.Log("NetworkPolicy deletion successful")
+	return nil
+}
+
+func applyIngressDenyAll(ctx context.Context, client kubernetes.Interface, namespace string, values []string) error {
+	networkPolicy := &networkingv1.NetworkPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "ingress-deny-all",
+			Namespace: namespace,
+		},
+		Spec: networkingv1.NetworkPolicySpec{
+			PodSelector: metav1.LabelSelector{
+				MatchExpressions: []metav1.LabelSelectorRequirement{
+					{
+						Key:      "name",
+						Operator: metav1.LabelSelectorOpIn,
+						Values:   values,
+					},
+				},
+			},
+			PolicyTypes: []networkingv1.PolicyType{
+				networkingv1.PolicyTypeIngress,
+			},
+		},
+	}
+	_, err := client.NetworkingV1().NetworkPolicies(namespace).Create(ctx, networkPolicy, metav1.CreateOptions{})
+	if err != nil {
+		return fmt.Errorf("error creating NetworkPolicy: %w", err)
+	}
 	return nil
 }