kmeshctl control authz

Signed-off-by: YaoZengzeng <yaozengzeng@huawei.com>
kmesh-net · Jan 20, 2025 · 745e5da · 745e5da
1 parent f04bd8d
commit 745e5da
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 6 deletions.
diff --git a/test/e2e/baseline_test.go b/test/e2e/baseline_test.go
@@ -689,13 +689,15 @@ func TestBookinfo(t *testing.T) {
 	})
 }
 
-var CheckAuthDeny = check.Or(
-	check.ErrorContains("read: connection reset by peer"), // TCP Kmesh
-)
-
 func TestAuthorizationL4(t *testing.T) {
 	framework.NewTest(t).Run(func(t framework.TestContext) {
 		t.NewSubTest("L4 Authorization").Run(func(t framework.TestContext) {
+			// Enable authorizaiton offload to xdp.
+			kmeshctl.AuthzOrFatal(t, "enable")
+			t.Cleanup(func() {
+				kmeshctl.AuthzOrFatal(t, "disable")
+			})
+
 			if len(apps.ServiceWithWaypointAtServiceGranularity) == 0 {
 				t.Fatal(fmt.Errorf("need at least 1 instance of apps.ServiceWithWaypointAtServiceGranularity"))
 			}
@@ -732,15 +734,15 @@ func TestAuthorizationL4(t *testing.T) {
 				switch action {
 				case "allow":
 					if ip != selectedAddress {
-						return CheckAuthDeny
+						return check.NotOK()
 					} else {
 						return check.OK()
 					}
 				case "deny":
 					if ip != selectedAddress {
 						return check.OK()
 					} else {
-						return CheckAuthDeny
+						return check.NotOK()
 					}
 				default:
 					t.Fatal("invalid action")

diff --git a/test/e2e/main_test.go b/test/e2e/main_test.go
@@ -28,6 +28,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"runtime"
 	"testing"
@@ -65,6 +66,8 @@ var (
 
 	apps = &EchoDeployments{}
 
+	kmeshctl = NewKmeshctl()
+
 	// used to validate telemetry in-cluster
 	prom prometheus.Instance
 )
@@ -380,3 +383,27 @@ func deleteWaypointProxy(ctx resource.Context, ns namespace.Instance, name strin
 		return nil
 	}, retry.Timeout(time.Minute*10), retry.BackoffDelay(time.Millisecond*200))
 }
+
+type kmeshctlWrapper struct {
+}
+
+func NewKmeshctl() *kmeshctlWrapper {
+	return &kmeshctlWrapper{}
+}
+
+// Invoke will invokes an kmeshctl command and returns the output and exception.
+func (k *kmeshctlWrapper) Authz(subcmd string) (string, error) {
+	cmd := exec.Command("kmeshctl", "authz", subcmd)
+	output, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+
+	return string(output), nil
+}
+
+func (k *kmeshctlWrapper) AuthzOrFatal(t test.Failer, subcmd string) {
+	if _, err := k.Authz(subcmd); err != nil {
+		t.Fatal("failed to set authz to %d using kmeshctl: %v", subcmd, err)
+	}
+}
diff --git a/test/e2e/run_test.sh b/test/e2e/run_test.sh
@@ -161,6 +161,11 @@ function build_and_push_images() {
     HUB="${KIND_REGISTRY}" TAG="latest" make docker.push
 }
 
+function install_kmeshctl() {
+    # Instal kmeshctl
+    cp kmeshctl $TMPBIN
+}
+
 function install_dependencies() {
     # 1. Install kind.
     if ! which kind &> /dev/null
@@ -274,6 +279,7 @@ fi
 if [[ -z "${SKIP_BUILD:-}" ]]; then
     setup_kind_registry
     build_and_push_images
+    install_kmeshctl
 fi
 
 kubectl config use-context "kind-$NAME"