diff --git a/tests/k8s_env/block/block_test.go b/tests/k8s_env/block/block_test.go index 10ae90a13b..45d5cf0c57 100644 --- a/tests/k8s_env/block/block_test.go +++ b/tests/k8s_env/block/block_test.go @@ -27,18 +27,12 @@ var _ = BeforeSuite(func() { // delete all KSPs err = DeleteAllKsp() Expect(err).To(BeNil()) - - // enable kubearmor port forwarding - err = KubearmorPortForward() - Expect(err).To(BeNil()) }) var _ = AfterSuite(func() { // delete wordpress-mysql app err := K8sDelete([]string{"res/wordpress-mysql-deployment.yaml"}) Expect(err).To(BeNil()) - - KubearmorPortForwardStop() }) func getWpsqlPod(name string, ant string) string { @@ -96,6 +90,9 @@ var _ = Describe("Posture", func() { err := K8sApplyFile("res/ksp-wordpress-allow-file.yaml") Expect(err).To(BeNil()) + // wait for policy creation, added due to flaky behaviour + time.Sleep(5 * time.Second) + // Start Kubearmor Logs err = KarmorLogStart("policy", "wordpress-mysql", "File", wp) Expect(err).To(BeNil()) diff --git a/tests/k8s_env/configmap/kubearmor_config_test.go b/tests/k8s_env/configmap/kubearmor_config_test.go index abc868b82a..c851753188 100644 --- a/tests/k8s_env/configmap/kubearmor_config_test.go +++ b/tests/k8s_env/configmap/kubearmor_config_test.go @@ -21,14 +21,9 @@ var _ = BeforeSuite(func() { // delete all KSPs err = DeleteAllKsp() Expect(err).To(BeNil()) - - // enable kubearmor port forwarding - err = KubearmorPortForward() - Expect(err).To(BeNil()) }) var _ = AfterSuite(func() { - KubearmorPortForwardStop() cm := NewDefaultConfigMapData() cm.DefaultFilePosture = "block" cm.DefaultCapabilitiesPosture = "block" @@ -87,6 +82,10 @@ var _ = Describe("KubeArmor-Config", func() { // default global visibility is none cm := NewDefaultConfigMapData() err := cm.CreateKAConfigMap() + Expect(err).To(BeNil()) + + // wait for visibility maps to be updated in kernel, added due to flaky behaviour + time.Sleep(5 * time.Second) err = KarmorLogStart("all", "unannotated", "", unannotated) Expect(err).To(BeNil()) @@ -106,6 +105,9 @@ var _ = Describe("KubeArmor-Config", func() { err = cm.CreateKAConfigMap() Expect(err).To(BeNil()) + // wait for visibility maps to be updated in kernel, added due to flaky behaviour + time.Sleep(5 * time.Second) + err = KarmorLogStart("all", "unannotated", "", unannotated) Expect(err).To(BeNil()) @@ -245,6 +247,7 @@ var _ = Describe("KubeArmor-Config", func() { // default global visibility is none cm := NewDefaultConfigMapData() err := cm.CreateKAConfigMap() + Expect(err).To(BeNil()) err = KarmorLogStart("all", "fullyannotated", "", fullyAnnotated) Expect(err).To(BeNil()) diff --git a/tests/k8s_env/ksp/ksp_test.go b/tests/k8s_env/ksp/ksp_test.go index 7e4ebc6d9b..30ba670f0f 100644 --- a/tests/k8s_env/ksp/ksp_test.go +++ b/tests/k8s_env/ksp/ksp_test.go @@ -25,19 +25,12 @@ var _ = BeforeSuite(func() { // delete all KSPs err = DeleteAllKsp() Expect(err).To(BeNil()) - - // enable kubearmor port forwarding - err = KubearmorPortForward() - Expect(err).To(BeNil()) - }) var _ = AfterSuite(func() { // delete multiubuntu deployment err := K8sDelete([]string{"multiubuntu/multiubuntu-deployment.yaml"}) Expect(err).To(BeNil()) - - KubearmorPortForwardStop() }) func getUbuntuPod(name string, ant string) string { diff --git a/tests/k8s_env/multicontainer/multicontainer_test.go b/tests/k8s_env/multicontainer/multicontainer_test.go index 18e5ee4654..6ab4445a4c 100644 --- a/tests/k8s_env/multicontainer/multicontainer_test.go +++ b/tests/k8s_env/multicontainer/multicontainer_test.go @@ -19,17 +19,12 @@ var _ = BeforeSuite(func() { // delete all KSPs KspDeleteAll() - - // enable kubearmor port forwarding - err = KubearmorPortForward() - Expect(err).To(BeNil()) }) var _ = AfterSuite(func() { // delete wordpress-mysql app from multicontainer ns err := K8sDelete([]string{"manifests/multicontainer-deployment.yaml"}) Expect(err).To(BeNil()) - KubearmorPortForwardStop() }) func getMultiContainerPod(name string, ant string) string { diff --git a/tests/k8s_env/smoke/smoke_test.go b/tests/k8s_env/smoke/smoke_test.go index e99a139414..71ec7a360b 100644 --- a/tests/k8s_env/smoke/smoke_test.go +++ b/tests/k8s_env/smoke/smoke_test.go @@ -20,18 +20,12 @@ var _ = BeforeSuite(func() { // delete all KSPs err = DeleteAllKsp() Expect(err).To(BeNil()) - - // enable kubearmor port forwarding - err = KubearmorPortForward() - Expect(err).To(BeNil()) }) var _ = AfterSuite(func() { // Delete wordpress-mysql app err := K8sDelete([]string{"res/wordpress-mysql-deployment.yaml"}) Expect(err).To(BeNil()) - - KubearmorPortForwardStop() }) func getWpsqlPod(name string, ant string) string { diff --git a/tests/k8s_env/syscalls/syscalls_test.go b/tests/k8s_env/syscalls/syscalls_test.go index 63cf22c43a..68c57f9d28 100644 --- a/tests/k8s_env/syscalls/syscalls_test.go +++ b/tests/k8s_env/syscalls/syscalls_test.go @@ -20,18 +20,12 @@ var _ = BeforeSuite(func() { // delete all KSPs KspDeleteAll() - - // enable kubearmor port forwarding - err = KubearmorPortForward() - Expect(err).To(BeNil()) - }) var _ = AfterSuite(func() { // delete wordpress-mysql app from syscalls ns err := K8sDelete([]string{"manifests/ubuntu-deployment.yaml"}) Expect(err).To(BeNil()) - KubearmorPortForwardStop() }) func getUbuntuPod(name string, ant string) string { diff --git a/tests/k8s_env/visibility/visibility_test.go b/tests/k8s_env/visibility/visibility_test.go index e7487cf19c..b26ebac49c 100644 --- a/tests/k8s_env/visibility/visibility_test.go +++ b/tests/k8s_env/visibility/visibility_test.go @@ -21,18 +21,12 @@ var _ = BeforeSuite(func() { // delete all KSPs err = DeleteAllKsp() Expect(err).To(BeNil()) - - // enable kubearmor port forwarding - err = KubearmorPortForward() - Expect(err).To(BeNil()) }) var _ = AfterSuite(func() { // delete wordpress-mysql app err := K8sDelete([]string{"../smoke/res/wordpress-mysql-deployment.yaml"}) Expect(err).To(BeNil()) - - KubearmorPortForwardStop() }) func getWpsqlPod(name string, ant string) string { diff --git a/tests/util/kartutil.go b/tests/util/kartutil.go index ebc35602fd..6ee249e334 100644 --- a/tests/util/kartutil.go +++ b/tests/util/kartutil.go @@ -36,7 +36,6 @@ import ( var k8sClient *kcli.Client var kcClient *kc.SecurityV1Client -var stopChan chan struct{} // ConfigMapData hosts the structure which is used to configure Config Map Data type ConfigMapData struct { @@ -434,7 +433,7 @@ func DeleteAllKsp() error { for _, k := range ksp.Items { err = k8sClient.KSPClientset.KubeArmorPolicies(ns.Name).Delete(context.TODO(), k.Name, metav1.DeleteOptions{}) if err != nil { - log.Errorf("error deleting ksp %s in the namespace %s", k.Name, &ns.Name) + log.Errorf("error deleting ksp %s in the namespace %s", k.Name, ns.Name) return err } log.Printf("deleted ksp %s in the namespace %s", k.Name, ns.Name) diff --git a/tests/util/portforward.go b/tests/util/portforward.go deleted file mode 100644 index f1d19d7397..0000000000 --- a/tests/util/portforward.go +++ /dev/null @@ -1,108 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Authors of KubeArmor - -package util - -import ( - "bytes" - "errors" - "fmt" - "net/http" - "net/url" - "strings" - "time" - - log "github.com/sirupsen/logrus" - "k8s.io/client-go/tools/portforward" - "k8s.io/client-go/transport/spdy" -) - -// PortForwardOpt port forwarding options -type PortForwardOpt struct { - LocalPort int - RemotePort int - ServiceName string - Namespace string -} - -// K8sPortForward enable port forwarding -func K8sPortForward(pf PortForwardOpt) (chan struct{}, error) { - roundTripper, upgrader, err := spdy.RoundTripperFor(k8sClient.Config) - if err != nil { - log.Errorf("unable to spdy.RoundTripperFor error=%s", err.Error()) - return nil, err - } - - path := fmt.Sprintf("/api/v1/namespaces/%s/pods/%s/portforward", pf.Namespace, pf.ServiceName) - hostIP := strings.TrimLeft(k8sClient.Config.Host, "https:/") - serverURL := url.URL{Scheme: "https", Path: path, Host: hostIP} - - dialer := spdy.NewDialer(upgrader, &http.Client{Transport: roundTripper}, http.MethodPost, &serverURL) - - stopChan, readyChan := make(chan struct{}, 1), make(chan struct{}, 1) - out, errOut := new(bytes.Buffer), new(bytes.Buffer) - - forwarder, err := portforward.New(dialer, []string{fmt.Sprintf("%d:%d", pf.LocalPort, pf.RemotePort)}, - stopChan, readyChan, out, errOut) - if err != nil { - log.Errorf("unable to portforward. error=%s", err.Error()) - return nil, err - } - - go func() { - for range readyChan { // Kubernetes will close this channel when it has something to tell us. - } - if len(errOut.String()) != 0 { - panic(errOut.String()) - } else if len(out.String()) != 0 { - fmt.Println(out.String()) - } - }() - - go func() { - if err = forwarder.ForwardPorts(); err != nil { // Locks until stopChan is closed. - log.Errorf("unable to ForwardPorts. error=%s", err.Error()) - } - }() - time.Sleep(100 * time.Millisecond) - return stopChan, nil -} - -// KubearmorPortForward enable port forwarding for kubearmor -func KubearmorPortForward() error { - if stopChan != nil { - log.Error("kubearmor port forward is already in progress") - return errors.New("kubearmor port forward is already in progress") - } - ns := "kubearmor" - pods, err := K8sGetPods("^kubearmor-.....$", ns, nil, 0) - if err != nil { - log.Printf("could not get kubearmor pods assuming process mode") - return nil - } - if len(pods) != 1 { - log.Errorf("len(pods)=%d", len(pods)) - return errors.New("expecting one kubearmor pod only") - } - // log.Printf("found kubearmor pod:[%s]", pods[0]) - c, err := K8sPortForward(PortForwardOpt{ - LocalPort: 32767, - RemotePort: 32767, - ServiceName: pods[0], - Namespace: ns}) - if err != nil { - log.Errorf("could not do kubearmor portforward Error=%s", err.Error()) - return err - } - stopChan = c - return nil -} - -// KubearmorPortForwardStop stop kubearmor port forwarding -func KubearmorPortForwardStop() { - if stopChan == nil { - return - } - close(stopChan) - stopChan = nil -}