Conformance: Improve test reliability

[mazdakn]

ClusterNetworkPolicy conformance tests are flaky due to two issues:

• Re-use of contexts in some tests.
• Lack of a retry in connectivity checker.

This PR improve the quality of conformance tests, and removes sources of flakiness. The proposed changes include:

• Replacing many redundant steps like getting or patching pod and cnp resources with helper functions, which helps with test readability.
• Using a new context for each operation. Some tests re-used context which led to flaky behavior.
• Adding a retry mechanism to PokeServer utility function, as the desired states are expected to happen eventually. This seems to be a known issue and mentioned here: Enhance pokeServer in helper utilities #108

In the Calico implementation of ClusterNetworkPolicy, by applying these changes conformance tests passes consistently.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: mazdakn / name: Mazdak Nasab (0246a85, 8137394, c55b4d0)

[k8s-ci-robot]

Welcome @mazdakn!

It looks like this is your first PR to kubernetes-sigs/network-policy-api 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/network-policy-api has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @mazdakn. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[netlify]

✅ Deploy Preview for kubernetes-sigs-network-policy-api ready!

Name	Link
🔨 Latest commit	0246a85
🔍 Latest deploy log	https://app.netlify.com/projects/kubernetes-sigs-network-policy-api/deploys/698cd8b3b5b38d0008c98b10
😎 Deploy Preview	https://deploy-preview-353--kubernetes-sigs-network-policy-api.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[fasaxc]

/ok-to-test

[danwinship]

@mazdakn this is a very large PR and would be much easier to review if it was broken up into multiple smaller commits for the different pieces...

[mazdakn]

@danwinship this PR looks like a large PR but honestly the main changes are in the 2 files under conformance/utils directory. Basically:

• PokeServer function is updated to retry checking connectivity.
• 3 utility functions are added to:
  • get a pod resource.
  • get and patch a clusternetworkpolicy resource.

The tests are only changed to:

• Use the new utility functions.
• Reflect changes made to the PokeServer function.

I'll try to break this PR into smaller commits, but I'm afraid the result would not be much different. Most likely it would be 2 commits each with roughly half of total LOC changes. This is due to the fact that changes to utility functions needs to be applied to all test files.

[npinaeva]

Some nits, otherwise nice change!

[npinaeva]

should we say "unable to fetch pod ..."?

[mazdakn]

Right. Fixed it.

[npinaeva]

I think this could use a comment. We should explain that this function waits for the expected connection result, and then checks it once more to make sure the original result wasn't an accident. I think retrying once is a good balance for now between making sure the new condition is stable and keeping the total test time reasonable, but we may want to increase it in the future

[mazdakn]

Yes, make sense. Add some comments.

I think retrying once is a good balance for now between making sure the new condition is stable and keeping the total test time reasonable, but we may want to increase it in the future

Exactly. I was tempted to assert connectivity more than once, but I thought it can be done later if needed.

[mazdakn]

@npinaeva thanks for the review. Addressed your comments. PTAL.

[npinaeva]

/lgtm
/approve
Nice improvement, thanks!

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mazdakn, npinaeva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [npinaeva]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment